PDA

View Full Version : Info req. about M$ACCESS MDE files reversing.


Morlac.
August 12th, 2001, 02:31
Hi all,

I have this app here and it was written in Access+vbasic. It was saved as a MDE app. This means that all parts are compiled and stored in the MDE database.

Is there any tool/doc/tutorial that can help me?

Morlac

mo k
August 12th, 2001, 15:05
I have gathered alot of info regarding access dbs, and writen even some little tools to convert MDBs to
other formats, but nothing
about MDE files.

My only suggestion would be, to find the VB function(s) that load access dbs, they could be
generic resource loading functions, that use a flag
macro to indicate MDEs.

Break at the function and trace to the point where it checks the flag.

(Note: it has been ages since i coded for MS platform, but i know the MS mentality very well ; )

Say if VB calls a LoadResource function (totally mythical function btw.)
and LoadResource takes a module handle, a resource ID, and a flag for a resource type, it might look like this:

HGLOBAL LoadSomeObsecureResource(HMODULE hModule, HRSRC hResourceID, RT_MDEFILE);

this is a totally bogus function, RT means Resource Type : )
and the MDE loader is 99% likely to look like this.

Step into the resource loader, to the point where the third paremeter is compared to a
list of items. This is a 'switch' statement in the Win32API source code,
so it will be a series of compares and jumps, to the
point where you are routed to a function call, this
most likely the MDE file format loader, turn off the
code window and trace. make sure you have your
trace buffer to the MAXIMUM : )

You will have the entire MDE parser in your SICE log, just keep track of the 'offset range' of your
main function, and ignore all the random high/low offsets that you might run into,
they are likely to be message handlers (WndProc or DefWndProc),

you will need to retrace several times, chase function paremeters (keeping calling conventions in mind)
to label the variables in your log accordingly.

The most important thing is, to figure out how to
"Read" MDE files programatiacally. Programmers invest time
and money in their skill, you might as well.
Figure how to do it in visual basic, and RIP the algo
off of the library that handles MDEs.

Right Click on the app, QuickView, and make sure
you understand the use of every function in there, good luck ; )

Morlac.
August 13th, 2001, 02:28
mo_k,

Thanks for the help. I'll try it.
The thing that causes the problem is the fact that MDE files are opened by Access. In the MDE files, there are embedded VB modules.
This is the trouble. If I can extract the VB code out of it... then the rest is easy.
Thanks again.