开发者

What is an .exe file stub?

开发者 https://www.devze.com 2023-04-01 18:39 出处:网络
I\'m learning how to obfuscate my assembly using .NET Reactor. One option is to "Generate a native x86 EXE file stub," which I do not understand its purpose. I import an assembly (e.g. an .e

I'm learning how to obfuscate my assembly using .NET Reactor.

One option is to "Generate a native x86 EXE file stub," which I do not understand its purpose. I import an assembly (e.g. an .exe file) and output an obfuscated .exe file, which is roughly the same size. If I checked "Generate native x86 file stub" the software outputs an .exe file which is much smaller in size (like the .exe is compressed...)

I don't understand what that means. And in the documentation:

.NET Reactor is able to generate a native x86 EXE file stub for your application. This way it is not possible to directly open your protected application in a decompiler. The decompiler recogni开发者_开发问答zes your protected application as a native EXE file.

Why do I want to generate an .exe from a file that is already an .exe?


Though your question was some time ago, I thought I'd share an answer:

Have you ever used a Tool like Reflector, ILSpy or dotPeek? Those tools can be used to generate the source from an managed assembly. If you use that native x86 stub, those tools should tell you "Cannot open unmanaged dll" (or something similar) - according to the developer.


All executable files have a single entry point (in C, it's the MAIN function).

For Dot Net applications, there is a standard code and file structure - to ensure that the corresponding framework is available - to locate different objects such as resources.

It is possible to analyze/uncompile such an application.

DOT NET REACTOR can replace the usual starting code with a proprietary code so that uncompilers think that its a native executable - not depending on DOT NET Framework and having proprietary file structure for different objects. So that they cannot even start to uncompile anything.

This feature is why I'm using Reactor. However early versions (< 4.7) have produced files that have been confused as virus or Trojans by AVAST.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号