{"id":27957763,"url":"https://github.com/holly-hacker/eazfixer","last_synced_at":"2025-05-07T18:14:31.210Z","repository":{"id":41540069,"uuid":"115822132","full_name":"holly-hacker/EazFixer","owner":"holly-hacker","description":"A deobfuscation tool for Eazfuscator.","archived":false,"fork":false,"pushed_at":"2023-06-20T18:39:57.000Z","size":76,"stargazers_count":388,"open_issues_count":6,"forks_count":129,"subscribers_count":30,"default_branch":"master","last_synced_at":"2025-05-07T18:14:25.569Z","etag":null,"topics":["deobfuscation","deobfuscator","eazfuscator"],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/holly-hacker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-12-30T20:32:26.000Z","updated_at":"2025-05-07T12:27:07.000Z","dependencies_parsed_at":"2022-08-10T02:43:07.484Z","dependency_job_id":null,"html_url":"https://github.com/holly-hacker/EazFixer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/holly-hacker%2FEazFixer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/holly-hacker%2FEazFixer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/holly-hacker%2FEazFixer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/holly-hacker%2FEazFixer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/holly-hacker","download_url":"https://codeload.github.com/holly-hacker/EazFixer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252931549,"owners_count":21827112,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["deobfuscation","deobfuscator","eazfuscator"],"created_at":"2025-05-07T18:14:30.567Z","updated_at":"2025-05-07T18:14:31.201Z","avatar_url":"https://github.com/holly-hacker.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# EazFixer [![Build status](https://ci.appveyor.com/api/projects/status/5i5m8d7qv97ywgmc?svg=true)](https://ci.appveyor.com/project/HoLLy-HaCKeR/eazfixer)\nA deobfuscation tool for Eazfuscator.\n\n## Downloading\nYou can download the latest master build at [AppVeyor](https://ci.appveyor.com/project/HoLLy-HaCKeR/eazfixer/build/artifacts). If there was no commit in the last 6 months, you will have to build it yourself. Please do not open issues asking for me to build it for you.\n\n## Description\nEazFixer is a deobfuscation tool for [Eazfuscator](https://www.gapotchenko.com/eazfuscator.net), a commercial .NET obfuscator. For a list of features, see the list below.\n\n### Implemented fixes:\n* String encryption\n* Resource encryption\n* Assembly embedding\n\n### Not implemented, may be added in the future:\n* Entrypoint obfuscation\n* Data virtualization\n\n### Out of scope:\n* Code virtualization (consider using [EazyDevirt](https://github.com/puff/EazyDevirt))\n* Symbol renaming (symbol names are either unrecoverable or encrypted. For symbol decryption in case of a known key, see [EazDecode](https://github.com/HoLLy-HaCKeR/EazDecode))\n* Automatic code optimization (not an anti-feature!)\n* Code control flow obfuscation (I didn't have any problems with my samples in dnSpy)\n* Assemblies merging (doesn't seem probable, especially with symbol renaming)\n* Control flow obfuscation (use de4dot)\n\n## Usage\nCall from the command line or drag and drop the file on and let it run or use the command line flag `--file`.\n\nIf your assembly is protected with control-flow obfuscation, run it through [de4dot](https://github.com/0xd4d/de4dot) with the\n`--only-cflow-deob` flag first.\n\n* --file path\n* --keep-types\n* --virt-fix\n\nThe flag `--file` is used for the input file.\nThe flag `--keep-types` is similar to the de4dot flag, Keeps obfuscator types and assemblies.\nThe flag `--virt-fix` keeps certain parts obfuscated to stay working with [virtualized](https://help.gapotchenko.com/eazfuscator.net/30/virtualization) assemblies.\n\nexample: `EazFixer.exe --file test.exe --keep-types`\n\n## Building\nClone the repository and use the latest version of Visual Studio (2019, at the time of writing).\n\n## Support\nEazFixer is (and will always be) targeted at the latest version of Eazfuscator. If your version is not supported, try a more universal \ndeobfuscator like [de4dot](https://github.com/0xd4d/de4dot). If your version is newer than what this tool supports, create an issue only \n**after** verifying with the latest version of Eazfuscator.\n\nAlso, I will not help you use this program. Consider it for advanced users only. If you do run into a problem and are sure it is a bug, \nfeel free to submit an issue but I cannot guarantee I will fix it.\n\n## Related projects\n- [EazDecode](https://github.com/HoLLy-HaCKeR/EazDecode), for decrypting encrypted symbol names in case of a known encryption key.\n- [eazdevirt](https://github.com/saneki/eazdevirt), a tool for devirtualizing older version of EazFuscator.\n- [eazdevirt fork](https://github.com/HoLLy-HaCKeR/eazdevirt), my abandoned fork of eazdevirt, may work slightly better on newer samples.\n\n## Credits\nThis tool uses the following (open source) software:\n* [dnlib](https://github.com/0xd4d/dnlib) by [0xd4d](https://github.com/0xd4d), licensed under the MIT license, for reading/writing assemblies.\n* [Harmony](https://github.com/pardeike/Harmony) by [Andreas Pardeike](https://github.com/pardeike), licensed under the MIT license, for patching the stacktrace which allows for reflection invocation to be used.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fholly-hacker%2Feazfixer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fholly-hacker%2Feazfixer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fholly-hacker%2Feazfixer/lists"}