1. We are not accepting any new account registrations at this time.

IDR (Interactive Delphi Reconstructor)

Discussion in 'News, Freeware, Open Source and Discussions' started by Youpi, Feb 17, 2016.

  1. Youpi

    Youpi is a Trusted Warez PosterYoupi Honorary Member Honorary Member DEV Guild

    Joined:
    Jan 1, 1970
    Messages:
    67,041
    Likes Received:
    10,738
    Interactive Delphi Reconstructor IDR – a decompiler of executable files (EXE) and dynamic libraries (DLL), written in Delphi and executed in Windows32 environment.

    The program firstly is intended for the companies, engaged by development of anti-virus software. It can also help programmers to recover lost source code of programs appreciably.

    The current version of the program can process files (GUI and console applications), compiled by Delphi compilers of versions Delphi2 – Delphi XE4.

    Final project goal is development of the program capable to restore the most part of initial Delphi source codes from the compiled file but IDR, as well as others Delphi decompilers, cannot do it yet. Nevertheless, IDR is in a status considerably to facilitate such process. In comparison with other well known Delphi decompilers the result of IDR analysis has the greatest completeness and reliability. Moreover interactivity does work with the program comfortable and (we shall not be afraid of this word) pleasant.

    IDR make static analysis (analyzed file is not loaded to memory and executed) that allows to safely investigate viruses, trojans and other malware applications, those which executing is dangerous or is not desirable.

    The program does not require any installation activity and does not do any records in Windows registry.

    Use Borland C++ Builder 6 to build this project.
    Code:
    https://github.com/crypto2011/IDR
    Main site for binary
    Code:
    http://kpnc.org/idr32/en/
     
    Monet58 likes this.
  2. tmcdos

    tmcdos Registered User

    Joined:
    Oct 12, 2008
    Messages:
    526
    Likes Received:
    5,717
    Some annoying behaviour:
    • every time I run IDR, ths list with function names at the bottom gets smaller and smaller until it completely disappears
    • exploring an address - on second tab ASCII part on the right is partially hidden, but there is neither horizontal scroll nor the window is resizable
    • when you (by mistake) once define some part of the memory as "code" - you can not undefine it any more, or redefine as data
    • there are no opcodes in the assembler listing - which sometimes is very unhelpful
    • all global variables are shown with their address only - even when there is an exported name for it in the EXPORTS section of the EXE
    There are probably others, which I can not remember right now ...
     
  3. Pi

    Pingos Registered User

    Joined:
    Oct 12, 2008
    Messages:
    62
    Likes Received:
    4,376
    ???????

    If you can do better we expect your work.
    Now you also have the source, you can edit and improve the code.
     
  4. Youpi

    Youpi is a Trusted Warez PosterYoupi Honorary Member Honorary Member DEV Guild

    Joined:
    Jan 1, 1970
    Messages:
    67,041
    Likes Received:
    10,738
    Author reply:
    1,2 - I have the same situation on my new computer :)))) Wait until solution.
    3 - I know, it cannot be undefined
    4 - no opcodes - right! I need no opcodes to decompile
    5 - it's need to be fixed.
    PS
    I know about those others in IDR. I have no sufficient time to realize all my ideas.
     
  5. tmcdos

    tmcdos Registered User

    Joined:
    Oct 12, 2008
    Messages:
    526
    Likes Received:
    5,717
    @Pingos:
    I apologize if my words offended you - this was unintentionally. I was not complaining how bad is the tool - in fact, I use it often. I just wanted to point out things, which first-time users should not be surprised of. May be I will fix these - may be someone else, if he shares those fixes for the good of our community, it is okay.

    @Youpi:
    4 - opcodes are helpful when you compare the new DCU (after processing it with DCU32INT) to the original disassembly to check if there are mistakes in decompilation
    I also have some ideas about a better reverse engineering tool. I am going to start with improvements to DCU32INT - e.g. make a GUI. But same as you - I also need some free time for this :))

    Big thanks for IDR !!!!
     
  6. tmcdos

    tmcdos Registered User

    Joined:
    Oct 12, 2008
    Messages:
    526
    Likes Received:
    5,717
    Youpi, I have a question. There is a function AddPicode in file Misc.cpp, which is called from Analyze2 and Decompiler.
    This function creates new PInfoRec - but does not return it to the caller. Is this by design, or is a bug/incomplete code ?
     
  7. Youpi

    Youpi is a Trusted Warez PosterYoupi Honorary Member Honorary Member DEV Guild

    Joined:
    Jan 1, 1970
    Messages:
    67,041
    Likes Received:
    10,738
    recN = new InfoRec(Pos, ikUnknown) creates instance of class PInfoRec and store it in array Infos. So we need no to return anything from AddPiCode.
     
