.NET Dotfuscator or something else?

DSP, Plugin and Host development discussion.
RELATED
PRODUCTS

Post

Hi

Semicompiled code like .NET is pretty open for reverse engineering.

What tool do you think is the best protection, Dotfuscator or something else?
Any difference if working for C++/CLI too?
Or is pure code needed?

Thanks.

Post

You can encrypt the binaries with .NET if i remember correctly. I don't know if that's possible in combination with Something like VST.NET.

Post

Thanks.

Anyone that knows about more alternatives are welcome with any tip.

Post

Be careful here- If you make use of reflection, Dotfuscator can break your code. I think encrypted assemblies is the best bet, but I dont know that there is a fool proof way to obfuscate managed code.

Post

heres a good stack overflow link on the matter...

http://stackoverflow.com/questions/4942 ... assemblies

Post

obfuscation or encryption will marginally decrease performance, obfuscated code can't be debugged properly etc...
IIRC, themida can protect .net assemblies, might be worth checking out, it's way more secure and easier to deploy than obfuscation, but then again, with all encryption packers, there's a marginal performance decrease.

Post

Stupid American Pig wrote:Be careful here- If you make use of reflection, Dotfuscator can break your code. I think encrypted assemblies is the best bet, but I dont know that there is a fool proof way to obfuscate managed code.
thanks.

The only thing I use reflection for is to get current assembly and access resources.

Is that enought to cause problems?

Post

Sounds generally safe, but just keep in mind that things like LINQ or anything that relies on XML serialization uses the reflection API(web services, object serialization, etc) so you still may be using reflection in your code. I dont know what type of project you are working with or if you are using C#/VB or Managed C++. I am really not all that familiar with the way the compiler generates that code(does any one used managed C++ these days??)

Post

Stupid American Pig wrote:Sounds generally safe, but just keep in mind that things like LINQ or anything that relies on XML serialization uses the reflection API(web services, object serialization, etc) so you still may be using reflection in your code. I dont know what type of project you are working with or if you are using C#/VB or Managed C++. I am really not all that familiar with the way the compiler generates that code(does any one used managed C++ these days??)
Thanks.

I use C++/CLI now and did on my former job too. But not the managed thingy that came 2003 or something like that that was called Managed C++.

I found one article, though old, of good value:
http://howtoselectguides.com/dotnet/obfuscators/1st

I do my my own serialize stuff to save workspaces and similar. Got the feeling the built in classes were doing too much.

Post

I've used http://code.google.com/p/obfuscar/ in the past in combination with ILMerge (MS research). Its perfect to discourage prying eyes.

If you want the full fledged battle ship you might like .NET Reactor. http://www.eziriz.com/ They say they've never been cracked...

Hope it helps.
Grtx, Marc Jacobi.
VST.NET | MIDI.NET

Post

Stupid American Pig wrote:does any one used managed C++ these days??
Yes, VST.NET uses managed C++ to make the jump between the C++ VST interface and the managed .NET world.
Grtx, Marc Jacobi.
VST.NET | MIDI.NET

Post

obiwanjacobi wrote:
Stupid American Pig wrote:does any one used managed C++ these days??
Yes, VST.NET uses managed C++ to make the jump between the C++ VST interface and the managed .NET world.
Not to hijack the thread here, but I have never even looked into the managed C++ or C++\CLI. Is there a reason to use it other than possibly familiarity with C++? I am guessing it allows you to write the bits you want to be GC'd and then when you want to drop down to native code for the more intensive tasks you can do that more easily?

I know C and C++ decently enough, but just seems that if Im doing .NET then I may as well just use C#. What am I missing?

Post

It's for interoperability. You can do simple stuff with P/Invoke but if you have to do something more complicated C++/CLI is very nice.

Post

Stupid American Pig wrote: Not to hijack the thread here, but I have never even looked into the managed C++ or C++\CLI. Is there a reason to use it other than possibly familiarity with C++? I am guessing it allows you to write the bits you want to be GC'd and then when you want to drop down to native code for the more intensive tasks you can do that more easily?

I know C and C++ decently enough, but just seems that if Im doing .NET then I may as well just use C#. What am I missing?
If you are working in C# but need to use a C++ class that's in a DLL, MC++ can be helpful. I wrote an article on the subject:

"How to Marshal a C++ Class"
http://www.codeproject.com/KB/cs/marshalCPPclass.aspx


...but in general though, I don't care for MC++ and would only use it sparingly when I had to.

Jeff

Post

Thanks for this Jeff(and obiwan and helium too) I have done some things with Libsndfile and PInvoke, I found that using C# as a front end to this library, I was able to get quite good performance in bulk file conversion(vox to wav, though, so it was basically just adding the wav header to the raw bits). Thankfully :!: It seems that in the enterprise software world the use cases for the above scenario are rare.

Post Reply

Return to “DSP and Plugin Development”