search

mkaring / ConfuserEx

An open-source, free protector for .NET applications
https://mkaring.github.io/ConfuserEx/
MIT License
2.31k stars 350 forks source link

Weird behaviour when using anti dump and/or anti tamper #467

Closed alex6dj closed 2 years ago

alex6dj commented 2 years ago

Latelly in my app I did a lot of changes, upgrade to net472 and upgrade some dependencies. After build last version I found some exceptions and locks in UI access (only in confused app), and also notice a bump in RAM consumption, it went from 100MB in release to 500 MB in confused app. Older versions RAM use is similar before and after confuser use. After some checks it appears the problem is with anti dump and anti tamper protection. It appears with both or only one active (in anti tamper with all config variations). For now I can live without this two protections but I really love anti tamper method obfuscation.

My app use several project references (netstandard), all of them with the same confuser protection config. The only affected is the client WPF project.

Steps to Reproduce:

  1. None 
    <module path="Converter.Client.exe">
        <rule pattern="true" inherit="false">
            <protection id="watermark" action="remove" />
            <protection id="rename">
                <argument name="mode" value="reversible" />
                <argument name="password" value="***************" />
                <argument name="renameArgs" value="true" />
                <argument name="renEnum" value="true" />
                <argument name="flatten" value="true" />
                <argument name="forceRen" value="false" />
                <argument name="renPublic" value="true" />
                <argument name="renXaml" value="true" />
            </protection>
            <protection id="anti debug" />
            <!--<protection id="anti dump" />-->
            <protection id="anti ildasm" />
            <!--<protection id="anti tamper">
                <argument name="mode" value="normal" />
                <argument name="key" value="dynamic" />
            </protection>-->
            <protection id="constants">
                <argument name="mode" value="x86" />
                <argument name="decoderCount" value="10" />
                <argument name="elements" value="SNPI" />
                <argument name="cfg" value="true" />
            </protection>
            <protection id="ctrl flow">
                <argument name="type" value="switch" />
                <argument name="predicate" value="x86" />
                <argument name="intensity" value="70" />
                <argument name="depth" value="6" />
                <argument name="junk" value="true" />
            </protection>
            <protection id="harden" />
            <protection id="invalid metadata" />
            <protection id="ref proxy">
                <argument name="mode" value="strong" />
                <argument name="encoding" value="x86" />
                <argument name="internal" value="true" />
                <argument name="typeErasure" value="true" />
                <argument name="depth" value="4" />
                <argument name="initCount" value="32" />
            </protection>
            <protection id="resources" />
        </rule>
    </module>
mkaring commented 2 years ago

I can easily believe that anti tamper raises the ram usage to some extend, because it creates a full duplicate of the assembly in memory. But once it's done unpacking the assembly, it shouldn't mess with the runtime of your application.

anti debug maintains an additional thread that checks for the debugger every now and then. But that shouldn't lock your assembly.

It's really hard to say, what causes those issues for you. Is there any chance to are able to reproduce those issues in an minimal example?

alex6dj commented 2 years ago

I will try, at least I know where in the code I do the changes causing the issue. Will try to reimplement in another project and check if issue happen this way.

github-actions[bot] commented 2 years ago

This issue needs more information and has not had recent activity. Please provide the missing information or it will be closed in 7 days. Thanks!

github-actions[bot] commented 2 years ago

Closing this issue because it needs more information and has not had recent activity. Please re-open this issue if more details can be provided. Thanks!

github-actions[bot] commented 2 years ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.