反编译delphi_反编译Delphi（1/3）

反编译delphi

Simply speaking, decompilation is the inverse of compilation: translating an executable file into a higher level language.

简而言之，反编译是编译的反面：将可执行文件翻译成高级语言。

Suppose you lose your Delphi project's source and you only have the executable file: reverse engineering (decompilation) is useful if the original sources are not available.

假设您丢失了Delphi项目的源代码，并且只有可执行文件：如果原始源不可用，则逆向工程(反编译)很有用。

Hm, "sources not available", does this mean that we can decompile other people's Delphi projects? Well, yes and no...

嗯，“资源不可用”，这是否意味着我们可以反编译他人的Delphi项目？ 好吧，是的，不是...

真正的反编译可能吗？ ( Is True Decompilation Possible? )

No, of course not. Fully automated decompilation is not possible - no decompiler could exactly reproduce the original source code.

不，当然不是。 不可能进行全自动反编译-没有反编译器可以准确地复制原始源代码。

When a Delphi project is compiled and linked to produce a standalone executable file, most of the names used in the program are converted to addresses. This loss of names means that a decompiler would have to create unique names for all the constants, variables, functions, and procedures. Even if a certain degree of success is achieved, the generated "source code" lacks meaningful variable and function names.Obviously, source language syntax no longer exists in the executable. It would be very difficult for a decompiler to interpret the series of machine language instructions (ASM) that exist in an executable file and decide what the original source instruction was.

编译并链接Delphi项目以生成独立的可执行文件时，该程序中使用的大多数名称都将转换为地址。 名称的丢失意味着反编译器将必须为所有常量，变量，函数和过程创建唯一的名称。 即使取得了一定程度的成功，生成的“源代码”也缺少有意义的变量和函数名。显然，可执行文件中不再存在源语言语法。 反编译器很难解释可执行文件中存在的一系列机器语言指令(ASM)，并决定原始源指令是什么。

为什么以及何时使用反编译 ( Why and When to Use Decompilation )

Reverse engineering can be used for a several reasons, some of which are:

可以使用逆向工程有几个原因，其中一些是：

• Recovery of lost source code
  恢复丢失的源代码
• Migration of applications to a new hardware platform
  将应用程序迁移到新的硬件平台
• Determination of the existence of viruses or malicious code in the program
  确定程序中是否存在病毒或恶意代码
• Error correction when the owner of the application is not available to make the correction.
  应用程序所有者无法进行更正时的错误更正。
• Recovery of someone else's source code (to determine an algorithm for example).
  恢复他人的源代码(例如确定算法)。

这合法吗？ ( Is This Legal? )

Reverse engineering is NOT cracking, although it is sometimes difficult to draw the fine line between those two. Computer programs are protected by copyright and trademark laws. Different countries have different exceptions to the copyright owner's rights. The most common ones state that it is ok to decompile: for the purposes of interpretability where the interface specification has not been made available, for the purposes of error correction where the owner of the copyright is not available to make the correction, to determine parts of the program that are not protected by copyright. Of course you should be very careful / contact your lawyer if you are in doubt whether you are permitted to disassemble some program's exe file.

尽管有时很难在这两者之间划清界限，但逆向工程并非无懈可击。 计算机程序受版权法和商标法保护。 不同国家/地区的版权拥有者权利有不同的例外。 最常见的情况是可以进行反编译：出于无法提供接口规范的可解释性目的，出于纠错的目的(没有版权拥有者的纠错权)，确定部分内容该程序不受版权保护。 当然，如果您不确定是否允许反汇编某些程序的exe文件，您应该格外小心/与您的律师联系。

Note: if you are looking for Delphi cracks, key generators or just serial numbers: you are on the wrong site. Please bear in mind that everything you find here is written/presented for exploration / educational purposes only.

注意 ：如果您正在寻找Delphi裂纹，密钥生成器或只是序列号：您的位置不正确。 请记住，您在此处找到的所有内容均仅出于探索/教育目的而编写/呈现。

For the moment, Borland does not offer any product capable of decompiling an executable (.exe) file or the "Delphi compiled unit" (.dcu) back to the original source code (.pas).

目前，Borland不提供任何能够将可执行文件(.exe)或“ Delphi编译单元”(.dcu)反编译为原始源代码(.pas)的产品。

Delphi编译单元(DCU) ( Delphi Compiled Unit (DCU) )

When a Delphi project is compiled or run a compiled unit (.pas) file is created. By default the compiled version of each unit is stored in a separate binary-format file with the same name as the unit file, but with the extension .DCU. For example unit1.dcu contains the code and data declared in the unit1.pas file.

编译或运行Delphi项目时，将创建一个已编译单元(.pas)文件。 默认情况下，每个单元的编译版本存储在一个单独的二进制格式文件中，该文件与该单元文件具有相同的名称，但扩展名为.DCU。 例如，unit1.dcu包含在unit1.pas文件中声明的代码和数据。

This means that if you have someones, for example, component compiled source all you have to do is to reverse it and get the code. Wrong. The DCU file format is undocumented (proprietary format) and may change from version to version.

这意味着，例如，如果有人，则组件编译的源代码要做的就是将其反转并获取代码。 错误。 DCU文件格式是未记录的(专有格式)，并且可能因版本而异。

编译之后：Delphi逆向工程 ( After the Compiler: Delphi Reverse Engineering )

If you would like to try to decompile a Delphi executable file, these are some of the things you should know:

如果您想尝试反编译Delphi可执行文件，则应了解以下几点：

Delphi programs source files are usually stored in two file types: ASCII code files (.pas, .dpr), and resource files (.res, .rc, .dfm, .dcr). Dfm files contain the details (properties) of the objects contained in a form. When creating an exe, Delphi copies information in .dfm files into the finished .exe code file. Form files describe each component in your form, including the values of all persistent properties. Every time we change a form's position, a button's caption or assign an event procedure to a component, Delphi writes those modifications in a DFM file (not the code of the event procedure - this is stored in the pas/dcu file). In order to get the "dfm" from the executable file we need to understand what type of resources are stored inside a Win32 executable.

Delphi程序的源文件通常以两种文件类型存储：ASCII代码文件(.pas，.dpr)和资源文件(.res，.rc，.dfm，.dcr)。 Dfm文件包含表单中包含的对象的详细信息(属性)。 创建exe时 ，Delphi将.dfm文件中的信息复制到完成的.exe代码文件中。 表单文件描述了表单中的每个组件，包括所有持久属性的值。 每次我们更改表单的位置，按钮的标题或向组件分配事件过程时，Delphi都会将这些修改写入DFM文件中(而不是事件过程的代码-该文件存储在pas / dcu文件中)。 为了从可执行文件中获取“ dfm”，我们需要了解Win32可执行文件中存储了哪些类型的资源。

All programs compiled by Delphi have the following sections : CODE, DATA, BSS, .idata, tls, .rdata, .rsrc. The most important from decompiling point of view are the CODE and .rsrc sections. In the "Adding functionality to a Delphi program" article some interesting facts about Delphi executables format, class info and DFM resources are shown: how to reassign events to be handled by other event handlers defined in the same form. Even more: how to add your own event handler, adding the code to the executable, that will change the caption of a button.

Delphi编译的所有程序都有以下部分：CODE，DATA，BSS，.idata，tls，.rdata，.rsrc。 从反编译的角度来看，最重要的是CODE和.rsrc节。 在“ 向Delphi程序添加功能 ”一文中，显示了有关Delphi可执行文件格式，类信息和DFM资源的一些有趣的事实：如何重新分配由相同格式定义的其他事件处理程序处理的事件。 更重要的是：如何添加自己的事件处理程序，将代码添加到可执行文件中，这将更改按钮的标题。

Among many types of resources that are stored in an exe file, the RT_RCDATA or the Application-defined resource (raw data) holds the information that were in the DFM file before the compilation. In order to extract the DFM data from an exe file we can call the EnumResourceNames API function... For more information on extracting DFM from an executable go see: Coding a Delphi DFM explorer article.

在exe文件中存储的多种资源中，RT_RCDATA或应用程序定义的资源(原始数据)保存编译前DFM文件中的信息。 为了从exe文件中提取DFM数据，我们可以调用EnumResourceNames API函数...有关从可执行文件中提取DFM的更多信息，请参见： 编写 Delphi DFM资源管理器文章。

The art of reverse engineering has traditionally been the land of technical wizards, familiar with assembly language and debuggers. Several Delphi decompilers have appeared that allow anybody, even with limited technical knowledge, to reverse engineer most Delphi executable files.

逆向工程的艺术传统上一直是技术向导的领域，他们熟悉汇编语言和调试器。 已经出现了几种Delphi反编译器，即使没有足够的技术知识，任何人都可以对大多数Delphi可执行文件进行反向工程。

If you are interested in reverse engineering Delphi programs I suggest you to take a look at the following few "decompilers":

如果您对反向工程Delphi程序感兴趣，建议您看一下以下几个“反编译器”：

IDR(交互式Delphi重构器) ( IDR (Interactive Delphi Reconstructor) )

A decompiler of executable files (EXE) and dynamic libraries (DLL), written in Delphi and executed in Windows32 environment. Final project goal is development of the program capable to restore the most part of initial Delphi source codes from the compiled file but IDR, as well as others Delphi decompilers, cannot do it yet. Nevertheless, IDR is in a status considerably to facilitate such process. In comparison with other well known Delphi decompilers the result of IDR analysis has the greatest completeness and reliability.

用Delphi编写并在Windows32环境中执行的可执行文件(EXE)和动态库 (DLL)的反编译器。 项目的最终目标是开发能够从编译的文件中还原大部分初始Delphi 源代码的程序，但IDR以及其他Delphi反编译器尚无法做到。 但是，IDR处于大大促进这一过程的状态。 与其他著名的Delphi反编译器相比，IDR分析的结果具有最大的完整性和可靠性。

Revendepro ( Revendepro )

Revendepro finds almost all structures (classes, types, procedures, etc) in the program, and generates the pascal representation, procedures will be written in assembler. Due to some limitation in assembler the generated output can not be recompiled. The source to this decompiler is freely available. Unfortunately this is the only one decompiler I was not able to use - it prompts with an exception when you try to decompile some Delphi executable file.

Revendepro会在程序中找到几乎所有结构(类，类型，过程等)，并生成pascal表示形式，过程将用汇编器编写。 由于汇编程序的某些限制，生成的输出无法重新编译。 该反编译器的源可免费获得。 不幸的是，这是我唯一无法使用的反编译器-当您尝试反编译某些Delphi可执行文件时，它会异常提示。

EMS来源救援者 ( EMS Source Rescuer )

EMS Source Rescuer is an easy-to-use wizard application which can help you to restore your lost source code. If you lose your Delphi or C++Builder project sources, but have an executable file, then this tool can rescue part of lost sources. Rescuer produces all project forms and data modules with all assigned properties and events. Produced event procedures don't have a body (it is not a decompiler), but have an address of code in executable file. In most cases Rescuer saves 50-90% of your time to project restoration.

EMS Source Rescuer是一个易于使用的向导应用程序，可以帮助您恢复丢失的源代码。 如果您丢失了Delphi或C ++ Builder项目源，但是具有可执行文件，则此工具可以挽救部分丢失的源。 Rescuer生成具有所有分配的属性和事件的所有项目表单和数据模块。 产生的事件过程没有主体(它不是反编译器)，但是在可执行文件中具有代码地址。 在大多数情况下，Rescuer可以节省50-90％的时间来恢复项目。

德德 ( DeDe )

DeDe is a very fast program that can analyze executables compiled with Delphi. After decompilation DeDe gives you the following:

DeDe是一个非常快速的程序，可以分析使用Delphi编译的可执行文件。 反编译后，DeDe为您提供以下内容：

• All dfm files of the target. You will be able to open and edit them with Delphi.
  目标的所有dfm文件。 您将能够使用Delphi打开和编辑它们。
• All published methods in well commented ASM code with references to strings, imported function calls, classes methods calls, components in the unit, Try-Except and Try-Finally blocks. By default DeDe retrieves only the published methods sources, but you may also process another procedure in a executable if you know the RVA offset using the Tools|Disassemble Proc menu.
  在注释良好的ASM代码中发布的所有方法，均引用字符串，导入的函数调用，类方法调用，单元中的组件，Try-Except和Try-Finally块。 默认情况下，DeDe仅检索已发布的方法源，但是如果您知道使用Tools | Disassemble Proc菜单的RVA偏移量，也可以在可执行文件中处理另一个过程。
• A lot of additional information.
  很多其他信息。
• You can create a Delphi project folder with all dfm, pas, dpr files. Note: pas files contains the mentioned above well commented ASM code. They can not be recompiled!
  您可以使用所有dfm，pas，dpr文件创建一个Delphi项目文件夹。 注意：pas文件包含上面提到的注释良好的ASM代码。 它们无法重新编译！

翻译自: https://www.thoughtco.com/decompiling-delphi-1-3-1057974

反编译delphi