ViR Dash
8725afae01
Add support for normal mode string decryption
2017-09-26 01:54:47 +01:00
ViR Dash
5ec36c863c
Add support for normal predicate control flow;
...
Add detection weight to ConfusedBy attribute
2017-09-26 01:54:42 +01:00
ViR Dash
7adf818194
Implement ConfuserEx generic constants and resource decryption; misc improvements
...
Move BeaEngine.dll to /bin/
Make sure BeaEngine.dll is loaded when the working directory is different
Disable file deobfuscation exception handler
Don't remove LZMA methods by default
Trim version read from ConfuserAttribute
Minor refactoring
2017-08-20 16:25:25 +03:00
ViR Dash
4be6156d9b
Move ConfuserEx warning messages to display during the correct deobfuscation stage
2017-08-19 17:44:30 +03:00
ViR Dash
d6a18082af
Ensure BeaEngine.dll is present and misc changes
...
Copy BeaEngine.dll on build and check if it exists in runtime
Disable more exception handlers to help detect swallowed exceptions
Misc refactoring
2017-08-19 17:40:14 +03:00
ViR Dash
3e4170deb6
ConfuserEx deobfuscator code clean-up and refactor
2017-08-08 13:27:21 +03:00
ViR Dash
e0a2e805d4
ConfuserEx deobfuscator updates and misc changes
...
ConfuserEx changes:
* Implement Proxy Call Fixer
* Refactor Control Flow Fixer
Disable main exception handler to let de4dot throw on error
2017-07-25 17:37:41 +03:00
ViR Dash
23477ccb5f
Implemented ConfuserEx deobfuscator
...
x86 cflow and x86 constant decryption
Backport of LINQ (LinqBridge)
Shift left/right emulation fixes in de4dot core
Block class extended to hold additional information
2017-02-13 11:14:22 +02:00
PoroCYon
126758fa6f
Fix compiler errors (on mono) ( #123 )
2017-01-05 13:46:04 +01:00
0xd4d
cf19456dd6
Merge pull request #120 from XODE0/master
...
Support .NETReactor last versions.
2016-03-19 20:32:14 +01:00
XODE0
be964e1637
Fix for .NETReactor versions(4.7+).
2016-03-19 20:13:02 +01:00
XODE0
bbe3d325fb
Fix for old .NETReactor versions.
2016-03-19 18:26:07 +01:00
de4dot
8039056d4c
Move class from dnlib to de4dot
2016-03-19 16:38:48 +01:00
XODE0
38cfc6507a
Update EncryptedResource.cs
2016-03-19 16:26:05 +01:00
XODE0
f6a107c9bf
Support dotNETReactor v5.0.0.0
2016-03-19 16:16:22 +01:00
xode0
236b1768f4
Fix for the last .NETReactor.
2016-02-16 23:47:14 +01:00
de4dot
aa53cc0a81
Update dnlib submodule
2016-02-11 20:51:02 +01:00
de4dot
958ad86ceb
Fix merge
2016-02-11 20:50:54 +01:00
0xd4d
71eddd4689
Merge pull request #119 from XODE0/master
...
Add resource name decryption for Crypto.
2016-02-11 20:43:35 +01:00
xode0
6bfb3bc4a7
Add resource name decryption
...
.
Update Crypto StringDecrypter and move DecryptResourceName from ConstantsDecrypter to CoUtils.
Follow de4dot coding style.
Tabify the last commits.
2016-02-11 20:28:00 +01:00
0xd4d
9715fe46c2
Merge pull request #117 from PythEch/fix-eazfuscator-51
...
Added support for Eazfuscator.NET 5.1
2016-02-10 18:41:30 +01:00
PythEch
17c23f9ad7
Use default shift constants when Eazfuscator.NET < 5.0
2016-02-06 17:38:14 +02:00
PythEch
d7c7c7ce85
Fix Indentation
2016-01-24 00:47:09 +02:00
PythEch
2581da1c26
Make it compatible with 5.0 again
...
