Getting Started
Understanding Protection
Understanding Obfuscation
Understanding Checks
Understanding Instrumentation
Using the GUI
References
When processing an input assembly, Dotfuscator recognizes a number of attributes that dictate how it should inject Checks into the assembly. By using these attributes on your source code, you can configure Dotfuscator's Checks inline with your application code. This page details these attributes.
Note that you can also configure Checks using the Dotfuscator user interface. For information on when you might want to configure via the user interface and when you might want to use attributes, see the When to Use Attributes section of the Attributes Overview page.
Important: Injection in general is controlled by the Enable Injection global option. If this option is disabled, no code will be injected despite any attributes.
Dotfuscator ships with a reference assembly that defines the Check Attributes.
The assembly is named PreEmptive.Attributes.dll
and is located in the same directory where Dotfuscator is installed.
The easiest way to find the path to this assembly is to:
Open a Dotfuscator command prompt.
Run the command where PreEmptive.Attributes.dll
and copy the result.
You can then add a reference to this assembly to your project. Note that the assembly has no dependencies besides the framework itself, so it can be copied to a different location if desired.
This section lists the attributes that Dotfuscator recognizes to configure its Check injection.
Instructs Dotfuscator to inject a Tamper Check with the annotated method as its sole location.
In prior versions of Dotfuscator, this attribute was known as InsertTamperCheckAttribute
.
That attribute is now deprecated; we recommend using TamperCheckAttribute
.
Namespace: PreEmptive.Attributes
Applies to: Method
Multiple allowed on one code element: No
Requirements:
For Dotfuscator to recognize uses of this attribute and inject a Tamper Check, all of the following must be true:
The Enable Injection global option must be enabled; and,
The Honor Injection Attributes input option for the input assembly that contains this attribute must be enabled, which it is by default.
For the injected Tamper Check to send telemetry, all of the following must be true:
When Dotfuscator builds the project, the Send Tamper Check Messages global option must be enabled; and,
At runtime, when the Check runs, instrumentation must be set up (via a call to some other method annotated with SetupAttribute
).
For Dotfuscator to remove uses of this attribute from the protected assembly, the Strip Injection Attributes input option for the input assembly that contains this attribute must be enabled, which it is by default.
Properties:
Action: The Check Action the Check will take if it detects a tampered application.
ActionProbability: Specifies the probability that the Check Action will occur when tampering is detected, expressed as a range between 0.00
and 1.00
.
1.00
(Check Action always occurs when tampering is detected).ApplicationNotificationSinkElement: Specifies the kind of code element that the Check will use to inform the application of the Check's result. This code element is known as an Application Notification Sink.
Defaults to None, which means the application is not notified of the Check's result.
If Method, MethodArgument, or Delegate, the Check calls a method, delegate method argument, or delegate field with the signature void(bool)
.
If Field or Property, the Check sets a bool
field or property.
DefaultAction is deprecated. Please set Action to Exit for the same behavior.
ApplicationNotificationSinkName: Specifies the name of the Application notification sink.
ApplicationNotificationSinkOwner: Specifies the name of the type that declares the Application notification sink.
ExtendedKeyMethodArguments: Specifies which (if any) arguments of the annotated method should be sent as user-defined data with Tamper Check telemetry.
Defaults to sending no arguments.
See Automatically Sending Method Parameters as Extended Keys for more detail on how to configure this property.
ExtendedKeySourceElement: Specifies the kind of code element that contains the user-defined data to be sent with Tamper Check telemetry. This code element is known as an Extended Key Source.
Defaults to None, which means Check Telemetry will only send user-defined data specified by ExtendedKeyMethodArguments.
If MethodArgument, Field, or Property, the Check uses data stored in a IDictionary<string, string>
method argument, field, or property (use of the non-generic IDictionary
is also permitted).
If Method, the Check calls and uses the return value of a method with the signature IDictionary<string, string>()
(use of the non-generic IDictionary()
signature is also permitted).
DefaultAction is deprecated. Please use None for the same behavior.
ExtendedKeySourceName: Specifies the name of the Extended Key Source.
ExtendedKeySourceOwner: Specifies the name of the type that declares the Extended Key Source.
Instructs Dotfuscator to inject a Debugging Check with the annotated method as its sole location.
Namespace: PreEmptive.Attributes
Applies to: Method
Multiple allowed on one code element: No
Requirements:
For Dotfuscator to recognize uses of this attribute and inject a Debugging Check, all of the following must be true:
The Enable Injection global option must be enabled; and,
The Honor Injection Attributes input option for the input assembly that contains this attribute must be enabled, which it is by default.
For the injected Debugging Check to send telemetry, all of the following must be true:
When Dotfuscator builds the project, the Send Debug Check Messages global option must be enabled; and,
At runtime, when the Check runs, instrumentation must be set up (via a call to some other method annotated with SetupAttribute
).
For Dotfuscator to remove uses of this attribute from the protected assembly, the Strip Injection Attributes input option for the input assembly that contains this attribute must be enabled, which it is by default.
Properties:
Action: The Check Action the Check will take if it detects a debugger attached to the application.
ActionProbability: Specifies the probability that the Check Action will occur when a debugger is detected, expressed as a range between 0.00
and 1.00
.
1.00
(Check Action always occurs when debugging is detected).ApplicationNotificationSinkElement: Specifies the kind of code element that the Check will use to inform the application of the Check's result. This code element is known as an Application Notification Sink.
Defaults to None, which means the application is not notified of the Check's result.
If Method, MethodArgument, or Delegate, the Check calls a method, delegate method argument, or delegate field with the signature void(bool)
.
If Field or Property, the Check sets a bool
field or property.
DefaultAction is not supported. Dotfuscator will error if this setting is used.
ApplicationNotificationSinkName: Specifies the name of the Application Notification Sink.
ApplicationNotificationSinkOwner: Specifies the name of the type that declares the Application Notification Sink.
ExtendedKeyMethodArguments: Specifies which (if any) arguments of the annotated method should be sent as user-defined data with Debugging Check telemetry.
Defaults to sending no arguments.
See Automatically Sending Method Parameters as Extended Keys for more detail on how to configure this property.
ExtendedKeySourceElement: Specifies the kind of code element that contains the user-defined data to be sent with Debugging Check telemetry. This code element is known as an Extended Key Source.
Defaults to None, which means Check Telemetry will only send user-defined data specified by ExtendedKeyMethodArguments.
If MethodArgument, Field, or Property, the Check uses data stored in a IDictionary<string, string>
method argument, field, or property (use of the non-generic IDictionary
is also permitted).
If Method, the Check calls and uses the return value of a method with the signature IDictionary<string, string>()
(use of the non-generic IDictionary()
signature is also permitted).
DefaultAction is deprecated. Please use None for the same behavior.
ExtendedKeySourceName: Specifies the name of the Extended Key Source.
ExtendedKeySourceOwner: Specifies the name of the type that declares the Extended Key Source.
Instructs Dotfuscator to inject a Shelf Life Check with the annotated method as its sole location.
A Shelf Life Activation Key is required to use this attribute.
In prior versions of Dotfuscator, this attribute was known as InsertShelfLifeAttribute
.
That attribute is now deprecated; we recommend using ShelfLifeCheckAttribute
.
Namespace: PreEmptive.Attributes
Applies to: Method
Multiple allowed on one code element: No
Requirements:
For Dotfuscator to recognize uses of this attribute and inject a Shelf Life Check, all of the following must be true:
The Enable Injection global option must be enabled; and,
The Honor Injection Attributes input option for the input assembly that contains this attribute must be enabled, which it is by default; and,
The attribute's ActivationKeyFile property must refer to a valid Shelf Life Activation Key; and,
Either:
The attribute's ExpirationDate property must be set (to embed the Shelf Life Token with the Check); or,
The attribute's ShelfLifeTokenSource property must be set (to have the Check retrieve the Shelf Life Token at runtime).
For the injected Shelf Life Check to send telemetry, all of the following must be true:
When Dotfuscator builds the project, the Send Shelf Life Messages global option must be enabled; and,
At runtime, when the Check runs, instrumentation must be set up (via a call to some other method annotated with SetupAttribute
).
For Dotfuscator to remove uses of this attribute from the protected assembly, the Strip Injection Attributes input option for the input assembly that contains this attribute must be enabled, which it is by default.
Properties:
ActivationKeyFile: The path to a valid Shelf Life Activation Key file at build time.
Always required.
The file is not needed after Dotfuscator processes the assembly.
ExpirationDate: The expiration date of the application, expressed either as an absolute date (YYYY-MM-DD
) or as the number of days beyond the date of Dotfuscator's processing.
ExpirationNotificationSinkElement: Specifies the kind of code element that the Check will use to inform the application either whether the application is expired or of the warning and expiration dates. This code element is known as an Expiration Notification Sink.
Defaults to None, which means the application is not notified through the Expiration Notification sink.
To report whether the application has expired:
If Method, MethodArgument, or Delegate, the Check calls a method, delegate method argument, or delegate field with the signature void(bool)
.
If Field or Property, the Check sets a bool
field or property.
To report the Shelf Life warning and expiration dates:
If Method, MethodArgument, or Delegate, the Check calls a method, delegate method argument, or delegate field with the signature void(string, string)
.
Field and Property are not supported in this mode.
If DefaultAction, the Check exits the application if the application is expired.
ExpirationNotificationSinkName: Specifies the name of the Expiration Notification Sink.
ExpirationNotificationSinkOwner: Specifies the name of the type that declares the Expiration Notification Sink.
WarningDate: The warning date of the application, expressed either as an absolute date (YYYY-MM-DD
) or as the number of days beyond the date of Dotfuscator's processing.
Defaults to no warning date.
If specified, it must be before the ExpirationDate.
WarningNotificationSinkElement: Specifies the kind of code element that the Check will use to inform the application either whether the application is in the warning period or of the warning and expiration dates. This code element is known as an Warning Notification Sink.
Defaults to None, which means the application is not notified through the Warning Notification sink.
To report whether the application is in the warning period:
If Method, MethodArgument, or Delegate, the Check calls a method, delegate method argument, or delegate field with the signature void(bool)
.
If Field or Property, the Check sets a bool
field or property.
To report the Shelf Life warning and expiration dates:
If Method, MethodArgument, or Delegate, the Check calls a method, delegate method argument, or delegate field with the signature void(string, string)
.
Field and Property are not supported in this mode.
DefaultAction is deprecated. Please use None for the same behavior.
WarningNotificationSinkName: Specifies the name of the Warning Notification Sink.
WarningNotificationSinkOwner: Specifies the name of the type that declares the Warning Notification Sink.
PrivateKeyFile: The path to a private key files (in the PKCS #12 format) at build time.
Defaults to not signing the embedded Shelf Life Token.
Only used if ExpirationDate is set (that is, Dotfuscator will embed the Shelf Life Token with the Check). Ignored otherwise. To sign a Shelf Life Token generated manually, use the appropriate field when using the user interface to Generate New Shelf Life Token.
PrivateKeyFilePassword: The password to the private key file.
Defaults to no password.
Only used if PrivateKeyFile is specified.
ShelfLifeTokenSourceElement: Specifies the kind of code element that contains an externally-stored Shelf Life Token. This code element is known as a Shelf Life Token Source.
Defaults to None, which means Dotfuscator will automatically embed a Shelf Life Token with the Check, based on the ExpirationDate, WarningDate, PrivateKeyFile, and PrivateKeyFilePassword properties.
If MethodArgument, Field, or Property, the Check uses a Shelf Life Token provided in a string
method argument, field, or property.
If Method, the Check uses a Shelf Life Token returned by a method with the signature string()
.
DefaultAction is not supported.
ShelfLifeTokenSourceName: Specifies the name of the Shelf Life Token Source.
ShelfLifeTokenSourceOwner: Specifies the name of the type that declares the Shelf Life Token Source.
ExtendedKeyMethodArguments: Specifies which (if any) arguments of the annotated method should be sent as user-defined data with Shelf Life Check telemetry.
Defaults to sending no arguments.
See Automatically Sending Method Parameters as Extended Keys for more detail on how to configure this property.
ExtendedKeySourceElement: Specifies the kind of code element that contains the user-defined data to be sent with Shelf Life Check telemetry. This code element is known as an Extended Key Source.
Defaults to None, which means Check Telemetry will only send user-defined data specified by ExtendedKeyMethodArguments.
If MethodArgument, Field, or Property, the Check uses data stored in a IDictionary<string, string>
method argument, field, or property (use of the non-generic IDictionary
is also permitted).
If Method, the Check calls and uses the return value of a method with the signature IDictionary<string, string>()
(use of the non-generic IDictionary()
signature is also permitted).
DefaultAction is deprecated. Please use None for the same behavior.
ExtendedKeySourceName: Specifies the name of the Extended Key Source.
ExtendedKeySourceOwner: Specifies the name of the type that declares the Extended Key Source.
Dotfuscator Version 4.33.0.6680. Copyright © 2017 PreEmptive Solutions, LLC