Hi,
when you are in IDA, look on the bottom of the window, you'll see there some info; for me the fourth is the offset that you need to find in winhex. Also when you'll use HIEW or BIEW, you can turn on relative adresses, which will be the same as IDA uses in the disassembly.
Concerning the PeID, it identifies mainly commercial or well known protections; when it says nothing, then the program can still be protected. The best way how to find if there is any protection is to make it trigger to see how it works. Do you suppose that there is CRC check? Try to change something unimportant (like char in the This program doesn't run in DOS NAG in PE header, or some nulls at the end of code section) and see whats going on. And so no. Also pay attention to strings you can find in it. Remember, gain as much knowledge on your adversary as you can before you start messing with him
Regards,
least
02-11-2004, 16:09
Similar Threads
Hybrid Mode
