[LootaBox]

Hi,

For time I have been trying to find some addresses in the binary using IDA 7.x. There are some guides in the forum here for older versions, but for me 7.x actually somehow worked out of the box without much tinkering.

However, all of a sudden parts of the disassembled code that used to look something like:

Code:

mov     eax, [ecx+7CCh]
mov     edx, [esp+arg_0]
mov     [edx], eax

now looks like something like:

Code:

dd 41C4F6E0h, 8E8B2F7Ah, 1B8h, 1BC8E3Bh, 217D0000h, 6A016Ah
dd 25E8CE8Bh, 0DBFFFEDFh, 1D086h
db 0, 0D8h, 0Dh
dd offset __real@447a0000

I have not yet figured out why this changed, but that aside... What would the veterans here recommend to use for G2 disassembly these days? Stick to old IDA, or perhaps someone recognizes some magic setting I need to change with the new IDA? Something else?

I've seen posts and gotten suggestions like "combine this with that and that" and while I appreciate the help, hints like this are somehow difficult to approach. Though, perhaps it is just because I am not so versed in the art of disassembly and don't immediately see how everything fits together.

Any input appreciated!

[Lehona]

Ghidra is a decent alternative, and comes with a free decompiler (worse than the IDA Decompiler, but that one is not free). A short-term fix is to disassemble the shown section as code, which is as easy as selecting the first byte and pressing C if I remember correctly.

[LootaBox]

Thank you, it really was as simple as that for the short term solution.

I might take a look at Ghidra if IDA gets too cumbersome in implementing one or another feature.