How could I protect my delphi app from being decompiled? I know there are some software like themida that I think will do that but then the protected exe trigger the antivirus.
It depends what your goal is.
If it s really just protecting the source, it s already done! Provided you don t include debug and symbols information and add some heavy inlining, good luck to reconstruct some usable Pascal code from disassembling the exe.
If it s preventing people from seeing how it functions and hack it, then you have to include some anti-disassemble protection. It s harder but doable. Often done as a collateral to anti-piracy protection.
Everything that a CPU can read, can also be "decompiled", so there is no ultimate security. But usually it is quite hard to decompile compiled Delphi code, and almost all identifiers and all comments are gone, of course.
The published parts of classes, DFM file information and constants (including string constants) are present in the exe file, in an easily readable way. You can reduce this problem by encrypting your strings and not using published and not use DFM files. However, all the information will still be present in your exe file, so often this will just be hard work that gives no real security.
If you just want parts of your source code to be difficult to read, make your algorithms difficult...
In the end, everything can be hacked. The only real way to avoid your app from being decompiled, is to keep the exe file away from those that can do it, like when you deploy it on your own server but not on the customer s server.
If you re using Delphi Prism then one of the many .Net decompilation tools will make it a trivial task to get access to (a form) of your source code.
The only solution is to use one of the numerous .Net obfuscation tools. Unfortunately I can t make a recommendation as I ve never had to use one, but Google should show you the way...
If you re compiling to native Win32 then any form of obfuscation, or even anti-debugging mechanism, is pretty much a waste of time. There are people out there who can read assembly as easily as you or I read our native language. These things only slow the reverse engineering process down somewhat (and only barely at that).
Few years ago, I ve had to rewrite an application, what abandoned by its developer.
I can recover all things from DFM-s, Forms (with components) Query strings stored in TxyzQueries, bitmaps from image lists, some strings with decompiler, but application logic can not be recovered, only method names with asm source inside.
There are loaders (like UPX http://upx.sourceforge.net), what extracts crypted, compressed application to memory and loads it on start, but the AV s often marks such applications as infected. :(
You can write a small app like that, some tips:
www.codeproject.com/KB/cs/LoadExeIntoAssembly.aspx (.net) www.joachim-bauch.de/tutorials/load_dll_memory.html (for dll-s)
Only applications protected with stolen Themida keys should trigger an antivirus (Win32.Black detected by Kaspersky for example).
In general, you cannot really protect your code from decompilation. However, by using a tool such as Code Virtualizer you can protect key areas, such as your install code decoder. Code that is virtualised is much slower, and has certain restrictions, but it adds a suitable hurdle to the casual hackers trouble. This is best done in a build script so that it is consistently added for release - that way you ensure proper protection every time.
I recommend separating the install code from the protection BTW, so that you can switch protection at any time without worrying about existing users.
Finally, Delphi forms are easily accessed, but they are generally not useful to change.
A complete disassembly is never achieved I think for native Win platform. If you don t include debug symbols etc during compile time or hide these using some tool, it s very unlikely your exe could be decoded. No idea about .NET thing.
An easy way to protect the executable is to run it as a web application on an Internet server. With Delphi and an Ajax library (for example ExtJS over extpascal, or IntraWeb/VCL for the Web), it is possible to convert desktop and client/server applications to web applications. (Examples) - this also makes the application available for other operating systems and mobile devices.
my delphi 2009 app has a basic translation system that uses GNUGetText. i had used some win API calls to prepare the fonts. i thought it was working correctly until recently when someone from Malta ...
Ok, I m going nuts here. For the last (almost) four years, I ve been putting up with some extremely bad behavior from my Delphi 5 IDE. Problems include: Seemingly random errors in coride50.bpl ...
i would like to know if there are any solution to do this. Does anyone? The big picture: I want to access data over the web, using my delphi thin clients. But i´would like to keep my server/service ...
In Delphi, there is a function StrToInt() that converts a string to an integer value; there is also IntToStr(), which does the reverse. These functions doesn t appear to be part of Oxygene, and I can ...
What is the equivalent of SetLength using Oxygene? I m trying to size an integer array. var listIndexes: array of integer; begin setLength(listIndexes,5); // doesn t work end;
How can I monitor or visualize memory fragmentation of a delphi application?
I have consistently had IDE problems in Delphi/C++Builder for years, with every version. I usually just reboot, recompile, etc. and move on. However, I keep seeing others say that the IDE is rock ...
I was trying to speed up a certain routine in an application, and my profiler, AQTime, identified one method in particular as a bottleneck. The method has been with us for years, and is part of a "...
