monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,339 Commits 2 Branches 1 Tag 5 MiB
f5ec3e2a27
Commit Graph

1030 Commits

Author SHA1 Message Date
de4dot
1b569a0d24 Support MPRESS 2012-05-28 18:00:29 +02:00
de4dot
3e6a259e8f Add 50 more points if methods decrypter is detected 2012-05-27 07:43:26 +02:00
de4dot
c441a60372 Print CW version number 2012-05-27 07:00:13 +02:00
de4dot
eebb090827 Support old CW 2.x 2012-05-27 02:31:53 +02:00
de4dot
06a30473da Decrypt strings encrypted with older CW version 2012-05-26 20:20:11 +02:00
de4dot
adaf41c769 Decrypt embedded assemblies 2012-05-26 17:41:08 +02:00
de4dot
3a96ae391a Move common resolver handler detector code to DeobUtils 2012-05-26 17:33:26 +02:00
de4dot
dbd7affaa8 Update valid name regex 2012-05-26 14:40:51 +02:00
de4dot
f1c8549066 Decrypt CW encrypted strings 2012-05-26 14:38:08 +02:00
de4dot
20452fe964 Decrypt CW encrypted methods 2012-05-26 05:26:00 +02:00
de4dot
b1f5fe92be Clear invalid method bodies 2012-05-24 16:42:04 +02:00
de4dot
1a7c89a173 New version: 1.8.4 2012-05-19 09:02:26 +02:00
de4dot
c48b2d92c2 Support AN 6.0.0.5 (new build, same version) 2012-05-19 08:59:13 +02:00
de4dot
f6c5ed1c0c New version: 1.8.3 2012-05-15 19:06:21 +02:00
de4dot
c3cdf95fcf Support AN 6.0.0.5 2012-05-15 19:05:47 +02:00
de4dot
d1c09c3fae New version: 1.8.2 2012-05-13 15:06:50 +02:00
de4dot
654ebf652e Merge branch 'ds' 2012-05-12 21:40:01 +02:00
de4dot
bec6725aa7 Rename option 2012-05-12 21:39:49 +02:00
de4dot
40898cf238 Decrypt embedded assemblies (SL) 2012-05-11 19:38:31 +02:00
de4dot
ce3622f6e8 Use the correct variable 2012-05-11 18:18:19 +02:00
de4dot
94ee4064ed Remove namespace prefix 2012-05-11 18:17:51 +02:00
de4dot
cd014f1d72 Update fields restorer 2012-05-10 20:20:29 +02:00
de4dot
1d2a78979f Use generic prop creator if the type has a generic parameter 2012-05-10 19:00:12 +02:00
de4dot
f05a334c11 Make sure we don't rename a key to an already existing non-renamed key 2012-05-10 18:41:21 +02:00
de4dot
0b47ccf070 Remove cflow obfuscation arrays 2012-05-10 18:38:27 +02:00
de4dot
ae7e32ae5b Remove decrypt method and other init method 2012-05-10 13:39:14 +02:00
de4dot
c5f8aaeb1a Dump 4.1 embedded assemblies 2012-05-09 22:24:39 +02:00
de4dot
ee32b84283 Move code to DsUtils 2012-05-09 22:20:17 +02:00
de4dot
9b9e692947 Move version specific data to their own class 2012-05-09 19:10:20 +02:00
de4dot
dadc064b55 Decrypt V4.1 resources 2012-05-09 19:00:21 +02:00
de4dot
1aaa5df9ce Support trial string encrypter 2012-05-09 17:30:35 +02:00
de4dot
3572bdfdcc Set maxlen to 50. Fix incorrect method sig. Make sure there are no dupes. 2012-05-09 17:28:52 +02:00
de4dot
e5a64a4402 Remove more XC attributes 2012-05-06 13:07:34 +02:00
de4dot
44fea8f185 Fix problems found while testing 2012-05-03 17:24:59 +02:00
de4dot
b27e1b36af Add option to disable cast deobfuscation 2012-05-03 16:51:36 +02:00
de4dot
ea205dcae8 Add option to disable renaming resource keys 2012-05-03 16:48:03 +02:00
de4dot
