http://delphi.about.com/od/devutilities/a/decompiling.htmDelphi Decompiling Tools The art of reverse engineering has traditionally been the land of technical wizards, familiar with assembly language and debuggers. Several Delphi decompilers have appeared that allow anybody, even with limited technical knowledge, to reverse engineer most Delphi executable files. If you are interested in reverse engineering Delphi programs I suggest you to take a look at the following few "decompilers": DeDe DeDe is a very fast program that can analyze executables compiled with Delphi. After decompilation DeDe gives you the following: - All dfm files of the target. You will be able to open and edit them with Delphi - All published methods in well commented ASM code with references to strings, imported function calls, classes methods calls, components in the unit, Try-Except and Try-Finally blocks. Sponsored Links Spices.Net Obfuscator, Decompiler, Browser antiILDASM, C#, VB, J#, C++, Delphi spices.9rays.netDelphi/CBuilder Compiler? Compile projects able to intercept every Bug logging Unit, Proc, Line# www.eurekalog.comLearn Delphi 6.0 Database 3D instructor led course & tutorial Proven techniques, $0.01 Now! store.yahoo.com/onecentcomputer By default DeDe retrieves only the published methods sources, but you may also process another procedure in a executable if you know the RVA offset using the Tools|Disassemble Proc menu - A lot of additional information. - You can create a Delphi project folder with all dfm, pas, dpr files. Note: pas files contains the mentioned above well commented ASM code. They can not be recompiled! Revendepro Revendepro finds almost all structures (classes, types, procedures, etc) in the program, and generates the pascal representation, procedures will be written in assembler. Due to some limitation in assembler the generated output can not be recompiled. The source to this decompiler is freely available. Unfortunately this is the only one decompiler I was not able to use - it prompts with an exception when you try to decompile some Delphi executable file. MRIP This Multi-purpose File Ripper searches and extracts files from inside other files. MRIP can rip over 100 file formats. The most important for us is that MRipper is able to decompile any Delphi Executable. This tool can extract all the resources from a Delphi app: cursors, icons, dfm files, pas files and other. The pas files does not contain the event procedures implementation. MRip is a DOS tool. DfmExplorer This is what DfmExplorer does (source included): -Load an executable module (EXE/DLL/BPL/DPL) in memory by means of "LoadLibrary" or "LoadLibraryEx" functions, from the Win32 API. -Go through it looking for RCDATA resources by means of "EnumResourceNames", from the Win32 API. -Load each DFM block found, decode it and store it in a list in memory, together with their name. -In the main window of the application we will be able to visualize in text mode all the loaded DFM's of the loaded executable. -Finally, zhe program is able to save to disk the DFM selected as an ASCII file (.RC), or as a binary block (.DAT) such which it appears linked in the executable file. Exe2Dpr This Delphi project sources Rescuer can rescue part of lost sources if you manage to loose your project's source. Rescuer produces all project forms and data modules with all assigned properties and events. Produced event procedures don't have a body (it is not a decompiler), but have an address of code in executable file. This tool has no GUI - it used from the command line like: 'exe2dpr [-o] exeFile'. Project sources will be created in current directory. If you want overwrite any existing files in current directory, then use option '-o'.
The art of reverse engineering has traditionally been the land of technical wizards, familiar with assembly language and debuggers. Several Delphi decompilers have appeared that allow anybody, even with limited technical knowledge, to reverse engineer most Delphi executable files.
If you are interested in reverse engineering Delphi programs I suggest you to take a look at the following few "decompilers": DeDe
DeDe is a very fast program that can analyze executables compiled with Delphi. After decompilation DeDe gives you the following:
- All dfm files of the target. You will be able to open and edit them with Delphi
- All published methods in well commented ASM code with references to strings, imported function calls, classes methods calls, components in the unit, Try-Except and Try-Finally blocks. Sponsored Links
Spices.Net
Obfuscator, Decompiler, Browser antiILDASM, C#, VB, J#, C++, Delphi
spices.9rays.netDelphi/CBuilder Compiler?
Compile projects able to intercept every Bug logging Unit, Proc, Line#
www.eurekalog.comLearn Delphi 6.0 Database
3D instructor led course & tutorial Proven techniques, $0.01 Now!
store.yahoo.com/onecentcomputer
By default DeDe retrieves only the published methods sources, but you may also process another procedure in a executable if you know the RVA offset using the Tools|Disassemble Proc menu
- A lot of additional information.
- You can create a Delphi project folder with all dfm, pas, dpr files. Note: pas files contains the mentioned above well commented ASM code. They can not be recompiled!
Revendepro
Revendepro finds almost all structures (classes, types, procedures, etc) in the program, and generates the pascal representation, procedures will be written in assembler. Due to some limitation in assembler the generated output can not be recompiled. The source to this decompiler is freely available. Unfortunately this is the only one decompiler I was not able to use - it prompts with an exception when you try to decompile some Delphi executable file. MRIP
This Multi-purpose File Ripper searches and extracts files from inside other files. MRIP can rip over 100 file formats. The most important for us is that MRipper is able to decompile any Delphi Executable. This tool can extract all the resources from a Delphi app: cursors, icons, dfm files, pas files and other. The pas files does not contain the event procedures implementation. MRip is a DOS tool. DfmExplorer
This is what DfmExplorer does (source included): -Load an executable module (EXE/DLL/BPL/DPL) in memory by means of "LoadLibrary" or "LoadLibraryEx" functions, from the Win32 API.
-Go through it looking for RCDATA resources by means of "EnumResourceNames", from the Win32 API.
-Load each DFM block found, decode it and store it in a list in memory, together with their name.
-In the main window of the application we will be able to visualize in text mode all the loaded DFM's of the loaded executable. -Finally, zhe program is able to save to disk the DFM selected as an ASCII file (.RC), or as a binary block (.DAT) such which it appears linked in the executable file. Exe2Dpr
This Delphi project sources Rescuer can rescue part of lost sources if you manage to loose your project's source. Rescuer produces all project forms and data modules with all assigned properties and events. Produced event procedures don't have a body (it is not a decompiler), but have an address of code in executable file. This tool has no GUI - it used from the command line like: 'exe2dpr [-o] exeFile'. Project sources will be created in current directory. If you want overwrite any existing files in current directory, then use option '-o'.