[C#] 纯文本查看 复制代码
de4dot v2.0.3.3405 Copyright (C) 2011-2013 [email]de4dot@gmail.com[/email]
Latest version and source code: https://bitbucket.org/0xd4d/de4dot
Some of the advanced options may be incompatible, causing a nice exception.
With great power comes great responsibility.
de4dot.exe <options> <file options>
Options:
-r DIR Scan for .NET files in all subdirs//扫描NET中所有子目录的文件
-ro DIR Output base dir for recursively found files//输出基地递归找到的文件目录
-ru Skip recursively found files with unsupported obfuscator//跳过递归找到的文件,不支持的混淆
-d Detect obfuscators and exit//检测混淆器并退出
--asm-path PATH Add an assembly search path//路径添加程序集搜索路径
--dont-rename Don't rename classes, methods, etc.//不要重命名类,方法等
--keep-names FLAGS//标志
Don't rename n(amespaces), t(ypes), p(rops), e(vents), f(ield
s), m(ethods), a(rgs), g(enericparams), d(elegate fields). Can be combined, eg.
efm
--dont-create-params//重命名时不要创建方法PARAMS
Don't create method params when renaming
--dont-restore-props//不恢复属性/事件
Don't restore properties/events
--default-strtyp TYPE//默认字符串Decrypter的类型
Default string decrypter type
--default-strtok METHOD//默认字符串Decrypter的方法令牌或[类型:: ] [名称] [ (参数
,...) ]
Default string decrypter method token or [type::][name][(args
,...)]
--no-cflow-deob No control flow deobfuscation (NOT recommended)//控制流反混淆(不推荐)
--load-new-process//执行程序集加载到一个新的进程
Load executed assemblies into a new process
--keep-types Keep obfuscator types, fields, methods//保留混淆类型,字段,方法
--preserve-tokens//保留重要令牌, #US#BLOB ,额外的信号数据
Preserve important tokens, #US, #Blob, extra sig data
--preserve-table FLAGS//表中保留肋: TR ( TypeRef ) , TD ( TypeDef的) ,FD (场
), MD (方法) , PD (PARAM) , MR ( MemberRef ) , ( StandAloneSig ) , ED (事件) , PR (P
roperty ) , TS (类型实现) ,MS (方法实现) , (以前所有的表) 。使用 - 二
紫貂(如所有, PD ) 。可以结合:ED ,FD ,MD
Preserve rids in table: tr (TypeRef), td (TypeDef), fd (Field
), md (Method), pd (Param), mr (MemberRef), s (StandAloneSig), ed (Event), pr (P
roperty), ts (TypeSpec), ms (MethodSpec), all (all previous tables). Use - to di
sable (eg. all,-pd). Can be combined: ed,fd,md
--preserve-strings//保留字符串堆偏移
Preserve #Strings heap offsets
--preserve-us Preserve #US heap offsets//保留#us的堆偏移
--preserve-blob Preserve #Blob heap offsets//保留# BLOB堆偏移
--preserve-sig-data//结束时保留额外的数据签名
Preserve extra data at the end of signatures
--one-file Deobfuscate one file at a time//反混淆一个文件的时间
-v Verbose//详细
-vv Very verbose//非常详细
-h Show this help message//显示帮助信息
--help Same as -h//同为-h
File options:
-f FILE Name of .NET file //NET文件名
-o FILE Name of output file//输出文件的名称
-p TYPE Obfuscator type (see below)//混淆类型(见下文)
--strtyp TYPE String decrypter type//字符串Decrypter的类型
--strtok METHOD //字符串Decrypter的方法令牌或[类型: ] [名称] [(参数) ]String decrypter method token or [type::][name][(args,...)]
