From Collaborative RCE Tool Library

Jump to: navigation, search

Specific by Compiler

Tool name: DeDe
Rating: 4.0 (1 vote)
Author: DaFixer                        
Current version: 3.50.04 (build 1635)
Last updated: June 25, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: DeDe is a very fast application that allows you to analyze executables compiled with Delphi 2,3,4,5,6,7, C++ Builder, Kylix and Kol, and gives you the following:

· All .dfm files of the target. You will be able to open and edit them with Delphi.
· All published methods in well commented ASM code with references to strings, imported function calls, classes methods calls, components in the unit, Try-Except and Try-Finally blocks. (By default DeDe retrieves only the published methods sources, but you may also process another procedure in a executable if you know the RVA offset using the Tools->Disassemble Proc menu.)
· A lot of additional information the files.
· You can create a Delphi project folder with all dfm, pas, dpr files. Note: pas files contains the mentioned above well commented ASM code. They can not be recompiled !

You can also:
· View the PE Header of all PE Files and change/edit the sections flags.
· Use the opcode-to-asm tool for translating intel opcode to assembler.
· Use RVA-to-PhysOffset tool for fast converting physical and RVA addresses.
· Use the DCU Dumper (view dcu2int.txt for more details) to retrieve near to pascal code of your DCU files.
· Use BPL(DPL) Dumper to see BPL exports and create symbol files to use with DeDe disassembler.
· Disassemble a target EXE directly from memory in case of a packed exe.

The original site seems to be gone (or at least DeDe seems to be gone from it).
The locally archived copy here in this CRCETL entry only has the 3.10 source (it has the most recent(?) 3.50.04 build 1635 binary though). If you have access to any later source code version than 3.10, please upload it here.
Also listed in: Decompilers, Delphi Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name: BDS S.I.C.K
Rating: 0.0 (0 votes)
Author: VDR-Software                        
Current version:
Last updated: March 26, 2009
Direct D/L link: Locally archived copy
License type: Free
Description: BDS S.I.C.K (Some Info Collection Kit) is a tool designed to help you to analyze compiled Delphi applications. It may be helpful when you need to know what units are inside, used classes, methods and the addresses. When you know this you can open it with your favorite disassembler or debugger and explore it. You don't need to vaste time for routine work.

* SICK has simple internal disassembler for quick analysis.
* Collecting info about objects, forms and classes.
* Objects are represented in tree form, so you can easily navigate
* Search objects by full or partial name (F3 in objects window)
* Exporting names and procedures to IDA
* Supporting all Win32 Delphi editions

Features to be added:

* Improving classes info collection
* Smart functions disassembly (analysis during disassembly)
* Plugins API (in development)
* VCL recognition (allow recognize well known functions)
* Reading PACKAGE info and some stuff from resources.

This tool is developed to be used with clean Delphi executables.
Also listed in: Delphi Tools, Exe Analyzers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name: DE Decompiler
Rating: 0.0 (0 votes)
Author: GPcH Soft                        
Current version: 2.0 (updated)
Last updated: July 18, 2008
Direct D/L link: Locally archived copy
License type: Commercial (with demo)
Description: DE Decompiler is the unique solution for decompiling the Delphi generated programs (EXE, DLL, OCX). As you know the Delphi programs is the native win32 executable files.

DE Decompiler restores most parts of the compiled code and helps you to recover most parts of the lost sources. It contans the powerful disassembler which supports Pentium Pro commands including MMX and SSE extensions. Also it has a useful smart assembler code emulation engine. The build-in disassembler allows you to disassemble a lots of functions and represents it in semi-decompiled mode. DE Decompiler has a wonderful code analyzer which makes your work easy and fast. In addition to all it can search for all the API function's calls and the string references in the disassembled code and comment them out for analyzed strings.

If you lost your source codes - DE Decompiler save your time and helps you to restore it.

In general, DE Decompiler is the ideal tool for analyzing programs and it is perfect if you lose your source code and need to partially restore the project.
Also listed in: Decompilers, Delphi Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name: IDR - Interactive Delphi Reconstructor
Rating: 0.0 (0 votes)
Author: Crypto                        
Current version: 2.5.3 beta
Last updated: November 17, 2010
Direct D/L link:
License type: freeware
Description: IDR (Interactive Delphi Reconstructor) – a decompiler of executable files (EXE) and dynamic libraries (DLL), written in Delphi and executed in Windows32 environment.

The program firstly is intended for the companies, engaged by development of anti-virus software. It can also help programmers to recover lost source code of programs appreciably.

The current version of the program can process files (GUI and console applications), compiled by Delphi compilers of versions Delphi2 – Delphi2009. Working on support version Delphi2010 is conducted.

Final project goal is development of the program capable to restore the most part of initial Delphi source codes from the compiled file but IDR, as well as others Delphi decompilers, cannot do it yet. Nevertheless, IDR is in a status considerably to facilitate such process. In comparison with other well known Delphi decompilers the result of IDR analysis has the greatest completeness and reliability. Moreover interactivity does work with the program comfortable and (we shall not be afraid of this word) pleasant.

IDR make static analysis (analyzed file is not loaded to memory and executed) that allows to safely investigate viruses, trojans and other malware applications, those executing is dangerous or is not desirable.

The program does not demand installation and does not do any records in Windows register.
Also listed in: Delphi Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name: JABi (Just Another Bin2inc)
Rating: 0.0 (0 votes)
Author: PsYcHoCoDe                        
Website: N/A
Current version: 0.0a
Last updated: April 20, 2012
Direct D/L link: Locally archived copy
License type: Freeware
Description: -> What's NEW in v.0.0a:
+ SYNTAX: the D programming language now supported :P
+ SYNTAX: Windows Registry Entry
+ Added: lil' bit better documented plugin sample and SDK...
+ Added: CRC32 internal function is now accessible for use in your plugins ;)
- Bugfix: tiny C syntax problem...
Enjoy! ;)

-> JABi is a binary file to source include file generator. The 'syntaxes' are the supported output formats >:)

*** Why could i possibly need ANOTHER tool for this job?!
-> JABi is actually *REALLY FAST* and *TINY* (pure ASM code), totally commandline driven (to use it in your compilation scripts), has support for Pre/PostProcessing PLUGINS! and currently supports MASM/TASM/FASM, C, NASM, D language and Windows Registry Entry Syntaxes. I'm planning on expanding the 'supported syntax' list, depending on your feedback, of course, any suggestions are encouraged ;)

*** You said something about pre/postprocessing plugins -> now what the hell is that?!
-> These plugins are actually DLLs, so one could easily expand his JABi features :P Preprocessors receive control just before the actual dumping of the binary file to the memory, while postprocessors execute right after the dumping to memory! So basically, the coder has the full control over what is getting dumped and how it's gonna look in the end of the process >:) The only limit is the coder's imagination actually :P

*** That sound's nice, actually... So, how do I create a new *Processor?!
-> I've included a lil' SDK in the package. It's done in MASM32, but i'm ready to include user contributed SDK's in the package, any ports of the SDK will be appreciated. I just code mostly asm.

*** Are combined plugins a supported option?! (PREPROCESSOR+POSTPROCESSOR=Single Plugin)
-> Yep, they sure ARE supported. However, if you specify such a combined plugin only as a POSTPROCESSOR on the command line, it's PREPROCESSING phase WILL NOT BE executed, and vice versa. If one want's to use BOTH processor phases, he MUST supply BOTH PRE and POST parameter @ the command line the given plugin's name. Actually the plugin example, bundled with the SDK is such a combined processor ;)

*** I LiKE the tool! How could I assist in the further development?
-> You could send plugins you've developed, send samples of other syntaxes, that aren't currently supported by JABi, so i am able to further expand the list... I'm open to any kind of support and ideas on this tiny project.

PS: I believe there's need for a new category for this kind of tools (binary/source embedders maybe, just an idea), since they're must-have for anyone, who digs selfmodifying code, be it a software protectionist, reverse engineer or whatever. The problem comes, when one get's to need one of those, since there're plenty of 'solutions' in the field, but almost none of them is actually suitable for such coder's needs... :/ That was actually why I coded this one... I hope you'll like it...
Also listed in: Assemblers, Code Snippet Creators, Installer Tools, Needs New Category, Patch Packaging Tools, Source Code Tools, Tool Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name: PEBrowse Professional
Rating: 0.0 (0 votes)
Author: SmidgeonSoft                        
Current version: 10.1.5
Last updated: April 14, 2011
Direct D/L link:
License type: Free
Description: PEBrowse Professional is a static-analysis tool and disassembler for Win32/Win64 executables and Microsoft .NET assemblies produced according to the Portable Executable specifications published by Microsoft. For Microsoft Windows Vista, Windows XP, Windows 2000, and others. (We have received reports that the software also works on other OSes, including Wine (!) and Windows CE.)

With the PEBrowse disassembler, one can open and examine any executable without the need to have it loaded as part of an active process with a debugger. Applications, system DLLs, device-drivers and Microsoft .NET assemblies are all candidates for offline analysis using PEBrowse. The information is organized in a convenient treeview index with the major divisions of the PE file displayed as nodes. In most cases selecting nodes will enable context-sensitive multiple view menu options, including binary dump, section detail, disassembly and structure options as well as displaying sub-items, such as optional header directory entries or exported functions, that can be found as part of a PE file unit. Several table displays, hex/ASCII equivalents, window messages and error codes, as well as a calculator and scratchpads are accessible from the main menu.

While the binary dump display offers various display options, e.g., BYTE, WORD, or DWORD alignment, the greatest value of PEBrowse comes when one disassembles an entry-point. An entry-point in PEBrowse is defined as:

* Module entry-point
* Exports (if any)
* Debug-symbols (if a valid PDB, i.e., program database file, is present)
* Imported API references
* Relocation addresses
* Internal functions/subroutines
* Any valid address inside of the module

Selecting and disassembling any number of these entry-points produces a versatile display rich in detail including upper/lowercase display, C/Pascal/Assembler suffix/prefixing, object code, color-coded statements, register usage highlighting, and jump/call target preview popups. Additional information, such as variable and function names, will also be present if one has access to a valid PDB file. Disassembly comes in two flavors: linear sweep (sequential disassembly from a starting address) and recursive traversal, aka, analysis mode (disassembly of all statements reachable by non-call statements - extended analysis disassembles all internal call statements as well). The latter mode also presents local variables with cross-referencing, highlighting, and renaming options. If one adds/changes variable name or adds comments to specific lines, these can be displayed in a session file which will record and save all currently opened displays.

PEBrowse Professional will decompile type library information either embedded inside of the binary as the resource "TYPELIB" or inside of individual type libraries, i.e., .TLB or .OLB files.

PEBrowse Professional also displays all metadata for .NET assemblies and displays IL (Intermediate Language) for .NET methods. It seamlessly handles mixed assemblies, i.e., those that contain both native and managed code.

Finally, PEBrowse can be employed as a file browse utility for any type of file with the restriction that the file must be small enough that it can be memory-mapped.
Also listed in: .NET Disassemblers, .NET Tools, COM Tools, Delphi Tools, Disassemblers, Exe Analyzers, Memory Dumpers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


There is one subcategory to this category.