Hi!
I just wonder about this Reflector tool.
If I made a dll in .NET can then a person that have this DLL look at all the
source code by using the Reflector tool ?
I mean can he/she recreate all the source code.
If I instead have a DLL unmanaged code for example made in C++ is it here
possible look at the source code by using some kind of tool.
I mean something that remind of Reflector ?
//Tony
|
|
0
|
|
|
|
Reply
|
 Tony
|
4/10/2010 7:09:35 PM |
|
Since .NET programs and libraries are compiled to MSIL, basically yes.
Anyone can use .NET Reflector to view your source code almost as you
wrote it. You can use various tools (Dotfuscator, etc.) to make the code
more difficult to interpret, but if someone really wants to reverse
engineer your code they will. It's that simple. You can make it more or
less difficult but never impossible.
When programs are written in C and C++ they are compiled to native
machine code and are rather more difficult to reverse engineer than
MSIL, but still never impossible. If you wish to protect your .NET code
so that some idiot doesn't take credit for your work, the best you can
do is use obfuscation techniques to make the code so difficult to
understand that it would be easier for them to write an application from
scratch that does the same thing. There are commercial tools available
to make this process easier and also provide string encryption, etc.
James Finch (MCDST)
On 10/04/2010 20:09, Tony Johansson wrote:
> Hi!
>
> I just wonder about this Reflector tool.
> If I made a dll in .NET can then a person that have this DLL look at all the
> source code by using the Reflector tool ?
> I mean can he/she recreate all the source code.
>
> If I instead have a DLL unmanaged code for example made in C++ is it here
> possible look at the source code by using some kind of tool.
> I mean something that remind of Reflector ?
>
> //Tony
>
>
|
|
|
0
|
|
|
|
Reply
|
James
|
4/10/2010 7:58:52 PM
|
|
On 4/10/2010 3:58 PM, James Finch wrote:
> Since .NET programs and libraries are compiled to MSIL, basically yes.
> Anyone can use .NET Reflector to view your source code almost as you
> wrote it. You can use various tools (Dotfuscator, etc.) to make the code
> more difficult to interpret, but if someone really wants to reverse
> engineer your code they will. It's that simple. You can make it more or
> less difficult but never impossible.
>
> When programs are written in C and C++ they are compiled to native
> machine code and are rather more difficult to reverse engineer than
> MSIL, but still never impossible. If you wish to protect your .NET code
> so that some idiot doesn't take credit for your work, the best you can
> do is use obfuscation techniques to make the code so difficult to
> understand that it would be easier for them to write an application from
> scratch that does the same thing. There are commercial tools available
> to make this process easier and also provide string encryption, etc.
>
> James Finch (MCDST)
>
Many would say the best you could do is to create web services so that
the heart of your code is remote and thus inaccessible. True that they
could reverse engineer the client that connects to your service, but
they cannot identify an algorithm that maybe you wanted protected which
is housed on the server.
--
Mike
|
|
|
0
|
|
|
|
Reply
|
Family
|
4/10/2010 8:22:49 PM
|
|
On 10-4-2010 21:09, Tony Johansson wrote:
> Hi!
>
> I just wonder about this Reflector tool.
> If I made a dll in .NET can then a person that have this DLL look at all the
> source code by using the Reflector tool ?
> I mean can he/she recreate all the source code.
>
> If I instead have a DLL unmanaged code for example made in C++ is it here
> possible look at the source code by using some kind of tool.
> I mean something that remind of Reflector ?
>
Any compiled code available to a third party can be reverse engineered,
the only factor involved is time.
If you want to be sure that your code doesn't fall into other hands, the
only option is to not deliver it to those hands.
However, before considering switching languages, complex obfuscation and
encryption techniques, there's one important point that lots of people
seem to forget:
Most code written is not rocket science, and is easier to write
yourself, than to reverse engineer.
Don't let it worry you too much.
--
Willem van Rumpt
|
|
|
0
|
|
|
|
Reply
|
Willem
|
4/10/2010 9:03:10 PM
|
|
I was just curious!!
//Tony
"Willem van Rumpt" <wdotvandotrumpt@skoutsoftdotcom> skrev i meddelandet
news:%23R9sDFP2KHA.3844@TK2MSFTNGP05.phx.gbl...
> On 10-4-2010 21:09, Tony Johansson wrote:
>> Hi!
>>
>> I just wonder about this Reflector tool.
>> If I made a dll in .NET can then a person that have this DLL look at all
>> the
>> source code by using the Reflector tool ?
>> I mean can he/she recreate all the source code.
>>
>> If I instead have a DLL unmanaged code for example made in C++ is it here
>> possible look at the source code by using some kind of tool.
>> I mean something that remind of Reflector ?
>>
>
> Any compiled code available to a third party can be reverse engineered,
> the only factor involved is time.
>
> If you want to be sure that your code doesn't fall into other hands, the
> only option is to not deliver it to those hands.
>
> However, before considering switching languages, complex obfuscation and
> encryption techniques, there's one important point that lots of people
> seem to forget:
>
> Most code written is not rocket science, and is easier to write yourself,
> than to reverse engineer.
>
> Don't let it worry you too much.
>
> --
> Willem van Rumpt
|
|
|
0
|
|
|
|
Reply
|
Tony
|
4/10/2010 9:17:57 PM
|
|
Willem van Rumpt wrote:
> However, before considering switching languages, complex obfuscation
> and encryption techniques, there's one important point that lots of
> people seem to forget:
>
> Most code written is not rocket science, and is easier to write
> yourself, than to reverse engineer.
Exactly! Fully agreed. Many people seem to forget that.
--
Rudy Velthuis http://rvelthuis.de
"Computers are good at following instructions, but not at reading
your mind." -- Donald Knuth
|
|
|
0
|
|
|
|
Reply
|
Rudy
|
4/10/2010 10:46:35 PM
|
|
Tony Johansson wrote:
> Hi!
>
> I just wonder about this Reflector tool.
> If I made a dll in .NET can then a person that have this DLL look at all the
> source code by using the Reflector tool ?
> I mean can he/she recreate all the source code.
>
> If I instead have a DLL unmanaged code for example made in C++ is it here
> possible look at the source code by using some kind of tool.
> I mean something that remind of Reflector ?
You got a lot of good replies, but more specifically to your question:
yes, there are tools that "decompile" unmanaged code back to other
languages, such as C++. They work best when you know the original
tools/languages used to create the unmanaged, compiled native code, just
as Reflector works best when you tell it what version of .NET was used
and what language.
..NET MSIL is especially easy to decompile a la Reflector, because so
little of the optimization happens during the C#-to-IL stage and because
so much of the original information is still present (variable names,
meta-data for data structures, etc.). But even the unmanaged
decompilation tools can do a remarkably good job.
Pete
|
|
|
0
|
|
|
|
Reply
|
Peter
|
4/10/2010 11:44:19 PM
|
|
"Peter Duniho" <no.peted.spam@no.nwlink.spam.com> skrev i meddelandet
news:OBPa%23eQ2KHA.4016@TK2MSFTNGP05.phx.gbl...
> Tony Johansson wrote:
>> Hi!
>>
>> I just wonder about this Reflector tool.
>> If I made a dll in .NET can then a person that have this DLL look at all
>> the
>> source code by using the Reflector tool ?
>> I mean can he/she recreate all the source code.
>>
>> If I instead have a DLL unmanaged code for example made in C++ is it here
>> possible look at the source code by using some kind of tool.
>> I mean something that remind of Reflector ?
>
> You got a lot of good replies, but more specifically to your question:
> yes, there are tools that "decompile" unmanaged code back to other
> languages, such as C++. They work best when you know the original
> tools/languages used to create the unmanaged, compiled native code, just
> as Reflector works best when you tell it what version of .NET was used and
> what language.
>
> .NET MSIL is especially easy to decompile a la Reflector, because so
> little of the optimization happens during the C#-to-IL stage and because
> so much of the original information is still present (variable names,
> meta-data for data structures, etc.). But even the unmanaged
> decompilation tools can do a remarkably good job.
>
> Pete
Hi!
Is it possible to say that MSIL can in a way be understood as a language of
it's own just to get a better understanding of MSIL.
//Tony
|
|
|
0
|
|
|
|
Reply
|
Tony
|
4/11/2010 7:59:23 AM
|
|
Tony Johansson wrote:
> Is it possible to say that MSIL can in a way be understood as a language of
> it's own just to get a better understanding of MSIL.
I'm not sure I understand the question. But yes, MSIL is absolutely a
language in and of itself. It is the low-level instruction code used by
Microsoft's "common language infrastructure".
It would be silly to write code in MSIL itself, because of the several
excellent high-level language choices available. But certainly there's
some value in understanding MSIL as a language unto itself; doing so
gives one a greater and deeper insight into what actually happens when
you write specific kinds of code inthe higher-level languages.
Pete
|
|
|
0
|
|
|
|
Reply
|
Peter
|
4/11/2010 8:06:01 AM
|
|
On 10-04-2010 16:22, Family Tree Mike wrote:
> On 4/10/2010 3:58 PM, James Finch wrote:
>> Since .NET programs and libraries are compiled to MSIL, basically yes.
>> Anyone can use .NET Reflector to view your source code almost as you
>> wrote it. You can use various tools (Dotfuscator, etc.) to make the code
>> more difficult to interpret, but if someone really wants to reverse
>> engineer your code they will. It's that simple. You can make it more or
>> less difficult but never impossible.
>>
>> When programs are written in C and C++ they are compiled to native
>> machine code and are rather more difficult to reverse engineer than
>> MSIL, but still never impossible. If you wish to protect your .NET code
>> so that some idiot doesn't take credit for your work, the best you can
>> do is use obfuscation techniques to make the code so difficult to
>> understand that it would be easier for them to write an application from
>> scratch that does the same thing. There are commercial tools available
>> to make this process easier and also provide string encryption, etc.
>
> Many would say the best you could do is to create web services so that
> the heart of your code is remote and thus inaccessible. True that they
> could reverse engineer the client that connects to your service, but
> they cannot identify an algorithm that maybe you wanted protected which
> is housed on the server.
It can be a fine solution.
But it does have some implications regarding being connected,
performance etc..
Arne
|
|
|
0
|
|
|
|
Reply
|
ISO
|
4/11/2010 7:38:48 PM
|
|
On 11-04-2010 03:59, Tony Johansson wrote:
> Is it possible to say that MSIL can in a way be understood as a language of
> it's own just to get a better understanding of MSIL.
MSIL is the assembler language for the CLR.
You can write manually MSIL code if you want to.
..NET comes with the ILASM utility to assemble it.
Example:
C.il
----
..assembly extern mscorlib {}
..assembly C
{
.ver 1:0:0:0
}
..class public C extends [mscorlib]System.Object
{
.method public specialname rtspecialname instance void .ctor() cil
managed
{
ret
}
.method public hidebysig instance void M() cil managed
{
ldstr "This also works"
call void [mscorlib]System.Console::WriteLine(string)
ret
}
}
Test.cs
-------
using System;
public class Test
{
public static void Main(string[] args)
{
C o = new C();
o.M();
}
}
Build & run
-----------
C:\>ilasm /dll C.il
Microsoft (R) .NET Framework IL Assembler. Version 2.0.50727.3053
Copyright (c) Microsoft Corporation. All rights reserved.
Assembling 'C.il' to DLL --> 'C.dll'
Source file is ANSI
Assembled method C::.ctor
Assembled method C::M
Creating PE file
Emitting classes:
Class 1: C
Emitting fields and methods:
Global
Class 1 Methods: 2;
Emitting events and properties:
Global
Class 1
Writing PE file
Operation completed successfully
C:\>csc /r:C.dll Test.cs
Microsoft (R) Visual C# 2008 Compiler version 3.5.30729.1
for Microsoft (R) .NET Framework version 3.5
Copyright (C) Microsoft Corporation. All rights reserved.
C:\>Test
This also works
Arne
|
|
|
0
|
|
|
|
Reply
|
ISO
|
4/11/2010 8:07:38 PM
|
|
On 10-04-2010 15:09, Tony Johansson wrote:
> I just wonder about this Reflector tool.
> If I made a dll in .NET can then a person that have this DLL look at all the
> source code by using the Reflector tool ?
> I mean can he/she recreate all the source code.
He/she can create source code that compiles to the same binary as
your source code.
What will be missing is:
- comments
- names of local variables
Plus what is not the original source code:
- documentation
- the knowledge of the developers that write the code
For the typical business app then the missing parts is
sufficient to make it more costly to reverse engineer the entire
binary in a form that is maintainable than it is to create
source code from scratch.
But it does also mean that it takes about 10 seconds to
find embedded passwords or other secrets in the code.
Passwords/keys should be entered not embedded in the code.
And security should not rely on the algorithm being secret.
> If I instead have a DLL unmanaged code for example made in C++ is it here
> possible look at the source code by using some kind of tool.
> I mean something that remind of Reflector ?
A lot more difficult.
Under normal circumstances nobody would even try to
decompile a large native binary.
But if the gain by doing it is sufficient high, then
someone will do it.
Arne
|
|
|
0
|
|
|
|
Reply
|
ISO
|
4/11/2010 8:20:26 PM
|
|
|
11 Replies
290 Views
(page loaded in 0.18 seconds)
|
Search |
Post Question |
Groups |
Stream |
About |
Register
1933 articles. 
1 followers. 