Quote:
Originally posted by tom324
> 2. You can make your own FLIRT sigs.
h**p://www.datarescue.com/ubb/ultimatebb.php?ubb=get_topic;f=1;t=000296
> 3. You can program your own p-code disassembler for IDA
h**p://www.datarescue.com/ubb/ultimatebb.php?ubb=get_topic;f=1;t=000406
> So you're wrong.
Not likely.
Tom
|
You can make FLIRT sigs for any compiled app. Since VB calls VB dlls, it doesn't contain any VB libs in the main app. That's why they say it doesn't make any sense to do that for VB apps. If you have reversed a VB app, or any other app for that matter, and want to continue with the latest version, FLIRT sigs are valuable because you can take the FLIRT sigs from the older version and apply them to the latest version. Most of the funcs are unchanged so they have the same FLIRT sigs.
And as for your link to support your claim that one can't write a VB p-code disassembler in IDA is just plain silly. Ilfak says "As about P-code, its format and descriptions are not available, so IDA is not much of help for them. " Nowhere does it say you can't do it. In fact, people have written custom plugins for IDA to support various other processors not supported by IDA.
So again, you're wrong.
03-02-2004, 01:19
Similar Threads
Threaded Mode