none
Creating Secure Dll RRS feed

Answers

  • No it cannot be done.  It doesn't matter whether you use obfuscators, encryptors or anything else.  As soon as the binary is loaded into memory anyone with a memory reader can see the entire contents of the binary file.  All they need is admin privileges to the machine.  In most cases they don't even need to load the app since the binary file is already stored on disk in mostly the same layout.  There are a few tools that encrypt the file on disk but they still have to decrypt it in memory unless they use a third-party execution engine.  

    Given the contents of a binary file it is not that difficult to disassemble it back to a semblance of the original code.  This has been possible for decades and is all but impossible to prevent (I used to use Sourcer myself and even wrote a thesis on automatic decompilers back in the day).  The good side is that the effort involved to disassemble code without the use of an automation tool (good ones are hard to find) is really high so someone would really want to see your code before they are likely to make the effort.

    For .NET assemblies it is incredibly simple to decompile back to a very close approximation to the source.  Therefore if you have an algorithm that is very sensitive then you shouldn't be using .NET for it.  Note that .NET has obfuscators as well but, again, it really isn't that hard to get back to the original source.  The source might not be easily understood but it will still be obtainable.

    Michael Taylor
    http://msmvps.com/blogs/p3net

    Friday, January 10, 2014 8:23 PM
    Moderator

All replies

  • yes, create for your own use, just don't give it to anybody.


    Visual C++ MVP

    Friday, January 10, 2014 3:54 PM
  • No it cannot be done.  It doesn't matter whether you use obfuscators, encryptors or anything else.  As soon as the binary is loaded into memory anyone with a memory reader can see the entire contents of the binary file.  All they need is admin privileges to the machine.  In most cases they don't even need to load the app since the binary file is already stored on disk in mostly the same layout.  There are a few tools that encrypt the file on disk but they still have to decrypt it in memory unless they use a third-party execution engine.  

    Given the contents of a binary file it is not that difficult to disassemble it back to a semblance of the original code.  This has been possible for decades and is all but impossible to prevent (I used to use Sourcer myself and even wrote a thesis on automatic decompilers back in the day).  The good side is that the effort involved to disassemble code without the use of an automation tool (good ones are hard to find) is really high so someone would really want to see your code before they are likely to make the effort.

    For .NET assemblies it is incredibly simple to decompile back to a very close approximation to the source.  Therefore if you have an algorithm that is very sensitive then you shouldn't be using .NET for it.  Note that .NET has obfuscators as well but, again, it really isn't that hard to get back to the original source.  The source might not be easily understood but it will still be obtainable.

    Michael Taylor
    http://msmvps.com/blogs/p3net

    Friday, January 10, 2014 8:23 PM
    Moderator
  • Yes it can be done but you also lost some capabilities like reflection (because the ofuscator will change all the names of your classes, methods, properties and attributes).

    To try I recommend the tools from www.redgate.com, but there are more tools to do that. If you look in the tools menu of Visual Studio is also there a .net ofuscator, but is a third party tool.

    Tuesday, January 14, 2014 2:23 AM
  • Which technology would be best suited for the same???

    Sahil Tyagi

    Tuesday, January 14, 2014 2:26 PM