I suggest you ...

← JustDecompile Feature Suggestions

de4dot plugin update new version 2.0.1 out

de4dot has moved from github to bitbucket. New site info :
https://bitbucket.org/0xd4d/de4dot
https://bitbucket.org/0xd4d/de4dot/downloads

Updated support for most obfuscators. The rest will be supported later.
de4dot is now using dnlib instead of Mono.Cecil since Mono.Cecil can't handle obfuscated files
Mixed mode (eg. C++/CLI) assemblies are now supported
dnlib is much more stable so if you can execute an assembly, dnlib can load and save it
Preserving the important metadata tokens is now possible 100% of the time. The old hack I used with Mono.Cecil worked most of the time, but only for the "def" tables.
Junk at the end of #Blob signatures can now be saved (--preserve-sig-data)
You can now disable renaming certain things. Eg., when deobfuscating Confuser protected assemblies, try --keep-names d (keep delegate field names, but rename everything else)
--keep-types no longer preserves MD tokens.
New command line options: --keep-names, --dont-create-params, --preserve-tokens, --preserve-table, --preserve-strings, --preserve-us, --preserve-blob, --preserve-sig-data
The actual Win32 resources (not the whole .rsrc) section is copied to the output. Mono.Cecil copied the whole section.
When decrypting methods dynamically, the target's CLR version and CPU architecture is loaded instead of always defaulting to latest CLR version.

9 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Forgot password?
    Create a password
    I agree to the terms of service
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    manojmanoj shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Forgot password?
      Create a password
      I agree to the terms of service
      Signed in as (Sign out)
      Close
      Close
      Submitting...
      • manojmanoj commented  ·   ·  Flag as inappropriate

        use dnlib is a library that can read, write and create .NET assemblies and modules.

        It was written for de4dot which must have a rock solid assembly reader and writer library since it has to deal with heavily obfuscated assemblies with invalid metadata. If the CLR can load the assembly, dnlib must be able to read it and save it.
        Features

        Supports reading, writing and creating .NET assemblies/modules targeting any .NET framework (eg. desktop, Silverlight, Windows Phone, etc).
        Supports reading and writing mixed mode assemblies (eg. C++/CLI)
        Can read and write non-ECMA compatible .NET assemblies that MS' CLR can load and execute
        Very stable and can handle obfuscated assemblies that crash other similar libraries.
        High and low level access to the metadata
        Output size of non-obfuscated assemblies is usually smaller than the original assembly
        Metadata tokens and heaps can be preserved when saving an assembly
        Assembly reader has hooks for decrypting methods and strings
        Assembly writer has hooks for various writer events
        Easy to port code from Mono.Cecil to dnlib
        Add/delete Win32 resource blobs
        Saved assemblies can be strong name signed and enhanced strong name signed
        https://bitbucket.org/0xd4d/dnlib

      JustDecompile Feature Suggestions: Advanced Features

      Feedback and Knowledge Base

      (thinking…)