virb3 / de4dot-cex Goto Github PK

Where can I find precompiled binaries

Using <> makes dnspy errorize every time, replace <> with _ maybe?

How to Use this Lib?it is not useful to confuseEx,Can somg sample be given?

Hi.
I'm using Visual Studio 2019, and trying to build the x64 project which I cloned directly with the instruction given in the original repo, but it gives me the following exception:

BadImageFormatException: Could not load file or assembly 'de4dot.code, Version=3.1.41592.3405, Culture=neutral, PublicKeyToken=d3f3ed1e47f67fc6' or one of its dependencies. An attempt was made to load a program with an incorrect format.

Even though the de4dot.code project is right there alongside the rest.

I also tried to download the release zip file but it returns the following:

Unhandled Exception: System.BadImageFormatException: Invalid DOS signature
at dnlib.PE.ImageDosHeader..ctor(IImageStream reader, Boolean verify) in D:\a\de4dot-cex\de4dot-cex\dnlib\src\PE\ImageDosHeader.cs:line 30
at dnlib.PE.PEInfo..ctor(IImageStream reader, Boolean verify) in D:\a\de4dot-cex\de4dot-cex\dnlib\src\PE\PEInfo.cs:line 44
at dnlib.PE.PEImage..ctor(IImageStreamCreator imageStreamCreator, ImageLayout imageLayout, Boolean verify) in D:\a\de4dot-cex\de4dot-cex\dnlib\src\PE\PEImage.cs:line 134
at dnlib.PE.PEImage..ctor(String fileName, Boolean mapAsImage, Boolean verify) in D:\a\de4dot-cex\de4dot-cex\dnlib\src\PE\PEImage.cs:line 165
at de4dot.code.ObfuscatedFile.UnpackNativeImage(IEnumerable1 deobfuscators) in D:\a\de4dot-cex\de4dot-cex\de4dot.code\ObfuscatedFile.cs:line 193 at de4dot.code.ObfuscatedFile.LoadModule(IEnumerable1 deobfuscators) in D:\a\de4dot-cex\de4dot-cex\de4dot.code\ObfuscatedFile.cs:line 182
at de4dot.code.ObfuscatedFile.Load(IList`1 deobfuscators) in D:\a\de4dot-cex\de4dot-cex\de4dot.code\ObfuscatedFile.cs:line 161
at de4dot.cui.FilesDeobfuscator.DotNetFileLoader.Add(IObfuscatedFile file, Boolean skipUnknownObfuscator, Boolean isFromPossibleFiles) in D:\a\de4dot-cex\de4dot-cex\de4dot.cui\FilesDeobfuscator.cs:line 246
at de4dot.cui.FilesDeobfuscator.DotNetFileLoader.CreateObfuscatedFile(SearchDir searchDir, String filename) in D:\a\de4dot-cex\de4dot-cex\de4dot.cui\FilesDeobfuscator.cs:line 347
at de4dot.cui.FilesDeobfuscator.DotNetFileLoader.d__7.MoveNext() in D:\a\de4dot-cex\de4dot-cex\de4dot.cui\FilesDeobfuscator.cs:line 275
at de4dot.cui.FilesDeobfuscator.DotNetFileLoader.d__5.MoveNext() in D:\a\de4dot-cex\de4dot-cex\de4dot.cui\FilesDeobfuscator.cs:line 203
at de4dot.cui.FilesDeobfuscator.d__11.MoveNext() in D:\a\de4dot-cex\de4dot-cex\de4dot.cui\FilesDeobfuscator.cs:line 167
at de4dot.cui.FilesDeobfuscator.DetectObfuscators() in D:\a\de4dot-cex\de4dot-cex\de4dot.cui\FilesDeobfuscator.cs:line 99
at de4dot.cui.Program.Main(String[] args) in D:\a\de4dot-cex\de4dot-cex\de4dot.cui\Program.cs:line 118
at de4dot_x64.Program.Main(String[] args) in D:\a\de4dot-cex\de4dot-cex\de4dot-x64\Program.cs:line 23
With both the de4dot.exe and de4dot-64.exe.

^title^

How do i get around this issue?

Hello, can u help me with this error ? i trying to deobfuscate an exe file but it doesnt work, i already use -d parameter to see wich one obfuscator it use and probably is crpyto obfuscator ( u can see it on logs error too )

WARNING: Found unknown resource encryption flags: 0x0A

Exceção Sem Tratamento: System.IO.InvalidDataException: O tamanho do bloco não corresponde ao seu complemento.
em System.IO.Compression.Inflater.DecodeUncompressedBlock(Boolean& end_of_block)
em System.IO.Compression.Inflater.Decode()
em System.IO.Compression.Inflater.Inflate(Byte[] bytes, Int32 offset, Int32 length)
em System.IO.Compression.DeflateStream.Read(Byte[] array, Int32 offset, Int32 count)
em de4dot.code.deobfuscators.CryptoObfuscator.ResourceDecrypter.Decrypt(Stream resourceStream) na D:\a\de4dot-cex\de4dot-cex\de4dot.code\deobfuscators\CryptoObfuscator\ResourceDecrypter.cs:linha 371

anyway thanks by now.

When I run:

de4dot-x64 Program.exe

I get:

Array dimensions exceeded supported range.
Array dimensions exceeded supported range.
Detected ConfuserEx v0.6.0 (G:\Blah\de4dot-cex\Debug\Program.exe)
Cleaning G:\Blah\de4dot-cex\Debug\Program.exe

Unhandled Exception: System.ApplicationException: Invalid new target, it's null
at de4dot.blocks.Block.ReplaceLastInstrsWithBranch(Int32 numInstrs, Block target) in G:\Blah\de4dot-cex\de4dot.blocks\Block.cs:line 139
at de4dot.blocks.Block.ReplaceBccWithBranch(Boolean isTaken) in G:\Blah\de4dot-cex\de4dot.blocks\Block.cs:line 154
at de4dot.blocks.cflow.BlockCflowDeobfuscator.de4dot.blocks.cflow.IBranchHandler.HandleNormal(Int32 stackArgs, Boolean isTaken) in G:\Blah\de4dot-cex\de4dot.blocks\cflow\BlockCflowDeobfuscator.cs:line 66
at de4dot.blocks.cflow.BranchEmulator.EmulateBranch(Int32 stackArgs, Boolean isTaken) in G:\Blah\de4dot-cex\de4dot.blocks\cflow\BranchEmulator.cs:line 82
at de4dot.blocks.cflow.BranchEmulator.EmulateBranch(Int32 stackArgs, Bool3 cond) in G:\Blah\de4dot-cex\de4dot.blocks\cflow\BranchEmulator.cs:line 78
at de4dot.blocks.cflow.BranchEmulator.Emulate_Brfalse() in G:\Blah\de4dot-cex\de4dot.blocks\cflow\BranchEmulator.cs:line 238
at de4dot.blocks.cflow.BranchEmulator.Emulate(Instruction instr) in G:\Blah\de4dot-cex\de4dot.blocks\cflow\BranchEmulator.cs:line 65
at de4dot.blocks.cflow.BlockCflowDeobfuscator.Deobfuscate(Block block) in G:\Blah\de4dot-cex\de4dot.blocks\cflow\BlockCflowDeobfuscator.cs:line 54
at de4dot.blocks.cflow.BlockDeobfuscator.Deobfuscate(List1 allBlocks) in G:\Blah\de4dot-cex\de4dot.blocks\cflow\BlockDeobfuscator.cs:line 40 at de4dot.blocks.cflow.BlocksCflowDeobfuscator.Deobfuscate(IEnumerable1 bds, List1 allBlocks) in G:\Blah\de4dot-cex\de4dot.blocks\cflow\BlocksCflowDeobfuscator.cs:line 106 at de4dot.blocks.cflow.BlocksCflowDeobfuscator.Deobfuscate() in G:\Blah\de4dot-cex\de4dot.blocks\cflow\BlocksCflowDeobfuscator.cs:line 90 at de4dot.code.ObfuscatedFile.Deobfuscate(MethodDef method, BlocksCflowDeobfuscator cflowDeobfuscator, MethodPrinter methodPrinter, Boolean isVerbose, Boolean isVV) in G:\Blah\de4dot-cex\de4dot.code\ObfuscatedFile.cs:line 640 at de4dot.code.ObfuscatedFile.DeobfuscateMethods() in G:\Blah\de4dot-cex\de4dot.code\ObfuscatedFile.cs:line 589 at de4dot.code.ObfuscatedFile.Deobfuscate() in G:\Blah\de4dot-cex\de4dot.code\ObfuscatedFile.cs:line 401 at de4dot.cui.FilesDeobfuscator.DeobfuscateAllFiles(IEnumerable1 allFiles) in G:\Blah\de4dot-cex\de4dot.cui\FilesDeobfuscator.cs:line 374
at de4dot.cui.FilesDeobfuscator.DeobfuscateAll() in G:\Blah\de4dot-cex\de4dot.cui\FilesDeobfuscator.cs:line 134
at de4dot.cui.FilesDeobfuscator.DoIt() in G:\Blah\de4dot-cex\de4dot.cui\FilesDeobfuscator.cs:line 91
at de4dot.cui.Program.Main(String[] args) in G:\Blah\de4dot-cex\de4dot.cui\Program.cs:line 118
at de4dot_x64.Program.Main(String[] args) in G:\Blah\de4dot-cex\de4dot-x64\Program.cs:line 23

I had previously checked the file with Detect It Easy to make sure it used ConfuserEx.
I tried running the code via an .exe that Visual Studio compiled from the source code and via the pre-built binaries, both returned the exact same results.

de4dot-cex successfully removed most of the ConfuserEx 1.0.0 protection for me, but some artifacts remain in the code. I'm willing to pay if you are willing to improve de4dot-cex to remove these artifacts.
Are you interested?

Sorry if off topic. But it’s very interesting how such a library can work at all. I have never seen such (corrupted?) Code. I wonder what obfuscator did this and whether it is possible to remove such obfuscation.
https://anonfile.com/V2P446gao8/Assembly-CSharp-firstpass_dll

The author of de4dot-cex software let me ask for the completed version with the exe file. Thank you very much

I want to decompile latest agile.net protected file.

is it possible using this utility ?

de4dot v3.1.41592.3405

Detected Unknown Obfuscator (C:\myTools\0\de4dot-cex\1.exe)
Cleaning C:\myTools\0\de4dot-cex\1.exe
Renaming all obfuscated symbols

Unhandled Exception: System.ApplicationException: Interface method already initialized
at de4dot.code.renamer.asmmodules.InterfaceMethodInfo.Merge(InterfaceMethodInfo other) in D:\a\de4dot-cex\de4dot-cex\de4dot.code\renamer\asmmodules\TypeDef.cs:line 151
at de4dot.code.renamer.asmmodules.InterfaceMethodInfos.InitializeFrom(InterfaceMethodInfos other, GenericInstSig git) in D:\a\de4dot-cex\de4dot-cex\de4dot.code\renamer\asmmodules\TypeDef.cs:line 194
at de4dot.code.renamer.asmmodules.MTypeDef.InitializeInterfaces(TypeInfo typeInfo) in D:\a\de4dot-cex\de4dot-cex\de4dot.code\renamer\asmmodules\TypeDef.cs:line 498
at de4dot.code.renamer.asmmodules.MTypeDef.InitializeAllInterfaces() in D:\a\de4dot-cex\de4dot-cex\de4dot.code\renamer\asmmodules\TypeDef.cs:line 492
at de4dot.code.renamer.asmmodules.MTypeDef.InitializeInterfaceMethods(MethodNameGroups groups) in D:\a\de4dot-cex\de4dot-cex\de4dot.code\renamer\asmmodules\TypeDef.cs:line 506
at de4dot.code.renamer.asmmodules.MTypeDef.InitializeVirtualMembers(MethodNameGroups groups, IResolver resolver) in D:\a\de4dot-cex\de4dot-cex\de4dot.code\renamer\asmmodules\TypeDef.cs:line 482
at de4dot.code.renamer.asmmodules.Modules.InitializeVirtualMembers() in D:\a\de4dot-cex\de4dot-cex\de4dot.code\renamer\asmmodules\Modules.cs:line 365
at de4dot.code.renamer.Renamer.Rename() in D:\a\de4dot-cex\de4dot-cex\de4dot.code\renamer\Renamer.cs:line 242
at de4dot.cui.FilesDeobfuscator.Rename(IEnumerable`1 theFiles) in D:\a\de4dot-cex\de4dot-cex\de4dot.cui\FilesDeobfuscator.cs:line 400
at de4dot.cui.FilesDeobfuscator.DeobfuscateAll() in D:\a\de4dot-cex\de4dot-cex\de4dot.cui\FilesDeobfuscator.cs:line 135
at de4dot.cui.FilesDeobfuscator.DoIt() in D:\a\de4dot-cex\de4dot-cex\de4dot.cui\FilesDeobfuscator.cs:line 91
at de4dot.cui.Program.Main(String[] args) in D:\a\de4dot-cex\de4dot-cex\de4dot.cui\Program.cs:line 118
at de4dot_x86.Program.Main(String[] args) in D:\a\de4dot-cex\de4dot-cex\de4dot\Program.cs:line 23

dear am trying to build the source but getting alot many errors

could you please help me out in this
or can you share the build version as well

hi can u update ur version of de4dot for new babel version?
old de4dot support only old versions of babel obfusicator

it would be great

i have tried to decompile the .net .exe but getting some errors while decompiling its showing
ERROR: couldnt resolved Methord ref system.bolen XXXXXXX

and also when i open up a source in VS its showing these comments in the source

            //IL_02ca: Unknown result type (might be due to invalid IL or missing references)
            //IL_02cf: Unknown result type (might be due to invalid IL or missing references)

please help me out in this regard
how i can get a complete source of the .exe

de4dot v3.1.41592.3405 Copyright (C) 2011-2015 [email protected]
Latest version and source code: https://github.com/0xd4d/de4dot

Index was outside the bounds of the array.
Detected ConfuserEx  (\path\to\sample)
Cleaning \path\to\sample
Renaming all obfuscated symbols
Saving \path\to\sample-cleaned.dll
ERROR: Error calculating max stack value. If the method's obfuscated, set CilBody.KeepOldMaxStack or MetaDataOptions.Flags (KeepOldMaxStack, global option) to ignore this error. Otherwise fix your generated CIL code so it conforms to the ECMA standard.

ran https://www.upload.ee/files/10989502/UnConfuserEx_1.0.iso.html on the original sample beforehand, then passed it through this version of de4dot here
UnConfuserEx_1.0.iso.zip

i still see this stuff

public static int \u200B\u202C\u206C\u206A\u206F\u200C\u200D\u200D\u206A\u200B\u206B\u202E\u202C\u200C\u200F\u202D\u200C\u206A\u202C\u200D\u206A\u202D\u200D\u202C\u206A\u200C\u206A\u206E\u206D\u206B\u206B\u206D\u202C\u202A\u202A\u206D\u206D\u200F\u200B\u200D\u202E()
{
}

others are renamed and some still had that..