Check out DaFixer's site.. source code is available now. Maybe someone can modify it so it'll work on the "Obfuscated" delphi apps

It would also be cool to be able to decompile a currently running delphi process. So one wouldn't have to remove ASPR etc. before running Dede. That would be a bit of work though, if even possible.

Wait a minute - DeDe CAN decompile a running process.....

-nt20

sadly, there's no general readme for the source itself, no concept documentation and no project files so, it's might be hard to understand all the stuff and to modify/improve it.

Really? Didn't know that. I guess I always assumed one had to strip off ASPR or whatever and then run the executable thru.. I'll have to take a look at this feature, could definantly use it. Thanks for the info.

The sources are now full and complete. Have no idea what you call delphi obfuscation. Give me url to such application and tell me what you think is obfuscated. Obfuscation as a term that means giving fake names to controls, procedures etc is generally possible and if someone has done this then nothing can be made because there is a loss of information (the names what have some meaning for the humans) and there is NO way to restore this information. Its the same with compiling process by the way Hopefully i haven't seen such thing implemented. May be the shareware authors are too lazy or just too lame

Anyways give me url to program you believe it is obfuscated and i will take a look ...

HI Dafixer

not sure if i'm thinking about the right thing but suppose it has something to do with the new asprtoect 'protect delphi forms' feature. I've found several delphi apps crushing dede on load, however they were able to load via dumper. After looking to resources I found the package info blank and forms signature missing.

It's better described at http://www.woodmann.net/forum/showthread.php?s=&threadid=3476

Hello,

Well havent seen this but if the memory dump succeed then all is fine. Well acctually its hard not to succeed The RCDATA resources are application defined resources which are used after application initialization. So if you just crypt everything there and put right after the program is started a routine to decrypt the RCDATA then all will be invisible for the VCL which create the forms etc. So this is probably some kind of recourse encryption. If you give me url to application that uses this asprotect feature it will be nice and i will be able to see it in details.

Anyway just dont forget that before you go to analize a target you first need to have it decrypted This also means decrypted recources. So i could say that this asprotect feature has nothing to do with DeDe. I wont go to add native deprotection for every last protector and his dog