Delphi反编译 [英] Delphi decompiling

问题描述

与其他编程语言/编译器一起构建的其他可执行文件相比，为什么要反编译一个delphi exe呢，比较容易吗？

解决方案

有一些有助于逆转delphi程序的东西：

• 您可以获得包含事件处理程序方法名称的完整表单数据


• 所有具有的成员发布可见性具有与RTTI一起使用的元数据


• 编译器在优化方面非常糟糕。它没有完整的程序优化，组装通常是原始源的简单向前翻译，只进行微小的优化。 （至少在我使用的版本中，可能会改进）


• 所有类，即使是使用RTTI编译的类都有一定程度的元数据可用。特别是可以获得类的名称和继承结构。对于调试器中遇到的类的任何实例，您都可以获取其VMT，从而获取其类名。

Delphi使用描述表单内容的文本文件，并按名称挂起事件处理程序。这种方法显然需要足够的元数据来反序列出来，并通过名称连接事件处理程序的文本表示。

其他一些其他GUI工具包使用的是自动生成代码初始化窗体并使用代码挂接事件处理程序。由于此代码直接使用指向事件处理程序的指针，并直接分配给属性/调用setter，因此不需要任何元数据。这有一个副作用，反转变得更难了。

创建一个将dfm文件转换成一系列硬编码指令的程序不应太难它创建表单。所以DeDe这样的工具不会那么好。但是在实践中并没有多少钱。

但是找出哪个甚至是对应于哪个控件/事件还是比较容易的。特别是像FLIRT这样的东西识别大多数库函数。所以你只需要断开你感兴趣的，然后进入用户代码。

Why decompiling a delphi exe, is so easy, compared to others executables built with other programming languages/compilers?

解决方案

There are a few things that help with reversing delphi programs:

• You get the full form data including the name of event handler methods
• All members with published visibility have metadata used with RTTI
• The compiler is pretty bad at optimizing. It does no whole program optimization and the assembly is usually a straight forward translation of the original source with only minor optimizations. (At least it was in the versions I used, might have improved since then)
• All classes, even those compiled with RTTI off have some level of metadata available. In particular it's possible to get the name and inheritance structure of classes. And for any instance of a class you happen to see in the debugger you can get its VMT and thus its class name.

Delphi uses textfiles describing the content of your form and hooks up event handlers by name. This approach obviously needs enough metadata to deserialize that textual representation of a from and hook up the eventhandlers by name.

An alternative some other GUI toolkits use is auto-generating code that initializes the form and hooks up the event handler with code. Since this code directly uses pointers to the eventhandlers and directly assigns to properties/calls setters it doesn't need any metadata. Which has the side-effect that reversing becomes a bit harder.

It shouldn't be too hard to create a program that transforms a dfm file into a series of hardcoded instructions that creates the form instead. So a tool like DeDe won't work that well anymore. But that doesn't gain you much in practice.

But figuring out which evenhandler corresponds to which control/event is still rather easy. Especially since stuff like FLIRT identifies most library functions. So you just need to breakpoint the one you're interested in and then step into the user code.

这篇关于Delphi反编译的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！