As a new cross-language software development platform based on the Internet, *net was introduced by Microsoft in line with the trends of distributed computing, component oriented, enterprise-level applications, software-as-a-service and web-centered demands in the software industry. Although it is not a development language, the .net platform provides support for a number of development languages. Among others, the *net platform helps users interact with different smart devices via the web, while making sure that the interaction is controlled by users, instead of applications, which gives users a personalized and comprehensive experience by smart devices connected to XML web services. The smart devices are tools with a web function, such as a personal computer, a palm computer, and a smart phone. With software on these devices, the devices are capable of interacting with users, networks, information and other devices or services more smartly.
The compilation of a .net language includes two phases. Firstly, an advanced language is compiled into an intermediate language (namely, intermediate code) called IL, which is more similar to a machine language than the advanced language. However, the intermediate language contains some abstract concepts (e.g. classes, and exceptions). When compiling the advanced language for the first time, a compiler will save the compiled intermediate language to a .dll or .exe file before creating a stub function for each of methods of a class. The stub function calls a just-in-time (JIT) compiler and passes its address as an argument to the just-in-time compiler. The just-in-time compiler then obtains the intermediate language from the .dll or .exe file, compiles the intermediate language into a machine language, and replaces a temporary calling function with a machine language in memory. The stub function then calls the compiler and compiles itself into a native machine language. For example, the JIT compiler is a typical just-in-time compiler. The JIT compiler compiles a code segment before execution of the code segment. The compilation result is a native static machine code, e.g. a machine code of an x86 instruction program under runtime environment.
A so-called Virtual Machine (VM) can be imaged as a “machine” simulated by software, which has a processor, a memory, a register etc. for simulating execution of all instructions. There are no specific requirements for runtime environment for software executed on the “machine”. The VM is transparent to programs executed thereon. For example, an x86 VM simulates runtime environment of an x86 instruction program, while a c51 VM simulates runtime environment of a c51 instruction program.
A compilation process refers to a process of translating a source program written with an advanced language into an equivalent low-level language (assembly language or machine language) target program. A decompilation process can be deemed as a reverse process of the compilation process, that is, a process of translating a target code of machine language into an equivalent code of assembly language or advanced language. An instruction transformation refers to a process of transforming a target instruction on a platform into a target instruction on a different platform according to execution logic of a program.
The .net architecture provides an outstanding convenience at the cost of bringing a sensitive defect that a .net program set can be easily decompiled. There are many .net intermediate code solutions to this defect in the prior art, although they are not very effective indeed. These solutions only reduce readability of the decompiled code without achieving an essential effect of anti-decompilation. An obfuscated source code can still be easily decompiled by attackers with malicious intent. Although developers can employ strong encryption algorithms, the code can be obtained because it will be decrypted for execution in a computer memory at runtime.
Currently, a pure software protection method for .net programs includes the steps of:                1) decompiling a .net program to an IL text file;        2) modifying the IL text file, by adding a decryption function external to contents that need to be protected;        3) compiling the modified IL text file to generate a binary instruction file that can be executed on the .net platform;        4) encrypting segments that need to be protected in the binary instruction file using software; and        5) decrypting the encrypted binary instructions at runtime with the decryption function previously added, thus protecting the .net program.The entire process is accomplished within a computer.        
Generally, a shell is added to an executable file to implement protection. Users actually execute the shell, which will uncompress the protected program in the memory, and transfer control power to the uncompressed real program. All the above processes are performed in the memory, so that users do not know (and do not need to know) the processes, which will not affect execution rate. If a verification device for a software dongle or key disk is also added to the shell, a shell encryption is formed. The shell will or will not compress the program at all. Advantages of the shell involve anti-tracing, encrypting code and data, and protecting integrity of program data, which ensure that the program code is not modified or traced and debugged by hackers or others with malicious intent.
In prior art, a hardware device is often applied to protect a .net program. In other words, one or more parts of the .net program are extracted from the .net program to an encryption apparatus to run thereon, while the remaining program runs on a computer, so as to protect the .net program. An advanced encryption apparatus is programmable, and is used to protect a program by storing a key code of the program to be protected in an encryption apparatus and implementing communication between the program to be protected on the computer and an information security device. Therefore, shell calling instructions need to be written. The protected program performs communications with the encryption apparatus by calling an Application Programming Interface (API), which is an interfacing convention among different components of a system and a programming interface for exchanging information and commands between applications and a hardware system. A specific VM may be developed in the advanced encryption apparatus by developers, so as to execute a code in a format conforming to the VM directly in the encryption apparatus.
However, the hardware protection method has disadvantages of small protection scope, low protection strength and controllability, and restricted program code executed each time, thus a lot of work is required in this method. In another regard, the pure software protection method for .net programs in the prior art is easy to be cracked because the protected .net program still runs in the memory, which brings risks to the .net program.