need help

delphi package - full disassembler

need help

Postby red » Fri Dec 09, 2005 6:28 pm

Hi all =)
I open file:
Code: Select all
FM:=CreateFileMapping(fh, nil, PAGE_READONLY, 0, 0, nil);
FP:=MapViewOfFile(fm, FILE_MAP_READ, 0, 0, 0);

but address in disAsm code:
Code: Select all
8371b200   call    dword ptr [$402058]
8371b206   cmp     eax, 1
8371b209   jz      +$36 ($8371b241)
8371b20b   push    0
8371b20d   call    +5 ($8371b217)
8371b212   push    esp
8371b213   jnb     +$74 ($8371b28a)

how do I get norm address?
how I must open file?
And last...
That about
Please note that madDisAsm can list the Delphi internal function names only if the madMapFile unit is part of the project. Without that madDisAsm can only show the names of exported functions.

I load map file, but nothing changes =\
What I do wrong?
P.S. sorry for my English =)
Posts: 2
Joined: Fri Dec 09, 2005 6:22 pm

Postby Chromix » Fri Dec 09, 2005 8:50 pm

It seems you've memory mapped a small exe file.
Exe files are usually mapped at 0x400000 or 0x500000.
Addresses in exe files, like the API call in the first line, won't get relocated when you map them to a different location.
Posts: 35
Joined: Fri Aug 12, 2005 5:58 pm

Postby red » Sat Dec 10, 2005 5:21 pm

It seems you've memory mapped a small exe file

But if I want to open small file (writen in assembler) ?
how I must open file? please tell me =)
Posts: 2
Joined: Fri Dec 09, 2005 6:22 pm

Postby madshi » Mon Dec 12, 2005 11:11 am

Use LoadLibraryEx with DONT_RESOLVE_DLL_REFERENCES, if you want to get a proper disassembling. madDisAsm is meant to work on properly relocated code only.
Site Admin
Posts: 9265
Joined: Sun Mar 21, 2004 5:25 pm

Return to madDisAsm

Who is online

Users browsing this forum: No registered users and 1 guest