Demeanor for .NET Documentation

A standalone .NET obfuscator with a built-in audit that tells you what obfuscates cleanly, what is problematic, and what changes would fix it. Install, audit, obfuscate.

Getting Started

START HERE

Getting Started

Five steps from first install to fully integrated CI builds. Install the NuGet package, run the audit, fix anything the audit flags, obfuscate, then wire it into MSBuild so Release builds obfuscate themselves. No configuration file, no ceremony.

  • Install → Audit → Obfuscate interactively → Fix breaks → Integrate into build
  • Detailed example output at each step
  • MSBuild integration with WiseOwl.Demeanor.MSBuild
  • Exclusion patterns: [Obfuscation] attributes and CLI --exclude
Open the guide →

Already use an MCP-capable AI assistant? You can optionally drive the same audit conversationally — see the CatalogService walkthrough for what that looks like, or the conversational workflow page for setup. Completely optional; the standalone CLI above is the primary path.

How Demeanor responds to risky patterns

When the audit finds a construct that wouldn’t survive renaming, Demeanor takes one of two actions:

1. Auto-suppression (no action required)

For patterns where the exact names that must be preserved can be determined from the assembly itself, Demeanor automatically excludes those symbols from renaming. You don’t need to do anything.

  • Reflection detection — string-based type, method, and member lookups whose target can be resolved at analysis time
  • Property usage detection — DTOs and bound types used by the common serialization, data-binding, component, and interop frameworks
  • Structural exclusions — entry points, runtime-critical members, serializable fields, public/protected library symbols

These show up in the audit report as auto-detected. The recommendation says “No action needed.”

2. Advisory — Demeanor recommends a source change

For patterns where Demeanor can observe the risk but not safely decide which symbols to freeze, it emits an advisory and does not change rename output. You decide: add an annotation, add an exclusion, or rewrite the construct.

  • Minimal API scanning — handler return types whose properties aren’t protected by a detectable contract. Recommendation: mark the DTO with a source-generated serialization contract.
  • AOT JSON analysis — reflection-based JSON calls that won’t survive trimming. Recommendation: migrate to a source-generated serializer context.
  • Audit heuristics — framework-specific types where the framework binds by name at runtime (route handlers, realtime hubs, ORM contexts, configuration POCOs, plugin contracts, service contracts, XAML bindings). Recommendation: add [Obfuscation(Exclude = true, ApplyToMembers = true)] in source (permanent fix), or use --exclude/--xr on the CLI.

Each finding carries a Classification:

  • auto-detected — handled automatically. No action.
  • needs-exclusion — add [Obfuscation] in source (preferred) or --exclude/--xr on the CLI.
  • needs-code-change — modify source (e.g. adopt source-generated serialization).
  • advisory — informational; may not need action.

Licensing Overview

Per-company licensing. No seat counting, no machine locking, no activation server. License keys are self-validating — they work completely offline.

  • Community — No-cost. Symbol renaming, alpha naming, single assembly.
  • Enterprise — All encryption options, control-flow obfuscation, call hiding, multi-assembly, incremental, reports. Opt-in MCP server for conversational workflows included. See pricing →

No license key is needed for Community tier. See full licensing details.

Reference

support@wiseowlsoftware.com · wiseowlsoftware.com