de4dot
|
3e62b328d1
|
Add FileHeader and OptionalHeader props
|
2012-11-30 21:04:05 +01:00 |
|
de4dot
|
87b20b00f2
|
Set new locals by calling SetLocals(), not by writing to the field
|
2012-11-30 03:24:15 +01:00 |
|
de4dot
|
a2cdfdb9e3
|
Add AssemblyServer projects for CLR v2.0/4.0 x86/x64
|
2012-11-23 07:12:43 +01:00 |
|
de4dot
|
9263a3df3d
|
Remove all cecil code/comment refs
|
2012-11-22 09:14:51 +01:00 |
|
de4dot
|
fd129aa3c0
|
Remove non-referenced method
|
2012-11-22 05:50:15 +01:00 |
|
de4dot
|
3a519b51d8
|
This shouldn't be a warning
|
2012-11-22 05:50:05 +01:00 |
|
de4dot
|
7ce782215e
|
Print 4.x when DNR 4 version is unknown
|
2012-11-21 14:20:38 +01:00 |
|
de4dot
|
8858205344
|
IDeobfuscator now implements IDisposable
|
2012-11-21 13:57:13 +01:00 |
|
de4dot
|
5b43e33a35
|
Remove old PeImage code and use the new one
|
2012-11-21 11:14:20 +01:00 |
|
de4dot
|
ced43ca70b
|
Use File.WriteAllBytes()
|
2012-11-21 11:07:40 +01:00 |
|
de4dot
|
bcb9a2958c
|
Dispose() of the PEImage
|
2012-11-21 11:07:25 +01:00 |
|
de4dot
|
9577bd2118
|
Reset resource data position
|
2012-11-20 07:53:54 +01:00 |
|
de4dot
|
bde935c6d8
|
Remove invalid resources
|
2012-11-20 07:25:10 +01:00 |
|
de4dot
|
e8155e7eb0
|
Update detection of invalid CV methods
|
2012-11-20 06:45:23 +01:00 |
|
de4dot
|
989e364481
|
Fix detection of DS string decrypter
|
2012-11-20 05:35:05 +01:00 |
|
de4dot
|
87a83a2757
|
Exit if string decrypter wasn't detected
|
2012-11-20 04:42:19 +01:00 |
|
de4dot
|
48ce6a29b9
|
Return an SZArraySig, not an ArraySig
|
2012-11-20 02:18:18 +01:00 |
|
de4dot
|
5c2237b439
|
Remove useless property
|
2012-11-20 01:16:02 +01:00 |
|
de4dot
|
4658e911a2
|
Reset resource data positions
|
2012-11-20 01:15:27 +01:00 |
|
de4dot
|
d8e73e70e6
|
Use MetaDataHeader
|
2012-11-20 01:14:34 +01:00 |
|
de4dot
|
d9bc6ea480
|
Fix operand restorer
|
2012-11-20 01:14:05 +01:00 |
|
de4dot
|
969d41c089
|
Default name is CliSecure
|
2012-11-20 01:13:36 +01:00 |
|
de4dot
|
5ce21b18a7
|
Call IAssemblyResolver.Remove()
|
2012-11-20 01:13:18 +01:00 |
|
de4dot
|
5ad2e18695
|
Update code since submodule was updated
|
2012-11-19 17:58:34 +01:00 |
|
de4dot
|
c5f2043a6e
|
Port SmartAssembly deobfuscator
|
2012-11-18 17:07:02 +01:00 |
|
de4dot
|
cca8eba9ed
|
Port ILProtector deobfuscator
|
2012-11-18 08:13:51 +01:00 |
|
de4dot
|
db223d089b
|
Port MaxtoCode deobfuscator
|
2012-11-18 07:34:51 +01:00 |
|
de4dot
|
2e61a8a757
|
Move disposing of module to caller
The reason is that some deobfuscators require it to be non-disposed
when their reload() method is called.
|
2012-11-18 07:32:57 +01:00 |
|
de4dot
|
9a8218e68f
|
Add Logger.LogErrorDontIgnore()
|
2012-11-18 03:20:40 +01:00 |
|
de4dot
|
0e16e3e51b
|
Dispose() of all modules we don't need
|
2012-11-18 03:17:53 +01:00 |
|
de4dot
|
1c4b3a7382
|
Port Goliath.NET deobfuscator
|
2012-11-18 03:02:12 +01:00 |
|
de4dot
|
c596f5ddfc
|
Port Eazfuscator.NET deobfuscator
|
2012-11-18 01:09:07 +01:00 |
|
de4dot
|
33645432f1
|
Fix TypesRestorer porting bug
|
2012-11-18 00:20:07 +01:00 |
|
de4dot
|
e5ab5ee23c
|
Re-encrypt x86 methods if any (DNR v4.x)
|
2012-11-17 23:49:19 +01:00 |
|
de4dot
|
d52a1014ef
|
Port .NET Reactor v4.x deobfuscator
|
2012-11-17 18:57:36 +01:00 |
|
de4dot
|
413a032e0a
|
Port .NET Reactor v3.x deobfuscator
|
2012-11-17 15:46:02 +01:00 |
|
de4dot
|
7e1d16dafb
|
Clear RVA when resetting field type and initial value
|
2012-11-17 11:45:24 +01:00 |
|
de4dot
|
6a7ddbaa56
|
Update code; submodule was updated
|
2012-11-16 23:50:52 +01:00 |
|
de4dot
|
4be5776da7
|
Also add all methods found in VTableFixups
|
2012-11-16 20:52:10 +01:00 |
|
de4dot
|
0dc129d340
|
Fix renaming of non-external pinvoke methods
|
2012-11-16 02:15:36 +01:00 |
|
de4dot
|
686f9953fd
|
Also remove Spices.Net watermark attribute
|
2012-11-14 21:45:12 +01:00 |
|
de4dot
|
9e708ed4fd
|
Ignore req/opt modifiers
|
2012-11-14 21:44:57 +01:00 |
|
de4dot
|
475c597a60
|
Port Spices.Net deobfuscator
|
2012-11-14 19:29:29 +01:00 |
|
de4dot
|
445b68f4f5
|
Don't treat System.Void as a value type
|
2012-11-14 19:28:46 +01:00 |
|
de4dot
|
226d18dff7
|
Only set ILOnly if there are no native methods
|
2012-11-14 11:33:47 +01:00 |
|
de4dot
|
6d43a7d6ee
|
Update code since submodule was updated
|
2012-11-14 10:23:29 +01:00 |
|
de4dot
|
76d898a285
|
Keep extra PE data and keep orig Win32 resources
|
2012-11-13 07:45:34 +01:00 |
|
de4dot
|
8c228e6e70
|
Also preserve #Blob offsets when preserving MD tokens
|
2012-11-13 07:44:25 +01:00 |
|
de4dot
|
3bd00c99bc
|
Use NativeModuleWriterOptions when saving a mixed-mode assembly
|
2012-11-13 07:42:35 +01:00 |
|
de4dot
|
2f6e5badb1
|
Update code since submodule got updated
|
2012-11-12 22:06:13 +01:00 |
|
de4dot
|
ac9168599b
|
Use IPEImage.FindWin32ResourceData()
|
2012-11-12 04:40:48 +01:00 |
|
de4dot
|
3646bca56b
|
Align the numbers
|
2012-11-11 16:56:29 +01:00 |
|
de4dot
|
99b38ac22f
|
Don't Dispose() of the resource data reader
|
2012-11-11 14:46:00 +01:00 |
|
de4dot
|
c47039c2ef
|
Don't call logger.v() unless verbose log level is enabled
|
2012-11-11 11:37:40 +01:00 |
|
de4dot
|
5a9d76e8c7
|
Speed up DeepSea string decrypter detector
|
2012-11-11 07:54:26 +01:00 |
|
de4dot
|
b152362088
|
Update logger
- It's not static anymore
- It implements ILogger
- It can ignore errors/warnings but an option to disable it
|
2012-11-11 05:41:54 +01:00 |
|
de4dot
|
7b0ba43248
|
UTF8String was moved to DotNet ns. Fix code
|
2012-11-10 00:45:04 +01:00 |
|
de4dot
|
311a3c9c05
|
Remove now useless using statements
|
2012-11-10 00:02:11 +01:00 |
|
de4dot
|
73e15c0919
|
Change method sig to take a IPEImage instead of a PEImage
|
2012-11-09 11:34:23 +01:00 |
|
de4dot
|
d47a03f51a
|
Unpack CS packed files
|
2012-11-09 11:32:29 +01:00 |
|
de4dot
|
d00fcb79e4
|
Don't remove fields if we should keep all types
|
2012-11-09 02:15:28 +01:00 |
|
de4dot
|
3b740a4106
|
Port DeepSea deobfuscator
|
2012-11-09 00:21:45 +01:00 |
|
de4dot
|
5d25a499aa
|
Port CryptoObfuscator deobfuscator
|
2012-11-08 22:24:13 +01:00 |
|
de4dot
|
472d57ed0f
|
Use ModuleDefMD.GetAssemblyRef()
|
2012-11-08 11:26:14 +01:00 |
|
de4dot
|
f2f156dc40
|
Port CodeWall deobfuscator
|
2012-11-08 10:40:58 +01:00 |
|
de4dot
|
eb7d4c5f88
|
Use CreateStream() instead of creating a MemoryStream from a byte[]
|
2012-11-08 10:16:58 +01:00 |
|
de4dot
|
f6b5a3117f
|
Port CodeVeil deobfuscator
|
2012-11-08 09:48:05 +01:00 |
|
de4dot
|
10e83acebc
|
Port CodeFort deobfuscator
|
2012-11-08 07:43:57 +01:00 |
|
de4dot
|
4393df31d9
|
Update detection of CSVM asm ref
|
2012-11-08 07:07:02 +01:00 |
|
de4dot
|
f699017197
|
Port Babel.NET deobfuscator
|
2012-11-08 07:06:46 +01:00 |
|
de4dot
|
ce6659510e
|
Use ToGenericInstSig() ext method
|
2012-11-08 07:05:41 +01:00 |
|
de4dot
|
e600696182
|
Use IBinaryReader.ReadRemainingBytes()
|
2012-11-07 07:29:39 +01:00 |
|
de4dot
|
ab78e97423
|
Use the new name of this obfuscator
|
2012-11-07 05:47:33 +01:00 |
|
de4dot
|
9c64165d15
|
Add a getDumpedMethod() method
|
2012-11-07 05:38:06 +01:00 |
|
de4dot
|
583d4201f5
|
Port Agile.NET deobfuscator
|
2012-11-07 05:17:45 +01:00 |
|
de4dot
|
cc1e36389d
|
Update resolve{Method,Field}() sigs with a more general arg type
|
2012-11-07 04:46:19 +01:00 |
|
de4dot
|
814c3d3944
|
Fix method decrypter
|
2012-11-07 04:45:36 +01:00 |
|
de4dot
|
b6537dc188
|
Fix lookup<T> method sigs
|
2012-11-07 04:45:05 +01:00 |
|
de4dot
|
6efb96740d
|
Update code since EntryPoint was renamed ManagedEntryPoint
|
2012-11-07 02:02:38 +01:00 |
|
de4dot
|
427ea38595
|
Port MPRESS unpacker
|
2012-11-07 01:52:15 +01:00 |
|
de4dot
|
d98d4b10bb
|
Add code to restore dumped methods
|
2012-11-07 01:15:52 +01:00 |
|
de4dot
|
4be7e4fe46
|
Initialize DumpedMethod.mdRVA
|
2012-11-07 00:26:36 +01:00 |
|
de4dot
|
001b67804f
|
Move DumpedMethod{,s} to de4dot.blocks namespace
|
2012-11-06 22:25:19 +01:00 |
|
de4dot
|
90ab31eda2
|
Port Rummage deobfuscator
|
2012-11-06 17:21:56 +01:00 |
|
de4dot
|
25cee0e206
|
Port Skater.NET deobfuscator
|
2012-11-06 17:15:11 +01:00 |
|
de4dot
|
19ed1ac219
|
Rename CliSecure -> Agile_NET
|
2012-11-06 16:38:39 +01:00 |
|
de4dot
|
c67c267c8e
|
Port Dotfuscator deobfuscator
|
2012-11-06 16:30:39 +01:00 |
|
de4dot
|
ac171e3f29
|
Fix code since CilBody/HasCilBody were renamed
|
2012-11-06 15:58:55 +01:00 |
|
de4dot
|
3ed2daebd1
|
Port Xenocode deobfuscator
|
2012-11-06 15:58:21 +01:00 |
|
de4dot
|
f5ec3e2a27
|
String can be empty so return early if so
