monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,735 Commits 2 Branches 1 Tag 5 MiB
ff708f8116
Commit Graph

1288 Commits

Author SHA1 Message Date
de4dot
43e441ca93 Rename blocks -> de4dot.blocks 2013-10-02 20:49:21 +02:00
de4dot
662c78380a Refactor IAssemblyService 2013-10-02 18:07:28 +02:00
de4dot
f01d0f2073 Fix if condition 2013-09-28 21:28:59 +02:00
de4dot
e70e226916 Clear deobfuscated state for each restored method 2013-09-28 19:51:25 +02:00
de4dot
01dbcd0632 Add ISimpleDeobfuscator::MethodModified() to reset deobfuscated state 2013-09-28 19:43:46 +02:00
de4dot
24b22268e3 Deobfuscate asm resolver method 2013-09-28 19:43:05 +02:00
de4dot
f9ed45c670 Restore ldnull instructions 2013-09-28 19:07:03 +02:00
de4dot
67c9e76276 Inline methods 2013-09-28 14:55:29 +02:00
de4dot
192fd3b66c Merge branch 'master' into co 2013-09-27 19:58:04 +02:00
de4dot
158fb63bba If asm is not SN signed, only use its name, not version, PKT etc 2013-09-26 19:29:02 +02:00
de4dot
d0bee28111 Disable TypeDef cache when removing types etc 2013-09-26 16:36:52 +02:00
de4dot
50ff551898 Use new ModuleDef method to clear TypeDef cache 2013-09-26 16:32:45 +02:00
de4dot
9acec7a033 Make sure decl type exists 2013-09-25 02:17:24 +02:00
de4dot
3d05b408c9 Decrypt arrays 2013-09-25 01:37:53 +02:00
de4dot
b7255bc3b5 Add assembly string separator detection code 2013-09-24 21:44:21 +02:00
de4dot
aabe7f0ad4 dnlib renamed a method 2013-09-20 20:26:17 +02:00
de4dot
b80a1a0b7c Rename variables 2013-04-30 12:15:07 +02:00
de4dot
37af3b3d11 Fix method name 2013-04-30 12:00:03 +02:00
de4dot
35c1820afa Support latest MaxtoCode and two older versions 2013-01-24 18:33:14 +01:00
de4dot
211d1b67f6 Use standard .NET naming convention 2013-01-19 13:03:57 +01:00
de4dot
9ac79e253e Support the latest CryptoObfuscator build 2013-01-15 01:37:21 +01:00
de4dot
8225f79f3c Use a stable sort 2013-01-13 20:57:15 +01:00
de4dot
ecd53ddfc1 New version: 2.0.3 2013-01-12 17:17:15 +01:00
de4dot
88571cbf8b Update CryptoObfuscator deobfuscator 2013-01-10 02:47:53 +01:00
de4dot
05e773018e Update copyright years 2013-01-01 17:03:16 +01:00
de4dot
488f592df3 Update Xenocode deobfuscator 
- Remove a type with thousands of methods
- Fix rename regex
- Fix names of attributes (lowercase c)
- Remove an invalid attribute added to the module
 2012-12-30 12:34:21 +01:00
de4dot
cb929f63dd Don't add a base type if the type is actually System.Object 2012-12-28 12:07:11 +01:00
de4dot
740e206e6d New version: 2.0.2 2012-12-21 17:15:19 +01:00
de4dot
d91f82f0c1 New version: 2.0.1 2012-12-20 19:16:14 +01:00
de4dot
6eeeffe56d New version: 2.0.0 2012-12-20 02:40:09 +01:00
de4dot
e15c74ae3e dnlib submodule was renamed. Update code 2012-12-20 02:06:09 +01:00
de4dot
ba54b607eb Make sure MD header version isn't 1.1 (reset it to 2.0 if so) 2012-12-20 01:45:50 +01:00
de4dot
a7fdbd4206 Support latest MaxtoCode version 2012-12-20 01:34:16 +01:00
de4dot
35849b0f9b Submodule was updated. Fix code 2012-12-19 18:14:47 +01:00
de4dot
9d38345e28 Update error message 2012-12-18 22:56:42 +01:00
de4dot
29725a8262 Detect EF 3.6 2012-12-18 22:55:35 +01:00
de4dot
be2271f932 Add updated submodule 2012-12-16 00:03:56 +01:00
de4dot
