├── .gitmodules
├── LICENSE
├── README.md
├── glueimport.dpr
├── glueimport.dproj
└── vmsweeper.reffile.pas


/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "peimage"]
2 | 	path = peimage
3 | 	url = https://github.com/vdisasm/pe-image-for-delphi
4 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | This is free and unencumbered software released into the public domain.
 2 | 
 3 | Anyone is free to copy, modify, publish, use, compile, sell, or
 4 | distribute this software, either in source code form or as a compiled
 5 | binary, for any purpose, commercial or non-commercial, and by any
 6 | means.
 7 | 
 8 | In jurisdictions that recognize copyright laws, the author or authors
 9 | of this software dedicate any and all copyright interest in the
10 | software to the public domain. We make this dedication for the benefit
11 | of the public at large and to the detriment of our heirs and
12 | successors. We intend this dedication to be an overt act of
13 | relinquishment in perpetuity of all present and future rights to this
14 | software under copyright law.
15 | 
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22 | OTHER DEALINGS IN THE SOFTWARE.
23 | 
24 | For more information, please refer to <http://unlicense.org>
25 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # pas-vmp-glueimport
 2 | 
 3 | It's a simple project to add imports recovered by VMSweeper tool (by Vamit) to VMProtect dump file.
 4 | Tested to compile with Delphi XE8.
 5 | 
 6 | As you can see from the sources, it parses reference file generated by VMSweeper, extracts import infos and generates new import table for dump file (uses pe-image-for-delphi project).
 7 | 
 8 | It's not guaranteed to work on any file.
 9 | 
10 | This repository was created in case it will be helpful.
11 | It's not going to be updated.
12 | 


--------------------------------------------------------------------------------
/glueimport.dpr:
--------------------------------------------------------------------------------
  1 | program glueimport;
  2 | 
  3 | {$APPTYPE CONSOLE}
  4 | {$R *.res}
  5 | {$WARN SYMBOL_PLATFORM OFF}
  6 | 
  7 | 
  8 | uses
  9 |   System.Classes,
 10 |   System.Generics.Collections,
 11 |   System.SysUtils,
 12 | 
 13 |   vmsweeper.reffile in 'vmsweeper.reffile.pas',
 14 | 
 15 |   pe.build,
 16 | 
 17 |   pe.build.import,
 18 |   pe.common,
 19 |   pe.image,
 20 |   pe.imports,
 21 |   pe.imports.lib,
 22 |   pe.imports.func,
 23 |   pe.section,
 24 |   pe.types.directories;
 25 | 
 26 | procedure generate_new_imports(img: TPEImage; Libs: TLibs);
 27 | const
 28 |   opcJmpPtr: word = $25FF;
 29 |   opcCallPtr: word = $15FF;
 30 | var
 31 |   libPair: TLibPair;
 32 |   funcPair: TFuncPair;
 33 |   tmpVA, iatVA: uint64;
 34 |   lib: TPEImportLibrary;
 35 |   iatIndex: UInt32;
 36 |   imps: TImpList;
 37 |   i: Integer;
 38 |   rec: TImp;
 39 |   FlatImpList: TImpList;
 40 |   iatDir: TImageDataDirectory;
 41 |   ordinal: integer;
 42 | begin
 43 | 
 44 |   FlatImpList := TImpList.Create;
 45 |   try
 46 |     // Fill image imports.
 47 | 
 48 |     img.imports.Clear;
 49 | 
 50 |     iatIndex := 0;
 51 |     for libPair in Libs do
 52 |     begin
 53 |       writeln('  ', libPair.Key);
 54 | 
 55 |       lib := img.imports.NewLib(libPair.Key);
 56 |       for funcPair in libPair.Value do
 57 |       begin
 58 |         if (funcPair.Key.StartsWith('#')) then
 59 |         begin
 60 |           // By ordinal.
 61 |           if (not integer.TryParse(funcPair.Key.Substring(1), ordinal)) then
 62 |           begin
 63 |             Writeln('Ordinal not parsed: ', libPair.Key, ', ordinal ', funcPair.Key);
 64 |             continue;
 65 |           end;
 66 |           lib.NewFunction(ordinal);
 67 |         end
 68 |         else
 69 |         begin
 70 |           // By name.
