View Single Post
  #1  
Old 06-25-2005, 22:50
bgrimm bgrimm is offline
Friend
 
Join Date: Jan 2004
Location: South of The North Pole
Posts: 66
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 3 Times in 3 Posts
bgrimm Reputation: 0
Delphi App network activity

I have an app written in Delphi, every time it runs, trys to execute a UDP broadcast to a system outside the local network on a suspicious port.

The program was written for looking up parts in a local database, and is distributed free to businesses whom purchase from that distributor.
It was just after it triggered activity thru my firewall that I took an interest in what this app may be doing.

The app doesn't have any fancy tricks, (example: expiration was keyed to file date/time, admin password dialog text was hardcoded, etc...)

I'm wondering what functions the delphi app could use to communicate out, so as to breakpoint on them and trace what this app might be up to?

The import section looks pretty standard and I did not see what functions may be used for network communication.
Code:
kernel32.dll     user32.dll	
advapi32.dll     oleaut32.dll	
version.dll      gdi32.dll
ole32.dll        comctl32.dll
winspool.drv     shell32.dll
comdlg32.dll     ACE32.DLL
(ACE32 is for database access)
I expected to find wininet.dll imported, or maybe it using some function in Shell32.dll.
There are no other DLL's, or executables used by this app.

Referenced text strings had nothing of interest as the address it talks to is hardcoded. (224.0.1.55 on Port 2989)

Nothing in the registry regarding that address or port.

Googling got me some technical info, example code, etc, but nothing short and to the point of explanation on UDP broadcast communication in delphi.

-bg
Reply With Quote