How to Remove/Strip Debug Info of an exe? (Delphi)

There probably is no way to do that short of turning them off then recompiling.

If you don't have the source code then you probably are stuck with them.

mlmcc

the over way to do that ( source code ) is read the executable
the header information

find out by yourself the offsett of the debuginfotmation
it not that hard
and remove it on the executable by using overwrite the code with 90 (hexadezimal) for nop = no opertation code in assembler.

also
Have a look at the Jedi Code Library (http://delphi-jedi.org) link 'Code Library'.
JclPeImage should help you at least with parsing PE format.

ok, so the way I want to do that is the same way Pe-Explorer from heaventools.com is doing it, so I don't really want to overwrite with nop/90 cuz my main goal is to reduce size by removing debug info, pe-explorer do it very well, but I want to do it with my own tool, or maybe if someone has a third party tool that I could use in command line, it would do the job :)

thx

as i know the debug information are on the end of the pe structure so it should be possible just to cut it and the executable should still work without problems.

ok thx, now any some code example plz? I'm not that good in PE and such

so sorry no time for that right now. but as i told you

Have a look at the Jedi Code Library (http://delphi-jedi.org) link 'Code Library'.
there is a complete example about pe header
is located in \jcl\examples\windows\delphitools\peviewer.dpr

and provieds all the information you need.

Hi Marc582.

I'm not going to be a great help here but instead i'm going to make another suggestion based on your comments :)

You said that if someone has a third party tool that you could use in command line, it would do the job...

Just execute the stripreloc...
I will attach the code i've tested ... It can patch my own executable in runtime.
You know where to find StripReloc.


Also there is a nice tut here :
http://www.addict3d.org/news/256/.html
Also some C code of how to remove the relocation,debug info and other useless sections here :
http://www.programmersheaven.com/2/PE-Protector#eliminate
Also check this out... it has sources ... Again in C :
http://www.codeguru.com/cpp/w-p/win32/security/article.php/c11393__2/
Check the peviewer and check your application you'll find the TLS directory table


If you finally do this remember that some application were build with borland compiler...
So pay attention in Thread Local Storage (TLS) you cannot remove this... You need 2 strippers !
One for MS and one for Borland.


Hope this helps :)

function RunApp(const aCmd: string; aWait: boolean; aShowMode: integer): DWORD;
var
  StartUpInfo: TStartUpInfo;
  ProcessInfo: TProcessInformation;
  WaitCode: DWORD;
begin
  Result := 0;
  ZeroMemory(@StartupInfo, SizeOf(TStartupInfo));
  StartUpInfo.cb := SizeOf(StartUpInfo);
  StartUpInfo.wShowWindow := aShowMode;
  StartUpInfo.dwFlags := STARTF_USESHOWWINDOW;
  ZeroMemory(@ProcessInfo, SizeOf(TProcessInformation));
  Win32Check((CreateProcess(nil, PChar(aCmd), nil, nil, False, NORMAL_PRIORITY_CLASS,
  nil, nil, StartUpInfo, ProcessInfo)));
  try
    if aWait then
    begin
      repeat
        WaitCode := WaitForSingleObject(ProcessInfo.hProcess, 10000);
        Win32Check(WaitCode <> WAIT_FAILED);
        if WaitCode = WAIT_TIMEOUT then
        begin
          if MessageDlg('This is a test', mtWarning, [mbYes, mbNo], 0) <> mrYes then
            Break;
        end
        else
          Break;
      until
        False;
      Win32Check(GetExitCodeProcess(ProcessInfo.hProcess, Result));
    end;
  finally
    CloseHandle(ProcessInfo.hThread);
    CloseHandle(ProcessInfo.hProcess);
  end;
end;
 
procedure TForm1.Button1Click(Sender: TObject);
begin
   RunApp('stripreloc 1.exe',true,0); //1 : Visible , 0:Hidden
end;

Select allOpen in new window

Hi CodedK, thx for your message, I didn't try your code yet, but based on the name "stripreloc", are you sure this tool just not strip relocation table?

I already know how to strip reloc, what I need is to strip debug info (It's 2 differents things)

Hi Marc582... Goodmorning.
Its not that i dont read the questions...
Its that sometimes i have 2 or 3 things in my mind and in the end they blend ! :/

Anyway i thing i gave you a link to command line tool. The name is Lipo32 (from liposuction).
Download from here :
http://www.wheaty.net/lipo32.zip (with C sources)
Original article :
http://www.microsoft.com/msj/archive/S572.aspx

I thing this is what you want... I'm writing from work right now and i cant check it ... Forgive me if i'm wrong again !

thx, ok check, here is an exe with debug info (760kb), after debug removed by PE Explorer from heaventools.com, the exe become 728 kb, I tried your tool on it, doesn't seem to work :S

the file with debug info:

File: wircd.rar
DownloadLink: http://rapidshare.com/files/87474826/wircd.rar

P.S. it's a direct download link

still looking for a solution for removing debug information of a compiled executable

ok the last advice for that, as i told i don't have the time to code. have a job and shitt :)

so:
read the file into a stream.
declare this in you form/procedure  variable

       DOSHeader       : IMAGE_DOS_HEADER      ;
       PEHeader           : IMAGE_NT_HEADERS      ;
       SectionHeader   : IMAGE_SECTION_HEADER  ;

      stream.ReadBuffer (DOSHeader, Sizeof(DOSHeader));
      you have the header

set the stream position to DOSHeader._lfanew

and read the NTheader
      stream.ReadBuffer (PEHeader, Sizeof(PEHeader));

the peheader signature should be  IMAGE_NT_SIGNATURE if not is not a executable

so now you have the section in you peheader variable
 for .... to  PEHeader.FileHeader.NumberOfSections-1

 the .debug should be the last one check it. the name is stored in
  PEHeader.sectionheader.Name
 the begining in
  SectionHeader.PointerToRawData
and the end in
or somthing like that, sorry can't have all in my mind :)


make a for i : 0 to PEHeader.FileHeader.NumberOfSections-1
and create the executable as a new one except the .debug section.

this should work if not, you need to reallocate the some other section.
but i don'T thinks so.


have fun.

i'm sorry, small additional
when you cut the debuginfo you also need to rebuild :
.peheader
.text section
.reloc section

and than you done.

debug is not a section... it's a directory in a section, so I can't just delete a section, I'm still searching help...

there is this class in JVCL help

The TJclPeDebugList represent the debug section of an image file.

Unit
JclPeImage

Pascal
TJclPeDebugList = class(TJclPeImageBaseList);
Description
The TJclPeDebugList represent the debug section of an image file.

Donator
Petr Vones


with that, I can get the debug directory I guess

now how can I delete it?


if someone wants to try code on a file with debug info,

here is an exe with debug info (760kb), after debug removed, the exe become 728 kb

> debug is not a section... it's a directory in a section, so I can't just delete a section, I'm still searching help...

the .debug information pointer are stored in the sectionheader of the excecutable
and the debug info is an section of the executable.

read my post from 02.07.2008 at 03:15PM CET to know how to delete it.

ok I see, but still, how to rebuild those pe header? don't you have a code snippet?

thx in advance

Forced accept.

Computer101
EE Admin