[C#]de4dot常用命令

复制代码
命令:de4dot.exe "D:\xxx.exe"
解释:运行后文件在程序集的目录下生成一个带-cleaned的新程序集。
命令:de4dot.exe file1 -f "D:\xxx.exe" -o "D:\output\xxx_cleaned.exe"
解释:-f : 指定.NET 程序集文件,-o : 指定输出 文件
命令:de4dot -r "D:\input" -ru -ro "D:\output"
解释:反混淆整个文件夹其中-r  xxx : 指定输入文件夹,包括子文件夹,-ru : 跳过不支持的混淆工具混淆过的文件,-ro : 指定输出文件夹
命令:de4dot.exe -f "D:\a\xxx.exe" -d
解释:检测混淆工具名称
命令:de4dot file1.dll -p sa
解释:指定混淆工具名称,de4dot可能检测不准确混淆工具的名称,可以通过 -p 参数指定

更多命令:

de4dot <options> <file options>
Options:
  -r DIR           Scan for .NET files in all subdirs
  -ro DIR          Output base dir for recursively found files
  -ru              Skip recursively found files with unsupported obfuscator
  -d               Detect obfuscators and exit
  --asm-path PATH  Add an assembly search path
  --dont-rename    Don't rename classes, methods, etc.
  --keep-names FLAGS
                   Don't rename n(amespaces), t(ypes), p(rops), e(vents), f(ields), m(ethods), a(rgs), g(enericparams), d(elegate fields). Can be combined, eg. efm
  --dont-create-params
                   Don't create method params when renaming
  --dont-restore-props
                   Don't restore properties/events
  --default-strtyp TYPE
                   Default string decrypter type
  --default-strtok METHOD
                   Default string decrypter method token or [type::][name][(args,...)]
  --no-cflow-deob  No control flow deobfuscation (NOT recommended)
  --only-cflow-deob
                   Only control flow deobfuscation
  --load-new-process
                   Load executed assemblies into a new process
  --keep-types     Keep obfuscator types, fields, methods
  --preserve-tokens
                   Preserve important tokens, #US, #Blob, extra sig data
  --preserve-table FLAGS
                   Preserve rids in table: tr (TypeRef), td (TypeDef), fd (Field), md (Method), pd (Param), mr (MemberRef), s (StandAloneSig), ed (Event), pr (Property), ts (TypeSpec), ms (MethodSpec), all (all previous tables). Use - to disable (eg. all,-pd). Can be combined: ed,fd,md
  --preserve-all   Preserve all tokens
  --preserve-strings
                   Preserve #Strings heap offsets
  --preserve-us    Preserve #US heap offsets
  --preserve-blob  Preserve #Blob heap offsets
  --preserve-sig-data
                   Preserve extra data at the end of signatures
  --one-file       Deobfuscate one file at a time
  -v               Verbose
  -vv              Very verbose
  -h               Show this help message
  --help           Same as -h

File options:
  -f FILE          Name of .NET file
  -o FILE          Name of output file
  -p TYPE          Obfuscator type (see below)
  --strtyp TYPE    String decrypter type
  --strtok METHOD  String decrypter method token or [type::][name][(args,...)]

Deobfuscator options:
Type un (Unknown)
  --un-name REGEX  Valid name regex pattern (^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$)

Type dr4 (.NET Reactor)
  --dr4-name REGEX Valid name regex pattern (^[\u2E80-\u9FFFa-zA-Z_<{$][\u2E80-\u9FFFa-zA-Z_0-9<>{}$.`-]*$)
  --dr4-methods BOOL
                   Decrypt methods (True)
  --dr4-bools BOOL Decrypt booleans (True)
  --dr4-types BOOL Restore types (object -> real type) (True)
  --dr4-inline BOOL
                   Inline short methods (True)
  --dr4-remove-inlined BOOL
                   Remove inlined methods (True)
  --dr4-embedded BOOL
                   Dump embedded assemblies (True)
  --dr4-rsrc BOOL  Decrypt resources (True)
  --dr4-ns1 BOOL   Clear namespace if there's only one class in it (True)
  --dr4-sn BOOL    Remove anti strong name code (True)
  --dr4-sname BOOL Rename short names (False)

String decrypter types
  none             Don't decrypt strings
  default          Use default string decrypter type (usually static)
  static           Use static string decrypter if available
  delegate         Use a delegate to call the real string decrypter
  emulate          Call real string decrypter and emulate certain instructions

Multiple regexes can be used if separated by '&'.
Use '!' if you want to invert the regex. Example: !^[a-z\d]{1,2}$&!^[A-Z]_\d+$&^[\w.]+$

Examples:
de4dot -r c:\my\files -ro c:\my\output
de4dot file1 file2 file3
de4dot file1 -f file2 -o file2.out -f file3 -o file3.out
de4dot file1 --strtyp delegate --strtok 06000123
相关推荐
路在脚下@1 小时前
spring boot的配置文件属性注入到类的静态属性
java·spring boot·sql
森屿Serien1 小时前
Spring Boot常用注解
java·spring boot·后端
轻口味1 小时前
命名空间与模块化概述
开发语言·前端·javascript
前端小小王2 小时前
React Hooks
前端·javascript·react.js
苹果醋32 小时前
React源码02 - 基础知识 React API 一览
java·运维·spring boot·mysql·nginx
迷途小码农零零发2 小时前
react中使用ResizeObserver来观察元素的size变化
前端·javascript·react.js
Hello.Reader2 小时前
深入解析 Apache APISIX
java·apache
娃哈哈哈哈呀2 小时前
vue中的css深度选择器v-deep 配合!important
前端·css·vue.js
Java Fans2 小时前
C# 中串口读取问题及解决方案
开发语言·c#