Second section Delphi reverse engineering
Currently, Borland does not provide any product for refactor (.exe) file or "Delphi Compile File" (.dcu) is the original program code (.pas).
Delphi Compilation Unit: DCU (Delphi Compiled Unit: DCU)
When a Delphi engineering is compiled or running, a compiler (.dcu) file is generated. By default, each unit's compiling version is stored in a separate binary, the file name of the file is the same name of the unit file, and its extension is .dcu. For example: Unit1.dcu file contains code and data declared in unit1.pas files.
This means that if you have some resources, such as compiled components, what you have to do is to compile it and get the source code. Wrong, the DCU file format is a non-document (owner format) and it can change with the change of the version.
After the compiler: Delphi reverse engineering (after the compiler: Delphi Reverse Engineering)
If you try to refract a Delphi executable, there are a few things you should know:
Delphi source program files are usually stored in two file types: ASCII code file (.pas, .dpr), and resource files (.res, .rc, .dfm, .dcr). The DFM file contains the details (attributes) of the objects accommodated in the form. When you create an executable file, the information in the.dfm file in the Delphi is to the completed .exe code file. The form file describes each component in the form, including all stable attribute values. Whenever we change the location of the form, buttons, the Delphi will write down these changes in the DFM file (not the code of the event process - it is stored in the PAS / DCU file) in the DFM file. In order to get 'DFM' from the executable, we need to understand what type of resource is stored in the Win32 executable.
All procedures compiled by Delphi have the following parts: Code, Data, Bss, .idata, TLS, .rdata, .rsrc. From the perspective of anti-compilation, the most important part is: code, .rsrc. In the article "Add Functionality in the Delphi program") (Translator plus: Confluence) article discussed some interesting content about Delphi executable format, class information, and DFM resources: Allocate events to other event handles (Handler) defined in the same form, how to add your own event handle (Handler) to add the title of the code changing button in the executable.
Store various types of resources in the .exe file, RT_RCDATA or Application-Defined (Program Definition) Resources (raw data) have information contained in the DFM file before compiling. In order to select DFM data from the .exe file, we can call the EnumResourceNames API function ... About more information about the DFM data from the .exe file, you can refer to: "Coding a delphi dfm explorer" ("write one Delphi DFM Detector "). (Translator plus: translated in succession)
