Protect C++ program against decompiling [duplicate

2020-03-26 04:21发布

问题:

This question already has an answer here:
Closed 7 years ago.

Possible Duplicate:
Is it possible to decompile C++ Builder exe? Is C++ Builder exe safe?

I use Microsoft Visual C++ 2010 Express to write my programs. When i want to distribute my program I compile it with 'Release' configuration and also I set the linker to not add debug information. So my question is, Is my executable safe or anyone can decompile it and see the source code? If it is unsafe, how can I prevent it from being decompiled?

回答1:

All programs can be decompiled to a degree. However, the vast bulk of the useful information in your source code is removed during compilation. The source code that a decompiler produces is a pale imitation of the original.

The variable names, function names, class names etc. will not be available after decompilation. So the best that a decompiler can do is to turn your functions that look like this:

double CalculateWidgetStrength(int WidgetType, int WidgetFrobishness);

into rather meaningless code like this:

double Function85(int p1, int p2);

And even succeeding in doing that much accurately can be very hard for a decompiler.



回答2:

Can anyone decompile it to see the original source code? Not likely, but the original source code isn't that important. For example:

int x = 1 - 1;

and

int x = 0;

will be equivalent in the binaries, but it doesn't really matter, does it?

For a large enough project, decompiling isn't really a concern, because you can't really make use of the generated code. It takes years to get to know even a small part of a large-scale project, taking into account you benefit from knowledge transfer, documentation and proper naming. I imagine it's impossible just with a decompiler.

For particular functionalities, yes, I imagine there's a risk, but one that can't be fully, 100% taken out.



回答3:

You cannot fully protect the code.

IMHO the time you spend protecting your code is better spent on making your product function rich and error free then do frequent releases. Making the code obfuscated in one way or the other has the potential to introduce hard to find bugs that become very difficult to fix.



回答4:

The only way to keep it "safe" in the way you imply is not to deploy it, i.e. you do a web service or some such. You can't make it safe from the people executing it without making it impossible for them to execute it.

Given what you've already done decompiling would require a amount significant effort, my question would be. Why would anyone bother, as it's likely that it would require more effort than simply "rolling your own"