de4dot
1b569a0d24
Support MPRESS
2012-05-28 18:00:29 +02:00
de4dot
3e6a259e8f
Add 50 more points if methods decrypter is detected
2012-05-27 07:43:26 +02:00
de4dot
c441a60372
Print CW version number
2012-05-27 07:00:13 +02:00
de4dot
eebb090827
Support old CW 2.x
2012-05-27 02:31:53 +02:00
de4dot
06a30473da
Decrypt strings encrypted with older CW version
2012-05-26 20:20:11 +02:00
de4dot
adaf41c769
Decrypt embedded assemblies
2012-05-26 17:41:08 +02:00
de4dot
3a96ae391a
Move common resolver handler detector code to DeobUtils
2012-05-26 17:33:26 +02:00
de4dot
dbd7affaa8
Update valid name regex
2012-05-26 14:40:51 +02:00
de4dot
f1c8549066
Decrypt CW encrypted strings
2012-05-26 14:38:08 +02:00
de4dot
20452fe964
Decrypt CW encrypted methods
2012-05-26 05:26:00 +02:00
de4dot
b1f5fe92be
Clear invalid method bodies
2012-05-24 16:42:04 +02:00
de4dot
1a7c89a173
New version: 1.8.4
2012-05-19 09:02:26 +02:00
de4dot
c48b2d92c2
Support AN 6.0.0.5 (new build, same version)
2012-05-19 08:59:13 +02:00
de4dot
f6c5ed1c0c
New version: 1.8.3
2012-05-15 19:06:21 +02:00
de4dot
c3cdf95fcf
Support AN 6.0.0.5
2012-05-15 19:05:47 +02:00
de4dot
d1c09c3fae
New version: 1.8.2
2012-05-13 15:06:50 +02:00
de4dot
654ebf652e
Merge branch 'ds'
2012-05-12 21:40:01 +02:00
de4dot
bec6725aa7
Rename option
2012-05-12 21:39:49 +02:00
de4dot
40898cf238
Decrypt embedded assemblies (SL)
2012-05-11 19:38:31 +02:00
de4dot
ce3622f6e8
Use the correct variable
2012-05-11 18:18:19 +02:00
de4dot
94ee4064ed
Remove namespace prefix
2012-05-11 18:17:51 +02:00
de4dot
cd014f1d72
Update fields restorer
2012-05-10 20:20:29 +02:00
de4dot
1d2a78979f
Use generic prop creator if the type has a generic parameter
2012-05-10 19:00:12 +02:00
de4dot
f05a334c11
Make sure we don't rename a key to an already existing non-renamed key
2012-05-10 18:41:21 +02:00
de4dot
0b47ccf070
Remove cflow obfuscation arrays
2012-05-10 18:38:27 +02:00
de4dot
ae7e32ae5b
Remove decrypt method and other init method
2012-05-10 13:39:14 +02:00
de4dot
c5f8aaeb1a
Dump 4.1 embedded assemblies
2012-05-09 22:24:39 +02:00
de4dot
ee32b84283
Move code to DsUtils
2012-05-09 22:20:17 +02:00
de4dot
9b9e692947
Move version specific data to their own class
2012-05-09 19:10:20 +02:00
de4dot
dadc064b55
Decrypt V4.1 resources
2012-05-09 19:00:21 +02:00
de4dot
1aaa5df9ce
Support trial string encrypter
2012-05-09 17:30:35 +02:00
de4dot
3572bdfdcc
Set maxlen to 50. Fix incorrect method sig. Make sure there are no dupes.
2012-05-09 17:28:52 +02:00
de4dot
e5a64a4402
Remove more XC attributes
2012-05-06 13:07:34 +02:00
de4dot
44fea8f185
Fix problems found while testing
2012-05-03 17:24:59 +02:00
de4dot
b27e1b36af
Add option to disable cast deobfuscation
2012-05-03 16:51:36 +02:00
de4dot
ea205dcae8
Add option to disable renaming resource keys
2012-05-03 16:48:03 +02:00
de4dot
955c1f10bd
Rename resource keys
2012-05-03 16:47:34 +02:00
de4dot
76a10b1f34
Add Data property
2012-05-03 16:40:17 +02:00
de4dot
83725200c1
Add isValidResourceKeyName()
2012-05-03 14:53:01 +02:00
de4dot
2761216e39
Add a resource reader
2012-05-03 14:34:58 +02:00
de4dot
83dc4226c1
Make sure string decrypter methods aren't detected as inlined methods
2012-05-03 09:51:26 +02:00
de4dot
870dab5b90
Fix renaming events/properties
2012-05-03 09:05:05 +02:00
de4dot
fb9e217dac
Add a cast deobfuscator
2012-05-03 08:01:35 +02:00
de4dot
c61161be1d
Ignore method attributes
2012-05-02 18:43:57 +02:00
de4dot
597fcb0210
Cflow deob methods
2012-05-02 13:51:07 +02:00
de4dot
e8049c6a05
Inline some obfuscated methods
2012-05-02 10:48:44 +02:00
de4dot
db14e73369
Make sure index is correct, and add method to read arg constants
2012-05-02 10:47:21 +02:00
de4dot
b15b581c46
Deobfuscate string decrypter cctor
2012-04-30 21:47:23 +02:00
de4dot
2594317b18
Use other sb ctor
2012-04-30 12:49:43 +02:00
de4dot
1805e352c4
Disable using unknown args by default
2012-04-30 12:18:47 +02:00
de4dot
f307520e62
Decrypt DS 4.1 strings
2012-04-30 08:33:05 +02:00
de4dot
a1daee56f8
Support more types of args
2012-04-30 08:31:09 +02:00
de4dot
e29a8ea692
Update cflow deobfuscator
2012-04-30 01:29:05 +02:00
de4dot
6b18d70e77
Move common code to another class
2012-04-30 01:26:34 +02:00
de4dot
83b14da5c8
Refactor: create common cflow deob iface
2012-04-29 23:51:04 +02:00
de4dot
920f079855
Set initlocals and add an option to disable it
2012-04-29 06:16:53 +02:00
de4dot
eb17298625
Move the field
2012-04-29 04:35:58 +02:00
de4dot
48b9c461f5
Restore calls to CodeDomProvider and ICodeCompiler
2012-04-29 04:03:10 +02:00
de4dot
9333e2415c
Rename class
2012-04-29 00:56:17 +02:00
de4dot
e548436ede
Restore calls to Icon/Bitmap .ctor
2012-04-29 00:51:09 +02:00
de4dot
b92b23df4a
Rename class and make it more general
2012-04-29 00:11:28 +02:00
de4dot
f9c78f8a8b
Decrypt CS 1.x encrypted methods
2012-04-28 08:50:37 +02:00
de4dot
03e2e621ea
Update detection of resource resolver type
2012-04-26 20:50:06 +02:00
de4dot
9754b01ba9
Merge branch 'master' into cs
2012-04-26 19:33:28 +02:00
de4dot
7a0804e035
Remove module references to the CS RT files
2012-04-26 17:14:54 +02:00
de4dot
7e5e7ddcd2
Find old string decrypter method
2012-04-26 16:53:52 +02:00
de4dot
67c866491d
Show the correct obfuscator name
2012-04-26 16:33:55 +02:00
de4dot
6f830b8329
Remove all obfuscator attributes
2012-04-26 16:23:07 +02:00
de4dot
aa6e7c0fc2
Add addAttributesToBeRemoved()
2012-04-26 16:08:39 +02:00
de4dot
960f934c67
Update detection of CS type
2012-04-26 14:46:22 +02:00
de4dot
e10dce2d95
Check for 32-bit or 64-bit method
2012-04-26 02:31:31 +02:00
de4dot
5b97faf2dd
Detect CS type when strings are encrypted, but methods aren't
2012-04-26 01:56:59 +02:00
de4dot
ab60692c2f
Return the correct return value
2012-04-26 01:48:59 +02:00
de4dot
d84d2e6a6c
Update CS detector and support an old string decrypter
2012-04-26 01:42:10 +02:00
de4dot
bff017a317
Throw InvalidMethodBody if IOException
2012-04-25 18:06:27 +02:00
de4dot
903db59827
Restore CS 3.0 "encrypted" methods
2012-04-25 13:49:22 +02:00
de4dot
4e89d707dc
Move code to DeobUtils
2012-04-25 13:21:53 +02:00
de4dot
8a45abfd3d
Stop earlier
2012-04-25 11:09:30 +02:00
de4dot
adea5b3ef6
Support latest MC build
2012-04-24 23:02:36 +02:00
de4dot
3a9422f798
Remove useless displs
2012-04-24 22:30:17 +02:00
de4dot
2b4fc0a836
Merge branch 'master' into cs
2012-04-24 11:39:31 +02:00
de4dot
eebb831c4b
Update CSVM opcode handler detection code
2012-04-24 11:33:17 +02:00
de4dot
88d7607d10
Fix resolver
2012-04-24 11:25:39 +02:00
de4dot
586be53fef
Fix method names
2012-04-23 19:37:05 +02:00
de4dot
7a399e7913
Rename class and update comments
2012-04-23 15:02:15 +02:00
de4dot
ea7a533027
Make fields read only
2012-04-23 15:00:42 +02:00
de4dot
b28dd6277a
Fix method names
2012-04-23 14:47:05 +02:00
de4dot
0a0b491072
Copy foundSig field
2012-04-23 14:40:56 +02:00
de4dot
dba8d8ebef
Use a using statement to make sure the file is closed when we return
2012-04-23 14:25:12 +02:00
de4dot
4f34e5c374
Restore .NET data directory so it can be deobfuscated
2012-04-23 02:04:34 +02:00
de4dot
790dc9f445
codeOffs should not be file offset
2012-04-22 21:26:57 +02:00
de4dot
c9fa7caf91
Decrypt CS 5.0 encrypted methods
2012-04-22 21:19:57 +02:00
de4dot
d3f1a2fd8e
Decrypt CS 4.5 encrypted methods
2012-04-22 20:35:01 +02:00
de4dot
fbba6a2aa8
Decrypt methods (CS RT is embedded inside the assembly)
2012-04-22 16:18:41 +02:00
de4dot
c9f63a5866
Restore CS 4.0 "encrypted" methods
2012-04-22 15:36:26 +02:00
de4dot
59e2e51882
Throw if invalid method body
2012-04-22 14:13:48 +02:00
de4dot
1a79ffde92
Move code to a new class
2012-04-22 13:43:43 +02:00
de4dot
0d41f9e41e
Remove useless field
2012-04-21 23:10:06 +02:00
de4dot
46152761ee
Input could be null
2012-04-17 14:13:40 +02:00
de4dot
d637c1af9a
New version: 1.8.1
2012-04-15 23:42:57 +02:00
de4dot
941929cf7a
Support latest CO build
2012-04-15 23:42:11 +02:00
de4dot
9bde3dee5a
New version: 1.8.0
2012-04-15 07:52:36 +02:00
de4dot
0df7b918ea
Refactor
2012-04-13 05:03:52 +02:00
de4dot
a459bc107c
Make sure <Module>::.cctor() only calls <CliSecureRT>::Initialize()
2012-04-13 05:03:51 +02:00
de4dot
043730e599
Ignore invalid method indexes
2012-04-11 03:11:01 +02:00
de4dot
3a8e1499f2
Use dynamic decryption if static decryption fails
2012-04-11 03:09:59 +02:00
de4dot
588373f5ff
Add code to decrypt methods using the new dynamic methods decrypter
2012-04-10 21:28:22 +02:00
de4dot
1e33610ce8
Support latest MC build
2012-04-10 19:06:03 +02:00
de4dot
b97dacbc54
Merge branch 'cs'
2012-04-10 16:32:40 +02:00
de4dot
c756d543c1
Rename PE namespace
2012-04-10 16:32:15 +02:00
de4dot
c5d9cc47ba
Add code to decrypt methods dynamically.
...
This is not a generic methods decrypter that can decrypt any obfuscator's
encrypted methods. If it hooks compileMethod(), this code probably can
decrypt the methods. If not, a little rewriting should fix that.
2012-04-10 16:17:45 +02:00
de4dot
ffa61e6a89
Move PE code to a common assembly
2012-04-10 15:09:59 +02:00
de4dot
553337adb7
Support EF 3.3.149
2012-04-10 03:52:18 +02:00
de4dot
2d583316cf
Use the constant
2012-04-08 11:36:24 +02:00
de4dot
634e9ec023
Reverse return value
2012-04-07 06:47:19 +02:00
de4dot
11f992b0f2
Support some more instrs
2012-04-06 22:07:52 +02:00
de4dot
52d6f73f5e
Add a newline
2012-04-06 16:36:07 +02:00
de4dot
1f74aeb1cf
Rename variable
2012-04-06 16:25:25 +02:00
de4dot
33e2177059
Restore constrained. prefix
2012-04-06 16:08:35 +02:00
de4dot
1935e58dbf
Support ldloca and ldarga
2012-04-06 16:08:09 +02:00
de4dot
5511ab833b
Update ldelema type, and add unbox.any and ldobj
2012-04-06 15:38:44 +02:00
de4dot
2949862614
Print warning if we failed to restore an instr op
2012-04-06 12:33:39 +02:00
de4dot
c39e421010
Fix locals
2012-04-06 12:25:15 +02:00
de4dot
86190ede1f
Print devirtualized methods
2012-04-06 11:05:06 +02:00
de4dot
7ec17b6b23
Move class to its own file
2012-04-05 20:59:50 +02:00
de4dot
237732e98e
Refactor
2012-04-05 20:45:16 +02:00
de4dot
da0878d765
Restore types that are generic parameters
2012-04-05 19:38:05 +02:00
de4dot
a38fe57ec1
Add CSVM devirtualizer
2012-04-05 19:15:10 +02:00
de4dot
0adbb3e70a
Move code to a new class
2012-04-05 18:05:27 +02:00
de4dot
1ead27107b
Don't add to list if null
2012-04-05 17:06:27 +02:00
de4dot
9cfe8431f6
Add shared deobfuscator data/methods
2012-04-04 21:06:10 +02:00
de4dot
7c8259905b
Update CO code. Fixes #39
2012-03-31 13:53:33 +02:00
de4dot
ab3c970cf4
Remove useless using statement
2012-03-29 04:52:39 +02:00
de4dot
ec775b9ef5
Support another SK string encrypter
2012-03-27 15:33:57 +02:00
de4dot
065927f702
Use the property
2012-03-27 15:23:27 +02:00
de4dot
d1e499454e
Rename locals and fix problem with huge strings
2012-03-27 02:27:26 +02:00
de4dot
6e188aa7e0
Decrypt MC encrypted strings
2012-03-26 22:07:01 +02:00
de4dot
e76321aaad
Remove unused method
2012-03-26 20:12:07 +02:00
de4dot
716098d33a
Change locals to instance variables
2012-03-26 19:34:09 +02:00
de4dot
e62d4f910a
Update detection of MC type
2012-03-24 19:35:38 +01:00
de4dot
4e042166b9
Fix getSectionHeader()
2012-03-24 19:13:58 +01:00
de4dot
b323612508
New version: 1.7.4
2012-03-23 10:14:26 +01:00
de4dot
efd317489d
Support latest EF 3.3.143
2012-03-23 10:13:59 +01:00
de4dot
8ca040f0da
Use callsMethod()
2012-03-21 03:49:28 +01:00
de4dot
7f1bad748e
Add more asm search paths
2012-03-21 03:37:10 +01:00
de4dot
ad5a759cd9
Remove useless cases
2012-03-21 03:19:26 +01:00
de4dot
1e9b20e432
Support EF obfuscated CF assemblies
2012-03-18 22:59:34 +01:00
de4dot
e1292b2930
Add some more assembly search paths
2012-03-18 19:15:33 +01:00
de4dot
353673811b
Fix problem where some WinForm property names weren't restored
2012-03-18 12:55:21 +01:00
de4dot
4b81854ea5
Restore resource names ending in ".g.resources"
2012-03-17 22:12:51 +01:00
de4dot
6f01d48593
Change getCalledMethods() return type
2012-03-17 20:36:41 +01:00
de4dot
0b858c47ed
Support DS obfuscated SL assemblies
2012-03-17 15:02:48 +01:00
de4dot
37450a1515
Support old DS 3.0.3.41 - 3.0.4.44
2012-03-17 14:11:37 +01:00
de4dot
48c7d40fb6
Inline method
2012-03-17 11:19:03 +01:00
de4dot
a3b052d15c
Should be "continue"
2012-03-17 11:18:52 +01:00
de4dot
9ecc5a313f
Support EF obfuscated SL assemblies
2012-03-16 23:22:24 +01:00
de4dot
d9aec67fcb
Rename
2012-03-16 22:39:50 +01:00
de4dot
996a245ba3
New version: 1.7.3
2012-03-15 23:39:42 +01:00
de4dot
ce9add13cb
Support CO obfuscated SL/CF assemblies
2012-03-15 22:36:23 +01:00
de4dot
0537a2edce
Use getModuleTypeCctor()
2012-03-15 09:38:52 +01:00
de4dot
67cb85e7ce
Update detection of obfuscator types
2012-03-15 09:15:12 +01:00
de4dot
e4fe749559
Use hasInteger() method
2012-03-15 02:19:35 +01:00
de4dot
27f382a017
Support a (new?) version of CryptoObfuscator. Fixes #33
2012-03-14 22:28:20 +01:00
de4dot
a405edf0fd
Support latest DeepSea version (4.0.4.32)
2012-03-13 20:37:33 +01:00
de4dot
ada90b1294
Add another CO detection check
2012-03-13 20:27:41 +01:00
de4dot
e949d8c926
Add support for latest EF 3.3.136
2012-03-13 09:26:40 +01:00
de4dot
8c5c055066
New version: 1.7.2
2012-03-11 15:59:36 +01:00
de4dot
7e1bf542af
Support a new EF 3.3 version that was released 1-2 days ago
2012-03-11 15:59:25 +01:00
de4dot
f5ee6e3e5e
Move dll files to a bin sub dir
2012-03-10 20:47:42 +01:00
de4dot
7d4c791575
Update detection of SA v2 string decrypter
2012-03-10 05:32:50 +01:00
de4dot
fafa60c4c9
Update expressions
2012-03-10 05:31:07 +01:00
de4dot
8b220697e0
New version: 1.7.1
2012-03-08 19:51:02 +01:00
de4dot
4e997910e4
Update detection of string decrypter type
2012-03-08 19:21:54 +01:00
de4dot
a41ea0969f
Call initAllTypes() before resolveAllRefs() to make sure baseType is initialized
2012-03-08 19:03:43 +01:00
de4dot
51fe58c4cd
Merge branch 'new_code'
2012-03-08 18:03:25 +01:00
de4dot
38fb775a7e
Use hasReturnValue() method
2012-03-08 18:03:12 +01:00
de4dot
3cde99b2e7
Remove overrides field
2012-03-08 17:57:35 +01:00
de4dot
4a7b4f4111
Update name regex
2012-03-08 16:15:19 +01:00
de4dot
674201e98c
Rename
2012-03-08 13:23:01 +01:00
de4dot
072bb4b5ce
Update code since cecil removed global asm resolver
2012-03-08 11:09:51 +01:00
de4dot
b4525ed58d
Support EF 3.3
2012-03-06 10:43:06 +01:00
de4dot
5c943d759d
Check base types for property/field
2012-03-03 18:23:53 +01:00
de4dot
77f1f2de67
Rename custom attribute fields and properties
2012-03-03 06:13:35 +01:00
de4dot
c3c92ebfaa
New version: 1.7.0
2012-03-01 22:14:23 +01:00
de4dot
48d6a3b6fc
Merge branch 'mc'
2012-03-01 22:10:36 +01:00
de4dot
86987518d6
Method should not be public
2012-02-29 11:41:07 +01:00
de4dot
9bf30e165c
Rename classes
2012-02-29 11:41:06 +01:00
de4dot
9791e63e51
Engrish
2012-02-29 11:41:05 +01:00
de4dot
8740ba8419
Rename variable
2012-02-29 11:41:04 +01:00
de4dot
167368f488
Attributes are worth less
2012-02-29 00:13:57 +01:00
de4dot
b27635f493
Remove sealed flag from interfaces
2012-02-28 23:57:48 +01:00
de4dot
ec30ec7b07
Add CF 2.0/3.5, SL 2.0 ref asm search paths
2012-02-28 22:36:35 +01:00
de4dot
e6d0c4a043
Move version detection to a new class
2012-02-28 22:30:22 +01:00
de4dot
77228ecfca
Update name regex
2012-02-28 22:24:08 +01:00
de4dot
68b4315e95
Update detection of the type and remove another type
2012-02-28 20:49:03 +01:00
de4dot
269b695245
Update detection of that type
2012-02-28 20:44:05 +01:00
de4dot
c970e1f6ca
Support v3.0 - 3.1
2012-02-28 19:42:19 +01:00
de4dot
acb53f535b
Throw if init fails
2012-02-28 18:18:13 +01:00
de4dot
f37e5a12d0
Restore calls to Assembly::GetManifestResourceXXX methods
2012-02-28 18:17:33 +01:00
de4dot
d740a3f5f6
Move GetManifestResourceStream code to a new class
2012-02-28 18:14:41 +01:00
de4dot
e72fb7220a
Decrypt embedded assemblies and resources
2012-02-27 23:43:45 +01:00
de4dot
9bab65640c
Refactor
2012-02-27 12:55:37 +01:00
de4dot
3c480f4c6c
Add another warning message
2012-02-27 01:51:44 +01:00
de4dot
cee04d3bba
master was updated
2012-02-26 22:57:55 +01:00
de4dot
cf76c14b4b
Merge branch 'master' into mc
2012-02-26 22:55:06 +01:00
de4dot
efec6625ef
Update detection of EF 3.0 and 3.1
2012-02-26 22:54:28 +01:00
de4dot
2bff1242c1
Add static EF string decrypter
2012-02-26 22:48:43 +01:00
de4dot
da1d649ef4
Make sure no generic methods are inlined
2012-02-25 06:33:38 +01:00
de4dot
10ceb12e30
Change return type to IEnumerable<int>
2012-02-25 06:25:40 +01:00
de4dot
48758be8f0
Use a new class instead of the dict
2012-02-25 06:14:19 +01:00
de4dot
d09938ca47
Remove classes with null base type
2012-02-25 05:28:32 +01:00
de4dot
330be994a1
Restore indentation
2012-02-25 05:22:30 +01:00
de4dot
5288b4b3d2
Make sure enum instance field has proper flags set (make peverify happy)
2012-02-25 05:15:42 +01:00
de4dot
b000112abc
Merge branch 'master' into mc
2012-02-23 17:16:00 +01:00
de4dot
fb832ca3de
New version: 1.6.1
2012-02-23 16:25:47 +01:00
de4dot
4ec4bb1d65
MC actually does rename symbols so add an updated regex
2012-02-23 11:52:19 +01:00
de4dot
6e8b32df21
Reverse sort comments
2012-02-23 10:59:02 +01:00
de4dot
7c4f014da3
Support old MC 3.2
2012-02-22 12:38:02 +01:00
de4dot
59ee55105d
Support some older MC version
2012-02-22 12:14:15 +01:00
de4dot
435d3303c3
Merge branch 'master' into mc
2012-02-21 17:33:45 +01:00
de4dot
538e4f738d
Fix issue #24 . Don't remove decrypter type if there was an error
2012-02-21 17:14:02 +01:00
de4dot
e5145fcca9
Remove MC type and module refs
2012-02-21 12:01:39 +01:00
de4dot
7bc3930df9
Decrypt resources
2012-02-21 11:51:19 +01:00
de4dot
58a94a8420
Decrypt methods protected with older MC version
2012-02-21 09:26:05 +01:00
de4dot
eb223537f0
Decrypt methods (decryption #1-4, not #5-7)
2012-02-20 17:20:29 +01:00
de4dot
b422e08fb1
Add lookup() method for ModuleReferences
2012-02-20 17:18:22 +01:00
de4dot
0c3aca32b9
Update code to handle MethodDefPtr table
2012-02-20 17:17:55 +01:00
de4dot
6d2435377f
Merge branch 'master' into mc
2012-02-20 05:59:08 +01:00
de4dot
b093e4c918
Copy license text files to output directory
2012-02-20 05:58:58 +01:00
de4dot
8536e211dd
Detect MC
2012-02-20 04:58:46 +01:00
de4dot
fc497b1688
Add MaxtoCode files
2012-02-20 03:48:59 +01:00
de4dot
