<![CDATA[
<h2>Salamander .NET DeProtector</h2>
<p>
<P><FONT face="Arial" size="2"><FONT face=Arial size=2>Salamander .NET DeProtector is a sample program that can dump all .NET
assemblies that are loaded inside a process by the CLR engine. Whether the
assemblies are encrypted or not, by the time CLR executes them, they must be in
their original format, which is how protected assemblies can be decrypted. This
illustrates that whole assembly protection is not a good way to protect
intellectual properties. </FONT>
</P>
<P>
<P><FONT face=Arial size=2>Whole assembly protection utilizes a tool to
transform a .NET assembly to an encrypted format, and together with a native
loader embedded to create a native image. Since the assembly is now a native
image same as those compiled from visual c++ 6.0, it will not be recognized by
any .NET decompilers and .NET disassemblers, and thus achieve protection. On the
surface, it appears that a great deal of protection has been achieved, since
people can no longer see any class/method names, MSIL code, resources, etc. This
is why there are vendors that claim that their products protect everything.
However, all of such protections are not able to overcome this, namely, the .NET
Framework runtime only understands assemblies in specified .NET format. In other
words, by the time CLR engine is executing, the protected assembly must somehow
recover to its original format with all protection and encryption removed. If at
this moment, they are dumped out from the address space, then the protection is
perfectly defeated. Since .NET Framework is an open standard, they are many ways
to get into its runtime address space. Therefore, it's very easy to undo whole
assembly protection.</FONT></P>
<p>
This page requires the use of Netscape Navigator 3.0, Internet Explorer 3.0 or
better.
]]>