monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,735 Commits 2 Branches 1 Tag 5 MiB
ff708f8116
Commit Graph

1288 Commits

Author SHA1 Message Date
de4dot
edd855ad19 Merge branch 'master' into newcode 2012-01-09 07:55:09 +01:00
de4dot
665a170b9b Make sure HasFieldRVA flag is set 2012-01-09 07:55:01 +01:00
de4dot
a717f5895a Merge branch 'master' into newcode 2012-01-09 06:14:09 +01:00
de4dot
6a8a036687 Add another check to detect COM type 2012-01-09 06:13:55 +01:00
de4dot
c9e5b8e91e Update code to handle v3.5 obfuscated assemblies 2012-01-09 05:50:32 +01:00
de4dot
1805022073 Merge branch 'master' into newcode 2012-01-09 05:30:49 +01:00
de4dot
fd12b92e4b Update detection due to new cflow deob code 2012-01-09 03:19:13 +01:00
de4dot
496941258a Support v4.2 2012-01-08 21:48:37 +01:00
de4dot
b02cb11a61 Merge branch 'master' into newcode 2012-01-08 19:09:18 +01:00
de4dot
2f1ec392b9 Update detection of offset field 2012-01-08 19:08:23 +01:00
de4dot
0398666c93 Update detection of <Module> type 2012-01-08 18:46:23 +01:00
de4dot
28f8bdcc89 Some fixes 2012-01-08 18:38:37 +01:00
de4dot
cb21940841 Merge branch 'master' into newcode 2012-01-08 01:31:51 +01:00
de4dot
d295fa24a2 Ignore refs and defs from other modules 2012-01-08 01:30:57 +01:00
de4dot
f9592f5fdc Method was renamed in master 2012-01-07 20:31:06 +01:00
de4dot
134869db6d Merge branch 'skater' into newcode 
Conflicts:
	de4dot.cui/Program.cs
 2012-01-07 20:29:07 +01:00
de4dot
b647a9387b Merge branch 'goliath' into newcode 2012-01-07 20:28:10 +01:00
de4dot
44e58066b3 Add support for another obfuscator 2012-01-07 20:27:07 +01:00
de4dot
03a27110e7 Rename method to toInt32() 2012-01-07 19:14:15 +01:00
de4dot
951906d7e5 Move file 2012-01-07 00:05:43 +01:00
de4dot
a54cfbf996 Update detection of string decrypter type 2012-01-07 00:04:31 +01:00
de4dot
30798c6b08 Ignore result if it isn't a string 2012-01-05 17:24:31 +01:00
de4dot
d6f3ff64b9 Remove "castclass System.String" if present 2012-01-05 17:16:38 +01:00
de4dot
8d57bf741e Make sure correct integer value arg is boxed for string decrypter 2012-01-05 16:23:53 +01:00
de4dot
115641fc6b Pass caller token to string decrypter 2012-01-05 16:22:26 +01:00
de4dot
93d801997e Make sure the new property names are unique 2012-01-04 09:42:01 +01:00
de4dot
20222561b3 Add System.Object as base type if needed 2012-01-03 20:14:28 +01:00
de4dot
9a7d28472d Remove new lines when printing method/type names 2012-01-03 19:52:40 +01:00
de4dot
6963e89581 Update detection of delegate fields and remove useless method 2012-01-03 19:22:45 +01:00
de4dot
d3c801efb6 Add code to initialize arrays 2012-01-03 15:25:25 +01:00
de4dot
6e80b5bb94 Move bool inliner and create some more useful value inliners 2012-01-03 10:38:09 +01:00
de4dot
e79ee9832d Add desDecrypt(). Move deflate() to DeobUtils. 2012-01-02 22:35:02 +01:00
de4dot
ba43220da2 Update code for GO 5.6.0 2012-01-02 07:02:43 +01:00
de4dot
b23c35e049 Update detection code 2012-01-01 18:50:46 +01:00
de4dot
417fe04bba Don't need to detect GO here anymore 2012-01-01 18:15:32 +01:00
de4dot
7d39c543cc Refactor code 2012-01-01 13:02:16 +01:00
de4dot
90ebd92333 Method was renamed in master 2012-01-01 12:11:09 +01:00
de4dot
463d97dd81 Merge branch 'master' into goliath 2012-01-01 12:10:03 +01:00
de4dot
07768cefd1 Merge branch 'master' into skater 2012-01-01 12:09:35 +01:00
de4dot
ac30b8c213 Rename method to getValues() 2012-01-01 12:09:16 +01:00
de4dot
970ef14266 Restore method arg names 2012-01-01 12:07:16 +01:00
de4dot
66b3061444 Remove useless method and only rename if not renamed 2012-01-01 12:06:40 +01:00
de4dot
1f7f9958ab Update code 2012-01-01 12:06:01 +01:00
de4dot
1b98808558 Merge branch 'master' into goliath 2011-12-31 16:35:01 +01:00
de4dot
b3a29a7be1 Merge branch 'master' into skater 2011-12-31 16:34:01 +01:00
de4dot
e744e24a51 Use methods dict 2011-12-31 16:32:57 +01:00
de4dot
99350b456d Use the methods dict 2011-12-31 16:15:38 +01:00
de4dot
cd359243a2 Remove unused method 2011-12-31 16:00:11 +01:00
de4dot
6b629f20c7 Use aesDecrypt() method 2011-12-31 15:12:41 +01:00
de4dot
f2115b77bb Merge branch 'master' into goliath 2011-12-31 15:07:35 +01:00
de4dot
8df6561061 Add Skater .NET support 2011-12-31 13:14:02 +01:00
de4dot
eb63c27fc9 Add des3Decrypt() method 2011-12-31 12:58:32 +01:00
de4dot
d344c05404 Merge branch 'master' into goliath 2011-12-29 14:18:21 +01:00
de4dot
288aa20c5c Update namespace renaming code 
Two different namespaces with the same names in different modules will now
be renamed to two different names, eg. ns0 and ns1 instead of the same
name, eg. ns0.
 2011-12-29 14:16:00 +01:00
de4dot
08eafd1080 Remove useless overrides 2011-12-29 14:04:43 +01:00
de4dot
1fc70d8d9e Add Goliath.NET obfuscator support 2011-12-29 08:26:36 +01:00
de4dot
b52c5f12fe Add InitializedDataCreator field to base class 2011-12-29 08:23:46 +01:00
de4dot
b930e8fd97 Add InitializedDataCreator class 2011-12-29 08:22:41 +01:00
de4dot
3e70d1fa63 Use field dict and update code 2011-12-28 13:33:10 +01:00
de4dot
8de51ca227 Update code that removes methods and types 2011-12-28 13:30:44 +01:00
de4dot
ffbceae488 Update methods inliner code 2011-12-28 13:28:17 +01:00
de4dot
dd588bf9f8 Add MethodCollection class 2011-12-28 13:26:04 +01:00
de4dot
ad59501474 Add findAny() methods 2011-12-28 13:24:02 +01:00
de4dot
2a89e28b5e New version: 1.4.1 2011-12-26 20:41:16 +01:00
de4dot
c14eef2750 Update code for SA 1.x-3.x obfuscated assemblies 2011-12-26 20:40:18 +01:00
de4dot
f468aebda5 Dump resources in applications (library mode) 2011-12-26 20:32:42 +01:00
de4dot
f88d57a206 Don't load method bodies if --no-cflow-deob is used and no types removed 2011-12-26 20:30:30 +01:00
de4dot
0a4fb0619b Move to DNR dir 2011-12-26 20:28:48 +01:00
de4dot
ed97f9a826 Add getExtension() method 2011-12-26 20:27:57 +01:00
de4dot
259ec3455b Rename method 2011-12-25 23:10:17 +01:00
de4dot
dd3b929021 Remove MethodImplAttributes and update log message 2011-12-25 23:06:37 +01:00
de4dot
c295d03078 Remove namespace from nested types 2011-12-25 23:03:53 +01:00
de4dot
c1838bec35 Update log messages 2011-12-23 17:48:10 +01:00
de4dot
bb886f2bdb Ignore errors during method deobfuscation. A warning message is logged. 2011-12-23 17:28:20 +01:00
de4dot
7ed11cffb9 New version: 1.4.0 2011-12-22 23:53:59 +01:00
de4dot
a0d65b2e86 Rename method 2011-12-22 23:51:26 +01:00
de4dot
24076419dc Rename method, update code 2011-12-22 23:50:33 +01:00
de4dot
63648a9505 Update detection of ASN code 2011-12-22 19:17:57 +01:00
de4dot
1a1350410a Only call patcher if we need to patch it 2011-12-22 19:17:48 +01:00
de4dot
1b32fdd3b6 Write warning message if we couldn't unpack it 2011-12-22 18:48:24 +01:00
de4dot
c86daacda8 Add workaround for DNR patch bug 2011-12-22 17:40:21 +01:00
de4dot
a38781c1d0 Support SA 1.x-3.x 2011-12-22 05:41:28 +01:00
de4dot
222132f43b Remove useless using directive 2011-12-22 05:37:29 +01:00
de4dot
7b71a565ec Move method to DotNetUtils 2011-12-22 05:37:10 +01:00
de4dot
823d3b07a7 Refactor string decrypter 2011-12-21 19:22:23 +01:00
de4dot
d24da2f24c Move method to base class 2011-12-21 19:21:06 +01:00
de4dot
f87fabd6aa Move DNR v3 and v4 code to a DNR sub dir 2011-12-21 18:55:36 +01:00
de4dot
03ff9a61cb Update strings 2011-12-21 18:30:37 +01:00
de4dot
a473f9eb02 Remove native lib linked resource 2011-12-21 18:20:59 +01:00
de4dot
4abe33f729 Remove obfuscator init calls from .ctors 2011-12-21 18:12:04 +01:00
de4dot
9136e674e5 Add anti strong name code 2011-12-21 18:04:49 +01:00
de4dot
1fd7319b19 Move patcher code to DecrypterType 2011-12-21 16:56:12 +01:00
de4dot
1e7dbfad97 Refactor 2011-12-21 07:13:19 +01:00
de4dot
2a651f5b5e Update code and fix some bugs 2011-12-21 06:41:42 +01:00
de4dot
289c11b296 Refactor 2011-12-21 06:41:06 +01:00
de4dot
795ab8bee1 Update detection code 2011-12-21 06:40:10 +01:00
de4dot
13b84383f2 Update detection code 2011-12-21 06:39:56 +01:00
de4dot
134c20c794 Add Win32Path class 2011-12-21 06:39:12 +01:00
de4dot
25869c9ff8 Add FileHeaderOffset property 2011-12-21 06:38:44 +01:00
de4dot
74b8299ef2 Remove native lib module refs 2011-12-21 00:41:09 +01:00
de4dot
c516d61ad7 Decrypt library mode files 2011-12-21 00:31:27 +01:00
de4dot
15b4cefe89 Move method to base class 2011-12-21 00:30:17 +01:00
de4dot
0d92b37536 Create DNR3 dir 2011-12-20 21:47:45 +01:00
de4dot
dd60af245a Unpack DNR 3.x application mode files 2011-12-20 20:16:57 +01:00
de4dot
746997dfe3 Add DNR 3.x application mode unpacker 2011-12-20 20:16:18 +01:00
de4dot
4a0a3fb2fc Add isCompressed() method 2011-12-20 20:13:37 +01:00
de4dot
87b4f70de9 Add decrypt() method 2011-12-20 20:13:08 +01:00
de4dot
4444b143fd Add method to get int32 array 2011-12-20 20:12:47 +01:00
de4dot
b60d53ea77 Add some more methods 2011-12-20 20:11:32 +01:00
de4dot
bc5d829714 Also check ldftn opcodes 2011-12-19 15:44:23 +01:00
de4dot
f7f77a821c Use the SetMethod property 2011-12-19 15:43:40 +01:00
de4dot
b96ab54ba6 New version: 1.3.8 2011-12-16 19:34:55 +01:00
de4dot
dd8d0d0e83 Use new method/field dictionaries 2011-12-16 19:33:44 +01:00
de4dot
f30b0ef749 Add type, method, field, prop, event dictionaries 2011-12-16 18:56:45 +01:00
de4dot
2a0e92eaff Assembly resolver now parses *.config files 2011-12-15 16:28:27 +01:00
de4dot
d35e92b53c Update field type 2011-12-15 16:17:04 +01:00
de4dot
929d943112 Update deobfuscator 2011-12-15 16:16:21 +01:00
de4dot
c73459f1be New version: 1.3.7 2011-12-11 12:38:48 +01:00
de4dot
00f7b7feda The real Main() may be called from a DNR-created Main() method 2011-12-11 11:08:32 +01:00
de4dot
78bb21832e Fix bug by resetting stream offset 2011-12-09 23:43:02 +01:00
de4dot
e7ea01f87d Move console code to new de4dot.cui assembly 2011-12-09 09:02:06 +01:00
de4dot
0fd4ddf209 Change type from ez to ef 2011-12-08 09:53:13 +01:00
de4dot
5247927eff Update regex 2011-12-08 09:52:23 +01:00
de4dot
5b7806cc1f New version: 1.3.6 2011-12-06 17:38:30 +01:00
de4dot
5ccc8e0fda Add prop/event override prefix 2011-12-06 02:45:28 +01:00
de4dot
731d302741 Pass the getter and setter methods to createProperty() 2011-12-05 23:47:48 +01:00
de4dot
6073106cfe Restore explicitly overridden props/events 2011-12-05 18:11:34 +01:00
de4dot
04940d785c Update version: 1.3.5 2011-12-04 20:02:18 +01:00
de4dot
b2801872d7 Update detection of invalid types when restoring field/method arg types 2011-12-04 20:01:02 +01:00
de4dot
427abbce79 Update detection of WinForms field names 2011-12-04 19:09:21 +01:00
de4dot
99cec56165 Update renamer code. Check for unresolved type and generic params 2011-12-04 18:22:47 +01:00
de4dot
7a6af40832 Update version: 1.3.4 2011-12-03 14:33:37 +01:00
de4dot
c9d4dc2268 Update renamer code so a compiler can compile the decompiled output 
- property Byte[]_0 => Byte_0
- property ICollection.Boolean_0 => ICollection.IsSynchronized
- property pByte_0 => PByte_0
- property T_0 => Prop_0
- property indexer => Item
 2011-12-03 14:28:10 +01:00
de4dot
0d18298b49 It's no longer beta! :) 2011-12-02 18:50:36 +01:00
de4dot
973e958ff1 Add better check for invalid entries 2011-12-02 18:48:01 +01:00
de4dot
0db4222c10 Update version: 1.3.3 2011-12-02 15:21:18 +01:00
de4dot
160527447c Fix bug in methods decrypter 2011-12-02 15:20:27 +01:00
de4dot
b8564335b8 Remove stack frame helper code only if the option is enabled 2011-12-02 15:20:09 +01:00
de4dot
49701686e5 Update version: 1.3.2 2011-12-02 13:19:38 +01:00
de4dot
af0ff59794 Always rename P/Invoke methods 2011-12-02 13:18:22 +01:00
de4dot
d913c61df6 Fix some todos 2011-12-02 00:43:49 +01:00
de4dot
2734a9ee95 Update the code that resolves typedefs 2011-12-01 22:32:09 +01:00
de4dot
d6ba1fa2d5 Add p prefix to types 2011-12-01 22:30:43 +01:00
de4dot
ec896da8ab Unpack .NET 1.x DNR native images 2011-12-01 14:16:23 +01:00
de4dot
82d1de5ae3 Remove *-x86 projects. Default is now x86. 2011-11-30 20:38:59 +01:00
de4dot
2f58cea471 Update the code 2011-11-30 20:27:49 +01:00
de4dot
2174011a35 Print a message after unpacking a native file 2011-11-30 20:22:52 +01:00
de4dot
3311e28a87 Don't re-read native file after unpacking it 2011-11-30 20:19:50 +01:00
de4dot
68d962fb6e Return null if inflated data isn't an MZ file 2011-11-30 19:10:56 +01:00
de4dot
8637ef5e1a Unpack DNR 4.0-4.4 + .NET 2.0+ native files 2011-11-30 19:06:25 +01:00
de4dot
20a10c92ee Warn if unpacked data could not be loaded 2011-11-30 19:05:20 +01:00
de4dot
fde811d183 Move isCode() to DeobUtils 2011-11-30 19:04:49 +01:00
de4dot
b7a44b459d Add code to unpack DNR 4.0/4.1 + .NET 2.0+ native files 2011-11-30 18:28:48 +01:00
de4dot
f567e09845 Add 'using de4dot.PE' 2011-11-30 18:27:01 +01:00
de4dot
28ec2485fc Update code to handle unpacked native images 2011-11-30 18:26:36 +01:00
de4dot
26f4afeff3 Rename class to StreamXXX if it's a stream class 2011-11-30 18:24:43 +01:00
de4dot
27e7c76636 Add code to read win32 resources 2011-11-30 18:23:47 +01:00
de4dot
98342f2a0c Move read file code to Utils 2011-11-30 18:21:01 +01:00
de4dot
4a26534ad0 Don't remove proxy delegate types and creator type if errors were detected 2011-11-28 11:45:48 +01:00
de4dot
d7c42185a8 Update detection of CliSecureRT type 2011-11-28 11:25:18 +01:00
de4dot
dab8907f8c Detect EZ version 2011-11-27 08:28:17 +01:00
de4dot
04ae6e116f New version: 1.3.1 2011-11-26 12:34:59 +01:00
de4dot
a90fd1fa2f Update detection of the empty class 2011-11-26 12:34:17 +01:00
de4dot
cec8758ed2 Check if there are any refs left to the decrypter type 2011-11-26 12:21:18 +01:00
de4dot
df6678626e Print total number of encrypted methods 2011-11-26 12:20:04 +01:00
de4dot
0ce27f8a2d Print some info about the encrypted native methods 2011-11-25 15:33:13 +01:00
de4dot
51892f62a2 Re-encrypt native methods 2011-11-25 15:24:12 +01:00
de4dot
07f0376b45 Add methods to encrypt resource data, and set new data 2011-11-25 15:21:29 +01:00
de4dot
d9a776aa3f Have DeobfuscatorBase implement IWriterListener 2011-11-25 15:19:56 +01:00
de4dot
cfe85774ab Method prefix should be an empty string 2011-11-25 15:17:12 +01:00
de4dot
900ec1bf07 Add code to dump DNR native methods to a file 2011-11-25 15:16:50 +01:00
de4dot
b259991415 Some fixes: 
- Remove empty class only if methods are inlined
- Don't add .cctor methods to possibly-inlined-methods list
 2011-11-24 23:58:42 +01:00
de4dot
e4e9f6787c New version: 1.3.0 2011-11-24 11:01:08 +01:00
de4dot
0516e4540d Remove calls to empty class 2011-11-24 10:44:01 +01:00
de4dot
eee2c509be Make sure decrypter type is removed 2011-11-24 10:10:39 +01:00
de4dot
17660c225e Update decrypter detection code 2011-11-24 10:08:29 +01:00
de4dot
716870b4bd Make sure InitializeComponent() detection code is called 2011-11-24 10:07:55 +01:00
de4dot
73d1316b2d Add a new random name regex 2011-11-24 07:57:31 +01:00
de4dot
3bfb2e7dc7 Update DNR detection 2011-11-24 07:49:50 +01:00
de4dot
0c4abcc039 Update detection of possibly inlined methods 2011-11-24 06:48:23 +01:00
de4dot
e68cedd44b Update tamper code 2011-11-24 05:25:34 +01:00
de4dot
a0f5a109dd Add p prefix if it's a pointer type 2011-11-24 05:25:04 +01:00
de4dot
9d61d9845d Don't add an override prefix if one of the methods is an iface method 2011-11-23 14:39:52 +01:00
de4dot
99d52b90c5 Revert older commit and print method override prefix 2011-11-23 12:13:41 +01:00
de4dot
4a65770c59 Check each part of the namespace instead of all of it at once 2011-11-23 11:50:34 +01:00
de4dot
ae5001b239 Make sure initializeEventHandlerNames() is called after renaming props 2011-11-23 11:34:11 +01:00
de4dot
80f90d3e6a Update regex 2011-11-23 11:32:36 +01:00
de4dot
f7b117fe18 Restore events 2011-11-23 06:41:28 +01:00
de4dot
0c36e74834 Add option to disable restoring props/events from method names 2011-11-23 05:45:30 +01:00
de4dot
397f5f5b5b Update DNR valid-name-check code 2011-11-23 05:28:57 +01:00
de4dot
550ea19c0b Rename nullable types to better names, eg. int_0 instead of nullable_0 2011-11-23 05:09:34 +01:00
de4dot
1e22947f6a Don't add prop/event 'other' methods to props/events list 2011-11-23 04:42:13 +01:00
de4dot
8d5dae6dcf Update code to pass the new test 2011-11-22 15:56:48 +01:00
de4dot
d4c4d0a425 Don't add override prefix if scope has 2+ methods 2011-11-22 09:49:59 +01:00
de4dot
33f9a466a1 Don't add method to overrideMethods if it already overrides that iface method 2011-11-22 08:57:10 +01:00
de4dot
45cd6bf211 Update the code that renames virtual methods, props, events 2011-11-22 08:14:34 +01:00
de4dot
9953111d1c Rename event add/remove methods' last arg to value 2011-11-21 11:26:02 +01:00
de4dot
7dbb0144ca Check for null args 2011-11-21 11:03:45 +01:00
de4dot
c1ef76fda4 Use correct name when renaming event handlers 2011-11-21 10:56:18 +01:00
de4dot
d7c55cfbc3 Remove old renamer code 2011-11-21 10:37:30 +01:00
de4dot
b2b563ef22 Add more renamer code 2011-11-21 10:36:23 +01:00
de4dot
d014835c7c Add Utils.compareInt32() and use it 2011-11-21 10:32:36 +01:00
de4dot
1b0fbfc681 Add more renamer code 2011-11-18 16:55:54 +01:00
de4dot
e9e0588cb6 Use Utils.StartsWith() since mono's impl is buggy 2011-11-17 04:22:12 +01:00
de4dot
195c7194cb Rename types 2011-11-17 04:17:03 +01:00
de4dot
b58c3843e3 Add code to map virtual methods to base/iface methods 2011-11-16 23:08:27 +01:00
de4dot
79eb228200 Remove module if we don't load it. Restore indent level. 2011-11-16 22:59:04 +01:00
de4dot
75ff534ecd Add removeModule(string) and clearAll() methods 2011-11-16 22:58:02 +01:00
de4dot
3f3814001c Update method sig, rename stuff 2011-11-16 22:56:36 +01:00
de4dot
fa2f0808b1 Add some renamer classes 2011-11-15 14:26:51 +01:00
de4dot
e5da0a1255 Move old renamer code 2011-11-14 21:39:44 +01:00
de4dot
c68540aed7 Remove catch all exception and use latest cecil submodule 2011-11-14 09:44:39 +01:00
de4dot
695da497a7 Set version: 1.2.3 2011-11-14 06:23:03 +01:00
de4dot
d7149abe4e Warn if an unused string decrypter is found 2011-11-14 06:21:43 +01:00
de4dot
cf6387a4c1 Fix some problems with new assemblies 2011-11-12 21:04:24 +01:00
de4dot
d3996b5152 Any type of exception could occur. 2011-11-12 21:01:58 +01:00
de4dot
6bf3de0dee Set version: 1.2.2 2011-11-12 16:57:00 +01:00
de4dot
c62ca29df5 Update code for DNR 4.3+ obfuscated assemblies 2011-11-12 16:04:51 +01:00
de4dot
b80024bbc5 Find the method in a nested class (DNR 4.3+) 2011-11-12 15:22:17 +01:00
de4dot
07826f133e Update names since it's anti strong name code 2011-11-12 15:15:47 +01:00
de4dot
d9e138bbe1 Strong name sign all assemblies (except tests) 
You must create your own private de4dot.key file in the root source dir
before compiling:
	sn -k de4dot.snk
 2011-11-12 14:08:25 +01:00
de4dot
7df264d59c Remove tamper detection code 2011-11-12 13:31:08 +01:00
de4dot
4b335f9489 Add a TypeLong property 2011-11-12 11:31:07 +01:00
de4dot
76825d3a9b Encrypted resources aren't always using the public key token 2011-11-12 11:19:10 +01:00
de4dot
572d9d376d Update version: 1.2.1 2011-11-11 21:00:42 +01:00
de4dot
0318c85a07 Convert 'return some_int' native methods to CIL code 2011-11-11 20:55:39 +01:00
de4dot
a3e7d9c9d6 Update version: 1.2.0 2011-11-10 14:55:40 +01:00
de4dot
183619f979 Remove String.Intern() calls when decrypting strings 2011-11-10 14:51:19 +01:00
de4dot
fb4128cbfb Update a few strings 2011-11-10 14:48:33 +01:00
de4dot
f7639fc5a7 Update help message 2011-11-10 10:08:55 +01:00
de4dot
fdd6e55587 Sort the list of namespaces before printing the result 2011-11-10 00:57:27 +01:00
de4dot
ff3b1b0ecc Rename random names 2011-11-10 00:47:22 +01:00
de4dot
3e803ef6d8 Read at most 2MB at a time from files 2011-11-10 00:44:37 +01:00
de4dot
c562c335e8 Add option to remove namespace if there's only one class in it 2011-11-09 12:08:48 +01:00
de4dot
ff0c0cddbd Update WinForms renaming code 2011-11-09 11:28:34 +01:00
de4dot
ca232b521a Update regex 2011-11-08 22:11:19 +01:00
de4dot
c6bdd51573 Rename --dr-dump-embedded -> --dr-embedded 2011-11-08 21:43:57 +01:00
de4dot
22739f5cd9 Remove decrypter type (all refs to it should be gone now) 2011-11-08 21:27:03 +01:00
de4dot
3bfb100fd5 Add resource decrypter 2011-11-08 19:32:10 +01:00
de4dot
0f627d728c Use new FieldTypes code 2011-11-08 19:27:27 +01:00
de4dot
fec1ec7e35 Add FieldTypes class and re-use LocalTypes code 2011-11-08 19:26:59 +01:00
de4dot
6d1cca149a Only check static methods 2011-11-08 11:36:09 +01:00
de4dot
c381423c48 Remove metadata token obfuscator type 2011-11-08 10:39:35 +01:00
de4dot
4e8f8a295b Remove assembly resolver type only if we're inlining methods 2011-11-08 10:37:39 +01:00
de4dot
8c91b56cb5 Save embedded assemblies to disk 2011-11-08 10:27:18 +01:00
de4dot
5e3beef064 Remove unused variable 2011-11-08 10:26:27 +01:00
de4dot
a70b740088 Update printStackTrace() output 2011-11-08 10:26:07 +01:00
de4dot
7617d92b3b Decrypt methods encrypted with the new methods encrypter 2011-11-07 16:16:18 +01:00
de4dot
a94d1406db Rename some fields, and only remove types/etc if users wants it 2011-11-06 18:01:37 +01:00
de4dot
045e6ecf73 Use better property names 2011-11-06 15:24:30 +01:00
de4dot
a4e4a7284e Add Xenocode support (dumped modules only) 2011-11-06 14:42:52 +01:00
de4dot
d60ab64c25 Move code to read module data to DeobUtils.cs 2011-11-06 13:46:50 +01:00
de4dot
f87e338583 Update text when reloading an assembly 2011-11-06 12:34:09 +01:00
de4dot
7821fc03bf Remove support for .methods files. 2011-11-06 12:26:41 +01:00
de4dot
f424e8eabf Add static methods decrypter and refactor into multiple classes 2011-11-06 12:19:26 +01:00
de4dot
a0509d2735 Use the new lookup() method 2011-11-06 12:18:35 +01:00
de4dot
4ecedb5b01 Don't check whether method is virtual 2011-11-06 12:17:20 +01:00
de4dot
bee77cdfe7 Make delegateCreatorMethods list protected 2011-11-06 12:16:30 +01:00
de4dot
fb2707a49b Add lookup() generic method. Useful when reloading module. 2011-11-06 12:16:06 +01:00
de4dot
9a21b09fac Reset module name when reloading from byte[] 2011-11-06 12:15:24 +01:00
de4dot
a369d36553 Add compare() byte[] method 2011-11-06 12:14:16 +01:00
de4dot
9818f675cd Add some more methods 2011-11-06 12:13:31 +01:00
de4dot
75a464a7f4 Merge branch 'master' into dnr 2011-11-05 14:27:40 +01:00
de4dot
51fc70169d Handle case where asm resolver returns a later version 2011-11-05 13:58:03 +01:00
de4dot
432c321bab Catch SecurityDeclaration resolve exception 2011-11-05 10:30:38 +01:00
de4dot
198d5c3f74 Remove memory manager from Main() 2011-11-05 10:10:36 +01:00
de4dot
34a11ee555 Create methods to check whether a file/dir exists 2011-11-05 09:56:51 +01:00
de4dot
fe2fe0befe Add Visual Studio public assemblies search paths 2011-11-05 09:45:34 +01:00
de4dot
65a9e7dbc1 Add Silverlight assembly search paths 2011-11-05 09:35:36 +01:00
de4dot
93ad40d218 Rename --asmpath option to --asm-path 2011-11-05 08:43:40 +01:00
de4dot
81d890d94e Don't update method header max stack field if no cflow deob 2011-11-05 08:36:36 +01:00
de4dot
a23a889776 Ignore resolve errors. It's likely an obfuscator bug. 2011-11-05 08:08:16 +01:00
de4dot
13d5f8e37d Ignore assemblies that contain native code 2011-11-05 08:04:14 +01:00
de4dot
c66c062753 Fix problem when HasPInvokeInfo == true but PInvokeInfo == null 2011-11-05 07:46:24 +01:00
de4dot
f524989a1e Re-arrange some code 2011-11-05 07:42:58 +01:00
de4dot
2236300943 Update renamer to better rename methods and args 
Finds InitializeComponent() method and renames it if necessary.
Finds all event handlers and names the args sender and e respectively.
Finds all field event handlers and names them <field>_<event>, eg.
button_Click.
