C＃ - 可执行文件可以解密（可以进行逆向工程）？

Question

Is that right that C# can be reverse engineered? How is easy to do that? Can we say the C# is not enough good from safety aspect? And what about C++ compared with C# against decompiling?

Answer 1

It's true!

Take a look at one of your own executables using Reflector .

Does this mean that C# is "not enough good from safety aspect"? No, it doesn't mean that.

There's nothing wrong with the safety of C#. You just need to ensure that you don't put any secrets in your published executables if you don't want the world to know about them. (This applies to pretty much any language, not just C#. All executable code can be reverse-engineered, it's just that some languages/frameworks make it easier than others.)

Answer 2

Oh dear.

Even if you write your program in C or whatever language, you can always extract the machine code from the executable (even if it's some weird self-modifying code) and then you can always get the assembly representation. This is necessary because CPUs can only execute machine code. This is inherently true for any program written for any Turing machine.

This fact is well illustrated by cracks popping up for any game or application a few days after their release no matter how hard the developers tried to obfuscate code. There are obfuscation techniques but in the end, it will be always possible to reverse engineer the machine code (or the IL code in the case of .NET). There are also very good Assembly -> C decompilers out there.

Just accept the fact that your code can be reverse engineered and will be if someone needs the source code enough and is willing to invest some time in it. Design your software by keeping this in mind.

Answer 3

You can obviously use Reflactor to see its source code. But you can make it a bit difficult by using obfuscator like Dotfuscator

But as everyone is saying you cant make it impossible to reverse engineering it.

Answer 4

Yes, C# can be reverse engineer. In fact it is trivially easy to do. Take a look at Reflector. To make it harder, but not impossible use an obfuscator.

Keep in mind that applications written in C/C++ or any other language for that matter can be reverse engineered as well albeit not as easily as non-obfuscated C# or Java.

Answer 5

Each new version of C# is more difficult to reverse engineer. It's true that when C# was at 1.0, Reflector would practically reveal your source code however now we are at 3.0 and if you are using anonymous delegates, LINQ, anonymous classes etc. all that high-level syntax is being compiled down to "dumb" MSIL and it's no more easy to reverse engineer them back to its original source.

Answer 6

Any code written using the .NET framework can easily be reverse engineered. That's where the concept of obfuscation comes in.

Obfuscation is a technique some tools use that take a .NET -based assembly output and attempts to encrypt strings, change flow control of method bodies, rename variable, parameter and method names, thereby making it harder for causal hackers to follow and "decompile" the code.

Obfuscation does not guarantee complete protection of your "proprietary" code. To maintain the best security of your code, simply keep the code on your private servers. It's important to remember that all code can be reverse engineered given enough time and perseverance by the would-be "hacker".

C# safety aspect
If you feel you have "sensitive" code you don't want other users to see and "decode", you should investigate developing those portions of code in a native Win32 environment (C++ or Delphi) and continue with the benefits afforded from the .NET framework.

Answer 7

Google for "Red Gate Reflector" - http://www.red-gate.com/products/reflector/

If you want to prevent this then you need an obfuscator, or some other more advanced form of protection.

Answer 8

将Reflector与File Disassembler插件一起使用http://www.denisbauer.com/NETTools/FileDisassembler - 它将为您生成dll中的所有代码。