|
2012-11-06 01:59:40 +01:00 |
|
de4dot
|
c8039d249e
|
Add more checks when input has lots of invalid metadata
|
2012-11-06 00:18:02 +01:00 |
|
de4dot
|
6d45a3499f
|
Fix porting mistakes
|
2012-11-05 19:21:33 +01:00 |
|
de4dot
|
ea001865c9
|
Rename FnPtr args, and also null type sigs params
|
2012-11-05 02:42:48 +01:00 |
|
de4dot
|
2aedcc730c
|
Preserve tokens if necessary
|
2012-11-04 23:24:12 +01:00 |
|
de4dot
|
c9f1f8073e
|
MethodDef.Parameters contains the hidden 'this' param, so add some fixes to old code
|
2012-11-04 22:41:45 +01:00 |
|
de4dot
|
6a8e8dcb78
|
Initialize loaded modules' module context
|
2012-11-04 20:06:58 +01:00 |
|
de4dot
|
d5838aa6c2
|
Use the IModuleWriterListener interface
|
2012-11-04 19:40:36 +01:00 |
|
de4dot
|
f4ce67d836
|
Remove useless class and fix a porting todo
|
2012-11-04 13:25:14 +01:00 |
|
de4dot
|
83cb59718a
|
Move GenericArgsSubstitutor and add more methods
|
2012-11-04 12:13:13 +01:00 |
|
de4dot
|
f7f424efe7
|
Remove more "#if PORT"
|
2012-11-04 11:50:10 +01:00 |
|
de4dot
|
9376aa0de5
|
Rename method return parameters
|
2012-11-04 11:45:04 +01:00 |
|
de4dot
|
7ba4905cc7
|
Port more code, including renamer
|
2012-11-04 01:05:52 +01:00 |
|
de4dot
|
db6875859a
|
Port more code
|
2012-11-03 22:49:52 +01:00 |
|
de4dot
|
9b6c698dc1
|
Port some code
|
2012-11-02 22:53:24 +01:00 |
|
de4dot
|
89cd55a071
|
Port more code
|
2012-11-02 20:10:34 +01:00 |
|
de4dot
|
00177034b9
|
Rename cecil names; add new MemberRefFinder class
|
2012-11-02 16:08:11 +01:00 |
|
de4dot
|
65e6887fbc
|
Port more code; remove cecil refs
|
2012-11-02 08:28:39 +01:00 |
|
de4dot
|
70916173f3
|
Update code since dot10 was updated
|
2012-11-02 07:36:02 +01:00 |
|
de4dot
|
24c43d5a66
|
Port some more code
|
2012-11-01 21:09:09 +01:00 |
|
de4dot
|
1341cc7199
|
Port more code
|
2012-11-01 16:42:02 +01:00 |
|
de4dot
|
3b6ef4fa1f
|
Port more code
|
2012-11-01 14:39:39 +01:00 |
|
de4dot
|
c5d183983b
|
Port more code
|
2012-11-01 11:28:09 +01:00 |
|
de4dot
|
eeef8a2580
|
Use dot10.PE
|
2012-11-01 07:51:08 +01:00 |
|
de4dot
|
04e1568c61
|
Port ConstantsReader
|
2012-10-31 17:09:58 +01:00 |
|
de4dot
|
6f73696cc5
|
Port .....
|
2012-10-31 16:54:20 +01:00 |
|
de4dot
|
ee7826576c
|
Sort project file
|
2012-10-31 13:48:12 +01:00 |
|
de4dot
|
95d49c5b9e
|
Add more assembly search paths
|
2012-09-20 05:57:16 +02:00 |
|
de4dot
|
d29ac1a4cf
|
Check for generic params in all generic arguments too
|
2012-09-19 22:51:49 +02:00 |
|
de4dot
|
13a5fd8ff0
|
Add a fix for when type.Scope is null
|
2012-08-31 00:24:42 +02:00 |
|
de4dot
|
30a73371c8
|
Fat header type is encoded in the lower 3 bits
|
2012-08-23 12:02:09 +02:00 |
|
de4dot
|
a34b3f7855
|
Support latest CO build
|
2012-08-22 18:33:27 +02:00 |
|
de4dot
|
f1a725cd19
|
Restore MaxStack
|
2012-08-21 20:17:35 +02:00 |
|
de4dot
|
58b1b27c69
|
Use correct upper limit in loop, and return false on failure...
