Always wanted to ask this query, so I will! :0)
What is this SourceSafe thing when it's at home what does it actually do for
me?
Are MS saying that when I compile the app people can get to my source code
and I should be taking extra steps to protect myself?
I thought when an app was compiled it was bits and bytes??
Any pointers re this?
Thanks
Source safe is a store for source code which retains copies so you can roll
back to a previous incarnation. It also stops multiple people booking out
the same code at the same time so you don't get conflicts in a team - not a
problem for the solo programmer, but really sourcesafe is designed for
teams.
In VB6 if you compile to native code then the source is not obtainable.
In VB6 if you compile to P-code the source can be extracted from the
executable
In all VB.Nyet flavours the source is obtainable from the executable unless
the developer takes extraordinary measures to obscure the source.
Versions of VB prior to VB6 are similar to 6, if the version allowed
compilation to native then the source is secure, if only P-code is allowed
then the source (or a close approximation) can be retrieved.
Regards
Dave O
SourceSafe keeps track of any changes you've made to your project. It allows
you to look at changes you've made during the project's lifetime and has the
ability to step back to any previous version, if you need to for some
reason.
> Are MS saying that when I compile the app people can get to my source code
> and I should be taking extra steps to protect myself?
Not VB5 or VB6. When compiled to native code, there are no decompilers
available that will allow anyone to view your source as you wrote it. All
they'll be able to see will be the machine language instructions that VB
itself generates.
> I thought when an app was compiled it was bits and bytes??
Pretty much. dotNet apps need to be obfuscated... not VB5 or VB6.
--
Ken Halter - MS-MVP-VB - Please keep all discussions in the groups..
In Loving Memory - http://www.vbsight.com/Remembrance.htm
1. Allow more than one developer to modify the same project
2. Roll back to a previous version of the source code in case
the current version gets messed up.
Once you compile your app no one can get your source code, but with much
effort (much effort!) and lots of money they -might- be able to reverse engineer
it and get some sort of source out of the EXE. Keep in mind that this is NOT
the original source, instead it is a "best attempt" by the decompilation process
to get back somethign resembling source code. As already said this is not a
trivial task.
To protect yourself, you can further obfuscate your source code, but keep in
mind that doing this will make it harder for you (or anyone else) to maintain
the source.
Try this: http://www.google.com/search?hl=en&q=vb6+obfuscator&btnG=Search
NOte that some obfuscators work with the EXE program, so no need to mangle
your source.
Saga
--
"Blackberry" <in...@NoSpamIt.com> wrote in message news:eX9cbx0C...@TK2MSFTNGP05.phx.gbl...
> Always wanted to ask this query, so I will! :0)
Why not check out what Google has to offer first? Surely it must be
mentioned on the web somewhere....
> What is this SourceSafe thing when it's at home what does it actually do for
> me?
Its a version control system:
http://msdn2.microsoft.com/en-us/library/aa302175.aspx
LFS
I've always just compiled to P-code, as it's ended up smaller and certainly
fast enough. But this has me concerned if people can extract the source from
it. Can you give me a link to get more information on how this is done, so I
can try it on my code, and determine if I really need to compile to native
code instead?
--
Regards,
Rick Raisley
"Larry Serflaten" <serf...@usinternet.com> wrote in message
news:Oh4wyC1C...@TK2MSFTNGP03.phx.gbl...
It works to some extent. It doesn't return the files exactly as you'd see
them.
Here's an example.....
Code in the project....
Private Sub picFileIcons_DblClick()
Dim paddingY As Long
paddingX = 3 * Screen.TwipsPerPixelX
paddingY = 2 * Screen.TwipsPerPixelX
'// This will set the Menu-Item's prospective icon
'// to the one that was dbl-clicked.
If iconSelected Then
'// Clear opu the pic showing the item's current icon
picIcon.Cls
'// Now draw the new item in the box.
ilIcons.ListImages(iconSelected).Draw picIcon.hDC, paddingX,
paddingY
'// Enable the Set button.
cmdSetIcon.Enabled = True
cmdSetIcon_Click
End If
End Sub
Decompiled code output from a P-Code compiled exe....
