Here's one idea: you could have a server hosted by your company that all instances of your software need to connect to. Simply having them connect and verify a registration key is not sufficient -- they'll just remove the check. In addition to the key check, you need to also have the server perform some vital task that the client can't perform itself, so it's impossible to remove. This of course would probably mean a lot of heavy processing on the part of your server, but it would make your software difficult to steal, and assuming you have a good key scheme (check ownership, etc), the keys will also be difficult to steal. This is probably more invasive than you want, since it will require your users to be connected to the internet to use your software.

我认为这个话题主要有两个方面。

A) .NET只是反向工程而不是原生的吗?

B)我们是什么类型的程序员?

标题: 保护.NET代码不受逆向工程的影响

我的观点:

Least preference to make commercial application in .NET, because it will expose even your comments on the built binary after decompile. (I don't know what is the logic to include the comments also with binary) So any one can just decompile it, rename/modify/change the look and resell the application in 24 hours. In native application rename/modify/change of look is not possible as easy as one could do in .NET Worried part in .NET is that you could get the whole project with solution from a single binary exe/dll.

想象一下现在的安全状况有多糟糕。 因此，即使是外行也可以轻松地对. net应用程序进行逆向工程。

如果它是本地应用程序，如c++ /VB6/Delphi，只有知道ASM的专家破解者才能修补exe，而不是像。net那样100%逆向工程。

但是现在整个世界都在使用。net，因为用它的高级特性和库很容易做项目。

好消息是，微软似乎在2020年支持。net的本地输出，这将使像我这样的程序员考虑将。net c#作为主要语言。

https://www.codeproject.com/Articles/5262251/Generate-Native-Executable-from-NET-Core-3-1-Proje?msg=5755590#xx5755590xx

客户端上运行的任何东西都可以被反编译和破解。混淆只会让它更难。我不了解你的应用程序，但99%的情况下，我认为不值得这么做。

看起来永远是本地的，现在不需要在混淆器; 看起来像网芯RT可行的解决方案;很快所有的应用程序都将使用。net core;https://www.codeproject.com/Articles/5262251/Generate-Native-Executable-from-NET-Core-3-1-Proje?msg=5753507 xx5753507xx https://learn.microsoft.com/en-us/archive/msdn-magazine/2018/november/net-core-publishing-options-with-net-core

没有测试过，也许用旧的win .net SDK可能做类似的事情。

我也做了一些关于黑客安全的考虑，在我的设计中，我想添加他们，因为他们中的一些人似乎没有被提及:

我在我的应用程序中有一个脚本接口。为了确保，脚本只能调用(python)打算调用的方法-脚本i有一个scriptvisibilityattribute和System.Dynamic.DynamicMetaObjectProvider，它可以识别这些属性。

license使用公钥/私钥。

ViewModels需要被解锁，给解锁函数一个密码。

CoreRoutines可以在加密狗上实现。(周围有加密狗支持)

像包装这样的大解决方案并不是计划好的。

当然，这种脚本/viewModel方法并没有使我们不可能从代码中解锁和调用脚本不可见的函数，但它使这样做变得更加困难——就像所有与反黑客相关的工作一样。

. net Reflector只能打开“托管代码”，这基本上意味着“。NET代码”。所以你不能用它来分解COM DLL文件、原生c++、经典的Visual Basic 6.0代码等。编译后的。net代码的结构非常方便、可移植、可发现、可验证等。net Reflector利用了这一点，让你窥探已编译的程序集，但反编译器和反汇编器绝不是。net特有的，它们和编译器一样早就存在了。

您可以使用混淆器使代码更难阅读，但是您不能在不使. net无法读取的情况下完全阻止它被反编译。市面上有一些产品(通常价格昂贵)声称可以将托管代码应用程序“链接”到本地代码应用程序，但即使这些产品真的可以工作，有决心的人总能找到方法。

然而，当涉及到混淆时，一分钱一分货。因此，如果您的代码是如此专有，以至于您必须竭尽全力来保护它，那么您应该愿意在一个好的混淆器上投资。

However, in my 15 or so years of experience writing code I've realized that being over-protective of your source code is a waste of time and has little benefit. Just trying to read original source code without supporting documentation, comments, etc. can be very difficult to understand. Add to that the senseless variable names that decompilers come up with and the spaghetti code that modern obfuscators create - you probably don't have to worry too much about people stealing your intellectual property.