|
2012-08-21 20:17:21 +02:00 |
|
de4dot
|
3b9ba16df6
|
Make restoreMethod() virtual
|
2012-08-21 20:14:43 +02:00 |
|
de4dot
|
2c68ae14ee
|
New version: 1.9.1
|
2012-08-21 15:40:23 +02:00 |
|
de4dot
|
64cc8e3856
|
Decrypt CO encrypted methods
|
2012-08-21 15:40:06 +02:00 |
|
de4dot
|
0a5973e541
|
Update detection of CO types
|
2012-08-21 15:06:42 +02:00 |
|
de4dot
|
957a8ab8dd
|
Move method to new CoUtils class
|
2012-08-21 15:04:40 +02:00 |
|
de4dot
|
729780c235
|
Update MethodBodyReaderBase
- Change field types to IList<T>
- Add restoreMethod()
- Add readInstructionsNumBytes()
|
2012-08-21 14:59:46 +02:00 |
|
de4dot
|
bfcd42804e
|
Add getModuleAttribute()
|
2012-08-15 19:33:57 +02:00 |
|
de4dot
|
1768de1d6b
|
Remove earlyDetect()
|
2012-08-13 00:54:46 +02:00 |
|
de4dot
|
47a3034259
|
Call method later
|
2012-08-03 17:57:45 +02:00 |
|
de4dot
|
b455ae8dab
|
Fix arg name
|
2012-08-02 19:53:30 +02:00 |
|
de4dot
|
e496cea7da
|
Add an option to remove a present unbox.any instr
|
2012-08-01 22:20:35 +02:00 |
|
de4dot
|
9cbbea2c01
|
Use a better resource key
|
2012-07-31 12:50:55 +02:00 |
|
de4dot
|
c005ab2998
|
Check for div by zero
|
2012-07-31 12:43:23 +02:00 |
|
de4dot
|
dace82cca9
|
Add find2() method for derived classes
|
2012-07-31 07:13:07 +02:00 |
|
de4dot
|
329efd9a0f
|
Add code to let a derived class to push new values
|
2012-07-31 04:40:45 +02:00 |
|
de4dot
|
87a8052cbe
|
Declaring type is null if it's already been removed
|
2012-07-31 04:40:06 +02:00 |
|
de4dot
|
6be691ab6d
|
Increment errors if there's an exception
|
2012-07-31 04:39:34 +02:00 |
|
de4dot
|
06b7374276
|
Add support for reading r8 values. Also rename some methods
|
2012-07-31 01:14:38 +02:00 |
|
de4dot
|
11256d6e76
|
Make property public
|
2012-07-30 10:26:49 +02:00 |
|
de4dot
|
83b805adc3
|
Move methods
|
2012-07-30 09:17:22 +02:00 |
|
de4dot
|
b2d72b153f
|
Ignore exceptions when calling detect()
Most likely invalid code and/or metadata, which usually means it's still
encrypted.
|
2012-07-29 18:12:29 +02:00 |
|
de4dot
|
de8090df61
|
Add setConstant methods
|
2012-07-29 14:21:13 +02:00 |
|
de4dot
|
c924d84340
|
Add another decrypt() method
|
2012-07-29 13:20:35 +02:00 |
|
de4dot
|
c3c1ab64d8
|
Add setDeobfuscator() method
|
2012-07-29 13:19:12 +02:00 |
|
de4dot
|
f07f664553
|
Don't cast to a possible value type when result can be null
|
2012-07-29 09:49:00 +02:00 |
|
de4dot
|
cb6a3ac503
|
Support generic decrypter methods
|
2012-07-28 04:39:14 +02:00 |
|
de4dot
|
a2c8e99b3f
|
Ignore any exceptions during deobfuscation
|
2012-07-28 04:18:11 +02:00 |
|