Results 1 to 6 of 6

Thread: IDAPro problem??

  1. #1
    MTB
    Guest

    Question IDAPro problem??

    The target is Co__V, a ray trace program used in optics, protected by an Activator dongle.

    IDA version 4.04 seems to have problems dissassebling it, however W32dasm 8.93 seems to be working ok. First section of both dissassemblies are posted below.

    First can I get IDA to work on this code?

    Second why didn't IDA pick a sigature file for it?

    I probably can crack it using W32dasm, but really would prefer to use IDA since it does a significantly better job.

    Thanks
    MTB

    --------------------------------------------------------------------------
    IDA posted below

    5F401000 ; Format : Portable executable for IBM PC (PE)
    5F401000 ; Section 1. (virtual address 00001000)
    5F401000 ; Virtual size : 0009628B ( 615051.)
    5F401000 ; Section size in file : 00096400 ( 615424.)
    5F401000 ; Offset to raw data for section: 00000600
    5F401000 ; Flags 60000020: Text Executable Readable
    5F401000 ; Alignment : 16 bytes ?
    5F401000 ; Exported entry 3030.
    5F401000
    5F401000 model flat
    5F401000
    5F401000 ; ---------------------------------------------------------------------------
    5F401000
    5F401000 ; Segment type: Pure code
    5F401000 _text segment para public 'CODE' use32
    5F401000 assume cs:_text
    5F401000 ;org 5F401000h
    5F401000 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
    5F401000
    5F401000 ; S U B R O U T I N E
    5F401000
    5F401000
    5F401000 public MFC42_3030
    5F401000 MFC42_3030 proc near ; CODE XREF: MFC42_1168+Ap
    5F401000 ; MFC42_1169+11p ...
    5F401000
    5F401000 arg_0 = dword ptr 0Ch
    5F401000
    5F401000 push esi
    5F401001 push edi
    5F401002 mov edi, ecx
    5F401004 cmp dword ptr [edi], 0
    5F401007 jz short loc_5F401032
    5F401009
    5F401009 loc_5F401009: ; CODE XREF: MFC42_3030+43j
    5F401009 mov eax, dword_5F4CB000


    --------------------------------------------------

    W32dasm below

    :00401000 CC int 03
    :00401001 CC int 03
    :00401002 CC int 03
    :00401003 CC int 03
    :00401004 CC int 03
    :00401005 E90F030000 jmp 00401319

    * Referenced by a CALL at Address:
    |:009A34A5
    |
    :0040100A E9BA020000 jmp 004012C9

    * Referenced by a CALL at Address:
    |:009A3719
    |
    :0040100F E997020000 jmp 004012AB

    * Referenced by a CALL at Address:
    |:0040128B
    |
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    DakienDX
    Guest
    Hello MTB !

    The code IDA has disassembled is a disassembly of MFC42.DLL, starting at the beginning of the code section.

    I suppose that the W32Dasm listing is the start of the program you want to disassemble.

    I don't know what the problem is, but I think IDA has been somehow set to disassemble all used DLLs. (even I don't know if that option exists)

    I've just tried IDA 4.04 and IDA 4.1 on eight files using MFC42.DLL and could not reproduce the error.

    What platform (DOS, Win32 Console, Win32 GUI) and version of IDA are you using?

    Is it possible to upload the .EXE and the needed .DLLs somewhere? (if needed)

    BTW.: If this threat leads to an "Anti-IDA-Tricks" post, we should discontinue it very soon.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    MTB
    Guest
    Hi DakienDX
    First of all thanks for helping me with this problem.

    IDA 4.04 running under windows 98SE

    I have a high speed modem on this end, so I can upload the entire program if you want to some local ftp or other site. The other option, would be to zip the installation disk, then using RAR, break it down to 1.4 Mb size pieces and email it to you.

    I also could burn you a copy of the CD and snail mail it someplace.

    Your call.

    Thanks again
    MTB
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    DakienDX
    Guest
    Hello MTB !

    I think burning the program on a CD is a bad idea.

    Even if it has 650 MB, it would be easier to download.

    How big is the program?

    I think uploading would be a good suggestion. Please email me the link, since too many downloads may kick the program before anybody has it completely downloaded.
    If you plan to upload it on a FTP, please email me also the username and password.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    MTB
    Guest
    DakienDX
    Zipped the CD up 45Mb's. Do you have an FTP site, or know of one we can use?
    MTB
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    DakienDX
    Guest
    Hello MTB !

    Since the problem how to get the files from you to me isn't of public interest, I won't reply on this topic any more.

    Please email me your email address and we will communicate by that way.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Generic IDAPro/ASM questions...
    By midnitrcr in forum The Newbie Forum
    Replies: 6
    Last Post: March 15th, 2005, 14:28
  2. Thanks +Tsehp, problem solve Isp problem :)
    By esther in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: October 28th, 2000, 07:29

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •