need help

delphi package - full disassembler
Post Reply
red
Posts: 2
Joined: Fri Dec 09, 2005 6:22 pm

need help

Post by red »

Hi all =)
I open file:

Code: Select all

FH:=CreateFile(PChar(strFileName), GENERIC_READ, FILE_SHARE_READ,nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
FM:=CreateFileMapping(fh, nil, PAGE_READONLY, 0, 0, nil);
FP:=MapViewOfFile(fm, FILE_MAP_READ, 0, 0, 0);
but address in disAsm code:

Code: Select all

8371b200   call    dword ptr [$402058]
8371b206   cmp     eax, 1
8371b209   jz      +$36 ($8371b241)
8371b20b   push    0
8371b20d   call    +5 ($8371b217)
8371b212   push    esp
8371b213   jnb     +$74 ($8371b28a)
how do I get norm address?
how I must open file?
And last...
That about
Please note that madDisAsm can list the Delphi internal function names only if the madMapFile unit is part of the project. Without that madDisAsm can only show the names of exported functions.
I load map file, but nothing changes =\
What I do wrong?
P.S. sorry for my English =)
Chromix
Posts: 35
Joined: Fri Aug 12, 2005 5:58 pm

Post by Chromix »

It seems you've memory mapped a small exe file.
Exe files are usually mapped at 0x400000 or 0x500000.
Addresses in exe files, like the API call in the first line, won't get relocated when you map them to a different location.
red
Posts: 2
Joined: Fri Dec 09, 2005 6:22 pm

Post by red »

It seems you've memory mapped a small exe file
:sceptic:
But if I want to open small file (writen in assembler) ?
how I must open file? please tell me =)
madshi
Site Admin
Posts: 10749
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Use LoadLibraryEx with DONT_RESOLVE_DLL_REFERENCES, if you want to get a proper disassembling. madDisAsm is meant to work on properly relocated code only.
Post Reply