TNX Rob - Re: Security of non-server code?
You are one of the thread responders I always following. Thanks for the
info. No question, native code is deconstructable given time. But for
really large (6MB+ programs) it will keep the amateurs at bay. Many of
my clients programs are EXEs & DLL's that approach 30MB. Definitely a
long assembler listing. How long ago was your post so that I might
follow it? My plan was to install on a single machine and XCOPY to
the other machines (CD actually) and since all the machines have the
same CPU (possible different step number on the P5) then it seems I
don't have a problem. 8-)
"Rob Teixeira" <RobTeixeira@@msn.com> wrote:
>"Patrick Ireland" <firstname.lastname@example.org> wrote:
>>In the current issue of VBPJ there is an article on the lack of code
>>security for disktop applications with any of the NET managed code
>>languages. I was under the opinion (wrongly apparently) that when and
>>install of a NET application is made that the IL code was not placed on
>>the target machine. Many of my clients have $$ invested in their apps
>>and for sure don't want the possibility of easily reverse engineered code
>>being distributed. Is my understanding flawed? If desktop apps must be
>>distruted in an IL form is this to be addressed in a future NET release.
>It's the same issue Java faced before with it's I.C.
>I believe this article is bit exagerated. MS will provide an obfuscator
>for the IL, if prefer the terminology), which is the same solution Java
>for it's I.C.
>As I mentioned in a different post, even PE "native" code is easily deconstructable
>by anyone with some assembly knowledge and a good hex editor (and lots of
>time on their hands). The only way to protect native PE code was to encrypt
>it as well. So basically, nothing's changed all that much. Sifting through
>a "real" program in IL is not much different than sifting through hundreds
>of thousands of lines of assembly, which is what hackers currently do.
>But there's also another point to make. You do not have to distribute the
>IL code per se. The IL can be "compiled" to native code either by the JIT
>at runtime, or *during install*. If it is turned to native code during install,
>the stuff on the client machine is pure native PE (without the IL embedding).
-- Android Development Center
-- Cloud Development Project Center
-- HTML5 Development Center
-- Windows Mobile Development Center