Coldzer0
New member
Hello all 
this script will rename all unknow functions to it's real name
like CreateForm , CloseForm .. etc
it searchs for sig of Events manager (this one Construct the Functions names and address )
it will works only for Delphi with GUI (components)
at first IDA didn't recognise it as Delphi file
now select the local debugger
then load the script file
it will load and Stop at EP
hit the Greeeen button or [F9]
now we have all the Functions named and have a BP [on]
the only issue here is it needs to run the file & the file to be unpacked
but if u can get the pattern address on unpacked file on memory it will work fine
https://github.com/Coldzer0/IDA-For-Delphi
i hope it will help reversing Delphi files
Peace
this script will rename all unknow functions to it's real name
like CreateForm , CloseForm .. etc
it searchs for sig of Events manager (this one Construct the Functions names and address )
it will works only for Delphi with GUI (components)
at first IDA didn't recognise it as Delphi file
now select the local debugger
then load the script file
it will load and Stop at EP
hit the Greeeen button or [F9]
now we have all the Functions named and have a BP [on]
the only issue here is it needs to run the file & the file to be unpacked
but if u can get the pattern address on unpacked file on memory it will work fine
https://github.com/Coldzer0/IDA-For-Delphi
i hope it will help reversing Delphi files
Peace
