anyone knows IDA ?

[Pierre-Marie Baty]

yeah, it's all in the title... anyone knows the IDA disassembler a bit ?

I just got it and I'm still trying to find my way around it. It's the most complex disassembler I ever used ! Back in 1998 or so I used to toy with Win32DASM but this one looks like a beast in comparison.

Simple question for starters: I have a PE executable, and I need to find the place(s) where it calls the Windows API MessageBox() function. How do I do ?



(P.S. nah, it's not for cracking stuff it's for work... I need to build an interface between 2 proprietary programs and in this one I need to figure out how a particular data structure is arranged)

[Lazy]

Hmm, MessageBox calls should have a title like "Fatal error" or something like that.

1. Open up the EXE in something like textpad and search for the MessageBox title string and note its address.
2. Disassemble the code and look for where the address is being pushed onto the stack.
3. ^^ There is where the function is about to be called.

To test it you could make a copy, find the start of where the messagebox code is executed and replace it with:

0xCD
0x03

Or just change it all to 0x90, the first one is equivalent to __asm int 3 and the other one is the nop instruction.

Though that is all I know from disassembling and playing around with my own code, hope it helps.

Added: I'm tired but I actually think the title string would be the 2nd thing pushed onto the stack, same thing though.