Jump to content
Tuts 4 You

Delphi packing assistance.


mudlord

Recommended Posts

Posted (edited)

Hi,


I ran into a bug with processing Delphi/FreePascal executables. All Delphi versions seem to be affected.


I am unsure as to the problem.


I checked in non Delphi executables and TLS callbacks/tables seem to work correctly, so atm I am at a loss to see what I am missing.


This seems to be a final bug of my exe packer, and the main thing stopping its release.


 


Any help at all would be great.


test.rar

Edited by mudlord
Posted

DATA section is not decompressed correctly. As a result, at address 452de4 you have 0, and packed program smashes with AV.

Are you using the exact same version of APLib in packer and program stub?

  • Like 1
Posted (edited)

Thanks for the advice, I will double check and rewrite that (I should have checked by unpacking the exe manually instead of just checking just the PE header and things). I'll do some more checks and things.


 


Have to check if this is a similar case for Delphi 2010 and the XE versions, too.


 


Edit: Thanks kao, with this hint discovered yet more bugs. Looks like this might take a while.


Edited by mudlord
Posted (edited)

if your going to pack your exe i would use a packer caled pacman which is free and just google it


Edited by omar911
Posted (edited)

I fail to see your point. With your logic, I would have stuck with UPX like countless others do, when there is better alternatives. like bero's packer.


 


Anyway, with kao's hint, I did some more testing, doing mainly XORing of bytes so something like aplib did not need to be used. This uncovered plenty more bugs. Found a issue with mingw executables, not sure if its TLS related.


 


edit: found this long standiing bug. The variable in question is a DWORD which is in the TLS table. The AddressofIndex variable funnily enough resides in the DATA section, relocating it fixed it. Seems Windows zeroes that variable on startup, hence it being very difficult to trace when debugging the packer itself.


Edited by mudlord
  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...