I have an app written in Delphi, every time it runs, trys to execute a UDP broadcast to a system outside the local network on a suspicious port.
The program was written for looking up parts in a local database, and is distributed free to businesses whom purchase from that distributor.
It was just after it triggered activity thru my firewall that I took an interest in what this app may be doing.
The app doesn't have any fancy tricks, (example: expiration was keyed to file date/time, admin password dialog text was hardcoded, etc...)
I'm wondering what functions the delphi app could use to communicate out, so as to breakpoint on them and trace what this app might be up to?
The import section looks pretty standard and I did not see what functions may be used for network communication.
Code:
kernel32.dll user32.dll
advapi32.dll oleaut32.dll
version.dll gdi32.dll
ole32.dll comctl32.dll
winspool.drv shell32.dll
comdlg32.dll ACE32.DLL
(ACE32 is for database access)
I expected to find wininet.dll imported, or maybe it using some function in Shell32.dll.
There are no other DLL's, or executables used by this app.
Referenced text strings had nothing of interest as the address it talks to is hardcoded. (224.0.1.55 on Port 2989)
Nothing in the registry regarding that address or port.
Googling got me some technical info, example code, etc, but nothing short and to the point of explanation on UDP broadcast communication in delphi.
-bg