If you examine the executable with a resource viewer like ResourceHacker or XnResourceEditor, you'll usually see a DVCLAL item in the RCDATA section, as well as all the forms' DFM resources. Though I guess it could still have been built using C++Builder. There's a plugin for UniversalViewer (also works for TotalCommander) which shows what compiler was most likely used. It's not always right, but often enough.
Look for the green checkmarks on the OK buttons ;) (You think I'm kidding? On a recent trip in eastern Europe I kept spotting these in point-of-sale apps everywhere: supermarkets, mobile phone companies, etc.)
David Millington in the same line of though: the hand cursor different from Windows' one! :) But I don't know if it is still the case on XE versions...
Nicholas Ring It's called PEViewer: http://www.totalcmd.net/plugring/peviewer.html In the latest version, you have to right-click anywhere in the plugin, and select 'Determine Compiler'.
BTW, I just tested it; and a Delphi XE5 Win32 executable was said to be Delphi 3, whereas the Win64 executable was reported as 'Armadillo v4.x'... :-\
Hi I just download the "Detect it Easy",I found that outside the stuff folder, there's 2 exe files, die.exe, diel.exe. They seems are malware because they try to modify the internet security setting registry. However, INSIDE stuff folder, there also has die.exe diel.exe, but these two are OK. So suggest you delete those suspicious executable. BTW, its function is good, detect well more than others.
Mick Grove I did download it from the link you gave. you can try to download it again. you will find what i told above. Not the antivirus problem, but after i monitor its running behavior, found it want to modify the security registries. Also, I don't get why there comes 2 exe files (not shortcuts) outside the folder named just the same as stuff folder. Any way, I delete 2, and launch those 2 inside stuff, works fine. Just for your reference and thanks for your introducing such more powerful tool than PEID i used before. BTW, it may not author's problem. It may package be modified by others....
If you examine the executable with a resource viewer like ResourceHacker or XnResourceEditor, you'll usually see a DVCLAL item in the RCDATA section, as well as all the forms' DFM resources. Though I guess it could still have been built using C++Builder.
ReplyDeleteThere's a plugin for UniversalViewer (also works for TotalCommander) which shows what compiler was most likely used. It's not always right, but often enough.
Look for the green checkmarks on the OK buttons ;) (You think I'm kidding? On a recent trip in eastern Europe I kept spotting these in point-of-sale apps everywhere: supermarkets, mobile phone companies, etc.)
ReplyDeleteDavid Millington in the same line of though: the hand cursor different from Windows' one! :) But I don't know if it is still the case on XE versions...
ReplyDeleteSébastien Paradis No, it uses the normal Windows one now - much like most buttons don't use green check marks (or the red cross, or the door exit.) Unlike the buttons, which I actually kindof miss, I'm glad they updated the mouse cursor - I wasn't a fan.
ReplyDeleteLook in a hex editor for the work "TAppBuilder"
ReplyDeleteYou can tell by the programmer being at least in his 40s ;)
ReplyDeleteOliver Funcke Hey! I'm just 38! ;-)
ReplyDeleteOliver Funcke not the developer (28 myself) the overall look of the app is like win95 usually though
ReplyDeleteJust have a look on the size of the executable. If its big, its Delphi :P
ReplyDeleteHave you see this website?
ReplyDeletehttp://delphi.wikia.co/wiki/Determine_Delphi_Application
Oliver Funcke I'm 30, and still in denial about that. Not quite yet 40 ;)
ReplyDeleteAnd if the program is a little expensive it's just a poor Delphi programmer trying to upgrade to XE? or pay for annual support LOL
ReplyDeleteMartijn Coppoolse Do you recall the name of the Universal Viewer/Total Commander plugin?
ReplyDeleteNicholas Ring It's called PEViewer:
ReplyDeletehttp://www.totalcmd.net/plugring/peviewer.html
In the latest version, you have to right-click anywhere in the plugin, and select 'Determine Compiler'.
BTW, I just tested it; and a Delphi XE5 Win32 executable was said to be Delphi 3, whereas the Win64 executable was reported as 'Armadillo v4.x'... :-\
Martijn Coppoolse Thanks
ReplyDeleteNick Hodges - I tried looking for TAppBuilder and no luck. :-(
ReplyDeleteThen it isn't built with Delphi.
ReplyDeleteI can confirm it was built with Delphi... I checked an application I'm building with XE4 and there is no TAppBuilder in the exe file.
ReplyDeleteMick Grove Detect it Easy worked fine. Thank you!
ReplyDeleteNick Hodges Isn't TAppBuilder the IDE's main window?
ReplyDeleteNot mentioning DeDe and IDR? I think some kind of spying, e.g. winspy, wincheat, and look at the window class should be easier...
ReplyDeleteHi I just download the "Detect it Easy",I found that outside the stuff folder, there's 2 exe files, die.exe, diel.exe. They seems are malware because they try to modify the internet security setting registry. However, INSIDE stuff folder, there also has die.exe diel.exe, but these two are OK. So suggest you delete those suspicious executable. BTW, its function is good, detect well more than others.
ReplyDeleteMick Grove I did download it from the link you gave. you can try to download it again. you will find what i told above. Not the antivirus problem, but after i monitor its running behavior, found it want to modify the security registries. Also, I don't get why there comes 2 exe files (not shortcuts) outside the folder named just the same as stuff folder. Any way, I delete 2, and launch those 2 inside stuff, works fine. Just for your reference and thanks for your introducing such more powerful tool than PEID i used before. BTW, it may not author's problem. It may package be modified by others....
ReplyDeleteMartijn Coppoolse The Packageinfo resource lets you know whether Delphi or C++ Builder was used.
ReplyDelete