Method bodies can be inlined to their call sites during obfuscation. Please take a look at example (C#):
Example 5.1. Before obfuscation
using System; using System.Reflection; class Program { static void Main(string[] args) { Console.WriteLine("Inlining test"); SecretMethod(); } [Obfuscation(Feature = "inline", Exclude = false)] static void SecretMethod() { Console.WriteLine("Secret"); } }
Example 5.2. After obfuscation
using System; using System.Reflection; class Program { static void Main(string[] args) { Console.WriteLine("Inlining test"); Console.WriteLine("Secret"); } }
Code inlining brings obvious security benefits:
-
Once method is inlined, it's no longer a subject of hacker's special attention
-
Call site gets larger as it takes inlined instructions of the method. This makes code analysis a harder task for an intruder
Code inlining may be useful in such scenarios as licensing checks and know-how algorithms.
- Open the source code of a method you want to inline
-
Add a custom attribute as shown below (C#):
using System; using System.Reflection; class YourClass { [Obfuscation(Feature = "inline", Exclude = false)] void YourMethod() { ... } }
For Visual Basic .NET:
Imports System Imports System.Reflection Class YourClass <Obfuscation(Feature:="inline", Exclude:=False)> Sub YourMethod() ... End Sub End Class