Hi,
I know that when an .NET exe is run, the CLR loads
the exe (along with dependent assemblies),
compiles them to native code then runs the code.
Assuming the assemblies are loaded from a remote
inaccessible location, is it possible that during
any of the stages of loading the exe into memory,
a person with malicious intent could attach a
debugger and serialise the exe and assemblies
to disk so that she can disassemble/decompile them?
Cheers,
--
Akin
aknak at aksoto dot idps dot co dot uk 5 1917
Yes, that is 100% possible.
The CLR will probally save a copy of the files into the
local disk. One place to look at is
c:\windows\asse mbly\download
Even if CLR does not save a copy, one can easily hook up
certain CLR dll to get the .NET assemblies, or use a
debugger as you suggested.
To launch a .NET assembly, CLR first calls into _CorExeMain
() or _CorDLLMain() method defined in c:\windows\syst em32
\mscoree.dll. One can replace mscoree.dll, and save a copy
of all .NET assemblies within those two methods. A few
lines of code will do the trick.
In short, if you want to protect your intellectual
properties, do not distribue the raw files. Once option to
use our obfuscator or protector to protect the code. The
former renames symbols to make it more difficult to
understand the decompiled code, and the protector modifies
code to make decompilation virtually impossible.
For more info, see http://www.remotesoft.com
Huihong -----Original Message----- Hi,
I know that when an .NET exe is run, the CLR loads the exe (along with dependent assemblies), compiles them to native code then runs the code. Assuming the assemblies are loaded from a remote inaccessible location, is it possible that during any of the stages of loading the exe into memory, a person with malicious intent could attach a debugger and serialise the exe and assemblies to disk so that she can disassemble/decompile them?
Cheers,
-- Akin
aknak at aksoto dot idps dot co dot uk
.
I think we're at a point now where it's a given that someone out there can
reverse engineer your code as long as they can run it. Whether it's
intermediate code or machine language, someone has the skills to know how it
works. It's always been that way, really, which is a reason why security by
obfuscation is unreliable. The key is making sure your data is secure,
since it is the true commodity.
Sky Fly wrote: Hi,
I know that when an .NET exe is run, the CLR loads the exe (along with dependent assemblies), compiles them to native code then runs the code.
No. Code is JIT compiled on a method by method basis. The *first* time a
method is called it is JIT compiled and the native code is cached in memory.
After that, when the same method is called the cached native code is used.
This means that if a method is not called, it is not JIT compiled.
Assuming the assemblies are loaded from a remote inaccessible location, is it possible that during any of the stages of loading the exe into memory, a person with malicious intent could attach a debugger and serialise the exe and assemblies to disk so that she can disassemble/decompile them?
When the library is downloaded it is stored in the Downloads folder, so that
on future runs it is not downloaded again. If you use the command console
you can locate the actual folder where the assembly is stored and
disassemble it.
Richard
--
my email ev******@zicf.b et is encrypted with ROT13 ( www.rot13.org)
"Keith Patrick" <ri************ *******@nospam. hotmail.com> wrote in message news:<#6******* *******@TK2MSFT NGP11.phx.gbl>. .. I think we're at a point now where it's a given that someone out there can reverse engineer your code as long as they can run it. Whether it's intermediate code or machine language, someone has the skills to know how it works. It's always been that way, really, which is a reason why security by obfuscation is unreliable. The key is making sure your data is secure, since it is the true commodity.
I dislike the argument that it doesn't matter if it's machine code
or intermediate code, I think that is an enormous copout started by
Sun and now Microsoft.
Yes you can disassemble machine language into assembler but getting
the original source code back is nowhere near as easy as with IL or
Java bytecode. It takes real skill to understand what's going on
with machine code, it takes no skill at all to run Anakrino, so in
effect anybody can access your code in .Net or JAD if you're using
Java.
In machine code the data and instructions are intermingled so it is
orders or magnitude more difficult to recover the original source code.
Take a look at dcc from the University of Queensland to see what sort
of C output you get from machine code. It's also very compiler dependent
so I believe code compiled with Borland will produce different native
code than say Microsoft's compiler.
Thanks
Godfrey Nolan in**@riis.com
Amen.
- Alek
"Godfrey Nolan" <in**@riis.co m> wrote in message
news:20******** *************** ***@posting.goo gle.com... "Keith Patrick" <ri************ *******@nospam. hotmail.com> wrote in
message news:<#6******* *******@TK2MSFT NGP11.phx.gbl>. .. I think we're at a point now where it's a given that someone out there
can reverse engineer your code as long as they can run it. Whether it's intermediate code or machine language, someone has the skills to know
how it works. It's always been that way, really, which is a reason why
security by obfuscation is unreliable. The key is making sure your data is secure, since it is the true commodity.
I dislike the argument that it doesn't matter if it's machine code or intermediate code, I think that is an enormous copout started by Sun and now Microsoft.
Yes you can disassemble machine language into assembler but getting the original source code back is nowhere near as easy as with IL or Java bytecode. It takes real skill to understand what's going on with machine code, it takes no skill at all to run Anakrino, so in effect anybody can access your code in .Net or JAD if you're using Java.
In machine code the data and instructions are intermingled so it is orders or magnitude more difficult to recover the original source code. Take a look at dcc from the University of Queensland to see what sort of C output you get from machine code. It's also very compiler dependent so I believe code compiled with Borland will produce different native code than say Microsoft's compiler.
Thanks
Godfrey Nolan in**@riis.com This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Yang Li Ke |
last post by:
Hi guys!
Anyone know a way so that users purchasing
my scripts would not be able to share them
with other people ?
Yang
|
by: Alan Sheehan |
last post by:
Hi pythonistas,
I am looking for methods of deploying applications with end users so
that the python code is tamper proof. What are my options ?
I understand I can supply .pyc or .pyo files but they can easily be
reverse engineered I am told.
Is it possible to load the scripts from zip files where the zip files
are password protected ?
|
by: nell |
last post by:
Hi all,
I've developed a testing application in python, and should supply it in
a way that no one (lets say they are regular users) will understand it
and edit it.
The application source is all python but we expose a UI written in C#
that go over all our code and expose to user functions (Indicated with
a special prefix).
So the problem on one hand is protecting the source and make it less
accessible ond on the other hand to make it...
|
by: Roland Hall |
last post by:
I read Aaron's article: http://www.aspfaq.com/show.asp?id=2276 re:
protecting images from linked to by other sites. There is a link at the
bottom of that page that references an interesting article about ways of
protecting your images from being downloaded. It was my understanding that
if the client sees it, then it's in the client cache. Am I wrong in this
belief or not?
I took the information in the article and created the .asp that...
|
by: John |
last post by:
Dear all,
I've got a security question that is so difficult that "maybe" there will be
no answer for it. It's regarding protecting asp code.
I did write some asp code, that I sell to companies, to control several
dbases. Because I sell the code, it's not that they own the code and can
sell it further or change the code, or add some extra code to it. It's like
I'm selling a program like Excel and that they can use the program, not...
| |
by: Shawn |
last post by:
Hi.
I have a folder that contains a lot of different documents. xls, .doc, .pdf
etc. Different users have access to different documents. The problem is
that if a user knows the name of a document then he can just write the path
into IE and get access to it anyway. Is it possible to prevent this?
Thanks,
Shawn
|
by: Dr. Edmund M. Hayes |
last post by:
I wrote a access program that works well enough that a handful of
people would like to buy it from me.
My problem is that if I sell it to someone there is no mechanism that
I know of to protect them from giving it to anyone they feel like.
The program produces reports that are specific to a particular
organization but that does stop anyone from just modifying that report
to make it specific to another organization, who they might have...
|
by: flit |
last post by:
Hello All,
I have a hard question, every time I look for this answer its get out
from the technical domain and goes on in the moral/social domain.
First, I live in third world with bad gov., bad education, bad police
and a lot of taxes and bills to pay, and yes I live in a democratic
"state" (corrupt, but democratic).
So please, don't try to convince me about the social / economical /
open source / give to all / be open / all people are...
|
by: xamman |
last post by:
hi there! according to msdn (link at bottom) i should be able to
protect a whole class declaratively as above. However i keep getting
'request for principal permissions failed' exceptions.
in the msdn article a reference is made to include
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)
in your code to set the appdomain principal.I can understand how to
use setprincipalpolicy to protect a method declaratively...
|
by: rogerjames1 |
last post by:
How would I go about protecting a whole directory, e.g.
http://www.example.com/members/ and all sub-directories with login
protection? I wouldn't like to put a .php script in each directory and
I'd like to protect all file-types
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
| |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |