SPLIT THREAD

way off topic

hey k cant find the rom file isn't it there are trillions of datasheets in Google but not a bin file for nec v40 isnt it ?

anyway i ended up downloading roms and bins of bbc / microbee / atari / zilog / z80 /and whatnot due to this thread

btw way more offtopic but on ida

i thought let me try ida (nothing fancy the free 5.0 one ) on a driver which seemed to crash on me so i could learn a trick or two
but i cant seem to fathom the mighty yeti can you see the pic below and tell me how to make it legible
no i can understand the opcodes/ mnemonic crap i want ida to tell me hey b
this is driver_object
now ebx takes the Driver_Object->MajorFunction[IRP_MJ_DEVICE_CONTROL] and shoots it down to
KiIntrap01 and plays hell with interrupt 1 single stepping on its own kind of thing
not stare back at me with mov ebx,[eax+70]

Name:  idarename.JPG
Views: 6368
Size:  77.9 KB

and the crashing Handler

Code:
.text:00010A5C ; ---------------------------------------------------------------------------
.text:00010A5C
.text:00010A5C loc_10A5C:                              ; DATA XREF: start-91Fo
.text:00010A5C                 mov     edi, edi
.text:00010A5E                 push    ebp
.text:00010A5F                 mov     ebp, esp
.text:00010A61                 push    ebx
.text:00010A62                 push    esi
.text:00010A63                 push    edi
.text:00010A64                 xor     esi, esi
.text:00010A66                 xor     eax, eax
.text:00010A68                 push    edx
.text:00010A69                 sidt    fword ptr [esp-2]
.text:00010A6E                 pop     edx
.text:00010A6F                 add     edx, 0Ch        ; kiIntTrap01 ?
.text:00010A72                 mov     ebx, [edx]
.text:00010A74                 mov     bx, [edx-4]
.text:00010A78                 mov     ebx, dword_10EB0
.text:00010A7E                 cmp     ebx, 0
.text:00010A81                 jnz     short loc_10A8E
.text:00010A83                 mov     bx, [edx+2]
.text:00010A87                 ror     ebx, 10h
.text:00010A8A                 mov     bx, [edx-4]
.text:00010A8E
.text:00010A8E loc_10A8E:                              ; CODE XREF: .text:00010A81j
.text:00010A8E                 mov     dword_10EB0, ebx
.text:00010A94                 mov     edi, offset word_109AA
.text:00010A99                 mov     [edx-4], di
.text:00010A9D                 ror     edi, 10h
.text:00010AA0                 mov     [edx+2], di     ; seems to crash here ?
.text:00010AA4                 mov     ecx, [ebp+0Ch]
.text:00010AA7                 mov     edi, [ecx+60h]
.text:00010AAA                 mov     edx, [edi+0Ch]
.text:00010AAD                 cmp     edx, 0C07FE000h ; ioctlcode
.text:00010AB3                 jz      loc_10C8D
.text:00010AB9                 cmp     edx, 0C07FE004h 
                                                              ; CALL    NEAR DWORD PTR DS:[EAX]          ; getproc(Devictl)
.text:00010AB9                                         ; PUSH    0                                ; ioOverLapped
.text:00010AB9                                         ; MOV     DWORD PTR SS:[EBP+354], 0
.text:00010AB9                                         ; MOV     EBX, EBP
.text:00010AB9                                         ; ADD     EBX, 354
.text:00010AB9                                         ; PUSH    EBX                              ; LpBytesRet
.text:00010AB9                                         ; PUSH    4                                ; OutBuffSize
.text:00010AB9                                         ; MOV     EBX, EBP
.text:00010AB9                                         ; ADD     EBX, 348
.text:00010AB9                                         ; PUSH    EBX                              ; OutBuff
.text:00010AB9                                         ; PUSH    20                               ; InBuffSize
.text:00010AB9                                         ; MOV     EBX, EBP
.text:00010AB9                                         ; ADD     EBX, 9E4
.text:00010AB9                                         ; PUSH    EBX                              ; inBuff
.text:00010AB9                                         ; MOV     EBX, C07FE000
.text:00010AB9                                         ; PUSH    EBX                              ; ioCtlCode
.text:00010AB9                                         ; PUSH    DWORD PTR SS:[EBP+A08]           ; hdevice
.text:00010AB9                                         ; CALL    NEAR EAX                         ; devictl()
.text:00010AB9                                         ;
.text:00010AB9                                         ;
.text:00010ABF                 jz      loc_10C2C
.text:00010AC5                 cmp     edx, 0C07FE018h
.text:00010ACB                 jz      loc_10BC2
.text:00010AD1                 cmp     edx, 0C07FE020h
.text:00010AD7                 jz      loc_10B5F
.text:00010ADD                 cmp     edx, 0C07FE024h
.text:00010AE3                 jz      short loc_10AEF
.text:00010AE5                 mov     esi, 0C000000Dh
.text:00010AEA                 jmp     loc_10D10
.text:00010AEF ; ---------------------------------------------------------------------------
.text:00010AEF
.text:00010AEF loc_10AEF:                              ; CODE XREF: .text:00010AE3j