[ACCEPTED]-Disassembling a DLL coded in Delphi -- how to start?-disassembly
Check PE File Explorer, this tool is amazing, is built 14 with Delphi, and has special support for 13 Delphi applications.
You can analyze, disassemble, edit 12 the resources
PE Explorer is the most feature-packed program 11 for inspecting the inner workings of your 10 own software, and more importantly, third 9 party Windows applications and libraries 8 for which you do not have source code. Once 7 you have selected the file you wish to examine, PE 6 Explorer will analyze the file and display 5 a summary of the PE header information, and 4 all of the resources contained in the 3 PE file. From here, the tool allows you 2 to explore the specific elements within an 1 executable file.
(source: pe-explorer.com)
You need a disassembler, like IDA Pro. They 4 have a free edition too. You'll get back machine code 3 (assembly), and you should be able to pick 2 out the function calls made to the Windows 1 API.
If you lost the source file and you really 12 only need to "get your work back", then 11 you might as well start re-coding it because 10 you're not going to get anything useful 9 out of decompiler. I haven't been able to 8 get anything re-compilable out of a decompiler 7 since the days of Ms-DOS COM files (not 6 to be confused with Windows COM!).
A modern 5 file, written in an high level language, ran 4 throw an optimizing compiler simply doesn't 3 include everything that's needed to reconstruct 2 the source code.
Examples, and it's just 1 the top of the iceberg:
- Delphi's optimizing linker will SKIP code that's not used. Ever noticed when you want to place an brakepoint on a line of code and when the program starts the brakepoint is ignored because the code has been optimized-out?
- Delphi's optimizing compiler has the option of doing all sorts of things with your code:
- It can inline procedures (so they're no longer where you wrote them, they're where the call is made).
- It can unwind "for" loops (so where you had an "for i:=1 to 10 do something" you now have "something; something; something;...".
- Local variables get optimized, addresses get reused.
- Data structures are aligned to whatever the rule of the day is. So your one word + 1 byte structures might have 4 or 8 bytes in memory, not 3 as you might expect.
- Code gets imported from other libraries. An DLL is not an DCU. A 3 lines DLL might actually import thousands of lines of code from those "uses" clauses.
You won't be able to get more than assembly 3 code, because Delphi is native unlike Java 2 or .Net Languages, where you can get a whole 1 bunch more of information.
More Related questions
We use cookies to improve the performance of the site. By staying on our site, you agree to the terms of use of cookies.