1

Overview

I come from a Delphi background but lately I wanted to learn a new language to test myself. Programming can become what seems somewhat rather easy once you familiarize yourself with the language and syntax and so I wanted to learn C# in order to find out whether I have really progressed as a developer or whether or not I am just relying on my own memory on how to achieve certain coding tasks.

So with that in mind I am new to C# / Visual Studio 2015, I have been spending a couple of hours using it for the last few days and aside from getting around the syntax differences the logical thinking of how to program has not changed or gone away.

I am in my early days of C# and although I was quite enjoying stepping out of my comfort zone and learning this new language, I feel like I may need to stop. The reason for this being is that I didn't realize how easy it seems the built Applications source can be obtainable (unless I am missing something obvious).

It started with my first simple C# project - a Notepad clone. I loaded this into Ida just to take a peek and see what I could find, the first striking thing was under function names it listed all my control and method names:

enter image description here

This prompted me to look at things such as obfuscation of function names etc and it seems there is lots of posts about this. But that is not the most surprising thing, I found an open source Application called dnSpy (I assume stands for .Net spy)

So I loaded my C# Text Editor executable into dnSpy and was quite shocked to see the source code was sitting there and easily readible:

enter image description here

There is some minor differences but the code is very much the same:

/// <summary>
/// Create a new text document.
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void mnuNew_Click(object sender, EventArgs e)
{
    // Check if the editor has been modified.
    if (_dirty)
    {
        // Prompt the user if they would like to save the document or not.
        DialogResult dialogResult = MessageBox.Show(String.Format("Do you want to save changes to {0}?", _fileName), "Text Editor", MessageBoxButtons.YesNoCancel);
        if (dialogResult == DialogResult.Yes)
        {
            mnuSave_Click(null, null);
        }
        else if (dialogResult == DialogResult.No)
        {
            // Create the new document.
            NewDocument();
        }
    }
}

The Notepad application built in Visual Studio I set to Release mode, I assume it comes with no debugging information etc.

The above worries me enough to just abandon C# / Visual Studio altogether. Delphi compiles to machine code and I believe .Net is some kind of interpreted language (translated and runs through .Net?).

My question is, is it really that simple to view the source code of an Application written in .Net built using C# / Visual Studio? It seems too easy and I am getting alarm bells telling me to stop coding in .Net and go back to Delphi otherwise any future work could just be stolen.

I understand Applications can be reversed, it doesn't matter if they are compiled in Delphi, C++ etc they can all be reversed but having the source code so easily viewable from an Application built in .Net / C# / Visual Studio seems rather odd and as I say is killing my mood to learn more about C# and .Net programming.

Are there other steps that need to be taking from within the Visual Studio IDE to make released projects not contain openly viewable source? Did I miss a simple step somewhere or is it really this simple to view the source code of a .Net Application?

Craig
  • 1,874
  • 13
  • 41
  • Learn about MSIL and obfuscators. – SLaks Jul 14 '16 at 13:55
  • 3
    I'm voting to close this question as off-topic because OP needs to take some time to read some intro to .NET/C# like this: https://msdn.microsoft.com/en-us/library/z1zx9t92.aspx – Matías Fidemraizer Jul 14 '16 at 14:01
  • Yes, .NET is generally easy to reverse into an (approximation) of the source. No, that doesn't stop people using it. If your code is *worth* stealing, (some) people will steal it anyway. It doesn't matter what language it's written is. And decompilation is a spectrum, not just a binary value. – Damien_The_Unbeliever Jul 14 '16 at 14:04
  • Some people value openness in development. I understand you probably have your reasons for this post but maybe you should switch mindset as well as technology? – jonnarosey Jul 14 '16 at 14:04
  • @jonaglon I am not against open source applications, but there are some scenarios obviously where you may need to write close sourced applications instead. – Craig Jul 14 '16 at 14:11
  • 2
    Generally, the way to keep "trade secret" code safe is to not run it (in any form, no matter what language it was written in) on the would-be attacker's machines. Run it on machines that *you* control and then just provide access to that logic remotely(be that via HTTP, RPC, message queueing, etc) – Damien_The_Unbeliever Jul 14 '16 at 14:20
  • @Craig - you're completely right, I am just cynical because I see a lot of code and very little is worth stealing. If you're making apps for the windows store you can skip IL and compile direct into machine code with .net Native https://msdn.microsoft.com/en-us/library/dn584397(v=vs.110).aspx – jonnarosey Jul 14 '16 at 15:22

2 Answers2

2

The default behaviour when building c# is to compile the c# code to CIL wich is easy to convert back to c#. The CIL code will be converted to native code at runtime by a just-in-time compiler.

.Net to Native code

You could compile your c# code directly to native code, but then you would loose the benefit of targeting multiple architectures at once: Compiling C# to Native?

Another option would be using an obfuscator: https://en.wikipedia.org/wiki/List_of_obfuscators_for_.NET

blue
  • 79
  • 1
  • 11
1

First I loved Delphi. I still but I haven't used it for years.

Net is compiled into a "bytecode" (IL) and then to machine code. Most of the time, you deploy your "bytecode" (like in java) and Net compiles it into your user's optimized binary code when it runs. So, you give them your "IL" which is easy to "disassemble".

That said, you can pre-compile your code into machine code. Please check that:

https://msdn.microsoft.com/en-us/library/6t9t5wcf(v=vs.110).aspx

That may solve your issues.

Jorge Rojas
  • 485
  • 3
  • 10