.Hi,
I have a simple test.exe, and three questions:
1. It takes less than 1 second for IDA to analyze test.exe, by analyze I mean all functions listed, modules found. But why it takes about 10 seconds for function analyze_area() in debug mode? Here's the code executed in debug mode:
analyze_area(0x401000, 0x40c000); // 401000==code_seg_start 40c000==code_seg_end
2. When dynamically loading .dll, any way to get the code segment of the dll? Include the segment start and segment size.
If I hook HT_DBG like this:
int idaapi dbg_callback(void*, int event_id, va_list va) {
if(event_id == dbg_library_load) {
const debug_event_t* evt = va_arg(va, const debug_event_t*);
module_info_t mod = evt->modinfo;
// how to get the code_segment_start and code_segment_size ?
....
Thanks.
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}