 71 |           lib.NewFunction(funcPair.Key);
 72 |         end;
 73 | 
 74 |         imps := funcPair.Value;
 75 |         for i := 0 to imps.Count - 1 do
 76 |         begin
 77 |           rec := imps[i];
 78 |           rec.iatIndex := iatIndex;
 79 |           FlatImpList.Add(rec);
 80 |         end;
 81 | 
 82 |         inc(iatIndex);
 83 |       end;
 84 | 
 85 |       inc(iatIndex); // null item
 86 |     end;
 87 | 
 88 |     // Create new import table.
 89 |     ReBuildDirData(img, DDIR_IMPORT, true);
 90 | 
 91 |     // Redirect imports to new IAT.
 92 |     if not img.DataDirectories.Get(DDIR_IAT, @iatDir) then
 93 |       raise Exception.Create('Failed to get IAT.');
 94 | 
 95 |     iatVA := img.RVAToVA(iatDir.VirtualAddress);
 96 | 
 97 |     for rec in FlatImpList do
 98 |     begin
 99 |       // jmp dword ptr [...]
100 |       img.PositionVA := rec.srcVA;
101 | 
102 |       if (rec.dispType = TImpDispatchType.Jump) then
103 |       begin
104 |         img.Write(opcJmpPtr, sizeof(opcJmpPtr));
105 |       end
106 |       else
107 |       begin
108 |         img.Write(opcCallPtr, sizeof(opcCallPtr));
109 |       end;
110 | 
111 |       // address
112 |       tmpVA := iatVA + rec.iatIndex * img.ImageWordSize;
113 |       img.Write(tmpVA, img.ImageWordSize)
114 |     end;
115 |   finally
116 |     FreeAndNil(FlatImpList);
117 |   end;
118 | end;
119 | 
120 | procedure PrintHeader;
121 | begin
122 |   writeln('VMProtect import fixer based on VMSweeper');
123 |   writeln('Credits to Vamit');
124 |   writeln;
125 |   writeln('This tool applies imports found by VMSweeper to existing dump');
126 |   writeln('Generally it''s for analysis, not for complete image unpack');
127 |   writeln;
128 |   writeln('Usage:');
129 |   writeln('  <ref> <dump> [<out>]');
130 |   writeln('  <ref>:  text file, just copy it from VMSweeper''s VM References window');
131 |   writeln('          it must contain resolved imports');
132 |   writeln('  <dump>: executable dump file name used to add imports');
133 |   writeln('  <out>:  optional file name for result executable');
134 | end;
135 | 
136 | procedure main(const refFn, dumpFn, outFn: string);
137 | var
138 |   Libs: TLibs;
139 |   img: TPEImage;
140 |   outputFn: string;
141 | begin
142 |   if (refFn.IsEmpty) or (dumpFn.IsEmpty) then
143 |   begin
144 |     PrintHeader;
145 |     exit;
146 |   end;
147 | 
148 |   Libs := TLibs.Create([doOwnsValues]);
149 |   try
150 |     write('Parsing reference file... ');
151 |     ParseImportsFromRefFile(refFn, Libs);
152 |     writeln(Libs.Count, ' libraries');
153 | 
154 |     img := TPEImage.Create;
155 |     try
156 |       write('Reading dump... ');
157 |       // load dump only, don't parse directories' content
158 |       if not img.LoadFromFile(dumpFn, []) then
159 |       begin
160 |         writeln('failed');
161 |         exit;
162 |       end;
163 |       writeln('ok');
164 | 
165 |       writeln('Creating new imports');
166 |       generate_new_imports(img, Libs);
167 | 
168 |       if outFn <> '' then
169 |         outputFn := outFn
170 |       else
171 |         outputFn := ChangeFileExt(dumpFn, '_imp' + ExtractFileExt(dumpFn));
172 | 
173 |       writeln('Saving new image');
174 |       img.SaveToFile(outputFn);
175 | 
176 |       writeln('Done');
177 |     finally
178 |       img.Free;
179 |     end;
180 |   finally
181 |     FreeAndNil(Libs);
182 |   end;
183 | end;
184 | 
185 | begin
186 |   ReportMemoryLeaksOnShutdown := true;
187 |   try
188 |     main(paramstr(1), paramstr(2), paramstr(3));
189 |     if DebugHook <> 0 then
190 |       readln;
191 |   except
192 |     on E: Exception do
193 |       writeln(E.ClassName, ': ', E.Message);
194 |   end;
195 | end.
196 | 


--------------------------------------------------------------------------------
/glueimport.dproj:
--------------------------------------------------------------------------------
  1 | <Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  2 |     <PropertyGroup>
  3 |         <ProjectGuid>{C4F17033-8BCC-48F3-B054-6C55636A5FFC}</ProjectGuid>
  4 |         <MainSource>glueimport.dpr</MainSource>
  5 |         <Base>True</Base>
  6 |         <Config Condition="'$(Config)'==''">Debug</Config>
  7 |         <TargetedPlatforms>1</TargetedPlatforms>
  8 |         <AppType>Console</AppType>
  9 |         <FrameworkType>None</FrameworkType>
 10 |         <ProjectVersion>18.0</ProjectVersion>
 11 |         <Platform Condition="'$(Platform)'==''">Win32</Platform>
 12 |     </PropertyGroup>
 13 |     <PropertyGroup Condition="'$(Config)'=='Base' or '$(Base)'!=''">
 14 |         <Base>true</Base>
 15 |     </PropertyGroup>
 16 |     <PropertyGroup Condition="('$(Platform)'=='Android' and '$(Base)'=='true') or '$(Base_Android)'!=''">
 17 |         <Base_Android>true</Base_Android>
 18 |         <CfgParent>Base</CfgParent>
 19 |         <Base>true</Base>
 20 |     </PropertyGroup>
 21 |     <PropertyGroup Condition="('$(Platform)'=='iOSDevice32' and '$(Base)'=='true') or '$(Base_iOSDevice32)'!=''">
 22 |         <Base_iOSDevice32>true</Base_iOSDevice32>
 23 |         <CfgParent>Base</CfgParent>
 24 |         <Base>true</Base>
 25 |     </PropertyGroup>
 26 |     <PropertyGroup Condition="('$(Platform)'=='iOSDevice64' and '$(Base)'=='true') or '$(Base_iOSDevice64)'!=''">
 27 |         <Base_iOSDevice64>true</Base_iOSDevice64>
 28 |         <CfgParent>Base</CfgParent>
 29 |         <Base>true</Base>
 30 |     </PropertyGroup>
 31 |     <PropertyGroup Condition="('$(Platform)'=='iOSSimulator' and '$(Base)'=='true') or '$(Base_iOSSimulator)'!=''">
 32 |         <Base_iOSSimulator>true</Base_iOSSimulator>
 33 |         <CfgParent>Base</CfgParent>
 34 |         <Base>true</Base>
 35 |     </PropertyGroup>
 36 |     <PropertyGroup Condition="('$(Platform)'=='Win32' and '$(Base)'=='true') or '$(Base_Win32)'!=''">
 37 |         <Base_Win32>true</Base_Win32>
 38 |         <CfgParent>Base</CfgParent>
 39 |         <Base>true</Base>
 40 |     </PropertyGroup>
 41 |     <PropertyGroup Condition="'$(Config)'=='Release' or '$(Cfg_1)'!=''">
 42 |         <Cfg_1>true</Cfg_1>
 43 |         <CfgParent>Base</CfgParent>
 44 |         <Base>true</Base>
 45 |     </PropertyGroup>
 46 |     <PropertyGroup Condition="('$(Platform)'=='Win32' and '$(Cfg_1)'=='true') or '$(Cfg_1_Win32)'!=''">
 47 |         <Cfg_1_Win32>true</Cfg_1_Win32>
 48 |         <CfgParent>Cfg_1</CfgParent>
 49 |         <Cfg_1>true</Cfg_1>
 50 |         <Base>true</Base>
 51 |     </PropertyGroup>
 52 |     <PropertyGroup Condition="'$(Config)'=='Debug' or '$(Cfg_2)'!=''">
 53 |         <Cfg_2>true</Cfg_2>
 54 |         <CfgParent>Base</CfgParent>
 55 |         <Base>true</Base>
 56 |     </PropertyGroup>
 57 |     <PropertyGroup Condition="('$(Platform)'=='Win32' and '$(Cfg_2)'=='true') or '$(Cfg_2_Win32)'!=''">
 58 |         <Cfg_2_Win32>true</Cfg_2_Win32>
 59 |         <CfgParent>Cfg_2</CfgParent>
 60 |         <Cfg_2>true</Cfg_2>
 61 |         <Base>true</Base>
 62 |     </PropertyGroup>
 63 |     <PropertyGroup Condition="'$(Base)'!=''">
 64 |         <DCC_N>false</DCC_N>
 65 |         <VerInfo_Locale>1033</VerInfo_Locale>
 66 |         <DCC_K>false</DCC_K>
 67 |         <DCC_F>false</DCC_F>
 68 |         <Icon_MainIcon>$(BDS)\bin\delphi_PROJECTICON.ico</Icon_MainIcon>
 69 |         <DCC_S>false</DCC_S>
 70 |         <SanitizedProjectName>glueimport</SanitizedProjectName>
 71 |         <DCC_UnitSearchPath>peimage;$(DCC_UnitSearchPath)</DCC_UnitSearchPath>
 72 |         <Icns_MainIcns>$(BDS)\bin\delphi_PROJECTICNS.icns</Icns_MainIcns>
 73 |         <DCC_ExeOutput>bin\$(platform)-$(config)</DCC_ExeOutput>
 74 |         <VerInfo_Keys>CompanyName=;FileDescription=;FileVersion=1.0.0.0;InternalName=;LegalCopyright=;LegalTrademarks=;OriginalFilename=;ProductName=;ProductVersion=1.0.0.0;Comments=;CFBundleName=</VerInfo_Keys>
 75 |         <DCC_ImageBase>00400000</DCC_ImageBase>
 76 |         <DCC_Namespace>System;Xml;Data;Datasnap;Web;Soap;$(DCC_Namespace)</DCC_Namespace>
 77 |         <DCC_E>false</DCC_E>
 78 |     </PropertyGroup>
 79 |     <PropertyGroup Condition="'$(Base_Android)'!=''">
 80 |         <Android_SplashImage640>$(BDS)\bin\Artwork\Android\FM_SplashImage_640x480.png</Android_SplashImage640>
 81 |         <Android_LauncherIcon72>$(BDS)\bin\Artwork\Android\FM_LauncherIcon_72x72.png</Android_LauncherIcon72>
 82 |         <Android_SplashImage426>$(BDS)\bin\Artwork\Android\FM_SplashImage_426x320.png</Android_SplashImage426>
 83 |         <AUP_WRITE_CALENDAR>true</AUP_WRITE_CALENDAR>
 84 |         <AUP_CAMERA>true</AUP_CAMERA>
 85 |         <Android_SplashImage960>$(BDS)\bin\Artwork\Android\FM_SplashImage_960x720.png</Android_SplashImage960>
 86 |         <AUP_ACCESS_FINE_LOCATION>true</AUP_ACCESS_FINE_LOCATION>
 87 |         <AUP_READ_EXTERNAL_STORAGE>true</AUP_READ_EXTERNAL_STORAGE>
 88 |         <AUP_ACCESS_COARSE_LOCATION>true</AUP_ACCESS_COARSE_LOCATION>
 89 |         <AUP_CALL_PHONE>true</AUP_CALL_PHONE>
 90 |         <AUP_INTERNET>true</AUP_INTERNET>
 91 |         <AUP_READ_CALENDAR>true</AUP_READ_CALENDAR>
 92 |         <Android_SplashImage470>$(BDS)\bin\Artwork\Android\FM_SplashImage_470x320.png</Android_SplashImage470>
 93 |         <Android_LauncherIcon144>$(BDS)\bin\Artwork\Android\FM_LauncherIcon_144x144.png</Android_LauncherIcon144>
 94 |         <Android_LauncherIcon48>$(BDS)\bin\Artwork\Android\FM_LauncherIcon_48x48.png</Android_LauncherIcon48>
 95 |         <AUP_WRITE_EXTERNAL_STORAGE>true</AUP_WRITE_EXTERNAL_STORAGE>
 96 |         <AUP_READ_PHONE_STATE>true</AUP_READ_PHONE_STATE>
 97 |         <Android_LauncherIcon36>$(BDS)\bin\Artwork\Android\FM_LauncherIcon_36x36.png</Android_LauncherIcon36>
 98 |         <Android_LauncherIcon96>$(BDS)\bin\Artwork\Android\FM_LauncherIcon_96x96.png</Android_LauncherIcon96>
 99 |     </PropertyGroup>
