如何保护dll? [英] How to protect dlls?

问题描述

如何保护我的项目的 dll 以使其无法被其他人引用和使用?

How do I protect the dlls of my project in such a way that they cannot be referenced and used by other people?

谢谢

推荐答案

简短的回答是，除了显而易见的事情之外，您无能为力.

The short answer is that beyond the obvious things, there is not much you can do.

您可能需要考虑的显而易见的事情(大致按照难度增加和合理性降低的顺序)包括:

The obvious things that you might want to consider (roughly in order of increasing difficulty and decreasing plausibility) include:

• 静态链接，因此没有可攻击的 DLL.
• 去除所有符号.
• 使用 .DEF 文件和导入库，以便仅通过导出 ID 识别匿名导出.
• 仅在运行时将 DLL 保留在资源中并在文件系统中公开它(以适当的模糊名称，甚至可能在运行时生成).
• 将所有真实函数隐藏在工厂方法后面，该工厂方法将秘密(更好地，秘密知识证明)交换为指向真实方法的函数指针表.
• 使用从恶意软件领域借鉴的反调试技术来防止逆向工程.(请注意，这可能会让您从 AV 工具中获得误报.)

无论如何，一个足够坚定的用户仍然可以找到使用它的方法.一个体面的反汇编程序将快速提供所需的所有信息.

Regardless, a sufficiently determined user can still figure out ways to use it. A decent disassembler will quickly provide all the information needed.

请注意，如果您的 DLL 确实是一个 COM 对象，或者更糟的是一个 CLR 程序集，那么在不破坏其预期用途的情况下，您无法剥离大量运行时类型信息.

Note that if your DLL is really a COM object, or worse yet a CLR Assembly, then there is a huge amount of runtime type information that you can't strip off without breaking its intended use.

既然你重新标记暗示 C# 和 .NET 是环境而不是用 C 编写的纯 Win32 DLL，那么我真的应该将上面的内容修改为你不能，但是……"

Since you've retagged to imply that C# and .NET are the environment rather than a pure Win32 DLL written in C, then I really should revise the above to "You Can't, But..."

很长一段时间以来，混淆工具的市场一直存在，以处理强制交付可编译源的环境，但您又不想交付有用的源.在该市场上有 C# 产品，而且看起来至少有一个产品加入了.

There has been a market for obfuscation tools for a long time to deal with environments where delivery of compilable source is mandatory, but you don't want to deliver useful source. There are C# products that play in that market, and it looks like at least one has chimed in.

因为加载程序集需要框架的大量工作，所以很可能存在对程序集的诚实提供者和消费者施加一些控制的权限位.我没有看到任何关于这些方法提供的真正安全性的讨论，只是不知道它们对确定的攻击有多有效.

Because loading an Assembly requires so much effort from the framework, it is likely that there are permission bits that exert some control for honest providers and consumers of Assemblies. I have not seen any discussion of the real security provided by these methods and simply don't know how effective they are against a determined attack.

很大程度上取决于您的用例.如果您只是想防止随意使用，您或许可以找到适合您的解决方案.如果您想保护有价值的商业秘密免遭逆向工程和重复使用，您可能不会那么高兴.

A lot is going to depend on your use case. If you merely want to prevent casual use, you can probably find a solution that works for you. If you want to protect valuable trade secrets from reverse engineering and reuse, you may not be so happy.

这篇关于如何保护dll?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！