Dotfuscator User's Guide
Tamper Actions

In addition to sending tamper notifications to the managed service, the InsertTamperCheck attribute can be used to inject code that gets executed during the tamper verification.

Check Action

There are pre-determined actions that can be executed if tampering is detected in your application. The Check Action property of an InsertTamperCheck can be set to one of the following values:

When the Exception action is used, Dotfuscator makes an effort to hide the thrown exception's stack trace, to prevent further reverse-engineering. However, the stack trace will be visible in some places, such as in the default .NET unhandled exception handler. You may want to catch and handle exceptions thrown by the instrumented code; the exceptions created by this action will appear to have no stack trace when handled by user code.

All Check Actions take place after any configured Application Notification sinks (as defined in the named section below) and cannot be used with the deprecated DefaultAction Application Notification.

Check Action Probability

Reducing the probability of a Check Action occurring can hinder reverse engineering by presenting an attacker with non-deterministic behavior when tampering is detected. The Check Action Probability should be a decimal number between 0.00 (never) and 1.00 (always). For example a value of 0.50 indicates a 50% chance of the Check Action executing, while a value of 0.83 would indicate a 83% chance of it executing, etc.

The default Check Action Probability is 1.00.

Application Notification

To accomplish this, the InsertTamperCheck attribute is used to specify an ApplicationNotificationSink, which Dotfuscator uses to generate code that communicates the results of the tamper check back to the application. The ApplicationNotificationSink may be a writeable boolean-valued property or field, or it may be a method or delegate with the signature void(bool). After a tamper check, the generated code sets the boolean value to true if the application has been tampered with; false if not. The application is free to react in any way in response to a tamper notification.

The InsertTamperCheck attribute defines three properties for specifying an ApplicationNotificationSink:

These properties are described in more detail in the InsertTamperCheckAttribute section of the custom attribute reference.

The Application Notification Sink settings are optional. If they are omitted, the application is not notified when the tamper check is executed.

Note that you can specify an Application Notification Sink along with a Check Action. The Check Action will be executed after the Application Notification Sink is called.

Note that configuring the ApplicationNotificationSinkElement to DefaultAction is now deprecated, and the Exit Check Action should be used instead. However, if the ApplicationNotificationSinkElement is nevertheless set to DefaultAction, Dotfuscator will inject code that exits the application if tampering is detected. This value cannot be used in conjuction with a Check Action and will result in a build error if both are configured.


Sample InsertTamperCheck attribute usage with ApplicationNotificationSink as an instance field defined in the same class as the attributed method:

InsertTamperCheck Attribute Usage with ApplicationNotificationSink
Copy Code
class TamperSample {
   bool instanceTamperFlag;
      ApplicationNotificationSinkElement = SinkElements.Field,
      ApplicationNotificationSinkName = "instanceTamperFlag"
   private void Verify() {
     // Dotfuscator will add Tamper detection and notification code here
   private CheckTamperState() {
      if ( instanceTamperFlag ) {
         // app has been tampered with
      else {
         // app has not been tampered with
See Also




© 2016 PreEmptive Solutions, LLC. All Rights Reserved.