de4dot
|
ee32b84283
|
Move code to DsUtils
|
2012-05-09 22:20:17 +02:00 |
|
de4dot
|
9b9e692947
|
Move version specific data to their own class
|
2012-05-09 19:10:20 +02:00 |
|
de4dot
|
dadc064b55
|
Decrypt V4.1 resources
|
2012-05-09 19:00:21 +02:00 |
|
de4dot
|
1aaa5df9ce
|
Support trial string encrypter
|
2012-05-09 17:30:35 +02:00 |
|
de4dot
|
e5a64a4402
|
Remove more XC attributes
|
2012-05-06 13:07:34 +02:00 |
|
de4dot
|
b27e1b36af
|
Add option to disable cast deobfuscation
|
2012-05-03 16:51:36 +02:00 |
|
de4dot
|
ea205dcae8
|
Add option to disable renaming resource keys
|
2012-05-03 16:48:03 +02:00 |
|
de4dot
|
955c1f10bd
|
Rename resource keys
|
2012-05-03 16:47:34 +02:00 |
|
de4dot
|
83725200c1
|
Add isValidResourceKeyName()
|
2012-05-03 14:53:01 +02:00 |
|
de4dot
|
83dc4226c1
|
Make sure string decrypter methods aren't detected as inlined methods
|
2012-05-03 09:51:26 +02:00 |
|
de4dot
|
fb9e217dac
|
Add a cast deobfuscator
|
2012-05-03 08:01:35 +02:00 |
|
de4dot
|
c61161be1d
|
Ignore method attributes
|
2012-05-02 18:43:57 +02:00 |
|
de4dot
|
597fcb0210
|
Cflow deob methods
|
2012-05-02 13:51:07 +02:00 |
|
de4dot
|
e8049c6a05
|
Inline some obfuscated methods
|
2012-05-02 10:48:44 +02:00 |
|
de4dot
|
db14e73369
|
Make sure index is correct, and add method to read arg constants
|
2012-05-02 10:47:21 +02:00 |
|
de4dot
|
b15b581c46
|
Deobfuscate string decrypter cctor
|
2012-04-30 21:47:23 +02:00 |
|
de4dot
|
2594317b18
|
Use other sb ctor
|
2012-04-30 12:49:43 +02:00 |
|
de4dot
|
1805e352c4
|
Disable using unknown args by default
|
2012-04-30 12:18:47 +02:00 |
|
de4dot
|
f307520e62
|
Decrypt DS 4.1 strings
|
2012-04-30 08:33:05 +02:00 |
|
de4dot
|
e29a8ea692
|
Update cflow deobfuscator
|
2012-04-30 01:29:05 +02:00 |
|
de4dot
|
6b18d70e77
|
Move common code to another class
|
2012-04-30 01:26:34 +02:00 |
|
de4dot
|
83b14da5c8
|
Refactor: create common cflow deob iface
|
2012-04-29 23:51:04 +02:00 |
|
de4dot
|
920f079855
|
Set initlocals and add an option to disable it
|
2012-04-29 06:16:53 +02:00 |
|
de4dot
|
eb17298625
|
Move the field
|
2012-04-29 04:35:58 +02:00 |
|
de4dot
|
48b9c461f5
|
Restore calls to CodeDomProvider and ICodeCompiler
|
2012-04-29 04:03:10 +02:00 |
|
de4dot
|
9333e2415c
|
Rename class
|
2012-04-29 00:56:17 +02:00 |
|
de4dot
|
e548436ede
|
Restore calls to Icon/Bitmap .ctor
|
2012-04-29 00:51:09 +02:00 |
|
de4dot
|
b92b23df4a
|
Rename class and make it more general
|
2012-04-29 00:11:28 +02:00 |
|
de4dot
|
f9c78f8a8b
|
Decrypt CS 1.x encrypted methods
|
2012-04-28 08:50:37 +02:00 |
|
de4dot
|
03e2e621ea
|
Update detection of resource resolver type
|
2012-04-26 20:50:06 +02:00 |
|
de4dot
|
9754b01ba9
|
Merge branch 'master' into cs
|
2012-04-26 19:33:28 +02:00 |
|
de4dot
|
7a0804e035
|
Remove module references to the CS RT files
|
2012-04-26 17:14:54 +02:00 |
|
de4dot
|
7e5e7ddcd2
|
Find old string decrypter method
|
2012-04-26 16:53:52 +02:00 |
|
de4dot
|
67c866491d
|
Show the correct obfuscator name
|
2012-04-26 16:33:55 +02:00 |
|
de4dot
|
6f830b8329
|
Remove all obfuscator attributes
|
2012-04-26 16:23:07 +02:00 |
|
de4dot
|
aa6e7c0fc2
|
Add addAttributesToBeRemoved()
|
2012-04-26 16:08:39 +02:00 |
|
de4dot
|
960f934c67
|
Update detection of CS type
|
2012-04-26 14:46:22 +02:00 |
|
de4dot
|
e10dce2d95
|
Check for 32-bit or 64-bit method
|
2012-04-26 02:31:31 +02:00 |
|
de4dot
|
5b97faf2dd
|
Detect CS type when strings are encrypted, but methods aren't
|
2012-04-26 01:56:59 +02:00 |
|
de4dot
|
ab60692c2f
|
Return the correct return value
|
2012-04-26 01:48:59 +02:00 |
|
de4dot
|
d84d2e6a6c
|
Update CS detector and support an old string decrypter
|
2012-04-26 01:42:10 +02:00 |
|
de4dot
|
bff017a317
|
Throw InvalidMethodBody if IOException
|
2012-04-25 18:06:27 +02:00 |
|
de4dot
|
903db59827
|
Restore CS 3.0 "encrypted" methods
|
2012-04-25 13:49:22 +02:00 |
|
de4dot
|
4e89d707dc
|
Move code to DeobUtils
|
2012-04-25 13:21:53 +02:00 |
|
de4dot
|
8a45abfd3d
|
Stop earlier
|
2012-04-25 11:09:30 +02:00 |
|
de4dot
|
adea5b3ef6
|
Support latest MC build
|
2012-04-24 23:02:36 +02:00 |
|
de4dot
|
3a9422f798
|
Remove useless displs
|
2012-04-24 22:30:17 +02:00 |
|
de4dot
|
2b4fc0a836
|
Merge branch 'master' into cs
|
2012-04-24 11:39:31 +02:00 |
|
de4dot
|
eebb831c4b
|
Update CSVM opcode handler detection code
|
2012-04-24 11:33:17 +02:00 |
|
de4dot
|
586be53fef
|
Fix method names
|
2012-04-23 19:37:05 +02:00 |
|
de4dot
|
7a399e7913
|
Rename class and update comments
|
2012-04-23 15:02:15 +02:00 |
|
de4dot
|
ea7a533027
|
Make fields read only
|
2012-04-23 15:00:42 +02:00 |
|
de4dot
|
b28dd6277a
|
Fix method names
|
2012-04-23 14:47:05 +02:00 |
|
de4dot
|
0a0b491072
|
Copy foundSig field
|
2012-04-23 14:40:56 +02:00 |
|
de4dot
|
dba8d8ebef
|
Use a using statement to make sure the file is closed when we return
|
2012-04-23 14:25:12 +02:00 |
|
de4dot
|
4f34e5c374
|
Restore .NET data directory so it can be deobfuscated
|
2012-04-23 02:04:34 +02:00 |
|
de4dot
|
790dc9f445
|
codeOffs should not be file offset
|
2012-04-22 21:26:57 +02:00 |
|
de4dot
|
c9fa7caf91
|
Decrypt CS 5.0 encrypted methods
|
2012-04-22 21:19:57 +02:00 |
|
de4dot
|
d3f1a2fd8e
|
Decrypt CS 4.5 encrypted methods
|
2012-04-22 20:35:01 +02:00 |
|
de4dot
|
fbba6a2aa8
|
Decrypt methods (CS RT is embedded inside the assembly)
|
2012-04-22 16:18:41 +02:00 |
|
de4dot
|
c9f63a5866
|
Restore CS 4.0 "encrypted" methods
|
2012-04-22 15:36:26 +02:00 |
|
de4dot
|
59e2e51882
|
Throw if invalid method body
|
2012-04-22 14:13:48 +02:00 |
|
de4dot
|
1a79ffde92
|
Move code to a new class
|
2012-04-22 13:43:43 +02:00 |
|
de4dot
|
0d41f9e41e
|
Remove useless field
|
2012-04-21 23:10:06 +02:00 |
|
de4dot
|
46152761ee
|
Input could be null
|
2012-04-17 14:13:40 +02:00 |
|
de4dot
|
941929cf7a
|
Support latest CO build
|
2012-04-15 23:42:11 +02:00 |
|
de4dot
|
0df7b918ea
|
Refactor
|
2012-04-13 05:03:52 +02:00 |
|
de4dot
|
a459bc107c
|
Make sure <Module>::.cctor() only calls <CliSecureRT>::Initialize()
|
2012-04-13 05:03:51 +02:00 |
|
de4dot
|
043730e599
|
Ignore invalid method indexes
|
2012-04-11 03:11:01 +02:00 |
|
de4dot
|
3a8e1499f2
|
Use dynamic decryption if static decryption fails
|
2012-04-11 03:09:59 +02:00 |
|
de4dot
|
588373f5ff
|
Add code to decrypt methods using the new dynamic methods decrypter
|
2012-04-10 21:28:22 +02:00 |
|
de4dot
|
1e33610ce8
|
Support latest MC build
|
2012-04-10 19:06:03 +02:00 |
|
de4dot
|
b97dacbc54
|
Merge branch 'cs'
|
2012-04-10 16:32:40 +02:00 |
|
de4dot
|
c756d543c1
|
Rename PE namespace
|
2012-04-10 16:32:15 +02:00 |
|
de4dot
|
553337adb7
|
Support EF 3.3.149
|
2012-04-10 03:52:18 +02:00 |
|
de4dot
|
2d583316cf
|
Use the constant
|
2012-04-08 11:36:24 +02:00 |
|
de4dot
|
634e9ec023
|
Reverse return value
|
2012-04-07 06:47:19 +02:00 |
|
de4dot
|
11f992b0f2
|
Support some more instrs
|
2012-04-06 22:07:52 +02:00 |
|
de4dot
|
52d6f73f5e
|
Add a newline
|
2012-04-06 16:36:07 +02:00 |
|
de4dot
|
1f74aeb1cf
|
Rename variable
|
2012-04-06 16:25:25 +02:00 |
|
de4dot
|
33e2177059
|
Restore constrained. prefix
|
2012-04-06 16:08:35 +02:00 |
|
de4dot
|
1935e58dbf
|
Support ldloca and ldarga
|
2012-04-06 16:08:09 +02:00 |
|
de4dot
|
5511ab833b
|
Update ldelema type, and add unbox.any and ldobj
|
2012-04-06 15:38:44 +02:00 |
|
de4dot
|
2949862614
|
Print warning if we failed to restore an instr op
|
2012-04-06 12:33:39 +02:00 |
|
de4dot
|
c39e421010
|
Fix locals
|
2012-04-06 12:25:15 +02:00 |
|
de4dot
|
86190ede1f
|
Print devirtualized methods
|
2012-04-06 11:05:06 +02:00 |
|
de4dot
|
237732e98e
|
Refactor
|
2012-04-05 20:45:16 +02:00 |
|
de4dot
|
da0878d765
|
Restore types that are generic parameters
|
2012-04-05 19:38:05 +02:00 |
|
de4dot
|
a38fe57ec1
|
Add CSVM devirtualizer
|
2012-04-05 19:15:10 +02:00 |
|
de4dot
|
0adbb3e70a
|
Move code to a new class
|
2012-04-05 18:05:27 +02:00 |
|
de4dot
|
1ead27107b
|
Don't add to list if null
|
2012-04-05 17:06:27 +02:00 |
|
de4dot
|
9cfe8431f6
|
Add shared deobfuscator data/methods
|
2012-04-04 21:06:10 +02:00 |
|
de4dot
|
7c8259905b
|
Update CO code. Fixes #39
|
2012-03-31 13:53:33 +02:00 |
|
de4dot
|
ec775b9ef5
|
Support another SK string encrypter
|
2012-03-27 15:33:57 +02:00 |
|
de4dot
|
065927f702
|
Use the property
|
2012-03-27 15:23:27 +02:00 |
|
de4dot
|
d1e499454e
|
Rename locals and fix problem with huge strings
|
2012-03-27 02:27:26 +02:00 |
|
de4dot
|
6e188aa7e0
|
Decrypt MC encrypted strings
|
2012-03-26 22:07:01 +02:00 |
|
de4dot
|
e76321aaad
|
Remove unused method
|
2012-03-26 20:12:07 +02:00 |
|
de4dot
|
716098d33a
|
Change locals to instance variables
|
2012-03-26 19:34:09 +02:00 |
|
de4dot
|
e62d4f910a
|
Update detection of MC type
|
2012-03-24 19:35:38 +01:00 |
|
de4dot
|
efd317489d
|
Support latest EF 3.3.143
|
2012-03-23 10:13:59 +01:00 |
|
de4dot
|
8ca040f0da
|
Use callsMethod()
|
2012-03-21 03:49:28 +01:00 |
|
de4dot
|
ad5a759cd9
|
Remove useless cases
|
2012-03-21 03:19:26 +01:00 |
|
de4dot
|
1e9b20e432
|
Support EF obfuscated CF assemblies
|
2012-03-18 22:59:34 +01:00 |
|
de4dot
|
4b81854ea5
|
Restore resource names ending in ".g.resources"
|
2012-03-17 22:12:51 +01:00 |
|
de4dot
|
6f01d48593
|
Change getCalledMethods() return type
|
2012-03-17 20:36:41 +01:00 |
|
de4dot
|
0b858c47ed
|
Support DS obfuscated SL assemblies
|
2012-03-17 15:02:48 +01:00 |
|
de4dot
|
37450a1515
|
Support old DS 3.0.3.41 - 3.0.4.44
|
2012-03-17 14:11:37 +01:00 |
|
de4dot
|
48c7d40fb6
|
Inline method
|
2012-03-17 11:19:03 +01:00 |
|
de4dot
|
a3b052d15c
|
Should be "continue"
|
2012-03-17 11:18:52 +01:00 |
|
de4dot
|
9ecc5a313f
|
Support EF obfuscated SL assemblies
|
2012-03-16 23:22:24 +01:00 |
|
de4dot
|
d9aec67fcb
|
Rename
|
2012-03-16 22:39:50 +01:00 |
|
de4dot
|
ce9add13cb
|
Support CO obfuscated SL/CF assemblies
|
2012-03-15 22:36:23 +01:00 |
|
de4dot
|
0537a2edce
|
Use getModuleTypeCctor()
|
2012-03-15 09:38:52 +01:00 |
|
de4dot
|
67cb85e7ce
|
Update detection of obfuscator types
|
2012-03-15 09:15:12 +01:00 |
|
de4dot
|
e4fe749559
|
Use hasInteger() method
|
2012-03-15 02:19:35 +01:00 |
|
de4dot
|
27f382a017
|
Support a (new?) version of CryptoObfuscator. Fixes #33
|
2012-03-14 22:28:20 +01:00 |
|
de4dot
|
a405edf0fd
|
Support latest DeepSea version (4.0.4.32)
|
2012-03-13 20:37:33 +01:00 |
|
de4dot
|
ada90b1294
|
Add another CO detection check
|
2012-03-13 20:27:41 +01:00 |
|
de4dot
|
e949d8c926
|
Add support for latest EF 3.3.136
|
2012-03-13 09:26:40 +01:00 |
|
de4dot
|
7e1bf542af
|
Support a new EF 3.3 version that was released 1-2 days ago
|
2012-03-11 15:59:25 +01:00 |
|
de4dot
|
7d4c791575
|
Update detection of SA v2 string decrypter
|
2012-03-10 05:32:50 +01:00 |
|
de4dot
|
fafa60c4c9
|
Update expressions
|
2012-03-10 05:31:07 +01:00 |
|
de4dot
|
4e997910e4
|
Update detection of string decrypter type
|
2012-03-08 19:21:54 +01:00 |
|
de4dot
|
51fe58c4cd
|
Merge branch 'new_code'
|
2012-03-08 18:03:25 +01:00 |
|
de4dot
|
4a7b4f4111
|
Update name regex
|
2012-03-08 16:15:19 +01:00 |
|
de4dot
|
b4525ed58d
|
Support EF 3.3
|
2012-03-06 10:43:06 +01:00 |
|
de4dot
|
48d6a3b6fc
|
Merge branch 'mc'
|
2012-03-01 22:10:36 +01:00 |
|
de4dot
|
86987518d6
|
Method should not be public
|
2012-02-29 11:41:07 +01:00 |
|
de4dot
|
9bf30e165c
|
Rename classes
|
2012-02-29 11:41:06 +01:00 |
|
de4dot
|
9791e63e51
|
Engrish
|
2012-02-29 11:41:05 +01:00 |
|
de4dot
|
8740ba8419
|
Rename variable
|
2012-02-29 11:41:04 +01:00 |
|
de4dot
|
167368f488
|
Attributes are worth less
|
2012-02-29 00:13:57 +01:00 |
|
de4dot
|
b27635f493
|
Remove sealed flag from interfaces
|
2012-02-28 23:57:48 +01:00 |
|
de4dot
|
e6d0c4a043
|
Move version detection to a new class
|
2012-02-28 22:30:22 +01:00 |
|
de4dot
|
77228ecfca
|
Update name regex
|
2012-02-28 22:24:08 +01:00 |
|
de4dot
|
68b4315e95
|
Update detection of the type and remove another type
|
2012-02-28 20:49:03 +01:00 |
|
de4dot
|
269b695245
|
Update detection of that type
|
2012-02-28 20:44:05 +01:00 |
|
de4dot
|
c970e1f6ca
|
Support v3.0 - 3.1
|
2012-02-28 19:42:19 +01:00 |
|
de4dot
|
acb53f535b
|
Throw if init fails
|
2012-02-28 18:18:13 +01:00 |
|
de4dot
|
f37e5a12d0
|
Restore calls to Assembly::GetManifestResourceXXX methods
|
2012-02-28 18:17:33 +01:00 |
|
de4dot
|
d740a3f5f6
|
Move GetManifestResourceStream code to a new class
|
2012-02-28 18:14:41 +01:00 |
|
de4dot
|
e72fb7220a
|
Decrypt embedded assemblies and resources
|
2012-02-27 23:43:45 +01:00 |
|
de4dot
|
9bab65640c
|
Refactor
|
2012-02-27 12:55:37 +01:00 |
|
de4dot
|
3c480f4c6c
|
Add another warning message
|
2012-02-27 01:51:44 +01:00 |
|
de4dot
|
cee04d3bba
|
master was updated
|
2012-02-26 22:57:55 +01:00 |
|
de4dot
|
cf76c14b4b
|
Merge branch 'master' into mc
|
2012-02-26 22:55:06 +01:00 |
|
de4dot
|
efec6625ef
|
Update detection of EF 3.0 and 3.1
|
2012-02-26 22:54:28 +01:00 |
|
de4dot
|
2bff1242c1
|
Add static EF string decrypter
|
2012-02-26 22:48:43 +01:00 |
|
de4dot
|
da1d649ef4
|
Make sure no generic methods are inlined
|
2012-02-25 06:33:38 +01:00 |
|
de4dot
|
10ceb12e30
|
Change return type to IEnumerable<int>
|
2012-02-25 06:25:40 +01:00 |
|
de4dot
|
48758be8f0
|
Use a new class instead of the dict
|
2012-02-25 06:14:19 +01:00 |
|
de4dot
|
d09938ca47
|
Remove classes with null base type
|
2012-02-25 05:28:32 +01:00 |
|
de4dot
|
5288b4b3d2
|
Make sure enum instance field has proper flags set (make peverify happy)
|
2012-02-25 05:15:42 +01:00 |
|
de4dot
|
4ec4bb1d65
|
MC actually does rename symbols so add an updated regex
|
2012-02-23 11:52:19 +01:00 |
|
de4dot
|
6e8b32df21
|
Reverse sort comments
|
2012-02-23 10:59:02 +01:00 |
|
de4dot
|
7c4f014da3
|
Support old MC 3.2
|
2012-02-22 12:38:02 +01:00 |
|
de4dot
|
59ee55105d
|
Support some older MC version
|
2012-02-22 12:14:15 +01:00 |
|
de4dot
|
435d3303c3
|
Merge branch 'master' into mc
|
2012-02-21 17:33:45 +01:00 |
|
de4dot
|
538e4f738d
|
Fix issue #24. Don't remove decrypter type if there was an error
|
2012-02-21 17:14:02 +01:00 |
|
de4dot
|
e5145fcca9
|
Remove MC type and module refs
|
2012-02-21 12:01:39 +01:00 |
|
de4dot
|
7bc3930df9
|
Decrypt resources
|
2012-02-21 11:51:19 +01:00 |
|
de4dot
|
58a94a8420
|
Decrypt methods protected with older MC version
|
2012-02-21 09:26:05 +01:00 |
|
de4dot
|
eb223537f0
|
Decrypt methods (decryption #1-4, not #5-7)
|
2012-02-20 17:20:29 +01:00 |
|
de4dot
|
b422e08fb1
|
Add lookup() method for ModuleReferences
|
2012-02-20 17:18:22 +01:00 |
|
de4dot
|
8536e211dd
|
Detect MC
|
2012-02-20 04:58:46 +01:00 |
|
de4dot
|
fc497b1688
|
Add MaxtoCode files
|
2012-02-20 03:48:59 +01:00 |
|
de4dot
|
d7afc66c6d
|
Don't remove string decrypter type if there's still code calling it
|
2012-02-19 00:50:08 +01:00 |
|
de4dot
|
e18ff9aea1
|
Don't remove string decrypter types if there was an error decrypting strings
|
2012-02-18 08:08:00 +01:00 |
|
de4dot
|
9e16d9cd40
|
Rename method
|
2012-02-13 11:28:08 +01:00 |
|
de4dot
|
5579323b3e
|
Print warning if I/O exception
|
2012-02-13 11:16:38 +01:00 |
|
de4dot
|
981472cd91
|
Methods should be static and have a body
|
2012-02-13 11:11:08 +01:00 |
|
de4dot
|
a35c765f15
|
Rename method
|
2012-02-13 10:20:11 +01:00 |
|
de4dot
|
179ea6d6fd
|
Only string decrypter method is worth 100 points
|
2012-02-12 16:56:26 +01:00 |
|
de4dot
|
3e3be639e5
|
Move reading variable length int32 code to DeobUtils
|
2012-02-12 16:54:48 +01:00 |
|
de4dot
|
67efd5e7e7
|
Rename namespace to Eazfuscator_NET
|
2012-02-12 16:46:39 +01:00 |
|
de4dot
|
c2d13d9059
|
Remove all invalid methods
|
2012-02-12 16:29:29 +01:00 |
|
de4dot
|
4691c805d8
|
Ignore invalid methods
