EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-18-2019, 01:58
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 106
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 125
Thanks Rcvd at 61 Times in 27 Posts
Stingered Reputation: 2
IDA Pro 7.0 error when hitting F5 key during analysis

I'm decompiling a 1mb EXE and it seems that autoanalysis is complete, however, I'm getting this error message after hitting F5 key:

See image HERE.

A bug or feature?



-thx
Reply With Quote
  #2  
Old 01-18-2019, 02:43
tonyweb tonyweb is offline
Family
 
Join Date: Jan 2009
Posts: 131
Rept. Given: 161
Rept. Rcvd 86 Times in 31 Posts
Thanks Given: 1,095
Thanks Rcvd at 134 Times in 66 Posts
tonyweb Reputation: 86
The message in the screenshot just suggests you to wait for code analysis to finish before asking for the decompiler services.
Just wait till analysis finishes (traffic light becomes green), then press again F5, simple

Is the autoanalysis completed? I would have made a larger screenshot ... so to see also the analysis indicator and/or the log.

Regards,
Tony
__________________
Want to learn unpacking ... but I'm too stupid
Reply With Quote
The Following User Says Thank You to tonyweb For This Useful Post:
niculaita (01-18-2019)
  #3  
Old 01-18-2019, 04:48
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 106
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 125
Thanks Rcvd at 61 Times in 27 Posts
Stingered Reputation: 2
Quote:
Originally Posted by tonyweb View Post
The message in the screenshot just suggests you to wait for code analysis to finish before asking for the decompiler services.
Just wait till analysis finishes (traffic light becomes green), then press again F5, simple

Is the autoanalysis completed? I would have made a larger screenshot ... so to see also the analysis indicator and/or the log.

Regards,
Tony
Thanks, and yes IDA is still "thinking", but seems to be taking a very, long time (hours). The log does not show analysis complete.
Reply With Quote
  #4  
Old 01-18-2019, 04:52
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Europe
Posts: 208
Rept. Given: 98
Rept. Rcvd 60 Times in 38 Posts
Thanks Given: 78
Thanks Rcvd at 60 Times in 27 Posts
deepzero Reputation: 60
can you share the file?
Reply With Quote
  #5  
Old 01-18-2019, 05:14
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 106
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 125
Thanks Rcvd at 61 Times in 27 Posts
Stingered Reputation: 2
Quote:
Originally Posted by deepzero View Post
can you share the file?
D/L HERE
Reply With Quote
  #6  
Old 01-18-2019, 11:40
computerline computerline is offline
Friend
 
Join Date: Jun 2014
Posts: 54
Rept. Given: 40
Rept. Rcvd 26 Times in 10 Posts
Thanks Given: 82
Thanks Rcvd at 64 Times in 30 Posts
computerline Reputation: 26
Quote:
Originally Posted by Stingered View Post
D/L HERE
Code:
.text:0000000140507E60                             ;   try {
.text:0000000140507E60 18                                          db  18h
.text:0000000140507E61 B9                                          db 0B9h ; ¹
.text:0000000140507E62 04                                          db    4
.text:0000000140507E63 00                                          db    0
.text:0000000140507E64 0F                                          db  0Fh                 ; CODE XREF: sub_140507780+6BA↑j
.text:0000000140507E64                                                                     ; sub_140507780+6C4↑j ...
.text:0000000140507E64                             ;   } // starts at 140507E60
.text:0000000140507E65                             ; ---------------------------------------------------------------------------
.text:0000000140507E65 0B 90 90 90 90 90                           or      edx, [rax-6F6F6F70h]
.text:0000000140507E65
.text:0000000140507E65                             ; ---------------------------------------------------------------------------
.text:0000000140507E6B 90                                          db  90h
.text:0000000140507E6C 90                                          db  90h
.text:0000000140507E6D 90                                          db  90h
.text:0000000140507E6E 90                                          db  90h
IDA 7.0 Analysis loop at address 0x140507E65, don't known why, but seem it IDA bug, or there some anti analysis in the binary, I see many nop, maybe it make IDA analysis confuse.

Anyway, you could stop the analysis by click the yellow cycle on top toolbar and continue your work.

I tried IDA 6.8 and doen't got problem.

Last edited by computerline; 01-18-2019 at 11:50.
Reply With Quote
The Following 3 Users Say Thank You to computerline For This Useful Post:
kienmanowar (01-18-2019), Stingered (01-18-2019), tonyweb (01-18-2019)
  #7  
Old 01-18-2019, 11:50
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 106
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 125
Thanks Rcvd at 61 Times in 27 Posts
Stingered Reputation: 2
Thumbs up

Quote:
Originally Posted by Stingered View Post
D/L HERE
Quote:
Originally Posted by computerline View Post
Code:
.text:0000000140507E60                             ;   try {
.text:0000000140507E60 18                                          db  18h
.text:0000000140507E61 B9                                          db 0B9h ; ¹
.text:0000000140507E62 04                                          db    4
.text:0000000140507E63 00                                          db    0
.text:0000000140507E64 0F                                          db  0Fh                 ; CODE XREF: sub_140507780+6BA↑j
.text:0000000140507E64                                                                     ; sub_140507780+6C4↑j ...
.text:0000000140507E64                             ;   } // starts at 140507E60
.text:0000000140507E65                             ; ---------------------------------------------------------------------------
.text:0000000140507E65 0B 90 90 90 90 90                           or      edx, [rax-6F6F6F70h]
.text:0000000140507E65
.text:0000000140507E65                             ; ---------------------------------------------------------------------------
.text:0000000140507E6B 90                                          db  90h
.text:0000000140507E6C 90                                          db  90h
.text:0000000140507E6D 90                                          db  90h
.text:0000000140507E6E 90                                          db  90h
IDA Analysis loop at address 0x140507E65, don't known why, but seem it IDA bug, or there some anti analysis in the binary, I see many nop, maybe it make IDA analysis confuse.

Anyway, you could stop the analysis by click the yellow cycle on top toolbar and continue your work.
Thanks for review! I think it may be a bug and why I posted. Unfortunately, I don't have later release of IDA, but yes I can pause the analysis and go from there.
Reply With Quote
  #8  
Old 01-18-2019, 16:41
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Europe
Posts: 208
Rept. Given: 98
Rept. Rcvd 60 Times in 38 Posts
Thanks Given: 78
Thanks Rcvd at 60 Times in 27 Posts
deepzero Reputation: 60
Yes, it seems like an IDA bug. You should report it to the IDA devs.
Reply With Quote
The Following 2 Users Say Thank You to deepzero For This Useful Post:
Stingered (01-19-2019), tonyweb (01-19-2019)
  #9  
Old 01-19-2019, 01:06
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 106
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 125
Thanks Rcvd at 61 Times in 27 Posts
Stingered Reputation: 2
Quote:
Originally Posted by deepzero View Post
Yes, it seems like an IDA bug. You should report it to the IDA devs.
Will do! Thx for confirming.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 13:08.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX