PreEmptive Protection - Dotfuscator 4.31
User Guide

Command Line Interface Reference

The command line interface is designed to allow you to:

  • Obfuscate from the command line without requiring creation of a configuration file.
  • Override or supplement options in an existing configuration file using command line options.
  • Create a configuration file from the command line.
  • Launch the standalone graphical user interface with options and/or a configuration file specified on the command line.

Dotfuscator Command Prompt

You can launch a command prompt that will have the command line version of Dotfuscator (dotfuscator.exe) available on the path.

If you launch this command prompt while you have a config file open in the Dotfuscator user interface, then the Dotfuscator Command Prompt's working directory will be the location of the config file.

Command Line Option Summary

Command line options may begin with the '/' or the '-' characters.

Command Line Options:

Usage: dotfuscator [options] [gui_file]

Traditional Options

The following is a summary of the traditional command line options.

Traditional Options Description
/i Investigate only
/p=<property list> Specifies values for user defined properties in the configuration file. Comma separated list of name-value pairs (e.g. /p=projectdir=c:\\temp,projectname=MyApp.exe)
/q Quiet output
/v Verbose output
/nologo Suppresses the output of the Dotfuscator Copyright and License information.
/? Print help
/?? Print extended options
[gui_file] configuration file containing runtime options.

The /v option induces Dotfuscator to provide information about its progress during execution. The level of detail here will likely change between releases.

The /i option tells Dotfuscator to not create any output assemblies files. If the configuration file specifies a map file, the results of the run will be found there (this option is close to worthless without generating a map).

The /q option tells Dotfuscator to run completely without printed output. This is suitable for inclusion into application build sequences. This option overrides verbose mode.

The /p option tells Dotfuscator to set external properties at the command line. Setting these properties here will override those specified in the <properties> section of the configuration file.

The <proplist> is a list of comma-separated name-value pairs. For example, property declaration and assignment in conjunction with the –p option, might look like:

Property Declaration and Assignment in Conjunction with -p Option:

Properties may be quoted if they contain spaces as illustrated below:

Quoting Properties
/p=MyProperty="value has spaces"

Note: Property names are case sensitive.

By running dotfuscatorUI.exe, you can start the standalone graphical user interface with external properties and a specific configuration file:

Start Up Standalone GUI:

dotfuscatorUI.exe /p=projectdir=c:\temp project_template.xml

The configfile is a configuration file that is required for every run of Dotfuscator. Notice you do not enter configuration information or target assemblies on the command line. This information must be found in the configuration file.

Extended Options

Extended options are designed to allow for basic obfuscation from the command line, without requiring you to first create a configuration file. If you use a configuration file with an extended command line option, the command line option supplements or overrides the commands in the configuration file. See Supplementing or Overriding a Configuration File from the Command Line for more information.

Extended options are recognized by the first four characters.

The following is a summary of the extended command line options. An asterisk denotes the default setting if an option is missing and no configuration file is specified.

Extended Options Description
/in [+|-]<file>[,[+|-]<file>] Specify inputs. Any combination of assemblies, package files or directory file masks can be specified. Use a prefix to obfuscate input as library mode (+) or private (-) assembly. The default is governed by assembly file extension (EXEs are private; .DLLs are run in library mode).
/out:<directory> Specify output directory. Default is .\Dotfuscated.
/honor:[on|off*] Toggle honoring obfuscation attribute directives found in all input assemblies.
/strip:[on|off*] Toggle stripping obfuscation attributes from all input assemblies.
/makeconfig:<file> Save all runtime options (from command line and configurationfile if present) to .
/debug:[on:off*|impl|opt|pdb] Emit debugging symbols for obfuscated assemblies and control JIT behavior.
/suppress:[on|off*] Add the SuppressIldasmAttribute to supported output assemblies.
disable Disable all transforms regardless of other options
/rename:[on|off*] Enable/disable renaming.
/mapout:<file> Specify output mapping file.Default is .\Dotfuscated\map.xml.
/mapin:<file> Specify input mapping file.
/clobbermap:[on|off*] Specify map file overwrite mode.
/keep:[namespace|hierarchy|none*] Specify type renaming scheme.
/prefix:[on:off*] Append a prefix to all renamed types.
/enhancedOI:[on|off*] Use Enhanced Overload Induction.
/refsrename:[on*|off] Rename referenced metadata defined only in input map file.
/naming:[loweralpha*|upperalpha|numeric|unprintable] Specify identifier renaming scheme.
/controlflow:[high*|medium|low|off] Set control flow obfuscation level.
/encrypt:[on*|off]<\code> Enable/disable string encryption.
/prune:[on*|off|const]<\code> Enable/disable removal, or enable constant-only removal.
/link:[[+][,[+]],]out= Specify assemblies to link into named output assembly. A ‘+’ prefix indicates a primeassembly. Omit the list to link all inputs, using first input as the prime assembly. You can specify multiple link options on the command line.
/link:off Disables linking. Linking is off by default unless you pass a configuration file with linking options. This option is useful for that scenario.
/premark:[on|off*|only] Enable/disable watermarking. “Only” option disables all other transforms.
/watermark: Specify the watermark string. Quotes are optional. By default, all input assemblies will be watermarked with this string.
/passphrase: Optionally specify a passphrase to use for encrypting thewatermark string.
/charmap: Specify a character map to use to encode the watermark string. The name must be one of the supported character maps. See Character Maps.
/smart:[on|off] Enables/disables Smart Obfuscation. See SmartObfuscation.
/soreport:[all|warn|none] Sets the verbosity level of the reporting output of the Smart Obfuscation functionality. SeeSmartObfuscation.
/offlineactivation:<activation_file> Manually activate Dotfuscator with the activation data contained in the <activation_file>.


Example 1:

dotfuscator -in:my.dll

Obfuscates my.dll as a library (visible symbols preserved and unpruned) with renaming, control flow, removal, and string encryption turned on. The output assembly is written to a directory called .\Dotfuscated, and the map file is written to .\Dotfuscated\map.xml since no output directories were specified.

Example 2:

dotfuscator -in:-myapp.exe,-private.dll

Obfuscates myapp.exe and private.dll together as a standalone application. Even visible symbols inside the DLL are obfuscated. Removal is enabled based on the entry point method contained in myapp.exe.

Example 3:

dotfuscator -in:myapp.exe -mapo:MyName.xml

This command obfuscates myapp.exe as a standalone application. An output renaming map is specified.

Saving a Configuration File from the Command Line

Once you have the command line settings that you want for your application, you can save a configuration file containing those settings by using the /makeconfig option. This takes all your command line options, merges them with your configuration template if you have one, and saves a custom configuration file that you can use for future runs.


dotfuscator -in:my.dll -keep:namespace -enha:on -cont:high -make:new.xml myconfig.xml

The resulting configuration file (new.xml) shows the command line options merged with the options from the original configuration (myconfig.xml):

Configuration File:

<?xml version="1.0" encoding="utf-8" standalone="no"?>
<!DOCTYPE dotfuscator SYSTEM "">
<dotfuscator version="2.2">
        <file dir="." name="my.dll" />
    <file dir="C:\MSProjects\dotfuscatortest\Dotfuscated" />
      <mapoutput overwrite="true">
        <file dir="${configdir}\reports" name="MyMap.xml" />
  <controlflow level="high" />

Supplementing or Overriding a Configuration File from the Command Line

Dotfuscator has the unique ability to accept a complete or partial configuration file, yet allow you to supplement or override its options from the command line. This allows you to quickly adjust and tweak settings using a standard configuration file as a template.

Command Line Option Configuration File Option Notes
/in [+|-][,[+|-]] input section adds
/out: <directory> output section overrides
/honor:[on|off* ] inputassembly section overrides
/strip:[on|off*] inputassembly overrides
/debug:[on|off*|impl|opt|pdb] "debug" global option overrides
/suppress:[on|off*] "suppressildasmattribute" global option overrides
/disable Sets "disable" option in renaming, controlflow, stringencrypt, and removal sections overrides
/rename:[on:off] Sets (or unsets) "disable" option in "renaming" section. Overrides
/mapout:<file> "mapoutput" ection overrides
/mapin:<file> "mapinput" section overrides
/clobbermap:[on|off] "overwrite" attribute in "mapoutput" section overrides
/keep:[namespace|hierarchy|none] Sets (or unsets) renaming options: "keepnamespace","keephierarchy" overrides
/enhancedOI:[on|off] Sets (or unsets) "enhancedOI" renaming option overrides
/refsrename:[on|off] "obfuscatereferences" attribute in "mapinput" element. overrides
/naming:[loweralpha|upperalpha|numeric|unprintable] Sets the "scheme"attribute in the renaming section. overrides
/controlflow:[high|medium|low|off] Sets the "level" attribute in the controlflow" section. The off flag sets the "disable" option. overrides
/encrypt:[on|off] Sets (or unsets) the "disable" option in the stringencrypt* section. overrides
/prune:[on|off] Sets (or unsets) the "disable" option in the removal section. overrides
/link:[[+]<name>[,[+]<name>],]out=<name> Sets sub-elements of the element overrides
/link:off Sets the "disable" option in the linking section. overrides
/premark: [on|off*|only] Sets (or unsets) the "disable" option in the premark section. The "only` setting is not saved to the configuration file. overrides
/watermark Sets the element. overrides
/passphrase Sets the element and sets the usepassphrase option. overrides
/charmap Sets the "encoding" attribute in the premark section. overrides


The following examples use this configuration file that enables renaming with an output mapping file. It is referenced as "myconfig.xml" in the examples.

Example 1:

<?xml version="1.0"?>
<!DOCTYPE dotfuscator SYSTEM "">
<dotfuscator version="2.2">
         <mapoutput overwrite="true">
            <file dir="${configdir}\reports" name="MyMap.xml"/>
</dotfuscator>dotfuscator -in:my.dll myconfig.xml

This command specifies my.dll as an input assembly in library mode (because of the DLL extension), and applies the renaming options in the configuration file. In this case, control flow, string encryption, and removal are disabled because they are implicitly disabled in the configuration file.

The output DLL will go in a directory called ".\Dotfuscated", since an output is not specified in the configuration file or on the command line.

Example 2:

dotfuscator -in:my.dll -keep:namespace -enha:on -cont:high myconfig.xml

This command also specifies my.dll as an input assembly. In addition, it tells the renamer to keep namespaces and use enhanced overload induction. It also enables control flow obfuscation, setting the level to "high" for maximum obfuscation.

Dotfuscator Version Copyright © 2017 PreEmptive Solutions, LLC