monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,020 Commits 2 Branches 1 Tag 5 MiB
v4.0.0
Commit Graph

1550 Commits

Author SHA1 Message Date
de4dot
158fb63bba If asm is not SN signed, only use its name, not version, PKT etc 2013-09-26 19:29:02 +02:00
de4dot
d0bee28111 Disable TypeDef cache when removing types etc 2013-09-26 16:36:52 +02:00
de4dot
50ff551898 Use new ModuleDef method to clear TypeDef cache 2013-09-26 16:32:45 +02:00
de4dot
9acec7a033 Make sure decl type exists 2013-09-25 02:17:24 +02:00
de4dot
3d05b408c9 Decrypt arrays 2013-09-25 01:37:53 +02:00
de4dot
b7255bc3b5 Add assembly string separator detection code 2013-09-24 21:44:21 +02:00
de4dot
edcea5f047 Add more Confuser revisions 2013-09-22 18:38:00 +02:00
de4dot
e68b71e8e4 Support Confuser 1.9 r79630 2013-09-22 18:35:58 +02:00
de4dot
9ddad4bb5a Support Confuser 1.9 r78964 2013-09-22 17:04:45 +02:00
de4dot
3447efba31 Support Confuser 1.9 r78963 2013-09-22 16:07:15 +02:00
de4dot
df2c8dc27f Add latest dnlib version and update stuff that got renamed 2013-09-22 14:45:26 +02:00
de4dot
ab4daa56cb Merge branch 'master' into confuser 2013-09-22 14:07:05 +02:00
de4dot
aabe7f0ad4 dnlib renamed a method 2013-09-20 20:26:17 +02:00
de4dot
b80a1a0b7c Rename variables 2013-04-30 12:15:07 +02:00
de4dot
37af3b3d11 Fix method name 2013-04-30 12:00:03 +02:00
de4dot
2cef02aefb Support Confuser 1.9 r78363 2013-02-02 17:03:56 +01:00
de4dot
f02289037c Merge ../de4dot into confuser 2013-01-24 21:15:09 +01:00
de4dot
35c1820afa Support latest MaxtoCode and two older versions 2013-01-24 18:33:14 +01:00
de4dot
c5fe3e99a4 Refactor 
- Add Decompress()
- Add DecryptXor()
- Remove Decrypt_v19_r77172()
 2013-01-20 18:41:58 +01:00
de4dot
afe66e770d Update "reason" string 2013-01-20 18:12:53 +01:00
de4dot
641a0ce8a4 Add more revisions 2013-01-20 18:09:42 +01:00
de4dot
47ce8507db Support Confuser 1.9 r78056 2013-01-20 18:02:19 +01:00
de4dot
3eb7e5be41 Support Confuser 1.9 r77172 2013-01-20 15:59:30 +01:00
de4dot
40083ad33a Use standard .NET naming convention 2013-01-19 13:09:49 +01:00
de4dot
08ca871406 Merge branch 'master' into confuser 2013-01-19 13:04:24 +01:00
de4dot
211d1b67f6 Use standard .NET naming convention 2013-01-19 13:03:57 +01:00
de4dot
9ac79e253e Support the latest CryptoObfuscator build 2013-01-15 01:37:21 +01:00
de4dot
8225f79f3c Use a stable sort 2013-01-13 20:57:15 +01:00
de4dot
ecd53ddfc1 New version: 2.0.3 2013-01-12 17:17:15 +01:00
de4dot
a41795e4d9 Update copyright years 2013-01-12 17:15:14 +01:00
de4dot
0d1440fc92 Merge branch 'master' into confuser 2013-01-12 17:13:33 +01:00
de4dot
88571cbf8b Update CryptoObfuscator deobfuscator 2013-01-10 02:47:53 +01:00
de4dot
05e773018e Update copyright years 2013-01-01 17:03:16 +01:00
de4dot
488f592df3 Update Xenocode deobfuscator 
