No edit summary |
m (→Tips to Determine Whether an App is Written in Delphi:
Updated PEiD link) Tags: Visual edit apiedit |
||
| (17 intermediate revisions by 7 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | The most reliable way to determine if an executable was built using Delphi is to examine its resources. |
|
| + | Modern versions of Delphi and C++ Builder add a DVCLAL and a PACKAGEINFO resource to executables. These are RCDATA resources, which can include arbitrary binary content. |
||
| − | # Right click on an application’s icon in the task bar. VCL applications only show 3 menu items by default. Restore, Minimize and Close. This won't help you determine whether C++Builder or Delphi was used but it narrows it down to the same product family from Borland. This doesn't work in Delphi 2007. By default, the line "Application.MainFormOnTaskbar := True;" is included in the DPR, which shows the full context menu in the task bar. |
||
| − | # Use Robert Kozak's IsDelphi utility to determine if an app was written in Delphi 1 to 5. http://cc.borland.com/ccweb.exe/listing?id=15250 |
||
| − | # Use Bruce McGee's IsDelphi to search your hard drive for applications written in Delphi, Delphi for .Net. or BCB. Source code is included. http://cc.borland.com/codecentral/ccweb.exe/listing?id=22159 |
||
| − | # Use Borland's VCL Scanner utility. http://community.borland.com/article/0,1410,22645,00.html ''It appears this link has a bad download link, use this new link to get the source:'' http://cc.borland.com/codecentral/ccWeb.exe/listing?id=23078. |
||
| − | # Use Language2000. http://farrokhi.net/language/ ''This utility is a bit older, but it has the capability of detecting compilers other than Delphi'' |
||
| − | # Use Daniele Teti's TDWinInfo (download at [http://dade2000.altervista.org/index.php?page=freeware Daniele's web site] or search on http://www.torry.net) to determine the components used in an application. If the application uses many components that begin with "T" then in all likelihood it is a Delphi application because this naming standard is used by Borland's VCL and most developers who use Delphi. There is also a possibility that the application could have been developed with C++Builder. |
||
| − | # Use STUD_PE tool to determine the compiler. Works for Delphi 1-7 and maybe higher. Program is usually updated frequently with exe stud databases to determine the latest compilers that created the EXE. http://itimer.home.ro/studpe.html |
||
| − | # Use PEiD tool to determine the compiler of the target. There is also a plugin that show the used units, if any, in the project. http://www.secretashell.com/codomain/peid/ & http://www.secretashell.com/BobSoft/#Plugins |
||
| − | # Use PE Detective to scan the target. PE Detective is included in NTCore's Explorer Suite. http://ntcore.com/exsuite.php |
||
| + | '''DVCLAL''': If an executable includes a DVCLAL resource then it was almost certainly built using Delphi or C++ Builder. The contents of this resource can tell you whether the Personal Professional or Enterprise edition was used. The Starter edition reads as Personal, and editions above Enterprise, such as Ultimate and Architect, read as Enterprise. |
||
| − | The VCL Scanner, Bruce McGee's IsDelphi and the TDWinInfo utility will also pick up applications built using C++Builder. So to determine that it is written in Delphi you should attempt to verify this by obtaining some inside information from one of the developers of the software rather than just assuming it is built using Delphi. |
||
| + | Personal [23 78 5D 23 B6 A5 F3 19 43 F3 40 02 26 D1 11 C7] |
||
| ⚫ | |||
| + | Professional [A2 8C DF 98 7B 3C 3A 79 26 71 3F 09 0F 2A 25 17] |
||
| + | Enterprise [26 3D 4F 38 C2 82 37 B8 F3 24 42 03 17 9B 3A 83] |
||
| + | |||
| + | '''PACKAGEINFO''': If an executable includes a PACKAGEINFO resource, it was most likely built with Delphi or C++ Builder. The PACKAGEINFO flags can indicate whether Delphi or C++ Builder was used. |
||
| + | |||
| + | '''Forms''': If an executable includes form resources, then it was most likely built with Delphi, C++ Builder or Lazarus. Form resources begin with "TPF0" [54 50 46 30], and the resource format is the same for ''.DFM'' files from VCL applications, ''.FMX'' files from FireMonkey applications, ''.XFM'' files from CLX applications ([[CLX|remember those?]]) and ''.LFM'' files from Lazarus applications. If an executable contains a form resource that includes the text "LCLVersion", it was probably built with Lazarus. |
||
| + | |||
| + | |||
| + | |||
| + | === Tips to Determine Whether an App is Written in Delphi === |
||
| + | |||
| + | # Examine an executable's resources. [http://melander.dk/reseditor Anders Melander's Resource Editor] and [http://xn-resource-editor.software.informer.com/download/ Colin Wilson's XN Resource Editor] are both Delphi aware. They decode form resources and display them as readablen text and interpret the PACKAGEINFO flags for Delphi or C++. |
||
| + | # [http://cc.codegear.com/Item/22159 IsDelphi] from Bruce McGee looks for executable files and tries to determine if they were written using Delphi, C++ Builder or Lazarus. This is distributed as source code. |
||
| + | # [http://ntinfo.biz/ Detect It Easy (DIE)] identifies several compilers. It is no longer being actively developed and sometimes misidentifies later Delphi versions, but still works pretty well. |
||
| + | # [http://farrokhi.net/language/ Language 2000], [https://www.aldeid.com/wiki/PEiD PEiD], [http://www.cgsoftlabs.ro/studpe.html STUD_PE] and [http://ntcore.com/pedetective.php PE Detective] also detect multiple compilers, including Delphi up to about Delphi 7, but misidentify or miss newer versions. |
||
| + | # [http://edn.embarcadero.com/article/28438 VCL Scanner] ([http://cc.embarcadero.com/Item/23078 updated link to source code]) was written by Anders Ohlsson at Borland in 2002 for R&D purposes. It looks for form resources in executable files. If it finds any, then that executable was most likely written in Delphi, C++ Builder or Lazarus. |
||
| + | # [http://www.danieleteti.it/freeware/td-win-info/ TDWinInfo] from Daniele Teti is a simple application that identifies the class name of the window or windowed control under the mouse pointer. You could use this to see if an application includes visual controls with class names that you recognise from Delphi. For example, most Delphi class names begin with "T", such as TButton or TListView. |
||
| + | # Before D2007, Delphi had a non-standard context menu. If you right-click on the application's Task Bar icon and the context menu only contains the following three menu items "''Restore''", "''Minimize''" and "''Close''", it may have been created with a version of Delphi or C++ Builder that is older than D2007. |
||
| + | |||
| + | |||
| ⚫ | |||
=See Also= |
=See Also= |
||
| Line 20: | Line 33: | ||
*[[Good Quality Applications Built With Delphi]] |
*[[Good Quality Applications Built With Delphi]] |
||
*[[Good Quality Applications Built With CppBuilder|Good Quality Applications Built With C++Builder]] |
*[[Good Quality Applications Built With CppBuilder|Good Quality Applications Built With C++Builder]] |
||
| − | |||
| − | |||
[[Category:3rd Party Tools]] |
[[Category:3rd Party Tools]] |
||
[[Category:Spread Delphi]] |
[[Category:Spread Delphi]] |
||
| − | [[Category:Built with |
+ | [[Category:Built with Delphi]] |
Revision as of 21:35, 17 April 2017
The most reliable way to determine if an executable was built using Delphi is to examine its resources.
Modern versions of Delphi and C++ Builder add a DVCLAL and a PACKAGEINFO resource to executables. These are RCDATA resources, which can include arbitrary binary content.
DVCLAL: If an executable includes a DVCLAL resource then it was almost certainly built using Delphi or C++ Builder. The contents of this resource can tell you whether the Personal Professional or Enterprise edition was used. The Starter edition reads as Personal, and editions above Enterprise, such as Ultimate and Architect, read as Enterprise.
Personal [23 78 5D 23 B6 A5 F3 19 43 F3 40 02 26 D1 11 C7] Professional [A2 8C DF 98 7B 3C 3A 79 26 71 3F 09 0F 2A 25 17] Enterprise [26 3D 4F 38 C2 82 37 B8 F3 24 42 03 17 9B 3A 83]
PACKAGEINFO: If an executable includes a PACKAGEINFO resource, it was most likely built with Delphi or C++ Builder. The PACKAGEINFO flags can indicate whether Delphi or C++ Builder was used.
Forms: If an executable includes form resources, then it was most likely built with Delphi, C++ Builder or Lazarus. Form resources begin with "TPF0" [54 50 46 30], and the resource format is the same for .DFM files from VCL applications, .FMX files from FireMonkey applications, .XFM files from CLX applications (remember those?) and .LFM files from Lazarus applications. If an executable contains a form resource that includes the text "LCLVersion", it was probably built with Lazarus.
Tips to Determine Whether an App is Written in Delphi
- Examine an executable's resources. Anders Melander's Resource Editor and Colin Wilson's XN Resource Editor are both Delphi aware. They decode form resources and display them as readablen text and interpret the PACKAGEINFO flags for Delphi or C++.
- IsDelphi from Bruce McGee looks for executable files and tries to determine if they were written using Delphi, C++ Builder or Lazarus. This is distributed as source code.
- Detect It Easy (DIE) identifies several compilers. It is no longer being actively developed and sometimes misidentifies later Delphi versions, but still works pretty well.
- Language 2000, PEiD, STUD_PE and PE Detective also detect multiple compilers, including Delphi up to about Delphi 7, but misidentify or miss newer versions.
- VCL Scanner (updated link to source code) was written by Anders Ohlsson at Borland in 2002 for R&D purposes. It looks for form resources in executable files. If it finds any, then that executable was most likely written in Delphi, C++ Builder or Lazarus.
- TDWinInfo from Daniele Teti is a simple application that identifies the class name of the window or windowed control under the mouse pointer. You could use this to see if an application includes visual controls with class names that you recognise from Delphi. For example, most Delphi class names begin with "T", such as TButton or TListView.
- Before D2007, Delphi had a non-standard context menu. If you right-click on the application's Task Bar icon and the context menu only contains the following three menu items "Restore", "Minimize" and "Close", it may have been created with a version of Delphi or C++ Builder that is older than D2007.
If you are still not sure whether an application is written in Delphi or in C++Builder, then put it into the Delphi list and add a note in the description: "NOTE: This may actually be a C++Builder app."