bboitano
March 14th, 2006, 11:11
Hi everyone,
I'm just starting to play around with IDA and I was wondering if someone could help me with this simple query.
I have a call like this:
.text:00401141 call sub_401390
which leads to ...
.text:00401390 sub_401390 proc near ; CODE XREF: sub_4010B4+8D
.text:00401390 ; sub_4010B4+1F2
.text:00401390 jmp ds:GetDlgItemTextA
.text:00401390 sub_401390 endp
What do I have to do in IDA to make the call sub_401390 into a call GetDlgItemTextA without renaming it manually? For some files I dissasemble, IDA does this automatically, yet for others it doesn't.
The file in question (based on http://www.crackmes.de/users/lafarge/lafarges_crackme_2/) is a very simple crackme which I chose as it is exactly that - simple. Hopefully if I start with a simple program and work my way up, I can learn IDA step by step.
IDA appears to do this to the file when it has had imports added to the original file. I had added a SetWindowTextA import using a PE Editor (Snippet Creator) yet I never call that import from within the file (I was just messing around with it).
So now my question is this : How do I get IDA to recognise this and thus decode it correctly?
File is available here if anyone wants to look (with the added import, not the original).
http://rapidshare.de/files/15064373/test.rar.html
The problem seems to be the same on multiple versions of IDA from 4.3 -> 4.8 as everyone else I know with a copy has tried to get it to decode correctly but with no luck. Since it apparently does this with the 'official' 4.3 free version, I don't think it is one of the 'deliberate' errors that certain copies *cough* of IDA contain.
Thanks in advance
I'm just starting to play around with IDA and I was wondering if someone could help me with this simple query.
I have a call like this:
.text:00401141 call sub_401390
which leads to ...
.text:00401390 sub_401390 proc near ; CODE XREF: sub_4010B4+8D
.text:00401390 ; sub_4010B4+1F2
.text:00401390 jmp ds:GetDlgItemTextA
.text:00401390 sub_401390 endp
What do I have to do in IDA to make the call sub_401390 into a call GetDlgItemTextA without renaming it manually? For some files I dissasemble, IDA does this automatically, yet for others it doesn't.
The file in question (based on http://www.crackmes.de/users/lafarge/lafarges_crackme_2/) is a very simple crackme which I chose as it is exactly that - simple. Hopefully if I start with a simple program and work my way up, I can learn IDA step by step.
IDA appears to do this to the file when it has had imports added to the original file. I had added a SetWindowTextA import using a PE Editor (Snippet Creator) yet I never call that import from within the file (I was just messing around with it).
So now my question is this : How do I get IDA to recognise this and thus decode it correctly?
File is available here if anyone wants to look (with the added import, not the original).
http://rapidshare.de/files/15064373/test.rar.html
The problem seems to be the same on multiple versions of IDA from 4.3 -> 4.8 as everyone else I know with a copy has tried to get it to decode correctly but with no luck. Since it apparently does this with the 'official' 4.3 free version, I don't think it is one of the 'deliberate' errors that certain copies *cough* of IDA contain.
Thanks in advance
Shame about the flowcharts though ... but working on a fix for that.