How to get COFF-based image of assembly

  • Thread starter Thread starter Christoph Wienands
  • Start date Start date
C

Christoph Wienands

Hi everybody,

..Net doc states about the Assembly.Load(byte[] rawAssembly, byte[]
rawSymbolStore) function:

-----------------------

Loads the assembly with a Common Object File Format (COFF)-based image
containing an emitted assembly.

rawAssembly
An array of type byte that is a COFF-based image containing an emitted
assembly.

rawSymbolStore
An array of type byte containing the raw bytes representing the symbols for
the assembly.

-----------------------

I'm currently trying to implement some code security that will make it
harder for "hackers" to decompile the essential algorithms in my app. The
idea is to load an assembly image from an encrypted file or so during
runtime. Can anyone tell me how I can retrieve such an image from an
existing DLL?

Thanks, Christoph
 
Hello Christoph,

Thanks for posting in the group.

Based on my understanding, your question is: How to make the assembly more
secure from hacker's decompile? Please feel free to post here if I have any
misunderstandings.

Programs written for the .NET framework are easy to reverse engineer. This
is not in any way a fault in the design of .NET; it is simply a reality of
modern, intermediate-compiled languages (Java suffers from this problem
too). Both Java and .NET mutually share the use of expressive file syntax
for delivery of executable code: bytecode in the case of Java, MSIL
(Microsoft Intermediate Language) for .NET. Being much higher-level than
binary machine code, the intermediate files are laden with identifiers and
algorithms that are immediately observable and ultimately understandable.
After all, it is obviously difficult to make something easy to understand,
flexible, and extendable while simultaneously hiding its crucial details.

In order to resolve this kind of problem, we have several selections.
PreEmptive's Dotfuscator for the Microsoft .NET platform helps protect your
program against reverse engineering while making it smaller and more
efficient.Dotfuscator has a GUI and command line interface.Dotfuscator
Community Edition is accessible directly from the tools menu of Visual
Studio.NET 2003.

In order to get more information on it, please refer to
http://www.gotdotnet.com/team/dotfuscator/.

Does that answer your question? If you have any more concerns on it, please
feel free to post here.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Dotfuscator is a peice of shti. Some suit just licensed that peice of junk.
They did the sell, they bought it.
 
Dotfuscator is a peice of shti. Some suit just licensed that peice of junk.
They did the sell, they bought it.
Click to expand...

<ignore>
Hmm, sounds like a well-reasoned posting. Well, I am currently looking into
obfuscators and I am about to make my decisions on some more specific
reasons ;-)
</ignore>

So long, Christoph
 
Hi Huang,
In order to resolve this kind of problem, we have several selections.
PreEmptive's Dotfuscator for the Microsoft .NET platform helps protect your
program against reverse engineering while making it smaller and more
efficient.Dotfuscator has a GUI and command line interface.Dotfuscator
Community Edition is accessible directly from the tools menu of Visual
Studio.NET 2003.
Click to expand...

I am already looking into Dotfuscator. However, even heavy overloading of
methods and identifiers does not really help since it might confuse a human
being but it does not confuse a good decompiler, which will just make it a,
b, c, d, etc. again. Changes in control flow (while-loops, goto-statements,
etc.) provide a much higher level of protection -> expensive Dofuscator
Enterprise edition :-(

I read quite a couple of articles on application "security) and the general
opinion was, the more layers of protection, the more better. That's why I am
looking into loading some encrypted code dynamically during runtime
additionaly to obfuscators and some other tricks.

Thanks, Christoph
 
Christoph,
Can anyone tell me how I can retrieve such an image from an
existing DLL?
Click to expand...

It's the raw file format, so just open the file and load it into a
byte array for example.



Mattias
 
Hello Christoph,

Thanks for your reply.

From the description, you want to encrypt a assembly file, then read it in
the program, decrypted it to a byte array and feed into Assembly.Load
function, right?

In order to do that, I think you may try the following code:

using System;
using System.IO;

class FSRead
{
public static void Main()
{
//Create a file stream from an existing file.
FileInfo fi=new FileInfo("c:\\csc.txt");
FileStream fs=fi.OpenRead();

//Read 100 bytes into an array from the specified file.
int nBytes=100;
byte[] ByteArray=new byte[nBytes];
int nBytesRead=fs.Read(ByteArray, 0, nBytes);
Console.WriteLine("{0} bytes have been read from the specified
file.", nBytesRead.ToString());
}
}

By using the above codes, we can read the content of a file into a byte[].
Then we can use some customized way or CryptoStream class to do encrypt or
decript work.

Does that answer your question? If I have any misunderstandings, please
feel free to post here.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Hi Yan-Hong,

Yan-Hong Huang said:
By using the above codes, we can read the content of a file into a byte[].
Then we can use some customized way or CryptoStream class to do encrypt or
decript work.
Click to expand...

The missing piece of information was that COFF image represents the raw file
format. So yes, your code helped me :-)

Thanks, Christoph
 
Hi Christoph,

I am glad to be of assistance. :)

Thanks for participating the community.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top