Page 1 of 1

need help

Posted: Fri Dec 09, 2005 6:28 pm
by red
Hi all =)
I open file:

Code: Select all

FH:=CreateFile(PChar(strFileName), GENERIC_READ, FILE_SHARE_READ,nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
FM:=CreateFileMapping(fh, nil, PAGE_READONLY, 0, 0, nil);
FP:=MapViewOfFile(fm, FILE_MAP_READ, 0, 0, 0);
but address in disAsm code:

Code: Select all

8371b200   call    dword ptr [$402058]
8371b206   cmp     eax, 1
8371b209   jz      +$36 ($8371b241)
8371b20b   push    0
8371b20d   call    +5 ($8371b217)
8371b212   push    esp
8371b213   jnb     +$74 ($8371b28a)
how do I get norm address?
how I must open file?
And last...
That about
Please note that madDisAsm can list the Delphi internal function names only if the madMapFile unit is part of the project. Without that madDisAsm can only show the names of exported functions.
I load map file, but nothing changes =\
What I do wrong?
P.S. sorry for my English =)

Posted: Fri Dec 09, 2005 8:50 pm
by Chromix
It seems you've memory mapped a small exe file.
Exe files are usually mapped at 0x400000 or 0x500000.
Addresses in exe files, like the API call in the first line, won't get relocated when you map them to a different location.

Posted: Sat Dec 10, 2005 5:21 pm
by red
It seems you've memory mapped a small exe file
:sceptic:
But if I want to open small file (writen in assembler) ?
how I must open file? please tell me =)

Posted: Mon Dec 12, 2005 11:11 am
by madshi
Use LoadLibraryEx with DONT_RESOLVE_DLL_REFERENCES, if you want to get a proper disassembling. madDisAsm is meant to work on properly relocated code only.