I am working with a program that loads a dll. After the dll is loaded, then it executes at the <ModuleEntryPoint>, which is in the POL1 section. The code then extracts the rest of the code to the .text section. My problem is that I cannot analyze the code in the .text section because I believe it is being treated as data rather than code.

Is there any way I can analyze the code in the .text section?

Thanks in advance,
Taylor K.

P.S. Attached is a screenshot so you know what I'm talking about.

if you want to analyze sections that are not mapped as .code by default

use analyzethis plugin by joe stewart

you can grab it at openrce downloads

there are caveats using that like if you try analysing any page that is not in
any modules memory map it may err or give you wrong analysis

also analysing anydata sections always come with the risk of
inaccurate analysis like disassembling data as code


but something is always better than nothing
give it a spin and see if it fulfills your need

btw for ollydbg questions there is a seperate forum
you should consider posting your questions about ollydbg there
to avoid moving the posts here and there by the admins

To analyze a section different from which indicated by NtHeaders->OptionalHeader.BaseOfCode, you can use the olly's plugin "AnalyzeThis" downloadable here: http://openrce.org/downloads/browse/OllyDbg_Plugins

pnluck:

Didn't blabberer post that same information about 10 minutes before you did??

Regards,

Thank you guys, help appreciated. Oh, and I'll try and post on the right forum next time

We are attempting to keep all the "olly" Threads here in the OllyDbg Forum now.

Regards,