[Lazarus] trying to read an EXE
duilio foschi
octopushole at gmail.com
Sat Sep 4 11:53:30 CEST 2021
I followed Bart's suggestion and added the -al switch to the fpc.cfg file.
This was probably the right move, as - after a new compile - I could see
the wanted .s file beside the regular EXE.
I uploaded the .s file here:
https://mega.nz/file/rlpyHa7b#fx0LYTjapmUdFRkzVGCCzFFogqYuEu7UvYQ5HtilLks
I opened the new .s file with a text editor and had a new surprising
result: the instruction
i:=cmbYear.ItemIndex+2005;
is nowhere to be found.
I tried to find the figure 2005 both as 07D5 and as D507: no hit.
I tried to find the string 'peppe' (that I correctly find in the EXE) in
the S file: no hit.
I tried to find the string 'peppe' in hex format (7065707065) in the S
file: no hit.
I tried to understand where the OnClick event could be written, but - with
little surprise - I could not.
I recompiled with no debug info + using the option 'no optimization'. The
new .s file is stored here
https://mega.nz/file/X1B2mJpL#smqDJOoDOBZOMoDUpeNutXw3C3YgqHurbdC6L7m2vf4
The new .s file gives no new information than the old one.
With all this: the EXE works ok.
This case shows that I have a lot of things to learn.
Any help?
Peppe
PS:
if interested:
unit1.lfm
https://mega.nz/file/O1IDhIwb#0SDAninq5yfTOKELksfTRnaXqpIocwh3ugthDzFK2G8
unit1.pas
https://mega.nz/file/fgYjFQzJ#wuaS4A7CeTR0Ra35_E5gk8ggGlAFPBqaSJS_p_yi8Ss
On Fri, Sep 3, 2021 at 11:07 PM duilio foschi <octopushole at gmail.com> wrote:
> today I did an experiment that gave me surprising results (due to my
> ignorance,
> of course).
>
> I have an application written in Lazarus and I need to do one fix only.
>
> This line
>
> result:=EncodeDate(
> cmbYear.ItemIndex+2005,
> cmbMonth.ItemIndex+1,
> 1);
>
>
> needs to be changed into
>
>
> result:=EncodeDate(
> cmbYear.ItemIndex+2006,
> cmbMonth.ItemIndex+1,
> 1);
>
>
> I thought it would be easy to use an hex editor like PSPad hex, find the
> number
> 2005 as 07D5 then fix it (maybe after the right guess in case of multiple
> hits).
>
> To my surprise, I could not find the word 07D5. As I vaguely remember the
> big endian/little endian question, I tried to look for D507: no hit.
>
> In order to dig into the question, I created a Lazarus windows application
> made of a TCombobox and a TButton. I used v. 2.0.6 on windows 7.
>
> I added the following code:
>
> procedure TForm1.Button1Click(Sender: TObject);
> var
> a:string;
> i:integer;
> begin
> cmbYear.Items.Add('2020');
> cmbYear.Items.Add('2021');
> Caption:='peppe';
> i:=cmbYear.ItemIndex+2005;
> Caption:=inttostr(i);
> end;
>
> I compiled/linked that application then opened the EXE using PsPad Hex.
>
> Looking for string 'peppe', I can easily spot the part that contains
> the code of interest.
>
> Please see here for a screenshot of PsPad Hex:
> https://i.ibb.co/2M054Qx/1.jpg
>
> (I encircled a few familiar names).
>
> I cannot understand how this instruction
>
> i:=cmbYear.ItemIndex+2005;
>
> is coded here.
>
> I am no assembly expert, but I expect that the compiler would translate
> the instruction into something like
>
> move 2005 to register X
> add register X to register Y (where register Y represents
> cmbYear.ItemIndex)
> move register Y to register Z (where register Z represents var i)
>
> In any case I would expect that the figure 2005 (07D5) be written
> somewhere,
> but facts prove me wrong.
>
> I am very curious: what really happens in the EXE?
>
> In which form gets this instruction compiled?
> i:=cmbYear.ItemIndex+2005;
>
> Could someone explain?
>
> Thank you
>
> Peppe
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lazarus-ide.org/pipermail/lazarus/attachments/20210904/7dc2b4f6/attachment-0001.html>
More information about the lazarus
mailing list