[Lazarus] trying to read an EXE

duilio foschi octopushole at gmail.com
Fri Sep 3 23:07:49 CEST 2021 

today I did an experiment that gave me surprising results (due to my
ignorance,
of course).

I have an application written in Lazarus and I need to do one fix only.

This line

   result:=EncodeDate(
   cmbYear.ItemIndex+2005,
   cmbMonth.ItemIndex+1,
   1);


needs to be changed into


   result:=EncodeDate(
   cmbYear.ItemIndex+2006,
   cmbMonth.ItemIndex+1,
   1);


I thought it would be easy to use an hex editor like PSPad hex, find the
number
2005 as 07D5 then fix it (maybe after the right guess in case of multiple
hits).

To my surprise, I could not find the word 07D5. As I vaguely remember the
big endian/little endian question, I tried to look for D507: no hit.

In order to dig into the question, I created a Lazarus windows application
made of a TCombobox and a TButton. I used v. 2.0.6 on windows 7.

I added the following code:

procedure TForm1.Button1Click(Sender: TObject);
var
   a:string;
   i:integer;
begin
   cmbYear.Items.Add('2020');
   cmbYear.Items.Add('2021');
   Caption:='peppe';
   i:=cmbYear.ItemIndex+2005;
   Caption:=inttostr(i);
end;

I compiled/linked that application then opened the EXE using PsPad Hex.

Looking for string 'peppe', I can easily spot the part that contains
the code of interest.

Please see here for a screenshot of PsPad Hex:
https://i.ibb.co/2M054Qx/1.jpg

(I encircled a few familiar names).

I cannot understand how this instruction

   i:=cmbYear.ItemIndex+2005;

is coded here.

I am no assembly expert, but I expect that the compiler would translate the
instruction into something like

move 2005 to register X
add register X to register Y     (where register Y represents
cmbYear.ItemIndex)
move register Y to register Z    (where register Z represents var i)

In any case I would expect that the figure 2005 (07D5) be written somewhere,
but facts prove me wrong.

I am very curious: what really happens in the EXE?

In which form gets this instruction compiled?
   i:=cmbYear.ItemIndex+2005;

Could someone explain?

Thank you

Peppe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lazarus-ide.org/pipermail/lazarus/attachments/20210903/5b89a1ac/attachment.html>

More information about the lazarus mailing list