FriX
January 10th, 2003, 11:33
Hi all!
I need lil' help.
I'm not gonna post code or anything like that, just, need advice from guys who seen this kind of a problem.
I have Delphi 6 app (D6), it was packed with AsProtect 1.2.X[New strain], anyway, it's unpacked now. PE sections have been fixed. I can run it and disassemble with W32Dasm with no problems.
But, since it's D6 app, DeDe will save me some time while reversing it. Problem is : DeDe can't disassemble it.
When i choose file and process, it's saying : "it's maybe packed or not Delphi app." Ok, np, i've tried to Dump Active Process when my unpacked program is running, so, ok, it's disassembled. But, no forms or procedures ?! So, i've look at .rsrc section and noticed there is no TPF0 signature before forms. I've added it. DeDe can find only 2 forms (but, not the ones that i need). And finaly seen that whole PackageInfo section is empty!Just 00 bytes in whole section. So, that's why DeDe can't find forms (??), except 2 useless that i dont need.It's maybe some kind of protection, but, i dont know how to 'rebuild' PackageInfo 'buffer' form that app ?!
Btw, if this helps, When i put TPF0 on all forms, i get sometimes ReadStream error ...
I hope someone has some advice or maybe solution for this kind of problems.
Thx.
Btw, sorry for bad english...
I need lil' help.
I'm not gonna post code or anything like that, just, need advice from guys who seen this kind of a problem.
I have Delphi 6 app (D6), it was packed with AsProtect 1.2.X[New strain], anyway, it's unpacked now. PE sections have been fixed. I can run it and disassemble with W32Dasm with no problems.
But, since it's D6 app, DeDe will save me some time while reversing it. Problem is : DeDe can't disassemble it.
When i choose file and process, it's saying : "it's maybe packed or not Delphi app." Ok, np, i've tried to Dump Active Process when my unpacked program is running, so, ok, it's disassembled. But, no forms or procedures ?! So, i've look at .rsrc section and noticed there is no TPF0 signature before forms. I've added it. DeDe can find only 2 forms (but, not the ones that i need). And finaly seen that whole PackageInfo section is empty!Just 00 bytes in whole section. So, that's why DeDe can't find forms (??), except 2 useless that i dont need.It's maybe some kind of protection, but, i dont know how to 'rebuild' PackageInfo 'buffer' form that app ?!
Btw, if this helps, When i put TPF0 on all forms, i get sometimes ReadStream error ...
I hope someone has some advice or maybe solution for this kind of problems.
Thx.
Btw, sorry for bad english...