Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Delphi and buffer overflows

Re: Delphi and buffer overflows

From: Alice Bryson <abryson_at_bytefocus.com>
Date: Wed, 12 Apr 2006 17:01:44 +0800

Decompile Delphi program is more harder than disasemble a VC program for me.
I use DeDe to decompile Delphi, but sometimes Anti-DeDe function of
Delphi program make DeDe not work.
Does anyone has some experience about decompile Delphi program?

2006/4/9, André Gil <andregil_at_di.fct.unl.pt>:
> Well, actually stating that something is secure because is compiled with
> Delphi or whatever other compiler is used I think is a really dangerous.
>
> What about race conditions? What about stuff like if x < 10 then (and what
> will happen if x for some reason is under 0 and that was never thought off
> while developing and reviewing?).
>
> What about not using least privilege?
>
> Well I guess you get the point. Stating something like that is just weird
> and dangerous.
>
> André
>
> ----- Original Message -----
> From: "Gadi Evron" <ge_at_linuxbox.org>
> To: <Valdis.Kletnieks_at_vt.edu>
> Cc: <Majid2k_at_SourceForge.net>; <vuln-dev_at_securityfocus.com>
> Sent: Wednesday, April 05, 2006 2:52 AM
> Subject: Re: Delphi and buffer overflows
>
>
> > Valdis.Kletnieks_at_vt.edu wrote:
> >> On Sat, 01 Apr 2006 12:46:06 GMT, Majid2k_at_SourceForge.net said:
> >>
> >>>All Programs compiled in Delphi are secure
> >>
> >>
> >> Explain. Do tell. How does a language manage to be Turing-complete and
> >> at the same time provably secure? (Hint - Turing-complete includes the
> >> possibility of a program infinite looping, so at the very least, there's
> >> the possibility of a loop causing a DoS attack....)
> >>
> >> Or did Delphi use some different definition of "secure"?
> >
> > Valdis, I tend to like Delphi and agree with the guy, but you are 100%
> > correct.
> >
> > That is because [especially] in the world of security the following words
> > should be banned: all, every, never, etc.
> >
> > I bet that if you put a backdoor into a program written in Delphi it will
> > no longer be 100% secure, right? That may be a bit of immature nitpicking,
> > but really..
> >
>
> 

--
http://www.lwang.org
lwang.org provides online base64 encode and decode, crc32 md5 and sha1
hashing, online ciphers, encryption and decryption. We are engaged in
adding more common use lookup service.
We collect spam for research at abryson_at_bytefocus.com
Received on Apr 12 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos