Using .NET Reflector to read .NET Assemblies

(or “How to Check if Production Code is Obfuscated“. Another Guest post by David Connell (with a little help from Dom Smith, Jason Crease, Clive Tong, and Chris Massey)

David Connell, back again, and still a software developer at Red Gate. Here at Red Gate we are careful to obfuscate released software in order to help protect our intellectual property, and the obfuscation is performed by one of our other products, SmartAssembly, which should be run by our build system automatically. If you recall, I’ve been looking at a way to use .NET Reflector to automatically check whether our products are obfuscated, and I’ve made the full source code for the solution available at the bottom of this post.

.NET Reflector obfuscation checker source code.

To recap, a while ago, one of our testers, Robin Hellen, said that he wanted his automated tests to check that files were definitely being obfuscated. I quickly realised that I could use the .NET Reflector API to solve this challenge (Having already had some experience with it).

The easist way for me to solve this was to produce a WinForms application that:

  1. scans a folder looking for assemblies
  2. loads the assemblies
  3. displays whether or not the assemblies are obfuscated.
  4. attempts to work out which features of SmartAssembly were used when the assemblies were built.

Before I go on too much further I must explain that here at Red Gate we typically split our desktop applications into 2 tiers. A UI front end and a back end that actually does the work. The back end is typically called the engine as it caries out the actual work. This “Engine” has no UI and can normally be at least easily Integration tested, if not Unit tested.

However, in this case, because the engine is interfacing with .NET Reflector it has to have some UI components. This is because the fact that Reflector is a Windows application is currently hardwired into the code, and the usual pattern of separation isn’t there, and so the engine really wants to be able to create windows. Thankfully, it can be fairly easily used by Robin for his automated testing, where the UI front end can display the information that the engine produces.

At this stage, I must also thank Jason Crease (tester on SmartAssembly) and Ryan Haney (UX designer on .NET Reflector) for their assistance with the final steps in getting this tool working.

Creating the application was mainly a process of using the Microsoft Visual Studio debugger, Intellisense, and JetBrains Resharper to find the methods in the Reflector API that were useful for achieving the application’s aims.

Accessing the .NET Reflector API from within Obfuscation Checker code.

The back end/engine code for this tool was pretty much covered in my previous blog post, so it’s worth taking a look at that to refresh your memory. Since then, I have made some minor changes to the backend, mainly to clean up the API and remove any idiosyncrasies. In addition, having teamed up with the previously mentioned Jason & Ryan, we came up with a quick and clean UI for the tool:

A quick and clean UI for the Obfuscation Checker

You can filter by company and sort by single column, and users can also double-click a given line to get more details about the application and how it’s obfuscated.

All this functionality is wrapped up in the Engine code and, as I mentioned, the UI is a simple visualization over the top. This is another way of saying that the menu items at the top of the tool window are not currently wired up to anything – they came with the stock UI. I may get around to cleaning them up at a later stage.

On a somewhat related note, SmartAssembly has recently rolled-out a new type of obfuscation called “Method Parent Obfuscation”, and I have not yet investigated supporting this – I can certainly take a look if there’s a need. My currently implementation is not extensible, but I’d like to refactor it at a later date to improve the base code.

Anyway, please play with the code, change it to your needs, and most of all have fun programming and using the.NET Reflector API.

Download the source code for the Obfuscation Checker Download the source code for the Obfuscation Checker

This entry was posted in extensions, Reflector and tagged , on by .

About Chris

A background in technical publishing; editing articles on Simple-Talk and SQLServerCentral for 3 years now. When I’ve not been editing articles, I’ve been editing or proofing books covering everything from .NET performance testing to Exchange Server, XML Schema Design, and the SQL Server Query Optimizer. I built a few websites to help pay my way through college, but the less said about them, the better.

8 thoughts on “Using .NET Reflector to read .NET Assemblies

  1. Mike

    I’m sorry, I really can’t take your product seriously. In 5 minutes it has opened about 20 browser windows, it’s worse than some of that old skool malware I used to have to clean off people’s computers 5 years ago. Except this is 2012 and you guys are supposed to be professional developers.

    Look, if you can’t support a free edition, fine by me. ILSpy and dotPeek are great alternatives. Just don’t act release a free versions and load it with spam technology that opens browsers windows. That’ll get your software removed from my machine, quick.

    Also, I don’t see why I would ever actually BUY any of your other software. You need to understand goodwill.

    Reply
    1. Chris Post author

      Hmmm… that browser window behavior isn’t expected. Could you let us know when version of Reflector you’re using & we’ll look into it? Any details you can let us know will help us nail this bug.

      Thanks,
      Chris

      Reply
  2. Stefan

    And so they have developed a useful piece of professional software, it’s a shame you can’t see that.

    I agree that I also had some issues with the trial version, but the release is worth every penny.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *