I was wondering about .NET programs and if they could be Decompiled or not as they are only compiled into an assembly and then interperated to machine code. If so is there anyway to stop someone decompiling your assembly?

Thanks!

Yes they can be decompiled. afaIk there is no way to stop it.

http://www.remotesoft.com/salamander/ seems to be the crackers program of choice (not that they pay for it).

Heh sucks to be a .NET programmer :).

aye, short of compiling to native (which kinda defeats the whole point of .Net) there stuff has to stay in an intermediatry language so that it can be optermised for the target platform when run

Similar thing with Java really.

The best defence would be to really really obfuscate it :D Or perhaps you could have some cunning method where stuff in in non.net dll etc - defeats the point a bit though.

yeah, and thing which requires native code kinda knocks the idea on its head

obfuscators are availbe for .Net ofcourse, so that does kinda help things

obfuscators really aren't that usefull:

http://www.remotesoft.com/salamander/stringencrypt/index.html

Its no major biggy, im just writting a few programs in C# (and java at uni) and was wondering how easily this stuff can be decompiled.

Is there an easy way to compile C# straight to native?

Im asuming if it is compiled to native it no longer requires the framework?

java can be decompiled even easier (read: using a free tool) than C# though (as matt said!), so it's not as though the problem is unique.

Have to admit I didn't know you could decompile .net stuff!

you can decompile anything, its just a matter of how usefull the output is, for native stuff all the usefull infomation is stripped out in a release build, so while you can perform varible tracking etc its a right nightmare trying to work out what anything is or repesents (I've experiance with this, many many years ago now I was part of an effort to include GEM windowing support into a programming language called STOS on the Atari ST/TT/Falcon computers, the idea being to get it multitasking and stuff, however all we had to work from was the assembler of the final program, we had some mild success as I recall, I personally manged to decode large sections of it and improve things... but thats just another symptom of all my best coding be done before I hit 18, heh).

Anything which compiles down to an IM however (such as Java and .Net stuff) has alot more infomation around (needed to on the fly optermise it) and so the output is alot more readable, which is where an obfuscators comes in to try and mangle it.

As for compiling C# to native, yes it can be done and it not that hard and you can even embed the needed parts ofthe .Net runtime into it (heck, there is a tool out there which will let you do that anyways, so you can run .Net stuff without the frame work).. Its basically a case of compiling it asthough it was going to run and then saving out the native code with a PE header, some bootstrapping and any linked code, I'm pretty sure you can download/buy a toolset todo it.

If you want to see how easy it is to read the source code of a .net product, download Reflecor from http://www.aisto.com/roeder/dotnet/ and have a go, its free and seems to work well :/

As for compiling to native code, i've heard good things about http://thinstall.com/ and there is an interesting (read: dull) article http://www.geocities.com/krishnapg/SecureAssembly.html on the subject.

obfuscators really aren't that usefull:

http://www.remotesoft.com/salamander/stringencrypt/index.html

Thats only strings though :-) Let me tell you a story. The other day at work I was asked by a manager to sort out a system that is used to report problems, errors etc. For some reason the original author (now left the company) didn't sort the entries by time. Anyway manager wanted it sorted by time. The system basically comprised of a a web page with a table in it. When you visited the web page it queried MS sql database for the data. Simple thing, however somehow this person had managed to make it use about 10 asp.net pages and (I shit you not) 20 C# classes! Even with the full source code it took about 45 mins to trace my way through the execution to find out where I needed to make some (trivial) changes.

I think the guy who wrote it was doing that old "make it so hard to understand they'll never sack you!" idea. There wasn't a single comment in the code. But yeah I wandered off there a bit - what I was trying to say was you can make your code so stupid and opaque people will never understand it :-)