iS it possible to know the functions used by application(.exe)

eq:
//The code used when was not yet compiled
procedure openthenet;
var  hSession: HINTERNET;
begin
hSession := InternetOpen('Mozilla/4.0', INTERNET_OPEN_TYPE_DIRECT, nil, nil, 0);
end;

iS it possible to know if the application(.exe) is using the function <<<"  InternetOpen  ">>>
Knowing by reading the file TModule32 ?
iS it possible in programming with delphi ?

I'm just waiting for answer: YES or NO,

And since this is a simple question for good points,  
I'd like to ask another yes or no,
iS it possible to change or add the appliction.title of an .exe file either running or not?
eq:
windows title bar is <"hellos">, then change/add to  <"mark hellos"  or  "coppper">
LVL 14
systanAsked:
Who is Participating?
 
CodedKCommented:
I think that 8080 diver says that you can disassemble another application and see the assemble code with units (for disassembling) that are available in Delphi. If you know assembly code then maybe you can estimate if you are dealing with InternetOpen :
Delphi inline asm :

    bound eax,[ebp+$00]
    sar [ebp+$44],1
    add [eax+$00],ch
    add eax,$74696e55
    xor al,$00
    add [ebx+$6a006ac0],cl
    add [edx+$00],ch
    push $01
    push $00456418   //Pointers to the addresses that your parameters are stored.
    call InternetOpen   // The call to the Wininet Api.


But you wont get this ! You ll just get this:
    push    $00  //Push the parameters
    push    $00  //Push the parameters
    push    $00  //Push the parameters
    push    $01  //Push the parameters
* Possible String Reference to: 'Mozilla/4.0'  
    push    $00456418
* Reference to: wininet.InternetOpenA()  <-Heuristics to understand the call/
    call    00425BF4  <- Call InternetOpen
    ret  <- Return.

And this was created with a decompiler that can understand Delphi calls and output a readable code.


0
 
CodedKCommented:
For the first you need to disassemble the application or dump it from memory and do some heuristics search and pattern matching. Both techniques require the app to be running or to run it afterwards
and disassemble it.
So no for the first.

For you second question ...Yes for tittle change if running, if not running requires hex editing.
So if running here's the source code :
http://delphi.about.com/library/code/fdac_titlebarchanger_src.zip

If not running open the file with hex editor there are some sources if you want for Delphi and search your file and then patch it.
0
 
systanAuthor Commented:
OK, i'LL accept your first answer as iS not possible, so, No!
But, about the caption, iT's not about the caption, iT iS a application.Title
eq.,
Application.Title:='hellos';
//then this <"hellos"> will appear at the taskbar as <"hellos">, then change it <"hi"> or <"hellos hi">
So, iS iT possible to change the application.Title of a (running application) or (not running application) ?
by Loading first in the TmemoryStream? then Saving it when changes are done in the Application Title?
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
CodedKCommented:
I'm pretty sure that this can be done but i don't have any idea how can this be done without hex search and edit of the loaded application.
You can retrieve version info but i never saw or tried to mess with the application name.
So i leave it open but i think its possible only through hexadecimal edit only.
0
 
systanAuthor Commented:
Ok CodedK
Thank you for the comments, I would like to wait 1 last comment from another expert, and I'll accept/close this post.
0
 
8080_DiverCommented:
iS it possible to know if the application(.exe) is using the function <<<"  InternetOpen  ">>>
Knowing by reading the file TModule32 ?

As previously indicated, yes . . . if you can decompile the application or if you have a pretty good knowledge of the assembly language of the machine.
iS it possible in programming with delphi ?
If you are asking whether you can tell if you have the source code open in Delphi 7, then the answer is a resounding "YES!"

I'm just waiting for answer: YES or NO,

And since this is a simple question for good points,  
I'd like to ask another yes or no,
iS it possible to change or add the appliction.title of an .exe file either running or not?
eq:
windows title bar is <"hellos">, then change/add to  <"mark hellos"  or  "coppper">

Maybe . . . (this one can't be answered with Yes/No because there are instances where you can and instances where you can't. ;-)
0
 
systanAuthor Commented:
>If you are asking whether you can tell if you have the source code open in Delphi 7, then the answer is a resounding "YES!"

Huh!, you really know the functions used by the application(not dll) using delphi? Really? I'm Surprise!

What about this link? Is this can know the functions like "InternetOpen" or " InternetOpenURL " or  "any_Functions" inside the application(not dll)?
http://www.cjandia.com/me/works/delphi/newide/RttiHlp.pas.txt

Ok, I will have to open another post to see if "really" can get the functions, and show me another link about the code.

Thank you
0
 
systanAuthor Commented:
Thanks CodedK

>And this was created with a decompiler that can understand Delphi calls and output a readable code.

Ops!, you mean to say that it is specific only to delphi?
What about other compiled applications?  Like c/c++ or cbuilder?  InternetOpen can't be recognized?
0
 
8080_DiverCommented:
systan,
Please note the following portion of my post before making more snide remarks:
if you have the source code open in Delphi 7
Since the question was specifically in reference to DELPHI, C++ and CBuilder are not within the realm of comments.  However, IF YOU HAVE THE (DEKLPHI) SOURCE CODE, then you can read the bloody code to tell what functions and prcoedures are being used.  I didn't say anything about a decompiler creating the source code, what I said was, IF YOU HAVE THE SOURCE CODE (not the decompiled code, not the machine code, but the bloody source code), you can do it.
I read the following line literatlly:

iS it possible in programming with delphi ?
Now, it is possible that there was a ESL issue involved in the wording of that question but, taken literally, if you are programming in Delphi, you bloody well should know what procedures and functions are being called.
Ops!, you mean to say that it is specific only to delphi?
As a general, there are decompilers that will provide psuedo-source-code in most languages that can create native, machine code executables, so, no, it is not specific only to Delphi.  Decompilers generall start by creating assembly language equivalents or applications.  From there, there are certain coding patterns that can often provide hints as to the original source language and compiler.  (Each compiler tends to translate certain statements in a fairly consistent way but different compilers may interchange some instructions in the process of translating the statements, when compared to any given compiler.)
0
 
systanAuthor Commented:
lol, Thank you, Delphi Rocks, even .NET will reach version 2020
0
 
systanAuthor Commented:
Ok, a followup question, one last answer please, just YES or NO, no following sentence

if its hard to get the function name inside the application(.exe), what if I assigned or PUT the entry_point or the address of the function that I am searching for:
like this:

Wininet.DLL exports TAble:
...
00015912h            264     InternetOpenA
00013491h            229     InternetConnectA
...

note:
00015912  (the address/entrypoint of InternetOpen in Wininet.DLL) I will put it in my code as string

code structure:
if "00015912" is found at "InternetEXE.exe" then
begin
showmessage('Internet open is found')
end;

iS this a possible technique?
0
 
8080_DiverCommented:
systan,
Your last request closely resembles the following question (which I defy you to answer Yes or No):
Are you still molesting children?
Are you saying that you are writing the Wininit.dll and you are puttinng a string in the code at the point of the InternetOpenA function?
Or, are you saying that "there exists a WinInit.dll that exports the InternetOpenA function"?
Also, is the 00015912h a relative address or an absolute address?
Finally, are you analyzing this DLL as it resides in memory or as a binary data file that you read and analyze without loading in the usual fashion?
 On the other hand, if you know that 00015912h is the address of the InternetOpen entry point, why do you need to search for it ?
Finally, your "code structure" is psuode-Delphi code but could not be written that way.  You would need to find the position of '00015912' within the block of binary data that you have read from the WinInit.dll file but you would need to read blocks with an overlap of  least 8 characters (so that you don't read in 00015 in one block and 912 in the next one.
Given that you are reading WinInit.dll as a data file and that you have the 00015912 as a text string within the file and that you are handling the block reads in an appropriate manner, then yes, that would be one technique for finding the entry point.  Although, that technique cannot be generalized because you cannot guarantee that all DLL's will provide such convenient markers. ;-)
0
 
systanAuthor Commented:
I think I should open a new post for continuing this discussion.
But first, let me clarify this, that I'm not molestering any child. LOL,  I'm just asking for help
This program I'm developing is not for bad intensions.  It is for a good reason, and I will not reveal of what I am trying to achieve, because maybe if I fail this project(personally) noone's gonna fire me.

Ok, this is the continued link, for a 250 points at the beginning.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.