DeIDA Package 1.4

DeDe is Excellent Delphi program analyzing tool, but I still prefer IDA for
navigation & documentation.

Exe-2-Dpr is another very useful utility (and also work with old 16-bit Delphi
programs).

I always look for way to grab as many info from this great program’s output as
possible. So, I wrote a few stupid progs just to _reformate_ Exe2dpr & DeDe
output and import into IDA by simple IDC script.

That’s all.

How to use:
———–

EDM:

> -*- EDM 1.4 * Copyright (c) Aleph 2001-2003 -*-
> Exe-2-Dpr output files reformatter
> Usage: edm.com [> ProjectName.DDM]

Apply exe2dpr.exe to analyzed proggy. Place all exe2dpr output in some
directory. Now, run edm.com in this directory and redirect edm output to some
file. edm will be scan all *.pas files in the directory and create output file
in *.ddm format. Use deida.idc script for import the *.ddm file to IDA database.

DDM

> -*- DDM 1.2 * Copyright (c) Aleph 2001,2002 -*-
> DeDe IDAMap Output file reformatter
> Usage: ddm.com DeDeIDAMapFile

Apply DeDe.exe to analyzed proggy. Go to ‘Exports’ tab. Create *.map file for
IDA. Now, apply ddm.com to the *.map file. *.ddm file with some name will be
created. Use deida.idc script for import the *.ddm file to IDA database.

EVT

> -*- EVT 1.0 * Copyright (c) Aleph 2002 -*-
> DeDe Events Output file reformatter > Usage: evt.com Events.txt

Apply DeDe.exe to analyzed proggy. Go to ‘Project’ tab and check all options.
Save the project in some directory. Now, apply evt.com to the events.txt file.
*.ddm file with some name will be created. Use deida.idc script for import the
*.ddm file to IDA database.

REF

> -*- Ref 1.0 * Copyright (c) Aleph 2003 -*-
> DeDe Project output files reformatter > Usage: ref.com [> ProjectName.DDM]

Apply DeDe.exe to analyzed proggy. Go to ‘Project’ tab and check all options.
Save the project in some directory. Now, run ref.com in this
directory and redirect ref output to some file. ref will be scan all *.pas
files in the directory and create output file in *.ddm format. Use deida.idc
script for import the *.ddm file to IDA database.

IDR

> -*- IDR 1.0 * Copyright (c) Aleph 2010 -*-
> IDR Map Output file reformatter > Usage: IDR.com MapFile [CodeSegHexBase]

Apply IDR.exe to analyzed proggy. Go to ‘Tools’ tab and chose ‘Map generator’
Save the project in some directory. Now, apply idr.com to the *.map file.
*.ddm file with some name will be created. Use deida.idc script for import the
*.ddm file to IDA database.

Note:

Due stupid nature of IDR Map (NO valid offset of CODE segment in the map)
if StartOfs != 401000, provide it manually as second param.

Link:http://dl.vmall.com/c0nqyuilw3

This is an example of IDA listing (stolen from screen)
before and after import reformatted DeDe map file:

------------------------------- B E F O R E ---------------------------------------

seg000:005E96B4 sub_5E96B4 proc near ; CODE XREF: seg000:005EB795p
seg000:005E96B4 push ebx
seg000:005E96B5 push esi
seg000:005E96B6 mov ebx, eax
seg000:005E96B8 mov esi, [ebx+2F0h]
seg000:005E96BE mov eax, [ebx+300h]
seg000:005E96C4 mov edx, [esi+38h]
seg000:005E96C7 sub edx, [eax+38h]
seg000:005E96CA sub edx, 6
seg000:005E96CD call sub_43F430
seg000:005E96D2 mov edx, [ebx+300h]
seg000:005E96D8 mov edx, [edx+30h]
seg000:005E96DB mov eax, [ebx+304h]
seg000:005E96E1 sub edx, [eax+38h]
seg000:005E96E4 sub edx, 8
seg000:005E96E7 call sub_43F430
seg000:005E96EC mov edx, [ebx+304h]
seg000:005E96F2 mov edx, [edx+30h]
seg000:005E96F5 mov eax, [ebx+2FCh]
seg000:005E96FB sub edx, [eax+38h]
seg000:005E96FE sub edx, 8
seg000:005E9701 call sub_43F430
seg000:005E9706 mov edx, [ebx+2FCh]
seg000:005E970C mov edx, [edx+30h]
seg000:005E970F mov eax, [ebx+2F8h]
seg000:005E9715 sub edx, [eax+38h]
seg000:005E9718 sub edx, 2
seg000:005E971B call sub_43F430
seg000:005E9720 mov eax, [ebx+2F8h]
seg000:005E9726 mov edx, [eax+30h]
seg000:005E9729 sub edx, 7
seg000:005E972C sub edx, 8
seg000:005E972F mov eax, [ebx+2F4h]
seg000:005E9735 call sub_43F474
seg000:005E973A mov eax, [ebx+32Ch]
seg000:005E9740 mov edx, [esi+38h]
seg000:005E9743 sub edx, [eax+30h]
seg000:005E9746 sub edx, 6
seg000:005E9749 call sub_43F474
seg000:005E974E mov eax, [ebx+330h]
seg000:005E9754 mov edx, [esi+38h]
seg000:005E9757 sub edx, [eax+30h]
seg000:005E975A sub edx, 6
seg000:005E975D call sub_43F474
seg000:005E9762 pop esi
seg000:005E9763 pop ebx
seg000:005E9764 retn
seg000:005E9764 sub_5E96B4 endp



