-1

I have provided a WPF app and changed solution configurations to "Release"

I got an .exe file from releasing. Is this secure to share? Can someone access the code of this exe file? I mean isn't there any app to convert an .exe file into code?

Please let me to know how could I protect it before sharing it.

7heViking
  • 7,137
  • 11
  • 50
  • 94
alihaghdoust9
  • 49
  • 6
  • You can decompile *any* assembly or executable which was compiled using a .NET-language. This has nothing to do with using release or debug-configuration. If you really want to avoid or at least make it difficult to achieve this, use an obfuscator. However what you really want to save is not your program, but your data, thus obfuscation is often not needed. – MakePeaceGreatAgain Aug 14 '17 at 06:02
  • @HimBromBeere Thanks, can someone convert my .exe file to code or not ? – alihaghdoust9 Aug 14 '17 at 06:04
  • Yes, no way around this. You can only make it harder to *read* the converted code. – MakePeaceGreatAgain Aug 14 '17 at 06:05

2 Answers2

1

You can decompile any assembly or executable which was compiled using a .NET-language (the same applies to Java). This is because .NET-languages are compiled into the so-called common intermediate language, which isn´t actual machine code. Thus you can easily de-compile that file into code. Depending on the tool to be used for decompilation you have a good chance to decompile the code as if it was before compilation, which means you easily understand what the developer of the programmer wrote in the code.

But in many cases you won´t really care for this so much. First there aren´t many people around that actually would read that code, or have you ever read the javascript-code of a famous website, which is even directly human-readable? Even if there are some around that are interested in reading your code, most will have some hard work to understand it anyway on the fly. This assumes some long and hard work, which most developers won´t do. You can only make it harder to read that decompiled code using an obfuscator, that kind of encrpyts your code before the compilation-process making it hard to understand the code when the exe was built.

Consider this code:

var myVariable = "Some Text";
var anotherVariable = myVariable;
DoSomething(anotherVariable);

Quite self-explanatory code, isn´t it? Now consider the following which may be produced using DotFuscator e.g.:

var a="Some Text";var b=a;hksdshd(b);

Much harder to understand what this code does, isn´t it? Basically an obfuscator just replaces all identifiers in your code by some random characters making it quite hard to guess what their intended use or meaning is. Afterwards that encrypted code is compiled as any other code into an assembly or an executable. When then someone really decompiles your program all they get are those hard to read names and fragments.

Having said this it´s quite hard to really protect your app from being read by anyone, and in most cases this isn´t what you should care for too much. Usually what you want to protect is your data, e.g. the information being stored in a database.

You may also have a look at this question, which has some closer look on obfuscation-tools.

MakePeaceGreatAgain
  • 35,491
  • 6
  • 60
  • 111
0

It doesn't matter if you created your .exe file in Debug or Release mode - all executable files (.EXE) can be decompiled into code.

A decompiler is a computer program that takes an executable file as input, and attempts to create a high level, compilable source file that does the same thing. It is therefore the opposite of a compiler, which takes a source file and makes an executable. Decompilers are considered as important tool in the process of reverse engineering.

Once such popular tool is hiew which offers to break down any exe created in any language into its high-level code.

For binaries and EXE files created using the .NET framework, there are several tools, including this one, which makes decompilation very easy and accessable.

You can prevent decompilation using Obfuscation. several tools are available, such as secureteam.net and Dotfuscator.

Koby Douek
  • 16,156
  • 19
  • 74
  • 103
  • @HimBromBeere Thanks for your comment. I added a couple obfuscation of tools the OP can use. – Koby Douek Aug 14 '17 at 06:07
  • Btw.: Not all exe-files can be decompiled, only those that exist in some intermediate format such as MSIL. Even Java has some bytecode for this, however you can´t really decompile C-code, at least not in the way you achieve this for C#. – MakePeaceGreatAgain Aug 14 '17 at 06:08
  • Thanks, so it means when I share my application with users, It means I share my code with good developers ? :) :| – alihaghdoust9 Aug 14 '17 at 06:09
  • @alihaghdoust9 You can release your EXE to your users, but you can't be 100% one of them is a hacker or with intentions to abuse your code. But still, you can use the tools I provided in my answer to make the process nearly impossible. – Koby Douek Aug 14 '17 at 06:12
  • @HimBromBeere Thanks for the comment again, I come from a .NET world, I am reading what you mentioned right now. – Koby Douek Aug 14 '17 at 06:12