|
|
#8
02-11-2004, 16:09
|
|||
|
|||
|
Hi,
when you are in IDA, look on the bottom of the window, you'll see there some info; for me the fourth is the offset that you need to find in winhex. Also when you'll use HIEW or BIEW, you can turn on relative adresses, which will be the same as IDA uses in the disassembly. Concerning the PeID, it identifies mainly commercial or well known protections; when it says nothing, then the program can still be protected. The best way how to find if there is any protection is to make it trigger to see how it works. Do you suppose that there is CRC check? Try to change something unimportant (like char in the This program doesn't run in DOS NAG in PE header, or some nulls at the end of code section) and see whats going on. And so no. Also pay attention to strings you can find in it. Remember, gain as much knowledge on your adversary as you can before you start messing with him  Regards, least 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| two questions for admin | TomaHawk | General Discussion | 8 | 04-01-2014 00:51 |
| Humor and a few questions. | Innocent | General Discussion | 6 | 08-10-2004 02:51 |
| Armadillo questions? | ManSun | General Discussion | 20 | 05-12-2004 17:46 |
| 2 questions (IDA / Windows 2k/2k3) | skyper | General Discussion | 8 | 04-22-2004 08:44 |
| some unpacking questions | gnasher | General Discussion | 2 | 01-03-2004 20:44 |
Threaded Mode