dcompiling DLLs?

  • Thread starter Thread starter darrel
  • Start date Start date
D

darrel

I'm in the position where I may need to update a site that lost its backup
project files. Is there any chance of being able to decompile the DLL files
or is this a case of starting over from scratch?

I'm looking at ".net Reflector" which looks like it will help, as I can view
individual subroutines/classes, but was wondering if there were any other
options I should look at.

-Darrel
 
Ollie Riches said:
check out this addin for reflector:

http://www.denisbauer.com/NETTools/FileDisassembler.aspx

HTH

Ollie Riches
Click to expand...

Sad... spend months creating a component that takes a hacker 2 minutes
decompile and steal all of your hard work. Now, find a similar utility for
VB5/6.... <bing> Time's up. There is no such component/utility (even after
what.... 13 years? which is great). imo, If you are careless enough to lose
your source, you deserve to start over from scratch.
 
Ken Halter said:
Sad... spend months creating a component that takes a hacker 2 minutes
decompile and steal all of your hard work.
Click to expand...

Has anyone got any actual examples of where this has really happened
with .NET? I've seen a lot of people being worried about getting
bitten, but no-one actually *getting* bitten.

See http://www.pobox.com/~skeet/csharp/obfuscation.html for more on my
views on this matter.
 
Jon Skeet said:
Has anyone got any actual examples of where this has really happened
with .NET? I've seen a lot of people being worried about getting
bitten, but no-one actually *getting* bitten.
Click to expand...

Heck... I haven't seen any companies that use .Net for the kind of stuff we
write around here so that's a bit of a trick question. For that matter, I
haven't seen anything "real" written in .Net at all.
See http://www.pobox.com/~skeet/csharp/obfuscation.html for more on my
views on this matter.
Click to expand...

In your "No Software Is Truly Safe" section, you have "how many of your
potential customers do you think want to rip you off". In my case, probably
zero (for now). In a shareware authors case, probably 50%. That's a
shareware author that has to go spend >>at least<< $1500+ for an obfuscator.
Then, they can probably go to another site and find a crack to de-obfuscate
that obfuscator <g> Right here in this group, a few months ago, there was a
guy selling his disassembler/de-obfuscator that supposedly could "crack" any
obfuscator on the market. That's pretty bad. Even if only 1/4 true. Sure,
you can disassemble VB Classic code. What you end up with is raw assembler
language. There is no tool available that would take that assembler code and
"pretty it up" to make it look like VB source.

Your "Decompilation Makes .NET Applications Open Source" isn't a myth I've
heard. The Open Source community has licenses that specify what you can do
with the source you find there. Decompilation has nothing to do with any of
those licenses. If you can simply grab large chunks of code from a
component, re-arrange it a bit to make it look like it's your own work and
resell it, that's not open source, that's stealing hard work that someone
else did. Huge difference.

No customers can steal our source. Since we don't specifically protect any
of our components, if they can figure out the interfaces, they can install
and use our components on their own PCs. As previously mentioned, our
customers most likely have no interest in any of that. When they buy from
us, they're buying a machine that's controlled by a PC. The software is
never "sold separately" and, as long as it works right, the customer never
even opens the folder that contains our software (now to figure out a decent
way of sending 440 volts directly to any hot-dog network admin that wants to
 
Ken Halter said:
Heck... I haven't seen any companies that use .Net for the kind of stuff we
write around here so that's a bit of a trick question. For that matter, I
haven't seen anything "real" written in .Net at all.
Click to expand...

Well, there are certainly things out there. The company I work for
(Clearswift) has been shipping software using .NET for longer than I've
been there.
In your "No Software Is Truly Safe" section, you have "how many of your
potential customers do you think want to rip you off". In my case, probably
zero (for now). In a shareware authors case, probably 50%.
Click to expand...

How many of those know about decompilers, or would actually have enough
technical information to use one to their advantage? I believe most
people who want to rip off shareware are likely to go to warez sites
rather than get a decompiler - and plenty of native code has been
cracked.
That's a
shareware author that has to go spend >>at least<< $1500+ for an obfuscator.
Then, they can probably go to another site and find a crack to de-obfuscate
that obfuscator <g>
Click to expand...

Obfuscators lose information. There's no way of recapturing it.
Right here in this group, a few months ago, there was a
guy selling his disassembler/de-obfuscator that supposedly could "crack" any
obfuscator on the market.
Click to expand...

Obfuscators don't generally prevent decompilation - they just mean that
what you get after decompilation is very, very hard to understand.
That's pretty bad. Even if only 1/4 true. Sure,
you can disassemble VB Classic code. What you end up with is raw assembler
language. There is no tool available that would take that assembler code and
"pretty it up" to make it look like VB source.
Click to expand...

I suppose that's why commercial games are never cracked, right? They're
generally native code too...
Your "Decompilation Makes .NET Applications Open Source" isn't a myth I've
heard. The Open Source community has licenses that specify what you can do
with the source you find there. Decompilation has nothing to do with any of
those licenses. If you can simply grab large chunks of code from a
component, re-arrange it a bit to make it look like it's your own work and
resell it, that's not open source, that's stealing hard work that someone
else did. Huge difference.
Click to expand...

