问题描述

您好！我们正在与几个混淆器进行关心实验。我们希望保护我们的源代码不再与其他人一起使用。我们的主要任务是进行exe（或dll）分析，以使原始源代码结构尽可能复杂。换句话说，使用从exe（或dll）恢复的源代码，自己开发应用程序必须更容易。目前我们正在测试SmartAssembly 6.我们使用de4dot对结果exe和dll进行反混淆处理。结果在Reflector中进行评估。因此我们有几个问题（暗示分析的exe（或dll）被SmartAssembly混淆了。）



问题：

1.是否有任何方法（反混淆，进程转储，调试等）来恢复内部和私有函数的源（不是从公共函数调用）而没有大量的长期工作？如果可能 - 请指定方法。

2.关于内部和私有函数参数名称和局部变量的相同问题。

3.哪个混淆器（保护器等）您认为我们应该使用而不是SmartAssembly来实现我们的目标（许可证成本不低于200美元）？



我们的实验中的一些观察结果：

1.在SmartAssembly之后，De4dot不会恢复本地var名称（只需基于var类型重命名以便于分析http://prntscr.com/78puxr）。但公共功能代码结构和参数名称恢复得相当不错。

2.在De4dot恢复文件http://prntscr.com/78pvh4中找不到Reflector的内部和私有函数。此外，即使从中调用公共函数也无法找到它们的来源（我的意思是来自内部或私人函数源）http://prntscr.com/78pxcf。

3.但是如果私有函数是公开调用，可以找到它的结构很容易识别http://prntscr.com/78q5pm

Hello! We are caring experiments with several obfuscators. We want to protect our source code from using once more with somebody else. Our main task is to make exe (or dll) analysis for getting original source code structure as complicated as possible. In other words it must be easier to develop application on your own, than to use our sources restored from exe (or dll). At the moment we are testing SmartAssembly 6. We deobfuscate result exe and dll with de4dot. The result is evaluated in Reflector. Thereby we have several questions (It is implicated that analyzed exe (or dll) was obfuscated with SmartAssembly).

Questions:
1. Is there any method (deobfuscation, process dumping, debugging etc) to recover sources of internal and private functions (which are not called from public functions) without extensive and long work? If it is possible - please specify the method.
2. The same questions about internal and private function parameter names and local variables.
3. Which obfuscator (protector etc) you think we should use instead of SmartAssembly to achieve our goals (with license cost not less than 200$)?

Several observations from our experiments:
1. De4dot does not recover local var names after SmartAssembly (just renames basing on var types to facilitate the analysis http://prntscr.com/78puxr ). But public function code structure and parameter names are recovered pretty good.
2. internal and private functions was not found with Reflector in De4dot recovered file http://prntscr.com/78pvh4 . Besides, their source cannot be found even if public functions is called from it (I mean from internal or private function source) http://prntscr.com/78pxcf .
3. However if private function is called by public one, it can be found and its structure is easily recognized http://prntscr.com/78q5pm

推荐答案

这篇关于关于C＃混淆的几个问题（SmartAssembly，内部函数）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！