Tech Off Thread

18 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Lutz Roeder's .NET Reflector, most useful thing ever. Discuss.

Back to Forum: Tech Off
  • User profile image
    J2K


    Reflector is so useful in the kind of stuff I do with dotnet - I don't know how popular it is out in the community however...do you guys use it?

    Another great tool from Lutz is the 'Regulator' which as it's name suggests is all about assisting with RegEx.

    Lutz Roeder: another of my heroes.

  • User profile image
    Sven Groot

    Agreed whole heartedly. I don't know what I'd do without Reflector. Okay, I'd probably use ildasm, but Reflector is better. Tongue Out

    But if I'm allowed one tiny nit: this post would be better suited to the Coffeehouse.

  • User profile image
    Yggdrasil

    J2K wrote:
    
    Reflector is so useful in the kind of stuff I do with dotnet - I don't know how popular it is out in the community however...do you guys use it?

    Another great tool from Lutz is the 'Regulator' which as it's name suggests is all about assisting with RegEx.

    Lutz Roeder: another of my heroes.


    First of all - Regulator isn't by Lutz Roeder -  it's by Roy Osherove, who's generally a great guy and my personal agile/TDD guru when I have any questions.

    Secondly - Reflector does, indeed, rock the free world. It's come to the point where I fire up Reflector even before looking at the MSDN documentation. It's invaluable in understanding why things happen the way they do.

  • User profile image
    staceyw

    yep.  It has been around awhile.  Love it, use it.

  • User profile image
    TommyCarlier

    It's the most awesome developer tool I know and use. I even use it as a replacement for other stuff. Like documentation: I can usually find something faster in Reflector than I can in the Visual Studio documentation. Or I use Reflector on my own compiled code to find relationships between classes and methods.

  • User profile image
    cokert

    I was quite surprised when I started digging through the framework dlls.  They are in no way obfuscated.  So you can load them up in Reflector and start digging around in your favorite namespace and see exactly whats under the covers with its disassembler!

  • User profile image
    Andrew Webber FX

    Whole heartily agree,

    I needed to automate some of the functionality of mageui.exe onto a web server; reflector totally helped me out however I can’t help but feel less secure when writing .NET apps as I know every developer can just see all your security mechanisms. But i guess when an app is on a local box security is never really safe.
    (windbg rules: you are never safe Cool)

  • User profile image
    figuerres

    Yeah Reflector is a great tool.

    love it.


    and security is relative....

    and I'd rather have code you *CAN* verify and check

    get the trojans and other gunk out -- and be able to scan for back doors etc....


    than some "Ball of code" that no human can trace and may hide any kind of malware / keyloger etc....

  • User profile image
    DanWygant
  • User profile image
    Secret​Software

    I hate it, because it allowed script kiddies to read my human readable code.

    I might as well just give them the cs files and the compiler, and let them create zombie like applications that resemble mine and fool my customers or worse, use it to exploit my services.

    I had , as many of you know, in the  past, been vocal on this issue, and wanted MS to enable us to deliver encrypted MSIL to customers and then CLR would decrypt and run on demand with the JITTER.

    I am hopeful they will still implement this in the future. In the mean time I am going to implement my own cutom solution , which is to encrypt the MSIL, and use a C++ loader, that will decrypt the assemblies in memory and then run them.

    Crude but what can one do?

  • User profile image
    JohnAskew

    SecretSoftware wrote:
    I hate it, because it allowed script kiddies to read my human readable code.

    I might as well just give them the cs files and the compiler, and let them create zombie like applications that resemble mine and fool my customers or worse, use it to exploit my services.

    I had , as many of you know, in the  past, been vocal on this issue, and wanted MS to enable us to deliver encrypted MSIL to customers and then CLR would decrypt and run on demand with the JITTER.

    I am hopeful they will still implement this in the future. In the mean time I am going to implement my own cutom solution , which is to encrypt the MSIL, and use a C++ loader, that will decrypt the assemblies in memory and then run them.

    Crude but what can one do?


    Code obfuscators, got 5k?

    live.com search results for .NET code obfuscator

  • User profile image
    Ion Todirel

    and when will C9 Team go to interview the guy? Rory, Charles?

  • User profile image
    Ion Todirel

    SecretSoftware wrote:
    I hate it, because it allowed script kiddies to read my human readable code.

    I might as well just give them the cs files and the compiler, and let them create zombie like applications that resemble mine and fool my customers or worse, use it to exploit my services.

    I had , as many of you know, in the  past, been vocal on this issue, and wanted MS to enable us to deliver encrypted MSIL to customers and then CLR would decrypt and run on demand with the JITTER.

    I am hopeful they will still implement this in the future. In the mean time I am going to implement my own cutom solution , which is to encrypt the MSIL, and use a C++ loader, that will decrypt the assemblies in memory and then run them.

    Crude but what can one do?
    Your so called "issue" you had with this is just wrong. Everything is hackable, it's just a matter of time. OK that doesn't mean that allowing everyone to look at your code is OK. But you could sue them if they stole your code.

  • User profile image
    footballism

          The bunch of new features added into this little lovely tool are really awesome:P

          Now you can navigate the methods and classes which are annotated with comments, why we need MSDN documentation now:O

         Another great feature is showing the comments for the IL opcode in the tooltip, this feature is really a big time saver, because I ain't need to open documentation or IL spec to find the meaning and usage of a particular opcode.
         ++ for Lutz, you guy rocks;)


    Sheva

  • User profile image
    Minh

    I'd just read the Reflector post on Scott Hanselman's site about plugins. Who knew you could debug a straight-up assembly?


    CodeMetrics.png
    CodeMetrics : Analyses .NET assemblies and shows design quality metrics. Download
    Review.png
    Review : Allows editing and managing annotations during code reviews. Download
    Diff.png
    Diff : This add-in shows differences between two versions of the same assembly. Download
    FileDisassembler.png
    FileDisassembler : This add-in can be used to dump the disassembler output to files for any Reflector supported language.
    SQL2005Browser.png
    SQL2005Browser : This add-in allows to browse .NET assemblies stored in SQL Server 2005 databases.
    FileGenerator.png
    FileGenerator : This add-in can be used to dump the disassembler output to files for any Reflector supported language.
    Deblector.png
    Deblector : This add-in allows to debug processes from within Reflector.
    Doubler.png
    Doubler : A code generator for unit tests, stubs and wrappers.
    Graph.png
    Graph : This add-in draws assembly dependency graphs and IL graphs. Please read the install instructions here .
    DependencyStructureMatrix.png
    DependencyStructureMatrix : Allows you to create and browser dependency structure matrices.
    CodeSearch.png
    CodeSearch : This add-in allows searching for strings and regular expressions in disassembled code. Download
    SequenceViz.png
    SequenceViz : This add-in draws sequence diagrams.
    PowerShellLanguage.png
    PowerShellLanguage : Renders output as Windows PowerShell script.
    DelphiLanguage.png
    DelphiLanguage : The Delphi view that is used inside .NET Reflector provided as a language add-in.
    CppCliLanguage.png
    CppCliLanguage : This add-in extends Reflector with a C++/CLI language rendering module.
    Hawkeye.png
    Hawkeye : A tool that allows you to debug the UI tree of Windows Forms applications.
    ClassView.png
    ClassView : Shows class definitions as plain text with color coding.

    CodeModelViewer.png
    CodeModelViewer : This add-in shows the underlying code model objects for selected items.

    Diff.png
    Diff
    : This add-in shows differences between two versions of the same assembly. Download
    ComLoader.png
    ComLoader : Lists COM components for browsing and converts them into managed interop assemblies. Download
    TestDriven.png
    TestDriven.net : This Visual Studio add-in can navigate to any code element inside Reflector with a single click.
    BizTalkDisassembler.png
    BizTalkDisassembler : Allows you to list all BizTalk artifacts contained in an assembly and extract them. Download
    ComLoader.png
    ComLoader : Lists COM components for browsing and converts them into managed interop assemblies. Download
    AutoDiagrammer.png
    AutoDiagrammer : This add-in draws class diagrams.

  • User profile image
    ben2004uk

    SecretSoftware wrote:
    I hate it, because it allowed script kiddies to read my human readable code.

    I might as well just give them the cs files and the compiler, and let them create zombie like applications that resemble mine and fool my customers or worse, use it to exploit my services.

    I had , as many of you know, in the  past, been vocal on this issue, and wanted MS to enable us to deliver encrypted MSIL to customers and then CLR would decrypt and run on demand with the JITTER.

    I am hopeful they will still implement this in the future. In the mean time I am going to implement my own cutom solution , which is to encrypt the MSIL, and use a C++ loader, that will decrypt the assemblies in memory and then run them.

    Crude but what can one do?


    Instead, maybe you should just reading writing secure code by M. Howard - it is a much better use of your time. 

    One possible flaw with your plan - the assembly will be in memory unencrypted, so why couldn't I just attach a debugger to it to see what is happening and possible 'security weaknesses' in your code?  Or maybe reflect on your inmemory appdomain? Or host your application within my own appdomain to gain access to it.

    Plus if you have a bad coding standard then I wouldn't even need to view the code as I could do it all via the UI - ie....Web Apps?

    Any btw, how do you think intellisense works...

  • User profile image
    Massif

    See, now I feel like I've missed something.

    I heard about reflector way back when I was allowed to write .NET code (sulking about having to write C++ cross-platform code at the moment.) but never used it. I usually prefer to read english descriptions of what something does than try to understand code.

    But now I get the impression I may be wrong about that, ah well... I shall have a look and see.

  • User profile image
    ben2004uk

    DanWygant wrote:


    Obfuscation can be bypassed/reversed if you have the time/will. I think there is even tools for it now...

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.