dotscope 0.7.0

A high-performance, cross-platform framework for analyzing and reverse engineering .NET PE executables
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

//! JIEJIE.NET-specific SSA transformation passes.
//!
//! These passes reverse JIEJIE.NET's value-level obfuscations by replacing
//! obfuscated field loads and container accessor calls with their resolved
//! constant values. Each pass is created by its corresponding detection
//! technique in [`crate::deobfuscation::techniques::jiejienet`] via
//! [`Technique::create_pass`](crate::deobfuscation::techniques::Technique::create_pass).
//!
//! # Passes
//!
//! | Pass | Phase | Description |
//! |------|-------|-------------|
//! | [`TypeOfRestorationPass`] | Value | Restores `ldtoken` type references from RuntimeTypeHandleContainer accessor calls |
//! | [`ArrayInitRestorationPass`] | Value | Restores `ldtoken` field references from RuntimeFieldHandleContainer accessor calls |
//! | [`ResourceRestorationPass`] | Simplify | Redirects resource interception calls back to original BCL methods |

mod arrays;
mod resources;
mod typeofs;

pub use self::arrays::ArrayInitRestorationPass;
pub use self::resources::ResourceRestorationPass;
pub(crate) use self::resources::ResourceTarget;
pub use self::typeofs::TypeOfRestorationPass;