Revendepro

Reverse engineers programs (and packages) written with Delphi 4 and 5.

Introduction

Revendepro is a program to reverse engineer Delphi programs. I have stoped working on the program. The program works only with Delphi 4 and 5 and does not work with newer versions of Delphi. Also it can only decompile programs written with the same version of Delphi as the decompiler is compiled with.

Downloading

I recommend downloading the source version, but for people who can't find the compile command or don't have Delphi (don't ask me why they need Revendepro) I also have a binary version for download.

Background information

Finding classes.

What it does

Summary: Revendepro finds almost all structures (classes, types, procedures, etc) in the program, and generates the pascal representation, procedures will be written in assembler. Due to some limitation in assembler the generated output can not be recompiled.

It gets all the classes, because these have a Self pointer in their VMT. And they must all derive from TObject (more information about finding classes).

It gets also get all the TypeInfos, this is the type information for all your types declarations, which are used with automatic initialization/finalization or passed to TypeInfo. These TypeInfos can be found, because they have a pointer to them self before them, and their kind must exist (the classes are not accepted, because they are already found).

It gets a list of all procedures (functions, methods etc.) including nested procedures, but not including procedures without a direct call (the one only passed as parameters). These partially get by following the calls.

It gets a list of (ansi/wide)strings by searching for the strings hidden fields (reference count (-1), length). (0.0.2.0)

It gets a list of resource strings (yes there is partial resource support). (0.0.2.0)

It gets a list of vars and consts (consts are vars which value never changes), by just breaking the Data and BSS sections in parts using fixups and some auto generated vars. (0.0.2.0)

It puts all the information into a unit, which should be in the correct order. (0.0.2.0)

Complete support for published properties. (0.0.2.2)

Updated (26-7-1999): The list of procedure is extended with the imported procedures and contains much more information about the procedures (size, imported, method etc.).

Update (19-8-1999): There is now generated some real code which can recompiled, however there is no support for resources, types, strings and much more, but there is (limited) support for objects.

Update (18-9-1999): Many improvements, try decompiling a completely empty program, it generates a completely empty program (how amazing). Almost every thing is supported, except interfaces, packages, resources and thread vars. And not all the system procs are supported.

Vars are now kept in the original order to prevent problems with separating vars, which shouldn't be separator (0.0.2.2).

Interface properties are supported, however type casting interface will cause unpredictable behaviour (0.0.2.2).

There is now support for threadvars, only delphi removes them, because they are not directly accessed (0.0.2.4).

There is now a screen indication that the program is running and makes is possible to cancel it (0.0.2.6).

DFMs are also dumped now. (0.0.2.8)

Some bug fixes concerning DFMs. (0.0.2.9)

Packages are now supported, there are still some problems with the code generated form packages, but a least if published a lot of information about the package. (0.0.2.12)

I decided to name Revendepro Revendepro which stands for REVerse ENgineering DElphi PROject (0.0.2.13).

Now also works on Delphi 5 programs (0.0.2.14).

Compiling Revendepro

The program will display additional message when DebugInformation is enabled. If you define the conditional definition DebugView, the program won't generate output files, but will display a form with information about the exe.

Problems with decompiling

First of all the program isn't very fast, there is now (version 0.0.2.6) some screen that indicates that the program is running, there is also a button that cancels the decompilation, but that doesn't respond very fast. Also there isn't an indicator for how far the decompilation process is.

Since it can decompile vcl40.bpl (It doesn't throw an exception), It is highly unlikely that you get an exception due to some vcl code for a Delphi 4 program, there are still some problems with the D5 vcl code.

There is now (0.0.2.15) the possibility to ignore errors.

Unless the code makes use of some exotic code (like obj files), there shouldn't be any problem decompiling the program, recompiling it again has some more problems, because the program will almost always include interface, resources, thread vars, constructors and/or destructors.

Links

Delphi Reverse Engineering Article by DaFixer about reverse engineering delphi programs

Other reverse engineering programs

DeDe Program which analyzes Delphi program, from DaFixer
DCUExplorer Program to explore DCU files form Helmut Hellwig, based on DCU32INT from Alexei Hmelnov.