Page 1 of 2 12 LastLast
Results 1 to 15 of 26

Thread: MASM and MSVBVM60 imports

  1. #1

    MASM and MSVBVM60 imports

    Hello all,

    I recently sniffed out a serial from a certain program. The idea is very straight forward; one call and the serial is in EAX. The serial is based on a hardware dependant code, rather than a name. Since nobody else is able to use my code, I decided to attempt a keygen.

    I skipped through the registration proc, but it is extremely obfuse and extremely long (3098 lines, not mentioning a second sub proc which is called), so I don't really feel like trying to figure out what it does.

    In the past, I once ripped a whole registration proc from a program and built another GUI around it. I figured that would be the best option in this case as well. Problem is; the program is written in VB and the regproc is full of calls to the MSVBVM60.dll. In order to make this work, I'll need to import MSVBVM60 in MASM...

    Does anybody know how I can pull this off? Or maybe where I can find premade import headers? I searched the net, but couldn't find anything.

    The best option would be to use inline ASM in VB, but since VB doesn't support that...

    Thanks,
    - Fahr

  2. #2
    Winds of Change
    Join Date
    Feb 2004
    Location
    Reality, unlike some people
    Posts
    43
    Your best bet it to use Smartcheck and try to build a VB keygen from its output, however if you are hard headed enough and determined enough, I would try looking here for some of your information.

    http://vb-decompiler.com/index.php
    Regards,
    %UNDEFINED%

    "Without change one cannot evolve."

  3. #3
    That's another problem I forgot to mention; this program was originally packed. After unpacking it, SmartCheck wont run it properly, says the code is still not very VB-ish, which can well be, since there's still loader crap and all.

    SmartCheck is not really an options here. I'll check out that vb-decompiler though.

    Thanks,
    - Fahr

  4. #4
    xixiaolou
    Guest
    You said "the serial is in EAX", so why not use keymaker and so on, they can broken at the address where your serial be in EAX?

    BTW: now we can use inline asm in vb6, just with help of some addin for vb,
    you can search "tweakvb" ar google
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Quote Originally Posted by xixiaolou
    You said "the serial is in EAX", so why not use keymaker and so on, they can broken at the address where your serial be in EAX?
    I'm really not sure what you mean with this sentance... I know where in the program the serial is in EAX when you hit the 'register' button (with a wrong or right serial in the input box), so I can sniff it using OllyDBG.
    Other people, however, don't know much or any reverse engineering. For those people I would like to build a keymaker, so they don't have to dig into OllyDBG etc.

    TweakVB looks promising, I'll certainly look into it.

    - Fahr

  6. #6
    Winds of Change
    Join Date
    Feb 2004
    Location
    Reality, unlike some people
    Posts
    43
    I think he means why don't you use inline keygening, or in other words patch the program to message box the correct serial number when you click register with your name and fake serial....etc....Essentially I think it would be less work, but then again, I have never attempted it I have only read about it
    Regards,
    %UNDEFINED%

    "Without change one cannot evolve."

  7. #7
    Oh, I've certainly considered that option. It would indeed be much less work, only a matter of minutes...

    Point is that it would still require me to spread a patched exe, rather than a small keymaker. I can't build it in a byte patch either, because the original exe is packed...

    Replacement exe @ 2MB VS Keymaker @20KB...

    If a keymaker is possible, it would most certainly be the better option. It's also neater, I think. If I could pick between downloading a patched replacement exe or a keygen, I would definately go for the keygen...

    - Fahr

  8. #8
    Another thought! Would it be possible to write a loader which would grab the serial from mem at the moment of generation?

    I never wrote a loader yet, so I wouldn't know if it can be done, especially seeing how the orig exe is packed...

    - Fahr

  9. #9
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,078
    Blog Entries
    5
    Quote Originally Posted by Fahr
    Point is that it would still require me to spread a patched exe, rather than a small keymaker.
    Excuse my diatribe, don't take it personal, you can do what you want, but,

    Bah, if all you're interested in this for is spreading cracks, keep this shit out of the Advanced Forum, this thread is moved...

    Kayaker

  10. #10
    Quote Originally Posted by Kayaker
    Excuse my diatribe, don't take it personal, you can do what you want, but,

    Bah, if all you're interested in this for is spreading cracks, keep this shit out of the Advanced Forum, this thread is moved...

    Kayaker
    I only used that as a point to illustrate. What I am really trying to do here is find a solution around that VB stuff...

    But move it around as you wish, I guess you know what's the best place for this

    - Fahr

  11. #11

    Lightbulb inline ASM in vb...

    Quote Originally Posted by Fahr
    The best option would be to use inline ASM in VB, but since VB doesn't support that...

    Thanks
    inline ASM in VB:
    www.tweakvb.com

  12. #12
    Quote Originally Posted by babar0ga
    inline ASM in VB:
    www.tweakvb.com
    Yes, someone already mentioned that. I'm looking into it.

    - Fahr

  13. #13
    Hmm... Inline Assembly in VB is not really an option, either... it doesn't recognize MSVBVM6.dll imports (I should've known, of course).

    Is there really no way to import MSVBVM6.dll functions in MASM? In theory, it should be possible, no?

    And otherwise that loader idea... any thoughts on that?

    Thanks,
    - Fahr

  14. #14
    Oh, I think yes. We probaly can import and use export functions of MSVBVM60.dll in MASM32. But the document and prototype of them was not documented by Microsoft, so we must need some code reversing.
    I use dumpbin /exports to create a export list file of MSVBVM60.dll, and change it to DEF file format, then use lib /machine:ix86 /def:def_file to create import library for msvbvm60.dll.
    To create inc file, I use a tool call impapi, found on Win32ASM board.
    The attached file contains: msvbvm60.def, msvbvm60.lib and msvbvm60.inc.
    Good luck !
    Attached Files Attached Files

  15. #15
    Thanks! That will be most helpful

    Params etc. shouldn't really be a problem, since I have the IDA ASM output with the right calls in it... I should be able to copy it 1:1 with some minor changes here and there.

    Thanks a lot for your inc and lib! I'll post here how it went

    - Fahr

Similar Threads

  1. Executing segment codes from MASM with JMP
    By Unity in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: August 5th, 2013, 17:31
  2. Why IDA crashs for MSVBVM60.dll?
    By Hero in forum The Newbie Forum
    Replies: 1
    Last Post: March 17th, 2005, 12:06
  3. MASM Syntax.
    By Innocent in forum The Newbie Forum
    Replies: 3
    Last Post: September 27th, 2004, 11:16
  4. MASM and dword ptr
    By johndoe1 in forum The Newbie Forum
    Replies: 2
    Last Post: March 7th, 2004, 10:33
  5. Jump to <&MSVBVM60.#100> ??
    By 99bobster99 in forum OllyDbg Support Forums
    Replies: 19
    Last Post: September 6th, 2003, 06:58

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •