in reply to DB -> C++ -> XS/Swig -> DBI -> Perl
Distributing object code is not security. Use a disassembler, or debugger with asm level breakpoints. Put a breakpoint on the start of the asm code of the db connection function call. Look at register esp/rsp, and the C prototype of the db connect function. Look at the C stack as 4/8byte int arrays. On entry to the C function, esp/rsp will be -4/-8 from return address or on the return address, Work your way numerically upwards from the pointer in reg esp. One of those will a string pointer with the db username and password.