Ok, found the problem.
Upon loading some other application, I get the error from WINE: Standard load address for a Win32 program (0x00400000) not available - security-patched kernel ?
Trying to run IDA with a kernel without grsecurity indeed works.
Can anyone explain why the security patches block the 00400000 address from being used?
Shachar
Shachar Shemesh wrote:
Hi all,
somewhere back (havn't checked when, yet), some change in WINE made IDA (The Interactive Disassembler) stop working. I am talking about the bought version, have not checked the free one.
Initial analysis (using IDA) suggest some heavy anti-disassembler techniques were used in this executable. One thing that is immediatly visible, however, is that the base address (as well as the address IDA is loading under windows) is different than the on in WINE.
Wine: Execution starts at 0x006fb000 Windows, as well as static base address: Execution starts at 0x00599000
I believe this may be a hint, together with the fact it is employing some wierd arithmetics on the PC to stop static analysis using tools such as IDA ;-).
Before I go through the tiring process of CVSing back and finding the patch that killed it, anyone happens to know who's using 00599000 and causing the conflict? Is there any simple way to check this?
Shachar