Closed rainkin1993 closed 5 years ago
Win7 sp1 IDA 32 bit 7.0 binca v1.0.1 target file: pe file.zip (Note that this is a malware sample, do not run it! The decompress password is pe file)
pe file
Output from IDA GUI console: ida log.txt
Bincat Log: bincat log.zip
When bincat analyze a instruction which call socket, a function from Windows DLL wsock32.dll. The error will occur. The error is INFO:bincat.plugin:Exceptions.Error("No mapped section at vaddr=0xffffffff")
INFO:bincat.plugin:Exceptions.Error("No mapped section at vaddr=0xffffffff")
Help!
this problem is not related to socket but to the detection of external calls of kind jmp dword ptr. We added this detection to the commit ff5c882
corresponding release for windows is coming
environment
Win7 sp1 IDA 32 bit 7.0 binca v1.0.1 target file: pe file.zip (Note that this is a malware sample, do not run it! The decompress password is
pe file
)Log
Output from IDA GUI console: ida log.txt
Bincat Log: bincat log.zip
problem
When bincat analyze a instruction which call socket, a function from Windows DLL wsock32.dll. The error will occur. The error is
INFO:bincat.plugin:Exceptions.Error("No mapped section at vaddr=0xffffffff")