none
Decode names ofinternal and private classes in dll RRS feed

  • Question

  • Good day

    I opened c# dll in ILSpy or decompilers and had problem. All internal, private classes, interfaces and structs names are encoded. Example

    [StructLayout(LayoutKind.Explicit)]
    internal struct #=qYsrnlrtLLaw6kxIrnV3snTkDFIvKsoBVSzO2RI6ZyzAqP6kaxche8pVVtXGrbjQG
    {
    	[FieldOffset(0)]
    	public ushort #=qo7dKrROV3JXGVuUqmQYziw==;
    
    	[FieldOffset(2)]
    	public ushort #=qXVUfy2pe$Mn$pZf43U6_hw==;
    
    	[FieldOffset(4)]
    	public ushort #=qExtOAecuIskWs3y1$ddJQQ==;
    
    	[FieldOffset(6)]
    	public ushort #=qTFCMXNy5AX9eHiaPUjPevQ==;
    }

    How to decode this names?

    Tuesday, October 18, 2016 4:41 PM

All replies

  • Hi Brinstein,

    >>How to decode this names?

    Per my understanding, ILSpy should have its own algorithm, This issue more related to ILSpy.

    Here is a Discussion forum about ILSpy. Please try to ask in their official website for better support.

    Best regards,

    Kristin


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, October 19, 2016 3:03 AM
  • I think its .net compiler. Because this renaming only with internal, private classes, structs and interfaces. All public is good.
    Wednesday, October 19, 2016 9:29 AM
  • Hi Brinstein,

    >>I think its .net compiler. Because this renaming only with internal, private classes, structs and interfaces. All public is good.

    I'm using ILSpy to decode ILSpy itself, you can see that all members are successfully decoded,

    I guess you opened the dll that has been confused by some tools like “obfuscator”, the purpose is to prevent the decompile of their code.

    You can check https://obfuscar.codeplex.com/ for more details.

    In such condition unfortunately there's no official supported approach to decode.

    Best regards,

    Kristin


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, October 20, 2016 6:16 AM
  • I have normal members in public classes too. This problem only with internal, private classes, structs and interfaces
    Thursday, October 20, 2016 5:58 PM
  • Thanls for trying help :)

    In your screenshot class is public. But my problem with non-public classes in "-" namespace.

    https://postimg.org/image/jv6piaptx/

    Sunday, October 23, 2016 1:57 PM
  • The problem the asker have is that the binary has been obfuscated by obfuscators so the non-pubic members' name are changed into meaningless literal. He wants to have some way to reverse the process to change them back to meaningful names.

    As the first and forth fields are valid Base64 encoded byte arrays, I think it's likely to be possible if we can find the encoding algorithm it use. Possbility one of those which support stack trace deobfuscation.

    • Edited by cheong00Editor Monday, October 24, 2016 1:40 AM
    • Proposed as answer by Kristin Xie Monday, October 24, 2016 8:24 AM
    Monday, October 24, 2016 1:31 AM
    Answerer