de4dot
c73fcfc1d0
Remove CV type if it is empty
2012-02-12 14:38:42 +01:00
de4dot
5ce1f74263
Position has already been set to 0
2012-02-12 14:29:11 +01:00
de4dot
037cb5bc68
Decrypt the remaining (EREX) resources
2012-02-12 14:28:53 +01:00
de4dot
9a6bd53cb9
Remove obfuscator obfuscator bundle types
2012-02-12 13:38:23 +01:00
de4dot
ded45dcb7a
Remove proxy method types and main type
2012-02-12 13:00:38 +01:00
de4dot
ff55be46b6
Rename getField() to getFieldByName() and add a real getField() method
2012-02-12 12:53:36 +01:00
de4dot
8999eb8e0f
Remove CV main type methods if < v5.0
2012-02-12 12:08:46 +01:00
de4dot
42f66c3948
Fix detection; 3.2 doesn't have those extra fields
2012-02-12 12:03:55 +01:00
de4dot
d6327b401e
Remove all anti-reflection types
2012-02-12 11:39:00 +01:00
de4dot
80d338637e
Add method to remove classes with no base type
2012-02-12 11:35:18 +01:00
de4dot
18cd71ecdc
Update detection (v5.0)
2012-02-11 23:39:37 +01:00
de4dot
070acc59f1
Bail out earlier if not encrypted
2012-02-11 23:23:51 +01:00
de4dot
91f7d2cb51
Find and remove resource decrypter types
2012-02-11 23:23:25 +01:00
de4dot
c18bed7d69
Add namespace
2012-02-11 23:11:54 +01:00
de4dot
bffbe419d5
Add hasInteger() method
2012-02-11 23:11:41 +01:00
de4dot
d44db9871e
Add log message that we have decrypted a resource
2012-02-11 21:51:48 +01:00
de4dot
57b947a3da
Add InvalidDataException
2012-02-11 21:49:22 +01:00
de4dot
8b2ef5d6bb
Update if expression
2012-02-11 21:43:26 +01:00
de4dot
cd7d3724c3
Move fields from binder to exception
2012-02-11 21:30:54 +01:00
de4dot
9050af8a03
Refactor method
2012-02-11 19:34:07 +01:00
de4dot
ccd7d2ac79
Decrypt .resources files
2012-02-11 16:46:39 +01:00
de4dot
e5a72396c2
Remove length parameter from xxxteaDecrypt()
2012-02-11 16:46:02 +01:00
de4dot
76d9e87c3c
Add code to write .resources files
2012-02-11 16:43:53 +01:00
de4dot
ae97752d9c
Set data field to a 1-byte array
2012-02-09 10:14:59 +01:00
de4dot
ba399609c7
Initialize otherInitMethods in 2nd ctor
2012-02-09 10:14:29 +01:00
de4dot
45bf016a2e
Rename method
2012-02-09 10:14:08 +01:00
de4dot
15713a2b38
Check assembly for null (it could be a netmodule)
2012-02-08 22:01:10 +01:00
de4dot
d5089fa888
Remove kill type in deobfuscateBegin()
2012-02-08 19:54:05 +01:00
de4dot
b5c8a89b32
Remove init method calls called from .ctors
2012-02-08 19:40:17 +01:00
de4dot
a8d6aac306
Update detection of tamper detection types when proxy calls are enabled
2012-02-08 19:36:58 +01:00
de4dot
04247b5533
Remove most calls to main CV type
2012-02-08 19:21:00 +01:00
de4dot
c757139357
Remove string decrypter type
2012-02-08 18:58:06 +01:00
de4dot
98c8ea49e9
Remove tamper detection code
2012-02-08 18:40:24 +01:00
de4dot
1583552825
Make sure rvas list is never null
2012-02-08 16:14:07 +01:00
de4dot
780da4a0ad
Update detection of encrypted methods data
2012-02-08 15:52:39 +01:00
de4dot
fa6b0d4054
Move detection of CV main type to its own class
2012-02-08 15:40:11 +01:00
de4dot
bb89ce2983
Remove method since base class now has the same method
2012-02-08 15:19:45 +01:00
de4dot
1e3daf3b45
Dump embedded assemblies
2012-02-08 12:33:02 +01:00
de4dot
09e840923d
Search for sig starting from _stub RVA
2012-02-08 09:29:49 +01:00
de4dot
a8d4b38c79
Mover version info to a new ObfuscatorVersion enum
2012-02-08 08:55:45 +01:00
de4dot
0e89c0fc35
Only check Version property if methods decrypter was found
2012-02-08 08:50:36 +01:00
de4dot
776fd7f69f
Speed up finding V5 methods decrypter type
2012-02-07 15:17:41 +01:00
de4dot
1076218a81
Detect CV version
2012-02-07 15:05:27 +01:00
de4dot
6ab0748bdd
Decrypt V5 encrypted methods
2012-02-07 14:55:20 +01:00
de4dot
f11c51830f
Make sure info is copied
2012-02-07 14:53:58 +01:00
de4dot
97d09c4c65
Make method accessible by sub classes
2012-02-07 14:53:34 +01:00
de4dot
3276f433c9
Add code to detect V5 methods decrypter
2012-02-07 05:08:02 +01:00
de4dot
0aeee176cc
Merge v3-v4 and v5 code
2012-02-07 04:45:59 +01:00
de4dot
f1a1188409
Add a new ctor to copy values from old instance
2012-02-07 04:45:04 +01:00
de4dot
8f9cc6d290
Re-use v3-v4 string decrypter
2012-02-07 03:03:49 +01:00
de4dot
d512889833
Fix 'shadow calls' obfuscation
2012-02-07 02:07:31 +01:00
de4dot
c2313110b8
Add getDelegateTypes() and fix findProxyCall()
2012-02-07 02:02:49 +01:00
de4dot
ad8a5078fe
Rename method
2012-02-07 00:42:32 +01:00
de4dot
2ccb35afb0
Add CV5 files
2012-02-06 15:55:35 +01:00
de4dot
26bf21a84e
Show obfuscator version
2012-02-06 15:55:14 +01:00
de4dot
b39725f12f
Remove useless 'using'
2012-02-06 15:52:19 +01:00
de4dot
0d6542e383
Move v3-v4 code to a sub dir
2012-02-06 15:49:27 +01:00
de4dot
da3a28f0a8
Move (and rename) XXTEA decrypt func to DeobUtils
2012-02-06 08:22:55 +01:00
de4dot
b867301797
Update valid name regex
2012-02-06 08:20:04 +01:00
de4dot
b3750f9d4c
Initialize its token field
2012-02-05 23:04:24 +01:00
de4dot
542c6bb213
Support 3.2 methods decrypter
2012-02-05 22:49:10 +01:00
de4dot
d5c3a6964b
Support 4.0 methods decrypter
2012-02-05 21:27:36 +01:00
de4dot
1903cf8607
KILL type is only worth 10 points
2012-02-05 19:01:49 +01:00
de4dot
9e4b29034f
Finish getStringDecrypterMethods() method
2012-02-05 18:59:29 +01:00
de4dot
191fbb84b0
Use new getInitializedUInt32Array() method
2012-02-05 18:56:05 +01:00
de4dot
c8c4e3341c
Add getInitializedUInt32Array() method
2012-02-05 18:55:48 +01:00
de4dot
d6ff8b515d
Add string decrypter
2012-02-05 18:47:31 +01:00
de4dot
029c049bf6
Move readVariableLengthInteger() to DeobUtils
2012-02-05 18:46:14 +01:00
de4dot
0b43c77fdb
Add missing call to removeNewlines()
2012-02-05 18:45:41 +01:00
de4dot
29c5cfc9c8
Don't stop if 2nd instr is also a store
2012-02-05 18:45:04 +01:00
de4dot
23c72927b5
Add CV and methods decrypter
2012-02-05 16:17:47 +01:00
de4dot
82cc64bd77
Add Sections property
2012-02-05 16:14:46 +01:00
de4dot
84f322dbcf
Rename method. Ignore generic methods.
2012-02-03 16:21:59 +01:00
de4dot
3caad72275
Print new resource name
2012-02-03 14:35:42 +01:00
de4dot
ed9addb385
Make sure only valid methods are restored
2012-02-03 14:24:39 +01:00
de4dot
0cc88ba39f
Restore resource names
2012-02-03 13:22:37 +01:00
de4dot
ebfb88b6f1
Don't try to inline methods without a body or no instrs
2012-02-03 11:10:48 +01:00
de4dot
bc6630f760
Detect other SN attribute
2012-02-03 10:45:31 +01:00
de4dot
022bbe15af
Update name regex
2012-02-03 10:44:58 +01:00
de4dot
3a49d2a603
Remove encrypted strings field type
2012-02-03 10:13:41 +01:00
de4dot
33010b65a7
Add option to remove namespaces with only one type in it
2012-02-03 10:07:44 +01:00
de4dot
1008e91524
Don't restore method bodies from outside types
2012-02-03 10:05:31 +01:00
de4dot
95b835895b
Inline the remaining methods
2012-02-03 09:44:35 +01:00
de4dot
c09bbf0d01
Restore bodies and update calls to real instance method
2012-02-03 09:21:15 +01:00
de4dot
e67ecfdff4
Remove the methods types
2012-02-03 06:33:54 +01:00
de4dot
9a87a2658f
Restore method bodies
2012-02-03 04:26:55 +01:00
de4dot
814ca402bf
Detect classes created by the obfuscator
2012-02-03 03:03:19 +01:00
de4dot
3ce28aebb0
Inline methods
2012-02-02 10:55:30 +01:00
de4dot
b3f17a27a3
Add SN string decrypter
2012-02-02 06:56:14 +01:00
de4dot
36b4806858
Remove useless code and add getArrays() method
2012-02-02 06:54:10 +01:00
de4dot
f3525d8980
New version: 1.5.1
2012-02-01 08:09:40 +01:00
de4dot
ce7dc67848
Fix Issue #19
2012-01-30 09:12:26 +01:00
de4dot
a7fa23e2d8
New version: 1.5.0
2012-01-29 18:58:26 +01:00
de4dot
a69b17e06d
Support embedded assemblies (Silverlight)
2012-01-29 18:30:07 +01:00
de4dot
26a3e14d2c
Update fields restorer since 2+ types can share same struct
2012-01-29 05:06:21 +01:00
de4dot
55dcb0881d
Update code since master was updated
2012-01-28 18:40:35 +01:00
de4dot
0f9184e9be
Merge branch 'master' into newcode
2012-01-28 18:38:09 +01:00
de4dot
1141a451ac
Update resource renamer code.
...
- Faster code
- Renames resource even if it doesn't end in '.resources'
2012-01-28 18:37:02 +01:00
de4dot
915018c2fc
Use a better method dictionary
2012-01-28 02:54:12 +01:00
de4dot
f75075ab15
Add XNA assembly search paths
2012-01-28 00:32:27 +01:00
de4dot
257456fd8b
Speed up renaming by storing less names in the typeNames dict.
...
merge() was pretty slow but is much faster now.
2012-01-28 00:17:00 +01:00
de4dot
9e1412a6ae
Use TryGetValue to speed it up a little
2012-01-27 05:54:30 +01:00
de4dot
50e7d28ddf
Speed up method param renaming code
2012-01-27 05:39:25 +01:00
de4dot
887ee7c9e8
Fix method signature
2012-01-27 01:02:17 +01:00
de4dot
247cb2be20
Compare ElementType instead of calling verifyType for speed
2012-01-26 22:40:19 +01:00
de4dot
66969a4e92
Remove old code
2012-01-25 06:28:25 +01:00
de4dot
71d18ce688
Remove useless cast
2012-01-25 06:22:47 +01:00
de4dot
cb791a43ae
Compare by reference since both are field defs
2012-01-25 06:15:33 +01:00
de4dot
c3b9b840e4
Code should return true
2012-01-25 05:47:34 +01:00
de4dot
2684ccab93
Create a unique metadata token since renamer depends on it
2012-01-24 17:51:22 +01:00
de4dot
26b2de90af
Fix format string: missing {1}
2012-01-24 17:11:45 +01:00
de4dot
e9d7f3dbfb
Restore fields
2012-01-24 17:10:11 +01:00
de4dot
e00ca9a7d2
Merge branch 'master' into newcode
2012-01-24 15:15:07 +01:00
de4dot
fb1a45c5a4
Create a new unique GUID that depends on the module
2012-01-24 15:14:57 +01:00
de4dot
94f3fc9369
Lower num required found proxies
2012-01-24 14:54:23 +01:00
de4dot
8fbcdeb060
Make sure it gets an RVA, and change field type to byte
2012-01-24 09:06:54 +01:00
de4dot
5c98e81e78
Ignore base64 decode exception
2012-01-24 07:39:07 +01:00
de4dot
ab0fa2631e
Resource must be returned...
2012-01-24 05:25:02 +01:00
de4dot
95462d8dda
Dump V4 embedded assemblies
2012-01-24 05:08:24 +01:00
de4dot
a80482751d
Add extra check to make sure we detect the correct method
2012-01-24 04:44:23 +01:00
de4dot
ed00c5f2c5
Make sure it is static
2012-01-24 04:24:44 +01:00
de4dot
6ceea06f5b
Decrypt V4 resources
2012-01-24 03:22:59 +01:00
de4dot
2c8e685910
Ignore prefixes
2012-01-24 02:31:57 +01:00
de4dot
88c8dcbb7a
Detect V3.5
2012-01-24 01:01:30 +01:00
de4dot
d59fa86515
Print DS version
2012-01-24 00:41:09 +01:00
de4dot
da0cf08b33
Merge branch 'master' into newcode
2012-01-23 23:19:59 +01:00
de4dot
613a97906a
Make sure method hasn't been removed
2012-01-23 23:16:01 +01:00
de4dot
f9ed9e403f
Support V4 string decryptor
2012-01-23 23:13:04 +01:00
de4dot
4cfa0cf1f3
Update detection of methods to inline
2012-01-23 23:11:39 +01:00
de4dot
40a6a79d86
Merge branch 'master' into newcode
2012-01-23 15:27:29 +01:00
de4dot
568d2dd4a7
Add more assembly search paths
2012-01-23 15:27:23 +01:00
de4dot
92dfef7e93
Merge branch 'master' into newcode
2012-01-23 09:57:00 +01:00
de4dot
cf1ed9fb64
Use a MethodDefKey
...
Fixes problem when a class implements an interface that its base class
also implements, but those interfaces are in two different assemblies
(different version, eg. mscorlib 2.0 and mscorlib 4.0).
2012-01-23 09:14:50 +01:00
de4dot
8e92ddf790
Merge branch 'master' into newcode
2012-01-22 23:47:47 +01:00
de4dot
52e7b2926f
Use non-renamable prop/event since it should be valid
2012-01-22 23:47:35 +01:00
de4dot
981975b750
Make sure we don't dump resource resolver's resource
2012-01-22 23:46:32 +01:00
de4dot
0ac8c944e5
Add call to stringDecryptersAdded()
2012-01-22 20:02:05 +01:00
de4dot
991a5281ab
Add DS obfuscator support
2012-01-22 19:58:31 +01:00
de4dot
080a11c437
Merge branch 'master' into newcode
2012-01-22 19:53:27 +01:00
de4dot
5876526151
Add getInitializedInt16Array() and stop earlier
2012-01-22 19:33:36 +01:00
de4dot
8c645504fe
Add method to find resource from strings in code
2012-01-22 13:00:17 +01:00
de4dot
bf1843ade4
Add an inflate() overload
2012-01-22 12:59:51 +01:00
de4dot
7962de961c
Add getModuleTypeCctor() method
2012-01-22 11:15:14 +01:00
de4dot
fde26c0bd2
Split method
2012-01-21 22:16:07 +01:00
de4dot
ba04092060
Call stringDecryptersAdded() after adding string decrypters
2012-01-21 22:15:53 +01:00
de4dot
1371392b4a
master was updated
2012-01-21 20:33:34 +01:00
de4dot
5a4d41cf45
Merge branch 'master' into newcode
2012-01-21 20:32:33 +01:00
de4dot
2dadd773ec
Use ParameterDefinition.Sequence
2012-01-21 20:31:47 +01:00
de4dot
2e605b5117
Merge branch 'master' into newcode
2012-01-21 14:19:52 +01:00
de4dot
f3f8975f01
If instance explicit, 'this' is 1st param
2012-01-20 19:30:40 +01:00
de4dot
77f4d9ee0c
Derive from ValueInlinerBase
2012-01-19 19:23:34 +01:00
de4dot
8c90c7b494
master was updated
2012-01-19 19:19:08 +01:00
de4dot
68b78b0081
Merge branch 'master' into newcode
2012-01-19 19:17:55 +01:00
de4dot
7f5401625e
Rename classes
2012-01-19 19:16:44 +01:00
de4dot
45ff4af573
Remove detection of Babel in Unknown obfuscator
2012-01-19 05:42:00 +01:00
de4dot
dc042d2f9a
Decrypt V2 encrypted strings
2012-01-19 05:38:58 +01:00
de4dot
ce76cc7810
Merge branch 'master' into newcode
2012-01-18 08:27:38 +01:00
de4dot
04903f0f9b
Don't append a 0 to props when we've found the real name
2012-01-18 08:14:06 +01:00
de4dot
ff6a8d4b6f
Dump embedded assemblies before decrypting methods
2012-01-18 07:53:06 +01:00
de4dot
49c06dec64
Dump embedded assemblies
2012-01-18 07:43:03 +01:00
de4dot
6ec1222657
Move common code to BabelUtils
2012-01-18 07:38:35 +01:00
de4dot
ed31063b1b
Merge branch 'master' into newcode
2012-01-18 06:15:31 +01:00
de4dot
2ad9a9a087
New version: 1.4.4
2012-01-17 05:46:06 +01:00
de4dot
a92bbbe9c3
Warn if method isn't found since some obfuscators are buggy.
2012-01-17 05:44:22 +01:00
de4dot
788488dffa
New version: 1.4.3
2012-01-17 03:01:48 +01:00
de4dot
5cb5f41d4a
Support latset version of SA
2012-01-17 02:54:48 +01:00
de4dot
7c3e6f122a
Merge branch 'master' into newcode
2012-01-14 12:40:54 +01:00
de4dot
3d48bceda3
New version: 1.4.2
2012-01-14 12:40:41 +01:00
de4dot
6c20e18b4d
master was updated so fix code here
2012-01-14 12:37:20 +01:00
de4dot
48361ae809
Merge branch 'master' into newcode
2012-01-14 12:35:11 +01:00
de4dot
5f6841e317
Add HasHandlers property to base class
2012-01-14 12:34:42 +01:00
de4dot
f19be8019e
Don't remove any types/methods/etc if it's an unknown obfuscator
2012-01-14 12:27:03 +01:00
de4dot
5e3b4a1414
Add some checks
2012-01-14 12:19:17 +01:00
de4dot
f0ff8df76a
Use the method in InitializedDataCreator
2012-01-14 12:16:05 +01:00
de4dot
06e8b9f654
Use the new Int32ValueInliner class
2012-01-14 12:04:59 +01:00
de4dot
b71e8fdfdc
Remove newlines from names when calling the logger
2012-01-14 11:59:01 +01:00
de4dot
c069d8005c
Use methods in DotNetUtils
2012-01-14 11:53:38 +01:00
de4dot
ed918c6993
Call Dispose() after decrypting methods
2012-01-14 11:46:00 +01:00
de4dot
75c8747a0f
Merge branch 'master' into newcode
2012-01-14 11:41:20 +01:00
de4dot
7b93497bc6
Update detection code
2012-01-14 11:39:49 +01:00
de4dot
6b4a462757
Support v3.0
2012-01-14 10:37:15 +01:00
de4dot
e53f4d043d
Proxy calls can be proxied
2012-01-13 21:30:49 +01:00
de4dot
948cdb47e3
Fix what was updated in master
2012-01-13 21:30:29 +01:00
de4dot
c583891151
Merge branch 'master' into newcode
2012-01-13 21:26:48 +01:00
de4dot
b214eaa3c9
Add option to keep deobfuscating deobfuscated calls
2012-01-13 21:26:31 +01:00
de4dot
c28b575f7a
Add MethodCallInliner prop to cflow deob class
2012-01-11 06:44:44 +01:00
de4dot
17327902c3
Refactor method call inliner code
2012-01-11 04:38:02 +01:00
de4dot
dfb2332116
Print the version number
2012-01-11 02:35:02 +01:00
de4dot
f18ed0d6fe
Merge branch 'master' into newcode
2012-01-10 19:59:27 +01:00
de4dot
b30ccda1f9
Add method to remove the assembly info
2012-01-10 02:36:39 +01:00
de4dot
9800f91d12
Update copyright years
2012-01-09 23:04:52 +01:00
de4dot
0dbe743563
Merge branch 'master' into newcode
2012-01-09 23:02:58 +01:00
de4dot
0d0a40376d
Update copyright years
2012-01-09 23:02:47 +01:00
de4dot
0612320ffd
Add better detection of our base dir
2012-01-09 22:59:26 +01:00
de4dot
294ae6bc5e
Show message if more than one obfuscator is detected
2012-01-09 22:47:29 +01:00
de4dot
edd855ad19
Merge branch 'master' into newcode
2012-01-09 07:55:09 +01:00
de4dot
665a170b9b
Make sure HasFieldRVA flag is set
2012-01-09 07:55:01 +01:00
de4dot
a717f5895a
Merge branch 'master' into newcode
2012-01-09 06:14:09 +01:00
de4dot
6a8a036687
Add another check to detect COM type
2012-01-09 06:13:55 +01:00
de4dot
c9e5b8e91e
Update code to handle v3.5 obfuscated assemblies
2012-01-09 05:50:32 +01:00