PDA

View Full Version : shell and reverse problem, HELP please!


tudou
July 7th, 2001, 16:26
Guys,

WinAce has a ASpack2.0 (or higher?) shell. The compressed winace.exe is 250K or so. I used ProcDump to get is out of the shell sucessfully. The new exe file is about 2.5M, and it runs normally. But when I tried to use W32DSM to reverse the 2.5M exe, I could't find any useful ASM code. It seems that the reverse procedures terminates at the "entry point". What's happening?

Any response is appreciated!

CoDe_InSiDe
July 7th, 2001, 17:17
Hi Tudou,

You can try to change the Characteristics of the first Section to E0000040 (In file 400000E0 ), because W32Dasm has some troubles with that ;D
Hope this helps.

Cya...

CoDe_InSiDe

tudou
July 7th, 2001, 18:32
Thanks, CoDe_InSiDe,

could you please show me more detail how to do this using ExeScope or other PE editor? I am a newbies in a PE architecture file.

By the way, I checked the 2.5M exe with FileInfo. It is found that it is made from DELPHI. So, if it IS from DELPHI, can it be reversed by W32DSM? In other words, can W32DSM reverse any exe file regardless what kind of language was used to make the exe?

Thanks!

tudou


Quote:
CoDe_InSiDe (07-07-2001 15:17):
Hi Tudou,

You can try to change the Characteristics of the first Section to E0000040 (In file 400000E0 ), because W32Dasm has some troubles with that ;D
Hope this helps.

Cya...

CoDe_InSiDe

qferret
July 7th, 2001, 20:52
you can do that in procdump:

click the PE Editor button -> load the file -> click the sections button -> highlight the section name -> right click on it -> make changes

qferret
July 7th, 2001, 20:55
Delphi hehe...explains the 2.5 MB....

W32Dasm can disassemble it, but it will probably be worthless.....it doesn't like Delphi string refs, Delphi doesn't use the usual API's, & it's bloated as hell & hard to trace with a deadlisting.

Try DeDe....;-)

CoDe_InSiDe
July 8th, 2001, 00:30
Hi qferret,

Hehe, i don't need to say anything anymore

Cya...

CoDe_InSiDe

tudou
July 8th, 2001, 02:07
Thanks, guys!