Which is precisely why I call it a myth. It's one I've seen several
times though.
No customers can steal our source. Since we don't specifically protect any
of our components, if they can figure out the interfaces, they can install
and use our components on their own PCs. As previously mentioned, our
customers most likely have no interest in any of that. When they buy from
us, they're buying a machine that's controlled by a PC. The software is
never "sold separately" and, as long as it works right, the customer never
even opens the folder that contains our software (now to figure out a decent
way of sending 440 volts directly to any hot-dog network admin that wants to
muck with the PCs we ship with the machines, we'd be set <g>)
Click to expand...

In which case, wouldn't it be nice to get all the advantages .NET
provides?
 
Jon Skeet said:
In which case, wouldn't it be nice to get all the advantages .NET
provides?
Click to expand...

If I can zap someone with .Net, I can surely zap them faster in VB6 <g>...
maybe you weren't referring to my "440 volts" comment? <g>

Neither VB6 or Anything.Net can not stop the "hot-dog" admins from loading
screen savers, virus protection and running Windows Update. They tend to
treat the PCs we ship with our tools as "ordinary desktop" PCs, which they
aren't. They control servos, countless devices, multi-million dollar Lambda
Lasers, etc. No one, especially a "hot dog" should touch the "as shipped"
configuration. We have a notice in huge black letters in every owners manual
but that doesn't stop the hot dogs.

If interested.....
http://www.tamsci.com/products/products.html

fwiw, the very reason I'm starting to browse the .Net groups is that I've
finally convinced a few people here that VS2005 just might not be the devils
spawn. I've given up the hope of re-writing all of our components and have
started hoping that we can use a great deal of what we already have. It's
still pretty much "up in the air" though. We'll get one copy and see how it
works out. First of all, I have doubts about performance (if the IDE's any
indication, the entire suite'll end up in the recycle bin).... and doubts
about MSs recent ability to release a stable product (you don't need to poke
around here very long to see VS2003's still _full_ of bugs)
 

Besides.... I still haven't seen any of these advantages. Surely, the IDE's
not one of them. If it doesn't have an immediate window, or the ability to
set it so it shows a single procedure at a time, it's not much of an IDE
imo. The IDE should be flexible enough to "bend" to my wishes... not the
other way around. Even with those 2 show stoppers (imo), I still haven't
seen evidence of any of these advantages. If one of them is "the end to DLL
Hell", just poke around here and you'll see DLL Hell is no where near dead.
Intellisense in VB5/6 rules the world so that can't be one of these
advantages I keep hearing about. About the only feature that "sticks out" to
me as a true advantage is much better subclassing support "out of the box".
Neither subclassing or DLL Hell is an issue for VB5/6 devs with experience.
Threading maybe? Maybe. The apps we create run fine on a single thread. The
only multithreading I do in VB6 is for TCP-IP communications to several
devices at once.

So, who has the links to these advantages? I'll need a list (or at least
one) before I can justify the purchase (not counting the single copy I'll
get for eval)
 
Ken Halter said:
Besides.... I still haven't seen any of these advantages.
Click to expand...

In that case I suspect you haven't used .NET enough.
Surely, the IDE's not one of them. If it doesn't have an immediate
window, or the ability to set it so it shows a single procedure at a
time, it's not much of an IDE imo.
Click to expand...

I've never required either of those features of an IDE. I believe VS
2005 has an immediate window - I don't know if it allows you to only
view a single procedure though.
The IDE should be flexible enough to "bend" to my wishes... not the
other way around. Even with those 2 show stoppers (imo), I still haven't
seen evidence of any of these advantages. If one of them is "the end to DLL
Hell", just poke around here and you'll see DLL Hell is no where near dead.
Intellisense in VB5/6 rules the world so that can't be one of these
advantages I keep hearing about. About the only feature that "sticks out" to
me as a true advantage is much better subclassing support "out of the box".
Neither subclassing or DLL Hell is an issue for VB5/6 devs with experience.
Threading maybe? Maybe. The apps we create run fine on a single thread. The
only multithreading I do in VB6 is for TCP-IP communications to several
devices at once.

So, who has the links to these advantages? I'll need a list (or at least
one) before I can justify the purchase (not counting the single copy I'll
get for eval)
Click to expand...

1) Proper object orientation
2) Proper thread handling
3) Managed execution ensuring safe memory handling (I don't know
whether or not this is an issue in .NET)
4) A very rich runtime library - and getting richer in 2.0, of course
5) Fast garbage collected memory handling - no need to set things to
Nothing all the time. (I don't know much about VB6's memory
handling, but I've seen a lot of ex-VB developers setting variables
to Nothing everywhere, which suggests it's at least common
practice.)
6) A richer error handling mechanism (proper exceptions)
7) Simple interaction with other managed languages
8) Code access security
9) Support from MS - does your company really want to be using an
unsupported platform from 2008?

Those were just off the top of my head. However, as I've said, I don't
know a lot about VB6, so I suggest you ask the same question in the
VB.NET group if you haven't already done so.
 
Sad... spend months creating a component that takes a hacker 2 minutes
decompile and steal all of your hard work.
Click to expand...

Why is that sad? And why would you assume people would steal your code?
If you are careless enough to lose your source, you deserve to start over
from scratch.
Click to expand...

I agree. Tell that to the person that didn't archive the project for us.

-Darrel
 
How many of those know about decompilers, or would actually have enough
technical information to use one to their advantage?
Click to expand...

Exactly. Software pirates will pirate software regardless of how much
encryption/obfuscation/licening/lawyers you use.

Comanies need to stop assuming customers are criminals. It's not a good long
term strategy.

-Darrel
 
Back
Top