monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,139 Commits 2 Branches 1 Tag 5 MiB
d0712b46aa
Commit Graph

887 Commits

Author SHA1 Message Date
de4dot
c61161be1d Ignore method attributes 2012-05-02 18:43:57 +02:00
de4dot
597fcb0210 Cflow deob methods 2012-05-02 13:51:07 +02:00
de4dot
e8049c6a05 Inline some obfuscated methods 2012-05-02 10:48:44 +02:00
de4dot
db14e73369 Make sure index is correct, and add method to read arg constants 2012-05-02 10:47:21 +02:00
de4dot
b15b581c46 Deobfuscate string decrypter cctor 2012-04-30 21:47:23 +02:00
de4dot
2594317b18 Use other sb ctor 2012-04-30 12:49:43 +02:00
de4dot
1805e352c4 Disable using unknown args by default 2012-04-30 12:18:47 +02:00
de4dot
f307520e62 Decrypt DS 4.1 strings 2012-04-30 08:33:05 +02:00
de4dot
a1daee56f8 Support more types of args 2012-04-30 08:31:09 +02:00
de4dot
e29a8ea692 Update cflow deobfuscator 2012-04-30 01:29:05 +02:00
de4dot
6b18d70e77 Move common code to another class 2012-04-30 01:26:34 +02:00
de4dot
83b14da5c8 Refactor: create common cflow deob iface 2012-04-29 23:51:04 +02:00
de4dot
920f079855 Set initlocals and add an option to disable it 2012-04-29 06:16:53 +02:00
de4dot
eb17298625 Move the field 2012-04-29 04:35:58 +02:00
de4dot
48b9c461f5 Restore calls to CodeDomProvider and ICodeCompiler 2012-04-29 04:03:10 +02:00
de4dot
9333e2415c Rename class 2012-04-29 00:56:17 +02:00
de4dot
e548436ede Restore calls to Icon/Bitmap .ctor 2012-04-29 00:51:09 +02:00
de4dot
b92b23df4a Rename class and make it more general 2012-04-29 00:11:28 +02:00
de4dot
f9c78f8a8b Decrypt CS 1.x encrypted methods 2012-04-28 08:50:37 +02:00
de4dot
03e2e621ea Update detection of resource resolver type 2012-04-26 20:50:06 +02:00
de4dot
9754b01ba9 Merge branch 'master' into cs 2012-04-26 19:33:28 +02:00
de4dot
7a0804e035 Remove module references to the CS RT files 2012-04-26 17:14:54 +02:00
de4dot
7e5e7ddcd2 Find old string decrypter method 2012-04-26 16:53:52 +02:00
de4dot
67c866491d Show the correct obfuscator name 2012-04-26 16:33:55 +02:00
de4dot
6f830b8329 Remove all obfuscator attributes 2012-04-26 16:23:07 +02:00
de4dot
aa6e7c0fc2 Add addAttributesToBeRemoved() 2012-04-26 16:08:39 +02:00
de4dot
960f934c67 Update detection of CS type 2012-04-26 14:46:22 +02:00
de4dot
e10dce2d95 Check for 32-bit or 64-bit method 2012-04-26 02:31:31 +02:00
de4dot
5b97faf2dd Detect CS type when strings are encrypted, but methods aren't 2012-04-26 01:56:59 +02:00
de4dot
ab60692c2f Return the correct return value 2012-04-26 01:48:59 +02:00
de4dot
d84d2e6a6c Update CS detector and support an old string decrypter 2012-04-26 01:42:10 +02:00
de4dot
bff017a317 Throw InvalidMethodBody if IOException 2012-04-25 18:06:27 +02:00
de4dot
903db59827 Restore CS 3.0 "encrypted" methods 2012-04-25 13:49:22 +02:00
de4dot
4e89d707dc Move code to DeobUtils 2012-04-25 13:21:53 +02:00
de4dot
8a45abfd3d Stop earlier 2012-04-25 11:09:30 +02:00
de4dot
adea5b3ef6 Support latest MC build 2012-04-24 23:02:36 +02:00
de4dot
3a9422f798 Remove useless displs 2012-04-24 22:30:17 +02:00
de4dot
2b4fc0a836 Merge branch 'master' into cs 2012-04-24 11:39:31 +02:00
de4dot
eebb831c4b Update CSVM opcode handler detection code 2012-04-24 11:33:17 +02:00
de4dot
88d7607d10 Fix resolver 2012-04-24 11:25:39 +02:00
de4dot
586be53fef Fix method names 2012-04-23 19:37:05 +02:00
de4dot
7a399e7913 Rename class and update comments 2012-04-23 15:02:15 +02:00
de4dot
ea7a533027 Make fields read only 2012-04-23 15:00:42 +02:00
de4dot
b28dd6277a Fix method names 2012-04-23 14:47:05 +02:00
de4dot
0a0b491072 Copy foundSig field 2012-04-23 14:40:56 +02:00
de4dot
dba8d8ebef Use a using statement to make sure the file is closed when we return 2012-04-23 14:25:12 +02:00
de4dot
4f34e5c374 Restore .NET data directory so it can be deobfuscated 2012-04-23 02:04:34 +02:00
de4dot
790dc9f445 codeOffs should not be file offset 2012-04-22 21:26:57 +02:00
de4dot
c9fa7caf91 Decrypt CS 5.0 encrypted methods 2012-04-22 21:19:57 +02:00
de4dot
d3f1a2fd8e Decrypt CS 4.5 encrypted methods 2012-04-22 20:35:01 +02:00
de4dot
fbba6a2aa8 Decrypt methods (CS RT is embedded inside the assembly) 2012-04-22 16:18:41 +02:00
de4dot
c9f63a5866 Restore CS 4.0 "encrypted" methods 2012-04-22 15:36:26 +02:00
de4dot
59e2e51882 Throw if invalid method body 2012-04-22 14:13:48 +02:00
de4dot
1a79ffde92 Move code to a new class 2012-04-22 13:43:43 +02:00
de4dot
0d41f9e41e Remove useless field 2012-04-21 23:10:06 +02:00
de4dot
46152761ee Input could be null 2012-04-17 14:13:40 +02:00
de4dot
d637c1af9a New version: 1.8.1 2012-04-15 23:42:57 +02:00
de4dot
941929cf7a Support latest CO build 2012-04-15 23:42:11 +02:00
de4dot
9bde3dee5a New version: 1.8.0 2012-04-15 07:52:36 +02:00
de4dot
0df7b918ea Refactor 2012-04-13 05:03:52 +02:00
de4dot
a459bc107c Make sure <Module>::.cctor() only calls <CliSecureRT>::Initialize() 2012-04-13 05:03:51 +02:00
de4dot
043730e599 Ignore invalid method indexes 2012-04-11 03:11:01 +02:00
de4dot
3a8e1499f2 Use dynamic decryption if static decryption fails 2012-04-11 03:09:59 +02:00
de4dot
588373f5ff Add code to decrypt methods using the new dynamic methods decrypter 2012-04-10 21:28:22 +02:00
de4dot
1e33610ce8 Support latest MC build 2012-04-10 19:06:03 +02:00
de4dot
b97dacbc54 Merge branch 'cs' 2012-04-10 16:32:40 +02:00
de4dot
c756d543c1 Rename PE namespace 2012-04-10 16:32:15 +02:00
de4dot
c5d9cc47ba Add code to decrypt methods dynamically. 
This is not a generic methods decrypter that can decrypt any obfuscator's
encrypted methods. If it hooks compileMethod(), this code probably can
decrypt the methods. If not, a little rewriting should fix that.
 2012-04-10 16:17:45 +02:00
de4dot
ffa61e6a89 Move PE code to a common assembly 2012-04-10 15:09:59 +02:00
de4dot
553337adb7 Support EF 3.3.149 2012-04-10 03:52:18 +02:00
de4dot
2d583316cf Use the constant 2012-04-08 11:36:24 +02:00
de4dot
634e9ec023 Reverse return value 2012-04-07 06:47:19 +02:00
de4dot
11f992b0f2 Support some more instrs 2012-04-06 22:07:52 +02:00
de4dot
52d6f73f5e Add a newline 2012-04-06 16:36:07 +02:00
de4dot
1f74aeb1cf Rename variable 2012-04-06 16:25:25 +02:00
de4dot
33e2177059 Restore constrained. prefix 2012-04-06 16:08:35 +02:00
de4dot
1935e58dbf Support ldloca and ldarga 2012-04-06 16:08:09 +02:00
de4dot
5511ab833b Update ldelema type, and add unbox.any and ldobj 2012-04-06 15:38:44 +02:00
de4dot
2949862614 Print warning if we failed to restore an instr op 2012-04-06 12:33:39 +02:00
de4dot
c39e421010 Fix locals 2012-04-06 12:25:15 +02:00
de4dot
86190ede1f Print devirtualized methods 2012-04-06 11:05:06 +02:00
de4dot
7ec17b6b23 Move class to its own file 2012-04-05 20:59:50 +02:00
de4dot
237732e98e Refactor 2012-04-05 20:45:16 +02:00
de4dot
da0878d765 Restore types that are generic parameters 2012-04-05 19:38:05 +02:00
de4dot
a38fe57ec1 Add CSVM devirtualizer 2012-04-05 19:15:10 +02:00
de4dot
0adbb3e70a Move code to a new class 2012-04-05 18:05:27 +02:00
de4dot
1ead27107b Don't add to list if null 2012-04-05 17:06:27 +02:00
de4dot
9cfe8431f6 Add shared deobfuscator data/methods 2012-04-04 21:06:10 +02:00
de4dot
7c8259905b Update CO code. Fixes #39 2012-03-31 13:53:33 +02:00
de4dot
ab3c970cf4 Remove useless using statement 2012-03-29 04:52:39 +02:00
de4dot
ec775b9ef5 Support another SK string encrypter 2012-03-27 15:33:57 +02:00
de4dot
065927f702 Use the property 2012-03-27 15:23:27 +02:00
de4dot
d1e499454e Rename locals and fix problem with huge strings 2012-03-27 02:27:26 +02:00
de4dot
6e188aa7e0 Decrypt MC encrypted strings 2012-03-26 22:07:01 +02:00
de4dot
e76321aaad Remove unused method 2012-03-26 20:12:07 +02:00
de4dot
716098d33a Change locals to instance variables 2012-03-26 19:34:09 +02:00
de4dot
e62d4f910a Update detection of MC type 2012-03-24 19:35:38 +01:00
de4dot
4e042166b9 Fix getSectionHeader() 2012-03-24 19:13:58 +01:00
de4dot
b323612508 New version: 1.7.4 2012-03-23 10:14:26 +01:00
de4dot
efd317489d Support latest EF 3.3.143 2012-03-23 10:13:59 +01:00