monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
542 Commits 2 Branches 1 Tag 5 MiB
6963e89581
Commit Graph

398 Commits

Author SHA1 Message Date
de4dot
d913c61df6 Fix some todos 2011-12-02 00:43:49 +01:00
de4dot
2734a9ee95 Update the code that resolves typedefs 2011-12-01 22:32:09 +01:00
de4dot
d6ba1fa2d5 Add p prefix to types 2011-12-01 22:30:43 +01:00
de4dot
ec896da8ab Unpack .NET 1.x DNR native images 2011-12-01 14:16:23 +01:00
de4dot
82d1de5ae3 Remove *-x86 projects. Default is now x86. 2011-11-30 20:38:59 +01:00
de4dot
2f58cea471 Update the code 2011-11-30 20:27:49 +01:00
de4dot
2174011a35 Print a message after unpacking a native file 2011-11-30 20:22:52 +01:00
de4dot
3311e28a87 Don't re-read native file after unpacking it 2011-11-30 20:19:50 +01:00
de4dot
68d962fb6e Return null if inflated data isn't an MZ file 2011-11-30 19:10:56 +01:00
de4dot
8637ef5e1a Unpack DNR 4.0-4.4 + .NET 2.0+ native files 2011-11-30 19:06:25 +01:00
de4dot
20a10c92ee Warn if unpacked data could not be loaded 2011-11-30 19:05:20 +01:00
de4dot
fde811d183 Move isCode() to DeobUtils 2011-11-30 19:04:49 +01:00
de4dot
b7a44b459d Add code to unpack DNR 4.0/4.1 + .NET 2.0+ native files 2011-11-30 18:28:48 +01:00
de4dot
f567e09845 Add 'using de4dot.PE' 2011-11-30 18:27:01 +01:00
de4dot
28ec2485fc Update code to handle unpacked native images 2011-11-30 18:26:36 +01:00
de4dot
26f4afeff3 Rename class to StreamXXX if it's a stream class 2011-11-30 18:24:43 +01:00
de4dot
27e7c76636 Add code to read win32 resources 2011-11-30 18:23:47 +01:00
de4dot
98342f2a0c Move read file code to Utils 2011-11-30 18:21:01 +01:00
de4dot
4a26534ad0 Don't remove proxy delegate types and creator type if errors were detected 2011-11-28 11:45:48 +01:00
de4dot
d7c42185a8 Update detection of CliSecureRT type 2011-11-28 11:25:18 +01:00
de4dot
dab8907f8c Detect EZ version 2011-11-27 08:28:17 +01:00
de4dot
04ae6e116f New version: 1.3.1 2011-11-26 12:34:59 +01:00
de4dot
a90fd1fa2f Update detection of the empty class 2011-11-26 12:34:17 +01:00
de4dot
cec8758ed2 Check if there are any refs left to the decrypter type 2011-11-26 12:21:18 +01:00
de4dot
df6678626e Print total number of encrypted methods 2011-11-26 12:20:04 +01:00
de4dot
0ce27f8a2d Print some info about the encrypted native methods 2011-11-25 15:33:13 +01:00
de4dot
51892f62a2 Re-encrypt native methods 2011-11-25 15:24:12 +01:00
de4dot
07f0376b45 Add methods to encrypt resource data, and set new data 2011-11-25 15:21:29 +01:00
de4dot
d9a776aa3f Have DeobfuscatorBase implement IWriterListener 2011-11-25 15:19:56 +01:00
de4dot
cfe85774ab Method prefix should be an empty string 2011-11-25 15:17:12 +01:00
de4dot
900ec1bf07 Add code to dump DNR native methods to a file 2011-11-25 15:16:50 +01:00
de4dot
b259991415 Some fixes: 
- Remove empty class only if methods are inlined
- Don't add .cctor methods to possibly-inlined-methods list
 2011-11-24 23:58:42 +01:00
de4dot
e4e9f6787c New version: 1.3.0 2011-11-24 11:01:08 +01:00
de4dot
0516e4540d Remove calls to empty class 2011-11-24 10:44:01 +01:00
de4dot
eee2c509be Make sure decrypter type is removed 2011-11-24 10:10:39 +01:00
de4dot
17660c225e Update decrypter detection code 2011-11-24 10:08:29 +01:00
de4dot
716870b4bd Make sure InitializeComponent() detection code is called 2011-11-24 10:07:55 +01:00
de4dot
73d1316b2d Add a new random name regex 2011-11-24 07:57:31 +01:00
de4dot
3bfb2e7dc7 Update DNR detection 2011-11-24 07:49:50 +01:00
de4dot
0c4abcc039 Update detection of possibly inlined methods 2011-11-24 06:48:23 +01:00
de4dot
e68cedd44b Update tamper code 2011-11-24 05:25:34 +01:00
de4dot
a0f5a109dd Add p prefix if it's a pointer type 2011-11-24 05:25:04 +01:00
de4dot
9d61d9845d Don't add an override prefix if one of the methods is an iface method 2011-11-23 14:39:52 +01:00
de4dot
99d52b90c5 Revert older commit and print method override prefix 2011-11-23 12:13:41 +01:00
de4dot
4a65770c59 Check each part of the namespace instead of all of it at once 2011-11-23 11:50:34 +01:00
de4dot
ae5001b239 Make sure initializeEventHandlerNames() is called after renaming props 2011-11-23 11:34:11 +01:00
de4dot
80f90d3e6a Update regex 2011-11-23 11:32:36 +01:00
de4dot
f7b117fe18 Restore events 2011-11-23 06:41:28 +01:00
de4dot
0c36e74834 Add option to disable restoring props/events from method names 2011-11-23 05:45:30 +01:00
de4dot
397f5f5b5b Update DNR valid-name-check code 2011-11-23 05:28:57 +01:00
de4dot
550ea19c0b Rename nullable types to better names, eg. int_0 instead of nullable_0 2011-11-23 05:09:34 +01:00
de4dot
1e22947f6a Don't add prop/event 'other' methods to props/events list 2011-11-23 04:42:13 +01:00
de4dot
8d5dae6dcf Update code to pass the new test 2011-11-22 15:56:48 +01:00
de4dot
d4c4d0a425 Don't add override prefix if scope has 2+ methods 2011-11-22 09:49:59 +01:00
de4dot
33f9a466a1 Don't add method to overrideMethods if it already overrides that iface method 2011-11-22 08:57:10 +01:00
de4dot
45cd6bf211 Update the code that renames virtual methods, props, events 2011-11-22 08:14:34 +01:00
de4dot
9953111d1c Rename event add/remove methods' last arg to value 2011-11-21 11:26:02 +01:00
de4dot
7dbb0144ca Check for null args 2011-11-21 11:03:45 +01:00
de4dot
c1ef76fda4 Use correct name when renaming event handlers 2011-11-21 10:56:18 +01:00
de4dot
d7c55cfbc3 Remove old renamer code 2011-11-21 10:37:30 +01:00
de4dot
b2b563ef22 Add more renamer code 2011-11-21 10:36:23 +01:00
de4dot
d014835c7c Add Utils.compareInt32() and use it 2011-11-21 10:32:36 +01:00
de4dot
1b0fbfc681 Add more renamer code 2011-11-18 16:55:54 +01:00
de4dot
e9e0588cb6 Use Utils.StartsWith() since mono's impl is buggy 2011-11-17 04:22:12 +01:00
de4dot
195c7194cb Rename types 2011-11-17 04:17:03 +01:00
de4dot
b58c3843e3 Add code to map virtual methods to base/iface methods 2011-11-16 23:08:27 +01:00
de4dot
79eb228200 Remove module if we don't load it. Restore indent level. 2011-11-16 22:59:04 +01:00
de4dot
75ff534ecd Add removeModule(string) and clearAll() methods 2011-11-16 22:58:02 +01:00
de4dot
3f3814001c Update method sig, rename stuff 2011-11-16 22:56:36 +01:00
de4dot
fa2f0808b1 Add some renamer classes 2011-11-15 14:26:51 +01:00
de4dot
e5da0a1255 Move old renamer code 2011-11-14 21:39:44 +01:00
de4dot
c68540aed7 Remove catch all exception and use latest cecil submodule 2011-11-14 09:44:39 +01:00
de4dot
695da497a7 Set version: 1.2.3 2011-11-14 06:23:03 +01:00
de4dot
d7149abe4e Warn if an unused string decrypter is found 2011-11-14 06:21:43 +01:00
de4dot
cf6387a4c1 Fix some problems with new assemblies 2011-11-12 21:04:24 +01:00
de4dot
d3996b5152 Any type of exception could occur. 2011-11-12 21:01:58 +01:00
