If you open up an executable and realize it's .net
then you try using ilspy or dnspy but it's simply not readable, tons of unicode and other things
give de4dot a try
https://github.com/Robert-McGinley/de4dot-Installer
it's as sample as running the command
de4dot.exe Obfuscated.exe
and it will create a new cleaner file called
Obfuscated-cleaned.exe
then re-open that cleaned file in ilspy or dnspy and hopefully it'll be more readable
Showing posts with label deobfuscation. Show all posts
Showing posts with label deobfuscation. Show all posts
Friday, November 2, 2018
Subscribe to:
Posts (Atom)