Hi,
For time I have been trying to find some addresses in the binary using IDA 7.x. There are some guides in the forum here for older versions, but for me 7.x actually somehow worked out of the box without much tinkering.
However, all of a sudden parts of the disassembled code that used to look something like:
Code:
mov eax, [ecx+7CCh]
mov edx, [esp+arg_0]
mov [edx], eax
now looks like something like:
Code:
dd 41C4F6E0h, 8E8B2F7Ah, 1B8h, 1BC8E3Bh, 217D0000h, 6A016Ah
dd 25E8CE8Bh, 0DBFFFEDFh, 1D086h
db 0, 0D8h, 0Dh
dd offset __real@447a0000
I have not yet figured out why this changed, but that aside... What would the veterans here recommend to use for G2 disassembly these days? Stick to old IDA, or perhaps someone recognizes some magic setting I need to change with the new IDA? Something else?
I've seen posts and gotten suggestions like "combine this with that and that" and while I appreciate the help, hints like this are somehow difficult to approach. Though, perhaps it is just because I am not so versed in the art of disassembly and don't immediately see how everything fits together.
Any input appreciated!