Getting Started
Understanding Protection
Understanding Obfuscation
Understanding Checks
Understanding Instrumentation
Using the GUI
References
The command line interface is designed to allow you to:
You can launch a command prompt that will have the command line version of Dotfuscator (dotfuscator.exe
) available on the path.
If you launch this command prompt while you have a config file open in the Dotfuscator user interface, then the Dotfuscator Command Prompt's working directory will be the location of the config file.
Command line options may begin with the '/' or the '-' characters.
Command Line Options:
Usage: dotfuscator [options] [gui_file]
The following is a summary of the traditional command line options.
Traditional Options | Description |
---|---|
/i |
Investigate only |
/p=<property list> |
Specifies values for user defined properties in the configuration file. Comma separated list of name-value pairs (e.g. /p=projectdir=c:\\temp,projectname=MyApp.exe) |
/q |
Quiet output |
/v |
Verbose output |
/nologo |
Suppresses the output of the Dotfuscator Copyright and License information. |
/? |
Print help |
/?? |
Print extended options |
[gui_file] |
configuration file containing runtime options. |
The /v
option induces Dotfuscator to provide information about its progress during execution.
The level of detail here will likely change between releases.
The /i
option tells Dotfuscator to not create any output assemblies files.
If the configuration file specifies a map file, the results of the run will be found there (this option is close to worthless without generating a map).
The /q
option tells Dotfuscator to run completely without printed output.
This is suitable for inclusion into application build sequences.
This option overrides verbose mode.
The /p
option tells Dotfuscator to set external properties at the command line.
Setting these properties here will override those specified in the <properties>
section of the configuration file.
The <proplist>
is a list of comma-separated name-value pairs.
For example, property declaration and assignment in conjunction with the –p
option, might look like:
Property Declaration and Assignment in Conjunction with -p Option: |
---|
/p=projectdir=c:\temp,projectname=MyApp |
Properties may be quoted if they contain spaces as illustrated below:
Quoting Properties |
---|
/p=MyProperty="value has spaces" |
Note: Property names are case sensitive.
By running dotfuscatorUI.exe, you can start the standalone graphical user interface with external properties and a specific configuration file:
Start Up Standalone GUI:
dotfuscatorUI.exe /p=projectdir=c:\temp project_template.xml
The configfile
is a configuration file that is required for every run of Dotfuscator.
Notice you do not enter configuration information or target assemblies on the command line.
This information must be found in the configuration file.
Extended options are designed to allow for basic obfuscation from the command line, without requiring you to first create a configuration file. If you use a configuration file with an extended command line option, the command line option supplements or overrides the commands in the configuration file. See Supplementing or Overriding a Configuration File from the Command Line for more information.
Extended options are recognized by the first four characters.
The following is a summary of the extended command line options. An asterisk denotes the default setting if an option is missing and no configuration file is specified.
Extended Options | Description |
---|---|
/in [+|-]<file>[,[+|-]<file>] |
Specify inputs. Any combination of assemblies, package files or directory file masks can be specified. Use a prefix to obfuscate input as library mode (+) or private (-) assembly. The default is governed by assembly file extension (EXEs are private; .DLLs are run in library mode). |
/out:<directory> |
Specify output directory. Default is .\Dotfuscated. |
/honor:[on|off*] |
Toggle honoring obfuscation attribute directives found in all input assemblies. |
/strip:[on|off*] |
Toggle stripping obfuscation attributes from all input assemblies. |
/makeconfig:<file> |
Save all runtime options (from command line and configurationfile if present) to |
/debug:[on:off*|impl|opt|pdb] |
Emit debugging symbols for obfuscated assemblies and control JIT behavior. |
/suppress:[on|off*] |
Add the SuppressIldasmAttribute to supported output assemblies. |
/disable |
Disable all transforms regardless of other options |
/mono-compatible:[on|off*] |
Use only Mono-compatible transforms. |
/rename:[on|off*] |
Enable/disable renaming. |
/mapout:<file> |
Specify output mapping file. Default is .\Dotfuscated\map.xml. |
/mapin:<file> |
Specify input mapping file. |
/clobbermap:[on|off*] |
Specify map file overwrite mode. |
/keep:[namespace|hierarchy|none*] |
Specify type renaming scheme. |
/prefix:[on:off*] |
Append a prefix to all renamed types. |
/enhancedOI:[on|off*] |
Use Enhanced Overload Induction. |
/refsrename:[on*|off] |
Rename referenced metadata defined only in input map file. |
/naming:[loweralpha*|upperalpha|numeric|unprintable] |
Specify identifier renaming scheme. |
/controlflow:[high*|medium|low|off] |
Set control flow obfuscation level. |
/encrypt:[on*|off]<\code> |
Enable/disable string encryption. |
/prune:[on*|off|const]<\code> |
Enable/disable removal, or enable constant-only removal. |
/rmout:<file> |
Specify removal report file. By default no report is written. |
/rmclobber:[on|off*] |
Enable/disable overwriting the removal report without backing up an existing copy. |
/link:[[+] |
Specify assemblies to link into named output assembly. A ‘+’ prefix indicates a primeassembly. Omit the list to link all inputs, using first input as the prime assembly. You can specify multiple link options on the command line. |
/link:off |
Disables linking. Linking is off by default unless you pass a configuration file with linking options. This option is useful for that scenario. |
/premark:[on|off*|only] |
Enable/disable watermarking. “Only” option disables all other transforms. |
/watermark: |
Specify the watermark string. Quotes are optional. By default, all input assemblies will be watermarked with this string. |
/passphrase: |
Optionally specify a passphrase to use for encrypting thewatermark string. |
/charmap: |
Specify a character map to use to encode the watermark string. The name must be one of the supported character maps. See Character Maps. |
/smart:[on|off] |
Enables/disables Smart Obfuscation. See SmartObfuscation. |
/soreport:[all|warn|none] |
Sets the verbosity level of the reporting output of the Smart Obfuscation functionality. SeeSmartObfuscation. |
/soout:<file> |
Specify smart obfuscation report file. By default no report is written. |
/soclobber:[on|off*] |
Enable/disable overwriting the smart obfuscation report without backing up an existing copy. |
/offlineactivation:<activation_file> |
Manually activate Dotfuscator with the activation data contained in the <activation_file>. |
Example 1:
dotfuscator -in:my.dll
Obfuscates my.dll
as a library (visible symbols preserved and unpruned) with renaming, control flow, removal, and string encryption turned on.
The output assembly is written to a directory called .\Dotfuscated, and the map file is written to .\Dotfuscated\map.xml since no output directories were specified.
Example 2:
dotfuscator -in:-myapp.exe,-private.dll
Obfuscates myapp.exe
and private.dll
together as a standalone application.
Even visible symbols inside the DLL are obfuscated.
Removal is enabled based on the entry point method contained in myapp.exe.
Example 3:
dotfuscator -in:myapp.exe -mapo:MyName.xml
This command obfuscates myapp.exe
as a standalone application.
An output renaming map is specified.
Once you have the command line settings that you want for your application, you can save a configuration file containing those settings by using the /makeconfig option. This takes all your command line options, merges them with your configuration template if you have one, and saves a custom configuration file that you can use for future runs.
Example:
dotfuscator -in:my.dll -keep:namespace -enha:on -cont:high -make:new.xml myconfig.xml
The resulting configuration file (new.xml
) shows the command line options merged with the options from the original configuration (myconfig.xml
):
Configuration File:
<?xml version="1.0" encoding="utf-8" standalone="no"?>
<!DOCTYPE dotfuscator SYSTEM "http://www.preemptive.com/dotfuscator/dtd/dotfuscator_v2.2.dtd">
<dotfuscator version="2.2">
<input>
<asmlist>
<inputassembly>
<option>library</option>
<file dir="." name="my.dll" />
</inputassembly>
</asmlist>
</input>
<output>
<file dir="C:\MSProjects\dotfuscatortest\Dotfuscated" />
</output>
<renaming>
<option>enhancedOI</option>
<option>keepnamespace</option>
<mapping>
<mapoutput overwrite="true">
<file dir="${configdir}\reports" name="MyMap.xml" />
</mapoutput>
</mapping>
</renaming>
<controlflow level="high" />
</dotfuscator>
Dotfuscator has the unique ability to accept a complete or partial configuration file, yet allow you to supplement or override its options from the command line. This allows you to quickly adjust and tweak settings using a standard configuration file as a template.
