I’m trying to asses that the obfuscation I applied to my assembly is enough, my main concern is around protecting strings containing passwords or private keys.
I successfully decompiled my assembly with Salamander Decompiler an saw what my string has been encrypted, but during runtime the string has to be decrypted to be used.
I was told that it is possible to debug the application and see the assembler code, any idea how to do that?
Solution
This worked for me, although there is probably a better way of doing it with WinDbg.
1- Execute the program
2- Open a command line and type:
adplus -crash -pn [executablename] -o [ output directory ]
* adplus is placed in the same folder as WinDBG
3- Close the program or wait it closes
4- Open the FULLDUMP*.dmp placed in the specified output directory
5- Open NotePad++ anb select TextFX->Characters->Zap all non printable characters to #
6- Search for the string in this format ‘s#t#r#i#n#g’
or replace all ‘#’ by ” and search ‘string’ (this may take a while)
*By the way I couldn’t find a SecureString that was also in the memory in clear text
For sensitive data like passwords and private keys you should be using
SecureString.As for seeing the assembler code – when the application is running, you can use windbg to get a memory dump and then look at the actual assembler in windbg.