I'm starting to look at reversing this app, which is using a DLL to perform it's registration checks. The extension is not dll, but the file seems to be a standard PE DLL. I launch w32dasm 8.93 and have a go at it, but it comes up with nothing for the .text code section. So I launch IDA 4.17, and it works, only the code is all in the .data section.

Hmmm....

I check out the file with UltraEdit, and it looks like SizeOfCode == 0 in the PE header.

Is this the result of a packer?
How did IDA know to find code in the .data section?
Why did w32dasm choke on it?

Thanks.

You will have to search for a document called:

quine1.htm

on fravia's site (Tsehp's/Woodmann's mirror, now)

Learn the anti-wdasm trick there.

Then search the net for newer tricks (to garble even IDA)

...Have Phun