Thread: DeSmart - Deobfuscator
View Single Post
  #13  
Old 02-21-2009, 12:28 PM
high6 high6 is offline
Member
  
Join Date: Sep 2008
Posts: 14
Default
Quote:
Originally Posted by rongchaua View Post
- Some strings still encrypted after deobfuscating. I don't know why .
In case you missed it in the other thread.

Quote:
Originally Posted by high6
Also would be cool if you made it options in desmart. So that you can choose the decrypt string and/or anti control flow and/or renaming.

Also something I added to my code.

Code:
Instruction GetNext(Instruction ins)
        {
            ins = ins.Next;
            while (ins != null && (ins.OpCode == OpCodes.Br || ins.OpCode == OpCodes.Br_S))
            {
                ins = ins.Operand as Instruction;
            }
            return ins;
        }
Because control flow obfuscation is applied after string encryption so sometimes you get.

ldc 435
br somewhere
call stringdecrypt
Reply With Quote