DLL Breakpoints not being hit with "remote debug symbols" option, why and any security risks with those?

Question

I had a big problem with breakpoints not being hit in a Delphi 6 DirectShow DLL. I would load the DLL (AX) in the IDE and run it with Graph Edit as the Host program and none of the breakpoints would trigger. I tried moving the FastMM4 DLL to the project directory, removed FastMM4 completely, turned Debug DCUs on and off, cleaned the project directories, unregistering and re-registering the DLL, everything I could think of. Nothing worked. Every time I ran the host program I saw my DLL load with the message "No debug info" in the event viewer. Then in a desperate Google search I found a post for C++ Builder that recommended trying the "remote debug symbols" linker option:

Project -> Options -> Linker (Tab) -> Exe and DLL options (group box) -> "Include Remote Debug Symbols" (checked it)

Suddenly my breakpoints started being hit. Here are my questions:

1) Why did this work? Is it because of the option or because this option triggered some other Compiler/Linker operation that fixed things? I would like to know so I can reliably fix this problem in the future when it happens again.

2) Are the remote debug symbols something a hostile programmer could use to deep trace my program? In other words, are they a security risk if left lying around?

Answer 1

1) It was because of the option. Without the debug symbol information, your IDE has no idea where to set your breakpoints. Debug DCUs has nothing to do with it -- that option links in a different set of VCL DCUs that contain debug information so you can set breakpoints. Helpful hint: depending on the version of Delphi, those DCUs are not, in fact, always in sync with their debug symbols.

2) Debug symbols/map files should not go out in a release, especially if the information handled by the program is sensitive in any way. This goes for any programming language.

If you need the ability to diagnose your software after it's release, incorporate exception, error, and assertion handling that gives you sufficient information to triage bugs from a log.