Lets say my application contains some algoritms I whant to protect from observing and investigating by others. I’m considering option from Smart Assembly product to embed encrypted versions of my assemblies into main exe assembly resources. So without decryption reversengineer can not investigate code of those assemblies. In runtime SA transparently decrypt them into memory when needed.
So my question is: is it possible for reversengineer to dump IL of assemblies from memory of running applcation?
Why not use obfuscation? Well, my application is quite complex and all .NET obfuscators I have seen fail to process it properly.
Once you decrypt the IL and store it in memory to be executed, it could be retrieved by an interested third party. You can swim upstream and add additional layers of complexity onto your application, but in the end somebody willing to spend the time will be able to obtain your IL.
You have to weigh the cost of developing countermeasures versus the likelihood of someone expending the effort to glance at your algorithm’s IL (or JIT output). Perhaps a more robust commercial obfuscation engine is a value-add. Perhaps encryption and decryption of the IL is a value-add.
All I can say is a good rule of thumb for security: do not give access to that which you do not want other people to have.
If they must not have access to your algorithm, distribution of the executable is a non-starter: consider hosted solutions (e.g. Citrix, Virtual Desktops, etc).