ConfuserEx-Unpacker-v2.0
隔壁大佬那搬运过来的,主要针对.net ConfuserEx的脱壳
Current Version: 2.0
Minimum .NET Framework Required: 4.6.1
!This tool only works for non-modded versions of ConfuserEx!
!This tool DOES NOT rename types and methods, use de4dot for that!
For Standard Users:
Drag and drop protected assembly onto 'ConfuserEx-Unpacker.exe' then use de4dot to fix up the names.
For Advanced Users:
Usage: ConfuserEx-Unpacker.exe {FilePath} {Options}
Optional Arguments:
--preserveMD Preserve all Metadata during saving.
--enableFrameworkRedirect Enables resolving dependencies from other frameworks.
--staticDeCompressor Use static compressor remover. (Use for malware and big files, No Invoke)
--staticConstants Use static constants decrypter. (No Invoke)
--staticResources Use static resource decrypter. (No Invoke)
--noOptimize Disables optimization when writing modules.
--cleanMutations Cleans Constant Mutations.
Changelog for 2.0 version:
- Reworked the Engine
- Anti De4dot Remover Added
- Anti Invoke Patcher Added
- Attribute Cleaner Added
- Anti Decompiler Remover Added
- Integrity Check Cleaner Added
- Mutation Cleaner Added
- Dynamic Resource Decrypter Added
- Support for more Control Flow predicates
- Support improved for Strong Reference Proxy
- Imporved Constant Decrypter
- Improved Cleanup of unused runtime code
- Instruction Emulator Improvements
- New Font in CLI
- Added ConfuserEx Version Detection
本帖最后由 xsp1989 于 2021-8-28 11:59 编辑
脱壳到最后出现这个,怎么处理?log里面几个关键字我加了空格和*,请忽略
Decrypted string "--sequence"
Decrypted string "-S"
Decrypted string "--sequence-counter"
Decrypted string "-a"
Decrypted string "--dst-addr"
Decrypted string "{0} -a {1} -S {2} -q {3} -d {4} -s {5}"
Decrypted string "tp2.transmitcountedpackets"
Decrypted string "{0} -a {1} -S {2} -q {3} -d {4} -s {5}"
Decrypted string "tp2.transmitcountedpackets"
[$] Decrypted 8954 strings
[$] Cleaned Control Flow on 249 Methods
Error:
无法加载文件或程序集“Ub*i*q*a, Version=2.4.311.0, Culture=neutral, PublicKeyToken=null”。此程序集是为其他处理器编译的。
在 System.Reflection.RuntimeAssembly.nLoadImage(Byte[] rawAssembly, Byte[] rawSymbolStore, Evidence evidence, StackCrawlMark& stackMark, Boolean fIntrospection, Boolean fSkipIntegrityCheck, SecurityContextSource securityContextSource)
在 System.Reflection.Assembly.Load(Byte[] rawAssembly)
在 Unpacker.Core.Deobfuscators.Resource.ResourceDeobfuscator.Deobfuscate(UnpackerContext context) 位置 D:\Documents\Visual Studio 2017\Projects\GitHub\ConfuserEx-Unpacker\Unpacker.Core\Deobfuscators\Resource\ResourceDeobfuscator.cs:行号 40
在 Unpacker.Core.UnpackerEngine.Run(UnpackerParameters parameters) 位置 D:\Documents\Visual Studio 2017\Projects\GitHub\ConfuserEx-Unpacker\Unpacker.Core\UnpackerEngine.cs:行号 38
[$] Cleaned AntiDebug
[$] Removed 1 Attributes
[$] Cleaning unused methods...
[$] Writing Module...
[$] Saving Module...
[$] File Written in D:\Program Files\U*bil o g ix\Ub*iq*ua*Pr*oto col Analyzer\U*b*iq*ua-Cleaned.exe Error:
未将对象引用设置到对象的实例。
在 Unpacker.Core.Utils.FindInstructionsNumber(MethodDef method, OpCode opCode, Object operand) 位置 D:\Documents\Visual Studio 2017\Projects\GitHub\ConfuserEx-Unpacker\Unpacker.Core\Helpers\Utils.cs:行号 33
在 Unpacker.Core.Deobfuscators.AntiDebugDeobfuscator.Deobfuscate(UnpackerContext context) 位置 D:\Documents\Visual Studio 2017\Projects\GitHub\ConfuserEx-Unpacker\Unpacker.Core\Deobfuscators\AntiDebugDeobfuscator.cs:行号 18
在 Unpacker.Core.UnpackerEngine.Run(UnpackerParameters parameters) 位置 D:\Documents\Visual Studio 2017\Projects\GitHub\ConfuserEx-Unpacker\Unpacker.Core\UnpackerEngine.cs:行号 38
我这也报错~!~!~ 太棒了很好搞 这个东西真是神器啊,支持一个先!!! 神器支持 感觉是好东西,就是不太会用,脱壳了感觉没有脱干净 谢谢你的分享 谢谢你的分享 是好东西,收藏了。感谢分享 谢谢你的分享,收藏了。{:1_893:} 感谢分享好的资源