d0002f098c Copy license files to a new dir 2012-12-14 19:53:48 +01:00
de4dot
6ce3b44de6 Preserve tokens if VM code couldn't be restored 2012-12-14 16:51:21 +01:00
de4dot
e8a9c0675a Add preserveTokensAndTypes() 2012-12-14 16:50:06 +01:00
de4dot
63f1ec4f93 Update DS string decrypter 2012-12-14 12:40:44 +01:00
de4dot
88d1a8ab89 Inline generic methods that DS added 2012-12-14 12:39:06 +01:00
de4dot
bbb715c93c Update string decrypter 2012-12-14 09:22:36 +01:00
de4dot
bbbdf0b0ff Update array cflow deobfuscator 2012-12-14 09:18:14 +01:00
de4dot
7bcf5b4710 Make sure lastOffset <= fileData.Length (could be a bad dump) 2012-12-13 16:19:34 +01:00
de4dot
bf7c0d58d2 Some fixes 
- Rename offset variables
- Alloc buffer outside the loop
- Read CRC32 checksum outside the loop
- Get rid of a local variable
 2012-12-13 14:03:31 +01:00
de4dot
7e9e691ef3 Support ILProtector 1.0.6.0 - 1.0.6.7 2012-12-13 12:03:25 +01:00
de4dot
1dd572f2ef Add DeobUtils.sha1Sum() 2012-12-13 12:02:52 +01:00
de4dot
cf6af49ae7 Add a CRC32 class 2012-12-13 12:02:41 +01:00
de4dot
3e7d403334 Remove the dynocode declaring types 2012-12-11 12:36:59 +01:00
de4dot
b9d91043fc Support the latest CryptoObfuscator version 2012-12-11 12:02:40 +01:00
de4dot
245d875d5f Support Eazfuscator.NET 3.5 string encrypter 2012-12-11 00:23:16 +01:00
de4dot
d5681d9db4 Emulate instructions instead of finding constants 2012-12-10 21:43:56 +01:00
de4dot
ac7694b237 Add Int64Method property 2012-12-10 21:42:49 +01:00
de4dot
61eff40082 Add props to access the locals / values 2012-12-10 21:42:37 +01:00
de4dot
721cd1578a Update EF version detector 2012-12-10 21:42:14 +01:00
de4dot
dcbcaa098e Work around a bug in EF 2012-12-08 01:12:20 +01:00
de4dot
f5967715f2 Only remove the type if we rename types 2012-12-07 15:07:30 +01:00
de4dot
8e79777cdf Return immediately if there's nothing to do 2012-12-07 15:06:52 +01:00
de4dot
fa4e1fcc6b Add RenamerFlags 2012-12-07 15:06:38 +01:00
de4dot
0ba3a0c1e2 Better support of DNR + .NET 1.x assemblies 2012-12-04 23:58:34 +01:00
de4dot
8e69452edb Support .NET Reactor 4.5 2012-12-04 02:29:41 +01:00
de4dot
faf37a4a47 Use a char[] instead of a StringBuilder since length is known 2012-12-03 01:22:14 +01:00
de4dot
9a4cd237e5 Fix detection of SN string decrypter 2012-12-02 23:24:00 +01:00
de4dot
ca6812bca7 Support latest Rummage 2012-12-02 16:20:25 +01:00
de4dot
8a36c8eea6 Add an option to not rename delegate fields 2012-12-01 04:35:39 +01:00
de4dot
643e155cf8 Add options to preserve rids, heaps 2012-12-01 03:24:12 +01:00
de4dot
dcdbe25a0f Add option to disable creating new ParamDefs when renaming 2012-12-01 02:22:59 +01:00
de4dot
99c7cf8eb5 Load target asm's CLR version when decrypting strings dynamically 2012-12-01 01:40:23 +01:00
de4dot
3e62b328d1 Add FileHeader and OptionalHeader props 2012-11-30 21:04:05 +01:00
de4dot
87b20b00f2 Set new locals by calling SetLocals(), not by writing to the field 2012-11-30 03:24:15 +01:00
de4dot
a2cdfdb9e3 Add AssemblyServer projects for CLR v2.0/4.0 x86/x64 2012-11-23 07:12:43 +01:00
de4dot
9263a3df3d Remove all cecil code/comment refs 2012-11-22 09:14:51 +01:00
de4dot
fd129aa3c0 Remove non-referenced method 2012-11-22 05:50:15 +01:00
de4dot
