HI All,

I have program package with InstallShield 7. I used IS decompiler of Sn00pe
to verify files .INX
I encounterd references like :" Invalid Serial Number ".
But I donīt understand the offsets ?

@0000808C:0021 function_314("Invalid Serial Number - please re-enter", -65534);
@000080C1:0007 local_number3 = (local_number3 + 1);
@000080D0:0005 goto label_7a8d;
@000080D9:0001 label_80d9:
@000080DB:0005 goto label_810a;
@000080E4:0003 endif;
@000080E4:0003 label_80e4:
@000080E6:000D local_number5 = (local_number1 = 12);
@000080F5:0004 if(local_number5) then // ref index: 1
@00008101:0005 goto label_79c3;
@0000810A:0010 endif;
@0000810A:0010 endif;

How used it in Softice ?

What you get when using the decompiler is some sort of script language. Probably the most irritating thing are assignments like var x=(var y=z) which sets x to either true or false, depending on the result of the comparison between y and z. The "offsets" you see are chosen deliberately depending on the script instructions the decompiler finds there. It works sort of like this: First the code is grouped into logical sections (compare it to functions in C) which have start and end labels. After that, every xref'd location (read "location a jump or similar points to) gets an address based on the start of the appropriate function and its relative position inside this function.

Hence the rather chunky addressing. And as you are looking at interpreted code, you can't track it directly in SI. The installshield package is parsing this script at install time, just like any interpreter language (many BASIC dialects for example). Of course you can watch the script interpreter deal with the script but that's definitely much more work than looking at the script