|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Postbuilding .NET applications? Pros? Cons?My collegues and I are considering to start working with .NET (again), but
we do not want people to learn all about the structure and secrets of our application by reading the intermediate language (with ildasm.exe). We do not like to use obfuscation because that messes up stacktraces in case of error logging. It seems there are some applications that postbuild .NET applications, including the neccessairy .NET Framework classes within the executable and building it to traditional machine code. Does anyone out there know applications like that (name, url?), and perhaps share experiences with me? Thanks, Marcel. "Marcel" <marceltimmerman.no.spam@hotmail.com> wrote in message
http://msdn2.microsoft.com/en-us/library/6t9t5wcf(VS.80).aspxnews:45f122b1$0$13606$ba620dc5@text.nova.planet.nl... > My collegues and I are considering to start working with .NET (again), but > we do not want people to learn all about the structure and secrets of our > application by reading the intermediate language (with ildasm.exe). We do > not like to use obfuscation because that messes up stacktraces in case of > error logging. It seems there are some applications that postbuild .NET > applications, including the neccessairy .NET Framework classes within the > executable and building it to traditional machine code. > > Does anyone out there know applications like that (name, url?), and > perhaps share experiences with me? Hello,
thats not what the original poster wants - ngen just creates a machine dependent image, which still needs the .NET Framework. The original .exe file is still readable and distributed. A tool which supports your requirement is from RemoteSoft. I don't have any experience with it, and it will most probably be totally unsupported from Microsoft... Best regards, Henning Krause Show quote "Larry Smith" <no_spam@_nospam.com> wrote in message news:%23i3AwFlYHHA.2556@TK2MSFTNGP02.phx.gbl... > > "Marcel" <marceltimmerman.no.spam@hotmail.com> wrote in message > news:45f122b1$0$13606$ba620dc5@text.nova.planet.nl... >> My collegues and I are considering to start working with .NET (again), >> but we do not want people to learn all about the structure and secrets of >> our application by reading the intermediate language (with ildasm.exe). >> We do not like to use obfuscation because that messes up stacktraces in >> case of error logging. It seems there are some applications that >> postbuild .NET applications, including the neccessairy .NET Framework >> classes within the executable and building it to traditional machine >> code. >> >> Does anyone out there know applications like that (name, url?), and >> perhaps share experiences with me? > > http://msdn2.microsoft.com/en-us/library/6t9t5wcf(VS.80).aspx > >> thats not what the original poster wants - ngen just creates a machine My impression is he's really exploring the possibilities so the reference to >> dependent image, which still needs the .NET Framework. The original .exe >> file is still readable and distributed. "ngen.exe" was just to bring it to his attention. In any case, while I've never really played with this, he might be able to ship out an "ngen"ed version or "ngen" a (possibly encrypted) version of his managed app at installation time (without actually installing the managed version - not ideal security but sufficient for many). He would still need .NET on the target machine but that might not be an issue for him. I personally don't think it is an issue for most given that .NET 3.0 is now installed with Vista anyway and .NET in general will likely be the main platform for Windows development in a few short years (if not already). Lastly, I think there are probably other avenues of security to explore rather than shipping a native image (since we all face this situation). It also defeats some of the advantages of using .NET. Hello Larry,
you can't just copy the native image to another computer and execute it... This just won't work, AFAIK. Best regards, Henning Krause Show quote "Larry Smith" <no_spam@_nospam.com> wrote in message news:eZ%23E01pYHHA.1240@TK2MSFTNGP04.phx.gbl... >>> thats not what the original poster wants - ngen just creates a machine >>> dependent image, which still needs the .NET Framework. The original .exe >>> file is still readable and distributed. > > My impression is he's really exploring the possibilities so the reference > to "ngen.exe" was just to bring it to his attention. In any case, while > I've never really played with this, he might be able to ship out an > "ngen"ed version or "ngen" a (possibly encrypted) version of his managed > app at installation time (without actually installing the managed > version - not ideal security but sufficient for many). He would still need > .NET on the target machine but that might not be an issue for him. I > personally don't think it is an issue for most given that .NET 3.0 is now > installed with Vista anyway and .NET in general will likely be the main > platform for Windows development in a few short years (if not already). > Lastly, I think there are probably other avenues of security to explore > rather than shipping a native image (since we all face this situation). It > also defeats some of the advantages of using .NET. > Thanks people, for the responses. I've been playing with ngen.exe, and it is
true that the application still needs the framework. The generated 'native image' isn't even accessible, so it is not really useful for me. You can use ngen when your .net application or component isn't fast enough; it improves performance because the JIT isn't used. Marcel. Show quote "Larry Smith" <no_spam@_nospam.com> schreef in bericht news:eZ%23E01pYHHA.1240@TK2MSFTNGP04.phx.gbl... >>> thats not what the original poster wants - ngen just creates a machine >>> dependent image, which still needs the .NET Framework. The original .exe >>> file is still readable and distributed. > > My impression is he's really exploring the possibilities so the reference > to "ngen.exe" was just to bring it to his attention. In any case, while > I've never really played with this, he might be able to ship out an > "ngen"ed version or "ngen" a (possibly encrypted) version of his managed > app at installation time (without actually installing the managed > version - not ideal security but sufficient for many). He would still need > .NET on the target machine but that might not be an issue for him. I > personally don't think it is an issue for most given that .NET 3.0 is now > installed with Vista anyway and .NET in general will likely be the main > platform for Windows development in a few short years (if not already). > Lastly, I think there are probably other avenues of security to explore > rather than shipping a native image (since we all face this situation). It > also defeats some of the advantages of using .NET. > There are at least 3 products that I know of that do this.
The first - the one we actually use - is RemoteSoft. We typically use it for building installation programs, as the .Net framework often isn't installed. We've also used it to deploy WinForms apps to older machines that couldn't (or wouldn't) have the .Net 2.0 framework. http://www.remotesoft.com/linker/index.html The other two I've never used: https://thinstall.com/solutions/net_virtual.php http://www.xenocode.com/ -- Show quoteChris Mullins, MCSD.NET, MCPD:Enterprise, Microsoft C# MVP http://www.coversant.com/blogs/cmullins "Marcel" <marceltimmerman.no.spam@hotmail.com> wrote in message news:45f122b1$0$13606$ba620dc5@text.nova.planet.nl... > My collegues and I are considering to start working with .NET (again), but > we do not want people to learn all about the structure and secrets of our > application by reading the intermediate language (with ildasm.exe). We do > not like to use obfuscation because that messes up stacktraces in case of > error logging. It seems there are some applications that postbuild .NET > applications, including the neccessairy .NET Framework classes within the > executable and building it to traditional machine code. > > Does anyone out there know applications like that (name, url?), and > perhaps share experiences with me? > > Thanks, Marcel. >  |
|||||||||||||||||||||||
Other interesting topics