Thread: Code Privacy and Security

I was doing the C/C++ thing a long time ago but I have been focusing on VB only for many of years now.
For my current project, I am concerned about the privacy and security of my code.

My question is about the Visual Studio debugger, and reverse engineering of a compiled EXE (or DLL or OCX)

1- Comments throughout the code, are they visible? A main concern since comments contains sensitive information
2- Sub's and Function names and their calling, visible ?
3- Can the VB source code be reconstituted?

I would appreciate insight or recommendations on the above. Thanks in advance to all.

Moved to General Developer

Yep, VB6. I originally posted in the Classic VB forum, from where it was moved here.

1- Comments throughout the code, are they visible? A main concern since comments contains sensitive information

No, the compiler ignores them

2- Sub's and Function names and their calling, visible ?

No, but if you are calling functions from outside libraries using API (such as calling GetTickCount from Kernel32) then yes, the function name is visible inside the binary.

3- Can the VB source code be reconstituted?

Reconstructed? Well, it is very difficult to take machine code and convert it to a high level language. It might be possable and im sure it has been done for lower level languages such as C.

nkad...

Thanks, that's very reassuring. Points 1 and 3 not a concern it seems.

Maybe some clarification on point 2.... Actually I mentionned DLL and OCX, but for this first release (ready for distribution), everything is still contained in a single EXE. Following that and what you just said, I assume :

a) my native VB functions such as : EncryptXYZ are hardly visible ?
b) all my API registry stuff is visible and possibly arguments passed along ?

Correct?

Other comments welcomed.

Originally Posted by Navion

nkad...

Thanks, that's very reassuring. Points 1 and 3 not a concern it seems.

Maybe some clarification on point 2.... Actually I mentionned DLL and OCX, but for this first release (ready for distribution), everything is still contained in a single EXE. Following that and what you just said, I assume :

a) my native VB functions such as : EncryptXYZ are hardly visible ?
b) all my API registry stuff is visible and possibly arguments passed along ?

Correct?

Other comments welcomed.

Correct, your native vbfunction names wont show up in the compiled executable. Now, someone can correct me if I'm wrong on this second part. Let's say your program calls EncryptXYZ, because EncryptXYZ is apart of an external library the function name is saved in the imports table of your executable along with other information that will be used to access the function in that library. The actuall names of the arguments are not saved.

Now, there are programs called Obfuscators that will hide the details of the import table, thereby hiding procedure names to libraries, etc.

Hope this helps

Yes this does help, a lot... Thanks