3a519b51d8 This shouldn't be a warning 2012-11-22 05:50:05 +01:00
de4dot
7ce782215e Print 4.x when DNR 4 version is unknown 2012-11-21 14:20:38 +01:00
de4dot
8858205344 IDeobfuscator now implements IDisposable 2012-11-21 13:57:13 +01:00
de4dot
5b43e33a35 Remove old PeImage code and use the new one 2012-11-21 11:14:20 +01:00
de4dot
ced43ca70b Use File.WriteAllBytes() 2012-11-21 11:07:40 +01:00
de4dot
bcb9a2958c Dispose() of the PEImage 2012-11-21 11:07:25 +01:00
de4dot
9577bd2118 Reset resource data position 2012-11-20 07:53:54 +01:00
de4dot
bde935c6d8 Remove invalid resources 2012-11-20 07:25:10 +01:00
de4dot
e8155e7eb0 Update detection of invalid CV methods 2012-11-20 06:45:23 +01:00
de4dot
989e364481 Fix detection of DS string decrypter 2012-11-20 05:35:05 +01:00
de4dot
87a83a2757 Exit if string decrypter wasn't detected 2012-11-20 04:42:19 +01:00
de4dot
48ce6a29b9 Return an SZArraySig, not an ArraySig 2012-11-20 02:18:18 +01:00
de4dot
5c2237b439 Remove useless property 2012-11-20 01:16:02 +01:00
de4dot
4658e911a2 Reset resource data positions 2012-11-20 01:15:27 +01:00
de4dot
d8e73e70e6 Use MetaDataHeader 2012-11-20 01:14:34 +01:00
de4dot
d9bc6ea480 Fix operand restorer 2012-11-20 01:14:05 +01:00
de4dot
969d41c089 Default name is CliSecure 2012-11-20 01:13:36 +01:00
de4dot
5ce21b18a7 Call IAssemblyResolver.Remove() 2012-11-20 01:13:18 +01:00
de4dot
5ad2e18695 Update code since submodule was updated 2012-11-19 17:58:34 +01:00
de4dot
c5f2043a6e Port SmartAssembly deobfuscator 2012-11-18 17:07:02 +01:00
de4dot
cca8eba9ed Port ILProtector deobfuscator 2012-11-18 08:13:51 +01:00
de4dot
db223d089b Port MaxtoCode deobfuscator 2012-11-18 07:34:51 +01:00
de4dot
2e61a8a757 Move disposing of module to caller 
The reason is that some deobfuscators require it to be non-disposed
when their reload() method is called.
 2012-11-18 07:32:57 +01:00
de4dot
9a8218e68f Add Logger.LogErrorDontIgnore() 2012-11-18 03:20:40 +01:00
de4dot
0e16e3e51b Dispose() of all modules we don't need 2012-11-18 03:17:53 +01:00
de4dot
1c4b3a7382 Port Goliath.NET deobfuscator 2012-11-18 03:02:12 +01:00
de4dot
c596f5ddfc Port Eazfuscator.NET deobfuscator 2012-11-18 01:09:07 +01:00
de4dot
33645432f1 Fix TypesRestorer porting bug 2012-11-18 00:20:07 +01:00
de4dot
e5ab5ee23c Re-encrypt x86 methods if any (DNR v4.x) 2012-11-17 23:49:19 +01:00
de4dot
d52a1014ef Port .NET Reactor v4.x deobfuscator 2012-11-17 18:57:36 +01:00
de4dot
413a032e0a Port .NET Reactor v3.x deobfuscator 2012-11-17 15:46:02 +01:00
de4dot
7e1d16dafb Clear RVA when resetting field type and initial value 2012-11-17 11:45:24 +01:00
de4dot
6a7ddbaa56 Update code; submodule was updated 2012-11-16 23:50:52 +01:00
de4dot
4be5776da7 Also add all methods found in VTableFixups 2012-11-16 20:52:10 +01:00
de4dot
0dc129d340 Fix renaming of non-external pinvoke methods 2012-11-16 02:15:36 +01:00
de4dot
686f9953fd Also remove Spices.Net watermark attribute 2012-11-14 21:45:12 +01:00
de4dot
9e708ed4fd Ignore req/opt modifiers 2012-11-14 21:44:57 +01:00
de4dot
475c597a60 Port Spices.Net deobfuscator 2012-11-14 19:29:29 +01:00
de4dot
445b68f4f5 Don't treat System.Void as a value type 2012-11-14 19:28:46 +01:00
de4dot
