Working with dynamically loaded code

[BoyC]

trafficstars

Sorry for pinging here but it's the easiest way I found to contact you.

I managed to get masm2c working on a small test app I'm looking into before I take on a larger project and managed to get the cpp code to compile and start, however in the switch in __dispatch_call the code ran onto the default branch. I suspect this happened because the audio driver is loaded during runtime from a file next to the executable that obviously wasn't analyzed with the static analysis in IDA. I tried doing a memory snapshot from a debugging session but masm2c failed on that dump.

What are the best practices for working with dynamically loaded code?

[xor2003]

Hi, I got the point. You can contact me via [email protected] or here https://discord.gg/xEG89mzR

Usually I was doing memory dump too just after driver is loaded. You need to make a working .exe from memory dump:

1. disable code which loads driver
2. identify .exe relocations (by loading twice on different memory segment, dumping and checking difference)
3. adjust .exe startup cs/ip, ss/sp You can try to use https://github.com/xor2003/dos-DumpExe tool to do it.

Not easiest way but it works. So you will load resulting .exe into IDA.

Or with https://github.com/xor2003/libdosbox you should be able to run main code translated, but driver code using libodosbox emulator and later replace the sound code with native code.

There is also alternative tool: https://github.com/OpenRakis/Spice86 It is emulator which produce C#