本文介绍了一种通过CLR内部数据绕过任意反Dump的方法。目前全版本生效（.NET Framework 2.0~.NET 7.0），并且理论上后续版本也可以使用。

This article introduces a method for bypassing any anti-dumping techniques in CLR by utilizing internal data. This method is currently effective for all versions (.NET Framework from 2.0 to .NET 7.0), and theoretically can be used for future versions as well.

本文介绍了VMProtect在.NET程序集保护中的Mutation保护，以及如何使用控制流分析技术将它还原。

This article introduces the mutation protection of VMProtect in .NET assembly protection and how to restore it using control flow analysis techniques.

本文介绍了.NET下的JIT层加密点与脱壳技巧，包括IL代码，Token，异常处理子句，局部变量这四种加密，并给出了一份基础的脱壳机框架源码。文中的内容适用于.NET Framework全版本，.NET Core 1.0~3.1，.NET 5+也大致相同。文中的.NET若未作说明，均指代.NET Framework。

This article introduces techniques for encrypting and unpacking at the JIT layer in .NET, including IL code, Tokens, exception handling clauses, and local variables. It also provides a basic JIT unpacking framework source code. The content of this article is applicable to all versions of the .NET Framework, .NET Core 1.0-3.1, and .NET 5+. If not otherwise specified, “.NET” in this article refers to the “.NET Framework”.

在了解基本的控制流知识后，本文会继续基于此介绍一些还原控制流混淆的手段，并以ConfuserEx的控制流混淆为例写出一个还原它的脱壳机。

After understanding the basic knowledge of control flow, this article will continue to introduce some methods for deobfuscating control flow obfuscation, and provide an example of a deobfuscator for ConfuserEx’s control flow obfuscation.

对于一些复杂的混淆手段，还原它们需要控制流分析。本文介绍了基本的.NET控制流分析知识，了解这些足以还原大部分需要控制流分析的混淆。

For some complex obfuscation techniques, control flow analysis is necessary to restore them. This article introduces the basic knowledge of .NET control flow analysis. Understanding these is enough to restore most obfuscations that require control flow analysis.