See below for reponse.
I hope this clarifies things for you.
Regards,
Jonathan Henderson
==========================
Jonathan Henderson
PreEmptive Solutions
26250 Euclid Avenue
Suite 503
Cleveland, Ohio 44132
(e-mail address removed)
==========================
OK, I'm trying to understand the need for this. If I >understand
correctly without this anyone can reverse engineer and >obtain the
source code of my application - is this correct?
Yes, this is true. There are free decompilers out there that can take a
.NET assembly and convert it back into source code such as .NET
Reflector.
Here are other reasons why one might need to obfuscate.
<a
href="
http://www.preemptive.com/documentation/NetHackerDemo.html">http:/
/www.preemptive.com/documentation/NetHackerDemo.html said:
And this tool will prevent this?
Yes, the tool will prevent most who may try to reverse engineer your
application, obfuscation from any obfuscator does not guarantee 100%
protection. The idea of obfuscation is to make the goal of reverse
engineering your application compared to the effort it takes to reverse
engineer insignificant.
Why isn't this tool automatically executed by default >whenever I build
my apps?
Everyone's application differs in the code implementation that they use.
To have it automatically executed, would cause problems for others.
For example, some use dynamic class loading and reflection through the
use of strings. If such an application were to be obfuscated by renaming
all the identifers (i.e. class, method, and field names) then the type
that is called by reflection or dynamic class loading by string will
throw a NullReferenceException. Now such a tool could just change the
value of the string used in reflection or dynamic class loading, but to
the tool, how would it know the correct string. The string may have
another use elsewhere.
With Dotfuscator Professional Edition, it is integrated into Visual
Studio, so once you build your solution, Dotfuscator will perform
created your obfuscated assemblies.
My company is building corporate applications and don't >want our
source code available to anyone. I assume there is a >Dotfuscator that
comes with VS.NET Architect version? I have seen one and >it's called
the Community Edition - but if I understand correctly there >is a
professional version for $US 1,500 at
www.preemptive.com?
Yes, as I mentioned before there is a professional version. This one has
the ability to integrate into Visual Studio .NET. The professional
version does a lot more than the community edition (which is bundled
with Visual Studio .NET)
such as synthesizing code within methods into spaghetti code, encrypting
strings, and removing unused types/methods/fields.
So even
through I have spent many thousands of dollars on >development tools I
still need to spend another $1,500 to protect my source >code????
In my opinion, if protecting the application's source code is your
company's concern, they should be the ones purchasing it (along with
VS.NET in my opinion) not you.
But before purchasing any obfuscator, try the community edition on your
Visual Studio. Since you bought VS.NET, it comes free.
You can also try to request an evaluation for the professional edition,
and try that out if you like.
Also when you get Dotfuscator Professional Edition (either evaluation or
the product itself) you also get first-rate support.
Please tell me I have gotten this completely wrong and it's >just a
matter of ticking a checkbox in my build configuration.
Thanks.