@cxiao @still Unfortunately, there's not really a golden rule. Different obfuscators encrypt/decrypt CIL in different ways.

My go-to advice would be to always look at the module initializer (<Module>::.cctor) first. If that is readable in e.g., dnSpy but the remainder of the methods isn't, usually it means this cctor is trying to either A) decrypt all other methods or B) set up some kind of JIT hook to decrypt methods on-the-fly as methods are being JIT'ed.

Option A is the easiest to deal with: You can just step over the lines of this .cctor, and just dump the entire module using dnSpy/ExtremeDumper/WinDbg/x64dbg and then open it in your favourite decompiler (after potentially fixing some PE headers). Option B) is harder, you'll have to trigger the JIT for every method and hook into the JIT compiler itself to catch the compiled CIL code. There are JIT dumper tools out there that do this (e.g., https://github.com/Anonym0ose/JitDumper), but obfuscators like DNGuard make that hard to work out-of-the-box. I usually just look at the generated code instead then, whilst having a close look at called BCL methods and the object heap.

As for tools, Harmony is powerful but also has issues from my experience, mainly because it relies on loading the target assembly with Reflection which many obfuscators know how to prevent. dnSpy(Ex) has improved quite a bit though over the years, it can nowadays view the JIT'ed assembly of a method during execution (right click "View Disassembly" during execution). But WinDBG is kind of the tool that always just works^tm, provided that you know how to bend it to your will (which can be a real pain sometimes). Can recommend the series by UbbeLol on some basics of windbg+sos (https://www.youtube.com/watch?v=q-IWHHFQcXg&list=PL4A8A31D0204239A5&index=2), although they are a bit dated by now probably. Mostly the way I learnt to work with it was to "just f*ck around" with my own samples in WinDbg. The good news is that .NET binaries are still executables that eventually run x86 code, so a lot of the standard RE strategies should still work.

There seems to be a bit of a lack of up-to-date content on this to be honest (maybe good ideas for new blog posts :^)). Regardless, I hope this gives some pointers :).