反编译delphi_反编译Delphi(13)
反编译delphi
Simply speaking, decompilation is the inver of compilation: translating an executable file into a higher level language.
简⽽⾔之,反编译是编译的反⾯:将可执⾏⽂件翻译成⾼级语⾔。
第二的英文Suppo you lo your Delphi project's source and you only have the executable file: rever engineering (decompilation) is uful if the original sources are not available.
假设您丢失了Delphi项⽬的源代码,并且只有可执⾏⽂件:如果原始源不可⽤,则逆向⼯程(反编译)很有⽤。
Hm, "sources not available", does this mean that we can decompile other people's Delphi projects? Well, yes
嗯,“资源不可⽤”,这是否意味着我们可以反编译他⼈的Delphi项⽬? 好吧,是的,不是...
真正的反编译可能吗? ( Is True Decompilation Possible? )
No, of cour not. Fully automated decompilation is not possible - no decompiler could exactly reproduce the original
source code.
不,当然不是。 不可能进⾏全⾃动反编译-没有反编译器可以准确地复制原始源代码。
When a Delphi project is compiled and linked to produce a standalone executable file, most of the names ud in the program are converted to address. This loss of names means that a decompiler would have to create unique names for all the constants, variables, functions, and procedures. Even if a certain degree of success is achieved, the generated "source code" lacks meaningful variable and function names.Obviously, source language syntax no longer exists in the executable. It would be very difficult for a decompiler to interpret the ries of machine language instructions (ASM) that exist in an executable file and decide what the original source instruction was.
编译并链接Delphi项⽬以⽣成独⽴的可执⾏⽂件时,该程序中使⽤的⼤多数名称都将转换为地址。 名称的丢失意味着反编译器将必须为所有常量,变量,函数和过程创建唯⼀的名称。 即使取得了⼀定程度的成功,⽣成的“源代码”也缺少有意义的变量和函数名。显然,可执⾏⽂件中不再存在源语⾔语法。
反编译器很难解释可执⾏⽂件中存在的⼀系列机器语⾔指令(ASM),并决定原始源指令是什么。
为什么以及何时使⽤反编译 ( Why and When to U Decompilation )
Rever engineering can be ud for a veral reasons, some of which are:绳子英文
可以使⽤逆向⼯程有⼏个原因,其中⼀些是:
Recovery of lost source code
恢复丢失的源代码
Migration of applications to a new hardware platform
将应⽤程序迁移到新的硬件平台
Determination of the existence of virus or malicious code in the program
确定程序中是否存在病毒或恶意代码
Error correction when the owner of the application is not available to make the correction.
应⽤程序所有者⽆法进⾏更正时的错误更正。
Recovery of someone el's source code (to determine an algorithm for example).
汽车销售技巧恢复他⼈的源代码(例如确定算法)。
这合法吗? ( Is This Legal? )
Rever engineering is NOT cracking, although it is sometimes difficult to draw the fine line between tho two. Computer programs are protected by copyright and trademark laws. Different countries have different exceptions to the copyright owner's rights. The most common ones state that it is ok to decompile: for the purpos of interpretability where the interface specification has not been made available, for the purpos of error correction where the owner of the copyright is not available to make the correction, to determine parts of the program that are not protected by copyright. Of cour you should be very careful / contact your lawyer if you are in doubt whether you are permitted to disasmble some program's exe file.
leader是什么意思
尽管有时很难在这两者之间划清界限,但逆向⼯程并⾮⽆懈可击。 计算机程序受版权法和商标法保护。 不同国家/地区的版权拥有者权利有不同的例外。 最常见的情况是可以进⾏反编译:出于⽆法提
供接⼝规范的可解释性⽬的,出于纠错的⽬的(没有版权拥有者的纠错权),确定部分内容该程序不受版权保护。 当然,如果您不确定是否允许反汇编某些程序的exe⽂件,您应该格外⼩⼼/与您的律师联系。
Note: if you are looking for Delphi cracks, key generators or just rial numbers: you are on the wrong site. Plea bear in mind that everything you find here is written/prented for exploration / educational purpos only.
注意 :如果您正在寻找Delphi裂纹,密钥⽣成器或只是序列号:您的位置不正确。 请记住,您在此处找到的所有内容均仅出于探索/教育⽬的⽽编写/呈现。
For the moment, Borland does not offer any product capable of decompiling an executable (.exe) file or the "Delphi
compiled unit" (.dcu) back to the original source code (.pas).
