IDA stopped working
Shachar Shemesh
wine-devel at sun.consumer.org.il
Thu Aug 22 15:12:21 CDT 2002
Hi all,
somewhere back (havn't checked when, yet), some change in WINE made IDA
(The Interactive Disassembler) stop working. I am talking about the
bought version, have not checked the free one.
Initial analysis (using IDA) suggest some heavy anti-disassembler
techniques were used in this executable. One thing that is immediatly
visible, however, is that the base address (as well as the address IDA
is loading under windows) is different than the on in WINE.
Wine:
Execution starts at 0x006fb000
Windows, as well as static base address:
Execution starts at 0x00599000
I believe this may be a hint, together with the fact it is employing
some wierd arithmetics on the PC to stop static analysis using tools
such as IDA ;-).
Before I go through the tiring process of CVSing back and finding the
patch that killed it, anyone happens to know who's using 00599000 and
causing the conflict? Is there any simple way to check this?
Shachar
More information about the wine-devel
mailing list