Re: Obfuscate
From: Jonathan Pierce (jpierce_at_nyc.rr.com)
Date: 06/19/04
- Next message: Miha Markic [MVP C#]: "Re: Invisible form"
- Previous message: Lasse Vågsæther Karlsen: "Re: File IO Problem!!!"
- In reply to: John Wood: "Re: Obfuscate"
- Next in thread: John Wood: "Re: Obfuscate"
- Reply: John Wood: "Re: Obfuscate"
- Messages sorted by: [ date ] [ thread ]
Date: 19 Jun 2004 04:48:06 -0700
> Also the best decompiler is "Reflector for .NET" which is absolutely
> free.
We are attempting to educate the developer community regarding new
options available to them regarding low cost and better tools for both
decompilation and obfuscation. I'm sorry that you are threatened by
the competition, but we are happy to compete with you based on product
merits and reproduceable examples, rather than biased opinions. The
reality is that there are many cases including this user's experience
where our product works correctly and runs well without requiring any
preconfiguration prior to obfuscation, where your product and others
do not in both the obfuscator and the decompiler marketplace.
You should try our product before forming an opinion about which
product is best. There is a reason that our product is not free and
our customers have decided to purchase it after having tested both it
and Reflector.
Please try to maintain a level of professionalism and make your claims
based on actual facts that can be substantiated after having actually
examined the products that you claim are not as good. We have sent
Lutz a lot of feedback regarding code generation issues in Reflector
that he has not yet had time to correct. The reality is that our
product generates higher level code which also compiles and runs
correctly which Reflector is unable to accomplish. We can provide many
common examples of both higher level code generation such as goto
elimination in switch statements, and of incorrect code generation by
Reflector where our product generates correct code. There are a lot of
subtle issues related to casting primitive types and manipulating
unsafe code for which other products including Reflector fail to
generate correct code. A good example would be the ILReader library
written by Reflector's author. Our product decompiles, recompiles, and
runs the library correctly while Reflector is unable to do the same
even with a library written by it's own author. We also are the only
decompiler which reads symbol files and retains local variable names.
We also do a much better job with unsafe code and COM Interop and each
release is produced by decompiling and recompiling itself with
obfuscation enabled. Our releases would not even compile or run
correctly if they did not generate correct code.
Here is a simple example that you can try if you don't believe me.
I've included the output from both products in case you are too lazy
to bother running them, but you can verify these statements yourself
by downloading and running our free trial version from
http://www.junglecreatures.com/.
We have reported these bugs and many others to the author of Reflector
the first day that Reflector 4.0 shipped over a month ago and they
have still gone unfixed. We have also reported and posted several
bugs, fixes, and extensions to him regarding his ILReader library.
Here is the original code written by one of our customers:
unsafe static bool unsafePointer(string s) {
char[] c = new char[10];
s.CopyTo(0,c,0,10);
fixed(char *p=c){
*(p+5) = 'x';
for (int i = 0; i < 10; i++)
if (*(p+i) == 'p')
return true;
}
return false;
}
Below is what the latest version of Reflector 4.0.5 does with it.
Reflector's generated code will not compile, and would not run
correctly even if it did because of incorrect pointer arithmetic.
Notice that the generated code is missing the fixed statement. It also
fails to convert the type of the value from 112 back to the char type
in the original code. Also, notice that the assignment local1[10] =
120; generated from *(p+5) = 'x'; assigns the wrong location in the
array because it doesn't account for the size of the pointer object.
private static bool unsafePointer(string s)
{
int num1;
char[] chArray1 = new char[10];
s.CopyTo(0, chArray1, 0, 10);
pinned ref char local1 = ref chArray1[0];
local1[10] = 120;
for (num1 = 0; (num1 < 10); num1 += 1)
{
if ((local1 + (num1 * 2)) == 112)
{
return true;
}
}
local1 = 0;
return false;
}
Now, Here is what Decompiler.NET produces. Notice that not only does
the code compile and run correctly, it retains the original local
variable names and actually improves on the original code by replacing
pointer arithmetic with array references.
static unsafe bool unsafePointer (string s)
{
char[] c;
c = new char[10];
s.CopyTo (0, c, 0, 10);
fixed (char* p = c)
{
p[5] = 'x';
for (int i = 0; (i < 10); i++)
{
if (p[i] == 'p')
{
return true;
}
}
}
return false;
}
We will be extremely happy to discuss any real examples that you or
anyone else may have that compare our product to competitive products,
free or not, from both a quality and usability standpoint. We also
provide free updates, and much better support than anyone else by
posting improved versions with new features almost daily and we
respond to any customer issues immediately and would post fixed
versions within a day or so if a customer actually identified an
issue. We have a lot of very happy customers and so far, we have
identified any bugs before any of them even encountered them.
Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/
"John Wood" <spam@isannoying.com> wrote in message news:<#hrEv#ZVEHA.4064@TK2MSFTNGP11.phx.gbl>...
> What kind of weird, twisted, sad advertising is this
>
> "PreTech" <nospam@preemptive.com> wrote in message
> news:91f53532.0406181616.2e68635d@posting.google.com...
> > Hi RF,
> >
> > You must be doing something wrong. The Community Edition will provide
> > perfectly good entry level obfuscation. Obviously, Professional
> > Edition does much more and is full integrated with VS.NET (unlike any
> > other obfuscator).
> > Also the best decompiler is "Reflector for .NET" which is absolutely
> > free.
> >
> > -The Dotfuscator Team
> >
> > jpierce@nyc.rr.com (Jonathan Pierce) wrote in message
> news:<3d0f5457.0406091742.5669eb88@posting.google.com>...
> > > If you are using a standard install project, you can add the
> > > obfuscated dlls to your application directory so they get deployed
> > > when you run the msi file.
> > >
> > > If you are having issues with using your chosen obfuscator, you may
> > > want to take a look at our Decompiler.NET product which includes full
> > > obfuscation capabilities. It is much easier to use than other
> > > obfuscator products since it requires no special configuration by the
> > > nature of it's design and supports full COM Interop. It generates
> > > obfuscated code which you can recompile and debug as well as relink
> > > with other assemblies since it is the only obfuscator product which
> > > produces obfuscated code that can be recompiled. It also replaces
> > > string literals with method calls and encrypts their values in an
> > > embedded resource. You can download a free trial version of the
> > > product and see how well it works for your needs from
> > > http://www.junglecreatures.com/
> > > We bundle both the decompiler and obfuscator as a single product that
> > > is priced lower than what comparable competitors are charging for
> > > obfuscation alone.
> > >
> > > Jonathan
> > >
> > > "RF" <randy.foz@SPAMdialexia.com> wrote in message
> news:<eNwoLzLTEHA.1048@tk2msftngp13.phx.gbl>...
> > > > Hi All,
> > > >
> > > > I need some help from experts of preparing an application for
> obfuscation
> > > > and installation.
> > > >
> > > > A solution with two projects:
> > > > 1. I have a standard windows form app with an implemented custom
> > > > installer class.
> > > > 2. I have a standard setup referencing the "output" of the above
> app and
> > > > implementing the custom actions from the custom installer class.
> > > >
> > > > How can I package an obfucated version of the above solution? I've
> used the
> > > > built-in obfuscator (Dotfuscator) but it hasn't help me, or perhaps
> I'm
> > > > using Dotfuscator wrong!
> > > >
> > > > Can someone point me towards the correct direction.
> > > >
> > > > Thanks,
> > > >
> > > > RF
- Next message: Miha Markic [MVP C#]: "Re: Invisible form"
- Previous message: Lasse Vågsæther Karlsen: "Re: File IO Problem!!!"
- In reply to: John Wood: "Re: Obfuscate"
- Next in thread: John Wood: "Re: Obfuscate"
- Reply: John Wood: "Re: Obfuscate"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
