Tuesday, 21 August 2007

Disassembling number 7

Well, disassembling doesn't scare me as much as it did. Which is obviously a good thing. I used the free version of IDA, and it looked like I could get some good stuff out of it (bit tired tonight though). The only thing is that it won't look at the dos executable (i.e. the original), because it's only a demo (the full versioin will hack into any executable you care to throw it at, by all accounts). Thankfully there is a windows executable (available from the links on the left), but I can't help feeling that I should be using the DOS one. I imagine it to be simpler, but maybe I'm making that up.

5 comments:

Unknown said...

Hi, the VDX RE-er here ... ;-)

Which version of IDA are you using exactly? My copy of "IDA Pro Freeware Version 4.3" happily disassembles the DOS-based .exe.

Personally, I found the DOS program easier to analyze -- much less distracting code.

Unknown said...

Hmmm... using the one I downloaded off the website, let me check. It seems it's version 5.1: they must have brought that restriction in recently. I'll have to see if I can grab a copy of 4.3 from somewhere.
One comment on #scummvm said I'd be better off using the Windows .exe, but either way it would be better to have the choice of both!

Unknown said...

Well, the choice of the .exe surely depends on personal taste. Anyway, some IDA 4.3 downloads on the web actually contain the DOS version, whichis powerful as well, but a bit wasteful in terms of today's screen real estate. This http://www.programmersheaven.com/download/37637/download.aspx should be the Windows version.

Unknown said...

Double bonus, not only does 4.3 load the DOS exe, but it also doesn't crash under wine like 5.1 did!

Unknown said...

Good to hear! Happy disassembling then.