monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,778 Commits 2 Branches 1 Tag 5 MiB
df2c8dc27f
Commit Graph

1390 Commits

Author SHA1 Message Date
de4dot
c5f2043a6e Port SmartAssembly deobfuscator 2012-11-18 17:07:02 +01:00
de4dot
cca8eba9ed Port ILProtector deobfuscator 2012-11-18 08:13:51 +01:00
de4dot
db223d089b Port MaxtoCode deobfuscator 2012-11-18 07:34:51 +01:00
de4dot
2e61a8a757 Move disposing of module to caller 
The reason is that some deobfuscators require it to be non-disposed
when their reload() method is called.
 2012-11-18 07:32:57 +01:00
de4dot
9a8218e68f Add Logger.LogErrorDontIgnore() 2012-11-18 03:20:40 +01:00
de4dot
0e16e3e51b Dispose() of all modules we don't need 2012-11-18 03:17:53 +01:00
de4dot
1c4b3a7382 Port Goliath.NET deobfuscator 2012-11-18 03:02:12 +01:00
de4dot
c596f5ddfc Port Eazfuscator.NET deobfuscator 2012-11-18 01:09:07 +01:00
de4dot
33645432f1 Fix TypesRestorer porting bug 2012-11-18 00:20:07 +01:00
de4dot
e5ab5ee23c Re-encrypt x86 methods if any (DNR v4.x) 2012-11-17 23:49:19 +01:00
de4dot
d52a1014ef Port .NET Reactor v4.x deobfuscator 2012-11-17 18:57:36 +01:00
de4dot
413a032e0a Port .NET Reactor v3.x deobfuscator 2012-11-17 15:46:02 +01:00
de4dot
7e1d16dafb Clear RVA when resetting field type and initial value 2012-11-17 11:45:24 +01:00
de4dot
6a7ddbaa56 Update code; submodule was updated 2012-11-16 23:50:52 +01:00
de4dot
4be5776da7 Also add all methods found in VTableFixups 2012-11-16 20:52:10 +01:00
de4dot
0dc129d340 Fix renaming of non-external pinvoke methods 2012-11-16 02:15:36 +01:00
de4dot
686f9953fd Also remove Spices.Net watermark attribute 2012-11-14 21:45:12 +01:00
de4dot
9e708ed4fd Ignore req/opt modifiers 2012-11-14 21:44:57 +01:00
de4dot
475c597a60 Port Spices.Net deobfuscator 2012-11-14 19:29:29 +01:00
de4dot
445b68f4f5 Don't treat System.Void as a value type 2012-11-14 19:28:46 +01:00
de4dot
226d18dff7 Only set ILOnly if there are no native methods 2012-11-14 11:33:47 +01:00
de4dot
6d43a7d6ee Update code since submodule was updated 2012-11-14 10:23:29 +01:00
de4dot
76d898a285 Keep extra PE data and keep orig Win32 resources 2012-11-13 07:45:34 +01:00
de4dot
8c228e6e70 Also preserve #Blob offsets when preserving MD tokens 2012-11-13 07:44:25 +01:00
de4dot
3bd00c99bc Use NativeModuleWriterOptions when saving a mixed-mode assembly 2012-11-13 07:42:35 +01:00
de4dot
2f6e5badb1 Update code since submodule got updated 2012-11-12 22:06:13 +01:00
de4dot
ac9168599b Use IPEImage.FindWin32ResourceData() 2012-11-12 04:40:48 +01:00
de4dot
3646bca56b Align the numbers 2012-11-11 16:56:29 +01:00
de4dot
99b38ac22f Don't Dispose() of the resource data reader 2012-11-11 14:46:00 +01:00
de4dot
c47039c2ef Don't call logger.v() unless verbose log level is enabled 2012-11-11 11:37:40 +01:00
de4dot
5a9d76e8c7 Speed up DeepSea string decrypter detector 2012-11-11 07:54:26 +01:00
de4dot
b152362088 Update logger 
- It's not static anymore
- It implements ILogger
- It can ignore errors/warnings but an option to disable it
 2012-11-11 05:41:54 +01:00
de4dot
7b0ba43248 UTF8String was moved to DotNet ns. Fix code 2012-11-10 00:45:04 +01:00
de4dot
311a3c9c05 Remove now useless using statements 2012-11-10 00:02:11 +01:00
de4dot
73e15c0919 Change method sig to take a IPEImage instead of a PEImage 2012-11-09 11:34:23 +01:00
de4dot
d47a03f51a Unpack CS packed files 2012-11-09 11:32:29 +01:00
de4dot
d00fcb79e4 Don't remove fields if we should keep all types 2012-11-09 02:15:28 +01:00
de4dot
3b740a4106 Port DeepSea deobfuscator 2012-11-09 00:21:45 +01:00
de4dot
5d25a499aa Port CryptoObfuscator deobfuscator 2012-11-08 22:24:13 +01:00
de4dot
472d57ed0f Use ModuleDefMD.GetAssemblyRef() 2012-11-08 11:26:14 +01:00
de4dot
f2f156dc40 Port CodeWall deobfuscator 2012-11-08 10:40:58 +01:00
de4dot
eb7d4c5f88 Use CreateStream() instead of creating a MemoryStream from a byte[] 2012-11-08 10:16:58 +01:00
de4dot
f6b5a3117f Port CodeVeil deobfuscator 2012-11-08 09:48:05 +01:00
de4dot
10e83acebc Port CodeFort deobfuscator 2012-11-08 07:43:57 +01:00
de4dot
4393df31d9 Update detection of CSVM asm ref 2012-11-08 07:07:02 +01:00
de4dot
f699017197 Port Babel.NET deobfuscator 2012-11-08 07:06:46 +01:00
de4dot
ce6659510e Use ToGenericInstSig() ext method 2012-11-08 07:05:41 +01:00
de4dot
e600696182 Use IBinaryReader.ReadRemainingBytes() 2012-11-07 07:29:39 +01:00
de4dot
ab78e97423 Use the new name of this obfuscator 2012-11-07 05:47:33 +01:00
de4dot
9c64165d15 Add a getDumpedMethod() method 2012-11-07 05:38:06 +01:00
de4dot
583d4201f5 Port Agile.NET deobfuscator 2012-11-07 05:17:45 +01:00
de4dot
cc1e36389d Update resolve{Method,Field}() sigs with a more general arg type 2012-11-07 04:46:19 +01:00
de4dot
814c3d3944 Fix method decrypter 2012-11-07 04:45:36 +01:00
de4dot
b6537dc188 Fix lookup<T> method sigs 2012-11-07 04:45:05 +01:00
de4dot
6efb96740d Update code since EntryPoint was renamed ManagedEntryPoint 2012-11-07 02:02:38 +01:00
de4dot
427ea38595 Port MPRESS unpacker 2012-11-07 01:52:15 +01:00
de4dot
d98d4b10bb Add code to restore dumped methods 2012-11-07 01:15:52 +01:00
de4dot
4be7e4fe46 Initialize DumpedMethod.mdRVA 2012-11-07 00:26:36 +01:00
de4dot
001b67804f Move DumpedMethod{,s} to de4dot.blocks namespace 2012-11-06 22:25:19 +01:00
de4dot
90ab31eda2 Port Rummage deobfuscator 2012-11-06 17:21:56 +01:00
de4dot
25cee0e206 Port Skater.NET deobfuscator 2012-11-06 17:15:11 +01:00
de4dot
19ed1ac219 Rename CliSecure -> Agile_NET 2012-11-06 16:38:39 +01:00
de4dot
c67c267c8e Port Dotfuscator deobfuscator 2012-11-06 16:30:39 +01:00
de4dot
ac171e3f29 Fix code since CilBody/HasCilBody were renamed 2012-11-06 15:58:55 +01:00
de4dot
3ed2daebd1 Port Xenocode deobfuscator 2012-11-06 15:58:21 +01:00
de4dot
f5ec3e2a27 String can be empty so return early if so 2012-11-06 01:59:40 +01:00
de4dot
c8039d249e Add more checks when input has lots of invalid metadata 2012-11-06 00:18:02 +01:00
de4dot
6d45a3499f Fix porting mistakes 2012-11-05 19:21:33 +01:00
de4dot
ea001865c9 Rename FnPtr args, and also null type sigs params 2012-11-05 02:42:48 +01:00
de4dot
2aedcc730c Preserve tokens if necessary 2012-11-04 23:24:12 +01:00
de4dot
c9f1f8073e MethodDef.Parameters contains the hidden 'this' param, so add some fixes to old code 2012-11-04 22:41:45 +01:00
de4dot
6a8e8dcb78 Initialize loaded modules' module context 2012-11-04 20:06:58 +01:00
de4dot
d5838aa6c2 Use the IModuleWriterListener interface 2012-11-04 19:40:36 +01:00
de4dot
f4ce67d836 Remove useless class and fix a porting todo 2012-11-04 13:25:14 +01:00
de4dot
83cb59718a Move GenericArgsSubstitutor and add more methods 2012-11-04 12:13:13 +01:00
de4dot
f7f424efe7 Remove more "#if PORT" 2012-11-04 11:50:10 +01:00
de4dot
9376aa0de5 Rename method return parameters 2012-11-04 11:45:04 +01:00
de4dot
7ba4905cc7 Port more code, including renamer 2012-11-04 01:05:52 +01:00
de4dot
db6875859a Port more code 2012-11-03 22:49:52 +01:00
de4dot
9b6c698dc1 Port some code 2012-11-02 22:53:24 +01:00
de4dot
89cd55a071 Port more code 2012-11-02 20:10:34 +01:00
de4dot
00177034b9 Rename cecil names; add new MemberRefFinder class 2012-11-02 16:08:11 +01:00
de4dot
65e6887fbc Port more code; remove cecil refs 2012-11-02 08:28:39 +01:00
de4dot
70916173f3 Update code since dot10 was updated 2012-11-02 07:36:02 +01:00
de4dot
24c43d5a66 Port some more code 2012-11-01 21:09:09 +01:00
de4dot
4c8ba1edf3 Merge branch 'master' into confuser 2012-11-01 16:43:08 +01:00
de4dot
1341cc7199 Port more code 2012-11-01 16:42:02 +01:00
de4dot
3b6ef4fa1f Port more code 2012-11-01 14:39:39 +01:00
de4dot
c5d183983b Port more code 2012-11-01 11:28:09 +01:00
de4dot
eeef8a2580 Use dot10.PE 2012-11-01 07:51:08 +01:00
de4dot
04e1568c61 Port ConstantsReader 2012-10-31 17:09:58 +01:00
de4dot
6f73696cc5 Port ..... 2012-10-31 16:54:20 +01:00
de4dot
ee7826576c Sort project file 2012-10-31 13:48:12 +01:00
de4dot
0b9f188353 Check for null 2012-10-14 10:30:38 +02:00
de4dot
95d49c5b9e Add more assembly search paths 2012-09-20 05:57:16 +02:00
de4dot
d29ac1a4cf Check for generic params in all generic arguments too 2012-09-19 22:51:49 +02:00
de4dot
c4e9097a4e Add the latest rev 2012-09-09 08:47:22 +02:00
de4dot
565bc1ca5b Add 2 more revs 2012-09-06 08:43:36 +02:00
de4dot
88d3dcc062 Merge branch 'master' into confuser 2012-09-01 23:52:42 +02:00
de4dot
c67b3c3a66 Add 2 more revisions 2012-09-01 23:47:47 +02:00
de4dot
13a5fd8ff0 Add a fix for when type.Scope is null 2012-08-31 00:24:42 +02:00
de4dot
563877a62f Add another revision 2012-08-30 04:14:09 +02:00
de4dot
30a73371c8 Fat header type is encoded in the lower 3 bits 2012-08-23 12:02:09 +02:00
de4dot
a34b3f7855 Support latest CO build 2012-08-22 18:33:27 +02:00
de4dot
ea7885c028 Merge branch 'master' into confuser 
Conflicts:
	de4dot.code/de4dot.code.csproj
 2012-08-22 06:31:20 +02:00
de4dot
f1a725cd19 Restore MaxStack 2012-08-21 20:17:35 +02:00
de4dot
58b1b27c69 Use correct upper limit in loop, and return false on failure... 2012-08-21 20:17:21 +02:00
de4dot
3b9ba16df6 Make restoreMethod() virtual 2012-08-21 20:14:43 +02:00
de4dot
2c68ae14ee New version: 1.9.1 2012-08-21 15:40:23 +02:00
de4dot
64cc8e3856 Decrypt CO encrypted methods 2012-08-21 15:40:06 +02:00
de4dot
0a5973e541 Update detection of CO types 2012-08-21 15:06:42 +02:00
de4dot
957a8ab8dd Move method to new CoUtils class 2012-08-21 15:04:40 +02:00
de4dot
729780c235 Update MethodBodyReaderBase 
- Change field types to IList<T>
- Add restoreMethod()
- Add readInstructionsNumBytes()
 2012-08-21 14:59:46 +02:00
