I do not if there is some body who already asked this question before, but it really get me confused ..
I am just wondering that if there are some way that makes my code very secured ( DLL) which will not allow anyone to open the code and read it using the reflector program
I do not if there is some body who already asked this question before, but it really get me confused ..
I am just wondering that if there are some way that makes my code very secured ( DLL) which will not allow anyone to open the code and read it using the reflector program
This is a caveat of having a higher level language like C# VB.NET that compiles to an intermediate language MSIL. The runtime or VM will JIT compile it to machine code. Hence the DLL are just MSIL so it can be re-engineered back to a higher level language.
This is not confined to .NET and is also a problem with Java as it compiles to java byte code before the VM converts it to machine code.
You can obfuscate your code to make it harder to understand using something like Dotfuscator.
Marked as answer by jimmy q on Jul 09, 2009 08:26 AM
I think we need to pay to get DotFuscator .. right ?
Can we found some one for free ?
I am really wondering.. it is a global issue .. and I think that Microsoft should create some tool that comes with Visual Studio that will enable you to protect your Dll .
Plz remember to click "Mark as Answer" if this helped you.
Abdulla Abdelhaq .NET/SharePoint Team Leader
My Articles blog
I think we need to pay to get DotFuscator .. right ?
Dotfuscator has a free community version that is bundled with Visual Studio that you can use. However the more advanced techniques in obfuscating are only available in the Professional/paid versions.
Abdulla.AbdelHaq
Can we found some one for free ?
There are numerous free ones around, a quick google will yield many results, however I have used both the free and paid version of Dotfuscator and have no complaints.
Abdulla.AbdelHaq
I am really wondering.. it is a global issue .. and I think that Microsoft should create some tool that comes with Visual Studio that will enable you to protect your Dll .
This is not a global issue, rather a caveat of having a high level language that is JIT compiled by a VM into machine code.
Ability to see classes, members, methods and signatures is important since this is how reflection mechanism work. In many cases applications use late-binding and load assemblies dynamically (remember that DLL is a 'dynamic load library') discovering what
methods module has and how to call them. Otherwise dynamic languages like JScript would not work and code would have to be compiled before use. COM has similar mechanism for the late binding via IDispatch and everyone can see type library content using OleView
utility. Reflection, however, does not show code. It only shows class
definition, not class implementation.
Finally, after researching and asking many forums .. I got the following
you can protect your dll and exe files and make the reflector to not understand them, you can use the Dotfuscator Community Edition comes with the VS 2008 professional Edition.
for those who did not have the professional Edition, they can use a free Dotfuscator I found it at downloads.com
Abdulla.Abde...
Contributor
5538 Points
871 Posts
Secure My DLL .. No Reflection ..
Jul 02, 2009 07:44 AM|LINK
Hello Experts,
I do not if there is some body who already asked this question before, but it really get me confused ..
I am just wondering that if there are some way that makes my code very secured ( DLL) which will not allow anyone to open the code and read it using the reflector program
http://www.red-gate.com/products/reflector/
it is really strange .. what is the benefit of DLLs where I can reflect it and open it !!!!!
Abdulla Abdelhaq .NET/SharePoint Team Leader
My Articles
blog
jimmy q
All-Star
54108 Points
3578 Posts
Re: Secure My DLL .. No Reflection ..
Jul 02, 2009 08:23 AM|LINK
This is a caveat of having a higher level language like C# VB.NET that compiles to an intermediate language MSIL. The runtime or VM will JIT compile it to machine code. Hence the DLL are just MSIL so it can be re-engineered back to a higher level language.
This is not confined to .NET and is also a problem with Java as it compiles to java byte code before the VM converts it to machine code.
You can obfuscate your code to make it harder to understand using something like Dotfuscator.
Abdulla.Abde...
Contributor
5538 Points
871 Posts
Re: Secure My DLL .. No Reflection ..
Jul 04, 2009 07:52 AM|LINK
Thanks ...
I think we need to pay to get DotFuscator .. right ?
Can we found some one for free ?
I am really wondering.. it is a global issue .. and I think that Microsoft should create some tool that comes with Visual Studio that will enable you to protect your Dll .
Abdulla Abdelhaq .NET/SharePoint Team Leader
My Articles
blog
jimmy q
All-Star
54108 Points
3578 Posts
Re: Secure My DLL .. No Reflection ..
Jul 04, 2009 08:33 AM|LINK
Dotfuscator has a free community version that is bundled with Visual Studio that you can use. However the more advanced techniques in obfuscating are only available in the Professional/paid versions.
There are numerous free ones around, a quick google will yield many results, however I have used both the free and paid version of Dotfuscator and have no complaints.
This is not a global issue, rather a caveat of having a high level language that is JIT compiled by a VM into machine code.
Mikhail Arkh...
All-Star
33139 Points
6083 Posts
Microsoft
Re: Secure My DLL .. No Reflection ..
Jul 07, 2009 03:25 PM|LINK
Ability to see classes, members, methods and signatures is important since this is how reflection mechanism work. In many cases applications use late-binding and load assemblies dynamically (remember that DLL is a 'dynamic load library') discovering what methods module has and how to call them. Otherwise dynamic languages like JScript would not work and code would have to be compiled before use. COM has similar mechanism for the late binding via IDispatch and everyone can see type library content using OleView utility. Reflection, however, does not show code. It only shows class definition, not class implementation.
I can't comment on quality of obfuscation tools at least my team does not use any. Microsoft assemblies are signed and therefore decompiling, changing and producing new one will not work since new binary will not be signed by Microsoft digital signature. EULA also prohibits reverse engineering. In addition, in some cases source is available (like .NET framework) http://weblogs.asp.net/scottgu/archive/2008/01/16/net-framework-library-source-code-now-available.aspx. We also must be able to debug on customer machine and have Watson crash reports working http://blogs.msdn.com/mikhailarkhipov/archive/2004/06/01/146169.aspx
------------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
Abdulla.Abde...
Contributor
5538 Points
871 Posts
Re: Secure My DLL .. No Reflection ..
Jul 16, 2009 08:01 PM|LINK
Finally, after researching and asking many forums .. I got the following
you can protect your dll and exe files and make the reflector to not understand them, you can use the Dotfuscator Community Edition comes with the VS 2008 professional Edition.
for those who did not have the professional Edition, they can use a free Dotfuscator I found it at downloads.com
http://download. cnet.com/ Macrobject- Obfuscator- NET-2008/ 3000-2247_ 4-178720. html
I tried it by self and it works for me perfectly.
for those people who want to proctect thier dlls from reflector programs, I recommend you to use it.
Abdulla Abdelhaq .NET/SharePoint Team Leader
My Articles
blog