-------------------------------- A F T E R ----------------------------------------

seg000:005E96B4 DescAssistForm@TopHeaderPanelResize proc near ; CODE XREF: seg000:005EB795p
seg000:005E96B4 push ebx ; DescAssistForm@TopHeaderPanelResize
seg000:005E96B5 push esi
seg000:005E96B6 mov ebx, eax
seg000:005E96B8 mov esi, [ebx+2F0h] ; TDescAssistForm.TopHeaderPanel : TPanel
seg000:005E96BE mov eax, [ebx+300h] ; TDescAssistForm.CloseBtn : TFlatButton
seg000:005E96C4 mov edx, [esi+38h] ; TPanel.OFFS_0038
seg000:005E96C7 sub edx, [eax+38h]
seg000:005E96CA sub edx, 6
seg000:005E96CD call sub_43F430
seg000:005E96D2 mov edx, [ebx+300h] ; TDescAssistForm.CloseBtn : TFlatButton
seg000:005E96D8 mov edx, [edx+30h] ; TFlatButton.OFFS_0030
seg000:005E96DB mov eax, [ebx+304h] ; TDescAssistForm.RevertBtn : TFlatButton
seg000:005E96E1 sub edx, [eax+38h]
seg000:005E96E4 sub edx, 8
seg000:005E96E7 call sub_43F430
seg000:005E96EC mov edx, [ebx+304h] ; TDescAssistForm.RevertBtn : TFlatButton
seg000:005E96F2 mov edx, [edx+30h] ; TFlatButton.OFFS_0030
seg000:005E96F5 mov eax, [ebx+2FCh] ; TDescAssistForm.NextBtn : TFlatButton
seg000:005E96FB sub edx, [eax+38h]
seg000:005E96FE sub edx, 8
seg000:005E9701 call sub_43F430
seg000:005E9706 mov edx, [ebx+2FCh] ; TDescAssistForm.NextBtn : TFlatButton
seg000:005E970C mov edx, [edx+30h] ; TFlatButton.OFFS_0030
seg000:005E970F mov eax, [ebx+2F8h] ; TDescAssistForm.PrevBtn : TFlatButton
seg000:005E9715 sub edx, [eax+38h]
seg000:005E9718 sub edx, 2
seg000:005E971B call sub_43F430
seg000:005E9720 mov eax, [ebx+2F8h] ; TDescAssistForm.PrevBtn : TFlatButton
seg000:005E9726 mov edx, [eax+30h] ; TFlatButton.OFFS_0030
seg000:005E9729 sub edx, 7
seg000:005E972C sub edx, 8
seg000:005E972F mov eax, [ebx+2F4h] ; TDescAssistForm.SourceCombo : TComboBox
seg000:005E9735 call sub_43F474
seg000:005E973A mov eax, [ebx+32Ch] ; TDescAssistForm.LocationCombo : TComboBox
seg000:005E9740 mov edx, [esi+38h] ; TPanel.OFFS_0038
seg000:005E9743 sub edx, [eax+30h]
seg000:005E9746 sub edx, 6
seg000:005E9749 call sub_43F474
seg000:005E974E mov eax, [ebx+330h] ; TDescAssistForm.Bevel : TBevel
seg000:005E9754 mov edx, [esi+38h] ; TPanel.OFFS_0038
seg000:005E9757 sub edx, [eax+30h]
seg000:005E975A sub edx, 6
seg000:005E975D call sub_43F474
seg000:005E9762 pop esi
seg000:005E9763 pop ebx
seg000:005E9764 retn
seg000:005E9764 DescAssistForm@TopHeaderPanelResize endp

☆版权☆

* 网站名称：obaby@mars
* 网址：https://h4ck.org.cn/
* 个性：https://oba.by/
* 本文标题：《DeIDA Package 1.4》
* 本文链接：https://h4ck.org.cn/2013/01/4907
* 短链接：https://oba.by/?p=4907
* 转载文章请标明文章来源，原文标题以及原文链接。请遵从《署名-非商业性使用-相同方式共享 2.5 中国大陆 (CC BY-NC-SA 2.5 CN) 》许可协议。