We know that the Java compiler source program gets the byte code, VS. NET compiled source is MSIL (Microsoft intermediate language), which is called "incomplete compilation," and is especially easy to decompile or reverse-engineer. Unlike native code, the intermediate code that is not fully compiled retains the variable, the procedure name, so that the resulting program is almost exactly the same as the original program, and the remainder is almost intact.
For developers of commodity software, high quality decompile code poses a great risk: the algorithm may be stolen and modified, and the program code may be copied and changed. (Even the non-commercial software used in-house, because of the source code leakage caused by the decompile also poses a great threat.) For example, it is easy for a user to see a password that accesses a database or an Embedded SQL command for a program. Similarly, web sites that use an external unit hosting server are at risk, and once the ASP.net application code is uploaded, the person in the managed unit may view and change the program code at will.
More worrying is that hackers or curious users can now easily get a variety of reverse engineering tools. Microsoft itself provides an MSIL disassembler, called ILDASM, free of charge, and there is a source code open. NET Decompile tool Anakrino; and, of course, many other vendors offer a commercialized reverse-engineering tool.
First, modify the variable name
The most effective way to prevent the threat of such reverse engineering is to blur it. (According to the American Traditional dictionary, "vague" means "confusing, confusing, confusing, or ambiguous, making it difficult to feel or understand"). Fuzzy tools use various means to achieve this goal, but the main way is to let the variable name no longer have the ability to indicate its role, encrypt strings and text, insert a variety of spoofing instructions so that the code can not compile the decompile.
An upcoming version of Visual Studio (called Vs.net 2003, code name Everett) integrates a fuzzy tool that Microsoft recommends to use to finalize the. NET Intermediate code. This fuzzy device is another tool Dotfuscator's so-called lite version. The Dotfuscator feature, produced by Preemptive Solutions, is more powerful, and the company, located in Cleveland, Northeast Ohio, initially developed a fuzzy technology for Java code. The Dotfuscator Blur uses a range of superior technologies to make reverse engineering futile, or at least to make reverse engineering difficult.
Preemptive Solutions The patented technology that modifies the variable name in the middle code takes a name called overload Sensing (overload induction), and the vs.net version of Lite 2003 has only this fuzzy function. (The fuzzy device will never change the original source code, even do not need to use the source code as a reference.) This technique fully utilizes the characteristics of the Vs.net code: the same identifier can be applied simultaneously to classes and methods with different characteristics; in different namespaces, variables can have the same name without conflict.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
