|
|
#5
06-13-2019, 03:12
|
|||
|
|||
|
IDR can be good for viewing class metadata and generating scripts that can (sometimes) improve IDA results, although they usually need to be manually edited to fix some bogus results.
With IDA I've noticed sometimes it doesn't automatically detect a Delphi executable, so you can improve the analysis by: - Open the executable but uncheck automatic analysis. - Options -> Compiler to Delphi with calling convention Fastcall. - Set the default string literals to Delphi or Delphi (16 bits), depending on how recent the executable is. - View -> Open Subviews -> Type libraries, remove the defaults. - View -> Open Subviews -> Signatures, remove the default and add the flirt signatures for your target (for example "bds" for Delphi 6/7), and mssdk32/64. - Finally, start the analysis. This can help quite a bit, although the flirt signatures tend to have a lot of false positives for VCL functions, so just be aware. 
|
| The Following 4 Users Say Thank You to zeffy For This Useful Post: | ||
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Last 5 years in reverse-engineering | bLaCk-eye | General Discussion | 35 | 03-25-2024 07:50 |
| iOS Reverse Engineering | sope | General Discussion | 0 | 05-13-2016 13:09 |
Threaded Mode