226d18dff7 Only set ILOnly if there are no native methods 2012-11-14 11:33:47 +01:00
de4dot
6d43a7d6ee Update code since submodule was updated 2012-11-14 10:23:29 +01:00
de4dot
76d898a285 Keep extra PE data and keep orig Win32 resources 2012-11-13 07:45:34 +01:00
de4dot
8c228e6e70 Also preserve #Blob offsets when preserving MD tokens 2012-11-13 07:44:25 +01:00
de4dot
3bd00c99bc Use NativeModuleWriterOptions when saving a mixed-mode assembly 2012-11-13 07:42:35 +01:00
de4dot
2f6e5badb1 Update code since submodule got updated 2012-11-12 22:06:13 +01:00
de4dot
ac9168599b Use IPEImage.FindWin32ResourceData() 2012-11-12 04:40:48 +01:00
de4dot
3646bca56b Align the numbers 2012-11-11 16:56:29 +01:00
de4dot
99b38ac22f Don't Dispose() of the resource data reader 2012-11-11 14:46:00 +01:00
de4dot
c47039c2ef Don't call logger.v() unless verbose log level is enabled 2012-11-11 11:37:40 +01:00
de4dot
5a9d76e8c7 Speed up DeepSea string decrypter detector 2012-11-11 07:54:26 +01:00
de4dot
b152362088 Update logger 
- It's not static anymore
- It implements ILogger
- It can ignore errors/warnings but an option to disable it
 2012-11-11 05:41:54 +01:00
de4dot
7b0ba43248 UTF8String was moved to DotNet ns. Fix code 2012-11-10 00:45:04 +01:00
de4dot
311a3c9c05 Remove now useless using statements 2012-11-10 00:02:11 +01:00
de4dot
73e15c0919 Change method sig to take a IPEImage instead of a PEImage 2012-11-09 11:34:23 +01:00
de4dot
d47a03f51a Unpack CS packed files 2012-11-09 11:32:29 +01:00
de4dot
d00fcb79e4 Don't remove fields if we should keep all types 2012-11-09 02:15:28 +01:00
de4dot
3b740a4106 Port DeepSea deobfuscator 2012-11-09 00:21:45 +01:00
de4dot
5d25a499aa Port CryptoObfuscator deobfuscator 2012-11-08 22:24:13 +01:00
de4dot
472d57ed0f Use ModuleDefMD.GetAssemblyRef() 2012-11-08 11:26:14 +01:00
de4dot
f2f156dc40 Port CodeWall deobfuscator 2012-11-08 10:40:58 +01:00
de4dot
eb7d4c5f88 Use CreateStream() instead of creating a MemoryStream from a byte[] 2012-11-08 10:16:58 +01:00
de4dot
f6b5a3117f Port CodeVeil deobfuscator 2012-11-08 09:48:05 +01:00
de4dot
10e83acebc Port CodeFort deobfuscator 2012-11-08 07:43:57 +01:00
de4dot
4393df31d9 Update detection of CSVM asm ref 2012-11-08 07:07:02 +01:00
de4dot
f699017197 Port Babel.NET deobfuscator 2012-11-08 07:06:46 +01:00
de4dot
ce6659510e Use ToGenericInstSig() ext method 2012-11-08 07:05:41 +01:00
de4dot
e600696182 Use IBinaryReader.ReadRemainingBytes() 2012-11-07 07:29:39 +01:00
de4dot
ab78e97423 Use the new name of this obfuscator 2012-11-07 05:47:33 +01:00
de4dot
9c64165d15 Add a getDumpedMethod() method 2012-11-07 05:38:06 +01:00
de4dot
583d4201f5 Port Agile.NET deobfuscator 2012-11-07 05:17:45 +01:00
de4dot
cc1e36389d Update resolve{Method,Field}() sigs with a more general arg type 2012-11-07 04:46:19 +01:00
de4dot
814c3d3944 Fix method decrypter 2012-11-07 04:45:36 +01:00
de4dot
b6537dc188 Fix lookup<T> method sigs 2012-11-07 04:45:05 +01:00
de4dot
6efb96740d Update code since EntryPoint was renamed ManagedEntryPoint 2012-11-07 02:02:38 +01:00
de4dot
427ea38595 Port MPRESS unpacker 2012-11-07 01:52:15 +01:00
de4dot
d98d4b10bb Add code to restore dumped methods 2012-11-07 01:15:52 +01:00