IDR
IDR copied to clipboard
crypto2011
How to use Assembly code?
Hello dear,
I'm using your great project for decompiling an *.exe file (Delphi 7.0), I get a bunch of *.pas and *.dfms and it seems ok, But many function contents are assembly code and have a style like this:
procedure PROCEDURE_NAME(Sender:TObject); begin {* 0064A8CC mov eax,[006CBFFC];gvar_006CBFFC:TSaveDialog ... *} end;
My question is how I can convert this commented assembly part to "Inline Assembly Code" [asm ... end;] , what should I do about Addresses and other parts?
Thanks in advance
Hello. You need to decompile all program or only part of logic?
вс, 3 июл. 2022 г., 17:55 Mohammad Kadkhodaei @.***>:
Hello dear,
I'm using your great project for decompiling an *.exe file (Delphi 7.0), I get a bunch of *.pas and *dfms and it seems ok, But many function contents are assembly code and have a style like this:
procedure PROCEDURE_NAME(Sender:TObject); begin { 0064A8CC mov eax,[006CBFFC];gvar_006CBFFC:TSaveDialog ... } end;
My question is how I can convert this commented assembly part to "Inline Assembly Code" [asm ... end;] , what should I do about Addresses and other parts?
Thanks in advance
— Reply to this email directly, view it on GitHub https://github.com/crypto2011/IDR/issues/76, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEDYZMNWZEBA32GMLE2ETTDVSGSUTANCNFSM52Q2CPQA . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Hello again,
I need to find a procedure behind a Button, firstly I recieve this one: (Commented Assembly code!! + Addresses)
procedure TExportFileForm.ConvertBtnClick(Sender:TObject); begin {* 0064AB70 push ebp 0064AB71 mov ebp,esp 0064AB73 xor ecx,ecx 0064AB75 push ecx 0064AB76 push ecx ....
Then I use your feature and convert it to delphi source code, it turned to this one:
procedure TExportFileForm.ConvertBtnClick(Sender:TObject); var
lvar_8:TCaption; lvar_C:TCaption; lvar_10:TCaption; lvar_14:TCaption; EAX : TEdit; ECX : Integer; EBX : Tobject; //lvar_4:AnsiString; //lvar_8:AnsiString; //lvar_C:AnsiString; //lvar_10:AnsiString; //lvar_14:AnsiString; begin//0 //0064AB70 ECX := 0; EBX := Self; try //0064AB8B EAX := edFilename; lvar_8 := edFilename.Text; //0064AB99 EAX := edDestination; lvar_C := edDestination.Text; if (lvar_8 = '') Or (lvar_C = '') then ...
I can't go further cuz Assembly code is strange for me and I can't handle addresses, delphi codes also is very strange ( combination of delphi and asm)
Can you send me a file? Just make 7z archive with password and upload it to google disk.
пн, 4 июл. 2022 г., 20:48 Mohammad Kadkhodaei @.***>:
Hello again,
I need to find a procedure behind a Button, firstly I recieve this one: (Commented Assembly code!! + Addresses)
procedure TExportFileForm.ConvertBtnClick(Sender:TObject); begin {* 0064AB70 push ebp 0064AB71 mov ebp,esp 0064AB73 xor ecx,ecx 0064AB75 push ecx 0064AB76 push ecx ....
Then I use your feature and convert it to delphi source code, it turned to this one:
procedure TExportFileForm.ConvertBtnClick(Sender:TObject); var
lvar_8:TCaption; lvar_C:TCaption; lvar_10:TCaption; lvar_14:TCaption; EAX : TEdit; ECX : Integer; EBX : Tobject; //lvar_4:AnsiString; //lvar_8:AnsiString; //lvar_C:AnsiString; //lvar_10:AnsiString; //lvar_14:AnsiString; begin//0 //0064AB70 ECX := 0; EBX := Self; try //0064AB8B EAX := edFilename; lvar_8 := edFilename.Text; //0064AB99 EAX := edDestination; lvar_C := edDestination.Text; if (lvar_8 = '') Or (lvar_C = '') then ...
I can'not go further cuz Assembly code is strange for me and I can't handle addresses, delphi codes also is very strange ( combination of delphi and asm)
— Reply to this email directly, view it on GitHub https://github.com/crypto2011/IDR/issues/76#issuecomment-1174035219, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEDYZMLGGPLRO26P6FHZ4PLVSMPXFANCNFSM52Q2CPQA . You are receiving this because you commented.Message ID: @.***>
Try to mail
пн, 4 июл. 2022 г., 21:06 Mohammad Kadkhodaei @.***>:
of course, Can I mail it for you?
— Reply to this email directly, view it on GitHub https://github.com/crypto2011/IDR/issues/76#issuecomment-1174044703, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEDYZMMDHLU42O7YKHTZJJTVSMR4BANCNFSM52Q2CPQA . You are receiving this because you commented.Message ID: @.***>