de4dot
00d27a89f6
Support Confuser 1.7 r73477 compressor
2012-08-03 22:55:11 +02:00
de4dot
2c33d80ccc
Support netmodules
2012-08-03 20:24:14 +02:00
de4dot
1646786bc5
Fix bug in reading code + extra sections
2012-08-03 19:36:40 +02:00
de4dot
68e5ef766c
Merge branch 'master' into confuser
2012-08-03 17:58:09 +02:00
de4dot
47a3034259
Call method later
2012-08-03 17:57:45 +02:00
de4dot
c913b6929a
Support Confuser 1.7 r73477 methods encrypter
2012-08-03 00:28:28 +02:00
de4dot
642b59667c
Move key init code to a new method
2012-08-02 22:08:29 +02:00
de4dot
b333cc32da
Rename arg
2012-08-02 21:57:47 +02:00
de4dot
4800755e47
Merge branch 'master' into confuser
2012-08-02 19:53:36 +02:00
de4dot
b455ae8dab
Fix arg name
2012-08-02 19:53:30 +02:00
de4dot
c4608df16f
Support Confuser 1.7 r73404 compressor
2012-08-02 19:53:15 +02:00
de4dot
343ed177bb
Support Confuser 1.7 r73404 constants encrypter
2012-08-02 19:14:35 +02:00
de4dot
7a77421c0e
Move method
2012-08-02 19:13:42 +02:00
de4dot
13420b80eb
Support Confuser 1.7 r73404 resource encrypter
2012-08-02 18:26:01 +02:00
de4dot
b5ef7a7b12
Rename proxy class to ...V10
2012-08-02 17:23:16 +02:00
de4dot
1f4ec139db
Support Confuser 1.7 r73404 methods encrypter
2012-08-02 17:01:14 +02:00
de4dot
e1758ddbb0
Support Confuser 1.6 r71742 methods decrypter
2012-08-02 11:12:20 +02:00
de4dot
8473253aa6
Support Confuser 1.5 r60785 compressor
2012-08-02 08:40:52 +02:00
de4dot
3d28201159
Add support for Confuser 1.5 r60785 constants encrypter (dynamic mode)
2012-08-02 08:11:21 +02:00
de4dot
1f9514e168
Move const reader and decrypt method
2012-08-02 08:08:50 +02:00
de4dot
1d5b341ed6
Return if invalid index
2012-08-02 08:07:26 +02:00
de4dot
6e262eb621
Add support for Confuser 1.5 r60785 constants encrypter (normal mode)
2012-08-01 22:38:57 +02:00
de4dot
d888ffd8e5
Merge branch 'master' into confuser
2012-08-01 22:20:47 +02:00
de4dot
e496cea7da
Add an option to remove a present unbox.any instr
2012-08-01 22:20:35 +02:00
de4dot
b45060d35a
Add RIP comment
2012-08-01 18:10:15 +02:00
de4dot
7f3399a9c4
Remove unreachable code
2012-08-01 18:09:58 +02:00
de4dot
4a3104963c
Fix cast
2012-08-01 18:09:24 +02:00
de4dot
d3c75288e7
Support Confuser 1.5a r59014 methods decrypter
2012-08-01 15:00:47 +02:00
de4dot
11ff8a55b1
Support Confuser 1.4 r58857 proxy methods
2012-08-01 14:24:45 +02:00
de4dot
910472ad04
Support Confuser 1.4 r58852 compressor
2012-08-01 14:05:29 +02:00
de4dot
99f0f8f480
Don't return main asm if it hasn't been unpacked
2012-08-01 13:48:41 +02:00
de4dot
4a6c6fee68
Update method name
2012-08-01 13:37:43 +02:00
de4dot
60cc3c7909
Update detection of key
2012-08-01 13:36:12 +02:00
de4dot
7e19539a61
Add code to handle an obfuscator bug
2012-08-01 13:03:36 +02:00
de4dot
b60eca8ae2
Add an option to only dump the main embedded asm
2012-08-01 12:37:26 +02:00
de4dot
002da4602a
Support Confuser 1.4 r58802 compressor and dump embedded asms
2012-08-01 11:41:31 +02:00
de4dot
8477e79b88
Move code to ConfuserUtils
2012-08-01 11:40:15 +02:00
de4dot
7b3cb1e007
Support Confuser 1.4 r58802 method proxies
2012-08-01 10:01:26 +02:00
de4dot
6953760ffc
Change Confuser type from cn to cr
...
'cr' is what the author of Confuser uses.
