Hi,

I am trying to disassemble a program with IDA. As always IDA asks me to give him the DLLs that are imported by the executable. The unusual thing is that when I give him the DLL I get a message that says :"File xxx.dll can't be accepted as module xxx, Probably it contains only entry point numbers".
The DLL's and the program are not packed(i have checked them by peid).
When i debug the executable in olly(view executable module->view name) I see only entry point numbers for the function importetd from the DLL.
If someone can tell me why this program is like this and what can I do to be able to continue my reversing on it I will be very thankfull.

Thanks in advance

akimp3

This is something new to the latest version of IDA, I don't think it really matters, it's simply looking for usefull info in the .dll's and then telling you it's not needed. If you compare a disassembly from a prior version with the newer, they'll be identical.

SiGiNT

Hmm... The "can't accept DLL" message in IDA is a bug, as you can read here:

http://www.datarescue.com/ubb/ultimatebb.php?/topic/1/871.html

I suppose that the only thing you can do is to register and request the fix :P

Hi,

Thank you (Polaris and sigint33) for your replies. I have also another problem with IDA 4.8, it does not disassemble the body of my functions and all of the functions are recognized as data. I must manually click on their name and click on the function button to correct this. I have not this problem with IDA 4.7. should I do something (change an option) or it is also a bug in my copy of IDA? I should also say that the analyze terminate very rapidly (because it does nothing).

Thanks in advance

akimp3

Probably a bug of another badly cracked version of IDA. I remember reading something about this on exetools forum, you may want to check.

The solution could be:
1) Downloading the full IDA 4.8 package (it is out there, just search )
2) Rollback to 4.7 (but taking care of deactivating the function tail creation)

HTH,

Polaris

@Polaris

Thank you for the info. I am also a reader of the new +fravia site (searchlores) , I will find it in less than 3 seconds.

Sincerely yours

akimp3

Actually Polaris,

Even though I'm not having any other problems other than the .dll issue, as much as I use IDA it's not a bad idea to pay for it, I may actually spring for it.

SiGiNT

Servil has many great IDA plugins. You can download at: hxxp://www.sharemation.com/servil/idaplugs/. In those plugins, the impbyord-bin48.zip can be used to solve the .dll problem in IDA. I often use it to resolve the import ordinal of OllyDbg.exe when I analysis OllyDbg plugins.

akimp3, if you can afford to attend REcon, then you can afford to buy IDA

Hi,
@Disavowed
I will buy it soon

@TQN

Thank you very much for the plugin.

I use the old IDA 4.0 (or was it 4.1? I forget), aged but works very well. The freeware version is also worth taking a look at.

well some ida questions may now be directed to the official ida pro forum too
they have opened a free for all and his cat too section in thier official
board that will be supposed to be used to answer question regarding "FREE "
ida

Well, I am not so sure they will help you with issues regarding a warezed IDA Pro 4.8, don't you think?