Hiho,
I'm looking at disassembly listings for a particular event in a Delphi form. Dede shows a list of opcodes whereas IDA shows some double words.

I'm a little confused by this, sure I can highlight the double words in IDA and convert them to code which matches that as shown in Dede.
Now, IDA shows that the first double words is accessed by a subroutine, which makes me think it has handled the dissasembly correctly.

Whereas Dede shows instructions like these :
006231AE 86913D10D411 xchg [ecx+$11D4103D], dl
006231B4 867C0090 xchg [eax+eax-$70], bh
006231B8 27 daa
006231B9 4E dec esi
006231BA 319412BA3A68D5 xor [edx+edx+$D5683ABA], edx

In my limited experience of assembler, I'd say these don't make any sense(I've just picked a few of the more weird looking ones).
What do you guys think?

My idea was to add comments in the IDA listing to the RVAs which Dede has identified as events. As it stands it doesn't look like this is fool proof, perhaps I can at least comment a few events to help my improve my chances of understanding what is going on at some level.
Is this approach something you would do for a medium-sized app?

Thanks for any help.
5Alive.

Hmmm, spent a little more time thinking about this and thought that I should attach to the program using OllyDbg and dissassemble at the adresses of interest. Lo and behold, the dump matches that of Dede.

I expect the two match as they are both dumped at runtime, whereas IDA does it "cold". Problem solved I think.
5Alive.