Program Decompiler Delphi
Hi, The product that my company develops is written in Delphi. I have been tasked to find out whether or not any source code can be extracted from a delphi.
Section Virtual Memory Address (VMA). It is an address where the section created from the raw machine code will be placed in virtual memory. Section's Load Memory Address (LMA) will also be set to this value.
Please, if you stumble across a sample that requires a different value. Since assembly code may use absolute addresses (e.g. Function jumps), a correct address is essential for the decompilation to produce good-quality results. If you created raw machine code from an object file (cut out a section or function), you should be able to provide this information. Use objdump to find out where the cut chunk would be mapped in virtual memory (not where it is in the object file!). An example for a section $ objdump -h file.elf Idx Name Size VMA LMA File off Algn. 10.text 000030 00000300 2.4.
To cut the.text section from the above file, one needs to cut from file offset 0x00000300 to 0x00000620 ( start + size). This section would be mapped on address 0x10000300 in virtual memory. Provide this address in the 'Section VM Address' input field in the form above. An example for a function (or any other chunk of code inside a section) $ objdump -t file.elf. 1000044c g F.text 0000002c main.
The.text section contains (among others) a function named main. The main function would be mapped on address 0x1000044c in virtual memory. Provide this address in the 'Section VM Address' input field in the form above. To cut the main function, take the code from object file from 0x44c ( 0x1000044c - 0x10000300 + 0x00000300) to 0x478 ( start + size = 0x44c + 0x2c).
The cut code does not have to be function; you can cut any other chunk of code. Just make sure you compute the file offsets and VMAs correctly. If you created raw machine code from an image of a program (like firmware), you should be able to find out where (which address) is the raw code mapped in memory. Once again, provide this address in the 'Section VM Address' input field in the form above.
Entry Point Address. It is an address (in virtual memory) where program control enters the piece of code upon execution. If you are cutting out a whole section, pick the best address inside it to start execution. If it is a.text section, you should be able to find out the original entry point address by using objdump. Otherwise, pick an address of some function, preferably a function that contains or calls the program's main functionality. Make sure that the picked address is inside the section's data: sectionVMA ≤ entrypoint. Decompilation of Selected Parts of the Executable File By using the Selected Functions and Selected Ranges options above, you can decompile only parts of the input binary file.
Delphi Program Download
More specifically, when you select Selected Functions, you can specify a list of functions to be decompiled. Similarly, when you select Selected Ranges, you can specify a list of address ranges to be decompiled. These options are useful if the decompilation of the whole binary file takes too much time. Decompilation of Selected Functions The list of functions is supposed to be of the following format: func1, func2, func3, where each funcX is the name of a function in the binary file. Whitespace between the names of functions is irrelevant.
The only restriction is that the functions have to be separated by commas. If you are not sure what functions are available in the binary file, you can inspect it by using a program that supports the analysis of binary files, such as readelf on Linux. Always look for the list of symbols that are defined in the file. Example: $ readelf -Ws file.elf Symbol table '.symtab' contains 105 entries: Num: Value Size Type Bind Vis Ndx Name. 52: 080 FUNC GLOBAL DEFAULT 12 MD5Transform 53: 00000000 0 NOTYPE WEAK DEFAULT UND ITMderegisterTMCloneTable 54: 080493f0 384 FUNC GLOBAL DEFAULT 12 MD5Update.To decompile just the MD5Transform and MD5Update functions, specify them in the Functions input field in the decompilation form above. Another way is to use our.
Simply select your binary file, click on Analyze, and search for the Symbol table entry in the generated output. More specifically, search for symbols that are of type FUNCTION. Then, specify the functions you want to decompile in the Functions input field above. Either way, make sure that the functions you select are indeed defined in the provided executable file. As a hint, their address is typically inside of some code section. Function lists provided by programs like readelf, objdump, or our online file-information service may also include imported functions, whose addresses are typically inside of a.plt or similar section, or other objects not suitable for decompilation. If the decompilation with the selected functions still takes too long, try to set explicit address ranges to be decompiled.
Decompilation of Selected Address Ranges Each address range is supposed to be of the following format: FIRSTADDRESS-LASTADDRESS, where each address is written in the hexadecimal format. Example: 0x1000-0x2000. To specify multiple ranges, separate them by commas. Example: 0x1000-0x2000, 0x4000-0x5000. Whitespace is irrelevant. Again, if you are unsure what ranges to select, use a file-analyzing utility to get them.
Decompiler Java
Just like when deciding what functions to specify, you can use our to see what addresses are present in the input binary file. What to Decode By using the Decode option in the form above, you can select what the decompiler should decode. If you choose Everything (the default), all instructions in the input binary file are decoded.
The advantage is that by decoding all instructions in the input file, the decompiler is able to provide more precise results at the cost of longer decompilation time. If you choose Only, then only the instructions in the selected functions or address ranges are decompiled. Here, the advantage is faster decompilation.
However, the generated results will most likely be less precise because by decoding only some of the instructions, the context is lost. Please note that the choice of the decoding option has no impact on the fact that only the selected functions or address ranges are decompiled, even if you choose Only. To get the most precise results, try the decompilation first with Everything (the default), and if that fails or takes too long, select Only. Input Code Compilation Settings File Format.