There are loads of profilers and static code analyzers out there for C# assemblies.
Just wonder if there are any methods to prevent being analyzed, because it does make me feel a bit nervous when being stripped.
I have searched all over the Internet and stackoverflow. There seems none for my wonder.
What I’ve got are only some even more scary titles like these (sorry, new user can’t post hyper links, please google them):
“Assembly Manipulation and C#/VB.NET Code Injection”
“How To Inject a Managed .NET Assembly (DLL) Into Another Process”
Is it just me being too worried or what?
BTW, with C#, we are building a new winform client for a bank’s customers to do online transactions. Should we not do this in the winform way or should we use some other language like Delphi, C++? Currently we have a winform client built with C++ Builder.
Just about any application can be “analysed and injected”. Some more than others. That’s why you NEVER TRUST USER INPUT. You fully validate your user’s requests on the server end, making sure you’re not vulnerable to buffer overruns, sql injection and other attack vectors.
Obfuscators can make .NET assemblies harder to analyze. Using a secure key to strong-name your assemblies can make it much harder to alter your code. But, like everything else in the digital world, somebody can exploit a vulnerability and get around whatever safeguards you put in place.