How to identify obfuscated code

Question

1.00/5 (1 vote)

See more:

.NET3.5

.NET

How to identify obfuscated code

Posted 28-Jun-12 22:05pm

sp1786

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2012-06-28T22:12:00

Solution 1

The whole idea of obfuscation is to make it hard to read - so if you can't read the code when you reverse engineer it, it is probably obfuscated.

Or you aren't very good at reading reverse engineered code. Could be both. :laugh:

Posted 28-Jun-12 22:12pm

OriginalGriff

Mehdi Gholam · Answer 2 · 2012-06-28T22:15:00

Solution 2

Open the EXE or DLL file in Reflector or similar products and look inside the assembly.

If you see the following then it will probably be obfuscated:
- private/internal names (gray names in reflector) with non English/readable characters
- class names with non English/readable characters

Posted 28-Jun-12 22:15pm

Mehdi Gholam

Comments

sp1786 29-Jun-12 4:35am

Hi mehdi,

yes the decompiled code does have classes with naming convention like $UnnamedClass$0xf8d8d908$09$.cs

does this mean code is obfuscated ?

Mehdi Gholam 29-Jun-12 4:45am

These could be anonymous classes, if the source is decompiled to cs files then it probably is not obfuscated (not by a good obfuscator at least) as they don't allow decompilation.

sp1786 29-Jun-12 5:27am

Dear Mehdi,

The decompiled code is without main method in all the available classes. I see structures and interfaces only
eg:
internal struct Struct23
{
}

or

public struct finaldata
{
}

How to study this code?? How can i get main method?

Mehdi Gholam 29-Jun-12 5:34am

If it is a DLL then it won't have a main method.

sp1786 29-Jun-12 5:35am

its an exe.the decompiled code is without main method. I wanted the same. how can i get it?

Mehdi Gholam 29-Jun-12 5:47am

Use Reflector, and search for the main method.

sp1786 29-Jun-12 5:49am

yes i used that only. Also reflector gives 1 error
The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters.
1 error(s).
Done.

I am not able to understand why there is no main method in decompiled code.