命令：de4dot.exe "D:\xxx.exe" 解释：运行后文件在程序集的目录下生成一个带-cleaned的新程序集。 命令：de4dot.exe file1 -f "D:\xxx.exe" -o "D:\output\xxx_cleaned.exe" 解释：-f : 指定.NET 程序集文件，-o : 指定输出 文件 命令：de4dot -r "D:\input" -ru -ro "D:\output" 解释：反混淆整个文件夹其中-r  xxx : 指定输入文件夹，包括子文件夹，-ru : 跳过不支持的混淆工具混淆过的文件，-ro : 指定输出文件夹 命令：de4dot.exe -f "D:\a\xxx.exe" -d 解释：检测混淆工具名称 命令：de4dot file1.dll -p sa 解释：指定混淆工具名称，de4dot可能检测不准确混淆工具的名称，可以通过 -p 参数指定 

更多命令：

讯享网

讯享网de4dot <options> <file options> Options: -r DIR Scan for .NET files in all subdirs -ro DIR Output base dir for recursively found files -ru Skip recursively found files with unsupported obfuscator -d Detect obfuscators and exit --asm-path PATH Add an assembly search path --dont-rename Don't rename classes, methods, etc. --keep-names FLAGS Don't rename n(amespaces), t(ypes), p(rops), e(vents), f(ields), m(ethods), a(rgs), g(enericparams), d(elegate fields). Can be combined, eg. efm --dont-create-params Don't create method params when renaming --dont-restore-props Don't restore properties/events --default-strtyp TYPE Default string decrypter type --default-strtok METHOD Default string decrypter method token or [type::][name][(args,...)] --no-cflow-deob No control flow deobfuscation (NOT recommended) --only-cflow-deob Only control flow deobfuscation --load-new-process Load executed assemblies into a new process --keep-types Keep obfuscator types, fields, methods --preserve-tokens Preserve important tokens, #US, #Blob, extra sig data --preserve-table FLAGS Preserve rids in table: tr (TypeRef), td (TypeDef), fd (Field), md (Method), pd (Param), mr (MemberRef), s (StandAloneSig), ed (Event), pr (Property), ts (TypeSpec), ms (MethodSpec), all (all previous tables). Use - to disable (eg. all,-pd). Can be combined: ed,fd,md --preserve-all Preserve all tokens --preserve-strings Preserve #Strings heap offsets --preserve-us Preserve #US heap offsets --preserve-blob Preserve #Blob heap offsets --preserve-sig-data Preserve extra data at the end of signatures --one-file Deobfuscate one file at a time -v Verbose -vv Very verbose -h Show this help message --help Same as -h File options: -f FILE Name of .NET file -o FILE Name of output file -p TYPE Obfuscator type (see below) --strtyp TYPE String decrypter type --strtok METHOD String decrypter method token or [type::][name][(args,...)] Deobfuscator options: Type un (Unknown) --un-name REGEX Valid name regex pattern (^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$) Type dr4 (.NET Reactor) --dr4-name REGEX Valid name regex pattern (^[\u2E80-\u9FFFa-zA-Z_<{$][\u2E80-\u9FFFa-zA-Z_0-9<>{}$.`-]*$) --dr4-methods BOOL Decrypt methods (True) --dr4-bools BOOL Decrypt booleans (True) --dr4-types BOOL Restore types (object -> real type) (True) --dr4-inline BOOL Inline short methods (True) --dr4-remove-inlined BOOL Remove inlined methods (True) --dr4-embedded BOOL Dump embedded assemblies (True) --dr4-rsrc BOOL Decrypt resources (True) --dr4-ns1 BOOL Clear namespace if there's only one class in it (True) --dr4-sn BOOL Remove anti strong name code (True) --dr4-sname BOOL Rename short names (False) String decrypter types none Don't decrypt strings default Use default string decrypter type (usually static) static Use static string decrypter if available delegate Use a delegate to call the real string decrypter emulate Call real string decrypter and emulate certain instructions Multiple regexes can be used if separated by '&'. Use '!' if you want to invert the regex. Example: !^[a-z\d]{1,2}$&!^[A-Z]_\d+$&^[\w.]+$ Examples: de4dot -r c:\my\files -ro c:\my\output de4dot file1 file2 file3 de4dot file1 -f file2 -o file2.out -f file3 -o file3.out de4dot file1 --strtyp delegate --strtok 0