PDA

View Full Version : VB3 Pcode *grumble* *swear*)


NchantA
July 8th, 2001, 03:43
Good afternoon all. i have a program written in Visual Basic 3, compiled in PCode. i wasn't aware that there was such a thing until i tried to reverse the program but there is i am *quite* sure on this.

the program is protected by a dongle, a messagebox pops up on startup telling me the dongle is not there. the dongle is a 'Microguard' made by 'Infosystems'. i havent heard of either. mg32.dll mg16.dll and mg32.vxd seem to be the backbone of the dongle routines, however it is my ahhh 'zen' thoughts that tell me that the program will be one of those :

if (DonglePresent) then ProgramIsRegistered;

on startup hehe anyway, i desperatly need help understanding the vb3 pcode. the main .exe is 1.1mb and exdec nor the wonderful new WK debugger will even think about decompiling it. i have tried numerous things and have come up with nothing

any help will be appreciated

nC [PGC] [EVC]

MyName
July 10th, 2001, 18:45
Dodi VB3 decompiler name is vbdis3*.* Solve all problem.

qferret
July 10th, 2001, 21:01
Does dodi's decompiler work on pcode? *shrug*

I know had a rather complicated VB4 pcoded app awhile back.....finally gave up on the damn thing LOL

Hats off to JoCo for helping eliminate the problem for VB's 5 & 6 ; - )

NchantA
July 10th, 2001, 21:23
as i said above i have already tried DoDi's decompilers

they both crash. would u like a screenshot? :P as it is, i have only ever had one program that ever worked with DoDi's shitty decompiler. and it was gey anyway.

bar
July 10th, 2001, 22:19
i have the same problem with a 16bits
vb3 compiled in PCode +dongle
the program is protected too with a dongle
WIBU-KEY dongle from German supplier WIBU
i got this snippet with dodi's decompiler
but i c ant patch the EVIL !
-gv0BFA(181) = fn1465("M_MISC", "181", "The dongle could not be found. Please exit the software.", gv0750.M9570 + gv06E6.M9547)
-Call sub4592(1)
l0106 = Val(fn1465("GENERAL", "DongleCheckTime", "5", gv0750.M9570 + gv06E6.M92A9))
If l0106 < 0 Then l0106 = -1
If l0106 = 0 Then l0106 = 5
check for dongle every 5 minutes !
-If l0106 = mc0126 Then
Call sub055E(fn1465("GENERAL", "NoDongleCheck", "Cannot check the dongle because the port is busy", gv0750.M9570 + gv06E6.M92A9) + " (LPT" + LTrim$(Str$(m0020 + 1)) + "", mc0058, ""
the program name is astrow
from AMANO
://xxx.amano.be/TIME/astrow.html
the evil in details.

Eternal Bliss
July 11th, 2001, 07:53
nchanta,
I finally remember what that API is called... DllFunctionCall... that's for vb6... maybe vb3/4 has it too?? Tried that getprocaddress thing?

Regards
EB

MyName
July 11th, 2001, 23:04
You program protect? (yes =patch ne header). You program big (no work shareware Dodi program).

Dodi best tool planet VB3. (You use exdec VB3. No. only VB5+VB6! You moron? )

You have URL you program? Give me. I show easy patch. VB3=cracked!

NchantA
July 12th, 2001, 08:26
Moron? No need for that. I was well aware that exdec wouldnt work before i even tried, but i was getting desperate. (hi joco ;P)

are you suggesting in your rambling that DoDi's vb3 discompiler wont work because its shareware? if so then maybe you could share your elite version with me, since mine has an obvious flaw. (although i have my doubts).

the programs size is 1.1mb.

NchantA

MyName
July 12th, 2001, 11:12
1.1 MB. Too big (You look Dodi code?)

exdec on VB3! (Think miracle happen)

Need PRO program. You elite. You find.

Give me url. I fix. 5 minutes.

VB3=cracked!

cluesurf
July 12th, 2001, 12:00
Quote:
MyName (07-12-2001 09:12):
1.1 MB. Too big (You look Dodi code?)

exdec on VB3! (Think miracle happen)

Need PRO program. You elite. You find.

Give me url. I fix. 5 minutes.

VB3=cracked!


Myname,
you seem very agitated when ppl cracking dongles.

>Give me url. I fix. 5 minutes.
>VB3=cracked!

You are fuc**** arrogance.

cluesurf

MyName
July 12th, 2001, 23:15
Why dongle problem you make angry? Make laugh. Easy patch. You see.

Arrogance=know use tool?. Yes arrogance!

You ask help. Say no exdec. Say yes vbdis3*.*.
You say no work. Say PRO.
You say no. Say give URL. I fix.
You say f* arrogance. Say sorry. Help best can.

You next program notepad? Make laugh.

NchantA
July 14th, 2001, 03:46
unfortunately this program is not exactly something u can find on the internet. like most dongle protected programs, its specialized software. i will indeed look for a 'PRO' version of DoDi's although i dont think it will help that much anyway. i think i will lend the program to an expert who can actually crack this, instead of a rude, ego-inflated vb3 'king'. I doubt u actually bought your version, so i see no reason to waste my time providing a link to you, when obviously it is much easier to send me this magical version u are possessed with.

NchantA

MyName
July 14th, 2001, 10:10
Brain.

Talk. Talk. Talk. Do nothing. Still no find Dodi tool. No able search. Make laugh.
Talk. Talk. Talk. Do nothing. Don't need Dodi tool. Use softice. You no know how. Make laugh.
Talk. Talk. Talk. Look VB codes = offset softice. You know asm no need Dodi tool. Make laugh.
Talk. Talk. Talk. People here help you. You brain hear people? Only know tool.
Talk. Talk. Talk. You 3x insult Dodi. Still ask tool. You insult poor englis.
What do here?

NchantA = (Gey Scrippty Kiddie Troll) /spite on floor

NchantA
July 16th, 2001, 08:14
hahahhahaahahah

amusing as you are, you really have no F**** idea do you? PCode is *interpreted* code. which means you cant disassemble it, cant trace through the programs code as you normally would. instead you have to jump around the vb3XXXXX.dll while ir reads in bytes from the .exe as it would a data file. your a dipshit, now stop acting as if you have a clue how to crack. If you dont have any more 'helpful suggestions' please stop posting and save us all some time.

NchantA

CoDe_InSiDe
July 16th, 2001, 09:39
Hi NchantA,

Hehe

MyName: keep going with the English Talking ;D
very amusing (Make Laugh)

/me stay out of it !!!

Cya...

CoDe_InSiDe

MyName
July 16th, 2001, 10:15
NoBrainMyname.

Talk. Talk. Talk. I talk rot.
Talk. Talk. Talk. I brainless.Make laugh.
Talk. Talk. Talk. have DoDi tool.No know to use. Make laugh.
Talk. Talk. Talk. can't help you. My brain sux.
Talk. Talk. Talk. Me insult Dodi.I'm gey.I poor englis.
MyName = (Gey Scrippty Kiddie Troll) /spite on floor

Kilby!
July 18th, 2001, 11:09
Oh Bugger !

and so the sadness decends.

It's strange that a civil question can end up with this thread isn't it.

Nchanta isn't the troll, script kiddie, or the person with piss poor attitude.

The people around who can DO, tend not to boast or have ego problems, so please give it a rest.

No wonder I have a significant lack of enthusiasm again.

Kilby...

MyName
July 18th, 2001, 20:47
NchantA:

Make laugh.

>pcode=*interpreted* (You correct)
>you cant disassemble it (You no correct)
>cant trace through the programs (You no correct)

VBRUN300 = asm
VB3 program = small asm program = Load VBRUN300.
VBRUN300 load pcode module memory
VBRUN300 = execute pcode. (Yes dissassemble VBRUN300)
Watch VBRUN300 pointer move in pcode module = Set BPR on pcode module memory

You watch VBRUN300 interpreted pcode. pcode opcode = offset in VBRUN300 (Set BP on opcode. Yes!)
You understand?
Easy.

NchantA
July 19th, 2001, 05:48
which means you cant disassemble it = correct
cant trace through the programs code as you normally would = correct.

if you wish to ahh 'correct' my mistakes please be sure to include the entire context. as i said before you cannot dissassemble the vb3 pcode program, i never said you cant dissassemble the crappy .dll. and yes i was also correct in saying you cant trace through the program as you normally would. instead you have to bpm on the part of the .exe that you wish to break on. you end up in the retard vb3.dll and you have to jump around as it reads in data from the programs .exe.

as i dont have a decompiler i have no idea what to bpm on. ive tried dodi's 16bit and 32bit decompilers, both 'overflow'.

ive talked to joco and he cant help me, so ive decided to send the dongle protected programs to some people that may actually be able to help.

NchantA

Morlac.
July 19th, 2001, 08:51
Hi guys,

I tend to think of p-code as a set of instructions for the executing module. Much like microcode in CISC microprocessors.
So, I think that you can disassemble VB p-code, its just that the instructions to perform the intended operation looks a lot bigger and different than normal disassembly of x86 programmes.
You see, for me, to disassemble a programme, is to take a look at the different instructions that makes the programme work. No matter how strange these instructions will look like.


Molac.

dadolson
July 19th, 2001, 18:21
Dongles - serial port = bitch to bypass.

When Source 1st compiled, dongle data is used to set offset into data area for single or multiple fixed data elements poped during exe load. Each Dongle is serialized with specific internal data, no 2 are alike (kind of like a GUID or a Lan card address). If you loose a dongle due to failure, program mod is also sent for new dongle. Compare is run using dongle data and derived offset address to ensure dongle is still on machine. Look for dll from dongle vendor...