 2011-11-04 19:08:23 +01:00
de4dot
7486b73da3 Restore original WinForms class and field names 2011-11-04 15:39:16 +01:00
de4dot
df507526ba Update renamer code so it's less likely to use an existing name 2011-11-04 13:59:43 +01:00
de4dot
e01e3c4e7f Update valid name regex 2011-11-04 11:01:21 +01:00
de4dot
131a57342d Force field type to same type newobj/newarr calls 2011-11-04 08:22:25 +01:00
de4dot
49b2976965 Handle call instrs with invalid metadata tokens 2011-11-04 07:43:24 +01:00
de4dot
4ce90dbfc0 Only print "found native code" warning once 2011-11-04 07:37:33 +01:00
de4dot
bd3b1e9b20 Check for null before calling unload() 2011-11-04 07:33:14 +01:00
de4dot
37f12ba60f Some small updates 2011-11-04 07:21:12 +01:00
de4dot
30f713f8f8 Rename isDelegateType() -> derivesFromDelegate() 2011-11-04 00:39:48 +01:00
de4dot
e1715adb48 Update default regex 2011-11-04 00:35:07 +01:00
de4dot
c23d770fbc Add special case for delegates 2011-11-04 00:09:51 +01:00
de4dot
8b0bf54d62 Print <arg_N> if arg N name is empty 2011-11-03 23:32:33 +01:00
de4dot
7a0061e39e Don't save ByRef types, and method call should be getEnd(0) 2011-11-03 23:25:07 +01:00
de4dot
17f077e275 Update code to handle more cases 2011-11-03 23:01:51 +01:00
de4dot
b810292cee New files' default name is now origname-cleaned.ext 2011-11-03 20:07:50 +01:00
de4dot
a2ecd85044 Deobfuscator type is now 2 chars 2011-11-03 20:03:32 +01:00
de4dot
e7c42c6532 Print updated types when we're done so everything can be sorted 2011-11-03 19:46:29 +01:00
de4dot
42e7583659 Unload loaded modules when renaming is over 2011-11-03 18:55:14 +01:00
de4dot
98cdcf9ca5 Only protect *Invoke methods. Rename and remove a variable 2011-11-03 18:53:58 +01:00
de4dot
3dd8649859 Merge branch 'master' into dnr 2011-11-03 07:11:10 +01:00
de4dot
f351a09564 Update symbol renamer to load referenced assemblies. 
This way it's possible to use a rename-all regex (.*) without renaming
symbols that shouldn't be renamed (eg. methods that are defined in an
interface in a non-deobfuscated module, eg. Dispose()). A warning is
displayed if an assembly can't be loaded.
 2011-11-03 06:43:33 +01:00
de4dot
96d086ba2b Merge branch 'master' into dnr 2011-11-02 05:58:12 +01:00
de4dot
2a967dc699 Call onTypesRenamed() a little later and update throw message with token 2011-11-02 05:57:10 +01:00
de4dot
c918c8e964 Merge branch 'master' into dnr 2011-11-02 04:57:13 +01:00
de4dot
78960c759c Rebuild dictionaries when types have been renamed 2011-11-02 04:54:54 +01:00
de4dot
b8879e74e6 Merge branch 'master' into dnr 2011-11-02 04:26:12 +01:00
de4dot
ccff408a00 Update code so it can rename duplicate member references 2011-11-02 04:24:22 +01:00
de4dot
c177c2ff42 Don't print message since the code is now much faster 2011-11-02 02:39:53 +01:00
de4dot
e3b767adcc Don't create dest dirs if we're just detecting obfuscators 2011-11-02 02:38:20 +01:00
de4dot
2ddf6b00de Return an empty list instead of null 2011-11-02 02:28:51 +01:00
de4dot
8ff2115083 Remove unused methods, and inline method used only by SA code 2011-11-02 02:25:45 +01:00
de4dot
ade1720d32 Use type cache to look up types (huge speedup in DNR code) 2011-11-02 02:25:07 +01:00
de4dot
1938a1c497 Undo what VS did 2011-11-01 18:56:44 +01:00
de4dot
6a07ee5b5e It's generic code so move it to common parent dir 2011-11-01 18:48:52 +01:00
de4dot
7bdea53134 Check op for null and update detection code 2011-11-01 18:47:26 +01:00
de4dot
6f4447aa98 It's generic code so move it to common parent dir 2011-11-01 18:46:59 +01:00
de4dot
cc8e220281 Also use ldfld/ldflda to detect arg types 2011-11-01 15:53:51 +01:00
de4dot
c354ded987 Add code to restore ldtoken instructions 2011-11-01 15:17:26 +01:00
de4dot
5170e62e21 Add code to remove inlined methods and option to disable it 2011-11-01 14:23:30 +01:00
de4dot
e7ceb50382 Add CanInlineMethods to IDeobfuscator 2011-11-01 14:19:53 +01:00
de4dot
8faf7389ad Restore method return types 2011-11-01 02:22:05 +01:00
de4dot
2e2eafdb57 Add code to restore methods' arg types 2011-10-31 23:58:19 +01:00
de4dot
ed625e256d Restore field types and add option to disable it 2011-10-31 19:41:38 +01:00
de4dot
0ac072cf7b Add class to restore field types. It should work most of the time. 2011-10-31 19:40:57 +01:00
de4dot
5185dc8364 Throw if PInvokeInfo is null. The type was probably removed. 2011-10-31 00:18:11 +01:00
de4dot
6b04c23036 Update decrypter and version detecter code 2011-10-31 00:09:38 +01:00
de4dot
35005a1a51 getStringDecrypterMethods() now adds all string decrypter methods 2011-10-30 19:28:13 +01:00
de4dot
0ddbe16349 Update DNR version number detection code 2011-10-30 06:15:52 +01:00
de4dot
7505f6096f Clear deobfuscation flags when reloading module 2011-10-30 06:14:22 +01:00
de4dot
2ede24598d Detect DNR version 2011-10-29 20:28:29 +02:00
de4dot
efe98949b1 Minor updates 2011-10-29 20:26:59 +02:00
