0

I was just wondering if there is any tool (preferably free) out there that I can use to run IL from an obfuscated assembly. I know mdbg could be used for debugging a managed assembly but I am not sure if it could be used when that assembly is obfuscated. Any ideas?

palm snow
  • 2,392
  • 4
  • 29
  • 49

1 Answers1

2

Obfuscated IL should function just like non-obfuscated IL - you should be able to use the assembly directly. Otherwise, the runtime itself would not be able to execute the code.

The main issue will be that the names will be obfuscated, so finding and calling the correct members can be difficult. The better obfuscators make this very difficult, however, which is really the point.

In general, it'd be better to develop against the non-obfuscated version, then obfuscate your application with the assembly in one pass. With most obfuscators, this typically gives you the proper information to debug (or at least unwind and understand a call stack).

Reed Copsey
  • 554,122
  • 78
  • 1,158
  • 1,373
  • Some obfuscators have utilities that allow you to translate renamed methods in the call stack back to their original name. – Brian Donahue Jan 03 '13 at 09:45
  • Thanks. mdbg cannot attach to or run an assembly that is obfuscated. Works fine with the same assemblies if not obfuscated. Any ideas? – palm snow Jan 20 '13 at 19:00
  • @palmsnow That's a matter of which obfuscator is being used. It must be creating invalid IL that the runtime will handle, but that breaks mdbg. – Reed Copsey Jan 20 '13 at 22:12
  • @ReedCopsey Thanks. Have you used any obfuscator that does not cause any problems for mdbg to get attached? – palm snow Jan 20 '13 at 22:52
  • @palmsnow Yes - some of the open source/free ones don't block mdbg. It often depends on which settings are used within the obfuscator, as well. – Reed Copsey Jan 20 '13 at 22:52
  • @ReedCopsey Do you mind letting me know which open sources ones didn't block mdbg? I have tried trial versions of few commerical ones and mdbg didn't work with any of these. – palm snow Jan 21 '13 at 01:47
  • @palmsnow It's typically more a matter of which options you use. From what I remember, http://obfsctordotnet.sourceforge.net/ doesn't block mdbg, though... – Reed Copsey Jan 21 '13 at 16:40