de4dot
6bf3de0dee Set version: 1.2.2 2011-11-12 16:57:00 +01:00
de4dot
c62ca29df5 Update code for DNR 4.3+ obfuscated assemblies 2011-11-12 16:04:51 +01:00
de4dot
b80024bbc5 Find the method in a nested class (DNR 4.3+) 2011-11-12 15:22:17 +01:00
de4dot
07826f133e Update names since it's anti strong name code 2011-11-12 15:15:47 +01:00
de4dot
d9e138bbe1 Strong name sign all assemblies (except tests) 
You must create your own private de4dot.key file in the root source dir
before compiling:
	sn -k de4dot.snk
 2011-11-12 14:08:25 +01:00
de4dot
7df264d59c Remove tamper detection code 2011-11-12 13:31:08 +01:00
de4dot
4b335f9489 Add a TypeLong property 2011-11-12 11:31:07 +01:00
de4dot
76825d3a9b Encrypted resources aren't always using the public key token 2011-11-12 11:19:10 +01:00
de4dot
572d9d376d Update version: 1.2.1 2011-11-11 21:00:42 +01:00
de4dot
0318c85a07 Convert 'return some_int' native methods to CIL code 2011-11-11 20:55:39 +01:00
de4dot
a3e7d9c9d6 Update version: 1.2.0 2011-11-10 14:55:40 +01:00
de4dot
183619f979 Remove String.Intern() calls when decrypting strings 2011-11-10 14:51:19 +01:00
de4dot
fb4128cbfb Update a few strings 2011-11-10 14:48:33 +01:00
de4dot
f7639fc5a7 Update help message 2011-11-10 10:08:55 +01:00
de4dot
fdd6e55587 Sort the list of namespaces before printing the result 2011-11-10 00:57:27 +01:00
de4dot
ff3b1b0ecc Rename random names 2011-11-10 00:47:22 +01:00
de4dot
3e803ef6d8 Read at most 2MB at a time from files 2011-11-10 00:44:37 +01:00
de4dot
c562c335e8 Add option to remove namespace if there's only one class in it 2011-11-09 12:08:48 +01:00
de4dot
ff0c0cddbd Update WinForms renaming code 2011-11-09 11:28:34 +01:00
de4dot
ca232b521a Update regex 2011-11-08 22:11:19 +01:00
de4dot
c6bdd51573 Rename --dr-dump-embedded -> --dr-embedded 2011-11-08 21:43:57 +01:00
de4dot
22739f5cd9 Remove decrypter type (all refs to it should be gone now) 2011-11-08 21:27:03 +01:00
de4dot
3bfb100fd5 Add resource decrypter 2011-11-08 19:32:10 +01:00
de4dot
0f627d728c Use new FieldTypes code 2011-11-08 19:27:27 +01:00
de4dot
fec1ec7e35 Add FieldTypes class and re-use LocalTypes code 2011-11-08 19:26:59 +01:00
de4dot
6d1cca149a Only check static methods 2011-11-08 11:36:09 +01:00
de4dot
c381423c48 Remove metadata token obfuscator type 2011-11-08 10:39:35 +01:00
de4dot
4e8f8a295b Remove assembly resolver type only if we're inlining methods 2011-11-08 10:37:39 +01:00
de4dot
8c91b56cb5 Save embedded assemblies to disk 2011-11-08 10:27:18 +01:00
de4dot
5e3beef064 Remove unused variable 2011-11-08 10:26:27 +01:00
de4dot
a70b740088 Update printStackTrace() output 2011-11-08 10:26:07 +01:00
de4dot
7617d92b3b Decrypt methods encrypted with the new methods encrypter 2011-11-07 16:16:18 +01:00
de4dot
a94d1406db Rename some fields, and only remove types/etc if users wants it 2011-11-06 18:01:37 +01:00
de4dot
045e6ecf73 Use better property names 2011-11-06 15:24:30 +01:00
de4dot
a4e4a7284e Add Xenocode support (dumped modules only) 2011-11-06 14:42:52 +01:00
de4dot
d60ab64c25 Move code to read module data to DeobUtils.cs 2011-11-06 13:46:50 +01:00
de4dot
f87e338583 Update text when reloading an assembly 2011-11-06 12:34:09 +01:00
de4dot
7821fc03bf Remove support for .methods files. 2011-11-06 12:26:41 +01:00
de4dot
