I'm trying to create a piece of software that allows the user to login and stream a byte[] of a dll to be used for injection. For example
public static byte[] getDLL()
{
using (WebClient wc = new WebClient())
{
Uri url = new Uri("http://mysite/dll.dll");
return wc.DownloadData(url);
}
}
I successfully managed to make this in C# using visual studio. However you can easily decompile the program and make it create the dll at a specific location on your computer therefore leaking it. And there's pretty much no way that I can prevent this.
Would I be better of using a language that's harder to decompile like say C++ or C for example or am I just going to run into the same problem what ever language I use? And is it really worth the effort.
I'm not very clear about the first paragraph of your question.But here is some idea for you.
Simply De-compiling is not an issue, if outsiders cant use generated code to hijack your assembly.
As my understanding there are plenty of tools to "reasonable de-compile" or browse the .NET assemblies content. If you use C++ or C, there are de-compilers, The source code are generated by them are not accurate and need lot of manual works.
Secondly if you used native language such as C or C++ those has plenty of vulnerabilities. you have to use all the good practices to avoid injecting kind of issues. https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=637
There are tools for avoid de-compilation. you can google Obfuscator. some famous are Dotfuscator, Secure Team.
And also you can think about the project architecture changes. such as including DLL code in to the main EXE etc...
Also you can use key generation mechanism to verify the DLL. Just after loading the DLL exe call common function in the DLL and get the one time key and verify.