monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,991 Commits 2 Branches 1 Tag 5 MiB
2581da1c26
Commit Graph

1991 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
de4dot
b530c1a313 Add isSystemObject() method 2011-10-31 19:39:00 +01:00
de4dot
1eedf7cb3e Update if expr. It was wrong 2011-10-31 19:38:36 +01:00
de4dot
cbf37e8732 Move getLocalVar() and add getArgType() 2011-10-31 19:37:26 +01:00
de4dot
5185dc8364 Throw if PInvokeInfo is null. The type was probably removed. 2011-10-31 00:18:11 +01:00
de4dot
6b04c23036 Update decrypter and version detecter code 2011-10-31 00:09:38 +01:00
de4dot
11781b2875 Check for null methods 2011-10-31 00:08:38 +01:00
de4dot
35005a1a51 getStringDecrypterMethods() now adds all string decrypter methods 2011-10-30 19:28:13 +01:00
de4dot
0ddbe16349 Update DNR version number detection code 2011-10-30 06:15:52 +01:00
de4dot
7505f6096f Clear deobfuscation flags when reloading module 2011-10-30 06:14:22 +01:00
de4dot
2ede24598d Detect DNR version 2011-10-29 20:28:29 +02:00
de4dot
efe98949b1 Minor updates 2011-10-29 20:26:59 +02:00
de4dot
37a64f77f2 Index should be set to instruction before we broke out of the loop 2011-10-29 20:25:41 +02:00
de4dot
b57c93eae4 Update DNR methods decrypter code 2011-10-29 03:39:32 +02:00
de4dot
040410d7ce Methods decrypter method could be null 2011-10-29 03:39:08 +02:00
de4dot
def4072bc5 Move array finder code to a new ArrayFinder class 2011-10-29 03:38:09 +02:00
de4dot
0a8d772c22 Decrypt methods sent to the JITter 2011-10-29 02:27:34 +02:00
de4dot
c4d6ba9ae9 Some minor updates 2011-10-29 02:25:31 +02:00
de4dot
3b87ab1294 Update getDecryptedModule() so it can return dumped methods 2011-10-29 02:23:48 +02:00
de4dot
a6dcd03d26 Allow passing dumped methods to reload() 2011-10-29 02:22:36 +02:00
de4dot
0e70d020b4 Add .NET metadata reader (ported from C++) 2011-10-29 02:20:44 +02:00
de4dot
89f90d3e75 Make sure publicKeyToken.Length > 0 2011-10-28 01:44:15 +02:00
de4dot
699ac4378d Support older string decrypter method and detect older methods decrypter 2011-10-28 01:33:05 +02:00
de4dot
eb002895e1 Don't throw if we can't find all method args in the same block 2011-10-28 01:28:08 +02:00
de4dot
deda2d5d60 Handle case where try handler block is before try block 2011-10-28 01:27:00 +02:00
de4dot
09178a6e95 Update methods decrypter and string decrypter 2011-10-27 22:25:44 +02:00
de4dot
39dbf5d9b2 Ignore call if we can't get all args 2011-10-27 22:22:52 +02:00
de4dot
9c83c22469 Add .NET header and a method to more safely write to a .NET PE image 2011-10-27 22:21:45 +02:00
de4dot
61b1f7a06a Ignore invalid metadata tokens in code 2011-10-27 15:57:33 +02:00
de4dot
9c253e7864 Add updated cecil submodule 2011-10-27 15:52:58 +02:00
de4dot
5357b4f73c Update code to handle 4.1 obfuscated assemblies 2011-10-27 02:08:30 +02:00
de4dot
93d4ac1c9d Update type name 2011-10-27 02:07:33 +02:00
de4dot
41356b2d30 Check for methods with no body 2011-10-27 02:07:06 +02:00
de4dot
ceca5718ba Remove encrypted resources and call to methods decrypter 2011-10-26 23:00:01 +02:00
de4dot
dfb73f222f Add options to disable decryption of methods and bools 2011-10-26 22:24:31 +02:00
de4dot
63ab61fb12 Deobfuscate cflow again if a bool was decrypted 2011-10-26 22:16:51 +02:00
de4dot
bd7a6763a6 Return number of method calls that were replaced 2011-10-26 22:06:48 +02:00
de4dot
28b73d36ed It's a flags enum so should use unique bits 2011-10-26 22:00:32 +02:00
de4dot
db7edc2a72 Add BoolValueInliner class 2011-10-26 21:05:35 +02:00
de4dot
0c0093ff76 Add createLdci4() method 2011-10-26 21:01:38 +02:00
de4dot
59863bf8b4 Refactor string decrypter to generic return value inliner class 2011-10-26 20:41:50 +02:00
de4dot
e4f2af221a Add BooleanDecrypter class 2011-10-26 20:23:45 +02:00
de4dot
f37a46a02b Decrypt strings 2011-10-26 19:49:25 +02:00
de4dot
03a8372319 Add readInt32() and readBytes() methods 2011-10-26 19:41:23 +02:00
de4dot
6bde8b8b20 Decrypt some DNR 4.0 non-native obfuscated assemblies 2011-10-26 14:40:55 +02:00
de4dot
1fbe902ed1 Always call detect(), and support reloading decrypted files 2011-10-26 14:32:50 +02:00
de4dot
3f7b1237b4 Don't call GetDirectoryName() if name is "" (loaded from byte[]) 2011-10-26 14:32:10 +02:00
de4dot
4f315fd65a Add reload() method when the file has been decrypted 2011-10-26 14:30:47 +02:00
de4dot
1eaa245618 Should ignore .cctor methods since .ctor is never static 2011-10-26 14:29:57 +02:00
de4dot
bfa0fa14c0 Add decrypt methods to IDeobfuscator. Change some method sigs. 2011-10-26 14:29:12 +02:00
de4dot
794b9dfd77 Add PE image reader/writer code 2011-10-26 14:20:38 +02:00