Goal: Advance IDA Pro understanding
Step: Load file using as Portable Executable for 80386 (metapc) reveals multiple errors and “Warning” tab informing about possible obfuscation routines.
The following flags are checked out as well:
The subroutine reveals the unresolvable jmp call to nowhere, as marked in red.
Source: Intro to Intel x86, OpenSecurityTraining
1 - Fix C++/ Linker Setup Properties
* Program Database (/Zi)
* Disable Security Check
* __cdecl (/Gd) or __stdcall (/Gz)
* Linker/Enable Incremental Linking (No)
2 - Breakpoint on Main -> Go to Disassembly
3 - Windows/Memory -> Address on ESP (hexadecimal display and 4-byte integers)
4 - Windows/Registers