de4dot
|
8ff2115083
|
Remove unused methods, and inline method used only by SA code
|
2011-11-02 02:25:45 +01:00 |
|
de4dot
|
ade1720d32
|
Use type cache to look up types (huge speedup in DNR code)
|
2011-11-02 02:25:07 +01:00 |
|
de4dot
|
1938a1c497
|
Undo what VS did
|
2011-11-01 18:56:44 +01:00 |
|
de4dot
|
6a07ee5b5e
|
It's generic code so move it to common parent dir
|
2011-11-01 18:48:52 +01:00 |
|
de4dot
|
7bdea53134
|
Check op for null and update detection code
|
2011-11-01 18:47:26 +01:00 |
|
de4dot
|
6f4447aa98
|
It's generic code so move it to common parent dir
|
2011-11-01 18:46:59 +01:00 |
|
de4dot
|
cc8e220281
|
Also use ldfld/ldflda to detect arg types
|
2011-11-01 15:53:51 +01:00 |
|
de4dot
|
c354ded987
|
Add code to restore ldtoken instructions
|
2011-11-01 15:17:26 +01:00 |
|
de4dot
|
5170e62e21
|
Add code to remove inlined methods and option to disable it
|
2011-11-01 14:23:30 +01:00 |
|
de4dot
|
e7ceb50382
|
Add CanInlineMethods to IDeobfuscator
|
2011-11-01 14:19:53 +01:00 |
|
de4dot
|
8faf7389ad
|
Restore method return types
|
2011-11-01 02:22:05 +01:00 |
|
de4dot
|
2e2eafdb57
|
Add code to restore methods' arg types
|
2011-10-31 23:58:19 +01:00 |
|
de4dot
|
ed625e256d
|
Restore field types and add option to disable it
|
2011-10-31 19:41:38 +01:00 |
|
de4dot
|
0ac072cf7b
|
Add class to restore field types. It should work most of the time.
|
2011-10-31 19:40:57 +01:00 |
|
de4dot
|
5185dc8364
|
Throw if PInvokeInfo is null. The type was probably removed.
|
2011-10-31 00:18:11 +01:00 |
|
de4dot
|
6b04c23036
|
Update decrypter and version detecter code
|
2011-10-31 00:09:38 +01:00 |
|
de4dot
|
35005a1a51
|
getStringDecrypterMethods() now adds all string decrypter methods
|
2011-10-30 19:28:13 +01:00 |
|
de4dot
|
0ddbe16349
|
Update DNR version number detection code
|
2011-10-30 06:15:52 +01:00 |
|
de4dot
|
7505f6096f
|
Clear deobfuscation flags when reloading module
|
2011-10-30 06:14:22 +01:00 |
|
de4dot
|
2ede24598d
|
Detect DNR version
|
2011-10-29 20:28:29 +02:00 |
|
de4dot
|
efe98949b1
|
Minor updates
|
2011-10-29 20:26:59 +02:00 |
|
de4dot
|
37a64f77f2
|
Index should be set to instruction before we broke out of the loop
|
2011-10-29 20:25:41 +02:00 |
|
de4dot
|
b57c93eae4
|
Update DNR methods decrypter code
|
2011-10-29 03:39:32 +02:00 |
|
de4dot
|
040410d7ce
|
Methods decrypter method could be null
|
2011-10-29 03:39:08 +02:00 |
|
de4dot
|
def4072bc5
|
Move array finder code to a new ArrayFinder class
|
2011-10-29 03:38:09 +02:00 |
|
de4dot
|
0a8d772c22
|
Decrypt methods sent to the JITter
|
2011-10-29 02:27:34 +02:00 |
|
de4dot
|
c4d6ba9ae9
|
Some minor updates
|
2011-10-29 02:25:31 +02:00 |
|
de4dot
|
3b87ab1294
|
Update getDecryptedModule() so it can return dumped methods
|
2011-10-29 02:23:48 +02:00 |
|
de4dot
|
a6dcd03d26
|
Allow passing dumped methods to reload()
|
2011-10-29 02:22:36 +02:00 |
|
de4dot
|
0e70d020b4
|
Add .NET metadata reader (ported from C++)
|
2011-10-29 02:20:44 +02:00 |
|
de4dot
|
89f90d3e75
|
Make sure publicKeyToken.Length > 0
|
2011-10-28 01:44:15 +02:00 |
|
de4dot
|
699ac4378d
|
Support older string decrypter method and detect older methods decrypter
|
2011-10-28 01:33:05 +02:00 |
|
de4dot
|
eb002895e1
|
Don't throw if we can't find all method args in the same block
|
2011-10-28 01:28:08 +02:00 |
|
de4dot
|
09178a6e95
|
Update methods decrypter and string decrypter
|
2011-10-27 22:25:44 +02:00 |
|
de4dot
|
39dbf5d9b2
|
Ignore call if we can't get all args
|
2011-10-27 22:22:52 +02:00 |
|
de4dot
|
9c83c22469
|
Add .NET header and a method to more safely write to a .NET PE image
|
2011-10-27 22:21:45 +02:00 |
|
de4dot
|
5357b4f73c
|
Update code to handle 4.1 obfuscated assemblies
|
2011-10-27 02:08:30 +02:00 |
|
de4dot
|
93d4ac1c9d
|
Update type name
|
2011-10-27 02:07:33 +02:00 |
|
de4dot
|
41356b2d30
|
Check for methods with no body
|
2011-10-27 02:07:06 +02:00 |
|
de4dot
|
ceca5718ba
|
Remove encrypted resources and call to methods decrypter
|
2011-10-26 23:00:01 +02:00 |
|
de4dot
|
dfb73f222f
|
Add options to disable decryption of methods and bools
|
2011-10-26 22:24:31 +02:00 |
|
de4dot
|
63ab61fb12
|
Deobfuscate cflow again if a bool was decrypted
|
2011-10-26 22:16:51 +02:00 |
|
de4dot
|
bd7a6763a6
|
Return number of method calls that were replaced
|
2011-10-26 22:06:48 +02:00 |
|
de4dot
|
28b73d36ed
|
It's a flags enum so should use unique bits
|
2011-10-26 22:00:32 +02:00 |
|
de4dot
|
db7edc2a72
|
Add BoolValueInliner class
|
2011-10-26 21:05:35 +02:00 |
|
de4dot
|
59863bf8b4
|
Refactor string decrypter to generic return value inliner class
|
2011-10-26 20:41:50 +02:00 |
|
de4dot
|
e4f2af221a
|
Add BooleanDecrypter class
|
2011-10-26 20:23:45 +02:00 |
|
de4dot
|
f37a46a02b
|
Decrypt strings
|
2011-10-26 19:49:25 +02:00 |
|
de4dot
|
03a8372319
|
Add readInt32() and readBytes() methods
|
2011-10-26 19:41:23 +02:00 |
|
de4dot
|
6bde8b8b20
|
Decrypt some DNR 4.0 non-native obfuscated assemblies
|
2011-10-26 14:40:55 +02:00 |
|