Xenocode. Run your applications instantly and reliably, anywhere.
Deploy your .NET app in a single, self-contained executable
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Xenocode Postbuild is the powerful, reliable, and easy-to-use code protection and deployment solution for .NET developers. Now in its fifth annual release, Postbuild is better than ever:

Learn More | Download Evaluation | Product Details | Documentation | Pricing | Purchase

Download Xenocode Virtual Appliance Studio  Download Xenocode Postbuild Evaluation Setup
(Select Open to run the Xenocode Postbuild Evaluation Setup Wizard)

Highlights

  • Protect your intellectual property
    Industry-leading .NET obfuscation, watermarking, and counter-analysis technology protect .NET-based code against unauthorized decompilation and duplication. See for yourself using the Xenocode Fox .NET decompiler.
     
  • Optimize application performance
    Reduce application size and complexity with executable/DLL linking, metadata reduction, dead code and metadata elimination, on-the-fly decompression, and dependency merging.

Virtualize filesystem and registry data
Filesystem and registry virtualization allow complex applications to execute with no host alterations, eliminating setup steps, administrative privilege requirements, and Vista UAC prompts.
  • Run .NET applications on any Windows PC
    Native x86 executable generation allows your .NET application to run anywhere, with or without the Framework. Embed application-specific .NET and DirectX dependencies. (Windows 9x and NT4 targets not supported.)

  • Save-to-MSI, diagnostic and splash modes
    Save output binaries directly into MSI packages. Create diagnostic-mode executables for fast problem resolution. Automatically generate splashes during application startup.
     
  • Support for the latest platforms
    The Xenocode engine has been updated to support the latest platforms and technologies, including Windows Vista and Windows side-by-side (SxS) deployments.

Screenshots

Projects and watermarking .NET obfuscation, including symbol renaming, control flow obfuscation, disassembly suppression, and string encryption Optimizations, including compression and pruning Virtualization options
.NET Framework runtime embedding Filesystem virtualization Registry virtualization Output options, including linking, digital signatures, and save-to-MSI

Pricing and Availability

Xenocode Postbuild licensing is based on a per-developer model. View Postbuild pricing and licensing details.

You are responsible for separately obtaining any licenses necessary to operate and deploy any third-party software installed on your virtual machine.

Owners of previous versions of Xenocode Postbuild within their maintenance period can access the latest upgrade by clicking the Login button. If the maintenance period has expired, the latest upgrade is available to previous users at a substantial discount. To view discount pricing, login and select Purchase Products from the My Account page.

Download

Click here to download a fully-functional 14-day evaluation version of Xenocode Postbuild 2007 Professional.

Should I use Virtual Application Studio or Postbuild?

For assistance in selecting the right product for your needs, please review our Product Selection Guide.

Learn more

Why do I need to obfuscate my .NET code?

Traditionally, software has been compiled and distributed as native code, sequences of instructions expressed in the language of a particular system’s underlying CPU. As a side effect of this low-level encoding, much of the information about a program’s original source form is lost. While it is feasible to infer the internal operation of a program by examining its compiled native code, doing so is a very time-consuming and technically difficult process and much of the information about the high-level design and structure of the original program source is irreversibly destroyed in the compilation process.

In contrast, code designed for the .NET Framework is compiled to an architecture-neutral language known as the common intermediate language, or IL. Furthermore, .NET code is self-describing; that is, .NET executables contain additional metadata which describes the types, methods, fields, and events on which the IL instructions operate. This higher-level encoding has many advantages over compiled native code, such as improved code reliability and robustness and enhanced interoperability between diverse languages, machines, and platforms. However, as a side effect of this encoding, much of the information about the original source form of the program is preserved. Specially designed programs, known as decompilers, can exploit this information and recover much of the original source code of a program from its compiled .NET executable.

In other words, if you release your .NET executable to the world as is, you are effectively releasing your source code along with it – intellectual property and trade secrets are exposed, hackers have a tour guide to assist them in exploiting security vulnerabilities and tampering with product features, and unsavory competitors may even rip-off chunks of your code for use in their own products.

Code obfuscation transforms your compiled .NET executable into a form which resists decompilation. While, as with native code, it is still theoretically feasible to infer the internal operation of an obfuscated executable, obfuscation makes this process much more time-consuming and difficult, and irreversibly destroys much of the high-level information about the original source form of your program. This transformation is done in a way which completely preserves the functionality of your product.

How does Xenocode Postbuild protect my product from decompilation?

Xenocode Postbuild uses a range of powerful obfuscation techniques to inhibit decompilation and other forms of reverse engineering:

  • Symbol renaming: Postbuild renames symbolic metadata, such as class, variable, and method names, into meaningless characters. This completely destroys the single most valuable resource available to a decompiler or a hacker studying your compiled executable.
     
  • Control flow obfuscation: Postbuild manipulates the program control flow within the IL itself, editing branch instructions generated by the compiler, inserting decoy branches, and re-ordering instruction sequences. This conceals the original structure of your control flow (for example, the layout of if, for, and while blocks) and confuses decompilers. In fact, in our experience, Postbuild’s control flow obfuscation is so confusing to decompilers that they simply crash or completely fail to produce a valid decompilation.
     
  • String encryption: A common technique used by hackers to identify critical pieces of code involves searching the executable for a known literal string, for example "Enter password", and then looking at the point in the code which references the string. Postbuild prevents identification of critical code locations in this manner by scrambling literal strings and injecting appropriate descrambling code whenever a scrambled string literal is referenced. This closes another door for the hacker.
     
  • Disassembly suppression: Postbuild applies counter-analysis technology to your assembly to prevent many decompilers and disassemblers (for instance, Microsoft's ILDASM) to be unable to process your binaries. This prevents hackers from using such tools to analyze and disassemble your code. Postbuild offers multiple suppression modes, depending on the security/compatibility trade-off required by your application.
     
  • Native code generation: While primarily intended as a deployment feature, use of native code generation provides an additional obstacle to decompilation by directly merging in Framework dependencies and converting managed executables into x86-based native executables.
     
  • Debug data stripping: Postbuild strips all CodeView debugging information and symbol references from your binary. This information, which may be inserted by your compiler to facilitate debugging, can also be exploited by hackers to assist in reverse engineering your code.

What optimizations does Xenocode Postbuild perform?

In addition to protecting your code through obfuscation, Xenocode Postbuild also helps to optimize your executable by eliminating dynamic links, identifying performance bottlenecks, and removing unused code:

  • Executable/DLL linking: Postbuild allows multi-executable projects to be combined into a single output executable, eliminating costs associated with dynamic linking. Redundant inter-assembly data are merged, reducing overall output size.
     
  • Metadata reduction:  During the course of obfuscation, Postbuild can reduce symbolic metadata to single characters, reducing space consumed by unnecessarily long (and hacker-visible) class and variable names.
     
  • Executable compression: Postbuild includes the ability to compress output executables, significantly reducing the file size of large applications. On-the-fly decompression code is embedded directly within the carrier executable, creating a completely transparent user experience.
     
  • Dead code elimination: Given a set of entry points (points in your executable where execution can initiate, such as your Main routine), Postbuild analyzes code dependencies and identifies methods which cannot be invoked. Once identified, implementations of these methods are removed from your executable. This is done in a manner which preserves the metadata associated with the dead methods.
     
  • Dead and duplicate literal elimination: Postbuild automatically removes unused literal strings from your executable. If used in conjunction with dead code elimination, this feature automatically identifies and removes literals which are only referenced by dead code. Additionally, Postbuild identifies and merges duplicate string literals and transparently makes all IL modifications necessary to preserve the code’s original functionality.

How does Xenocode Postbuild help me deploy my application?

Postbuild includes many unique features which reduce the complexity of testing and deploying complex .NET applications:

  • Executable/DLL linking: Postbuild’s single-assembly output mode allows multi-assembly projects to be combined into a single output assembly, allowing for "copy" deployment of multi-assembly .NET applications. Linking is fully integrated into the obfuscation and optimization pipeline – encryption settings are automatically propagated across linked assemblies and redundant inter-assembly data are merged, reducing output assembly sizes.
     
  • Native executable generation: Postbuild allows for the creation of a native x86 executable allowing your application to run, with or without a .NET Framework installed. Required portions of a third-party .NET Framework payload are automatically selected and embedded into the executable, dramatically reducing the complexity of application testing, deployment, and support. Xenocode Postbuild automatically identifies and statically binds a minimal set of Framework dependencies, reducing overall deployment size and eliminating dynamic link costs.
     
  • Filesystem and registry virtualization:  Postbuild allows filesystem and registry entries to be directly embedded within your executable.  Virtual machine files and registry keys are visible to the executing application without any modifications to the host device.  For instance, application data files and COM components can be made available to the application without requiring any separate setup or registration.  This also allows applications to emulate behavior of privileged applications under a non-privileged user account.
     
  • Code watermarking: Watermarking allows per-instance customization information, such as user names and registration codes, to be embedded into the visible text (for example, text in an About dialog or splash screen) as well as internal binary structures within your assembly. Watermarking can assist in tracking distribution of your product on a per-executable basis and deterring software licensing violations.

Learn more: Understanding Xenocode application virtualization technology

Is Postbuild easy to configure and use?

Postbuild has been carefully designed to minimize learning time, complexity, and configuration errors, without sacrificing power or flexibility:

  • Out-of-box experience: When an assembly is opened for processing, Postbuild automatically configures itself to settings appropriate for the most typical user scenarios. In many cases, typical projects will not require any additional configuration – Postbuild processing is a one-click process.
     
  • VS.NET and MSI integration:  Postbuild integrates directly with the Visual Studio .NET IDE, allowing automated post-processing as well as configuration via inline code attributes.  Postbuild can output binaries directly into MSI setup packages.
     
  • Intelligent symbol renaming: Postbuild analyzes symbol naming dependencies and automatically propagates renaming selections when necessary to be consistent with the rules of the .NET Framework. This simplifies configuration and prevents many potential errors. Postbuild also automatically identifies and suppresses invalid selections, such as renaming of IJW thunks, eliminating a large class of configuration pitfalls.
     
  • Intelligent entry point selection: When configuring dead code elimination, Postbuild can intelligently identify likely code entry points and automatically add these to the entry point list. This reduces the chance of entry point omission errors and, in many cases, completely eliminates the need for any further user configuration at all.
     
  • Presets for typical scenarios: Postbuild comes with several built-in "preset" configurations appropriate for common usage scenarios. All necessary configuration for these scenarios can be applied with a single click.

Can Xenocode Postbuild help protect my product from unauthorized distribution?

Yes. Xenocode Postbuild allows you to insert digital watermarks into your application executable. Watermarking allows per-instance customization information, such as user names and registration codes, to be embedded into the visible text (for example, text in an About dialog or splash screen) as well as internal binary structures within your application. Watermarking can assist in tracking distribution of your product on a per-executable basis.

Can Xenocode Postbuild be incorporated into my build process?

Yes. Postbuild allows you to configure your project settings with its easy-to-use graphical interface and then save these settings into an XML file. Postbuild processing can then be run from the command-line with the configuration file as an argument (for example, as a step within an automated build process). Project settings may also be specified using .NET code attributes within your application’s source code.

The XML configuration file format is easy to understand and manipulate. If it is more convenient for your application, you can create and edit configuration files manually or programmatically and drive Postbuild via XML.

Postbuild also provides support for automatic processing directly within Visual Studio environment.

 
© 2008 Xenocode