#nuvie@irc.freenode.net logs for 7 Sep 2010 (GMT)

Archive Today Yesterday Tomorrow
Nuvie homepage


[05:17:32] --> Kirben has joined #nuvie
[09:08:25] --> Yuv422 has joined #nuvie
[09:38:58] <-- Yuv422 has left IRC (Quit: Yuv422)
[10:37:00] --> Yuv422 has joined #nuvie
[11:37:42] <Yuv422> hmm the ida rebase command is doing something weird to my idb
[11:37:58] <Yuv422> it's doing fixups which change code
[12:19:01] <Yuv422> ; before rebase
[12:19:01] <Yuv422> 00001A95 mov word ptr unk_2F356, 0FFFFh
[12:19:02] <Yuv422> C7 06 96 00 FF FF
[12:19:12] <Yuv422> ; after rebase
[12:19:12] <Yuv422> 00001F95 mov word ptr unk_2F856, 4Fh ; 'O'
[12:19:12] <Yuv422> C7 06 96 00 4F 00
[12:19:38] <wjp> that's weird
[12:20:07] <Yuv422> it's a fixup oint
[12:20:11] <Yuv422> point
[12:20:43] <Yuv422> put in by rebase_program(currentbase - imagebase, MSF_FIXONCE);
[12:20:57] <Yuv422> I tried using NOFIX
[12:21:06] <Yuv422> but that causes more headaches
[12:22:50] <wjp> is the operand type of that int accidentally an address?
[12:23:18] <wjp> although I guess that wouldn't make it give the 'O' comment
[12:23:42] <Yuv422> it was red before
[12:23:57] <Yuv422> but I turned off all the analysis options
[12:24:03] <Yuv422> before doing the rebase
[12:24:11] <Yuv422> and then I got the 'O'
[12:25:01] <Yuv422> If I do the MSF_NOFIX option it doesn't do a fixup at that address
[12:25:36] <Yuv422> so it is definitely coming out of that function
[13:06:26] <Yuv422> changing the rebase delta effects which bytes get patched
[13:15:01] <Yuv422> I'm off now
[13:15:02] <Yuv422> cya
[13:15:04] <-- Yuv422 has left IRC (Quit: Yuv422)
[13:36:11] <-- Kirben has left IRC (Ping timeout: 276 seconds)
[21:13:33] --> Yuv422 has joined #nuvie
[22:02:47] <-- Yuv422 has left IRC (Quit: Yuv422)
[23:18:00] --> Kirben has joined #nuvie