Generating Native Images outside the Cache

Question

I would like to use NGEN.EXE in order to generate native images of my assemblies before I create my installer. I am hoping this will keep my binaries Reflector-proof. Am I correct about this?

I have just come to understand that all native images are now being stored in the Native Image Cache. Is there a way to get native binaries which I can then package with an installer? On the other hand, is it possible to get rid of the original assemblies after generating the native images?

EDIT: I am using an application which uses a hard-coded key for encryption when talking to a server. With .NET, it becomes ridiculously easy for folks to lay their hands on the key.

Answer 1

I can see several problems with what you trying to achive.

1) As has been mentioned by @Mehrdad the assembly is still required for metadata, even if a native image exists.
2) A native image is only valid on the machine it was compiled on. The JIT compiler does optimisations that normally cannot be done because it knows EXACTLY what hardware the code will need to run on.
3) Even a native image can be de-compiled. It is just slightly easier to take appart a managed dll.

Do you mind telling us why do you want to hide your source code?

EDIT: Judging by how quickly each new version of WGA gets hacked, i suspect, if your software is remotely useful, someone will have the key out and on the internet (or p2p or whatever) within hours of each new version of your software, and they are going to be the people that are quite happy to disassemble a native image. Or maybe just read the machine code :)
My personal approch would be to make sure your application works well and is fairly priced. The honest people will not steal it, the dishonest will find a way regardless of what you do. Ultimatly if they have your application to run there is nothing you can do to completly control what they do with it, although you can make it slightly harder for them to use reflector by using an obfuscator first, but in the end its just like real life really, locks only keep out honest people.

Of course, if you can move some important part of your applications functionality out of the client and into a web service then you stand more chance. You can create accounts with usernames and passwords for clients, the application requests this when it is run and uses it to authenticate to the web service. If their use of this application has expired then the web service refuses their request.

Answer 2

This is very much not supported by NGEN and the .net framework, but there are 3rd party tools that can do this, google for ".net linker".

I recommend not doing it, MS have valid reasons for not supporting this.