Dotfuscator User's Guide
InsertTamperCheckAttribute

Summary

The InsertTamperCheckAttribute is an instrumentation-time attribute for methods. Dotfuscator will insert tamper checking code into any method with this attribute. At runtime, the tamper checking code can send a PreEmptive Analytics tamper message if the application integrity checks fail. It can also invoke custom code in your application or invoke predefined code actions that do things such as simply exiting the application, hanging the application, or throwing an exception.

If you wish to send PreEmptive Analytics tamper messages, do not put this attribute on the same method containing the Setup Attribute. Methods with this attribute must be executed after the method containing the Setup Attribute.

Dotfuscator will remove this custom attribute from the metadata after instrumentation.

See Tamper Check for a high-level discussion of the features of InsertTamperCheckAttribute.

Note that though this attribute is used to indicate a Check, it does not derive from RuntimeCheckAttribute for historical reasons.

InsertTamperCheckAttribute
Copy Code
public sealed class InsertTamperCheckAttribute : Attribute

Constructor Members

Name Summary
InsertTamperCheckAttribute() Initializes a new instance of the class.

Property Members

Name Summary
Action : CheckAction

Indicates what predefined action the application should take in the event of a tamper detection, at the time that the attributed method is called (e.g. exit, hang, throw an exception, do nothing). By default, this is set to CheckAction.None. See CheckAction for possible values.

Note that setting this to CheckAction.Exit is the replacement for setting  ApplicationNotificationSinkElement set to "DefaultAction" (which is now deprecated).

ActionProbability : double Indicates the probability of the specified CheckAction occurring. It should be a decimal number between 0.00 (never) and 1.00 (always). For example, a value of 0.50 indicates a 50% chance of the CheckAction executing, while a value of 0.83 would indicate a 83% chance of it executing. By default, this is set to 1.00 so that the CheckAction will always execute upon tamper detection.
ApplicationNotificationSinkElement : SinkElements

Indicates whether and how to notify the application after a tamper check, at the time that the attributed method is called. A sink element may be a writable boolean field, settable boolean property, a void( boolean ) method to call, or a Delegate to invoke. To use this property, ApplicationNotificationSinkName must also be set. If ApplicationNotificationSinkElement is a field, property, or method, the ApplicationNotificationSinkOwner should also be set if it is not in the same class as the attributed method.

If the ApplicationNotificationSinkElement is set to "DefaultAction", Dotfuscator will inject code that exits the application if tampering is detected. This behavior is, however, deprecated. Instead, set Action to CheckAction.Exit to get this behavior. Furthermore, it is not valid to use Action set to anything other than CheckAction.None in conjuntion with ApplicationNotificationSinkElement set to "DefaultAction".

See the "ApplicationNotificationSinkElement" table immediately following this table for more details about the various values you can use here.

ApplicationNotificationSinkName : String The name of the property, field, method to set or call after a tamper check. If this property is set, ApplicationNotificationSinkElement is required to be set as well. If this property is not set, Dotfuscator will not generate code that notifies the application of a tamper.
ApplicationNotificationSinkOwner : Type ApplicationNotificationSinkOwner indicates the name of the type that defines the ApplicationNotificationSink method, field, property, argument, or delegate. If not set, the named sink element is searched for on the attributed method’s type.

ExtendedKeyMethodArguements : String

A pattern indicating which parameter names and values should be automatically added to the messages extended key data at runtime.  See Automatically Sending Method Parameters as Extended Keys for details on supported patterns.

ExtendedKeySourceElement : SourceElements Indicates how to access the extended key dictionary at runtime, at the time that the attributed method is called (e.g. a field, property, method, or method parameter). To use this property, ExtendedKeySourceName must also be set. If ExtendedKeySourceElement is a field, method, or property, ExtendedKeySourceOwner must also be set unless the field, method or property is defined on the same class as the attributed method.
ExtendedKeySourceName : String The name of the property, field, method, or method parameter that will contain the extended key dictionary at runtime, at the time that the attributed method is called. If this property is set, ExtendedKeySourceElement is required to be set as well. If this property is not set, Dotfuscator will not generate code to send extended key information.
ExtendedKeySourceOwner : Type If the ExtendedKeySourceElement is a field, method, or property, ExtendedKeySourceOwner indicates the name of the type that defines the field, method, or property. If not set, the named source element is searched for on the attributed method’s type.
  

ApplicationNotificationSinkElement

Possible Values Summary
SinkElements.Method

The specified method will be called with true if tampering is detected; false if not. The method should be accessible from the attributed method and have this signature: void( bool ). If the method is not static, it must be defined on the same class as the attributed method, and the attributed method must not be static. The name of the method must be specified in ApplicationNotificationSinkName. The generated code will make no attempt to catch or handle exceptions thrown from the method. The type defining the method should be specified in ApplicationNotificationSinkOwner; if ApplicationNotificationSinkOwner is left unset, Dotfuscator will look for the method on the type defining the attributed method.

SinkElements.Property

The specified property will be set to true if tampering is detected; false if not. The property should be writable, accessible from the attributed method, and of boolean type. If the property is not static, it must be defined on the same class as the attributed method, and the attributed method must not be static. The name of the property must be specified in ApplicationNotificationSinkName. The generated code will make no attempt to catch or handle exceptions thrown from the property setter. The type defining the property should be specified in ApplicationNotificationSinkOwner; if ApplicationNotificationSinkOwner is left unset, Dotfuscator will look for the property on the type defining the attributed method.

SinkElements.Field The specified field will be set to true if tampering is detected; false if not. The field should be accessible from the attributed method and of boolean type. If the field is not static, it must be defined on the same class as the attributed method, and the attributed method must not be static. The name of the field must be specified in ApplicationNotificationSinkName. The type defining the field should be specified in ApplicationNotificationSinkOwner; if ApplicationNotificationSinkOwner is left unset, Dotfuscator will look for the field on the type defining the attributed method.
SinkElements.MethodArgument

The specified argument should be a Delegate type and the Delegate must have this signature: void( bool ). The Delegate will be invoked with the boolean argument set to true if a tamper is detected; false if not. The generated code will make no attempt to catch or handle exceptions thrown from the invoked Delegate. The name of the method argument must be specified in ApplicationNotificationSinkName. ApplicationNotificationSinkOwner is unused.

SinkElements.Delegate The specified sink should be a field of Delegate type. The Delegate will be invoked with the boolean argument set to true if a tamper is detected; false if not. If the field is not static, it must be defined on the same class as the attributed method, and the attributed method must not be static. The name of the field must be specified in ApplicationNotificationSinkName. ApplicationNotificationSinkOwner is unused. The Delegate must have this signature: void( bool ). The generated code will make no attempt to catch or handle exceptions thrown from the invoked Delegate.
SinkElements.DefaultAction Dotfuscator will inject code that exits the application if tampering is detected. Deprecated: instead, set Action to CheckAction.Exit.

SinkElements.None

Dotfuscator will not inject any code to react in a custom manner if a tamper is detected (though Dotfuscator will still generate code to send a message to a PreEmptive Analytics Endpoint if configured to do so and will still inject appropriate pre-defined code if an Action if specified).

  
See Also

Instrumentation

References

Tamper

 

 


© 2016 PreEmptive Solutions, LLC. All Rights Reserved.

www.preemptive.com