de4dot
|
bbb715c93c
|
Update string decrypter
|
2012-12-14 09:22:36 +01:00 |
|
de4dot
|
bbbdf0b0ff
|
Update array cflow deobfuscator
|
2012-12-14 09:18:14 +01:00 |
|
de4dot
|
7bcf5b4710
|
Make sure lastOffset <= fileData.Length (could be a bad dump)
|
2012-12-13 16:19:34 +01:00 |
|
de4dot
|
bf7c0d58d2
|
Some fixes
- Rename offset variables
- Alloc buffer outside the loop
- Read CRC32 checksum outside the loop
- Get rid of a local variable
|
2012-12-13 14:03:31 +01:00 |
|
de4dot
|
7e9e691ef3
|
Support ILProtector 1.0.6.0 - 1.0.6.7
|
2012-12-13 12:03:25 +01:00 |
|
de4dot
|
1dd572f2ef
|
Add DeobUtils.sha1Sum()
|
2012-12-13 12:02:52 +01:00 |
|
de4dot
|
cf6af49ae7
|
Add a CRC32 class
|
2012-12-13 12:02:41 +01:00 |
|
de4dot
|
3e7d403334
|
Remove the dynocode declaring types
|
2012-12-11 12:36:59 +01:00 |
|
de4dot
|
b9d91043fc
|
Support the latest CryptoObfuscator version
|
2012-12-11 12:02:40 +01:00 |
|
de4dot
|
245d875d5f
|
Support Eazfuscator.NET 3.5 string encrypter
|
2012-12-11 00:23:16 +01:00 |
|
de4dot
|
d5681d9db4
|
Emulate instructions instead of finding constants
|
2012-12-10 21:43:56 +01:00 |
|
de4dot
|
ac7694b237
|
Add Int64Method property
|
2012-12-10 21:42:49 +01:00 |
|
de4dot
|
61eff40082
|
Add props to access the locals / values
|
2012-12-10 21:42:37 +01:00 |
|
de4dot
|
721cd1578a
|
Update EF version detector
|
2012-12-10 21:42:14 +01:00 |
|
de4dot
|
dcbcaa098e
|
Work around a bug in EF
|
2012-12-08 01:12:20 +01:00 |
|
de4dot
|
f5967715f2
|
Only remove the type if we rename types
|
2012-12-07 15:07:30 +01:00 |
|
de4dot
|
8e79777cdf
|
Return immediately if there's nothing to do
|
2012-12-07 15:06:52 +01:00 |
|
de4dot
|
fa4e1fcc6b
|
Add RenamerFlags
|
2012-12-07 15:06:38 +01:00 |
|
de4dot
|
0ba3a0c1e2
|
Better support of DNR + .NET 1.x assemblies
|
2012-12-04 23:58:34 +01:00 |
|
de4dot
|
8e69452edb
|
Support .NET Reactor 4.5
|
2012-12-04 02:29:41 +01:00 |
|
de4dot
|
faf37a4a47
|
Use a char[] instead of a StringBuilder since length is known
|
2012-12-03 01:22:14 +01:00 |
|
de4dot
|
9a4cd237e5
|
Fix detection of SN string decrypter
|
2012-12-02 23:24:00 +01:00 |
|
de4dot
|
ca6812bca7
|
Support latest Rummage
|
2012-12-02 16:20:25 +01:00 |
|
de4dot
|
8a36c8eea6
|
Add an option to not rename delegate fields
|
2012-12-01 04:35:39 +01:00 |
|
de4dot
|
643e155cf8
|
Add options to preserve rids, heaps
|
2012-12-01 03:24:12 +01:00 |
|
de4dot
|
dcdbe25a0f
|
Add option to disable creating new ParamDefs when renaming
|
2012-12-01 02:22:59 +01:00 |
|
de4dot
|
99c7cf8eb5
|
Load target asm's CLR version when decrypting strings dynamically
|
2012-12-01 01:40:23 +01:00 |
|
de4dot
|
3e62b328d1
|
Add FileHeader and OptionalHeader props
|
2012-11-30 21:04:05 +01:00 |
|
de4dot
|
87b20b00f2
|
Set new locals by calling SetLocals(), not by writing to the field
|
2012-11-30 03:24:15 +01:00 |
|
de4dot
|
a2cdfdb9e3
|
Add AssemblyServer projects for CLR v2.0/4.0 x86/x64
|
2012-11-23 07:12:43 +01:00 |
|
de4dot
|
9263a3df3d
|
Remove all cecil code/comment refs
|
2012-11-22 09:14:51 +01:00 |
|
de4dot
|
fd129aa3c0
|
Remove non-referenced method
|
2012-11-22 05:50:15 +01:00 |
|
de4dot
|
3a519b51d8
|
This shouldn't be a warning
|