2012-08-01 09:18:06 +02:00
de4dot
17db2d332e
Support Confuser 1.4 r58802 string decrypter
2012-08-01 09:13:47 +02:00
de4dot
c2d56bd8d1
Fix compatibility with later v1.9 decrypter
2012-08-01 09:11:25 +02:00
de4dot
c652d49353
Remove Confuser 1.4 r58564 anti dumping type
2012-07-31 20:05:52 +02:00
de4dot
3e49c0bfa5
Support Confuser 1.4 r58564 compressor
2012-07-31 19:56:10 +02:00
de4dot
d99133658c
Support Confuser 1.4 r58564 proxy methods
2012-07-31 19:12:35 +02:00
de4dot
2a96ec9958
Support Confuser 1.4 r58564 methods encrypter
2012-07-31 17:17:16 +02:00
de4dot
17495e986f
Support Confuser 1.4 r58004 methods encrypter
2012-07-31 15:03:18 +02:00
de4dot
433a0d2b0a
Check for encrypted methods in moduleReloaded()
2012-07-31 14:25:40 +02:00
de4dot
a4be159b44
Support Confuser 1.4 r57884 methods encrypter
2012-07-31 14:24:49 +02:00
de4dot
9db8fc86a7
Merge branch 'master' into confuser
2012-07-31 12:51:33 +02:00
de4dot
9cbbea2c01
Use a better resource key
2012-07-31 12:50:55 +02:00
de4dot
c005ab2998
Check for div by zero
2012-07-31 12:43:23 +02:00
de4dot
ab04a72990
Update version number
2012-07-31 12:42:41 +02:00
de4dot
995e836fd8
Remove Confuser 1.3 r57588 anti debug method
2012-07-31 10:52:25 +02:00
de4dot
bb9e4cbf26
Remove resources with an invalid RVA
2012-07-31 10:41:20 +02:00
de4dot
4b2da13972
Decrypt encrypted strings resource before initializing string decrypter
2012-07-31 10:09:45 +02:00
de4dot
f370824a46
Make sure we only decrypt resources once
2012-07-31 10:08:46 +02:00
de4dot
b517755607
Support Confuser 1.3 r55802 resource encrypter
2012-07-31 10:00:46 +02:00
de4dot
a2038f348e
Support Confuser 1.3 r42915 "safe" string decrypter
2012-07-31 09:14:06 +02:00
de4dot
be9c95a759
Support Confuser 1.3 r55346's latest proxy methods code
2012-07-31 07:30:21 +02:00
de4dot
1f2de674f7
Support an updated Confuser proxy methods code
2012-07-31 07:15:38 +02:00
de4dot
4c5f955953
Merge branch 'master' into confuser
2012-07-31 07:13:25 +02:00
de4dot
dace82cca9
Add find2() method for derived classes
2012-07-31 07:13:07 +02:00
de4dot
4f4af7a44a
Support newer Confuser 1.0 and 1.1 string decrypters
2012-07-31 05:47:49 +02:00
de4dot
afb205aeea
Update detection of compressor
2012-07-31 04:44:45 +02:00
de4dot
83706f40a8
Update proxy fixer v1
2012-07-31 04:44:30 +02:00
de4dot
ed9849313a
Merge branch 'master' into confuser
2012-07-31 04:41:09 +02:00
de4dot
329efd9a0f
Add code to let a derived class to push new values
2012-07-31 04:40:45 +02:00
de4dot
87a8052cbe
Declaring type is null if it's already been removed
2012-07-31 04:40:06 +02:00
de4dot
6be691ab6d
Increment errors if there's an exception
2012-07-31 04:39:34 +02:00
de4dot
1683c3ac1b
Update constants folder to support r8 values
2012-07-31 01:16:50 +02:00
de4dot
312a2fe063
Merge branch 'master' into confuser
2012-07-31 01:15:52 +02:00
de4dot
06b7374276
Add support for reading r8 values. Also rename some methods
2012-07-31 01:14:38 +02:00
de4dot
e657db9c8c
Support methods proxy in Confuser 1.0 r48717
2012-07-30 18:00:00 +02:00
de4dot
4a6713b728
Update detection of proxy fixer
2012-07-30 17:57:24 +02:00
de4dot
2e99bac40c
Unpack compressed Confuser assemblies
2012-07-30 14:11:04 +02:00
de4dot
7321e51a78
Decrypt Confuser 1.0 encrypted strings
2012-07-30 10:28:11 +02:00
de4dot
498316d2a2
Merge branch 'master' into confuser
2012-07-30 10:27:06 +02:00
de4dot
11256d6e76
Make property public
2012-07-30 10:26:49 +02:00
de4dot
833a4bdd42
Merge branch 'master' into confuser
2012-07-30 09:19:25 +02:00
de4dot
85ce802131
Add Confuser 1.0 proxy call fixer
2012-07-30 09:19:17 +02:00
de4dot
83b805adc3
Move methods
2012-07-30 09:17:22 +02:00
de4dot
1e7be5c619
Make method static
2012-07-30 09:13:51 +02:00
de4dot
b33c2834df
Don't deobfuscate cflow unless the method sig is void name()
2012-07-30 09:13:17 +02:00
de4dot
fb47689f58
Decrypt Confuser encrypted methods (memory)
2012-07-29 20:04:35 +02:00
de4dot
0eaa1466fb
Move common code to a base class
2012-07-29 20:02:12 +02:00
de4dot
d987fbe279
Merge branch 'master' into confuser
2012-07-29 18:14:25 +02:00
de4dot
b2d72b153f
Ignore exceptions when calling detect()
...
Most likely invalid code and/or metadata, which usually means it's still
encrypted.
2012-07-29 18:12:29 +02:00
de4dot
5b026a0d05
Add null check
2012-07-29 14:26:57 +02:00
de4dot
e225a342ae
Support type=dynamic const decryption
2012-07-29 14:23:27 +02:00
de4dot
5d1aefec16
Merge branch 'master' into confuser
2012-07-29 14:21:45 +02:00
de4dot
de8090df61
Add setConstant methods
2012-07-29 14:21:13 +02:00
de4dot
f20b2e648b
Fix detection when numeric const encryption is enabled
2012-07-29 13:24:50 +02:00
de4dot
892116ad63
Add ConstantsInliner class
2012-07-29 13:22:36 +02:00
de4dot
7c4994f624
Merge branch 'master' into confuser
2012-07-29 13:21:03 +02:00
de4dot
c924d84340
Add another decrypt() method
2012-07-29 13:20:35 +02:00
de4dot
c3c1ab64d8
Add setDeobfuscator() method
2012-07-29 13:19:12 +02:00
de4dot
2274ceeee4
Support the normal const decrypter
2012-07-29 10:17:05 +02:00
de4dot
24337f2a70
Merge branch 'master' into confuser
2012-07-29 09:49:55 +02:00
de4dot
f07f664553
Don't cast to a possible value type when result can be null
2012-07-29 09:49:00 +02:00
de4dot
ae63a63d20
Remove unecessary code
2012-07-28 21:28:27 +02:00
de4dot
db5c6fcf26
Decrypt Confuser encrypted constants
2012-07-28 04:45:27 +02:00
de4dot
b2ad946425
Merge branch 'master' into confuser
2012-07-28 04:39:30 +02:00
de4dot
cb6a3ac503
Support generic decrypter methods
2012-07-28 04:39:14 +02:00
de4dot
a2c8e99b3f
Ignore any exceptions during deobfuscation
2012-07-28 04:18:11 +02:00
de4dot
839684685e
Assume invalid code so check for null
2012-07-27 21:38:03 +02:00
de4dot
685d2c2ef0
Print a message if MethodData isn't encrypted
2012-07-27 21:35:55 +02:00
de4dot
6a15bfeee7
Decrypt Confuser encrypted resources
2012-07-27 12:49:00 +02:00
de4dot
471628b843
Update exception string
2012-07-27 09:21:03 +02:00
de4dot
16e6a986c7
Remove ConfusedByAttribute type
2012-07-27 08:50:58 +02:00
de4dot
872b4f61a2
Remove anti dumper type
2012-07-27 08:47:37 +02:00
de4dot
4840a117cf
Remove anti debugger type
2012-07-27 08:40:21 +02:00
de4dot
38d94819ee
Remove method decrypter type and init method call
2012-07-27 08:23:55 +02:00
de4dot
74970e80ff
Add Confuser proxy fixer
2012-07-27 08:11:23 +02:00
de4dot
a48a03b9ab
Move methods to ConfuserUtils
2012-07-27 08:07:17 +02:00
de4dot
135dcd5a3c
Merge branch 'master' into confuser
2012-07-27 08:03:30 +02:00
de4dot
e88479f71d
Add OtherMethods prop
2012-07-27 08:03:02 +02:00
de4dot
3abb8de345
getFieldToMethodDictionary() is now a non-virtual method
2012-07-27 07:57:13 +02:00
de4dot
70bd973cdd
Decrypt Confuser 1.9 encrypted JIT methods
2012-07-26 20:12:12 +02:00
de4dot
1a1ccb2121
Update code since GetUserString() arg is now a token
2012-07-26 20:07:27 +02:00
de4dot
bbd41a549c
Add MD5 and SHA256 sum methods
2012-07-26 16:35:28 +02:00
de4dot
916948249e
Add missing null check
2012-07-26 16:35:08 +02:00
de4dot
5fc6e1ac75
Add method to get a 64-bit int
2012-07-25 21:06:35 +02:00
de4dot
423c33a9f2
Append 32 to 32-bit methods and fields
2012-07-25 20:48:06 +02:00
de4dot
e2ec6548ed
Add more ctors and add EmulateConvInstructions prop
2012-07-25 20:43:22 +02:00
de4dot
755c9ae21a
New version: 1.9.0
2012-07-24 20:08:09 +02:00
de4dot
a815a70415
Rename arrays
2012-07-24 19:58:00 +02:00
de4dot
880441571e
Update class comment
2012-07-24 19:52:34 +02:00
de4dot
c31e6c2c3d
Main embedded asm doesn't always have the same asm name as the original asm
2012-07-24 19:05:50 +02:00
de4dot
e1f8793302
Add option to disable decrypting main embedded assembly
2012-07-24 18:52:39 +02:00
de4dot
490ce203b6
Update invalid name regex
2012-07-24 18:13:18 +02:00
de4dot
e54b026ae7
Make the embedded (original) start up assembly the new decrypted assembly
2012-07-24 17:49:04 +02:00
de4dot
4374a08020
getDecryptedModule() can now be called multiple times
2012-07-24 17:02:27 +02:00
de4dot
c8477bdbce
Print a warning and use default encoding if the code page doesn't exist
2012-07-23 13:19:04 +02:00
de4dot
8a81e98b3f
Fix invalid Mvid
2012-07-23 13:15:32 +02:00
de4dot
6c04a950e7
Remove duplicate resources
2012-07-23 10:22:39 +02:00
de4dot
b03cb46f53
Rename class
2012-07-23 10:08:13 +02:00
de4dot
ebbc8d2ab8
Remove encoding arg
2012-07-23 10:04:40 +02:00
de4dot
74aaf19257
Support the latest CO build
2012-07-22 20:35:33 +02:00
de4dot
2320c458cf
Check for null (invalid method ref in call instr)
2012-07-21 23:13:34 +02:00
de4dot
762e043236
Merge branch 'co' into new_code
...
Conflicts:
de4dot.code/de4dot.code.csproj
de4dot.code/deobfuscators/CryptoObfuscator/Deobfuscator.cs
2012-07-21 12:14:04 +02:00
de4dot
940aa20534
Merge branch 'master' into new_code
...
Conflicts:
de4dot.code/de4dot.code.csproj
2012-07-21 11:24:32 +02:00
de4dot
fd9d4a40cc
Support another MC runtime
2012-07-21 11:13:59 +02:00
de4dot
816ff5f369
New version: 1.8.7
2012-07-20 21:55:12 +02:00
de4dot
e05bfc9c8a
Decrypt strings
2012-07-20 21:54:56 +02:00
de4dot
dfafc4a94b
Remove useless method
2012-07-20 18:32:49 +02:00
de4dot
9b48632354
Refactor
2012-07-20 18:15:40 +02:00
de4dot
8b82f8b47d
Support the latest MC versions
2012-07-20 14:49:47 +02:00
de4dot
1eaa9f8c51
Add verify methods
2012-07-20 14:48:19 +02:00
de4dot
d9b3a81ba9
Add little endian encrypt/decrypt methods
2012-07-20 14:47:55 +02:00
de4dot
9b71da3633
Remove call to InitializeArray
2012-07-18 14:39:27 +02:00
de4dot
d0712b46aa
Update detection of resource resolver class
2012-07-16 20:00:37 +02:00
de4dot
6766c10969
Split array state into a new class
2012-07-16 19:59:50 +02:00
de4dot
ca65972c64
Add a force option to deobfuscate() method
2012-07-16 18:02:32 +02:00
de4dot
2aa3c8aaea
Add constants decrypter
2012-07-11 08:05:06 +02:00
de4dot
8f2f2f46ce
Support latest CO build
2012-07-11 02:15:33 +02:00
de4dot
9f8cac4dac
Fix #56
2012-07-08 08:14:36 +02:00
de4dot
598529a039
Support calli instruction
2012-07-08 04:18:26 +02:00
de4dot
16d5a31640
Create a SentinelType
2012-07-08 03:50:50 +02:00
de4dot
1581ec959d
Merge branch 'master' into new_code
2012-07-07 19:35:54 +02:00
de4dot
1867a06e84
Continue if same method
2012-07-07 09:09:55 +02:00
de4dot
ad6c6401b9
Support VS2008
2012-07-07 07:16:55 +02:00
de4dot
e440270a63
Fix proxy calls
2012-07-07 01:59:03 +02:00
de4dot
0a5764a093
Change method to take a ref to a type
2012-07-07 00:58:18 +02:00
de4dot
02c89550cb
Update the counter
2012-07-05 23:19:37 +02:00
de4dot
d5c8f6842a
Update log string
2012-07-02 21:49:59 +02:00
de4dot
8a34b6e015
Make method static
2012-07-02 21:49:45 +02:00
de4dot
b9e88972ae
Support latest CO build
2012-07-02 14:26:00 +02:00
de4dot
23697e2c00
Support ILP 1.0.5
2012-07-01 16:23:51 +02:00
de4dot
4c5fa3e809
Remove ILP detection
2012-06-27 15:19:09 +02:00
de4dot
4236514691
Merge branch 'ilp' into new_code
2012-06-27 15:15:55 +02:00
de4dot
a2baf1fdea
Merge branch 'master' into new_code
2012-06-27 15:15:03 +02:00
de4dot
4dce00b35a
Merge branch 'rummage' into new_code
...
Conflicts:
de4dot.cui/Program.cs
2012-06-27 15:14:40 +02:00
de4dot
199a0b4043
New version: 1.8.6
2012-06-27 10:46:12 +02:00
de4dot
12797ecb03
Support latest CO build
2012-06-27 10:45:45 +02:00
de4dot
cd0a193bdf
Support latest AN build
2012-06-27 10:27:16 +02:00
de4dot
d1259460e3
Update detection of decrypter constants. Fixes #59
2012-06-25 01:14:26 +02:00
de4dot
fa594c6213
Add better BL support
2012-06-12 11:15:19 +02:00
de4dot
4a29eae1c8
Add more inflate() overloads
2012-06-11 21:20:14 +02:00
de4dot
31118c11ba
Add the code from SharpZipLib that de4dot uses
2012-06-11 21:18:03 +02:00
de4dot
b964996388
Support Babel.NET 5.5
2012-06-06 21:16:32 +02:00
de4dot
a8bf74ca78
Support Rummage
2012-06-06 11:40:48 +02:00
de4dot
6d675fea54
Add XTEA decrypter
2012-06-06 11:39:48 +02:00
de4dot
3264bfc5cd
Support latest CO build
2012-06-04 09:51:07 +02:00
de4dot
5567c9a06a
Warn if strings resource couldn't be found
2012-06-04 06:34:32 +02:00
de4dot
3582b773ca
Support ILP
2012-06-04 05:02:46 +02:00
de4dot
27a91f5942
Change parameters type from [] to IList
2012-06-04 03:55:25 +02:00
de4dot
286462db4b
Move file
2012-06-03 19:08:46 +02:00
de4dot
e75386d0f9
Move method to Utils.cs
2012-06-03 16:44:08 +02:00
de4dot
b844dbc428
Detect ILP
2012-06-02 20:56:36 +02:00
de4dot
bff92e02e7
Remove unused method
2012-06-02 17:32:05 +02:00
de4dot
d2ec4e2969
New version: 1.8.5
2012-06-02 07:27:50 +02:00
de4dot
ec8139f640
Refactor code and support latest AN build
2012-06-02 07:26:21 +02:00
de4dot
a25f4f4640
Remove proxy methods type and make sure all proxy methods are inlined
2012-06-02 03:33:21 +02:00
de4dot
3c99e8d0d6
Update valid name regex
2012-06-01 12:53:03 +02:00
de4dot
6696c26496
Assembly resolver init method is sometimes only called from Main()
2012-06-01 12:40:16 +02:00
de4dot
d091564d85
Fix ToString(). Should separate generic args with commas
2012-06-01 12:05:01 +02:00
de4dot
cd2851baf4
Add an option to disable dumping embedded assemblies
2012-06-01 12:01:45 +02:00
de4dot
58b62ff914
Decrypt main assembly and embedded assemblies
2012-06-01 11:53:54 +02:00
de4dot
ddc270b963
Remove newlines from names when calling logger methods
2012-05-31 06:08:01 +02:00
de4dot
96f9f4154d
Decrypt CF encrypted strings
2012-05-29 20:20:11 +02:00
de4dot
9b591c68d3
Fix CF proxy calls
2012-05-29 19:14:41 +02:00
de4dot
512c650e11
Add another proxy call fixer class
2012-05-29 19:13:43 +02:00
de4dot
24d1c5182b
Update comment
2012-05-29 19:07:01 +02:00
de4dot
58adda95b6
getAllBlocks() now returns a List instead of an IList
2012-05-29 19:06:41 +02:00
de4dot
7b3dcf8e05
Refactor proxy call fixer classes
2012-05-29 11:13:39 +02:00
de4dot
1b569a0d24
Support MPRESS
2012-05-28 18:00:29 +02:00
de4dot
3e6a259e8f
Add 50 more points if methods decrypter is detected
2012-05-27 07:43:26 +02:00
de4dot
c441a60372
Print CW version number
2012-05-27 07:00:13 +02:00
de4dot
eebb090827
Support old CW 2.x
2012-05-27 02:31:53 +02:00
de4dot
06a30473da
Decrypt strings encrypted with older CW version
2012-05-26 20:20:11 +02:00
de4dot
adaf41c769
Decrypt embedded assemblies
2012-05-26 17:41:08 +02:00
de4dot
3a96ae391a
Move common resolver handler detector code to DeobUtils
2012-05-26 17:33:26 +02:00
de4dot
dbd7affaa8
Update valid name regex
2012-05-26 14:40:51 +02:00
de4dot
f1c8549066
Decrypt CW encrypted strings
2012-05-26 14:38:08 +02:00
de4dot
20452fe964
Decrypt CW encrypted methods
2012-05-26 05:26:00 +02:00
de4dot
b1f5fe92be
Clear invalid method bodies
2012-05-24 16:42:04 +02:00
de4dot
1a7c89a173
New version: 1.8.4
2012-05-19 09:02:26 +02:00
de4dot
c48b2d92c2
Support AN 6.0.0.5 (new build, same version)
2012-05-19 08:59:13 +02:00
de4dot
f6c5ed1c0c
New version: 1.8.3
2012-05-15 19:06:21 +02:00
de4dot
c3cdf95fcf
Support AN 6.0.0.5
2012-05-15 19:05:47 +02:00
de4dot
d1c09c3fae
New version: 1.8.2
2012-05-13 15:06:50 +02:00
de4dot
654ebf652e
Merge branch 'ds'
2012-05-12 21:40:01 +02:00
de4dot
bec6725aa7
Rename option
2012-05-12 21:39:49 +02:00
de4dot
40898cf238
Decrypt embedded assemblies (SL)
2012-05-11 19:38:31 +02:00
de4dot
ce3622f6e8
Use the correct variable
2012-05-11 18:18:19 +02:00
de4dot
94ee4064ed
Remove namespace prefix
2012-05-11 18:17:51 +02:00
de4dot
cd014f1d72
Update fields restorer
2012-05-10 20:20:29 +02:00
de4dot
1d2a78979f
Use generic prop creator if the type has a generic parameter
2012-05-10 19:00:12 +02:00
de4dot
f05a334c11
Make sure we don't rename a key to an already existing non-renamed key
2012-05-10 18:41:21 +02:00
de4dot
0b47ccf070
Remove cflow obfuscation arrays
2012-05-10 18:38:27 +02:00
de4dot
ae7e32ae5b
Remove decrypt method and other init method
2012-05-10 13:39:14 +02:00
de4dot
c5f8aaeb1a
Dump 4.1 embedded assemblies
2012-05-09 22:24:39 +02:00
de4dot
ee32b84283
Move code to DsUtils
2012-05-09 22:20:17 +02:00
de4dot
9b9e692947
Move version specific data to their own class
2012-05-09 19:10:20 +02:00
de4dot
dadc064b55
Decrypt V4.1 resources
2012-05-09 19:00:21 +02:00
de4dot
1aaa5df9ce
Support trial string encrypter
2012-05-09 17:30:35 +02:00
de4dot
3572bdfdcc
Set maxlen to 50. Fix incorrect method sig. Make sure there are no dupes.
2012-05-09 17:28:52 +02:00
de4dot
e5a64a4402
Remove more XC attributes
2012-05-06 13:07:34 +02:00
de4dot
44fea8f185
Fix problems found while testing
2012-05-03 17:24:59 +02:00
de4dot
b27e1b36af
Add option to disable cast deobfuscation
2012-05-03 16:51:36 +02:00
de4dot
ea205dcae8
Add option to disable renaming resource keys
2012-05-03 16:48:03 +02:00
de4dot
955c1f10bd
Rename resource keys
2012-05-03 16:47:34 +02:00
de4dot
76a10b1f34
Add Data property
2012-05-03 16:40:17 +02:00
de4dot
83725200c1
Add isValidResourceKeyName()
2012-05-03 14:53:01 +02:00
de4dot
2761216e39
Add a resource reader
2012-05-03 14:34:58 +02:00
de4dot
83dc4226c1
Make sure string decrypter methods aren't detected as inlined methods
2012-05-03 09:51:26 +02:00
de4dot
870dab5b90
Fix renaming events/properties
2012-05-03 09:05:05 +02:00
de4dot
fb9e217dac
Add a cast deobfuscator
2012-05-03 08:01:35 +02:00
de4dot
c61161be1d
Ignore method attributes
2012-05-02 18:43:57 +02:00
de4dot
597fcb0210
Cflow deob methods
2012-05-02 13:51:07 +02:00
de4dot
e8049c6a05
Inline some obfuscated methods
2012-05-02 10:48:44 +02:00
de4dot
db14e73369
Make sure index is correct, and add method to read arg constants
2012-05-02 10:47:21 +02:00
de4dot
b15b581c46
Deobfuscate string decrypter cctor
2012-04-30 21:47:23 +02:00
de4dot
2594317b18
Use other sb ctor
2012-04-30 12:49:43 +02:00
de4dot
1805e352c4
Disable using unknown args by default
2012-04-30 12:18:47 +02:00
de4dot
f307520e62
Decrypt DS 4.1 strings
2012-04-30 08:33:05 +02:00
de4dot
a1daee56f8
Support more types of args
2012-04-30 08:31:09 +02:00
de4dot
e29a8ea692
Update cflow deobfuscator
2012-04-30 01:29:05 +02:00
de4dot
6b18d70e77
Move common code to another class
2012-04-30 01:26:34 +02:00
de4dot
83b14da5c8
Refactor: create common cflow deob iface
2012-04-29 23:51:04 +02:00
de4dot
920f079855
Set initlocals and add an option to disable it
2012-04-29 06:16:53 +02:00
de4dot
eb17298625
Move the field
2012-04-29 04:35:58 +02:00
de4dot
48b9c461f5
Restore calls to CodeDomProvider and ICodeCompiler
2012-04-29 04:03:10 +02:00
de4dot
9333e2415c
Rename class
2012-04-29 00:56:17 +02:00
de4dot
e548436ede
Restore calls to Icon/Bitmap .ctor
2012-04-29 00:51:09 +02:00
de4dot
b92b23df4a
Rename class and make it more general
2012-04-29 00:11:28 +02:00
de4dot
f9c78f8a8b
Decrypt CS 1.x encrypted methods
2012-04-28 08:50:37 +02:00
de4dot
03e2e621ea
Update detection of resource resolver type
2012-04-26 20:50:06 +02:00
de4dot
9754b01ba9
Merge branch 'master' into cs
2012-04-26 19:33:28 +02:00
de4dot
7a0804e035
Remove module references to the CS RT files
2012-04-26 17:14:54 +02:00
de4dot
7e5e7ddcd2
Find old string decrypter method
2012-04-26 16:53:52 +02:00
de4dot
67c866491d
Show the correct obfuscator name
2012-04-26 16:33:55 +02:00
de4dot
6f830b8329
Remove all obfuscator attributes
2012-04-26 16:23:07 +02:00
de4dot
aa6e7c0fc2
Add addAttributesToBeRemoved()
2012-04-26 16:08:39 +02:00
de4dot
960f934c67
Update detection of CS type
2012-04-26 14:46:22 +02:00
de4dot
e10dce2d95
Check for 32-bit or 64-bit method
2012-04-26 02:31:31 +02:00
de4dot
5b97faf2dd
Detect CS type when strings are encrypted, but methods aren't
2012-04-26 01:56:59 +02:00
de4dot
ab60692c2f
Return the correct return value
2012-04-26 01:48:59 +02:00
de4dot
d84d2e6a6c
Update CS detector and support an old string decrypter
2012-04-26 01:42:10 +02:00
de4dot
bff017a317
Throw InvalidMethodBody if IOException
2012-04-25 18:06:27 +02:00
de4dot
903db59827
Restore CS 3.0 "encrypted" methods
2012-04-25 13:49:22 +02:00
de4dot
4e89d707dc
Move code to DeobUtils
2012-04-25 13:21:53 +02:00
de4dot
8a45abfd3d
Stop earlier
2012-04-25 11:09:30 +02:00
de4dot
adea5b3ef6
Support latest MC build
2012-04-24 23:02:36 +02:00
de4dot
3a9422f798
Remove useless displs
2012-04-24 22:30:17 +02:00
de4dot
2b4fc0a836
Merge branch 'master' into cs
2012-04-24 11:39:31 +02:00
de4dot
eebb831c4b
Update CSVM opcode handler detection code
2012-04-24 11:33:17 +02:00
de4dot
88d7607d10
Fix resolver
2012-04-24 11:25:39 +02:00
de4dot
586be53fef
Fix method names
2012-04-23 19:37:05 +02:00
de4dot
7a399e7913
Rename class and update comments
2012-04-23 15:02:15 +02:00
de4dot
ea7a533027
Make fields read only
2012-04-23 15:00:42 +02:00
de4dot
b28dd6277a
Fix method names
2012-04-23 14:47:05 +02:00
de4dot
0a0b491072
Copy foundSig field
2012-04-23 14:40:56 +02:00
de4dot
dba8d8ebef
Use a using statement to make sure the file is closed when we return
2012-04-23 14:25:12 +02:00
de4dot
4f34e5c374
Restore .NET data directory so it can be deobfuscated
2012-04-23 02:04:34 +02:00
de4dot
790dc9f445
codeOffs should not be file offset
2012-04-22 21:26:57 +02:00
de4dot
c9fa7caf91
Decrypt CS 5.0 encrypted methods
2012-04-22 21:19:57 +02:00
de4dot
d3f1a2fd8e
Decrypt CS 4.5 encrypted methods
2012-04-22 20:35:01 +02:00
de4dot
fbba6a2aa8
Decrypt methods (CS RT is embedded inside the assembly)
2012-04-22 16:18:41 +02:00
de4dot
c9f63a5866
Restore CS 4.0 "encrypted" methods
2012-04-22 15:36:26 +02:00
de4dot
59e2e51882
Throw if invalid method body
2012-04-22 14:13:48 +02:00
de4dot
1a79ffde92
Move code to a new class
2012-04-22 13:43:43 +02:00
de4dot
0d41f9e41e
Remove useless field
2012-04-21 23:10:06 +02:00
de4dot
46152761ee
Input could be null
2012-04-17 14:13:40 +02:00
de4dot
d637c1af9a
New version: 1.8.1
2012-04-15 23:42:57 +02:00
de4dot
941929cf7a
Support latest CO build
2012-04-15 23:42:11 +02:00
de4dot
9bde3dee5a
New version: 1.8.0
2012-04-15 07:52:36 +02:00
de4dot
0df7b918ea
Refactor
2012-04-13 05:03:52 +02:00
de4dot
a459bc107c
Make sure <Module>::.cctor() only calls <CliSecureRT>::Initialize()
2012-04-13 05:03:51 +02:00
de4dot
043730e599
Ignore invalid method indexes
2012-04-11 03:11:01 +02:00
de4dot
3a8e1499f2
Use dynamic decryption if static decryption fails
2012-04-11 03:09:59 +02:00
de4dot
588373f5ff
Add code to decrypt methods using the new dynamic methods decrypter
2012-04-10 21:28:22 +02:00
de4dot
1e33610ce8
Support latest MC build
2012-04-10 19:06:03 +02:00
de4dot
b97dacbc54
Merge branch 'cs'
2012-04-10 16:32:40 +02:00
de4dot
c756d543c1
Rename PE namespace
2012-04-10 16:32:15 +02:00
de4dot
c5d9cc47ba
Add code to decrypt methods dynamically.
...
This is not a generic methods decrypter that can decrypt any obfuscator's
encrypted methods. If it hooks compileMethod(), this code probably can
decrypt the methods. If not, a little rewriting should fix that.
2012-04-10 16:17:45 +02:00
de4dot
ffa61e6a89
Move PE code to a common assembly
2012-04-10 15:09:59 +02:00
de4dot
553337adb7
Support EF 3.3.149
2012-04-10 03:52:18 +02:00
de4dot
2d583316cf
Use the constant
2012-04-08 11:36:24 +02:00
de4dot
634e9ec023
Reverse return value
2012-04-07 06:47:19 +02:00
de4dot
11f992b0f2
Support some more instrs
2012-04-06 22:07:52 +02:00
de4dot
52d6f73f5e
Add a newline
2012-04-06 16:36:07 +02:00
de4dot
1f74aeb1cf
Rename variable
2012-04-06 16:25:25 +02:00
de4dot
33e2177059
Restore constrained. prefix
2012-04-06 16:08:35 +02:00
de4dot
1935e58dbf
Support ldloca and ldarga
2012-04-06 16:08:09 +02:00
de4dot
5511ab833b
Update ldelema type, and add unbox.any and ldobj
2012-04-06 15:38:44 +02:00
de4dot
2949862614
Print warning if we failed to restore an instr op
2012-04-06 12:33:39 +02:00
de4dot
c39e421010
Fix locals
2012-04-06 12:25:15 +02:00
de4dot
86190ede1f
Print devirtualized methods
2012-04-06 11:05:06 +02:00
de4dot
7ec17b6b23
Move class to its own file
2012-04-05 20:59:50 +02:00
de4dot
237732e98e
Refactor
2012-04-05 20:45:16 +02:00
de4dot
da0878d765
Restore types that are generic parameters
2012-04-05 19:38:05 +02:00
de4dot
a38fe57ec1
Add CSVM devirtualizer
2012-04-05 19:15:10 +02:00
de4dot
0adbb3e70a
Move code to a new class
2012-04-05 18:05:27 +02:00
de4dot
1ead27107b
Don't add to list if null
2012-04-05 17:06:27 +02:00
de4dot
9cfe8431f6
Add shared deobfuscator data/methods
2012-04-04 21:06:10 +02:00
de4dot
7c8259905b
Update CO code. Fixes #39
2012-03-31 13:53:33 +02:00
de4dot
ab3c970cf4
Remove useless using statement
2012-03-29 04:52:39 +02:00
de4dot
ec775b9ef5
Support another SK string encrypter
2012-03-27 15:33:57 +02:00
de4dot
065927f702
Use the property
2012-03-27 15:23:27 +02:00
de4dot
d1e499454e
Rename locals and fix problem with huge strings
2012-03-27 02:27:26 +02:00
de4dot
6e188aa7e0
Decrypt MC encrypted strings
2012-03-26 22:07:01 +02:00
de4dot
e76321aaad
Remove unused method
