Kjow schrieb:
Hi all,
I would make unreadable functions/components/classes/etc names into
the binary built.
I noticed that with an hex editor I can see things like TButton,
width, heigh etc.
These names must match the declarations of the components and properties
in LCL source code, so that the resource loader can find the registered
classes and their published properties. This means that you have to use
an obfuscated LCL, with obfuscated class and property names. The
component names instead can be choosen freely, but I don't see an
improvement when e.g. a TButton is renamed from Button1 to something
else - its class name still will be readable.
Skilled hackers still may get many (type) names from a running
executable, depending on the platform and widgetset. A decompiler (like
IDA) also will reveal much of the source code, in all OO languages. This
is why I never wrote an decompiler for Pascal (Delphi/FPC) binaries, to
discourage sniffing in other peoples' apps.
In practice it's much easier to use a tool that compresses an executable
into a self-expanding archive. Then the names can no more be found in
the files on disk, and the size of the distributed files can become much
smaller. And use the FPC and LCL *trunk* versions, to build your
distributed apps, so that no decompiler will succeed in matching parts
of the code with a *release* version of the libraries.
Graeme may praise fpGUI now again, which AFAIK does not use resources
for the creation of the components on a form. Newer Delphi versions, in
contrast, are much more verbose about application details, in the
extended RTTI that is enabled by default and becomes part of every
binary; turing it off is very complicated, must be done in every single
unit, and for many types (classes, records...).
DoDi
--
_______________________________________________
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
