how to compare delphi exe
Question
I am having the two delphi generated exe of same project. One exe is generated long time ago and the second exe is generated recentaly using the current source code. Now there is difference in size between these two exe. Is there any way to find out why the size is different and to find way if any new functionality added to new exe by mistake. As exe is in binary. can we convert into any readable format? Or any other tips/comments? Thanks for help.
Note: I dont have the source code from which 1st exe is generated. So cant compare the source code. :(
2 answers
solution1
2 2012-08-07 00:03:02
There are tools out there that will disassemble a native Intel x86 or x64 executable and spit out text assembler instructions, but since very little text from the original source code is preserved when compiling to native code, this disassembler produced text will most likely be machine generated alphabet soup. Mechanically correct but humanly gibberish.
You could try disassembling both the new and the old exe to asm text, then using a text diff tool to compare the differences between the asm texts. This will help reduce the diff tool noise of a small change creating a huge diff log because the small change causes all the global offsets to change after it. The disassembled asm text should have fewer global offset dependencies.
The hard truth is, if you don't have a person who understands Intel asm instructions and the Delphi compiler code gen patterns, even this disassembly step is not likely to produce much useful information to help you understand why the two exes are different sizes. In a non-trivial app of, say, 500k in exe size, a 10k difference could be caused by compiling with different compiler options, such as with stack frames vs remove stack frames, or compiled in debug mode vs non-debug mode.
Even adding a reference in the new exe to Writeln() could account for most of that 10k - the text IO routines in the RTL are smart-linked out of your exe unless something uses it, and touching Writeln touches a whole forest of support routines inside the RTL. If the old exe didn't use Writeln but the new exe does, the new exe will be carrying the Writeln support routines which I vaguely recall weigh in at "more than a few K".
solution2
1 ACCPTED 2012-08-07 10:28:46
You can use turbodiff from http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=turbodiff to see the differences between two executables. Of course you will also need the freeware version of IDA 5.0 , you can download that from http://www.hex-rays.com/products/ida/support/download_freeware.shtml
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.