2012-03-26 20:12:07 +02:00
de4dot
716098d33a
Change locals to instance variables
2012-03-26 19:34:09 +02:00
de4dot
e62d4f910a
Update detection of MC type
2012-03-24 19:35:38 +01:00
de4dot
4e042166b9
Fix getSectionHeader()
2012-03-24 19:13:58 +01:00
de4dot
b323612508
New version: 1.7.4
2012-03-23 10:14:26 +01:00
de4dot
efd317489d
Support latest EF 3.3.143
2012-03-23 10:13:59 +01:00
de4dot
8ca040f0da
Use callsMethod()
2012-03-21 03:49:28 +01:00
de4dot
7f1bad748e
Add more asm search paths
2012-03-21 03:37:10 +01:00
de4dot
ad5a759cd9
Remove useless cases
2012-03-21 03:19:26 +01:00
de4dot
1e9b20e432
Support EF obfuscated CF assemblies
2012-03-18 22:59:34 +01:00
de4dot
e1292b2930
Add some more assembly search paths
2012-03-18 19:15:33 +01:00
de4dot
353673811b
Fix problem where some WinForm property names weren't restored
2012-03-18 12:55:21 +01:00
de4dot
4b81854ea5
Restore resource names ending in ".g.resources"
2012-03-17 22:12:51 +01:00
de4dot
6f01d48593
Change getCalledMethods() return type
2012-03-17 20:36:41 +01:00
de4dot
0b858c47ed
Support DS obfuscated SL assemblies
2012-03-17 15:02:48 +01:00
de4dot
37450a1515
Support old DS 3.0.3.41 - 3.0.4.44
2012-03-17 14:11:37 +01:00
de4dot
48c7d40fb6
Inline method
2012-03-17 11:19:03 +01:00
de4dot
a3b052d15c
Should be "continue"
2012-03-17 11:18:52 +01:00
de4dot
9ecc5a313f
Support EF obfuscated SL assemblies
2012-03-16 23:22:24 +01:00
de4dot
d9aec67fcb
Rename
2012-03-16 22:39:50 +01:00
de4dot
996a245ba3
New version: 1.7.3
2012-03-15 23:39:42 +01:00
de4dot
ce9add13cb
Support CO obfuscated SL/CF assemblies
2012-03-15 22:36:23 +01:00
de4dot
0537a2edce
Use getModuleTypeCctor()
2012-03-15 09:38:52 +01:00
de4dot
67cb85e7ce
Update detection of obfuscator types
2012-03-15 09:15:12 +01:00
de4dot
e4fe749559
Use hasInteger() method
2012-03-15 02:19:35 +01:00
de4dot
27f382a017
Support a (new?) version of CryptoObfuscator. Fixes #33
2012-03-14 22:28:20 +01:00
de4dot
a405edf0fd
Support latest DeepSea version (4.0.4.32)
2012-03-13 20:37:33 +01:00
de4dot
ada90b1294
Add another CO detection check
2012-03-13 20:27:41 +01:00
de4dot
e949d8c926
Add support for latest EF 3.3.136
2012-03-13 09:26:40 +01:00
de4dot
8c5c055066
New version: 1.7.2
2012-03-11 15:59:36 +01:00
de4dot
7e1bf542af
Support a new EF 3.3 version that was released 1-2 days ago
2012-03-11 15:59:25 +01:00
de4dot
f5ee6e3e5e
Move dll files to a bin sub dir
2012-03-10 20:47:42 +01:00
de4dot
7d4c791575
Update detection of SA v2 string decrypter
2012-03-10 05:32:50 +01:00
de4dot
fafa60c4c9
Update expressions
2012-03-10 05:31:07 +01:00
de4dot
8b220697e0
New version: 1.7.1
2012-03-08 19:51:02 +01:00
de4dot
4e997910e4
Update detection of string decrypter type
2012-03-08 19:21:54 +01:00
de4dot
a41ea0969f
Call initAllTypes() before resolveAllRefs() to make sure baseType is initialized
2012-03-08 19:03:43 +01:00
de4dot
51fe58c4cd
Merge branch 'new_code'
2012-03-08 18:03:25 +01:00
de4dot
38fb775a7e
Use hasReturnValue() method
2012-03-08 18:03:12 +01:00
de4dot
3cde99b2e7
Remove overrides field
2012-03-08 17:57:35 +01:00
de4dot
4a7b4f4111
Update name regex
2012-03-08 16:15:19 +01:00
de4dot
674201e98c
Rename
2012-03-08 13:23:01 +01:00
de4dot
072bb4b5ce
Update code since cecil removed global asm resolver
2012-03-08 11:09:51 +01:00
de4dot
b4525ed58d
Support EF 3.3
2012-03-06 10:43:06 +01:00
de4dot
5c943d759d
Check base types for property/field
2012-03-03 18:23:53 +01:00
de4dot
77f1f2de67
Rename custom attribute fields and properties
2012-03-03 06:13:35 +01:00
de4dot
c3c92ebfaa
New version: 1.7.0
2012-03-01 22:14:23 +01:00
de4dot
48d6a3b6fc
Merge branch 'mc'
2012-03-01 22:10:36 +01:00
de4dot
86987518d6
Method should not be public
2012-02-29 11:41:07 +01:00
de4dot
9bf30e165c
Rename classes
2012-02-29 11:41:06 +01:00
de4dot
9791e63e51
Engrish
2012-02-29 11:41:05 +01:00
de4dot
8740ba8419
Rename variable
2012-02-29 11:41:04 +01:00
de4dot
167368f488
Attributes are worth less
2012-02-29 00:13:57 +01:00
de4dot
b27635f493
Remove sealed flag from interfaces
2012-02-28 23:57:48 +01:00
de4dot
ec30ec7b07
Add CF 2.0/3.5, SL 2.0 ref asm search paths
2012-02-28 22:36:35 +01:00
de4dot
e6d0c4a043
Move version detection to a new class
