Anatomy of a serialization killer
Posted
by Brian Donahue
on Simple Talk
See other posts from Simple Talk
or by Brian Donahue
Published on Sun, 19 Dec 2010 20:48:00 GMT
Indexed on
2010/12/20
17:53 UTC
Read the original article
Hit count: 557
As I had mentioned last month, I have been working on a project to create an easy-to-use managed debugger. It's still an internal tool that we use at Red Gate as part of product support to analyze application errors on customer's computers, and as such, should be easy to use and not require installation. Since the project has got rather large and important, I had decided to use SmartAssembly to protect all of my hard work. This was trivial for the most part, but the loading and saving of results was broken by SA after using the obfuscation, rendering the loading and saving of XML results basically useless, although the merging and error reporting was an absolute godsend and definitely worth the price of admission. (Well, I get my Red Gate licenses for free, but you know what I mean!)
My initial reaction was to simply exclude the serializable results class and all of its' members from obfuscation, and that was just dandy, but a few weeks on I decided to look into exactly why serialization had broken and change the code to work with SA so I could write any new code to be compatible with SmartAssembly and save me some additional testing and changes to the SA project.
In simple terms, SA does all that it can to prevent serialization problems, for instance, it will not obfuscate public members of a DLL and it will exclude any types with the Serializable attribute from obfuscation. This prevents public members and properties from being made private and having the name changed. If the serialization is done inside the executable, however, public members have the access changed to private and are renamed. That was my first problem, because my types were in the executable assembly and implemented ISerializable, but did not have the Serializable attribute set on them!
- public class RedFlagResults : ISerializable
- {
- }
The second problem caused by the pruning feature. Although RedFlagResults had public members, they were not truly properties, and used the GetObjectData() method of ISerializable to serialize the members. For that reason, SA could not exclude these members from pruning and further broke the serialization.
- public class RedFlagResults : ISerializable
- {
- public List<RedFlag.Exception> Exceptions;
- #region ISerializable Members
- public void GetObjectData(SerializationInfo info, StreamingContext context)
- {
- info.AddValue("Exceptions", Exceptions);
- }
- #endregion
- [Serializable, SmartAssembly.Attributes.DoNotPrune]
- public class RedFlagResults
- {
- public List<RedFlag.Exception> Exceptions {get;set;}
- }
Now my project has some protection from prying eyes by scrambling up the code so it's harder to reverse-engineer, without breaking anything. SmartAssembly has also provided the benefit of merging so that the end-user doesn't need to extract all of the DLL files needed by RedFlag into a directory, and can be run directly from the .zip archive. When an error occurs (hey, I'm only human!), an exception report can be sent to me so I can see what went wrong without having to, er, debug the debugger.
© Simple Talk or respective owner