That's a warning from the renamer, so try --dont-rename or just ignore the warning msg. Maybe it's still runnable?
|
Ain't it possible to get a verbose output of error
|
Command: de4dot.exe -f "D:\xxks\EXAMTEACHER.exe" -o "D:\xxks\EXAMTEACHER_de4dot.exe"
Output: de4dot v3.1.41592.3405 Copyright (C) 2011-2014 de4dot@gmail.com Latest version and source code: https://github.com/0xd4d/de4dot 21 deobfuscator modules loaded! Detected Dotfuscator 12345:1:2:4.2.5000.27554 (D:\xxks\EXAMTEACHER.exe) Cleaning D:\xxks\EXAMTEACHER.exe WARNING: Could not deobfuscate method 06000185. Hello, E.T.: System.ApplicationException Renaming all obfuscated symbols Saving D:\xxks\EXAMTEACHER_de4dot.exe ERROR: Error calculating max stack value. If the method's obfuscated, set CilBody.KeepOldMaxStack or MetaDataOptions.Flags (KeepOldMaxStack, global option) to ignore this error. Otherwise fix your generated CIL code so it conforms to the ECMA standard. ERROR: Instruction operand is null ERROR: Operand is not a local/arg ERROR: Instruction is null ERROR: Target instruction is too far away for a short branch. Use the long branch or call CilBody.SimplifyBranches() and CilBody.OptimizeBranches() Ignored 7741 warnings/errors Use -v/-vv option or set environment variable SHOWALLMESSAGES=1 to see all messages Why? |
@speedboy
Try de4dot fixed by ivancitooz http://rghost.net/8kVDPKcfc It has several obfuscators updated :) |
Quote:
|
Upload exe and I will try for you :)
|
1 Attachment(s)
i have an exe which de4dot detects it as Unknown Obfuscator. class names, method names and member names are all like guids, and it uses "Call Hiding" obfuscating method.
anybody knows what obfuscator it may be? |
You can reserach witch obfuscator might be and add support to de4dot by yourself.
Just take a look here: Quote:
|
as i researched into the obfuscators it seems that it has been obfuscated with something like "disguiser.net". is there any solution available for this one?
|
......................................
|
i found it with the help of kao
it was AppFuscator :-) |
There are some tools for unpacking and string decrypting for this protector.
|
Hi giv
i can not unpack this file with de4dot ! Quote:
Quote:
thanks |
A newbie question indeed.. i used de4dot.exe to deobfuscate the attached folder usig -d flag it deobfuscated all obfuscated exes (crypto obfuscator) but the problem is no the program does not run rather hangs..
https://mega.nz/#!00QmSZYK!56oBkSL9-7pc9KsMKEr7lW4cftLLluTyKyL-erLqvpQ |
>but the problem is no the program does not run rather hangs..
deobfuscating != correct run :) you need to charge your mind and go to rabbit hole |
de4dot-Support.Reactor5.0-wuhensoft
http://crack.vc/RceTools/NET/de4dot-Support.Reactor5.0-wuhensoft.7z |
Hi all thanks for all! I unpacked it but the problem is my patching is nasty so license window appears frequently though it is not a big problem since you can put anything of proper length and get licensed!!
Is there a better solution? https://mega.nz/#!E0gTCKCb!hFeYMsc40_9ftsh0O-5GU19WosWFTCn333RoGA2JYBc |
I'm trying to use this, but it says unknown obfuscator and while it worked partially, most important stuff are still obfuscated and can't be browsed. Can anyone help? Here's the link to exe
https://mega.nz/#!awFjCIZL!FobLU14jimDuOKAv8MdEjzyU0Jg0haLiIQztSOv1ps0 |
You can force De4dot to select which de-obfuscation technique is to be used.
|
Quote:
|
can deobfuscate smartassembly?
|
can - yes!
just GIAT! |
Best Tool!
|
Quote:
|
I was wondering if people are still using de4dot or are there better alternatives now?
|
You can try this
https://github.com/HongThatCong/de4dot_mod |
Looks like de4dot mod is .net 3.5 based anything for 4.x or even 5 available?
|
cannot decrypt dotfuscator string
|
Hello friends,
I hate necrobumping, but I think this is the best place to ask a question about de4dot. The original de4dot repo is this: Quote:
Quote:
Quote:
Thank you. |
blue_devil this was a great question, though I don't know the answer and usually use mobile46 version as well. My collection is approximately the same as this dump:
https://github.com/ipwnosx/de4dot-All-Version-2021, meaning I have no secret de4dot. There are other good deobf tools like SAE which are also growing stale over time.. |
Quote:
After writing this post, I have continued searching. Unfortunately, there is nobody who keeps developing de4dot (like in dnSpyex). Nevertheless we have modified versions. At least they are open source. @zen, what do you mean by SAE? Do you mean, "Simple Assembly Explorer"? If it is, it is not a deobfuscator, am I wrong? |
Yeah, SAE was quite cool tool for it's age... back 7..8+ years ago
but it is still usable https://github.com/wickyhu/simple-assembly-explorer the only tool that could show decompilation output from more then one engine... theoretically extendable |
@Yeah you are right, but I use dnSpy and Reflector+Reflexil; mostly.
|
dnSpy is super cool except it uses very old ILSpy decompiler engine under the hood (IL3 or IL4)
right now IL8 is available and it is a huge change comparing to what is used in old good dnSpy... :( BTW, Reflexil is available as plugin for ILSpy as well, not just for .NET Reflector |
All times are GMT +8. The time now is 16:53. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX