monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,020 Commits 2 Branches 1 Tag 5 MiB
v4.0.0
Commit Graph

1202 Commits

Author SHA1 Message Date
de4dot
3c4ec53cd5 Add RIP comment 2012-08-09 23:06:12 +02:00
de4dot
030b35696b Update printing of version number 
- Don't print + after revision if it's the latest revision
- Don't print + after version if it's the latest version
 2012-08-09 18:27:31 +02:00
de4dot
95b6041788 Use the correct file extension when saving the main module 2012-08-09 14:14:15 +02:00
de4dot
291040abfe Detect and print Confuser version 2012-08-09 12:05:16 +02:00
de4dot
d92ff23740 Detect Confuser 1.3 r55604 safe string encrypter 2012-08-09 11:34:27 +02:00
de4dot
72c22d7566 Add missing init call and rename methods 2012-08-09 01:20:58 +02:00
de4dot
752b28dc4c Add space 2012-08-08 22:29:44 +02:00
de4dot
4993fd8700 Fix bug 2012-08-08 21:36:58 +02:00
de4dot
0ae0e17bb1 Support Confuser 1.9 r76119 anti debugger 2012-08-08 21:32:15 +02:00
de4dot
4be2145cb6 Support Confuser 1.9 r76101 proxy methods 2012-08-08 21:22:00 +02:00
de4dot
81e879e494 Update version numbers 2012-08-08 18:34:59 +02:00
de4dot
95cca2aded Update version numbers 2012-08-08 18:34:37 +02:00
de4dot
4ca36a4250 Update version numbers 2012-08-08 18:34:24 +02:00
de4dot
5e2572a201 Update version numbers 2012-08-08 18:04:57 +02:00
de4dot
876c13c08a Rename proxy method class 2012-08-08 17:40:24 +02:00
de4dot
a2798908b0 Merge other proxy method class with the V10 one 2012-08-08 17:38:38 +02:00
de4dot
94acbc7131 Detect Confuser 1.8 r75367 compressor 2012-08-08 14:44:01 +02:00
de4dot
edac6b1a91 Use the original module name, if available 2012-08-08 14:41:16 +02:00
de4dot
06d00f0588 Add comment 2012-08-08 14:32:41 +02:00
de4dot
536062ae39 Update detection of compressor modulus 2012-08-08 14:31:13 +02:00
de4dot
09e20597f8 Support Confuser 1.8 r75367 constants encrypter 2012-08-08 14:30:46 +02:00
de4dot
21deab4ee7 Support Confuser 1.8 r75367 resource encrypter 2012-08-08 12:14:54 +02:00
de4dot
efb828ac90 Rename class 2012-08-08 01:33:26 +02:00
de4dot
31832a15bb Add RIP comment 2012-08-08 01:29:43 +02:00
de4dot
81ef7215ce Set default key size 2012-08-08 01:19:29 +02:00
de4dot
d37643217f Support Confuser 1.7 r75257 constants encrypter 2012-08-07 21:57:14 +02:00
de4dot
1bd7632b2c Detect Confuser 1.7 r75184 compressor 2012-08-07 19:52:53 +02:00
de4dot
ade379c20b Support Confuser 1.7 r75076 compressor (lzma) 2012-08-07 19:47:09 +02:00
de4dot
774e2e1880 Support Confuser 1.7 r75056 constants encrypter 2012-08-07 17:51:43 +02:00
de4dot
860dd5a0f5 Detect Confuser 1.7 r74816 constants encrypter 2012-08-07 17:28:53 +02:00
de4dot
64b48ec315 Support Confuser 1.7 r74788 constants encrypter 2012-08-07 15:26:16 +02:00
de4dot
6baa3f0e2f Support Confuser 1.7 r74708 constants encrypter 2012-08-07 14:40:51 +02:00
de4dot
9db99626f2 Refactor 2012-08-05 20:25:43 +02:00
de4dot
ab57733ae4 Detect Confuser 1.7 r74708 proxy method handlers 2012-08-05 12:46:59 +02:00
de4dot
923fb1f9ca Call the correct ctor 2012-08-05 04:42:59 +02:00
de4dot
926d53885e Support Confuser 1.7 r74021 JIT methods encrypter 2012-08-05 02:38:23 +02:00
de4dot
f65715cac8 Add some comments 2012-08-05 02:37:31 +02:00
de4dot
a3dbf5273d Support Confuser 1.7 r73822 constants encrypter 2012-08-05 02:07:43 +02:00
de4dot
9ba6594278 Rename variable 2012-08-05 02:06:19 +02:00
de4dot
48ea288574 Support Confuser 1.7 r73822 resource encrypter 2012-08-05 01:57:36 +02:00
de4dot
5ded502104 Remove invalid asm ref added by Confuser 1.7 r73764 2012-08-04 11:21:52 +02:00
de4dot
13d0cff55b Support Confuser 1.7 r73764 constants encrypter 2012-08-04 11:01:24 +02:00
de4dot
bc1a3e5ece Support Confuser 1.7 r73740 proxy methods 2012-08-04 09:26:13 +02:00
de4dot
ed3b6607da Support Confuser 1.7 r73740 constants encrypter (dynamic mode) 2012-08-04 09:20:42 +02:00
de4dot
cc1eeccaf9 Support Confuser 1.7 r73740 native methods 2012-08-04 09:16:06 +02:00
de4dot
2a68e3d27c Add a comment 2012-08-03 23:49:18 +02:00
de4dot
82dd08b348 Support Confuser 1.7 r73479 methods encrypter 2012-08-03 23:30:31 +02:00
de4dot
00d27a89f6 Support Confuser 1.7 r73477 compressor 2012-08-03 22:55:11 +02:00
de4dot
2c33d80ccc Support netmodules 2012-08-03 20:24:14 +02:00
de4dot
1646786bc5 Fix bug in reading code + extra sections 2012-08-03 19:36:40 +02:00
de4dot
c913b6929a Support Confuser 1.7 r73477 methods encrypter 2012-08-03 00:28:28 +02:00
de4dot
642b59667c Move key init code to a new method 2012-08-02 22:08:29 +02:00
de4dot
b333cc32da Rename arg 2012-08-02 21:57:47 +02:00
de4dot
4800755e47 Merge branch 'master' into confuser 2012-08-02 19:53:36 +02:00
de4dot
b455ae8dab Fix arg name 2012-08-02 19:53:30 +02:00
de4dot
c4608df16f Support Confuser 1.7 r73404 compressor 2012-08-02 19:53:15 +02:00
de4dot
343ed177bb Support Confuser 1.7 r73404 constants encrypter 2012-08-02 19:14:35 +02:00
de4dot
7a77421c0e Move method 2012-08-02 19:13:42 +02:00
de4dot
13420b80eb Support Confuser 1.7 r73404 resource encrypter 2012-08-02 18:26:01 +02:00
de4dot
b5ef7a7b12 Rename proxy class to ...V10 2012-08-02 17:23:16 +02:00
de4dot
1f4ec139db Support Confuser 1.7 r73404 methods encrypter 2012-08-02 17:01:14 +02:00
de4dot
e1758ddbb0 Support Confuser 1.6 r71742 methods decrypter 2012-08-02 11:12:20 +02:00
de4dot
8473253aa6 Support Confuser 1.5 r60785 compressor 2012-08-02 08:40:52 +02:00
de4dot
3d28201159 Add support for Confuser 1.5 r60785 constants encrypter (dynamic mode) 2012-08-02 08:11:21 +02:00
de4dot
1f9514e168 Move const reader and decrypt method 2012-08-02 08:08:50 +02:00
de4dot
1d5b341ed6 Return if invalid index 2012-08-02 08:07:26 +02:00
de4dot
6e262eb621 Add support for Confuser 1.5 r60785 constants encrypter (normal mode) 2012-08-01 22:38:57 +02:00
de4dot
d888ffd8e5 Merge branch 'master' into confuser 2012-08-01 22:20:47 +02:00
de4dot
e496cea7da Add an option to remove a present unbox.any instr 2012-08-01 22:20:35 +02:00
de4dot
b45060d35a Add RIP comment 2012-08-01 18:10:15 +02:00
de4dot
7f3399a9c4 Remove unreachable code 2012-08-01 18:09:58 +02:00
de4dot
4a3104963c Fix cast 2012-08-01 18:09:24 +02:00
de4dot
d3c75288e7 Support Confuser 1.5a r59014 methods decrypter 2012-08-01 15:00:47 +02:00
de4dot
11ff8a55b1 Support Confuser 1.4 r58857 proxy methods 2012-08-01 14:24:45 +02:00
de4dot
910472ad04 Support Confuser 1.4 r58852 compressor 2012-08-01 14:05:29 +02:00
de4dot
99f0f8f480 Don't return main asm if it hasn't been unpacked 2012-08-01 13:48:41 +02:00
de4dot
4a6c6fee68 Update method name 2012-08-01 13:37:43 +02:00
de4dot
60cc3c7909 Update detection of key 2012-08-01 13:36:12 +02:00
de4dot
7e19539a61 Add code to handle an obfuscator bug 2012-08-01 13:03:36 +02:00
de4dot
b60eca8ae2 Add an option to only dump the main embedded asm 2012-08-01 12:37:26 +02:00
de4dot
002da4602a Support Confuser 1.4 r58802 compressor and dump embedded asms 2012-08-01 11:41:31 +02:00
de4dot
8477e79b88 Move code to ConfuserUtils 2012-08-01 11:40:15 +02:00
de4dot
7b3cb1e007 Support Confuser 1.4 r58802 method proxies 2012-08-01 10:01:26 +02:00
de4dot
6953760ffc Change Confuser type from cn to cr 
'cr' is what the author of Confuser uses.
 2012-08-01 09:18:06 +02:00
de4dot
17db2d332e Support Confuser 1.4 r58802 string decrypter 2012-08-01 09:13:47 +02:00
de4dot
c2d56bd8d1 Fix compatibility with later v1.9 decrypter 2012-08-01 09:11:25 +02:00
de4dot
c652d49353 Remove Confuser 1.4 r58564 anti dumping type 2012-07-31 20:05:52 +02:00
de4dot
3e49c0bfa5 Support Confuser 1.4 r58564 compressor 2012-07-31 19:56:10 +02:00
de4dot
d99133658c Support Confuser 1.4 r58564 proxy methods 2012-07-31 19:12:35 +02:00
de4dot
2a96ec9958 Support Confuser 1.4 r58564 methods encrypter 2012-07-31 17:17:16 +02:00
de4dot
17495e986f Support Confuser 1.4 r58004 methods encrypter 2012-07-31 15:03:18 +02:00
de4dot
433a0d2b0a Check for encrypted methods in moduleReloaded() 2012-07-31 14:25:40 +02:00
de4dot
a4be159b44 Support Confuser 1.4 r57884 methods encrypter 2012-07-31 14:24:49 +02:00
de4dot
9db8fc86a7 Merge branch 'master' into confuser 2012-07-31 12:51:33 +02:00
de4dot
9cbbea2c01 Use a better resource key 2012-07-31 12:50:55 +02:00
de4dot
c005ab2998 Check for div by zero 2012-07-31 12:43:23 +02:00
de4dot
ab04a72990 Update version number 2012-07-31 12:42:41 +02:00
de4dot
995e836fd8 Remove Confuser 1.3 r57588 anti debug method 2012-07-31 10:52:25 +02:00
de4dot
bb9e4cbf26 Remove resources with an invalid RVA 2012-07-31 10:41:20 +02:00
de4dot
4b2da13972 Decrypt encrypted strings resource before initializing string decrypter 2012-07-31 10:09:45 +02:00
de4dot
f370824a46 Make sure we only decrypt resources once 2012-07-31 10:08:46 +02:00
de4dot
b517755607 Support Confuser 1.3 r55802 resource encrypter 2012-07-31 10:00:46 +02:00
de4dot
a2038f348e Support Confuser 1.3 r42915 "safe" string decrypter 2012-07-31 09:14:06 +02:00
de4dot
be9c95a759 Support Confuser 1.3 r55346's latest proxy methods code 2012-07-31 07:30:21 +02:00
de4dot
1f2de674f7 Support an updated Confuser proxy methods code 2012-07-31 07:15:38 +02:00
de4dot
4c5f955953 Merge branch 'master' into confuser 2012-07-31 07:13:25 +02:00
de4dot
dace82cca9 Add find2() method for derived classes 2012-07-31 07:13:07 +02:00
de4dot
4f4af7a44a Support newer Confuser 1.0 and 1.1 string decrypters 2012-07-31 05:47:49 +02:00
de4dot
afb205aeea Update detection of compressor 2012-07-31 04:44:45 +02:00
de4dot
83706f40a8 Update proxy fixer v1 2012-07-31 04:44:30 +02:00
de4dot
ed9849313a Merge branch 'master' into confuser 2012-07-31 04:41:09 +02:00
de4dot
329efd9a0f Add code to let a derived class to push new values 2012-07-31 04:40:45 +02:00
de4dot
87a8052cbe Declaring type is null if it's already been removed 2012-07-31 04:40:06 +02:00
de4dot
1683c3ac1b Update constants folder to support r8 values 2012-07-31 01:16:50 +02:00
de4dot
312a2fe063 Merge branch 'master' into confuser 2012-07-31 01:15:52 +02:00
de4dot
06b7374276 Add support for reading r8 values. Also rename some methods 2012-07-31 01:14:38 +02:00
de4dot
e657db9c8c Support methods proxy in Confuser 1.0 r48717 2012-07-30 18:00:00 +02:00
de4dot
4a6713b728 Update detection of proxy fixer 2012-07-30 17:57:24 +02:00
de4dot
2e99bac40c Unpack compressed Confuser assemblies 2012-07-30 14:11:04 +02:00
de4dot
7321e51a78 Decrypt Confuser 1.0 encrypted strings 2012-07-30 10:28:11 +02:00
de4dot
833a4bdd42 Merge branch 'master' into confuser 2012-07-30 09:19:25 +02:00
de4dot
85ce802131 Add Confuser 1.0 proxy call fixer 2012-07-30 09:19:17 +02:00
de4dot
83b805adc3 Move methods 2012-07-30 09:17:22 +02:00
de4dot
1e7be5c619 Make method static 2012-07-30 09:13:51 +02:00
de4dot
b33c2834df Don't deobfuscate cflow unless the method sig is void name() 2012-07-30 09:13:17 +02:00
de4dot
fb47689f58 Decrypt Confuser encrypted methods (memory) 2012-07-29 20:04:35 +02:00
de4dot
0eaa1466fb Move common code to a base class 2012-07-29 20:02:12 +02:00
de4dot
5b026a0d05 Add null check 2012-07-29 14:26:57 +02:00
de4dot
e225a342ae Support type=dynamic const decryption 2012-07-29 14:23:27 +02:00
de4dot
5d1aefec16 Merge branch 'master' into confuser 2012-07-29 14:21:45 +02:00
de4dot
de8090df61 Add setConstant methods 2012-07-29 14:21:13 +02:00
de4dot
f20b2e648b Fix detection when numeric const encryption is enabled 2012-07-29 13:24:50 +02:00
de4dot
892116ad63 Add ConstantsInliner class 2012-07-29 13:22:36 +02:00
de4dot
7c4994f624 Merge branch 'master' into confuser 2012-07-29 13:21:03 +02:00
de4dot
c3c1ab64d8 Add setDeobfuscator() method 2012-07-29 13:19:12 +02:00
de4dot
2274ceeee4 Support the normal const decrypter 2012-07-29 10:17:05 +02:00
de4dot
24337f2a70 Merge branch 'master' into confuser 2012-07-29 09:49:55 +02:00
de4dot
f07f664553 Don't cast to a possible value type when result can be null 2012-07-29 09:49:00 +02:00
de4dot
ae63a63d20 Remove unecessary code 2012-07-28 21:28:27 +02:00
de4dot
db5c6fcf26 Decrypt Confuser encrypted constants 2012-07-28 04:45:27 +02:00
de4dot
b2ad946425 Merge branch 'master' into confuser 2012-07-28 04:39:30 +02:00
de4dot
cb6a3ac503 Support generic decrypter methods 2012-07-28 04:39:14 +02:00
de4dot
839684685e Assume invalid code so check for null 2012-07-27 21:38:03 +02:00
de4dot
685d2c2ef0 Print a message if MethodData isn't encrypted 2012-07-27 21:35:55 +02:00
de4dot
6a15bfeee7 Decrypt Confuser encrypted resources 2012-07-27 12:49:00 +02:00
de4dot
471628b843 Update exception string 2012-07-27 09:21:03 +02:00
de4dot
16e6a986c7 Remove ConfusedByAttribute type 2012-07-27 08:50:58 +02:00
de4dot
872b4f61a2 Remove anti dumper type 2012-07-27 08:47:37 +02:00
de4dot
4840a117cf Remove anti debugger type 2012-07-27 08:40:21 +02:00
de4dot
38d94819ee Remove method decrypter type and init method call 2012-07-27 08:23:55 +02:00
de4dot
74970e80ff Add Confuser proxy fixer 2012-07-27 08:11:23 +02:00
de4dot
a48a03b9ab Move methods to ConfuserUtils 2012-07-27 08:07:17 +02:00
de4dot
135dcd5a3c Merge branch 'master' into confuser 2012-07-27 08:03:30 +02:00
de4dot
e88479f71d Add OtherMethods prop 2012-07-27 08:03:02 +02:00
de4dot
3abb8de345 getFieldToMethodDictionary() is now a non-virtual method 2012-07-27 07:57:13 +02:00
de4dot
70bd973cdd Decrypt Confuser 1.9 encrypted JIT methods 2012-07-26 20:12:12 +02:00
de4dot
1a1ccb2121 Update code since GetUserString() arg is now a token 2012-07-26 20:07:27 +02:00
de4dot
bbd41a549c Add MD5 and SHA256 sum methods 2012-07-26 16:35:28 +02:00
de4dot
5fc6e1ac75 Add method to get a 64-bit int 2012-07-25 21:06:35 +02:00
de4dot
423c33a9f2 Append 32 to 32-bit methods and fields 2012-07-25 20:48:06 +02:00
de4dot
e2ec6548ed Add more ctors and add EmulateConvInstructions prop 2012-07-25 20:43:22 +02:00
de4dot
a815a70415 Rename arrays 2012-07-24 19:58:00 +02:00
de4dot
880441571e Update class comment 2012-07-24 19:52:34 +02:00
de4dot
c31e6c2c3d Main embedded asm doesn't always have the same asm name as the original asm 2012-07-24 19:05:50 +02:00
de4dot
e1f8793302 Add option to disable decrypting main embedded assembly 2012-07-24 18:52:39 +02:00
de4dot
490ce203b6 Update invalid name regex 2012-07-24 18:13:18 +02:00
de4dot
e54b026ae7 Make the embedded (original) start up assembly the new decrypted assembly 2012-07-24 17:49:04 +02:00
de4dot
4374a08020 getDecryptedModule() can now be called multiple times 2012-07-24 17:02:27 +02:00
de4dot
c8477bdbce Print a warning and use default encoding if the code page doesn't exist 2012-07-23 13:19:04 +02:00
de4dot
8a81e98b3f Fix invalid Mvid 2012-07-23 13:15:32 +02:00
de4dot
6c04a950e7 Remove duplicate resources 2012-07-23 10:22:39 +02:00
de4dot
b03cb46f53 Rename class 2012-07-23 10:08:13 +02:00
de4dot
ebbc8d2ab8 Remove encoding arg 2012-07-23 10:04:40 +02:00
de4dot
74aaf19257 Support the latest CO build 2012-07-22 20:35:33 +02:00
de4dot
2320c458cf Check for null (invalid method ref in call instr) 2012-07-21 23:13:34 +02:00
de4dot
762e043236 Merge branch 'co' into new_code 
Conflicts:
	de4dot.code/de4dot.code.csproj
	de4dot.code/deobfuscators/CryptoObfuscator/Deobfuscator.cs
 2012-07-21 12:14:04 +02:00
de4dot
940aa20534 Merge branch 'master' into new_code 
Conflicts:
	de4dot.code/de4dot.code.csproj
 2012-07-21 11:24:32 +02:00
de4dot
fd9d4a40cc Support another MC runtime 2012-07-21 11:13:59 +02:00
de4dot
e05bfc9c8a Decrypt strings 2012-07-20 21:54:56 +02:00
de4dot
dfafc4a94b Remove useless method 2012-07-20 18:32:49 +02:00
de4dot
9b48632354 Refactor 2012-07-20 18:15:40 +02:00
de4dot
8b82f8b47d Support the latest MC versions 2012-07-20 14:49:47 +02:00
de4dot
1eaa9f8c51 Add verify methods 2012-07-20 14:48:19 +02:00
de4dot
d9b3a81ba9 Add little endian encrypt/decrypt methods 2012-07-20 14:47:55 +02:00
de4dot
9b71da3633 Remove call to InitializeArray 2012-07-18 14:39:27 +02:00
de4dot
d0712b46aa Update detection of resource resolver class 2012-07-16 20:00:37 +02:00
de4dot
6766c10969 Split array state into a new class 2012-07-16 19:59:50 +02:00
de4dot
ca65972c64 Add a force option to deobfuscate() method 2012-07-16 18:02:32 +02:00
de4dot
2aa3c8aaea Add constants decrypter 2012-07-11 08:05:06 +02:00
de4dot
8f2f2f46ce Support latest CO build 2012-07-11 02:15:33 +02:00
de4dot
9f8cac4dac Fix #56 2012-07-08 08:14:36 +02:00
de4dot
598529a039 Support calli instruction 2012-07-08 04:18:26 +02:00
de4dot
16d5a31640 Create a SentinelType 2012-07-08 03:50:50 +02:00
de4dot
1581ec959d Merge branch 'master' into new_code 2012-07-07 19:35:54 +02:00
de4dot
1867a06e84 Continue if same method 2012-07-07 09:09:55 +02:00
de4dot
ad6c6401b9 Support VS2008 2012-07-07 07:16:55 +02:00
de4dot
e440270a63 Fix proxy calls 2012-07-07 01:59:03 +02:00
de4dot
0a5764a093 Change method to take a ref to a type 2012-07-07 00:58:18 +02:00
de4dot
02c89550cb Update the counter 2012-07-05 23:19:37 +02:00
de4dot
d5c8f6842a Update log string 2012-07-02 21:49:59 +02:00
de4dot
8a34b6e015 Make method static 2012-07-02 21:49:45 +02:00
de4dot
b9e88972ae Support latest CO build 2012-07-02 14:26:00 +02:00
de4dot
23697e2c00 Support ILP 1.0.5 2012-07-01 16:23:51 +02:00
de4dot
4c5fa3e809 Remove ILP detection 2012-06-27 15:19:09 +02:00
de4dot
4236514691 Merge branch 'ilp' into new_code 2012-06-27 15:15:55 +02:00
de4dot
a2baf1fdea Merge branch 'master' into new_code 2012-06-27 15:15:03 +02:00
de4dot
4dce00b35a Merge branch 'rummage' into new_code 
Conflicts:
	de4dot.cui/Program.cs
 2012-06-27 15:14:40 +02:00
de4dot
12797ecb03 Support latest CO build 2012-06-27 10:45:45 +02:00
de4dot
cd0a193bdf Support latest AN build 2012-06-27 10:27:16 +02:00
de4dot
d1259460e3 Update detection of decrypter constants. Fixes #59 2012-06-25 01:14:26 +02:00
de4dot
fa594c6213 Add better BL support 2012-06-12 11:15:19 +02:00
de4dot
4a29eae1c8 Add more inflate() overloads 2012-06-11 21:20:14 +02:00
de4dot
b964996388 Support Babel.NET 5.5 2012-06-06 21:16:32 +02:00
de4dot
a8bf74ca78 Support Rummage 2012-06-06 11:40:48 +02:00
de4dot
6d675fea54 Add XTEA decrypter 2012-06-06 11:39:48 +02:00
de4dot
3264bfc5cd Support latest CO build 2012-06-04 09:51:07 +02:00
de4dot
5567c9a06a Warn if strings resource couldn't be found 2012-06-04 06:34:32 +02:00
de4dot
3582b773ca Support ILP 2012-06-04 05:02:46 +02:00
de4dot
27a91f5942 Change parameters type from [] to IList 2012-06-04 03:55:25 +02:00
de4dot
286462db4b Move file 2012-06-03 19:08:46 +02:00
de4dot
b844dbc428 Detect ILP 2012-06-02 20:56:36 +02:00
de4dot
bff92e02e7 Remove unused method 2012-06-02 17:32:05 +02:00
de4dot
ec8139f640 Refactor code and support latest AN build 2012-06-02 07:26:21 +02:00
de4dot
a25f4f4640 Remove proxy methods type and make sure all proxy methods are inlined 2012-06-02 03:33:21 +02:00
de4dot
3c99e8d0d6 Update valid name regex 2012-06-01 12:53:03 +02:00
de4dot
6696c26496 Assembly resolver init method is sometimes only called from Main() 2012-06-01 12:40:16 +02:00
de4dot
d091564d85 Fix ToString(). Should separate generic args with commas 2012-06-01 12:05:01 +02:00
de4dot
cd2851baf4 Add an option to disable dumping embedded assemblies 2012-06-01 12:01:45 +02:00
de4dot
58b62ff914 Decrypt main assembly and embedded assemblies 2012-06-01 11:53:54 +02:00
de4dot
96f9f4154d Decrypt CF encrypted strings 2012-05-29 20:20:11 +02:00
de4dot
9b591c68d3 Fix CF proxy calls 2012-05-29 19:14:41 +02:00
de4dot
512c650e11 Add another proxy call fixer class 2012-05-29 19:13:43 +02:00
de4dot
24d1c5182b Update comment 2012-05-29 19:07:01 +02:00
de4dot
58adda95b6 getAllBlocks() now returns a List instead of an IList 2012-05-29 19:06:41 +02:00
de4dot
7b3dcf8e05 Refactor proxy call fixer classes 2012-05-29 11:13:39 +02:00
de4dot
1b569a0d24 Support MPRESS 2012-05-28 18:00:29 +02:00
de4dot
3e6a259e8f Add 50 more points if methods decrypter is detected 2012-05-27 07:43:26 +02:00
de4dot
c441a60372 Print CW version number 2012-05-27 07:00:13 +02:00
de4dot
eebb090827 Support old CW 2.x 2012-05-27 02:31:53 +02:00
de4dot
06a30473da Decrypt strings encrypted with older CW version 2012-05-26 20:20:11 +02:00
de4dot
adaf41c769 Decrypt embedded assemblies 2012-05-26 17:41:08 +02:00
de4dot
3a96ae391a Move common resolver handler detector code to DeobUtils 2012-05-26 17:33:26 +02:00
de4dot
dbd7affaa8 Update valid name regex 2012-05-26 14:40:51 +02:00
de4dot
f1c8549066 Decrypt CW encrypted strings 2012-05-26 14:38:08 +02:00
de4dot
20452fe964 Decrypt CW encrypted methods 2012-05-26 05:26:00 +02:00
de4dot
c48b2d92c2 Support AN 6.0.0.5 (new build, same version) 2012-05-19 08:59:13 +02:00
de4dot
c3cdf95fcf Support AN 6.0.0.5 2012-05-15 19:05:47 +02:00
de4dot
654ebf652e Merge branch 'ds' 2012-05-12 21:40:01 +02:00
de4dot
bec6725aa7 Rename option 2012-05-12 21:39:49 +02:00
de4dot
40898cf238 Decrypt embedded assemblies (SL) 2012-05-11 19:38:31 +02:00
de4dot
ce3622f6e8 Use the correct variable 2012-05-11 18:18:19 +02:00
de4dot
94ee4064ed Remove namespace prefix 2012-05-11 18:17:51 +02:00
de4dot
cd014f1d72 Update fields restorer 2012-05-10 20:20:29 +02:00
de4dot
0b47ccf070 Remove cflow obfuscation arrays 2012-05-10 18:38:27 +02:00
de4dot
ae7e32ae5b Remove decrypt method and other init method 2012-05-10 13:39:14 +02:00
de4dot
c5f8aaeb1a Dump 4.1 embedded assemblies 2012-05-09 22:24:39 +02:00
de4dot
ee32b84283 Move code to DsUtils 2012-05-09 22:20:17 +02:00
de4dot
9b9e692947 Move version specific data to their own class 2012-05-09 19:10:20 +02:00
de4dot
dadc064b55 Decrypt V4.1 resources 2012-05-09 19:00:21 +02:00
de4dot
1aaa5df9ce Support trial string encrypter 2012-05-09 17:30:35 +02:00
de4dot
e5a64a4402 Remove more XC attributes 2012-05-06 13:07:34 +02:00
de4dot
b27e1b36af Add option to disable cast deobfuscation 2012-05-03 16:51:36 +02:00
de4dot
ea205dcae8 Add option to disable renaming resource keys 2012-05-03 16:48:03 +02:00
de4dot
955c1f10bd Rename resource keys 2012-05-03 16:47:34 +02:00
de4dot
83725200c1 Add isValidResourceKeyName() 2012-05-03 14:53:01 +02:00
de4dot
83dc4226c1 Make sure string decrypter methods aren't detected as inlined methods 2012-05-03 09:51:26 +02:00
de4dot
fb9e217dac Add a cast deobfuscator 2012-05-03 08:01:35 +02:00
de4dot
c61161be1d Ignore method attributes 2012-05-02 18:43:57 +02:00
de4dot
597fcb0210 Cflow deob methods 2012-05-02 13:51:07 +02:00
de4dot
e8049c6a05 Inline some obfuscated methods 2012-05-02 10:48:44 +02:00
de4dot
db14e73369 Make sure index is correct, and add method to read arg constants 2012-05-02 10:47:21 +02:00
de4dot
b15b581c46 Deobfuscate string decrypter cctor 2012-04-30 21:47:23 +02:00
de4dot
2594317b18 Use other sb ctor 2012-04-30 12:49:43 +02:00
de4dot
1805e352c4 Disable using unknown args by default 2012-04-30 12:18:47 +02:00
de4dot
f307520e62 Decrypt DS 4.1 strings 2012-04-30 08:33:05 +02:00
de4dot
e29a8ea692 Update cflow deobfuscator 2012-04-30 01:29:05 +02:00
de4dot
6b18d70e77 Move common code to another class 2012-04-30 01:26:34 +02:00
de4dot
83b14da5c8 Refactor: create common cflow deob iface 2012-04-29 23:51:04 +02:00
de4dot
920f079855 Set initlocals and add an option to disable it 2012-04-29 06:16:53 +02:00
de4dot
eb17298625 Move the field 2012-04-29 04:35:58 +02:00
de4dot
48b9c461f5 Restore calls to CodeDomProvider and ICodeCompiler 2012-04-29 04:03:10 +02:00
de4dot
9333e2415c Rename class 2012-04-29 00:56:17 +02:00
de4dot
e548436ede Restore calls to Icon/Bitmap .ctor 2012-04-29 00:51:09 +02:00
de4dot
b92b23df4a Rename class and make it more general 2012-04-29 00:11:28 +02:00
de4dot
f9c78f8a8b Decrypt CS 1.x encrypted methods 2012-04-28 08:50:37 +02:00
de4dot
03e2e621ea Update detection of resource resolver type 2012-04-26 20:50:06 +02:00
de4dot
9754b01ba9 Merge branch 'master' into cs 2012-04-26 19:33:28 +02:00
de4dot
7a0804e035 Remove module references to the CS RT files 2012-04-26 17:14:54 +02:00
de4dot
7e5e7ddcd2 Find old string decrypter method 2012-04-26 16:53:52 +02:00
de4dot
67c866491d Show the correct obfuscator name 2012-04-26 16:33:55 +02:00
de4dot
