A forum for reverse engineering, OS internals and malware analysis 

Discussion on reverse-engineering and debugging.
 #15767  by hanan
 Thu Sep 27, 2012 7:58 am

I would like to know if reversing a malware that has been written with delphi is requiring a different skill set than knowing how to reverse a malware that has been written using C or the like.

I found that to be different, but i would like to know how much different is it? am i need to know how the program in delphi ( i mean knowing paradigms that delphi programmers are using in their programs) ?
 #15774  by EP_X0FF
 Fri Sep 28, 2012 5:33 am
No big difference. Load proper FLIRT signature to IDA and thats all. Even if it compiled by Delphi, most Delphi malware not written on OOP. They use KOL to remove most object oriented code for output file size reduction and better morphing.
 #15782  by hanan
 Fri Sep 28, 2012 12:44 pm
One thing though i learned today is that most delphi programs use TLS for internal reasons probably not for malicious purposes, so one probably shouldn't waste time on the TLS of a delphi malware.