Does AOT still expose lots of .NET metadata? #124160
-
|
I think that fewer people are interested in AOT in order to make reverse engineering their program more difficult (prevent usage of dnSpy etc), and I just discovered this blog post: https://blog.washi.dev/posts/recovering-nativeaot-metadata/, which states that AOT exposes a lot of .NET metadata. Is this still the case, or has it been fixed? With AOT, you assume you have a fully-fledged native program and not necessarily a ReadyToRun mix. At least that's the impression given in the docs for people who don't necessarily know exactly what's behind it. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 5 replies
-
|
They are not "exposed". They are just present to organize the OOP type system to work.
This is a side effect and never a goal.
There's nothing to fix. AOT is not designed as an obfuscator.
The post is incorrect here. ReadyToRun was created from NativeAOT, although it went production earlier. The initial commit was dotnet/corert#5943 . Because of the same origin, NativeAOT and ReadyToRun shares some auxiliary data structures. |
Beta Was this translation helpful? Give feedback.
Such data exists for any type system present in runtime, including C++ vtable and RTTI information. Again, it's never a "leak". They are unavoidable to make things work.