monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,020 Commits 2 Branches 1 Tag 5 MiB
v4.0.0
Commit Graph

2020 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ViR Dash
4923f3ba73 Replace CI with GitHub 2020-01-10 18:55:20 +02:00
ViR Dash
c019e21743 Check if cctor exists before using it 2019-05-03 01:17:30 +01:00
ViR Dash
406afd01e3 Set up CI 2019-05-02 13:02:16 +01:00
Victor
6fb8af9f6a
Update README.md 2018-03-25 18:27:09 +01:00
Victor
d6172eb0f0
Update README.md 2018-03-25 02:56:01 +01:00
ViR Dash
f2194e1384 Update README.md 2018-03-24 17:17:58 +00:00
ViR Dash
8725afae01 Add support for normal mode string decryption 2017-09-26 01:54:47 +01:00
ViR Dash
5ec36c863c Add support for normal predicate control flow; 
Add detection weight to ConfusedBy attribute
 2017-09-26 01:54:42 +01:00
ViR Dash
7adf818194 Implement ConfuserEx generic constants and resource decryption; misc improvements 
Move BeaEngine.dll to /bin/
Make sure BeaEngine.dll is loaded when the working directory is different
Disable file deobfuscation exception handler
Don't remove LZMA methods by default
Trim version read from ConfuserAttribute
Minor refactoring
 2017-08-20 16:25:25 +03:00
ViR Dash
4be6156d9b Move ConfuserEx warning messages to display during the correct deobfuscation stage 2017-08-19 17:44:30 +03:00
ViR Dash
d6a18082af Ensure BeaEngine.dll is present and misc changes 
Copy BeaEngine.dll on build and check if it exists in runtime
Disable more exception handlers to help detect swallowed exceptions
Misc refactoring
 2017-08-19 17:40:14 +03:00
ViR Dash
3e4170deb6 ConfuserEx deobfuscator code clean-up and refactor 2017-08-08 13:27:21 +03:00
ViR Dash
e0a2e805d4 ConfuserEx deobfuscator updates and misc changes 
ConfuserEx changes:
* Implement Proxy Call Fixer
* Refactor Control Flow Fixer
Disable main exception handler to let de4dot throw on error
 2017-07-25 17:37:41 +03:00
ViR Dash
23477ccb5f Implemented ConfuserEx deobfuscator 
x86 cflow and x86 constant decryption
Backport of LINQ (LinqBridge)
Shift left/right emulation fixes in de4dot core
Block class extended to hold additional information
 2017-02-13 11:14:22 +02:00
PoroCYon
126758fa6f Fix compiler errors (on mono) (#123) 2017-01-05 13:46:04 +01:00
0xd4d
cf19456dd6 Merge pull request #120 from XODE0/master 
Support .NETReactor last versions.
 2016-03-19 20:32:14 +01:00
XODE0
be964e1637 Fix for .NETReactor versions(4.7+). 2016-03-19 20:13:02 +01:00
XODE0
bbe3d325fb Fix for old .NETReactor versions. 2016-03-19 18:26:07 +01:00
de4dot
8039056d4c Move class from dnlib to de4dot 2016-03-19 16:38:48 +01:00
XODE0
38cfc6507a Update EncryptedResource.cs 2016-03-19 16:26:05 +01:00
XODE0
f6a107c9bf Support dotNETReactor v5.0.0.0 2016-03-19 16:16:22 +01:00
xode0
236b1768f4 Fix for the last .NETReactor. 2016-02-16 23:47:14 +01:00
de4dot
aa53cc0a81 Update dnlib submodule 2016-02-11 20:51:02 +01:00
de4dot
958ad86ceb Fix merge 2016-02-11 20:50:54 +01:00
0xd4d
71eddd4689 Merge pull request #119 from XODE0/master 
Add resource name decryption for Crypto.
 2016-02-11 20:43:35 +01:00
xode0
6bfb3bc4a7 Add resource name decryption 
.

