读取 pascal 二进制文件的真实内容
Reading real content of pascal's binary file
我想知道二进制文件的真实内容。
文件由基于 Deplhi(FreePascal?)的应用程序创建。
- 文件名为 FDane.bin
- 我没有这个应用程序的源代码
反汇编应用程序后,我看到(包含 FDane.bin 字的部分反汇编代码):
procedure TFrmDroga.ReadLinesFromFile(Sender : TObject);
begin
(*
005F0BB0 55 push ebp
005F0BB1 8BEC mov ebp, esp
005F0BB3 83C4E0 add esp, -
005F0BB6 53 push ebx
005F0BB7 56 push esi
005F0BB8 57 push edi
005F0BB9 8945FC mov [ebp-], eax
005F0BBC 8D75EF lea esi, [ebp-]
005F0BBF 33C0 xor eax, eax
005F0BC1 55 push ebp
005F0BC2 681A135F00 push [=10=]5F131A
005F0BC7 64FF30 push dword ptr fs:[eax]
005F0BCA 648920 mov fs:[eax], esp
|
005F0BCD E8DAC4E1FF call 0040D0AC
005F0BD2 DD1D6C936000 fstp qword ptr [[=10=]60936C]
005F0BD8 9B wait
005F0BD9 B201 mov dl,
* Reference to class TMemoryStream
|
005F0BDB A144EB4100 mov eax, dword ptr [[=10=]41EB44]
|
005F0BE0 E84735E1FF call 0040412C
005F0BE5 8945F8 mov [ebp-], eax
005F0BE8 B201 mov dl,
* Reference to class TMemoryStream
|
005F0BEA A144EB4100 mov eax, dword ptr [[=10=]41EB44]
|
005F0BEF E83835E1FF call 0040412C
005F0BF4 8945F4 mov [ebp-[=10=]C], eax
* Possible String Reference to: 'FDane.bin'
|
005F0BF7 BA30135F00 mov edx, [=10=]5F1330
005F0BFC 8B45F4 mov eax, [ebp-[=10=]C]
|
005F0BFF E8C834E3FF call 004240CC
005F0C04 6A00 push [=10=]
005F0C06 6A00 push [=10=]
005F0C08 8B45F8 mov eax, [ebp-]
|
005F0C0B E8EC2CE3FF call 004238FC
005F0C10 6A00 push [=10=]
005F0C12 6A00 push [=10=]
005F0C14 8B45F4 mov eax, [ebp-[=10=]C]
|
005F0C17 E8E02CE3FF call 004238FC
005F0C1C 8B45F4 mov eax, [ebp-[=10=]C]
005F0C1F 8B10 mov edx, [eax]
005F0C21 FF12 call dword ptr [edx]
005F0C23 85C0 test eax, eax
005F0C25 7E3B jle 005F0C62
005F0C27 8945E8 mov [ebp-], eax
005F0C2A BB01000000 mov ebx, [=10=]000001
005F0C2F 8BD6 mov edx, esi
005F0C31 B901000000 mov ecx, [=10=]000001
005F0C36 8B45F4 mov eax, [ebp-[=10=]C]
005F0C39 8B38 mov edi, [eax]
* Possible reference to virtual method TMemoryStream.OFFS_0C
|
005F0C3B FF570C call dword ptr [edi+[=10=]C]
005F0C3E 8BC3 mov eax, ebx
005F0C40 B9C8000000 mov ecx, [=10=]0000C8
005F0C45 99 cdq
005F0C46 F7F9 idiv ecx
005F0C48 80C220 add dl,
005F0C4B 3016 xor [esi], dl
005F0C4D 8BD6 mov edx, esi
005F0C4F B901000000 mov ecx, [=10=]000001
005F0C54 8B45F8 mov eax, [ebp-]
005F0C57 8B38 mov edi, [eax]
* Possible reference to virtual method TMemoryStream.OFFS_10
|
005F0C59 FF5710 call dword ptr [edi+]
005F0C5C 43 inc ebx
005F0C5D FF4DE8 dec dword ptr [ebp-]
005F0C60 75CD jnz 005F0C2F
005F0C62 6A00 push [=10=]
005F0C64 6A00 push [=10=]
005F0C66 8B45F8 mov eax, [ebp-]
|
005F0C69 E88E2CE3FF call 004238FC
005F0C6E 8B45F4 mov eax, [ebp-[=10=]C]
|
005F0C71 E80634E3FF call 0042407C
005F0C76 8B45FC mov eax, [ebp-]
* Reference to control TFrmDroga.CDSBrutto : TClientDataSet
|
005F0C79 8B8098040000 mov eax, [eax+98]
005F0C7F 8B55F8 mov edx, [ebp-]
|
005F0C82 E8A180F0FF call 004F8D28
005F0C87 8B45FC mov eax, [ebp-]
* Reference to control TFrmDroga.CDSBrutto : TClientDataSet
|
005F0C8A 8B8098040000 mov eax, [eax+98]
使用'strings FDane.bin | head -n 50'后得到(这是一部分):
&'(1*+,*.
