New version:
2.0.0
de4dot has moved from github to bitbucket. New site info:
Can a moderator/administrator update the first post with these links?
https://bitbucket.org/0xd4d/de4dot
https://bitbucket.org/0xd4d/de4dot/downloads
- Updated support for most obfuscators. The rest will be supported later.
- de4dot is now using dnlib instead of Mono.Cecil since Mono.Cecil can't handle obfuscated files
- Mixed mode (eg. C++/CLI) assemblies are now supported
- dnlib is much more stable so if you can execute an assembly, dnlib can load and save it
- Preserving the important metadata tokens is now possible 100% of the time. The old hack I used with Mono.Cecil worked most of the time, but only for the "def" tables.
- Junk at the end of #Blob signatures can now be saved (--preserve-sig-data)
- You can now disable renaming certain things. Eg., when deobfuscating Confuser protected assemblies, try --keep-names d (keep delegate field names, but rename everything else)
- --keep-types no longer preserves MD tokens.
- New command line options: --keep-names, --dont-create-params, --preserve-tokens, --preserve-table, --preserve-strings, --preserve-us, --preserve-blob, --preserve-sig-data
- The actual Win32 resources (not the whole .rsrc) section is copied to the output. Mono.Cecil copied the whole section.
- When decrypting methods dynamically, the target's CLR version and CPU architecture is loaded instead of always defaulting to latest CLR version.