读取 pascal 二进制文件的真实内容

Reading real content of pascal's binary file

我想知道二进制文件的真实内容。 文件由基于 Deplhi(FreePascal?)的应用程序创建。

反汇编应用程序后,我看到(包含 FDane.bin 字的部分反汇编代码):

    procedure TFrmDroga.ReadLinesFromFile(Sender : TObject);
begin
(*
005F0BB0   55                     push    ebp
005F0BB1   8BEC                   mov     ebp, esp
005F0BB3   83C4E0                 add     esp, -
005F0BB6   53                     push    ebx
005F0BB7   56                     push    esi
005F0BB8   57                     push    edi
005F0BB9   8945FC                 mov     [ebp-], eax
005F0BBC   8D75EF                 lea     esi, [ebp-]
005F0BBF   33C0                   xor     eax, eax
005F0BC1   55                     push    ebp
005F0BC2   681A135F00             push    [=10=]5F131A
005F0BC7   64FF30                 push    dword ptr fs:[eax]
005F0BCA   648920                 mov     fs:[eax], esp

|
005F0BCD   E8DAC4E1FF             call    0040D0AC
005F0BD2   DD1D6C936000           fstp    qword ptr [[=10=]60936C]
005F0BD8   9B                     wait
005F0BD9   B201                   mov     dl, 

* Reference to class TMemoryStream
|
005F0BDB   A144EB4100             mov     eax, dword ptr [[=10=]41EB44]

|
005F0BE0   E84735E1FF             call    0040412C
005F0BE5   8945F8                 mov     [ebp-], eax
005F0BE8   B201                   mov     dl, 

* Reference to class TMemoryStream
|
005F0BEA   A144EB4100             mov     eax, dword ptr [[=10=]41EB44]

|
005F0BEF   E83835E1FF             call    0040412C
005F0BF4   8945F4                 mov     [ebp-[=10=]C], eax

* Possible String Reference to: 'FDane.bin'
|
005F0BF7   BA30135F00             mov     edx, [=10=]5F1330
005F0BFC   8B45F4                 mov     eax, [ebp-[=10=]C]

|
005F0BFF   E8C834E3FF             call    004240CC
005F0C04   6A00                   push    [=10=]
005F0C06   6A00                   push    [=10=]
005F0C08   8B45F8                 mov     eax, [ebp-]

|
005F0C0B   E8EC2CE3FF             call    004238FC
005F0C10   6A00                   push    [=10=]
005F0C12   6A00                   push    [=10=]
005F0C14   8B45F4                 mov     eax, [ebp-[=10=]C]

|
005F0C17   E8E02CE3FF             call    004238FC
005F0C1C   8B45F4                 mov     eax, [ebp-[=10=]C]
005F0C1F   8B10                   mov     edx, [eax]
005F0C21   FF12                   call    dword ptr [edx]
005F0C23   85C0                   test    eax, eax
005F0C25   7E3B                   jle     005F0C62
005F0C27   8945E8                 mov     [ebp-], eax
005F0C2A   BB01000000             mov     ebx, [=10=]000001
005F0C2F   8BD6                   mov     edx, esi
005F0C31   B901000000             mov     ecx, [=10=]000001
005F0C36   8B45F4                 mov     eax, [ebp-[=10=]C]
005F0C39   8B38                   mov     edi, [eax]

* Possible reference to virtual method TMemoryStream.OFFS_0C
|
005F0C3B   FF570C                 call    dword ptr [edi+[=10=]C]
005F0C3E   8BC3                   mov     eax, ebx
005F0C40   B9C8000000             mov     ecx, [=10=]0000C8
005F0C45   99                     cdq
005F0C46   F7F9                   idiv    ecx 
005F0C48   80C220                 add     dl, 
005F0C4B   3016                   xor     [esi], dl
005F0C4D   8BD6                   mov     edx, esi
005F0C4F   B901000000             mov     ecx, [=10=]000001
005F0C54   8B45F8                 mov     eax, [ebp-]
005F0C57   8B38                   mov     edi, [eax]

* Possible reference to virtual method TMemoryStream.OFFS_10
|
005F0C59   FF5710                 call    dword ptr [edi+]
005F0C5C   43                     inc     ebx
005F0C5D   FF4DE8                 dec     dword ptr [ebp-]
005F0C60   75CD                   jnz     005F0C2F
005F0C62   6A00                   push    [=10=]
005F0C64   6A00                   push    [=10=]
005F0C66   8B45F8                 mov     eax, [ebp-]

|
005F0C69   E88E2CE3FF             call    004238FC
005F0C6E   8B45F4                 mov     eax, [ebp-[=10=]C]

|
005F0C71   E80634E3FF             call    0042407C
005F0C76   8B45FC                 mov     eax, [ebp-]

