[C#]de4dot常用命令

命令：de4dot.exe "D:\xxx.exe"
解释：运行后文件在程序集的目录下生成一个带-cleaned的新程序集。
命令：de4dot.exe file1 -f "D:\xxx.exe" -o "D:\output\xxx_cleaned.exe"
解释：-f : 指定.NET 程序集文件，-o : 指定输出 文件
命令：de4dot -r "D:\input" -ru -ro "D:\output"
解释：反混淆整个文件夹其中-r  xxx : 指定输入文件夹，包括子文件夹，-ru : 跳过不支持的混淆工具混淆过的文件，-ro : 指定输出文件夹
命令：de4dot.exe -f "D:\a\xxx.exe" -d
解释：检测混淆工具名称
命令：de4dot file1.dll -p sa
解释：指定混淆工具名称，de4dot可能检测不准确混淆工具的名称，可以通过 -p 参数指定

更多命令：

de4dot <options> <file options>
Options:-r DIR           Scan for .NET files in all subdirs-ro DIR          Output base dir for recursively found files-ru              Skip recursively found files with unsupported obfuscator-d               Detect obfuscators and exit--asm-path PATH  Add an assembly search path--dont-rename    Don't rename classes, methods, etc.--keep-names FLAGSDon't rename n(amespaces), t(ypes), p(rops), e(vents), f(ields), m(ethods), a(rgs), g(enericparams), d(elegate fields). Can be combined, eg. efm--dont-create-paramsDon't create method params when renaming--dont-restore-propsDon't restore properties/events--default-strtyp TYPEDefault string decrypter type--default-strtok METHODDefault string decrypter method token or [type::][name][(args,...)]--no-cflow-deob  No control flow deobfuscation (NOT recommended)--only-cflow-deobOnly control flow deobfuscation--load-new-processLoad executed assemblies into a new process--keep-types     Keep obfuscator types, fields, methods--preserve-tokensPreserve important tokens, #US, #Blob, extra sig data--preserve-table FLAGSPreserve rids in table: tr (TypeRef), td (TypeDef), fd (Field), md (Method), pd (Param), mr (MemberRef), s (StandAloneSig), ed (Event), pr (Property), ts (TypeSpec), ms (MethodSpec), all (all previous tables). Use - to disable (eg. all,-pd). Can be combined: ed,fd,md--preserve-all   Preserve all tokens--preserve-stringsPreserve #Strings heap offsets--preserve-us    Preserve #US heap offsets--preserve-blob  Preserve #Blob heap offsets--preserve-sig-dataPreserve extra data at the end of signatures--one-file       Deobfuscate one file at a time-v               Verbose-vv              Very verbose-h               Show this help message--help           Same as -hFile options:-f FILE          Name of .NET file-o FILE          Name of output file-p TYPE          Obfuscator type (see below)--strtyp TYPE    String decrypter type--strtok METHOD  String decrypter method token or [type::][name][(args,...)]Deobfuscator options:
Type un (Unknown)--un-name REGEX  Valid name regex pattern (^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$)Type dr4 (.NET Reactor)--dr4-name REGEX Valid name regex pattern (^[\u2E80-\u9FFFa-zA-Z_<{$][\u2E80-\u9FFFa-zA-Z_0-9<>{}$.`-]*$)--dr4-methods BOOLDecrypt methods (True)--dr4-bools BOOL Decrypt booleans (True)--dr4-types BOOL Restore types (object -> real type) (True)--dr4-inline BOOLInline short methods (True)--dr4-remove-inlined BOOLRemove inlined methods (True)--dr4-embedded BOOLDump embedded assemblies (True)--dr4-rsrc BOOL  Decrypt resources (True)--dr4-ns1 BOOL   Clear namespace if there's only one class in it (True)--dr4-sn BOOL    Remove anti strong name code (True)--dr4-sname BOOL Rename short names (False)String decrypter typesnone             Don't decrypt stringsdefault          Use default string decrypter type (usually static)static           Use static string decrypter if availabledelegate         Use a delegate to call the real string decrypteremulate          Call real string decrypter and emulate certain instructionsMultiple regexes can be used if separated by '&'.
Use '!' if you want to invert the regex. Example: !^[a-z\d]{1,2}$&!^[A-Z]_\d+$&^[\w.]+$Examples:
de4dot -r c:\my\files -ro c:\my\output
de4dot file1 file2 file3
de4dot file1 -f file2 -o file2.out -f file3 -o file3.out
de4dot file1 --strtyp delegate --strtok 06000123