Controlflow Obfuscation influenced by debugger?
Jens
Posts: 9 New member
Hi
I have a dll (e.g. a merged one), lets name it mylibrary.dll with enabled controlflow obfuscation.
Now i observed different behaviour depending on the fact if i run my application that uses this dll with a debugger or simply execute the myprogram.exe.
If i have a debugger attached, an exception is thrown (details in the code below), If i just execute the executable (that uses my obfuscated assembly), no exception is thrown.
If i change the level of obfuscation from "unverifiable" to basic, it works also when i execute it with a debugger attached.
Is the controlflow obfuscation something that is done at runtime? otherwhise i can't explain this.
The thing that fails in one case is the setting of a value to a property that does some range check (I know that this check is obsolete here, it will be replaced in future) and throws an exception if the range exceeds.
I cannot simply not imagine why it works without but not with a debugger.
I have a dll (e.g. a merged one), lets name it mylibrary.dll with enabled controlflow obfuscation.
Now i observed different behaviour depending on the fact if i run my application that uses this dll with a debugger or simply execute the myprogram.exe.
If i have a debugger attached, an exception is thrown (details in the code below), If i just execute the executable (that uses my obfuscated assembly), no exception is thrown.
If i change the level of obfuscation from "unverifiable" to basic, it works also when i execute it with a debugger attached.
Is the controlflow obfuscation something that is done at runtime? otherwhise i can't explain this.
The thing that fails in one case is the setting of a value to a property that does some range check (I know that this check is obsolete here, it will be replaced in future) and throws an exception if the range exceeds.
I cannot simply not imagine why it works without but not with a debugger.
public Single Amplitude
{
get { return _amplitude; }
set
{
if((value > GetMaxValue()) || value < -1*GetMaxValue())
{
throw new ArgumentException("Amlitude not within the valid range", "value");
}
}
}
private Single GetMaxValue()
{
return Single.MaxValue;
}
Comments
Regarding this issue, the control flow obfuscation is not done at runtime so this is a rather odd case. Is there any chance you'd be able to share your application with us to do more testing?
Jessica Ramos | Product Support Engineer | Redgate Software
Have you visited our Help Center?
Thank you for your reply. I try to create a repro that is not linked with our application (I cannot share our source code on a public platform).
In case I am not able to create such a similar scenario, would there be a possibility to share our code with redgate on a Non-Public channel?
Jens
Many thanks!
We actually have a support ticket open for you #64740--if you are able to share a repro or sample, you can share it by replying to any ticket update email (I'll send you another one shortly!).
Jessica Ramos | Product Support Engineer | Redgate Software
Have you visited our Help Center?