Results 1 to 2 of 2

Thread: IDA and Dede dissassembly differences

  1. #1

    IDA and Dede dissassembly differences

    Hiho,
    I'm looking at disassembly listings for a particular event in a Delphi form. Dede shows a list of opcodes whereas IDA shows some double words.

    I'm a little confused by this, sure I can highlight the double words in IDA and convert them to code which matches that as shown in Dede.
    Now, IDA shows that the first double words is accessed by a subroutine, which makes me think it has handled the dissasembly correctly.

    Whereas Dede shows instructions like these :
    006231AE 86913D10D411 xchg [ecx+$11D4103D], dl
    006231B4 867C0090 xchg [eax+eax-$70], bh
    006231B8 27 daa
    006231B9 4E dec esi
    006231BA 319412BA3A68D5 xor [edx+edx+$D5683ABA], edx

    In my limited experience of assembler, I'd say these don't make any sense(I've just picked a few of the more weird looking ones).
    What do you guys think?

    My idea was to add comments in the IDA listing to the RVAs which Dede has identified as events. As it stands it doesn't look like this is fool proof, perhaps I can at least comment a few events to help my improve my chances of understanding what is going on at some level.
    Is this approach something you would do for a medium-sized app?

    Thanks for any help.
    5Alive.

  2. #2
    Hmmm, spent a little more time thinking about this and thought that I should attach to the program using OllyDbg and dissassemble at the adresses of interest. Lo and behold, the dump matches that of Dede.

    I expect the two match as they are both dumped at runtime, whereas IDA does it "cold". Problem solved I think.
    5Alive.

Similar Threads

  1. what are differences between a packer and a crypter?????
    By kbt0000 in forum The Newbie Forum
    Replies: 5
    Last Post: March 28th, 2012, 00:46
  2. Dede source code available now
    By Lbolt99 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 6
    Last Post: August 12th, 2002, 23:39
  3. Dede probs with directdraw graphical stuff
    By Lbolt99 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: July 25th, 2002, 20:10
  4. Delphi without Dede?
    By Scally in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: July 18th, 2001, 19:38

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •