#1
|
||||
|
||||
Visual Basic Program patching
Hi,
I'm managing for the first time a protected program written in VB. h77p://www.davidco.com/productDetail.php?id=63&IDoption=21 Unfortunately IDA PRO also available in the FTP doesn't disassemble it regularly.. I haven't tried to use OllyDbg, because I wouldn't install the tool (I used a wise unpacker to extract things and IDA would be fine, doing things statically). Anyone have any idea for this? Is there some files to add to IDA to make it working? Any help would be appreciated.
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com |
#2
|
|||
|
|||
Well, you should get Smartcheck from NuMega, it's an invaluable tool for VB debugging.
hxxp://www.compuware.com/products/devpartner/visualbasic.htm But if you want to try going deeper, CrackZ has some information about cracking p-code. hxxp://66.98.132.48/crackz/Vb.htm There's also a nice discussion board about vb decompiling: hxxp://www.vb-decompiler.com/ |
#3
|
||||
|
||||
Hi,
Smartcheck isn't anymore downloadable. Any1 could up on the ftp server? Secondly, In the IDA documentation there's written that it's able to disassemble also Visual Basic progs, but the versions available here are all not able to do so. Much probably the Visual Basic *.d32, *.dll and *.w32 files (and all the others connected) are missing. Can any1 up those files on the FTP??
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com |
#4
|
|||
|
|||
Here's a ed2k link to Devpartner 7.10 iso-image:
ed2k://|file|Compuware.Devpartner.Studio.Professional.7.1.0.iso|272893952|AF8DF2449F9F9147A1AD6501EC774E91|/ |
#5
|
|||
|
|||
IDA and PCODE
There's an IDA plugin available that "disassembles" the PCode opcodes, but I don't know how comprehensive it is. If you like, I can dig through my notes and try to find the URL
Sarge |
#6
|
||||
|
||||
For smartcheck go to hxxp://www.ctools.net/index.php?page=tools
|
#7
|
|||
|
|||
an old one, but very useful
http://66.98.132.48/fravia/project8.htm good luck |
#8
|
||||
|
||||
Quote:
P.s> sorru for my baad english ... Last edited by N0P; 04-23-2004 at 04:44. |
#9
|
||||
|
||||
Sorry for being so lazy, but can you tell me an URL to that thing directly.
I never used the IDA forum, hence I also do not know where's it.
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com |
#10
|
|||
|
|||
hxzp://www.datarescue.com/ubb/ultimatebb.php
|
#11
|
|||
|
|||
Here's link that should contain a script for IDA which can parse Visual Basic. Unfortunately the download link gives an 404 error... I guess I'm going to mail the author as the script itself is pretty recent, 10/03/2004.
hxxp://mysite.mweb.co.za/residents/zasax99/vb6.htm |
#12
|
|||
|
|||
With Emule you can download the 6.2 RC2 version
ed2k://|file|NUMega_SmartCheck_6.2rc2.exe|21837178|7814B942B52BB508D67F171AE5D4DC40|/ |
#13
|
||||
|
||||
Unfortunately there are two drawbacks
1. from where I'm P2P is firewalled 2. installing devpartner for a small program would copromise the system (once uninstalled) for nothing ! IDA is great because has no installation, just an xcopy in the java phylosophy. It seems to disassemble partially correctly, but all the resources as fucked up (gray color) and also I think some of the code that creates dialogs and so on..much probably the only part that IDA dissassembles is some C++ code inside a VB program..duh!? Also Olly has the same problems (again the same non-setup wonderful feature)....
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com |
#14
|
|||
|
|||
I found the VB6 script for IDA from wasm.ru:
hxxp://www.wasm.ru/tools/20/vb6.zip |
#15
|
|||
|
|||
There used to be a group on Yahoo called 'ActxLic' or something like that (witout the quotes). Have a dig around it may still be there. From what I remember it was excellent.
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Visual basic decompiler | Zeocrack | General Discussion | 3 | 11-24-2022 04:38 |
help with visual basic and API | Warren | General Discussion | 5 | 08-26-2005 13:48 |
[HELP] Visual Basic dll protection | Maltese | General Discussion | 12 | 08-13-2005 19:05 |