Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using obfuscated library from PowerShell #171

Closed
petrparik opened this issue Jan 10, 2019 · 3 comments
Closed

Using obfuscated library from PowerShell #171

petrparik opened this issue Jan 10, 2019 · 3 comments
Labels

Comments

@petrparik
Copy link

@petrparik petrparik commented Jan 10, 2019

First of all - I'm new to Obfuscar and I like it very much! Thanks a lot for providing this tool.

I only have one problem. When I obfuscate a library, I cannot use it from PowerShell:

Add-Type -Path "C:\Path\To\My\ObfuscatedLibrary.dll"
[MyType].FullName

I get this exception:

Unable to find type [MyType].
At line:1 char:1
+ [MyType].FullName
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (MyType:TypeName) [], RuntimeException
    + FullyQualifiedErrorId : TypeNotFound

MyType is intentionally not obfuscated.

However, when I use this setting, everything works just fine:

<Var name="HideStrings" value="false" />

I'd like to hide strings. Is there some way I can hide them and still be able to consume the library from PowerShell?

Thanks a lot for any advice,
Petr

@lextm lextm added the in progress label Jan 11, 2019
@lextm

This comment has been minimized.

Copy link
Member

@lextm lextm commented Jan 11, 2019

Thanks. It is not yet clear what PowerShell runtime was looking for and failed.

I will try to do some investigation.

@petrparik

This comment has been minimized.

Copy link
Author

@petrparik petrparik commented Jan 15, 2019

@lextm: thanks a lot for quick response! I turned HideStrings option off for now, but it would be cool to have it enabled.

@lextm lextm added external and removed in progress labels Feb 3, 2019
@lextm

This comment has been minimized.

Copy link
Member

@lextm lextm commented Feb 3, 2019

By debugging the PowerShell console itself, I can see that PowerShell runtime has difficulty in finding the proper types from an obfuscated assembly.

The initial exception is in fact showing out-of-memory,

0:008> !pe
Exception object: 000001e15e5b8b18
Exception type:   System.OutOfMemoryException
Message:          <none>
InnerException:   <none>
StackTrace (generated):
<none>
StackTraceString: <none>
HResult: 8007000e

and the call stack was,

0:008> !CLRStack
OS Thread Id: 0x3f8 (8)
        Child SP               IP Call Site
00000052b9d8dd50 00007ff940144078 [InlinedCallFrame: 00000052b9d8dd50] System.Reflection.RuntimeAssembly.GetType(System.Reflection.RuntimeAssembly, System.String, Boolean, Boolean, System.Runtime.CompilerServices.ObjectHandleOnStack)
00000052b9d8dd50 00007ff930bfca16 [InlinedCallFrame: 00000052b9d8dd50] System.Reflection.RuntimeAssembly.GetType(System.Reflection.RuntimeAssembly, System.String, Boolean, Boolean, System.Runtime.CompilerServices.ObjectHandleOnStack)
00000052b9d8dd20 00007ff930bfca16 *** ERROR: Module load completed but symbols could not be loaded for C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\a4c029035a52b21a293c249a889b6925\mscorlib.ni.dll
DomainNeutralILStubClass.IL_STUB_PInvoke(System.Reflection.RuntimeAssembly, System.String, Boolean, Boolean, System.Runtime.CompilerServices.ObjectHandleOnStack)
00000052b9d8dde0 00007ff930be99f6 System.Reflection.RuntimeAssembly.GetType(System.String, Boolean, Boolean)
00000052b9d8de30 00007ff90dd99098 *** WARNING: Unable to verify checksum for C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\c5f62dcf2f6767618ad3075e786d03b5\System.Management.Automation.ni.dll
*** ERROR: Module load completed but symbols could not be loaded for C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\c5f62dcf2f6767618ad3075e786d03b5\System.Management.Automation.ni.dll
System.Management.Automation.Language.TypeResolver.LookForTypeInSingleAssembly(System.Reflection.Assembly, System.String)
00000052b9d8de60 00007ff90e6c9ad7 System.Management.Automation.Language.TypeResolver.LookForTypeInAssemblies(System.Management.Automation.Language.TypeName, System.Collections.Generic.IEnumerable`1, System.Collections.Generic.HashSet`1, System.Management.Automation.Language.TypeResolutionState, Boolean, System.Exception ByRef)
00000052b9d8ded0 00007ff90e6c9da7 System.Management.Automation.Language.TypeResolver.ResolveTypeNameWorker(System.Management.Automation.Language.TypeName, System.Management.Automation.SessionStateScope, System.Collections.Generic.IEnumerable`1, System.Collections.Generic.HashSet`1, System.Management.Automation.Language.TypeResolutionState, Boolean, Boolean, System.Exception ByRef)
00000052b9d8df60 00007ff90e6ca00e System.Management.Automation.Language.TypeResolver.CallResolveTypeNameWorkerHelper(System.Management.Automation.Language.TypeName, System.Management.Automation.ExecutionContext, System.Collections.Generic.IEnumerable`1, Boolean, System.Management.Automation.Language.TypeResolutionState, System.Exception ByRef)
00000052b9d8e010 00007ff90dd98798 System.Management.Automation.Language.TypeResolver.ResolveTypeNameWithContext(System.Management.Automation.Language.TypeName, System.Exception ByRef, System.Reflection.Assembly[], System.Management.Automation.Language.TypeResolutionState)
00000052b9d8e0d0 00007ff90dd9a7fa System.Management.Automation.Language.TypeResolver.ResolveITypeName(System.Management.Automation.Language.ITypeName, System.Exception ByRef)
00000052b9d8e120 00007ff90dcbc3a4 System.Management.Automation.LanguagePrimitives.ConvertStringToType(System.Object, System.Type, Boolean, System.Management.Automation.PSObject, System.IFormatProvider, System.Management.Automation.Runspaces.TypeTable)
00000052b9d8e180 00007ff90dcbc345 System.Management.Automation.LanguagePrimitives+ConversionData`1[[System.__Canon, mscorlib]].Invoke(System.Object, System.Type, Boolean, System.Management.Automation.PSObject, System.IFormatProvider, System.Management.Automation.Runspaces.TypeTable)
00000052b9d8e1c0 00007ff90dcbb82d System.Management.Automation.LanguagePrimitives.ConvertTo(System.Object, System.Type, Boolean, System.IFormatProvider, System.Management.Automation.Runspaces.TypeTable)
00000052b9d8e260 00007ff910c3f2e7 *** WARNING: Unable to verify checksum for C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P521220ea#\86656d0da7ec1abc1f83b370825ca89e\Microsoft.PowerShell.Commands.Utility.ni.dll
*** ERROR: Module load completed but symbols could not be loaded for C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P521220ea#\86656d0da7ec1abc1f83b370825ca89e\Microsoft.PowerShell.Commands.Utility.ni.dll
Microsoft.PowerShell.Commands.NewObjectCommand.BeginProcessing()
00000052b9d8e310 00007ff90dd23618 System.Management.Automation.Cmdlet.DoBeginProcessing()
00000052b9d8e350 00007ff90dd2348c System.Management.Automation.CommandProcessorBase.DoBegin()
00000052b9d8e3e0 00007ff90dda5af8 System.Management.Automation.CommandProcessor.DoBegin()
00000052b9d8e450 00007ff90dd1c074 System.Management.Automation.Internal.PipelineProcessor.Start(Boolean)
00000052b9d8e510 00007ff90e7d4167 System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object)
00000052b9d8e5a0 00007ff90dce486c System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
00000052b9d8e630 00007ff90dd42cfb System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib],[System.Boolean, mscorlib],[System.__Canon, mscorlib],[System.__Canon, mscorlib],[System.__Canon, mscorlib],[System.__Canon, mscorlib]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
00000052b9d8e6e0 00007ff90dd263a0 System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
00000052b9d8e770 00007ff90dd263a0 System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
00000052b9d8e800 00007ff90dd263a0 System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
00000052b9d8e890 00007ff90dd26231 System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
00000052b9d8e8e0 00007ff90dd181b6 System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib]](System.__Canon)
00000052b9d8e950 00007ff90dd246e9 System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1, System.Object, System.Object)
00000052b9d8ea00 00007ff90dd24285 System.Management.Automation.DlrScriptCommandProcessor.Complete()
00000052b9d8ea90 00007ff90dd24005 System.Management.Automation.CommandProcessorBase.DoComplete()
00000052b9d8eb00 00007ff90dd23cd6 System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)
00000052b9d8eb80 00007ff90e7d423b System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object)
00000052b9d8ec10 00007ff90dd0ab37 System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
00000052b9d8ece0 00007ff90dd0a107 System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
00000052b9d8ed50 00007ff90dc5eec0 System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
00000052b9d8ed80 00007ff930b73a63 System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
00000052b9d8ee50 00007ff930b738f4 System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
00000052b9d8ee80 00007ff930b738c2 System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
00000052b9d8eed0 00007ff930b6d072 System.Threading.ThreadHelper.ThreadStart()
00000052b9d8f128 00007ff932cf6d93 [GCFrame: 00000052b9d8f128] 
00000052b9d8f478 00007ff932cf6d93 [DebuggerU2MCatchHandlerFrame: 00000052b9d8f478] 

This exception was handled internally and later led to the following exception,

0:008> !pe
Exception object: 000001e15e5b9ad8
Exception type:   System.Management.Automation.CmdletInvocationException
Message:          Cannot find type [xxxxxx]: verify that the assembly containing this type is loaded.
InnerException:   System.Management.Automation.PSArgumentException, Use !PrintException 000001e15e5b94f0 to see more.
StackTrace (generated):
    SP               IP               Function
    00000052B9D8E4E0 00007FF9315479FF mscorlib_ni!System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()+0x1f
    00000052B9D8E510 00007FF90E7D42F8 System_Management_Automation_ni!System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object)+0x218
    00000052B9D8E5A0 00007FF90DCE486C System_Management_Automation_ni!System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)+0x30c
    00000052B9D8E630 00007FF90DD42CFB System_Management_Automation_ni!System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib],[System.Boolean, mscorlib],[System.__Canon, mscorlib],[System.__Canon, mscorlib],[System.__Canon, mscorlib],[System.__Canon, mscorlib]].Run(System.Management.Automation.Interpreter.InterpretedFrame)+0x18b
    00000052B9D8E6E0 00007FF90DD263A0 System_Management_Automation_ni!System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)+0x110

StackTraceString: <none>
HResult: 80131501

That's why the error message is misleading.

I think this is something PowerShell engine should improve, but of course that won't come easily.

Like you discovered, disable string hiding can help.

Close it now as nothing to be done on Obfuscar.

@lextm lextm closed this Feb 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.