Can a hacker get access to the name of variables, methods, units, etc. inside a compiled exe Delphi VCL application?

Question

I am working in a protection schema for a software created with Delphi 7, and wondering if I need to worry about names used in functions/procedures, variables, etc. Can a "hacker" get access to these names inside a compiled exe VCL application created with Delphi without any third-party protection (ie. obfuscation)?

Answer 1

Delphi compiles its source code into raw binary - in constract e.g. to Java or C#/.Net which compiles into some intermediate language, which could be easily un-compiled, and often require obfuscation. Decompilation tools for Delphi are very rough and ineffective - even the most sophisticated ones.

By default, there is no debug information added to the Delphi executable. And Delphi 7 has a limited set of RTTI - it has been enhanced a lot in Delphi 2010. Human readable RTTI information is only about enumerates text, published properties of classes, interface inheriting from IInvokable. So very little information.

So there is almost no way to retrieve the variable names and function names, from a typical Delphi 7 executable. Unless you join the .map file to the executable (only function names and global variables, not local variables).

Note that this is about the source code - as you asked. For a GUI/VCL application, .dfm content (i.e. the TForm layout) are serialized into the executable, and could be recovered.

Answer 2

As with virtually every EXE you can see which functions are imported (i.e. CreateWindowA(), SendMessageA() and such) from which libraries (i.e. SHELL32.DLL and such). Just drag your EXE into a text editor and search for .dll - around that you can see readible text.

Linking thru function names can be avoided by linking thru function indices; one approach malware does (to not let scanners recognize "bad" function names) is to enumerate all exported function names of a library, hash each name and then compare that hash with previously hashed text.