When to choose managed or unmanaged (VB.NET or C++ MFC)?
-
I understand this may be a question all of you get alot, but I can't find any information on comparisons of each language. My problem is, recently I built a large program that I was very proud of in VB.NET. The program interfaced with AutoCAD and I wanted to get input on it from an AutoCAD discussion group. Unfortunately, I didn't know about Reflector and other decompiling programs, so everyone could see my code. While the code I used to interface with AutoCAD is not a secret on the internet, I still was upset that someone could have free-reign to my source code. Now I am looking into building something different. A database program. In database standards it will be simple client side program using MDB databases. ADO.NET seems the new and simple option going well with VB.NET, but I also found source code for a mixed mode program, using MFC and ADO.NET. I am curious about these decompiling programs for .NET. It seems really easy to decompile .NET programs but I don't hear much about decompiling C++ programs. -Is compiled C++ really that secure? -Can someone use a decompiling program and produce a Visual Studio solution from an .NET exe? -What would you make this decision based on? It is so frustrating that Microsoft has made an easy to program framework, but then made it easy for someone to decompile. Sorry for the long post. Your help is greatly appreciated! David Hovey Phoenix, Arizona
-
I understand this may be a question all of you get alot, but I can't find any information on comparisons of each language. My problem is, recently I built a large program that I was very proud of in VB.NET. The program interfaced with AutoCAD and I wanted to get input on it from an AutoCAD discussion group. Unfortunately, I didn't know about Reflector and other decompiling programs, so everyone could see my code. While the code I used to interface with AutoCAD is not a secret on the internet, I still was upset that someone could have free-reign to my source code. Now I am looking into building something different. A database program. In database standards it will be simple client side program using MDB databases. ADO.NET seems the new and simple option going well with VB.NET, but I also found source code for a mixed mode program, using MFC and ADO.NET. I am curious about these decompiling programs for .NET. It seems really easy to decompile .NET programs but I don't hear much about decompiling C++ programs. -Is compiled C++ really that secure? -Can someone use a decompiling program and produce a Visual Studio solution from an .NET exe? -What would you make this decision based on? It is so frustrating that Microsoft has made an easy to program framework, but then made it easy for someone to decompile. Sorry for the long post. Your help is greatly appreciated! David Hovey Phoenix, Arizona
David Hovey wrote:
It is so frustrating that Microsoft has made an easy to program framework, but then made it easy for someone to decompile.
That is why there are programs called obfuscators out there.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon "Not only do you continue to babble nonsense, you can't even correctly remember the nonsense you babbled just minutes ago." - Rob Graham
-
I understand this may be a question all of you get alot, but I can't find any information on comparisons of each language. My problem is, recently I built a large program that I was very proud of in VB.NET. The program interfaced with AutoCAD and I wanted to get input on it from an AutoCAD discussion group. Unfortunately, I didn't know about Reflector and other decompiling programs, so everyone could see my code. While the code I used to interface with AutoCAD is not a secret on the internet, I still was upset that someone could have free-reign to my source code. Now I am looking into building something different. A database program. In database standards it will be simple client side program using MDB databases. ADO.NET seems the new and simple option going well with VB.NET, but I also found source code for a mixed mode program, using MFC and ADO.NET. I am curious about these decompiling programs for .NET. It seems really easy to decompile .NET programs but I don't hear much about decompiling C++ programs. -Is compiled C++ really that secure? -Can someone use a decompiling program and produce a Visual Studio solution from an .NET exe? -What would you make this decision based on? It is so frustrating that Microsoft has made an easy to program framework, but then made it easy for someone to decompile. Sorry for the long post. Your help is greatly appreciated! David Hovey Phoenix, Arizona
I read a book about this and this is basically what they said. This problem exist with any interpretted/bytecode languages (vb.net, c#, java, alot of the scripting languages, and also .net versions of normally compiled languages) because they aren't compiled to machine code and are still in a relatively high level form. An obfuscator will make things harder for a person trying to reverse engineer but c++ (assuming you're not using managed code) will probably be harder since it is reduced to machine code and the high level information is stripped out. There are some decompilers for compiled languages but they can only reconstruct part of the code because compiler optimizations tend to change the structure of your code plus some information is impossible to reconstruct. In theory anything can be reversed but unless you're doing something really revolutionary that has never been done before it probably is not going to be worth someones time to try and reconstruct your obfuscated or compiled code. It would probably take less time for them to just write it themselves.
-
I read a book about this and this is basically what they said. This problem exist with any interpretted/bytecode languages (vb.net, c#, java, alot of the scripting languages, and also .net versions of normally compiled languages) because they aren't compiled to machine code and are still in a relatively high level form. An obfuscator will make things harder for a person trying to reverse engineer but c++ (assuming you're not using managed code) will probably be harder since it is reduced to machine code and the high level information is stripped out. There are some decompilers for compiled languages but they can only reconstruct part of the code because compiler optimizations tend to change the structure of your code plus some information is impossible to reconstruct. In theory anything can be reversed but unless you're doing something really revolutionary that has never been done before it probably is not going to be worth someones time to try and reconstruct your obfuscated or compiled code. It would probably take less time for them to just write it themselves.
Paul and Mark, Thanks for your help. I have heard of obfuscator's before but wasn't aware of their purpose. I found a freeware version called Skater that seems to work the best. After using the program I checked my compiled program with Reflector and I can't even make out what the original purpose of a function was. I tried using the Community Edition of the program that comes with Visual Studio, but it seemed to only rename local variables. I was amazed how expensive the few obfuscator programs I looked at are.
-
Paul and Mark, Thanks for your help. I have heard of obfuscator's before but wasn't aware of their purpose. I found a freeware version called Skater that seems to work the best. After using the program I checked my compiled program with Reflector and I can't even make out what the original purpose of a function was. I tried using the Community Edition of the program that comes with Visual Studio, but it seemed to only rename local variables. I was amazed how expensive the few obfuscator programs I looked at are.
David Hovey wrote:
I found a freeware version called Skater that seems to work the best.
I've used Skater before and it is pretty good for the price.
David Hovey wrote:
Reflector
It is a good tool and crashes when trying to reverse compile any Skater obfuscated code.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon "Not only do you continue to babble nonsense, you can't even correctly remember the nonsense you babbled just minutes ago." - Rob Graham