100 |     <PropertyGroup Condition="'$(Base_iOSDevice32)'!=''">
101 |         <iPad_Launch2048x1536>$(BDS)\bin\Artwork\iOS\iPad\FM_LaunchImageLandscape_2048x1536.png</iPad_Launch2048x1536>
102 |         <iPhone_Spotlight80>$(BDS)\bin\Artwork\iOS\iPhone\FM_SpotlightSearchIcon_80x80.png</iPhone_Spotlight80>
103 |         <iPad_Launch1536x2048>$(BDS)\bin\Artwork\iOS\iPad\FM_LaunchImagePortrait_1536x2048.png</iPad_Launch1536x2048>
104 |         <iPhone_AppIcon120>$(BDS)\bin\Artwork\iOS\iPhone\FM_ApplicationIcon_120x120.png</iPhone_AppIcon120>
105 |         <iPad_SpotLight40>$(BDS)\bin\Artwork\iOS\iPad\FM_SpotlightSearchIcon_40x40.png</iPad_SpotLight40>
106 |         <iPad_SpotLight80>$(BDS)\bin\Artwork\iOS\iPad\FM_SpotlightSearchIcon_80x80.png</iPad_SpotLight80>
107 |         <iPhone_Spotlight40>$(BDS)\bin\Artwork\iOS\iPhone\FM_SpotlightSearchIcon_40x40.png</iPhone_Spotlight40>
108 |         <iPad_AppIcon152>$(BDS)\bin\Artwork\iOS\iPad\FM_ApplicationIcon_152x152.png</iPad_AppIcon152>
109 |         <iPad_AppIcon76>$(BDS)\bin\Artwork\iOS\iPad\FM_ApplicationIcon_76x76.png</iPad_AppIcon76>
110 |         <iPad_Launch1024x768>$(BDS)\bin\Artwork\iOS\iPad\FM_LaunchImageLandscape_1024x768.png</iPad_Launch1024x768>
111 |         <iPhone_AppIcon60>$(BDS)\bin\Artwork\iOS\iPhone\FM_ApplicationIcon_60x60.png</iPhone_AppIcon60>
112 |         <iPad_Launch768x1024>$(BDS)\bin\Artwork\iOS\iPad\FM_LaunchImagePortrait_768x1024.png</iPad_Launch768x1024>
113 |     </PropertyGroup>
114 |     <PropertyGroup Condition="'$(Base_iOSDevice64)'!=''">
115 |         <iPad_Launch2048x1536>$(BDS)\bin\Artwork\iOS\iPad\FM_LaunchImageLandscape_2048x1536.png</iPad_Launch2048x1536>
116 |         <iPhone_Spotlight80>$(BDS)\bin\Artwork\iOS\iPhone\FM_SpotlightSearchIcon_80x80.png</iPhone_Spotlight80>
117 |         <iPad_Launch1536x2048>$(BDS)\bin\Artwork\iOS\iPad\FM_LaunchImagePortrait_1536x2048.png</iPad_Launch1536x2048>
118 |         <iPhone_AppIcon120>$(BDS)\bin\Artwork\iOS\iPhone\FM_ApplicationIcon_120x120.png</iPhone_AppIcon120>
119 |         <iPad_SpotLight40>$(BDS)\bin\Artwork\iOS\iPad\FM_SpotlightSearchIcon_40x40.png</iPad_SpotLight40>
120 |         <iPad_SpotLight80>$(BDS)\bin\Artwork\iOS\iPad\FM_SpotlightSearchIcon_80x80.png</iPad_SpotLight80>
121 |         <iPhone_Spotlight40>$(BDS)\bin\Artwork\iOS\iPhone\FM_SpotlightSearchIcon_40x40.png</iPhone_Spotlight40>
122 |         <iPad_AppIcon152>$(BDS)\bin\Artwork\iOS\iPad\FM_ApplicationIcon_152x152.png</iPad_AppIcon152>
123 |         <iPad_AppIcon76>$(BDS)\bin\Artwork\iOS\iPad\FM_ApplicationIcon_76x76.png</iPad_AppIcon76>
124 |         <iPad_Launch1024x768>$(BDS)\bin\Artwork\iOS\iPad\FM_LaunchImageLandscape_1024x768.png</iPad_Launch1024x768>
125 |         <iPhone_AppIcon60>$(BDS)\bin\Artwork\iOS\iPhone\FM_ApplicationIcon_60x60.png</iPhone_AppIcon60>
126 |         <iPad_Launch768x1024>$(BDS)\bin\Artwork\iOS\iPad\FM_LaunchImagePortrait_768x1024.png</iPad_Launch768x1024>
127 |     </PropertyGroup>
128 |     <PropertyGroup Condition="'$(Base_iOSSimulator)'!=''">
129 |         <iPad_Launch2048x1536>$(BDS)\bin\Artwork\iOS\iPad\FM_LaunchImageLandscape_2048x1536.png</iPad_Launch2048x1536>
130 |         <iPhone_Spotlight80>$(BDS)\bin\Artwork\iOS\iPhone\FM_SpotlightSearchIcon_80x80.png</iPhone_Spotlight80>
131 |         <iPad_Launch1536x2048>$(BDS)\bin\Artwork\iOS\iPad\FM_LaunchImagePortrait_1536x2048.png</iPad_Launch1536x2048>
132 |         <iPhone_AppIcon120>$(BDS)\bin\Artwork\iOS\iPhone\FM_ApplicationIcon_120x120.png</iPhone_AppIcon120>
133 |         <iPad_SpotLight40>$(BDS)\bin\Artwork\iOS\iPad\FM_SpotlightSearchIcon_40x40.png</iPad_SpotLight40>
134 |         <iPad_SpotLight80>$(BDS)\bin\Artwork\iOS\iPad\FM_SpotlightSearchIcon_80x80.png</iPad_SpotLight80>
135 |         <iPhone_Spotlight40>$(BDS)\bin\Artwork\iOS\iPhone\FM_SpotlightSearchIcon_40x40.png</iPhone_Spotlight40>
136 |         <iPad_AppIcon152>$(BDS)\bin\Artwork\iOS\iPad\FM_ApplicationIcon_152x152.png</iPad_AppIcon152>
137 |         <iPad_AppIcon76>$(BDS)\bin\Artwork\iOS\iPad\FM_ApplicationIcon_76x76.png</iPad_AppIcon76>
138 |         <iPad_Launch1024x768>$(BDS)\bin\Artwork\iOS\iPad\FM_LaunchImageLandscape_1024x768.png</iPad_Launch1024x768>
139 |         <iPhone_AppIcon60>$(BDS)\bin\Artwork\iOS\iPhone\FM_ApplicationIcon_60x60.png</iPhone_AppIcon60>
140 |         <iPad_Launch768x1024>$(BDS)\bin\Artwork\iOS\iPad\FM_LaunchImagePortrait_768x1024.png</iPad_Launch768x1024>
141 |     </PropertyGroup>
142 |     <PropertyGroup Condition="'$(Base_Win32)'!=''">
143 |         <VerInfo_Locale>1033</VerInfo_Locale>
144 |         <DCC_Namespace>Winapi;System.Win;Data.Win;Datasnap.Win;Web.Win;Soap.Win;Xml.Win;Bde;$(DCC_Namespace)</DCC_Namespace>
145 |         <VerInfo_Keys>CompanyName=;FileDescription=;FileVersion=1.0.0.0;InternalName=;LegalCopyright=;LegalTrademarks=;OriginalFilename=;ProductName=;ProductVersion=1.0.0.0;Comments=</VerInfo_Keys>
146 |     </PropertyGroup>
147 |     <PropertyGroup Condition="'$(Cfg_1)'!=''">
148 |         <DCC_DebugInformation>0</DCC_DebugInformation>
149 |         <DCC_LocalDebugSymbols>false</DCC_LocalDebugSymbols>
150 |         <DCC_SymbolReferenceInfo>0</DCC_SymbolReferenceInfo>
151 |         <DCC_Define>RELEASE;$(DCC_Define)</DCC_Define>
152 |     </PropertyGroup>
153 |     <PropertyGroup Condition="'$(Cfg_1_Win32)'!=''">
154 |         <Manifest_File>None</Manifest_File>
155 |         <VerInfo_Keys>CompanyName=;FileDescription=;FileVersion=1.0.0.0;InternalName=;LegalCopyright=;LegalTrademarks=;OriginalFilename=;ProductName=;ProductVersion=1.0.0.0;Comments=</VerInfo_Keys>
156 |     </PropertyGroup>
157 |     <PropertyGroup Condition="'$(Cfg_2)'!=''">
158 |         <DCC_GenerateStackFrames>true</DCC_GenerateStackFrames>
159 |         <DCC_Define>DEBUG;$(DCC_Define)</DCC_Define>
160 |         <DCC_Optimize>false</DCC_Optimize>
161 |     </PropertyGroup>
162 |     <PropertyGroup Condition="'$(Cfg_2_Win32)'!=''">
163 |         <Manifest_File>None</Manifest_File>
164 |         <VerInfo_Keys>CompanyName=;FileDescription=;FileVersion=1.0.0.0;InternalName=;LegalCopyright=;LegalTrademarks=;OriginalFilename=;ProductName=;ProductVersion=1.0.0.0;Comments=</VerInfo_Keys>
165 |     </PropertyGroup>
166 |     <ItemGroup>
167 |         <DelphiCompile Include="$(MainSource)">
168 |             <MainSource>MainSource</MainSource>
169 |         </DelphiCompile>
170 |         <DCCReference Include="vmsweeper.reffile.pas"/>
171 |         <BuildConfiguration Include="Debug">
172 |             <Key>Cfg_2</Key>
173 |             <CfgParent>Base</CfgParent>
174 |         </BuildConfiguration>
175 |         <BuildConfiguration Include="Base">
176 |             <Key>Base</Key>
177 |         </BuildConfiguration>
178 |         <BuildConfiguration Include="Release">
179 |             <Key>Cfg_1</Key>
180 |             <CfgParent>Base</CfgParent>
181 |         </BuildConfiguration>
182 |     </ItemGroup>
183 |     <ProjectExtensions>
184 |         <Borland.Personality>Delphi.Personality.12</Borland.Personality>
185 |         <Borland.ProjectType/>
186 |         <BorlandProject>
187 |             <Delphi.Personality>
188 |                 <Source>
189 |                     <Source Name="MainSource">glueimport.dpr</Source>
190 |                 </Source>
191 |                 <Excluded_Packages>
192 |                     <Excluded_Packages Name="$(BDSBIN)\dcloffice2k230.bpl">Microsoft Office 2000 Sample Automation Server Wrapper Components</Excluded_Packages>
193 |                     <Excluded_Packages Name="$(BDSBIN)\dclofficexp230.bpl">Microsoft Office XP Sample Automation Server Wrapper Components</Excluded_Packages>
194 |                 </Excluded_Packages>
195 |             </Delphi.Personality>
196 |             <Platforms>
197 |                 <Platform value="Android">False</Platform>
198 |                 <Platform value="iOSDevice32">False</Platform>
199 |                 <Platform value="iOSDevice64">False</Platform>
200 |                 <Platform value="iOSSimulator">False</Platform>
201 |                 <Platform value="OSX32">False</Platform>
202 |                 <Platform value="Win32">True</Platform>
203 |                 <Platform value="Win64">False</Platform>
204 |             </Platforms>
205 |         </BorlandProject>
206 |         <ProjectFileVersion>12</ProjectFileVersion>
207 |     </ProjectExtensions>
208 |     <Import Project="$(BDS)\Bin\CodeGear.Delphi.Targets" Condition="Exists('$(BDS)\Bin\CodeGear.Delphi.Targets')"/>
209 |     <Import Project="$(APPDATA)\Embarcadero\$(BDSAPPDATABASEDIR)\$(PRODUCTVERSION)\UserTools.proj" Condition="Exists('$(APPDATA)\Embarcadero\$(BDSAPPDATABASEDIR)\$(PRODUCTVERSION)\UserTools.proj')"/>
210 | </Project>
211 | 


--------------------------------------------------------------------------------
/vmsweeper.reffile.pas:
--------------------------------------------------------------------------------
  1 | unit vmsweeper.reffile;
  2 | 
  3 | interface
  4 | 
  5 | uses
  6 |   System.Classes,
  7 |   System.Generics.Collections,
  8 |   System.SysUtils;
  9 | 
 10 | type
 11 |   TImpDispatchType =
 12 |   (
 13 |     Jump, // FF25..
 14 |     Call  // FF15..
 15 |   );
 16 | 
 17 |   // List of addresses referencing same function.
 18 |   TImp = record
 19 |     dispType: TImpDispatchType;
 20 |     srcVA: uint64;
 21 |     iatIndex: uint32;
 22 |   end;
 23 | 
 24 |   TImpList = TList<TImp>;
 25 | 
 26 |   TFuncName = string;
 27 |   TFuncPair = TPair<TFuncName, TImpList>;
 28 |   TFuncs = TObjectDictionary<TFuncName, TImpList>;
 29 | 
 30 |   TLibName = string;
 31 |   TLibPair = TPair<TLibName, TFuncs>;
 32 |   TLibs = TObjectDictionary<TLibName, TFuncs>;
 33 | 
 34 | procedure ParseImportsFromRefFile(const RefFileName: string; Libs: TLibs);
 35 | 
 36 | implementation
 37 | 
 38 | const
 39 |   HexDigits = ['0' .. '9', 'a' .. 'f', 'A' .. 'F'];
 40 | 
 41 | function IsHex(const s: string): boolean;
 42 | var
 43 |   c: char;
 44 | begin
 45 |   if s.IsEmpty then
 46 |     exit(false);
 47 |   for c in s do
 48 |     if not(CharInSet(c, HexDigits)) then
 49 |       exit(false);
 50 |   exit(true);
 51 | end;
 52 | 
 53 | procedure SplitWords(const line: string; words: TStringList);
 54 | var
 55 |   word: string;
 56 |   p: pchar;
 57 |   i, w0: integer;
 58 | begin
 59 |   words.Clear;
 60 |   if line.IsEmpty then
 61 |     exit;
 62 |   p := pchar(line);
 63 |   i := 0;
 64 |   w0 := -1;
 65 |   while i <= length(line) do
 66 |   begin
 67 |     if (p[0] = #0) or ((p[0] = ' ') and (p[1] = ' ')) then
 68 |     begin
 69 |       if w0 <> -1 then
 70 |       begin
 71 |         word := line.Substring(w0, i - w0);
 72 |         words.Add(word);
 73 |         w0 := -1;
 74 |       end;
 75 |     end
 76 |     else if (p[0] <> ' ') then
 77 |     begin
 78 |       if w0 = -1 then
 79 |         w0 := i;
 80 |     end;
 81 | 
 82 |     inc(p);
 83 |     inc(i);
 84 |   end;
 85 | end;
 86 | 
 87 | procedure AddFunc(va: uint64; const lib, func: string; Libs: TLibs; call: boolean);
 88 | var
 89 |   libName: string;
 90 |   funcs: TFuncs;
 91 |   list: TImpList;
 92 |   rec: TImp;
 93 | begin
 94 |   libName := lib.ToLower;
 95 |   if not Libs.TryGetValue(libName, funcs) then
 96 |   begin
 97 |     funcs := TFuncs.Create([doOwnsValues]);
 98 |     Libs.Add(libName, funcs);
 99 |   end;
100 | 
101 |   if not funcs.TryGetValue(func, list) then
102 |   begin
103 |     list := TImpList.Create;
104 |     funcs.Add(func, list);
105 |   end;
106 | 
107 |   if (call) then
108 |     rec.dispType := TImpDispatchType.Call
109 |   else
110 |     rec.dispType := TImpDispatchType.Jump;
111 | 
112 |   rec.srcVA := va;
113 |   rec.iatIndex := 0;
114 | 
115 |   list.Add(rec);
116 | end;
117 | 
118 | function IsStatusDoneOrProcessing(txt: string): boolean; inline;
119 | begin
120 |   txt := txt.ToUpper();
121 |   result := txt.Equals('DONE') or
122 |             txt.Equals('PROCESSING');
123 | end;
124 | 
125 | procedure ParseImportsFromRefFile(const RefFileName: string; Libs: TLibs);
126 | var
127 |   sl: TStringList;
128 |   i: integer;
129 |   words: TStringList;
130 |   libFunc: TArray<string>;
131 |   va: uint64;
132 |   isCall: boolean;
133 | begin
134 |   sl := TStringList.Create;
135 |   words := TStringList.Create;
136 |   try
137 |     sl.LoadFromFile(RefFileName);
138 |     for i := 0 to sl.Count - 1 do
139 |     begin
140 |       SplitWords(sl[i], words);
141 |       if (words.Count = 4) and IsStatusDoneOrProcessing(words[3]) and IsHex(words[0]) then
142 |       begin
143 |         libFunc := words[2].Split(['.']);
144 |         if (length(libFunc) = 2) then
145 |         begin
146 |           isCall := words[1].ToUpper().StartsWith('CALL');
147 |           va := uint64(StrToInt64('$' + words[0]));
148 |           AddFunc(va, libFunc[0], libFunc[1], Libs, isCall);
149 |         end;
150 |       end;
151 |     end;
152 |   finally
153 |     sl.Free;
154 |     words.Free;
155 |   end;
156 | end;
157 | 
158 | end.
159 | 


--------------------------------------------------------------------------------