Is there a way to prevent Reflector from being abl

2019-01-24 12:42发布

问题:

Is there a way (reliable and preferably not commercial) to prevent from Reflector to reflect my source code???

Thanks, Adi

回答1:

No. Reflector looks at your assembly just like the .NET runtime would in order to generate native code to execute. The best you could hope for would be to obfuscate your code and make it (somewhat) harder for the reader to understand.

Some pros and cons of performing the obfuscation can be found at Should you obfuscate a commercial .Net application?



回答2:

There is no way to prevent decompiling of .net code, with that said a good obfuscator will make reflected code harder to read, some of them like dotfuscator will prevent reflector from showing the C# code; however, you will always be able to see the IL.

One of the options in Dotfuscator is to use non-printable names (Reflect on reflector) This makes decompiling extremly difficult IMHO.

Microsoft used to sell a Software Proctection and Licensing Service which would encrypt the IL and use a custom VM that was tied to an encryption key which preventing reflecting using the conventional tools. This had a huge performance cost however it was good if you wanted to protect critical algorithims or for example your licensing code.

http://msdn.microsoft.com/en-us/slps/default.aspx



回答3:

try dotfuscator. 2005/2008 comes with a community edition. Failing that re-architecture your code (painful) i.e. ATL/COM objects(private) called by the .NET components (public).

Choice is yours.



回答4:

If you are looking for a good Obfuscator, give RemoteSoft a try.



回答5:

Not so long ago there was Anti reflector trick which was effective because .NET reflector couldn’t translate one particular IL instruction into c# code , but they've released patch and fun is over.



回答6:

Xheo Codeveil is a great product as well. They also have a Licensing solution (for creating serial numbers etc. and then have them activated thorugh your own activation server0



回答7:

DISCLAIMER: I don't work for RedGate the makers of SmartAssembly. I'm just a very happy customer who found a good, affordable solution.

The choice is very simple, choose SmartAssembly! Don't waste your time or money with the other obfuscators in the marketplace. I spent more money in terms of non-billable hours evaluating competing products. They all had fatal flaws and were next to impossible to debug. SmartAssembly is an easy-to-use, well documented, polished application with excellent support. Post a question on their forum and expect an answer reasonably fast by the actual developers.

SmartAssembly is more than an obsfuscator. It has a slew of features, including a built-in, highly customizable crash report generator that your customers can automatically email to you. You can view these reports on either your own server or on red-gates servers. I can't tell you how useful this is when you're beta testing or releasing the product to customers. It also generates debugger files so you can debug any post-release issues you may encounter with your obsfucated product.

If you are delivering a commercial application, it makes sense to spend the money on a decent obsfuscator. A bad choice here can compromise your intellectual property or worse lead you to days of gruesome debugging. What would this cost in comparison to what SmartAssembly costs?



回答8:

Reflector does not use Reflection to show your source code. It uses the .Net metadata (which is in well known published format) to do that.

There is no way to prevent this, but you make make it pointless by obfuscating your assemblies. After obfuscating, class/method/fields are renamed, inline strings in methods are encrypted, method calls are hidden, method control flow is scrambled and so on. So, anybody who use Reflector will see a lot of garbage and will not be able to make sense of most of it.

DISCLAIMER: I work for LogicNP Software, the developers of Crypto Obfuscator



回答9:

Optionally, you can bootstrap your .Net application with a native C++ application. Then you can obfuscate and encrypt all of your .net dll files.

Use the bootstrap c++ application to decrypt all of your files into memory based byte arrays (exact copies of their physical selves).

The way I did it was to keep all of my .net files in one encrypted file with a .DAT extension. The C++ code grabs the files into memory mapped files then uses the CLR hosting API to turn my Native C++ app into a .net app, which I then use load using

Assembly.Load(byte[]...)

So in my app, I avoided create a .net EXE and made my C++ app the EXE so all of my forms, controls, etc etc live in a .Net Dll.