de4dot
|
e3b767adcc
|
Don't create dest dirs if we're just detecting obfuscators
|
2011-11-02 02:38:20 +01:00 |
|
de4dot
|
2ddf6b00de
|
Return an empty list instead of null
|
2011-11-02 02:28:51 +01:00 |
|
de4dot
|
8ff2115083
|
Remove unused methods, and inline method used only by SA code
|
2011-11-02 02:25:45 +01:00 |
|
de4dot
|
ade1720d32
|
Use type cache to look up types (huge speedup in DNR code)
|
2011-11-02 02:25:07 +01:00 |
|
de4dot
|
1938a1c497
|
Undo what VS did
|
2011-11-01 18:56:44 +01:00 |
|
de4dot
|
6a07ee5b5e
|
It's generic code so move it to common parent dir
|
2011-11-01 18:48:52 +01:00 |
|
de4dot
|
7bdea53134
|
Check op for null and update detection code
|
2011-11-01 18:47:26 +01:00 |
|
de4dot
|
6f4447aa98
|
It's generic code so move it to common parent dir
|
2011-11-01 18:46:59 +01:00 |
|
de4dot
|
cc8e220281
|
Also use ldfld/ldflda to detect arg types
|
2011-11-01 15:53:51 +01:00 |
|
de4dot
|
c354ded987
|
Add code to restore ldtoken instructions
|
2011-11-01 15:17:26 +01:00 |
|
de4dot
|
5170e62e21
|
Add code to remove inlined methods and option to disable it
|
2011-11-01 14:23:30 +01:00 |
|
de4dot
|
e7ceb50382
|
Add CanInlineMethods to IDeobfuscator
|
2011-11-01 14:19:53 +01:00 |
|
de4dot
|
8faf7389ad
|
Restore method return types
|
2011-11-01 02:22:05 +01:00 |
|
de4dot
|
2e2eafdb57
|
Add code to restore methods' arg types
|
2011-10-31 23:58:19 +01:00 |
|
de4dot
|
ed625e256d
|
Restore field types and add option to disable it
|
2011-10-31 19:41:38 +01:00 |
|
de4dot
|
0ac072cf7b
|
Add class to restore field types. It should work most of the time.
|
2011-10-31 19:40:57 +01:00 |
|
de4dot
|
5185dc8364
|
Throw if PInvokeInfo is null. The type was probably removed.
|
2011-10-31 00:18:11 +01:00 |
|
de4dot
|
6b04c23036
|
Update decrypter and version detecter code
|
2011-10-31 00:09:38 +01:00 |
|
de4dot
|
35005a1a51
|
getStringDecrypterMethods() now adds all string decrypter methods
|
2011-10-30 19:28:13 +01:00 |
|
de4dot
|
0ddbe16349
|
Update DNR version number detection code
|
2011-10-30 06:15:52 +01:00 |
|
de4dot
|
7505f6096f
|
Clear deobfuscation flags when reloading module
|
2011-10-30 06:14:22 +01:00 |
|
de4dot
|
2ede24598d
|
Detect DNR version
|
2011-10-29 20:28:29 +02:00 |
|
de4dot
|
efe98949b1
|
Minor updates
|
2011-10-29 20:26:59 +02:00 |
|
de4dot
|
37a64f77f2
|
Index should be set to instruction before we broke out of the loop
|
2011-10-29 20:25:41 +02:00 |
|
de4dot
|
b57c93eae4
|
Update DNR methods decrypter code
|
2011-10-29 03:39:32 +02:00 |
|
de4dot
|
040410d7ce
|
Methods decrypter method could be null
|
2011-10-29 03:39:08 +02:00 |
|
de4dot
|
def4072bc5
|
Move array finder code to a new ArrayFinder class
|
2011-10-29 03:38:09 +02:00 |
|
de4dot
|
0a8d772c22
|
Decrypt methods sent to the JITter
|
2011-10-29 02:27:34 +02:00 |
|
de4dot
|
c4d6ba9ae9
|
Some minor updates
|
2011-10-29 02:25:31 +02:00 |
|
de4dot
|
3b87ab1294
|
Update getDecryptedModule() so it can return dumped methods
|
2011-10-29 02:23:48 +02:00 |
|
de4dot
|
a6dcd03d26
|
Allow passing dumped methods to reload()
|
2011-10-29 02:22:36 +02:00 |
|
de4dot
|
0e70d020b4
|
Add .NET metadata reader (ported from C++)
|
2011-10-29 02:20:44 +02:00 |
|
de4dot
|
89f90d3e75
|
Make sure publicKeyToken.Length > 0
|
2011-10-28 01:44:15 +02:00 |
|
de4dot
|
699ac4378d
|
Support older string decrypter method and detect older methods decrypter
|
2011-10-28 01:33:05 +02:00 |
|
de4dot
|
eb002895e1
|
Don't throw if we can't find all method args in the same block
|
2011-10-28 01:28:08 +02:00 |
|
de4dot
|
09178a6e95
|
Update methods decrypter and string decrypter
|
2011-10-27 22:25:44 +02:00 |
|
de4dot
|
39dbf5d9b2
|
Ignore call if we can't get all args
|
2011-10-27 22:22:52 +02:00 |
|
de4dot
|
9c83c22469
|
Add .NET header and a method to more safely write to a .NET PE image
|
2011-10-27 22:21:45 +02:00 |
|
de4dot
|
5357b4f73c
|
Update code to handle 4.1 obfuscated assemblies
|
2011-10-27 02:08:30 +02:00 |
|
de4dot
|
93d4ac1c9d
|
Update type name
|
2011-10-27 02:07:33 +02:00 |
|
de4dot
|
41356b2d30
|
Check for methods with no body
|
2011-10-27 02:07:06 +02:00 |
|
de4dot
|
ceca5718ba
|
Remove encrypted resources and call to methods decrypter
|
2011-10-26 23:00:01 +02:00 |
|
de4dot
|
dfb73f222f
|
Add options to disable decryption of methods and bools
|
2011-10-26 22:24:31 +02:00 |
|
de4dot
|
63ab61fb12
|
Deobfuscate cflow again if a bool was decrypted
|
2011-10-26 22:16:51 +02:00 |
|
de4dot
|
bd7a6763a6
|
Return number of method calls that were replaced
|
2011-10-26 22:06:48 +02:00 |
|
de4dot
|
28b73d36ed
|
It's a flags enum so should use unique bits
|
2011-10-26 22:00:32 +02:00 |
|
de4dot
|
db7edc2a72
|
Add BoolValueInliner class
|
2011-10-26 21:05:35 +02:00 |
|
de4dot
|
59863bf8b4
|
Refactor string decrypter to generic return value inliner class
|
2011-10-26 20:41:50 +02:00 |
|
de4dot
|
e4f2af221a
|
Add BooleanDecrypter class
|
2011-10-26 20:23:45 +02:00 |
|
de4dot
|
f37a46a02b
|
Decrypt strings
|
2011-10-26 19:49:25 +02:00 |
|
de4dot
|
03a8372319
|
Add readInt32() and readBytes() methods
|
2011-10-26 19:41:23 +02:00 |
|
de4dot
|
6bde8b8b20
|
Decrypt some DNR 4.0 non-native obfuscated assemblies
|
2011-10-26 14:40:55 +02:00 |
|
de4dot
|
1fbe902ed1
|
Always call detect(), and support reloading decrypted files
|
2011-10-26 14:32:50 +02:00 |
|
de4dot
|
3f7b1237b4
|
Don't call GetDirectoryName() if name is "" (loaded from byte[])
|
2011-10-26 14:32:10 +02:00 |
|
de4dot
|
4f315fd65a
|
Add reload() method when the file has been decrypted
|
2011-10-26 14:30:47 +02:00 |
|
de4dot
|
1eaa245618
|
Should ignore .cctor methods since .ctor is never static
|
2011-10-26 14:29:57 +02:00 |
|
de4dot
|
bfa0fa14c0
|
Add decrypt methods to IDeobfuscator. Change some method sigs.
|
2011-10-26 14:29:12 +02:00 |
|
de4dot
|
794b9dfd77
|
Add PE image reader/writer code
|
2011-10-26 14:20:38 +02:00 |
|
de4dot
|
685c5ba79c
|
Add code to detect methods decrypter method
|
2011-10-25 08:27:36 +02:00 |
|
de4dot
|
6bb6f0930d
|
Remember to create DNR's info class
|
2011-10-24 19:51:04 +02:00 |
|
de4dot
|
cb5589ee28
|
Add skeleton DNR file
|
2011-10-24 19:44:49 +02:00 |
|
de4dot
|
129da2e7f9
|
Set version 1.1.3
|
2011-10-24 15:48:19 +02:00 |
|
de4dot
|
46309f2f78
|
New version: 1.1.2
|
2011-10-23 22:09:27 +02:00 |
|
de4dot
|
4f02f84d84
|
Fix problem when resources aren't encrypted or compressed
|
2011-10-23 22:03:38 +02:00 |
|
de4dot
|
779d1a8a31
|
Update version to 1.1.1
|
2011-10-23 20:13:25 +02:00 |
|
de4dot
|
bf00ccca2b
|
Some minor updates
|
2011-10-23 17:23:33 +02:00 |
|
de4dot
|
f776148574
|
Add proxy delegate fixer
|
2011-10-23 13:43:32 +02:00 |
|
de4dot
|
32bb14fa5a
|
Decrypt encrypted SL resources
|
2011-10-23 09:19:50 +02:00 |
|
de4dot
|
9ad15e63e4
|
Remove string decrypter type and allow static + dynamic decryption
|
2011-10-23 09:07:47 +02:00 |
|
de4dot
|
78397f9c4f
|
Remove types CO adds to each assembly
|
2011-10-23 09:03:00 +02:00 |
|
de4dot
|
a1e6f555ef
|
Update method call remover code
|
2011-10-23 08:41:33 +02:00 |
|
de4dot
|
c0a8eb1bbd
|
Print name of encrypted strings resource
|
2011-10-22 18:20:49 +02:00 |
|
de4dot
|
4490c976b3
|
Find anti-debugger and tamper detection code
|
2011-10-22 18:13:13 +02:00 |
|
de4dot
|
1a78c2dc8c
|
Remove encrypted resources from output file
|
2011-10-22 17:29:49 +02:00 |
|
de4dot
|
adc2c277fd
|
Strings and resources are decrypted
|
2011-10-22 17:13:28 +02:00 |
|
de4dot
|
65dacdf7cd
|
Initialize assemblyInfos in case there's no embedded assemblies
|
2011-10-22 14:55:43 +02:00 |
|
de4dot
|
50a9421657
|
Assembly resolver doesn't need resource decrypter
|
2011-10-22 14:53:24 +02:00 |
|
de4dot
|
3f1b9152bd
|
Add CO deobfuscator. Can decrypt embedded assemblies.
|
2011-10-22 14:31:38 +02:00 |
|
de4dot
|
99bd79e418
|
Change to version 1.1.0
|
2011-10-21 22:27:26 +02:00 |
|
de4dot
|
88f7a31ff1
|
Print number of removed instructions
|
2011-10-21 21:35:35 +02:00 |
|
de4dot
|
2ff8a0ea7a
|
Remove old cflow deobfuscator code
|
2011-10-21 20:35:13 +02:00 |
|
de4dot
|
9d132bfeaf
|
Change --no-control-flow-deob => --no-cflow-deob
|
2011-10-21 10:38:27 +02:00 |
|
de4dot
|
b1340bc84f
|
Merge branch 'master' into newcode
|
2011-10-21 10:33:00 +02:00 |
|
de4dot
|
8c924617c3
|
Update CIL output when -vv is used
|
2011-10-21 10:32:43 +02:00 |
|
de4dot
|
d76afbf8a1
|
Ignore ArgumentOutOfRangeException when loading files
|
2011-10-20 12:28:15 +02:00 |
|
de4dot
|
f79b12d4f3
|
Make sure blocks are laid out in a verifiable order
|
2011-10-20 02:58:30 +02:00 |
|
de4dot
|
c8500b4f33
|
Remove unused local variables
|
2011-10-20 02:38:44 +02:00 |
|
de4dot
|
7fe71a963a
|
Add inline bool method hack for DNR
|
2011-10-19 01:53:42 +02:00 |
|
de4dot
|
80acf1d59f
|
Add switch cflow deobfuscator
|
2011-10-18 23:31:50 +02:00 |
|
de4dot
|
05065d6ac7
|
Start work on new cflow deobfuscator
|
2011-10-17 00:22:22 +02:00 |
|
de4dot
|
4c43807de7
|
Detect SA 1.x-5.1 assemblies
|
2011-10-13 12:22:17 +02:00 |
|
de4dot
|
01da4a979f
|
Also make sure type.Name is empty
|
2011-10-12 23:30:57 +02:00 |
|
de4dot
|
58ff833d5c
|
Detect SA 4.x, 5.0, 5.1
|
2011-10-12 23:16:03 +02:00 |
|
de4dot
|
b3463a3859
|
Remove automated error reporting code from SA 4.x assemblies
|
2011-10-12 22:50:19 +02:00 |
|
de4dot
|
9ed55629e6
|
Print deobfuscated method if -vv
|
2011-10-12 19:47:51 +02:00 |
|
de4dot
|
38b08dddfd
|
Update DF version attribute parsing
|
2011-10-10 18:39:42 +02:00 |
|
de4dot
|
08f5b04675
|
Fix a problem with String.StartsWith() on mono
|
2011-10-09 13:19:26 +02:00 |
|
de4dot
|
2f5ded924f
|
Get rid of dead code
|
2011-10-09 12:01:51 +02:00 |
|
de4dot
|
9ade539ecd
|
Update version to 1.0.3
|
2011-10-08 20:03:10 +02:00 |
|
de4dot
|
5fbda45d6d
|
Add earlyDetect() method to IDeobfuscator
|
2011-10-08 19:33:12 +02:00 |
|
de4dot
|
d305faae09
|
Detect another obfuscator
|
2011-10-08 18:43:22 +02:00 |
|
de4dot
|
5eb824693e
|
Don't throw if invalid visibility
|
2011-10-08 18:42:09 +02:00 |
|
de4dot
|
c94fea2bfc
|
Remove assembly if --one-file option is used
|
2011-10-08 15:01:51 +02:00 |
|
de4dot
|
ae9f59c918
|
Less memory are used when loading files one at a time
|
2011-10-08 13:33:48 +02:00 |
|
de4dot
|
3719e9a375
|
AssemblyResolver can now remove old unused assemblies
|
2011-10-08 13:28:39 +02:00 |
|
de4dot
|
d3fa227f1e
|
Update -ru option text
|
2011-10-08 12:30:35 +02:00 |
|
de4dot
|
bea3a737d2
|
Don't rename resource if old name was empty string
|
2011-10-08 12:17:01 +02:00 |
|
de4dot
|
d69b1b465c
|
Fix SA string decryption problem
|
2011-10-07 17:32:03 +02:00 |
|
de4dot
|
56da16086b
|
Make sure user tries latest version...
|
2011-10-07 17:31:27 +02:00 |
|
de4dot
|
8ec3da7080
|
Update detection and some strings
|
2011-10-07 17:30:41 +02:00 |
|
de4dot
|
4cca5190da
|
Detect another new obfuscator
|
2011-10-07 08:45:40 +02:00 |
|
de4dot
|
fa3a6457de
|
Detects a few more obfuscators
|
2011-10-06 10:33:13 +02:00 |
|
de4dot
|
1c721b017e
|
Detect some unsupported obfuscators
|
2011-10-05 17:22:56 +02:00 |
|
de4dot
|
d2b621b5b3
|
Netmodules are better supported now
|
2011-10-05 08:20:32 +02:00 |
|
de4dot
|
43085bc808
|
Fix serialization problem when calling exit()
|
2011-10-03 10:04:33 +02:00 |
|
de4dot
|
062ecaaef2
|
Ignore emtpy strings when renaming resources in code
|
2011-09-29 19:00:34 +02:00 |
|
de4dot
|
b71eb587db
|
Make sure field/method ref has a declaring type before resolving it
|
2011-09-29 10:51:21 +02:00 |
|
de4dot
|
18756f90bf
|
Updated log text
|
2011-09-29 10:50:10 +02:00 |
|
de4dot
|
004f25d818
|
Set version to 1.0.2
|
2011-09-29 01:29:02 +02:00 |
|
de4dot
|
65e0ef359a
|
Enabled reading and loading of files from the network
|
2011-09-28 23:54:38 +02:00 |
|
de4dot
|
ee60bf14f2
|
Added 'default' string decrypter type
Eazfuscator.NET deobfuscator defaults to 'emulate' and the others to
'static'.
|
2011-09-28 16:06:10 +02:00 |
|
de4dot
|
500cdcaf1b
|
Not ignoring all PE file load exceptions, but added null ref exception
|
2011-09-28 02:00:29 +02:00 |
|
de4dot
|
157a125894
|
Catch all exceptions and print warning if load fails
|
2011-09-28 01:44:32 +02:00 |
|
de4dot
|
37be012a11
|
Set Console.OutputEncoding to UTF-8 only if current encoding is single byte
|
2011-09-28 01:27:46 +02:00 |
|
de4dot
|
2094990a93
|
Added --one-file option to deobfuscate only one file at a time
|
2011-09-28 01:19:19 +02:00 |
|
de4dot
|
6fec29daab
|
Func should take a MethodDefinition as first arg
|
2011-09-28 00:57:17 +02:00 |
|
de4dot
|
eeb12adf87
|
Removed 'in' and 'out' from delegates
|
2011-09-27 23:42:06 +02:00 |
|
de4dot
|
cd0e5c0169
|
Updated resource renaming of code strings
|
2011-09-27 23:29:38 +02:00 |
|
de4dot
|
c257f16787
|
Methodsrewriter is now working
|
2011-09-27 22:06:43 +02:00 |
|
de4dot
|
695dd81b43
|
Merged master
|
2011-09-27 02:05:46 +02:00 |
|
de4dot
|
bfca8a351f
|
Updated version number
|
2011-09-24 18:56:13 +02:00 |
|
de4dot
|
5dd6567fc9
|
Bug fix. Some methods have a body but 0 instrs
|
2011-09-24 18:48:15 +02:00 |
|
de4dot
|
9945b8b47c
|
Moved code to blocks assembly
|
2011-09-24 10:26:29 +02:00 |
|
de4dot
|
865ed5a47a
|
Initial commit
|
2011-09-22 04:55:30 +02:00 |
|