Exploiting Delphi/Object Pascal presented at HackLu 2009

by Ilja van Sprundel,

Summary : this presentation is about exploiting applications written in the delphi language. the whole research behind it just started out as a fun little project, since I wanted to know what was possible and what wasn't. I did some googling around, but couldn't really find any decent answer anywhere, so I ended up investigating myself. I'll present a comparison with the c(and some c++) programming languages, show how it's vulnerable to overflows (stack, heap) give examples, show some interesting language issues (int rules, corner cases in api usage, ...) say a thing or two about code auditing of delphi code, and cover some possible mitigations in the delphi compiler.