|
| Decompiler |
|
|
|
|
| Messages |
|
Related Types |
This message was discovered on microsoft.public.dotnet.security.
Responses highlighted in red are from those people who are likely to be able to contribute good, authoratitive information to this discussion. They include Microsoft employees, MVP's and others who IMHO contribute well to these kinds of discussions.
| Emad Rangchi |
Hi
I am .Net programmer .but have a problem with .Net
I found a software who decode teh MSIL code to source code.how can I prevent
this in my project
Thanks for any suggestion
__________________________________________________________________ emad
rangchi ICQ#: 130046475 Current ICQ status: + More ways to contact me i See
more about me:
__________________________________________________________________
|
|
|
| |
|
| |
| | |
| |
| news.microsoft.com |
There are a number of companies today who sell .net code protection
products:
Obfuscators. Obfuscators process .net binary byte code and attempt to
mangle the symbol names so the resulting disassembly is less readable.
a.. The good.
a.. Obfuscators offers some level of protection against people easily
reading your source code, for example member function names such as
"IsLicenseValid()" becomes "xyz()".
b.. Obfuscators can apply some tricks that may cause various
disassemblers to crash.
b.. The bad
a.. Programs are still disassemblable, they are just slightly more
difficult to read. Because disassemblers cannot encrypt symbol names that
interface with the .NET Framework, it's not very hard to follow what is
happening, even in the obfuscated state.
b.. IL byte code disassembly is very structured and much easier to read
than say Intel binary disassembly.
c.. Bugs that cause disassemblers to crash will undoubtedly be fixed
soon, so depending on this trick is a very short-sighted solution.
d.. Obfuscated symbols may cause programs to fail, especially if they
use reflection.
e.. Obfuscated symbols makes crash call traces look like garbage, making
it difficult to test and debug release versions of your software.
f.. Obfuscators typically have a large number of options that need
manual adjustment to achieve higher levels of security at the risk of less
compatibility with the original byte code.
c.. The price
a.. Obfuscators range in price from Free to $50 to $1400, checkout
Frank Lesser's "LSW IL Obfuscator" for a quality inexpensive obfuscator.
RemoteSoft Salamander Protector. Saves the result of a JIT transform on the
byte code.
a.. The good.
a.. Provides a good level of security, this method is unlikely to
reversed back into IL byte code.
b.. The bad.
a.. This method is not compatible across .NET Framework Service packs.
For example EXE files created using .NET Framework Service Initial Release
do not work with installations of Service Pack 2. Because many users may
have different installations of the framework installed, this solution
becomes useful only in very controlled environments - but usually in these
environments protection is not strongly needed.
b.. This method is not likely to be compatible across .NET Releases.
When 1.1 is release, previous programs Salamander Protector will most likely
fail.
c.. Salamander requires a secondary DLL to be shipped with you
application. This could complicate installation and pose additional support
problems.
d.. Programs created with Salamander are limited to the Windows Intel
Platform.
c.. The price
a.. Cost $799
Thinstall.NET. Applies full-program wrapping encryption that operates
outside the .NET Framework
a.. The good
a.. Stops all disassemblers and tools that operate on .NET binaries.
b.. Compatible across all .NET Framework Service packs and releases.
When MS releases 1.1, Thinstall.NET should continue to work with no changes.
c.. Compresses .NET programs several times more than obfuscators,
typically 50% or more.
d.. Because of above, load times are often improved by 2x.
e.. This solution requires no extra outside files - everything remains
in a single EXE file.
f.. Allows full use of reflection with no program changes.
g.. Crash traces show full symbol names so testing and debugging release
builds is possible using the JIT debugger.
h.. Thinstall.NET is very simple to use, just enter the name of the EXE
and click build.
b.. The bad
a.. Because the original byte code is decrypted in memory just before
being passed to the JIT compiler it is technically possible for someone, who
knows where and when, to save it off to disk. We think this is an
acceptable risk for most developers.
b.. Programs created with Thinstall.NET are limited to the Windows Intel
Platform
c.. The price
Cost: $59, $399 for a version that does not require an Internet connection.
"Emad Rangchi" <Click here to reveal e-mail address> wrote in message
news:e6Ep0U1pCHA.2460@TK2MSFTNGP12...
[Original message clipped]
|
|
|
| |
|
| |
| |
| M. Veurman |
[Original message clipped]
You don't want to know how easy it is. There is this tool procdump, which
dumps a running process into a PE file (exe/dll). Just run the 'Thinstalled'
application, save the process using procdump and the file disassembles like
a charm.
M.Veurman
"news.microsoft.com" <Click here to reveal e-mail address> wrote in
message news:eCfl7antCHA.2028@TK2MSFTNGP11...
[Original message clipped]
|
|
|
| |
|
| |
| |
| Michael Giagnocavo (VIP) |
Thats interesting, have you tried this? Because it crashes for me on the
simplest of .net programs...
-mike
"M. Veurman" <Click here to reveal e-mail address> wrote in message
news:#pHAPg$tCHA.2492@TK2MSFTNGP10...
[Original message clipped]
|
|
|
| |
|
|
| |
| |
| Frank Lesser [LSW] |
Hi,
so far as know thinstall is robust against procdump.
However thinstall together with an obfuscator offers the best protection.
We are very busy releasing the next versions of our obfuscator and
reflection-browser.
The reflection browser contains a state-of-the-art decompiler - our next
version 1.1 decompiles huge assemblies to C# ( 200 K Lines ) in a few
minutes.
Our next generation obfuscator focuses on Project obfuscation /
Serialization / and Reflection.
with best regards, Frank Lesser, www.lesser-software.com
"Michael Giagnocavo" <Click here to reveal e-mail address> wrote in message
news:uh718w$tCHA.1632@TK2MSFTNGP12...
[Original message clipped]
|
|
|
| |
|
| |
| |
| Michael Giagnocavo (VIP) |
Have you gotten procdump to work on any .NET program? I wrote a very simple
little program and the latest procdump32 program crashes when I try to dump
it...
-mike
"Frank Lesser [LSW]" <Click here to reveal e-mail address> wrote in message
news:On8jnzCuCHA.2596@TK2MSFTNGP12...
[Original message clipped]
|
|
|
| |
|
|
| |
| |
| Frank Lesser [LSW] |
Michael,
I guess the procdump will not work on .NET PE's.
Our Reflection-Browser works on .NET PE's but will also fail to decomple
thinstalled .NET Programs.
Our Browser can therefore work on .NET PE's without .NET installed and
although we didn't test it the new 1.1 version
should even work on Windows95.
However obfuscation before protection of the PE is the best way. Thinstall -
although really difficult to crack - maybe cracked at some day.
Frank
"Michael Giagnocavo" <Click here to reveal e-mail address> wrote in message
news:#TNoYwDuCHA.2592@TK2MSFTNGP10...
> Have you gotten procdump to work on any .NET program? I wrote a very
simple
> little program and the latest procdump32 program crashes when I try to
dump
[Original message clipped]
|
|
|
| |
|
|
| |
|
|
|
| |
| M. Veurman |
Hi,
I've been using this procdump version:
http://www.tlsecurity.net/windows/misc/procdump.html
I have used it successfully on the example hello_world.exe as supplied by
thinstall (http://thinstall.com/downloads/hello_world.exe).
1. Run hello_world.exe
2. Startup procdump.exe
3. Select the hello_world.exe process in the list
4. Right click on hello_world.exe process in the list and select 'Dump
(full)'
5. Save it as hello_world_unpacked.exe
6. Now open up your favorite dissasembler (ildasm will do) and load the
hello_world_unpacked.exe file
Presto, the source for the button click event:
private void button1_Click(object sender, EventArgs e) {
MessageBox.Show(this.textBox1.Text, "phatty says:");
}
"Michael Giagnocavo" <Click here to reveal e-mail address> wrote in message
news:uh718w$tCHA.1632@TK2MSFTNGP12...
[Original message clipped]
|
|
|
| |
|
| |
| |
| Frank Lesser [LSW] |
thinstall - procdump issue
this will be fixed immediatley ...
Frank
"M. Veurman" <Click here to reveal e-mail address> wrote in message
news:u$chKkIuCHA.2516@TK2MSFTNGP09...
[Original message clipped]
|
|
|
| |
|
| |
|
|
|
| |
| news.microsoft.com |
Hi Mr Veurman,
Thanks for bringing this to my attention. I have fixed this problem in
Thinstall
Version 1.966. For verification, you can download and test the new
protected
hello world here:
http://thinstall.com/downloads/hello_world.exe (114k)
You can still use ProcDump to create a memory image, but this will not
recover
any information about the program, only a 4 line stub program.
Jonathan
"M. Veurman" <Click here to reveal e-mail address> wrote in message
news:#pHAPg$tCHA.2492@TK2MSFTNGP10...
[Original message clipped]
|
|
|
| |
|
|
| |
|
|
|
|
|
|
|
|
|
|
BootFX
Reliable and powerful .NET application framework. |
|
|
|
|
|
|
