Hello Experts,

I do not if there is some body who already asked this question before, but  it really get me confused ..

I am just wondering that if there are some way that makes my code very secured ( DLL) which will not allow anyone to open the code and read it  using the reflector program 

http://www.red-gate.com/products/reflector/

it is really strange .. what is the benefit of DLLs where I can reflect it and open it !!!!!

Abdulla.AbdelHaq:

I do not if there is some body who already asked this question before, but  it really get me confused ..

I am just wondering that if there are some way that makes my code very secured ( DLL) which will not allow anyone to open the code and read it  using the reflector program 

This is a caveat of having a higher level language like C# VB.NET that compiles to an intermediate language MSIL. The runtime or VM will JIT compile it to machine code. Hence the DLL are just MSIL so it can be re-engineered back to a higher level language.

This is not confined to .NET and is also a problem with Java as it compiles to java byte code before the VM converts it to machine code.

You can obfuscate your code to make it harder to understand using something like Dotfuscator.

Thanks ...

I think we need to pay to get DotFuscator .. right ?

Can we found some one for free ?

I am really wondering.. it is a global issue .. and I think that Microsoft should create some tool that comes with Visual Studio that will enable you to protect your Dll .

Abdulla.AbdelHaq:

I think we need to pay to get DotFuscator .. right ?

Dotfuscator has a free community version that is bundled with Visual Studio that you can use. However the more advanced techniques in obfuscating are only available in the Professional/paid versions.

Abdulla.AbdelHaq:

Can we found some one for free ?

There are numerous free ones around, a quick google will yield many results, however I have used both the free and paid version of Dotfuscator and have no complaints.

Abdulla.AbdelHaq:

I am really wondering.. it is a global issue .. and I think that Microsoft should create some tool that comes with Visual Studio that will enable you to protect your Dll .

This is not a global issue, rather a caveat of having a high level language that is JIT compiled by a VM into machine code.

Ability to see classes, members, methods and signatures is important since this is how reflection mechanism work. In many cases applications use late-binding and load assemblies dynamically (remember that DLL is a 'dynamic load library') discovering what methods module has and how to call them. Otherwise dynamic languages like JScript would not work and code would have to be compiled before use. COM has similar mechanism for the late binding via IDispatch and everyone can see type library content using OleView utility. Reflection, however, does not show code. It only shows class definition, not class implementation.

I can't comment on quality of obfuscation tools at least my team does not use any. Microsoft assemblies are signed and therefore decompiling, changing and producing new one will not work since new binary will not be signed by Microsoft digital signature. EULA also prohibits reverse engineering. In addition, in some cases source is available (like .NET framework) http://weblogs.asp.net/scottgu/archive/2008/01/16/net-framework-library-source-code-now-available.aspx. We also must be able to debug on customer machine and have Watson crash reports working http://blogs.msdn.com/mikhailarkhipov/archive/2004/06/01/146169.aspx

Finally, after researching and asking many forums .. I got the following

you can protect your dll and exe files and make the reflector to not understand them, you can use the Dotfuscator Community Edition comes with the VS 2008 professional Edition.

for those who did not have the professional Edition, they can use a free Dotfuscator I found it at downloads.com

http://download. cnet.com/ Macrobject- Obfuscator- NET-2008/ 3000-2247_ 4-178720. html

I tried it by self and it works for me perfectly.

for those people who want to proctect thier dlls from reflector programs, I recommend you to use it.