Topic: The Future of .NET Reflector

[Kerry]

http://www.simple-talk.com/opinion/opinion-pieces/the-future-of-reflector-/

This article has been viewed 7588 times

... in 1 1/2 days

[Kerry]

http://www.red-gate.com/products/reflector/

http://www.red-gate.com/products/pinvoke.net/index.htm

[HD]

Prior to Kerry's posts, I was using the .NET Reflector tool on one of my assemblies and noticed that everthing (all code) was exposed. So these posts are a good segue to my question. Does anyone know how an assembly is supposed to be created / compiled so that everything is not exposed?

[It's Alive!]

I haven’t tried any yet, but there are a few .NET obfuscators out the on the net.

[It's Alive!]

Here is an example of a DLL that has been obfuscated by the obfuscator that comes with VS2005.

a sample of code too

Code: [Select]

  public static ObjectId a(ObjectIdCollection A_0, string A_1, string A_2, Database A_3)
    {
        if (A_3 == null)
        {
            throw new ArgumentNullException("Database database");
        }
        if (A_0 == null)
        {
            throw new ArgumentNullException("ObjectIdCollection IdCollection");
        }
        ObjectId @null = ObjectId.Null;
        bool flag = false;
        TransactionManager transactionManager = A_3.TransactionManager;
        using (Transaction transaction = transactionManager.StartTransaction())
        {
            DBDictionary dictionary = (DBDictionary) transactionManager.GetObject(A_3.GroupDictionaryId, OpenMode.ForWrite, false);
            if (A_1 == null)
            {
                A_1 = string.Empty;
            }
            Group newValue = new Group(A_1, true);
            if (A_2 == null)
            {
                dictionary.SetAt("da1ed6ef-8842-4517-9a55-f2d26fffd66f", newValue);
                flag = true;
            }
            else if (dictionary.Contains(A_2))
            {
                dictionary.SetAt("da1ed6ef-8842-4517-9a55-f2d26fffd66f", newValue);
                flag = true;
            }
            else
            {
                dictionary.SetAt(A_2, newValue);
            }
            transaction.AddNewlyCreatedDBObject(newValue, true);
            newValue.Append(A_0);
            if (flag)
            {
                newValue.SetAnonymous();
            }
            @null = newValue.ObjectId;
            transaction.Commit();
        }
        return @null;
    }



[HD]

Thanks Daniel. I just examined your dll using the .Net Reflector tool. Interesting results -- not much there By any chance, off the top of your head, do you know if .NET obfuscators hide <summary> </summary>, <returns> </returns>, etc? I suspect not -- just thought I would ask.

[It's Alive!]

There are tons of settings you can choose from. For example if you can choose library mode, all the namespaces and /// comments will be preserved, but then the obfuscation level is much less. I’m sure there are better systems out there as this one is just a free version.

[It's Alive!]

I just updated mine ...

[sinc]

If you want to see an example of what the full edition of Dotfuscator does, you can download the free trial of the Sincpac-C3D, and try to look at it with Reflector.

I don't think I have it set to the maximum protection - for example, I don't think I have string encryption turned on.  But it's still pretty difficult to find anything to latch onto in order to start decompiling.  And many methods can't be decompiled at all.

Since all identifiers are replaced with names that are only one or two characters long, it's supposed to even speed up code execution,   but I haven't done any benchmark tests yet to see exactly how much effect this really has.

[It's Alive!]

I figure once I am good enough to write anything worth hiding, I will write in native code then wrap it.
As of now, my kludge style of coding is obfuscating enough 

[David Hall]

I figure once I am good enough to write anything worth hiding, 

My thoughts exactly, who would want to steal my code?  Hell I'll give it to you if you can improve it and send me a copy back

 

[Spike Wilbury]

I use C# for my personal usage routines....


Just by doing a quick and simple google search, there are a lot info about Deobfuscator's for NET apps....