|
2012-02-12 16:25:12 +01:00 |
|
de4dot
|
46f23ce89d
|
Add InvalidMethodsFinder
|
2012-02-12 16:24:59 +01:00 |
|
de4dot
|
c15773b709
|
Merge branch 'cv' into next_version
Conflicts:
blocks/DotNetUtils.cs
|
2012-02-12 14:47:24 +01:00 |
|
de4dot
|
c73fcfc1d0
|
Remove CV type if it is empty
|
2012-02-12 14:38:42 +01:00 |
|
de4dot
|
5ce1f74263
|
Position has already been set to 0
|
2012-02-12 14:29:11 +01:00 |
|
de4dot
|
037cb5bc68
|
Decrypt the remaining (EREX) resources
|
2012-02-12 14:28:53 +01:00 |
|
de4dot
|
9a6bd53cb9
|
Remove obfuscator obfuscator bundle types
|
2012-02-12 13:38:23 +01:00 |
|
de4dot
|
ded45dcb7a
|
Remove proxy method types and main type
|
2012-02-12 13:00:38 +01:00 |
|
de4dot
|
ff55be46b6
|
Rename getField() to getFieldByName() and add a real getField() method
|
2012-02-12 12:53:36 +01:00 |
|
de4dot
|
8999eb8e0f
|
Remove CV main type methods if < v5.0
|
2012-02-12 12:08:46 +01:00 |
|
de4dot
|
42f66c3948
|
Fix detection; 3.2 doesn't have those extra fields
|
2012-02-12 12:03:55 +01:00 |
|
de4dot
|
d6327b401e
|
Remove all anti-reflection types
|
2012-02-12 11:39:00 +01:00 |
|
de4dot
|
80d338637e
|
Add method to remove classes with no base type
|
2012-02-12 11:35:18 +01:00 |
|
de4dot
|
18cd71ecdc
|
Update detection (v5.0)
|
2012-02-11 23:39:37 +01:00 |
|
de4dot
|
070acc59f1
|
Bail out earlier if not encrypted
|
2012-02-11 23:23:51 +01:00 |
|
de4dot
|
91f7d2cb51
|
Find and remove resource decrypter types
|
2012-02-11 23:23:25 +01:00 |
|
de4dot
|
c18bed7d69
|
Add namespace
|
2012-02-11 23:11:54 +01:00 |
|
de4dot
|
bffbe419d5
|
Add hasInteger() method
|
2012-02-11 23:11:41 +01:00 |
|
de4dot
|
d44db9871e
|
Add log message that we have decrypted a resource
|
2012-02-11 21:51:48 +01:00 |
|
de4dot
|
57b947a3da
|
Add InvalidDataException
|
2012-02-11 21:49:22 +01:00 |
|
de4dot
|
ccd7d2ac79
|
Decrypt .resources files
|
2012-02-11 16:46:39 +01:00 |
|
de4dot
|
e5a72396c2
|
Remove length parameter from xxxteaDecrypt()
|
2012-02-11 16:46:02 +01:00 |
|
de4dot
|
ae97752d9c
|
Set data field to a 1-byte array
|
2012-02-09 10:14:59 +01:00 |
|
de4dot
|
ba399609c7
|
Initialize otherInitMethods in 2nd ctor
|
2012-02-09 10:14:29 +01:00 |
|
de4dot
|
45bf016a2e
|
Rename method
|
2012-02-09 10:14:08 +01:00 |
|
de4dot
|
15713a2b38
|
Check assembly for null (it could be a netmodule)
|
2012-02-08 22:01:10 +01:00 |
|
de4dot
|
d5089fa888
|
Remove kill type in deobfuscateBegin()
|
2012-02-08 19:54:05 +01:00 |
|
de4dot
|
b5c8a89b32
|
Remove init method calls called from .ctors
|
2012-02-08 19:40:17 +01:00 |
|
de4dot
|
a8d6aac306
|
Update detection of tamper detection types when proxy calls are enabled
|
2012-02-08 19:36:58 +01:00 |
|
de4dot
|
04247b5533
|
Remove most calls to main CV type
|
2012-02-08 19:21:00 +01:00 |
|
de4dot
|
c757139357
|
Remove string decrypter type
|
2012-02-08 18:58:06 +01:00 |
|
de4dot
|
98c8ea49e9
|
Remove tamper detection code
|
2012-02-08 18:40:24 +01:00 |
|
de4dot
|
1583552825
|
Make sure rvas list is never null
|
2012-02-08 16:14:07 +01:00 |
|
de4dot
|
780da4a0ad
|
Update detection of encrypted methods data
|
2012-02-08 15:52:39 +01:00 |
|
de4dot
|
fa6b0d4054
|
Move detection of CV main type to its own class
|
2012-02-08 15:40:11 +01:00 |
|
de4dot
|
bb89ce2983
|
Remove method since base class now has the same method
|
2012-02-08 15:19:45 +01:00 |
|
de4dot
|
1e3daf3b45
|
Dump embedded assemblies
|
2012-02-08 12:33:02 +01:00 |
|
de4dot
|
09e840923d
|
Search for sig starting from _stub RVA
|
2012-02-08 09:29:49 +01:00 |
|
de4dot
|
a8d4b38c79
|
Mover version info to a new ObfuscatorVersion enum
|
2012-02-08 08:55:45 +01:00 |
|
de4dot
|
0e89c0fc35
|
Only check Version property if methods decrypter was found
|
2012-02-08 08:50:36 +01:00 |
|
de4dot
|
776fd7f69f
|
Speed up finding V5 methods decrypter type
|
2012-02-07 15:17:41 +01:00 |
|
de4dot
|
1076218a81
|
Detect CV version
|
2012-02-07 15:05:27 +01:00 |
|
de4dot
|
6ab0748bdd
|
Decrypt V5 encrypted methods
|
2012-02-07 14:55:20 +01:00 |
|
de4dot
|
f11c51830f
|
Make sure info is copied
|
2012-02-07 14:53:58 +01:00 |
|
de4dot
|
97d09c4c65
|
Make method accessible by sub classes
|
2012-02-07 14:53:34 +01:00 |
|
de4dot
|
3276f433c9
|
Add code to detect V5 methods decrypter
|
2012-02-07 05:08:02 +01:00 |
|
de4dot
|
0aeee176cc
|
Merge v3-v4 and v5 code
|
2012-02-07 04:45:59 +01:00 |
|
de4dot
|
f1a1188409
|
Add a new ctor to copy values from old instance
|
2012-02-07 04:45:04 +01:00 |
|
de4dot
|
8f9cc6d290
|
Re-use v3-v4 string decrypter
|
2012-02-07 03:03:49 +01:00 |
|
de4dot
|
d512889833
|
Fix 'shadow calls' obfuscation
|
2012-02-07 02:07:31 +01:00 |
|
de4dot
|
c2313110b8
|
Add getDelegateTypes() and fix findProxyCall()
|
2012-02-07 02:02:49 +01:00 |
|
de4dot
|
ad8a5078fe
|
Rename method
|
2012-02-07 00:42:32 +01:00 |
|
de4dot
|
2ccb35afb0
|
Add CV5 files
|
2012-02-06 15:55:35 +01:00 |
|
de4dot
|
26bf21a84e
|
Show obfuscator version
|
2012-02-06 15:55:14 +01:00 |
|
de4dot
|
b39725f12f
|
Remove useless 'using'
|
2012-02-06 15:52:19 +01:00 |
|
de4dot
|
0d6542e383
|
Move v3-v4 code to a sub dir
|
2012-02-06 15:49:27 +01:00 |
|
de4dot
|
da3a28f0a8
|
Move (and rename) XXTEA decrypt func to DeobUtils
|
2012-02-06 08:22:55 +01:00 |
|
de4dot
|
b867301797
|
Update valid name regex
|
2012-02-06 08:20:04 +01:00 |
|
de4dot
|
b3750f9d4c
|
Initialize its token field
|
2012-02-05 23:04:24 +01:00 |
|
de4dot
|
542c6bb213
|
Support 3.2 methods decrypter
|
2012-02-05 22:49:10 +01:00 |
|
de4dot
|
d5c3a6964b
|
Support 4.0 methods decrypter
|
2012-02-05 21:27:36 +01:00 |
|
de4dot
|
1903cf8607
|
KILL type is only worth 10 points
|
2012-02-05 19:01:49 +01:00 |
|
de4dot
|
9e4b29034f
|
Finish getStringDecrypterMethods() method
|
2012-02-05 18:59:29 +01:00 |
|
de4dot
|
191fbb84b0
|
Use new getInitializedUInt32Array() method
|
2012-02-05 18:56:05 +01:00 |
|
de4dot
|
c8c4e3341c
|
Add getInitializedUInt32Array() method
|
2012-02-05 18:55:48 +01:00 |
|
de4dot
|
d6ff8b515d
|
Add string decrypter
|
2012-02-05 18:47:31 +01:00 |
|
de4dot
|
029c049bf6
|
Move readVariableLengthInteger() to DeobUtils
|
2012-02-05 18:46:14 +01:00 |
|
de4dot
|
29c5cfc9c8
|
Don't stop if 2nd instr is also a store
|
2012-02-05 18:45:04 +01:00 |
|
de4dot
|
23c72927b5
|
Add CV and methods decrypter
|
2012-02-05 16:17:47 +01:00 |
|
de4dot
|
84f322dbcf
|
Rename method. Ignore generic methods.
|
2012-02-03 16:21:59 +01:00 |
|
de4dot
|
3caad72275
|
Print new resource name
|
2012-02-03 14:35:42 +01:00 |
|
de4dot
|
ed9addb385
|
Make sure only valid methods are restored
|
2012-02-03 14:24:39 +01:00 |
|
de4dot
|
0cc88ba39f
|
Restore resource names
|
2012-02-03 13:22:37 +01:00 |
|
de4dot
|
ebfb88b6f1
|
Don't try to inline methods without a body or no instrs
|
2012-02-03 11:10:48 +01:00 |
|
de4dot
|
bc6630f760
|
Detect other SN attribute
|
2012-02-03 10:45:31 +01:00 |
|
de4dot
|
022bbe15af
|
Update name regex
|
2012-02-03 10:44:58 +01:00 |
|
de4dot
|
3a49d2a603
|
Remove encrypted strings field type
|
2012-02-03 10:13:41 +01:00 |
|
de4dot
|
33010b65a7
|
Add option to remove namespaces with only one type in it
|
2012-02-03 10:07:44 +01:00 |
|
de4dot
|
1008e91524
|
Don't restore method bodies from outside types
|
2012-02-03 10:05:31 +01:00 |
|
de4dot
|
95b835895b
|
Inline the remaining methods
|
2012-02-03 09:44:35 +01:00 |
|
de4dot
|
c09bbf0d01
|
Restore bodies and update calls to real instance method
|
2012-02-03 09:21:15 +01:00 |
|
de4dot
|
e67ecfdff4
|
Remove the methods types
|
2012-02-03 06:33:54 +01:00 |
|
de4dot
|
9a87a2658f
|
Restore method bodies
|
2012-02-03 04:26:55 +01:00 |
|
de4dot
|
814ca402bf
|
Detect classes created by the obfuscator
|
2012-02-03 03:03:19 +01:00 |
|
de4dot
|
3ce28aebb0
|
Inline methods
|
2012-02-02 10:55:30 +01:00 |
|
de4dot
|
b3f17a27a3
|
Add SN string decrypter
|
2012-02-02 06:56:14 +01:00 |
|
de4dot
|
36b4806858
|
Remove useless code and add getArrays() method
|
2012-02-02 06:54:10 +01:00 |
|
de4dot
|
ce7dc67848
|
Fix Issue #19
|
2012-01-30 09:12:26 +01:00 |
|
de4dot
|
a69b17e06d
|
Support embedded assemblies (Silverlight)
|
2012-01-29 18:30:07 +01:00 |
|
de4dot
|
26a3e14d2c
|
Update fields restorer since 2+ types can share same struct
|
2012-01-29 05:06:21 +01:00 |
|
de4dot
|
55dcb0881d
|
Update code since master was updated
|
2012-01-28 18:40:35 +01:00 |
|
de4dot
|
0f9184e9be
|
Merge branch 'master' into newcode
|
2012-01-28 18:38:09 +01:00 |
|
de4dot
|
915018c2fc
|
Use a better method dictionary
|
2012-01-28 02:54:12 +01:00 |
|
de4dot
|
887ee7c9e8
|
Fix method signature
|
2012-01-27 01:02:17 +01:00 |
|
de4dot
|
247cb2be20
|
Compare ElementType instead of calling verifyType for speed
|
2012-01-26 22:40:19 +01:00 |
|
de4dot
|
66969a4e92
|
Remove old code
|
2012-01-25 06:28:25 +01:00 |
|
de4dot
|
71d18ce688
|
Remove useless cast
|
2012-01-25 06:22:47 +01:00 |
|
de4dot
|
cb791a43ae
|
Compare by reference since both are field defs
|
2012-01-25 06:15:33 +01:00 |
|
de4dot
|
c3b9b840e4
|
Code should return true
|
2012-01-25 05:47:34 +01:00 |
|
de4dot
|
2684ccab93
|
Create a unique metadata token since renamer depends on it
|
2012-01-24 17:51:22 +01:00 |
|
de4dot
|
26b2de90af
|
Fix format string: missing {1}
|
2012-01-24 17:11:45 +01:00 |
|
de4dot
|
e9d7f3dbfb
|
Restore fields
|
2012-01-24 17:10:11 +01:00 |
|
de4dot
|
e00ca9a7d2
|
Merge branch 'master' into newcode
|
2012-01-24 15:15:07 +01:00 |
|
de4dot
|
fb1a45c5a4
|
Create a new unique GUID that depends on the module
|
2012-01-24 15:14:57 +01:00 |
|
de4dot
|
94f3fc9369
|
Lower num required found proxies
|
2012-01-24 14:54:23 +01:00 |
|
de4dot
|
8fbcdeb060
|
Make sure it gets an RVA, and change field type to byte
|
2012-01-24 09:06:54 +01:00 |
|
de4dot
|
5c98e81e78
|
Ignore base64 decode exception
|
2012-01-24 07:39:07 +01:00 |
|
de4dot
|
ab0fa2631e
|
Resource must be returned...
|
2012-01-24 05:25:02 +01:00 |
|
de4dot
|
95462d8dda
|
Dump V4 embedded assemblies
|
2012-01-24 05:08:24 +01:00 |
|
de4dot
|
a80482751d
|
Add extra check to make sure we detect the correct method
|
2012-01-24 04:44:23 +01:00 |
|
de4dot
|
ed00c5f2c5
|
Make sure it is static
|
2012-01-24 04:24:44 +01:00 |
|
de4dot
|
6ceea06f5b
|
Decrypt V4 resources
|
2012-01-24 03:22:59 +01:00 |
|
de4dot
|
2c8e685910
|
Ignore prefixes
|
2012-01-24 02:31:57 +01:00 |
|
de4dot
|
88c8dcbb7a
|
Detect V3.5
|
2012-01-24 01:01:30 +01:00 |
|
de4dot
|
d59fa86515
|
Print DS version
|
2012-01-24 00:41:09 +01:00 |
|
de4dot
|
da0cf08b33
|
Merge branch 'master' into newcode
|
2012-01-23 23:19:59 +01:00 |
|
de4dot
|
613a97906a
|
Make sure method hasn't been removed
|
2012-01-23 23:16:01 +01:00 |
|
de4dot
|
f9ed9e403f
|
Support V4 string decryptor
|
2012-01-23 23:13:04 +01:00 |
|
de4dot
|
4cfa0cf1f3
|
Update detection of methods to inline
|
2012-01-23 23:11:39 +01:00 |
|
de4dot
|
981975b750
|
Make sure we don't dump resource resolver's resource
|
2012-01-22 23:46:32 +01:00 |
|
de4dot
|
0ac8c944e5
|
Add call to stringDecryptersAdded()
|
2012-01-22 20:02:05 +01:00 |
|
de4dot
|
991a5281ab
|
Add DS obfuscator support
|
2012-01-22 19:58:31 +01:00 |
|
de4dot
|
080a11c437
|
Merge branch 'master' into newcode
|
2012-01-22 19:53:27 +01:00 |
|
de4dot
|
5876526151
|
Add getInitializedInt16Array() and stop earlier
|
2012-01-22 19:33:36 +01:00 |
|
de4dot
|
8c645504fe
|
Add method to find resource from strings in code
|
2012-01-22 13:00:17 +01:00 |
|
de4dot
|
bf1843ade4
|
Add an inflate() overload
|
2012-01-22 12:59:51 +01:00 |
|
de4dot
|
7962de961c
|
Add getModuleTypeCctor() method
|
2012-01-22 11:15:14 +01:00 |
|
de4dot
|
fde26c0bd2
|
Split method
|
2012-01-21 22:16:07 +01:00 |
|
de4dot
|
ba04092060
|
Call stringDecryptersAdded() after adding string decrypters
|
2012-01-21 22:15:53 +01:00 |
|
de4dot
|
1371392b4a
|
master was updated
|
2012-01-21 20:33:34 +01:00 |
|
de4dot
|
5a4d41cf45
|
Merge branch 'master' into newcode
|
2012-01-21 20:32:33 +01:00 |
|
de4dot
|
2dadd773ec
|
Use ParameterDefinition.Sequence
|
2012-01-21 20:31:47 +01:00 |
|
de4dot
|
2e605b5117
|
Merge branch 'master' into newcode
|
2012-01-21 14:19:52 +01:00 |
|
de4dot
|
f3f8975f01
|
If instance explicit, 'this' is 1st param
|
2012-01-20 19:30:40 +01:00 |
|
de4dot
|
77f4d9ee0c
|
Derive from ValueInlinerBase
|
2012-01-19 19:23:34 +01:00 |
|
de4dot
|
8c90c7b494
|
master was updated
|
2012-01-19 19:19:08 +01:00 |
|
de4dot
|
68b78b0081
|
Merge branch 'master' into newcode
|
2012-01-19 19:17:55 +01:00 |
|
de4dot
|
7f5401625e
|
Rename classes
|
2012-01-19 19:16:44 +01:00 |
|
de4dot
|
45ff4af573
|
Remove detection of Babel in Unknown obfuscator
|
2012-01-19 05:42:00 +01:00 |
|
de4dot
|
dc042d2f9a
|
Decrypt V2 encrypted strings
|
2012-01-19 05:38:58 +01:00 |
|
de4dot
|
ff6a8d4b6f
|
Dump embedded assemblies before decrypting methods
|
2012-01-18 07:53:06 +01:00 |
|
de4dot
|
49c06dec64
|
Dump embedded assemblies
|
2012-01-18 07:43:03 +01:00 |
|
de4dot
|
6ec1222657
|
Move common code to BabelUtils
|
2012-01-18 07:38:35 +01:00 |
|
de4dot
|
ed31063b1b
|
Merge branch 'master' into newcode
|
2012-01-18 06:15:31 +01:00 |
|
de4dot
|
5cb5f41d4a
|
Support latset version of SA
|
2012-01-17 02:54:48 +01:00 |
|
de4dot
|
6c20e18b4d
|
master was updated so fix code here
|
2012-01-14 12:37:20 +01:00 |
|
de4dot
|
48361ae809
|
Merge branch 'master' into newcode
|
2012-01-14 12:35:11 +01:00 |
|
de4dot
|
5f6841e317
|
Add HasHandlers property to base class
|
2012-01-14 12:34:42 +01:00 |
|
de4dot
|
f19be8019e
|
Don't remove any types/methods/etc if it's an unknown obfuscator
|
2012-01-14 12:27:03 +01:00 |
|
de4dot
|
5e3b4a1414
|
Add some checks
|
2012-01-14 12:19:17 +01:00 |
|
de4dot
|
f0ff8df76a
|
Use the method in InitializedDataCreator
|
2012-01-14 12:16:05 +01:00 |
|
de4dot
|
06e8b9f654
|
Use the new Int32ValueInliner class
|
2012-01-14 12:04:59 +01:00 |
|
de4dot
|
b71e8fdfdc
|
Remove newlines from names when calling the logger
|
2012-01-14 11:59:01 +01:00 |
|
de4dot
|
c069d8005c
|
Use methods in DotNetUtils
|
2012-01-14 11:53:38 +01:00 |
|
de4dot
|
ed918c6993
|
Call Dispose() after decrypting methods
|
2012-01-14 11:46:00 +01:00 |
|
de4dot
|
75c8747a0f
|
Merge branch 'master' into newcode
|
2012-01-14 11:41:20 +01:00 |
|
de4dot
|
7b93497bc6
|
Update detection code
|
2012-01-14 11:39:49 +01:00 |
|
de4dot
|
6b4a462757
|
Support v3.0
|
2012-01-14 10:37:15 +01:00 |
|
de4dot
|
e53f4d043d
|
Proxy calls can be proxied
|
2012-01-13 21:30:49 +01:00 |
|
de4dot
|
948cdb47e3
|
Fix what was updated in master
|
2012-01-13 21:30:29 +01:00 |
|
de4dot
|
c583891151
|
Merge branch 'master' into newcode
|
2012-01-13 21:26:48 +01:00 |
|
de4dot
|
b214eaa3c9
|
Add option to keep deobfuscating deobfuscated calls
|
2012-01-13 21:26:31 +01:00 |
|
de4dot
|
17327902c3
|
Refactor method call inliner code
|
2012-01-11 04:38:02 +01:00 |
|
de4dot
|
dfb2332116
|
Print the version number
|
2012-01-11 02:35:02 +01:00 |
|
de4dot
|
f18ed0d6fe
|
Merge branch 'master' into newcode
|
2012-01-10 19:59:27 +01:00 |
|
de4dot
|
b30ccda1f9
|
Add method to remove the assembly info
|
2012-01-10 02:36:39 +01:00 |
|
de4dot
|
9800f91d12
|
Update copyright years
|
2012-01-09 23:04:52 +01:00 |
|
de4dot
|
0dbe743563
|
Merge branch 'master' into newcode
|
2012-01-09 23:02:58 +01:00 |
|
de4dot
|
0d0a40376d
|
Update copyright years
|
2012-01-09 23:02:47 +01:00 |
|
de4dot
|
edd855ad19
|
Merge branch 'master' into newcode
|
2012-01-09 07:55:09 +01:00 |
|
de4dot
|
665a170b9b
|
Make sure HasFieldRVA flag is set
|
2012-01-09 07:55:01 +01:00 |
|
de4dot
|
c9e5b8e91e
|
Update code to handle v3.5 obfuscated assemblies
|
2012-01-09 05:50:32 +01:00 |
|
de4dot
|
1805022073
|
Merge branch 'master' into newcode
|
2012-01-09 05:30:49 +01:00 |
|