search

yck1509 / ConfuserEx

An open-source, free protector for .NET applications
http://yck1509.github.io/ConfuserEx/
Other
3.57k stars 1.64k forks source link

Confuser command line utility produces unreliable results #330

Open anato-s opened 9 years ago

anato-s commented 9 years ago

Using command line utility 0.5.0 and the following project file

<?xml version="1.0" encoding="utf-8"?>
<project xmlns="http://confuser.codeplex.com" baseDir="c:\temp" outputDir="c:\temp\Output64">
    <rule preset="none" pattern="true">

<!--   <protection id="anti debug" />
        <protection id="anti dump" />
        <protection id="anti ildasm" />  -->
        <protection id="anti tamper" />
        <protection id="constants" />
        <protection id="ctrl flow" />
        <protection id="invalid metadata" />
        <protection id="ref proxy" />
        <protection id="rename" />
        <protection id="resources" />
    </rule>
    <module path="MyToBeObfuscatedAssembly.dll" />
</project>

The assembly produced is unreliable. Sometimes it works and sometimes it doesn't. In other words, I can run this 10 times and 5 times assembly will be working and other 5 times it will throw "Bad IL Range" exception. I literally run it 10 times on a row against same assembly, and use each of produced obfuscated assemblies in the code base. And some assemblies work and others don't.

Gaushick commented 9 years ago

Can you show your syntax?

Gaushick commented 9 years ago

I have done the obfuscation using the ConfuserEx from the CLI. Please do the below steps,

1) Download the ConfuserEx from the "https://yck1509.github.io/ConfuserEx/news/index.html" 2) Run the "ConfuserEx.exe" file and try the obfuscation using any dll. Then save the project(.crproj). 3) Otherwise form the xml syntax like below, and save the file type as (.crproj).

XML Syntax Image :+1: image

4) Open the command prompt, and run the below syntax, CLI Syntax : confuser.cli -n D:\ConfuserExConfig.crproj

Note :+1: :

anato-s commented 9 years ago

Thank you. I will give it a try. Although, again, this particular ticket is about running confuser utility using same project file and same original dll file randomly produces different results.

yck1509 commented 9 years ago

Hi, ConfuserEx uses random number in obfuscation process, so this situation may occur. Please send me the file at confuser.net@gmail.com so I could see what's wrong with it.

anato-s commented 9 years ago

if you're asking for obfuscated file - I can't do it because it has our secretive business information. But I can use confuser on a different DLL and see if that DLL comes out not working, and send it to you then.

I will try to do these things by Monday

Thank you for offer

Date: Wed, 7 Oct 2015 04:59:16 -0700 From: notifications@github.com To: ConfuserEx@noreply.github.com CC: anefsh@hotmail.com Subject: Re: [ConfuserEx] Confuser command line utility produces unreliable results (#330)

Hi,

ConfuserEx uses random number in obfuscation process, so this situation may occur. Please send me the file at confuser.net@gmail.com so I could see what's wrong with it.

— Reply to this email directly or view it on GitHub.

bryanwayb commented 8 years ago

To add to this, I've also received the Bad IL Range exception when compiling a DLL module on the current commit (2b4f482d4b5a3773397de54f935bc5d7f529b885).

After a bit of narrowing down, it looks to be something with the anti tampering rule I'm using.

<protection id="anti tamper" />
yck1509 commented 8 years ago

Do you have the full stack trace of the exception?

anato-s commented 8 years ago

I appreciate you checking out. I had to put that project on hold from the time issues were reported. Hopefully, I will have a window to download new version and turn-on obfuscation to test it again. We just had 2-3 issues with it and decided to concentrate on the code itself for now.

Thank you again. We'll give it another try.

Date: Fri, 18 Mar 2016 02:11:47 -0700 From: notifications@github.com To: ConfuserEx@noreply.github.com CC: anefsh@hotmail.com Subject: Re: [ConfuserEx] Confuser command line utility produces unreliable results (#330)

Do you have the full stack trace of the exception?

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub

bryanwayb commented 8 years ago

@yck1509 Yes I do, this is the event log. Also, the DLL being built is an ASP site.

Event code: 3005 
Event message: An unhandled exception has occurred. 
Event time: 3/15/2016 1:37:07 PM 
Event time (UTC): 3/15/2016 7:37:07 PM 
Event ID: 21b90456ce4b4361811c7ee2431df123 
Event sequence: 1 
Event occurrence: 1 
Event detail code: 0 

Application information: 
    Application domain: /LM/W3SVC/1/ROOT/webservicetest-4-131025442270657081 
    Trust level: Full 
    Application Virtual Path: /webservicetest 
    Application Path: C:\inetpub\wwwroot\webservices\ 
    Machine name: BRYANSWIN10VM 

Process information: 
    Process ID: 2624 
    Process name: w3wp.exe 
    Account name: IIS APPPOOL\DefaultAppPool 

Exception information: 
    Exception type: TypeInitializationException 
    Exception message: The type initializer for '<Module>' threw an exception.
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
   at System.Activator.CreateInstance(Type type, Boolean nonPublic)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark)
   at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture)
   at System.Web.HttpRuntime.CreateNonPublicInstance(Type type, Object[] args)
   at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
   at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)

Bad IL range.
   at <Module>.‏‪‫‪‫‏‎‮‫‏‭​‬‮‎‬‫‌‪‪‭‬‫‪​‮.‮‭‭​‌‫‌‎‍‭‏‬‮‮‬‫‭‬‫‎‌‮‮‭‭‌‮..ctor()
   at <Module>.‏‪‫‪‫‏‎‮‫‏‭​‬‮‎‬‫‌‪‪‭‬‫‪​‮..ctor()
   at ‪‍‫​‌‪‎‫‍‭‫‪‭‫‌‫‫​‪‎‪‫‭‍‮(Byte[] )
   at ‎‭‎‪‎‎‮​‎‎‫‪‭‬‍‫‍‪‍‎‍​‎‭‮()
   at .cctor()

Request information: 
    Request URL: http://localhost/webservicetest/ 
    Request path: /webservicetest/ 
    User host address: ::1 
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: IIS APPPOOL\DefaultAppPool 

Thread information: 
    Thread ID: 12 
    Thread account name: IIS APPPOOL\DefaultAppPool 
    Is impersonating: False 
    Stack trace:    at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
   at System.Activator.CreateInstance(Type type, Boolean nonPublic)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark)
   at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture)
   at System.Web.HttpRuntime.CreateNonPublicInstance(Type type, Object[] args)
   at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
   at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)

Custom event details:

When I run the protection rules with anti-tampering enabled I receive this error. I also have these rules enabled as well, but I don't think they're conflicting since I've singled it out to just the anti tamper rule through trial and error.

<rule pattern="true" inherit="false">
    <protection id="anti debug">
        <argument name="mode" value="win32" />
    </protection>
    <protection id="anti ildasm" />
    <protection id="constants">
        <argument name="mode" value="dynamic" />
        <argument name="elements" value="SNPI" />
    </protection>
    <protection id="ctrl flow" />
    <protection id="rename">
        <argument name="mode" value="letters" />
    </protection>
    <protection id="ref proxy">
        <argument name="mode" value="strong" />
    </protection>
    <protection id="resources">
        <argument name="mode" value="dynamic" />
    </protection>
</rule>
yck1509 commented 8 years ago

@bryanwayb Have you tried the latest builds at the CI Server?

bryanwayb commented 8 years ago

That I had not. I have it included as a submodule that gets built during production builds with the following:

msbuild "%~dp0\ConfuserEx\Confuser2.sln" /ds /v:m /nologo /target:Clean,Rebuild /p:Configuration=Release > nul 2>&1

It is the current commit though. I had tried it with the last release commit as well (cfbbf08), but same results.

yck1509 commented 8 years ago

@bryanwayb Please try enabling debug symbol generation to show the file and line number in the stack trace. Also, please open a new issue since it's getting not related to the original issue.