de4dot
|
b530c1a313
|
Add isSystemObject() method
|
2011-10-31 19:39:00 +01:00 |
|
de4dot
|
1eedf7cb3e
|
Update if expr. It was wrong
|
2011-10-31 19:38:36 +01:00 |
|
de4dot
|
cbf37e8732
|
Move getLocalVar() and add getArgType()
|
2011-10-31 19:37:26 +01:00 |
|
de4dot
|
5185dc8364
|
Throw if PInvokeInfo is null. The type was probably removed.
|
2011-10-31 00:18:11 +01:00 |
|
de4dot
|
6b04c23036
|
Update decrypter and version detecter code
|
2011-10-31 00:09:38 +01:00 |
|
de4dot
|
11781b2875
|
Check for null methods
|
2011-10-31 00:08:38 +01:00 |
|
de4dot
|
35005a1a51
|
getStringDecrypterMethods() now adds all string decrypter methods
|
2011-10-30 19:28:13 +01:00 |
|
de4dot
|
0ddbe16349
|
Update DNR version number detection code
|
2011-10-30 06:15:52 +01:00 |
|
de4dot
|
7505f6096f
|
Clear deobfuscation flags when reloading module
|
2011-10-30 06:14:22 +01:00 |
|
de4dot
|
2ede24598d
|
Detect DNR version
|
2011-10-29 20:28:29 +02:00 |
|
de4dot
|
efe98949b1
|
Minor updates
|
2011-10-29 20:26:59 +02:00 |
|
de4dot
|
37a64f77f2
|
Index should be set to instruction before we broke out of the loop
|
2011-10-29 20:25:41 +02:00 |
|
de4dot
|
b57c93eae4
|
Update DNR methods decrypter code
|
2011-10-29 03:39:32 +02:00 |
|
de4dot
|
040410d7ce
|
Methods decrypter method could be null
|
2011-10-29 03:39:08 +02:00 |
|
de4dot
|
def4072bc5
|
Move array finder code to a new ArrayFinder class
|
2011-10-29 03:38:09 +02:00 |
|
de4dot
|
0a8d772c22
|
Decrypt methods sent to the JITter
|
2011-10-29 02:27:34 +02:00 |
|
de4dot
|
c4d6ba9ae9
|
Some minor updates
|
2011-10-29 02:25:31 +02:00 |
|
de4dot
|
3b87ab1294
|
Update getDecryptedModule() so it can return dumped methods
|
2011-10-29 02:23:48 +02:00 |
|
de4dot
|
a6dcd03d26
|
Allow passing dumped methods to reload()
|
2011-10-29 02:22:36 +02:00 |
|
de4dot
|
0e70d020b4
|
Add .NET metadata reader (ported from C++)
|
2011-10-29 02:20:44 +02:00 |
|
de4dot
|
89f90d3e75
|
Make sure publicKeyToken.Length > 0
|
2011-10-28 01:44:15 +02:00 |
|
de4dot
|
699ac4378d
|
Support older string decrypter method and detect older methods decrypter
|
2011-10-28 01:33:05 +02:00 |
|
de4dot
|
eb002895e1
|
Don't throw if we can't find all method args in the same block
|
2011-10-28 01:28:08 +02:00 |
|
de4dot
|
deda2d5d60
|
Handle case where try handler block is before try block
|
2011-10-28 01:27:00 +02:00 |
|
de4dot
|
09178a6e95
|
Update methods decrypter and string decrypter
|
2011-10-27 22:25:44 +02:00 |
|
de4dot
|
39dbf5d9b2
|
Ignore call if we can't get all args
|
2011-10-27 22:22:52 +02:00 |
|
de4dot
|
9c83c22469
|
Add .NET header and a method to more safely write to a .NET PE image
|
2011-10-27 22:21:45 +02:00 |
|
de4dot
|
61b1f7a06a
|
Ignore invalid metadata tokens in code
|
2011-10-27 15:57:33 +02:00 |
|
de4dot
|
9c253e7864
|
Add updated cecil submodule
|
2011-10-27 15:52:58 +02:00 |
|
de4dot
|
5357b4f73c
|
Update code to handle 4.1 obfuscated assemblies
|
2011-10-27 02:08:30 +02:00 |
|
de4dot
|
93d4ac1c9d
|
Update type name
|
2011-10-27 02:07:33 +02:00 |
|
de4dot
|
41356b2d30
|
Check for methods with no body
|
2011-10-27 02:07:06 +02:00 |
|
de4dot
|
ceca5718ba
|
Remove encrypted resources and call to methods decrypter
|
2011-10-26 23:00:01 +02:00 |
|
de4dot
|
dfb73f222f
|
Add options to disable decryption of methods and bools
|
2011-10-26 22:24:31 +02:00 |
|
de4dot
|
63ab61fb12
|
Deobfuscate cflow again if a bool was decrypted
|
2011-10-26 22:16:51 +02:00 |
|
de4dot
|
bd7a6763a6
|
Return number of method calls that were replaced
|
2011-10-26 22:06:48 +02:00 |
|
de4dot
|
28b73d36ed
|
It's a flags enum so should use unique bits
|
2011-10-26 22:00:32 +02:00 |
|
de4dot
|
db7edc2a72
|
Add BoolValueInliner class
|
2011-10-26 21:05:35 +02:00 |
|
de4dot
|
0c0093ff76
|
Add createLdci4() method
|
2011-10-26 21:01:38 +02:00 |
|
de4dot
|
59863bf8b4
|
Refactor string decrypter to generic return value inliner class
|
2011-10-26 20:41:50 +02:00 |
|
de4dot
|
e4f2af221a
|
Add BooleanDecrypter class
|
2011-10-26 20:23:45 +02:00 |
|
de4dot
|
f37a46a02b
|
Decrypt strings
|
2011-10-26 19:49:25 +02:00 |
|
de4dot
|
03a8372319
|
Add readInt32() and readBytes() methods
|
2011-10-26 19:41:23 +02:00 |
|
de4dot
|
6bde8b8b20
|
Decrypt some DNR 4.0 non-native obfuscated assemblies
|
2011-10-26 14:40:55 +02:00 |
|
de4dot
|
1fbe902ed1
|
Always call detect(), and support reloading decrypted files
|
2011-10-26 14:32:50 +02:00 |
|
de4dot
|
3f7b1237b4
|
Don't call GetDirectoryName() if name is "" (loaded from byte[])
|
2011-10-26 14:32:10 +02:00 |
|
de4dot
|
4f315fd65a
|
Add reload() method when the file has been decrypted
|
2011-10-26 14:30:47 +02:00 |
|
de4dot
|
1eaa245618
|
Should ignore .cctor methods since .ctor is never static
|
2011-10-26 14:29:57 +02:00 |
|
de4dot
|
bfa0fa14c0
|
Add decrypt methods to IDeobfuscator. Change some method sigs.
|
2011-10-26 14:29:12 +02:00 |
|
de4dot
|
794b9dfd77
|
Add PE image reader/writer code
|
2011-10-26 14:20:38 +02:00 |
|