Update Crypto StringDecrypter and move DecryptResourceName from ConstantsDecrypter to CoUtils.

Follow de4dot coding style.

Tabify the last commits.
 2016-02-11 20:28:00 +01:00
0xd4d
9715fe46c2 Merge pull request #117 from PythEch/fix-eazfuscator-51 
Added support for Eazfuscator.NET 5.1
 2016-02-10 18:41:30 +01:00
PythEch
17c23f9ad7 Use default shift constants when Eazfuscator.NET < 5.0 2016-02-06 17:38:14 +02:00
PythEch
d7c7c7ce85 Fix Indentation 2016-01-24 00:47:09 +02:00
PythEch
2581da1c26 Make it compatible with 5.0 again 
Version detection may be flawed since it checks if the string decryptor
method uses cgt.un instead of ceq for flags because the changes in 5.1
are subtle.
 2016-01-24 00:45:37 +02:00
PythEch
84e0aa0b77 Fix the calculation of magic 
It seems that Eazfuscator.NET sometimes calculates the magic with
different constants so I had to get them programmatically
 2016-01-23 22:55:29 +02:00
PythEch
63607a6678 Fix string decryption for Eazfuscator.NET 5.1 
v5.1 changes a few instructions in , other than it's almost the same
 2016-01-23 17:09:01 +02:00
de4dot
4c684bb67e Update copyright years 2015-10-29 22:45:26 +01:00
de4dot
02d6de8f39 Fix old Confuser deobfuscator code 2015-10-29 22:36:17 +01:00
de4dot
a0f12c4ad0 Update IsN00bUser() 2015-10-29 21:37:49 +01:00
de4dot
ea28306e9c Update dnlib submodule 2015-10-29 21:37:37 +01:00
de4dot
eefa799e0d Fix merge. Code used a much older dnlib version 2015-10-29 21:36:57 +01:00
de4dot
7cde561e6b Merge branch 'confuser' 2015-10-29 21:36:34 +01:00
de4dot
436fe05756 Fix some older merges 2015-10-29 21:36:27 +01:00
0xd4d
f279bed1ed Merge pull request #113 from saneki/only_cflow 
Added option --only-cflow-deob for only deobfuscating control flow
 2015-09-23 19:58:48 +02:00
saneki
e399d4ae2d Added option --only-cflow-deob for only deobfuscating control flow 2015-09-22 11:06:45 -07:00
0xd4d
21318d2161 Merge pull request #111 from angelsl/master 
CryptoObfuscator: Detect if decrypter should skip before reading flag or vice versa
 2015-08-29 12:24:29 +02:00
angelsl
133814073c Actually use index of the not opcode 
Signed-off-by: angelsl <hidingfromhidden@gmail.com>
 2015-08-28 00:01:40 +08:00
0xd4d
74408ae2dd Merge pull request #112 from saneki/nix_friendly 
Renamed file with proper capitalization (as referenced in project file)
 2015-08-23 00:15:38 +02:00
saneki
ff708f8116 Renamed file with proper capitalization (as referenced in project file) 2015-08-22 16:25:30 -05:00
angelsl
ffeb7c9472 Detect if decrypter should skip before reading flag or vice versa 
Seems like some versions of CryptoObfuscator skip the bytes before reading the
actual flag instead of the behaviour expected by de4dot currently.

Signed-off-by: angelsl <hidingfromhidden@gmail.com>
 2015-08-21 15:57:44 +08:00
de4dot
39cf94964f Remove 64-bit mscorlib refs from x64 csproj files 2015-08-15 11:08:17 +02:00
de4dot
111d0b538c Add updated dnlib submodule 2015-08-15 11:01:11 +02:00
0xd4d
dfbbfc3fe0 Merge pull request #110 from saneki/eaz_5 
Added support for Eazfuscator.NET 5.0 (string decryption)
 2015-08-05 19:49:52 +02:00
saneki
94596d6fb7 Added support for Eazfuscator.NET 5.0 2015-08-04 17:52:02 -05:00