473,320 Members | 2,162 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Protecting code

Hi,

I know that when an .NET exe is run, the CLR loads
the exe (along with dependent assemblies),
compiles them to native code then runs the code.
Assuming the assemblies are loaded from a remote
inaccessible location, is it possible that during
any of the stages of loading the exe into memory,
a person with malicious intent could attach a
debugger and serialise the exe and assemblies
to disk so that she can disassemble/decompile them?

Cheers,
--
Akin

aknak at aksoto dot idps dot co dot uk
Jul 19 '05 #1
5 1880
Yes, that is 100% possible.

The CLR will probally save a copy of the files into the
local disk. One place to look at is
c:\windows\assembly\download

Even if CLR does not save a copy, one can easily hook up
certain CLR dll to get the .NET assemblies, or use a
debugger as you suggested.

To launch a .NET assembly, CLR first calls into _CorExeMain
() or _CorDLLMain() method defined in c:\windows\system32
\mscoree.dll. One can replace mscoree.dll, and save a copy
of all .NET assemblies within those two methods. A few
lines of code will do the trick.

In short, if you want to protect your intellectual
properties, do not distribue the raw files. Once option to
use our obfuscator or protector to protect the code. The
former renames symbols to make it more difficult to
understand the decompiled code, and the protector modifies
code to make decompilation virtually impossible.

For more info, see http://www.remotesoft.com

Huihong
-----Original Message-----
Hi,

I know that when an .NET exe is run, the CLR loads
the exe (along with dependent assemblies),
compiles them to native code then runs the code.
Assuming the assemblies are loaded from a remote
inaccessible location, is it possible that during
any of the stages of loading the exe into memory,
a person with malicious intent could attach a
debugger and serialise the exe and assemblies
to disk so that she can disassemble/decompile them?

Cheers,
--
Akin

aknak at aksoto dot idps dot co dot uk
.

Jul 19 '05 #2
I think we're at a point now where it's a given that someone out there can
reverse engineer your code as long as they can run it. Whether it's
intermediate code or machine language, someone has the skills to know how it
works. It's always been that way, really, which is a reason why security by
obfuscation is unreliable. The key is making sure your data is secure,
since it is the true commodity.
Jul 19 '05 #3


Sky Fly wrote:
Hi,

I know that when an .NET exe is run, the CLR loads
the exe (along with dependent assemblies),
compiles them to native code then runs the code.
No. Code is JIT compiled on a method by method basis. The *first* time a
method is called it is JIT compiled and the native code is cached in memory.
After that, when the same method is called the cached native code is used.
This means that if a method is not called, it is not JIT compiled.
Assuming the assemblies are loaded from a remote
inaccessible location, is it possible that during
any of the stages of loading the exe into memory,
a person with malicious intent could attach a
debugger and serialise the exe and assemblies
to disk so that she can disassemble/decompile them?


When the library is downloaded it is stored in the Downloads folder, so that
on future runs it is not downloaded again. If you use the command console
you can locate the actual folder where the assembly is stored and
disassemble it.

Richard
--
my email ev******@zicf.bet is encrypted with ROT13 (www.rot13.org)
Jul 19 '05 #4
"Keith Patrick" <ri*******************@nospam.hotmail.com> wrote in message news:<#6**************@TK2MSFTNGP11.phx.gbl>...
I think we're at a point now where it's a given that someone out there can
reverse engineer your code as long as they can run it. Whether it's
intermediate code or machine language, someone has the skills to know how it
works. It's always been that way, really, which is a reason why security by
obfuscation is unreliable. The key is making sure your data is secure,
since it is the true commodity.


I dislike the argument that it doesn't matter if it's machine code
or intermediate code, I think that is an enormous copout started by
Sun and now Microsoft.

Yes you can disassemble machine language into assembler but getting
the original source code back is nowhere near as easy as with IL or
Java bytecode. It takes real skill to understand what's going on
with machine code, it takes no skill at all to run Anakrino, so in
effect anybody can access your code in .Net or JAD if you're using
Java.

In machine code the data and instructions are intermingled so it is
orders or magnitude more difficult to recover the original source code.
Take a look at dcc from the University of Queensland to see what sort
of C output you get from machine code. It's also very compiler dependent
so I believe code compiled with Borland will produce different native
code than say Microsoft's compiler.

Thanks

Godfrey Nolan
in**@riis.com
Jul 19 '05 #5
Amen.
- Alek

"Godfrey Nolan" <in**@riis.com> wrote in message
news:20**************************@posting.google.c om...
"Keith Patrick" <ri*******************@nospam.hotmail.com> wrote in

message news:<#6**************@TK2MSFTNGP11.phx.gbl>...
I think we're at a point now where it's a given that someone out there can reverse engineer your code as long as they can run it. Whether it's
intermediate code or machine language, someone has the skills to know how it works. It's always been that way, really, which is a reason why security by obfuscation is unreliable. The key is making sure your data is secure,
since it is the true commodity.


I dislike the argument that it doesn't matter if it's machine code
or intermediate code, I think that is an enormous copout started by
Sun and now Microsoft.

Yes you can disassemble machine language into assembler but getting
the original source code back is nowhere near as easy as with IL or
Java bytecode. It takes real skill to understand what's going on
with machine code, it takes no skill at all to run Anakrino, so in
effect anybody can access your code in .Net or JAD if you're using
Java.

In machine code the data and instructions are intermingled so it is
orders or magnitude more difficult to recover the original source code.
Take a look at dcc from the University of Queensland to see what sort
of C output you get from machine code. It's also very compiler dependent
so I believe code compiled with Borland will produce different native
code than say Microsoft's compiler.

Thanks

Godfrey Nolan
in**@riis.com

Jul 19 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

24
by: Yang Li Ke | last post by:
Hi guys! Anyone know a way so that users purchasing my scripts would not be able to share them with other people ? Yang
18
by: Alan Sheehan | last post by:
Hi pythonistas, I am looking for methods of deploying applications with end users so that the python code is tamper proof. What are my options ? I understand I can supply .pyc or .pyo files...
6
by: nell | last post by:
Hi all, I've developed a testing application in python, and should supply it in a way that no one (lets say they are regular users) will understand it and edit it. The application source is all...
12
by: Roland Hall | last post by:
I read Aaron's article: http://www.aspfaq.com/show.asp?id=2276 re: protecting images from linked to by other sites. There is a link at the bottom of that page that references an interesting...
5
by: John | last post by:
Dear all, I've got a security question that is so difficult that "maybe" there will be no answer for it. It's regarding protecting asp code. I did write some asp code, that I sell to...
7
by: Shawn | last post by:
Hi. I have a folder that contains a lot of different documents. xls, .doc, .pdf etc. Different users have access to different documents. The problem is that if a user knows the name of a...
12
by: Dr. Edmund M. Hayes | last post by:
I wrote a access program that works well enough that a handful of people would like to buy it from me. My problem is that if I sell it to someone there is no mechanism that I know of to protect...
22
by: flit | last post by:
Hello All, I have a hard question, every time I look for this answer its get out from the technical domain and goes on in the moral/social domain. First, I live in third world with bad gov., bad...
0
by: xamman | last post by:
hi there! according to msdn (link at bottom) i should be able to protect a whole class declaratively as above. However i keep getting 'request for principal permissions failed' exceptions. in...
16
by: rogerjames1 | last post by:
How would I go about protecting a whole directory, e.g. http://www.example.com/members/ and all sub-directories with login protection? I wouldn't like to put a .php script in each directory and...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.