有没有办法阻止 Reflector 反射我的源代码?
有没有一种方法(可靠且最好不是商业的)来阻止 Reflector 反射我的源代码???
谢谢, 阿迪
Is there a way (reliable and preferably not commercial) to prevent from Reflector to reflect my source code???
Thanks,
Adi
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(9)
不会。Reflector 会像 .NET 运行时一样查看您的程序集,以生成要执行的本机代码。 您所希望的最好结果就是混淆您的代码并使其(在某种程度上)更难读者去理解。
执行混淆的一些优点和缺点可以在 如果你混淆商业 .网络应用程序?
No. Reflector looks at your assembly just like the .NET runtime would in order to generate native code to execute. The best you could hope for would be to obfuscate your code and make it (somewhat) harder for the reader to understand.
Some pros and cons of performing the obfuscation can be found at Should you obfuscate a commercial .Net application?
没有办法阻止 .net 代码的反编译,也就是说,一个好的混淆器会使反射代码更难阅读,其中一些像 dotfuscator 会阻止反射器显示 C# 代码; 但是,您始终能够看到 IL。
Dotfuscator 中的选项之一是使用不可打印的名称(反射器上的反射),恕我直言,这使得反编译极其困难。
微软曾经销售软件保护和许可服务,该服务将加密 IL 并使用与加密密钥绑定的自定义 VM,从而防止使用传统工具进行反映。 这会带来巨大的性能成本,但如果您想保护关键算法或例如您的许可代码,那么它是很好的。
http://msdn.microsoft.com/en-us/slps/default.aspx
There is no way to prevent decompiling of .net code, with that said a good obfuscator will make reflected code harder to read, some of them like dotfuscator will prevent reflector from showing the C# code; however, you will always be able to see the IL.
One of the options in Dotfuscator is to use non-printable names (Reflect on reflector) This makes decompiling extremly difficult IMHO.
Microsoft used to sell a Software Proctection and Licensing Service which would encrypt the IL and use a custom VM that was tied to an encryption key which preventing reflecting using the conventional tools. This had a huge performance cost however it was good if you wanted to protect critical algorithims or for example your licensing code.
http://msdn.microsoft.com/en-us/slps/default.aspx
尝试点模糊器。 2005/2008 附带社区版。 如果无法重新构建代码(痛苦),即由 .NET 组件(公共)调用的 ATL/COM 对象(私有)。
选择是你的。
try dotfuscator. 2005/2008 comes with a community edition. Failing that re-architecture your code (painful) i.e. ATL/COM objects(private) called by the .NET components (public).
Choice is yours.
如果您正在寻找一个好的混淆器,请尝试RemoteSoft。
If you are looking for a good Obfuscator, give RemoteSoft a try.
不久前有一个反反射器技巧,它很有效,因为 .NET 反射器无法将特定的 IL 指令转换为 C# 代码,但他们已经发布了补丁,乐趣就结束了。
Not so long ago there was Anti reflector trick which was effective because .NET reflector couldn’t translate one particular IL instruction into c# code , but they've released patch and fun is over.
Xheo Codeveil 也是一个很棒的产品。 他们还有一个许可解决方案(用于创建序列号等,然后通过您自己的激活服务器激活它们0
Xheo Codeveil is a great product as well. They also have a Licensing solution (for creating serial numbers etc. and then have them activated thorugh your own activation server0
免责声明:我不为 SmartAssembly 的制造商 RedGate 工作。 我只是一个非常高兴的客户,找到了一个好的、负担得起的解决方案。
选择很简单,选择SmartAssembly! 不要将您的时间或金钱浪费在市场上的其他混淆器上。 我在评估竞争产品的非计费时间方面花费了更多的钱。 它们都有致命的缺陷并且几乎不可能调试。 SmartAssembly 是一款易于使用、文档齐全、完善的应用程序,并提供出色的支持。 在他们的论坛上发布问题,并期待实际开发人员尽快给出答案。
SmartAssembly 不仅仅是一个混淆器。 它具有许多功能,包括内置的、高度可定制的崩溃报告生成器,您的客户可以自动通过电子邮件发送给您。 您可以在您自己的服务器或 red-gates 服务器上查看这些报告。 当您进行 Beta 测试或向客户发布产品时,我无法告诉您这有多么有用。 它还生成调试器文件,以便您可以调试模糊产品可能遇到的任何发布后问题。
如果您要交付商业应用程序,那么花钱买一个像样的混淆器是有意义的。 这里的错误选择可能会损害您的知识产权,或者更糟糕的是导致您经历数天的可怕调试。 与 SmartAssembly 的成本相比,这个成本是多少?
DISCLAIMER: I don't work for RedGate the makers of SmartAssembly. I'm just a very happy customer who found a good, affordable solution.
The choice is very simple, choose SmartAssembly! Don't waste your time or money with the other obfuscators in the marketplace. I spent more money in terms of non-billable hours evaluating competing products. They all had fatal flaws and were next to impossible to debug. SmartAssembly is an easy-to-use, well documented, polished application with excellent support. Post a question on their forum and expect an answer reasonably fast by the actual developers.
SmartAssembly is more than an obsfuscator. It has a slew of features, including a built-in, highly customizable crash report generator that your customers can automatically email to you. You can view these reports on either your own server or on red-gates servers. I can't tell you how useful this is when you're beta testing or releasing the product to customers. It also generates debugger files so you can debug any post-release issues you may encounter with your obsfucated product.
If you are delivering a commercial application, it makes sense to spend the money on a decent obsfuscator. A bad choice here can compromise your intellectual property or worse lead you to days of gruesome debugging. What would this cost in comparison to what SmartAssembly costs?
Reflector 不使用 Reflection 来显示您的源代码。 它使用 .Net 元数据(采用众所周知的已发布格式)来做到这一点。
没有办法阻止这种情况,但你可以通过混淆你的程序集来让它变得毫无意义。 混淆后,类/方法/字段被重命名,方法中的内联字符串被加密,方法调用被隐藏,方法控制流被打乱等等。 因此,任何使用 Reflector 的人都会看到很多垃圾,并且无法理解其中的大部分内容。
免责声明:我在 LogicNP Software 工作,该公司是 Crypto Obfuscator 的开发人员
Reflector does not use Reflection to show your source code. It uses the .Net metadata (which is in well known published format) to do that.
There is no way to prevent this, but you make make it pointless by obfuscating your assemblies. After obfuscating, class/method/fields are renamed, inline strings in methods are encrypted, method calls are hidden, method control flow is scrambled and so on. So, anybody who use Reflector will see a lot of garbage and will not be able to make sense of most of it.
DISCLAIMER: I work for LogicNP Software, the developers of Crypto Obfuscator
或者,您可以使用本机 C++ 应用程序引导 .Net 应用程序。 然后您可以对所有 .net dll 文件进行混淆和加密。
使用 bootstrap c++ 应用程序将所有文件解密到基于内存的字节数组(其物理本身的精确副本)。
我的做法是将所有 .net 文件保存在一个扩展名为 .DAT 的加密文件中。 C++ 代码将文件抓取到内存映射文件中,然后使用 CLR 托管 API 将我的本机 C++ 应用程序转换为 .net 应用程序,然后我使用
Assembly.Load(byte[]...)
进行加载,因此在我的应用程序中,我避免创建 .net EXE 并将我的 C++ 应用程序设为 EXE,因此我的所有表单、控件等都位于 .Net Dll 中。
Optionally, you can bootstrap your .Net application with a native C++ application. Then you can obfuscate and encrypt all of your .net dll files.
Use the bootstrap c++ application to decrypt all of your files into memory based byte arrays (exact copies of their physical selves).
The way I did it was to keep all of my .net files in one encrypted file with a .DAT extension. The C++ code grabs the files into memory mapped files then uses the CLR hosting API to turn my Native C++ app into a .net app, which I then use load using
Assembly.Load(byte[]...)
So in my app, I avoided create a .net EXE and made my C++ app the EXE so all of my forms, controls, etc etc live in a .Net Dll.