Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 11-29-2010, 05:48 AM
visions_of_eden visions_of_eden is offline
Member
 
Join Date: Nov 2010
Posts: 13
Default DOS/4G Reversing

Hi,
i'm trying to reverse a dos based bios flasher who runs with DOS/4W extender .

I analyzed the file, it has a stardard exe dos header , then after the end of the exe image there's what i think it's the real program .
The section listed in exe header is only the DOS 4G loader , who sets protected mode , loads the real program and then switch to pm and trasfer control to the real code (the flasher code) .
The problem is that i don't know how to debug / reverse it .
If i load it in IDA it only recognize the standard image , but don't load the whole file .
If i strip the additional bytes after the regular image end, and try to execute i get and error message saying "Not a DOS /16M executable" , so i think i'm right about first section of exe being just the DOS 4G loader .
Could you point me to some tools or tutorials on how to reverse such kind of application ?
Does DOS4G applications have a signature to identify the section where the real program that is executed in PM is ?

Thanks .
Nico.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.