955c1f10bd Rename resource keys 2012-05-03 16:47:34 +02:00
de4dot
76a10b1f34 Add Data property 2012-05-03 16:40:17 +02:00
de4dot
83725200c1 Add isValidResourceKeyName() 2012-05-03 14:53:01 +02:00
de4dot
2761216e39 Add a resource reader 2012-05-03 14:34:58 +02:00
de4dot
83dc4226c1 Make sure string decrypter methods aren't detected as inlined methods 2012-05-03 09:51:26 +02:00
de4dot
870dab5b90 Fix renaming events/properties 2012-05-03 09:05:05 +02:00
de4dot
fb9e217dac Add a cast deobfuscator 2012-05-03 08:01:35 +02:00
de4dot
c61161be1d Ignore method attributes 2012-05-02 18:43:57 +02:00
de4dot
597fcb0210 Cflow deob methods 2012-05-02 13:51:07 +02:00
de4dot
e8049c6a05 Inline some obfuscated methods 2012-05-02 10:48:44 +02:00
de4dot
db14e73369 Make sure index is correct, and add method to read arg constants 2012-05-02 10:47:21 +02:00
de4dot
b15b581c46 Deobfuscate string decrypter cctor 2012-04-30 21:47:23 +02:00
de4dot
2594317b18 Use other sb ctor 2012-04-30 12:49:43 +02:00
de4dot
1805e352c4 Disable using unknown args by default 2012-04-30 12:18:47 +02:00
de4dot
f307520e62 Decrypt DS 4.1 strings 2012-04-30 08:33:05 +02:00
de4dot
a1daee56f8 Support more types of args 2012-04-30 08:31:09 +02:00
de4dot
e29a8ea692 Update cflow deobfuscator 2012-04-30 01:29:05 +02:00
de4dot
6b18d70e77 Move common code to another class 2012-04-30 01:26:34 +02:00
de4dot
83b14da5c8 Refactor: create common cflow deob iface 2012-04-29 23:51:04 +02:00
de4dot
920f079855 Set initlocals and add an option to disable it 2012-04-29 06:16:53 +02:00
de4dot
eb17298625 Move the field 2012-04-29 04:35:58 +02:00
de4dot
48b9c461f5 Restore calls to CodeDomProvider and ICodeCompiler 2012-04-29 04:03:10 +02:00
de4dot
9333e2415c Rename class 2012-04-29 00:56:17 +02:00
de4dot
e548436ede Restore calls to Icon/Bitmap .ctor 2012-04-29 00:51:09 +02:00
de4dot
b92b23df4a Rename class and make it more general 2012-04-29 00:11:28 +02:00
de4dot
f9c78f8a8b Decrypt CS 1.x encrypted methods 2012-04-28 08:50:37 +02:00
de4dot
03e2e621ea Update detection of resource resolver type 2012-04-26 20:50:06 +02:00
de4dot
9754b01ba9 Merge branch 'master' into cs 2012-04-26 19:33:28 +02:00
de4dot
7a0804e035 Remove module references to the CS RT files 2012-04-26 17:14:54 +02:00
de4dot
7e5e7ddcd2 Find old string decrypter method 2012-04-26 16:53:52 +02:00
de4dot
67c866491d Show the correct obfuscator name 2012-04-26 16:33:55 +02:00
de4dot
6f830b8329 Remove all obfuscator attributes 2012-04-26 16:23:07 +02:00
de4dot
aa6e7c0fc2 Add addAttributesToBeRemoved() 2012-04-26 16:08:39 +02:00
de4dot
960f934c67 Update detection of CS type 2012-04-26 14:46:22 +02:00
de4dot
e10dce2d95 Check for 32-bit or 64-bit method 2012-04-26 02:31:31 +02:00
de4dot
5b97faf2dd Detect CS type when strings are encrypted, but methods aren't 2012-04-26 01:56:59 +02:00
de4dot
ab60692c2f Return the correct return value 2012-04-26 01:48:59 +02:00
de4dot
d84d2e6a6c Update CS detector and support an old string decrypter 2012-04-26 01:42:10 +02:00
de4dot
bff017a317 Throw InvalidMethodBody if IOException 2012-04-25 18:06:27 +02:00
de4dot
903db59827 Restore CS 3.0 "encrypted" methods 2012-04-25 13:49:22 +02:00
de4dot
4e89d707dc Move code to DeobUtils 2012-04-25 13:21:53 +02:00
de4dot
8a45abfd3d Stop earlier 2012-04-25 11:09:30 +02:00
de4dot
adea5b3ef6 Support latest MC build 2012-04-24 23:02:36 +02:00
de4dot
3a9422f798 Remove useless displs 2012-04-24 22:30:17 +02:00
de4dot
2b4fc0a836 Merge branch 'master' into cs 2012-04-24 11:39:31 +02:00
de4dot
eebb831c4b Update CSVM opcode handler detection code 2012-04-24 11:33:17 +02:00
de4dot
88d7607d10 Fix resolver 2012-04-24 11:25:39 +02:00
de4dot
586be53fef Fix method names 2012-04-23 19:37:05 +02:00
de4dot
7a399e7913 Rename class and update comments 2012-04-23 15:02:15 +02:00
de4dot
ea7a533027 Make fields read only 2012-04-23 15:00:42 +02:00
de4dot
b28dd6277a Fix method names 2012-04-23 14:47:05 +02:00
de4dot
0a0b491072 Copy foundSig field 2012-04-23 14:40:56 +02:00
de4dot
dba8d8ebef Use a using statement to make sure the file is closed when we return 2012-04-23 14:25:12 +02:00
de4dot
4f34e5c374 Restore .NET data directory so it can be deobfuscated 2012-04-23 02:04:34 +02:00
de4dot
790dc9f445 codeOffs should not be file offset 2012-04-22 21:26:57 +02:00
de4dot
c9fa7caf91 Decrypt CS 5.0 encrypted methods 2012-04-22 21:19:57 +02:00
de4dot
d3f1a2fd8e Decrypt CS 4.5 encrypted methods 2012-04-22 20:35:01 +02:00
de4dot
fbba6a2aa8 Decrypt methods (CS RT is embedded inside the assembly) 2012-04-22 16:18:41 +02:00
de4dot
c9f63a5866 Restore CS 4.0 "encrypted" methods 2012-04-22 15:36:26 +02:00
de4dot
59e2e51882 Throw if invalid method body 2012-04-22 14:13:48 +02:00
de4dot
1a79ffde92 Move code to a new class 2012-04-22 13:43:43 +02:00
de4dot
0d41f9e41e Remove useless field 2012-04-21 23:10:06 +02:00
de4dot
46152761ee Input could be null 2012-04-17 14:13:40 +02:00
de4dot
d637c1af9a New version: 1.8.1 2012-04-15 23:42:57 +02:00
de4dot
941929cf7a Support latest CO build 2012-04-15 23:42:11 +02:00
de4dot
9bde3dee5a New version: 1.8.0 2012-04-15 07:52:36 +02:00
de4dot
0df7b918ea Refactor 2012-04-13 05:03:52 +02:00
de4dot
a459bc107c Make sure <Module>::.cctor() only calls <CliSecureRT>::Initialize() 2012-04-13 05:03:51 +02:00
de4dot
043730e599 Ignore invalid method indexes 2012-04-11 03:11:01 +02:00
de4dot
3a8e1499f2 Use dynamic decryption if static decryption fails 2012-04-11 03:09:59 +02:00
de4dot
588373f5ff Add code to decrypt methods using the new dynamic methods decrypter 2012-04-10 21:28:22 +02:00
de4dot
1e33610ce8 Support latest MC build 2012-04-10 19:06:03 +02:00
de4dot
b97dacbc54 Merge branch 'cs' 2012-04-10 16:32:40 +02:00
de4dot
c756d543c1 Rename PE namespace 2012-04-10 16:32:15 +02:00
de4dot
c5d9cc47ba Add code to decrypt methods dynamically. 
This is not a generic methods decrypter that can decrypt any obfuscator's
encrypted methods. If it hooks compileMethod(), this code probably can
decrypt the methods. If not, a little rewriting should fix that.
 2012-04-10 16:17:45 +02:00
de4dot
ffa61e6a89 Move PE code to a common assembly 2012-04-10 15:09:59 +02:00
de4dot
553337adb7 Support EF 3.3.149 2012-04-10 03:52:18 +02:00
de4dot
2d583316cf Use the constant 2012-04-08 11:36:24 +02:00
de4dot
634e9ec023 Reverse return value 2012-04-07 06:47:19 +02:00
de4dot
11f992b0f2 Support some more instrs 2012-04-06 22:07:52 +02:00
de4dot
52d6f73f5e Add a newline 2012-04-06 16:36:07 +02:00
de4dot
1f74aeb1cf Rename variable 2012-04-06 16:25:25 +02:00
de4dot
33e2177059 Restore constrained. prefix 2012-04-06 16:08:35 +02:00
de4dot
1935e58dbf Support ldloca and ldarga 2012-04-06 16:08:09 +02:00
de4dot
5511ab833b Update ldelema type, and add unbox.any and ldobj 2012-04-06 15:38:44 +02:00
de4dot
2949862614 Print warning if we failed to restore an instr op 2012-04-06 12:33:39 +02:00
de4dot
c39e421010 Fix locals 2012-04-06 12:25:15 +02:00
de4dot
86190ede1f Print devirtualized methods 2012-04-06 11:05:06 +02:00
de4dot
7ec17b6b23 Move class to its own file 2012-04-05 20:59:50 +02:00
de4dot
237732e98e Refactor 2012-04-05 20:45:16 +02:00
de4dot
da0878d765 Restore types that are generic parameters 2012-04-05 19:38:05 +02:00
de4dot
a38fe57ec1 Add CSVM devirtualizer 2012-04-05 19:15:10 +02:00
de4dot
0adbb3e70a Move code to a new class 2012-04-05 18:05:27 +02:00
de4dot
1ead27107b Don't add to list if null 2012-04-05 17:06:27 +02:00
de4dot
9cfe8431f6 Add shared deobfuscator data/methods 2012-04-04 21:06:10 +02:00
de4dot
7c8259905b Update CO code. Fixes #39 2012-03-31 13:53:33 +02:00
de4dot
ab3c970cf4 Remove useless using statement 2012-03-29 04:52:39 +02:00
de4dot
ec775b9ef5 Support another SK string encrypter 2012-03-27 15:33:57 +02:00
de4dot
065927f702 Use the property 2012-03-27 15:23:27 +02:00
de4dot
d1e499454e Rename locals and fix problem with huge strings 2012-03-27 02:27:26 +02:00
de4dot
6e188aa7e0 Decrypt MC encrypted strings 2012-03-26 22:07:01 +02:00
de4dot
e76321aaad Remove unused method 2012-03-26 20:12:07 +02:00
de4dot
716098d33a Change locals to instance variables 2012-03-26 19:34:09 +02:00
de4dot
e62d4f910a Update detection of MC type 2012-03-24 19:35:38 +01:00
de4dot
4e042166b9 Fix getSectionHeader() 2012-03-24 19:13:58 +01:00
de4dot
b323612508 New version: 1.7.4 2012-03-23 10:14:26 +01:00
de4dot
efd317489d Support latest EF 3.3.143 2012-03-23 10:13:59 +01:00
de4dot
8ca040f0da Use callsMethod() 2012-03-21 03:49:28 +01:00
de4dot
7f1bad748e Add more asm search paths 2012-03-21 03:37:10 +01:00
de4dot
ad5a759cd9 Remove useless cases 2012-03-21 03:19:26 +01:00
de4dot
1e9b20e432 Support EF obfuscated CF assemblies 2012-03-18 22:59:34 +01:00
de4dot
e1292b2930 Add some more assembly search paths 2012-03-18 19:15:33 +01:00
de4dot
353673811b Fix problem where some WinForm property names weren't restored 2012-03-18 12:55:21 +01:00
de4dot
4b81854ea5 Restore resource names ending in ".g.resources" 2012-03-17 22:12:51 +01:00
de4dot
6f01d48593 Change getCalledMethods() return type 2012-03-17 20:36:41 +01:00
de4dot
0b858c47ed Support DS obfuscated SL assemblies 2012-03-17 15:02:48 +01:00
de4dot
37450a1515 Support old DS 3.0.3.41 - 3.0.4.44 2012-03-17 14:11:37 +01:00
de4dot
48c7d40fb6 Inline method 2012-03-17 11:19:03 +01:00
de4dot
a3b052d15c Should be "continue" 2012-03-17 11:18:52 +01:00
de4dot
9ecc5a313f Support EF obfuscated SL assemblies 2012-03-16 23:22:24 +01:00
de4dot
d9aec67fcb Rename 2012-03-16 22:39:50 +01:00
de4dot
996a245ba3 New version: 1.7.3 2012-03-15 23:39:42 +01:00
de4dot
ce9add13cb Support CO obfuscated SL/CF assemblies 2012-03-15 22:36:23 +01:00
de4dot
0537a2edce Use getModuleTypeCctor() 2012-03-15 09:38:52 +01:00
de4dot
67cb85e7ce Update detection of obfuscator types 2012-03-15 09:15:12 +01:00
de4dot
e4fe749559 Use hasInteger() method 2012-03-15 02:19:35 +01:00
de4dot
27f382a017 Support a (new?) version of CryptoObfuscator. Fixes #33 2012-03-14 22:28:20 +01:00
de4dot
a405edf0fd Support latest DeepSea version (4.0.4.32) 2012-03-13 20:37:33 +01:00
de4dot
ada90b1294 Add another CO detection check 2012-03-13 20:27:41 +01:00
de4dot
e949d8c926 Add support for latest EF 3.3.136 2012-03-13 09:26:40 +01:00
de4dot
8c5c055066 New version: 1.7.2 2012-03-11 15:59:36 +01:00
de4dot
7e1bf542af Support a new EF 3.3 version that was released 1-2 days ago 2012-03-11 15:59:25 +01:00
de4dot
f5ee6e3e5e Move dll files to a bin sub dir 2012-03-10 20:47:42 +01:00
de4dot
7d4c791575 Update detection of SA v2 string decrypter 2012-03-10 05:32:50 +01:00
de4dot
fafa60c4c9 Update expressions 2012-03-10 05:31:07 +01:00
de4dot
8b220697e0 New version: 1.7.1 2012-03-08 19:51:02 +01:00
de4dot
4e997910e4 Update detection of string decrypter type 2012-03-08 19:21:54 +01:00
de4dot
a41ea0969f Call initAllTypes() before resolveAllRefs() to make sure baseType is initialized 2012-03-08 19:03:43 +01:00
de4dot
51fe58c4cd Merge branch 'new_code' 2012-03-08 18:03:25 +01:00
de4dot
38fb775a7e Use hasReturnValue() method 2012-03-08 18:03:12 +01:00
de4dot
3cde99b2e7 Remove overrides field 2012-03-08 17:57:35 +01:00
de4dot
4a7b4f4111 Update name regex 2012-03-08 16:15:19 +01:00
de4dot
674201e98c Rename 2012-03-08 13:23:01 +01:00
de4dot
072bb4b5ce Update code since cecil removed global asm resolver 2012-03-08 11:09:51 +01:00
de4dot
b4525ed58d Support EF 3.3 2012-03-06 10:43:06 +01:00
de4dot
5c943d759d Check base types for property/field 2012-03-03 18:23:53 +01:00
de4dot
77f1f2de67 Rename custom attribute fields and properties 2012-03-03 06:13:35 +01:00
de4dot
c3c92ebfaa New version: 1.7.0 2012-03-01 22:14:23 +01:00
de4dot
48d6a3b6fc Merge branch 'mc' 2012-03-01 22:10:36 +01:00
de4dot
86987518d6 Method should not be public 2012-02-29 11:41:07 +01:00
de4dot
9bf30e165c Rename classes 2012-02-29 11:41:06 +01:00
de4dot
9791e63e51 Engrish 2012-02-29 11:41:05 +01:00
de4dot
8740ba8419 Rename variable 2012-02-29 11:41:04 +01:00
de4dot
167368f488 Attributes are worth less 2012-02-29 00:13:57 +01:00
de4dot
b27635f493 Remove sealed flag from interfaces 2012-02-28 23:57:48 +01:00
de4dot
ec30ec7b07 Add CF 2.0/3.5, SL 2.0 ref asm search paths 2012-02-28 22:36:35 +01:00
de4dot
e6d0c4a043 Move version detection to a new class 2012-02-28 22:30:22 +01:00
de4dot
77228ecfca Update name regex 2012-02-28 22:24:08 +01:00
de4dot
68b4315e95 Update detection of the type and remove another type 2012-02-28 20:49:03 +01:00
de4dot
269b695245 Update detection of that type 2012-02-28 20:44:05 +01:00
de4dot
c970e1f6ca Support v3.0 - 3.1 2012-02-28 19:42:19 +01:00
de4dot
acb53f535b Throw if init fails 2012-02-28 18:18:13 +01:00
de4dot
f37e5a12d0 Restore calls to Assembly::GetManifestResourceXXX methods 2012-02-28 18:17:33 +01:00
de4dot
d740a3f5f6 Move GetManifestResourceStream code to a new class 2012-02-28 18:14:41 +01:00