private static void ActivateCommands(ArgumentParser parser, out bool autoDeob, out int token)
{
autoDeob = true;
token = 0;
foreach(var cmd in parser.ParsedCommands)
{
if (cmd is CmdVerbose)
DeobfuscatorContext.Output = DeobfuscatorContext.OutputType.Verbose;
if (cmd is CmdOut)
DeobfuscatorContext.OutPath = cmd.UserInput.Substring(1);
if (cmd is CmdFetchSignature)
{
autoDeob = false;
var deob = new Deobfuscator(null);
Logger.VSLog(deob.FetchSignature());
}
if(cmd is CmdDynamicStringDecryption)
{
token = Int32.Parse(cmd.UserInput.Split(':')[1].Trim(), NumberStyles.HexNumber);
}
if (cmd is CmdDebug)
DeobfuscatorContext.Debug = true;
}
}
private static void Main(string[] args)
{
var parser = new ArgumentParser(args);
bool autoDeob;
int token;
if(!parser.ParseRawInput()){
Console.ReadLine();
Environment.Exit(-1);
}
AssemblyDefinition tmpAsm = null;
try
{
tmpAsm = AssemblyDefinition.ReadAssembly(args[0]);
}
catch
{
Logger.VSLog("File is not a valid .NET PE file!");
Console.ReadLine();
Environment.Exit(-1);
}
DeobfuscatorContext.AsmDef = tmpAsm;
Logger.VSLog(string.Concat("NETDeob ", Version, " BETA"));
Logger.VSLog("");
DeobfuscatorContext.OutPath = DeobfuscatorContext.InPath + "_deobf.exe";
ActivateCommands(parser, out autoDeob, out token);
DeobfuscatorContext.Options.UnhandledExceptionHandler = GlobalExcHandle;
if (autoDeob)
{
var deob = new Deobfuscator();
deob.Deobfuscate(token == 0
? null
: new DynamicStringDecryptionContetx
{
AssociatedTokens = new List<int> { token },
DecryptionType = StringDecryption.Dynamic
});
}
Console.Read();
}
private static void Main(string[] args)
{
if (args.Length == 0)
return;
var ctx = new DeobfuscatorContext();
var optionSet = new OptionSet()
{
{"st=|strtok=", t =>
{
if (t != null)
ctx.DynStringCtx = new DeobfuscatorContext.DynamicStringDecryptionContext
{
AssociatedToken = Int32.Parse(t, NumberStyles.HexNumber),
DecryptionType = DeobfuscatorContext.StringDecryption.Dynamic
};
}},
{"v|verbose", v =>
{
if (v != null)
ctx.Output = DeobfuscatorContext.OutputType.Verbose;
}},
{ "d|debug", d =>
{
if(d != null)
ctx.Debug = true;
}},
{"fsig|fetchsignature", fs =>
{
if(fs != null)
{
Console.WriteLine(new Deobfuscator(ctx).FetchSignature());
Console.ReadLine();
Environment.Exit(-1);
}
}},
{"o=|output=", o =>
{
if (o != null)
ctx.OutPath = o;
}},
{"pp=|pluginpath=", pp =>
{
if(pp != null)
{
ctx.Options = new DeobfuscatorOptions();
ctx.Options.LoadPlugins = true;
ctx.Options.PluginLoadPath = pp;
}
}},
{"prp|preferplugins", prp =>
{
if(prp != null)
{
ctx.Options.LoadPlugins = true;
ctx.Options.PreferPluginsOverBuiltinIdentifiers = true;
}
}}
};
AssemblyDefinition tmpAsm = null;
try
{
tmpAsm = AssemblyDefinition.ReadAssembly((ctx.InPath = args[0]));
}
catch
{
Console.WriteLine("File is not a valid .NET PE file!");
Console.ReadLine();
Environment.Exit(-1);
}
ctx.AsmDef = tmpAsm;
Console.WriteLine(string.Concat("NETDeob ", Version, " BETA"));
Console.WriteLine();
ctx.OutPath = ctx.OutPath ?? Path.Combine(Path.GetDirectoryName(ctx.InPath), tmpAsm.Name.Name + "_deobf.exe");
try
{
optionSet.Parse(args.FromIndex(1));
}
catch (OptionException e)
{
Console.WriteLine("Invalid parameters supplied!");
Console.ReadLine();
Environment.Exit(-1);
}
var deob = new Deobfuscator(ctx);
deob.Deobfuscate();
Console.Read();
}
