#1
|
|||
|
|||
Scene Behind VbaStrCmp v2.1
Hello Masters,
I am a newbie on RCE world, i would to know how the VbaStrCmp tool can attach to the victim programs? Can anyone explain to me how did VbaStrCmp tool works on behind, and also what it changed to the MSVBVM60.DLL? regards Ontryit |
#2
|
|||
|
|||
vbaStrCmp is like strcmp, both are internal runtime functions which compare strings, i guess VbaStrCmp tool just hooking that function inside msvbvm60.dll
|
The Following User Gave Reputation+1 to Av0id For This Useful Post: | ||
ontryit (02-26-2013) |
#3
|
|||
|
|||
It uses a patched version of msvbvm60.dll -IIRC the entry point has some custom code to set hooks etc. As every VB6 app uses the dll, every app gets hooked.
|
The Following User Gave Reputation+1 to Loki For This Useful Post: | ||
ontryit (02-26-2013) |
#4
|
|||
|
|||
A few times I have had success in finding the serial number strings for VB6 app, it works fine, but not always, to VB6 I think that the Ollydebug and some decompiler as like P32dasm or VB decompiler(any version), are the way to create a keygen or patch. If you want to find out how the patched version of Msvbvm60.dll works, use any tool to compare two .exe files, in this case I used the UltraCompare.
|
The Following User Gave Reputation+1 to wilson bibe For This Useful Post: | ||
ontryit (02-26-2013) |
#5
|
||||
|
||||
most VB apps in this case controls the path of the loaded module, if it's not a system path just refuse to load. Better could be to dynamically inject to avoid such controls.
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com |
Tags |
vbastrcmp, visual basic |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Giraffe Leaving Scene (CastHacker) | atom0s | General Discussion | 2 | 01-12-2019 01:30 |
History of the Chinese Cracking Scene | Abaddon | General Discussion | 4 | 10-18-2017 15:30 |
Want join scene group | DMichael | General Discussion | 11 | 11-09-2014 20:27 |
Exetools and exe-scene | SkY[vN] | General Discussion | 30 | 03-10-2010 09:25 |