网站开发形式选择,直播功能开发,电信电信网站备案系统,sem搜索命令#xff1a;de4dot.exe D:\xxx.exe
解释#xff1a;运行后文件在程序集的目录下生成一个带-cleaned的新程序集。
命令#xff1a;de4dot.exe file1 -f D:\xxx.exe -o D:\output\xxx_cleaned.exe
解释#xff1a;-f : 指定.NET 程序…命令de4dot.exe D:\xxx.exe
解释运行后文件在程序集的目录下生成一个带-cleaned的新程序集。
命令de4dot.exe file1 -f D:\xxx.exe -o D:\output\xxx_cleaned.exe
解释-f : 指定.NET 程序集文件-o : 指定输出 文件
命令de4dot -r D:\input -ru -ro D:\output
解释反混淆整个文件夹其中-r xxx : 指定输入文件夹包括子文件夹-ru : 跳过不支持的混淆工具混淆过的文件-ro : 指定输出文件夹
命令de4dot.exe -f D:\a\xxx.exe -d
解释检测混淆工具名称
命令de4dot file1.dll -p sa
解释指定混淆工具名称de4dot可能检测不准确混淆工具的名称可以通过 -p 参数指定更多命令
de4dot options file options
Options:-r DIR Scan for .NET files in all subdirs-ro DIR Output base dir for recursively found files-ru Skip recursively found files with unsupported obfuscator-d Detect obfuscators and exit--asm-path PATH Add an assembly search path--dont-rename Dont rename classes, methods, etc.--keep-names FLAGSDont rename n(amespaces), t(ypes), p(rops), e(vents), f(ields), m(ethods), a(rgs), g(enericparams), d(elegate fields). Can be combined, eg. efm--dont-create-paramsDont create method params when renaming--dont-restore-propsDont restore properties/events--default-strtyp TYPEDefault string decrypter type--default-strtok METHODDefault string decrypter method token or [type::][name][(args,...)]--no-cflow-deob No control flow deobfuscation (NOT recommended)--only-cflow-deobOnly control flow deobfuscation--load-new-processLoad executed assemblies into a new process--keep-types Keep obfuscator types, fields, methods--preserve-tokensPreserve important tokens, #US, #Blob, extra sig data--preserve-table FLAGSPreserve rids in table: tr (TypeRef), td (TypeDef), fd (Field), md (Method), pd (Param), mr (MemberRef), s (StandAloneSig), ed (Event), pr (Property), ts (TypeSpec), ms (MethodSpec), all (all previous tables). Use - to disable (eg. all,-pd). Can be combined: ed,fd,md--preserve-all Preserve all tokens--preserve-stringsPreserve #Strings heap offsets--preserve-us Preserve #US heap offsets--preserve-blob Preserve #Blob heap offsets--preserve-sig-dataPreserve extra data at the end of signatures--one-file Deobfuscate one file at a time-v Verbose-vv Very verbose-h Show this help message--help Same as -hFile options:-f FILE Name of .NET file-o FILE Name of output file-p TYPE Obfuscator type (see below)--strtyp TYPE String decrypter type--strtok METHOD String decrypter method token or [type::][name][(args,...)]Deobfuscator options:
Type un (Unknown)--un-name REGEX Valid name regex pattern (^[a-zA-Z_{$][a-zA-Z_0-9{}$.-]*$)Type dr4 (.NET Reactor)--dr4-name REGEX Valid name regex pattern (^[\u2E80-\u9FFFa-zA-Z_{$][\u2E80-\u9FFFa-zA-Z_0-9{}$.-]*$)--dr4-methods BOOLDecrypt methods (True)--dr4-bools BOOL Decrypt booleans (True)--dr4-types BOOL Restore types (object - real type) (True)--dr4-inline BOOLInline short methods (True)--dr4-remove-inlined BOOLRemove inlined methods (True)--dr4-embedded BOOLDump embedded assemblies (True)--dr4-rsrc BOOL Decrypt resources (True)--dr4-ns1 BOOL Clear namespace if theres only one class in it (True)--dr4-sn BOOL Remove anti strong name code (True)--dr4-sname BOOL Rename short names (False)String decrypter typesnone Dont decrypt stringsdefault Use default string decrypter type (usually static)static Use static string decrypter if availabledelegate Use a delegate to call the real string decrypteremulate Call real string decrypter and emulate certain instructionsMultiple regexes can be used if separated by .
Use ! if you want to invert the regex. Example: !^[a-z\d]{1,2}$!^[A-Z]_\d$^[\w.]$Examples:
de4dot -r c:\my\files -ro c:\my\output
de4dot file1 file2 file3
de4dot file1 -f file2 -o file2.out -f file3 -o file3.out
de4dot file1 --strtyp delegate --strtok 06000123
