mambox
May 6th, 2002, 13:45
hi
i'm trying some rev on forester,a pcode visualbasic.
where can i find nfo about the pcode opcode value?
i used josephco exdec to decompile but dont understand how the branch work..here:
496869: 1c BranchF: 496895 ****(here)
49686C: 27 LitVar_Missing
49686F: 27 LitVar_Missing
496872: 27 LitVar_Missing
496875: f5 LitI4: 0x0 0 (....)
49687A: 3a LitVarStr: ( local_00C8 ) License Key Not Valid!
49687F: 4e FStVarCopyObj local_00B0
496882: 04 FLdRfVar local_00B0
496885: 0a ImpAdCallFPR4: _rtcMsgBox
49688A: 36 FFreeVar
496895: 1b LitStr: UNREGISTERED
496898: 54 FMemStStrCopy
49689D: 1b LitStr:
4968A0: 54 FMemStStrCopy
4968A5: 1b LitStr:
4968A8: 54 FMemStStrCopy
4968AD: f4 LitI2_Byte: 0x0 0 (.)
*** how is the 496869 offset calculated to reach 496895?
main code dumped from the exe give
00496869: 1C09 sbb al,009 ;" "
0049686B: 0327 add esp,[edi]
0049686D: E8FE2708FF call 0FF118470
00496872: 27 daa
00496873: 28FF sub bh,bh
00496875: F5 cmc
00496876: 0000 add [eax],al
00496878: 0000 add [eax],al
0049687A: 3A38 cmp bh,[eax]
0049687C: FFDB call ebx
0049687E: 004E50 add [esi][00050],cl
00496881: FF0450 inc d,[eax][edx]*2
00496884: FF0A dec d,[edx]
00496886: 36001400 add ss:[eax][eax],dl
0049688A: 360800 or ss:[eax],al
so the 1c is branch opcode and 0903 give access to 496895,thats what i dont understand and secondly where to find whats opcode pcode mean?
like 1c=branch or 0a=impadrcall etc..
thanks for any help..i'm lost
i'm trying some rev on forester,a pcode visualbasic.
where can i find nfo about the pcode opcode value?
i used josephco exdec to decompile but dont understand how the branch work..here:
496869: 1c BranchF: 496895 ****(here)
49686C: 27 LitVar_Missing
49686F: 27 LitVar_Missing
496872: 27 LitVar_Missing
496875: f5 LitI4: 0x0 0 (....)
49687A: 3a LitVarStr: ( local_00C8 ) License Key Not Valid!
49687F: 4e FStVarCopyObj local_00B0
496882: 04 FLdRfVar local_00B0
496885: 0a ImpAdCallFPR4: _rtcMsgBox
49688A: 36 FFreeVar
496895: 1b LitStr: UNREGISTERED
496898: 54 FMemStStrCopy
49689D: 1b LitStr:
4968A0: 54 FMemStStrCopy
4968A5: 1b LitStr:
4968A8: 54 FMemStStrCopy
4968AD: f4 LitI2_Byte: 0x0 0 (.)
*** how is the 496869 offset calculated to reach 496895?
main code dumped from the exe give
00496869: 1C09 sbb al,009 ;" "
0049686B: 0327 add esp,[edi]
0049686D: E8FE2708FF call 0FF118470
00496872: 27 daa
00496873: 28FF sub bh,bh
00496875: F5 cmc
00496876: 0000 add [eax],al
00496878: 0000 add [eax],al
0049687A: 3A38 cmp bh,[eax]
0049687C: FFDB call ebx
0049687E: 004E50 add [esi][00050],cl
00496881: FF0450 inc d,[eax][edx]*2
00496884: FF0A dec d,[edx]
00496886: 36001400 add ss:[eax][eax],dl
0049688A: 360800 or ss:[eax],al
so the 1c is branch opcode and 0903 give access to 496895,thats what i dont understand and secondly where to find whats opcode pcode mean?
like 1c=branch or 0a=impadrcall etc..
thanks for any help..i'm lost
