Documentation website

docs/.gitignore

@@ -0,0 +1,5 @@
+_site
+.sass-cache
+.jekyll-cache
+.jekyll-metadata
+vendor

docs/01_quickstart.markdown

@@ -0,0 +1,59 @@
+---
+layout: page
+title: Quick Start
+order: 1
+permalink: /quickstart/
+
+---
+
+## Quick Start
+
+# Requirements :
+The software runs in Windows > 10 environment with x86_64 architecture 
+
+# Installation
+- Download the archive release_1.0_x64.zip from the release section and extract it anywhere in your environment.
+
+# Usage
+- Create a directory called `executables` and add your sample and its dependencies to it. 
+- Run the following command from the release folder:
+```shell
+> dist/x64/fjp.exe [OPTIONS] -f <input_file_path> -o <output_file_path>
+```
+
+# Options
+The list of options and the information regarding their usage can be obtained via the `--help` option :
+```txt
+> dist/x64/fjp.exe --help
+
+______      _      _            ___  _  _                  ______             _
+|  ___|    (_)    | |          |_  |(_)| |                 | ___ \           | |
+| |_  _ __  _   __| |  __ _      | | _ | |_   _   _  _ __  | |_/ /__ _   ___ | | __ ___  _ __
+|  _|| '__|| | / _` | / _` |     | || || __| | | | || '_ \ |  __// _` | / __|| |/ // _ \| '__|
+| |  | |   | || (_| || (_| | /\__/ /| || |_  | |_| || | | || |  | (_| || (__ |   <|  __/| |
+\_|  |_|   |_| \__,_| \__,_| \____/ |_| \__|  \__,_||_| |_|\_|   \__,_| \___||_|\_\___||_|
+ 
+ 
+ 
+usage: fjp [-h] -f EXECUTABLE [-t TIMEOUT] [-o OUTPUT] [-r] [-sr SCANNING_RANGE] [-s COMPILE_FUNCTION] [-l]
+ 
+Tool to recover the original IL code of running methods from a packed .NET
+assembly.
+ 
+optional arguments:
+  -h, --help            show this help message and exit
+  -f EXECUTABLE, --file EXECUTABLE
+                        Path of the sample
+  -t TIMEOUT, --timeout TIMEOUT
+                        Execution timeout
+  -o OUTPUT, --output OUTPUT
+                        Output file path
+  -r, --resolve_token   Recover encrypted tokens
+  -sr SCANNING_RANGE, --scanning_range SCANNING_RANGE
+                        Number of assembly instructions to scan to find hook address (0
+                        - 15).
+  -s COMPILE_FUNCTION, --compile_function COMPILE_FUNCTION
+                        Either compileMethod, jitNativeCode or
+                        compCompileHelper for now
+```
+

docs/02_description.markdown

@@ -0,0 +1,23 @@
+---
+layout: page
+title: Description
+permalink: /description/
+order: 2
+redirect_from:
+  - /
+---
+
+## Frida-Jit-unPacker
+
+# General Description
+The Frida-Jit-unPacker aims at helping researchers and analysts understand the behavior of malicious .NET packed samples in order to provide a mitigation. 
+This tool uses the [Frida instrumentation toolkit](https://frida.re/) to inject scripts into [the CLR](https://en.wikipedia.org/wiki/Common_Language_Runtime) and manipulate the behavior of the .NET executable to retrieve the original code.
+More precisely, this tool intercepts the communication between the CLR components in order retrieve the original IL code of a packed assembly.
+
+If you liked this software, please, add a GitHub star ⭐️, thank you !
+
+# Assumption
+We assume here that the packer saves encrypted the orginal IL code of the application and overwrites the method information in the assembly. Then, whenever compilation of a specific method occurs, the packer intercepts the relevant APIs (CompileMethod, ResolveToken ...) in order to provide the original information, just in time, and replaces the fake data.
+
+# Principle
+The unpacker uses Frida to place hooks to intercept the same components of the CLR (Method compilation, Token resolution, ...) but at a lower level than the packer. Moreover, it uses a stealthy approach by placing hooks not at the start or end of functions for example, but uses a smart hooking strategy to evade potential detection by the packer. 

docs/03_contribution.markdown

@@ -0,0 +1,18 @@
+---
+layout: page
+title: Contributions
+permalink: /contribution/
+order: 3
+
+---
+## Contribution Guidelines
+We welcome and encourage contributions to Frida-Jit-unPacker from anyone interested in improving our project. Here are some ways you can contribute:
+
+# Reporting bugs: 
+If you find a bug in the software, please check our GitHub Issues to see if it has already been reported. If not, you can open a new issue with a detailed description of the bug, steps to reproduce it, and any relevant logs or screenshots.
+
+# Feature requests: 
+If you have ideas for new features or improvements, please use GitHub Discussions to share them with the community. This allows us to collaborate on the idea and assess its feasibility.
+
+# Documentation: 
+If you see an area that needs improvement or have suggestions for new content, please let us know or contribute directly by editing the documentation.

docs/04_about.markdown

@@ -0,0 +1,13 @@
+---
+layout: page
+title: About
+permalink: /about/
+order: 4
+---
+
+Frida-Jit-unPacker is a Freeware developed by Imperva.
+
+You can find more about Imperva :
+
+[Imperva](https://imperva.com/)
+[Imperva-Github](https://github.com/imperva/)

docs/404.html

@@ -0,0 +1,25 @@
+---
+permalink: /404.html
+layout: default
+---
+
+<style type="text/css" media="screen">
+  .container {
+    margin: 10px auto;
+    max-width: 600px;
+    text-align: center;
+  }
+  h1 {
+    margin: 30px 0;
+    font-size: 4em;
+    line-height: 1;
+    letter-spacing: -1px;
+  }
+</style>
+
+<div class="container">
+  <h1>404</h1>
+
+  <p><strong>Page not found :(</strong></p>
+  <p>The requested page could not be found.</p>
+</div>

docs/Gemfile

@@ -0,0 +1,38 @@
+source "https://rubygems.org"
+# Hello! This is where you manage which Jekyll version is used to run.
+# When you want to use a different version, change it below, save the
+# file and run `bundle install`. Run Jekyll with `bundle exec`, like so:
+#
+#     bundle exec jekyll serve
+#
+# This will help ensure the proper Jekyll version is running.
+# Happy Jekylling!
+#gem "jekyll", "~> 4.3.3"
+# This is the default theme for new Jekyll sites. You may change this to anything you like.
+gem "minima", "~> 2.5"
+gem 'webrick', '~> 1.7'
+
+# If you want to use GitHub Pages, remove the "gem "jekyll"" above and
+# uncomment the line below. To upgrade, run `bundle update github-pages`.
+
+gem "github-pages", "~> 231", group: :jekyll_plugins
+# If you have any plugins, put them here!
+group :jekyll_plugins do
+  gem "jekyll-feed", "~> 0.12"
+end
+
+# Windows and JRuby does not include zoneinfo files, so bundle the tzinfo-data gem
+# and associated library.
+platforms :mingw, :x64_mingw, :mswin, :jruby do
+  gem "tzinfo", ">= 1", "< 3"
+  gem "tzinfo-data"
+end
+
+# Performance-booster for watching directories on Windows
+gem "wdm", "~> 0.1.1", :platforms => [:mingw, :x64_mingw, :mswin]
+
+# Lock `http_parser.rb` gem to `v0.6.x` on JRuby builds since newer versions of the gem
+# do not have a Java counterpart.
+gem "http_parser.rb", "~> 0.6.0", :platforms => [:jruby]
+
+gem 'jekyll-redirect-from'