de4dot
a2c8e99b3f
Ignore any exceptions during deobfuscation
2012-07-28 04:18:11 +02:00
de4dot
839684685e
Assume invalid code so check for null
2012-07-27 21:38:03 +02:00
de4dot
685d2c2ef0
Print a message if MethodData isn't encrypted
2012-07-27 21:35:55 +02:00
de4dot
6a15bfeee7
Decrypt Confuser encrypted resources
2012-07-27 12:49:00 +02:00
de4dot
471628b843
Update exception string
2012-07-27 09:21:03 +02:00
de4dot
16e6a986c7
Remove ConfusedByAttribute type
2012-07-27 08:50:58 +02:00
de4dot
872b4f61a2
Remove anti dumper type
2012-07-27 08:47:37 +02:00
de4dot
4840a117cf
Remove anti debugger type
2012-07-27 08:40:21 +02:00
de4dot
38d94819ee
Remove method decrypter type and init method call
2012-07-27 08:23:55 +02:00
de4dot
74970e80ff
Add Confuser proxy fixer
2012-07-27 08:11:23 +02:00
de4dot
a48a03b9ab
Move methods to ConfuserUtils
2012-07-27 08:07:17 +02:00
de4dot
135dcd5a3c
Merge branch 'master' into confuser
2012-07-27 08:03:30 +02:00
de4dot
e88479f71d
Add OtherMethods prop
2012-07-27 08:03:02 +02:00
de4dot
3abb8de345
getFieldToMethodDictionary() is now a non-virtual method
2012-07-27 07:57:13 +02:00
de4dot
70bd973cdd
Decrypt Confuser 1.9 encrypted JIT methods
2012-07-26 20:12:12 +02:00
de4dot
1a1ccb2121
Update code since GetUserString() arg is now a token
2012-07-26 20:07:27 +02:00
de4dot
bbd41a549c
Add MD5 and SHA256 sum methods
2012-07-26 16:35:28 +02:00
de4dot
916948249e
Add missing null check
2012-07-26 16:35:08 +02:00
de4dot
5fc6e1ac75
Add method to get a 64-bit int
2012-07-25 21:06:35 +02:00
de4dot
423c33a9f2
Append 32 to 32-bit methods and fields
2012-07-25 20:48:06 +02:00
de4dot
e2ec6548ed
Add more ctors and add EmulateConvInstructions prop
2012-07-25 20:43:22 +02:00
de4dot
755c9ae21a
New version: 1.9.0
2012-07-24 20:08:09 +02:00
de4dot
a815a70415
Rename arrays
2012-07-24 19:58:00 +02:00
de4dot
880441571e
Update class comment
2012-07-24 19:52:34 +02:00
de4dot
c31e6c2c3d
Main embedded asm doesn't always have the same asm name as the original asm
2012-07-24 19:05:50 +02:00
de4dot
e1f8793302
Add option to disable decrypting main embedded assembly
2012-07-24 18:52:39 +02:00
de4dot
490ce203b6
Update invalid name regex
2012-07-24 18:13:18 +02:00
de4dot
e54b026ae7
Make the embedded (original) start up assembly the new decrypted assembly
2012-07-24 17:49:04 +02:00
de4dot
4374a08020
getDecryptedModule() can now be called multiple times
2012-07-24 17:02:27 +02:00
de4dot
c8477bdbce
Print a warning and use default encoding if the code page doesn't exist
2012-07-23 13:19:04 +02:00
de4dot
8a81e98b3f
Fix invalid Mvid
2012-07-23 13:15:32 +02:00
de4dot
6c04a950e7
Remove duplicate resources
2012-07-23 10:22:39 +02:00
de4dot
b03cb46f53
Rename class
2012-07-23 10:08:13 +02:00
de4dot
ebbc8d2ab8
Remove encoding arg
2012-07-23 10:04:40 +02:00
de4dot
74aaf19257
Support the latest CO build
2012-07-22 20:35:33 +02:00
de4dot
2320c458cf
Check for null (invalid method ref in call instr)
2012-07-21 23:13:34 +02:00
de4dot
762e043236
Merge branch 'co' into new_code
...
Conflicts:
de4dot.code/de4dot.code.csproj
de4dot.code/deobfuscators/CryptoObfuscator/Deobfuscator.cs
2012-07-21 12:14:04 +02:00
de4dot
940aa20534
Merge branch 'master' into new_code
...
Conflicts:
de4dot.code/de4dot.code.csproj
2012-07-21 11:24:32 +02:00
de4dot
fd9d4a40cc
Support another MC runtime
2012-07-21 11:13:59 +02:00
de4dot
816ff5f369
New version: 1.8.7
2012-07-20 21:55:12 +02:00
de4dot
e05bfc9c8a
Decrypt strings
2012-07-20 21:54:56 +02:00
de4dot
dfafc4a94b
Remove useless method
2012-07-20 18:32:49 +02:00
de4dot
9b48632354
Refactor
2012-07-20 18:15:40 +02:00
de4dot
8b82f8b47d
Support the latest MC versions
2012-07-20 14:49:47 +02:00
de4dot
1eaa9f8c51
Add verify methods
2012-07-20 14:48:19 +02:00
de4dot
d9b3a81ba9
Add little endian encrypt/decrypt methods
2012-07-20 14:47:55 +02:00
de4dot
9b71da3633
Remove call to InitializeArray
2012-07-18 14:39:27 +02:00
de4dot
d0712b46aa
Update detection of resource resolver class
2012-07-16 20:00:37 +02:00
de4dot
6766c10969
Split array state into a new class
2012-07-16 19:59:50 +02:00
de4dot
ca65972c64
Add a force option to deobfuscate() method
2012-07-16 18:02:32 +02:00
de4dot
2aa3c8aaea
Add constants decrypter
2012-07-11 08:05:06 +02:00
de4dot
8f2f2f46ce
Support latest CO build
2012-07-11 02:15:33 +02:00
de4dot
9f8cac4dac
Fix #56
2012-07-08 08:14:36 +02:00
de4dot
598529a039
Support calli instruction
2012-07-08 04:18:26 +02:00
de4dot
16d5a31640
Create a SentinelType
2012-07-08 03:50:50 +02:00
de4dot
1581ec959d
Merge branch 'master' into new_code
2012-07-07 19:35:54 +02:00
de4dot
1867a06e84
Continue if same method
2012-07-07 09:09:55 +02:00
de4dot
ad6c6401b9
Support VS2008
2012-07-07 07:16:55 +02:00
de4dot
e440270a63
Fix proxy calls
2012-07-07 01:59:03 +02:00
de4dot
0a5764a093
Change method to take a ref to a type
2012-07-07 00:58:18 +02:00
de4dot
02c89550cb
Update the counter
2012-07-05 23:19:37 +02:00
de4dot
d5c8f6842a
Update log string
2012-07-02 21:49:59 +02:00
de4dot
8a34b6e015
Make method static
2012-07-02 21:49:45 +02:00
de4dot
b9e88972ae
Support latest CO build
2012-07-02 14:26:00 +02:00
de4dot
23697e2c00
Support ILP 1.0.5
2012-07-01 16:23:51 +02:00
de4dot
4c5fa3e809
Remove ILP detection
2012-06-27 15:19:09 +02:00
de4dot
4236514691
Merge branch 'ilp' into new_code
2012-06-27 15:15:55 +02:00
de4dot
a2baf1fdea
Merge branch 'master' into new_code
2012-06-27 15:15:03 +02:00
de4dot
4dce00b35a
Merge branch 'rummage' into new_code
...
Conflicts:
de4dot.cui/Program.cs
2012-06-27 15:14:40 +02:00
de4dot
199a0b4043
New version: 1.8.6
2012-06-27 10:46:12 +02:00
de4dot
12797ecb03
Support latest CO build
2012-06-27 10:45:45 +02:00
de4dot
cd0a193bdf
Support latest AN build
2012-06-27 10:27:16 +02:00
de4dot
d1259460e3
Update detection of decrypter constants. Fixes #59
2012-06-25 01:14:26 +02:00
de4dot
fa594c6213
Add better BL support
2012-06-12 11:15:19 +02:00
de4dot
4a29eae1c8
Add more inflate() overloads
2012-06-11 21:20:14 +02:00
de4dot
31118c11ba
Add the code from SharpZipLib that de4dot uses
2012-06-11 21:18:03 +02:00
de4dot
b964996388
Support Babel.NET 5.5
2012-06-06 21:16:32 +02:00
de4dot
a8bf74ca78
Support Rummage
2012-06-06 11:40:48 +02:00
de4dot
6d675fea54
Add XTEA decrypter
2012-06-06 11:39:48 +02:00
de4dot
3264bfc5cd
Support latest CO build
2012-06-04 09:51:07 +02:00
de4dot
5567c9a06a
Warn if strings resource couldn't be found
2012-06-04 06:34:32 +02:00
de4dot
3582b773ca
Support ILP
2012-06-04 05:02:46 +02:00
de4dot
27a91f5942
Change parameters type from [] to IList
2012-06-04 03:55:25 +02:00
de4dot
286462db4b
Move file
2012-06-03 19:08:46 +02:00
de4dot
e75386d0f9
Move method to Utils.cs
2012-06-03 16:44:08 +02:00
de4dot
b844dbc428
Detect ILP
2012-06-02 20:56:36 +02:00
de4dot
bff92e02e7
Remove unused method
2012-06-02 17:32:05 +02:00
de4dot
d2ec4e2969
New version: 1.8.5
2012-06-02 07:27:50 +02:00
de4dot
ec8139f640
Refactor code and support latest AN build
2012-06-02 07:26:21 +02:00
de4dot
a25f4f4640
Remove proxy methods type and make sure all proxy methods are inlined
2012-06-02 03:33:21 +02:00
de4dot
3c99e8d0d6
Update valid name regex
2012-06-01 12:53:03 +02:00
de4dot
6696c26496
Assembly resolver init method is sometimes only called from Main()
2012-06-01 12:40:16 +02:00
de4dot
d091564d85
Fix ToString(). Should separate generic args with commas
2012-06-01 12:05:01 +02:00
de4dot
cd2851baf4
Add an option to disable dumping embedded assemblies
2012-06-01 12:01:45 +02:00
de4dot
58b62ff914
Decrypt main assembly and embedded assemblies
2012-06-01 11:53:54 +02:00
de4dot
ddc270b963
Remove newlines from names when calling logger methods
2012-05-31 06:08:01 +02:00
de4dot
96f9f4154d
Decrypt CF encrypted strings
2012-05-29 20:20:11 +02:00
de4dot
9b591c68d3
Fix CF proxy calls
2012-05-29 19:14:41 +02:00
de4dot
512c650e11
Add another proxy call fixer class
2012-05-29 19:13:43 +02:00
de4dot
24d1c5182b
Update comment
2012-05-29 19:07:01 +02:00
de4dot
58adda95b6
getAllBlocks() now returns a List instead of an IList
2012-05-29 19:06:41 +02:00
de4dot
7b3dcf8e05
Refactor proxy call fixer classes
2012-05-29 11:13:39 +02:00
de4dot
1b569a0d24
Support MPRESS
2012-05-28 18:00:29 +02:00
de4dot
3e6a259e8f
Add 50 more points if methods decrypter is detected
2012-05-27 07:43:26 +02:00
de4dot
c441a60372
Print CW version number
2012-05-27 07:00:13 +02:00
de4dot
eebb090827
Support old CW 2.x
2012-05-27 02:31:53 +02:00
de4dot
06a30473da
Decrypt strings encrypted with older CW version
2012-05-26 20:20:11 +02:00
de4dot
adaf41c769
Decrypt embedded assemblies
2012-05-26 17:41:08 +02:00
de4dot
3a96ae391a
Move common resolver handler detector code to DeobUtils
2012-05-26 17:33:26 +02:00
de4dot
dbd7affaa8
Update valid name regex
2012-05-26 14:40:51 +02:00
de4dot
f1c8549066
Decrypt CW encrypted strings
2012-05-26 14:38:08 +02:00
de4dot
20452fe964
Decrypt CW encrypted methods
2012-05-26 05:26:00 +02:00
de4dot
b1f5fe92be
Clear invalid method bodies
2012-05-24 16:42:04 +02:00
de4dot
1a7c89a173
New version: 1.8.4
2012-05-19 09:02:26 +02:00
de4dot
c48b2d92c2
Support AN 6.0.0.5 (new build, same version)
2012-05-19 08:59:13 +02:00
de4dot
f6c5ed1c0c
New version: 1.8.3
2012-05-15 19:06:21 +02:00
de4dot
c3cdf95fcf
Support AN 6.0.0.5
2012-05-15 19:05:47 +02:00
de4dot
d1c09c3fae
New version: 1.8.2
2012-05-13 15:06:50 +02:00
de4dot
654ebf652e
Merge branch 'ds'
2012-05-12 21:40:01 +02:00
de4dot
bec6725aa7
Rename option
2012-05-12 21:39:49 +02:00
de4dot
40898cf238
Decrypt embedded assemblies (SL)
2012-05-11 19:38:31 +02:00
de4dot
ce3622f6e8
Use the correct variable
2012-05-11 18:18:19 +02:00
de4dot
94ee4064ed
Remove namespace prefix
2012-05-11 18:17:51 +02:00
de4dot
cd014f1d72
Update fields restorer
2012-05-10 20:20:29 +02:00
de4dot
1d2a78979f
Use generic prop creator if the type has a generic parameter
2012-05-10 19:00:12 +02:00
de4dot
f05a334c11
Make sure we don't rename a key to an already existing non-renamed key
2012-05-10 18:41:21 +02:00
de4dot
0b47ccf070
Remove cflow obfuscation arrays
2012-05-10 18:38:27 +02:00
de4dot
ae7e32ae5b
Remove decrypt method and other init method
2012-05-10 13:39:14 +02:00
de4dot
c5f8aaeb1a
Dump 4.1 embedded assemblies
2012-05-09 22:24:39 +02:00
de4dot
ee32b84283
Move code to DsUtils
2012-05-09 22:20:17 +02:00
de4dot
9b9e692947
Move version specific data to their own class
2012-05-09 19:10:20 +02:00
de4dot
dadc064b55
Decrypt V4.1 resources
2012-05-09 19:00:21 +02:00
de4dot
1aaa5df9ce
Support trial string encrypter
2012-05-09 17:30:35 +02:00
de4dot
3572bdfdcc
Set maxlen to 50. Fix incorrect method sig. Make sure there are no dupes.
2012-05-09 17:28:52 +02:00
de4dot
e5a64a4402
Remove more XC attributes
2012-05-06 13:07:34 +02:00
de4dot
44fea8f185
Fix problems found while testing
2012-05-03 17:24:59 +02:00
de4dot
b27e1b36af
Add option to disable cast deobfuscation
2012-05-03 16:51:36 +02:00
de4dot
ea205dcae8
Add option to disable renaming resource keys
2012-05-03 16:48:03 +02:00
de4dot
955c1f10bd
Rename resource keys
2012-05-03 16:47:34 +02:00
de4dot
76a10b1f34
Add Data property
2012-05-03 16:40:17 +02:00
de4dot
83725200c1
Add isValidResourceKeyName()
2012-05-03 14:53:01 +02:00
de4dot
2761216e39
Add a resource reader
2012-05-03 14:34:58 +02:00
de4dot
83dc4226c1
Make sure string decrypter methods aren't detected as inlined methods
2012-05-03 09:51:26 +02:00
de4dot
870dab5b90
Fix renaming events/properties
2012-05-03 09:05:05 +02:00
de4dot
fb9e217dac
Add a cast deobfuscator
2012-05-03 08:01:35 +02:00
de4dot
c61161be1d
Ignore method attributes
2012-05-02 18:43:57 +02:00
de4dot
597fcb0210
Cflow deob methods
2012-05-02 13:51:07 +02:00
de4dot
e8049c6a05
Inline some obfuscated methods
2012-05-02 10:48:44 +02:00
de4dot
db14e73369
Make sure index is correct, and add method to read arg constants
2012-05-02 10:47:21 +02:00
de4dot
b15b581c46
Deobfuscate string decrypter cctor
2012-04-30 21:47:23 +02:00
de4dot
2594317b18
Use other sb ctor
2012-04-30 12:49:43 +02:00
de4dot
1805e352c4
Disable using unknown args by default
2012-04-30 12:18:47 +02:00
de4dot
f307520e62
Decrypt DS 4.1 strings
2012-04-30 08:33:05 +02:00
de4dot
a1daee56f8
Support more types of args
2012-04-30 08:31:09 +02:00
de4dot
e29a8ea692
Update cflow deobfuscator
2012-04-30 01:29:05 +02:00
de4dot
6b18d70e77
Move common code to another class
2012-04-30 01:26:34 +02:00
de4dot
83b14da5c8
Refactor: create common cflow deob iface
2012-04-29 23:51:04 +02:00
de4dot
920f079855
Set initlocals and add an option to disable it
2012-04-29 06:16:53 +02:00
de4dot
eb17298625
Move the field
2012-04-29 04:35:58 +02:00
de4dot
48b9c461f5
Restore calls to CodeDomProvider and ICodeCompiler
2012-04-29 04:03:10 +02:00
de4dot
9333e2415c
Rename class
2012-04-29 00:56:17 +02:00
de4dot
e548436ede
Restore calls to Icon/Bitmap .ctor
2012-04-29 00:51:09 +02:00
de4dot
b92b23df4a
Rename class and make it more general
2012-04-29 00:11:28 +02:00
de4dot
f9c78f8a8b
Decrypt CS 1.x encrypted methods
2012-04-28 08:50:37 +02:00
de4dot
03e2e621ea
Update detection of resource resolver type
2012-04-26 20:50:06 +02:00
de4dot
9754b01ba9
Merge branch 'master' into cs
2012-04-26 19:33:28 +02:00
de4dot
7a0804e035
Remove module references to the CS RT files
2012-04-26 17:14:54 +02:00
de4dot
7e5e7ddcd2
Find old string decrypter method
2012-04-26 16:53:52 +02:00
de4dot
67c866491d
Show the correct obfuscator name
2012-04-26 16:33:55 +02:00
de4dot
6f830b8329
Remove all obfuscator attributes
2012-04-26 16:23:07 +02:00
de4dot
aa6e7c0fc2
Add addAttributesToBeRemoved()
2012-04-26 16:08:39 +02:00
de4dot
960f934c67
Update detection of CS type
2012-04-26 14:46:22 +02:00
de4dot
e10dce2d95
Check for 32-bit or 64-bit method
2012-04-26 02:31:31 +02:00
de4dot
5b97faf2dd
Detect CS type when strings are encrypted, but methods aren't
2012-04-26 01:56:59 +02:00
de4dot
ab60692c2f
Return the correct return value
2012-04-26 01:48:59 +02:00
de4dot
d84d2e6a6c
Update CS detector and support an old string decrypter
2012-04-26 01:42:10 +02:00
de4dot
bff017a317
Throw InvalidMethodBody if IOException
2012-04-25 18:06:27 +02:00
de4dot
903db59827
Restore CS 3.0 "encrypted" methods
2012-04-25 13:49:22 +02:00
de4dot
4e89d707dc
Move code to DeobUtils
2012-04-25 13:21:53 +02:00
de4dot
8a45abfd3d
Stop earlier
2012-04-25 11:09:30 +02:00
de4dot
adea5b3ef6
Support latest MC build
2012-04-24 23:02:36 +02:00
de4dot
3a9422f798
Remove useless displs
2012-04-24 22:30:17 +02:00
de4dot
2b4fc0a836
Merge branch 'master' into cs
2012-04-24 11:39:31 +02:00
de4dot
eebb831c4b
Update CSVM opcode handler detection code
2012-04-24 11:33:17 +02:00
de4dot
88d7607d10
Fix resolver
2012-04-24 11:25:39 +02:00
de4dot
586be53fef
Fix method names
2012-04-23 19:37:05 +02:00
de4dot
7a399e7913
Rename class and update comments
2012-04-23 15:02:15 +02:00
de4dot
ea7a533027
Make fields read only
2012-04-23 15:00:42 +02:00
de4dot
b28dd6277a
Fix method names
2012-04-23 14:47:05 +02:00
de4dot
0a0b491072
Copy foundSig field
2012-04-23 14:40:56 +02:00
de4dot
dba8d8ebef
Use a using statement to make sure the file is closed when we return
2012-04-23 14:25:12 +02:00
de4dot
4f34e5c374
Restore .NET data directory so it can be deobfuscated
2012-04-23 02:04:34 +02:00
de4dot
790dc9f445
codeOffs should not be file offset
2012-04-22 21:26:57 +02:00
de4dot
c9fa7caf91
Decrypt CS 5.0 encrypted methods
2012-04-22 21:19:57 +02:00
de4dot
d3f1a2fd8e
Decrypt CS 4.5 encrypted methods
2012-04-22 20:35:01 +02:00
de4dot
fbba6a2aa8
Decrypt methods (CS RT is embedded inside the assembly)
2012-04-22 16:18:41 +02:00
de4dot
c9f63a5866
Restore CS 4.0 "encrypted" methods
2012-04-22 15:36:26 +02:00
de4dot
59e2e51882
Throw if invalid method body
2012-04-22 14:13:48 +02:00
de4dot
1a79ffde92
Move code to a new class
2012-04-22 13:43:43 +02:00
de4dot
0d41f9e41e
Remove useless field
2012-04-21 23:10:06 +02:00
de4dot
46152761ee
Input could be null
2012-04-17 14:13:40 +02:00
de4dot
d637c1af9a
New version: 1.8.1
2012-04-15 23:42:57 +02:00
de4dot
941929cf7a
Support latest CO build
2012-04-15 23:42:11 +02:00
de4dot
9bde3dee5a
New version: 1.8.0
2012-04-15 07:52:36 +02:00
de4dot
0df7b918ea
Refactor
2012-04-13 05:03:52 +02:00
de4dot
a459bc107c
Make sure <Module>::.cctor() only calls <CliSecureRT>::Initialize()
2012-04-13 05:03:51 +02:00
de4dot
043730e599
Ignore invalid method indexes
2012-04-11 03:11:01 +02:00
de4dot
3a8e1499f2
Use dynamic decryption if static decryption fails
2012-04-11 03:09:59 +02:00
de4dot
588373f5ff
Add code to decrypt methods using the new dynamic methods decrypter
2012-04-10 21:28:22 +02:00
de4dot
1e33610ce8
Support latest MC build
2012-04-10 19:06:03 +02:00
de4dot
b97dacbc54
Merge branch 'cs'
2012-04-10 16:32:40 +02:00
de4dot
c756d543c1
Rename PE namespace
2012-04-10 16:32:15 +02:00
de4dot
c5d9cc47ba
Add code to decrypt methods dynamically.
...
This is not a generic methods decrypter that can decrypt any obfuscator's
encrypted methods. If it hooks compileMethod(), this code probably can
decrypt the methods. If not, a little rewriting should fix that.
