Back to article

.NET TIP: Using .NET Reflector

July 16, 2008

Code written in a .NET language like C# is referred to as managed code. That is, it is not compiled into machine-specific instructions. Instead, .NET compiles into MSIL (Microsoft intermediate language). MSIL is a machine-independent instruction set that is compiled at runtime by the .NET CLR (common language runtime). A similar sequence of events takes place in the Java world, within the JVM (Java Virtual Machine). This extra compilation step is the key to .NET's success. Code executes in a protected sandbox, the managed environment of the CLR. It can provide greater security, stability, and it can run on any piece of hardware that the CLR supports, which may someday include non-Microsoft platforms. With executable programs produced by traditional languages, it can be very difficult to analyze the original source code. This can be a good thing when it comes to code protection, but being able to view source can be of tremendous value; for example, when it becomes necessary to analyze logic in a .dll whose source code has been lost. The Lutz .NET Reflector application provides .NET developers an easy way to analyze .NET assemblies.

To demonstrate the .NET Reflector, I have created a simple console application in C#:

using System;
using System.Collections.Generic;
using System.Text;

namespace SimpleConsle
   class Program
      static void Main(string[] args)
            Console.WriteLine("Enter a number please:");
            int localIntVariable = int.Parse(Console.ReadLine());
            Console.WriteLine("You entered the number {0}:",

            StringBuilder sb = new StringBuilder();

            for (int i = 0; i <= localIntVariable; i++)

         catch (Exception myOnlyExceptionVariable)
            Console.WriteLine("Exception occurred. Did you enter
               a valid number? Please try again.");
            Console.WriteLine("Press any key to exit this

A trivial example, to be sure. But, imagine if you were dealing with more complex logic in an assembly and it was not behaving as expected. You might like to dig deeper into the source to investigate. If this were written in a language such as C, it would be nearly impossible to re-create with any accuracy. There are many software companies out there that charge enormous amounts of money to help companies re-create this type of code when source code has gone AWOL. When working with .NET languages, you simply can load the assembly into the .NET Reflector tool. From there, you can learn everything there is to know about the classes, methods, and properties of those classes, and, as mentioned, even the source code (if not an exact match for the original source, something close to it).

Click here for a larger image.

When discussing a tool of this nature, it would be prudent to point out that although it can be an invaluable educational resource, it can be used with ill intent. There is nothing to stop a developer from taking another individual's unprotected .dll, perhaps even a commercial .dll with sensitive information, and disassembling it. There are several obfuscators on the market that can be used to make it significantly harder to access .NET source code. Just recently, Microsoft has released a Software Licensing and Protection Services that helps developers protect intellectual property by using permutations to lock and unlock .NET .dlls. All things considered, I think you will find that, when used properly, this tool is very useful for .NET developers.

About the Author

Michael Klaene is a Principal Consultant at Sogeti USA. With over 11 years of IT experience, he is focused on helping clients implement enterprise solutions with J2EE and .NET technologies.

Sitemap | Contact Us

Thanks for your registration, follow us on our social networks to keep up-to-date