2012-11-22 05:50:05 +01:00 |
|
de4dot
|
7ce782215e
|
Print 4.x when DNR 4 version is unknown
|
2012-11-21 14:20:38 +01:00 |
|
de4dot
|
8858205344
|
IDeobfuscator now implements IDisposable
|
2012-11-21 13:57:13 +01:00 |
|
de4dot
|
5b43e33a35
|
Remove old PeImage code and use the new one
|
2012-11-21 11:14:20 +01:00 |
|
de4dot
|
ced43ca70b
|
Use File.WriteAllBytes()
|
2012-11-21 11:07:40 +01:00 |
|
de4dot
|
bcb9a2958c
|
Dispose() of the PEImage
|
2012-11-21 11:07:25 +01:00 |
|
de4dot
|
9577bd2118
|
Reset resource data position
|
2012-11-20 07:53:54 +01:00 |
|
de4dot
|
bde935c6d8
|
Remove invalid resources
|
2012-11-20 07:25:10 +01:00 |
|
de4dot
|
e8155e7eb0
|
Update detection of invalid CV methods
|
2012-11-20 06:45:23 +01:00 |
|
de4dot
|
989e364481
|
Fix detection of DS string decrypter
|
2012-11-20 05:35:05 +01:00 |
|
de4dot
|
87a83a2757
|
Exit if string decrypter wasn't detected
|
2012-11-20 04:42:19 +01:00 |
|
de4dot
|
48ce6a29b9
|
Return an SZArraySig, not an ArraySig
|
2012-11-20 02:18:18 +01:00 |
|
de4dot
|
5c2237b439
|
Remove useless property
|
2012-11-20 01:16:02 +01:00 |
|
de4dot
|
4658e911a2
|
Reset resource data positions
|
2012-11-20 01:15:27 +01:00 |
|
de4dot
|
d8e73e70e6
|
Use MetaDataHeader
|
2012-11-20 01:14:34 +01:00 |
|
de4dot
|
d9bc6ea480
|
Fix operand restorer
|
2012-11-20 01:14:05 +01:00 |
|
de4dot
|
969d41c089
|
Default name is CliSecure
|
2012-11-20 01:13:36 +01:00 |
|
de4dot
|
5ce21b18a7
|
Call IAssemblyResolver.Remove()
|
2012-11-20 01:13:18 +01:00 |
|
de4dot
|
5ad2e18695
|
Update code since submodule was updated
|
2012-11-19 17:58:34 +01:00 |
|
de4dot
|
c5f2043a6e
|
Port SmartAssembly deobfuscator
|
2012-11-18 17:07:02 +01:00 |
|
de4dot
|
cca8eba9ed
|
Port ILProtector deobfuscator
|
2012-11-18 08:13:51 +01:00 |
|
de4dot
|
db223d089b
|
Port MaxtoCode deobfuscator
|
2012-11-18 07:34:51 +01:00 |
|
de4dot
|
2e61a8a757
|
Move disposing of module to caller
The reason is that some deobfuscators require it to be non-disposed
when their reload() method is called.
|
2012-11-18 07:32:57 +01:00 |
|
de4dot
|
9a8218e68f
|
Add Logger.LogErrorDontIgnore()
|
2012-11-18 03:20:40 +01:00 |
|
de4dot
|
0e16e3e51b
|
Dispose() of all modules we don't need
|
2012-11-18 03:17:53 +01:00 |
|
de4dot
|
1c4b3a7382
|
Port Goliath.NET deobfuscator
|
2012-11-18 03:02:12 +01:00 |
|
de4dot
|
c596f5ddfc
|
Port Eazfuscator.NET deobfuscator
|
2012-11-18 01:09:07 +01:00 |
|
de4dot
|
33645432f1
|
Fix TypesRestorer porting bug
|
2012-11-18 00:20:07 +01:00 |
|
de4dot
|
e5ab5ee23c
|
Re-encrypt x86 methods if any (DNR v4.x)
|
2012-11-17 23:49:19 +01:00 |
|
de4dot
|
d52a1014ef
|
Port .NET Reactor v4.x deobfuscator
|
2012-11-17 18:57:36 +01:00 |
|
de4dot
|
413a032e0a
|
Port .NET Reactor v3.x deobfuscator
|
2012-11-17 15:46:02 +01:00 |
|
de4dot
|
7e1d16dafb
|
Clear RVA when resetting field type and initial value
|
2012-11-17 11:45:24 +01:00 |
|
de4dot
|
6a7ddbaa56
|
Update code; submodule was updated
|
2012-11-16 23:50:52 +01:00 |
|
de4dot
|
4be5776da7
|
Also add all methods found in VTableFixups
|
2012-11-16 20:52:10 +01:00 |
|
de4dot
|
0dc129d340
|
Fix renaming of non-external pinvoke methods
|
2012-11-16 02:15:36 +01:00 |
|
de4dot
|
686f9953fd
|
Also remove Spices.Net watermark attribute
|
2012-11-14 21:45:12 +01:00 |
|
de4dot
|
9e708ed4fd
|
Ignore req/opt modifiers
|
2012-11-14 21:44:57 +01:00 |
|
de4dot
|
475c597a60
|
Port Spices.Net deobfuscator
|
2012-11-14 19:29:29 +01:00 |
|
de4dot
|
445b68f4f5
|
Don't treat System.Void as a value type
|
2012-11-14 19:28:46 +01:00 |
|
de4dot
|
226d18dff7
|
Only set ILOnly if there are no native methods
|
2012-11-14 11:33:47 +01:00 |
|
de4dot
|
6d43a7d6ee
|
Update code since submodule was updated
|
2012-11-14 10:23:29 +01:00 |
|
de4dot
|
76d898a285
|
Keep extra PE data and keep orig Win32 resources
|
2012-11-13 07:45:34 +01:00 |
|
de4dot
|
8c228e6e70
|
Also preserve #Blob offsets when preserving MD tokens
|
2012-11-13 07:44:25 +01:00 |
|
de4dot
|
3bd00c99bc
|
Use NativeModuleWriterOptions when saving a mixed-mode assembly
|
2012-11-13 07:42:35 +01:00 |
|
de4dot
|
2f6e5badb1
|
Update code since submodule got updated
|
2012-11-12 22:06:13 +01:00 |
|
de4dot
|
ac9168599b
|
Use IPEImage.FindWin32ResourceData()
|
2012-11-12 04:40:48 +01:00 |
|
de4dot
|
3646bca56b
|
Align the numbers
|
2012-11-11 16:56:29 +01:00 |
|
de4dot
|
99b38ac22f
|
Don't Dispose() of the resource data reader
|
2012-11-11 14:46:00 +01:00 |
|
de4dot
|
c47039c2ef
|
Don't call logger.v() unless verbose log level is enabled
|
2012-11-11 11:37:40 +01:00 |
|
de4dot
|
5a9d76e8c7
|
Speed up DeepSea string decrypter detector
|
2012-11-11 07:54:26 +01:00 |
|
de4dot
|
b152362088
|
Update logger
- It's not static anymore
- It implements ILogger
- It can ignore errors/warnings but an option to disable it
|
2012-11-11 05:41:54 +01:00 |
|
de4dot
|
7b0ba43248
|
UTF8String was moved to DotNet ns. Fix code
|
2012-11-10 00:45:04 +01:00 |
|
de4dot
|
311a3c9c05
|
Remove now useless using statements
|
2012-11-10 00:02:11 +01:00 |
|
de4dot
|
73e15c0919
|
Change method sig to take a IPEImage instead of a PEImage
|
2012-11-09 11:34:23 +01:00 |
|
de4dot
|
d47a03f51a
|
Unpack CS packed files
|
2012-11-09 11:32:29 +01:00 |
|
de4dot
|
d00fcb79e4
|
Don't remove fields if we should keep all types
|
2012-11-09 02:15:28 +01:00 |
|
de4dot
|
3b740a4106
|
Port DeepSea deobfuscator
|
2012-11-09 00:21:45 +01:00 |
|
de4dot
|
5d25a499aa
|
Port CryptoObfuscator deobfuscator
|
2012-11-08 22:24:13 +01:00 |
|
de4dot
|
472d57ed0f
|
Use ModuleDefMD.GetAssemblyRef()
|
2012-11-08 11:26:14 +01:00 |
|
de4dot
|
f2f156dc40
|
Port CodeWall deobfuscator
|
2012-11-08 10:40:58 +01:00 |
|
de4dot
|
eb7d4c5f88
|
Use CreateStream() instead of creating a MemoryStream from a byte[]
|
2012-11-08 10:16:58 +01:00 |
|
de4dot
|
f6b5a3117f
|
Port CodeVeil deobfuscator
|
2012-11-08 09:48:05 +01:00 |
|
de4dot
|
10e83acebc
|
Port CodeFort deobfuscator
|
2012-11-08 07:43:57 +01:00 |
|
de4dot
|
4393df31d9
|
Update detection of CSVM asm ref
|
2012-11-08 07:07:02 +01:00 |
|
de4dot
|
f699017197
|
Port Babel.NET deobfuscator
|
2012-11-08 07:06:46 +01:00 |
|
de4dot
|
ce6659510e
|
Use ToGenericInstSig() ext method
|
2012-11-08 07:05:41 +01:00 |
|
de4dot
|
e600696182
|
Use IBinaryReader.ReadRemainingBytes()
|
2012-11-07 07:29:39 +01:00 |
|
de4dot
|
ab78e97423
|
Use the new name of this obfuscator
|
2012-11-07 05:47:33 +01:00 |
|