Is it possible to 'strip' a .NET DLL?

Question

I built a simple demo application in C# using a modular approach so it consists of one executable and a couple of DLLs. Suppose I put it in a zip file and hand it over to somebody, with the sole purpose they can try out the demo application simply by extracting the file and doubleclicking the exe.

Now, to my understanding everybody that gets the application and the DLLs, can just add a reference to the DLLs in a Visual Studio project, and then start using whatever functions/classes they have as long as they are declared public. And hence, they can get access to a lot more than what I want them to access.

Is there a way to disable this, and get a system that is somehwat like with C++ DLLs (e.g. I can give anyone a lot of C++ DLLs and they'll have a rather hard time using the functions/classes in it if they do not have the header files)? Can I somehow strip the DLLs so that they are still usable by the exe, but do not expose references? Or are there attributes or so that I can use in the code that say "this class is usable only be DLLs/exes built by me"?

Answer 1

I think you can use Friend assemblies for that. You may also obfuscate internals of your dlls so it become really hard to do reverse engineering and decompile your assemblies. Tools like Dotfuscator will rename all function/variable names inside your compiled dll to something like a0002345 so reading it will be really exhaustive.

Please notice that none of methods gives you 100% protection as still it is possible to use .NET reflection routines to access and use your private and internal classes. However making stuff internal or private will stop majority developers using those classes. Use obfuscation to stop advanced engineers who tries to dig into your compiled sources. In theory protection is considered safe enough if decompiling effort is greater than effort for writing similar tool from scratch. If somebody can't read your dlls the one won't be able to know how to use it.

Answer 2

One possible solution is to leave public only the method that is supposed to be called from the executable. Everything else could be private or internal. You could also obfuscate the assembly. But remember that no matter what you do, there is always the possibility of using Reflection to invoke any method inside the assembly. Of course if it is obfuscated it will be a little harder but not impossible.

Answer 3

You could use the InternalsVisibleToAttribute and not make anything public, but...

You're mistaken if you think that anything stops someone from using non-public classes from your DLL. An application with full-trust can access private and internal content no problem, or they can decompile and rebuild the DLL with everything public.

People will suggest obfuscation, but that doesn't do much more.

You should read this answer (and question, but mostly answer): C#: How to Make it Harder for Hacker/Cracker to Get Around or Bypass the Licensing Check?

Answer 4

No, sorry, not.

You could do ilmerge followed by obfuscation (I'm not sure what tool) for something similar.