⽬前,Borland不提供任何能够将可执⾏⽂件(.exe)或“ Delphi编译单元”(.dcu)反编译为原始源代码(.pas)的产品。
Delphi编译单元(DCU) ( Delphi Compiled Unit (DCU) )
When a Delphi project is compiled or run a compiled unit (.pas) file is created. By default the compiled version of each unit is stored in a parate binary-format file with the same name as the unit file, but with the extension .DCU. For example
unit1.dcu contains the code and data declared in the unit1.pas file.
编译或运⾏Delphi项⽬时,将创建⼀个已编译单元(.pas)⽂件。 默认情况下,每个单元的编译版本存储在⼀个单独的⼆进制格式⽂件中,该⽂件与该单元⽂件具有相同的名称,但扩展名为.DCU。 例如,unit1.dcu包含在unit1.pas⽂件中声明的代码和数据。
This means that if you have someones, for example, component compiled source all you have to do is to rever it and get the code. Wrong. The DCU file format is undocumented (proprietary format) and may change from version to version.
这意味着,例如,如果有⼈,则组件编译的源代码要做的就是将其反转并获取代码。 错误。 DCU⽂件格式是未记录的(专有格式),并且可能因版本⽽异。
编译之后:Delphi逆向⼯程 ( After the Compiler: Delphi Rever Engineering )
If you would like to try to decompile a Delphi executable file, the are some of the things you should
间隔年know:
如果您想尝试反编译Delphi可执⾏⽂件,则应了解以下⼏点:
Delphi programs source files are usually stored in two file types: ASCII code files (.pas, .dpr), and resource files (.res, .rc,
.dfm, .dcr). Dfm files contain the details (properties) of the objects contained in a form. When creating , Delphi copies information in .dfm files into the finished .exe code file. Form files describe each component in your form, including the values of all persistent properties. Every time we change a form's position, a button's caption or assign an event procedure to a component, Delphi writes tho modifications in a DFM file (not the code of the event procedure - this is stored in the pas/dcu file). In order to get the "dfm" from the executable file we need to understand what type of resources are stored inside a Win32 executable.
Delphi程序的源⽂件通常以两种⽂件类型存储:ASCII代码⽂件(.pas,.dpr)和资源⽂件(.res,.rc,.dfm,.dcr)。 Dfm⽂件包含表单中包含的对象的详细信息(属性)。 创建 ,Delphi将.dfm⽂件中的信息复制到完成的.exe代码⽂件中。 表单⽂件描述了表单中的每个组件,包括所有持久属性的值。 每次我们更改表单的位置,按钮的标题或向组件分配事件过程时,Delphi都会将这些修改写⼊DF
M⽂件中(⽽不是事件过程的代码-该⽂件存储在pas / dcu⽂件中)。 为了从可执⾏⽂件中获取“ dfm”,我们需要了解Win32可执⾏⽂件中存储了哪些类型的资源。
All programs compiled by Delphi have the following ctions : CODE, DATA, BSS, .idata, tls, .rdata, .rsrc. The most important from decompiling point of view are the CODE and .rsrc ctions. In the "" article some interesting facts about Delphi executables format, class info and DFM resources are shown: how to reassign events to be handled by other event handlers defined in the same form. Even more: how to add your own event handler, adding the code to the executable, that will change the caption of a button.
Delphi编译的所有程序都有以下部分:CODE,DATA,BSS,.idata,tls,.rdata,.rsrc。 从反编译的⾓度来看,最重要的是CODE
和.rsrc节。 在“ ”⼀⽂中,显⽰了有关Delphi可执⾏⽂件格式,类信息和DFM资源的⼀些有趣的事实:如何重新分配由相同格式定义的其他事件处理程序处理的事件。 更重要的是:如何添加⾃⼰的事件处理程序,将代码添加到可执⾏⽂件中,这将更改按钮的标题。
Among many types of resources that are stored in an exe file, the RT_RCDATA or the Application-defined resource (raw data) holds the information that were in the DFM file before the compilation. In
order to extract the DFM data from an exe file we can call the EnumResourceNames For more information on extracting DFM from an executable go e: article.
在exe⽂件中存储的多种资源中,RT_RCDATA或应⽤程序定义的资源(原始数据)保存编译前DFM⽂件中的信息。 为了从exe⽂件中提取DFM数据,我们可以调⽤EnumResourceNames API函数...有关从可执⾏⽂件中提取DFM的更多信息,请参见: 编写 ⽂章。
The art of rever engineering has traditionally been the land of technical wizards, familiar with asmbly language and debuggers. Several Delphi decompilers have appeared that allow anybody, even with limited technical knowledge, to rever engineer most Delphi executable files.
逆向⼯程的艺术传统上⼀直是技术向导的领域,他们熟悉汇编语⾔和调试器。 已经出现了⼏种Delphi反编译器,即使没有⾜够的技术知识,任何⼈都可以对⼤多数Delphi可执⾏⽂件进⾏反向⼯程。
If you are interested in rever engineering Delphi programs I suggest you to take a look at the following few "decompilers":
如果您对反向⼯程Delphi程序感兴趣,建议您看⼀下以下⼏个“反编译器”:
( )
之间英文A decompiler of executable files (EXE) and (DLL), written in Delphi and executed in Windows32 environment. Final project goal is development of the program capable to restore the most part of initial Delphi from the compiled file but IDR, as well as others Delphi decompilers, cannot do it yet. Nevertheless, IDR is in a status considerably to facilitate such process. In comparison with other well known Delphi decompilers the result of IDR analysis has the greatest completeness and reliability.
clear是什么意思
艾美奖美剧⽤Delphi编写并在Windows32环境中执⾏的可执⾏⽂件(EXE)和 (DLL)的反编译器。 项⽬的最终⽬标是开发能够从编译的⽂件中还原⼤部分初始Delphi 的程序,但IDR以及其他Delphi反编译器尚⽆法做到。 但是,IDR处于⼤⼤促进这⼀过程的状态。 与其他著名的Delphi反编译器相⽐,IDR分析的结果具有最⼤的完整性和可靠性。
mother s day( )
Revendepro finds almost all structures (class, types, procedures, etc) in the program, and generates the pascal reprentation, procedures will be written in asmbler. Due to some limitation in asmbler the generated output can not
be recompiled. The source to this decompiler is freely available. Unfortunately this is the only one decompiler I was not able to u - it prompts with an exception when you try to decompile some Del
phi executable file.
Revendepro会在程序中找到⼏乎所有结构(类,类型,过程等),并⽣成pascal表⽰形式,过程将⽤汇编器编写。 由于汇编程序的某些限制,⽣成的输出⽆法重新编译。 该反编译器的源可免费获得。 不幸的是,这是我唯⼀⽆法使⽤的反编译器-当您尝试反编译某些Delphi可执⾏⽂件时,它会异常提⽰。
( )
EMS Source Rescuer is an easy-to-u wizard application which can help you to restore your lost source code. If you lo your Delphi or C++Builder project sources, but have an executable file, then this tool can rescue part of lost sources. Rescuer produces all project forms and data modules with all assigned properties and events. Produced event procedures don't have a body (it is not a decompiler), but have an address of code in executable file. In most cas Rescuer saves 50-90% of your time to project restoration.
EMS Source Rescuer是⼀个易于使⽤的向导应⽤程序,可以帮助您恢复丢失的源代码。 如果您丢失了Delphi或C ++ Builder项⽬源,但是具有可执⾏⽂件,则此⼯具可以挽救部分丢失的源。 Rescuer⽣成具有所有分配的属性和事件的所有项⽬表单和数据模块。 产⽣的事件过程没有主体(它不是反编译器),但是在可执⾏⽂件中具有代码地址。 在⼤多数情况下,Rescuer可以节省50-90%的时间来恢复
项⽬。
( )
DeDe is a very fast program that can analyze executables compiled with Delphi. After decompilation DeDe gives you the following:
DeDe是⼀个⾮常快速的程序,可以分析使⽤Delphi编译的可执⾏⽂件。 反编译后,DeDe为您提供以下内容:All dfm files of the target. You will be able to open and edit them with Delphi.
⽬标的所有dfm⽂件。 您将能够使⽤Delphi打开和编辑它们。
All published methods in well commented ASM code with references to strings, imported function calls, class
unwrittenmethods calls, components in the unit, Try-Except and Try-Finally blocks. By default DeDe retrieves only the published methods sources, but you may also process another procedure in a executable if you know the RVA offt using the Tools|Disasmble Proc menu.
在注释良好的ASM代码中发布的所有⽅法,均引⽤字符串,导⼊的函数调⽤,类⽅法调⽤,单元中的
组件,Try-Except和Try-Finally 块。 默认情况下,DeDe仅检索已发布的⽅法源,但是如果您知道使⽤Tools | Disasmble Proc菜单的RVA偏移量,也可以在可执⾏⽂件中处理另⼀个过程。
A lot of additional information.
很多其他信息。
You can create a Delphi project folder with all dfm, pas, dpr files. Note: pas files contains the mentioned above well commented ASM code. They can not be recompiled!
您可以使⽤所有dfm,pas,dpr⽂件创建⼀个Delphi项⽬⽂件夹。 注意:pas⽂件包含上⾯提到的注释良好的ASM代码。 它们⽆法重新编译!
反编译delphi