- Remove a type with thousands of methods
- Fix rename regex
- Fix names of attributes (lowercase c)
- Remove an invalid attribute added to the module
 2012-12-30 12:34:21 +01:00
de4dot
cb929f63dd Don't add a base type if the type is actually System.Object 2012-12-28 12:07:11 +01:00
de4dot
23b79fb067 dot10 was renamed dnlib 2012-12-22 21:08:29 +01:00
de4dot
45d4367e3a Merge branch 'master' into confuser 2012-12-22 21:06:42 +01:00
de4dot
740e206e6d New version: 2.0.2 2012-12-21 17:15:19 +01:00
de4dot
d91f82f0c1 New version: 2.0.1 2012-12-20 19:16:14 +01:00
de4dot
6eeeffe56d New version: 2.0.0 2012-12-20 02:40:09 +01:00
de4dot
e15c74ae3e dnlib submodule was renamed. Update code 2012-12-20 02:06:09 +01:00
de4dot
ba54b607eb Make sure MD header version isn't 1.1 (reset it to 2.0 if so) 2012-12-20 01:45:50 +01:00
de4dot
a7fdbd4206 Support latest MaxtoCode version 2012-12-20 01:34:16 +01:00
de4dot
35849b0f9b Submodule was updated. Fix code 2012-12-19 18:14:47 +01:00
de4dot
9d38345e28 Update error message 2012-12-18 22:56:42 +01:00
de4dot
29725a8262 Detect EF 3.6 2012-12-18 22:55:35 +01:00
de4dot
be2271f932 Add updated submodule 2012-12-16 00:03:56 +01:00
de4dot
d0002f098c Copy license files to a new dir 2012-12-14 19:53:48 +01:00
de4dot
6ce3b44de6 Preserve tokens if VM code couldn't be restored 2012-12-14 16:51:21 +01:00
de4dot
e8a9c0675a Add preserveTokensAndTypes() 2012-12-14 16:50:06 +01:00
de4dot
63f1ec4f93 Update DS string decrypter 2012-12-14 12:40:44 +01:00
de4dot
88d1a8ab89 Inline generic methods that DS added 2012-12-14 12:39:06 +01:00
de4dot
bbb715c93c Update string decrypter 2012-12-14 09:22:36 +01:00
de4dot
bbbdf0b0ff Update array cflow deobfuscator 2012-12-14 09:18:14 +01:00
de4dot
7bcf5b4710 Make sure lastOffset <= fileData.Length (could be a bad dump) 2012-12-13 16:19:34 +01:00
de4dot
bf7c0d58d2 Some fixes 
- Rename offset variables
- Alloc buffer outside the loop
- Read CRC32 checksum outside the loop
- Get rid of a local variable
 2012-12-13 14:03:31 +01:00
de4dot
7e9e691ef3 Support ILProtector 1.0.6.0 - 1.0.6.7 2012-12-13 12:03:25 +01:00
de4dot
1dd572f2ef Add DeobUtils.sha1Sum() 2012-12-13 12:02:52 +01:00
de4dot
cf6af49ae7 Add a CRC32 class 2012-12-13 12:02:41 +01:00
de4dot
3e7d403334 Remove the dynocode declaring types 2012-12-11 12:36:59 +01:00
de4dot
b9d91043fc Support the latest CryptoObfuscator version 2012-12-11 12:02:40 +01:00
de4dot
245d875d5f Support Eazfuscator.NET 3.5 string encrypter 2012-12-11 00:23:16 +01:00
de4dot
d5681d9db4 Emulate instructions instead of finding constants 2012-12-10 21:43:56 +01:00
de4dot
ac7694b237 Add Int64Method property 2012-12-10 21:42:49 +01:00
de4dot
61eff40082 Add props to access the locals / values 2012-12-10 21:42:37 +01:00
de4dot
721cd1578a Update EF version detector 2012-12-10 21:42:14 +01:00
de4dot
dcbcaa098e Work around a bug in EF 2012-12-08 01:12:20 +01:00
de4dot
f5967715f2 Only remove the type if we rename types 2012-12-07 15:07:30 +01:00
de4dot
8e79777cdf Return immediately if there's nothing to do 2012-12-07 15:06:52 +01:00
de4dot
fa4e1fcc6b Add RenamerFlags 2012-12-07 15:06:38 +01:00
de4dot
0ba3a0c1e2 Better support of DNR + .NET 1.x assemblies 2012-12-04 23:58:34 +01:00
de4dot
8e69452edb Support .NET Reactor 4.5 2012-12-04 02:29:41 +01:00
de4dot
faf37a4a47 Use a char[] instead of a StringBuilder since length is known 2012-12-03 01:22:14 +01:00
de4dot
9a4cd237e5 Fix detection of SN string decrypter 2012-12-02 23:24:00 +01:00
de4dot
ca6812bca7 Support latest Rummage 2012-12-02 16:20:25 +01:00
de4dot
8a36c8eea6 Add an option to not rename delegate fields 2012-12-01 04:35:39 +01:00
de4dot
643e155cf8 Add options to preserve rids, heaps 2012-12-01 03:24:12 +01:00
de4dot
dcdbe25a0f Add option to disable creating new ParamDefs when renaming 2012-12-01 02:22:59 +01:00
de4dot
99c7cf8eb5 Load target asm's CLR version when decrypting strings dynamically 2012-12-01 01:40:23 +01:00
de4dot
0bb947aebc Fix Confuser code since main code got updated 2012-11-30 21:05:54 +01:00
de4dot
c3608908c5 Merge branch 'port' into confuser 2012-11-30 21:04:22 +01:00
de4dot
3e62b328d1 Add FileHeader and OptionalHeader props 2012-11-30 21:04:05 +01:00
de4dot
87b20b00f2 Set new locals by calling SetLocals(), not by writing to the field 2012-11-30 03:24:15 +01:00
de4dot
a2cdfdb9e3 Add AssemblyServer projects for CLR v2.0/4.0 x86/x64 2012-11-23 07:12:43 +01:00
de4dot
9263a3df3d Remove all cecil code/comment refs 2012-11-22 09:14:51 +01:00
de4dot
fd129aa3c0 Remove non-referenced method 2012-11-22 05:50:15 +01:00
de4dot
3a519b51d8 This shouldn't be a warning 2012-11-22 05:50:05 +01:00
de4dot
7ce782215e Print 4.x when DNR 4 version is unknown 2012-11-21 14:20:38 +01:00
de4dot
8858205344 IDeobfuscator now implements IDisposable 2012-11-21 13:57:13 +01:00
de4dot
5b43e33a35 Remove old PeImage code and use the new one 2012-11-21 11:14:20 +01:00
de4dot
ced43ca70b Use File.WriteAllBytes() 2012-11-21 11:07:40 +01:00
de4dot
bcb9a2958c Dispose() of the PEImage 2012-11-21 11:07:25 +01:00
de4dot
034910ff57 Remove detection of Confuser in Unknown 2012-11-20 08:59:22 +01:00
de4dot
362d825042 Update code since submodule was updated 2012-11-20 08:02:10 +01:00
de4dot
a09bf43cde Merge branch 'port' into confuser 
Conflicts:
	blocks/DotNetUtils.cs
 2012-11-20 08:00:20 +01:00
de4dot
9577bd2118 Reset resource data position 2012-11-20 07:53:54 +01:00
de4dot
bde935c6d8 Remove invalid resources 2012-11-20 07:25:10 +01:00
de4dot
e8155e7eb0 Update detection of invalid CV methods 2012-11-20 06:45:23 +01:00
de4dot
989e364481 Fix detection of DS string decrypter 2012-11-20 05:35:05 +01:00
de4dot
87a83a2757 Exit if string decrypter wasn't detected 2012-11-20 04:42:19 +01:00
de4dot
48ce6a29b9 Return an SZArraySig, not an ArraySig 2012-11-20 02:18:18 +01:00
de4dot
5c2237b439 Remove useless property 2012-11-20 01:16:02 +01:00
de4dot
4658e911a2 Reset resource data positions 2012-11-20 01:15:27 +01:00
de4dot
d8e73e70e6 Use MetaDataHeader 2012-11-20 01:14:34 +01:00
de4dot
d9bc6ea480 Fix operand restorer 2012-11-20 01:14:05 +01:00
de4dot
969d41c089 Default name is CliSecure 2012-11-20 01:13:36 +01:00
de4dot
5ce21b18a7 Call IAssemblyResolver.Remove() 2012-11-20 01:13:18 +01:00
de4dot
5ad2e18695 Update code since submodule was updated 2012-11-19 17:58:34 +01:00
de4dot
6e7ac2a3bc Port Confuser deobfuscator 2012-11-18 23:42:43 +01:00
de4dot
ff86ca6d24 Merge branch 'port' into confuser 
Conflicts:
	de4dot.code/de4dot.code.csproj
 2012-11-18 21:10:47 +01:00
de4dot
c5f2043a6e Port SmartAssembly deobfuscator 2012-11-18 17:07:02 +01:00
de4dot
cca8eba9ed Port ILProtector deobfuscator 2012-11-18 08:13:51 +01:00
de4dot
db223d089b Port MaxtoCode deobfuscator 2012-11-18 07:34:51 +01:00
de4dot
2e61a8a757 Move disposing of module to caller 
The reason is that some deobfuscators require it to be non-disposed
when their reload() method is called.
 2012-11-18 07:32:57 +01:00
de4dot
9a8218e68f Add Logger.LogErrorDontIgnore() 2012-11-18 03:20:40 +01:00
de4dot
0e16e3e51b Dispose() of all modules we don't need 2012-11-18 03:17:53 +01:00
de4dot
1c4b3a7382 Port Goliath.NET deobfuscator 2012-11-18 03:02:12 +01:00
de4dot
c596f5ddfc Port Eazfuscator.NET deobfuscator 2012-11-18 01:09:07 +01:00
de4dot
33645432f1 Fix TypesRestorer porting bug 2012-11-18 00:20:07 +01:00
de4dot
e5ab5ee23c Re-encrypt x86 methods if any (DNR v4.x) 2012-11-17 23:49:19 +01:00
de4dot
d52a1014ef Port .NET Reactor v4.x deobfuscator 2012-11-17 18:57:36 +01:00
de4dot
413a032e0a Port .NET Reactor v3.x deobfuscator 2012-11-17 15:46:02 +01:00
de4dot
7e1d16dafb Clear RVA when resetting field type and initial value 2012-11-17 11:45:24 +01:00
de4dot
6a7ddbaa56 Update code; submodule was updated 2012-11-16 23:50:52 +01:00
de4dot
4be5776da7 Also add all methods found in VTableFixups 2012-11-16 20:52:10 +01:00
de4dot
0dc129d340 Fix renaming of non-external pinvoke methods 2012-11-16 02:15:36 +01:00
de4dot
686f9953fd Also remove Spices.Net watermark attribute 2012-11-14 21:45:12 +01:00
de4dot
9e708ed4fd Ignore req/opt modifiers 2012-11-14 21:44:57 +01:00
de4dot
475c597a60 Port Spices.Net deobfuscator 2012-11-14 19:29:29 +01:00
de4dot
445b68f4f5 Don't treat System.Void as a value type 2012-11-14 19:28:46 +01:00
de4dot
226d18dff7 Only set ILOnly if there are no native methods 2012-11-14 11:33:47 +01:00
de4dot
6d43a7d6ee Update code since submodule was updated 2012-11-14 10:23:29 +01:00
de4dot
76d898a285 Keep extra PE data and keep orig Win32 resources 2012-11-13 07:45:34 +01:00
de4dot
8c228e6e70 Also preserve #Blob offsets when preserving MD tokens 2012-11-13 07:44:25 +01:00
de4dot
3bd00c99bc Use NativeModuleWriterOptions when saving a mixed-mode assembly 2012-11-13 07:42:35 +01:00
de4dot
2f6e5badb1 Update code since submodule got updated 2012-11-12 22:06:13 +01:00
de4dot
ac9168599b Use IPEImage.FindWin32ResourceData() 2012-11-12 04:40:48 +01:00
de4dot
3646bca56b Align the numbers 2012-11-11 16:56:29 +01:00
de4dot
99b38ac22f Don't Dispose() of the resource data reader 2012-11-11 14:46:00 +01:00
de4dot
c47039c2ef Don't call logger.v() unless verbose log level is enabled 2012-11-11 11:37:40 +01:00
de4dot
5a9d76e8c7 Speed up DeepSea string decrypter detector 2012-11-11 07:54:26 +01:00
de4dot
b152362088 Update logger 
- It's not static anymore
- It implements ILogger
- It can ignore errors/warnings but an option to disable it
 2012-11-11 05:41:54 +01:00
de4dot
7b0ba43248 UTF8String was moved to DotNet ns. Fix code 2012-11-10 00:45:04 +01:00
de4dot
311a3c9c05 Remove now useless using statements 2012-11-10 00:02:11 +01:00
de4dot
73e15c0919 Change method sig to take a IPEImage instead of a PEImage 2012-11-09 11:34:23 +01:00
de4dot
d47a03f51a Unpack CS packed files 2012-11-09 11:32:29 +01:00
de4dot
d00fcb79e4 Don't remove fields if we should keep all types 2012-11-09 02:15:28 +01:00
de4dot
3b740a4106 Port DeepSea deobfuscator 2012-11-09 00:21:45 +01:00
de4dot
5d25a499aa Port CryptoObfuscator deobfuscator 2012-11-08 22:24:13 +01:00
de4dot
472d57ed0f Use ModuleDefMD.GetAssemblyRef() 2012-11-08 11:26:14 +01:00
de4dot
f2f156dc40 Port CodeWall deobfuscator 2012-11-08 10:40:58 +01:00
de4dot
eb7d4c5f88 Use CreateStream() instead of creating a MemoryStream from a byte[] 2012-11-08 10:16:58 +01:00
de4dot
f6b5a3117f Port CodeVeil deobfuscator 2012-11-08 09:48:05 +01:00
de4dot
10e83acebc Port CodeFort deobfuscator 2012-11-08 07:43:57 +01:00
de4dot
4393df31d9 Update detection of CSVM asm ref 2012-11-08 07:07:02 +01:00
de4dot
f699017197 Port Babel.NET deobfuscator 2012-11-08 07:06:46 +01:00
de4dot
ce6659510e Use ToGenericInstSig() ext method 2012-11-08 07:05:41 +01:00
de4dot
e600696182 Use IBinaryReader.ReadRemainingBytes() 2012-11-07 07:29:39 +01:00
de4dot
ab78e97423 Use the new name of this obfuscator 2012-11-07 05:47:33 +01:00
de4dot
9c64165d15 Add a getDumpedMethod() method 2012-11-07 05:38:06 +01:00
de4dot
583d4201f5 Port Agile.NET deobfuscator 2012-11-07 05:17:45 +01:00
de4dot
cc1e36389d Update resolve{Method,Field}() sigs with a more general arg type 2012-11-07 04:46:19 +01:00
de4dot
814c3d3944 Fix method decrypter 2012-11-07 04:45:36 +01:00
de4dot
b6537dc188 Fix lookup<T> method sigs 2012-11-07 04:45:05 +01:00
de4dot
