tags:

views:

846

answers:

12
+7  Q: 

Is reflection reverse engineering?

You can find out a great deal about the internals of an application through reflection, it's exposed by the .NET BCL (base class library) and it makes it trivial to retrieve actual IL for any .NET method.

Reverse engineering on Wikipedia:

Reverse engineering is the process of discovering the technological principles of a device, object or system through analysis of its structure, function and operation.

Reflection would certainly satisfy as analysis of structure. But where do you draw the line between introspection and actual reverse engineering? And from a legal standpoint, is reflection reverse engineering?

A: 

No. With reflection, you're typically just talking about a different way of invoking methods, or possibly looking at method attributes.

By way of contrast, I expect the product of reverse engineering to produce source code that I can look at to understand the author's algorithms and ideas, which is typically what they're trying to protect.

Don Branson  2009-03-11 13:50:12
+7  A: 

The border between the two does seem blurred. Ethically I would draw the line in the programmer's motivation.

If he is using reflection to build a library, tool or similar software that is supposed to interact with any 3rd party code that satisfies certain criteria, I would not see it as reverse engineering.

For example, I was recently writing a generic base class for Linq2SQL data layers. The base class uses reflection to gain insight into the database layout and properly handle updates of nested business entities. If someone else uses my bases class for his web application, I would not gain any knowledge about the his source code. This usage of reflection is certainly no reverse engineering.

If, on the other hand, the programmer is trying to understand the inner workings by a competitor's software using reflection, he is reverse engineering it.

Adrian Grigore  2009-03-11 13:51:36
Thank you Adrian, clearly reflection is tool to be used for many things not reverse engineering. If you aim to achieve explicit details about a competitors software, reflection certainly helps with that.
John Leidegren  2009-03-12 06:49:15
+5  A: 

One must call into question the definition of Reverse Engineering when the ability to easily decompile the language is a part of the language ala Reflection.

With a tool like .NET Reflector I feel like the lines really start to blur!

Using an example from SO itself, they recently de-obfuscated the source code for their WMD Editor. I would argue that this defines Reverse Engineering more so than Reflection does.

Gavin Miller  2009-03-11 13:52:17
Have you tried the export plug-in for Reflector? I've used it to save projects from which I've lost the source code. It works almost flawlessly.
John Leidegren  2009-03-12 06:38:55
A: 

Legal questions must be asked of lawyers. Lawyers charge money. Not hiring lawyers can cost even more money if you get sued for not asking a lawyer.

Best bet: don't need to ask. Microsoft has already released source for a lot of .NET. See http://www.microsoft.com/resources/sharedsource/default.mspx.

John Saunders  2009-03-11 13:52:54
A: 

Reflection in many languages like .NET and Java are patches for poor syntaxes that doesn't allow you to interact freely with Objects.

In really Object Oriented languages like Smalltak or Self, you hardly ever need reflection and, if needed, it's by far more powerful than those offered by .NET and Java.

Having said that, I do believe reflection is reverse engineering, considering RE is more like understanding code to do something with it rather than breaking other's protections.

I'm currently working a lot with Drupal (PHP-based), which uses ugly things like concatenating module's names to predefined hook names to find if that function exists, so it can be called later (e.g. module_hook_name).

It's very handy, but I believe in real OO languages that can be avoided by sub-classing an abstract class that can answer any message and subclasses could override that.

Reflection should not be used except for extreme circumstances, which is where you can see flaws of programming languages.

Seb  2009-03-11 13:53:21
Tendentious answer. Reflection carries a cost (in CPU time, in memory, in language complexity): in Smalltalk or Self you just aren't aware of it. Besides, you don't seem to understand what reflection metadata is used for, as your subclassing comment indicates.
Pontus Gagge  2009-03-11 14:22:13
I do understand; I'd rather say you didn't understand my point: reflection is a poor patch for doing things you should be able to do with a good language. My subclassing comment was just an example.
Seb  2009-03-11 14:32:11
A: 

It all depends on the extent you take reflection. If you use a tool like Reflector, or code up something like that yourself, then that would be reverse engineering as you are actually getting to the source code.

Reflection can be used to invoke methods or look at attributes as Don said, but it can also be used to analyze the structure of an assembly and even peek inside to the underlying MSIL code. So one use of reflection might be innocent, and one would be reverse engineering.

Chris Hynes  2009-03-11 13:53:33
+2  A: 

Reflection is a tool that can be used for many things, including reverse engineering of code. Reflection can be used for many other purposes too, implementing dynamic languages is much easier thanks to reflection for example.

Reflection alone is also not enough for reverse engineering. You can find information on program structure that way but you still need to decompile the code. Tools like reflector do add this functionality.

Mendelt  2009-03-11 13:56:05
+2  A: 

Actually, it's the direct opposite of reverse engineering.

Properly, "reverse engineering" is to look at the results of a process, and work backward, to determine how it got there. Generally, it's done without any knowledge of the original code and generally yields a very different process.

Despite scary threats by copyright holders, it's perfectly legal.

"Disassembly" (aka "Reflection") is just the action of reading bytes on your hard disk, and assigning meaning to them. This is precisely what the CPU does when it runs the code. Here, we are just making it human readable. Again, despite scary threats by copyright holders, it's perfectly legal.

Selling someone else's code (or using it yourself) in a way which avoids the copyright holder from profiting from his work, is illegal, but we're not talking about that here.

James Curran  2009-03-11 14:03:21
Reflection certainly helps, I would not say that it's the exact opposite but it's unrelated to understanding X86 assembly.
John Leidegren  2009-03-12 06:42:34
"Despite scary threats by copyright holders, it's perfectly legal." - Now as a non-American I've heard of the American DMCA which I understand makes that illegal? The key example I remember was a guy who reverse engineered the nVidia driver for Mandrivia (then Mandrake) could not enter America as he would've been arrested under it? Am I misunderstanding the DMCA?
Robert MacLean  2009-09-03 12:44:03
Well no, Reflection (http://en.wikipedia.org/wiki/Reflection_%28computer_science%29) is more than simply disassembly.
MaD70  2009-10-17 04:31:43
+2  A: 

I would say Reflection is merely a tool. The use of reflection doesn't necessarily mean reverse engineering.

For example, if you use reflection to discover the signatures of all the public and protected methods in an assembly that wouldn't mean reverse engineering.

As for a legal standpoint, I suggest you have to look at the law you are worried about to find the definition of reverse engineering.

ninj  2009-03-11 14:05:53
+2  A: 

Reflection is just a tool to read information from an assembly, so that by itself is not reverse engineering.

If you then use this information to find out how the assembly was created, for example using .NET reflector to produce readable source code that could generate the same IL code, that is reverse engineering.

Guffa  2009-03-11 15:01:32
+2  A: 

I think you are talking about two different things here:

  • Reflection is a technique, that can be used for reverse engineering (among other things).
  • Reverse engineering is an action that can, but not necessarily must, use reflection for achieving its goals.

From a legal point of view, it depends on your goal, if you are using reflection for the purpose of reverse engineering.

Of course IANAL, but I believe that reverse engineering is not illegal by itself. It can become an illegal activity by proxy, i.e. through violation of copyrights etc.

Treb  2009-03-11 15:03:45
A: 

Reflection is a general computer science term that was in use decades before the introduction of Microsoft .Net framework (than SUN JVM). The idea was not aimed to reverse engineering application. That in specific contexts it can be used for this purpose is just accidental. As others have written, reflection is a "tool".

MaD70  2009-10-17 04:47:05

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?