Hi,

I have a target (safedisc v2.8.11) which I am fully reversing to improve my skills. At the moment I am looking at secdrv.sys which is created from the main exe. I already found the decryption routine, but when I disassemble the main exe, the region of interest that contains the encrypted data is displayed as "db ? ; unexplored". How can I tell IDA that it needs to display those bytes? I need this because I want to write an idc script to emulate the decryption routine. Some of you might say that there are easier ways to get hold of secdrv.sys and I know, and I have done that. But for me it is only to practice my ida and reversing skills. I already fully reversed the appended section to the main app, ~e5d141.tmp, and the anti-debugging part of ~df394b.tmp. That only leaves me secdrv.sys, drvmgt.dll, ~defd6a.tmp and ~efe2.tmp. I have a long way to go, but as long as I have fun doing it ... I will do it.

Here is an illustration of my problem :

Hexviewer

EBFDA 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11
EBFEC 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11
EBFFE 11 11 00 00 00 00 13 CD 25 19 04 00 00 00 00 00 07 00

in IDA :

.data:004EBFFC db 11h ;
.data:004EBFFD db 11h ;
.data:004EBFFE db 11h ;
.data:004EBFFF db 11h ;
.data:004EC000 db ? ; unexplored
.data:004EC001 db ? ; unexplored

Kade