6f830b8329 Remove all obfuscator attributes 2012-04-26 16:23:07 +02:00
de4dot
aa6e7c0fc2 Add addAttributesToBeRemoved() 2012-04-26 16:08:39 +02:00
de4dot
960f934c67 Update detection of CS type 2012-04-26 14:46:22 +02:00
de4dot
e10dce2d95 Check for 32-bit or 64-bit method 2012-04-26 02:31:31 +02:00
de4dot
5b97faf2dd Detect CS type when strings are encrypted, but methods aren't 2012-04-26 01:56:59 +02:00
de4dot
ab60692c2f Return the correct return value 2012-04-26 01:48:59 +02:00
de4dot
d84d2e6a6c Update CS detector and support an old string decrypter 2012-04-26 01:42:10 +02:00
de4dot
bff017a317 Throw InvalidMethodBody if IOException 2012-04-25 18:06:27 +02:00
de4dot
903db59827 Restore CS 3.0 "encrypted" methods 2012-04-25 13:49:22 +02:00
de4dot
4e89d707dc Move code to DeobUtils 2012-04-25 13:21:53 +02:00
de4dot
8a45abfd3d Stop earlier 2012-04-25 11:09:30 +02:00
de4dot
adea5b3ef6 Support latest MC build 2012-04-24 23:02:36 +02:00
de4dot
3a9422f798 Remove useless displs 2012-04-24 22:30:17 +02:00
de4dot
2b4fc0a836 Merge branch 'master' into cs 2012-04-24 11:39:31 +02:00
de4dot
eebb831c4b Update CSVM opcode handler detection code 2012-04-24 11:33:17 +02:00
de4dot
586be53fef Fix method names 2012-04-23 19:37:05 +02:00
de4dot
7a399e7913 Rename class and update comments 2012-04-23 15:02:15 +02:00
de4dot
ea7a533027 Make fields read only 2012-04-23 15:00:42 +02:00
de4dot
b28dd6277a Fix method names 2012-04-23 14:47:05 +02:00
de4dot
0a0b491072 Copy foundSig field 2012-04-23 14:40:56 +02:00
de4dot
dba8d8ebef Use a using statement to make sure the file is closed when we return 2012-04-23 14:25:12 +02:00
de4dot
4f34e5c374 Restore .NET data directory so it can be deobfuscated 2012-04-23 02:04:34 +02:00
de4dot
790dc9f445 codeOffs should not be file offset 2012-04-22 21:26:57 +02:00
de4dot
c9fa7caf91 Decrypt CS 5.0 encrypted methods 2012-04-22 21:19:57 +02:00
de4dot
d3f1a2fd8e Decrypt CS 4.5 encrypted methods 2012-04-22 20:35:01 +02:00
de4dot
fbba6a2aa8 Decrypt methods (CS RT is embedded inside the assembly) 2012-04-22 16:18:41 +02:00
de4dot
c9f63a5866 Restore CS 4.0 "encrypted" methods 2012-04-22 15:36:26 +02:00
de4dot
59e2e51882 Throw if invalid method body 2012-04-22 14:13:48 +02:00
de4dot
1a79ffde92 Move code to a new class 2012-04-22 13:43:43 +02:00
de4dot
0d41f9e41e Remove useless field 2012-04-21 23:10:06 +02:00
de4dot
46152761ee Input could be null 2012-04-17 14:13:40 +02:00
de4dot
941929cf7a Support latest CO build 2012-04-15 23:42:11 +02:00
de4dot
0df7b918ea Refactor 2012-04-13 05:03:52 +02:00
de4dot
a459bc107c Make sure <Module>::.cctor() only calls <CliSecureRT>::Initialize() 2012-04-13 05:03:51 +02:00
de4dot
043730e599 Ignore invalid method indexes 2012-04-11 03:11:01 +02:00
de4dot
3a8e1499f2 Use dynamic decryption if static decryption fails 2012-04-11 03:09:59 +02:00
de4dot
588373f5ff Add code to decrypt methods using the new dynamic methods decrypter 2012-04-10 21:28:22 +02:00
de4dot
1e33610ce8 Support latest MC build 2012-04-10 19:06:03 +02:00
de4dot
b97dacbc54 Merge branch 'cs' 2012-04-10 16:32:40 +02:00
de4dot
c756d543c1 Rename PE namespace 2012-04-10 16:32:15 +02:00
de4dot
553337adb7 Support EF 3.3.149 2012-04-10 03:52:18 +02:00
de4dot
2d583316cf Use the constant 2012-04-08 11:36:24 +02:00
de4dot
634e9ec023 Reverse return value 2012-04-07 06:47:19 +02:00
de4dot
11f992b0f2 Support some more instrs 2012-04-06 22:07:52 +02:00
de4dot
52d6f73f5e Add a newline 2012-04-06 16:36:07 +02:00
de4dot
1f74aeb1cf Rename variable 2012-04-06 16:25:25 +02:00
de4dot
33e2177059 Restore constrained. prefix 2012-04-06 16:08:35 +02:00
de4dot
1935e58dbf Support ldloca and ldarga 2012-04-06 16:08:09 +02:00
de4dot
5511ab833b Update ldelema type, and add unbox.any and ldobj 2012-04-06 15:38:44 +02:00
de4dot
2949862614 Print warning if we failed to restore an instr op 2012-04-06 12:33:39 +02:00
de4dot
c39e421010 Fix locals 2012-04-06 12:25:15 +02:00
de4dot
86190ede1f Print devirtualized methods 2012-04-06 11:05:06 +02:00
de4dot
237732e98e Refactor 2012-04-05 20:45:16 +02:00
de4dot
da0878d765 Restore types that are generic parameters 2012-04-05 19:38:05 +02:00
de4dot
a38fe57ec1 Add CSVM devirtualizer 2012-04-05 19:15:10 +02:00
