monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,020 Commits 2 Branches 1 Tag 5 MiB
v4.0.0
Commit Graph

1550 Commits

Author SHA1 Message Date
de4dot
eb002895e1 Don't throw if we can't find all method args in the same block 2011-10-28 01:28:08 +02:00
de4dot
09178a6e95 Update methods decrypter and string decrypter 2011-10-27 22:25:44 +02:00
de4dot
39dbf5d9b2 Ignore call if we can't get all args 2011-10-27 22:22:52 +02:00
de4dot
9c83c22469 Add .NET header and a method to more safely write to a .NET PE image 2011-10-27 22:21:45 +02:00
de4dot
5357b4f73c Update code to handle 4.1 obfuscated assemblies 2011-10-27 02:08:30 +02:00
de4dot
93d4ac1c9d Update type name 2011-10-27 02:07:33 +02:00
de4dot
41356b2d30 Check for methods with no body 2011-10-27 02:07:06 +02:00
de4dot
ceca5718ba Remove encrypted resources and call to methods decrypter 2011-10-26 23:00:01 +02:00
de4dot
dfb73f222f Add options to disable decryption of methods and bools 2011-10-26 22:24:31 +02:00
de4dot
63ab61fb12 Deobfuscate cflow again if a bool was decrypted 2011-10-26 22:16:51 +02:00
de4dot
bd7a6763a6 Return number of method calls that were replaced 2011-10-26 22:06:48 +02:00
de4dot
28b73d36ed It's a flags enum so should use unique bits 2011-10-26 22:00:32 +02:00
de4dot
db7edc2a72 Add BoolValueInliner class 2011-10-26 21:05:35 +02:00
de4dot
59863bf8b4 Refactor string decrypter to generic return value inliner class 2011-10-26 20:41:50 +02:00
de4dot
e4f2af221a Add BooleanDecrypter class 2011-10-26 20:23:45 +02:00
de4dot
f37a46a02b Decrypt strings 2011-10-26 19:49:25 +02:00
de4dot
03a8372319 Add readInt32() and readBytes() methods 2011-10-26 19:41:23 +02:00
de4dot
6bde8b8b20 Decrypt some DNR 4.0 non-native obfuscated assemblies 2011-10-26 14:40:55 +02:00
de4dot
1fbe902ed1 Always call detect(), and support reloading decrypted files 2011-10-26 14:32:50 +02:00
de4dot
3f7b1237b4 Don't call GetDirectoryName() if name is "" (loaded from byte[]) 2011-10-26 14:32:10 +02:00
de4dot
4f315fd65a Add reload() method when the file has been decrypted 2011-10-26 14:30:47 +02:00
de4dot
1eaa245618 Should ignore .cctor methods since .ctor is never static 2011-10-26 14:29:57 +02:00
de4dot
bfa0fa14c0 Add decrypt methods to IDeobfuscator. Change some method sigs. 2011-10-26 14:29:12 +02:00
de4dot
794b9dfd77 Add PE image reader/writer code 2011-10-26 14:20:38 +02:00
de4dot
685c5ba79c Add code to detect methods decrypter method 2011-10-25 08:27:36 +02:00
de4dot
6bb6f0930d Remember to create DNR's info class 2011-10-24 19:51:04 +02:00
de4dot
cb5589ee28 Add skeleton DNR file 2011-10-24 19:44:49 +02:00
de4dot
129da2e7f9 Set version 1.1.3 2011-10-24 15:48:19 +02:00
de4dot
46309f2f78 New version: 1.1.2 2011-10-23 22:09:27 +02:00
de4dot
4f02f84d84 Fix problem when resources aren't encrypted or compressed 2011-10-23 22:03:38 +02:00
de4dot
779d1a8a31 Update version to 1.1.1 2011-10-23 20:13:25 +02:00
de4dot
bf00ccca2b Some minor updates 2011-10-23 17:23:33 +02:00
de4dot
f776148574 Add proxy delegate fixer 2011-10-23 13:43:32 +02:00
de4dot
32bb14fa5a Decrypt encrypted SL resources 2011-10-23 09:19:50 +02:00
de4dot
9ad15e63e4 Remove string decrypter type and allow static + dynamic decryption 2011-10-23 09:07:47 +02:00
de4dot
78397f9c4f Remove types CO adds to each assembly 2011-10-23 09:03:00 +02:00
de4dot
a1e6f555ef Update method call remover code 2011-10-23 08:41:33 +02:00
de4dot
c0a8eb1bbd Print name of encrypted strings resource 2011-10-22 18:20:49 +02:00
de4dot
4490c976b3 Find anti-debugger and tamper detection code 2011-10-22 18:13:13 +02:00
de4dot
1a78c2dc8c Remove encrypted resources from output file 2011-10-22 17:29:49 +02:00
de4dot
adc2c277fd Strings and resources are decrypted 2011-10-22 17:13:28 +02:00
de4dot
65dacdf7cd Initialize assemblyInfos in case there's no embedded assemblies 2011-10-22 14:55:43 +02:00
de4dot
50a9421657 Assembly resolver doesn't need resource decrypter 2011-10-22 14:53:24 +02:00
de4dot
3f1b9152bd Add CO deobfuscator. Can decrypt embedded assemblies. 2011-10-22 14:31:38 +02:00
de4dot
99bd79e418 Change to version 1.1.0 2011-10-21 22:27:26 +02:00
de4dot
88f7a31ff1 Print number of removed instructions 2011-10-21 21:35:35 +02:00
de4dot
2ff8a0ea7a Remove old cflow deobfuscator code 2011-10-21 20:35:13 +02:00
de4dot
9d132bfeaf Change --no-control-flow-deob => --no-cflow-deob 2011-10-21 10:38:27 +02:00
de4dot
b1340bc84f Merge branch 'master' into newcode 2011-10-21 10:33:00 +02:00
de4dot
8c924617c3 Update CIL output when -vv is used 2011-10-21 10:32:43 +02:00
de4dot
d76afbf8a1 Ignore ArgumentOutOfRangeException when loading files 2011-10-20 12:28:15 +02:00
de4dot
f79b12d4f3 Make sure blocks are laid out in a verifiable order 2011-10-20 02:58:30 +02:00
de4dot
c8500b4f33 Remove unused local variables 2011-10-20 02:38:44 +02:00
de4dot
7fe71a963a Add inline bool method hack for DNR 2011-10-19 01:53:42 +02:00
de4dot
80acf1d59f Add switch cflow deobfuscator 2011-10-18 23:31:50 +02:00
de4dot
05065d6ac7 Start work on new cflow deobfuscator 2011-10-17 00:22:22 +02:00
de4dot
4c43807de7 Detect SA 1.x-5.1 assemblies 2011-10-13 12:22:17 +02:00
de4dot
01da4a979f Also make sure type.Name is empty 2011-10-12 23:30:57 +02:00
de4dot
58ff833d5c Detect SA 4.x, 5.0, 5.1 2011-10-12 23:16:03 +02:00
de4dot
b3463a3859 Remove automated error reporting code from SA 4.x assemblies 2011-10-12 22:50:19 +02:00
de4dot
9ed55629e6 Print deobfuscated method if -vv 2011-10-12 19:47:51 +02:00
de4dot
38b08dddfd Update DF version attribute parsing 2011-10-10 18:39:42 +02:00
de4dot
08f5b04675 Fix a problem with String.StartsWith() on mono 2011-10-09 13:19:26 +02:00
de4dot
2f5ded924f Get rid of dead code 2011-10-09 12:01:51 +02:00
de4dot
9ade539ecd Update version to 1.0.3 2011-10-08 20:03:10 +02:00
de4dot
5fbda45d6d Add earlyDetect() method to IDeobfuscator 2011-10-08 19:33:12 +02:00
de4dot
d305faae09 Detect another obfuscator 2011-10-08 18:43:22 +02:00
de4dot
5eb824693e Don't throw if invalid visibility 2011-10-08 18:42:09 +02:00
de4dot
c94fea2bfc Remove assembly if --one-file option is used 2011-10-08 15:01:51 +02:00
de4dot
ae9f59c918 Less memory are used when loading files one at a time 2011-10-08 13:33:48 +02:00
de4dot
3719e9a375 AssemblyResolver can now remove old unused assemblies 2011-10-08 13:28:39 +02:00
de4dot
d3fa227f1e Update -ru option text 2011-10-08 12:30:35 +02:00
de4dot
bea3a737d2 Don't rename resource if old name was empty string 2011-10-08 12:17:01 +02:00
de4dot
d69b1b465c Fix SA string decryption problem 2011-10-07 17:32:03 +02:00
de4dot
56da16086b Make sure user tries latest version... 2011-10-07 17:31:27 +02:00
de4dot
8ec3da7080 Update detection and some strings 2011-10-07 17:30:41 +02:00
de4dot
4cca5190da Detect another new obfuscator 2011-10-07 08:45:40 +02:00
de4dot
fa3a6457de Detects a few more obfuscators 2011-10-06 10:33:13 +02:00
de4dot
1c721b017e Detect some unsupported obfuscators 2011-10-05 17:22:56 +02:00
de4dot
d2b621b5b3 Netmodules are better supported now 2011-10-05 08:20:32 +02:00
de4dot
43085bc808 Fix serialization problem when calling exit() 2011-10-03 10:04:33 +02:00
de4dot
062ecaaef2 Ignore emtpy strings when renaming resources in code 2011-09-29 19:00:34 +02:00
de4dot
b71eb587db Make sure field/method ref has a declaring type before resolving it 2011-09-29 10:51:21 +02:00
de4dot
18756f90bf Updated log text 2011-09-29 10:50:10 +02:00
de4dot
004f25d818 Set version to 1.0.2 2011-09-29 01:29:02 +02:00
de4dot
65e0ef359a Enabled reading and loading of files from the network 2011-09-28 23:54:38 +02:00
de4dot
ee60bf14f2 Added 'default' string decrypter type 
Eazfuscator.NET deobfuscator defaults to 'emulate' and the others to
'static'.
 2011-09-28 16:06:10 +02:00
de4dot
500cdcaf1b Not ignoring all PE file load exceptions, but added null ref exception 2011-09-28 02:00:29 +02:00
de4dot
157a125894 Catch all exceptions and print warning if load fails 2011-09-28 01:44:32 +02:00
de4dot
37be012a11 Set Console.OutputEncoding to UTF-8 only if current encoding is single byte 2011-09-28 01:27:46 +02:00
de4dot
2094990a93 Added --one-file option to deobfuscate only one file at a time 2011-09-28 01:19:19 +02:00
de4dot
6fec29daab Func should take a MethodDefinition as first arg 2011-09-28 00:57:17 +02:00
de4dot
eeb12adf87 Removed 'in' and 'out' from delegates 2011-09-27 23:42:06 +02:00
de4dot
cd0e5c0169 Updated resource renaming of code strings 2011-09-27 23:29:38 +02:00
de4dot
c257f16787 Methodsrewriter is now working 2011-09-27 22:06:43 +02:00
de4dot
695dd81b43 Merged master 2011-09-27 02:05:46 +02:00
de4dot
bfca8a351f Updated version number 2011-09-24 18:56:13 +02:00
de4dot
5dd6567fc9 Bug fix. Some methods have a body but 0 instrs 2011-09-24 18:48:15 +02:00
de4dot
9945b8b47c Moved code to blocks assembly 2011-09-24 10:26:29 +02:00
de4dot
865ed5a47a Initial commit 2011-09-22 04:55:30 +02:00