Page 2 of 2 FirstFirst 12
Results 16 to 26 of 26

Thread: MASM and MSVBVM60 imports

  1. #16
    It seems that the .inc file is not compatible with MASM

    MASM wants inc definitions like this:

    CreateSecurityPage PROTO : DWORD
    EditSecurity PROTO : DWORD,: DWORD

    with param definitions, prolly needed for the MASM specific .invoke statement...

    Is there any way I can convert this .inc to a MASM compatible .inc? I don't think it's possible to generate definitions of the params from the DLL...

    - Fahr
    Last edited by Fahr; April 26th, 2004 at 11:47.

  2. #17
    There is an l2inc utility with MASM32 which can generate .inc files for lib files, but this doesn't work with the .lib file generated with lib.exe

    I tried your .def file and I rebuilt it myself, I do get the lib, but l2inc wont process it. It gives no errors, nothing, it just doesn't produce any output either...

    - Fahr

  3. #18
    Ok, disregard all that, I still got it working by changing all 'global's into 'extrn's... apparently MASM32 doesn't know global, but it does know extrn.

    The program compiles ok, but there are some weird things... I hardcoded in the hardware dependant serial for now. At some point it puts it thru __vbaStrLen. The original program returns 12h (18), the actual size. My 'program' returns some bizarre number which is extremely high.

    Eventually my program dies on a __vbaStrMove... I guess it just can't be done without the Visual basic stuff around it

    I'll continue experimenting. If anyone has any input, it would be most welcome.

    - Fahr

  4. #19
    Hello Fahr
    If anyone has any input, it would be most welcome
    Below link might help you understand if its possible or not
    http://board.win32asmcommunity.net/showthread.php?threadid=7879&highlight=msvbvm60.dll

    Regrads, Sope.
    Read to Lead

  5. #20
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Quote Originally Posted by Fahr
    Hello all,

    I recently sniffed out a serial from a certain program. The idea is very straight forward; one call and the serial is in EAX. The serial is based on a hardware dependant code, rather than a name. Since nobody else is able to use my code, I decided to attempt a keygen.

    I skipped through the registration proc, but it is extremely obfuse and extremely long (3098 lines, not mentioning a second sub proc which is called), so I don't really feel like trying to figure out what it does.

    In the past, I once ripped a whole registration proc from a program and built another GUI around it. I figured that would be the best option in this case as well. Problem is; the program is written in VB and the regproc is full of calls to the MSVBVM60.dll. In order to make this work, I'll need to import MSVBVM60 in MASM...

    Does anybody know how I can pull this off? Or maybe where I can find premade import headers? I searched the net, but couldn't find anything.

    The best option would be to use inline ASM in VB, but since VB doesn't support that...

    Thanks,
    - Fahr

    Sorry if I come late into this thread, and perhaps you are far into your project to consider a lateral solution but:

    When you rip the code off the program you are taking the fish out of the water, and now you have to reconstruct the whole environnment in which it can work and survive.
    Why don't you just leave it there, and modifiy the code so the whole, mostly untouch program IS your KeyGen?
    In this case you would only need to inject some code that does the display of the Key once it is generated using already imported API, and modify the last few intructions of the Key generating routine to jump or call your code.
    It would require quite less construction, but perhaps Construction is what you want to do, so by any means . . .

  6. #21
    Quote Originally Posted by naides
    Sorry if I come late into this thread, and perhaps you are far into your project to consider a lateral solution but:

    When you rip the code off the program you are taking the fish out of the water, and now you have to reconstruct the whole environnment in which it can work and survive.
    Why don't you just leave it there, and modifiy the code so the whole, mostly untouch program IS your KeyGen?
    In this case you would only need to inject some code that does the display of the Key once it is generated using already imported API, and modify the last few intructions of the Key generating routine to jump or call your code.
    It would require quite less construction, but perhaps Construction is what you want to do, so by any means . . .
    This is actually exactly what I did for now and it works fine, instead of the error (wrong key blah) it shows the key itself.
    Point is, however, that this is not the nicest solution. I already realized that 'ripping' the keygen will be nearly impossible, if it's not the VB imports, it's because the whole environment is gone (as you said) and it will be hell to figure out and recreate. I am now basically at the point where I consider 2 remaining options:

    1) Rebuild the keygen algorithm from looking at the code. Problem here is that the code is somewhere near 4000 lines long and more than extremely obfuscated.
    2) Build some kind of loader which applies the 'crack' I already built on the fly (modify the prog in mem instead of on the HD). Problem here is that the original program is packed, plus I never wrote a loader yet and I wouldn't know where to start...

    For now using the program itself as its own keygen works, but I would like to build that loader (building the keygen for this particular program was already deemed impossible on some other board, where someone attempted the same).

    - Fahr

  7. #22
    Quote Originally Posted by sope
    Hello Fahr
    Below link might help you understand if its possible or not
    http://board.win32asmcommunity.net/showthread.php?threadid=7879&highlight=msvbvm60.dll

    Regrads, Sope.
    I read the topic and as far as I can say; everyone more or less agrees it's either extremely difficult or just impossible.

    Thanks for the info, I completely discarded the code ripping idea and will focus on other possibilities

    - Fahr

  8. #23
    Quote Originally Posted by Fahr
    plus I never wrote a loader yet and I wouldn't know where to start...
    We have a simple loader on this forum as well here's the url http://66.98.132.48/forum/showthread.php?t=5107 will help you begin with a loader coding for your program.

  9. #24
    Quote Originally Posted by sope
    We have a simple loader on this forum as well here's the url http://66.98.132.48/forum/showthread.php?t=5107 will help you begin with a loader coding for your program.
    Thanks! That looks like what I want

    I'll check it out!

    - Fahr

  10. #25
    Hmm... the whole loader idea doesn't seem to quite work out :S

    I downloaded Zairon's loader and changed it to fit my needs (which are about the same as Zairon's, except for the addresses).
    When I run it, it sticks in the while loop forever. I managed to fish out that it generates an access violation. I added this case:

    Code:
    case EXCEPTION_ACCESS_VIOLATION:
    char* cTmp = new char[50];
    GetThreadContext(processInfo.hThread, &context);
    sprintf(cTmp, "Access violation at %d!\n", context.Eip);
    printf(cTmp);
    delete[] cTmp;
    break;
    in the exceptioncode switch. Now when I run it it gives me:

    Access violation at 4911260!

    only a million times, always at the same address...

    When I check in Olly, it says 4911260 doesn't exist (even after I run the unpacker).
    The loader never reaches the EXCEPTION_SINGLE_STEP, only the initial one, where I set the EP, then a few DLL loads and then endless access violations.

    I have NO idea what I'm doing wrong. I didn't really change anything in Zairon's code except for the exe name and the addresses...

    Any help?

    Thanks,
    - Fahr

  11. #26
    Hmm... I just checked it out and it turns out I have exactly the same problem using Zairon's original source on the original crackme...

    Is it just my comp? Or is there something buggy in his loader source?

    - Fahr

Similar Threads

  1. Executing segment codes from MASM with JMP
    By Unity in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: August 5th, 2013, 17:31
  2. Why IDA crashs for MSVBVM60.dll?
    By Hero in forum The Newbie Forum
    Replies: 1
    Last Post: March 17th, 2005, 12:06
  3. MASM Syntax.
    By Innocent in forum The Newbie Forum
    Replies: 3
    Last Post: September 27th, 2004, 11:16
  4. MASM and dword ptr
    By johndoe1 in forum The Newbie Forum
    Replies: 2
    Last Post: March 7th, 2004, 10:33
  5. Jump to <&MSVBVM60.#100> ??
    By 99bobster99 in forum OllyDbg Support Forums
    Replies: 19
    Last Post: September 6th, 2003, 06:58

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •