|
|
#16
09-07-2003, 01:51
|
|||
|
|||
|
EXEDEC gives you the Pcode, you have to decode it yourself.
The WKT debugger will actually let you trace step by step through the PCode with all the register, memory, breakpoint, etc operations (as a debugger should). RACE will display the PCode and the opcode translations, GUI info, extract any graphic images, list the libraries, etc. There are others as well... If your desire is to "decode" some math steps that, perhaps, are the result of manipulation of a serial number, then I recommend WKT. If the math you want to do is to determine how source code data (specifically numeric data), is compiled into the exe, then RACE might be a better choice...only because it gives you the file offsets where the data is stored. Good luck Sarge 
|
|
#17
09-07-2003, 20:18
|
|||
|
|||
|
stavol: The VB IDE is the Micro$oft Visual BASIC Programming Environment. If you have VB, you have the IDE.
|
|
#18
09-09-2003, 00:24
|
|||
|
|||
Quote:
 so is vbReformer, and many others all have their merits. I find PEexplorer to be somewhat handy also.... I have a few VB6 programs that were compiled to native code, and a few compiled to P-code, however they are also not reconized as Visual Basic programs ... I think due to the headders and such being stripped .... I can say that these programs that I've been investigating have not been protected with any third party protection schemes, and I have had some luck by using HexWorkshop to re-build information so they can be reconized by programs such as RACE and VBReformer, but it has been very slow going for me I know these programs will never be de-compiled to exact source, but I have been able to modify code within them to suit my needs just fine, and by tracing the subroutines, has given me an insight to be able to write my own code to replace what I cannot get source for SmartCheck is fantastic ...
|
|
#19
09-09-2003, 04:27
|
|||
|
|||
|
Good for you. I give you "high marks" for your efforts.
As an FYI, RACE is very strict in its determination of what is and what is not a VB exe. That's why it won't work on VB5 or VBA. You are correct in your discovery that some progs have the entry point moved, and a fake entry point with a jump to the real entry point instead. Obviously, this works since the program runs, but since it is not strictly the VB6 protocol, RACE will choke. However, I am always willing to help. If you really get stuck with the "moving" functions, just send me the exe and I'll manually force RACE to work around it, then send you back the output. Sarge
|
|
#20
09-09-2003, 06:08
|
|||
|
|||
Thanx Sarge
the version of RACE I have is 6_2_7 from like 2-1-2003, you posted it at a decompiler forum that I have seen your posts in many times, BTW very informative posts I might add, you for sure are a credit to this forum. and yes I really do like the way RACE displays offsets, I will say the offset addresses are not always exact, but they are so close that if you open your eyes when you look at that displayed offset you cannot miss the real addy now this probally isn't a problem with your RACE it is just due to the specfic VB6 apps that I'm investigating. Thanx again for your reply
|
|
#21
09-09-2003, 21:16
|
|||
|
|||
|
Thanks
2 FYI's: 1. Race is up to 3.1 2. The offsets are related to the data, not the commands or opcodes that USE the data. But, as you say, it's easy to find. Sarge
|
|
#22
09-10-2003, 21:09
|
|||
|
|||
|
where?
where i can get the race 3.1?
|
|
#23
09-10-2003, 21:17
|
|||
|
|||
|
Right now, I have to email it to you (RACE does not yet have a "home" on the web), so I'll need your address. As an FYI, the program is too big for my hotmail account, so I have split it and send it in two separate emails. I'll give you more details when I send it.
You can send me your email address at: [email protected] Sarge
|
|
#24
09-10-2003, 21:42
|
|||
|
|||
|
Ahh that explains why 2 days searching with Copernic and Google haven't turned up any good info on 3.1
lolI also notice that decompiler.com is down and so is vb-decompiler.com .... phpBB : Critical Error Error creating new session : session_begin <--- those were the errors I rceived from one of the sites  it's a shame 'cause there was a wealth of information at those sites Sarge would you mind if I e-mail you for 3.1 ?? I hate to see you get flooded with "I want requests" so I won't unless I have permission ... Thanx again
|
|
#25
09-11-2003, 00:44
|
|||
|
|||
|
Go for it!
I, too, am very sorry about those sites. Decompiler.com is, I am fairly sure, permanently dead. It appears that someone didn't pay the bill. Decompiler/automaters IS alive, it's just not conscious right now; don't know why. Hopefully, it won't also die. Sarge PS. It doesn't show in the text of the link, but there is an underscore character just before the "g".
|
|
#26
09-11-2003, 06:13
|
|||
|
|||
|
Thanx Sarge
 well, I was just messing with another exe that was written in VB6 and after investigation it was packed after compile with UPX... I used PE Explorer with the UPX un-packer plugin to un pack the exe then saved, then tried to open with RACE 2.7 no luck but VBReformer 3.6 just walked right into it with no problems.... now I think I understand why you have 3.1 I did send ya an e-mail Sarge
|
|
#27
09-11-2003, 10:28
|
|||
|
|||
|
Thanks Sarge
aka
|
|
#28
09-11-2003, 21:50
|
|||
|
|||
|
Quote:
I tried open my VB6 app with 3.1 and when I tried to extract I get this error ----> Error #206. Not proper VB interpreter. this is same as I get with earlier version of RACE, so this is telling me I need to do some more work on the un-packed exe file that I am trying to investigate .... since VBReformer will extract what I have done so far, that must mean that I am close ... I'm sure it is something I'm overlooking.. I know you said that RACE is very strict in its determination of what is and what is not a VB exe. and I can sure respect that Thanx again for your wonderful program 
|
|
#29
09-11-2003, 22:52
|
|||
|
|||
|
General comments:
1. The response has been overpowering. I've fullfilled about half the requests so far. 2. lonewolf55: If you need more details, I'll be happy to help you find whats missing/wrong, to make RACE "happy". However, you can find out for yourself at the Vb decompiler web site by looking at the VB exe format 3. I didn't intend for this thread to be taken over by RACE, I was just trying to help Ecmhacker. I'd like to stay below the moderators radar, so please continue to make requests via my email, rather than here. 4. Any and all comments are welcome, good, bad, or indifferent. sarge
|
|
#30
09-11-2003, 23:53
|
|||
|
|||
hello
Sarge / someone Please post detail step by step how to decompiler vb program.Coz all of we here not an advanced.
Regards,
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
