What's wrong with w32Dasm_2002828_pll621

#1 02-29-2004, 15:48

WIN2000 with sp3 and use w32Dasm_2002828_pll621.exe
I saved unASM file to disk, when I open it again,some codes were changed:

-------------------------------------------------------------------------------
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0079FF1B(C)
|
:0079FF22 8D4C2408 lea ecx, dword ptr [esp+08]
:0079FF26 8BD7 mov edx, edi
:0079FF28 8BC6 mov eax, esi
:0079FF2A E80DF7C6FF call 0040F63C
:0079FF2F FF74240C push [esp+0C]
:0079FF33 FF74240C push [esp+0C]
:0079FF37 8B433C mov eax, dword ptr [ebx+3C]
:0079FF3A 50 push eax
:0079FF3B 8D44241C lea eax, dword ptr [esp+1C]
:0079FF3F 50 push eax
:0079FF40 8B4B38 mov ecx, dword ptr [ebx+38]
:0079FF43 33D2 xor edx, edx
:0079FF45 33C0 xor eax, eax
:0079FF47 E808F7C6FF call 0040F654
:0079FF4C 8D442418 lea eax, dword ptr [esp+18]
:0079FF50 50 push eax

-------------------------------Saved then Opened--------
U)nconditional or (C)onditional Jump at Address:
|:0079FF1B(

|
:0079FF22 8D4C2408 lea ecx
dword ptr [esp+08]
:0079FF26 8BD7
mov edx, edi
:0079FF28 8BC6
mov eax, esi
:0079FF2A E80DF7C6FF
call 0040F63C
:0079FF2F FF74240C
push [esp+0C]
:0079FF33 FF74240C push [es
0C]
:0079FF37 8B433C mov
ax, dword ptr [ebx+3C]
:0079FF3A 50 pus
eax
:0079FF3B 8D44241C lea
ax, dword ptr [esp+1C]
:0079FF3F 50 pus
eax
:0079FF40 8B4B38 mov ecx
dword ptr [ebx+38]
:0079FF43 33D2
xor edx, edx
:0079FF45 33C0
xor eax, eax
:0079FF47 E808F7C6FF call 004
654
:0079FF4C 8D442418 lea

, dword ptr [esp+18]
:0079FF50 50
push eax

tom324 · #2 02-29-2004, 16:28

w32Dasm is out of date, its development has stopped years ago. If you want propper disassembler use IDA Pro.

Tom

#3 02-29-2004, 19:55

For large file IDA too slow ,
unasm a 5MB-size file needs 5hours,@@@

Squidge · #4 02-29-2004, 22:09

Longest I've seen here is about 5 minutes for a 10mb file. Are you using a 486 or something?

Polaris · #5 02-29-2004, 22:51

Quote:

Originally posted by kuli
For large file IDA too slow ,
unasm a 5MB-size file needs 5hours,@@@

IDA is too superior.... However, you can try PVDasm... It is supported and free.

Byyeyeyzz

Polaris

#6 02-29-2004, 23:03

Quote:

Originally posted by Squidge
Longest I've seen here is about 5 minutes for a 10mb file. Are you using a 486 or something?

MEM=256MB,CPU=PIII 800 , HD=40Gb/7000 SYS=WIN2000 SP3 ,

test.exe (DELPHI) 5.70 MB (5,987,328 BYTE)
use IDA4.5.1.770
time used :almost 5 hours.
My God !

#7 03-01-2004, 01:24

For Delphi generated apps, I use PE Explore.

It has a lot of the same key sequences as IDA, and it seems to understand Delphis qwirks better than anything else.

It's REALLY fast, and it's available here, so I'd give it a look. It even has a built in resource editor.

It's not PERFECT, but if it had three bug fixes and a MAP exporter to Olly, I'd probably buy the thing. (It's amazing how many Borland targets there are out there).

I should mention that OllyDbg also understands Borland stuff OK. It's not PE Explore, but then again, it can debug while PE Explore can't.

Polaris · #8 03-01-2004, 03:08

Quote:

Originally posted by sgdt
For Delphi generated apps, I use PE Explore.

It has a lot of the same key sequences as IDA, and it seems to understand Delphis qwirks better than anything else.

It's REALLY fast, and it's available here, so I'd give it a look. It even has a built in resource editor.

It's not PERFECT, but if it had three bug fixes and a MAP exporter to Olly, I'd probably buy the thing. (It's amazing how many Borland targets there are out there).

I should mention that OllyDbg also understands Borland stuff OK. It's not PE Explore, but then again, it can debug while PE Explore can't.

Although I would NEVER use anything than my IDA, for delphi written apps I would use old good Dede from Dafixer... Really better than PE Explorer

#9 03-01-2004, 04:51

Quote:

Originally posted by kuli
MEM=256MB,CPU=PIII 800 , HD=40Gb/7000 SYS=WIN2000 SP3 ,

test.exe (DELPHI) 5.70 MB (5,987,328 BYTE)
use IDA4.5.1.770
time used :almost 5 hours.
My God !

HA HA. Good old IDA Pro! It uses inefficient algorithms so some programs take hours to analyze. I once disassembled a VB app that took more than 24 hours to analyze and I have a VERY fast computer. Things that will make IDA slow is having lots of obfuscated code with jumps or lots of variables in a function.

tom324 · #10 03-01-2004, 05:40

I prefer good to fast. IDA Pro is not a tool I would use for VB and AFAIK it was not designed for VB.

Tom

#11 03-01-2004, 06:41

Quote:

Originally posted by tom324
I prefer good to fast. IDA Pro is not a tool I would use for VB and AFAIK it was not designed for VB.

Tom

IDA was designed to disassemble programs. Doesn't matter what language the program was written in.

#12 03-01-2004, 08:11

w32Dasm can't instead, I like its speed and references of CALLs /Jumps ,so conveniency.

tom324 · #13 03-01-2004, 17:25

Quote:

Originally posted by floorpie
IDA was designed to disassemble programs. Doesn't matter what language the program was written in.

Wrong. There is a difference between compiler and interpreter. FLIRT signatures in IDA are mostly for C libraryes of various compilers.

Tom

#14 03-01-2004, 22:35

Quote:

Originally posted by tom324
Wrong. There is a difference between compiler and interpreter. FLIRT signatures in IDA are mostly for C libraryes of various compilers.

Tom

1. VB can be compiled into native code.
2. You can make your own FLIRT sigs.
3. You can program your own p-code disassembler for IDA

So you're wrong.

tom324 · #15 03-01-2004, 22:59

> 2. You can make your own FLIRT sigs.

h**p://www.datarescue.com/ubb/ultimatebb.php?ubb=get_topic;f=1;t=000296

> 3. You can program your own p-code disassembler for IDA

h**p://www.datarescue.com/ubb/ultimatebb.php?ubb=get_topic;f=1;t=000406

> So you're wrong.

Not likely.

Tom

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
What is wrong?	Asus	General Discussion	2	11-14-2006 18:41
what's wrong?	droptionno_1	General Discussion	2	08-27-2002 04:41