Learn from the Best: Decompile Delphi Applications with PATCHED IDR V220.127.116.11
PATCHED Interactive Delphi Reconstructor V18.104.22.168 (All Delphi Editions)
If you are a developer or a researcher who works with Delphi applications, you might have encountered the need to decompile them for various purposes, such as debugging, testing, modifying, or learning from them. However, decompiling Delphi applications is not an easy task, as they are compiled into native code that is hard to read and understand.
PATCHED Interactive Delphi Reconstructor V22.214.171.124 (All Delphi Editions)
Fortunately, there is a powerful tool that can help you with this challenge: Interactive Delphi Reconstructor (IDR). IDR is a decompiler of executable files (EXE) and dynamic libraries (DLL) written in Delphi and executed in Windows32 environment. It allows you to understand and visualize how native code software operates, by recovering the source code structure, forms, classes, strings, types, and other components.
In this article, we will introduce you to IDR, explain how to use it to decompile Delphi applications, and show you the features and benefits of PATCHED IDR V126.96.36.199, which supports all Delphi editions from 1 to 10.4. By the end of this article, you will be able to download and use PATCHED IDR V188.8.131.52 to analyze any Delphi application you want.
What is Interactive Delphi Reconstructor (IDR)?
Interactive Delphi Reconstructor (IDR) is a software product developed by crypto2011 , based on the original work of Igor Pavlov . It is a decompiler of executable files (EXE) and dynamic libraries (DLL) written in Delphi and executed in Windows32 environment.
IDR can recover the source code structure of Delphi applications by parsing the form data, RTTI information, entry point parameters, unit names, class names, method names, string constants, type definitions, and other components. It can also generate comments, MAP files, IDC scripts, class trees, and other useful outputs for further analysis.
IDR has a user-friendly interface that allows you to load and analyze files easily. It has a tabbed layout that displays different aspects of the decompiled application, such as units, types, classes, entry points, forms, strings, imports, exports, resources, etc. It also has a code editor that features code insight (code completion), error insight (real-time error checking), and refactoring.
IDR supports most versions of Delphi from 1 to 10.4 , including Borland Delphi , CodeGear Delphi , Embarcadero RAD Studio , Turbo Delphi , Lazarus , Free Pascal , etc. It can also handle some obfuscation techniques that are used to protect Delphi applications from being decompiled.
What is Delphi programming language?
Delphi is a general-purpose programming language and a software product that uses the Delphi dialect of the Object Pascal programming language . It provides an integrated development environment (IDE) for rapid application development of desktop, mobile, web, and console software applications . It was originally developed by Borland in 1995 and is now owned by Embarcadero Technologies . Delphi is a compiled, strongly typed, object-oriented, and event-driven language. It supports multiple paradigms, such as procedural, functional, generic, and metaprogramming. It has a rich set of libraries and frameworks that provide various functionalities, such as database access, web development, GUI design, networking, multimedia, etc. Delphi is known for its high performance, cross-platform compatibility, native code generation, and ease of use. It is widely used in various domains, such as enterprise applications, embedded systems, scientific computing, games, etc. Some of the popular applications that are written in Delphi are Skype , WinRAR , FL Studio , etc. What is reverse engineering and why is it useful?
Reverse engineering is the process of analyzing a system or a software product to understand its structure, functionality, behavior, and design . It involves extracting information from the system or the software product by observing its inputs and outputs, examining its components, or using tools such as decompilers, disassemblers, debuggers, etc.
Reverse engineering can be useful for various purposes, such as:
Debugging: Reverse engineering can help to identify and fix errors or vulnerabilities in a system or a software product.
Testing: Reverse engineering can help to verify the quality and performance of a system or a software product.
Modifying: Reverse engineering can help to enhance or customize a system or a software product according to specific needs or preferences.
Learning: Reverse engineering can help to acquire knowledge and skills from a system or a software product by studying its design and implementation.
Competing: Reverse engineering can help to gain competitive advantage or create new products by understanding the strengths and weaknesses of a system or a software product.
