How to Determine Delphi Application by "unknow"

emailx45

Местный
Регистрация
5 Май 2008
Сообщения
3,571
Реакции
2,438
Credits
573
How to Determine Delphi Application
"unknow" - dd/mm/yyyy
[SHOWTOGROUPS=4,20]
The most reliable way to determine if an executable was built using Delphi is to examine its resources.

Modern versions of Delphi and C++ Builder add a DVCLAL and a PACKAGEINFO resource to executables.

These are RCDATA resources, which can include arbitrary binary content.

DVCLAL: If an executable includes a DVCLAL resource then it was almost certainly built using Delphi or C++ Builder.

The contents of this resource can tell you whether the Personal Professional or Enterprise edition was used.

The Starter edition reads as Personal, and editions above Enterprise, such as Ultimate and Architect, read as Enterprise.

Код:
Personal [23 78 5D 23 B6 A5 F3 19 43 F3 40 02 26 D1 11 C7]
Professional [A2 8C DF 98 7B 3C 3A 79 26 71 3F 09 0F 2A 25 17]
Enterprise [26 3D 4F 38 C2 82 37 B8 F3 24 42 03 17 9B 3A 83]

PACKAGEINFO: If an executable includes a PACKAGEINFO resource, it was most likely built with Delphi or C++ Builder.

The PACKAGEINFO flags can indicate whether Delphi or C++ Builder was used.

Forms: If an executable includes form resources, then it was most likely built with Delphi, C++ Builder or Lazarus.

Form resources begin with "TPF0" [54 50 46 30], and the resource format is the same for .DFM files from VCL applications, .FMX files from FireMonkey applications, .XFM files from CLX applications and .LFM files from Lazarus applications.

If an executable contains a form resource that includes the text "LCLVersion", it was probably built with Lazarus.

Tips to Determine Whether an App is Written in Delphi
  1. Examine an executable's resources. Для просмотра ссылки Войди или Зарегистрируйся and Для просмотра ссылки Войди или Зарегистрируйся are both Delphi aware. They decode form resources and display them as readablen text and interpret the PACKAGEINFO flags for Delphi or C++.
  2. Для просмотра ссылки Войди или Зарегистрируйся from Bruce McGee looks for executable files and tries to determine if they were written using Delphi, C++ Builder or Lazarus. This is distributed as source code.
  3. Для просмотра ссылки Войди или Зарегистрируйся identifies several compilers. It is no longer being actively developed and sometimes misidentifies later Delphi versions, but still works pretty well.
  4. Для просмотра ссылки Войди или Зарегистрируйся, Для просмотра ссылки Войди или Зарегистрируйся, Для просмотра ссылки Войди или Зарегистрируйся and Для просмотра ссылки Войди или Зарегистрируйся also detect multiple compilers, including Delphi up to about Delphi 7, but misidentify or miss newer versions.
  5. Для просмотра ссылки Войди или Зарегистрируйся (Для просмотра ссылки Войди или Зарегистрируйся) was written by Anders Ohlsson at Borland in 2002 for R&D purposes. It looks for form resources in executable files. If it finds any, then that executable was most likely written in Delphi, C++ Builder or Lazarus.
  6. Для просмотра ссылки Войди или Зарегистрируйся from Daniele Teti is a simple application that identifies the class name of the window or windowed control under the mouse pointer. You could use this to see if an application includes visual controls with class names that you recognise from Delphi. For example, most Delphi class names begin with "T", such as TButton or TListView.
  7. Before D2007, Delphi had a non-standard context menu. If you right-click on the application's Task Bar icon and the context menu only contains the following three menu items "Restore", "Minimize" and "Close", it may have been created with a version of Delphi or C++ Builder that is older than D2007.

If you are still not sure whether an application is written in Delphi or in C++Builder, then put it into the Delphi list and add a note in the description:
"NOTE: This may actually be a C++Builder app."

[/SHOWTOGROUPS]