Hi all,
somewhere back (havn't checked when, yet), some change in WINE made IDA (The Interactive Disassembler) stop working. I am talking about the bought version, have not checked the free one.
Initial analysis (using IDA) suggest some heavy anti-disassembler techniques were used in this executable. One thing that is immediatly visible, however, is that the base address (as well as the address IDA is loading under windows) is different than the on in WINE.
Wine: Execution starts at 0x006fb000 Windows, as well as static base address: Execution starts at 0x00599000
I believe this may be a hint, together with the fact it is employing some wierd arithmetics on the PC to stop static analysis using tools such as IDA ;-).
Before I go through the tiring process of CVSing back and finding the patch that killed it, anyone happens to know who's using 00599000 and causing the conflict? Is there any simple way to check this?
Shachar