Reading comments in exe 
Author Message
 Reading comments in exe

I am concerned about other people being able to read the comments that are
in our vp projects after we compile to an exe.

When we compile to exe is it possible to read the comments in a text or
other editor?  I looked at some exes and it looked like some text stuff wa
sin there.

If so then what do coders do to protect? Do they strip out comments before
building into an exe?

Thanks



Tue, 28 Sep 2010 10:23:06 GMT  
 Reading comments in exe
Comments don't get compiled into the exe.


Quote:
> I am concerned about other people being able to read the comments that are
> in our vp projects after we compile to an exe.

> When we compile to exe is it possible to read the comments in a text or
> other editor?  I looked at some exes and it looked like some text stuff wa
> sin there.

> If so then what do coders do to protect? Do they strip out comments before
> building into an exe?

> Thanks



Tue, 28 Sep 2010 11:50:46 GMT  
 Reading comments in exe

Quote:

> Comments don't get compiled into the exe.

It ought to be that way, but...
Reality is not quite that straightforward.

Running your source through a preprocessor to remove all comments
will pretty reliably make the exe smaller.  What mechanism is really
in play there, I really don't know, but the fact is that comments
are (or at least _were_) allowed to affect the executable.
I personally was able to observe effect with VB3 and VB4, and I have read
reports either way about 5 and 6, but haven't actually tested them myself

I would certainly hope they're not in there in any retrievable way,
but I would not be willing to flatly assure anyone of it.

        Bob



Tue, 28 Sep 2010 14:21:20 GMT  
 Reading comments in exe
On Thu, 10 Apr 2008 23:21:20 -0700, Bob O`Bob

Quote:

>> Comments don't get compiled into the exe.

>It ought to be that way, but...
>Reality is not quite that straightforward.

>Running your source through a preprocessor to remove all comments
>will pretty reliably make the exe smaller.  What mechanism is really
>in play there, I really don't know, but the fact is that comments
>are (or at least _were_) allowed to affect the executable.
>I personally was able to observe effect with VB3 and VB4, and I have read
>reports either way about 5 and 6, but haven't actually tested them myself

>I would certainly hope they're not in there in any retrievable way,
>but I would not be willing to flatly assure anyone of it.

>    Bob

That's pretty hard to swallow.  I know that debug statements that
contain function calls will have the function calls compiled thereby
affecting the size of the exe, but comments?  What purpose could that
possibly serve?  Maybe they're present in P-Code? Or possibly when line
numbers are present?  I can't find a single comment in mine.

---
Stefan Berglund



Tue, 28 Sep 2010 15:22:37 GMT  
 Reading comments in exe
Thas was a strange thing about my exe when on a whim I looked at it in the
notepad. I saw some comments but only a few. Of course in the VB code we
have comments for maintenence logic presentation but those comments can also
give information to unauthorized people (if you get what I mean) concerning
our code.

I also ran our exe thru a decompiler and was appalled at what I saw and am
looking for some kind of lock down solution. Heck, with the decompiler I can
see form names and all sorts of =other stuff.


Quote:
> On Thu, 10 Apr 2008 23:21:20 -0700, Bob O`Bob



>>> Comments don't get compiled into the exe.

>>It ought to be that way, but...
>>Reality is not quite that straightforward.

>>Running your source through a preprocessor to remove all comments
>>will pretty reliably make the exe smaller.  What mechanism is really
>>in play there, I really don't know, but the fact is that comments
>>are (or at least _were_) allowed to affect the executable.
>>I personally was able to observe effect with VB3 and VB4, and I have read
>>reports either way about 5 and 6, but haven't actually tested them myself

>>I would certainly hope they're not in there in any retrievable way,
>>but I would not be willing to flatly assure anyone of it.

>> Bob

> That's pretty hard to swallow.  I know that debug statements that
> contain function calls will have the function calls compiled thereby
> affecting the size of the exe, but comments?  What purpose could that
> possibly serve?  Maybe they're present in P-Code? Or possibly when line
> numbers are present?  I can't find a single comment in mine.

> ---
> Stefan Berglund



Tue, 28 Sep 2010 15:45:21 GMT  
 Reading comments in exe


Quote:
> Thas was a strange thing about my exe when on a whim I looked at it in the
> notepad. I saw some comments but only a few. Of course in the VB code we
> have comments for maintenence logic presentation but those comments can
> also give information to unauthorized people (if you get what I mean)
> concerning our code.

> I also ran our exe thru a decompiler and was appalled at what I saw and am
> looking for some kind of lock down solution. Heck, with the decompiler I
> can see form names and all sorts of =other stuff.

What version of "VB" are you using?

Dave O.



Tue, 28 Sep 2010 17:26:01 GMT  
 Reading comments in exe
Comments are not compiled into the EXE, but the text after uncommented
Debug.Print is. Functions calls are always executed if they appear in
Debug.Print. For example, if you have lines like this:

Debug.Print "ABC123"
s = "DEF456"

The texts "ABC123", "DEF456" and all fixed text(In MsgBox, string
assignments, etc.) and numeric constants are put next to each other in the
EXE. Strings are stored as Unicode and null terminated. To avoid this,
comment all Debug.Print statements in your code. If you have too many of
them, the easiest way is by using the free MZTools Addin. Use the Find
function in it and select "Exclude Comments". This tells you how many
Debug.Print are left to be commented and their locations so you can easily
comment them before releasing your EXE. Another way is by using conditional
compilation, but this is cumbersome.

Finally, make sure that "Create Symbolic Debug Info" in Project
Properties-->Compile Tab, is not selected, which is the default for new
projects.

MZ-Tools 3.0 for Visual Basic 6.0, 5.0 and VBA
http://www.mztools.com/v3/mztools3.aspx



Tue, 28 Sep 2010 17:29:34 GMT  
 Reading comments in exe
Just viewed some exe's in wincmd's list. All Labels and Controls names and
captions are in plain text (some as unicode). No harm in this, they are
visible on the forms too :)
Function calls to the runtime dll are visible, but are the same for all VB
exe's.
There is no sign of any comments.

/Henning



Quote:
>I am concerned about other people being able to read the comments that are
>in our vp projects after we compile to an exe.

> When we compile to exe is it possible to read the comments in a text or
> other editor?  I looked at some exes and it looked like some text stuff wa
> sin there.

> If so then what do coders do to protect? Do they strip out comments before
> building into an exe?

> Thanks



Tue, 28 Sep 2010 18:08:47 GMT  
 Reading comments in exe
VB6


Quote:



>> Thas was a strange thing about my exe when on a whim I looked at it in
>> the notepad. I saw some comments but only a few. Of course in the VB code
>> we have comments for maintenence logic presentation but those comments
>> can also give information to unauthorized people (if you get what I mean)
>> concerning our code.

>> I also ran our exe thru a decompiler and was appalled at what I saw and
>> am looking for some kind of lock down solution. Heck, with the decompiler
>> I can see form names and all sorts of =other stuff.

> What version of "VB" are you using?

> Dave O.



Tue, 28 Sep 2010 18:58:41 GMT  
 Reading comments in exe


Quote:
> Just viewed some exe's in wincmd's list. All Labels and Controls names and
> captions are in plain text (some as unicode). No harm in this, they are
> visible on the forms too :)
> Function calls to the runtime dll are visible, but are the same for all VB
> exe's.
> There is no sign of any comments.

> /Henning

As far as I can tell all quoted strings are visible, plus control and form
names. I don't believe any variable names are visible. I have never found
any evidence of comments.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--



Tue, 28 Sep 2010 20:39:33 GMT  
 Reading comments in exe



Quote:



>> Just viewed some exe's in wincmd's list. All Labels and Controls names
>> and captions are in plain text (some as unicode). No harm in this, they
>> are visible on the forms too :)
>> Function calls to the runtime dll are visible, but are the same for all
>> VB exe's.
>> There is no sign of any comments.

>> /Henning

> As far as I can tell all quoted strings are visible, plus control and form
> names. I don't believe any variable names are visible. I have never found
> any evidence of comments.

> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> --

That seems correct, I noticed that all my strSQL query strings were visible,
but not the parameters. No big deal!? the db is pw protected. I also noted
there are a lot of VBA functions 'listed'.

/Henning



Tue, 28 Sep 2010 21:45:48 GMT  
 Reading comments in exe


Quote:

<snipped>

> > As far as I can tell all quoted strings are visible, plus control and
form
> > names. I don't believe any variable names are visible. I have never
found
> > any evidence of comments.

> > --
> > Richard Mueller
> > Microsoft MVP Scripting and ADSI
> > Hilltop Lab - http://www.rlmueller.net
> > --

> That seems correct, I noticed that all my strSQL query strings were
visible,
> but not the parameters. No big deal!? the db is pw protected. I also noted
> there are a lot of VBA functions 'listed'.

No big deal except it might open the App to SQL Injection attacks.
http://en.wikipedia.org/wiki/SQL_injection

There is ALWAYS something to worry about. <g>

-ralph



Tue, 28 Sep 2010 23:21:51 GMT  
 Reading comments in exe
I'm wondering if the comments that some people are suggesting show up
sometimes in some versions :) are coming from uninitialized data areas of
the EXE that are picking up random "junk data" that just happens to be some
of the program comments.

Does anybody know if VB6 does that sort of thing?  I've never
reverse-engineered a VB EXE before.

Rob

Quote:

> As far as I can tell all quoted strings are visible, plus control and form
> names. I don't believe any variable names are visible. I have never found
> any evidence of comments.



Tue, 28 Sep 2010 23:58:35 GMT  
 Reading comments in exe

Quote:
>VB6





>>> Thas was a strange thing about my exe when on a whim I looked at it in
>>> the notepad. I saw some comments but only a few. Of course in the VB code
>>> we have comments for maintenence logic presentation but those comments
>>> can also give information to unauthorized people (if you get what I mean)
>>> concerning our code.

>>> I also ran our exe thru a decompiler and was appalled at what I saw and
>>> am looking for some kind of lock down solution. Heck, with the decompiler
>>> I can see form names and all sorts of =other stuff.

>> What version of "VB" are you using?

Are you compiling to P-Code or Native Code?  If the latter what options
specifically do you use?

---
Stefan Berglund



Wed, 29 Sep 2010 01:38:55 GMT  
 Reading comments in exe


Quote:
> I'm wondering if the comments that some people are suggesting show up
> sometimes in some versions :) are coming from uninitialized data areas of
> the EXE that are picking up random "junk data" that just happens to be
some
> of the program comments.

> Does anybody know if VB6 does that sort of thing?  I've never
> reverse-engineered a VB EXE before.

<snipped>

No. That can't happen as 'comments' never get in a compiled (pcode or
native) program's 'memory' (loosely defined as the Data and Text segments),
starting with VB4-32bit.

Previous to that version, an amazing amount of information was contained in
a released opcode executable. I wouldn't be surprised at what might have
shown up on the "other side".

-ralph



Wed, 29 Sep 2010 01:38:53 GMT  
 
 [ 25 post ]  Go to page: [1] [2]

 Relevant Pages 

1. comment recuperer les info des fichiers exe

2. How to acquire the comment recorded in EXE or DLL file

3. Reading one .exe from another .exe

4. Comments besides Commented Text

5. Comment on QB websites/view websites by comments .-=??=-.

6. Comments = StrConv(Comments, vbProperCase)

7. Commenting - How to comment blocks of text

8. Reading version from an .exe

9. Reading EXE's

10. EXECDATA.BAS [0/1] Read .EXE+data

11. EXECDATA.BAS [1/1] Read .EXE+data

12. read string after executed program.exe

 

 
Powered by phpBB® Forum Software