tags:

views:

19

answers:

1
Q: 

How can I watch the complete disassembly code when open PE binary in ollydbg?

I opened cstrike.exe(for game Counter Strike) with ollydbg, but the disassembly code isn't complete,it starts at 01401000 and stops at 0140BFFF(I mean it should at least start from 00000000 to be complete, and I can't say for sure whether 0140BFFF is the exact end or just a stripped part)

01401000   . E8 05000000    CALL cstrike.0140100A
01401005   . E9 0A000000    JMP cstrike.01401014
0140100A   $ B9 90134101    MOV ECX,cstrike.01411390
...
0140BFFD     00             DB 00
0140BFFE     00             DB 00
0140BFFF     00             DB 00

How can I make OD show all the nitty-gritty details of the PE binary?

A: 

First, there is nothing at 00000000

Second, OD shows one memory region in disassembly window. Open memory window (alt+M) to see all memory regions. Or use ctrl-G to get to desired memory address.

Abyx  2010-09-22 05:17:18
What is memory **region**?
Alan  2010-09-22 06:57:04
Virtual memory is allocated by VirtualAlloc function ( http://msdn.microsoft.com/en-us/library/aa366887%28VS.85%29.aspx ). It allocates _regions_ of memory pages - some amount of memory pages following each other.
Abyx  2010-09-22 08:37:27

related questions

Why is my PE file invalid?
Modifying .rdata unicode strings from windows PE files
Windows PE - Where and how are strings stored if not in resources?
When does the PE file format IAT function addresses get set
Patching a PE executable
How to use WM2003 binary (dll) on Windows Mobile 6.1 (WM6.1) device ? (PE-loader can't accept old binaries)
Strange Value in EXE header!
Find out where PE file ends through PE header?
PE Header Requirements
Write a value into PE file
protect c++ output file(pe file) from editing using crc
How to protect PE file resources(string,image....) ?
Find Windows DLLs not compiled with SafeSEH
How to create an "empty" space in an executable at a definite address (gcc,linux)?
How can I read the headers from a WinNT portable executable file using Perl?
Native Linux app to edit Win32 PE like ResHacker
What does the /TSAWARE linker flag do to the PE executable?
Deterministic builds under Windows
Scriptable Windows Disassembler [non cygwin]
What is the MZ signature in a PE file for?
Installing .NET framework from USB drive when necessary.
Executable sections marked as "execute" AND "read"?
Converting kernel image from ELF to PE
What is the smallest possible Windows (PE) executable?
How the basic link process works for ELF and PE