de4dot
|
c756d543c1
|
Rename PE namespace
|
2012-04-10 16:32:15 +02:00 |
|
de4dot
|
6f01d48593
|
Change getCalledMethods() return type
|
2012-03-17 20:36:41 +01:00 |
|
de4dot
|
0537a2edce
|
Use getModuleTypeCctor()
|
2012-03-15 09:38:52 +01:00 |
|
de4dot
|
e4fe749559
|
Use hasInteger() method
|
2012-03-15 02:19:35 +01:00 |
|
de4dot
|
10ceb12e30
|
Change return type to IEnumerable<int>
|
2012-02-25 06:25:40 +01:00 |
|
de4dot
|
48758be8f0
|
Use a new class instead of the dict
|
2012-02-25 06:14:19 +01:00 |
|
de4dot
|
b3f17a27a3
|
Add SN string decrypter
|
2012-02-02 06:56:14 +01:00 |
|
de4dot
|
7962de961c
|
Add getModuleTypeCctor() method
|
2012-01-22 11:15:14 +01:00 |
|
de4dot
|
ba04092060
|
Call stringDecryptersAdded() after adding string decrypters
|
2012-01-21 22:15:53 +01:00 |
|
de4dot
|
7f5401625e
|
Rename classes
|
2012-01-19 19:16:44 +01:00 |
|
de4dot
|
5f6841e317
|
Add HasHandlers property to base class
|
2012-01-14 12:34:42 +01:00 |
|
de4dot
|
17327902c3
|
Refactor method call inliner code
|
2012-01-11 04:38:02 +01:00 |
|
de4dot
|
0d0a40376d
|
Update copyright years
|
2012-01-09 23:02:47 +01:00 |
|
de4dot
|
fd12b92e4b
|
Update detection due to new cflow deob code
|
2012-01-09 03:19:13 +01:00 |
|
de4dot
|
03a27110e7
|
Rename method to toInt32()
|
2012-01-07 19:14:15 +01:00 |
|
de4dot
|
6e80b5bb94
|
Move bool inliner and create some more useful value inliners
|
2012-01-03 10:38:09 +01:00 |
|
de4dot
|
e79ee9832d
|
Add desDecrypt(). Move deflate() to DeobUtils.
|
2012-01-02 22:35:02 +01:00 |
|
de4dot
|
e744e24a51
|
Use methods dict
|
2011-12-31 16:32:57 +01:00 |
|
de4dot
|
99350b456d
|
Use the methods dict
|
2011-12-31 16:15:38 +01:00 |
|
de4dot
|
6b629f20c7
|
Use aesDecrypt() method
|
2011-12-31 15:12:41 +01:00 |
|
de4dot
|
f468aebda5
|
Dump resources in applications (library mode)
|
2011-12-26 20:32:42 +01:00 |
|
de4dot
|
0a4fb0619b
|
Move to DNR dir
|
2011-12-26 20:28:48 +01:00 |
|
de4dot
|
259ec3455b
|
Rename method
|
2011-12-25 23:10:17 +01:00 |
|
de4dot
|
a0d65b2e86
|
Rename method
|
2011-12-22 23:51:26 +01:00 |
|
de4dot
|
24076419dc
|
Rename method, update code
|
2011-12-22 23:50:33 +01:00 |
|
de4dot
|
63648a9505
|
Update detection of ASN code
|
2011-12-22 19:17:57 +01:00 |
|
de4dot
|
1a1350410a
|
Only call patcher if we need to patch it
|
2011-12-22 19:17:48 +01:00 |
|
de4dot
|
1b32fdd3b6
|
Write warning message if we couldn't unpack it
|
2011-12-22 18:48:24 +01:00 |
|
de4dot
|
c86daacda8
|
Add workaround for DNR patch bug
|
2011-12-22 17:40:21 +01:00 |
|
de4dot
|
222132f43b
|
Remove useless using directive
|
2011-12-22 05:37:29 +01:00 |
|
de4dot
|
7b71a565ec
|
Move method to DotNetUtils
|
2011-12-22 05:37:10 +01:00 |
|
de4dot
|
d24da2f24c
|
Move method to base class
|
2011-12-21 19:21:06 +01:00 |
|
de4dot
|
f87fabd6aa
|
Move DNR v3 and v4 code to a DNR sub dir
|
2011-12-21 18:55:36 +01:00 |
|
de4dot
|
0d92b37536
|
Create DNR3 dir
|
2011-12-20 21:47:45 +01:00 |
|
de4dot
|
dd60af245a
|
Unpack DNR 3.x application mode files
|
2011-12-20 20:16:57 +01:00 |
|
de4dot
|
746997dfe3
|
Add DNR 3.x application mode unpacker
|
2011-12-20 20:16:18 +01:00 |
|
de4dot
|
4a0a3fb2fc
|
Add isCompressed() method
|
2011-12-20 20:13:37 +01:00 |
|
de4dot
|
bc5d829714
|
Also check ldftn opcodes
|
2011-12-19 15:44:23 +01:00 |
|
de4dot
|
d35e92b53c
|
Update field type
|
2011-12-15 16:17:04 +01:00 |
|
de4dot
|
00f7b7feda
|
The real Main() may be called from a DNR-created Main() method
|
2011-12-11 11:08:32 +01:00 |
|
de4dot
|
e7ea01f87d
|
Move console code to new de4dot.cui assembly
|
2011-12-09 09:02:06 +01:00 |
|
de4dot
|
ec896da8ab
|
Unpack .NET 1.x DNR native images
|
2011-12-01 14:16:23 +01:00 |
|
de4dot
|
3311e28a87
|
Don't re-read native file after unpacking it
|
2011-11-30 20:19:50 +01:00 |
|
de4dot
|
68d962fb6e
|
Return null if inflated data isn't an MZ file
|
2011-11-30 19:10:56 +01:00 |
|
de4dot
|
8637ef5e1a
|
Unpack DNR 4.0-4.4 + .NET 2.0+ native files
|
2011-11-30 19:06:25 +01:00 |
|
de4dot
|
fde811d183
|
Move isCode() to DeobUtils
|
2011-11-30 19:04:49 +01:00 |
|
de4dot
|
b7a44b459d
|
Add code to unpack DNR 4.0/4.1 + .NET 2.0+ native files
|
2011-11-30 18:28:48 +01:00 |
|
de4dot
|
a90fd1fa2f
|
Update detection of the empty class
|
2011-11-26 12:34:17 +01:00 |
|
de4dot
|
cec8758ed2
|
Check if there are any refs left to the decrypter type
|
2011-11-26 12:21:18 +01:00 |
|
de4dot
|
df6678626e
|
Print total number of encrypted methods
|
2011-11-26 12:20:04 +01:00 |
|
de4dot
|
0ce27f8a2d
|
Print some info about the encrypted native methods
|
2011-11-25 15:33:13 +01:00 |
|
de4dot
|
51892f62a2
|
Re-encrypt native methods
|
2011-11-25 15:24:12 +01:00 |
|
de4dot
|
07f0376b45
|
Add methods to encrypt resource data, and set new data
|
2011-11-25 15:21:29 +01:00 |
|
de4dot
|
900ec1bf07
|
Add code to dump DNR native methods to a file
|
2011-11-25 15:16:50 +01:00 |
|
de4dot
|
b259991415
|
Some fixes:
- Remove empty class only if methods are inlined
- Don't add .cctor methods to possibly-inlined-methods list
|
2011-11-24 23:58:42 +01:00 |
|
de4dot
|
0516e4540d
|
Remove calls to empty class
|
2011-11-24 10:44:01 +01:00 |
|
de4dot
|
eee2c509be
|
Make sure decrypter type is removed
|
2011-11-24 10:10:39 +01:00 |
|
de4dot
|
17660c225e
|
Update decrypter detection code
|
2011-11-24 10:08:29 +01:00 |
|
de4dot
|
73d1316b2d
|
Add a new random name regex
|
2011-11-24 07:57:31 +01:00 |
|
de4dot
|
3bfb2e7dc7
|
Update DNR detection
|
2011-11-24 07:49:50 +01:00 |
|
de4dot
|
0c4abcc039
|
Update detection of possibly inlined methods
|
2011-11-24 06:48:23 +01:00 |
|
de4dot
|
4a65770c59
|
Check each part of the namespace instead of all of it at once
|
2011-11-23 11:50:34 +01:00 |
|
de4dot
|
397f5f5b5b
|
Update DNR valid-name-check code
|
2011-11-23 05:28:57 +01:00 |
|
de4dot
|
e9e0588cb6
|
Use Utils.StartsWith() since mono's impl is buggy
|
2011-11-17 04:22:12 +01:00 |
|
de4dot
|
c62ca29df5
|
Update code for DNR 4.3+ obfuscated assemblies
|
2011-11-12 16:04:51 +01:00 |
|
de4dot
|
b80024bbc5
|
Find the method in a nested class (DNR 4.3+)
|
2011-11-12 15:22:17 +01:00 |
|
de4dot
|
07826f133e
|
Update names since it's anti strong name code
|
2011-11-12 15:15:47 +01:00 |
|
de4dot
|
7df264d59c
