How to prevent ILDASM from disassembling my .NET code


Long story short – you can use SuppressIldasmAttribute attribute. However, please note that it won’t prevent decompilers (such as .NET Reflector, ILSpy or JustDecompile) from reverse engineering your code.

Here are the details:

What is IL?

Intermediate Language (IL) is CPU-independent instructions and any managed (.NET) code is compiled into IL during compile time. This IL code then compiles into CPU-specific code during runtime, mostly by Just InTime (JIT) compiler.

What is ILDASM?

ILDASM is a tool installed by Visual Studio or .NET SDK and it takes a managed DLL or EXE and produces the IL code which is human readeble clear text.

How to get IL code from an assembly

For example, consider the following code:

using System;

using System.Text;

 

namespace HelloWorld

{

    class Program

    {

        static void Main(string[] args)

        {

            Console.WriteLine(“Hello world…”);

        }

    }

}

Put this code in a console project and build it, you will have an EXE file.

Then open a Visual Studio Command Prompt and type ILDASM and press enter.  ILDASM should be opened. Open the EXE file you build from the code above in the ILDASM. You should see something like below:

 

If you double click on Main : void(string[]) then you can get the IL code of the Main method:

 

So, how can I prevent ILDASM from disassembling an assembly?

.NET has an attribute called SuppressIldasmAttribute which prevents disassembling the code. For example, consider the following code:

using System;
using System.Text;
using System.Runtime.CompilerServices;
 
[assemblySuppressIldasmAttribute()]
namespace HelloWorld
{
    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Hello world...");
        }
    }
}

As you can see, there are just two differences:

1)      We have added System.Runtime.CompilerServices namespace decleration.

2)      We have added [assembly: SuppressIldasmAttribute()] attribute.

After building the application in Visual Studio, when we try to open the resulting EXE file in ILDASM, now we get the following message:

 

Does SuppressIldasmAttribute prevents my code to be decompiled using decompilers?

No. Decompilers are using System.Reflection namespaces and classes to decompile the code and It is not possible to secure your code using that attribute. Your only option is to use obfuscators to scramble your code although scrambling will only produce code which is more difficult to read and understand.

References

MSIL Disassembler (Ildasm.exe)
http://msdn.microsoft.com/en-us/library/f7dy01k1(v=VS.100).aspx

SuppressIldasmAttribute Class
http://msdn.microsoft.com/en-us/library/system.runtime.compilerservices.suppressildasmattribute(v=VS.100).aspx


AMB

Comments (3)

  1. anon says:

    so what?! reflector, ida-pro and lots of others don't care about it!

    don't waste your time.

  2. Admin says:

    anon, ida-pro and others know nothing about IL. So I think it worth some time at less to make some pain in the butt for hruckers 😉

  3. cw2k says:

    Hmm so what if the 'string "SuppressIldasm" in ildasm.exe somehow got slighly damaged by something like a Hexeditor?

    I mean things like this happens really quickly on some devel-opers machine.

    Compiling, decompiling, hunting & smashing nasty 'bugs' from .NET stuff.

    ;^)

Skip to main content