Want to Join Us ?

you'll be able to discuss, share and send private messages.

  • Register

    • IDA Script For Delphi

    Discussion in 'Scripts' started by Coldzer0, Oct 4, 2017.

    Share This Page

    Tags:
    1. Oct 4, 2017 #1
      Coldzer0

      New Member

      Hello all :cool:

      this script will rename all unknow functions to it's real name

      like CreateForm , CloseForm .. etc

      it searchs for sig of Events manager (this one Construct the Functions names and address )

      it will works only for Delphi with GUI (components)


      at first IDA didn't recognise it as Delphi file
      DE_1.png

      now select the local debugger
      DE_2.png

      then load the script file
      DE_3.png

      it will load and Stop at EP DE_4.png

      hit the Greeeen button or [F9] :p

      DE_5.png

      now we have all the Functions named and have a BP [on] DE_6.png

      the only issue here is it needs to run the file & the file to be unpacked :confused:

      but if u can get the pattern address on unpacked file on memory it will work fine


      https://github.com/Coldzer0/IDA-For-Delphi

      i hope it will help reversing Delphi files o_O

      Peace :rolleyes:
       
      quygia128, hypnz, roocoon and 3 others like this.
    2. Oct 4, 2017 #2
      storm shadow

      Techbliss Owner Admin Ida Pro Expert Developer

      Very nice.
       
    3. Oct 10, 2017 #3
      mayl8822

      Member

      good, thanks for share
       
    4. Oct 10, 2017 #4
      m4n0w4r

      Well-Known Member

      Very useful .. Thanks for sharing!
       
    5. Jan 27, 2018 #5
      Coldzer0

      New Member

      hypnz, storm shadow, m4n0w4r and 1 other person like this.
    Top