de4dot
db9e5c412c Add the latest revision number 2012-08-18 08:37:03 +02:00
de4dot
6bf54bbae2 Use version from ConfusedBy attribute on module/asm to narrow down the detected version 2012-08-16 01:12:10 +02:00
de4dot
9e4fa4511b Merge branch 'master' into confuser 2012-08-16 01:06:13 +02:00
de4dot
bfcd42804e Add getModuleAttribute() 2012-08-15 19:33:57 +02:00
de4dot
f571a7ec22 Merge branch 'master' into confuser 2012-08-13 02:00:03 +02:00
de4dot
1768de1d6b Remove earlyDetect() 2012-08-13 00:54:46 +02:00
de4dot
b5aebd4731 Set ILOnly flag in .NET header 2012-08-12 02:52:48 +02:00
de4dot
4b9ee54409 Return string decrypter method tokens 2012-08-12 02:47:03 +02:00
de4dot
0d04bef305 Log the returned revisions 2012-08-12 00:38:26 +02:00
de4dot
5376c74919 Detect anti dump version 2012-08-11 22:55:48 +02:00
de4dot
f7c1676d1d Detect anti debugger version 2012-08-11 22:55:41 +02:00
de4dot
0d9c298dcb Move methods 2012-08-11 22:34:08 +02:00
de4dot
77b8b0f471 Let's use this variable... 2012-08-11 04:55:49 +02:00
de4dot
3837ec8e1b Update detection of compressor 2012-08-11 04:15:29 +02:00
de4dot
e9125616b9 Remember detected compressor version 2012-08-11 01:15:25 +02:00
de4dot
ed919ee528 Update detection of compressor version 2012-08-11 00:37:19 +02:00
de4dot
965bf1f2e6 Detect Confuser 1.8 r75369 proxy methods creator 2012-08-10 23:19:30 +02:00
de4dot
e256ecfa9a Detect Confuser 1.7 r73479 proxy methods creator 2012-08-10 23:19:30 +02:00
de4dot
1fffd44a2a Detect Confuser 1.6 r70489 proxy methods creator 2012-08-10 23:19:29 +02:00
de4dot
30f6771541 Detect Confuser 1.6 r66631 proxy methods creator 2012-08-10 23:19:28 +02:00
de4dot
9cf4887061 Detect Confuser 1.4 r58802 proxy methods creator 2012-08-10 23:19:28 +02:00
de4dot
e3e051b876 Detect Confuser 1.3 r55604 proxy methods creator 2012-08-10 23:19:21 +02:00
de4dot
b647b59fad Detect Confuser 1.3 r55346 proxy methods creator 2012-08-10 21:29:15 +02:00
de4dot
b3b3f222cf Use the greatest version we find 2012-08-10 21:29:15 +02:00
de4dot
2a283b922b Detect Confuser 1.2 r54564 proxy methods creator 2012-08-10 21:29:03 +02:00
de4dot
35ddd30e08 Detect Confuser 1.1 r50378 proxy methods creator 2012-08-10 20:43:11 +02:00
de4dot
be29d8aed2 Detect Confuser 1.0 r42919 proxy methods creator 2012-08-10 20:14:47 +02:00
de4dot
612aeec0ab Detect Confuser 1.7 r73566 compressor 2012-08-10 17:47:59 +02:00
de4dot
dfad2421b2 Detect Confuser 1.4 r57778 compressor 2012-08-10 17:25:04 +02:00
de4dot
12f7034894 Detect Confuser 1.0 r48717 compressor 2012-08-10 17:20:32 +02:00
de4dot
731d7bcb73 Support Confuser 1.7 r74021 constants encrypter (dynamic mode) 2012-08-10 17:00:55 +02:00
de4dot
d7eb818203 Detect Confuser 1.7 r74021 constants encrypter 2012-08-10 16:45:26 +02:00
de4dot
7984c94522 Detect Confuser 1.7 r72989 constants encrypter 2012-08-10 16:29:24 +02:00
de4dot
80f2a08ff1 Add latest rev 2012-08-10 15:51:58 +02:00
de4dot
7aa2a157d0 Detect Confuser 1.9 r75725 methods encrypter (JIT) 2012-08-10 04:12:20 +02:00
de4dot
754c5a1400 Detect Confuser 1.8 r75291 methods encrypter (JIT) 2012-08-10 03:46:14 +02:00
de4dot
29448fe3cb Detect Confuser 1.8 r75288 methods encrypter (JIT) 2012-08-10 03:39:37 +02:00