Visual Basic Programs (msbloat.dll)

Programs written in Visual Basic sadly proliferate the web, you'll easily identify them when reverse engineering or disassembling by the use of the run-time dll, vbrun300.dll for VB3, vb40032.dll for VB4 & msvbvm50.dll for VB5 (msvbvm60.dll - VB6 is now also available although I've yet to see anything substantial protected by it).

Visual Basic executables are essentially just scripts which make calls into the functions exported by the dll, this is actually a really convenient way to develop good looking GUI applications without the hassles of a lot of coding. When you reverse these targets ensure that you have modified your winice.dat to include the relevant dll exports, its only really worth doing with VB5, VB3 can be decompiled to its 'tokens' quite effectively. Learn also how to customise another brilliant tool from NuMega, SmartCheck produces a "commented movie" (Fravia's words) of all operations, beware though of p-code compiled programs.

It is also useful to be aware of the various dll compare routines which compare 2 wide character strings, turning on the floating point window in older versions of SoftICE with "wf -d f" is recommended (newer versions require just wf), unless you use IceDump v5.0 there is no way to modify the FPU registers.

Common SoftICE BPX's

String Manipulations

MultiByteToWideChar, rtcR8ValFromBstr, WideCharToMultiByte, __vbaStrCmp, __vbaStrComp, __vbaStrCopy, __vbaStrMove, __vbaVarTstNe (note 2 underscores).

Nag Boxes

rtcBeep, rtcGetPresentDate (time API), rtcMsgBox.

Patching W32Dasm v8.93

Until recently most of us were reversing Visual Basic programs using SmartCheck/SoftICE or a HEX editor. To a limited extent disassembling VB programs has always been possible with IDA or W32Dasm, yet the latter would never locate the String Data References, until now. Be sure to patch your copy of W32Dasm v8.93 at offsets 0x16B6C-0x16B6D to 98 F4.

Teacher Logo

Tutorials

A VB5 trick for serial numbers - The VB5 dll compare code.
Bubba's Decompiled Forms for CT Software - Elementary VB decompiling and ASCII converting.
Cache Master 95 v1.06 - A VB4 reversing trick.
ChromaPIX v1.0fc1 - String reference locating and key generating, includes ASM Key Generator.
Dutoon (by Duran) - Patching a Visual Basic 5 program in 2 ways (assisted by Typh).
E-Z Credit '98 - __vbaVarTstNe (another useful VB breakpoint).
EyeCU v1.1 - Timer limits and nag box cracking by SHeeP140.
Little Drummer Boy - Understanding a decompiled VB programs scheme by Bomber Monkey.
Mouse & Key Recorder v2.5.2 - Filling in the gaps left by SmartCheck with ASM Key Generator.
MusicMatch Jukebox v2.03 - More VB5 functions, now includes C++ Key Generator.
MusicMatch JukeBox v2.51 - An old friend revisited, better manipulations but still too easy.
News Poster Pro v5.3.4 - Systematic VB5 reversing with C Key Generator.
News Poster Pro v5.3.4 (by Prophecy) - stack techniques (applicable to all 32-bit VB programs).
Split32 v1.1 - A concept tutorial by PaRKeR, using SmartCheck to reverse VB5 programs.
The World v Transcender Corp - Simple serial # catching by AlpHaz.
widYa-cL's Guide to VB5 serial catching - (Pretty Good Solitaire 98 & Pam v1.13).
Wave Events v2.0 - Learn about the FPU and protections making use of it.
WinArj98 - VB4 code watching (by BigMoM) with Win32 ASM Key Generator.
Win Sensual Jack - Tracking VB4 string copying/manipulating to an inevitable compare.

Useful VB String Functions

Val() - Convert string to number.
Str$() - Convert number to string.
Left$() - Substring from left end e.g. Left$(Theodolite, 4) = "Theo".
Right$() - Substring from right end.
Ltrim$() - Trim spaces off left e.g. Ltrim$ (" Hello ") = "Hello ".
Rtrim$() - Trim spaces off right.
Trim$() - Trim spaces off both ends.
Asc() - Convert char. to ANSI code e.g. Asc("A") = 65.
Chr$() - Convert ANSI code to char. e.g. Chr$(65) = "A".


This is the VB (Very Basic) tutorials section, you can find a quick way back to
other protections with this link, else learn how to program in a real language.

About, Disclaimer, Dongles, FAQ, Getting Started, Key Generators, Links, Main Index,
Miscellaneous/Papers, New Reversers, Time Trials, Tools, Whats New.


© 1999 CrackZ. 6th October 1999.
llowing steps to reverse the