2012-04-10 16:17:45 +02:00
de4dot
ffa61e6a89
Move PE code to a common assembly
2012-04-10 15:09:59 +02:00
de4dot
553337adb7
Support EF 3.3.149
2012-04-10 03:52:18 +02:00
de4dot
2d583316cf
Use the constant
2012-04-08 11:36:24 +02:00
de4dot
634e9ec023
Reverse return value
2012-04-07 06:47:19 +02:00
de4dot
11f992b0f2
Support some more instrs
2012-04-06 22:07:52 +02:00
de4dot
52d6f73f5e
Add a newline
2012-04-06 16:36:07 +02:00
de4dot
1f74aeb1cf
Rename variable
2012-04-06 16:25:25 +02:00
de4dot
33e2177059
Restore constrained. prefix
2012-04-06 16:08:35 +02:00
de4dot
1935e58dbf
Support ldloca and ldarga
2012-04-06 16:08:09 +02:00
de4dot
5511ab833b
Update ldelema type, and add unbox.any and ldobj
2012-04-06 15:38:44 +02:00
de4dot
2949862614
Print warning if we failed to restore an instr op
2012-04-06 12:33:39 +02:00
de4dot
c39e421010
Fix locals
2012-04-06 12:25:15 +02:00
de4dot
86190ede1f
Print devirtualized methods
2012-04-06 11:05:06 +02:00
de4dot
7ec17b6b23
Move class to its own file
2012-04-05 20:59:50 +02:00
de4dot
237732e98e
Refactor
2012-04-05 20:45:16 +02:00
de4dot
da0878d765
Restore types that are generic parameters
2012-04-05 19:38:05 +02:00
de4dot
a38fe57ec1
Add CSVM devirtualizer
2012-04-05 19:15:10 +02:00
de4dot
0adbb3e70a
Move code to a new class
2012-04-05 18:05:27 +02:00
de4dot
1ead27107b
Don't add to list if null
2012-04-05 17:06:27 +02:00
de4dot
9cfe8431f6
Add shared deobfuscator data/methods
2012-04-04 21:06:10 +02:00
de4dot
7c8259905b
Update CO code. Fixes #39
2012-03-31 13:53:33 +02:00
de4dot
ab3c970cf4
Remove useless using statement
2012-03-29 04:52:39 +02:00
de4dot
ec775b9ef5
Support another SK string encrypter
2012-03-27 15:33:57 +02:00
de4dot
065927f702
Use the property
2012-03-27 15:23:27 +02:00
de4dot
d1e499454e
Rename locals and fix problem with huge strings
2012-03-27 02:27:26 +02:00
de4dot
6e188aa7e0
Decrypt MC encrypted strings
2012-03-26 22:07:01 +02:00
de4dot
e76321aaad
Remove unused method
2012-03-26 20:12:07 +02:00
de4dot
716098d33a
Change locals to instance variables
2012-03-26 19:34:09 +02:00
de4dot
e62d4f910a
Update detection of MC type
2012-03-24 19:35:38 +01:00
de4dot
4e042166b9
Fix getSectionHeader()
2012-03-24 19:13:58 +01:00
de4dot
b323612508
New version: 1.7.4
2012-03-23 10:14:26 +01:00
de4dot
efd317489d
Support latest EF 3.3.143
2012-03-23 10:13:59 +01:00
de4dot
8ca040f0da
Use callsMethod()
2012-03-21 03:49:28 +01:00
de4dot
7f1bad748e
Add more asm search paths
2012-03-21 03:37:10 +01:00
de4dot
ad5a759cd9
Remove useless cases
2012-03-21 03:19:26 +01:00
de4dot
1e9b20e432
Support EF obfuscated CF assemblies
2012-03-18 22:59:34 +01:00
de4dot
e1292b2930
Add some more assembly search paths
2012-03-18 19:15:33 +01:00
de4dot
353673811b
Fix problem where some WinForm property names weren't restored
2012-03-18 12:55:21 +01:00
de4dot
4b81854ea5
Restore resource names ending in ".g.resources"
2012-03-17 22:12:51 +01:00
de4dot
6f01d48593
Change getCalledMethods() return type
2012-03-17 20:36:41 +01:00
de4dot
0b858c47ed
Support DS obfuscated SL assemblies
2012-03-17 15:02:48 +01:00
de4dot
37450a1515
Support old DS 3.0.3.41 - 3.0.4.44
2012-03-17 14:11:37 +01:00
de4dot
48c7d40fb6
Inline method
2012-03-17 11:19:03 +01:00
de4dot
a3b052d15c
Should be "continue"
2012-03-17 11:18:52 +01:00
de4dot
9ecc5a313f
Support EF obfuscated SL assemblies
2012-03-16 23:22:24 +01:00
de4dot
d9aec67fcb
Rename
2012-03-16 22:39:50 +01:00
de4dot
996a245ba3
New version: 1.7.3
2012-03-15 23:39:42 +01:00
de4dot
ce9add13cb
Support CO obfuscated SL/CF assemblies
2012-03-15 22:36:23 +01:00
de4dot
0537a2edce
Use getModuleTypeCctor()
2012-03-15 09:38:52 +01:00
de4dot
67cb85e7ce
Update detection of obfuscator types
2012-03-15 09:15:12 +01:00
de4dot
e4fe749559
Use hasInteger() method
2012-03-15 02:19:35 +01:00
de4dot
27f382a017
Support a (new?) version of CryptoObfuscator. Fixes #33
2012-03-14 22:28:20 +01:00
de4dot
a405edf0fd
Support latest DeepSea version (4.0.4.32)
2012-03-13 20:37:33 +01:00
de4dot
ada90b1294
Add another CO detection check
2012-03-13 20:27:41 +01:00
de4dot
e949d8c926
Add support for latest EF 3.3.136
2012-03-13 09:26:40 +01:00
de4dot
8c5c055066
New version: 1.7.2
2012-03-11 15:59:36 +01:00
de4dot
7e1bf542af
Support a new EF 3.3 version that was released 1-2 days ago
2012-03-11 15:59:25 +01:00
de4dot
f5ee6e3e5e
Move dll files to a bin sub dir
2012-03-10 20:47:42 +01:00
de4dot
7d4c791575
Update detection of SA v2 string decrypter
2012-03-10 05:32:50 +01:00
de4dot
fafa60c4c9
Update expressions
2012-03-10 05:31:07 +01:00
de4dot
8b220697e0
New version: 1.7.1
2012-03-08 19:51:02 +01:00
de4dot
4e997910e4
Update detection of string decrypter type
2012-03-08 19:21:54 +01:00
de4dot
a41ea0969f
Call initAllTypes() before resolveAllRefs() to make sure baseType is initialized
2012-03-08 19:03:43 +01:00
de4dot
51fe58c4cd
Merge branch 'new_code'
2012-03-08 18:03:25 +01:00
de4dot
38fb775a7e
Use hasReturnValue() method
2012-03-08 18:03:12 +01:00
de4dot
3cde99b2e7
Remove overrides field
2012-03-08 17:57:35 +01:00
de4dot
4a7b4f4111
Update name regex
2012-03-08 16:15:19 +01:00
de4dot
674201e98c
Rename
2012-03-08 13:23:01 +01:00
de4dot
072bb4b5ce
Update code since cecil removed global asm resolver
2012-03-08 11:09:51 +01:00
de4dot
b4525ed58d
Support EF 3.3
2012-03-06 10:43:06 +01:00
de4dot
5c943d759d
Check base types for property/field
2012-03-03 18:23:53 +01:00
de4dot
77f1f2de67
Rename custom attribute fields and properties
2012-03-03 06:13:35 +01:00
de4dot
c3c92ebfaa
New version: 1.7.0
2012-03-01 22:14:23 +01:00
de4dot
48d6a3b6fc
Merge branch 'mc'
2012-03-01 22:10:36 +01:00
de4dot
86987518d6
Method should not be public
2012-02-29 11:41:07 +01:00
de4dot
9bf30e165c
Rename classes
2012-02-29 11:41:06 +01:00
de4dot
9791e63e51
Engrish
2012-02-29 11:41:05 +01:00
de4dot
8740ba8419
Rename variable
2012-02-29 11:41:04 +01:00
de4dot
167368f488
Attributes are worth less
2012-02-29 00:13:57 +01:00
de4dot
b27635f493
Remove sealed flag from interfaces
2012-02-28 23:57:48 +01:00
de4dot
ec30ec7b07
Add CF 2.0/3.5, SL 2.0 ref asm search paths
2012-02-28 22:36:35 +01:00
de4dot
e6d0c4a043
Move version detection to a new class
2012-02-28 22:30:22 +01:00
de4dot
77228ecfca
Update name regex
2012-02-28 22:24:08 +01:00
de4dot
68b4315e95
Update detection of the type and remove another type
2012-02-28 20:49:03 +01:00
de4dot
269b695245
Update detection of that type
2012-02-28 20:44:05 +01:00
de4dot
c970e1f6ca
Support v3.0 - 3.1
2012-02-28 19:42:19 +01:00
de4dot
acb53f535b
Throw if init fails
2012-02-28 18:18:13 +01:00
de4dot
f37e5a12d0
Restore calls to Assembly::GetManifestResourceXXX methods
2012-02-28 18:17:33 +01:00
de4dot
d740a3f5f6
Move GetManifestResourceStream code to a new class
2012-02-28 18:14:41 +01:00
de4dot
e72fb7220a
Decrypt embedded assemblies and resources
2012-02-27 23:43:45 +01:00
de4dot
9bab65640c
Refactor
2012-02-27 12:55:37 +01:00
de4dot
3c480f4c6c
Add another warning message
2012-02-27 01:51:44 +01:00
de4dot
cee04d3bba
master was updated
2012-02-26 22:57:55 +01:00
de4dot
cf76c14b4b
Merge branch 'master' into mc
2012-02-26 22:55:06 +01:00
de4dot
efec6625ef
Update detection of EF 3.0 and 3.1
2012-02-26 22:54:28 +01:00
de4dot
2bff1242c1
Add static EF string decrypter
2012-02-26 22:48:43 +01:00
de4dot
da1d649ef4
Make sure no generic methods are inlined
2012-02-25 06:33:38 +01:00
de4dot
10ceb12e30
Change return type to IEnumerable<int>
2012-02-25 06:25:40 +01:00
de4dot
48758be8f0
Use a new class instead of the dict
2012-02-25 06:14:19 +01:00
de4dot
d09938ca47
Remove classes with null base type
2012-02-25 05:28:32 +01:00
de4dot
330be994a1
Restore indentation
2012-02-25 05:22:30 +01:00
de4dot
5288b4b3d2
Make sure enum instance field has proper flags set (make peverify happy)
2012-02-25 05:15:42 +01:00
de4dot
b000112abc
Merge branch 'master' into mc
2012-02-23 17:16:00 +01:00
de4dot
fb832ca3de
New version: 1.6.1
2012-02-23 16:25:47 +01:00
de4dot
4ec4bb1d65
MC actually does rename symbols so add an updated regex
2012-02-23 11:52:19 +01:00
de4dot
6e8b32df21
Reverse sort comments
2012-02-23 10:59:02 +01:00
de4dot
7c4f014da3
Support old MC 3.2
2012-02-22 12:38:02 +01:00
de4dot
59ee55105d
Support some older MC version
2012-02-22 12:14:15 +01:00
de4dot
435d3303c3
Merge branch 'master' into mc
2012-02-21 17:33:45 +01:00
de4dot
538e4f738d
Fix issue #24 . Don't remove decrypter type if there was an error
2012-02-21 17:14:02 +01:00
de4dot
e5145fcca9
Remove MC type and module refs
2012-02-21 12:01:39 +01:00
de4dot
7bc3930df9
Decrypt resources
2012-02-21 11:51:19 +01:00
de4dot
58a94a8420
Decrypt methods protected with older MC version
2012-02-21 09:26:05 +01:00
de4dot
eb223537f0
Decrypt methods (decryption #1-4, not #5-7)
2012-02-20 17:20:29 +01:00
de4dot
b422e08fb1
Add lookup() method for ModuleReferences
2012-02-20 17:18:22 +01:00
de4dot
0c3aca32b9
Update code to handle MethodDefPtr table
2012-02-20 17:17:55 +01:00
de4dot
6d2435377f
Merge branch 'master' into mc
2012-02-20 05:59:08 +01:00
de4dot
b093e4c918
Copy license text files to output directory
2012-02-20 05:58:58 +01:00
de4dot
8536e211dd
Detect MC
2012-02-20 04:58:46 +01:00
de4dot
fc497b1688
Add MaxtoCode files
2012-02-20 03:48:59 +01:00
de4dot
d7afc66c6d
Don't remove string decrypter type if there's still code calling it
2012-02-19 00:50:08 +01:00
de4dot
e18ff9aea1
Don't remove string decrypter types if there was an error decrypting strings
2012-02-18 08:08:00 +01:00
de4dot
2c969446b0
Add InlinedAllCalls property
2012-02-18 07:56:53 +01:00
de4dot
8b059bcea7
These messages should be warnings
2012-02-18 07:52:58 +01:00
de4dot
9e16d9cd40
Rename method
2012-02-13 11:28:08 +01:00
de4dot
5579323b3e
Print warning if I/O exception
2012-02-13 11:16:38 +01:00
de4dot
981472cd91
Methods should be static and have a body
2012-02-13 11:11:08 +01:00
de4dot
a35c765f15
Rename method
2012-02-13 10:20:11 +01:00
de4dot
f7abb70475
New version: 1.6.0
2012-02-12 18:07:53 +01:00
de4dot
179ea6d6fd
Only string decrypter method is worth 100 points
2012-02-12 16:56:26 +01:00
de4dot
3e3be639e5
Move reading variable length int32 code to DeobUtils
2012-02-12 16:54:48 +01:00
de4dot
67efd5e7e7
Rename namespace to Eazfuscator_NET
2012-02-12 16:46:39 +01:00
de4dot
c2d13d9059
Remove all invalid methods
2012-02-12 16:29:29 +01:00
de4dot
4691c805d8
Ignore invalid methods
2012-02-12 16:25:12 +01:00
de4dot
46f23ce89d
Add InvalidMethodsFinder
2012-02-12 16:24:59 +01:00
de4dot
c15773b709
Merge branch 'cv' into next_version
...
Conflicts:
blocks/DotNetUtils.cs
2012-02-12 14:47:24 +01:00
de4dot
c73fcfc1d0
Remove CV type if it is empty
2012-02-12 14:38:42 +01:00
de4dot
5ce1f74263
Position has already been set to 0
2012-02-12 14:29:11 +01:00
de4dot
037cb5bc68
Decrypt the remaining (EREX) resources
2012-02-12 14:28:53 +01:00
de4dot
9a6bd53cb9
Remove obfuscator obfuscator bundle types
2012-02-12 13:38:23 +01:00
de4dot
ded45dcb7a
Remove proxy method types and main type
2012-02-12 13:00:38 +01:00
de4dot
ff55be46b6
Rename getField() to getFieldByName() and add a real getField() method
2012-02-12 12:53:36 +01:00
de4dot
8999eb8e0f
Remove CV main type methods if < v5.0
2012-02-12 12:08:46 +01:00
de4dot
42f66c3948
Fix detection; 3.2 doesn't have those extra fields
2012-02-12 12:03:55 +01:00
de4dot
d6327b401e
Remove all anti-reflection types
2012-02-12 11:39:00 +01:00
de4dot
80d338637e
Add method to remove classes with no base type
2012-02-12 11:35:18 +01:00
de4dot
18cd71ecdc
Update detection (v5.0)
2012-02-11 23:39:37 +01:00
de4dot
070acc59f1
Bail out earlier if not encrypted
2012-02-11 23:23:51 +01:00
de4dot
91f7d2cb51
Find and remove resource decrypter types
2012-02-11 23:23:25 +01:00
de4dot
c18bed7d69
Add namespace
2012-02-11 23:11:54 +01:00
de4dot
bffbe419d5
Add hasInteger() method
2012-02-11 23:11:41 +01:00
de4dot
d44db9871e
Add log message that we have decrypted a resource
2012-02-11 21:51:48 +01:00
de4dot
57b947a3da
Add InvalidDataException
2012-02-11 21:49:22 +01:00
de4dot
8b2ef5d6bb
Update if expression
2012-02-11 21:43:26 +01:00
de4dot
cd7d3724c3
Move fields from binder to exception
2012-02-11 21:30:54 +01:00
de4dot
9050af8a03
Refactor method
2012-02-11 19:34:07 +01:00
de4dot
ccd7d2ac79
Decrypt .resources files
2012-02-11 16:46:39 +01:00
de4dot
e5a72396c2
Remove length parameter from xxxteaDecrypt()
2012-02-11 16:46:02 +01:00
de4dot
76d9e87c3c
Add code to write .resources files
2012-02-11 16:43:53 +01:00
de4dot
ae97752d9c
Set data field to a 1-byte array
2012-02-09 10:14:59 +01:00
de4dot
ba399609c7
Initialize otherInitMethods in 2nd ctor
