C#可以编译成机器语言吗? [英] Can C# be compiled into machine language?
问题描述
我目前正在用Java进行大部分开发。
唯一的原因我正在考虑替代方案是因为Java
是可以反编译的,因此一个人的源代码是
不受保护大多数情况下作为桌面发货
应用程序(混淆是好的,但我希望它更多
安全)。因此,我正在考虑桌面
应用程序的替代品。
我是否正确理解C#.NET总是可以反击
,就像Java的?或者是否可以选择将
甚至C#编译成纯机器语言?这将失去管理代码的优势,但我只是想知道将b#编译为托管或非托管
代码的灵活性。
PS我还看到了MS认为为.NET提供某种加密支持的消息。如果那是真的,
那么强大到足以确保代码保密
托管代码?
谢谢,
rs。
" Reshat Sabiq" < SA *** @ purdue.edu>在消息中写道
news:01 **************************** @ phx.gbl ... < blockquote class =post_quotes>
我目前正在用Java进行大部分开发。我正在考虑替代方案的唯一原因是因为Java可以被解压缩,因此一个人的源代码在作为桌面出货时大部分都不受保护
应用程序(混淆是好的,但我希望它更安全)。因此,我正在考虑桌面应用程序的替代品。
我是否正确理解C#.NET可以像Java一样被反编译?
是的,除非混淆 - 比如java。
或者是否可以选择将C#编译成纯机器语言?这将失去托管代码的优势,但我只是想知道在选择时将C#编译成托管或非托管代码的灵活性。
有预编译的ngen实用程序。虽然il代码仍在那里
并且仍然需要框架。
P.S.我还看到了MS认为为.NET提供某种加密支持的消息。如果这是真的,
会强大到足以确保托管代码的代码机密性吗?
唯一的解决方案是混淆代码 - 有一些第三方加上
一个被剥离的vs.net 2003.
-
Miha Markic - RightHand .NET咨询&开发
miha at rthand com
还有一种可能符合OP需求的解决方案:
http://www.remotesoft.com/linker/
>
来自这个网站:
Salamander .NET Linker和迷你部署工具允许您将.NET
程序集链接到一个文件中,并进行部署您的应用程序
没有安装整个Microsoft .NET Framework。链接器链接
MSIL代码按需组合所需的类和方法,
并且它能够链接到Microsoft .NET框架类
图书馆。然后,迷你部署工具会构建一个最小的一套
Microsoft .NET运行时,以便随应用程序一起提供。这通常会导致几兆字节的安装大小,而不是几十兆字节,而不是重新启动机器,安装所需的时间会少得多。
代码保护
目前的混淆器没有一个问题,就是没有
混淆有多好是的,在你的代码中散布着系统库调用和其他
外部引用(参见下面的红色)。由于
这些调用是外部引用,因此混淆器将不得不保留它们。但是,这些引用有助于理解反编译的
代码,因为它们具有良好的文档和公共API。链接器通过将框架API链接到您自己的
代码中来删除
或减少此类公共API,从而使您的代码更难以在
$之后反编译b $ b混淆。下面显示了使用链接器之前和之后的MSIL代码示例。
Miha Markic < miha at rthand com>在留言中写道
新闻:嗯************* @ TK2MSFTNGP11.phx.gbl ...
Reshat Sabiq < SA *** @ purdue.edu>在消息中写道
新闻:01 **************************** @ phx.gbl ...
我目前正在用Java进行大部分开发。我正在考虑替代方案的唯一原因是因为Java可以被解压缩,因此一个人的源代码在作为桌面出货时大部分都不受保护
应用程序(混淆是好的,但我希望它更安全)。因此,我正在考虑使用Desktop
应用程序的替代方案。
我是否正确理解C#.NET可以像Java一样被反编译?
Yup,除非模糊不清 - 就像java。
或者有一个选项可以将甚至C#编译成纯机器语言吗?这将失去管理代码的优势,但我只是想知道在选择时将C#编译成托管或非托管代码的灵活性。
有预编译的ngen实用程序。虽然il代码仍然存在,但仍需要框架。
P.S。我还看到了MS认为为.NET提供某种加密支持的消息。如果这是真的,
会强大到足以确保托管代码的代码机密性吗?
唯一的解决方案是对代码进行模糊处理 - 那里是一些第三方
加上一个被剥离的vs.net 2003附带。
-
Miha Markic - RightHand .NET咨询和放大器;开发
miha at rthand com
此外,我希望每个人都明白机器语言可以是
逆向工程。实际上机器语言非常像字节代码,
并且有一些工具可以带PE并给你可读代码。
问题是机器代码是与标题和文字数据混合在一起(不是像.NET或Java那样以标准化的方式使用
),所以你必须看看编译器把这些东西放在一起的方式是多少。但是,编译器是可预测的。如果
我知道一段可执行代码来自VC ++或Borland C ++,那么我就可以消除很多关于数据停止和代码开始的谜团。
一旦你知道这一点,那么对这些二进制文件进行逆向工程的难度要比使用.NET或Java要简单得多。
如果你想要更安全的东西,你可以使用你的.NET代码并在.NET DLL而不是主程序集中写入
重要位。然后,使用对称密码对来自加密的DLL进行加密,该密钥来自已签名的主要
程序集(因此密钥不存在)并为其创建摘要。如果你想要创建一些更具体的东西,你也可以从你发行的证书中获得密钥
,并确保证书有效。要运行
代码,主程序集必须驱动确切的密钥,并将DLL
解密到缓冲区中。然后,您可以从解密的字节
缓冲区加载程序集。
这基本上阻止人们检查文件的内容。例如,
永远不会在其上运行ILDASM,这与一些混淆方法不同。
简单地模糊了名称。但是,一旦加载到内存中的任何程序(不管它写的是什么语言)都很容易受到反向工程的影响。
-Rob Teixeira [MVP]
" Miha Markic" < miha at rthand com>在留言中写道
新闻:嗯************* @ TK2MSFTNGP11.phx.gbl ...
Reshat Sabiq < SA *** @ purdue.edu>在消息中写道
新闻:01 **************************** @ phx.gbl ...
我目前正在用Java进行大部分开发。我正在考虑替代方案的唯一原因是因为Java可以被解压缩,因此一个人的源代码在作为桌面出货时大部分都不受保护
应用程序(混淆是好的,但我希望它更安全)。因此,我正在考虑使用Desktop
应用程序的替代方案。
我是否正确理解C#.NET可以像Java一样被反编译?
Yup,除非模糊不清 - 就像java。
或者有一个选项可以将甚至C#编译成纯机器语言吗?这将失去管理代码的优势,但我只是想知道在选择时将C#编译成托管或非托管代码的灵活性。
有预编译的ngen实用程序。虽然il代码仍然存在,但仍需要框架。
P.S。我还看到了MS认为为.NET提供某种加密支持的消息。如果这是真的,
会强大到足以确保托管代码的代码机密性吗?
唯一的解决方案是对代码进行模糊处理 - 那里是一些第三方
加上一个被剥离的vs.net 2003附带。
-
Miha Markic - RightHand .NET咨询和放大器;开发
miha at rthand com
Hi,
I''m currently doing most of my development in Java. The
only reason i''m considering alternatives is because Java
is decompilable, and thus one''s source code is
unprotected for the most part when shipped as a desktop
app (obfuscation is good, but i''d like it to be more
secure). Thus, i''m considering alternatives for Desktop
apps.
Do i understand correctly that C# .NET can always be
decompiled, like Java? Or is there an option to compile
even C# into pure machine language? That will be losing
the advantages of Managed code, but i just wonder about
flexibilities of compiling C# into managed or unmanaged
code upon choice.
P.S. I also came across news that MS considers providing
some kind of encryption support for .NET. If that''s true,
will that be strong enough to ensure code confidentiality
for managed code?
Thanks,
rs.
Hi,
"Reshat Sabiq" <sa***@purdue.edu> wrote in message
news:01****************************@phx.gbl...Hi,
I''m currently doing most of my development in Java. The
only reason i''m considering alternatives is because Java
is decompilable, and thus one''s source code is
unprotected for the most part when shipped as a desktop
app (obfuscation is good, but i''d like it to be more
secure). Thus, i''m considering alternatives for Desktop
apps.
Do i understand correctly that C# .NET can always be
decompiled, like Java?
Yup, unless obfuscated - like java.
Or is there an option to compile even C# into pure machine language? That will be losing
the advantages of Managed code, but i just wonder about
flexibilities of compiling C# into managed or unmanaged
code upon choice.
There is ngen utility which precompiles. Though the il code is still there
and framework is still required.
P.S. I also came across news that MS considers providing
some kind of encryption support for .NET. If that''s true,
will that be strong enough to ensure code confidentiality
for managed code?
The only solution is to obfuscate the code - there are some 3rd parites plus
one stripped down is shipped with vs.net 2003.
--
Miha Markic - RightHand .NET consulting & development
miha at rthand com
There is one more possible solution that may fit the OP''s needs:
http://www.remotesoft.com/linker/
From this site:
Salamander .NET Linker and mini-deployment tool allows you to link .NET
assemblies together into a single file, and to deploy your application
without installation of the whole Microsoft .NET Framework. The linker links
MSIL code on demand putting together only the required classes and methods,
and it is capable of linking into the Microsoft .NET framework class
libraries. The mini-deployment tool then builds a minimum set of the
Microsoft .NET runtime to ship with your application. This usually results
in installation size of a few mega bytes, rather than tens of mega bytes,
and the installation takes much less time without rebooting machines.
Code Protection
There is one problem none of the current obfuscators address, that is, no
matter how good the obfuscation is, there are system library calls and other
external references scattered over in your code (see red in below). Since
these calls are external references, obfuscators will have to leave them
unchanged. However, these references help a lot to understand the decompiled
code, because they are well documented and public APIs. The linker removes
or reduces such public APIs by linking the framework APIs into your own
code, and thus makes your code much more difficult to decompile after
obfuscation. Below shows sample MSIL code before and after the linker is
used.
"Miha Markic" <miha at rthand com> wrote in message
news:um*************@TK2MSFTNGP11.phx.gbl...Hi,
"Reshat Sabiq" <sa***@purdue.edu> wrote in message
news:01****************************@phx.gbl...Hi,
I''m currently doing most of my development in Java. The
only reason i''m considering alternatives is because Java
is decompilable, and thus one''s source code is
unprotected for the most part when shipped as a desktop
app (obfuscation is good, but i''d like it to be more
secure). Thus, i''m considering alternatives for Desktop
apps.
Do i understand correctly that C# .NET can always be
decompiled, like Java?
Yup, unless obfuscated - like java.
Or is there an option to compileeven C# into pure machine language? That will be losing
the advantages of Managed code, but i just wonder about
flexibilities of compiling C# into managed or unmanaged
code upon choice.
There is ngen utility which precompiles. Though the il code is still there
and framework is still required.P.S. I also came across news that MS considers providing
some kind of encryption support for .NET. If that''s true,
will that be strong enough to ensure code confidentiality
for managed code?
The only solution is to obfuscate the code - there are some 3rd parites
plus one stripped down is shipped with vs.net 2003.
--
Miha Markic - RightHand .NET consulting & development
miha at rthand com
In addition, I hope everyone understands that machine language CAN be
reverse-engineered. In fact machine language is very much like byte code,
and there are tools out there that take PEs and give you readable code back.
The issue is that machine code is mixed with headers and literal data (not
in a nice standardized way like .NET or Java), so you have to look at how
the compiler put the stuff together. However, compilers are predictable. If
I know a piece of executable code came from VC++ or Borland C++, then I can
remove a lot of the mystery about where the data stops and the code begins.
Once you know that, it''s only marginally more difficult to reverse-engineer
those binaries than it is for .NET or Java.
If you want something more secure, you can take your .NET code and write the
important bits in a .NET DLL rather than the main assembly. Then, encrypt
the DLL using a symmetric cypher with a key derrived from the signed main
assembly (so the key isn''t present) and create a digest for it. If you want
to create something a little more concrete, you can also derrive the key
from certificates you issue, and ensure that the certs are valid. To run the
code, the main assembly has to derrive the exact key, and unencrypt the DLL
into a buffer. You can then load the assembly from the decrypted byte
buffer.
This basically stops people from examining the contents of the file. You
could never run ILDASM on it, for instance, unlike some obfuscation methods
which simply obscure names. However, any program (reguardless of what
language it''s written in) once loaded into memory is vulnerable to
reverse-engineering.
-Rob Teixeira [MVP]
"Miha Markic" <miha at rthand com> wrote in message
news:um*************@TK2MSFTNGP11.phx.gbl...Hi,
"Reshat Sabiq" <sa***@purdue.edu> wrote in message
news:01****************************@phx.gbl...Hi,
I''m currently doing most of my development in Java. The
only reason i''m considering alternatives is because Java
is decompilable, and thus one''s source code is
unprotected for the most part when shipped as a desktop
app (obfuscation is good, but i''d like it to be more
secure). Thus, i''m considering alternatives for Desktop
apps.
Do i understand correctly that C# .NET can always be
decompiled, like Java?
Yup, unless obfuscated - like java.
Or is there an option to compileeven C# into pure machine language? That will be losing
the advantages of Managed code, but i just wonder about
flexibilities of compiling C# into managed or unmanaged
code upon choice.
There is ngen utility which precompiles. Though the il code is still there
and framework is still required.P.S. I also came across news that MS considers providing
some kind of encryption support for .NET. If that''s true,
will that be strong enough to ensure code confidentiality
for managed code?
The only solution is to obfuscate the code - there are some 3rd parites
plus one stripped down is shipped with vs.net 2003.
--
Miha Markic - RightHand .NET consulting & development
miha at rthand com
这篇关于C#可以编译成机器语言吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
