Given a C#.NET assembly, what information can you get?

In addition to using their server, I also use their program which
loads my .dll each time I run it from my machine. That's why I think
they can get the content of it.

Do you have any evidence that that program transmits the data anywhere?
If not, it's hard to see how they could get your code.
>

Curious wrote:>
In that case, you need to either trust them with the code (because you
think they're not an adversary; because its not in their interest to
attack you; because you'll go to court and win lots of money; because
they're not clever enough to reverse engineer your code, etc...) or don't
give them the code.
>>
If you're just connecting to their database server, they shouldn't be able
to see your code.
>>
It's trivial to reverse engineer any realistic class. Lets take something
kind-of-like System.Drawing. Color as an example (simply because it's
self-contained).
>
This is 'obfuscated' code I've written manually and does not represent any
particular product:
>
namespace System.Drawing
{
public struct Color
{
public byte R{get;private set;}
public byte G{get;private set;}
public byte B{get;private set;}
>
public static Color Black = FromArgb(0,0,0) ;
public static Color White = FromArgb(0,0,0) ;
public static Color FromArgb(int a, int b, int c)
{
A(a, "red");
A(b, "green");
A(c, "blue");
return new Color(){R = a, G = b, B = c};
}
private static void A(int a, string b)
{
if(a < 0 || a 255)
{
throw new ArgumentExcepti on(b + " value is out of range");
}
}
}
}
>
I've removed all non-public names, and thrown away as much information as
I can while still maintaining the same interface. It's still easy to
understand.
>
There are a few more silly tricks. For example, we could make 3 functions
that evaluate to "red", "green" and "blue" so we don't have to put those
literals in the code, but anybody with a debugger is just going to put a
watch on the result of those functions and see what the result is. Another
silly trick is to change all variables to have the same or similar names
(because this is supposedly harder to read - you can write a tool to parse
the code and change them back to a,b,c,... in less than 2 minutes with
Mono Cecil).
>
And for this 'security', you've lost the information from your stack trace
so it's not clear (if an exception were thrown) that the exception
happened in the CheckByte function (called A here). You've also probably
added some extra bugs from the obfuscation layer. Reflection doesn't
always work any more either, because you might have thrown away the name
of what you're looking for.
>
Alun Harford

>
I have no evidence that the program transmits data. But I talked to
someone there and asked if he could see my code. He said he was only
able to see the names of the methods in my assembly. I imagine that it
must be something similar to Reflector.
>
I vaguely recall that when I did training there, the instructor showed
us how to find out more about an assembly uploaded in that program.

Or like the famous words of somebody in past very active in the VB
language newsgroup.
>
I don't know it more exactly, but it was something in a thread with the
same discussion as this:
>
"I cannot even understand my own code after some days. It is obfuscated
directly".

Since people on this forum have been so helpful to me, I want to share
the name of the product so that I can get your valuable input.
>
However, it will hurt our partner relationship in case someone from
that company sees my post . They'll interprete that as distrust.

What does "decompile" mean? Does it reverse the assembly back to the
source code in C#.NET? Do you believe that Reflector can go that far?