反思有可能在混淆 [英] reflection is possible on obfuscation

问题描述

我这个问题，因为为期一周挣扎。我已经模糊我的应用程序的EXE。我们的应用程序是一个在线Web应用程序的离线工具。客户端将安装此应用程序，一旦连接到互联网，应用程序会下载相关信息，并存储在XML文件中客户机上进行进一步的显示。为安全起见，我们这些加密的XML文件。不幸的是我们里面的EXE的一种方法GetCryptXML将读取客户机上的settings.xml加密和解密后返回。这Setting.xml的包含其他的XML加密密钥为好。

I am struggling with this problem since last one week. I have obfuscated exe of my application. Our application is offline tool for online web application. Client will install this application and connect once to internet, application will download relevant information and store in xml file on client machine for further display. for security purpose we are encrypting these xml files. Unfortunately we have one method GetCryptXML inside exe which will read encrypted settings.xml on client machine and return it after decrypting. this setting.xml contain encryption key for other xml as well.

我对着这里是问题，甚至混淆后，人可以通过传递模糊名称调用GetCryptXML方法。

Problem I am facing here is, even after obfuscation, person can invoke GetCryptXML method by passing obfuscated name.

有什么办法来解决这个问题？

Is there any way to solve this problem?

这是我的想法来解决问题，但我不知道如何实施

This is my idea to solve problem but I am not sure how to implement.

我的想法：只有方式来调用我的功能是通过使用InvokeMember（）函数的反射。才可以调用这个函数他/她需要使用此加载程序集。

My idea: Only way to invoke my function is through reflection by using InvokeMember() function. before one can call this function he/she needs to load assembly by using this.

Assembly.LoadFrom("myapplication.exe")

如果里面myapplication.exe的代码可以识别哪些应用程序正在试图加载我，我们可以限制他们如果它不打算应用加载。我不知道如何解决。

If code inside myapplication.exe can identify which application is trying to load me then we can restrict them to load if it is not intended application. I dont know how can I solve.

任何帮助是极大的赞赏。

Any help is greatly appreciated.

感谢。

推荐答案

如果你想限制访问方法将特定的组件，你可以做到以下几点：

If you want to restrict access to a method to a particular assembly you could do the following:

    private void RestrictedMethod() {
        Assembly calling = Assembly.GetCallingAssembly();
        if(calling.FullName != "myapplication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null") {
            throw new InvalidOperationException();
        }
        // Do method work...
        return;
    }

之一这种方法的优点是，如果有人使用反射来自未授权装配通话将失败。

One of the advantages of this approach is that if someone used reflection from an unauthorized assembly the call would fail.

这篇关于反思有可能在混淆的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！