Deobfuscator options://反混淆选项:
Type un (Unknown)//联合国名正则表达式有效名正则表达式(^ [ A - ZA -Z_ <{ $] [ - ZA- Z_0- 9 <> {} $ ` - ] * $
--un-name REGEX Valid name regex pattern (^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$
)
Type an (Agile.NET)
--an-name REGEX //有效名正则表达式([ A- ZA- Z_0- 9> } $ ] $ )Valid name regex pattern ([a-zA-Z_0-9>}$]$)
--an-methods BOOL
Decrypt methods (True)//解密方法(真)
--an-rsrc BOOL Decrypt resources (True)//解密资源(真)
--an-stack BOOL Remove all StackFrameHelper code (True)//删除所有的StackFrameHelper代码(真)
--an-vm BOOL Restore VM code (True)//还原虚拟机代码(真)
--an-initlocals BOOL
Set initlocals in method header (True)//将initlocals设置方法头(真)
Type bl (Babel .NET)
--bl-name REGEX Valid name regex pattern (^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$
)//有效名正则表达式(^ [ A - ZA - Z_ < {$ ] [ - ZA- Z_0- 9 <> { } $ ` - ] * $
--bl-inline BOOL Inline short methods (True)//直列短方法(真)
--bl-remove-inlined BOOL
Remove inlined methods (True)//删除内联方法(真)
--bl-methods BOOL
Decrypt methods (True)//解密方法(真)
--bl-rsrc BOOL Decrypt resources (True)//解密资源(真)
--bl-consts BOOL Decrypt constants and arrays (True)//解密常量和数组(真)
--bl-embedded BOOL
Dump embedded assemblies (True)//转储嵌入式组件(真)
Type cf (CodeFort)
//有效名称正则表达式( ^ [ -ZA -Z ] {1,3} $& ^ _ <> { } $ ` - ] $ &^ [
- ZA- Z_ < {$ ] [ - ZA- Z_0- 9 <> {} $ ` - ] * $ )
--cf-name REGEX Valid name regex pattern (!^[a-zA-Z]{1,3}$&!^[_<>{}$.`-]$&^[a
-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$)
--cf-embedded BOOL
Dump embedded assemblies (True)//转储嵌入式组件(真)
Type cv (CodeVeil)
--cv-name REGEX Valid name regex pattern (!^[A-Za-z]{1,2}$&^[a-zA-Z_<{$][a-zA
-Z_0-9<>{}$.`-]*$)//有效的名字正则表达式模式( ! ^ [ A -杂-Z ] { 1,2 } $ &^ [ -ZA -Z_ <{$ ] [ -ZA
- Z_0 - 9 <> {} $ ` - ] * $ )
Type cw (CodeWall)
--cw-name REGEX Valid name regex pattern (!^[0-9A-F]{32}$&!^[_<>{}$.`-]$&^[a-
zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$)//有效名称正则表达式( ^ [ 0-9A -F] {32 } $& ^ _ <> {} $ ` - ] $ &^ [ A-
ZA- Z_ < { $] [ - ZA- Z_0- 9 <> {} $ ` - ] * $ )
--cw-embedded BOOL
Dump embedded assemblies (True)//转储嵌入式组件(真)
--cw-decrypt-main BOOL
Decrypt main embedded assembly (True)//解密主内嵌汇编(真)
Type co (Crypto Obfuscator)
--co-name REGEX Valid name regex pattern (!^(get_|set_|add_|remove_)?[A-Z]{1,
3}(?:`\d+)?$&!^(get_|set_|add_|remove_)?c[0-9a-f]{32}(?:`\d+)?$&^[a-zA-Z_<{$][a-
zA-Z_0-9<>{}$.`-]*$)
--co-tamper BOOL Remove tamper protection code (True)//删除篡改保护代码(真
--co-consts BOOL Decrypt constants (True)//解密常数(真)
Type ds (DeepSea)
--ds-name REGEX Valid name regex pattern (^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$
)
--ds-inline BOOL Inline short methods (True)//直列短方法(真)
--ds-remove-inlined BOOL
Remove inlined methods (True)//删除内联方法(真)
--ds-rsrc BOOL Decrypt resources (True)
--ds-embedded BOOL
Dump embedded assemblies (True)解密资源(真)
--ds-fields BOOL Restore fields (True)转储嵌入式组件(真)
--ds-keys BOOL Rename resource keys (True)//重命名资源键(真)
--ds-casts BOOL Deobfuscate casts (True)//反混淆铸件(真)
Type df (Dotfuscator)
--df-name REGEX Valid name regex pattern (!^[a-z][a-z0-9]{0,2}$&!^A_[0-9]+$&^
[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$)//有效名正则表达式(^ [ A - ZA -Z_ <{ $] [ - ZA- Z_0- 9 <> {} $ ` - ] * $
)
Type dr3 (.NET Reactor)
--dr3-name REGEX Valid name regex pattern (^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$
)
--dr3-types BOOL Restore types (object -> real type) (True)//还原类型(对象 - >实型) (真)
--dr3-inline BOOL
Inline short methods (True)//直列短的方法(真)
--dr3-remove-inlined BOOL
Remove inlined methods (True)//删除内联方法(真)
--dr3-ns1 BOOL Clear namespace if there's only one class in it (True)//清除命名空间,如果只有一类(真)
