de4dot
|
9db99626f2
|
Refactor
|
2012-08-05 20:25:43 +02:00 |
|
de4dot
|
ab57733ae4
|
Detect Confuser 1.7 r74708 proxy method handlers
|
2012-08-05 12:46:59 +02:00 |
|
de4dot
|
923fb1f9ca
|
Call the correct ctor
|
2012-08-05 04:42:59 +02:00 |
|
de4dot
|
926d53885e
|
Support Confuser 1.7 r74021 JIT methods encrypter
|
2012-08-05 02:38:23 +02:00 |
|
de4dot
|
f65715cac8
|
Add some comments
|
2012-08-05 02:37:31 +02:00 |
|
de4dot
|
a3dbf5273d
|
Support Confuser 1.7 r73822 constants encrypter
|
2012-08-05 02:07:43 +02:00 |
|
de4dot
|
9ba6594278
|
Rename variable
|
2012-08-05 02:06:19 +02:00 |
|
de4dot
|
48ea288574
|
Support Confuser 1.7 r73822 resource encrypter
|
2012-08-05 01:57:36 +02:00 |
|
de4dot
|
5ded502104
|
Remove invalid asm ref added by Confuser 1.7 r73764
|
2012-08-04 11:21:52 +02:00 |
|
de4dot
|
13d0cff55b
|
Support Confuser 1.7 r73764 constants encrypter
|
2012-08-04 11:01:24 +02:00 |
|
de4dot
|
bc1a3e5ece
|
Support Confuser 1.7 r73740 proxy methods
|
2012-08-04 09:26:13 +02:00 |
|
de4dot
|
ed3b6607da
|
Support Confuser 1.7 r73740 constants encrypter (dynamic mode)
|
2012-08-04 09:20:42 +02:00 |
|
de4dot
|
cc1eeccaf9
|
Support Confuser 1.7 r73740 native methods
|
2012-08-04 09:16:06 +02:00 |
|
de4dot
|
2a68e3d27c
|
Add a comment
|
2012-08-03 23:49:18 +02:00 |
|
de4dot
|
82dd08b348
|
Support Confuser 1.7 r73479 methods encrypter
|
2012-08-03 23:30:31 +02:00 |
|
de4dot
|
00d27a89f6
|
Support Confuser 1.7 r73477 compressor
|
2012-08-03 22:55:11 +02:00 |
|
de4dot
|
2c33d80ccc
|
Support netmodules
|
2012-08-03 20:24:14 +02:00 |
|
de4dot
|
1646786bc5
|
Fix bug in reading code + extra sections
|
2012-08-03 19:36:40 +02:00 |
|
de4dot
|
c913b6929a
|
Support Confuser 1.7 r73477 methods encrypter
|
2012-08-03 00:28:28 +02:00 |
|
de4dot
|
642b59667c
|
Move key init code to a new method
|
2012-08-02 22:08:29 +02:00 |
|
de4dot
|
b333cc32da
|
Rename arg
|
2012-08-02 21:57:47 +02:00 |
|
de4dot
|
c4608df16f
|
Support Confuser 1.7 r73404 compressor
|
2012-08-02 19:53:15 +02:00 |
|
de4dot
|
343ed177bb
|
Support Confuser 1.7 r73404 constants encrypter
|
2012-08-02 19:14:35 +02:00 |
|
de4dot
|
7a77421c0e
|
Move method
|
2012-08-02 19:13:42 +02:00 |
|
de4dot
|
13420b80eb
|
Support Confuser 1.7 r73404 resource encrypter
|
2012-08-02 18:26:01 +02:00 |
|
de4dot
|
b5ef7a7b12
|
Rename proxy class to ...V10
|
2012-08-02 17:23:16 +02:00 |
|
de4dot
|
1f4ec139db
|
Support Confuser 1.7 r73404 methods encrypter
|
2012-08-02 17:01:14 +02:00 |
|
de4dot
|
e1758ddbb0
|
Support Confuser 1.6 r71742 methods decrypter
|
2012-08-02 11:12:20 +02:00 |
|
de4dot
|
8473253aa6
|
Support Confuser 1.5 r60785 compressor
|
2012-08-02 08:40:52 +02:00 |
|
de4dot
|
3d28201159
|
Add support for Confuser 1.5 r60785 constants encrypter (dynamic mode)
|
2012-08-02 08:11:21 +02:00 |
|
de4dot
|
1f9514e168
|
Move const reader and decrypt method
|
2012-08-02 08:08:50 +02:00 |
|
de4dot
|
1d5b341ed6
|
Return if invalid index
|
2012-08-02 08:07:26 +02:00 |
|
de4dot
|
6e262eb621
|
Add support for Confuser 1.5 r60785 constants encrypter (normal mode)
|
2012-08-01 22:38:57 +02:00 |
|
de4dot
|
b45060d35a
|
Add RIP comment
|
2012-08-01 18:10:15 +02:00 |
|
de4dot
|
7f3399a9c4
|
Remove unreachable code
|
2012-08-01 18:09:58 +02:00 |
|
de4dot
|
4a3104963c
|
Fix cast
|
2012-08-01 18:09:24 +02:00 |
|
de4dot
|
d3c75288e7
|
Support Confuser 1.5a r59014 methods decrypter
|
2012-08-01 15:00:47 +02:00 |
|
de4dot
|
11ff8a55b1
|
Support Confuser 1.4 r58857 proxy methods
|
2012-08-01 14:24:45 +02:00 |
|
de4dot
|
910472ad04
|
Support Confuser 1.4 r58852 compressor
|
2012-08-01 14:05:29 +02:00 |
|
de4dot
|
99f0f8f480
|
Don't return main asm if it hasn't been unpacked
|
2012-08-01 13:48:41 +02:00 |
|
de4dot
|
4a6c6fee68
|
Update method name
|
2012-08-01 13:37:43 +02:00 |
|
de4dot
|
60cc3c7909
|
Update detection of key
|
2012-08-01 13:36:12 +02:00 |
|
de4dot
|
7e19539a61
|
Add code to handle an obfuscator bug
|
2012-08-01 13:03:36 +02:00 |
|
de4dot
|
b60eca8ae2
|
Add an option to only dump the main embedded asm
|
2012-08-01 12:37:26 +02:00 |
|
de4dot
|
002da4602a
|
Support Confuser 1.4 r58802 compressor and dump embedded asms
|
2012-08-01 11:41:31 +02:00 |
|
de4dot
|
8477e79b88
|
Move code to ConfuserUtils
|
2012-08-01 11:40:15 +02:00 |
|
de4dot
|
7b3cb1e007
|
Support Confuser 1.4 r58802 method proxies
|
2012-08-01 10:01:26 +02:00 |
|
de4dot
|
6953760ffc
|
Change Confuser type from cn to cr
'cr' is what the author of Confuser uses.
|
2012-08-01 09:18:06 +02:00 |
|
de4dot
|
17db2d332e
|
Support Confuser 1.4 r58802 string decrypter
|
2012-08-01 09:13:47 +02:00 |
|
de4dot
|
c2d56bd8d1
|
Fix compatibility with later v1.9 decrypter
|
2012-08-01 09:11:25 +02:00 |
|
de4dot
|
c652d49353
|
Remove Confuser 1.4 r58564 anti dumping type
|
2012-07-31 20:05:52 +02:00 |
|
de4dot
|
3e49c0bfa5
|
Support Confuser 1.4 r58564 compressor
|
2012-07-31 19:56:10 +02:00 |
|
de4dot
|
d99133658c
|
Support Confuser 1.4 r58564 proxy methods
|
2012-07-31 19:12:35 +02:00 |
|
de4dot
|
2a96ec9958
|
Support Confuser 1.4 r58564 methods encrypter
|
2012-07-31 17:17:16 +02:00 |
|
de4dot
|
17495e986f
|
Support Confuser 1.4 r58004 methods encrypter
|
2012-07-31 15:03:18 +02:00 |
|
de4dot
|
433a0d2b0a
|
Check for encrypted methods in moduleReloaded()
|
2012-07-31 14:25:40 +02:00 |
|
de4dot
|
a4be159b44
|
Support Confuser 1.4 r57884 methods encrypter
|
2012-07-31 14:24:49 +02:00 |
|
de4dot
|
ab04a72990
|
Update version number
|
2012-07-31 12:42:41 +02:00 |
|
de4dot
|
995e836fd8
|
Remove Confuser 1.3 r57588 anti debug method
|
2012-07-31 10:52:25 +02:00 |
|
de4dot
|
bb9e4cbf26
|
Remove resources with an invalid RVA
|
2012-07-31 10:41:20 +02:00 |
|
de4dot
|
4b2da13972
|
Decrypt encrypted strings resource before initializing string decrypter
|
2012-07-31 10:09:45 +02:00 |
|
de4dot
|
f370824a46
|
Make sure we only decrypt resources once
|
2012-07-31 10:08:46 +02:00 |
|
de4dot
|
b517755607
|
Support Confuser 1.3 r55802 resource encrypter
|
2012-07-31 10:00:46 +02:00 |
|
de4dot
|
a2038f348e
|
Support Confuser 1.3 r42915 "safe" string decrypter
|
2012-07-31 09:14:06 +02:00 |
|
de4dot
|
be9c95a759
|
Support Confuser 1.3 r55346's latest proxy methods code
|
2012-07-31 07:30:21 +02:00 |
|
de4dot
|
1f2de674f7
|
Support an updated Confuser proxy methods code
|
2012-07-31 07:15:38 +02:00 |
|
de4dot
|
4f4af7a44a
|
Support newer Confuser 1.0 and 1.1 string decrypters
|
2012-07-31 05:47:49 +02:00 |
|
de4dot
|
afb205aeea
|
Update detection of compressor
|
2012-07-31 04:44:45 +02:00 |
|
de4dot
|
83706f40a8
|
Update proxy fixer v1
|
2012-07-31 04:44:30 +02:00 |
|
de4dot
|
1683c3ac1b
|
Update constants folder to support r8 values
|
2012-07-31 01:16:50 +02:00 |
|
de4dot
|
e657db9c8c
|
Support methods proxy in Confuser 1.0 r48717
|
2012-07-30 18:00:00 +02:00 |
|
de4dot
|
4a6713b728
|
Update detection of proxy fixer
|
2012-07-30 17:57:24 +02:00 |
|
de4dot
|
2e99bac40c
|
Unpack compressed Confuser assemblies
|
2012-07-30 14:11:04 +02:00 |
|
de4dot
|
7321e51a78
|
Decrypt Confuser 1.0 encrypted strings
|
2012-07-30 10:28:11 +02:00 |
|
de4dot
|
85ce802131
|
Add Confuser 1.0 proxy call fixer
|
2012-07-30 09:19:17 +02:00 |
|
de4dot
|
1e7be5c619
|
Make method static
|
2012-07-30 09:13:51 +02:00 |
|
de4dot
|
b33c2834df
|
Don't deobfuscate cflow unless the method sig is void name()
|
2012-07-30 09:13:17 +02:00 |
|
de4dot
|
fb47689f58
|
Decrypt Confuser encrypted methods (memory)
|
2012-07-29 20:04:35 +02:00 |
|
de4dot
|
0eaa1466fb
|
Move common code to a base class
|
2012-07-29 20:02:12 +02:00 |
|
de4dot
|
5b026a0d05
|
Add null check
|
2012-07-29 14:26:57 +02:00 |
|
de4dot
|
e225a342ae
|
Support type=dynamic const decryption
|
2012-07-29 14:23:27 +02:00 |
|
de4dot
|
f20b2e648b
|
Fix detection when numeric const encryption is enabled
|
2012-07-29 13:24:50 +02:00 |
|
de4dot
|
892116ad63
|
Add ConstantsInliner class
|
2012-07-29 13:22:36 +02:00 |
|
de4dot
|
2274ceeee4
|
Support the normal const decrypter
|
2012-07-29 10:17:05 +02:00 |
|
de4dot
|
ae63a63d20
|
Remove unecessary code
|
2012-07-28 21:28:27 +02:00 |
|
de4dot
|
db5c6fcf26
|
Decrypt Confuser encrypted constants
|
2012-07-28 04:45:27 +02:00 |
|
de4dot
|
839684685e
|
Assume invalid code so check for null
|
2012-07-27 21:38:03 +02:00 |
|
de4dot
|
685d2c2ef0
|
Print a message if MethodData isn't encrypted
|
2012-07-27 21:35:55 +02:00 |
|
de4dot
|
6a15bfeee7
|
Decrypt Confuser encrypted resources
|
2012-07-27 12:49:00 +02:00 |
|
de4dot
|
471628b843
|
Update exception string
|
2012-07-27 09:21:03 +02:00 |
|
de4dot
|
16e6a986c7
|
Remove ConfusedByAttribute type
|
2012-07-27 08:50:58 +02:00 |
|
de4dot
|
872b4f61a2
|
Remove anti dumper type
|
2012-07-27 08:47:37 +02:00 |
|
de4dot
|
4840a117cf
|
Remove anti debugger type
|
2012-07-27 08:40:21 +02:00 |
|
de4dot
|
38d94819ee
|
Remove method decrypter type and init method call
|
2012-07-27 08:23:55 +02:00 |
|
de4dot
|
74970e80ff
|
Add Confuser proxy fixer
|
2012-07-27 08:11:23 +02:00 |
|
de4dot
|
a48a03b9ab
|
Move methods to ConfuserUtils
|
2012-07-27 08:07:17 +02:00 |
|
de4dot
|
70bd973cdd
|
Decrypt Confuser 1.9 encrypted JIT methods
|
2012-07-26 20:12:12 +02:00 |
|