Protector.CLI
1.0.0
dotnet tool install --global Protector.CLI --version 1.0.0
dotnet new tool-manifest
dotnet tool install --local Protector.CLI --version 1.0.0
#tool dotnet:?package=Protector.CLI&version=1.0.0
nuke :add-package Protector.CLI --version 1.0.0
Protector CLI
Protector.CLI is a dotnet global tool for applying compatibility-aware obfuscation to compiled .NET managed assemblies.
This package is the command-line tool only. The desktop GUI and the license issuer are distributed separately.
It is designed for direct post-build protection of managed .dll and .exe outputs, with a conservative approach around framework-sensitive code paths.
What the tool does
When you run the tool on a compiled .dll or managed .exe, it can apply:
- string encryption with a runtime decoder helper
- safe rename of eligible private and internal types, methods, and fields
- decoy type injection
- control-flow hardening through lightweight opaque-predicate patches
- optional runtime anti-debug and helper self-check layers when enabled in the underlying pipeline
- rename-map generation for later stack-trace deobfuscation
The obfuscator is designed to stay conservative around framework-sensitive code paths such as ASP.NET Core, Razor-generated code, serializers, and reflection-heavy surfaces.
Install
dotnet tool install --global Protector.CLI
Update an existing installation:
dotnet tool update --global Protector.CLI
Basic usage
Obfuscate a compiled managed assembly:
protector-obfuscate MyApp.dll --map MyApp.map.json
Options:
| Option | Default | Description |
|---|---|---|
--map <path> |
<assembly>.map.json |
Write the rename map to the specified path |
--no-map |
off | Skip rename-map output |
--trace |
off | Print detailed stage-by-stage output |
Example output:
OK MyApp.dll strings=312 methods=47 fields=23 types=11
MAP MyApp.map.json
Stack-trace deobfuscation
Use the saved rename map to restore original names in an obfuscated stack trace:
protector-obfuscate deobfuscate-stacktrace --map MyApp.map.json --input crash.txt --output clean.txt
Supported options:
| Option | Description |
|---|---|
--map <path> |
Rename map generated during obfuscation |
--input <path> |
Read an obfuscated stack trace from a file |
--text <value> |
Use an inline stack-trace string |
--output <path> |
Write the cleaned result to a file instead of stdout |
You can also pipe text through stdin:
type crash.txt | protector-obfuscate deobfuscate-stacktrace --map MyApp.map.json
What this package is for
Protector.CLI is a good fit when you want:
- a scriptable obfuscation step for compiled assemblies
- a CI-friendly tool that can be installed with
dotnet tool install - rename-map output for crash-log cleanup and stack-trace cleanup workflows
It is not a replacement for the desktop Protector GUI workflow, project publishing, activation management, or the separate license issuer application.
Idempotency
Running the tool twice on the same assembly is safe by design:
- already wrapped string literals are skipped
- already obfuscated private/internal names are skipped
- already patched control-flow entry patterns are skipped
Exit codes
| Code | Meaning |
|---|---|
0 |
Success |
1 |
Obfuscation or deobfuscation failure |
2 |
Invalid arguments or missing file |
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
This package has no dependencies.
| Version | Downloads | Last Updated |
|---|---|---|
| 1.0.0 | 81 | 3/30/2026 |
Initial public release of Protector CLI as a .NET global tool for direct managed assembly obfuscation and stack-trace deobfuscation.