2012-02-09 10:14:29 +01:00
de4dot
45bf016a2e
Rename method
2012-02-09 10:14:08 +01:00
de4dot
15713a2b38
Check assembly for null (it could be a netmodule)
2012-02-08 22:01:10 +01:00
de4dot
d5089fa888
Remove kill type in deobfuscateBegin()
2012-02-08 19:54:05 +01:00
de4dot
b5c8a89b32
Remove init method calls called from .ctors
2012-02-08 19:40:17 +01:00
de4dot
a8d6aac306
Update detection of tamper detection types when proxy calls are enabled
2012-02-08 19:36:58 +01:00
de4dot
04247b5533
Remove most calls to main CV type
2012-02-08 19:21:00 +01:00
de4dot
c757139357
Remove string decrypter type
2012-02-08 18:58:06 +01:00
de4dot
98c8ea49e9
Remove tamper detection code
2012-02-08 18:40:24 +01:00
de4dot
1583552825
Make sure rvas list is never null
2012-02-08 16:14:07 +01:00
de4dot
780da4a0ad
Update detection of encrypted methods data
2012-02-08 15:52:39 +01:00
de4dot
fa6b0d4054
Move detection of CV main type to its own class
2012-02-08 15:40:11 +01:00
de4dot
bb89ce2983
Remove method since base class now has the same method
2012-02-08 15:19:45 +01:00
de4dot
1e3daf3b45
Dump embedded assemblies
2012-02-08 12:33:02 +01:00
de4dot
09e840923d
Search for sig starting from _stub RVA
2012-02-08 09:29:49 +01:00
de4dot
a8d4b38c79
Mover version info to a new ObfuscatorVersion enum
2012-02-08 08:55:45 +01:00
de4dot
0e89c0fc35
Only check Version property if methods decrypter was found
2012-02-08 08:50:36 +01:00
de4dot
776fd7f69f
Speed up finding V5 methods decrypter type
2012-02-07 15:17:41 +01:00
de4dot
1076218a81
Detect CV version
2012-02-07 15:05:27 +01:00
de4dot
6ab0748bdd
Decrypt V5 encrypted methods
2012-02-07 14:55:20 +01:00
de4dot
f11c51830f
Make sure info is copied
2012-02-07 14:53:58 +01:00
de4dot
97d09c4c65
Make method accessible by sub classes
2012-02-07 14:53:34 +01:00
de4dot
3276f433c9
Add code to detect V5 methods decrypter
2012-02-07 05:08:02 +01:00
de4dot
0aeee176cc
Merge v3-v4 and v5 code
2012-02-07 04:45:59 +01:00
de4dot
f1a1188409
Add a new ctor to copy values from old instance
2012-02-07 04:45:04 +01:00
de4dot
8f9cc6d290
Re-use v3-v4 string decrypter
2012-02-07 03:03:49 +01:00
de4dot
d512889833
Fix 'shadow calls' obfuscation
2012-02-07 02:07:31 +01:00
de4dot
c2313110b8
Add getDelegateTypes() and fix findProxyCall()
2012-02-07 02:02:49 +01:00
de4dot
ad8a5078fe
Rename method
2012-02-07 00:42:32 +01:00
de4dot
2ccb35afb0
Add CV5 files
2012-02-06 15:55:35 +01:00
de4dot
26bf21a84e
Show obfuscator version
2012-02-06 15:55:14 +01:00
de4dot
b39725f12f
Remove useless 'using'
2012-02-06 15:52:19 +01:00
de4dot
0d6542e383
Move v3-v4 code to a sub dir
2012-02-06 15:49:27 +01:00
de4dot
da3a28f0a8
Move (and rename) XXTEA decrypt func to DeobUtils
2012-02-06 08:22:55 +01:00
de4dot
b867301797
Update valid name regex
2012-02-06 08:20:04 +01:00
de4dot
b3750f9d4c
Initialize its token field
2012-02-05 23:04:24 +01:00
de4dot
542c6bb213
Support 3.2 methods decrypter
2012-02-05 22:49:10 +01:00
de4dot
d5c3a6964b
Support 4.0 methods decrypter
2012-02-05 21:27:36 +01:00
de4dot
1903cf8607
KILL type is only worth 10 points
2012-02-05 19:01:49 +01:00
de4dot
9e4b29034f
Finish getStringDecrypterMethods() method
2012-02-05 18:59:29 +01:00
de4dot
191fbb84b0
Use new getInitializedUInt32Array() method
2012-02-05 18:56:05 +01:00
de4dot
c8c4e3341c
Add getInitializedUInt32Array() method
2012-02-05 18:55:48 +01:00
de4dot
d6ff8b515d
Add string decrypter
2012-02-05 18:47:31 +01:00
de4dot
029c049bf6
Move readVariableLengthInteger() to DeobUtils
2012-02-05 18:46:14 +01:00
de4dot
0b43c77fdb
Add missing call to removeNewlines()
2012-02-05 18:45:41 +01:00
de4dot
29c5cfc9c8
Don't stop if 2nd instr is also a store
2012-02-05 18:45:04 +01:00
de4dot
23c72927b5
Add CV and methods decrypter
2012-02-05 16:17:47 +01:00
de4dot
82cc64bd77
Add Sections property
2012-02-05 16:14:46 +01:00
de4dot
84f322dbcf
Rename method. Ignore generic methods.
2012-02-03 16:21:59 +01:00
de4dot
3caad72275
Print new resource name
2012-02-03 14:35:42 +01:00
de4dot
ed9addb385
Make sure only valid methods are restored
2012-02-03 14:24:39 +01:00
de4dot
0cc88ba39f
Restore resource names
2012-02-03 13:22:37 +01:00
de4dot
ebfb88b6f1
Don't try to inline methods without a body or no instrs
2012-02-03 11:10:48 +01:00
de4dot
bc6630f760
Detect other SN attribute
2012-02-03 10:45:31 +01:00
de4dot
022bbe15af
Update name regex
2012-02-03 10:44:58 +01:00
de4dot
3a49d2a603
Remove encrypted strings field type
2012-02-03 10:13:41 +01:00
de4dot
33010b65a7
Add option to remove namespaces with only one type in it
2012-02-03 10:07:44 +01:00
de4dot
1008e91524
Don't restore method bodies from outside types
2012-02-03 10:05:31 +01:00
de4dot
95b835895b
Inline the remaining methods
2012-02-03 09:44:35 +01:00
de4dot
c09bbf0d01
Restore bodies and update calls to real instance method
2012-02-03 09:21:15 +01:00
de4dot
e67ecfdff4
Remove the methods types
2012-02-03 06:33:54 +01:00
de4dot
9a87a2658f
Restore method bodies
2012-02-03 04:26:55 +01:00
de4dot
814ca402bf
Detect classes created by the obfuscator
2012-02-03 03:03:19 +01:00
de4dot
3ce28aebb0
Inline methods
2012-02-02 10:55:30 +01:00
de4dot
b3f17a27a3
Add SN string decrypter
2012-02-02 06:56:14 +01:00
de4dot
36b4806858
Remove useless code and add getArrays() method
2012-02-02 06:54:10 +01:00
de4dot
f3525d8980
New version: 1.5.1
2012-02-01 08:09:40 +01:00
de4dot
ce7dc67848
Fix Issue #19
2012-01-30 09:12:26 +01:00
de4dot
a7fa23e2d8
New version: 1.5.0
2012-01-29 18:58:26 +01:00
de4dot
a69b17e06d
Support embedded assemblies (Silverlight)
2012-01-29 18:30:07 +01:00
de4dot
26a3e14d2c
Update fields restorer since 2+ types can share same struct
2012-01-29 05:06:21 +01:00
de4dot
55dcb0881d
Update code since master was updated
2012-01-28 18:40:35 +01:00
de4dot
0f9184e9be
Merge branch 'master' into newcode
2012-01-28 18:38:09 +01:00
de4dot
1141a451ac
Update resource renamer code.
...
- Faster code
- Renames resource even if it doesn't end in '.resources'
2012-01-28 18:37:02 +01:00
de4dot
915018c2fc
Use a better method dictionary
2012-01-28 02:54:12 +01:00
de4dot
f75075ab15
Add XNA assembly search paths
2012-01-28 00:32:27 +01:00
de4dot
257456fd8b
Speed up renaming by storing less names in the typeNames dict.
...
merge() was pretty slow but is much faster now.
2012-01-28 00:17:00 +01:00
de4dot
9e1412a6ae
Use TryGetValue to speed it up a little
2012-01-27 05:54:30 +01:00
de4dot
50e7d28ddf
Speed up method param renaming code
2012-01-27 05:39:25 +01:00
de4dot
887ee7c9e8
Fix method signature
2012-01-27 01:02:17 +01:00
de4dot
247cb2be20
Compare ElementType instead of calling verifyType for speed
2012-01-26 22:40:19 +01:00
de4dot
66969a4e92
Remove old code
2012-01-25 06:28:25 +01:00
de4dot
71d18ce688
Remove useless cast
2012-01-25 06:22:47 +01:00
de4dot
cb791a43ae
Compare by reference since both are field defs
2012-01-25 06:15:33 +01:00
de4dot
c3b9b840e4
Code should return true
2012-01-25 05:47:34 +01:00
de4dot
2684ccab93
Create a unique metadata token since renamer depends on it
2012-01-24 17:51:22 +01:00
de4dot
26b2de90af
Fix format string: missing {1}
2012-01-24 17:11:45 +01:00
de4dot
e9d7f3dbfb
Restore fields
2012-01-24 17:10:11 +01:00
de4dot
e00ca9a7d2
Merge branch 'master' into newcode
2012-01-24 15:15:07 +01:00
de4dot
fb1a45c5a4
Create a new unique GUID that depends on the module
2012-01-24 15:14:57 +01:00
de4dot
94f3fc9369
Lower num required found proxies
2012-01-24 14:54:23 +01:00
de4dot
8fbcdeb060
Make sure it gets an RVA, and change field type to byte
2012-01-24 09:06:54 +01:00
de4dot
5c98e81e78
Ignore base64 decode exception
2012-01-24 07:39:07 +01:00
de4dot
ab0fa2631e
Resource must be returned...
2012-01-24 05:25:02 +01:00
de4dot
95462d8dda
Dump V4 embedded assemblies
2012-01-24 05:08:24 +01:00
de4dot
a80482751d
Add extra check to make sure we detect the correct method
2012-01-24 04:44:23 +01:00
de4dot
ed00c5f2c5
Make sure it is static
2012-01-24 04:24:44 +01:00
de4dot
6ceea06f5b
Decrypt V4 resources
2012-01-24 03:22:59 +01:00
de4dot
2c8e685910
Ignore prefixes
2012-01-24 02:31:57 +01:00
de4dot
88c8dcbb7a
Detect V3.5
2012-01-24 01:01:30 +01:00
de4dot
d59fa86515
Print DS version
2012-01-24 00:41:09 +01:00
de4dot
da0cf08b33
Merge branch 'master' into newcode
2012-01-23 23:19:59 +01:00
de4dot
613a97906a
Make sure method hasn't been removed
2012-01-23 23:16:01 +01:00
de4dot
f9ed9e403f
Support V4 string decryptor
2012-01-23 23:13:04 +01:00
de4dot
4cfa0cf1f3
Update detection of methods to inline
2012-01-23 23:11:39 +01:00
de4dot
40a6a79d86
Merge branch 'master' into newcode
2012-01-23 15:27:29 +01:00
de4dot
568d2dd4a7
Add more assembly search paths
2012-01-23 15:27:23 +01:00
de4dot
92dfef7e93
Merge branch 'master' into newcode
2012-01-23 09:57:00 +01:00
de4dot
cf1ed9fb64
Use a MethodDefKey
...
Fixes problem when a class implements an interface that its base class
also implements, but those interfaces are in two different assemblies
(different version, eg. mscorlib 2.0 and mscorlib 4.0).
2012-01-23 09:14:50 +01:00
de4dot
8e92ddf790
Merge branch 'master' into newcode
2012-01-22 23:47:47 +01:00
de4dot
52e7b2926f
Use non-renamable prop/event since it should be valid
2012-01-22 23:47:35 +01:00
de4dot
981975b750
Make sure we don't dump resource resolver's resource
2012-01-22 23:46:32 +01:00
de4dot
0ac8c944e5
Add call to stringDecryptersAdded()
2012-01-22 20:02:05 +01:00
de4dot
991a5281ab
Add DS obfuscator support
2012-01-22 19:58:31 +01:00
de4dot
080a11c437
Merge branch 'master' into newcode
2012-01-22 19:53:27 +01:00
de4dot
5876526151
Add getInitializedInt16Array() and stop earlier
2012-01-22 19:33:36 +01:00
de4dot
8c645504fe
Add method to find resource from strings in code
2012-01-22 13:00:17 +01:00
de4dot
bf1843ade4
Add an inflate() overload
2012-01-22 12:59:51 +01:00
de4dot
7962de961c
Add getModuleTypeCctor() method
2012-01-22 11:15:14 +01:00
de4dot
fde26c0bd2
Split method
2012-01-21 22:16:07 +01:00
de4dot
ba04092060
Call stringDecryptersAdded() after adding string decrypters
2012-01-21 22:15:53 +01:00
de4dot
1371392b4a
master was updated
2012-01-21 20:33:34 +01:00
de4dot
5a4d41cf45
Merge branch 'master' into newcode
2012-01-21 20:32:33 +01:00
de4dot
2dadd773ec
Use ParameterDefinition.Sequence
2012-01-21 20:31:47 +01:00
de4dot
2e605b5117
Merge branch 'master' into newcode
2012-01-21 14:19:52 +01:00
de4dot
f3f8975f01
If instance explicit, 'this' is 1st param
2012-01-20 19:30:40 +01:00
de4dot
77f4d9ee0c
Derive from ValueInlinerBase
2012-01-19 19:23:34 +01:00
de4dot
8c90c7b494
master was updated
2012-01-19 19:19:08 +01:00
de4dot
68b78b0081
Merge branch 'master' into newcode
2012-01-19 19:17:55 +01:00
de4dot
7f5401625e
Rename classes
2012-01-19 19:16:44 +01:00
de4dot
45ff4af573
Remove detection of Babel in Unknown obfuscator
2012-01-19 05:42:00 +01:00
de4dot
dc042d2f9a
Decrypt V2 encrypted strings
2012-01-19 05:38:58 +01:00
de4dot
ce76cc7810
Merge branch 'master' into newcode
2012-01-18 08:27:38 +01:00
de4dot
04903f0f9b
Don't append a 0 to props when we've found the real name
2012-01-18 08:14:06 +01:00
de4dot
ff6a8d4b6f
Dump embedded assemblies before decrypting methods
2012-01-18 07:53:06 +01:00
de4dot
49c06dec64
Dump embedded assemblies
2012-01-18 07:43:03 +01:00
de4dot
6ec1222657
Move common code to BabelUtils
2012-01-18 07:38:35 +01:00
de4dot
ed31063b1b
Merge branch 'master' into newcode
2012-01-18 06:15:31 +01:00
de4dot
2ad9a9a087
New version: 1.4.4
2012-01-17 05:46:06 +01:00
de4dot
a92bbbe9c3
Warn if method isn't found since some obfuscators are buggy.
2012-01-17 05:44:22 +01:00
de4dot
788488dffa
New version: 1.4.3
2012-01-17 03:01:48 +01:00
de4dot
5cb5f41d4a
Support latset version of SA
2012-01-17 02:54:48 +01:00
de4dot
7c3e6f122a
Merge branch 'master' into newcode
2012-01-14 12:40:54 +01:00
de4dot
3d48bceda3
New version: 1.4.2
2012-01-14 12:40:41 +01:00
de4dot
6c20e18b4d
master was updated so fix code here
2012-01-14 12:37:20 +01:00
de4dot
48361ae809
Merge branch 'master' into newcode
2012-01-14 12:35:11 +01:00
de4dot
5f6841e317
Add HasHandlers property to base class
2012-01-14 12:34:42 +01:00
de4dot
f19be8019e
Don't remove any types/methods/etc if it's an unknown obfuscator
2012-01-14 12:27:03 +01:00
de4dot
5e3b4a1414
Add some checks
2012-01-14 12:19:17 +01:00
de4dot
f0ff8df76a
Use the method in InitializedDataCreator
2012-01-14 12:16:05 +01:00
de4dot
06e8b9f654
Use the new Int32ValueInliner class
2012-01-14 12:04:59 +01:00
de4dot
b71e8fdfdc
Remove newlines from names when calling the logger
2012-01-14 11:59:01 +01:00
de4dot
c069d8005c
Use methods in DotNetUtils
2012-01-14 11:53:38 +01:00
de4dot
ed918c6993
Call Dispose() after decrypting methods
2012-01-14 11:46:00 +01:00
de4dot
75c8747a0f
Merge branch 'master' into newcode
2012-01-14 11:41:20 +01:00
de4dot
7b93497bc6
Update detection code
2012-01-14 11:39:49 +01:00
de4dot
6b4a462757
Support v3.0
2012-01-14 10:37:15 +01:00
de4dot
e53f4d043d
Proxy calls can be proxied
2012-01-13 21:30:49 +01:00
de4dot
948cdb47e3
Fix what was updated in master
2012-01-13 21:30:29 +01:00
de4dot
c583891151
Merge branch 'master' into newcode
2012-01-13 21:26:48 +01:00
de4dot
b214eaa3c9
Add option to keep deobfuscating deobfuscated calls
2012-01-13 21:26:31 +01:00
de4dot
c28b575f7a
Add MethodCallInliner prop to cflow deob class
2012-01-11 06:44:44 +01:00
de4dot
17327902c3
Refactor method call inliner code
2012-01-11 04:38:02 +01:00
de4dot
dfb2332116
Print the version number
2012-01-11 02:35:02 +01:00
de4dot
f18ed0d6fe
Merge branch 'master' into newcode
2012-01-10 19:59:27 +01:00
de4dot
b30ccda1f9
Add method to remove the assembly info
2012-01-10 02:36:39 +01:00
de4dot
9800f91d12
Update copyright years
2012-01-09 23:04:52 +01:00
de4dot
0dbe743563
Merge branch 'master' into newcode
2012-01-09 23:02:58 +01:00
de4dot
0d0a40376d
Update copyright years
2012-01-09 23:02:47 +01:00
de4dot
0612320ffd
Add better detection of our base dir
2012-01-09 22:59:26 +01:00
de4dot
294ae6bc5e
Show message if more than one obfuscator is detected
2012-01-09 22:47:29 +01:00
de4dot
edd855ad19
Merge branch 'master' into newcode
2012-01-09 07:55:09 +01:00
de4dot
665a170b9b
Make sure HasFieldRVA flag is set
2012-01-09 07:55:01 +01:00
de4dot
a717f5895a
Merge branch 'master' into newcode
2012-01-09 06:14:09 +01:00
de4dot
6a8a036687
Add another check to detect COM type
2012-01-09 06:13:55 +01:00
de4dot
c9e5b8e91e
Update code to handle v3.5 obfuscated assemblies
2012-01-09 05:50:32 +01:00
de4dot
1805022073
Merge branch 'master' into newcode
2012-01-09 05:30:49 +01:00
de4dot
fd12b92e4b
Update detection due to new cflow deob code
2012-01-09 03:19:13 +01:00
de4dot
496941258a
Support v4.2
2012-01-08 21:48:37 +01:00
de4dot
b02cb11a61
Merge branch 'master' into newcode
2012-01-08 19:09:18 +01:00
de4dot
2f1ec392b9
Update detection of offset field
2012-01-08 19:08:23 +01:00
de4dot
0398666c93
Update detection of <Module> type
2012-01-08 18:46:23 +01:00
de4dot
28f8bdcc89
Some fixes
2012-01-08 18:38:37 +01:00
de4dot
cb21940841
Merge branch 'master' into newcode
2012-01-08 01:31:51 +01:00
de4dot
d295fa24a2
Ignore refs and defs from other modules
2012-01-08 01:30:57 +01:00
de4dot
f9592f5fdc
Method was renamed in master
2012-01-07 20:31:06 +01:00
de4dot
134869db6d
Merge branch 'skater' into newcode
...
Conflicts:
de4dot.cui/Program.cs
2012-01-07 20:29:07 +01:00
de4dot
b647a9387b
Merge branch 'goliath' into newcode
2012-01-07 20:28:10 +01:00
de4dot
44e58066b3
Add support for another obfuscator
2012-01-07 20:27:07 +01:00
de4dot
03a27110e7
Rename method to toInt32()
2012-01-07 19:14:15 +01:00
de4dot
951906d7e5
Move file
2012-01-07 00:05:43 +01:00
de4dot
a54cfbf996
Update detection of string decrypter type
2012-01-07 00:04:31 +01:00
de4dot
30798c6b08
Ignore result if it isn't a string
2012-01-05 17:24:31 +01:00
de4dot
d6f3ff64b9
Remove "castclass System.String" if present
2012-01-05 17:16:38 +01:00
de4dot
8d57bf741e
Make sure correct integer value arg is boxed for string decrypter
2012-01-05 16:23:53 +01:00
de4dot
115641fc6b
Pass caller token to string decrypter
2012-01-05 16:22:26 +01:00
de4dot
93d801997e
Make sure the new property names are unique
2012-01-04 09:42:01 +01:00
de4dot
20222561b3
Add System.Object as base type if needed
2012-01-03 20:14:28 +01:00
de4dot
9a7d28472d
Remove new lines when printing method/type names
2012-01-03 19:52:40 +01:00
de4dot
6963e89581
Update detection of delegate fields and remove useless method
2012-01-03 19:22:45 +01:00
de4dot
d3c801efb6
Add code to initialize arrays
2012-01-03 15:25:25 +01:00
de4dot
6e80b5bb94
Move bool inliner and create some more useful value inliners
2012-01-03 10:38:09 +01:00
de4dot
e79ee9832d
Add desDecrypt(). Move deflate() to DeobUtils.
2012-01-02 22:35:02 +01:00
de4dot
ba43220da2
Update code for GO 5.6.0
2012-01-02 07:02:43 +01:00
de4dot
b23c35e049
Update detection code
2012-01-01 18:50:46 +01:00
de4dot
417fe04bba
Don't need to detect GO here anymore
2012-01-01 18:15:32 +01:00
de4dot
7d39c543cc
Refactor code
2012-01-01 13:02:16 +01:00
de4dot
90ebd92333
Method was renamed in master
2012-01-01 12:11:09 +01:00
de4dot
463d97dd81
Merge branch 'master' into goliath
2012-01-01 12:10:03 +01:00
de4dot
07768cefd1
Merge branch 'master' into skater
2012-01-01 12:09:35 +01:00
de4dot
ac30b8c213
Rename method to getValues()
2012-01-01 12:09:16 +01:00
de4dot
970ef14266
Restore method arg names
2012-01-01 12:07:16 +01:00
de4dot
66b3061444
Remove useless method and only rename if not renamed
2012-01-01 12:06:40 +01:00
de4dot
1f7f9958ab
Update code
2012-01-01 12:06:01 +01:00
de4dot
1b98808558
Merge branch 'master' into goliath
2011-12-31 16:35:01 +01:00
de4dot
b3a29a7be1
Merge branch 'master' into skater
2011-12-31 16:34:01 +01:00
de4dot
e744e24a51
Use methods dict
2011-12-31 16:32:57 +01:00
de4dot
99350b456d
Use the methods dict
2011-12-31 16:15:38 +01:00
de4dot
cd359243a2
Remove unused method
2011-12-31 16:00:11 +01:00
de4dot
6b629f20c7
Use aesDecrypt() method
2011-12-31 15:12:41 +01:00
de4dot
f2115b77bb
Merge branch 'master' into goliath
2011-12-31 15:07:35 +01:00
de4dot
8df6561061
Add Skater .NET support
2011-12-31 13:14:02 +01:00
de4dot
eb63c27fc9
Add des3Decrypt() method
2011-12-31 12:58:32 +01:00
de4dot
d344c05404
Merge branch 'master' into goliath
2011-12-29 14:18:21 +01:00
de4dot
288aa20c5c
Update namespace renaming code
...
Two different namespaces with the same names in different modules will now
be renamed to two different names, eg. ns0 and ns1 instead of the same
name, eg. ns0.
2011-12-29 14:16:00 +01:00
de4dot
08eafd1080
Remove useless overrides
2011-12-29 14:04:43 +01:00
de4dot
1fc70d8d9e
Add Goliath.NET obfuscator support
2011-12-29 08:26:36 +01:00