Are C++/CLI apps more secure than C# apps?_问答_开发者

Are C++/CLI apps more secure than C# apps?

开发者 https://www.devze.com 2023-04-13 06:52 出处：网络

Is it true that the applications that are written in C++/CLI with /clr switch are more complicated for the crackers than C# applications? Does C++/CLI generate applications that are in general more co

相关专题：.net c++-cli

Is it true that the applications that are written in C++/CLI with /clr switch are more complicated for the crackers than C# applications? Does C++/CLI generate applications that are in general more compli开发者_如何学Pythoncated to disassembly and crack? I know that it is a matter of the way that you are doing to code, but I am asking about the general case of difficulty that faces crackers.

If you're mixing native and managed code, yes it's more difficult, because they would be required to know x86 assembly to read your code. Still doable, but more difficult than pure managed code.

If you're compiling only managed code (which you can do in C++/CLI), it's all compiled down to MSIL and can be disassembled easily with .Net Reflector. Managed code is all the same when its compiled, it's fairly easy to reconstruct C# code (or F#, etc..) from managed C++/CLI code that's been compiled down to its MSIL form.

You're better off obfuscating your code, if you want it to be more difficult to crack.

Dotfuscator Community Edition is included with VS2010. That will change certain class, method, field and property names to random characters. More robust features are included in pay editions of these kinds of software, where it would actually change the program's structure a bit to make it even more difficult to read. There are other techniques to prevent disassembly, but they're too many to list here.

Side Note

That doesn't necessarily make your code secure. Say, for example, you're trying to impose usage limits on an application you wrote. Maybe you use a file in an obscure place and/or a registry key to keep track of how many times the program was used. You want to prevent the program from being used more than 30 times before they buy it. I could open up Process Monitor, load your program, find the file and registry key you keep track of this information and reset it each time I want to bypass your limits. That didn't require any cracking whatsoever.

Your security is only as good as you make it, decompiling isn't everything.

It's entirely possible, but I would like to stress that "difficult to disassemble" does not equate to "secure".

No code that you deliver to a third party, in any form, should be considered "secure". It's all crackable, and there's nothing you can do about it, so you'd be better off adopting a business model that doesn't rely on it.

In fact C# should be a bit safer against buffer overflows, which can be used to inject assembler code to the stack.