Hi guys,
Anyone can help me in setting the VPAGESIZE value and also explain it.What is the safe value for Physical ram 256mb and 40 Gb hard disk?.Suppose i have to increase the VPAGESIZE value.


filesize_to_disassemble:24576 bytes or 24KB
Physical RAM of my PC:256MB

Problem:
When i try to disassemble the above file with default configuration and I got this dialog box.

####################################
#
# Create a segment (00401000-0AFCEEFF,sel 00000001)
# can't allocate varray chunk for the segment.
#
##############################



### from ida.cfg ###

// Memory configuration parameters
// -------------------------------
// NOTES:
//
// 1. DATABASE_MEMORY determines how much memory will be allocated
// for names, strings, xrefs, functions, etc. If it is == 0 then
// IDA uses the following alrogithm:
//
// DATABASE_MEMORY = new_file
// ? input_file_size * 4
// : old_btree_size/2
//
// 2. page sizes (VPAGESIZE and NPAGESIZE) must be powers of 2.
//
// 3. if VPAGES == 0 then 32bit IDA reserves memory by the following
// alrogithm:
// VMEM = new_file
// ? input_file_size*4
// : allocated_addressing_space;
// VPAGES = VMEM / VPAGESIZE
// 4. Here is the total amount of memory allocated when IDA starts:
// TOTAL = DATABASE_MEMORY + VPAGESIZE*VPAGES + NPAGESIZE*NPAGES
//
I added (n) for a line number.

(1) DATABASE_MEMORY = 0 // Database buffers size in bytes.
(2) VPAGESIZE = 8192 // Virtual memory page size
(3) // (effective for new bases only)
(4) // 8192 => 128MB addressing space is the limit
(5) VPAGES = 0 // Size of virtual memory window (in pages)
(6) NPAGESIZE = 8192 // Name pointers page size
(7) // (effective for new bases only)
(8) NPAGES = 32 // how big will be the memory buffer?
(9) // (each name uses 4 bytes)
(10) // The default settings allow to keep
(11) // in memory 2^16 names. The remaining
(12) // names will be swapped to the disk.
//
// IDC engine parameters
// ---------------------

(13) IDC_STACKSIZE = 8192 // Total number of local variables
(14) IDC_CALLDEPTH = 128 // Maximal function call depth



@ Addition @@ Greets to RCEs @

Guys check this Editor,If this is an Elephant then Micro$oft notepad is an ant.
Especially for Programmer,coder,script writer etc...
Oh! i love freeware software which has more power than commercial $oftware and
why not using the more powerful weapon.

Notepad++ v3.4 (Free Software)
http://notepad-plus.sourceforge.net/

Wouldn't this indicate a problem with the PE header rather than worrying about IDA cfg? Sounds more like an anti-disasm effort.

Ya, I think so since it is not packed , and it is written in VC++,and any advice how to approach this kind of trick, i have many tuts but none have this kind of protection (anti-disasm).By the way when I load it in Olly, my OS give me Memory Resource is low message .Any way thanks.

Try to change section's that starts at 401000 (RVA 1000, most likely .CODE/.text, if really VC++ then .text) virtual size, making it the same to raw size could work, or if it doesn't try increase it till it works.

Regards,
Knight

OK,I'll try,

But I admit this crackme is beyond my skill (now ), the author give rank 2(?), so I think it's only for newbie like me or intermediate .So if you are more than a newbie I'ts nothing to bother. But like the author said it's something is there, since no tut/sol can be find for this crackme in their forum. It's use winsock .. somthing. But if you wanna try. Here i attach it, with some information/hint they discuss in their forum.Now i will give up for this. and try to enhance my knowlege in " anti -somthing " part. Have phun.

If anyone can solve it, please write tuts for this, we need some tuts for some "anti- *" trick type.

Remember like the author said something is there.There's a hint inside the zip,I hope that will help.

Note: if I broke the rules in attaching this crackme/file in this forum, please remove it.

Hi,

Just change the first section Raw size from 0xABCDEFF to 0x2000 and That's all.

BTW, to start keygen this crackme just check this address 0x4012E0

KSA

Thanks KSA, I'll do it.