Version detection may be flawed since it checks if the string decryptor
method uses cgt.un instead of ceq for flags because the changes in 5.1
are subtle.
2016-01-24 00:45:37 +02:00
PythEch
84e0aa0b77
Fix the calculation of magic
...
It seems that Eazfuscator.NET sometimes calculates the magic with
different constants so I had to get them programmatically
2016-01-23 22:55:29 +02:00
PythEch
63607a6678
Fix string decryption for Eazfuscator.NET 5.1
...
v5.1 changes a few instructions in , other than it's almost the same
2016-01-23 17:09:01 +02:00
de4dot
4c684bb67e
Update copyright years
2015-10-29 22:45:26 +01:00
de4dot
02d6de8f39
Fix old Confuser deobfuscator code
2015-10-29 22:36:17 +01:00
de4dot
a0f12c4ad0
Update IsN00bUser()
2015-10-29 21:37:49 +01:00
de4dot
ea28306e9c
Update dnlib submodule
2015-10-29 21:37:37 +01:00
de4dot
eefa799e0d
Fix merge. Code used a much older dnlib version
2015-10-29 21:36:57 +01:00
de4dot
7cde561e6b
Merge branch 'confuser'
2015-10-29 21:36:34 +01:00
de4dot
436fe05756
Fix some older merges
2015-10-29 21:36:27 +01:00
0xd4d
f279bed1ed
Merge pull request #113 from saneki/only_cflow
...
Added option --only-cflow-deob for only deobfuscating control flow
2015-09-23 19:58:48 +02:00
saneki
e399d4ae2d
Added option --only-cflow-deob for only deobfuscating control flow
2015-09-22 11:06:45 -07:00
0xd4d
21318d2161
Merge pull request #111 from angelsl/master
...
CryptoObfuscator: Detect if decrypter should skip before reading flag or vice versa
2015-08-29 12:24:29 +02:00
angelsl
133814073c
Actually use index of the not opcode
...
Signed-off-by: angelsl <hidingfromhidden@gmail.com>
2015-08-28 00:01:40 +08:00
0xd4d
74408ae2dd
Merge pull request #112 from saneki/nix_friendly
...
Renamed file with proper capitalization (as referenced in project file)
2015-08-23 00:15:38 +02:00
saneki
ff708f8116
Renamed file with proper capitalization (as referenced in project file)
2015-08-22 16:25:30 -05:00
angelsl
ffeb7c9472
Detect if decrypter should skip before reading flag or vice versa
...
Seems like some versions of CryptoObfuscator skip the bytes before reading the
actual flag instead of the behaviour expected by de4dot currently.
Signed-off-by: angelsl <hidingfromhidden@gmail.com>
2015-08-21 15:57:44 +08:00
de4dot
39cf94964f
Remove 64-bit mscorlib refs from x64 csproj files
2015-08-15 11:08:17 +02:00
de4dot
111d0b538c
Add updated dnlib submodule
2015-08-15 11:01:11 +02:00
0xd4d
dfbbfc3fe0
Merge pull request #110 from saneki/eaz_5
...
Added support for Eazfuscator.NET 5.0 (string decryption)
2015-08-05 19:49:52 +02:00
saneki
94596d6fb7
Added support for Eazfuscator.NET 5.0
2015-08-04 17:52:02 -05:00
de4dot
828a1ab398
Move most of MemberRefFinder to dnlib
2015-07-19 23:47:45 +02:00
de4dot
9e2a9016d2
Move .NET resources read/writer code to dnlib
2015-07-08 08:02:34 +02:00
0xd4d
7a282f0962
Update README.md
2015-07-01 17:29:22 +02:00
de4dot
67703cb5be
Update dnlib URL and use latest commits
2015-07-01 17:11:22 +02:00
0xd4d
e0dfa64e31
Merge pull request #107 from mrexodia/dynamic_loading_fix
...
Dynamic loading fix
2015-05-23 10:02:49 +02:00
Mr. eXoDia
30aaeecafc
dictionary to make sure plugins can override the default deobfuscators
2015-05-22 21:17:57 +02:00