de4dot
37a64f77f2 Index should be set to instruction before we broke out of the loop 2011-10-29 20:25:41 +02:00
de4dot
b57c93eae4 Update DNR methods decrypter code 2011-10-29 03:39:32 +02:00
de4dot
040410d7ce Methods decrypter method could be null 2011-10-29 03:39:08 +02:00
de4dot
def4072bc5 Move array finder code to a new ArrayFinder class 2011-10-29 03:38:09 +02:00
de4dot
0a8d772c22 Decrypt methods sent to the JITter 2011-10-29 02:27:34 +02:00
de4dot
c4d6ba9ae9 Some minor updates 2011-10-29 02:25:31 +02:00
de4dot
3b87ab1294 Update getDecryptedModule() so it can return dumped methods 2011-10-29 02:23:48 +02:00
de4dot
a6dcd03d26 Allow passing dumped methods to reload() 2011-10-29 02:22:36 +02:00
de4dot
0e70d020b4 Add .NET metadata reader (ported from C++) 2011-10-29 02:20:44 +02:00
de4dot
89f90d3e75 Make sure publicKeyToken.Length > 0 2011-10-28 01:44:15 +02:00
de4dot
699ac4378d Support older string decrypter method and detect older methods decrypter 2011-10-28 01:33:05 +02:00
de4dot
eb002895e1 Don't throw if we can't find all method args in the same block 2011-10-28 01:28:08 +02:00
de4dot
09178a6e95 Update methods decrypter and string decrypter 2011-10-27 22:25:44 +02:00
de4dot
39dbf5d9b2 Ignore call if we can't get all args 2011-10-27 22:22:52 +02:00
de4dot
9c83c22469 Add .NET header and a method to more safely write to a .NET PE image 2011-10-27 22:21:45 +02:00
de4dot
5357b4f73c Update code to handle 4.1 obfuscated assemblies 2011-10-27 02:08:30 +02:00
de4dot
93d4ac1c9d Update type name 2011-10-27 02:07:33 +02:00
de4dot
41356b2d30 Check for methods with no body 2011-10-27 02:07:06 +02:00
de4dot
ceca5718ba Remove encrypted resources and call to methods decrypter 2011-10-26 23:00:01 +02:00
de4dot
dfb73f222f Add options to disable decryption of methods and bools 2011-10-26 22:24:31 +02:00
de4dot
63ab61fb12 Deobfuscate cflow again if a bool was decrypted 2011-10-26 22:16:51 +02:00
de4dot
bd7a6763a6 Return number of method calls that were replaced 2011-10-26 22:06:48 +02:00
de4dot
28b73d36ed It's a flags enum so should use unique bits 2011-10-26 22:00:32 +02:00
de4dot
db7edc2a72 Add BoolValueInliner class 2011-10-26 21:05:35 +02:00
de4dot
59863bf8b4 Refactor string decrypter to generic return value inliner class 2011-10-26 20:41:50 +02:00
de4dot
e4f2af221a Add BooleanDecrypter class 2011-10-26 20:23:45 +02:00
de4dot
f37a46a02b Decrypt strings 2011-10-26 19:49:25 +02:00
de4dot
03a8372319 Add readInt32() and readBytes() methods 2011-10-26 19:41:23 +02:00
de4dot
6bde8b8b20 Decrypt some DNR 4.0 non-native obfuscated assemblies 2011-10-26 14:40:55 +02:00
de4dot
1fbe902ed1 Always call detect(), and support reloading decrypted files 2011-10-26 14:32:50 +02:00
de4dot
3f7b1237b4 Don't call GetDirectoryName() if name is "" (loaded from byte[]) 2011-10-26 14:32:10 +02:00
de4dot
4f315fd65a Add reload() method when the file has been decrypted 2011-10-26 14:30:47 +02:00
de4dot
1eaa245618 Should ignore .cctor methods since .ctor is never static 2011-10-26 14:29:57 +02:00
de4dot
bfa0fa14c0 Add decrypt methods to IDeobfuscator. Change some method sigs. 2011-10-26 14:29:12 +02:00
de4dot
794b9dfd77 Add PE image reader/writer code 2011-10-26 14:20:38 +02:00
de4dot
685c5ba79c Add code to detect methods decrypter method 2011-10-25 08:27:36 +02:00
de4dot
6bb6f0930d Remember to create DNR's info class 2011-10-24 19:51:04 +02:00
de4dot
cb5589ee28 Add skeleton DNR file 2011-10-24 19:44:49 +02:00
de4dot
129da2e7f9 Set version 1.1.3 2011-10-24 15:48:19 +02:00
de4dot
46309f2f78 New version: 1.1.2 2011-10-23 22:09:27 +02:00
de4dot
4f02f84d84 Fix problem when resources aren't encrypted or compressed 2011-10-23 22:03:38 +02:00
de4dot
779d1a8a31 Update version to 1.1.1 2011-10-23 20:13:25 +02:00
de4dot
bf00ccca2b Some minor updates 2011-10-23 17:23:33 +02:00
de4dot
f776148574 Add proxy delegate fixer 2011-10-23 13:43:32 +02:00
de4dot
32bb14fa5a Decrypt encrypted SL resources 2011-10-23 09:19:50 +02:00
de4dot
9ad15e63e4 Remove string decrypter type and allow static + dynamic decryption 2011-10-23 09:07:47 +02:00
de4dot
78397f9c4f Remove types CO adds to each assembly 2011-10-23 09:03:00 +02:00
de4dot
a1e6f555ef Update method call remover code 2011-10-23 08:41:33 +02:00
de4dot
c0a8eb1bbd Print name of encrypted strings resource 2011-10-22 18:20:49 +02:00
de4dot
4490c976b3 Find anti-debugger and tamper detection code 2011-10-22 18:13:13 +02:00
de4dot
1a78c2dc8c Remove encrypted resources from output file 2011-10-22 17:29:49 +02:00
de4dot
adc2c277fd Strings and resources are decrypted 2011-10-22 17:13:28 +02:00
de4dot
65dacdf7cd Initialize assemblyInfos in case there's no embedded assemblies 2011-10-22 14:55:43 +02:00
de4dot
50a9421657 Assembly resolver doesn't need resource decrypter 2011-10-22 14:53:24 +02:00
de4dot
