monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
228 Commits 2 Branches 1 Tag 5 MiB
42e7583659
Commit Graph

145 Commits

Author SHA1 Message Date
de4dot
42e7583659 Unload loaded modules when renaming is over 2011-11-03 18:55:14 +01:00
de4dot
98cdcf9ca5 Only protect *Invoke methods. Rename and remove a variable 2011-11-03 18:53:58 +01:00
de4dot
3dd8649859 Merge branch 'master' into dnr 2011-11-03 07:11:10 +01:00
de4dot
f351a09564 Update symbol renamer to load referenced assemblies. 
This way it's possible to use a rename-all regex (.*) without renaming
symbols that shouldn't be renamed (eg. methods that are defined in an
interface in a non-deobfuscated module, eg. Dispose()). A warning is
displayed if an assembly can't be loaded.
 2011-11-03 06:43:33 +01:00
de4dot
96d086ba2b Merge branch 'master' into dnr 2011-11-02 05:58:12 +01:00
de4dot
2a967dc699 Call onTypesRenamed() a little later and update throw message with token 2011-11-02 05:57:10 +01:00
de4dot
c918c8e964 Merge branch 'master' into dnr 2011-11-02 04:57:13 +01:00
de4dot
78960c759c Rebuild dictionaries when types have been renamed 2011-11-02 04:54:54 +01:00
de4dot
b8879e74e6 Merge branch 'master' into dnr 2011-11-02 04:26:12 +01:00
de4dot
ccff408a00 Update code so it can rename duplicate member references 2011-11-02 04:24:22 +01:00
de4dot
c177c2ff42 Don't print message since the code is now much faster 2011-11-02 02:39:53 +01:00
de4dot
e3b767adcc Don't create dest dirs if we're just detecting obfuscators 2011-11-02 02:38:20 +01:00
de4dot
2ddf6b00de Return an empty list instead of null 2011-11-02 02:28:51 +01:00
de4dot
8ff2115083 Remove unused methods, and inline method used only by SA code 2011-11-02 02:25:45 +01:00
de4dot
ade1720d32 Use type cache to look up types (huge speedup in DNR code) 2011-11-02 02:25:07 +01:00
de4dot
1938a1c497 Undo what VS did 2011-11-01 18:56:44 +01:00
de4dot
6a07ee5b5e It's generic code so move it to common parent dir 2011-11-01 18:48:52 +01:00
de4dot
7bdea53134 Check op for null and update detection code 2011-11-01 18:47:26 +01:00
de4dot
6f4447aa98 It's generic code so move it to common parent dir 2011-11-01 18:46:59 +01:00
de4dot
cc8e220281 Also use ldfld/ldflda to detect arg types 2011-11-01 15:53:51 +01:00
de4dot
c354ded987 Add code to restore ldtoken instructions 2011-11-01 15:17:26 +01:00
de4dot
5170e62e21 Add code to remove inlined methods and option to disable it 2011-11-01 14:23:30 +01:00
de4dot
e7ceb50382 Add CanInlineMethods to IDeobfuscator 2011-11-01 14:19:53 +01:00
de4dot
8faf7389ad Restore method return types 2011-11-01 02:22:05 +01:00
de4dot
2e2eafdb57 Add code to restore methods' arg types 2011-10-31 23:58:19 +01:00
de4dot
ed625e256d Restore field types and add option to disable it 2011-10-31 19:41:38 +01:00
de4dot
0ac072cf7b Add class to restore field types. It should work most of the time. 2011-10-31 19:40:57 +01:00
de4dot
5185dc8364 Throw if PInvokeInfo is null. The type was probably removed. 2011-10-31 00:18:11 +01:00
de4dot
6b04c23036 Update decrypter and version detecter code 2011-10-31 00:09:38 +01:00
de4dot
35005a1a51 getStringDecrypterMethods() now adds all string decrypter methods 2011-10-30 19:28:13 +01:00
de4dot
0ddbe16349 Update DNR version number detection code 2011-10-30 06:15:52 +01:00
de4dot
7505f6096f Clear deobfuscation flags when reloading module 2011-10-30 06:14:22 +01:00
de4dot
2ede24598d Detect DNR version 2011-10-29 20:28:29 +02:00
de4dot
efe98949b1 Minor updates 2011-10-29 20:26:59 +02:00
de4dot
37a64f77f2 Index should be set to instruction before we broke out of the loop 2011-10-29 20:25:41 +02:00
de4dot
b57c93eae4 Update DNR methods decrypter code 2011-10-29 03:39:32 +02:00
de4dot
040410d7ce Methods decrypter method could be null 2011-10-29 03:39:08 +02:00
de4dot
def4072bc5 Move array finder code to a new ArrayFinder class 2011-10-29 03:38:09 +02:00
de4dot
0a8d772c22 Decrypt methods sent to the JITter 2011-10-29 02:27:34 +02:00
de4dot
c4d6ba9ae9 Some minor updates 2011-10-29 02:25:31 +02:00
de4dot
3b87ab1294 Update getDecryptedModule() so it can return dumped methods 2011-10-29 02:23:48 +02:00
de4dot
a6dcd03d26 Allow passing dumped methods to reload() 2011-10-29 02:22:36 +02:00
de4dot
0e70d020b4 Add .NET metadata reader (ported from C++) 2011-10-29 02:20:44 +02:00
de4dot
89f90d3e75 Make sure publicKeyToken.Length > 0 2011-10-28 01:44:15 +02:00
de4dot
699ac4378d Support older string decrypter method and detect older methods decrypter 2011-10-28 01:33:05 +02:00
de4dot
eb002895e1 Don't throw if we can't find all method args in the same block 2011-10-28 01:28:08 +02:00
de4dot
09178a6e95 Update methods decrypter and string decrypter 2011-10-27 22:25:44 +02:00
de4dot
39dbf5d9b2 Ignore call if we can't get all args 2011-10-27 22:22:52 +02:00
de4dot
9c83c22469 Add .NET header and a method to more safely write to a .NET PE image 2011-10-27 22:21:45 +02:00
de4dot
5357b4f73c Update code to handle 4.1 obfuscated assemblies 2011-10-27 02:08:30 +02:00