DeployLX Software Protection System

Runtime Protection

Once you've protected your assembly and released it to your customer how can you be certain that it will remain protected? Obfuscation only tools offer no protection from later modification or memory and reflection attacks. When Code Encryption is used to protect your assembly, CodeVeil will continue to protect your application from modification or disassembly. This topic discusses some of the efforts CodeVeil takes to continue protection at runtime.

During the encryption phase of the veiling process, CodeVeil will add a native 32-bit loader to your assembly. The Runtime Executive takes over portions of the .NET runtime to decrypt your codeonly when it is needed and then destroys it. During this process and continually during execution the executive provides the following additional protections.



When your assembly is first loaded the executive uses the encrypted version of your assembly as a decryption key to decode key portions of itself. Any unauthorized modifications to the assembly will corrupt this process preventing the assembly from loading properly.

When Verify assembly strong names is selected, the runtime executive will check the strong name signatures of the protected assemblies and any third party assemblies referenced by the application even if strong name verificiation is disabled on the machine.


The runtime executive injects additional instructions that will wreak havoc on debuggers that attempt to attach to a veiled process and perform any debugging operations. CodeVeil uses many different anti-debugging techniques - some well known, others designed by XHEO - so that overcoming one block does not expose other portions of the code.

Component developers should carefully consider the use of this option. When used developers using the components will not be able to debug even their own code.


Anti-Reflection techniques are applied when the assembly is veiled. This junk meta-data will crash or severely impair a .NET disassembly tool such as Reflector and ILDASM from accessing the good meta-data.


Tracing is a debugging technique used to map execution paths and is used to isolate code involved in performing specific operations. The Anti-Debugging features will prevent tracing of the execution path of the assembly. CodeVeil adds additional code that will execute alternate instruction paths when traced so that the true execution path is not revealed.


One common technique for disassembly encrypted applications is to run the application, then save the in-memory version of the application to disk. The dumped version can then be modified by the hacker and then reloaded in its decrypted state.

The runtime executive decrypts only those portions of the code required for the immediate execution of the code and injects it directly into the .NET runtime memory structures. The decrypted version of the assembly is never available in memory.


The .NET runtime has special points of entry for profilers that allow them to see and modify assemblies at runtime. The runtime executive will prevent the process from loading the veiled assembly and eliminate the threat.


Prevents third parties from building applications using assemblies from your project. Attempts to compile against a protected assembly will crash the .NET compilers.

See Also