Does Olly support Delphi applications? [Archive] - RCE Messageboard's Regroupment

View Full Version : Does Olly support Delphi applications?

JackTripper

June 20th, 2007, 06:30

Does OllyDebug support Delphi applications?

After compiling my Delphi app i have:
- the dcu's (Delphi's version of obj files)
- a map file
- a remote debug symbol (rsm) file
- TD32 debug info compiled into the executable (making it a 15MB exe)

Does OllyDbg support any of these methods for getting the source code into the analysis? And if so, how?

i've searched and searched, and i'm suprised nobody has ever asked, or answered, this question.

p.s. i'm talking about OllyDbg 1.10 and Delphi 5; nothing else.

esther

June 20th, 2007, 07:12

check Ollystuph?

JackTripper

June 20th, 2007, 08:25

Quote:

[Originally Posted by esther;66531]check Ollystuph?

Yes.

i am not trying to develop a plugin.

TQN

June 20th, 2007, 08:38

Yes, OllyDbg support Turbo Debug symbols file. Open your exe with OllyDbg and TDS file will be loaded, and you can view source and breakpoint on source code.

JackTripper

June 20th, 2007, 12:21

Quote:

[Originally Posted by TQN;66534]Yes, OllyDbg support Turbo Debug symbols file. Open your exe with OllyDbg and TDS file will be loaded, and you can view source and breakpoint on source code.

i guess my question should be:

What exactly should i expect to see in OllyDebug if i have available to me
- an executable compiled with TD32 debug info
- a map file
- a Delphi "remote debug symbols" file

What should i expect to see if i add Delphi .dcu files to the above list?
What should i expect to see if i add Delphi .pas files to the above list?
What should i expect to see if i add Delphi .dcu and .pas files to the above list?

squidge

June 20th, 2007, 17:00

Doesn't Delphi spit out a .TDS file too? I know C++ Builder does.

JackTripper

June 20th, 2007, 18:49

Quote:

[Originally Posted by squidge;66549]Doesn't Delphi spit out a .TDS file too? I know C++ Builder does.

No, no .tds file.

TQN

June 20th, 2007, 19:57

Use tdstrp32.exe to get the .tds file from .exe. But I think it is not need. Open your .exe with OllyDbg, enter menu "View" - "Source files". If you not see your source files, it mean your Delphi compiler is newer than the version which OllyDbg support.
With the .map file, you can use Godup or Loadmap plugin.
OllyDbg not support .rsm file.

LLXX

June 21st, 2007, 22:01

OllyDbg will debug any 32-bit PE file.

JackTripper

June 22nd, 2007, 08:19

Quote:

[Originally Posted by TQN;66555]Use tdstrp32.exe to get the .tds file from .exe. But I think it is not need. Open your .exe with OllyDbg, enter menu "View" - "Source files". If you not see your source files, it mean your Delphi compiler is newer than the version which OllyDbg support.
With the .map file, you can use Godup or Loadmap plugin.
OllyDbg not support .rsm file.

When i compile the Delphi application normally:
Under Vew|Source files
i see nothing, and under
View|Source
i see nothing either.

If i compile the application with full TD32 debug info enabled (making the executable huge), i see in the disassembly the occasional symbol name. Under View|Source files i see a list of filenames, but under View|Source
i see no source code.

Tdstrp32 comes with Borland C/C++, not Delphi.

The TD32 debug info that is stuffed into the final executable with 13 megabytes. Is there not a complete set of source code in there? It's 5 times the size of all the actual source code files.

Do i have to, or can i, point OllyDebug to the location that contains the .dcu files for the application? Do i have to, or can i, point OllyDebug to the location that contains the source .pas files for the application? The source is spread over 50 shared directories.

Or to put it another way: What should i expect to see in OllyDebug?

i am expecting that if i compile a Delphi application, with 13MB of debugging data contained therein, i should be able to have Olly launch as my JIT debugger during a crash, and be debugging full pascal source code.

Am i expecting too much? It's okay if i am; but you actually have to say what Olly can and cannot do before i will know what Olly can and cannot do.

blabberer

June 22nd, 2007, 12:16

i dont use delphi

but if you can cobble together a small hello world with whatever debug info it adds attach the complete precompiled binary along with debugingo tds,dcu whatever whatever delphi produces in a package here along with the src of your application i can check what ollydbg can do with it and what not

i guarentee nothing

JackTripper

June 22nd, 2007, 14:34

Quote:

[Originally Posted by blabberer;66610]But if you can cobble together a small hello world program, with whatever debug info it adds attach the complete precompiled binary along with debugingo tds,dcu whatever whatever delphi produces in a package here along with the src of your application i can check what ollydbg can do with it and what not

i guarentee nothing

i compiled a small app with 8 variations (with and without TD32, RDS, map)

It's 8MB

http://www.jet2.net/~iboyd/OllyDebugMe.rar

LLXX

June 22nd, 2007, 18:05

Lol, 8MB. Source code debugging is overrated anyway

JackTripper

June 22nd, 2007, 20:31

Quote:

[Originally Posted by LLXX;66618]Lol, 8MB. Source code debugging is overrated anyway

That's 8 executables
3 with TD32 info
3 map files
3 remote debug symbol files
all the .dcu object files
all the source

blabberer

June 23rd, 2007, 05:09

Code:



jacktripper:/>dir /b *me*

readme.txt

OllyDebugMe.rar

OllyDebugMe



jacktripper:/>

lets look at the exes

Code:



jacktripper:/>dir /s /b *he*.exe

\odbg110\OllyDebugMe\Bin\HelloWorldFromDelphi.exe

\odbg110\OllyDebugMe\Bin\1 - Exe Only\HelloWorldFromDelphi.exe

\odbg110\OllyDebugMe\Bin\2 - Exe with TD32\HelloWorldFromDelphi.exe

\odbg110\OllyDebugMe\Bin\3 - Exe with RDS\HelloWorldFromDelphi.exe

\odbg110\OllyDebugMe\Bin\4 - Exe with TD32 and RDS\HelloWorldFromDelphi.exe

\odbg110\OllyDebugMe\Bin\5 - Exe with Map\HelloWorldFromDelphi.exe

\odbg110\OllyDebugMe\Bin\6 - Exe with Map and TD32\HelloWorldFromDelphi.exe

\odbg110\OllyDebugMe\Bin\7 - Exe with Map and RDS\HelloWorldFromDelphi.exe

\odbg110\OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS\HelloWorldFromDelphi.exe



jacktripper:/>

lets run one exe for trial

Code:



jacktripper:/>OLLYDBG.EXE "\odbg110\OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS\HelloWorldFromDelphi.exe"



jacktripper:/>

whats the initial log in ollydbg window

Code:





Log data

Address    Message

           OllyDbg v1.10

           Command line: "\odbg110\OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS\HelloWorldFromDelphi.exe"



           File '\odbg110\OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS\HelloWorldFromDelphi.exe'

           Command line plugin v1.10

             Written by Oleh Yuschuk

           Bookmarks sample plugin v1.06 (plugin demo)

             Copyright (C) 2001, 2002 Oleh Yuschuk

           New process with ID 00000D18 created

00443184   Main thread with ID 0000085C created

00400000   Module \odbg110\OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS\HelloWorldFromDelphi.exe

             Debugging information (Borland format) available  <-------------- ??? its there whats the problem ????? 

5D090000   Module C:\WINDOWS\system32\comctl32.dll

77120000   Module C:\WINDOWS\system32\oleaut32.dll

774E0000   Module C:\WINDOWS\system32\ole32.dll

77C10000   Module C:\WINDOWS\system32\msvcrt.dll

77D40000   Module C:\WINDOWS\system32\user32.dll

77DD0000   Module C:\WINDOWS\system32\advapi32.dll

77E70000   Module C:\WINDOWS\system32\RPCRT4.dll

77F10000   Module C:\WINDOWS\system32\GDI32.dll

7C800000   Module C:\WINDOWS\system32\kernel32.dll

7C900000   Module C:\WINDOWS\system32\ntdll.dll

00443184   Program entry point

           Analysing HelloWor

             1432 heuristical procedures

             1284 calls to known, 378 calls to guessed functions

             324 loops, 76 switches

lets check the sources and see if they are avialble

Code:



view --> source files 



Source files

Module     Source            Source path

HelloWor   (Absent)          \odbg110\OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS\FMain.pas

HelloWor   (Absent)          C:\Develop\Avatar\OllyDebugMe\Source\HelloWorldFromDelphi.dpr

it is looking for two source files and they are missing

lets see where they are

Code:





jacktripper:/>dir /s /b *.pas

\odbg110\OllyDebugMe\Source\FMain.pas



jacktripper:/>

lets copy them to path

Code:





jacktripper:/>copy OllyDebugMe\Source\FMain.pas "OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS"\.

        1 file(s) copied.



jacktripper:/>

check again

Code:



lets check source files again

Source files

Module     Source            Source path

HelloWor   FMAIN.PAS         \odbg110\OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS\FMain.pas

HelloWor   (Absent)          C:\Develop\Avatar\OllyDebugMe\Source\HelloWorldFromDelphi.dpr

copy the remaining we need to make adirectory

Code:





jacktripper:/>mkdir C:\Develop\Avatar\OllyDebugMe\Source

lets copy it to place

Code:



jacktripper:/>dir /s /b *.dpr

\odbg110\OllyDebugMe\Source\HelloWorldFromDelphi.dpr



jacktripper:/>copy OllyDebugMe\Source\HelloWorldFromDelphi.dpr C:\Develop\Avatar\OllyDebugMe\Source\.

        1 file(s) copied.



jacktripper:/>

lets check view -> source files again

Code:





Source files

Module            Source                                Source path

HelloWor          FMAIN.PAS                             \odbg110\OllyDebugMe\Bin\8 - Exe with Map and TD32 and RDS\FMain.pas

HelloWor          HELLOWORLDFROMDELPHI.DPR              C:\Develop\Avatar\OllyDebugMe\Source\HelloWorldFromDelphi.dpr

lets look at disassembly

Code:



00443184 >PUSH EBP                               ; begin

00443185  MOV EBP, ESP

00443187  ADD ESP, -0C

0044318A  MOV EAX, HelloWor.0044304C

0044318F  CALL HelloWor.Sysinit::InitExe

00443194  MOV EAX, DWORD PTR DS:[444C38]         ; Application.Initialize;

00443199  MOV EAX, DWORD PTR DS:[EAX]

0044319B  CALL HelloWor.Forms::TApplication::Ini>

004431A0  MOV ECX, DWORD PTR DS:[444D04]         ; Application.CreateForm(TForm1, Form1);

004431A6  MOV EAX, DWORD PTR DS:[444C38]

004431AB  MOV EAX, DWORD PTR DS:[EAX]

004431AD  MOV EDX, DWORD PTR DS:[442E44]

004431B3  CALL HelloWor.Forms::TApplication::Cre>

004431B8  MOV EAX, DWORD PTR DS:[444C38]         ; Application.Run;

004431BD  MOV EAX, DWORD PTR DS:[EAX]

004431BF  CALL HelloWor.Forms::TApplication::Run

004431C4  CALL HelloWor.System::Halt0

lets look at pas file and follow in disassembler from there

view source files or ctrl+f5
select the hello ollydbg double click you are in disassembler at right place

see picture below

JackTripper

June 24th, 2007, 10:05

Quote:

[Originally Posted by blabberer]...

To sum up:

No amount of debug information compiled into, or shipped along with, a Delphi application will allow OllyDbg to show source - even simulated or approximate; you have to have source.

OllyDbg cannot be given a location of source files - it must be in the same folder the executable.

Olly will not follow the source view with what you're currently debugging.

Some amounts of debug information will make routine (functions, procedures, method) names visible when OllyDebugging.

No amount of debug information or source code will display the current method's parameters, or local or global variables.

i was hoping for too much.

blabberer

June 24th, 2007, 10:24

Quote:

No amount of debug information compiled into, or shipped along with, a Delphi application will allow OllyDbg to show source - even simulated or approximate; you have to have source.

omg

no debugger in this world can do that baby if it were the case no one would be stealing stuff and code and protection authours would be extinct

you were not hoping you were simply day dreaming

Quote:

OllyDbg cannot be given a location of source files - it must be in the same folder the executable

thats not ollydbgs problem it is your build problem
you move sources to appropriate places before building and the debug info path that is embedded will be where ollydbg looks for it not in your imaginary paths

ollydbg is a assembly level debugger not source level debugger
if you have the source you can set source level breakpoints in line numbers
and follow from there

ollydbg always will work in assembly level

Quote:

Some amounts of debug information will make routine (functions, procedures, method) names visible when OllyDebugging.

No amount of debug information or source code will display the current method's parameters, or local or global variables.

neither will any other debugger for that matter
a debugger works in very very low level from source
you have to infer things a debugger is not a magic wand

Quote:

i was hoping for too much.

this is not hope this is day dreaming (i dont wish to add some more sentences here but you can infer what im thinking i will add )

Spacetime

July 5th, 2007, 06:26

The problem of source file paths could easily be resolved if there would be a possibility to enter source file paths in Options (like in some debuggers). Of course, if possible, stored for each module separately (in udd file).

Is there a plugin for this feature or, in general, is it possible to write such a plugin (to specify and store source files paths for module)?