Page 1 of 2 12 LastLast
Results 1 to 15 of 18

Thread: Does Olly support Delphi applications?

  1. #1
    JackTripper
    Guest

    Does Olly support Delphi applications?

    Does OllyDebug support Delphi applications?

    After compiling my Delphi app i have:
    - the dcu's (Delphi's version of obj files)
    - a map file
    - a remote debug symbol (rsm) file
    - TD32 debug info compiled into the executable (making it a 15MB exe)

    Does OllyDbg support any of these methods for getting the source code into the analysis? And if so, how?


    i've searched and searched, and i'm suprised nobody has ever asked, or answered, this question.

    p.s. i'm talking about OllyDbg 1.10 and Delphi 5; nothing else.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    check Ollystuph?
    esther


    Reverse the code,Reverse Your Minds First

  3. #3
    JackTripper
    Guest
    Quote Originally Posted by esther View Post
    check Ollystuph?
    Yes.

    i am not trying to develop a plugin.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Yes, OllyDbg support Turbo Debug symbols file. Open your exe with OllyDbg and TDS file will be loaded, and you can view source and breakpoint on source code.

  5. #5
    JackTripper
    Guest
    Quote Originally Posted by TQN View Post
    Yes, OllyDbg support Turbo Debug symbols file. Open your exe with OllyDbg and TDS file will be loaded, and you can view source and breakpoint on source code.
    i guess my question should be:

    What exactly should i expect to see in OllyDebug if i have available to me
    - an executable compiled with TD32 debug info
    - a map file
    - a Delphi "remote debug symbols" file

    What should i expect to see if i add Delphi .dcu files to the above list?
    What should i expect to see if i add Delphi .pas files to the above list?
    What should i expect to see if i add Delphi .dcu and .pas files to the above list?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Doesn't Delphi spit out a .TDS file too? I know C++ Builder does.

  7. #7
    JackTripper
    Guest
    Quote Originally Posted by squidge View Post
    Doesn't Delphi spit out a .TDS file too? I know C++ Builder does.

    No, no .tds file.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Use tdstrp32.exe to get the .tds file from .exe. But I think it is not need. Open your .exe with OllyDbg, enter menu "View" - "Source files". If you not see your source files, it mean your Delphi compiler is newer than the version which OllyDbg support.
    With the .map file, you can use Godup or Loadmap plugin.
    OllyDbg not support .rsm file.

  9. #9
    OllyDbg will debug any 32-bit PE file.

  10. #10
    JackTripper
    Guest
    Quote Originally Posted by TQN View Post
    Use tdstrp32.exe to get the .tds file from .exe. But I think it is not need. Open your .exe with OllyDbg, enter menu "View" - "Source files". If you not see your source files, it mean your Delphi compiler is newer than the version which OllyDbg support.
    With the .map file, you can use Godup or Loadmap plugin.
    OllyDbg not support .rsm file.

    When i compile the Delphi application normally:
    Under Vew|Source files
    i see nothing, and under
    View|Source
    i see nothing either.

    If i compile the application with full TD32 debug info enabled (making the executable huge), i see in the disassembly the occasional symbol name. Under View|Source files i see a list of filenames, but under View|Source
    i see no source code.

    Tdstrp32 comes with Borland C/C++, not Delphi.


    The TD32 debug info that is stuffed into the final executable with 13 megabytes. Is there not a complete set of source code in there? It's 5 times the size of all the actual source code files.


    Do i have to, or can i, point OllyDebug to the location that contains the .dcu files for the application? Do i have to, or can i, point OllyDebug to the location that contains the source .pas files for the application? The source is spread over 50 shared directories.



    Or to put it another way: What should i expect to see in OllyDebug?


    i am expecting that if i compile a Delphi application, with 13MB of debugging data contained therein, i should be able to have Olly launch as my JIT debugger during a crash, and be debugging full pascal source code.

    Am i expecting too much? It's okay if i am; but you actually have to say what Olly can and cannot do before i will know what Olly can and cannot do.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    i dont use delphi

    but if you can cobble together a small hello world with whatever debug info it adds attach the complete precompiled binary along with debugingo tds,dcu whatever whatever delphi produces in a package here along with the src of your application i can check what ollydbg can do with it and what not

    i guarentee nothing

  12. #12
    JackTripper
    Guest
    Quote Originally Posted by blabberer View Post
    But if you can cobble together a small hello world program, with whatever debug info it adds attach the complete precompiled binary along with debugingo tds,dcu whatever whatever delphi produces in a package here along with the src of your application i can check what ollydbg can do with it and what not

    i guarentee nothing

    i compiled a small app with 8 variations (with and without TD32, RDS, map)

    It's 8MB

    http://www.jet2.net/~iboyd/OllyDebugMe.rar
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13
    Lol, 8MB. Source code debugging is overrated anyway

  14. #14
    JackTripper
    Guest
    Quote Originally Posted by LLXX View Post
    Lol, 8MB. Source code debugging is overrated anyway

    That's 8 executables
    3 with TD32 info
    3 map files
    3 remote debug symbol files
    all the .dcu object files
    all the source
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  15. #15
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    Code:
    jacktripper:/>dir /b *me*
    readme.txt
    OllyDebugMe.rar
    OllyDebugMe
    
    jacktripper:/>
    lets look at the exes

    Code:
    jacktripper:/>dir /s /b *he*.exe
    \odbg110\OllyDebugMe\Bin\HelloWorldFromDelphi.exe
    \odbg110\OllyDebugMe\Bin\1 - Exe Only\HelloWorldFromDelphi.exe
    \odbg110\OllyDebugMe\Bin\2 - Exe with TD32\HelloWorldFromDelphi.exe
    \odbg110\OllyDebugMe\Bin\3 - Exe with RDS\HelloWorldFromDelphi.exe
    \odbg110\OllyDebugMe\Bin\4 - Exe with TD32 and RDS\HelloWorldFromDelphi.exe
    \odbg110\OllyDebugMe\Bin\5 - Exe with Map\HelloWorldFromDelphi.exe
    \odbg110\OllyDebugMe\Bin\6 - Exe with Map and TD32\HelloWorldFromDelphi.exe
    \odbg110\OllyDebugMe\Bin\7 - Exe with Map and RDS\HelloWorldFromDelphi.exe
    \odbg110\OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS\HelloWorldFromDelphi.exe
    
    jacktripper:/>
    lets run one exe for trial

    Code:
    jacktripper:/>OLLYDBG.EXE "\odbg110\OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS\HelloWorldFromDelphi.exe"
    
    jacktripper:/>
    whats the initial log in ollydbg window

    Code:
    Log data
    Address    Message
               OllyDbg v1.10
               Command line: "\odbg110\OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS\HelloWorldFromDelphi.exe"
    
               File '\odbg110\OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS\HelloWorldFromDelphi.exe'
               Command line plugin v1.10
                 Written by Oleh Yuschuk
               Bookmarks sample plugin v1.06 (plugin demo)
                 Copyright (C) 2001, 2002 Oleh Yuschuk
               New process with ID 00000D18 created
    00443184   Main thread with ID 0000085C created
    00400000   Module \odbg110\OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS\HelloWorldFromDelphi.exe
                 Debugging information (Borland format) available  <-------------- ??? its there whats the problem ????? 
    5D090000   Module C:\WINDOWS\system32\comctl32.dll
    77120000   Module C:\WINDOWS\system32\oleaut32.dll
    774E0000   Module C:\WINDOWS\system32\ole32.dll
    77C10000   Module C:\WINDOWS\system32\msvcrt.dll
    77D40000   Module C:\WINDOWS\system32\user32.dll
    77DD0000   Module C:\WINDOWS\system32\advapi32.dll
    77E70000   Module C:\WINDOWS\system32\RPCRT4.dll
    77F10000   Module C:\WINDOWS\system32\GDI32.dll
    7C800000   Module C:\WINDOWS\system32\kernel32.dll
    7C900000   Module C:\WINDOWS\system32\ntdll.dll
    00443184   Program entry point
               Analysing HelloWor
                 1432 heuristical procedures
                 1284 calls to known, 378 calls to guessed functions
                 324 loops, 76 switches

    lets check the sources and see if they are avialble
    Code:
    view --> source files 
    
    Source files
    Module     Source            Source path
    HelloWor   (Absent)          \odbg110\OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS\FMain.pas
    HelloWor   (Absent)          C:\Develop\Avatar\OllyDebugMe\Source\HelloWorldFromDelphi.dpr
    it is looking for two source files and they are missing

    lets see where they are
    Code:
    jacktripper:/>dir /s /b *.pas
    \odbg110\OllyDebugMe\Source\FMain.pas
    
    jacktripper:/>
    lets copy them to path
    Code:
    jacktripper:/>copy OllyDebugMe\Source\FMain.pas "OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS"\.
            1 file(s) copied.
    
    jacktripper:/>
    check again
    Code:
    lets check source files again
    Source files
    Module     Source            Source path
    HelloWor   FMAIN.PAS         \odbg110\OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS\FMain.pas
    HelloWor   (Absent)          C:\Develop\Avatar\OllyDebugMe\Source\HelloWorldFromDelphi.dpr
    copy the remaining we need to make adirectory
    Code:
    
    jacktripper:/>mkdir C:\Develop\Avatar\OllyDebugMe\Source
    
    lets copy it to place
    Code:
    jacktripper:/>dir /s /b *.dpr
    \odbg110\OllyDebugMe\Source\HelloWorldFromDelphi.dpr
    
    jacktripper:/>copy OllyDebugMe\Source\HelloWorldFromDelphi.dpr C:\Develop\Avatar\OllyDebugMe\Source\.
            1 file(s) copied.
    
    jacktripper:/>
    lets check view -> source files again

    Code:
    Source files
    Module            Source                                Source path
    HelloWor          FMAIN.PAS                             \odbg110\OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS\FMain.pas
    HelloWor          HELLOWORLDFROMDELPHI.DPR              C:\Develop\Avatar\OllyDebugMe\Source\HelloWorldFromDelphi.dpr
    lets look at disassembly

    Code:
    00443184 >PUSH EBP                               ; begin
    00443185  MOV EBP, ESP
    00443187  ADD ESP, -0C
    0044318A  MOV EAX, HelloWor.0044304C
    0044318F  CALL HelloWor.Sysinit::InitExe
    00443194  MOV EAX, DWORD PTR DS:[444C38]         ; Application.Initialize;
    00443199  MOV EAX, DWORD PTR DS:[EAX]
    0044319B  CALL HelloWor.Forms::TApplication::Ini>
    004431A0  MOV ECX, DWORD PTR DS:[444D04]         ; Application.CreateForm(TForm1, Form1);
    004431A6  MOV EAX, DWORD PTR DS:[444C38]
    004431AB  MOV EAX, DWORD PTR DS:[EAX]
    004431AD  MOV EDX, DWORD PTR DS:[442E44]
    004431B3  CALL HelloWor.Forms::TApplication::Cre>
    004431B8  MOV EAX, DWORD PTR DS:[444C38]         ; Application.Run;
    004431BD  MOV EAX, DWORD PTR DS:[EAX]
    004431BF  CALL HelloWor.Forms::TApplication::Run
    004431C4  CALL HelloWor.System::Halt0

    lets look at pas file and follow in disassembler from there

    view source files or ctrl+f5
    select the hello ollydbg double click you are in disassembler at right place

    see picture below
    Attached Images Attached Images  

Similar Threads

  1. Delphi App Reversing with Olly
    By NeonFlash in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: March 26th, 2012, 11:57
  2. How can I debug MS VC++ applications?
    By Vortex in forum OllyDbg Support Forums
    Replies: 6
    Last Post: March 21st, 2003, 14:43
  3. Replies: 2
    Last Post: January 28th, 2003, 14:54
  4. APIHooking and ConsoleMode applications
    By foxthree in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: July 1st, 2002, 20:34
  5. Reversing win16 applications???
    By BobRock in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: June 22nd, 2002, 05:19

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •