I know when you compile a .NET app c# or vb the code is converted to MSIL. I
was just wondering is it 100% reversible? If so, does that mean someone can
steal all your source code just by decopiling the dll or exe?
Aaron 16 1142
It will never be 100% reversible since each compiler may perform different
optimizations and therefore the original high language source cannot be
determined, but in general there are tool which will decompile MSIL code.
There are tools that will allow you to obfuscate the compiled code to make
it more difficult to know what you code is doing.
"Aaron" <ku*****@yahoo.com> wrote in message
news:ur**************@TK2MSFTNGP11.phx.gbl... I know when you compile a .NET app c# or vb the code is converted to MSIL.
I was just wondering is it 100% reversible? If so, does that mean someone
can steal all your source code just by decopiling the dll or exe?
Aaron
Aaron,
Well, it won't be reversible to the point where you can see the variable
names that you used, but it can be reversed to a great degree. Check out
Reflector by Lutz Roeder for a good example of what is possible.
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Aaron" <ku*****@yahoo.com> wrote in message
news:ur**************@TK2MSFTNGP11.phx.gbl... I know when you compile a .NET app c# or vb the code is converted to MSIL.
I was just wondering is it 100% reversible? If so, does that mean someone
can steal all your source code just by decopiling the dll or exe?
Aaron
* "Aaron" <ku*****@yahoo.com> scripsit: I know when you compile a .NET app c# or vb the code is converted to MSIL. I was just wondering is it 100% reversible? If so, does that mean someone can steal all your source code just by decopiling the dll or exe?
Let's say "it's reversible". There are certain tools available to do
that (Anakrino, Reflector, ...).
--
Herfried K. Wagner [MVP]
<URL:http://dotnet.mvps.org/>
As the platform becomes more mature, the tools will get better, so in a
nutshell - yes, a clever person can always reproduce your source in more or
less original form (save the variable names, comments, whitespace and other
non-essential stuff).
This quick overview of Java decompilers might give an idea of what can
become available for .NET apps: http://www.javaworld.com/javaworld/j...compilers.html
--
Alex Moskalyuk
_____________________________ http://www.techinterviews.com
"Aaron" <ku*****@yahoo.com> wrote in message
news:ur**************@TK2MSFTNGP11.phx.gbl... I know when you compile a .NET app c# or vb the code is converted to MSIL.
I was just wondering is it 100% reversible? If so, does that mean someone
can steal all your source code just by decopiling the dll or exe?
Aaron
So does this mean that if MS decided to write office 12 in .NET, hackers
would be able to almost reconstruct the entire source code?
Also I found a program that is suppose to convert .net to native code? Can
someone explain the advantage and disadvantage of this?
"Alex Moskalyuk" <us****@moskalyuk.com> wrote in message
news:e8*************@tk2msftngp13.phx.gbl... As the platform becomes more mature, the tools will get better, so in a nutshell - yes, a clever person can always reproduce your source in more
or less original form (save the variable names, comments, whitespace and
other non-essential stuff).
This quick overview of Java decompilers might give an idea of what can become available for .NET apps:
http://www.javaworld.com/javaworld/j...compilers.html
-- Alex Moskalyuk _____________________________ http://www.techinterviews.com
"Aaron" <ku*****@yahoo.com> wrote in message news:ur**************@TK2MSFTNGP11.phx.gbl... I know when you compile a .NET app c# or vb the code is converted to
MSIL. I was just wondering is it 100% reversible? If so, does that mean someone can steal all your source code just by decopiling the dll or exe?
Aaron
:)
Sunny
Aaron wrote: So does this mean that if MS decided to write office 12 in .NET, hackers would be able to almost reconstruct the entire source code?
Also I found a program that is suppose to convert .net to native code? Can someone explain the advantage and disadvantage of this?
"Alex Moskalyuk" <us****@moskalyuk.com> wrote in message news:e8*************@tk2msftngp13.phx.gbl... As the platform becomes more mature, the tools will get better, so in a nutshell - yes, a clever person can always reproduce your source in more or less original form (save the variable names, comments, whitespace and other non-essential stuff).
This quick overview of Java decompilers might give an idea of what can become available for .NET apps:
http://www.javaworld.com/javaworld/j...compilers.html
-- Alex Moskalyuk _____________________________ http://www.techinterviews.com
"Aaron" <ku*****@yahoo.com> wrote in message news:ur**************@TK2MSFTNGP11.phx.gbl... > I know when you compile a .NET app c# or vb the code is converted to MSIL. I > was just wondering is it 100% reversible? If so, does that mean someone can > steal all your source code just by decopiling the dll or exe? > > Aaron > >
"Aaron" <ku*****@yahoo.com> wrote in message
news:er*************@tk2msftngp13.phx.gbl... So does this mean that if MS decided to write office 12 in .NET, hackers would be able to almost reconstruct the entire source code?
In theory, yes. Obfustication should go along way, probably far enough.
Complicated obfustication will usually make the work required to decompile
and understand a product high enough that it won't be done. As it stands, I
wouldn't try to decompile a lage standard, unobfusticated assemblyand
understand it completely. The variable names, etc aren't very good. I think
decompilation serves far more to help understand how things work when you
already know basically what they do than it owuld to reconstruct an entire
application.
Grab an obfusticator, compile some .NET app(an OSS one will do), obfusticate
it and then decompile it and see waht you think of the results. Also I found a program that is suppose to convert .net to native code? Can someone explain the advantage and disadvantage of this?
Main advantage is that you don't have to worry about distributing the
framework, assuming you mean one of the native converters that are made for
that purpose., and that there is no startup JIT time(which, IMHO, people
blow out of proportion). I don't know how these products deal with garbage
collection, reflection, etc however, you may also loose metadata.
Disadvantages are generally
1) Security: If there is a serious bug in the .NET framework that opens a
security vulnerability, merely upgrading the framework won't be sufficent,
your application will have to be recompiled with the patched framework so it
has correct code, which means you can't rely on Microsofts update
distribution backbone to get your app patched in this circumstance.
2) Portability: Native code is pretty much stuck to hte processor type it is
working on. I don't know how they work explicitly but it might tie you to a
particular OS as well.
3) Efficency: Native compilation may not be capable of opimizing as well and
won't benifit from new JIT optimizations whenever teh framework is upgraded
This isn't to say that either option is definatly better, just some of the
problems and advantages I could see. Doesn't the site where you found the
program rant about its advantages atleast? "Alex Moskalyuk" <us****@moskalyuk.com> wrote in message news:e8*************@tk2msftngp13.phx.gbl... As the platform becomes more mature, the tools will get better, so in a nutshell - yes, a clever person can always reproduce your source in more or less original form (save the variable names, comments, whitespace and other non-essential stuff).
This quick overview of Java decompilers might give an idea of what can become available for .NET apps:
http://www.javaworld.com/javaworld/j...compilers.html
-- Alex Moskalyuk _____________________________ http://www.techinterviews.com
"Aaron" <ku*****@yahoo.com> wrote in message news:ur**************@TK2MSFTNGP11.phx.gbl... > I know when you compile a .NET app c# or vb the code is converted to MSIL. I > was just wondering is it 100% reversible? If so, does that mean someone can > steal all your source code just by decopiling the dll or exe? > > Aaron > >
There is one thing with code deconstruction or reverse engineering -
practicality. The Computer Science theory views the program as a set of
instruction for Turing machines, theoretically capable of being executed by
a head reading the magnetic tape in both directions. If you go down to
assembly level, you will notice that by large the operations performed are
moving the data, comparing the data and jumping to the different parts of
the program as a result of those moves and comparisons.
So, back to your question - would anyone be able to dis-assemble a large
..NET app? In a nutshell - yes. Would it be practical to do it? Probably no,
unless someone is willing to dedicate months and months of their life to
this project. Plus the incentives are not that great - you have the code
de-constructed, you can look at the methods they employed when writing it,
so what? It's not like there are no free office suites out there.
The same theory goes for encryption. It's possible to break AES and others
by brute force, but when it takes you $10 mln in computer time to achieve
that, would you do that? Probably no. Would NSA do that if it's deeemed a
priority? Probably yes.
--
Alex Moskalyuk
_____________________________ http://www.techinterviews.com
"Aaron" <ku*****@yahoo.com> wrote in message
news:er*************@tk2msftngp13.phx.gbl... So does this mean that if MS decided to write office 12 in .NET, hackers would be able to almost reconstruct the entire source code?
Also I found a program that is suppose to convert .net to native code? Can someone explain the advantage and disadvantage of this?
"Alex Moskalyuk" <us****@moskalyuk.com> wrote in message news:e8*************@tk2msftngp13.phx.gbl... As the platform becomes more mature, the tools will get better, so in a nutshell - yes, a clever person can always reproduce your source in more or less original form (save the variable names, comments, whitespace and other non-essential stuff).
This quick overview of Java decompilers might give an idea of what can become available for .NET apps:
http://www.javaworld.com/javaworld/j...compilers.html
-- Alex Moskalyuk _____________________________ http://www.techinterviews.com
"Aaron" <ku*****@yahoo.com> wrote in message news:ur**************@TK2MSFTNGP11.phx.gbl... I know when you compile a .NET app c# or vb the code is converted to MSIL. I was just wondering is it 100% reversible? If so, does that mean
someone can steal all your source code just by decopiling the dll or exe?
Aaron
Those are really wise words :)
The problem is piracy and legal stuff, reverse enginnering is to be
though about by military or others who have BIIIIIIG secrets
Alex Moskalyuk wrote: There is one thing with code deconstruction or reverse engineering - practicality. The Computer Science theory views the program as a set of instruction for Turing machines, theoretically capable of being executed by a head reading the magnetic tape in both directions. If you go down to assembly level, you will notice that by large the operations performed are moving the data, comparing the data and jumping to the different parts of the program as a result of those moves and comparisons.
So, back to your question - would anyone be able to dis-assemble a large .NET app? In a nutshell - yes. Would it be practical to do it? Probably no, unless someone is willing to dedicate months and months of their life to this project. Plus the incentives are not that great - you have the code de-constructed, you can look at the methods they employed when writing it, so what? It's not like there are no free office suites out there.
The same theory goes for encryption. It's possible to break AES and others by brute force, but when it takes you $10 mln in computer time to achieve that, would you do that? Probably no. Would NSA do that if it's deeemed a priority? Probably yes.
Those are really wise words :)
The problem is piracy and legal stuff, reverse enginnering is to be
though about by military or others who have BIIIIIIG secrets
Alex Moskalyuk wrote: There is one thing with code deconstruction or reverse engineering - practicality. The Computer Science theory views the program as a set of instruction for Turing machines, theoretically capable of being executed by a head reading the magnetic tape in both directions. If you go down to assembly level, you will notice that by large the operations performed are moving the data, comparing the data and jumping to the different parts of the program as a result of those moves and comparisons.
So, back to your question - would anyone be able to dis-assemble a large .NET app? In a nutshell - yes. Would it be practical to do it? Probably no, unless someone is willing to dedicate months and months of their life to this project. Plus the incentives are not that great - you have the code de-constructed, you can look at the methods they employed when writing it, so what? It's not like there are no free office suites out there.
The same theory goes for encryption. It's possible to break AES and others by brute force, but when it takes you $10 mln in computer time to achieve that, would you do that? Probably no. Would NSA do that if it's deeemed a priority? Probably yes.
The local variable names are available in the pdb file if you have
access to it. Our Decompiler.NET product generates code that looks
almost identitical to your original source code including local
variable names when you have the symbol file present with the DLL. You
can download and try it out for FREE from http://www.junglecreatures.com/
Jonathan Pierce
President
Jungle Creatures, Inc. http://www.junglecreatures.com/
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in message news:<en**************@TK2MSFTNGP12.phx.gbl>... Aaron,
Well, it won't be reversible to the point where you can see the variable names that you used, but it can be reversed to a great degree. Check out Reflector by Lutz Roeder for a good example of what is possible.
Hope this helps.
-- - Nicholas Paldino [.NET/C# MVP] - mv*@spam.guard.caspershouse.com
"Aaron" <ku*****@yahoo.com> wrote in message news:ur**************@TK2MSFTNGP11.phx.gbl... I know when you compile a .NET app c# or vb the code is converted to MSIL. I was just wondering is it 100% reversible? If so, does that mean someone can steal all your source code just by decopiling the dll or exe?
Aaron
thanks nicholas. i've just started using Reflector and it works really nice
:-). unfortunately Reflector itself does create files but this add-in does: http://www.denisbauer.com/NETTools/F...assembler.aspx
jonathan, I tried your tool but PDB file option did not work. how do i find
PDB files? also, to my big disappointment I noticed that your tool is not
free as you mentioned :-(. it wrote strange messages about buying commercial
version in most of the decompiled files and the code does not compile as it
says.
"Jonathan Pierce" <jp*****@nyc.rr.com> wrote in message
llnews:3d**************************@posting.google .com... The local variable names are available in the pdb file if you have access to it. Our Decompiler.NET product generates code that looks almost identitical to your original source code including local variable names when you have the symbol file present with the DLL. You can download and try it out for FREE from http://www.junglecreatures.com/
Jonathan Pierce President Jungle Creatures, Inc. http://www.junglecreatures.com/
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote
in message news:<en**************@TK2MSFTNGP12.phx.gbl>... Aaron,
Well, it won't be reversible to the point where you can see the
variable names that you used, but it can be reversed to a great degree. Check
out Reflector by Lutz Roeder for a good example of what is possible.
Hope this helps.
-- - Nicholas Paldino [.NET/C# MVP] - mv*@spam.guard.caspershouse.com
"Aaron" <ku*****@yahoo.com> wrote in message news:ur**************@TK2MSFTNGP11.phx.gbl... I know when you compile a .NET app c# or vb the code is converted to
MSIL. I was just wondering is it 100% reversible? If so, does that mean
someone can steal all your source code just by decopiling the dll or exe?
Aaron
Hi Alan,
The pdb file is created when you compile your assembly with debugging
information. It will be created in your bin directory alongside your
dll or exe and is needed to debug assemblies at the source code level.
Our Decompiler.NET product will read these symbol files if present in
order to retain your local variable names in the decompiled code.
Local variable names are not present in the assembly file itself, so
Decompiler.NET generates local variable names based on their type if
the symbol file is not available with the assembly.
The Decompiler.NET product is not free but the evaluation version can
be downloaded for free in order for you to evaluate the product's
capabilities.
The product is priced very low considering that it produces higher
level and more accurate code than the competitors, we provide better
support with free updates, and the product includes full obfuscation
capabilities.
Please make sure that you check often for updated versions of the
product since they are posted often to the web site.
The eval version should still produce code that compiles 100% since it
generates stubs for methods that are being disabled and returns value
values and out parameter values.
If you have an example of output that does not compile, please send it
to me at su*****@junglecreatures.com and I'll address the issue
immediately.
I look forward to your experience evaluating the product.
Jonathan
"Alan Morgan" <no*****@no.spam.com> wrote in message news:<#k**************@TK2MSFTNGP12.phx.gbl>... thanks nicholas. i've just started using Reflector and it works really nice :-). unfortunately Reflector itself does create files but this add-in does: http://www.denisbauer.com/NETTools/F...assembler.aspx
jonathan, I tried your tool but PDB file option did not work. how do i find PDB files? also, to my big disappointment I noticed that your tool is not free as you mentioned :-(. it wrote strange messages about buying commercial version in most of the decompiled files and the code does not compile as it says.
"Jonathan Pierce" <jp*****@nyc.rr.com> wrote in message llnews:3d**************************@posting.google .com... The local variable names are available in the pdb file if you have access to it. Our Decompiler.NET product generates code that looks almost identitical to your original source code including local variable names when you have the symbol file present with the DLL. You can download and try it out for FREE from http://www.junglecreatures.com/
Jonathan Pierce President Jungle Creatures, Inc. http://www.junglecreatures.com/
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in message news:<en**************@TK2MSFTNGP12.phx.gbl>... Aaron,
Well, it won't be reversible to the point where you can see the variable names that you used, but it can be reversed to a great degree. Check out Reflector by Lutz Roeder for a good example of what is possible.
Hope this helps.
-- - Nicholas Paldino [.NET/C# MVP] - mv*@spam.guard.caspershouse.com
"Aaron" <ku*****@yahoo.com> wrote in message news:ur**************@TK2MSFTNGP11.phx.gbl... > I know when you compile a .NET app c# or vb the code is converted to MSIL. I > was just wondering is it 100% reversible? If so, does that mean someone can > steal all your source code just by decopiling the dll or exe? > > Aaron > >
> The pdb file is created when you compile your assembly with debugging information. It will be created in your bin directory alongside your dll or exe and is needed to debug assemblies at the source code level.
i can't find any PDB files. sucks.
The product is priced very low considering that it produces higher
it is bad that you reverse-engineer full source code and make money with it
:-(
The eval version should still produce code that compiles 100% since it generates stubs for methods that are being disabled and returns value values and out parameter values.
the compiler was reporting error with arrays not being valid. unfortunately
i already deleted assembly and uninstalled decompiler.net so i can't tell
what the error was.
"Alan Morgan" <no*****@no.spam.com> wrote in message news:<O8**************@TK2MSFTNGP11.phx.gbl>... The pdb file is created when you compile your assembly with debugging information. It will be created in your bin directory alongside your dll or exe and is needed to debug assemblies at the source code level. i can't find any PDB files. sucks.
Are you compiling your own code, or trying to decompile someone elses
assembly? People do not normally ship debugging symbol files with the
release version of their product, but you will get a pdb file if you
compile with debugging.
it is bad that you reverse-engineer full source code and make money with it :-(
Why? There are may uses for the tool, including obfuscating your own
code, optimizing your code, translating your code across languages,
learning about other implementations, etc. The product serves a
valuable need not filled by the Microsoft provided tools. Believe me,
I have spent over two years developing the product and the income
derived from it does not justify the development effort. I priced it
low intentionally to make it accessible to small developers who need
it, and to encourage customers to consider the other products that we
developing that have not yet been released. the compiler was reporting error with arrays not being valid. unfortunately i already deleted assembly and uninstalled decompiler.net so i can't tell what the error was.
Why did you delete your test assembly? If you send it to me or tell me
where you got it, I'll be able to reproduce your error. Did you
compile it yourself? What compiler or language was used? Was the
assembly already obfuscated? Obfuscators often deliberately attempt to
prevent code from decompiling with various tricks and overloading
techniques.
Jonathan
Alan,
I was able to figure out the issue from your mention of arrays. Thanks
for reporting this. Decompiler.NET generates empty default values for
return values and out parameters in methods where the eval version is
replacing the method body with an empty stub. This allows the stub
methods to still compile correctly. There was a bug that didn't
generate a valid array value for these returned stub method values, so
you were getting errors on stub methods that returned arrays. This has
been fixed in the latest posted version. Please take another look at
the product when you have time and report any issues that you
encounter. We always fix any bugs reported to us as soon as we can
reproduce them and post updated versions immediately. In this case,
you provided enough information to reproduce the issue and the fix was
trivial. We fully test the application each time we ship it but we
don't usually test in evaluation mode so this bug slipped through the
cracks.
Thanks again for reporting it.
Jonathan Pierce
President
Jungle Creatures, Inc. http://www.junglecreatures.com/
"Alan Morgan" <no*****@no.spam.com> wrote in message news:<O8**************@TK2MSFTNGP11.phx.gbl>... The pdb file is created when you compile your assembly with debugging information. It will be created in your bin directory alongside your dll or exe and is needed to debug assemblies at the source code level.
i can't find any PDB files. sucks.
The product is priced very low considering that it produces higher
it is bad that you reverse-engineer full source code and make money with it :-(
The eval version should still produce code that compiles 100% since it generates stubs for methods that are being disabled and returns value values and out parameter values.
the compiler was reporting error with arrays not being valid. unfortunately i already deleted assembly and uninstalled decompiler.net so i can't tell what the error was. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Raymond Lewallen |
last post by:
Is there some article out there that helps in reading MSIL? I've been
looking but can't find anything, and I'm probably just looking in the wrong
spots for the wrong keywords. I understand mov,...
|
by: Raymond Lewallen |
last post by:
Microsoft,
Can I make a request for a newsgroup specific to MSIL? I have taken great
interest in MSIL and have done a lot of reading into MSIL, and written,
compiled and tested with success a...
|
by: TrickyDicky |
last post by:
Hi all,
I'm just starting to experiment with MSIL but am getting confused
about c# and MSIL integration.
I understand that c# is compiled into MSIL before it is JIT'ed and
then executed. I...
|
by: Pawel |
last post by:
Ary you know tools to convert MSIL code (Assembly) to Win32 (not Just In
Time)?
|
by: carl.manaster |
last post by:
Hi,
I'd like to take a string containing MSIL code, assemble it, execute
it, and receive the result all from my running C# application.
So far I've managed to manually create some MSIL code...
|
by: James dean |
last post by:
My understanding is the MSIL runs on the CLR and the CLR is basically
the JIT compiler plus Garbage collection. This part "MSIL runs on the
CLR" is a bit vague to me can anyone give me a clearer...
|
by: NigelW |
last post by:
Clarification needed please.
If I compile a C++ program with the /clr option inpsection
of the resulting assembly with ILDASM shows MSIL even for
methods in classes for which I have not...
|
by: John Doe |
last post by:
Hi all,
I have a lot of confusion about what this runtime environment is.
When I write an application with unmanaged code and unmanaged data, can
I compile it to the MSIL, or it will compile...
|
by: Mark Fox |
last post by:
Hello,
I have read a lot about how the .NET Framework uses
MSIL as its intermediate language. If I have a project
in C# in VS.NET 2003, how do I get the MSIL for it so I
could look at it? ...
|
by: Number 11950 - GPEMC! Replace number with 11950 |
last post by:
Hi all,
Playing VS2005 was more fun than Doom III, and I do enjoy my games. Anyway,
it's back to work for me and I'm bogged down in my familiar VB6 stomping
grounds because I don't want my...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |