devbox
菜鸟追梦旅行
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

[C#]de4dot常用命令

作者:菜鸟追梦旅行 | 2024-04-09 14:12:37

de4dot
命令:de4dot.exe "D:\xxx.exe"
解释:运行后文件在程序集的目录下生成一个带-cleaned的新程序集。
命令:de4dot.exe file1 -f "D:\xxx.exe" -o "D:\output\xxx_cleaned.exe"
解释:-f : 指定.NET 程序集文件,-o : 指定输出 文件
命令:de4dot -r "D:\input" -ru -ro "D:\output"
解释:反混淆整个文件夹其中-r  xxx : 指定输入文件夹,包括子文件夹,-ru : 跳过不支持的混淆工具混淆过的文件,-ro : 指定输出文件夹
命令:de4dot.exe -f "D:\a\xxx.exe" -d
解释:检测混淆工具名称
命令:de4dot file1.dll -p sa
解释:指定混淆工具名称,de4dot可能检测不准确混淆工具的名称,可以通过 -p 参数指定

更多命令:

  1. de4dot <options> <file options>
  2. Options:
  3.   -r DIR           Scan for .NET files in all subdirs
  4.   -ro DIR          Output base dir for recursively found files
  5.   -ru              Skip recursively found files with unsupported obfuscator
  6.   -d               Detect obfuscators and exit
  7.   --asm-path PATH  Add an assembly search path
  8.   --dont-rename    Don't rename classes, methods, etc.
  9.   --keep-names FLAGS
  10.                    Don't rename n(amespaces), t(ypes), p(rops), e(vents), f(ields), m(ethods), a(rgs), g(enericparams), d(elegate fields). Can be combined, eg. efm
  11.   --dont-create-params
  12.                    Don't create method params when renaming
  13.   --dont-restore-props
  14.                    Don't restore properties/events
  15.   --default-strtyp TYPE
  16.                    Default string decrypter type
  17.   --default-strtok METHOD
  18.                    Default string decrypter method token or [type::][name][(args,...)]
  19.   --no-cflow-deob  No control flow deobfuscation (NOT recommended)
  20.   --only-cflow-deob
  21.                    Only control flow deobfuscation
  22.   --load-new-process
  23.                    Load executed assemblies into a new process
  24.   --keep-types     Keep obfuscator types, fields, methods
  25.   --preserve-tokens
  26.                    Preserve important tokens, #US, #Blob, extra sig data
  27.   --preserve-table FLAGS
  28.                    Preserve rids in table: tr (TypeRef), td (TypeDef), fd (Field), md (Method), pd (Param), mr (MemberRef), s (StandAloneSig), ed (Event), pr (Property), ts (TypeSpec), ms (MethodSpec), all (all previous tables). Use - to disable (eg. all,-pd). Can be combined: ed,fd,md
  29.   --preserve-all   Preserve all tokens
  30.   --preserve-strings
  31.                    Preserve #Strings heap offsets
  32.   --preserve-us    Preserve #US heap offsets
  33.   --preserve-blob  Preserve #Blob heap offsets
  34.   --preserve-sig-data
  35.                    Preserve extra data at the end of signatures
  36.   --one-file       Deobfuscate one file at a time
  37.   -v               Verbose
  38.   -vv              Very verbose
  39.   -h               Show this help message
  40.   --help           Same as -h
  41.  
  42. File options:
  43.   -f FILE          Name of .NET file
  44.   -o FILE          Name of output file
  45.   -p TYPE          Obfuscator type (see below)
  46.   --strtyp TYPE    String decrypter type
  47.   --strtok METHOD  String decrypter method token or [type::][name][(args,...)]
  48.  
  49. Deobfuscator options:
  50. Type un (Unknown)
  51.   --un-name REGEX  Valid name regex pattern (^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$)
  52.  
  53. Type dr4 (.NET Reactor)
  54.   --dr4-name REGEX Valid name regex pattern (^[\u2E80-\u9FFFa-zA-Z_<{$][\u2E80-\u9FFFa-zA-Z_0-9<>{}$.`-]*$)
  55.   --dr4-methods BOOL
  56.                    Decrypt methods (True)
  57.   --dr4-bools BOOL Decrypt booleans (True)
  58.   --dr4-types BOOL Restore types (object -> real type) (True)
  59.   --dr4-inline BOOL
  60.                    Inline short methods (True)
  61.   --dr4-remove-inlined BOOL
  62.                    Remove inlined methods (True)
  63.   --dr4-embedded BOOL
  64.                    Dump embedded assemblies (True)
  65.   --dr4-rsrc BOOL  Decrypt resources (True)
  66.   --dr4-ns1 BOOL   Clear namespace if there's only one class in it (True)
  67.   --dr4-sn BOOL    Remove anti strong name code (True)
  68.   --dr4-sname BOOL Rename short names (False)
  70. String decrypter types
  71.   none             Don't decrypt strings
  72.   default          Use default string decrypter type (usually static)
  73.   static           Use static string decrypter if available
  74.   delegate         Use a delegate to call the real string decrypter
  75.   emulate          Call real string decrypter and emulate certain instructions
  76.  
  77. Multiple regexes can be used if separated by '&'.
  78. Use '!' if you want to invert the regex. Example: !^[a-z\d]{1,2}$&!^[A-Z]_\d+$&^[\w.]+$
  79.  
  80. Examples:
  81. de4dot -r c:\my\files -ro c:\my\output
  82. de4dot file1 file2 file3
  83. de4dot file1 -f file2 -o file2.out -f file3 -o file3.out
  84. de4dot file1 --strtyp delegate --strtok 06000123

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/菜鸟追梦旅行/article/detail/393261
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号