2012-02-28 22:30:22 +01:00
de4dot
77228ecfca
Update name regex
2012-02-28 22:24:08 +01:00
de4dot
68b4315e95
Update detection of the type and remove another type
2012-02-28 20:49:03 +01:00
de4dot
269b695245
Update detection of that type
2012-02-28 20:44:05 +01:00
de4dot
c970e1f6ca
Support v3.0 - 3.1
2012-02-28 19:42:19 +01:00
de4dot
acb53f535b
Throw if init fails
2012-02-28 18:18:13 +01:00
de4dot
f37e5a12d0
Restore calls to Assembly::GetManifestResourceXXX methods
2012-02-28 18:17:33 +01:00
de4dot
d740a3f5f6
Move GetManifestResourceStream code to a new class
2012-02-28 18:14:41 +01:00
de4dot
e72fb7220a
Decrypt embedded assemblies and resources
2012-02-27 23:43:45 +01:00
de4dot
9bab65640c
Refactor
2012-02-27 12:55:37 +01:00
de4dot
3c480f4c6c
Add another warning message
2012-02-27 01:51:44 +01:00
de4dot
cee04d3bba
master was updated
2012-02-26 22:57:55 +01:00
de4dot
cf76c14b4b
Merge branch 'master' into mc
2012-02-26 22:55:06 +01:00
de4dot
efec6625ef
Update detection of EF 3.0 and 3.1
2012-02-26 22:54:28 +01:00
de4dot
2bff1242c1
Add static EF string decrypter
2012-02-26 22:48:43 +01:00
de4dot
da1d649ef4
Make sure no generic methods are inlined
2012-02-25 06:33:38 +01:00
de4dot
10ceb12e30
Change return type to IEnumerable<int>
2012-02-25 06:25:40 +01:00
de4dot
48758be8f0
Use a new class instead of the dict
2012-02-25 06:14:19 +01:00
de4dot
d09938ca47
Remove classes with null base type
2012-02-25 05:28:32 +01:00
de4dot
330be994a1
Restore indentation
2012-02-25 05:22:30 +01:00
de4dot
5288b4b3d2
Make sure enum instance field has proper flags set (make peverify happy)
2012-02-25 05:15:42 +01:00
de4dot
b000112abc
Merge branch 'master' into mc
2012-02-23 17:16:00 +01:00
de4dot
fb832ca3de
New version: 1.6.1
2012-02-23 16:25:47 +01:00
de4dot
4ec4bb1d65
MC actually does rename symbols so add an updated regex
2012-02-23 11:52:19 +01:00
de4dot
6e8b32df21
Reverse sort comments
2012-02-23 10:59:02 +01:00
de4dot
7c4f014da3
Support old MC 3.2
2012-02-22 12:38:02 +01:00
de4dot
59ee55105d
Support some older MC version
2012-02-22 12:14:15 +01:00
de4dot
435d3303c3
Merge branch 'master' into mc
2012-02-21 17:33:45 +01:00
de4dot
538e4f738d
Fix issue #24 . Don't remove decrypter type if there was an error
2012-02-21 17:14:02 +01:00
de4dot
e5145fcca9
Remove MC type and module refs
2012-02-21 12:01:39 +01:00
de4dot
7bc3930df9
Decrypt resources
2012-02-21 11:51:19 +01:00
de4dot
58a94a8420
Decrypt methods protected with older MC version
2012-02-21 09:26:05 +01:00
de4dot
eb223537f0
Decrypt methods (decryption #1-4, not #5-7)
2012-02-20 17:20:29 +01:00
de4dot
b422e08fb1
Add lookup() method for ModuleReferences
2012-02-20 17:18:22 +01:00
de4dot
0c3aca32b9
Update code to handle MethodDefPtr table
2012-02-20 17:17:55 +01:00
de4dot
6d2435377f
Merge branch 'master' into mc
2012-02-20 05:59:08 +01:00
de4dot
b093e4c918
Copy license text files to output directory
2012-02-20 05:58:58 +01:00
de4dot
8536e211dd
Detect MC
2012-02-20 04:58:46 +01:00
de4dot
fc497b1688
Add MaxtoCode files
2012-02-20 03:48:59 +01:00
de4dot
d7afc66c6d
Don't remove string decrypter type if there's still code calling it
2012-02-19 00:50:08 +01:00
de4dot
e18ff9aea1
Don't remove string decrypter types if there was an error decrypting strings
2012-02-18 08:08:00 +01:00
de4dot
2c969446b0
Add InlinedAllCalls property
2012-02-18 07:56:53 +01:00
de4dot
8b059bcea7
These messages should be warnings
2012-02-18 07:52:58 +01:00
de4dot
9e16d9cd40
Rename method
2012-02-13 11:28:08 +01:00
de4dot
5579323b3e
Print warning if I/O exception
2012-02-13 11:16:38 +01:00
de4dot
981472cd91
Methods should be static and have a body
2012-02-13 11:11:08 +01:00
de4dot
a35c765f15
Rename method
2012-02-13 10:20:11 +01:00
de4dot
f7abb70475
New version: 1.6.0
2012-02-12 18:07:53 +01:00
de4dot
179ea6d6fd
Only string decrypter method is worth 100 points
2012-02-12 16:56:26 +01:00
de4dot
3e3be639e5
Move reading variable length int32 code to DeobUtils
2012-02-12 16:54:48 +01:00
de4dot
67efd5e7e7
Rename namespace to Eazfuscator_NET
2012-02-12 16:46:39 +01:00
de4dot
c2d13d9059
Remove all invalid methods
2012-02-12 16:29:29 +01:00
de4dot
4691c805d8
Ignore invalid methods
2012-02-12 16:25:12 +01:00