* Reference to control TFrmDroga.CDSBrutto : TClientDataSet
|
005F0C79   8B8098040000           mov     eax, [eax+98]
005F0C7F   8B55F8                 mov     edx, [ebp-]

|
005F0C82   E8A180F0FF             call    004F8D28
005F0C87   8B45FC                 mov     eax, [ebp-]

* Reference to control TFrmDroga.CDSBrutto : TClientDataSet
|
005F0C8A   8B8098040000           mov     eax, [eax+98]

使用'strings FDane.bin | head -n 50'后得到(这是一部分):

    &'(1*+,*.
0120456
82s_f\UM%27
6GFFHIJKLB
>6)5?#
,8-05_^^`abcdn*
srrtuvwxq 
!"#$%hg,)g
./0323446789:;<s~G@ABCDEFGH
BL{~sm
nbfeVWXZZ[\_^_`abcd;&
hijklmno
2ytDDGDD7GMEN
Re,'
2342678?:;<=>?
EEFGHIJK
EPbdchh
klkj[\]V_`aecdefgh)
lnopqrstu
7ryNILAC2
s"!"#$%&'
7896;<=5?@ABCD
KJKLMNOP
^U`aheg
`jlo`abndefkhijklm
0}qstuvwxy
<w~H
&&'()*+,-./61
z89:*<<>?@ABCDEFGHuJKLMNOPQR
doj[\]L_aaccdefghi$+
mnopqrstu(7qyLK@@3C
!"#$%&
Zi +
678/::<8>?@ABC
/IIJKLMNO
YTffgdd
gokn_`aucee`ghijkl
prstuvwx9
;v}MI
b{&%&'()*+
;<=%?AAHCDEFGH
ONOPQRST
RYlklac
\WTSdef{hhj`lmnopq
twxyz{|}
!"#$e
**+,-./0
@ABcDDFHHIJKLMn
QSTUVWXY
V^fPQ^^)YWWXYjklLnnparstuvw8

200行后数据变为:

    MKEUNF/0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWV
5797;
ghijklmnopqrstuvwxyz{|}~
!"#$%&7cFFNF
]AAF]V89:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[G
xyz{|}~
!"#$%&'()*;gBBJZT
a[FO]KRS^<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_x1)3D,
_R      T
Vyz{|}~
!"#$%&'()*+,-.
cTDDBXMHW\
t/-')d
)-)3.$;,n
r)t:x8vYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcU5-7H:
!"#$%&'()*+,-./012-da}
qW\I]NJM5*666$f
4,!9:RSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgs,
Z(5856
!"#$%&'()*+,-./0123456:snx
EFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
iyi|v{123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkg&9$P93?1846xyz{|}~
!"#$%&'()*+,-./0123456789:!f\U
!%;c
?)3'>/k
VWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
ibg#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnoj+"S2'7#+:2:?5^
!"#$%&'()*+,-./0123456789:;<=>2
        MNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrsS&
!"#$%&'()*+,-./0123456789:;<=>?@AB_
*6&$'#.l
+#17;!!u
`abcdefghijklmnopqrstuvwxyz{|}~
OVLJ
aikfh
456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwX#
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFf
-)7o
97>=6,9=y       
55:D6H&Fijklmnopqrstuvwxyz{|}~
HDOJG_HB
yegenk
456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{N6
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJB
UVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
idolslr'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNF
YZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

好像有一些字符数据(我看到 ASCII 最多 127 个字符)。我不是 Pascal,Delphi 程序员。我知道 Python,一些 C 和 Java。可以解码吗?

一些提示:

反汇编显示 tmemorystream,然后是 tclientdataset 调用。这使得它 delphi,并且单独 delphi/bcb(FreePascal 的等价物称为 TBufDataset)

TClientdataset .cds 是数据集的一些专有流格式。它可能取决于 delphi 版本。更高版本(D2010+?仅限 rad studio?)版本带有您可以检查的 TClientDataset 源。

搜索“.cds tclientdataset 文件格式”也可能会找到一些东西,希望它不支持加密。