 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
||||||||||
|
||||||||||||||
|
||||||||||||||
|
#1
11-29-2010, 05:48 AM
|
|||
|
|||
DOS/4G Reversing
Hi,
i'm trying to reverse a dos based bios flasher who runs with DOS/4W extender . I analyzed the file, it has a stardard exe dos header , then after the end of the exe image there's what i think it's the real program . The section listed in exe header is only the DOS 4G loader , who sets protected mode , loads the real program and then switch to pm and trasfer control to the real code (the flasher code) . The problem is that i don't know how to debug / reverse it . If i load it in IDA it only recognize the standard image , but don't load the whole file . If i strip the additional bytes after the regular image end, and try to execute i get and error message saying "Not a DOS /16M executable" , so i think i'm right about first section of exe being just the DOS 4G loader . Could you point me to some tools or tutorials on how to reverse such kind of application ? Does DOS4G applications have a signature to identify the section where the real program that is executed in PM is ? Thanks . Nico. 
|
Linear Mode
