Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-22-2004, 01:16
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 809
Rept. Given: 47
Rept. Rcvd 391 Times in 86 Posts
Thanks Given: 23
Thanks Rcvd at 88 Times in 50 Posts
Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399
Visual Basic Program patching

Hi,
I'm managing for the first time a protected program written in VB.

h77p://www.davidco.com/productDetail.php?id=63&IDoption=21

Unfortunately IDA PRO also available in the FTP doesn't disassemble it regularly..

I haven't tried to use OllyDbg, because I wouldn't install the tool (I used a wise unpacker to extract things and IDA would be fine, doing things statically).

Anyone have any idea for this? Is there some files to add to IDA to make it working?

Any help would be appreciated.
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
  #2  
Old 04-22-2004, 01:52
sf42 sf42 is offline
Friend
 
Join Date: Feb 2003
Posts: 112
Rept. Given: 23
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 10
Thanks Rcvd at 72 Times in 28 Posts
sf42 Reputation: 26
Well, you should get Smartcheck from NuMega, it's an invaluable tool for VB debugging.

hxxp://www.compuware.com/products/devpartner/visualbasic.htm

But if you want to try going deeper, CrackZ has some information about cracking p-code.

hxxp://66.98.132.48/crackz/Vb.htm

There's also a nice discussion board about vb decompiling:

hxxp://www.vb-decompiler.com/
Reply With Quote
  #3  
Old 04-22-2004, 17:44
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 809
Rept. Given: 47
Rept. Rcvd 391 Times in 86 Posts
Thanks Given: 23
Thanks Rcvd at 88 Times in 50 Posts
Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399
Hi,
Smartcheck isn't anymore downloadable. Any1 could up on the ftp server?

Secondly, In the IDA documentation there's written that it's able to disassemble also Visual Basic progs, but the versions available here are all not able to do so. Much probably the Visual Basic *.d32, *.dll and *.w32 files (and all the others connected) are missing.

Can any1 up those files on the FTP??
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
  #4  
Old 04-22-2004, 20:27
sf42 sf42 is offline
Friend
 
Join Date: Feb 2003
Posts: 112
Rept. Given: 23
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 10
Thanks Rcvd at 72 Times in 28 Posts
sf42 Reputation: 26
Here's a ed2k link to Devpartner 7.10 iso-image:

ed2k://|file|Compuware.Devpartner.Studio.Professional.7.1.0.iso|272893952|AF8DF2449F9F9147A1AD6501EC774E91|/
Reply With Quote
  #5  
Old 04-22-2004, 21:29
Sarge
 
Posts: n/a
IDA and PCODE

There's an IDA plugin available that "disassembles" the PCode opcodes, but I don't know how comprehensive it is. If you like, I can dig through my notes and try to find the URL

Sarge
Reply With Quote
  #6  
Old 04-23-2004, 03:13
gabri3l's Avatar
gabri3l gabri3l is offline
Parity Error 0x0FF2131D
 
Join Date: Aug 2003
Location: Eastern Shore
Posts: 118
Rept. Given: 0
Rept. Rcvd 4 Times in 1 Post
Thanks Given: 8
Thanks Rcvd at 20 Times in 10 Posts
gabri3l Reputation: 4
For smartcheck go to hxxp://www.ctools.net/index.php?page=tools
Reply With Quote
  #7  
Old 04-23-2004, 03:56
sirius sirius is offline
Friend
 
Join Date: Jan 2002
Posts: 56
Rept. Given: 14
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 12
Thanks Rcvd at 2 Times in 2 Posts
sirius Reputation: 2
an old one, but very useful

http://66.98.132.48/fravia/project8.htm

good luck
Reply With Quote
  #8  
Old 04-23-2004, 04:42
N0P's Avatar
N0P N0P is offline
Friend
 
Join Date: Aug 2003
Location: Brno[CzechRepublic]
Posts: 82
Rept. Given: 19
Rept. Rcvd 10 Times in 9 Posts
Thanks Given: 4
Thanks Rcvd at 20 Times in 13 Posts
N0P Reputation: 10
Quote:
Originally Posted by Shub-Nigurrath
Hi,
Smartcheck isn't anymore downloadable. Any1 could up on the ftp server?

