Dotfuscator User's Guide
Dotfuscating the Serialization Output

The serialization sample contains a sample Dotfuscator configuration file that demonstrates using exclusion rules to exclude the information that makes up the persisted representation of an object. This file is named serialization_config.xml and can be located in the same directory as the rest of the serialization samples. The section of the file that excludes these references is:

Serializaiton Sample Reference File
Copy Code
<renaming>
<excludelist>
  <type name="Samples.Tester">
   <field name=".*" regex="true" />
  </type>
</excludelist></renaming>

The <renaming> tag indicates that the exclusion rules contained within pertain specifically to identifier renaming, as opposed to other Dotfuscator features which can also be selectively turned on or off.

The <excludelist> tag defines a list of items that must be excluded from the renaming process. The <type name="Samples.Tester"> tag instructs Dotfuscator to exclude the class name "Samples.Tester" from the renaming process. Note that this only refers to the class name itself. All methods of the "Tester" class are still eligible for renaming. The <field name=".*" regex="true" /> tag instructs Dotfuscator to exclude all fields contained in the Tester class. Instead of calling out each field individually, which would become unwieldy in a large class, this example uses a regular expression to specify exclusion. In this case, it uses the very simple expression ".*" which matches all fields.

Executing the make.bat file will run Dotfuscator with this configuration file. The output of this process is a Serialization.exe assembly in the “output” subdirectory. This location can be controlled by modifying the following section in the configuration file:

Example Title
Copy Code
<output>
<file dir="${projectdir}\output" />
</output>

Running the new assembly verifies that Dotfuscator correctly excluded the required items from the renaming process. It is also important to note that the obfuscated application can successfully de-serialize objects persisted with the non-obfuscated application, and the non-obfuscated application can de-serialize objects persisted with the obfuscated application. The serialized objects are completely compatible with one another.

 

 


© 2016 PreEmptive Solutions, LLC. All Rights Reserved.

www.preemptive.com