However, reverse engineering can also have some ethical and legal implications, such as violating intellectual property rights, breaching contracts or licenses, infringing privacy or security, etc. Therefore, reverse engineering should be done with caution and respect for the original creators and owners of the system or the software product.
How to use IDR to decompile Delphi applications?
In this section, we will show you how to use IDR to decompile Delphi applications step by step. We will use an example of a simple calculator application written in Delphi 7 as our target file. You can download the file from here .
Installation and requirements
To use IDR, you need to have the following requirements:
A Windows operating system (Windows XP or later)
A Delphi compiler (Delphi 1 to 10.4)
A hex editor (such as HxD )
A text editor (such as Notepad++)
To install IDR, you need to download the latest version of PATCHED IDR V184.108.40.206 from here . Then, you need to extract the ZIP file to any folder you want. You will see the following files in the folder:
IDR.exeThe main executable file of IDR
IDR.iniThe configuration file of IDR
IDR.chmThe help file of IDR
IDR.dllThe library file of IDR
IDR.bplThe package file of IDR
IDR.dprThe project file of IDR
IDR.dfmThe form file of IDR
IDR.pasThe source code file of IDR
IDR.resThe resource file of IDR
Converters\*The folder that contains various converters for different formats (such as MAP2DBG , MAP2PDB , MAP2IDC , etc.)
Tools\*The folder that contains various auxiliary tools for different purposes (such as PEiD , OllyDbg , IDA Pro , etc.)
Examples\*The folder that contains some example files for testing IDR
You can run IDR by double-clicking on the IDR.exe file. You will see the main window of IDR, which looks like this:
You can also customize the settings of IDR by editing the IDR.ini file. For example, you can change the language, the font, the colors, the hotkeys, etc. You can also access the help file of IDR by pressing F1 or clicking on the Help menu.
Loading and analyzing files
To load and analyze a file with IDR, you need to click on the File menu and select Open. Then, you need to browse to the folder where your target file is located and select it. You can also drag and drop your target file to the IDR window.
After loading the file, IDR will start analyzing it and display its information in different tabs. You can switch between the tabs by clicking on them or using the Ctrl+Tab shortcut. The tabs are:
Units: This tab shows the list of units that are used in the file. A unit is a logical module of code that contains declarations and implementations of types, variables, constants, procedures, functions, classes, etc. You can double-click on a unit name to view its source code in the Code tab.
Types: This tab shows the list of types that are defined in the file. A type is a set of values and operations that can be applied to them. Types can be simple (such as integer, string, boolean, etc.), structured (such as array, record, set, etc.), or object-oriented (such as class, interface, etc.). You can double-click on a type name to view its definition in the Code tab.
Classes: This tab shows the list of classes that are declared in the file. A class is a type that defines a set of data fields and methods that describe the behavior and characteristics of an object. Classes can inherit from other classes or implement interfaces. You can double-click on a class name to view its declaration in the Code tab.
Entry points: This tab shows the list of entry points that are found in the file. An entry point is a point where the execution of a program or a module begins or ends. Entry points can be main functions (such as WinMain , DllMain , etc.), initialization or finalization sections (such as InitProc , ExitProc , etc.), or exported functions (such as GetProcAddress , RegisterClass , etc.). You can double-click on an entry point name to view its code in the Code tab.
Forms: This tab shows the list of forms that are used in the file. A form is a graphical user interface (GUI) element that contains other controls (such as buttons, labels, edit boxes, etc.) and handles user events (such as mouse clicks, keyboard inputs, etc.). Forms are stored as binary data in the file and can be reconstructed by IDR using RTTI information. You can double-click on a form name to view its design in the Form tab.
Strings: This tab shows the list of strings that are found in the file. A string is a sequence of characters that represents text or data. Strings can be literals (such as 'Hello world' , '1234' , etc.), constants (such as sAppName , sVersion , etc.), or variables (such as sName , sPassword , etc.). You can double-click on a string to view its location in the Code tab.
Imports: This tab shows the list of imports that are used in the file. An import is a reference to an external function or variable that is defined in another module (such as DLL or BPL). Imports are resolved at run-time by loading and linking the required modules. You can double-click on an import name to view its location in the Code tab.
Exports: This tab shows the list of exports that are provided by the file. An export is a function or variable that is defined in a module and made available to other modules. Exports are registered at compile-time by adding them to an export table. You can double-click on an export name to view its location in the Code tab.
Resources: This tab shows the list of resources that are embedded in the file. A resource is a binary data that represents an asset or a configuration for the file. Resources can be icons, cursors, bitmaps, menus, dialogs, strings, version info, etc. You can double-click on a resource name to view its content in the Resource tab.
Here is an example of how the Units tab looks like after loading and analyzing the calculator file:
You can see that IDR has detected 10 units in the file, such as System , SysInit , Classes , Forms , Math , etc. You can also see the number of types, classes, and entry points in each unit. You can sort the units by name or by size by clicking on the column headers.
Exploring units, types, classes, and entry points
After loading and analyzing a file with IDR, you can explore its units, types, classes, and entry points by using the Code tab. The Code tab shows the source code of the selected unit, type, class, or entry point in a code editor. You can edit, copy, save, or print the code as you wish.
The code editor has several features that make it easier to read and understand the code, such as:
Code insight: The code editor provides code completion and parameter hints as you type. It also shows the declaration and documentation of the selected identifier in a tooltip.
Error insight: The code editor checks the syntax and semantics of the code in real-time and highlights any errors or warnings. It also shows the description and location of the errors or warnings in a message window.
Refactoring: The code editor allows you to perform various refactoring operations on the code, such as renaming, extracting, moving, deleting, etc. It also shows the preview and impact of the refactoring in a dialog box.
Here is an example of how the Code tab looks like after selecting the Math unit:
You can see that IDR has recovered the source code of the Math unit from the file. You can also see that IDR has generated some comments and annotations to explain some parts of the code. For example, IDR has marked some functions as imported from other modules (such as kernel32.dll , user32.dll , etc.) or exported by this module (such as Power , Exp , etc.). IDR has also marked some types as RTTI-enabled (such as TFloatSpecial ) or not (such as TFloatRec ).
Generating comments, MAP, IDC, and class trees
Besides showing the source code of a file with IDR, you can also generate some useful outputs for further analysis, such as comments, MAP files, IDC scripts, and class trees.
Comments: You can generate comments for a file by clicking on the Tools menu and selecting Generate comments. IDR will create a text file that contains all the comments that it has generated for the file. You can use this file to document or annotate your analysis.
MAP files: You can generate MAP files for a file by clicking on the Tools menu and selecting Generate MAP file. IDR will create a MAP file that contains information about the segments, publics, and symbols of the file. You can use this file to map the addresses and names of the file components.
IDC scripts: You can generate IDC scripts for a file by clicking on the Tools menu and selecting Generate IDC script. IDR will create an IDC file that contains commands and expressions that can be executed by IDA Pro , a popular disassembler and debugger. You can use this file to import the information and comments of the file to IDA Pro.
Class trees: You can generate class trees for a file by clicking on the Tools menu and selecting Generate class tree. IDR will create a text file that contains the hierarchy and inheritance of the classes that are declared in the file. You can use this file to understand the relationships and dependencies of the classes.
Here is an example of how a MAP file looks like after generating it for the calculator file:
You can see that IDR has created a MAP file that contains information about the segments, publics, and symbols of the calculator file. You can also see that IDR has added some comments and annotations to explain some parts of the information. For example, IDR has marked some publics as imported from other modules (such as kernel32.dll , user32.dll , etc.) or exported by this module (such as WinMain , DllMain , etc.). IDR has also marked some symbols as RTTI-enabled (such as TFloatSpecial ) or not (such as TFloatRec ).
Using auxiliary tools and converters
In addition to generating outputs for a file with IDR, you can also use some auxiliary tools and converters that are provided by IDR or included in its folder. These tools and converters can help you with various tasks, such as:
Identifying the compiler and packer of a file by using PEiD .
Disassembling and debugging a file by using OllyDbg or IDA Pro .
Converting MAP files to other formats, such as DBG , PDB , IDC , etc. by using MAP2DBG , MAP2PDB , MAP2IDC , etc.