52ky 发表于 2021-5-14 14:00:16

IDAPython脚本: 自动识别DELPHI6中的类型信息

5506*-*IDAPython脚本: 自动识别DELPHI6中的类型信息,IDA有良好的反汇编功能,但是却不能自动识别DELPHI中的TypeInfo,而象Virtual Member Table ( VMT ) 等结构又存在于大多数DELPHI程序中,IDA在识别时通常仅能识别出一些简单信息(如偏移地址),而对于结构本身却没有详细注释和定义。,针对DELPHI程序在反汇编时提供更详细有用的信息。在网上已经有一些IDC脚本(后面将提供我搜索到的一些参考资料)可以解析TypeInfo,参考这些资料我也写了一个简单的脚本,可以输出所有控件的事件及地址。当然还可以进一步开发出类似DeDe的更多功能,但时间有限,先做这个自己觉得最需要的功能了。
(Ida Python script: it can automatically identify the type information in Delphi6. IDA has a good disassembly function, but it can't automatically identify the TypeInfo in Delphi. Structures like virtual member table (VMT) exist in most Delphi programs. IDA can only identify some simple information (such as offset address) when identifying, However, there is no detailed explanation and definition for the structure itself., For Delphi program, more detailed and useful information is provided during disassembly. On the Internet, there are some IDC scripts (I will provide some reference materials later) that can parse TypeInfo. Referring to these materials, I have also written a simple script that can output the events and addresses of all controls. Of course, we can further develop more functions similar to Dede, but the time is limited, so we need to do this function first.)



页: [1]
查看完整版本: IDAPython脚本: 自动识别DELPHI6中的类型信息