3f1b9152bd Add CO deobfuscator. Can decrypt embedded assemblies. 2011-10-22 14:31:38 +02:00
de4dot
99bd79e418 Change to version 1.1.0 2011-10-21 22:27:26 +02:00
de4dot
88f7a31ff1 Print number of removed instructions 2011-10-21 21:35:35 +02:00
de4dot
2ff8a0ea7a Remove old cflow deobfuscator code 2011-10-21 20:35:13 +02:00
de4dot
9d132bfeaf Change --no-control-flow-deob => --no-cflow-deob 2011-10-21 10:38:27 +02:00
de4dot
b1340bc84f Merge branch 'master' into newcode 2011-10-21 10:33:00 +02:00
de4dot
8c924617c3 Update CIL output when -vv is used 2011-10-21 10:32:43 +02:00
de4dot
d76afbf8a1 Ignore ArgumentOutOfRangeException when loading files 2011-10-20 12:28:15 +02:00
de4dot
f79b12d4f3 Make sure blocks are laid out in a verifiable order 2011-10-20 02:58:30 +02:00
de4dot
c8500b4f33 Remove unused local variables 2011-10-20 02:38:44 +02:00
de4dot
7fe71a963a Add inline bool method hack for DNR 2011-10-19 01:53:42 +02:00
de4dot
80acf1d59f Add switch cflow deobfuscator 2011-10-18 23:31:50 +02:00
de4dot
05065d6ac7 Start work on new cflow deobfuscator 2011-10-17 00:22:22 +02:00
de4dot
4c43807de7 Detect SA 1.x-5.1 assemblies 2011-10-13 12:22:17 +02:00
de4dot
01da4a979f Also make sure type.Name is empty 2011-10-12 23:30:57 +02:00
de4dot
58ff833d5c Detect SA 4.x, 5.0, 5.1 2011-10-12 23:16:03 +02:00
de4dot
b3463a3859 Remove automated error reporting code from SA 4.x assemblies 2011-10-12 22:50:19 +02:00
de4dot
9ed55629e6 Print deobfuscated method if -vv 2011-10-12 19:47:51 +02:00
de4dot
38b08dddfd Update DF version attribute parsing 2011-10-10 18:39:42 +02:00
de4dot
08f5b04675 Fix a problem with String.StartsWith() on mono 2011-10-09 13:19:26 +02:00
de4dot
2f5ded924f Get rid of dead code 2011-10-09 12:01:51 +02:00
de4dot
9ade539ecd Update version to 1.0.3 2011-10-08 20:03:10 +02:00
de4dot
5fbda45d6d Add earlyDetect() method to IDeobfuscator 2011-10-08 19:33:12 +02:00
de4dot
d305faae09 Detect another obfuscator 2011-10-08 18:43:22 +02:00
de4dot
5eb824693e Don't throw if invalid visibility 2011-10-08 18:42:09 +02:00
de4dot
c94fea2bfc Remove assembly if --one-file option is used 2011-10-08 15:01:51 +02:00
de4dot
ae9f59c918 Less memory are used when loading files one at a time 2011-10-08 13:33:48 +02:00
de4dot
3719e9a375 AssemblyResolver can now remove old unused assemblies 2011-10-08 13:28:39 +02:00
de4dot
d3fa227f1e Update -ru option text 2011-10-08 12:30:35 +02:00
de4dot
bea3a737d2 Don't rename resource if old name was empty string 2011-10-08 12:17:01 +02:00
de4dot
d69b1b465c Fix SA string decryption problem 2011-10-07 17:32:03 +02:00
de4dot
56da16086b Make sure user tries latest version... 2011-10-07 17:31:27 +02:00
de4dot
8ec3da7080 Update detection and some strings 2011-10-07 17:30:41 +02:00
de4dot
4cca5190da Detect another new obfuscator 2011-10-07 08:45:40 +02:00
de4dot
fa3a6457de Detects a few more obfuscators 2011-10-06 10:33:13 +02:00
de4dot
1c721b017e Detect some unsupported obfuscators 2011-10-05 17:22:56 +02:00
de4dot
d2b621b5b3 Netmodules are better supported now 2011-10-05 08:20:32 +02:00
de4dot
43085bc808 Fix serialization problem when calling exit() 2011-10-03 10:04:33 +02:00
de4dot
062ecaaef2 Ignore emtpy strings when renaming resources in code 2011-09-29 19:00:34 +02:00
de4dot
b71eb587db Make sure field/method ref has a declaring type before resolving it 2011-09-29 10:51:21 +02:00
de4dot
18756f90bf Updated log text 2011-09-29 10:50:10 +02:00
de4dot
004f25d818 Set version to 1.0.2 2011-09-29 01:29:02 +02:00
de4dot
65e0ef359a Enabled reading and loading of files from the network 2011-09-28 23:54:38 +02:00
de4dot
ee60bf14f2 Added 'default' string decrypter type 
Eazfuscator.NET deobfuscator defaults to 'emulate' and the others to
'static'.
 2011-09-28 16:06:10 +02:00
de4dot
500cdcaf1b Not ignoring all PE file load exceptions, but added null ref exception 2011-09-28 02:00:29 +02:00
de4dot
157a125894 Catch all exceptions and print warning if load fails 2011-09-28 01:44:32 +02:00
de4dot
37be012a11 Set Console.OutputEncoding to UTF-8 only if current encoding is single byte 2011-09-28 01:27:46 +02:00
de4dot
2094990a93 Added --one-file option to deobfuscate only one file at a time 2011-09-28 01:19:19 +02:00
de4dot
6fec29daab Func should take a MethodDefinition as first arg 2011-09-28 00:57:17 +02:00
de4dot
eeb12adf87 Removed 'in' and 'out' from delegates 2011-09-27 23:42:06 +02:00
de4dot
cd0e5c0169 Updated resource renaming of code strings 2011-09-27 23:29:38 +02:00
de4dot
c257f16787 Methodsrewriter is now working 2011-09-27 22:06:43 +02:00
de4dot
695dd81b43 Merged master 2011-09-27 02:05:46 +02:00
de4dot
bfca8a351f Updated version number 2011-09-24 18:56:13 +02:00
de4dot
5dd6567fc9 Bug fix. Some methods have a body but 0 instrs 2011-09-24 18:48:15 +02:00
de4dot
9945b8b47c Moved code to blocks assembly 2011-09-24 10:26:29 +02:00
de4dot
865ed5a47a Initial commit 2011-09-22 04:55:30 +02:00