Yes, that is 100% possible.
The CLR will probally save a copy of the files into the
local disk. One place to look at is
c:\windows\assembly\download
Even if CLR does not save a copy, one can easily hook up
certain CLR dll to get the .NET assemblies, or use a
debugger as you suggested.
To launch a .NET assembly, CLR first calls into _CorExeMain
() or _CorDLLMain() method defined in c:\windows\system32
\mscoree.dll. One can replace mscoree.dll, and save a copy
of all .NET assemblies within those two methods. A few
lines of code will do the trick.
In short, if you want to protect your intellectual
properties, do not distribue the raw files. Once option to
use our obfuscator or protector to protect the code. The
former renames symbols to make it more difficult to
understand the decompiled code, and the protector modifies
code to make decompilation virtually impossible.
For more info, see
http://www.remotesoft.com
Huihong
-----Original Message-----
Hi,
I know that when an .NET exe is run, the CLR loads
the exe (along with dependent assemblies),
compiles them to native code then runs the code.
Assuming the assemblies are loaded from a remote
inaccessible location, is it possible that during
any of the stages of loading the exe into memory,
a person with malicious intent could attach a
debugger and serialise the exe and assemblies
to disk so that she can disassemble/decompile them?
Cheers,
--
Akin
aknak at aksoto dot idps dot co dot uk
.