Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   IDA Pro 7.0 error when hitting F5 key during analysis (https://forum.exetools.com/showthread.php?t=19094)

Stingered 01-18-2019 01:58

IDA Pro 7.0 error when hitting F5 key during analysis
 
I'm decompiling a 1mb EXE and it seems that autoanalysis is complete, however, I'm getting this error message after hitting F5 key:

See image HERE.

A bug or feature?

:)

-thx

tonyweb 01-18-2019 02:43

The message in the screenshot just suggests you to wait for code analysis to finish before asking for the decompiler services.
Just wait till analysis finishes (traffic light becomes green), then press again F5, simple ;)

Is the autoanalysis completed? I would have made a larger screenshot ... so to see also the analysis indicator and/or the log.

Regards,
Tony

Stingered 01-18-2019 04:48

Quote:

Originally Posted by tonyweb (Post 116120)
The message in the screenshot just suggests you to wait for code analysis to finish before asking for the decompiler services.
Just wait till analysis finishes (traffic light becomes green), then press again F5, simple ;)

Is the autoanalysis completed? I would have made a larger screenshot ... so to see also the analysis indicator and/or the log.

Regards,
Tony

Thanks, and yes IDA is still "thinking", but seems to be taking a very, long time (hours). The log does not show analysis complete. :confused:

deepzero 01-18-2019 04:52

can you share the file?

Stingered 01-18-2019 05:14

Quote:

Originally Posted by deepzero (Post 116122)
can you share the file?

D/L HERE

computerline 01-18-2019 11:40

Quote:

Originally Posted by Stingered (Post 116124)
D/L HERE

Code:

.text:0000000140507E60                            ;  try {
.text:0000000140507E60 18                                          db  18h
.text:0000000140507E61 B9                                          db 0B9h ; ¹
.text:0000000140507E62 04                                          db    4
.text:0000000140507E63 00                                          db    0
.text:0000000140507E64 0F                                          db  0Fh                ; CODE XREF: sub_140507780+6BA↑j
.text:0000000140507E64                                                                    ; sub_140507780+6C4↑j ...
.text:0000000140507E64                            ;  } // starts at 140507E60
.text:0000000140507E65                            ; ---------------------------------------------------------------------------
.text:0000000140507E65 0B 90 90 90 90 90                          or      edx, [rax-6F6F6F70h]
.text:0000000140507E65
.text:0000000140507E65                            ; ---------------------------------------------------------------------------
.text:0000000140507E6B 90                                          db  90h
.text:0000000140507E6C 90                                          db  90h
.text:0000000140507E6D 90                                          db  90h
.text:0000000140507E6E 90                                          db  90h

IDA 7.0 Analysis loop at address 0x140507E65, don't known why, but seem it IDA bug, or there some anti analysis in the binary, I see many nop, maybe it make IDA analysis confuse.

Anyway, you could stop the analysis by click the yellow cycle on top toolbar and continue your work.

I tried IDA 6.8 and doen't got problem.

Stingered 01-18-2019 11:50

Quote:

Originally Posted by Stingered (Post 116124)
D/L HERE

Quote:

Originally Posted by computerline (Post 116125)
Code:

.text:0000000140507E60                            ;  try {
.text:0000000140507E60 18                                          db  18h
.text:0000000140507E61 B9                                          db 0B9h ; ¹
.text:0000000140507E62 04                                          db    4
.text:0000000140507E63 00                                          db    0
.text:0000000140507E64 0F                                          db  0Fh                ; CODE XREF: sub_140507780+6BA↑j
.text:0000000140507E64                                                                    ; sub_140507780+6C4↑j ...
.text:0000000140507E64                            ;  } // starts at 140507E60
.text:0000000140507E65                            ; ---------------------------------------------------------------------------
.text:0000000140507E65 0B 90 90 90 90 90                          or      edx, [rax-6F6F6F70h]
.text:0000000140507E65
.text:0000000140507E65                            ; ---------------------------------------------------------------------------
.text:0000000140507E6B 90                                          db  90h
.text:0000000140507E6C 90                                          db  90h
.text:0000000140507E6D 90                                          db  90h
.text:0000000140507E6E 90                                          db  90h

IDA Analysis loop at address 0x140507E65, don't known why, but seem it IDA bug, or there some anti analysis in the binary, I see many nop, maybe it make IDA analysis confuse.

Anyway, you could stop the analysis by click the yellow cycle on top toolbar and continue your work.

Thanks for review! I think it may be a bug and why I posted. Unfortunately, I don't have later release of IDA, but yes I can pause the analysis and go from there.

deepzero 01-18-2019 16:41

Yes, it seems like an IDA bug. You should report it to the IDA devs.

Stingered 01-19-2019 01:06

Quote:

Originally Posted by deepzero (Post 116129)
Yes, it seems like an IDA bug. You should report it to the IDA devs.

Will do! Thx for confirming.


All times are GMT +8. The time now is 19:03.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX