Anti-ILDasm

Anti-ILDasm marks your .NET assemblies so they cannot be opened with ILDasm, the IL disassembler shipped with the .NET SDK.

  • .NET.NET
Start free
See it in ByteHide Shield
TL;DR

Anti-ILDasm adds an attribute to your .NET module that instructs ILDasm, Microsoft's IL disassembler, to refuse to open it. It is a lightweight first barrier against casual inspection of your assemblies, and it is most effective as one layer among stronger protections like control flow obfuscation.

Definition

What is anti-ILDasm?

ILDasm is the IL disassembler that ships with the .NET SDK. It takes any .NET assembly and produces a readable listing of its intermediate language, the instructions the runtime executes. Anyone with the SDK can point ILDasm at your .dll and start reading.

Anti-ILDasm is a protection that blocks this. It applies the SuppressIldasmAttribute to your module, an attribute ILDasm itself respects by refusing to open the assembly.

It is important to be precise about what this does. Anti-ILDasm stops ILDasm specifically. It is a first barrier against casual inspection, not a complete defense, and it should always be combined with real obfuscation.

Mechanism

How anti-ILDasm works

Anti-ILDasm works by adding the SuppressIldasmAttribute to the compiled module. When ILDasm opens an assembly, it checks for this attribute, and when it finds it, it refuses to disassemble the module.

  • SuppressIldasm attribute. The attribute is added at build time to your compiled assembly metadata.

  • ILDasm honours it. Microsoft's ILDasm checks for the attribute on open and refuses the disassembly request.

  • dnSpy and ILSpy ignore it. Advanced decompilers do not respect the attribute, so anti-ILDasm must be combined with real obfuscation.

  • Zero runtime cost. The attribute is metadata. It does not affect execution in any way.

This is why anti-ILDasm is a base layer. On its own it deters opportunistic inspection. Combined with name obfuscation, control flow obfuscation, and anti-debugging, it is part of a defense that holds against serious tools.

Example

Anti-ILDasm example

The same .NET assembly, opened with ILDasm. Anti-ILDasm changes whether ILDasm will read it at all.

Without anti-ILDasm

Anyone with the .NET SDK opens your assembly in ILDasm and reads its full IL listing, method by method.

With anti-ILDasm

ILDasm detects the SuppressIldasmAttribute on the module and refuses to open it.

Without anti-ILDasm
[assembly: AssemblyTitle("Acme.Payments")]

namespace Acme.Payments;

internal class PaymentProcessor
{
    public void Charge(decimal amount) { /* ... */ }
}
With anti-ILDasm
[assembly: AssemblyTitle("Acme.Payments")]

namespace Acme.Payments;

internal class PaymentProcessor
{
    public void Charge(decimal amount) { /* ... */ }
}

Use cases

When to use anti-ILDasm

Anti-ILDasm is worth applying to virtually every .NET application as a base layer, because it costs nothing and removes the easiest inspection path. Use it when your application:

  • Is a .NET assembly distributed to environments you don't control.
  • Should not be casually disassembled with default tooling.
  • Is already protected with obfuscation, anti-ILDasm completes the base layer.

It should never be your only protection. Pair it with name obfuscation and control flow obfuscation for real depth.

Platform availability

Anti-ILDasm and the .NET platform

  • .NET

    Exclusive. ILDasm is part of the .NET ecosystem, so anti-ILDasm applies only to .NET assemblies. On other platforms the equivalent goal, resisting disassembly, is served by different protections.

Related

Related Shield protections

Frequently asked questions

What is anti-ILDasm?
Anti-ILDasm is a .NET protection that adds the SuppressIldasmAttribute to an assembly, instructing Microsoft's ILDasm disassembler to refuse to open it. It blocks casual inspection of your intermediate language.
Does anti-ILDasm stop dnSpy or ILSpy?
No. Anti-ILDasm stops ILDasm specifically. Advanced decompilers like dnSpy and ILSpy ignore the attribute. This is why anti-ILDasm is a base layer, always combined with obfuscation that resists those tools.
Does anti-ILDasm affect performance?
No. It adds a single attribute to the module and has zero runtime cost.
Is anti-ILDasm enough to protect my .NET app?
No. On its own it only deters the default disassembler. Real protection comes from combining it with name obfuscation, control flow obfuscation, and anti-debugging.
Which platforms support anti-ILDasm?
Anti-ILDasm applies only to .NET, because ILDasm is a .NET tool. Other platforms resist disassembly through different Shield protections.
10,000+ developers and companies protect their applications with ByteHide

Protect your application with
ByteHide Shield

Anti-ILDasm is one of more than 20 protections in ByteHide Shield. Apply it to your .NET application alongside obfuscation for real depth.

Start free
Book a demo
ByteHide runtime dashboard showing live threat monitoring and protection metrics