6efb96740d Update code since EntryPoint was renamed ManagedEntryPoint 2012-11-07 02:02:38 +01:00
de4dot
427ea38595 Port MPRESS unpacker 2012-11-07 01:52:15 +01:00
de4dot
d98d4b10bb Add code to restore dumped methods 2012-11-07 01:15:52 +01:00
de4dot
4be7e4fe46 Initialize DumpedMethod.mdRVA 2012-11-07 00:26:36 +01:00
de4dot
001b67804f Move DumpedMethod{,s} to de4dot.blocks namespace 2012-11-06 22:25:19 +01:00
de4dot
90ab31eda2 Port Rummage deobfuscator 2012-11-06 17:21:56 +01:00
de4dot
25cee0e206 Port Skater.NET deobfuscator 2012-11-06 17:15:11 +01:00
de4dot
19ed1ac219 Rename CliSecure -> Agile_NET 2012-11-06 16:38:39 +01:00
de4dot
c67c267c8e Port Dotfuscator deobfuscator 2012-11-06 16:30:39 +01:00
de4dot
ac171e3f29 Fix code since CilBody/HasCilBody were renamed 2012-11-06 15:58:55 +01:00
de4dot
3ed2daebd1 Port Xenocode deobfuscator 2012-11-06 15:58:21 +01:00
de4dot
f5ec3e2a27 String can be empty so return early if so 2012-11-06 01:59:40 +01:00
de4dot
c8039d249e Add more checks when input has lots of invalid metadata 2012-11-06 00:18:02 +01:00
de4dot
6d45a3499f Fix porting mistakes 2012-11-05 19:21:33 +01:00
de4dot
ea001865c9 Rename FnPtr args, and also null type sigs params 2012-11-05 02:42:48 +01:00
de4dot
2aedcc730c Preserve tokens if necessary 2012-11-04 23:24:12 +01:00
de4dot
c9f1f8073e MethodDef.Parameters contains the hidden 'this' param, so add some fixes to old code 2012-11-04 22:41:45 +01:00
de4dot
6a8e8dcb78 Initialize loaded modules' module context 2012-11-04 20:06:58 +01:00
de4dot
d5838aa6c2 Use the IModuleWriterListener interface 2012-11-04 19:40:36 +01:00
de4dot
f4ce67d836 Remove useless class and fix a porting todo 2012-11-04 13:25:14 +01:00
de4dot
83cb59718a Move GenericArgsSubstitutor and add more methods 2012-11-04 12:13:13 +01:00
de4dot
f7f424efe7 Remove more "#if PORT" 2012-11-04 11:50:10 +01:00
de4dot
9376aa0de5 Rename method return parameters 2012-11-04 11:45:04 +01:00
de4dot
7ba4905cc7 Port more code, including renamer 2012-11-04 01:05:52 +01:00
de4dot
db6875859a Port more code 2012-11-03 22:49:52 +01:00
de4dot
9b6c698dc1 Port some code 2012-11-02 22:53:24 +01:00
de4dot
89cd55a071 Port more code 2012-11-02 20:10:34 +01:00
de4dot
00177034b9 Rename cecil names; add new MemberRefFinder class 2012-11-02 16:08:11 +01:00
de4dot
65e6887fbc Port more code; remove cecil refs 2012-11-02 08:28:39 +01:00
de4dot
70916173f3 Update code since dot10 was updated 2012-11-02 07:36:02 +01:00
de4dot
24c43d5a66 Port some more code 2012-11-01 21:09:09 +01:00
de4dot
4c8ba1edf3 Merge branch 'master' into confuser 2012-11-01 16:43:08 +01:00
de4dot
1341cc7199 Port more code 2012-11-01 16:42:02 +01:00
de4dot
3b6ef4fa1f Port more code 2012-11-01 14:39:39 +01:00
de4dot
c5d183983b Port more code 2012-11-01 11:28:09 +01:00
de4dot
eeef8a2580 Use dot10.PE 2012-11-01 07:51:08 +01:00