I am trying to create an application can modify properties in IL to create a slightly different executable. E.g Client A runs app and a label on the WinForm label Reads "Client A:". Client B runs the app and Label Says "Client B". Easy I know using config files or resource files but thats not an option for this project. The Main program needs to be able to generate .exe file dynamically based on some form fields entered by user.
My solution was to create a standalone executable that contained all the elements which I needed to make dynamic. I then used ildasm to generate the IL and thought that I could use this IL and substitute tags for the elements i wanted to make dynamic. I could then replace those tags at runtime after user filled the form using regex etc.
The problem is, the if i re save the IL file generated by ILDASM as an exe and try to run it. I just launches console and does nothing.
Am I going about this the wrong way? I didnt want to delve into Reflection as the dynamic .exe is a really simple one and I thought reverse engineering IL with ildasm would be the quickest way.
You thoughts and pointers are much appreciated.
Tony
Is the executable generated on-site? Or do you generate the executable for a customer and then ship the result?
If you are the one generating the executable, you could put the customer-specific data/code in a separate DLL and embed it in your executable as a resource, and load it when the AppDomain.CurrentDomain.AssemblyResolve event occurs.
That way you can have version control over the customer-specific data.
When you say "re-save" the file created by ildasm and run it do you mean you are running all of the IL files through ilasm (the provided Microsoft IL compiler)? If not, you may want to try that. Do be very careful when performing your substitution as IL has some quite specific requirements and ilasm is not as forgiving as the higher level compilers like csc and vbc.
You can also use Mono.Cecil to modify assembly files, that way you don't have to ship IL to your customers.
If you are going to continue on the route of shipping the source and compiling it you can accomplish the same thing without involving IL by shipping the C# source and compiling it onsite since csc is included in the framework.
Related
I have a WPF application whose output is a.exe. This application is dependent on an external b.dll (whose source code I have access to).
Requirements:
The output should only be a.exe which should contain the dll. I don't want to provide my users with a separate dll (if it can be avoided)
I should be able to obfuscate the code. (I don't want anyone to be able to modify it).
Approaches tried:
I embedded b.dll inside a.exe, it worked. But I was not able to obfuscate the exe as it gave an error that it was unable to find b.dll.
I obfuscated a.exe and b.dll but it did not work. It was unable to find b.dll.
Alternate approach :
Is there any way that I can perhaps add the spruce code of b.dll to my project and have the dll be compiled to the exe itself rather than a separate dll.
Is it possible to make this alternate approach work or are there any other ways ?
If nothing works, I know that I can compile a and b separately, obfuscate a and provide b as a separate file (what I'm trying to avoid).
Apologies for the formatting issues, if any, I'm using the android app. Let me know if you need any details.
I have had great success with Eazfuscator.Net in the past.
http://www.gapotchenko.com/eazfuscator.net
To run it from the command line enter the following command:
Eazfuscator.Net.exe -n a.exe b.dll
It will combine the two files into a single exe. The main program will be able to access the dll.
You can even set up Visual Studio so that the command line above runs as a post compile event.
Assembly embedding may seem quite confusing, so here is how it's usually done:
The dependencies are obfuscated if needed.
The target assembly is obfuscated. At this point, the obfuscator is also instructed to embed certain dependencies as a part of obfuscation process.
As a result, the embedded assemblies are stored as a resource of the target assembly.
In order to load dependencies at runtime, obfuscators usually install a handler for AppDomain.AssemblyResolve event that is raised by CLR when it fails to resolve an assembly automatically.
The handler extracts and loads an embedded assembly from the resource.
That's it. A good obfuscation tool allows achieving that quite easily. I don't see why it wouldn't work in the case with WPF application. If there are problems, I would recommend contacting product support.
Another option is assembly merging. Unlike embedded, the merged assemblies become an inseparable part of the target assembly code. For this reason, the assembly merging often helps to achieve a better obfuscation coverage and application startup time comparing to embedding. Although it may look a better option, merging may sometimes break the application functionality.
According to http://blogs.msdn.com/b/junfeng/archive/2005/02/12/371683.aspx I should be able to create a single .exe file build from some source code and a .netmodule file. However, after looking at http://msdn.microsoft.com/en-us/library/92b5ab4h.aspx and http://msdn.microsoft.com/en-us/library/k669k83h.aspx I cannot seem to make this happen. Whenever I run my .exe it is looking for the .netmodule externally.
Does anyone know of any example showing which options I have to pass to csc to make this do what I want?
For example I have, common.netmodule and program.cs, and I want a single file program.exe that has common.netmodule in the assembly.
After rethinking things, I decided to solve the problem at the source code level. Instead of compiling a common.netmodule file, I just have Maven copy my common.cs file into the project specific directories, and then compile. It works, it's simple, and I cannot believe I wasted so much time trying to figure out the abstruse details of .Net assemblies.
I have an application written in C# (without the source of course), that needs to be changed a little bit. For example, I need to stop a few lines of code that create an unnecessary menu. So I think I should comment them out.
The source code is not obfuscated. I know I can completely decompile, change, and compile again, using tools like Reflector/Reflexil. But everyone knows that by doing this, many parts of code won't compile again! Is there a way in Reflector (or any other product) that a part of could be disabled/changed without this process?
Thanks.
You might want to try dnSpy. It is a .NET assembly editor, decompiler, and debugger forked from ILSpy.
https://github.com/0xd4d/dnSpy
If you really needed to do this, you could decompile it with Reflector (or a similar product) and then use that to try to recreate a solution in .Net that will produce the same executable.
You may run into issues around:
Obfuscated code
Sections where the decompile shows you accurate code for specific sections, but for some reason it just doesn't work in your new solution (and then what do you do?)
This is not to mention the potential legal issues related to doing this. If the executable was released under a license that would permit you to do this, then you would most likely have access to the source code. So the fact that you do not have access to the source code implies that doing what you are suggesting might not be legal.
Eventually I managed to "disable" a few lines of code in the compiled exe.
I used Reflector with Reflexil plugin installed. Reflexil allowed me to edit an MSIL instruction, and then save the result back to an exe file. So, it involved learning a few MSIL instructions, especially the "no operation" command (making a line of code do nothing). To see the list of instructions and a tutorial, see here and here.
Hope it helps someone else.
for the sake of completeness:
Another possible solution is to use the ildasm http://msdn.microsoft.com/en-US/library/f7dy01k1%28v=vs.80%29.aspx
MSIL Disassembler, edit the MSIL and feed it back to ilasm.
How practical this solution is, depends on you of course
This thread may help: dotnet dll decompile and change the code
Last time When I tried with decompile the source using reflection, I got too many compilation issues with regarding to resources and other subs though the dll isn't obfuscated. So there could be things beyond just extracting the source and modifying in order to make your new dll work as the old one.
SO I would suggest to go with direct dll manipulation using any of the options mentioned in the other thread.
If you have source code on the same machine on which you are testing your exe file, and if you are making changes in your sourcecode in visual studio, then while compiling it will automatically get reflected in your exe file.
You need not do any special thing for it. And if it is not, then just make the changes in code and paste your debugg folder's new exe (with debugg folder) on another machine having all recent changes.
There are a lot of little things I find myself re-writing here and there because they might be too large/complex to represent as a snippet, but realistically it doesn't make sense to make a stand-alone DLL out of it because we might only be talking a few dozen or a few hundred lines of code.
For example a little form which contains only a text box where the user enters a password and closes on {Enter}.
Or an extension method which can serialise/deserialise any object to/from a GZipped file assuming the object is marked as Serializable.
The list goes on. I have accumulated lots of little bits and pieces over the years and it's not organised in any neat way.
In C++ projects, I can write a lib file containing these bits of code which I can add to my compiler settings in such a way that any future C++ project I create has this lib included. I have done this with ATL and Boost.
I don't know of a way to do this for C# projects. Is it possible?
Edit:
If I make an assembly, I have to compile it to a DLL and distribute the DLL alongside my main executable. The DLL may be small or it may be quite large, I don't know. But I may only need to use a few tiny functions in that DLL for my project. In C++, only the functions I use are statically linked when I use the library, however if I distribute my software with a DLL then I have to distribute everything.
I know it is possible to merge the DLL with the main executable so that the user isn't aware that there is a separate library, however the whole DLL is still being packaged along with the executable.
Imagine I write a DLL with lots of my own maths, stats, file IO, image manipulation, serialisation, user IO, etc included. Nothing fancy, just some common things I find myself doing quite frequently. The DLL might be, say, 4MB.
Now I want to write a program which uses a tiny part of the DLL, and if I were to simply copy/paste the necessary code then my EXE would end up being, say, 700kB.
Are you saying that I either copy/paste the code I need, or I have to distribute a 4MB DLL along with my 700kB EXE?
Aside from using an assembly, the only way I know of is to create a link in your project to the source code in question. In visual studio the process is:
Project → Add → Existing File → Add As Link (the little down arrow:)
It is not possible at a source code level, although often requested (just Google c# #include equivalent). The only reasonable alternative that c# offers is compiling your common code as a DLL and adding a reference to it.
Note that although you can add a file to your project from another project, it will take a copy and therefore not maintain updates. I have used this to achieve the same effect 'manually' - when the common file is updated, I excluded it from the project 'referencing' it and then re-added to get a fresh copy.
UPDATE As commented below, you can add as a link - how cool! Why did nobody tell me.
We add a common directory to the overall includes path, then use
#include <somefile.cpp>
directly in our cpp files. It'll include the source straight in.
Is there a way to keep any DLLs needed for my Visual C# program (such as SQLite) inside the actual EXE so it doesn't require the files to be present?
If not, can anyone show me how to make a wrapper for my program (independent of .NET, so maybe C++?) to copy/load required files to the working directory before starting the program itself.
What I intend to end up with is a single EXE file that can be deployed anywhere and set itself up like a transformer. All it requires is the following criteria:
SQLite is present
OpenHardwareMonitorLib is present
.NET 2.0 is installed (if not, offer install with redistributable package)
Microsoft provide a tool for merging DLLs. It's called ILMerge.
It doesn't always work, I believe certain things can cause problems. But it's definitely the easier option!
If the problem is redistribute only one file, you can create a "installer" exe, that unpack all your dependencies (from executable content).
If you don't want to leave all dlls in your production environment, you can merge all IL code in the main executable. you can use ILMerge (but it's not the only product that can do this)
You can merge the dependencies into the main executable. After your build completes you run an additional tool that combines the IL code into a single assembly.
ILMerge can do this but is a bit cumbersome to use.
Some (proprietary) tools can do this as well. I know of at least one obfuscator (DeepSea) that can do this. DeepSea also allows you to specify what you want to include and what types you want to expose from the resulting assembly.
Full disclosure: I know the guys that build DeepSea Obfuscator.
I guess you could embed the target assemblies as resources and then unpack them in some custom assembly resolution code?
Edit: there's an example of this here: Embedding assemblies inside another assembly