Results 1 to 15 of 17

Thread: Weird DLL disassembly output in IDA.

Threaded View

  1. #1

    Weird DLL disassembly output in IDA.

    I've got a DLL I'd like to take a look at.

    When I load it into IDA it applies the SEH for VC7/8 FLIRT signature.

    Looking at the segmentation window I see the following:

    .idata 00401000
    .text 00401190
    .data 00416000

    Thats doesn't seem right to me, the IAT begins were the code section normally begins (00401000). The .idata section is handled as code instead of data, and the code section has blocks of data double words in it.

    Viewing the Functions window in IDA shows a lot of unidentified sub_xxxxxx functions which is to be expected but no recognised library functions are shown like strcpy and strlen and so on. I'm assuming this must be because a suitable FLIRT signature hasn't been applied automatically?

    Loading the DLL into stud_PE and other similar tools can't detect the type of compiler used.

    Can anyone tell me what steps I need to take to make IDA produce a more intelligible disassembly please?

    LordPE shows that DLL has a Security Directory is registered in the PE header. I'm not sure if that is significant or not. I thought I would mention it just in case.


    Thanks for any help.

    Regards,
    5aLIVE.
    Last edited by 5aLIVE; October 27th, 2009 at 15:06.

Similar Threads

  1. Windbg dt output converter
    By ZaiRoN in forum Blogs Forum
    Replies: 5
    Last Post: January 2nd, 2008, 11:29
  2. Decompiler output ctree
    By Hex Blog in forum Blogs Forum
    Replies: 0
    Last Post: November 28th, 2007, 06:31
  3. Blank output for disassemblers and debuggers
    By Foreigner in forum The Newbie Forum
    Replies: 2
    Last Post: June 17th, 2006, 18:42
  4. asm output
    By int0x3 in forum OllyDbg Support Forums
    Replies: 1
    Last Post: August 10th, 2005, 10:22
  5. weird output of JAD Java decompiler
    By Solomon in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: April 8th, 2003, 00:21

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •