Open ivan-danilov opened 8 years ago
Hi, Unfortunately, these error from peverify tends to be vague and hard to debug. You may try using the methods stated in the errors at runtime and see what exception is thrown.
After passing ildasm through obfuscated assembly, I found the following line:
.method family hidebysig virtual instance class [mscorlib]System.Collections.Generic.IList`1<class _9bRhS29inzna1jXLTyEAM472OBK_>
_8GTfIborl5rHvJBvnXjFYkj72xE_(!'' A_1) cil managed
{
.override method instance class [mscorlib]System.Collections.Generic.IList`1<class _9bRhS29inzna1jXLTyEAM472OBK_> class _WwWC9aeUcXa00dIcH6E2UpxfiTJ_<!''>::Install(!0)
Note that override states that it overrides Install(!0)
method (unobfuscated name), while its name is _8GTfIborl5rHvJBvnXjFYkj72xE_
- and that is precisely obfuscated counterpart of Install
judging by symbols.map file.
By the way, underscores removed in b9d74ba41f76c4a723d93da7dc69ffd7ff9ebbfd would be better made optional with project property or command line argument... It is very hard to analyze/troubleshoot decompiled IL when obfuscated symbol in question is just 2
. A lot easier when it is _2_
.
Could you please clarify for me, how chains of overrides are handled in rename protection? I'm looking at VTableAnalyzer.cs and it looks like it just considers declaring class and interface slots. I have the following situation:
interface Intf { void X(); }
class A : Intf { ... }
[Obfuscation(Exclude = true, ApplyToMembers = true)]
class B : Intf { ... }
In my case ConfuserEx correctly decided that both Intf.X
and B.X
must not be renamed. But when analysis of A.X
happens - Intf.X
has not been processed yet and A.X
is not shielded from rename.
This is intended. If A.X is renamed at last, an .override directive would be inserted to explicitly implement Inf.X
I ran ConfuserEx with rename protection on a few assemblies (one of them is large though). It completed without errors, but PEVerify outputs 436 errors on it like the following:
Unfortunately I can't share the assembly in question, so my question is - how can I proceed myself to find the cause? I can find
symbols.map
and lookup these long identifiers, I set seed, so they are the same, but I basically don't know what to look for. If I open confused assembly with dnSpy and manually look for mentioned methods - they indeed are present.