Hi,
No decompiler could produce original program text. even without protecting
program with obfuscators, all comments, program formatting and local
variable names will be missing from decompiled program.
And obfuscation could be done on many different levels.
Note: I have never worked with any of the obfuscators and so, my knowledge
of obfuscation technologies is pure theoretical - mostly my own musings
about what could be done by obfuscators, so be warned before you read the
rest of this mail
.
Few years ago I had some thinking about obfuscators as technology got some
ideas. I sent an e-mail to the developmentor's .Net mailing list with idea
for obfuscator. Main idea was an attempt to build analogy between program
execution tree and (parser) grammar tree and I suggested that it should be
possible to use technique similar to one invented with LARL parsers that
flattens the tree into LARL-tables driven function that is analogous with
the original program. I got an answer from Microsoft program manager who was
working with their obfuscator's prototype at the time where he said that it
is a known technique in obfuscator's research. However if you think of that
kind of obfuscation in addition to the standard metadata mangling that is
used in all existing obfuscators, than any attempt to decompile program
would result in code that will be extremely difficult to analyze and
completely different from original (program structure). I believe that
following addition could be done to that obfuscator type that can really
make them being "cryptographically" strong:
if (in simple words) obfuscator would add many more alternative execution
paths to these LARL-tables so that program can randomly choose one of them
depending on some runtime criteria, then debugging of such program will be
made extremely complicated because the same breakpoints could be never hit
on the next program run even with the same program's input data. But that's
just my fantasy...
-Valery
See my blog at:
http://www.harper.no/valery
