We know from the metadata of the software binary that this build was produced in Delphi 7 (released 2002). We can then import this data into Ghidra using Dhrake, which identifies the function at 0x4f64dc as TMainForm.Register1Click, and also identifies other functions such as InputBox and which will greatly help with analysing the disassembly: To overcome this, we leverage IDR, the Interactive Delphi Reconstructor, which extracts the relevant symbols from the binary: Both Ghidra and IDA have trouble with Delphi binaries, resulting in missing symbol names and missing labels relating to Delphi classes. We note that TMainForm.Register1Click contains references to "Enter Registration Code" and related strings which appear in the dialog when the user accesses the registration feature of the software. 1 It appears, then, that this is a relevant target for our analysis, so we examine in greater detail Ghidra's decompiled output, which is a feature not available in IDA Free.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |