Home - Forums-.NET - Spices.Net - deciphering stack traces


NET code security, tools to protect, obfuscate, tamper defense, code and data safety, recover, convert, optimize, explore, browse and analyze .Net software.

This forum related to following products: Spices.Net Suite, Spices.Net Obfuscator, Spices.Net Decompiler

deciphering stack traces
Link Posted: 02-Sep-2010 12:27
We recently had need to decipher an obfuscated stack trace.  This was with our old Dofuscator software.  With that software, you open your project, then you go to decipher the stack trace, and it asks for the symbol mapping file, and then you enter the stack trace and it deciphers it for you.

I would like this to be as easy to do with Spices.  Is this possible, to just have the project file and the mapping file, and then you can decipher?
Link Posted: 02-Sep-2010 12:34
Thanks for this question.

There are two solutions of this problem:

  1. Spices.Obfuscator GUI has the Stack Trace Deobfuscation Tool (menu Tools -> Deobfuscate Stack Trace), where you can paste stack trace and try to get trees of method calls. That's not so 100% working result, just because of 3 reasons

    • Spices.Obfuscator uses own names overloading technology, when method names can be the same.
    • Standard stack trace consists of full names of methods but these names generated without return types. So void SomeMethod() and int SomeMethod() look like SomeMethod() in the standard stack trace, but these methods are not the same.
    • Usage of non-printable characters make output of stack trace very hard to read and understand.

  2. Because of not so reliable standard stack trace, that is not provide full information about methods calls we're offering our own technique, free for usage - SmartStackTrace. The code and demo you can find in the \SDK\SmartStackTrace folder (if you don't find this code in the Spices.Net folder, please see the attachment). Our technique provide full information about method, but based on unique identifiers of methods - tokens and provides the place of exception in IL-code (offset in IL, if debug information is provided - in source code).
    With this method you can easily find the place of error by using even Spices.Net Evaluation version, just load your spices.project, select the assembly specified in SmartStackTrace, open Token Informer (Tools->Informer->Token Info), paste the token value specified in SmartStackTrace and you'll get the name of method, you can click Follow button to select this method in your project, you can disassemble this method to see the place of exception (based on IL Offset specified in SmartStackTrace).
    We're using SmartStackTrace in Spices.Net to easily and quickly find the problem last four years and two years ago started to offer for free the code of SmartStackTrace to Spices.Net clients and users. So I'd recommend you to use
    SmartStackTrace code in your solutions, you can modify this code for your convenience, embed or use as special diagnostics assembly.

If you can't find the SmartStackTrace code and demo, you can download c# code here: SmartStackTrace.zip