f424e8eabf Add static methods decrypter and refactor into multiple classes 2011-11-06 12:19:26 +01:00
de4dot
a0509d2735 Use the new lookup() method 2011-11-06 12:18:35 +01:00
de4dot
4ecedb5b01 Don't check whether method is virtual 2011-11-06 12:17:20 +01:00
de4dot
bee77cdfe7 Make delegateCreatorMethods list protected 2011-11-06 12:16:30 +01:00
de4dot
fb2707a49b Add lookup() generic method. Useful when reloading module. 2011-11-06 12:16:06 +01:00
de4dot
9a21b09fac Reset module name when reloading from byte[] 2011-11-06 12:15:24 +01:00
de4dot
a369d36553 Add compare() byte[] method 2011-11-06 12:14:16 +01:00
de4dot
9818f675cd Add some more methods 2011-11-06 12:13:31 +01:00
de4dot
75a464a7f4 Merge branch 'master' into dnr 2011-11-05 14:27:40 +01:00
de4dot
51fc70169d Handle case where asm resolver returns a later version 2011-11-05 13:58:03 +01:00
de4dot
432c321bab Catch SecurityDeclaration resolve exception 2011-11-05 10:30:38 +01:00
de4dot
198d5c3f74 Remove memory manager from Main() 2011-11-05 10:10:36 +01:00
de4dot
34a11ee555 Create methods to check whether a file/dir exists 2011-11-05 09:56:51 +01:00
de4dot
fe2fe0befe Add Visual Studio public assemblies search paths 2011-11-05 09:45:34 +01:00
de4dot
65a9e7dbc1 Add Silverlight assembly search paths 2011-11-05 09:35:36 +01:00
de4dot
93ad40d218 Rename --asmpath option to --asm-path 2011-11-05 08:43:40 +01:00
de4dot
81d890d94e Don't update method header max stack field if no cflow deob 2011-11-05 08:36:36 +01:00
de4dot
a23a889776 Ignore resolve errors. It's likely an obfuscator bug. 2011-11-05 08:08:16 +01:00
de4dot
13d5f8e37d Ignore assemblies that contain native code 2011-11-05 08:04:14 +01:00
de4dot
c66c062753 Fix problem when HasPInvokeInfo == true but PInvokeInfo == null 2011-11-05 07:46:24 +01:00
de4dot
f524989a1e Re-arrange some code 2011-11-05 07:42:58 +01:00
de4dot
2236300943 Update renamer to better rename methods and args 
Finds InitializeComponent() method and renames it if necessary.
Finds all event handlers and names the args sender and e respectively.
Finds all field event handlers and names them <field>_<event>, eg.
button_Click.
 2011-11-04 19:08:23 +01:00
de4dot
7486b73da3 Restore original WinForms class and field names 2011-11-04 15:39:16 +01:00
de4dot
df507526ba Update renamer code so it's less likely to use an existing name 2011-11-04 13:59:43 +01:00
de4dot
e01e3c4e7f Update valid name regex 2011-11-04 11:01:21 +01:00
de4dot
131a57342d Force field type to same type newobj/newarr calls 2011-11-04 08:22:25 +01:00
de4dot
49b2976965 Handle call instrs with invalid metadata tokens 2011-11-04 07:43:24 +01:00
de4dot
4ce90dbfc0 Only print "found native code" warning once 2011-11-04 07:37:33 +01:00
de4dot
bd3b1e9b20 Check for null before calling unload() 2011-11-04 07:33:14 +01:00
de4dot
37f12ba60f Some small updates 2011-11-04 07:21:12 +01:00
de4dot
30f713f8f8 Rename isDelegateType() -> derivesFromDelegate() 2011-11-04 00:39:48 +01:00
de4dot
e1715adb48 Update default regex 2011-11-04 00:35:07 +01:00
de4dot
c23d770fbc Add special case for delegates 2011-11-04 00:09:51 +01:00
de4dot
8b0bf54d62 Print <arg_N> if arg N name is empty 2011-11-03 23:32:33 +01:00
de4dot
7a0061e39e Don't save ByRef types, and method call should be getEnd(0) 2011-11-03 23:25:07 +01:00
de4dot
17f077e275 Update code to handle more cases 2011-11-03 23:01:51 +01:00