Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-25-2013, 17:48
ontryit ontryit is offline
Friend
 
Join Date: Nov 2011
Posts: 172
Rept. Given: 127
Rept. Rcvd 17 Times in 14 Posts
Thanks Given: 411
Thanks Rcvd at 70 Times in 43 Posts
ontryit Reputation: 17
Question Scene Behind VbaStrCmp v2.1

Hello Masters,
I am a newbie on RCE world, i would to know how the VbaStrCmp tool can attach to the victim programs? Can anyone explain to me how did VbaStrCmp tool works on behind, and also what it changed to the MSVBVM60.DLL?

regards
Ontryit
Reply With Quote
  #2  
Old 02-25-2013, 21:35
Av0id Av0id is offline
VIP
 
Join Date: Jan 2006
Posts: 399
Rept. Given: 112
Rept. Rcvd 111 Times in 69 Posts
Thanks Given: 0
Thanks Rcvd at 15 Times in 15 Posts
Av0id Reputation: 100-199 Av0id Reputation: 100-199
vbaStrCmp is like strcmp, both are internal runtime functions which compare strings, i guess VbaStrCmp tool just hooking that function inside msvbvm60.dll
Reply With Quote
The Following User Gave Reputation+1 to Av0id For This Useful Post:
ontryit (02-26-2013)
  #3  
Old 02-25-2013, 23:30
Loki Loki is offline
Lo*eXeTools*rd
 
Join Date: Jan 2009
Posts: 122
Rept. Given: 156
Rept. Rcvd 65 Times in 30 Posts
Thanks Given: 58
Thanks Rcvd at 18 Times in 13 Posts
Loki Reputation: 65
It uses a patched version of msvbvm60.dll -IIRC the entry point has some custom code to set hooks etc. As every VB6 app uses the dll, every app gets hooked.
Reply With Quote
The Following User Gave Reputation+1 to Loki For This Useful Post:
ontryit (02-26-2013)
  #4  
Old 02-26-2013, 01:36
wilson bibe wilson bibe is offline
VIP
 
Join Date: Nov 2012
Posts: 492
Rept. Given: 489
Rept. Rcvd 439 Times in 180 Posts
Thanks Given: 853
Thanks Rcvd at 176 Times in 112 Posts
wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499
A few times I have had success in finding the serial number strings for VB6 app, it works fine, but not always, to VB6 I think that the Ollydebug and some decompiler as like P32dasm or VB decompiler(any version), are the way to create a keygen or patch. If you want to find out how the patched version of Msvbvm60.dll works, use any tool to compare two .exe files, in this case I used the UltraCompare.
Reply With Quote
The Following User Gave Reputation+1 to wilson bibe For This Useful Post:
ontryit (02-26-2013)
  #5  
Old 02-26-2013, 17:22
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 919
Rept. Given: 60
Rept. Rcvd 419 Times in 94 Posts
Thanks Given: 68
Thanks Rcvd at 328 Times in 100 Posts
Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499
most VB apps in this case controls the path of the loaded module, if it's not a system path just refuse to load. Better could be to dynamically inject to avoid such controls.
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
Reply

Tags
vbastrcmp, visual basic

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Giraffe Leaving Scene (CastHacker) atom0s General Discussion 2 01-12-2019 01:30
History of the Chinese Cracking Scene Abaddon General Discussion 4 10-18-2017 15:30
Want join scene group DMichael General Discussion 11 11-09-2014 20:27
Exetools and exe-scene SkY[vN] General Discussion 30 03-10-2010 09:25


All times are GMT +8. The time now is 18:30.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )