Section 2 Delphi Reverse Engineering
Currently, Borland does not provide any products for decompiling executable (.exe) files or "Delphi compiled files" (.dcu) into raw program code (.pas).
Delphi compiled unit: DCU ( Delphi compiled unit: DCU )
When a Delphi project is compiled or run, a compilation unit (.dcu) file is generated. By default, the compiled version of each unit is stored in a separate binary file. The file name of the file is the same as the unit file, and its extension is .DCU. For example: the unit1.dcu file contains the code and data declared in the unit1.pas file.
This means that if you have some resource, like a compiled component, all you have to do is decompile it and get the source code. Wrong, the DCU file format is undocumented (owner format) and it can change from version to version.
After the compiler: Delphi Reverse Engineering
If you are trying to decompile a Delphi executable, there are a few things you should know:
Delphi source program files are usually stored in two file types: ASCII code files (.pas, .dPR) and resource files (.res, .rc, .dfm, .dcr). Dfm files contain details (properties) of the objects contained in the form. When creating an executable file, Delphi copies the information in the .dfm file to the completed .exe code file. The form file describes each component in the form, including all stable property values. Whenever we change the position of a form, the title of a button, or assign an event procedure to a component, Delphi records these changes in the DFM file (not the code for the event procedure—it's stored in the pas/dcu file). In order to get 'dfm' from an executable, we need to understand what type of resources are stored in the Win32 executable.
All programs compiled by Delphi have the following parts: CODE, DATA, BSS, .idata, tls, .rdata, .rsrc. From a decompilation perspective, the most important parts are: CODE, .rsrc. In the article "Adding functionality to a Delphi program" ("Adding functionality to a Delphi program") (translator's addition: one after another), some interesting things about the Delphi executable format, class information and DFM resources are discussed: How Assign events to other event handlers defined in the same form. How to add your own event handler to add code to the executable file to change the title of the button.
Among the various types of resources stored in the .exe file, RT_RCDATA or application-defined resources (raw data) have the information contained in the DFM file before compilation. In order to select DFM data from an .exe file, we can call the EnumResourceNames API function... For more information about selecting DFM data from an .exe file, please refer to: "Coding a Delphi DFM explorer" ("Writing a Delphi DFM Detector"). (Translator added: Translated one after another)