Log in

View Full Version : Linked procedure Delphi Methods???

5aLIVE
December 3rd, 2005, 09:41
Hi,

I'm working on a Delphi app which I have disassembled with IDA, I am using a copy of the Delphi IDE help file to give me a better understanding of the syntax and function of specific methods.

All was going well, until I come across methods such as the following from System unit:

call @System@@LStrArrayClr$qqrv ; System::__linkproc__StrArrayClr
call @System@@LStrCopy$qqrv ; System::__linkproc__ LStrCopy
and so on...

I think the answer lies in the reference to linkproc, because method call to StringToOleStr which is commented as a linked procedure can be found in the language reference file easily enough.
Note that I have tried doing a full indexed search to find these method names.

call @System@StringToOleStr$qqrx17System@AnsiString ; System::StringToOleStr <- Can find in help ref.

I hope someone can help anwer this for me
Maximus
December 3rd, 2005, 20:43
All that I can say to you is that _LStrArrayClr is a standard procedure contained in system unit. What exactly is your problem? The @System@@LStrArrayClr$qqrv is mapped to an assembler procedure with no parameter declaration, a simple "procedure _LStrArrayClr" (or was it function, don't remember right now).
5aLIVE
December 4th, 2005, 08:39
Apologies if I wasn't clear in asking my question.

Quote:
[Originally Posted by Maximus]All that I can say to you is that _LStrArrayClr is a standard procedure contained in system unit.

In short, if this is a standard method descended from the System unit , my question is why does it not appear to be documented in the IDE help file, and where can I find details about it and others like it?


Quote:
[Originally Posted by Maximus]The @System@@LStrArrayClr$qqrv is mapped to an assembler procedure with no parameter declaration, a simple "procedure _LStrArrayClr"

So if I understand you correctly, are you saying that any method with a prefix of __linkproc__ doesn't require any parameters?

I don't think that is correct, if you take a look at the LStrArrayClr as an example, you can see it takes two parameters. By Its descriptive name and watching it's behaviour, it is clear that it is used set a string to null.

lea eax, [ebp+var_18]
mov edx, 3
call @System@@LStrArrayClr$qqrv ; System::__linkproc__ LStrArrayClr

This is a more intuitive example, others are not so, that why I'm trying to find formal description in the IDE help file. I fail to understand why it's not documented in the help file.

EDIT: PS I thought I'd mention that I'm using a Delphi 7 help ref, when the app is coded with Delphi 5 - not sure if this is relevant or not. I'll see if I can find a D5 help ref in the meantime.


Regards,
5aLIVE.
Maximus
December 4th, 2005, 15:10
This kind of procedures are declared as parameterless, even if they use parameters. They are -like any _function- INTERNAL functions of the Delphi compiler. So, they are not documented and you should rely on the 'original' function for documenting it. They are parameterless because they are always called with a fixed convention the delphi standard one (register).
-----edit
there's no doc on many of them because they are used to perform 'standard' tasks, just like i.e. the stack-check functions.
In this case, it seems to be used to clear a string reference,
i.e.:
Code:


var a:string;

procedure x;

var b,c:string;

begin

b := a;

c := a;

end; // <--- here might be called 2 times, for destroying C and B AnsiString

begin

a := '1';

end;// <--- here might be called 1 times, and make deallocation
5aLIVE
December 4th, 2005, 15:44
Great, thankyou for the clear explanation. Now I understand whats going on.

5aLIVE