>Any of those settings is far larger than most VFP exes, which presumably explains why it's so reliable to extract the whole app from memory. By my understanding, you'd need to try pretty hard in 2021 to get VFP not to make the app memory resident.
>>I don't think that is true. An VFP EXE is not a real regular exe and won't be loaded into memory by default. When a class(lib) is not used or referenced in the app before a certain point, it won't be resident in memory.
Perhaps this is the case for a plain unprotected VFP exe... in which case a hacker can just use Refox to access encryption keys/database connection strings etc.
However, if your app is protected with Armadillo or any other protection that leaves the internal project intact, if you provide me with a copy then if I can provoke my own code to run in the VFP instance I should be able to read your whole app out of memory and give you the unprotected project in around 5 minutes.
"... They ne'er cared for us
yet: suffer us to famish, and their store-houses
crammed with grain; make edicts for usury, to
support usurers; repeal daily any wholesome act
established against the rich, and provide more
piercing statutes daily, to chain up and restrain
the poor. If the wars eat us not up, they will; and
there's all the love they bear us."
-- Shakespeare: Coriolanus, Act 1, scene 1