0120456
82s_f\UM%27
6GFFHIJKLB
>6)5?#
,8-05_^^`abcdn*
srrtuvwxq
!"#$%hg,)g
./0323446789:;<s~G@ABCDEFGH
BL{~sm
nbfeVWXZZ[\_^_`abcd;&
hijklmno
2ytDDGDD7GMEN
Re,'
2342678?:;<=>?
EEFGHIJK
EPbdchh
klkj[\]V_`aecdefgh)
lnopqrstu
7ryNILAC2
s"!"#$%&'
7896;<=5?@ABCD
KJKLMNOP
^U`aheg
`jlo`abndefkhijklm
0}qstuvwxy
<w~H
&&'()*+,-./61
z89:*<<>?@ABCDEFGHuJKLMNOPQR
doj[\]L_aaccdefghi$+
mnopqrstu(7qyLK@@3C
!"#$%&
Zi +
678/::<8>?@ABC
/IIJKLMNO
YTffgdd
gokn_`aucee`ghijkl
prstuvwx9
;v}MI
b{&%&'()*+
;<=%?AAHCDEFGH
ONOPQRST
RYlklac
\WTSdef{hhj`lmnopq
twxyz{|}
!"#$e
**+,-./0
@ABcDDFHHIJKLMn
QSTUVWXY
V^fPQ^^)YWWXYjklLnnparstuvw8
200行后数据变为:
MKEUNF/0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWV
5797;
ghijklmnopqrstuvwxyz{|}~
!"#$%&7cFFNF
]AAF]V89:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[G
xyz{|}~
!"#$%&'()*;gBBJZT
a[FO]KRS^<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_x1)3D,
_R T
Vyz{|}~
!"#$%&'()*+,-.
cTDDBXMHW\
t/-')d
)-)3.$;,n
r)t:x8vYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcU5-7H:
!"#$%&'()*+,-./012-da}
qW\I]NJM5*666$f
4,!9:RSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgs,
Z(5856
!"#$%&'()*+,-./0123456:snx
EFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
iyi|v{123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkg&9$P93?1846xyz{|}~
!"#$%&'()*+,-./0123456789:!f\U
!%;c
?)3'>/k
VWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
ibg#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnoj+"S2'7#+:2:?5^
!"#$%&'()*+,-./0123456789:;<=>2
MNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrsS&
!"#$%&'()*+,-./0123456789:;<=>?@AB_
*6&$'#.l
+#17;!!u
`abcdefghijklmnopqrstuvwxyz{|}~
OVLJ
aikfh
456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwX#
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFf
-)7o
97>=6,9=y
55:D6H&Fijklmnopqrstuvwxyz{|}~
HDOJG_HB
yegenk
456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{N6
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJB
UVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
idolslr'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNF
YZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
好像有一些字符数据(我看到 ASCII 最多 127 个字符)。我不是 Pascal,Delphi 程序员。我知道 Python,一些 C 和 Java。可以解码吗?
一些提示:
反汇编显示 tmemorystream,然后是 tclientdataset 调用。这使得它 delphi,并且单独 delphi/bcb(FreePascal 的等价物称为 TBufDataset)
TClientdataset .cds 是数据集的一些专有流格式。它可能取决于 delphi 版本。更高版本(D2010+?仅限 rad studio?)版本带有您可以检查的 TClientDataset 源。
搜索“.cds tclientdataset 文件格式”也可能会找到一些东西,希望它不支持加密。
我想知道二进制文件的真实内容。 文件由基于 Deplhi(FreePascal?)的应用程序创建。
- 文件名为 FDane.bin
- 我没有这个应用程序的源代码
反汇编应用程序后,我看到(包含 FDane.bin 字的部分反汇编代码):
procedure TFrmDroga.ReadLinesFromFile(Sender : TObject);
begin
(*
005F0BB0 55 push ebp
005F0BB1 8BEC mov ebp, esp
005F0BB3 83C4E0 add esp, -
005F0BB6 53 push ebx
005F0BB7 56 push esi
005F0BB8 57 push edi
005F0BB9 8945FC mov [ebp-], eax
005F0BBC 8D75EF lea esi, [ebp-]
005F0BBF 33C0 xor eax, eax
005F0BC1 55 push ebp
005F0BC2 681A135F00 push [=10=]5F131A
005F0BC7 64FF30 push dword ptr fs:[eax]
005F0BCA 648920 mov fs:[eax], esp
|
005F0BCD E8DAC4E1FF call 0040D0AC
005F0BD2 DD1D6C936000 fstp qword ptr [[=10=]60936C]
005F0BD8 9B wait
005F0BD9 B201 mov dl,
* Reference to class TMemoryStream
|
005F0BDB A144EB4100 mov eax, dword ptr [[=10=]41EB44]
|
005F0BE0 E84735E1FF call 0040412C
005F0BE5 8945F8 mov [ebp-], eax
005F0BE8 B201 mov dl,
* Reference to class TMemoryStream
|
005F0BEA A144EB4100 mov eax, dword ptr [[=10=]41EB44]
|
005F0BEF E83835E1FF call 0040412C
005F0BF4 8945F4 mov [ebp-[=10=]C], eax
* Possible String Reference to: 'FDane.bin'
|
005F0BF7 BA30135F00 mov edx, [=10=]5F1330
005F0BFC 8B45F4 mov eax, [ebp-[=10=]C]
|
005F0BFF E8C834E3FF call 004240CC
005F0C04 6A00 push [=10=]
005F0C06 6A00 push [=10=]
005F0C08 8B45F8 mov eax, [ebp-]
|
005F0C0B E8EC2CE3FF call 004238FC
005F0C10 6A00 push [=10=]
005F0C12 6A00 push [=10=]
005F0C14 8B45F4 mov eax, [ebp-[=10=]C]
|
005F0C17 E8E02CE3FF call 004238FC
005F0C1C 8B45F4 mov eax, [ebp-[=10=]C]
005F0C1F 8B10 mov edx, [eax]
005F0C21 FF12 call dword ptr [edx]
005F0C23 85C0 test eax, eax
005F0C25 7E3B jle 005F0C62
005F0C27 8945E8 mov [ebp-], eax
005F0C2A BB01000000 mov ebx, [=10=]000001
005F0C2F 8BD6 mov edx, esi
005F0C31 B901000000 mov ecx, [=10=]000001
005F0C36 8B45F4 mov eax, [ebp-[=10=]C]
005F0C39 8B38 mov edi, [eax]
* Possible reference to virtual method TMemoryStream.OFFS_0C
|
005F0C3B FF570C call dword ptr [edi+[=10=]C]
005F0C3E 8BC3 mov eax, ebx
005F0C40 B9C8000000 mov ecx, [=10=]0000C8
005F0C45 99 cdq
005F0C46 F7F9 idiv ecx
005F0C48 80C220 add dl,
005F0C4B 3016 xor [esi], dl
005F0C4D 8BD6 mov edx, esi
005F0C4F B901000000 mov ecx, [=10=]000001
005F0C54 8B45F8 mov eax, [ebp-]
005F0C57 8B38 mov edi, [eax]
* Possible reference to virtual method TMemoryStream.OFFS_10
|
005F0C59 FF5710 call dword ptr [edi+]
005F0C5C 43 inc ebx
005F0C5D FF4DE8 dec dword ptr [ebp-]
005F0C60 75CD jnz 005F0C2F
005F0C62 6A00 push [=10=]
005F0C64 6A00 push [=10=]
005F0C66 8B45F8 mov eax, [ebp-]
|
005F0C69 E88E2CE3FF call 004238FC
005F0C6E 8B45F4 mov eax, [ebp-[=10=]C]
|
005F0C71 E80634E3FF call 0042407C
005F0C76 8B45FC mov eax, [ebp-]
* Reference to control TFrmDroga.CDSBrutto : TClientDataSet
|
005F0C79 8B8098040000 mov eax, [eax+98]
005F0C7F 8B55F8 mov edx, [ebp-]
|
005F0C82 E8A180F0FF call 004F8D28
005F0C87 8B45FC mov eax, [ebp-]
* Reference to control TFrmDroga.CDSBrutto : TClientDataSet
|
005F0C8A 8B8098040000 mov eax, [eax+98]
使用'strings FDane.bin | head -n 50'后得到(这是一部分):
&'(1*+,*.
0120456
82s_f\UM%27
6GFFHIJKLB
>6)5?#
,8-05_^^`abcdn*
srrtuvwxq
!"#$%hg,)g
./0323446789:;<s~G@ABCDEFGH
BL{~sm
nbfeVWXZZ[\_^_`abcd;&
hijklmno
2ytDDGDD7GMEN
Re,'
2342678?:;<=>?
EEFGHIJK
EPbdchh
klkj[\]V_`aecdefgh)
lnopqrstu
7ryNILAC2
s"!"#$%&'
7896;<=5?@ABCD
KJKLMNOP
^U`aheg
`jlo`abndefkhijklm
0}qstuvwxy
<w~H
&&'()*+,-./61
z89:*<<>?@ABCDEFGHuJKLMNOPQR
doj[\]L_aaccdefghi$+
mnopqrstu(7qyLK@@3C
!"#$%&
Zi +
678/::<8>?@ABC
/IIJKLMNO
YTffgdd
gokn_`aucee`ghijkl
prstuvwx9
;v}MI
b{&%&'()*+
;<=%?AAHCDEFGH
ONOPQRST
RYlklac
\WTSdef{hhj`lmnopq
twxyz{|}
!"#$e
**+,-./0
@ABcDDFHHIJKLMn
QSTUVWXY
V^fPQ^^)YWWXYjklLnnparstuvw8
200行后数据变为:
MKEUNF/0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWV
5797;
ghijklmnopqrstuvwxyz{|}~
!"#$%&7cFFNF
]AAF]V89:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[G
xyz{|}~
!"#$%&'()*;gBBJZT
a[FO]KRS^<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_x1)3D,
_R T
Vyz{|}~
!"#$%&'()*+,-.
cTDDBXMHW\
t/-')d
)-)3.$;,n
r)t:x8vYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcU5-7H:
!"#$%&'()*+,-./012-da}
qW\I]NJM5*666$f
4,!9:RSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgs,
Z(5856
!"#$%&'()*+,-./0123456:snx
EFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
iyi|v{123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkg&9$P93?1846xyz{|}~
!"#$%&'()*+,-./0123456789:!f\U
!%;c
?)3'>/k
VWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
ibg#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnoj+"S2'7#+:2:?5^
!"#$%&'()*+,-./0123456789:;<=>2
MNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrsS&
!"#$%&'()*+,-./0123456789:;<=>?@AB_
*6&$'#.l
+#17;!!u
`abcdefghijklmnopqrstuvwxyz{|}~
OVLJ
aikfh
456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwX#
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFf
-)7o
97>=6,9=y
55:D6H&Fijklmnopqrstuvwxyz{|}~
HDOJG_HB
yegenk
456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{N6
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJB
UVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
idolslr'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNF
YZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
好像有一些字符数据(我看到 ASCII 最多 127 个字符)。我不是 Pascal,Delphi 程序员。我知道 Python,一些 C 和 Java。可以解码吗?
一些提示:
反汇编显示 tmemorystream,然后是 tclientdataset 调用。这使得它 delphi,并且单独 delphi/bcb(FreePascal 的等价物称为 TBufDataset)
TClientdataset .cds 是数据集的一些专有流格式。它可能取决于 delphi 版本。更高版本(D2010+?仅限 rad studio?)版本带有您可以检查的 TClientDataset 源。
搜索“.cds tclientdataset 文件格式”也可能会找到一些东西,希望它不支持加密。