Results 1 to 3 of 3

Thread: Info req. about M$ACCESS MDE files reversing.

  1. #1
    Morlac.
    Guest

    Info req. about M$ACCESS MDE files reversing.

    Hi all,

    I have this app here and it was written in Access+vbasic. It was saved as a MDE app. This means that all parts are compiled and stored in the MDE database.

    Is there any tool/doc/tutorial that can help me?

    Morlac
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    mo k
    Guest
    I have gathered alot of info regarding access dbs, and writen even some little tools to convert MDBs to
    other formats, but nothing
    about MDE files.

    My only suggestion would be, to find the VB function(s) that load access dbs, they could be
    generic resource loading functions, that use a flag
    macro to indicate MDEs.

    Break at the function and trace to the point where it checks the flag.

    (Note: it has been ages since i coded for MS platform, but i know the MS mentality very well ; )

    Say if VB calls a LoadResource function (totally mythical function btw.)
    and LoadResource takes a module handle, a resource ID, and a flag for a resource type, it might look like this:

    HGLOBAL LoadSomeObsecureResource(HMODULE hModule, HRSRC hResourceID, RT_MDEFILE);

    this is a totally bogus function, RT means Resource Type : )
    and the MDE loader is 99% likely to look like this.

    Step into the resource loader, to the point where the third paremeter is compared to a
    list of items. This is a 'switch' statement in the Win32API source code,
    so it will be a series of compares and jumps, to the
    point where you are routed to a function call, this
    most likely the MDE file format loader, turn off the
    code window and trace. make sure you have your
    trace buffer to the MAXIMUM : )

    You will have the entire MDE parser in your SICE log, just keep track of the 'offset range' of your
    main function, and ignore all the random high/low offsets that you might run into,
    they are likely to be message handlers (WndProc or DefWndProc),

    you will need to retrace several times, chase function paremeters (keeping calling conventions in mind)
    to label the variables in your log accordingly.

    The most important thing is, to figure out how to
    "Read" MDE files programatiacally. Programmers invest time
    and money in their skill, you might as well.
    Figure how to do it in visual basic, and RIP the algo
    off of the library that handles MDEs.

    Right Click on the app, QuickView, and make sure
    you understand the use of every function in there, good luck ; )
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Morlac.
    Guest
    mo_k,

    Thanks for the help. I'll try it.
    The thing that causes the problem is the fact that MDE files are opened by Access. In the MDE files, there are embedded VB modules.
    This is the trouble. If I can extract the VB code out of it... then the rest is easy.
    Thanks again.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. VB Header Info
    By JoePub in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: December 25th, 2010, 20:55
  2. DoD Info
    By SiGiNT in forum Off Topic
    Replies: 5
    Last Post: May 11th, 2005, 11:23
  3. Info
    By mustpha_mond in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: November 10th, 2001, 16:45
  4. CAN YOU REVERSE THE MDE FILE FROM ACCESS 97 ) - :
    By Scottish_Newbie in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: April 13th, 2001, 09:28
  5. Info about keyfiles
    By SirLeechaLot in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: February 13th, 2001, 09:09

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •