The only person I’ve asked about this said decompilers are more of a criminal thing than legit.

In many countries it is perfectly legal to decompile and reverse engineer, and if you own copyright to your own program then you have nothing to be afraid of as you own it!

Decompilation will be hard if you used obfuscation, and it would also be hard if you do not have debugging symbols (compiled as relase rather than debug).

If you have people who have written it in the first place then it should not be THAT big of a deal to modify decompiled sources to look pretty much as they were: can't say however whether decompilers support for VB.NET is good.

BTW, why didn't you keep a set of backups offsite?

The lock boxes at the local bank are a perfect place to drop off a couple of backup CD's at least once a month. Not only should you keep copies of your software but copies of your tools as well, like Visual Studio, basically anything you rely on to maintian your business should be burned onto backup CDs and stored offsite.

Regarding obsfucation I wouldn't know how to do that if I wanted to and we didn't have a reason to since the programs were all in house.

I've seen the results on Google but most of the stuff I've seen is in the four figure range. I don't want to drop that much money on something we find out won't work. Is there a 'gold standard' type program for decompiling?

Most of the programs we're trying to find the code for were compiled in release mode. How big of a problem does that cause? As long as I can get 90% of the source code back, I think I'm good to go since I'm the one who wrote everything. None of the programs are over 10,000 lines of code.

Thanks for the great answers, I just don't want to start digging into this and find out I started out wrong.

BTW, I'm not offended at all but for future reference, there's no need to inform people who are up a creek because of a lack of backups that they really should do backups.

there's no need to inform people who are up a creek because of a lack of backups that they really should do backups.

Actually I thought it was worth mentioning for the benefit of others reading this, not just you!

A friend of mine had your exact situation happen and he had lots of backups but the crooks took EVERYTHING, every floppy, CD, anything computer looking, and he didn't have offsite storage whatsoever so he suffered a 100% complete loss so he had to repurchase all his tools, MS Office, on and on.

Another suggestion would be to put a version control system like CVS or RCS on a remote server to manage your version control then you would have a copy in the bank, on the server, and on your local PC.

BTW, I saw a few decompilers that were more or less of the shareware variety online [quality unknown} that were being offered under $100. You could try those just to extract your changes.

Decompiling isn't a criminal thing unless you're using it on software that you didn't write where the license forbids reverse engineering.

In many countries reverse engineering is perfectly legal for purposes of interoperability. Clean room reverse engineering for purposes of cloning is acceptable practice in most developer countries -- how do you think we got cheap PCs? IBM's BIOS had to be reverse engineered.

IBM's BIOS had to be reverse engineered

The BIOS reverse engineering was more trivial, that was most likely disassembling, not decompiling. :)

In the early 80s I wrote both a Z-80 disassembler (published) and half-hearted C language decompiler and there's a huge difference in what they do and the level of expertise required to interpret the results.

I don't see how it would be possible, from a technical standpoint, to decompile a .Net app if it was compiled.

You should discuss this with RemoteSoft that claims to have a VB.NET decompiler for $1K called Salamander. :)

Then there's Reflector for .NET, Anakrino and a few others that I'm too lazy to list.

I can tell what it's putting out because I'm the one who programmed to original versions of it. However, if that's what my source code was 'supposed' to look like when I did it, I have a LOT to learn.

The output from Reflector is going to allow us to reference the changes we have made in the past two months rather than reinventing the wheel. It will just take a while to convert that output into what we had originally intended.

The BIOS reverse engineering was more trivial, that was most likely disassembling, not decompiling. happy!

I did my share of assembly and decompilation and I am pretty convinced that while in the past decompilation was not a good option because generated code was too close to assembly, where as now .NET and Java contains so much meta-data that decompilation is very very successful: knowledge of just functin names gives very good good idea what they are doing :)

These were all written in VisualStudio.Net

How easy is it to decompile from our current compiled programs

ildasm comes with your .net installation. Search your box for ildasm.exe and open up one of your .net binaries that you compiled.

Not knowing little things like that is what people like me miss by only learning things on a 'need to know basis'.

I found the tool quite scary because it nearly produced a runnable version of the dlls. It took me about 3 days to rebuild the source code and make it presentable. Considering I'd never seen the source and it was my first serious .NET project, I realised that 'obfuscation' is necessary when you deploy to customers and want to protect intellectual rights.