Hello,

I'm trying to understand how to debug with IDA debugger.
After disassembling a PE-file, "IDA-View A" shows addresses ranging from 00001000 to 000A01834, setting the entry point (start) at 00063D41.
When I start the IDA-debugger, the disassembled code disappears and instead the EIP-windows shows addresses like "debug009:77FB4D87".

How can I map these addresses to the ones listet in "IDA-View A" ?
When I pause debugging, I would like to analyse the code in the "regular" disassembled code window.

Thank you so much for your help,

Joe

I've tried using the debugger in IDA and partly because of my own ignorance of it's capabilities and my familiarity with ollydbg I've not taken it any farther than checking to see if a conditional jump is executed when I expect it, my best guess is that what you are seeing is an address in an associated dll - execute until return should return you to the main code.

SiGiNT

Such a high address normally indicates you're in a DLL.

Llxx, is there a setting, that IDA stays only within the program's code (exe) and executes all external calls automatically ?

You may be able to use Tracing - my advice for your questions, since virtually no one I know uses IDA for debugging - is RTM, (read the manual), most of the advice recieved here will be educated guesses, IMHO you're a lot better off, with ollydbg, softice, or even M$ windbg - and that one is free.

SiGiNT

Sigint, thx for the clear words !
May I ask why IDA debugger whilst built-in isn't being used ?
I mean is it because is new and everybody is already used to other debuggers ? Or is because the debugger itself isn't that good (has problems with correct debug) ?

Wbr,

Joe
PS: Would you prefer Ollydbg over Softice ?

IDA's debugger is relatively new and obscure compared to more "mature" ones like Softice and even Ollydbg. I'd normally use Softice, since it is a true ring0 debugger that loads at boottime.