need help

delphi package - full disassembler

need help

Postby red » Fri Dec 09, 2005 6:28 pm

Hi all =)
I open file:
Code: Select all
FH:=CreateFile(PChar(strFileName), GENERIC_READ, FILE_SHARE_READ,nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
FM:=CreateFileMapping(fh, nil, PAGE_READONLY, 0, 0, nil);
FP:=MapViewOfFile(fm, FILE_MAP_READ, 0, 0, 0);

but address in disAsm code:
Code: Select all
8371b200   call    dword ptr [$402058]
8371b206   cmp     eax, 1
8371b209   jz      +$36 ($8371b241)
8371b20b   push    0
8371b20d   call    +5 ($8371b217)
8371b212   push    esp
8371b213   jnb     +$74 ($8371b28a)

how do I get norm address?
how I must open file?
And last...
That about
Please note that madDisAsm can list the Delphi internal function names only if the madMapFile unit is part of the project. Without that madDisAsm can only show the names of exported functions.

I load map file, but nothing changes =\
What I do wrong?
P.S. sorry for my English =)
red
 
Posts: 2
Joined: Fri Dec 09, 2005 6:22 pm

Postby Chromix » Fri Dec 09, 2005 8:50 pm

It seems you've memory mapped a small exe file.
Exe files are usually mapped at 0x400000 or 0x500000.
Addresses in exe files, like the API call in the first line, won't get relocated when you map them to a different location.
Chromix
 
Posts: 35
Joined: Fri Aug 12, 2005 5:58 pm

Postby red » Sat Dec 10, 2005 5:21 pm

It seems you've memory mapped a small exe file

:sceptic:
But if I want to open small file (writen in assembler) ?
how I must open file? please tell me =)
red
 
Posts: 2
Joined: Fri Dec 09, 2005 6:22 pm

Postby madshi » Mon Dec 12, 2005 11:11 am

Use LoadLibraryEx with DONT_RESOLVE_DLL_REFERENCES, if you want to get a proper disassembling. madDisAsm is meant to work on properly relocated code only.
madshi
Site Admin
 
Posts: 9431
Joined: Sun Mar 21, 2004 5:25 pm


Return to madDisAsm

Who is online

Users browsing this forum: No registered users and 1 guest

cron