de4dot
|
d52a1014ef
|
Port .NET Reactor v4.x deobfuscator
|
2012-11-17 18:57:36 +01:00 |
|
de4dot
|
413a032e0a
|
Port .NET Reactor v3.x deobfuscator
|
2012-11-17 15:46:02 +01:00 |
|
de4dot
|
7e1d16dafb
|
Clear RVA when resetting field type and initial value
|
2012-11-17 11:45:24 +01:00 |
|
de4dot
|
6a7ddbaa56
|
Update code; submodule was updated
|
2012-11-16 23:50:52 +01:00 |
|
de4dot
|
4be5776da7
|
Also add all methods found in VTableFixups
|
2012-11-16 20:52:10 +01:00 |
|
de4dot
|
0dc129d340
|
Fix renaming of non-external pinvoke methods
|
2012-11-16 02:15:36 +01:00 |
|
de4dot
|
686f9953fd
|
Also remove Spices.Net watermark attribute
|
2012-11-14 21:45:12 +01:00 |
|
de4dot
|
9e708ed4fd
|
Ignore req/opt modifiers
|
2012-11-14 21:44:57 +01:00 |
|
de4dot
|
475c597a60
|
Port Spices.Net deobfuscator
|
2012-11-14 19:29:29 +01:00 |
|
de4dot
|
445b68f4f5
|
Don't treat System.Void as a value type
|
2012-11-14 19:28:46 +01:00 |
|
de4dot
|
226d18dff7
|
Only set ILOnly if there are no native methods
|
2012-11-14 11:33:47 +01:00 |
|
de4dot
|
6d43a7d6ee
|
Update code since submodule was updated
|
2012-11-14 10:23:29 +01:00 |
|
de4dot
|
76d898a285
|
Keep extra PE data and keep orig Win32 resources
|
2012-11-13 07:45:34 +01:00 |
|
de4dot
|
8c228e6e70
|
Also preserve #Blob offsets when preserving MD tokens
|
2012-11-13 07:44:25 +01:00 |
|
de4dot
|
3bd00c99bc
|
Use NativeModuleWriterOptions when saving a mixed-mode assembly
|
2012-11-13 07:42:35 +01:00 |
|
de4dot
|
2f6e5badb1
|
Update code since submodule got updated
|
2012-11-12 22:06:13 +01:00 |
|
de4dot
|
ac9168599b
|
Use IPEImage.FindWin32ResourceData()
|
2012-11-12 04:40:48 +01:00 |
|
de4dot
|
3646bca56b
|
Align the numbers
|
2012-11-11 16:56:29 +01:00 |
|
de4dot
|
99b38ac22f
|
Don't Dispose() of the resource data reader
|
2012-11-11 14:46:00 +01:00 |
|
de4dot
|
c47039c2ef
|
Don't call logger.v() unless verbose log level is enabled
|
2012-11-11 11:37:40 +01:00 |
|
de4dot
|
5a9d76e8c7
|
Speed up DeepSea string decrypter detector
|
2012-11-11 07:54:26 +01:00 |
|
de4dot
|
b152362088
|
Update logger
- It's not static anymore
- It implements ILogger
- It can ignore errors/warnings but an option to disable it
|
2012-11-11 05:41:54 +01:00 |
|
de4dot
|
7b0ba43248
|
UTF8String was moved to DotNet ns. Fix code
|
2012-11-10 00:45:04 +01:00 |
|
de4dot
|
311a3c9c05
|
Remove now useless using statements
|
2012-11-10 00:02:11 +01:00 |
|
de4dot
|
73e15c0919
|
Change method sig to take a IPEImage instead of a PEImage
|
2012-11-09 11:34:23 +01:00 |
|
de4dot
|
d47a03f51a
|
Unpack CS packed files
|
2012-11-09 11:32:29 +01:00 |
|
de4dot
|
d00fcb79e4
|
Don't remove fields if we should keep all types
|
2012-11-09 02:15:28 +01:00 |
|
de4dot
|
3b740a4106
|
Port DeepSea deobfuscator
|
2012-11-09 00:21:45 +01:00 |
|
de4dot
|
5d25a499aa
|
Port CryptoObfuscator deobfuscator
|
2012-11-08 22:24:13 +01:00 |
|
de4dot
|
472d57ed0f
|
Use ModuleDefMD.GetAssemblyRef()
|
2012-11-08 11:26:14 +01:00 |
|
de4dot
|
f2f156dc40
|
Port CodeWall deobfuscator
|
2012-11-08 10:40:58 +01:00 |
|
de4dot
|
eb7d4c5f88
|
Use CreateStream() instead of creating a MemoryStream from a byte[]
|
2012-11-08 10:16:58 +01:00 |
|
de4dot
|
f6b5a3117f
|
Port CodeVeil deobfuscator
|
2012-11-08 09:48:05 +01:00 |
|
de4dot
|
10e83acebc
|
Port CodeFort deobfuscator
|
2012-11-08 07:43:57 +01:00 |
|
de4dot
|
4393df31d9
|
Update detection of CSVM asm ref
|
2012-11-08 07:07:02 +01:00 |
|
de4dot
|
f699017197
|
Port Babel.NET deobfuscator
|
2012-11-08 07:06:46 +01:00 |
|
de4dot
|
ce6659510e
|
Use ToGenericInstSig() ext method
|
2012-11-08 07:05:41 +01:00 |
|
de4dot
|
e600696182
|
Use IBinaryReader.ReadRemainingBytes()
|
2012-11-07 07:29:39 +01:00 |
|
de4dot
|
ab78e97423
|
Use the new name of this obfuscator
|
2012-11-07 05:47:33 +01:00 |
|
de4dot
|
9c64165d15
|
Add a getDumpedMethod() method
|
2012-11-07 05:38:06 +01:00 |
|
de4dot
|
583d4201f5
|
Port Agile.NET deobfuscator
|
2012-11-07 05:17:45 +01:00 |
|
de4dot
|
cc1e36389d
|
Update resolve{Method,Field}() sigs with a more general arg type
|
2012-11-07 04:46:19 +01:00 |
|
de4dot
|
814c3d3944
|
Fix method decrypter
|
2012-11-07 04:45:36 +01:00 |
|
de4dot
|
b6537dc188
|
Fix lookup<T> method sigs
|
2012-11-07 04:45:05 +01:00 |
|
de4dot
|
6efb96740d
|
Update code since EntryPoint was renamed ManagedEntryPoint
|
2012-11-07 02:02:38 +01:00 |
|
de4dot
|
427ea38595
|
Port MPRESS unpacker
|
2012-11-07 01:52:15 +01:00 |
|
de4dot
|
d98d4b10bb
|
Add code to restore dumped methods
|
2012-11-07 01:15:52 +01:00 |
|
de4dot
|
4be7e4fe46
|
Initialize DumpedMethod.mdRVA
|
2012-11-07 00:26:36 +01:00 |
|
de4dot
|
001b67804f
|
Move DumpedMethod{,s} to de4dot.blocks namespace
|
2012-11-06 22:25:19 +01:00 |
|
de4dot
|
90ab31eda2
|
Port Rummage deobfuscator
|
2012-11-06 17:21:56 +01:00 |
|
de4dot
|
25cee0e206
|
Port Skater.NET deobfuscator
|
2012-11-06 17:15:11 +01:00 |
|
de4dot
|
19ed1ac219
|
Rename CliSecure -> Agile_NET
|
2012-11-06 16:38:39 +01:00 |
|
de4dot
|
c67c267c8e
|
Port Dotfuscator deobfuscator
|
2012-11-06 16:30:39 +01:00 |
|
de4dot
|
ac171e3f29
|
Fix code since CilBody/HasCilBody were renamed
|
2012-11-06 15:58:55 +01:00 |
|
de4dot
|
3ed2daebd1
|
Port Xenocode deobfuscator
|
2012-11-06 15:58:21 +01:00 |
|
de4dot
|
f5ec3e2a27
|
String can be empty so return early if so
|
2012-11-06 01:59:40 +01:00 |
|
de4dot
|
c8039d249e
|
Add more checks when input has lots of invalid metadata
|
2012-11-06 00:18:02 +01:00 |
|
de4dot
|
6d45a3499f
|
Fix porting mistakes
|
2012-11-05 19:21:33 +01:00 |
|
de4dot
|
ea001865c9
|
Rename FnPtr args, and also null type sigs params
|
2012-11-05 02:42:48 +01:00 |
|
de4dot
|
2aedcc730c
|
Preserve tokens if necessary
|
2012-11-04 23:24:12 +01:00 |
|
de4dot
|
c9f1f8073e
|
MethodDef.Parameters contains the hidden 'this' param, so add some fixes to old code
|
2012-11-04 22:41:45 +01:00 |
|
de4dot
|
6a8e8dcb78
|
Initialize loaded modules' module context
|
2012-11-04 20:06:58 +01:00 |
|
de4dot
|
d5838aa6c2
|
Use the IModuleWriterListener interface
|
2012-11-04 19:40:36 +01:00 |
|
de4dot
|
f4ce67d836
|
Remove useless class and fix a porting todo
|
2012-11-04 13:25:14 +01:00 |
|
de4dot
|
83cb59718a
|
Move GenericArgsSubstitutor and add more methods
|
2012-11-04 12:13:13 +01:00 |
|
de4dot
|
f7f424efe7
|
Remove more "#if PORT"
|
2012-11-04 11:50:10 +01:00 |
|
de4dot
|
9376aa0de5
|
Rename method return parameters
|
2012-11-04 11:45:04 +01:00 |
|
de4dot
|
7ba4905cc7
|
Port more code, including renamer
|
2012-11-04 01:05:52 +01:00 |
|
de4dot
|
db6875859a
|
Port more code
|
2012-11-03 22:49:52 +01:00 |
|
de4dot
|
9b6c698dc1
|
Port some code
|
2012-11-02 22:53:24 +01:00 |
|
de4dot
|
89cd55a071
|
Port more code
|
2012-11-02 20:10:34 +01:00 |
|
de4dot
|
00177034b9
|
Rename cecil names; add new MemberRefFinder class
|
2012-11-02 16:08:11 +01:00 |
|
de4dot
|
65e6887fbc
|
Port more code; remove cecil refs
|
2012-11-02 08:28:39 +01:00 |
|
de4dot
|
70916173f3
|
Update code since dot10 was updated
|
2012-11-02 07:36:02 +01:00 |
|
de4dot
|
24c43d5a66
|
Port some more code
|
2012-11-01 21:09:09 +01:00 |
|
de4dot
|
4c8ba1edf3
|
Merge branch 'master' into confuser
|
2012-11-01 16:43:08 +01:00 |
|
de4dot
|
1341cc7199
|
Port more code
|
2012-11-01 16:42:02 +01:00 |
|
de4dot
|
3b6ef4fa1f
|
Port more code
|
2012-11-01 14:39:39 +01:00 |
|
de4dot
|
c5d183983b
|
Port more code
|
2012-11-01 11:28:09 +01:00 |
|
de4dot
|
eeef8a2580
|
Use dot10.PE
|
2012-11-01 07:51:08 +01:00 |
|
de4dot
|
04e1568c61
|
Port ConstantsReader
|
2012-10-31 17:09:58 +01:00 |
|
de4dot
|
6f73696cc5
|
Port .....
|
2012-10-31 16:54:20 +01:00 |
|
de4dot
|
ee7826576c
|
Sort project file
|
2012-10-31 13:48:12 +01:00 |
|
de4dot
|
0b9f188353
|
Check for null
|
2012-10-14 10:30:38 +02:00 |
|
de4dot
|
95d49c5b9e
|
Add more assembly search paths
|
2012-09-20 05:57:16 +02:00 |
|
de4dot
|
d29ac1a4cf
|
Check for generic params in all generic arguments too
|
2012-09-19 22:51:49 +02:00 |
|
de4dot
|
c4e9097a4e
|
Add the latest rev
|
2012-09-09 08:47:22 +02:00 |
|
de4dot
|
565bc1ca5b
|
Add 2 more revs
|
2012-09-06 08:43:36 +02:00 |
|
de4dot
|
88d3dcc062
|
Merge branch 'master' into confuser
|
2012-09-01 23:52:42 +02:00 |
|
de4dot
|
c67b3c3a66
|
Add 2 more revisions
|
2012-09-01 23:47:47 +02:00 |
|
de4dot
|
13a5fd8ff0
|
Add a fix for when type.Scope is null
|
2012-08-31 00:24:42 +02:00 |
|
de4dot
|
563877a62f
|
Add another revision
|
2012-08-30 04:14:09 +02:00 |
|
de4dot
|
30a73371c8
|
Fat header type is encoded in the lower 3 bits
|
2012-08-23 12:02:09 +02:00 |
|
de4dot
|
a34b3f7855
|
Support latest CO build
|
2012-08-22 18:33:27 +02:00 |
|
de4dot
|
ea7885c028
|
Merge branch 'master' into confuser
Conflicts:
de4dot.code/de4dot.code.csproj
|
2012-08-22 06:31:20 +02:00 |
|
de4dot
|
f1a725cd19
|
Restore MaxStack
|
2012-08-21 20:17:35 +02:00 |
|
de4dot
|
58b1b27c69
|
Use correct upper limit in loop, and return false on failure...
|
2012-08-21 20:17:21 +02:00 |
|
de4dot
|
3b9ba16df6
|
Make restoreMethod() virtual
|
2012-08-21 20:14:43 +02:00 |
|
de4dot
|
2c68ae14ee
|
New version: 1.9.1
|
2012-08-21 15:40:23 +02:00 |
|
de4dot
|
64cc8e3856
|
Decrypt CO encrypted methods
|
2012-08-21 15:40:06 +02:00 |
|
de4dot
|
0a5973e541
|
Update detection of CO types
|
2012-08-21 15:06:42 +02:00 |
|
de4dot
|
957a8ab8dd
|
Move method to new CoUtils class
|
2012-08-21 15:04:40 +02:00 |
|
de4dot
|
729780c235
|
Update MethodBodyReaderBase
- Change field types to IList<T>
- Add restoreMethod()
- Add readInstructionsNumBytes()
|
2012-08-21 14:59:46 +02:00 |
|
de4dot
|
db9e5c412c
|
Add the latest revision number
|
2012-08-18 08:37:03 +02:00 |
|
de4dot
|
6bf54bbae2
|
Use version from ConfusedBy attribute on module/asm to narrow down the detected version
|
2012-08-16 01:12:10 +02:00 |
|
de4dot
|
9e4fa4511b
|
Merge branch 'master' into confuser
|
2012-08-16 01:06:13 +02:00 |
|
de4dot
|
bfcd42804e
|
Add getModuleAttribute()
|
2012-08-15 19:33:57 +02:00 |
|
de4dot
|
f571a7ec22
|
Merge branch 'master' into confuser
|
2012-08-13 02:00:03 +02:00 |
|
de4dot
|
1768de1d6b
|
Remove earlyDetect()
|
2012-08-13 00:54:46 +02:00 |
|
de4dot
|
b5aebd4731
|
Set ILOnly flag in .NET header
|
2012-08-12 02:52:48 +02:00 |
|
de4dot
|
4b9ee54409
|
Return string decrypter method tokens
|
2012-08-12 02:47:03 +02:00 |
|
de4dot
|
0d04bef305
|
Log the returned revisions
|
2012-08-12 00:38:26 +02:00 |
|
de4dot
|
5376c74919
|
Detect anti dump version
|
2012-08-11 22:55:48 +02:00 |
|
de4dot
|
f7c1676d1d
|
Detect anti debugger version
|
2012-08-11 22:55:41 +02:00 |
|
de4dot
|
0d9c298dcb
|
Move methods
|
2012-08-11 22:34:08 +02:00 |
|
de4dot
|
77b8b0f471
|
Let's use this variable...
|
2012-08-11 04:55:49 +02:00 |
|
de4dot
|
3837ec8e1b
|
Update detection of compressor
|
2012-08-11 04:15:29 +02:00 |
|
de4dot
|
e9125616b9
|
Remember detected compressor version
|
2012-08-11 01:15:25 +02:00 |
|
de4dot
|
ed919ee528
|
Update detection of compressor version
|
2012-08-11 00:37:19 +02:00 |
|
de4dot
|
965bf1f2e6
|
Detect Confuser 1.8 r75369 proxy methods creator
|
2012-08-10 23:19:30 +02:00 |
|
de4dot
|
e256ecfa9a
|
Detect Confuser 1.7 r73479 proxy methods creator
|
2012-08-10 23:19:30 +02:00 |
|
de4dot
|
1fffd44a2a
|
Detect Confuser 1.6 r70489 proxy methods creator
|
2012-08-10 23:19:29 +02:00 |
|
de4dot
|
30f6771541
|
Detect Confuser 1.6 r66631 proxy methods creator
|
2012-08-10 23:19:28 +02:00 |
|
de4dot
|
9cf4887061
|
Detect Confuser 1.4 r58802 proxy methods creator
|
2012-08-10 23:19:28 +02:00 |
|
de4dot
|
e3e051b876
|
Detect Confuser 1.3 r55604 proxy methods creator
|
2012-08-10 23:19:21 +02:00 |
|
de4dot
|
b647b59fad
|
Detect Confuser 1.3 r55346 proxy methods creator
|
2012-08-10 21:29:15 +02:00 |
|
de4dot
|
b3b3f222cf
|
Use the greatest version we find
|
2012-08-10 21:29:15 +02:00 |
|
de4dot
|
2a283b922b
|
Detect Confuser 1.2 r54564 proxy methods creator
|
2012-08-10 21:29:03 +02:00 |
|
de4dot
|
35ddd30e08
|
Detect Confuser 1.1 r50378 proxy methods creator
|
2012-08-10 20:43:11 +02:00 |
|
de4dot
|
be29d8aed2
|
Detect Confuser 1.0 r42919 proxy methods creator
|
2012-08-10 20:14:47 +02:00 |
|
de4dot
|
612aeec0ab
|
Detect Confuser 1.7 r73566 compressor
|
2012-08-10 17:47:59 +02:00 |
|
de4dot
|
dfad2421b2
|
Detect Confuser 1.4 r57778 compressor
|
2012-08-10 17:25:04 +02:00 |
|
de4dot
|
12f7034894
|
Detect Confuser 1.0 r48717 compressor
|
2012-08-10 17:20:32 +02:00 |
|
de4dot
|
731d7bcb73
|
Support Confuser 1.7 r74021 constants encrypter (dynamic mode)
|
2012-08-10 17:00:55 +02:00 |
|
de4dot
|
d7eb818203
|
Detect Confuser 1.7 r74021 constants encrypter
|
2012-08-10 16:45:26 +02:00 |
|
de4dot
|
7984c94522
|
Detect Confuser 1.7 r72989 constants encrypter
|
2012-08-10 16:29:24 +02:00 |
|
de4dot
|
80f2a08ff1
|
Add latest rev
|
2012-08-10 15:51:58 +02:00 |
|
de4dot
|
7aa2a157d0
|
Detect Confuser 1.9 r75725 methods encrypter (JIT)
|
2012-08-10 04:12:20 +02:00 |
|
de4dot
|
754c5a1400
|
Detect Confuser 1.8 r75291 methods encrypter (JIT)
|
2012-08-10 03:46:14 +02:00 |
|
de4dot
|
29448fe3cb
|
Detect Confuser 1.8 r75288 methods encrypter (JIT)
|
2012-08-10 03:39:37 +02:00 |
|
de4dot
|
2f19f876f7
|
Detect Confuser 1.8 r75257 methods encrypter
|
2012-08-10 03:29:38 +02:00 |
|
de4dot
|
3b6e56f3e4
|
Detect Confuser 1.7 r73430 methods encrypter
|
2012-08-10 03:21:58 +02:00 |
|
de4dot
|
9d386c528c
|
Detect Confuser 1.9 r75725 methods encrypter
|
2012-08-10 02:55:43 +02:00 |
|
de4dot
|
f998afd74e
|
Detect Confuser 1.8 r75288 methods encrypter
|
2012-08-10 02:47:12 +02:00 |
|
de4dot
|
88d9a26333
|
Detect Confuser 1.7 r72989 methods encrypter
|
2012-08-10 02:33:10 +02:00 |
|
de4dot
|
ca4fc5566a
|
Detect Confuser 1.4 r58852 methods decrypter
|
2012-08-10 02:08:35 +02:00 |
|
de4dot
|
c437a9fa8a
|
Fix maxRev
|
2012-08-09 23:32:11 +02:00 |
|
de4dot
|
3c4ec53cd5
|
Add RIP comment
|
2012-08-09 23:06:12 +02:00 |
|
de4dot
|
030b35696b
|
Update printing of version number
- Don't print + after revision if it's the latest revision
- Don't print + after version if it's the latest version
|
2012-08-09 18:27:31 +02:00 |
|
de4dot
|
95b6041788
|
Use the correct file extension when saving the main module
|
2012-08-09 14:14:15 +02:00 |
|
de4dot
|
291040abfe
|
Detect and print Confuser version
|
2012-08-09 12:05:16 +02:00 |
|
de4dot
|
d92ff23740
|
Detect Confuser 1.3 r55604 safe string encrypter
|
2012-08-09 11:34:27 +02:00 |
|
de4dot
|
72c22d7566
|
Add missing init call and rename methods
|
2012-08-09 01:20:58 +02:00 |
|
de4dot
|
752b28dc4c
|
Add space
|
2012-08-08 22:29:44 +02:00 |
|
de4dot
|
4993fd8700
|
Fix bug
|
2012-08-08 21:36:58 +02:00 |
|
de4dot
|
0ae0e17bb1
|
Support Confuser 1.9 r76119 anti debugger
|
2012-08-08 21:32:15 +02:00 |
|
de4dot
|
4be2145cb6
|
Support Confuser 1.9 r76101 proxy methods
|
2012-08-08 21:22:00 +02:00 |
|
de4dot
|
81e879e494
|
Update version numbers
|
2012-08-08 18:34:59 +02:00 |
|
de4dot
|
95cca2aded
|
Update version numbers
|
2012-08-08 18:34:37 +02:00 |
|
de4dot
|
4ca36a4250
|
Update version numbers
|
2012-08-08 18:34:24 +02:00 |
|
de4dot
|
5e2572a201
|
Update version numbers
|
2012-08-08 18:04:57 +02:00 |
|
de4dot
|
876c13c08a
|
Rename proxy method class
|
2012-08-08 17:40:24 +02:00 |
|
de4dot
|
a2798908b0
|
Merge other proxy method class with the V10 one
|
2012-08-08 17:38:38 +02:00 |
|
de4dot
|
94acbc7131
|
Detect Confuser 1.8 r75367 compressor
|
2012-08-08 14:44:01 +02:00 |
|
de4dot
|
edac6b1a91
|
Use the original module name, if available
|
2012-08-08 14:41:16 +02:00 |
|
de4dot
|
06d00f0588
|
Add comment
|
2012-08-08 14:32:41 +02:00 |
|
de4dot
|
536062ae39
|
Update detection of compressor modulus
|
2012-08-08 14:31:13 +02:00 |
|
de4dot
|
09e20597f8
|
Support Confuser 1.8 r75367 constants encrypter
|
2012-08-08 14:30:46 +02:00 |
|
de4dot
|
21deab4ee7
|
Support Confuser 1.8 r75367 resource encrypter
|
2012-08-08 12:14:54 +02:00 |
|
de4dot
|
efb828ac90
|
Rename class
|
2012-08-08 01:33:26 +02:00 |
|
de4dot
|
31832a15bb
|
Add RIP comment
|
2012-08-08 01:29:43 +02:00 |
|
de4dot
|
81ef7215ce
|
Set default key size
|
2012-08-08 01:19:29 +02:00 |
|
de4dot
|
d37643217f
|
Support Confuser 1.7 r75257 constants encrypter
|
2012-08-07 21:57:14 +02:00 |
|
de4dot
|
1bd7632b2c
|
Detect Confuser 1.7 r75184 compressor
|
2012-08-07 19:52:53 +02:00 |
|
de4dot
|
ade379c20b
|
Support Confuser 1.7 r75076 compressor (lzma)
|
2012-08-07 19:47:09 +02:00 |
|
de4dot
|
a27bd9339e
|
Add 7zip SDK C# files
|
2012-08-07 18:51:23 +02:00 |
|
de4dot
|
774e2e1880
|
Support Confuser 1.7 r75056 constants encrypter
|
2012-08-07 17:51:43 +02:00 |
|
de4dot
|
860dd5a0f5
|
Detect Confuser 1.7 r74816 constants encrypter
|
2012-08-07 17:28:53 +02:00 |
|
de4dot
|
64b48ec315
|
Support Confuser 1.7 r74788 constants encrypter
|
2012-08-07 15:26:16 +02:00 |
|
de4dot
|
6baa3f0e2f
|
Support Confuser 1.7 r74708 constants encrypter
|
2012-08-07 14:40:51 +02:00 |
|
de4dot
|
9db99626f2
|
Refactor
|
2012-08-05 20:25:43 +02:00 |
|
de4dot
|
ab57733ae4
|
Detect Confuser 1.7 r74708 proxy method handlers
|
2012-08-05 12:46:59 +02:00 |
|
de4dot
|
923fb1f9ca
|
Call the correct ctor
|
2012-08-05 04:42:59 +02:00 |
|
de4dot
|
926d53885e
|
Support Confuser 1.7 r74021 JIT methods encrypter
|
2012-08-05 02:38:23 +02:00 |
|
de4dot
|
f65715cac8
|
Add some comments
|
2012-08-05 02:37:31 +02:00 |
|
de4dot
|
a3dbf5273d
|
Support Confuser 1.7 r73822 constants encrypter
|
2012-08-05 02:07:43 +02:00 |
|
de4dot
|
9ba6594278
|
Rename variable
|
2012-08-05 02:06:19 +02:00 |
|
de4dot
|
48ea288574
|
Support Confuser 1.7 r73822 resource encrypter
|
2012-08-05 01:57:36 +02:00 |
|
de4dot
|
5ded502104
|
Remove invalid asm ref added by Confuser 1.7 r73764
|
2012-08-04 11:21:52 +02:00 |
|
de4dot
|
13d0cff55b
|
Support Confuser 1.7 r73764 constants encrypter
|
2012-08-04 11:01:24 +02:00 |
|
de4dot
|
bc1a3e5ece
|
Support Confuser 1.7 r73740 proxy methods
|
2012-08-04 09:26:13 +02:00 |
|
de4dot
|
ed3b6607da
|
Support Confuser 1.7 r73740 constants encrypter (dynamic mode)
|
2012-08-04 09:20:42 +02:00 |
|
de4dot
|
cc1eeccaf9
|
Support Confuser 1.7 r73740 native methods
|
2012-08-04 09:16:06 +02:00 |
|
de4dot
|
2a68e3d27c
|
Add a comment
|
2012-08-03 23:49:18 +02:00 |
|
de4dot
|
82dd08b348
|
Support Confuser 1.7 r73479 methods encrypter
|
2012-08-03 23:30:31 +02:00 |
|
de4dot
|
00d27a89f6
|
Support Confuser 1.7 r73477 compressor
|
2012-08-03 22:55:11 +02:00 |
|
de4dot
|
2c33d80ccc
|
Support netmodules
|
2012-08-03 20:24:14 +02:00 |
|
de4dot
|
1646786bc5
|
Fix bug in reading code + extra sections
|
2012-08-03 19:36:40 +02:00 |
|
de4dot
|
68e5ef766c
|
Merge branch 'master' into confuser
|
2012-08-03 17:58:09 +02:00 |
|
de4dot
|
47a3034259
|
Call method later
|
2012-08-03 17:57:45 +02:00 |
|
de4dot
|
c913b6929a
|
Support Confuser 1.7 r73477 methods encrypter
|
2012-08-03 00:28:28 +02:00 |
|
de4dot
|
642b59667c
|
Move key init code to a new method
|
2012-08-02 22:08:29 +02:00 |
|
de4dot
|
b333cc32da
|
Rename arg
|
2012-08-02 21:57:47 +02:00 |
|
de4dot
|
4800755e47
|
Merge branch 'master' into confuser
|
2012-08-02 19:53:36 +02:00 |
|
de4dot
|
b455ae8dab
|
Fix arg name
|
2012-08-02 19:53:30 +02:00 |
|
de4dot
|
c4608df16f
|
Support Confuser 1.7 r73404 compressor
|
2012-08-02 19:53:15 +02:00 |
|
de4dot
|
343ed177bb
|
Support Confuser 1.7 r73404 constants encrypter
|
2012-08-02 19:14:35 +02:00 |
|
de4dot
|
7a77421c0e
|
Move method
|
2012-08-02 19:13:42 +02:00 |
|
de4dot
|
13420b80eb
|
Support Confuser 1.7 r73404 resource encrypter
|
2012-08-02 18:26:01 +02:00 |
|
de4dot
|
b5ef7a7b12
|
Rename proxy class to ...V10
|
2012-08-02 17:23:16 +02:00 |
|
de4dot
|
1f4ec139db
|
Support Confuser 1.7 r73404 methods encrypter
|
2012-08-02 17:01:14 +02:00 |
|
de4dot
|
e1758ddbb0
|
Support Confuser 1.6 r71742 methods decrypter
|
2012-08-02 11:12:20 +02:00 |
|
de4dot
|
8473253aa6
|
Support Confuser 1.5 r60785 compressor
|
2012-08-02 08:40:52 +02:00 |
|
de4dot
|
3d28201159
|
Add support for Confuser 1.5 r60785 constants encrypter (dynamic mode)
|
2012-08-02 08:11:21 +02:00 |
|
de4dot
|
1f9514e168
|
Move const reader and decrypt method
|
2012-08-02 08:08:50 +02:00 |
|
de4dot
|
1d5b341ed6
|
Return if invalid index
|
2012-08-02 08:07:26 +02:00 |
|
de4dot
|
6e262eb621
|
Add support for Confuser 1.5 r60785 constants encrypter (normal mode)
|
2012-08-01 22:38:57 +02:00 |
|
de4dot
|
d888ffd8e5
|
Merge branch 'master' into confuser
|
2012-08-01 22:20:47 +02:00 |
|
de4dot
|
e496cea7da
|
Add an option to remove a present unbox.any instr
|
2012-08-01 22:20:35 +02:00 |
|
de4dot
|
b45060d35a
|
Add RIP comment
|
2012-08-01 18:10:15 +02:00 |
|
de4dot
|
7f3399a9c4
|
Remove unreachable code
|
2012-08-01 18:09:58 +02:00 |
|
de4dot
|
4a3104963c
|
Fix cast
|
2012-08-01 18:09:24 +02:00 |
|
de4dot
|
d3c75288e7
|
Support Confuser 1.5a r59014 methods decrypter
|
2012-08-01 15:00:47 +02:00 |
|
de4dot
|
11ff8a55b1
|
Support Confuser 1.4 r58857 proxy methods
|
2012-08-01 14:24:45 +02:00 |
|
de4dot
|
910472ad04
|
Support Confuser 1.4 r58852 compressor
|
2012-08-01 14:05:29 +02:00 |
|
de4dot
|
99f0f8f480
|
Don't return main asm if it hasn't been unpacked
|
2012-08-01 13:48:41 +02:00 |
|
de4dot
|
4a6c6fee68
|
Update method name
|
2012-08-01 13:37:43 +02:00 |
|
de4dot
|
60cc3c7909
|
Update detection of key
|
2012-08-01 13:36:12 +02:00 |
|
de4dot
|
7e19539a61
|
Add code to handle an obfuscator bug
|
2012-08-01 13:03:36 +02:00 |
|
de4dot
|
b60eca8ae2
|
Add an option to only dump the main embedded asm
|
2012-08-01 12:37:26 +02:00 |
|
de4dot
|
002da4602a
|
Support Confuser 1.4 r58802 compressor and dump embedded asms
|
2012-08-01 11:41:31 +02:00 |
|
de4dot
|
8477e79b88
|
Move code to ConfuserUtils
|
2012-08-01 11:40:15 +02:00 |
|
de4dot
|
7b3cb1e007
|
Support Confuser 1.4 r58802 method proxies
|
2012-08-01 10:01:26 +02:00 |
|
de4dot
|
6953760ffc
|
Change Confuser type from cn to cr
'cr' is what the author of Confuser uses.
|
2012-08-01 09:18:06 +02:00 |
|
de4dot
|
17db2d332e
|
Support Confuser 1.4 r58802 string decrypter
|
2012-08-01 09:13:47 +02:00 |
|
de4dot
|
c2d56bd8d1
|
Fix compatibility with later v1.9 decrypter
|
2012-08-01 09:11:25 +02:00 |
|
de4dot
|
c652d49353
|
Remove Confuser 1.4 r58564 anti dumping type
|
2012-07-31 20:05:52 +02:00 |
|
de4dot
|
3e49c0bfa5
|
Support Confuser 1.4 r58564 compressor
|
2012-07-31 19:56:10 +02:00 |
|
de4dot
|
d99133658c
|
Support Confuser 1.4 r58564 proxy methods
|
2012-07-31 19:12:35 +02:00 |
|
de4dot
|
2a96ec9958
|
Support Confuser 1.4 r58564 methods encrypter
|
2012-07-31 17:17:16 +02:00 |
|
de4dot
|
17495e986f
|
Support Confuser 1.4 r58004 methods encrypter
|
2012-07-31 15:03:18 +02:00 |
|
de4dot
|
433a0d2b0a
|
Check for encrypted methods in moduleReloaded()
|
2012-07-31 14:25:40 +02:00 |
|
de4dot
|
a4be159b44
|
Support Confuser 1.4 r57884 methods encrypter
|
2012-07-31 14:24:49 +02:00 |
|
de4dot
|
9db8fc86a7
|
Merge branch 'master' into confuser
|
2012-07-31 12:51:33 +02:00 |
|
de4dot
|
9cbbea2c01
|
Use a better resource key
|
2012-07-31 12:50:55 +02:00 |
|
de4dot
|
c005ab2998
|
Check for div by zero
|
2012-07-31 12:43:23 +02:00 |
|
de4dot
|
ab04a72990
|
Update version number
|
2012-07-31 12:42:41 +02:00 |
|
de4dot
|
995e836fd8
|
Remove Confuser 1.3 r57588 anti debug method
|
2012-07-31 10:52:25 +02:00 |
|
de4dot
|
bb9e4cbf26
|
Remove resources with an invalid RVA
|
2012-07-31 10:41:20 +02:00 |
|
de4dot
|
4b2da13972
|
Decrypt encrypted strings resource before initializing string decrypter
|
2012-07-31 10:09:45 +02:00 |
|
de4dot
|
f370824a46
|
Make sure we only decrypt resources once
|
2012-07-31 10:08:46 +02:00 |
|
de4dot
|
b517755607
|
Support Confuser 1.3 r55802 resource encrypter
|
2012-07-31 10:00:46 +02:00 |
|
de4dot
|
a2038f348e
|
Support Confuser 1.3 r42915 "safe" string decrypter
|
2012-07-31 09:14:06 +02:00 |
|
de4dot
|
be9c95a759
|
Support Confuser 1.3 r55346's latest proxy methods code
|
2012-07-31 07:30:21 +02:00 |
|
de4dot
|
1f2de674f7
|
Support an updated Confuser proxy methods code
|
2012-07-31 07:15:38 +02:00 |
|
de4dot
|
4c5f955953
|
Merge branch 'master' into confuser
|
2012-07-31 07:13:25 +02:00 |
|
de4dot
|
dace82cca9
|
Add find2() method for derived classes
|
2012-07-31 07:13:07 +02:00 |
|
de4dot
|
4f4af7a44a
|
Support newer Confuser 1.0 and 1.1 string decrypters
|
2012-07-31 05:47:49 +02:00 |
|
de4dot
|
afb205aeea
|
Update detection of compressor
|
2012-07-31 04:44:45 +02:00 |
|
de4dot
|
83706f40a8
|
Update proxy fixer v1
|
2012-07-31 04:44:30 +02:00 |
|
de4dot
|
ed9849313a
|
Merge branch 'master' into confuser
|
2012-07-31 04:41:09 +02:00 |
|
de4dot
|
329efd9a0f
|
Add code to let a derived class to push new values
|
2012-07-31 04:40:45 +02:00 |
|
de4dot
|
87a8052cbe
|
Declaring type is null if it's already been removed
|
2012-07-31 04:40:06 +02:00 |
|
de4dot
|
6be691ab6d
|
Increment errors if there's an exception
|
2012-07-31 04:39:34 +02:00 |
|
de4dot
|
1683c3ac1b
|
Update constants folder to support r8 values
|
2012-07-31 01:16:50 +02:00 |
|
de4dot
|
312a2fe063
|
Merge branch 'master' into confuser
|
2012-07-31 01:15:52 +02:00 |
|
de4dot
|
06b7374276
|
Add support for reading r8 values. Also rename some methods
|
2012-07-31 01:14:38 +02:00 |
|
de4dot
|
e657db9c8c
|
Support methods proxy in Confuser 1.0 r48717
|
2012-07-30 18:00:00 +02:00 |
|
de4dot
|
4a6713b728
|
Update detection of proxy fixer
|
2012-07-30 17:57:24 +02:00 |
|
de4dot
|
2e99bac40c
|
Unpack compressed Confuser assemblies
|
2012-07-30 14:11:04 +02:00 |
|
de4dot
|
7321e51a78
|
Decrypt Confuser 1.0 encrypted strings
|
2012-07-30 10:28:11 +02:00 |
|
de4dot
|
498316d2a2
|
Merge branch 'master' into confuser
|
2012-07-30 10:27:06 +02:00 |
|
de4dot
|
11256d6e76
|
Make property public
|
2012-07-30 10:26:49 +02:00 |
|
de4dot
|
833a4bdd42
|
Merge branch 'master' into confuser
|
2012-07-30 09:19:25 +02:00 |
|
de4dot
|
85ce802131
|
Add Confuser 1.0 proxy call fixer
|
2012-07-30 09:19:17 +02:00 |
|
de4dot
|
83b805adc3
|
Move methods
|
2012-07-30 09:17:22 +02:00 |
|
de4dot
|
1e7be5c619
|
Make method static
|
2012-07-30 09:13:51 +02:00 |
|
de4dot
|
b33c2834df
|
Don't deobfuscate cflow unless the method sig is void name()
|
2012-07-30 09:13:17 +02:00 |
|
de4dot
|
fb47689f58
|
Decrypt Confuser encrypted methods (memory)
|
2012-07-29 20:04:35 +02:00 |
|
de4dot
|
0eaa1466fb
|
Move common code to a base class
|
2012-07-29 20:02:12 +02:00 |
|
de4dot
|
d987fbe279
|
Merge branch 'master' into confuser
|
2012-07-29 18:14:25 +02:00 |
|
de4dot
|
b2d72b153f
|
Ignore exceptions when calling detect()
Most likely invalid code and/or metadata, which usually means it's still
encrypted.
|
2012-07-29 18:12:29 +02:00 |
|
de4dot
|
5b026a0d05
|
Add null check
|
2012-07-29 14:26:57 +02:00 |
|
de4dot
|
e225a342ae
|
Support type=dynamic const decryption
|
2012-07-29 14:23:27 +02:00 |
|
de4dot
|
5d1aefec16
|
Merge branch 'master' into confuser
|
2012-07-29 14:21:45 +02:00 |
|
de4dot
|
de8090df61
|
Add setConstant methods
|
2012-07-29 14:21:13 +02:00 |
|
de4dot
|
f20b2e648b
|
Fix detection when numeric const encryption is enabled
|
2012-07-29 13:24:50 +02:00 |
|
de4dot
|
892116ad63
|
Add ConstantsInliner class
|
2012-07-29 13:22:36 +02:00 |
|
de4dot
|
7c4994f624
|
Merge branch 'master' into confuser
|
2012-07-29 13:21:03 +02:00 |
|
de4dot
|
c924d84340
|
Add another decrypt() method
|
2012-07-29 13:20:35 +02:00 |
|
de4dot
|
c3c1ab64d8
|
Add setDeobfuscator() method
|
2012-07-29 13:19:12 +02:00 |
|
de4dot
|
2274ceeee4
|
Support the normal const decrypter
|
2012-07-29 10:17:05 +02:00 |
|
de4dot
|
24337f2a70
|
Merge branch 'master' into confuser
|
2012-07-29 09:49:55 +02:00 |
|
de4dot
|
f07f664553
|
Don't cast to a possible value type when result can be null
|
2012-07-29 09:49:00 +02:00 |
|
de4dot
|
ae63a63d20
|
Remove unecessary code
|
2012-07-28 21:28:27 +02:00 |
|
de4dot
|
db5c6fcf26
|
Decrypt Confuser encrypted constants
|
2012-07-28 04:45:27 +02:00 |
|
de4dot
|
b2ad946425
|
Merge branch 'master' into confuser
|
2012-07-28 04:39:30 +02:00 |
|
de4dot
|
cb6a3ac503
|
Support generic decrypter methods
|
2012-07-28 04:39:14 +02:00 |
|
de4dot
|
a2c8e99b3f
|
Ignore any exceptions during deobfuscation
|
2012-07-28 04:18:11 +02:00 |
|
de4dot
|
839684685e
|
Assume invalid code so check for null
|
2012-07-27 21:38:03 +02:00 |
|