Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-18-2019, 01:58
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 256
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 296
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
IDA Pro 7.0 error when hitting F5 key during analysis

I'm decompiling a 1mb EXE and it seems that autoanalysis is complete, however, I'm getting this error message after hitting F5 key:

See image HERE.

A bug or feature?



-thx
Reply With Quote
  #2  
Old 01-18-2019, 02:43
tonyweb tonyweb is offline
Family
 
Join Date: Jan 2009
Posts: 190
Rept. Given: 190
Rept. Rcvd 95 Times in 36 Posts
Thanks Given: 1,901
Thanks Rcvd at 299 Times in 122 Posts
tonyweb Reputation: 95
The message in the screenshot just suggests you to wait for code analysis to finish before asking for the decompiler services.
Just wait till analysis finishes (traffic light becomes green), then press again F5, simple

Is the autoanalysis completed? I would have made a larger screenshot ... so to see also the analysis indicator and/or the log.

Regards,
Tony
__________________
Want to learn unpacking ... but I'm too stupid
Reply With Quote
The Following User Says Thank You to tonyweb For This Useful Post:
niculaita (01-18-2019)
  #3  
Old 01-18-2019, 04:48
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 256
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 296
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
Quote:
Originally Posted by tonyweb View Post
The message in the screenshot just suggests you to wait for code analysis to finish before asking for the decompiler services.
Just wait till analysis finishes (traffic light becomes green), then press again F5, simple

Is the autoanalysis completed? I would have made a larger screenshot ... so to see also the analysis indicator and/or the log.

Regards,
Tony
Thanks, and yes IDA is still "thinking", but seems to be taking a very, long time (hours). The log does not show analysis complete.
Reply With Quote
  #4  
Old 01-18-2019, 04:52
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 300
Rept. Given: 111
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 178
Thanks Rcvd at 215 Times in 92 Posts
deepzero Reputation: 64
can you share the file?
Reply With Quote
  #5  
Old 01-18-2019, 05:14
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 256
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 296
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
Quote:
Originally Posted by deepzero View Post
can you share the file?
D/L HERE
Reply With Quote
  #6  
Old 01-18-2019, 11:40
computerline computerline is offline
Friend
 
Join Date: Jun 2014
Posts: 81
Rept. Given: 39
Rept. Rcvd 28 Times in 12 Posts
Thanks Given: 124
Thanks Rcvd at 125 Times in 50 Posts
computerline Reputation: 28
Quote:
Originally Posted by Stingered View Post
D/L HERE
Code:
.text:0000000140507E60                             ;   try {
.text:0000000140507E60 18                                          db  18h
.text:0000000140507E61 B9                                          db 0B9h ; ¹
.text:0000000140507E62 04                                          db    4
.text:0000000140507E63 00                                          db    0
.text:0000000140507E64 0F                                          db  0Fh                 ; CODE XREF: sub_140507780+6BA↑j
.text:0000000140507E64                                                                     ; sub_140507780+6C4↑j ...
.text:0000000140507E64                             ;   } // starts at 140507E60
.text:0000000140507E65                             ; ---------------------------------------------------------------------------
.text:0000000140507E65 0B 90 90 90 90 90                           or      edx, [rax-6F6F6F70h]
.text:0000000140507E65
.text:0000000140507E65                             ; ---------------------------------------------------------------------------
.text:0000000140507E6B 90                                          db  90h
.text:0000000140507E6C 90                                          db  90h
.text:0000000140507E6D 90                                          db  90h
.text:0000000140507E6E 90                                          db  90h
IDA 7.0 Analysis loop at address 0x140507E65, don't known why, but seem it IDA bug, or there some anti analysis in the binary, I see many nop, maybe it make IDA analysis confuse.

Anyway, you could stop the analysis by click the yellow cycle on top toolbar and continue your work.

I tried IDA 6.8 and doen't got problem.

Last edited by computerline; 01-18-2019 at 11:50.
Reply With Quote
The Following 3 Users Say Thank You to computerline For This Useful Post:
kienmanowar (01-18-2019), Stingered (01-18-2019), tonyweb (01-18-2019)
  #7  
Old 01-18-2019, 11:50
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 256
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 296
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
Thumbs up

Quote:
Originally Posted by Stingered View Post
D/L HERE
Quote:
Originally Posted by computerline View Post
Code:
.text:0000000140507E60                             ;   try {
.text:0000000140507E60 18                                          db  18h
.text:0000000140507E61 B9                                          db 0B9h ; ¹
.text:0000000140507E62 04                                          db    4
.text:0000000140507E63 00                                          db    0
.text:0000000140507E64 0F                                          db  0Fh                 ; CODE XREF: sub_140507780+6BA↑j
.text:0000000140507E64                                                                     ; sub_140507780+6C4↑j ...
.text:0000000140507E64                             ;   } // starts at 140507E60
.text:0000000140507E65                             ; ---------------------------------------------------------------------------
.text:0000000140507E65 0B 90 90 90 90 90                           or      edx, [rax-6F6F6F70h]
.text:0000000140507E65
.text:0000000140507E65                             ; ---------------------------------------------------------------------------
.text:0000000140507E6B 90                                          db  90h
.text:0000000140507E6C 90                                          db  90h
.text:0000000140507E6D 90                                          db  90h
.text:0000000140507E6E 90                                          db  90h
IDA Analysis loop at address 0x140507E65, don't known why, but seem it IDA bug, or there some anti analysis in the binary, I see many nop, maybe it make IDA analysis confuse.

Anyway, you could stop the analysis by click the yellow cycle on top toolbar and continue your work.
Thanks for review! I think it may be a bug and why I posted. Unfortunately, I don't have later release of IDA, but yes I can pause the analysis and go from there.
Reply With Quote
  #8  
Old 01-18-2019, 16:41
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 300
Rept. Given: 111
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 178
Thanks Rcvd at 215 Times in 92 Posts
deepzero Reputation: 64
Yes, it seems like an IDA bug. You should report it to the IDA devs.
Reply With Quote
The Following 2 Users Say Thank You to deepzero For This Useful Post:
Stingered (01-19-2019), tonyweb (01-19-2019)
  #9  
Old 01-19-2019, 01:06
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 256
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 296
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
Quote:
Originally Posted by deepzero View Post
Yes, it seems like an IDA bug. You should report it to the IDA devs.
Will do! Thx for confirming.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ahk malware analysis dion General Discussion 0 12-20-2021 08:50
Doqu 2.0 analysis Anticode General Discussion 10 06-29-2015 05:20


All times are GMT +8. The time now is 17:10.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )