Results 1 to 6 of 6

Thread: a wrong disassembly?

  1. #1
    dion
    Guest

    a wrong disassembly?

    i'm confused who is wrong, is it wrong disassembly or ida. i'm seeing lot of db 66h occurances. examples:

    push ebx
    mov ax, 30h
    db 66h
    mov ds, ax
    assume ds:nothing
    mov eax, [ebp+arg_C]

    mov ax, 30h
    db 66h
    mov ds, ax
    assume es:nothing
    db 66h
    mov es, ax
    db 66h
    mov fs, ax
    db 66h
    mov gs, ax

    but strangely, i dont see this db 66h in hiew. anyone knows who is wrong? if ida is wrong, then how to fix it?
    thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Midfielder comrade's Avatar
    Join Date
    Jun 2006
    Location
    United States
    Posts
    46
    Perhaps IDA is dissassembling in 16-bit mode when the code is 32-bit?
    comrade (comrade64@live.com; http://comrade.ownz.com/)

  3. #3
    username
    Guest

    Re: a wrong disassembly?

    Originally posted by dion
    but strangely, i dont see this db 66h in hiew. anyone knows who is wrong? if ida is wrong, then how to fix it?
    thanks
    Neither is wrong, the difference in the disassembly is the result of the treatment of the Operand Size override between HIEW/IDA, they both represent the same code (byte sequence).
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    dion
    Guest
    thanks username.
    accidentally, i read a source code file in 98ddk pack, a file named drv2.c, which is have strange and have same 66h value. the listing is:

    _asm
    {
    _emit 66h _asm push si ; push esi
    _emit 66h _asm push di ; push edi
    _emit 66h _asm mov ax,word ptr function ;eax = function
    _emit 66h _asm mov bx,word ptr dev ;ebx = device
    _emit 66h _asm mov cx,word ptr buffer_size ;ecx = buffer_size
    _emit 66h _asm mov dx,word ptr flags ;edx = flags
    _emit 66h _asm xor di,di ; HIWORD(edi)=0
    les di,buffer
    mov si,es ;si=es
    call dword ptr VDDEntryPoint ;call the VDD's PM API
    cmp ax,word ptr function
    je fail
    _emit 66h _asm mov word ptr result,ax
    fail: _emit 66h _asm pop di ; pop edi
    _emit 66h _asm pop si ; pop esi
    }

    mmm... what u mean with operand size override, username? then do u know how to fix it in ida?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    username
    Guest
    Originally posted by dion
    mmm... what u mean with operand size override, username?
    First of all, you should download the Intel manuals from http://developer.intel.com/design/pentium4/manuals/ and then read at least chapter 3 (more precisely 3.6) in the first volume.
    then do u know how to fix it in ida?
    What do you want to 'fix'? IDA behaves correctly as well as i indicated already. If you want to change the visual representation of such instructions then you can turn on PC_ANALYSE_NOPREF in your ida.cfg (or better, idauser.cfg), but this works only for IDA 4.16 and up.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    dion
    Guest
    wee... thanks username
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. what's wrong with my HIEW32?
    By oep in forum The Newbie Forum
    Replies: 10
    Last Post: May 23rd, 2005, 06:10
  2. What's wrong with my i5comp?
    By crazysjf in forum The Newbie Forum
    Replies: 3
    Last Post: May 1st, 2005, 06:33
  3. What am I doing wrong? Concerning Run trace.
    By Mind in forum OllyDbg Support Forums
    Replies: 4
    Last Post: March 12th, 2005, 11:56
  4. OK - What am I doing wrong (CMDLINE)
    By bboitano in forum OllyDbg Support Forums
    Replies: 2
    Last Post: November 5th, 2003, 02:47
  5. Snatch you'r wrong
    By lurkerone in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: January 23rd, 2001, 02:32

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •