c019e21743
Check if cctor exists before using it
2019-05-03 01:17:30 +01:00
8725afae01
Add support for normal mode string decryption
2017-09-26 01:54:47 +01:00
5ec36c863c
Add support for normal predicate control flow;
...
Add detection weight to ConfusedBy attribute
2017-09-26 01:54:42 +01:00
7adf818194
Implement ConfuserEx generic constants and resource decryption; misc improvements
...
Move BeaEngine.dll to /bin/
Make sure BeaEngine.dll is loaded when the working directory is different
Disable file deobfuscation exception handler
Don't remove LZMA methods by default
Trim version read from ConfuserAttribute
Minor refactoring
2017-08-20 16:25:25 +03:00
4be6156d9b
Move ConfuserEx warning messages to display during the correct deobfuscation stage
2017-08-19 17:44:30 +03:00
d6a18082af
Ensure BeaEngine.dll is present and misc changes
...
Copy BeaEngine.dll on build and check if it exists in runtime
Disable more exception handlers to help detect swallowed exceptions
Misc refactoring
2017-08-19 17:40:14 +03:00
3e4170deb6
ConfuserEx deobfuscator code clean-up and refactor
2017-08-08 13:27:21 +03:00
e0a2e805d4
ConfuserEx deobfuscator updates and misc changes
...
ConfuserEx changes:
* Implement Proxy Call Fixer
* Refactor Control Flow Fixer
Disable main exception handler to let de4dot throw on error
2017-07-25 17:37:41 +03:00
23477ccb5f
Implemented ConfuserEx deobfuscator
...
x86 cflow and x86 constant decryption
Backport of LINQ (LinqBridge)
Shift left/right emulation fixes in de4dot core
Block class extended to hold additional information
2017-02-13 11:14:22 +02:00
126758fa6f
Fix compiler errors (on mono) ( #123 )
2017-01-05 13:46:04 +01:00
be964e1637
Fix for .NETReactor versions(4.7+).
2016-03-19 20:13:02 +01:00
bbe3d325fb
Fix for old .NETReactor versions.
2016-03-19 18:26:07 +01:00
38cfc6507a
Update EncryptedResource.cs
2016-03-19 16:26:05 +01:00
f6a107c9bf
Support dotNETReactor v5.0.0.0
2016-03-19 16:16:22 +01:00
236b1768f4
Fix for the last .NETReactor.
2016-02-16 23:47:14 +01:00
958ad86ceb
Fix merge
2016-02-11 20:50:54 +01:00
71eddd4689
Merge pull request #119 from XODE0/master
...
Add resource name decryption for Crypto.
2016-02-11 20:43:35 +01:00
6bfb3bc4a7
Add resource name decryption
...
.
Update Crypto StringDecrypter and move DecryptResourceName from ConstantsDecrypter to CoUtils.
Follow de4dot coding style.
Tabify the last commits.
2016-02-11 20:28:00 +01:00
17c23f9ad7
Use default shift constants when Eazfuscator.NET < 5.0
2016-02-06 17:38:14 +02:00
d7c7c7ce85
Fix Indentation
2016-01-24 00:47:09 +02:00
2581da1c26
Make it compatible with 5.0 again
...
Version detection may be flawed since it checks if the string decryptor
method uses cgt.un instead of ceq for flags because the changes in 5.1
are subtle.
2016-01-24 00:45:37 +02:00
84e0aa0b77
Fix the calculation of magic
...
It seems that Eazfuscator.NET sometimes calculates the magic with
different constants so I had to get them programmatically
2016-01-23 22:55:29 +02:00
63607a6678
Fix string decryption for Eazfuscator.NET 5.1
...
v5.1 changes a few instructions in , other than it's almost the same
2016-01-23 17:09:01 +02:00
4c684bb67e
Update copyright years
2015-10-29 22:45:26 +01:00
02d6de8f39
Fix old Confuser deobfuscator code
2015-10-29 22:36:17 +01:00
eefa799e0d
Fix merge. Code used a much older dnlib version
2015-10-29 21:36:57 +01:00
7cde561e6b
Merge branch 'confuser'
2015-10-29 21:36:34 +01:00
436fe05756
Fix some older merges
2015-10-29 21:36:27 +01:00
21318d2161
Merge pull request #111 from angelsl/master
...
CryptoObfuscator: Detect if decrypter should skip before reading flag or vice versa
2015-08-29 12:24:29 +02:00
133814073c
Actually use index of the not opcode
...
Signed-off-by: angelsl <hidingfromhidden@gmail.com>
2015-08-28 00:01:40 +08:00
ff708f8116
Renamed file with proper capitalization (as referenced in project file)
2015-08-22 16:25:30 -05:00
ffeb7c9472
Detect if decrypter should skip before reading flag or vice versa
...
Seems like some versions of CryptoObfuscator skip the bytes before reading the
actual flag instead of the behaviour expected by de4dot currently.
Signed-off-by: angelsl <hidingfromhidden@gmail.com>
2015-08-21 15:57:44 +08:00
94596d6fb7
Added support for Eazfuscator.NET 5.0
2015-08-04 17:52:02 -05:00
828a1ab398
Move most of MemberRefFinder to dnlib
2015-07-19 23:47:45 +02:00
9e2a9016d2
Move .NET resources read/writer code to dnlib
2015-07-08 08:02:34 +02:00
0f1768b13f
fixed the last bracket problems
2015-05-17 13:40:27 +02:00
a3e0445f0a
make de4dot.code interface fully public
2015-05-17 13:29:48 +02:00
0952a5e22d
Fixed a problem when one of the parent directories contains a dot.
2015-04-26 09:52:57 +02:00
01179242a7
DotNetFile prop was removed from dnlib, update code
2014-05-23 16:19:25 +02:00
a7d9b67b28
Merge branch 'master' into confuser
2014-05-10 09:20:54 +02:00
282cabed87
Some updates because of new dnlib version
...
- Use a GenericParamContext when resolving tokens
- IDecrypter.GetMethodBody() method signature got updated
- ICustomAttributeType now implements IMethod so we don't need to cast it
- MemberRefFinder now scans all SecurityAttributes and MarshalType for types
2014-05-10 09:00:43 +02:00
b60accb953
Don't email me when new versions come out
2014-05-09 16:00:17 +02:00
954f0af743
Support latest CryptoObfuscator
2014-05-09 15:59:50 +02:00
9b2ed7acca
Support new .NET Reactor resource encryption
2014-04-22 18:04:50 +02:00
6278ef1d4b
Update DNR resource resolver detector
2014-04-18 19:02:42 +02:00
16c5153b00
Fix detection of CO SL resource type
2014-04-16 19:16:17 +02:00
82896a018f
Prevent merge if it's 'this'
2014-04-16 19:15:11 +02:00
c3eacf9000
Prevent stack overflow in Check()
2014-04-16 19:11:04 +02:00
cac5549cd4
New version: 3.1.41592
2014-04-14 19:08:33 +02:00
3f3bd90688
Support some more MaxtoCode runtimes
2014-04-14 18:27:36 +02:00
ViR Dash
PoroCYon
XODE0
XODE0
de4dot
PythEch
angelsl
saneki
Mr. eXoDia
Sandor Nemes