Secondly, In the IDA documentation there's written that it's able to disassemble also Visual Basic progs, but the versions available here are all not able to do so. Much probably the Visual Basic *.d32, *.dll and *.w32 files (and all the others connected) are missing.

Can any1 up those files on the FTP??
IDA is not primary used fo full VB dissasemblig because there is many differencis in VB code try look at IDA forum > there Ilfak G. talk about it

P.s> sorru for my baad english ...

Last edited by N0P; 04-23-2004 at 04:44.
Reply With Quote
  #9  
Old 04-23-2004, 15:50
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 809
Rept. Given: 47
Rept. Rcvd 391 Times in 86 Posts
Thanks Given: 23
Thanks Rcvd at 88 Times in 50 Posts
Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399
Sorry for being so lazy, but can you tell me an URL to that thing directly.
I never used the IDA forum, hence I also do not know where's it.
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
  #10  
Old 04-23-2004, 21:12
sf42 sf42 is offline
Friend
 
Join Date: Feb 2003
Posts: 112
Rept. Given: 23
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 10
Thanks Rcvd at 72 Times in 28 Posts
sf42 Reputation: 26
hxzp://www.datarescue.com/ubb/ultimatebb.php
Reply With Quote
  #11  
Old 04-23-2004, 21:23
sf42 sf42 is offline
Friend
 
Join Date: Feb 2003
Posts: 112
Rept. Given: 23
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 10
Thanks Rcvd at 72 Times in 28 Posts
sf42 Reputation: 26
Here's link that should contain a script for IDA which can parse Visual Basic. Unfortunately the download link gives an 404 error... I guess I'm going to mail the author as the script itself is pretty recent, 10/03/2004.

hxxp://mysite.mweb.co.za/residents/zasax99/vb6.htm
Reply With Quote
  #12  
Old 04-23-2004, 22:27
c1p8
 
Posts: n/a
With Emule you can download the 6.2 RC2 version

ed2k://|file|NUMega_SmartCheck_6.2rc2.exe|21837178|7814B942B52BB508D67F171AE5D4DC40|/
Reply With Quote
  #13  
Old 04-24-2004, 00:32
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 809
Rept. Given: 47
Rept. Rcvd 391 Times in 86 Posts
Thanks Given: 23
Thanks Rcvd at 88 Times in 50 Posts
Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399
Unfortunately there are two drawbacks

1. from where I'm P2P is firewalled
2. installing devpartner for a small program would copromise the system (once uninstalled) for nothing !

IDA is great because has no installation, just an xcopy in the java phylosophy.

It seems to disassemble partially correctly, but all the resources as fucked up (gray color) and also I think some of the code that creates dialogs and so on..much probably the only part that IDA dissassembles is some C++ code inside a VB program..duh!?

Also Olly has the same problems (again the same non-setup wonderful feature)....
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
  #14  
Old 04-24-2004, 03:20
sf42 sf42 is offline
Friend
 
Join Date: Feb 2003
Posts: 112
Rept. Given: 23
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 10
Thanks Rcvd at 72 Times in 28 Posts
sf42 Reputation: 26
I found the VB6 script for IDA from wasm.ru:

hxxp://www.wasm.ru/tools/20/vb6.zip
Reply With Quote
  #15  
Old 04-24-2004, 14:23
WobblyBottom
 
Posts: n/a
There used to be a group on Yahoo called 'ActxLic' or something like that (witout the quotes). Have a dig around it may still be there. From what I remember it was excellent.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
help with visual basic and API Warren General Discussion 5 08-26-2005 13:48
[HELP] Visual Basic dll protection Maltese General Discussion 12 08-13-2005 19:05


All times are GMT +8. The time now is 10:49.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )