Menu
We are reversing Delphi internal structures, does anyone know of any good resource or other details about how Delphi executables are compiled and linked together and what is the layout of the various parts inside the final exe.
I am not looking for high level details like it has n sections.
I am looking for something (the following is 'made up') like section '.text' has 3 parts:
etc,etc.
Ok, I am looking for references or knowledge about the structures. I already have the tools mentioned below, and a ton more to aid in reverse engineering this from scratch.
I should have mentioned that I know the resource layout as that is well documented. It's the internal compiled structures embedded in code and data sections I am after. (e.g. how RTTI info is compiled in, where is the mapping between event handlers and form resources, etc).
676
Start with using existing tools like IDR (Interactive Delphi Reconstructor) and IDA (the Interactive Disassembler) and the already mentioned PE Explorer.
I would also suggest compiling some simple executables and studying the disassembly of that.
95
The most identifiable parts of a Delphi or C++ Builder executable are the resources.
They will contain a resource section named RCDATA. This section contains the following:
On some settings, compressors like UPX may hide these resources, so you won't be able to see them unless you decompress the executable.
45
It could be worthwhile to have a look at Jedi JCL. IIRC their traceback tools (jcldebug unit?) open binaries to recover debug info. It would at least teach the global structure of the file.
Some bits might be delphi version specific btw.
Downloading the evaluation version of PE-Explorer might be a good start too.
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
