Question
I am trying to make a C#/.NET obfuscator using Mono.Cecil. I wrote a basic test of renaming methods, and it seems to work fine.
I decompiled my obfuscated output using JetBrains dotPeek to see the effects of my obfuscator. In the list of methods to the left of the interface, the methods are listed by their obfuscated names. However, if I double-click on the class to show the full decompiled code, the original method names are shown. Is there some sort of metadata that is added that I am able to remove to prevent this from happening?
Here is the relevant code from my obfuscator:
https://stackoverflow.com/questions/21227049
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianpublic Program()
{
AssemblyDefinition ass = AssemblyDefinition.ReadAssembly(@"C:\Users\Derp\Desktop\CecilTestApp.exe");
foreach (ModuleDefinition def in ass.Modules)
{
foreach (TypeDefinition d in def.Types)
{
foreach (MethodDefinition m in d.Methods)
{
if (!m.IsConstructor && !m.IsRuntimeSpecialName && m.Name != "Main")
{
string oldNm = m.Name;
string newNm = GetNewName();
m.Name = newNm;
Console.WriteLine("Rename Method '{0}'->'{1}'", oldNm, newNm);
}
}
foreach (FieldDefinition f in d.Fields)
{
string oldNm = f.Name;
string newNm = GetNewName();
f.Name = newNm;
Console.WriteLine("Rename Field '{0}'->'{1}'", oldNm, newNm);
}
}
}
ass.Write(@"C:\Users\Derp\Desktop\CecilTestApp-Obf.exe");
Console.ReadKey();
}
GetNewName() simply returns a random string that hasn't already been used as a method/field name.
Here is a screenshot of the behavior I am getting with dotPeek:
Solution
It turns out that DotPeek was somehow/somewhere caching the results from when I was decompiling the unobfuscated version of the same program. Decompiling it on another machine worked perfectly fine.
I believe it was caching by the assembly name, as changing the assembly name in the obfuscated version also made the decompiler show the obfuscated code.
