How to protect dlls?

by

The short answer is that beyond the obvious things, there is not much you can do.

The obvious things that you might want to consider (roughly in order of increasing difficulty and decreasing plausibility) include:

  • Static link so there is no DLL to attack.
  • Strip all symbols.
  • Use a .DEF file and an import library to have only anonymous exports known only by their export ids.
  • Keep the DLL in a resource and expose it in the file system (under a suitably obscure name, perhaps even generated at run time) only when running.
  • Hide all real functions behind a factory method that exchanges a secret (better, proof of knowledge of a secret) for a table of function pointers to the real methods.
  • Use anti-debugging techniques borrowed from the malware world to prevent reverse engineering. (Note that this will likely get you false positives from AV tools.)

Regardless, a sufficiently determined user can still figure out ways to use it. A decent disassembler will quickly provide all the information needed.

Note that if your DLL is really a COM object, or worse yet a CLR Assembly, then there is a huge amount of runtime type information that you can’t strip off without breaking its intended use.

EDIT: Since you’ve retagged to imply that C# and .NET are the environment rather than a pure Win32 DLL written in C, then I really should revise the above to “You Can’t, But…”

There has been a market for obfuscation tools for a long time to deal with environments where delivery of compilable source is mandatory, but you don’t want to deliver useful source. There are C# products that play in that market, and it looks like at least one has chimed in.

Because loading an Assembly requires so much effort from the framework, it is likely that there are permission bits that exert some control for honest providers and consumers of Assemblies. I have not seen any discussion of the real security provided by these methods and simply don’t know how effective they are against a determined attack.

A lot is going to depend on your use case. If you merely want to prevent casual use, you can probably find a solution that works for you. If you want to protect valuable trade secrets from reverse engineering and reuse, you may not be so happy.

More Related Contents:

  1. Embedding DLLs in a compiled executable
  2. System.MissingMethodException: Method not found?
  3. using a class defined in a c++ dll in c# code
  4. std::string in C#?
  5. Embedding assemblies inside another assembly
  6. A Simple C# DLL – how do I call it from Excel, Access, VBA, VB6?
  7. Embedding one dll inside another as an embedded resource and then calling it from my code
  8. Dependent DLL is not getting copied to the build output folder in Visual Studio
  9. How to use Microsoft.Office.Interop.Excel on a machine without installed MS Office?
  10. How to call C++ DLL in C#
  11. Using C# dll in C++ code
  12. How to load Assembly at runtime and create class instance?
  13. Embedding DLLs in a compiled executable
  14. Creating simple c++.net wrapper. Step-by-step
  15. How to get the location of the DLL currently executing?
  16. C# DllImport with C++ boolean function not returning correctly
  17. InvalidProgramException / Common Language Runtime detected an invalid program
  18. Where to find “Microsoft.VisualStudio.TestTools.UnitTesting” missing dll?
  19. Can you call a C# DLL from a C DLL?
  20. C# call C++ DLL passing pointer-to-pointer argument
  21. Visual Studio 2010 Compiling with the Debug or Release version of third party library depending on if my project is being compiled Build or Release?
  22. Returning a string from a C# DLL with Unmanaged Exports to Inno Setup script
  23. Compile C#.net dll for VB6
  24. Using DLLs in VBScript
  25. Could not load file or assembly ‘System.ValueTuple’
  26. How to decompile a .dll file created in VS.net
  27. Visual Studio C# – SQLite.Interop.dll not found
  28. Target 32 Bit or 64 Bit native DLL depending on environment
  29. Calling a Delphi DLL from a C# .NET application
  30. SSIS Script Task cant find reference to assembly

Leave a Comment