What's wrong with w32Dasm_2002828_pll621

Quote:

Originally posted by tom324
> 2. You can make your own FLIRT sigs.

h**p://www.datarescue.com/ubb/ultimatebb.php?ubb=get_topic;f=1;t=000296

> 3. You can program your own p-code disassembler for IDA

h**p://www.datarescue.com/ubb/ultimatebb.php?ubb=get_topic;f=1;t=000406

> So you're wrong.

Not likely.

Tom

You can make FLIRT sigs for any compiled app. Since VB calls VB dlls, it doesn't contain any VB libs in the main app. That's why they say it doesn't make any sense to do that for VB apps. If you have reversed a VB app, or any other app for that matter, and want to continue with the latest version, FLIRT sigs are valuable because you can take the FLIRT sigs from the older version and apply them to the latest version. Most of the funcs are unchanged so they have the same FLIRT sigs.

And as for your link to support your claim that one can't write a VB p-code disassembler in IDA is just plain silly. Ilfak says "As about P-code, its format and descriptions are not available, so IDA is not much of help for them. " Nowhere does it say you can't do it. In fact, people have written custom plugins for IDA to support various other processors not supported by IDA.

So again, you're wrong.

[tom324]

> You can make FLIRT sigs for any compiled app. Since VB calls VB dlls, it doesn't contain any VB libs in the main app

Maybe this would be a better idea:

h**p://www.sport-und-event.de/backtrace.de/idc/VB5060DLLcall.zip

> Nowhere does it say you can't do it

I have not seen such a plugin for VB. Have you?

Tom

Quote:

Originally posted by tom324
> Nowhere does it say you can't do it

I have not seen such a plugin for VB. Have you?

Whether or not one exists is irrelevant. You said it couldn't be done. Clearly, it's possible because you can write a new processor module for IDA Pro if you have the IDA SDK.