obfuscation & reflection

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

How would you handle this situation:

I have a series of classes which are to be later loaded using reflection:
but the class to be used can vary depending on strings from a text file. So
this text file will have some of these class names in it to govern which
class gets used.

Now, I want to obfuscate as much of my program as I can, though if I
obfuscate everything it won't work anymore because those class names in the
text file no longer match anything in my assembly. These classes in
particular have no sensitive information, so it would be fine to leave them
un-obfuscated.

But what's the easiaest way to accomplish this? Put them in their own
namespace and tell the obfuscator to ignore them? Or put them in their own
assembly like a dll that gets referenced by my app? What would you do?
 
MrNobody,

Instead of using reflection, why not define an interface, and then have
your classes implement the interface? That should prevent the obfuscator
from messing with anything you need to access. It also will make your
coding much easier (and it will perform better as well).

Hope this helps.
 
Hi,

It does depend of the obfuscator you are using, if you are using the
Dotfuscator community I think that you can select which classes no to
encrypt. In the rename tab (4th tab) you can select which classes no to
encrypt.

cheers,
 
Nicholas, I cannot use interfaces and I'll explain why:

The classes in question contain multiple fields which get loaded by
reflection with the data in the textfile. So this text file may say something
like "Name = Foo" where my loader will look for the field "Name" in a class
and set it's value to "Foo". There are also section names which change the
current class based on class name.
 
MrNobody said:
How would you handle this situation:

I have a series of classes which are to be later loaded using reflection:
but the class to be used can vary depending on strings from a text file. So
this text file will have some of these class names in it to govern which
class gets used.

Now, I want to obfuscate as much of my program as I can, though if I
obfuscate everything it won't work anymore because those class names in the
text file no longer match anything in my assembly. These classes in
particular have no sensitive information, so it would be fine to leave them
un-obfuscated.

But what's the easiaest way to accomplish this? Put them in their own
Click to expand...
namespace and tell the obfuscator to ignore them? Or put them in their own
assembly like a dll that gets referenced by my app? What would you
Click to expand...
do?

I don't know what obfuscator are you using or planning to use, but if
the code you have just finished is complete, you shouldn't change the
code for the sake of the obfuscator. It should be the other way around.

For Dotfuscator, you can single out the classes you want excluded from
renaming by using regular expressions or by certain characteristics
such as access modifiers.

Any other documentation on Dotfuscator can be found here:
http://www.preemptive.com/downloads/Documentation.html
 
I'm using XenoCode, and it does have both a regular expression filter and a
nice tree with checkboxes so you can check off any class you don't want
obfuscated. Looks like it works good, just kinda annoying everytime I deploy
need to find and uncheck ~30 classes
 
Nobody,

You may want to use serialization to persist your instances rather than
a text file that you parse.

Also, you can define public stubs that call internal implementation
methods where the public stub names are still exposed but internal
implementation members are called within the same assembly by their
internal obfuscated name. The obfuscation feature in our Decompiler.NET
product will demonstrate this technique for you by automatically
factoring public method bodies into internal implementation methods
while still exposing the public interfaces to external assemblies. You
can download a free trial version and see how it works from our web
site at http://www.junglecreatures.com/

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/
 
If you register using the Community Edition or the Professional
Edition, there is a knowledge base article you can access that gives an
example of how to use regular expressions for excluding types, methods,
or fields from obfuscation.

Jonathan Henderson
Dotfuscator Support
http://www.preemptive.com
 
Back
Top