Optionally, you can bootstrap your .Net application with a native C++ application. Then you can obfuscate and encrypt all of your .net dll files.

Use the bootstrap c++ application to decrypt all of your files into memory based byte arrays (exact copies of their physical selves).

The way I did it was to keep all of my .net files in one encrypted file with a .DAT extension. The C++ code grabs the files into memory mapped files then uses the CLR hosting API to turn my Native C++ app into a .net app, which I then use load using

Assembly.Load(byte[]...)

So in my app, I avoided create a .net EXE and made my C++ app the EXE so all of my forms, controls, etc etc live in a .Net Dll.

If you are looking for a good Obfuscator, give RemoteSoft a try.

No. Reflector looks at your assembly just like the .NET runtime would in order to generate native code to execute. The best you could hope for would be to obfuscate your code and make it (somewhat) harder for the reader to understand.

Some pros and cons of performing the obfuscation can be found at Should you obfuscate a commercial .Net application?

Xheo Codeveil is a great product as well. They also have a Licensing solution (for creating serial numbers etc. and then have them activated thorugh your own activation server0

Reflector does not use Reflection to show your source code. It uses the .Net metadata (which is in well known published format) to do that.

There is no way to prevent this, but you make make it pointless by obfuscating your assemblies. After obfuscating, class/method/fields are renamed, inline strings in methods are encrypted, method calls are hidden, method control flow is scrambled and so on. So, anybody who use Reflector will see a lot of garbage and will not be able to make sense of most of it.

DISCLAIMER: I work for LogicNP Software, the developers of Crypto Obfuscator

DISCLAIMER: I don't work for RedGate the makers of SmartAssembly. I'm just a very happy customer who found a good, affordable solution.

The choice is very simple, choose SmartAssembly! Don't waste your time or money with the other obfuscators in the marketplace. I spent more money in terms of non-billable hours evaluating competing products. They all had fatal flaws and were next to impossible to debug. SmartAssembly is an easy-to-use, well documented, polished application with excellent support. Post a question on their forum and expect an answer reasonably fast by the actual developers.

SmartAssembly is more than an obsfuscator. It has a slew of features, including a built-in, highly customizable crash report generator that your customers can automatically email to you. You can view these reports on either your own server or on red-gates servers. I can't tell you how useful this is when you're beta testing or releasing the product to customers. It also generates debugger files so you can debug any post-release issues you may encounter with your obsfucated product.

If you are delivering a commercial application, it makes sense to spend the money on a decent obsfuscator. A bad choice here can compromise your intellectual property or worse lead you to days of gruesome debugging. What would this cost in comparison to what SmartAssembly costs?