如何保护的dll？ [英] How to protect dlls?

问题描述

如何保护我的项目的DLL文件以这样的方式，他们不能被引用和被其他人使用吗？

How do I protect the dlls of my project in such a way that they cannot be referenced and used by other people?

感谢

推荐答案

简短的答案是，除了显而易见的东西，没有太多可以做。

The short answer is that beyond the obvious things, there is not much you can do.

这是你可能要考虑（大致难度加大，降低可信度的顺序）的明显的事情包括：

The obvious things that you might want to consider (roughly in order of increasing difficulty and decreasing plausibility) include:

• 静态链接，所以不存在DLL攻击。


• 地带的所有符号。


• 使用.def文件并导入库只具有其导出ID只知道匿名出口。


• 保留DLL中的资源，并在文件系统揭露它运行，只有当（下适当晦涩的名字，甚至在运行时产生）。


• 背后隐藏交换的一个秘密工厂方法的所有实函数（更好的，秘密的知识证明）函数指针的到真正的方法表。


• 使用来自恶意软件的世界借来prevent逆向工程反调试技术。 （请注意，这将有可能让你从AV工具误报。）

不管怎样，有足够确定的用户仍然可以找出方法来使用它。一个体面的反汇编器会迅速提供所需的所有信息。

Regardless, a sufficiently determined user can still figure out ways to use it. A decent disassembler will quickly provide all the information needed.

请注意，如果你的DLL确实是一个COM对象，或者更糟糕的是一个CLR大会，再有就是，你不能没有打破其用途剥离的运行时类型信息数量巨大。

Note that if your DLL is really a COM object, or worse yet a CLR Assembly, then there is a huge amount of runtime type information that you can't strip off without breaking its intended use.

编辑：既然你已经重新标记暗示，C＃和.NET是环境，而不是C语言编写的一个纯粹的Win32 DLL，那么我真的应该修改上面你不能，但是......

Since you've retagged to imply that C# and .NET are the environment rather than a pure Win32 DLL written in C, then I really should revise the above to "You Can't, But..."

有一直模糊处理工具的市场很长的时间来处理，其中编译源交付是强制性的环境，但你不希望提供有用的信息来源。有迹象表明，在这个市场发挥C＃的产品，它看起来像的至少一个已插话说。

There has been a market for obfuscation tools for a long time to deal with environments where delivery of compilable source is mandatory, but you don't want to deliver useful source. There are C# products that play in that market, and it looks like at least one has chimed in.

由于加载安装要求从框架这么多的努力，很可能有权限位是发挥了大会诚实的提供者和消费者一些控制。我还没有看到这些方法提供真正的安全的任何讨论，只是不知道他们是与一个确定的攻击效果如何。

Because loading an Assembly requires so much effort from the framework, it is likely that there are permission bits that exert some control for honest providers and consumers of Assemblies. I have not seen any discussion of the real security provided by these methods and simply don't know how effective they are against a determined attack.

很多是要取决于你的使用情况。如果您只是想prevent随便用，你也许可以找到适合您的解决方案。如果你想防止逆向工程和再利用有价值的商业秘密，你可能不那么开心。

A lot is going to depend on your use case. If you merely want to prevent casual use, you can probably find a solution that works for you. If you want to protect valuable trade secrets from reverse engineering and reuse, you may not be so happy.

这篇关于如何保护的dll？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！