--dr3-sn BOOL Remove anti strong name code (True)//删除抗强名称代码(真)
Type dr4 (.NET Reactor)
--dr4-name REGEX Valid name regex pattern (^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$
)
--dr4-methods BOOL
Decrypt methods (True)//?解密方法(真)
--dr4-bools BOOL Decrypt booleans (True)//解密布尔值(真)
--dr4-types BOOL Restore types (object -> real type) (True)//还原类型(对象 - >实型) (真)
--dr4-inline BOOL
Inline short methods (True)//直列短的方法(真)
--dr4-remove-inlined BOOL
Remove inlined methods (True)//删除内联方法(真)
--dr4-embedded BOOL
Dump embedded assemblies (True)//转储嵌入式组件(真)
--dr4-rsrc BOOL Decrypt resources (True)//解密资源(真)
--dr4-ns1 BOOL Clear namespace if there's only one class in it (True)//清除命名空间,如果只有一类(真)
--dr4-sn BOOL Remove anti strong name code (True)//取出抗强名称代码(真)
Type ef (Eazfuscator.NET)
--ef-name REGEX Valid name regex pattern (!^#=&!^dje_.+_ejd$&^[a-zA-Z_<{$][a-
zA-Z_0-9<>{}$.`-]*$)
Type go (Goliath.NET)
--go-name REGEX Valid name regex pattern (!^[A-Za-z]{1,2}(?:`\d+)?$&^[a-zA-Z_
<{$][a-zA-Z_0-9<>{}$.`-]*$)
--go-inline BOOL Inline short methods (True)//直列短方法(真)
--go-remove-inlined BOOL
Remove inlined methods (True)//删除内联方法(真)
--go-locals BOOL Restore locals (True)//恢复当地人(真)
--go-ints BOOL Decrypt integers (True)//解密整数(真)
--go-arrays BOOL Decrypt arrays (True)//解密阵列(真)
--go-sn BOOL Remove anti strong name code (True)//删除抗强名称代码(真)
Type il (ILProtector)
--il-name REGEX Valid name regex pattern (^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$
)
Type mc (MaxtoCode)
--mc-name REGEX Valid name regex pattern (!^[oO01l]+$&^[a-zA-Z_<{$][a-zA-Z_0-
9<>{}$.`-]*$)
--mc-cp INT String code page (936)
Type mp (MPRESS)
--mp-name REGEX Valid name regex pattern (^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$
)
Type rm (Rummage)
--rm-name REGEX Valid name regex pattern (!.)
Type sk (Skater .NET)
--sk-name REGEX Valid name regex pattern (!`[^0-9]+&^[a-zA-Z_<{$][a-zA-Z_0-9<
>{}$.`-]*$)
Type sa (SmartAssembly)
--sa-name REGEX Valid name regex pattern (^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$
)
--sa-error BOOL Remove automated error reporting code (True)//删除自动错误报告码(真
--sa-tamper BOOL Remove tamper protection code (True)//删除篡改保护代码(真)
--sa-memory BOOL Remove memory manager code (True)//删除的内存管理代码(真)
Type sn (Spices.Net)
--sn-name REGEX Valid name regex pattern (!^[a-zA-Z0-9]{1,2}$&^[a-zA-Z_<{$][a
-zA-Z_0-9<>{}$.`-]*$)
--sn-inline BOOL Inline short methods (True)//直列短方法(真)
--sn-remove-inlined BOOL
Remove inlined methods (True)//内联方法(真)
--sn-ns1 BOOL Clear namespace if there's only one class in it (True)//清除命名空间,如果只有一类(真)
--sn-rsrc BOOL Restore resource names (True)//还原资源名称(真)
Type xc (Xenocode)
--xc-name REGEX Valid name regex pattern (!^[oO01l]{4,}$&!^(get_|set_|add_|re
move_|_)?[x_][a-f0-9]{16,}$&^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$)
String decrypter types
none Don't decrypt strings//不要解密字符串
default Use default string decrypter type (usually static)//默认使用默认字符串Decrypter的类型(通常是静态的)
static Use static string decrypter if available//静态使用静态字符串Decrypter的(如果可用)
delegate Use a delegate to call the real string decrypter//委托使用委托调用真正的字符串Decrypter的
emulate Call real string decrypter and emulate certain instructions//模拟认购真正的字符串Decrypter的效仿某些指令
Multiple regexes can be used if separated by '&'.
Use '!' if you want to invert the regex. Example: !^[a-z\d]{1,2}$&!^[A-Z]_\d+$&^
[\w.]+$
Examples:
de4dot.exe -r c:\my\files -ro c:\my\output
de4dot.exe file1 file2 file3
de4dot.exe file1 -f file2 -o file2.out -f file3 -o file3.out
de4dot.exe file1 --strtyp delegate --strtok 06000123
[复制链接]
发表于 2013-10-29 23:26
