Author Archive

« Older Entries

Automating Runtime Intelligence Code Injection

Monday, August 30th, 2010 by Joe Kuemerle

With the release of Dotfuscator Community Edition in Visual Studio 2010, developers were given a way to quickly and easily add application analytics functionality to their projects at no additional cost. Using Runtime Intelligence, developers or build managers can implement a customer experience improvement program to track how people are actually using the deployed applications in the wild. In May 2010, PreEmptive Solutions partnered with CodePlex to provide commercial level Runtime Intelligence data reporting to any project hosted on CodePlex.

The version of Dotfuscator that ships with Visual Studio 2010 can’t be added to an automatic build script because it requires user interaction to perform a build. The commercial version of Dotfuscator has both an MSBuild task and a command line option for build automation, but purchasing a commercial license for a pure open source project is normally not an option. At the request of the community, we are making two options available to help alleviate this issue.

The first option, available to anyone who has Visual Studio 2010 Professional or higher, is to register for and download a patch to upgrade the installed version of Dotfuscator CE to version 5.0.2601. This version of Dotfuscator includes a command line interface and removes the restrictions that block automation. It does not require any user action to start a build, nor does it require Visual Studio to be running. The instrumentation abilities are identical to the previous versions: up to 10 named features with none of the advanced functionality from the commercial version (custom data gathered at runtime, detailed system and performance data, unique serial numbers, custom tamper and expiration behavior). To download this patch, you will need to create an account here . Go to My Account and the patch will be available in the Downloads section. After you install the patch, you will have a new DotfuscatorCLI.exe application in your Dotfuscator CE installation directory which you can use to automate builds. The command line is similar to the commercial version of Dotfuscator and is documented in the Command Line Interface reference in the online documentation .

The second option is that open source projects hosted on CodePlex can use the commercial version of Dotfuscator to instrument the application. Any project administrator can request a PreEmptive Open Source Project License here and receive the full version of Dotfuscator to use as the Runtime Intelligence code injection tool for their project. The project will then have access to the full range of instrumentation features available to commercial users including custom data gathered at runtime, support for occasionally connected clients, easy integration for Silverlight XAP and ClickOnce packages and ongoing enhancements as we release new commercial versions of Dotfuscator. Additionally, the project will be able to use the MSBuild task or the command line to easily integrate into their automated build environment.

With these options, developers are now better able to get accurate and actionable feedback on how their applications are really being used and can tighten the feedback look between themselves and their users. Better information on usability and functionality will lead to improved applications, and now it’s easier than ever to get that data.

Posted in Application Lifecycle Management, Dotfuscator, Dotfuscator CE, Runtime Intelligence | No Comments »

Dotfuscator 4.7.1000 with WPF obfuscation support

Thursday, May 20th, 2010 by Joe Kuemerle

The most recent release of Dotfuscator includes a new feature that has been a top customer request: increasing the level of protection for Windows Presentation Foundation applications. Up until now, obfuscators were unable to transform items in code-behind that are referenced from the layout of Windows Presentation Foundation applications. Excluding all of the necessary items from being renamed and removed decreased the level of protection and increased the testing required to ensure stability. With the 4.7.1000 release of Dotfuscator WPF applications are now able to be protected with an unprecedented level of obfuscation. Dotfuscator now analyzes and rewrites BAML (the compiled XAML) in WPF applications and applies consistent renaming across the layout and application code as well as ensuring that items referenced in the BAML are not pruned from the output. With full renaming support information leakage of namespaces, class, event and property names is reduced to the bare minimum. The below sample WPF application decompilation demonstrates the effectiveness of this groundbreaking feature.

Before

After

In addition to WPF obfuscation Dotfuscator 4.7.1000 also includes support for resigning Silverlight 4 XAP packages and updated support for integrating with InishTech SLPS.

There are two functional changes for this release, the first is that for new projects Library mode is now the default for all assemblies and packages.  This improves the out of the box experience but with the trade off of not renaming any publicly accessible types and public members of those types.  For applications that require the maximum amount of protection PreEmpitve recommends turning off library mode wherever possible.  A second functional change is tamper notifications are turned off by default.  Using tamper detection and defense does not require the sending of tamper notifications and this change makes it easier to test tamper detection with minimal configuration overhead.

Additional changes include support for the .NET 4.0 extensions to ClickOnce applications, support for ClickOnce packages that include native assemblies, and bug fixes.  See the change log for full details.

Keep tuned to this blog, we have many more exciting announcements coming soon.

Posted in Dotfuscator, Runtime Intelligence | No Comments »

Track Application Usage Statistics for CodePlex Projects

Tuesday, May 11th, 2010 by Joe Kuemerle

Open source software thrives on feedback and participation. Without a good idea of what users want, projects easily become irrelevant. Knowing how many people are actively using your application, as well as which features they’re using (and which ones they’re not) provides significant feedback that helps to focus development, resulting in an improved application that meets the user’s needs.  With CodePlex’s integration of Runtime Intelligence features, project coordinators now have the ability to inject application analytics features into their releases.

Projects hosted on CodePlex can use either the free version of Dotfuscator (included in Visual Studio 2010) or the commercial edition to inject application analytics features into their binary distributions.  The application analytics automatically tracks how many times is run in the wild and the duration of those runs. This provides a measurement of application popularity beyond counting the number of downloads.  Basic system profile information, such as which operating systems and framework versions the application are run under, is gathered and reported on as well.  Additionally, feature usage within the application can be measured including the number of executions as well as their duration.  Total application runs per day statistics are available on the projects statistics page on CodePlex and detailed usage data is available from a link on the statistics page.

With the understanding that there can be privacy concerns, Runtime Intelligence instrumentation transmits no personally identifiable information.  It is also very easy to surface the built in Opt-In/Opt-Out functionality in the library and give individual application users the choice to participate in the program.

The individual usage data is aggregated and daily application usage is viewable on the projects statistics page as well as links to detailed reports of application and feature usage.

Instrumentation of applications compiled against .NET 2.0 and higher (including Silverlight 2, 3, and 4) is supported by Dotfuscator Community Edition.

Projects that use custom attributes to decorate their injection points are permitted to redistribute the PreEmptive.Attributes.dll library as part of their source code.  The library is only necessary for compilation of the application and references to it are stripped out during the instrumentation process, so it does not need to be included in binary distributions.  A signed downlevel version of the attributes library is available on the CodePlex Runtime Intelligence Integration project page (http://runtimeintelligence.codeplex.com/releases ) that can be used in any project targeting .NET 2.0 or higher.  This library is also allowed to be generally distributed with project source code.

Any project hosted on CodePlex can now take advantage of the deep knowledge into user activity that Runtime Intelligence Services provides by reviewing a sample walkthrough here and implementing this new feature into a future release.

Posted in Dotfuscator, Dotfuscator CE, Microsoft, Runtime Intelligence, Software Development Lifecycle Management, Uncategorized | No Comments »

Patch Released for Dotfuscator Community Edition 5 Affecting VB.NET RTM Projects

Saturday, May 8th, 2010 by Joe Kuemerle

A late breaking change in the RTM version of Visual Studio 2010 causes the included version of Dotfuscator Software Services Community Edition (version 5.0.2300) to fail to build new VB.NET projects with an “Encountered nooptimization at line X” message.  A patch is available to update Dotfuscator and is available at http://preemptive.com/support/dotfuscator-support

Posted in Dotfuscator, Dotfuscator CE | No Comments »

Dotfuscator 4.6.5000 ships, includes VS 2010 RTM support and offline Runtime Intelligence

Monday, April 5th, 2010 by Joe Kuemerle

Today we shipped Dotfuscator, version 4.6.5000.  This release fully supports Visual Studio 2010 and .NET 4.0 RTM versions as well as beta support for the Silverlight 4 RC release.

In addition to supporting the latest and greatest frameworks for both obfuscation and instrumentation, this release also includes a new feature that has a top spot in our customer request list.  Up until now applications instrumented with Runtime Intelligence were unable to react to scenarios where your customers have only occasional network access so some of the application analytics data was not gathered.  By default, any applications instrumented with Dotfuscator 4.6.5000 or higher will store usage data in Isolated Storage when the application cannot send data to the configured Runtime Intelligence endpoint.  When connectivity to the endpoint is restored all the saved usage data is sent to the endpoint for storage and reporting.  In the event that the Runtime Intelligence endpoint is not accessible for an extended period of time, or that the application is used so heavily that the allocated space is filled, the injected code will remove older unsent usage data to make room for newer data.  You also have the option to revert to the previous behavior of dropping usage data when the network is inaccessible by simply changing the setting for the offline behavior as well as writing your own custom network detection code.  Additionally, you can set up your application to react to changes in connectivity either with a default implementation of shutting down the application when connectivity is lost or by having the injected code set the value of a field or property, or invoke a method of your choosing.

We also improved our support of ClickOnce application processing and fixed some bugs.  As always, changes are detailed on our change log .

There are many more changes coming to Dotfuscator, DashO and Runtime Intelligence in the near future.  Keep tuned for more exciting news as it unfurls.

Posted in Dotfuscator, Runtime Intelligence, Uncategorized | No Comments »

« Older Entries