Marc582
asked on
How to Remove/Strip Debug Info of an exe? (Delphi)
Hi all,
How to Remove/Strip Debug Info of an exe in Delphi?
NOTE that I know how to remove the debug info of my project, what I want to do is to be able to remove/strip debug info of any compiled exe.
500 points for this one,
thanx in advance
How to Remove/Strip Debug Info of an exe in Delphi?
NOTE that I know how to remove the debug info of my project, what I want to do is to be able to remove/strip debug info of any compiled exe.
500 points for this one,
thanx in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
the over way to do that ( source code ) is read the executable
the header information
find out by yourself the offsett of the debuginfotmation
it not that hard
and remove it on the executable by using overwrite the code with 90 (hexadezimal) for nop = no opertation code in assembler.
also
Have a look at the Jedi Code Library (http://delphi-jedi.org) link 'Code Library'.
JclPeImage should help you at least with parsing PE format.
the header information
find out by yourself the offsett of the debuginfotmation
it not that hard
and remove it on the executable by using overwrite the code with 90 (hexadezimal) for nop = no opertation code in assembler.
also
Have a look at the Jedi Code Library (http://delphi-jedi.org) link 'Code Library'.
JclPeImage should help you at least with parsing PE format.
ASKER
ok, so the way I want to do that is the same way Pe-Explorer from heaventools.com is doing it, so I don't really want to overwrite with nop/90 cuz my main goal is to reduce size by removing debug info, pe-explorer do it very well, but I want to do it with my own tool, or maybe if someone has a third party tool that I could use in command line, it would do the job :)
thx
thx
as i know the debug information are on the end of the pe structure so it should be possible just to cut it and the executable should still work without problems.
ASKER
ok thx, now any some code example plz? I'm not that good in PE and such
so sorry no time for that right now. but as i told you
Have a look at the Jedi Code Library (http://delphi-jedi.org) link 'Code Library'.
there is a complete example about pe header
is located in \jcl\examples\windows\delp hitools\pe viewer.dpr
and provieds all the information you need.
Have a look at the Jedi Code Library (http://delphi-jedi.org) link 'Code Library'.
there is a complete example about pe header
is located in \jcl\examples\windows\delp
and provieds all the information you need.
Hi Marc582.
I'm not going to be a great help here but instead i'm going to make another suggestion based on your comments :)
You said that if someone has a third party tool that you could use in command line, it would do the job...
Just execute the stripreloc...
I will attach the code i've tested ... It can patch my own executable in runtime.
You know where to find StripReloc.
Also there is a nice tut here :
http://www.addict3d.org/news/256/.html
Also some C code of how to remove the relocation,debug info and other useless sections here :
http://www.programmersheaven.com/2/PE-Protector#eliminate
Also check this out... it has sources ... Again in C :
http://www.codeguru.com/cpp/w-p/win32/security/article.php/c11393__2/
Check the peviewer and check your application you'll find the TLS directory table
If you finally do this remember that some application were build with borland compiler...
So pay attention in Thread Local Storage (TLS) you cannot remove this... You need 2 strippers !
One for MS and one for Borland.
Hope this helps :)
I'm not going to be a great help here but instead i'm going to make another suggestion based on your comments :)
You said that if someone has a third party tool that you could use in command line, it would do the job...
Just execute the stripreloc...
I will attach the code i've tested ... It can patch my own executable in runtime.
You know where to find StripReloc.
Also there is a nice tut here :
http://www.addict3d.org/news/256/.html
Also some C code of how to remove the relocation,debug info and other useless sections here :
http://www.programmersheaven.com/2/PE-Protector#eliminate
Also check this out... it has sources ... Again in C :
http://www.codeguru.com/cpp/w-p/win32/security/article.php/c11393__2/
Check the peviewer and check your application you'll find the TLS directory table
If you finally do this remember that some application were build with borland compiler...
So pay attention in Thread Local Storage (TLS) you cannot remove this... You need 2 strippers !
One for MS and one for Borland.
Hope this helps :)
function RunApp(const aCmd: string; aWait: boolean; aShowMode: integer): DWORD;
var
StartUpInfo: TStartUpInfo;
ProcessInfo: TProcessInformation;
WaitCode: DWORD;
begin
Result := 0;
ZeroMemory(@StartupInfo, SizeOf(TStartupInfo));
StartUpInfo.cb := SizeOf(StartUpInfo);
StartUpInfo.wShowWindow := aShowMode;
StartUpInfo.dwFlags := STARTF_USESHOWWINDOW;
ZeroMemory(@ProcessInfo, SizeOf(TProcessInformation));
Win32Check((CreateProcess(nil, PChar(aCmd), nil, nil, False, NORMAL_PRIORITY_CLASS,
nil, nil, StartUpInfo, ProcessInfo)));
try
if aWait then
begin
repeat
WaitCode := WaitForSingleObject(ProcessInfo.hProcess, 10000);
Win32Check(WaitCode <> WAIT_FAILED);
if WaitCode = WAIT_TIMEOUT then
begin
if MessageDlg('This is a test', mtWarning, [mbYes, mbNo], 0) <> mrYes then
Break;
end
else
Break;
until
False;
Win32Check(GetExitCodeProcess(ProcessInfo.hProcess, Result));
end;
finally
CloseHandle(ProcessInfo.hThread);
CloseHandle(ProcessInfo.hProcess);
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
RunApp('stripreloc 1.exe',true,0); //1 : Visible , 0:Hidden
end;
ASKER
Hi CodedK, thx for your message, I didn't try your code yet, but based on the name "stripreloc", are you sure this tool just not strip relocation table?
I already know how to strip reloc, what I need is to strip debug info (It's 2 differents things)
I already know how to strip reloc, what I need is to strip debug info (It's 2 differents things)
Hi Marc582... Goodmorning.
Its not that i dont read the questions...
Its that sometimes i have 2 or 3 things in my mind and in the end they blend ! :/
Anyway i thing i gave you a link to command line tool. The name is Lipo32 (from liposuction).
Download from here :
http://www.wheaty.net/lipo32.zip (with C sources)
Original article :
http://www.microsoft.com/msj/archive/S572.aspx
I thing this is what you want... I'm writing from work right now and i cant check it ... Forgive me if i'm wrong again !
Its not that i dont read the questions...
Its that sometimes i have 2 or 3 things in my mind and in the end they blend ! :/
Anyway i thing i gave you a link to command line tool. The name is Lipo32 (from liposuction).
Download from here :
http://www.wheaty.net/lipo32.zip (with C sources)
Original article :
http://www.microsoft.com/msj/archive/S572.aspx
I thing this is what you want... I'm writing from work right now and i cant check it ... Forgive me if i'm wrong again !
ASKER
thx, ok check, here is an exe with debug info (760kb), after debug removed by PE Explorer from heaventools.com, the exe become 728 kb, I tried your tool on it, doesn't seem to work :S
the file with debug info:
File: wircd.rar
DownloadLink: http://rapidshare.com/files/87474826/wircd.rar
P.S. it's a direct download link
the file with debug info:
File: wircd.rar
DownloadLink: http://rapidshare.com/files/87474826/wircd.rar
P.S. it's a direct download link
ASKER
still looking for a solution for removing debug information of a compiled executable
ok the last advice for that, as i told i don't have the time to code. have a job and shitt :)
so:
read the file into a stream.
declare this in you form/procedure variable
DOSHeader : IMAGE_DOS_HEADER ;
PEHeader : IMAGE_NT_HEADERS ;
SectionHeader : IMAGE_SECTION_HEADER ;
stream.ReadBuffer (DOSHeader, Sizeof(DOSHeader));
you have the header
set the stream position to DOSHeader._lfanew
and read the NTheader
stream.ReadBuffer (PEHeader, Sizeof(PEHeader));
the peheader signature should be IMAGE_NT_SIGNATURE if not is not a executable
so now you have the section in you peheader variable
for .... to PEHeader.FileHeader.Number OfSections -1
the .debug should be the last one check it. the name is stored in
PEHeader.sectionheader.Nam e
the begining in
SectionHeader.PointerToRaw Data
and the end in
or somthing like that, sorry can't have all in my mind :)
make a for i : 0 to PEHeader.FileHeader.Number OfSections -1
and create the executable as a new one except the .debug section.
this should work if not, you need to reallocate the some other section.
but i don'T thinks so.
have fun.
so:
read the file into a stream.
declare this in you form/procedure variable
DOSHeader : IMAGE_DOS_HEADER ;
PEHeader : IMAGE_NT_HEADERS ;
SectionHeader : IMAGE_SECTION_HEADER ;
stream.ReadBuffer (DOSHeader, Sizeof(DOSHeader));
you have the header
set the stream position to DOSHeader._lfanew
and read the NTheader
stream.ReadBuffer (PEHeader, Sizeof(PEHeader));
the peheader signature should be IMAGE_NT_SIGNATURE if not is not a executable
so now you have the section in you peheader variable
for .... to PEHeader.FileHeader.Number
the .debug should be the last one check it. the name is stored in
PEHeader.sectionheader.Nam
the begining in
SectionHeader.PointerToRaw
and the end in
or somthing like that, sorry can't have all in my mind :)
make a for i : 0 to PEHeader.FileHeader.Number
and create the executable as a new one except the .debug section.
this should work if not, you need to reallocate the some other section.
but i don'T thinks so.
have fun.
i'm sorry, small additional
when you cut the debuginfo you also need to rebuild :
.peheader
.text section
.reloc section
and than you done.
when you cut the debuginfo you also need to rebuild :
.peheader
.text section
.reloc section
and than you done.
ASKER
debug is not a section... it's a directory in a section, so I can't just delete a section, I'm still searching help...
ASKER
there is this class in JVCL help
The TJclPeDebugList represent the debug section of an image file.
Unit
JclPeImage
Pascal
TJclPeDebugList = class(TJclPeImageBaseList) ;
Description
The TJclPeDebugList represent the debug section of an image file.
Donator
Petr Vones
with that, I can get the debug directory I guess
now how can I delete it?
if someone wants to try code on a file with debug info,
here is an exe with debug info (760kb), after debug removed, the exe become 728 kb
The TJclPeDebugList represent the debug section of an image file.
Unit
JclPeImage
Pascal
TJclPeDebugList = class(TJclPeImageBaseList)
Description
The TJclPeDebugList represent the debug section of an image file.
Donator
Petr Vones
with that, I can get the debug directory I guess
now how can I delete it?
if someone wants to try code on a file with debug info,
here is an exe with debug info (760kb), after debug removed, the exe become 728 kb
> debug is not a section... it's a directory in a section, so I can't just delete a section, I'm still searching help...
the .debug information pointer are stored in the sectionheader of the excecutable
and the debug info is an section of the executable.
read my post from 02.07.2008 at 03:15PM CET to know how to delete it.
the .debug information pointer are stored in the sectionheader of the excecutable
and the debug info is an section of the executable.
read my post from 02.07.2008 at 03:15PM CET to know how to delete it.
ASKER
ok I see, but still, how to rebuild those pe header? don't you have a code snippet?
thx in advance
thx in advance
Forced accept.
Computer101
EE Admin
Computer101
EE Admin
If you don't have the source code then you probably are stuck with them.
mlmcc