Want to Join Us ?

you'll be able to discuss, share and send private messages.

IDA Script For Delphi

Discussion in 'Scripts' started by Coldzer0, Oct 4, 2017.

Share This Page

  1. Coldzer0

    New Member

    Hello all :cool:

    this script will rename all unknow functions to it's real name

    like CreateForm , CloseForm .. etc

    it searchs for sig of Events manager (this one Construct the Functions names and address )

    it will works only for Delphi with GUI (components)

    at first IDA didn't recognise it as Delphi file

    now select the local debugger

    then load the script file

    it will load and Stop at EP DE_4.png

    hit the Greeeen button or [F9] :p


    now we have all the Functions named and have a BP [on] DE_6.png

    the only issue here is it needs to run the file & the file to be unpacked :confused:

    but if u can get the pattern address on unpacked file on memory it will work fine


    i hope it will help reversing Delphi files o_O

    Peace :rolleyes:
    hypnz, roocoon, m4n0w4r and 2 others like this.
  2. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Very nice.
  3. mayl8822


    good, thanks for share
  4. m4n0w4r

    Well-Known Member

    Very useful .. Thanks for sharing!
  5. Coldzer0

    New Member