|
Remove tamper detection code
|
2011-11-12 13:31:08 +01:00 |
|
de4dot
|
4b335f9489
|
Add a TypeLong property
|
2011-11-12 11:31:07 +01:00 |
|
de4dot
|
76825d3a9b
|
Encrypted resources aren't always using the public key token
|
2011-11-12 11:19:10 +01:00 |
|
de4dot
|
0318c85a07
|
Convert 'return some_int' native methods to CIL code
|
2011-11-11 20:55:39 +01:00 |
|
de4dot
|
fb4128cbfb
|
Update a few strings
|
2011-11-10 14:48:33 +01:00 |
|
de4dot
|
ff3b1b0ecc
|
Rename random names
|
2011-11-10 00:47:22 +01:00 |
|
de4dot
|
c562c335e8
|
Add option to remove namespace if there's only one class in it
|
2011-11-09 12:08:48 +01:00 |
|
de4dot
|
ca232b521a
|
Update regex
|
2011-11-08 22:11:19 +01:00 |
|
de4dot
|
c6bdd51573
|
Rename --dr-dump-embedded -> --dr-embedded
|
2011-11-08 21:43:57 +01:00 |
|
de4dot
|
22739f5cd9
|
Remove decrypter type (all refs to it should be gone now)
|
2011-11-08 21:27:03 +01:00 |
|
de4dot
|
3bfb100fd5
|
Add resource decrypter
|
2011-11-08 19:32:10 +01:00 |
|
de4dot
|
0f627d728c
|
Use new FieldTypes code
|
2011-11-08 19:27:27 +01:00 |
|
de4dot
|
6d1cca149a
|
Only check static methods
|
2011-11-08 11:36:09 +01:00 |
|
de4dot
|
c381423c48
|
Remove metadata token obfuscator type
|
2011-11-08 10:39:35 +01:00 |
|
de4dot
|
4e8f8a295b
|
Remove assembly resolver type only if we're inlining methods
|
2011-11-08 10:37:39 +01:00 |
|
de4dot
|
8c91b56cb5
|
Save embedded assemblies to disk
|
2011-11-08 10:27:18 +01:00 |
|
de4dot
|
045e6ecf73
|
Use better property names
|
2011-11-06 15:24:30 +01:00 |
|
de4dot
|
d60ab64c25
|
Move code to read module data to DeobUtils.cs
|
2011-11-06 13:46:50 +01:00 |
|
de4dot
|
a0509d2735
|
Use the new lookup() method
|
2011-11-06 12:18:35 +01:00 |
|
de4dot
|
e01e3c4e7f
|
Update valid name regex
|
2011-11-04 11:01:21 +01:00 |
|
de4dot
|
4ce90dbfc0
|
Only print "found native code" warning once
|
2011-11-04 07:37:33 +01:00 |
|
de4dot
|
37f12ba60f
|
Some small updates
|
2011-11-04 07:21:12 +01:00 |
|
de4dot
|
e1715adb48
|
Update default regex
|
2011-11-04 00:35:07 +01:00 |
|
de4dot
|
a2ecd85044
|
Deobfuscator type is now 2 chars
|
2011-11-03 20:03:32 +01:00 |
|
de4dot
|
c177c2ff42
|
Don't print message since the code is now much faster
|
2011-11-02 02:39:53 +01:00 |
|
de4dot
|
6a07ee5b5e
|
It's generic code so move it to common parent dir
|
2011-11-01 18:48:52 +01:00 |
|
de4dot
|
7bdea53134
|
Check op for null and update detection code
|
2011-11-01 18:47:26 +01:00 |
|
de4dot
|
6f4447aa98
|
It's generic code so move it to common parent dir
|
2011-11-01 18:46:59 +01:00 |
|
de4dot
|
c354ded987
|
Add code to restore ldtoken instructions
|
2011-11-01 15:17:26 +01:00 |
|
de4dot
|
5170e62e21
|
Add code to remove inlined methods and option to disable it
|
2011-11-01 14:23:30 +01:00 |
|
de4dot
|
ed625e256d
|
Restore field types and add option to disable it
|
2011-10-31 19:41:38 +01:00 |
|
de4dot
|
6b04c23036
|
Update decrypter and version detecter code
|
2011-10-31 00:09:38 +01:00 |
|
de4dot
|
35005a1a51
|
getStringDecrypterMethods() now adds all string decrypter methods
|
2011-10-30 19:28:13 +01:00 |
|