How to get COFF-based image of assembly

[Christoph Wienands]

Hi everybody,

..Net doc states about the Assembly.Load(byte[] rawAssembly, byte[]
rawSymbolStore) function:

-----------------------

Loads the assembly with a Common Object File Format (COFF)-based image
containing an emitted assembly.

rawAssembly
An array of type byte that is a COFF-based image containing an emitted
assembly.

rawSymbolStore
An array of type byte containing the raw bytes representing the symbols for
the assembly.

-----------------------

I'm currently trying to implement some code security that will make it
harder for "hackers" to decompile the essential algorithms in my app. The
idea is to load an assembly image from an encrypted file or so during
runtime. Can anyone tell me how I can retrieve such an image from an
existing DLL?

Thanks, Christoph

 

[Yan-Hong Huang[MSFT]]

Hello Christoph,

Thanks for posting in the group.

Based on my understanding, your question is: How to make the assembly more
secure from hacker's decompile? Please feel free to post here if I have any
misunderstandings.

Programs written for the .NET framework are easy to reverse engineer. This
is not in any way a fault in the design of .NET; it is simply a reality of
modern, intermediate-compiled languages (Java suffers from this problem
too). Both Java and .NET mutually share the use of expressive file syntax
for delivery of executable code: bytecode in the case of Java, MSIL
(Microsoft Intermediate Language) for .NET. Being much higher-level than
binary machine code, the intermediate files are laden with identifiers and
algorithms that are immediately observable and ultimately understandable.
After all, it is obviously difficult to make something easy to understand,
flexible, and extendable while simultaneously hiding its crucial details.

In order to resolve this kind of problem, we have several selections.
PreEmptive's Dotfuscator for the Microsoft .NET platform helps protect your
program against reverse engineering while making it smaller and more
efficient.Dotfuscator has a GUI and command line interface.Dotfuscator
Community Edition is accessible directly from the tools menu of Visual
Studio.NET 2003.

In order to get more information on it, please refer to
http://www.gotdotnet.com/team/dotfuscator/.

Does that answer your question? If you have any more concerns on it, please
feel free to post here.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Dotfuscator is a peice of shti. Some suit just licensed that peice of junk.
They did the sell, they bought it.

 

[Christoph Wienands]

Dotfuscator is a peice of shti. Some suit just licensed that peice of junk.
They did the sell, they bought it.

<ignore>
Hmm, sounds like a well-reasoned posting. Well, I am currently looking into
obfuscators and I am about to make my decisions on some more specific
reasons ;-)
</ignore>

So long, Christoph

 

[Christoph Wienands]

Hi Huang,

In order to resolve this kind of problem, we have several selections.
PreEmptive's Dotfuscator for the Microsoft .NET platform helps protect your
program against reverse engineering while making it smaller and more
efficient.Dotfuscator has a GUI and command line interface.Dotfuscator
Community Edition is accessible directly from the tools menu of Visual
Studio.NET 2003.

I am already looking into Dotfuscator. However, even heavy overloading of
methods and identifiers does not really help since it might confuse a human
being but it does not confuse a good decompiler, which will just make it a,
b, c, d, etc. again. Changes in control flow (while-loops, goto-statements,
etc.) provide a much higher level of protection -> expensive Dofuscator
Enterprise edition :-(

I read quite a couple of articles on application "security) and the general
opinion was, the more layers of protection, the more better. That's why I am
looking into loading some encrypted code dynamically during runtime
additionaly to obfuscators and some other tricks.

Thanks, Christoph

 

[Mattias Sjögren]

Christoph,

Can anyone tell me how I can retrieve such an image from an
existing DLL?

It's the raw file format, so just open the file and load it into a
byte array for example.



Mattias

 

[Guest]

RemoteSoft provides another approach which is different
from obfuscation, seems to be interesting

http://www.remotesoft.com/salamander/protector.html

 

[Yan-Hong Huang[MSFT]]

Hello Christoph,

Thanks for your reply.

From the description, you want to encrypt a assembly file, then read it in
the program, decrypted it to a byte array and feed into Assembly.Load
function, right?

In order to do that, I think you may try the following code:

using System;
using System.IO;

class FSRead
{
public static void Main()
{
//Create a file stream from an existing file.
FileInfo fi=new FileInfo("c:\\csc.txt");
FileStream fs=fi.OpenRead();

//Read 100 bytes into an array from the specified file.
int nBytes=100;
byte[] ByteArray=new byte[nBytes];
int nBytesRead=fs.Read(ByteArray, 0, nBytes);
Console.WriteLine("{0} bytes have been read from the specified
file.", nBytesRead.ToString());
}
}

By using the above codes, we can read the content of a file into a byte[].
Then we can use some customized way or CryptoStream class to do encrypt or
decript work.

Does that answer your question? If I have any misunderstandings, please
feel free to post here.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Christoph Wienands]

Hi Yan-Hong,

By using the above codes, we can read the content of a file into a byte[].
Then we can use some customized way or CryptoStream class to do encrypt or
decript work.

The missing piece of information was that COFF image represents the raw file
format. So yes, your code helped me

Thanks, Christoph

 

[Yan-Hong Huang[MSFT]]

Hi Christoph,

I am glad to be of assistance.

Thanks for participating the community.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.