Command Line Option | Configuration File Option | Notes |
---|---|---|
/in [+|-] |
input section | adds |
/out: <directory> |
output section | overrides |
/honor:[on|off* ] |
inputassembly section | overrides |
/strip:[on|off*] |
inputassembly | overrides |
/debug:[on|off*|impl|opt|pdb] |
"debug" global option | overrides |
/suppress:[on|off*] |
"suppressildasmattribute" global option | overrides |
/disable |
Sets "disable" option in renaming, controlflow, stringencrypt, and removal sections | overrides |
/rename:[on:off] |
Sets (or unsets) "disable" option in "renaming" section. | Overrides |
/mapout:<file> |
"mapoutput" section | overrides |
/mapin:<file> |
"mapinput" section | overrides |
/clobbermap:[on|off] |
"overwrite" attribute in "mapoutput" section | overrides |
/keep:[namespace|hierarchy|none] |
Sets (or unsets) renaming options: "keepnamespace","keephierarchy" | overrides |
/enhancedOI:[on|off] |
Sets (or unsets) "enhancedOI" renaming option | overrides |
/refsrename:[on|off] |
"obfuscatereferences" attribute in "mapinput" element. | overrides |
/naming:[loweralpha|upperalpha|numeric|unprintable] |
Sets the "scheme"attribute in the renaming section. | overrides |
/controlflow:[high|medium|low|off] |
Sets the "level" attribute in the controlflow" section. The off flag sets the "disable" option. | overrides |
/encrypt:[on|off] |
Sets (or unsets) the "disable" option in the stringencrypt* section. | overrides |
/prune:[on|off] |
Sets (or unsets) the "disable" option in the removal section. | overrides |
/rmout:<file> |
Sets the "removalreport" option in the removal section | overrides |
/soout:<file> |
Sets the "file" attribute on the "smartobfuscationreport" option in the smartobfuscation section | overrides |
/link:[[+]<name>[,[+]<name>],]out=<name> |
Sets sub-elements of the |
overrides |
/link:off |
Sets the "disable" option in the linking section. | overrides |
/premark: [on|off*|only] |
Sets (or unsets) the "disable" option in the premark section. The "only` setting is not saved to the configuration file. | overrides |
/watermark |
Sets the |
overrides |
/passphrase |
Sets the |
overrides |
/charmap |
Sets the "encoding" attribute in the premark section. | overrides |
The following examples use this configuration file that enables renaming with an output mapping file.
It is referenced as "myconfig.xml
" in the examples.
Example 1:
<?xml version="1.0"?>
<!DOCTYPE dotfuscator SYSTEM "http://www.preemptive.com/dotfuscator/dtd/dotfuscator_v2.2.dtd">
<dotfuscator version="2.2">
<renaming>
<mapping>
<mapoutput overwrite="true">
<file dir="${configdir}\reports" name="MyMap.xml"/>
</mapoutput>
</mapping>
</renaming>
</dotfuscator>dotfuscator -in:my.dll myconfig.xml
This command specifies my.dll
as an input assembly in library mode (because of the DLL extension), and applies the renaming options in the configuration file.
In this case, control flow, string encryption, and removal are disabled because they are implicitly disabled in the configuration file.
The output DLL will go in a directory called ".\Dotfuscated", since an output is not specified in the configuration file or on the command line.
Example 2:
dotfuscator -in:my.dll -keep:namespace -enha:on -cont:high myconfig.xml
This command also specifies my.dll
as an input assembly.
In addition, it tells the renamer to keep namespaces and use enhanced overload induction.
It also enables control flow obfuscation, setting the level to "high" for maximum obfuscation.
Dotfuscator Version 4.33.0.6680. Copyright © 2017 PreEmptive Solutions, LLC