  8. tmcdos

    tmcdos Registered User

    Joined:
    Oct 12, 2008
    Messages:
    526
    Likes Received:
    5,717
    Oh, I got it. I have not looked (yet) inside InfoRec constructor :)
    Shame on me :)
    Another question - what are the reasons for using assembler when calling functions from MSDIS.DLL ? Can not it be done using high-level C ?
    Assembler is no problem for me - I am just curious.

    Why on line 694 in function MKnowledgeBase::GetConstIdx(WORD* ModuleIDs, char* ConstName) in file KnowledgeBase.cpp is used ProcCount instead of ConstCount ?
     
    Last edited: Mar 18, 2016
  9. Youpi

    Youpi is a Trusted Warez PosterYoupi Honorary Member Honorary Member DEV Guild

    Joined:
    Jan 1, 1970
    Messages:
    67,041
    Likes Received:
    10,738
    I like assembler and select more simple variant If You want You can fully rewrite disassembler for IDR (for x64 also).
    Oh, yes, it is error in MKnowledgeBase::GetConstIdx, I am already fix it.
     
  10. tmcdos

    tmcdos Registered User

    Joined:
    Oct 12, 2008
    Messages:
    526
    Likes Received:
    5,717
    In file Misc.cpp, function TransformString silently skips non-latin characters in ANSI-strings.
     
  11. tmcdos

    tmcdos Registered User

    Joined:
    Oct 12, 2008
    Messages:
    526
    Likes Received:
    5,717
  12. tmcdos

    tmcdos Registered User

    Joined:
    Oct 12, 2008
    Messages:
    526
    Likes Received:
    5,717
    VCL explorer

    There is an updated version of VCL explorer https://github.com/tmcdos/VCL-explorer
    VCL explorer is used to show all virtual / dynamic / interface methods inside all classes and units in a given BPL file (e.g. vcl70.bpl) in a tree-view - with their names and offsets.
    Static methods are not shown. There is a filtering capability - both by class name and/or method name.
    The tool is usefull when watching a dis-assembled listing and trying to decipher calls to virtual methods (like CALL [EBX+28h]) - when you know the type of class pointed by EBX and the offset, VCL explorer shows the name of the method.
    Screenshot -
    [​IMG][/IMG]
     
    Last edited by a moderator: Jul 14, 2016
  13. lo

    lopin123 Registered User

    Joined:
    Nov 8, 2009
    Messages:
    52
    Likes Received:
    675
    what is IDR tool ? it will be decompile all source of delphi? sorry I am newbie on decompiler ...I want to know
     
  14. Youpi

    Youpi is a Trusted Warez PosterYoupi Honorary Member Honorary Member DEV Guild

    Joined:
    Jan 1, 1970
    Messages:
    67,041
    Likes Received:
    10,738
    in short: it's not a one click tool to get source from delphi executable.
     
  15. lo

    lopin123 Registered User

    Joined:
    Nov 8, 2009
    Messages:
    52
    Likes Received:
    675
    So How do I learn using IDR? can you give me explanation?
     
  16. tmcdos

    tmcdos Registered User

    Joined:
    Oct 12, 2008
    Messages:
    526
    Likes Received:
    5,717
    This is not something you can learn for a week .... You must know IA-32 Assembler and have an idea how the fragment of Assembler code looks like for each of the high-level Pascal constructions - these include FOR, WHILE, REPEAT/UNTIL, CASE, set operations (like IN, + and *), procedure calling conventions, and so on.
    You may find additional information on the EXE-LAB forum (https://exelab.ru/)
     
  17. ji

    jiucenglou Registered User

    Joined:
    Mar 30, 2009
    Messages:
    312
    Likes Received:
    2,547
    Could you help to sync with the latest IDR trunk ? :)
    Many thanks for your efforts !
     
  18. Gary

    Gary is a Trusted Warez PosterGary Administrator Staff Member Administrator V.I.P DEV Guild

    Joined:
    Sep 4, 2009
    Messages:
    12,611
    Likes Received:
    39,823
    [Disassemblers] Interactive Delphi Reconstructor (IDR)26.03.2015

    News
    26.03.2015 Knowledge base file for Delphi XE3 freely available.
    23.03.2015 Knowledge base file for Delphi XE and Delphi XE2 freely available.
    16.03.2015 Latest version is available for download.


    Two obligatory files are necessary for IDR:
    Idr.exe – an executable program file,
    dis.dll – disassembler module

    Also it is necessary at least one of knowledge base files of Delphi version which files are necessary to decompile. For decompiling the files created by any supported versions, all knowledge base files are necessary. The same condition also concerns auxiliary files which are necessary for more correct definition of Delphi version.

    kb2.bin – knowledge base file for Delphi 2
    kb3.bin – knowledge base file for Delphi 3
    kb4.bin – knowledge base file for Delphi 4
    kb5.bin – knowledge base file for Delphi 5
    kb6.bin – knowledge base file for Delphi 6
    kb7.bin – knowledge base file for Delphi 7
    kb2005.bin – knowledge base file for Delphi 2005
    kb2006.bin – knowledge base file for Delphi 2006
    kb2007.bin – knowledge base file for Delphi 2007
    kb2009.bin – knowledge base file for Delphi 2009
    kb2010.bin – knowledge base file for Delphi 2010
    kb2011.bin – knowledge base file for Delphi XE
    kb2012.bin – knowledge base file for Delphi XE2
    kb2013.bin – knowledge base file for Delphi XE3
    syskb2.bin – definition file for Delphi 2
    syskb3.bin – definition file for Delphi 3
    syskb4.bin – definition file for Delphi 4
    syskb5.bin – definition file for Delphi 5
    syskb6.bin – definition file for Delphi 6
    syskb7.bin – definition file for Delphi 7
    syskb2005.bin – definition file for Delphi 2005
    syskb2006.bin – definition file for Delphi 2006
    syskb2007.bin – definition file for Delphi 2007
    syskb2009.bin – definition file for Delphi 2009
    syskb2010.bin – definition file for Delphi 2010
    syskb2011.bin – definition file for Delphi XE
    syskb2012.bin – definition file for Delphi XE2
    syskb2013.bin – definition file for Delphi XE3

    Main executable file
    19.03.2015
    866.852 Bytes
    md5: 3881597DAB67785ECA59F7CDB1D95A3C

    Auxiliary files
    23.03.2015
    538.451 Bytes
    md5: CC401E3854370072A11F9D1CFD93EB02

    Knowledge base for Delphi 2
    10.03.2010
    1.358.500 Bytes
    md5: C4218E9FE2C2659AAC460577AC496905

    Knowledge base for Delphi 3
    10.03.2010
    1.847.335 Bytes
    md5: C9CD80502367A9E329574B0C1AA4E937

    Knowledge base for Delphi 4
    10.03.2010
    2.522.772 Bytes
    md5: 5CBEC89967FF6159B2D7DC8B977E6905

    Knowledge base for Delphi 5
    10.03.2010
    3.145.049 Bytes
    md5: 758B3650D2D9F02DF95F788CE63A37A2

    Knowledge base for Delphi 6
    10.03.2010
    5.244.869 Bytes
    md5: 593446893E834631BF541F32A4A53A48

    Knowledge base for Delphi 7
    10.03.2010
    5.879.263 Bytes
    md5: 8D2E9323E10BA31ED81CCFE62314EDDA

    Knowledge base for Delphi 2005
    05.11.2010
    6.743.688 Bytes
    md5: 76AD2F402BD28FFD411E465BE9D3ED9A

    Knowledge base for Delphi 2006
    01.07.2010
    6.981.533 Bytes
    md5: BA5D960D13AC3C786CB8F9D31B1D40F9

    Knowledge base for Delphi 2007
    01.07.2010
    7.615.594 Bytes
    md5: F110C0F47909A36F710A572FB0336BCA

    Knowledge base for Delphi 2009
    01.07.2010
    9.393.971 Bytes
    md5: DE5A503716FBAC9E76E8996921F500AE

    Knowledge base for Delphi 2010
    08.10.2010
    8.313.962 Bytes
    md5: 2BC9FAF63D3CA524951CC21EC6625365

    Knowledge base for Delphi XE
    11.12.2012
    12.889.182 Bytes
    md5: CBECE6783C339C2A2663FDB1F40C59CC

    Knowledge base for Delphi XE2
    11.12.2012
    13.940.426 Bytes
    md5: F0E2AD084CFFE1FCA9D8EB9D7A031CEA

    Knowledge base for Delphi XE3
    25.09.2014
    16.303.748 Bytes
    md5: CF7E8313104AE83D7A393F249A2E311B

    English Help file
    10.03.2010
    152.030 Bytes
    md5: 0CE23369ED8EF9EA2393166AF3B543F8

    Use next link to download necessary files:

    Code:
    http://down.52pojie.cn/Tools/IDR (Interactive Delphi Reconstructor).rar
     
  19. LulumbaZ

    LulumbaZ Registered User

    Joined:
    Jun 28, 2011
    Messages:
    80
    Likes Received:
    4,839
  20. od

    odyright Registered User

    Joined:
    Oct 20, 2018
    Messages:
    12
    Likes Received:
    102
    Hello there, can i have Knowledge base for Delphi XE4, XE5, XE6, and RIO?
    PLease!