I am using Windbg/SOS and looking into some managed code. Problem is that code is been obfuscated. Any idea how these could be debugged?
Asked
Active
Viewed 484 times
1
-
6They can be debugged with astounding patience. – Adam Crossland Nov 09 '10 at 16:53
-
can you elaborate a bit what you mean. Is there anyway to see the function names? I heard some vendors provide some type of mapping file between function name and obfuscated code. Is it true? Can this approach be used? – imak Nov 09 '10 at 17:54
1 Answers
1
It depends on the problem you're trying to debug. The call stack of the different threads will still give you the relevant addresses. From that you can get the method descriptions using !ip2md and from that you can get the IL for the methods. Also, once you have the method table for a given type, you can get the corresponding code for each method. You can set breakpoints using method descriptors as well, so while the code is harder to understand, you still have several options for getting debug information, but as I said, it depends on the actual debugging situation. If you update the question with additional detail we may be able to provide more info.
Brian Rasmussen
- 114,645
- 34
- 221
- 317