Decompiler.NET

Contact:

Author: Jonathan Pierce

Contact: Jonathan Pierce, support@junglecreatures.com

Summary:

Decompiler.NET is the first affordable commercially available combination Decompiler and Obfuscator for Microsoft .NET managed applications and libraries that really works!

Each release of Decompiler.NET is produced by running decompiling, obfuscating and recompiling itself without the need to manually edit any of the outputted code. This ensures that each release is fully tested since Decompiler.NET is a large application that exercises the features required by most applications. Code generated by Decompiler.NET includes all required metadata for native calls including StructLayout attributes, DLLImport attributes, etc. Decompiler.NET requires the .NET 1.1 Runtime (1.1.4322).

Getting Started:

To get started, perform the following steps:

Launch Decompiler.NET.exe and use the browse button to select a managed .NET application or library to decompile. Check the Obfuscate checkbox if you want the resulting decompiled code to be obfuscated. Decompiler.NET will output source files to a folder named “_src” adjacent to the selected assembly. You may also experiment with other settings once you are comfortable using the product.

The trial version of Decompiler.NET will decompile 50% of the methods in each class in the selected assembly, and generate empty method stubs for the remaining ones. The resulting source files will still compile.

Create a new project in Visual Studio 1.1.

Copy the _src folder to the same folder as your newly created Visual Studio project.

In Visual Studio Solution Explorer, right click on the _src folder and choose “Include in Project”. This will cause all generated sources and resources to be correctly added to your project. You may need to reconfigure your project default namespace depending on how the application located resources. You might also need to manually select bmp, png, gif, and other resource files and change their build action in the Visual Studio properties window to “Embedded Resource”.

You should then be able to successfully build and run the decompiled assembly.

Features

Decompilation Features

High Level Code Generation

The code generation implementation in Decompiler.NET produces extremely high level readable source code, often better than the original source code. Decompiler.NET recognizes code patterns including foreach statements, using statements, nested try-catch-finally statements, while statements, switch statements, and others. Break statements, continue statements, and return statements are identified and used to virtually eliminate all goto statements. Boolean expressions are simplified and optimized, and condition statements are merged and reorganized to eliminate unneeded branching. Unused code blocks and variables are removed, and initializations are moved into variable declarations. Switch statements sequences are combined when possible, and “or” expressions and else clauses are generated as needed in order to merge condition sequences and nested condition statements. Method return statements are cloned and embedded whenever possible. The code generator also combines local variable assignments when possible and subsequently eliminates any local variables with only a single reference. In short, you will need to try Decompiler.NET to fully experience and appreciate the power and excitement of it’s code generation implementation.

Full COM Interop Support

Decompiler.NET fully supports code generation for calls to external native COM Interop methods. This include producing the correct DLLImport and Marshaling attributes necessary for correct runtime execution.

Automatically Finds Referenced GAC Assemblies

Decompiler.NET automatically locates referenced assemblies by searching the General Assembly Cache, and folders of prior selected assemblies as needed.

Decompiling Referenced Assemblies and Libraries

Decompiler.NET includes an option for automatically decompiling any assemblies and libraries referenced by the assembly selected for decompilation. A separate option is also included to identify whether referenced .NET framework assemblies should be included in the set of assemblies to be decompiled.

Customizable Options

All features of Decompiler.NET can be reconfigured or disabled through its settings dialog. This allows you to select and enable or disable high level code generation and obfuscation features individually. Settings are saved so that they persist across launches of Decompiler.NET and can easily be restored back to default values.

Obfuscation Features

File Name Obfuscation

Namespace, Type, and Member Name Obfuscation

By default, when the obfuscation option is selected, all non-public namespaces, types, and members are replaced with generated names.

String Encryption

The obfuscation implementation in Decompiler.NET includes an option enabled by default that replaces all non-constant literal strings with references to encrypted string data. The encrypted data is output as a single shared resource file. When the string encryption option is enabled, Decompiler.NET outputs additional runtime support code that decrypts and caches this string data on demand. Since the code base is obfuscated, this feature makes it extremely difficult for anyone to understand the generated obfuscated code.

Future Planned Features

Future Planned Decompilation Features

Support For Other Languages

Decompiler.NET currently supports C# code generation. Decompiler.NET uses language independent representations and optimization algorithms. As a result, implementing support for outputting code in other languages will require minimal effort. Decompiler.NET can therefore be used as a translator for translating among .NET supported languages. Depending on demand, support will be added in future releases for Java, and Visual Basic code.

Future Planned Obfuscation Features

Resource Encryption

Upcoming versions of Decompiler.NET will include support for generation encrypted assembly resource files similar to the current string encryption implementation.

Property and Event Removal

By default, when the obfuscation option is selected, all non-virtual events and properties will be removed and references to them are replaced with direct method call references.

Indexed Public Member References

Currently, external public member references remain in the generated code. This option will replace these references with method invoke calls on delegates therefore hiding the names from the generated code.