| Author |
|
|---|
| Views: 773 | Replies:
3 | Posting Date: 2009-02-26 23:37:58
|
Thread Starter:
Aditya |
hi,
i just wanted to know how does distorm know from where to start the disassembling...i mean to ask does it parse the EXE file through the PE format,
|
Anonymous Poster
Posted at:
2009-02-27 09:09:08 |
Re: how does distorm get the code offset?
no offset at all, ala the beginning of the file.... the offset you feed the CLI tool is for the virtual offset that you see in the display... like .com files are 0x100. |
Aditya
Posted at:
2009-03-01 23:22:15 |
Re: how does distorm get the code offset?
how to find the disassembly of the code, because wen i try to disassemble the executable there is so much of disassembled code how to find exactly the disassembly of the highlevel code? |
Anonymous Poster
Posted at:
2009-03-02 16:11:11 |
Re: how does distorm get the code offset?
You can use some application that shows you the entry point and then look at its physical address.
Or just browse all the output and when you see a bunch of instructions that looks like some real code you traverse to the beginning of it, and that's prolly the beginning of the code section.. |