de4dot
0adbb3e70a Move code to a new class 2012-04-05 18:05:27 +02:00
de4dot
1ead27107b Don't add to list if null 2012-04-05 17:06:27 +02:00
de4dot
9cfe8431f6 Add shared deobfuscator data/methods 2012-04-04 21:06:10 +02:00
de4dot
7c8259905b Update CO code. Fixes #39 2012-03-31 13:53:33 +02:00
de4dot
ec775b9ef5 Support another SK string encrypter 2012-03-27 15:33:57 +02:00
de4dot
065927f702 Use the property 2012-03-27 15:23:27 +02:00
de4dot
d1e499454e Rename locals and fix problem with huge strings 2012-03-27 02:27:26 +02:00
de4dot
6e188aa7e0 Decrypt MC encrypted strings 2012-03-26 22:07:01 +02:00
de4dot
e76321aaad Remove unused method 2012-03-26 20:12:07 +02:00
de4dot
716098d33a Change locals to instance variables 2012-03-26 19:34:09 +02:00
de4dot
e62d4f910a Update detection of MC type 2012-03-24 19:35:38 +01:00
de4dot
efd317489d Support latest EF 3.3.143 2012-03-23 10:13:59 +01:00
de4dot
8ca040f0da Use callsMethod() 2012-03-21 03:49:28 +01:00
de4dot
ad5a759cd9 Remove useless cases 2012-03-21 03:19:26 +01:00
de4dot
1e9b20e432 Support EF obfuscated CF assemblies 2012-03-18 22:59:34 +01:00
de4dot
4b81854ea5 Restore resource names ending in ".g.resources" 2012-03-17 22:12:51 +01:00
de4dot
6f01d48593 Change getCalledMethods() return type 2012-03-17 20:36:41 +01:00
de4dot
0b858c47ed Support DS obfuscated SL assemblies 2012-03-17 15:02:48 +01:00
de4dot
37450a1515 Support old DS 3.0.3.41 - 3.0.4.44 2012-03-17 14:11:37 +01:00
de4dot
48c7d40fb6 Inline method 2012-03-17 11:19:03 +01:00
de4dot
a3b052d15c Should be "continue" 2012-03-17 11:18:52 +01:00
de4dot
9ecc5a313f Support EF obfuscated SL assemblies 2012-03-16 23:22:24 +01:00
de4dot
d9aec67fcb Rename 2012-03-16 22:39:50 +01:00
de4dot
ce9add13cb Support CO obfuscated SL/CF assemblies 2012-03-15 22:36:23 +01:00
de4dot
0537a2edce Use getModuleTypeCctor() 2012-03-15 09:38:52 +01:00
de4dot
67cb85e7ce Update detection of obfuscator types 2012-03-15 09:15:12 +01:00
de4dot
e4fe749559 Use hasInteger() method 2012-03-15 02:19:35 +01:00
de4dot
27f382a017 Support a (new?) version of CryptoObfuscator. Fixes #33 2012-03-14 22:28:20 +01:00
de4dot
a405edf0fd Support latest DeepSea version (4.0.4.32) 2012-03-13 20:37:33 +01:00
de4dot
ada90b1294 Add another CO detection check 2012-03-13 20:27:41 +01:00
de4dot
e949d8c926 Add support for latest EF 3.3.136 2012-03-13 09:26:40 +01:00
de4dot
7e1bf542af Support a new EF 3.3 version that was released 1-2 days ago 2012-03-11 15:59:25 +01:00
de4dot
7d4c791575 Update detection of SA v2 string decrypter 2012-03-10 05:32:50 +01:00
de4dot
fafa60c4c9 Update expressions 2012-03-10 05:31:07 +01:00
de4dot
4e997910e4 Update detection of string decrypter type 2012-03-08 19:21:54 +01:00
de4dot
51fe58c4cd Merge branch 'new_code' 2012-03-08 18:03:25 +01:00
de4dot
4a7b4f4111 Update name regex 2012-03-08 16:15:19 +01:00
de4dot
b4525ed58d Support EF 3.3 2012-03-06 10:43:06 +01:00
de4dot
48d6a3b6fc Merge branch 'mc' 2012-03-01 22:10:36 +01:00
de4dot
86987518d6 Method should not be public 2012-02-29 11:41:07 +01:00
de4dot
9bf30e165c Rename classes 2012-02-29 11:41:06 +01:00
de4dot
9791e63e51 Engrish 2012-02-29 11:41:05 +01:00
de4dot
8740ba8419 Rename variable 2012-02-29 11:41:04 +01:00
de4dot
167368f488 Attributes are worth less 2012-02-29 00:13:57 +01:00
de4dot
b27635f493 Remove sealed flag from interfaces 2012-02-28 23:57:48 +01:00
de4dot
e6d0c4a043 Move version detection to a new class 2012-02-28 22:30:22 +01:00
de4dot
77228ecfca Update name regex 2012-02-28 22:24:08 +01:00
de4dot
68b4315e95 Update detection of the type and remove another type 2012-02-28 20:49:03 +01:00
de4dot
269b695245 Update detection of that type 2012-02-28 20:44:05 +01:00
de4dot
c970e1f6ca Support v3.0 - 3.1 2012-02-28 19:42:19 +01:00
de4dot
acb53f535b Throw if init fails 2012-02-28 18:18:13 +01:00
de4dot
f37e5a12d0 Restore calls to Assembly::GetManifestResourceXXX methods 2012-02-28 18:17:33 +01:00
de4dot
d740a3f5f6 Move GetManifestResourceStream code to a new class 2012-02-28 18:14:41 +01:00
de4dot
e72fb7220a Decrypt embedded assemblies and resources 2012-02-27 23:43:45 +01:00
de4dot
9bab65640c Refactor 2012-02-27 12:55:37 +01:00