IDR
IDR copied to clipboard
Assertion Failed: num < ModuleCount
I have attempted to decompile the EXE attached and when ever i attempt to open it it will show a message.
this is the message:
and this is the EXE i want to decompile.
Same happens to me...
@samdisk11
I"m not able to reproduce the issue on your exe using the pre-built Idr.exe from this master branch. Analysis finished with 100% success.
what are your steps?
- where did you get the KB for your Delphi ver? (kb2012.bin) it's not present in this repo
lets make sure we are using same bits:
1a2e033e43b9c04de754da799d1f359e *syskb2012.bin 9d6d3492a826bbee39a073ca28225e5d *kb2012.bin
PS same question to @Antelox please also upload your .exe for reproducing the case.
I used the files in the repo, extracted in a folder and executed the idr.exe binary. Opened a Delphi sample with the autodetect feature and during the loading the messagebox pops up.
If you are talking about MpFix_UnpackedUPX.exe then something is missed, cause repository does not contain KB for this specific autodetected Delphi version - kb2012.bin
So my assumption was some incompatible (broken) KB was used
Now, when you said a Delphi sample - what specific binary do you mean? where could I get it.
No I was not referring to that file. I was referring to a malware written in Delphi. BTW I have removed the folder with the files, downloaded the repo again and tried one more time. Now it works fine, so probably there were some issues with old KB files. For the time being I would consider this issue as solved. Should have more issues I will write a new comment or open a new one. Thanks for your time...
Great news! Thanks for clarification. Feel free to report as many issues as you could find (and more :) )
lets wait for final feedback from @samdisk11 as well
Спасибо, что разобрался. Кстати, вопрос, как лучше хранить на гите базы знаний, я попробовал скопировать туда несколько, но система стала намекать на другие способы хранения больших бинарных файлов. Не просветишь?
пт, 4 янв. 2019 г. в 16:25, Alex [email protected]:
Great news! Thanks for clarification. Feel free to report as many issues as you could find (and more :) )
lets wait for final feedback from @samdisk11 https://github.com/samdisk11 as well
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/crypto2011/IDR/issues/42#issuecomment-451442755, or mute the thread https://github.com/notifications/unsubscribe-auth/AQeMse3uBf39vGzU9WvWQuZgLv2kULbpks5u_1ZIgaJpZM4ZUkDH .
-- Best regards, crypto
@crypto2011
Вижу пару вариантов с базами знаний KB
- хранить их только в одном месте, например тут - https://github.com/crypto2011/KBBUILDER
- дописать в readme.md репозитария IDR где их искать хорошо б хранить еталонный набор для всех версий Дельфи вместе с MD5 (sha)
-
хранить их в репозитарии IDR - но в сжатом виде, надо глянуть кто хорошо ужмет их 7зип, рар или др Ведь KB - редкоменяемая информация, а места занимает много, раз стянул и дальше пользуешся локальной копией
-
не хранить нигде, но написать как сделать самому
- будет економия места
- будет надо напрячся чтоб сделать БД и не факт что у всех будут нужные версий Дельфи..
пока такие идеи
sorry i was away from github as i was locked out of my account. now that im back i can help you solve this issue. i used these KB's to try to decompile/read the code. IDR-master.zip
these small syskb*.bin are OK but what is more important - kb2012.bin could you calc md5 and compare to what I posted before?
- did you get that .bin from authoritative source?
I don't know Russian so here I'm using GTranslate. Are you speaking about how to store the KB files? What is the problem with uploading here on Github?
something like that author told that git does not like huge big binary files inside source repository and I was saying a couple of ideas how to handle this kind of issue :)
you ideas are welcomed as well :)
are you both using windows 10 64 bit? i am using that as my OS
Mine is W7 x64 I'll try to validate over W10x64 as well
@samdisk11 I'm not able to reproduce your issue @W10x64
asking old questions - where did you get the main KB file for your Delphi version (kb2012.bin) please provide either this file or md5 out of it
I'm using W7 x64 as well. For the KB files, perhaps Dropbox, Google Drive or any other cloud should be fine. You can keep updated into the cloud the KB files and putting a link to the IDR README.md file so that who wants, could download from there them...
I do not have my PC with me right now so please give me some time I'll get the files
I have succesfully decompiled file MpFix_UnpackedUPX.zip (IDR determined XE2)
it seems im missing kb2012. even redownloading does not have it
@samdisk11 any updates on your case?
I meet this issue when I 'm analyzing BCompare4.3.3-24545 X32 in Win10 X64. Someone can have a try ? I get the bin file from this repo .
Im having same issue. See image. Please help. IDR has determined kb7
EDIT : I solved it by changing the version of the KB. I kept trying all until KB3 worked
Autodetection Delphi version is magic, so error are possible
EDIT : I solved it by changing the version of the KB. I kept trying all until KB3 worked
Same problem and same solution here. Anything above Delphi 3 would cause IDR to crash with the same message. Thanks!