d7afc66c6d
Don't remove string decrypter type if there's still code calling it
2012-02-19 00:50:08 +01:00
de4dot
e18ff9aea1
Don't remove string decrypter types if there was an error decrypting strings
2012-02-18 08:08:00 +01:00
de4dot
2c969446b0
Add InlinedAllCalls property
2012-02-18 07:56:53 +01:00
de4dot
8b059bcea7
These messages should be warnings
2012-02-18 07:52:58 +01:00
de4dot
9e16d9cd40
Rename method
2012-02-13 11:28:08 +01:00
de4dot
5579323b3e
Print warning if I/O exception
2012-02-13 11:16:38 +01:00
de4dot
981472cd91
Methods should be static and have a body
2012-02-13 11:11:08 +01:00
de4dot
a35c765f15
Rename method
2012-02-13 10:20:11 +01:00
de4dot
f7abb70475
New version: 1.6.0
2012-02-12 18:07:53 +01:00
de4dot
179ea6d6fd
Only string decrypter method is worth 100 points
2012-02-12 16:56:26 +01:00
de4dot
3e3be639e5
Move reading variable length int32 code to DeobUtils
2012-02-12 16:54:48 +01:00
de4dot
67efd5e7e7
Rename namespace to Eazfuscator_NET
2012-02-12 16:46:39 +01:00
de4dot
c2d13d9059
Remove all invalid methods
2012-02-12 16:29:29 +01:00
de4dot
4691c805d8
Ignore invalid methods
2012-02-12 16:25:12 +01:00
de4dot
46f23ce89d
Add InvalidMethodsFinder
2012-02-12 16:24:59 +01:00
de4dot
c15773b709
Merge branch 'cv' into next_version
...
Conflicts:
blocks/DotNetUtils.cs
2012-02-12 14:47:24 +01:00
de4dot
c73fcfc1d0
Remove CV type if it is empty
2012-02-12 14:38:42 +01:00
de4dot
5ce1f74263
Position has already been set to 0
2012-02-12 14:29:11 +01:00
de4dot
037cb5bc68
Decrypt the remaining (EREX) resources
2012-02-12 14:28:53 +01:00
de4dot
9a6bd53cb9
Remove obfuscator obfuscator bundle types
2012-02-12 13:38:23 +01:00
de4dot
ded45dcb7a
Remove proxy method types and main type
2012-02-12 13:00:38 +01:00
de4dot
ff55be46b6
Rename getField() to getFieldByName() and add a real getField() method
2012-02-12 12:53:36 +01:00
de4dot
8999eb8e0f
Remove CV main type methods if < v5.0
2012-02-12 12:08:46 +01:00
de4dot
42f66c3948
Fix detection; 3.2 doesn't have those extra fields
2012-02-12 12:03:55 +01:00
de4dot
d6327b401e
Remove all anti-reflection types
2012-02-12 11:39:00 +01:00
de4dot
80d338637e
Add method to remove classes with no base type
2012-02-12 11:35:18 +01:00
de4dot
18cd71ecdc
Update detection (v5.0)
2012-02-11 23:39:37 +01:00
de4dot
070acc59f1
Bail out earlier if not encrypted
2012-02-11 23:23:51 +01:00
de4dot
91f7d2cb51
Find and remove resource decrypter types
2012-02-11 23:23:25 +01:00
de4dot
c18bed7d69
Add namespace
2012-02-11 23:11:54 +01:00
de4dot
bffbe419d5
Add hasInteger() method
2012-02-11 23:11:41 +01:00
de4dot
d44db9871e
Add log message that we have decrypted a resource
2012-02-11 21:51:48 +01:00
de4dot
57b947a3da
Add InvalidDataException
2012-02-11 21:49:22 +01:00
de4dot
8b2ef5d6bb
Update if expression
2012-02-11 21:43:26 +01:00
de4dot
cd7d3724c3
Move fields from binder to exception
2012-02-11 21:30:54 +01:00
de4dot
9050af8a03
Refactor method
2012-02-11 19:34:07 +01:00
de4dot
ccd7d2ac79
Decrypt .resources files
2012-02-11 16:46:39 +01:00
de4dot
e5a72396c2
Remove length parameter from xxxteaDecrypt()
2012-02-11 16:46:02 +01:00
de4dot
76d9e87c3c
Add code to write .resources files
2012-02-11 16:43:53 +01:00
de4dot
ae97752d9c
Set data field to a 1-byte array
2012-02-09 10:14:59 +01:00
de4dot
ba399609c7
Initialize otherInitMethods in 2nd ctor
2012-02-09 10:14:29 +01:00
de4dot
45bf016a2e
Rename method
2012-02-09 10:14:08 +01:00
de4dot
15713a2b38
Check assembly for null (it could be a netmodule)
2012-02-08 22:01:10 +01:00
de4dot
d5089fa888
Remove kill type in deobfuscateBegin()
2012-02-08 19:54:05 +01:00
de4dot
b5c8a89b32
Remove init method calls called from .ctors
2012-02-08 19:40:17 +01:00
de4dot
a8d6aac306
Update detection of tamper detection types when proxy calls are enabled
2012-02-08 19:36:58 +01:00
de4dot
04247b5533
Remove most calls to main CV type
2012-02-08 19:21:00 +01:00
de4dot
c757139357
Remove string decrypter type
2012-02-08 18:58:06 +01:00
de4dot
98c8ea49e9
Remove tamper detection code
2012-02-08 18:40:24 +01:00
de4dot
1583552825
Make sure rvas list is never null
2012-02-08 16:14:07 +01:00
de4dot
780da4a0ad
Update detection of encrypted methods data
2012-02-08 15:52:39 +01:00
de4dot
fa6b0d4054
Move detection of CV main type to its own class
2012-02-08 15:40:11 +01:00
de4dot
bb89ce2983
Remove method since base class now has the same method
2012-02-08 15:19:45 +01:00
de4dot
1e3daf3b45
Dump embedded assemblies
2012-02-08 12:33:02 +01:00
de4dot
09e840923d
Search for sig starting from _stub RVA
2012-02-08 09:29:49 +01:00
de4dot
a8d4b38c79
Mover version info to a new ObfuscatorVersion enum
2012-02-08 08:55:45 +01:00
de4dot
0e89c0fc35
Only check Version property if methods decrypter was found
2012-02-08 08:50:36 +01:00
de4dot
776fd7f69f
Speed up finding V5 methods decrypter type
2012-02-07 15:17:41 +01:00
de4dot
1076218a81
Detect CV version
2012-02-07 15:05:27 +01:00
de4dot
6ab0748bdd
Decrypt V5 encrypted methods
2012-02-07 14:55:20 +01:00
de4dot
f11c51830f
Make sure info is copied
2012-02-07 14:53:58 +01:00
de4dot
97d09c4c65
Make method accessible by sub classes
2012-02-07 14:53:34 +01:00
de4dot
3276f433c9
Add code to detect V5 methods decrypter
2012-02-07 05:08:02 +01:00
de4dot
0aeee176cc
Merge v3-v4 and v5 code
2012-02-07 04:45:59 +01:00
de4dot
f1a1188409
Add a new ctor to copy values from old instance
2012-02-07 04:45:04 +01:00
de4dot
8f9cc6d290
Re-use v3-v4 string decrypter
2012-02-07 03:03:49 +01:00
de4dot
d512889833
Fix 'shadow calls' obfuscation
2012-02-07 02:07:31 +01:00
de4dot
c2313110b8
Add getDelegateTypes() and fix findProxyCall()
2012-02-07 02:02:49 +01:00
de4dot
ad8a5078fe
Rename method
2012-02-07 00:42:32 +01:00
de4dot
2ccb35afb0
Add CV5 files
2012-02-06 15:55:35 +01:00
de4dot
26bf21a84e
Show obfuscator version
2012-02-06 15:55:14 +01:00
de4dot
b39725f12f
Remove useless 'using'
2012-02-06 15:52:19 +01:00
de4dot
0d6542e383
Move v3-v4 code to a sub dir
2012-02-06 15:49:27 +01:00
de4dot
da3a28f0a8
Move (and rename) XXTEA decrypt func to DeobUtils
2012-02-06 08:22:55 +01:00
de4dot
b867301797
Update valid name regex
2012-02-06 08:20:04 +01:00
de4dot
b3750f9d4c
Initialize its token field
2012-02-05 23:04:24 +01:00
de4dot
542c6bb213
Support 3.2 methods decrypter
2012-02-05 22:49:10 +01:00
de4dot
d5c3a6964b
Support 4.0 methods decrypter
2012-02-05 21:27:36 +01:00
de4dot
1903cf8607
KILL type is only worth 10 points
2012-02-05 19:01:49 +01:00
de4dot
9e4b29034f
Finish getStringDecrypterMethods() method
2012-02-05 18:59:29 +01:00
de4dot
191fbb84b0
Use new getInitializedUInt32Array() method
2012-02-05 18:56:05 +01:00
de4dot
c8c4e3341c
Add getInitializedUInt32Array() method
2012-02-05 18:55:48 +01:00
de4dot
d6ff8b515d
Add string decrypter
2012-02-05 18:47:31 +01:00
de4dot
029c049bf6
Move readVariableLengthInteger() to DeobUtils
2012-02-05 18:46:14 +01:00
de4dot
0b43c77fdb
Add missing call to removeNewlines()
2012-02-05 18:45:41 +01:00
de4dot
29c5cfc9c8
Don't stop if 2nd instr is also a store
2012-02-05 18:45:04 +01:00
de4dot
23c72927b5
Add CV and methods decrypter
2012-02-05 16:17:47 +01:00
de4dot
82cc64bd77
Add Sections property
2012-02-05 16:14:46 +01:00
de4dot
84f322dbcf
Rename method. Ignore generic methods.
2012-02-03 16:21:59 +01:00
de4dot
3caad72275
Print new resource name
2012-02-03 14:35:42 +01:00
de4dot
ed9addb385
Make sure only valid methods are restored
2012-02-03 14:24:39 +01:00
de4dot
0cc88ba39f
Restore resource names
2012-02-03 13:22:37 +01:00
de4dot
ebfb88b6f1
Don't try to inline methods without a body or no instrs
2012-02-03 11:10:48 +01:00
de4dot
bc6630f760
Detect other SN attribute
2012-02-03 10:45:31 +01:00
de4dot
022bbe15af
Update name regex
2012-02-03 10:44:58 +01:00
de4dot
3a49d2a603
Remove encrypted strings field type
2012-02-03 10:13:41 +01:00
de4dot
33010b65a7
Add option to remove namespaces with only one type in it
2012-02-03 10:07:44 +01:00
de4dot
1008e91524
Don't restore method bodies from outside types
2012-02-03 10:05:31 +01:00
de4dot
95b835895b
Inline the remaining methods
2012-02-03 09:44:35 +01:00
de4dot
c09bbf0d01
Restore bodies and update calls to real instance method
2012-02-03 09:21:15 +01:00
de4dot
e67ecfdff4
Remove the methods types
2012-02-03 06:33:54 +01:00
de4dot
9a87a2658f
Restore method bodies
2012-02-03 04:26:55 +01:00
de4dot
814ca402bf
Detect classes created by the obfuscator
2012-02-03 03:03:19 +01:00
de4dot
3ce28aebb0
Inline methods
2012-02-02 10:55:30 +01:00
de4dot
b3f17a27a3
Add SN string decrypter
2012-02-02 06:56:14 +01:00
de4dot
36b4806858
Remove useless code and add getArrays() method
2012-02-02 06:54:10 +01:00
de4dot
f3525d8980
New version: 1.5.1
2012-02-01 08:09:40 +01:00
de4dot
ce7dc67848
Fix Issue #19
2012-01-30 09:12:26 +01:00
de4dot
a7fa23e2d8
New version: 1.5.0
2012-01-29 18:58:26 +01:00
de4dot
a69b17e06d
Support embedded assemblies (Silverlight)
2012-01-29 18:30:07 +01:00
de4dot
26a3e14d2c
Update fields restorer since 2+ types can share same struct
2012-01-29 05:06:21 +01:00
de4dot
55dcb0881d
Update code since master was updated
2012-01-28 18:40:35 +01:00
de4dot
0f9184e9be
Merge branch 'master' into newcode
2012-01-28 18:38:09 +01:00
de4dot
1141a451ac
Update resource renamer code.
...
- Faster code
- Renames resource even if it doesn't end in '.resources'
2012-01-28 18:37:02 +01:00
de4dot
915018c2fc
Use a better method dictionary
2012-01-28 02:54:12 +01:00
de4dot
f75075ab15
Add XNA assembly search paths
2012-01-28 00:32:27 +01:00
de4dot
257456fd8b
Speed up renaming by storing less names in the typeNames dict.
...
merge() was pretty slow but is much faster now.
2012-01-28 00:17:00 +01:00
de4dot
9e1412a6ae
Use TryGetValue to speed it up a little
2012-01-27 05:54:30 +01:00
de4dot
50e7d28ddf
Speed up method param renaming code
2012-01-27 05:39:25 +01:00
de4dot
887ee7c9e8
Fix method signature
2012-01-27 01:02:17 +01:00
de4dot
247cb2be20
Compare ElementType instead of calling verifyType for speed
2012-01-26 22:40:19 +01:00
de4dot
66969a4e92
Remove old code
2012-01-25 06:28:25 +01:00
de4dot
71d18ce688
Remove useless cast
2012-01-25 06:22:47 +01:00
de4dot
cb791a43ae
Compare by reference since both are field defs
2012-01-25 06:15:33 +01:00
de4dot
c3b9b840e4
Code should return true
2012-01-25 05:47:34 +01:00
de4dot
2684ccab93
Create a unique metadata token since renamer depends on it
2012-01-24 17:51:22 +01:00
de4dot
26b2de90af
Fix format string: missing {1}
2012-01-24 17:11:45 +01:00
de4dot
e9d7f3dbfb
Restore fields
2012-01-24 17:10:11 +01:00
de4dot
e00ca9a7d2
Merge branch 'master' into newcode
2012-01-24 15:15:07 +01:00
de4dot
fb1a45c5a4
Create a new unique GUID that depends on the module
2012-01-24 15:14:57 +01:00
de4dot
94f3fc9369
Lower num required found proxies
2012-01-24 14:54:23 +01:00
de4dot
8fbcdeb060
Make sure it gets an RVA, and change field type to byte
2012-01-24 09:06:54 +01:00
de4dot
5c98e81e78
Ignore base64 decode exception
2012-01-24 07:39:07 +01:00
de4dot
ab0fa2631e
Resource must be returned...
2012-01-24 05:25:02 +01:00
de4dot
95462d8dda
Dump V4 embedded assemblies
2012-01-24 05:08:24 +01:00
de4dot
a80482751d
Add extra check to make sure we detect the correct method
2012-01-24 04:44:23 +01:00
de4dot
ed00c5f2c5
Make sure it is static
2012-01-24 04:24:44 +01:00
de4dot
6ceea06f5b
Decrypt V4 resources
2012-01-24 03:22:59 +01:00
de4dot
2c8e685910
Ignore prefixes
2012-01-24 02:31:57 +01:00
de4dot
88c8dcbb7a
Detect V3.5
2012-01-24 01:01:30 +01:00
de4dot
d59fa86515
Print DS version
2012-01-24 00:41:09 +01:00
de4dot
da0cf08b33
Merge branch 'master' into newcode
2012-01-23 23:19:59 +01:00
de4dot
613a97906a
Make sure method hasn't been removed
2012-01-23 23:16:01 +01:00
de4dot
f9ed9e403f
Support V4 string decryptor
2012-01-23 23:13:04 +01:00
de4dot
4cfa0cf1f3
Update detection of methods to inline
2012-01-23 23:11:39 +01:00
de4dot
40a6a79d86
Merge branch 'master' into newcode
2012-01-23 15:27:29 +01:00
de4dot
568d2dd4a7
Add more assembly search paths
2012-01-23 15:27:23 +01:00
de4dot
92dfef7e93
Merge branch 'master' into newcode
2012-01-23 09:57:00 +01:00
de4dot
cf1ed9fb64
Use a MethodDefKey
...
Fixes problem when a class implements an interface that its base class
also implements, but those interfaces are in two different assemblies
(different version, eg. mscorlib 2.0 and mscorlib 4.0).