Private Sub picFileIcons_DblClick() '43D3F0
'Data Table: 42C780
loc_43D34E: If CBool(Me.global_116) Then '43D3EC
loc_43D35B: picIcon.Cls
loc_43D370: var_94 = picIcon.Hdc
loc_43D37B: var_E0 = CLng((CDbl(&H2) * Screen.TwipsPerPixelX))
loc_43D383: var_D0 = CLng((CDbl(&H3) * Screen.TwipsPerPixelX))
loc_43D394: var_B8 = Me.global_116
loc_43D3A3: var_A8 = var_98.????????????????
loc_43D3AA: CastAdVar arg_34
loc_43D3B4: SetPropA
loc_43D3BC: Reset
loc_43D3DF: cmdSetIcon.Enabled = &HFF
loc_43D3E7: Call cmdSetIcon_Click()
loc_43D3EC: End If
loc_43D3EC: Exit Sub
End Sub
As you can see, not 'real' source code, but you can get most of what you
need out of it.
Regards,
DanS
"DanS" <t.h.i.s....@a.d.e.l.p.h.i.a.n.e.t> wrote in message
news:Xns99C5BCAA89990th...@216.196.97.142...
> Why would you post something like that here? Not only is decompiling
> illegal, but it's unethical. It's encouraging theft of code and
> "trade secrets" and some developers, myself included frown upon things
> such as this. Use a little common sense man. You could have shared
> this privately.
What's the problem ?
It's my code, big deal. Nothing illegal or unethical about that.
I will no doubt now change to Native code instead, regardless of the size,
for security. As to DanS posting the link, while I /guess/ there might be
some people wanting to decompile, but not knowing this, I'd think anyone
really interested enough would know or find out.
Anyhow, my bad for asking. Sorry.
--
Regards,
Rick Raisley
"Kevin Provance" <ca...@tpasoft.com> wrote in message
news:O13s7J6C...@TK2MSFTNGP03.phx.gbl...
I suspect he zoomed in on sort of demo'ing reverse-engineered code.
Personally I don't see it as an issue since it's so easy to find details on,
but I also can understand others' reluctance to see such detail on a
dedicated group. Kevin's a little outspoken and sometimes that's good,
sometimes not so good. FWIW.
Regards,
Pop`
Yeah, I tend to agree that it's actually a Good Thing for folks to be aware that
there is a decompiler out there, as well as to what extent it's effective.
For some reason I have it in my mind that this one only works on FRM files? That it
won't pick apart the code that was in BAS or CLS modules? Anyone know?
--
.NET: It's About Trust!
http://vfred.mvps.org
Glad you agree. I just happened upon this thread, and Dave O's statement
that P-Code could be decompiled was the first I had ever heard of that. I
felt I needed to know what that meant to me, and what information I was
making available to my customers and crackers, based on compiling in P-Code.
While the statement alone that it can be decompiled is very disconcerting, I
asked about a source/program to do it so I could check it for myself and see
just how much "real information" it would provide, which will determine my
reaction to it (immediate updates on all programs, just compiling the next
on in Machine Code, whatever).
> For some reason I have it in my mind that this one only works on FRM
files? That it
> won't pick apart the code that was in BAS or CLS modules? Anyone know?
> --
I will try to find out shortly, as I'm going to try it on some of my
programs. Most of my real important code is in BAS modules, so if that is
true, I will be less concerned.
Oh, and you said "that THIS one only works on FRM files". Does that mean
there are others, that may do a better job? If so, I may need to check them
as well, and if anyone would like to mail me such links, they can at
HeavyMetal_AT_Bellsouth_DOT_NET (no underscores). I don't want to break any
rules, and am only interested in trying this on my programs, which are all
in P-Code (I doubt most others are, anyhow).
--
Regards,
Rick Raisley
Interesting. The site exists, but the free download of the Lite version ends
up at a broken link. And I'm not going to pay $99 to see if I should compile
in Machine Code; I'll just do it. ;-) FYI, I found another download link
for "VB Decompiler" from Google.
Although, I did lose a particular routine I had in an older version of a
program some time ago at work, and it might have been worth it to recover
it. If it worked on BAS code.
--
Regards,
Rick Raisley
I tried it out, quickly, on my main product, and it will take a faaaar
better man than me to make any sense of the results. And I know what's in
there! The Pro version might do much better than the Lite, though, so I'll
no doubt switch to Machine Code.
It does pick apart BAS modules as well as FRMs, but whereas FRMs have
meaningful names for the routines (like Form)Load_4F9244), all subs and
functions in BAS modules are Unknown. So, without an comments, it's going
to be pretty hard to put together the pieces, I would think. Of course, this
is the first time I've looked at such a thing.
--
Regards,
Rick Raisley
Kinda caught me a bit off-guard a few months ago, too.
> Oh, and you said "that THIS one only works on FRM files". Does that mean
> there are others, that may do a better job?
This is the first one I was aware of that claimed to have any success with VB5/6
EXEs.
Anyway, like you, I think the code it produces is pretty much worse than useless, and anybody who's serious about reverse
engineering code will already have enough experience in Assembler, and the appropriate tools to directly examine (i.e. disassemble)
the compiled code. P-Code may take longer to reverse engineer, if you're unfamiliar with it and actually do it from the ground up,
but ultimately, anything is reverse-engineerable if you're willing to take the time.
Rob
"Rick Raisley" <heavymetal-A-T-bellsouth-D-O-T-net> wrote in message news:%23GnXd6D...@TK2MSFTNGP03.phx.gbl...
> but ultimately, anything is reverse-engineerable if you're
> willing to take the time.
Quite right. But then if you're clever enough to reverse engineer something
when it is stripped down to its most basic ingredients then you're clever
enough to engineer it in the first place, and probably clever enough to
improve on it. I think the Japanese must have taught us that by now!
Mike
> but ultimately, anything is reverse-engineerable if you're
> willing to take the time.
Quite right. But then if you're clever enough to reverse engineer something
Unfortunately, I lost it all the code a year or two later...don't remember the circumstances...accidental deletion or HD crash or
something. I just remember how crushed I was that all my hard work was down the drain.
Rob
"Mike Williams" <mi...@whiskyandCoke.com> wrote in message news:%23AT0DLF...@TK2MSFTNGP05.phx.gbl...
That's not a FWIW, it's a IMO and nobody asked you for your opinion of
me...so, zip it. Thanks in advance.
The results were barely reable when compliled as native.
I hate these damned things.
"Karl E. Peterson" <ka...@mvps.org> wrote in message
news:%2397NfPD...@TK2MSFTNGP06.phx.gbl...
"Mike Williams" <mi...@whiskyandCoke.com> wrote in message
news:%23AT0DLF...@TK2MSFTNGP05.phx.gbl...
Since when has anyone in this newsgroup ever waited to be asked before
providing an opinion?
<g>
-ralph
"Ralph" <nt_cons...@yahoo.com> wrote in message
news:OgHIQRGD...@TK2MSFTNGP06.phx.gbl...
Yes, I'm outspoken...but at least it's relevant. Who in the hell wants to
read 100,000 words of nonesense and personal history that has nothing to do
with nothing...and that's very rarely a good thing. FWIW.
"Ralph" <nt_cons...@yahoo.com> wrote in message
news:OgHIQRGD...@TK2MSFTNGP06.phx.gbl...
|
"Karl E. Peterson" <ka...@mvps.org> wrote in message
news:u0nqMIGD...@TK2MSFTNGP04.phx.gbl...
As one of the worse offenders I should be able to offer some kind of
defense. But I can not. <g>
-ralph
Rob
"Ralph" <nt_cons...@yahoo.com> wrote in message news:OD4AUNHD...@TK2MSFTNGP03.phx.gbl...
LOL
I liked that. Consider it stolen.
-ralph
>> Glad you agree. I just happened upon this thread, and Dave O's statement
>> that P-Code could be decompiled was the first I had ever heard of that.
>
> Kinda caught me a bit off-guard a few months ago, too.
Sorry to let the cat out, but I thought it was common knowledge (Otherwise
how would *I* know about it!)
Dave O.
Rob
"Ralph" <nt_cons...@yahoo.com> wrote in message news:uFpXbrID...@TK2MSFTNGP03.phx.gbl...
I never compile to p-code only ever to native code and the lite version
produces no really useful results - unless you know your asm very well.
I have to agree with Mike Williams than anyone good enough to use the
results to reverse engineer an app is good enough to write it!.
We should remember that Newtons 3rd law can be applied to things other than
forces e.g
for every development there is an equal and opposite develpment
This is the spur for creativity and ingenuity.
Why bemoan the fact that something has occurred that you do not like and be
happy that it has been brought to wider attention - re: Newton again
unfortunately!
FWIW and IMHO
dave
Knowledge trumps ignorance in nearly all cases. Cats, of this sort at any rate <g>,
need to run free.