Is it easier to reverse engineer or break a Delphi program if the exe file was compiled with debug compiler settings?

Question

if I accidentally forget to switch to release configuration before releasing my program, does it matter in terms of it being easier to decompile or reverse engineer my code?

For example if I accidentally use the following debug compiler options:

1. Compiling:
    - StackFrames = True

2.  Debugging
    - Debug information = Debug information
    - Local Symbols = True
    - Symbol Reference info = Reference Info

3.  Linking
    - Map File = Detailed

I have read help and from what I can tell it doesn't make much difference unless the map file is also somehow released with the binary file, so I wonder how much a difference it makes if someone has the map file?

Answer 1

Let's clarify one by one the options you've mentioned:

• Compiling > Stack frames: Stack frames are only needed for debugging (and maybe to generate stack traces for error reporting, as mentioned by @DavidHeffernan in the comments). Even if you enable it in release builds, that won't be very helpful for reverse engineering.
• Debugging > Debug information: With this option set, the debug information is compiled inside the DCUs to help debugging inside the IDE. It's not linked into the exe, so it's obvious that it won't help reverse engineering.
• Debugging > Local symbols: With this option set, the compiler includes basic symbol information in the debug info, but again, it only helps when debugging on the IDE and it's not linked into the final exe.
• Debugging > Symbol reference info > Reference info: Additionally to the previous option, this one includes detailed information about unit-local symbols (variables, constants, classes and so forth) to aid in debugging. They're also not linked into the final exe.
• Linking > Map file > Detailed: With this option set, the linker will create a detailed .map file containing all the information (type, name, address, size, etc.) about program's symbols, so, of course it would be helpful for reverse engineering IF you distribute this file along with your exe (as stated by @RemyLebeau in the comments).

There's also the option to generate remote debug symbols, as pointed by @dummzeuch:

• Linker > Include remote debug symbols: This option tells the linker to generate a .rsm file, it's the Delphi equivalent of Microsoft's .pdb Program Database Files. If you distribute this file, you could be on real trouble, because one could easily debug your application, visualize symbols, functions and procedures, single-step your code and so on.

Also, I think it's important to say that .map files are not equivalent to .pdb files. For Delphi Win32, .rsm is the equivalent. I have not worked with Delphi for years, but as far as I can remember, no Delphi Win32 version can generate .pdb files. Only Delphi for .NET can.

That said, let's go back to your questions:

I wonder how much a difference it makes if someone has the map file?

Reverse engineering would be much easier having a .map file. I've seen some tools in the past that can even convert a .map file to a .dbg file for use with a debugger.

Is it easier to reverse engineer or break a Delphi program if the exe file was compiled with debug compiler settings?

Well, one important (and maybe the most noticeable) characteristic of Debug builds is the bigger exe size. That's mainly because in the Debug configuration the compiler disables a number of code optimizations in order to facilitate code debugging. There's also a lot of debug-conditional code (eg.: inside {$IFDEF DEBUG} directives) that gets linked into the exe.

As a side effect, the code generated by a Debug build is much easier to reverse engineer because it's simpler to understand.