Just noticed that any executable generated with Delphi (including Release version) has lots of strings containing Unit names, function/procedure names, even parameters names and variables/fields names. This is scary.
Just noticed that any executable generated with Delphi (including Release version) has lots of strings containing Unit names, function/procedure names, even parameters names and variables/fields names. This is scary.
Anyone from Embarcadero or somebody else has any idea what these are used for (especially in a Release version)?
Is there any method to prevent these to be written to the executable? They should not be there IMO.
If you wonder why you should care about this, just imagine you have implemented a license verification mechanism in your executable. I know that no software is 100% crack proof but unit names, function names and parameter names would really make it easier and help anyone who would like to reverse engineer your code.
Anyone from Embarcadero or somebody else has any idea what these are used for (especially in a Release version)?
Is there any method to prevent these to be written to the executable? They should not be there IMO.
If you wonder why you should care about this, just imagine you have implemented a license verification mechanism in your executable. I know that no software is 100% crack proof but unit names, function names and parameter names would really make it easier and help anyone who would like to reverse engineer your code.
Jeroen Wiert Pluimers I still prefer Delphi to Java or .Net any day :D Not having to make sure I have a specific Java version is installed on the machine I am deploying or a specific .NET framework version is one of the reasons I love Delphi.
ReplyDeleteDoh, this is bad. Need to audit my code, as I'm using RTTI for other things. One thing to note, I use ARMADILLO (siliconrealms.com) for my licensing, it also has some provisions for encryption of the source code, plus it compresses it. There's a lot of smart people than me on the internet, but I don't see a lot of useful information after I have "wrapped" it with this software-protection-layer. A guy named Chad works on it, the product has been around for decades, still maintained. I recommend it.
ReplyDeleteVin Colgin still if you can dump the executable while running, even if it is protected with Armadillo, you can reconstruct a lot from RTTI.
ReplyDelete