Thursday, January 28, 2016

Tools to Reverse Delphi Apps

Let's see what are options to analyze Delphi applications.

I think it's best tool for today.

Recently it's open-sourced:

It can read and visualize Delphi forms (those TPF-signatured RCDATA resources).

It has collection of knowledge bases for various Delphi versions, including unit information and byte signatures. This helps to detect standard units / variables / procedures quite good.

If application was obfuscated, these signatures won't work, of course.

There is Disassembly window, list of parsed RTTI.

You can export Delphi project (mix of source file and assembly). Don't expect it to compile (you need a lot of manual work to compile real project). But it can be good for reference.

There is option to export found info to IDA, if you prefer.

Also it has experimental Decompilation feature. Most of time it can't handle real function (at least in public version) because good decompilation is very hard task. But author offers manual source recovery.

It's not really tool for Delphi. But it has Delphi signatures, that can help you in analysis, detecting many common functions.

Detection quality is not so good as IDR, but it's better than nothing.

Website says:

Extraction from both Delphi and C++ Builder exe-files
Extraction of all project forms and data modules with all assigned properties and events
Generation of both Delphi and C++ Builder projects

DeDe - Delphi Decompiler

It is legacy tool, not really a decompiler.

Probably there is missing tool, add it in comments.

No comments:

Post a Comment