All geek questions in one place

The internal structure of executable files compiled using Delphi

We are reversing Delphi's internal structures, does anyone know any good resource or other details about how Delphi executables are compiled and linked to each other, and what is the layout of the various parts inside the final exe.

I am not looking for high-level information, for example, it has n sections.

I was looking for something (the following is โ€œcompiledโ€), as the โ€œ.textโ€ section has 3 parts:

  • data (a)
  • index table (b)
  • the code alternates with data that can be identified using mechanism (c)

etc., etc.

Ok, I'm looking for links or knowledge about structures. I already have the tools mentioned below, and a ton more to help with reverse engineering from scratch.

I should have mentioned that I know a resource layout that is well documented. These are internal compiled structures embedded in sections of code and data that I use. (for example, how RTTI information is compiled, where comparisons are made between event handlers and form resources, etc.).

+4
source share
4 answers

Start by using existing tools such as IDR (Interactive Delphi Reconstructor) and IDA (Interactive Disassembler) and the already mentioned PE Explorer .

I would also suggest compiling some simple executables and learning how to disassemble them.

+6
source

The most identifiable parts of a Delphi or C ++ Builder executable are resources.

They will contain a resource section called RCDATA. This section contains the following:

  • A section called DVCLAL that identifies the compiler SKU, for example Personal, Professional, or Enterprise.
  • A section called PACKAGEINFO that contains a list of units contained and a flag for Delphi or C ++ Builder
  • Individual resources for each DFM.

In some settings, compressors, such as UPX, can hide these resources, so you wonโ€™t be able to see them unless you unzip the executable.

+5
source

It might be worth a look at the JEDI JCL. IIRC their tracking tools (jcldebug unit?) Open binaries to recover debug information. At the very least, he would teach global file structure.

Some bits may be version specific to the delphi version.

Downloading a trial version of PE-Explorer may be a good start.

+4
source

You can find all types in the Delphi module (exe or dll), because they are always added by a pointer to the structure itself. You can create a small application and scan exe to see for yourself how to get this information. With the type information, good information comes about where the units are / where the methods are, etc. Etc.

Combine this information with available resources (a good resource viewer can decode binary resources in the text for all forms / frames / datamodule).

Now, if you disassembled the application, you can use the information from the / typeinfo resources to determine the found assembly code.

0
source

Source: https://habr.com/ru/post/1343371/

More articles:


All Articles