[Lazarus] Make unreadable names into bunary

Hans-Peter Diettrich DrDiettrich1 at aol.com
Wed Apr 4 19:22:20 CEST 2012


Kjow schrieb:
> Hi all,
> 
> I would make unreadable functions/components/classes/etc names into
> the binary built.
> I noticed that with an hex editor I can see things like TButton,
> width, heigh etc.

These names must match the declarations of the components and properties 
in LCL source code, so that the resource loader can find the registered 
classes and their published properties. This means that you have to use 
an obfuscated LCL, with obfuscated class and property names. The 
component names instead can be choosen freely, but I don't see an 
improvement when e.g. a TButton is renamed from Button1 to something 
else - its class name still will be readable.

Skilled hackers still may get many (type) names from a running 
executable, depending on the platform and widgetset. A decompiler (like 
IDA) also will reveal much of the source code, in all OO languages. This 
is why I never wrote an decompiler for Pascal (Delphi/FPC) binaries, to 
discourage sniffing in other peoples' apps.

In practice it's much easier to use a tool that compresses an executable 
into a self-expanding archive. Then the names can no more be found in 
the files on disk, and the size of the distributed files can become much 
smaller. And use the FPC and LCL *trunk* versions, to build your 
distributed apps, so that no decompiler will succeed in matching parts 
of the code with a *release* version of the libraries.

Graeme may praise fpGUI now again, which AFAIK does not use resources 
for the creation of the components on a form. Newer Delphi versions, in 
contrast, are much more verbose about application details, in the 
extended RTTI that is enabled by default and becomes part of every 
binary; turing it off is very complicated, must be done in every single 
unit, and for many types (classes, records...).

DoDi





More information about the Lazarus mailing list