IDA stopped working
Shachar Shemesh
wine-devel at sun.consumer.org.il
Fri Aug 23 00:29:36 CDT 2002
Ok, found the problem.
Upon loading some other application, I get the error from WINE:
Standard load address for a Win32 program (0x00400000) not available -
security-patched kernel ?
Trying to run IDA with a kernel without grsecurity indeed works.
Can anyone explain why the security patches block the 00400000 address
from being used?
Shachar
Shachar Shemesh wrote:
> Hi all,
>
> somewhere back (havn't checked when, yet), some change in WINE made
> IDA (The Interactive Disassembler) stop working. I am talking about
> the bought version, have not checked the free one.
>
> Initial analysis (using IDA) suggest some heavy anti-disassembler
> techniques were used in this executable. One thing that is immediatly
> visible, however, is that the base address (as well as the address IDA
> is loading under windows) is different than the on in WINE.
>
> Wine:
> Execution starts at 0x006fb000
> Windows, as well as static base address:
> Execution starts at 0x00599000
>
> I believe this may be a hint, together with the fact it is employing
> some wierd arithmetics on the PC to stop static analysis using tools
> such as IDA ;-).
>
> Before I go through the tiring process of CVSing back and finding the
> patch that killed it, anyone happens to know who's using 00599000 and
> causing the conflict? Is there any simple way to check this?
>
> Shachar
>
>
>
More information about the wine-devel
mailing list