Re: Protect IL Code

• Previous message: Chris Clark: "RE: Ho do I present custom evidence of authentication to a server?"
• In reply to: Jonathan Pierce: "Re: Protect IL Code"
• Next in thread: Jonathan Pierce: "Re: Protect IL Code"
• Reply: Jonathan Pierce: "Re: Protect IL Code"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 4 Jul 2004 21:55:47 -0700

Jonathan,

I do not think that your new feature is a good idea. In theory, it can save
developer time, but consider the following case. Let's say that I have
library module (DLL) with a public class A. This class has a public method
X, which is supposed to be called by external applications. Let's say that I
want to check who the caller is and add code to retrieve the caller assembly
from method X (maybe I do a stack walk or something). In the original code,
method X will retrieve the external caller assembly. Now, if during
obfuscation you take the code from method X and move it to a different -
private or internal - method, which assembly would the moved code access?
Right, it will be my assembly, not the external caller, as I originally
expect. Do you see how dangerous this is? Unless I misunderstand the way you
do it, I suggest you to remove this feature.

Alek

"Jonathan Pierce" <jpierce@nyc.rr.com> wrote in message
news:3d0f5457.0407021532.27b5acb4@posting.google.com...
> >>We could probably add a feature to
> > our Decompiler.NET product to automatically generate these public
> > stubs for you.
>
> This thread motivated me to add the feature. The latest version of our
> Decompiler.NET application available on our web site now factors out
> the bodies of public members into seperate methods with obfuscated
> names, but retains stub methods to expose these public members to
> classes from external assemblies. Other methods in the same assembly
> automatically reference the factored obfuscated internal names so only
> the public stub names remain meaningful.
>
> We will also be adding a similar feature soon to hide calls to public
> members from assemblies external to the one being obfuscated.
>
> Please try it out and let us know what you think. You can download a
> free trial version of Decompiler.NET from our web site at:
> http://www.junglecreatures.com/
>
> Jonathan Pierce
> President
> Jungle Creatures, Inc.
> http://www.junglecreatures.com/

• Previous message: Chris Clark: "RE: Ho do I present custom evidence of authentication to a server?"
• In reply to: Jonathan Pierce: "Re: Protect IL Code"
• Next in thread: Jonathan Pierce: "Re: Protect IL Code"
• Reply: Jonathan Pierce: "Re: Protect IL Code"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]