Forum > General

Some observations on the use of RTTI

<< < (5/14) > >>

Thaddy:
Since today there is some better support for rtti in trunk. I would read the commit discussion if that solves your issue.

Note that $M+ works for anything that derives fromTPersistent, because that is compiled in $M+ mode. So not a default otherwise.

Bogen85:

--- Quote from: Joanna from IRC on October 20, 2024, 04:10:14 pm ---
--- Quote from: Fibonacci on October 20, 2024, 03:50:56 pm ---Another issue with RTTI is that it facilitates reverse engineering of the program. It's extremely frustrating to see all type names (classes, records), unit names, and even the program name (from the first line of code). There should be an option to limit RTTI to the absolute minimum when it's not used.

--- End quote ---
That concerns me too. Does anyone know what was the last version of fpc before rtti was introduced?

--- End quote ---

Not "facilitating" reverse engineering only makes it difficult for the beginner reverse engineers, not the advanced ones. With AI those that are beginners and want to be advanced, using AI to augment one's effort (if they don't get bogged down in wrong direction and are adaptive, eager, and willing to intelligently embrace and leverage AI) can make the lack of RTTI largely irrelevant.

While RTTI might be concerning to some, we are in the 2020s now, lack of RTTI is not going to stop ambitious reverse engineers, even if they are beginners.

Thaddy:
I do not think there is a real concern about rtti. Nowadays it is a firmly rooted part of languages like C++ and Object Pascal.
On the Pascal side it started with D1 and Lazarus had to provide for that since it's own day one too.
The reason that I do not see a security concern is merely that it allows a standard object streaming mechanism for compiled languages. And you will need that at some point. (ORM comes to mind)
If something can be compiled it follows that it can always be decompiled. For a devoted team of programmers that can sureley be done, but I have rarely seen proper decompilers for compiled languages that compile back to compilable sourcecode. But what they do provide is provide insight.

Joanna:
@bogen85 do you have a better way of preventing reverse engineering?

Thaddy:
Other than a complete criminal law article in every country's criminal law???
You would have to forbid compilers and hexbrowsers.(the latter the simplest form of decompiler)
It is simply silly.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version