[C#]de4dot常用命令

复制代码
命令:de4dot.exe "D:\xxx.exe"
解释:运行后文件在程序集的目录下生成一个带-cleaned的新程序集。
命令:de4dot.exe file1 -f "D:\xxx.exe" -o "D:\output\xxx_cleaned.exe"
解释:-f : 指定.NET 程序集文件,-o : 指定输出 文件
命令:de4dot -r "D:\input" -ru -ro "D:\output"
解释:反混淆整个文件夹其中-r  xxx : 指定输入文件夹,包括子文件夹,-ru : 跳过不支持的混淆工具混淆过的文件,-ro : 指定输出文件夹
命令:de4dot.exe -f "D:\a\xxx.exe" -d
解释:检测混淆工具名称
命令:de4dot file1.dll -p sa
解释:指定混淆工具名称,de4dot可能检测不准确混淆工具的名称,可以通过 -p 参数指定

更多命令:

复制代码
de4dot <options> <file options>
Options:
  -r DIR           Scan for .NET files in all subdirs
  -ro DIR          Output base dir for recursively found files
  -ru              Skip recursively found files with unsupported obfuscator
  -d               Detect obfuscators and exit
  --asm-path PATH  Add an assembly search path
  --dont-rename    Don't rename classes, methods, etc.
  --keep-names FLAGS
                   Don't rename n(amespaces), t(ypes), p(rops), e(vents), f(ields), m(ethods), a(rgs), g(enericparams), d(elegate fields). Can be combined, eg. efm
  --dont-create-params
                   Don't create method params when renaming
  --dont-restore-props
                   Don't restore properties/events
  --default-strtyp TYPE
                   Default string decrypter type
  --default-strtok METHOD
                   Default string decrypter method token or [type::][name][(args,...)]
  --no-cflow-deob  No control flow deobfuscation (NOT recommended)
  --only-cflow-deob
                   Only control flow deobfuscation
  --load-new-process
                   Load executed assemblies into a new process
  --keep-types     Keep obfuscator types, fields, methods
  --preserve-tokens
                   Preserve important tokens, #US, #Blob, extra sig data
  --preserve-table FLAGS
                   Preserve rids in table: tr (TypeRef), td (TypeDef), fd (Field), md (Method), pd (Param), mr (MemberRef), s (StandAloneSig), ed (Event), pr (Property), ts (TypeSpec), ms (MethodSpec), all (all previous tables). Use - to disable (eg. all,-pd). Can be combined: ed,fd,md
  --preserve-all   Preserve all tokens
  --preserve-strings
                   Preserve #Strings heap offsets
  --preserve-us    Preserve #US heap offsets
  --preserve-blob  Preserve #Blob heap offsets
  --preserve-sig-data
                   Preserve extra data at the end of signatures
  --one-file       Deobfuscate one file at a time
  -v               Verbose
  -vv              Very verbose
  -h               Show this help message
  --help           Same as -h

File options:
  -f FILE          Name of .NET file
  -o FILE          Name of output file
  -p TYPE          Obfuscator type (see below)
  --strtyp TYPE    String decrypter type
  --strtok METHOD  String decrypter method token or [type::][name][(args,...)]

Deobfuscator options:
Type un (Unknown)
  --un-name REGEX  Valid name regex pattern (^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$)

Type dr4 (.NET Reactor)
  --dr4-name REGEX Valid name regex pattern (^[\u2E80-\u9FFFa-zA-Z_<{$][\u2E80-\u9FFFa-zA-Z_0-9<>{}$.`-]*$)
  --dr4-methods BOOL
                   Decrypt methods (True)
  --dr4-bools BOOL Decrypt booleans (True)
  --dr4-types BOOL Restore types (object -> real type) (True)
  --dr4-inline BOOL
                   Inline short methods (True)
  --dr4-remove-inlined BOOL
                   Remove inlined methods (True)
  --dr4-embedded BOOL
                   Dump embedded assemblies (True)
  --dr4-rsrc BOOL  Decrypt resources (True)
  --dr4-ns1 BOOL   Clear namespace if there's only one class in it (True)
  --dr4-sn BOOL    Remove anti strong name code (True)
  --dr4-sname BOOL Rename short names (False)

String decrypter types
  none             Don't decrypt strings
  default          Use default string decrypter type (usually static)
  static           Use static string decrypter if available
  delegate         Use a delegate to call the real string decrypter
  emulate          Call real string decrypter and emulate certain instructions

Multiple regexes can be used if separated by '&'.
Use '!' if you want to invert the regex. Example: !^[a-z\d]{1,2}$&!^[A-Z]_\d+$&^[\w.]+$

Examples:
de4dot -r c:\my\files -ro c:\my\output
de4dot file1 file2 file3
de4dot file1 -f file2 -o file2.out -f file3 -o file3.out
de4dot file1 --strtyp delegate --strtok 06000123
相关推荐
mghio27 分钟前
Dubbo 中的集群容错
java·微服务·dubbo
范文杰2 小时前
AI 时代如何更高效开发前端组件?21st.dev 给了一种答案
前端·ai编程
拉不动的猪2 小时前
刷刷题50(常见的js数据通信与渲染问题)
前端·javascript·面试
拉不动的猪3 小时前
JS多线程Webworks中的几种实战场景演示
前端·javascript·面试
FreeCultureBoy3 小时前
macOS 命令行 原生挂载 webdav 方法
前端
uhakadotcom4 小时前
Astro 框架:快速构建内容驱动型网站的利器
前端·javascript·面试
uhakadotcom4 小时前
了解Nest.js和Next.js:如何选择合适的框架
前端·javascript·面试
uhakadotcom4 小时前
React与Next.js:基础知识及应用场景
前端·面试·github
uhakadotcom4 小时前
Remix 框架:性能与易用性的完美结合
前端·javascript·面试