Both Ghidra and IDA have trouble with Delphi binaries, resulting in missing symbol names and missing labels relating to Delphi classes. We know from the metadata of the software binary that this build was produced in Delphi 7 (released 2002). Ghidra can perform a more extensive analysis via Analysis → One Shot → Aggressive Instruction Finder, but the result is still incomplete. As it turns out, this is one function which will be relevant to our analysis. IDA automatically identifies a function at 0x4f64dc, but this is not identified by Ghidra. For example, see the following Ghidra disassembly: In comparison to IDA, Ghidra requires some coaxing to correctly disassemble the software binary. Since then, the US National Security Agency has released its reverse engineering tool, Ghidra, as open source software, which I will use for this project. In an earlier post about another reverse engineering project, I used IDA Free as a disassembler. The software became abandonware circa 2009 when it ceased to be offered, and while the software binary has been archived, to date there has been no effort to restore the functionality once available with a free licence. A free licence could be obtained by registering online with the software vendor. The software was available in an unregistered trial mode with limited functionality. This series concerns a software licensing system used in a proprietary software application from circa 2004.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |