Hi,

Using the .NET reflector tool, i know that a DLL or EXE developed in
..NET platform can be decompiled and therefore code is available for all.

I would like to know if exist a way how to avoid tools like .NET
reflector to decompile your code or at least to avoid people to see
clearly the code of you DLL or EXE ?

thanks a lot,
Al.

Hi Al,

You can obfuscate your code, but I wouldn't recommend it for most real-world
applications or even third-party components since even the best obfuscation
can still be reverse engineered.

C# Programming Tools
§ Obfuscators
http://msdn2.microsoft.com/en-us/vcs...px#obfuscators

Here's some information about why obfuscation may or may not be a good
choice for your program:

Security through obscurity
http://en.wikipedia.org/wiki/Security_through_obscurity

--
Dave Sexton
http://davesexton.com/blog

"--== Alain ==--" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hi,
>
> Using the .NET reflector tool, i know that a DLL or EXE developed in .NET
> platform can be decompiled and therefore code is available for all.
>
> I would like to know if exist a way how to avoid tools like .NET reflector
> to decompile your code or at least to avoid people to see clearly the code
> of you DLL or EXE ?
>
> thanks a lot,
> Al.

"--== Alain ==--" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hi,
>
> Using the .NET reflector tool, i know that a DLL or EXE developed in .NET
> platform can be decompiled and therefore code is available for all.
>
> I would like to know if exist a way how to avoid tools like .NET reflector
> to decompile your code or at least to avoid people to see clearly the code
> of you DLL or EXE ?

The only real way to protect your code is to use a web service so your
customers never get their hands on it. You can also deploy embedded devices
if network access isn't guaranteed. Any time you allow the user to run your
code on their system, they can inspect it.

>
> thanks a lot,
> Al.

Hi Peter,

> There is a second class of obfuscators that are really "recompilers" and
> these actually change your .NET assemblies into true machine code (like
> C++).
> Even that isn't impossible to reverse engineer. Remotesoft offers one, and
> there may be others.
> Peter

I'm curious to know if they actually add any extra protection or if they're
just the same as creating a native image using NGEN after using, for
example, Dotfuscator. Don't they still have to include the metadata for the
CLR, which defeats the purpose of using machine language to add protection?

--
Dave Sexton
http://davesexton.com/blog

"Peter Bromberg [C# MVP]" <(E-Mail Removed)> wrote in
message news:FF18B756-451B-4E11-8786-(E-Mail Removed)...
> As Dave mentioned, obfuscating the code is a step in that direction,
> although
> personal experience tells me that any determined individual can work
> around
> obfuscated code if they know what they are doing.
>
> There is a second class of obfuscators that are really "recompilers" and
> these actually change your .NET assemblies into true machine code (like
> C++).
> Even that isn't impossible to reverse engineer. Remotesoft offers one, and
> there may be others.
> Peter
>
> --
> Site: http://www.eggheadcafe.com
> UnBlog: http://petesbloggerama.blogspot.com
> Short urls & more: http://ittyurl.net
>
>
>
>
> "--== Alain ==--" wrote:
>
>> Hi,
>>
>> Using the .NET reflector tool, i know that a DLL or EXE developed in
>> ..NET platform can be decompiled and therefore code is available for all.
>>
>> I would like to know if exist a way how to avoid tools like .NET
>> reflector to decompile your code or at least to avoid people to see
>> clearly the code of you DLL or EXE ?
>>
>> thanks a lot,
>> Al.
>>

--== Alain ==-- <(E-Mail Removed)> wrote:
> Using the .NET reflector tool, i know that a DLL or EXE developed in
> .NET platform can be decompiled and therefore code is available for all.
>
> I would like to know if exist a way how to avoid tools like .NET
> reflector to decompile your code or at least to avoid people to see
> clearly the code of you DLL or EXE ?

See http://www.pobox.com/~skeet/csharp/obfuscation.html

--
Jon Skeet - <(E-Mail Removed)>
http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too

Hi Peter,

Thanks for the link

Very scary stuff. The .NET Framework isn't even required on a machine that
will run the "linked" program since the dependant FCLs are actually
rewritten into the program and obfuscated themselves. No mention of
metadata though so I wonder how reflection would actually work and since the
framework isn't required I wonder if CAS even works at all.

I can see that being useful if I needed to hide, say, the recipe for a nuke
in my program's code. Other than that I think it makes more sense to move
forward in application development and reap the benefits of writing managed
code such as platform independence and JIT compilation.

--
Dave Sexton
http://davesexton.com/blog

"Peter Bromberg [C# MVP]" <(E-Mail Removed)> wrote in
message news:60C6F453-5675-420D-9C19-(E-Mail Removed)...
> Dave,
> http://www.remotesoft.com/linker/
> The "horse's mouth"
> Peter
>
> --
> Site: http://www.eggheadcafe.com
> UnBlog: http://petesbloggerama.blogspot.com
> Short urls & more: http://ittyurl.net
>
>
>
>
> "Dave Sexton" wrote:
>
>> Hi Peter,
>>
>> > There is a second class of obfuscators that are really "recompilers"
>> > and
>> > these actually change your .NET assemblies into true machine code (like
>> > C++).
>> > Even that isn't impossible to reverse engineer. Remotesoft offers one,
>> > and
>> > there may be others.
>> > Peter
>>
>> I'm curious to know if they actually add any extra protection or if
>> they're
>> just the same as creating a native image using NGEN after using, for
>> example, Dotfuscator. Don't they still have to include the metadata for
>> the
>> CLR, which defeats the purpose of using machine language to add
>> protection?
>>
>> --
>> Dave Sexton
>> http://davesexton.com/blog
>>
>> "Peter Bromberg [C# MVP]" <(E-Mail Removed)> wrote in
>> message news:FF18B756-451B-4E11-8786-(E-Mail Removed)...
>> > As Dave mentioned, obfuscating the code is a step in that direction,
>> > although
>> > personal experience tells me that any determined individual can work
>> > around
>> > obfuscated code if they know what they are doing.
>> >
>> > There is a second class of obfuscators that are really "recompilers"
>> > and
>> > these actually change your .NET assemblies into true machine code (like
>> > C++).
>> > Even that isn't impossible to reverse engineer. Remotesoft offers one,
>> > and
>> > there may be others.
>> > Peter
>> >
>> > --
>> > Site: http://www.eggheadcafe.com
>> > UnBlog: http://petesbloggerama.blogspot.com
>> > Short urls & more: http://ittyurl.net
>> >
>> >
>> >
>> >
>> > "--== Alain ==--" wrote:
>> >
>> >> Hi,
>> >>
>> >> Using the .NET reflector tool, i know that a DLL or EXE developed in
>> >> ..NET platform can be decompiled and therefore code is available for
>> >> all.
>> >>
>> >> I would like to know if exist a way how to avoid tools like .NET
>> >> reflector to decompile your code or at least to avoid people to see
>> >> clearly the code of you DLL or EXE ?
>> >>
>> >> thanks a lot,
>> >> Al.
>> >>
>>
>>
>>