2012-01-23 09:14:50 +01:00
de4dot
8e92ddf790
Merge branch 'master' into newcode
2012-01-22 23:47:47 +01:00
de4dot
52e7b2926f
Use non-renamable prop/event since it should be valid
2012-01-22 23:47:35 +01:00
de4dot
981975b750
Make sure we don't dump resource resolver's resource
2012-01-22 23:46:32 +01:00
de4dot
0ac8c944e5
Add call to stringDecryptersAdded()
2012-01-22 20:02:05 +01:00
de4dot
991a5281ab
Add DS obfuscator support
2012-01-22 19:58:31 +01:00
de4dot
080a11c437
Merge branch 'master' into newcode
2012-01-22 19:53:27 +01:00
de4dot
5876526151
Add getInitializedInt16Array() and stop earlier
2012-01-22 19:33:36 +01:00
de4dot
8c645504fe
Add method to find resource from strings in code
2012-01-22 13:00:17 +01:00
de4dot
bf1843ade4
Add an inflate() overload
2012-01-22 12:59:51 +01:00
de4dot
7962de961c
Add getModuleTypeCctor() method
2012-01-22 11:15:14 +01:00
de4dot
fde26c0bd2
Split method
2012-01-21 22:16:07 +01:00
de4dot
ba04092060
Call stringDecryptersAdded() after adding string decrypters
2012-01-21 22:15:53 +01:00
de4dot
1371392b4a
master was updated
2012-01-21 20:33:34 +01:00
de4dot
5a4d41cf45
Merge branch 'master' into newcode
2012-01-21 20:32:33 +01:00
de4dot
2dadd773ec
Use ParameterDefinition.Sequence
2012-01-21 20:31:47 +01:00
de4dot
2e605b5117
Merge branch 'master' into newcode
2012-01-21 14:19:52 +01:00
de4dot
f3f8975f01
If instance explicit, 'this' is 1st param
2012-01-20 19:30:40 +01:00
de4dot
77f4d9ee0c
Derive from ValueInlinerBase
2012-01-19 19:23:34 +01:00
de4dot
8c90c7b494
master was updated
2012-01-19 19:19:08 +01:00
de4dot
68b78b0081
Merge branch 'master' into newcode
2012-01-19 19:17:55 +01:00
de4dot
7f5401625e
Rename classes
2012-01-19 19:16:44 +01:00
de4dot
45ff4af573
Remove detection of Babel in Unknown obfuscator
2012-01-19 05:42:00 +01:00
de4dot
dc042d2f9a
Decrypt V2 encrypted strings
2012-01-19 05:38:58 +01:00
de4dot
ce76cc7810
Merge branch 'master' into newcode
2012-01-18 08:27:38 +01:00
de4dot
04903f0f9b
Don't append a 0 to props when we've found the real name
2012-01-18 08:14:06 +01:00
de4dot
ff6a8d4b6f
Dump embedded assemblies before decrypting methods
2012-01-18 07:53:06 +01:00
de4dot
49c06dec64
Dump embedded assemblies
2012-01-18 07:43:03 +01:00
de4dot
6ec1222657
Move common code to BabelUtils
2012-01-18 07:38:35 +01:00
de4dot
ed31063b1b
Merge branch 'master' into newcode
2012-01-18 06:15:31 +01:00
de4dot
2ad9a9a087
New version: 1.4.4
2012-01-17 05:46:06 +01:00
de4dot
a92bbbe9c3
Warn if method isn't found since some obfuscators are buggy.
2012-01-17 05:44:22 +01:00
de4dot
788488dffa
New version: 1.4.3
2012-01-17 03:01:48 +01:00
de4dot
5cb5f41d4a
Support latset version of SA
2012-01-17 02:54:48 +01:00
de4dot
7c3e6f122a
Merge branch 'master' into newcode
2012-01-14 12:40:54 +01:00
de4dot
3d48bceda3
New version: 1.4.2
2012-01-14 12:40:41 +01:00
de4dot
6c20e18b4d
master was updated so fix code here
2012-01-14 12:37:20 +01:00
de4dot
48361ae809
Merge branch 'master' into newcode
2012-01-14 12:35:11 +01:00
de4dot
5f6841e317
Add HasHandlers property to base class
2012-01-14 12:34:42 +01:00
de4dot
f19be8019e
Don't remove any types/methods/etc if it's an unknown obfuscator
2012-01-14 12:27:03 +01:00
de4dot
5e3b4a1414
Add some checks
2012-01-14 12:19:17 +01:00
de4dot
f0ff8df76a
Use the method in InitializedDataCreator
2012-01-14 12:16:05 +01:00
de4dot
06e8b9f654
Use the new Int32ValueInliner class
2012-01-14 12:04:59 +01:00
de4dot
b71e8fdfdc
Remove newlines from names when calling the logger
2012-01-14 11:59:01 +01:00
de4dot
c069d8005c
Use methods in DotNetUtils
2012-01-14 11:53:38 +01:00
de4dot
ed918c6993
Call Dispose() after decrypting methods
2012-01-14 11:46:00 +01:00
de4dot
75c8747a0f
Merge branch 'master' into newcode
2012-01-14 11:41:20 +01:00
de4dot
7b93497bc6
Update detection code
2012-01-14 11:39:49 +01:00
de4dot
6b4a462757
Support v3.0
2012-01-14 10:37:15 +01:00
de4dot
e53f4d043d
Proxy calls can be proxied
2012-01-13 21:30:49 +01:00
de4dot
948cdb47e3
Fix what was updated in master
2012-01-13 21:30:29 +01:00
de4dot
c583891151
Merge branch 'master' into newcode
2012-01-13 21:26:48 +01:00
de4dot
b214eaa3c9
Add option to keep deobfuscating deobfuscated calls
2012-01-13 21:26:31 +01:00
de4dot
c28b575f7a
Add MethodCallInliner prop to cflow deob class
2012-01-11 06:44:44 +01:00
de4dot
17327902c3
Refactor method call inliner code
2012-01-11 04:38:02 +01:00
de4dot
dfb2332116
Print the version number
2012-01-11 02:35:02 +01:00
de4dot
f18ed0d6fe
Merge branch 'master' into newcode
2012-01-10 19:59:27 +01:00
de4dot
b30ccda1f9
Add method to remove the assembly info
2012-01-10 02:36:39 +01:00
de4dot
9800f91d12
Update copyright years
2012-01-09 23:04:52 +01:00
de4dot
0dbe743563
Merge branch 'master' into newcode
2012-01-09 23:02:58 +01:00
de4dot
0d0a40376d
Update copyright years
2012-01-09 23:02:47 +01:00
de4dot
0612320ffd
Add better detection of our base dir
2012-01-09 22:59:26 +01:00
de4dot
294ae6bc5e
Show message if more than one obfuscator is detected
2012-01-09 22:47:29 +01:00
de4dot
edd855ad19
Merge branch 'master' into newcode
2012-01-09 07:55:09 +01:00
de4dot
665a170b9b
Make sure HasFieldRVA flag is set
2012-01-09 07:55:01 +01:00
de4dot
a717f5895a
Merge branch 'master' into newcode
2012-01-09 06:14:09 +01:00
de4dot
6a8a036687
Add another check to detect COM type
2012-01-09 06:13:55 +01:00
de4dot
c9e5b8e91e
Update code to handle v3.5 obfuscated assemblies
2012-01-09 05:50:32 +01:00
de4dot
1805022073
Merge branch 'master' into newcode
2012-01-09 05:30:49 +01:00
de4dot
fd12b92e4b
Update detection due to new cflow deob code
2012-01-09 03:19:13 +01:00
de4dot
496941258a
Support v4.2
2012-01-08 21:48:37 +01:00