Dotfuscator Community Edition is the obfuscator that ships with Visual Studio 2008 (and previous versions) for free. It is a cut down version of the Professional tool from the manufacturer. Since I am working on a project that will need obfuscating, I wondered whether this built in version is supposed to work with Compact Framework projects. A google search revealed a tantalizing answer "yes, but with 'issues'" from a newsgroup posting by Simon Hart. Since it wasn't easy to find a definitive answer, I thought I would try and find out myself, specifically to see what these issues were and if they had since gone away in the latest versions of both Visual Studio and Dotfuscator CE.
BTW, Simon's blog entry can be found here.
First, I ran the project through the version of Dotfuscator CE installed with Visual Studio 2008. That version was not fully integrated with Visual Studio but it was still relatively easy to get an obfuscated output for testing. After resolving some expected issues caused by renaming the symbols, the project had shrunk in size and ran well.... or so I thought....
Later testing revealed one very obscure bug in the obfuscated version of the application. Fortunately, the bug was easy to track down to a single override of a virtual function that was not being called resulting in the strange behavior.
Of course, renaming the symbols had probably caused this and tracing through the renamed symbols found that to be the case; the function was part of a chain of overrides and had been renamed higher up in the chain. I installed a later version of the Dotfuscator CE (the one that is integrated with Visual Studio) to see if this changed the obfuscator's behavior. The problem remained (BTW, the integration with the new version is much nicer).
To investigate further, I created a simple project, for the desktop and smart device frameworks, that had the same override hierarchy. Although renaming occurred the same way, the obfuscated code ran OK on the desktop, yet failed to be called properly on the smart device.
Unfortunately, then, I had to conclude that the way Dotfuscator CE renames overrides is not compatible with the compact framework execution model. There may, of course, be other problems but I didn't find any (or haven't yet!) in a moderately complicated application.
Specifically, if you have a hierarchy A > B > C, where A is the base and comes from a library so cannot be renamed. A declares a virtual function. B overrides it. C also overrides it. Dotfuscator CE will rename the virtual function in C only. On the desktop, this works. On the compact framework, it does not. Beware!
There may be workarounds. For example, it might be possible to specify an attribute to stop the obfuscator renaming all overrides to be safe and sure. Of course, you can also upgrade to the Professional version of Dotfuscator which claims 'Comprehensive Support' for compact framework - and there are other obfusctors out there...
Friday, November 14, 2008
Subscribe to:
Posts (Atom)