Standalone GUI Quick Start

This section shows you how to use Dotfuscator's standalone GUI. For a complete guide to Dotfuscator's User Interface, see GUI Reference.

Step 1 – Launching Dotfuscator GUI

  • Click Start | Programs | PreEmptive Solutions | Dotfuscator Professional Edition 4.0 | Dotfuscator.
  • The About Dotfuscator Professional dialog appears. Click or press any key to proceed or wait 5 seconds.

Step 2 – Creating a Default Project

  • Select "Create New Project" and click OK. The Dotfuscator main project window appears with the Input tab selected.
  • Here you will select the assembly you would like to obfuscate.
  • Click Browse.
  • Browse to:
C:\Program Files\PreEmptive Solutions\Dotfuscator Professional Edition 4.0\samples\cs\GettingStarted\bin\Debug 
  • and select GettingStarted.exe.
  • Click Open. The path to the executable is now shown in the list box under Input Files.
  • Select File | Save Project to save the project.
  • In the Save Project dialog, navigate to:
C:\Program Files\PreEmptive Solutions\Dotfuscator Professional Edition 4.0\samples\cs\GettingStarted\
  • In the file name field, enter "Dotfuscator.xml" and click Save.

Step 3 – Building the Project

  • Click on the Build tab. The Destination Directory is populated by default as: ${configdir}\Dotfuscated. Note: ${configdir} is a variable that holds the path to your Dotfuscator configuration file.
  • Now the project is ready to be obfuscated. Click Build. Wait a few moments as Dotfuscator builds an obfuscated version of the HelloWorld application. The obfuscated assembly is now stored in:
C:\Program Files\PreEmptive Solutions\Dotfuscator Professional Edition 4.0\samples\cs\GettingStarted\Dotfuscated

You can now go to the output tab and browse the obfuscated symbols, or look at the renaming map file (map.xml) that Dotfuscator created in the output directory, or even run the obfuscated application if you wish. Out of the box, with little configuration, your application has been successfully obfuscated.

Next, with a little more configuration, we can use some of Dotfuscator's more powerful features.

Step 4 – Configuring the Project

  • Click the Options tab.
  • Set the "Build Progress" property to "Verbose". This will cause Dotfuscator to provide additional information about its progress during execution at the bottom of the build tab.
  • Set the "Emit Debugging Symbols" to "Yes". Setting this property tells Dotfuscator to create a symbol file in PDB format for each output assembly. Debuggers can then use these files to provide useful information in a debugging session. Typically, they contain information like line numbers, source file names, and local variable names. The PDB files are placed in the output directory along with the output assemblies.
  • Set the values for “Disable Renaming”, “Disable Control Flow”, “Disable String Encryption”, and “Disable Removal” to “No”. You have fine grained control over which transforms Dotfuscator will apply to your assemblies; these are the features we will configure and use in the next steps.
  • Click the Rename tab. Renaming will obscure code by renaming methods and fields to names that are not understandable. It is turned on by default and items must be selected to be excluded from the renaming process. For this application, you do not need to exclude anything.
  • Click the Renaming Options sub tab. Check "Use Enhanced Overload Induction". This feature can allow up to 15 percent more redundancy in method and field renames. Since overloading on method return type or field type is typically not allowed in source languages (including C# and VB), this further hinders decompilers.
  • Note that the "Map Output File" text box has defaulted to: ${configdir}\Dotfuscated\Map.xml
  • Check "Output as HTML" to get a useful report containing renaming information and statistics on your application. This report will output into the same directory as the map file. The default location is ${configdir}\Dotfuscated\Map.html.
  • Click the Control Flow tab. Control Flow obfuscation synthesizes branching, conditional, and iterative constructs (such as if, for, and while) that produce valid forward (executable) logic, but yield non-deterministic semantic results when decompilation is attempted. In other words, the code runs as before, but decompilers cannot reproduce the original code.
  • Click the String Encryption tab. String Encryption will scramble the strings in your application. For example, someone looking to bypass your registration and verification process can search for the string where your program asks the user for a serial number. When they find the string, they can look for instructions near it and alter the logic. String Encryption makes this much more difficult to do, because their search will come up empty.
  • String encryption is inclusion based, so you must mark the assembly's checkbox at the root of the tree shown in the left pane to include all methods in the input assembly.
  • Click the Removal tab. Removal instructs Dotfuscator to detect and remove unused types, methods, and fields. This can potentially save significant space in the final application.
  • For removal to work, Dotfuscator needs to know what the entry points to the application are. In this case, the entry point is the standard "Main" method, and Dotfuscator is able to determine this without extra configuration.

Step 5 – Rebuilding the Project

  • Click Build; the project is now ready to be re-obfuscated. As before, the obfuscated assembly is stored in:
C:\Program Files\PreEmptive Solutions\Dotfuscator Professional Edition 4.0\samples\cs\GettingStarted\dotfuscated

Step 6 – Browsing the Output

  • Click the Output tab. Now, you can navigate a tree that shows how Dotfuscator obfuscated your code.
  • Expand the root tree and all sub-trees. Notice the blue diamond shaped icons. These are the renamed methods and fields. The parents of each of these icons display their original names. Dotfuscator has renamed each method and field to make it almost impossible to decipher the purpose of each method. This can severely impact the process of reverse engineering the code.

  • Notice the currently highlighted SaySomething and set_Name methods, as well as the Name property. Dotfuscator has detected that these items are not being used in this application. As a result, Dotfuscator's Pruning feature is able to remove them, resulting in a more compact application.

Next Steps

Now that you have successfully obfuscated using the GUI, you can see how to use the command line interface to do the same things. Or you can examine the obfuscated output assembly in detail and see how effective the obfuscation was.