Visual Basic (msbloat.dll)

Visual Basic Programs (msbloat.dll)

Programs written in Visual Basic sadly proliferate the web, you'll easily identify them when reverse engineering or disassembling by the use of the run-time dll, vbrun300.dll for VB3, vb40032.dll for VB4 & msvbvm50.dll for VB5 (msvbvm60.dll - VB6 is now also available although I've yet to see anything substantial protected by it).

Visual Basic executables are essentially just scripts which make calls into the functions exported by the run-time dll, this is actually a really convenient way to develop good looking GUI applications without the hassles of a lot of coding (point and click programming as it is affectionately known). When you reverse these targets ensure that you have modified your winice.dat to include the relevant dll exports, its only really worth doing with VB5, VB3 can be decompiled to its 'tokens' quite effectively using DoDi's decompiler.

Learn also how to customise another brilliant tool from NuMega, SmartCheck produces a "commented movie" (Fravia's words) of all operations, beware though of p-code compiled programs (the most recent version is v6.03). It is also useful to be aware of the various dll compare routines which compare 2 wide character strings, turning on the floating point window in older versions of SoftICE with "wf -d f" is recommended (newer versions require just wf), unless you use IceDump v5.0 there is no way to modify the FPU registers.

Common SoftICE BPX's

String Manipulations

MultiByteToWideChar, rtcR8ValFromBstr, WideCharToMultiByte, __vbaStrCmp, __vbaStrComp, __vbaStrCopy, __vbaStrMove, __vbaVarTstNe (note 2 underscores).

Nag Boxes

rtcBeep, rtcGetPresentDate (time API), rtcMsgBox.

Patching W32Dasm v8.93

Until recently most of us were reversing Visual Basic programs using SmartCheck/SoftICE or a HEX editor. To a limited extent disassembling VB programs has always been possible with IDA or W32Dasm, yet the latter would never locate the String Data References, until now - patch your copy of W32Dasm v8.93 at offsets 0x16B6C-0x16B6D to 98 F4.

Target Name Description Date

VB5 trick for serial number protections. Revealing the VB5 (msvbvm50.dll) wide character compare code. 26/05/98

Bubba's Decompiling Forms for CT Software. Elementary VB decompiling and ASCII conversion. 29/12/98

Cache Master 95 v1.06 VB4 reversing trick. 29/05/98

ChromaPIX v1.0fc1 String reference locating with ASM Key Generator. 07/09/99

Dutoon (by Duran) Patching a VB5 program in 2 ways (assisted by Typh). 27/07/98

E-Z Credit '98 __vbaVarTstNe (another useful VB breakpoint). 29/01/99

EscapeRC v1.0.1 VB Time-Trial cracking with W32Dasm by ACiD BuRN. 26/10/99

EyeCU v1.1 Timer limits and nab box removing by SHeeP140. 31/08/99

Lan-Box v1.01 Following an algorithm in SmartCheck by ACiD BuRN. 26/10/99

Little Drummer Boy Understanding decompiled VB forms by Bomber Monkey. 19/02/99

Mouse & Key Recorder v2.5.2 Filling in the gaps left by SmartCheck with ASM Key Generator. 06/10/99

MusicMatch JukeBox v2.03 & v2.51 More VB5 reversing, includes C++ Key Generator. 21/01/99

News Poster Pro v5.3.4 with Prophecy's stack approach. 2 approaches to VB5 reversing with C Key Generator. 21/12/98

Split32 v1.1 A concept tutorial by PaRKeR, using SmartCheck to reverse engineer. 14/12/98

The World vs Transcender Corp. Simple serial number catching by AlpHaz. 21/07/99

widYa-cL's Guide to VB5 serial catching. Pretty Good Solitaire 98 & Pam v1.13. 26/02/99

Wave Events v2.0 Learn about the FPU and protections using it. 18/02/99

WinArj98 VB4 code tracking by BigMoM with Win32 ASM Key Generator. 03/12/98

Win Sensual Jack Tracking VB4 string manipulation to an inevitable compare. 29/10/98

Useful VB String Functions

Val() - Convert string to number.
Str$() - Convert number to string.
Left$() - Substring from left end e.g. Left$(Theodolite, 4) = "Theo".
Right$() - Substring from right end.
Ltrim$() - Trim spaces off left e.g. Ltrim$ (" Hello ") = "Hello ".
Rtrim$() - Trim spaces off right.
Trim$() - Trim spaces off both ends.
Asc() - Convert char. to ANSI code e.g. Asc("A") = 65.
Chr$() - Convert ANSI code to char. e.g. Chr$(65) = "A".

Quickly choose your next destination here.

Dongles

FAQ

Target Name	Description	Date
VB5 trick for serial number protections.	Revealing the VB5 (msvbvm50.dll) wide character compare code.	26/05/98
Bubba's Decompiling Forms for CT Software.	Elementary VB decompiling and ASCII conversion.	29/12/98
Cache Master 95 v1.06	VB4 reversing trick.	29/05/98
ChromaPIX v1.0fc1	String reference locating with ASM Key Generator.	07/09/99
Dutoon (by Duran)	Patching a VB5 program in 2 ways (assisted by Typh).	27/07/98
E-Z Credit '98	__vbaVarTstNe (another useful VB breakpoint).	29/01/99
EscapeRC v1.0.1	VB Time-Trial cracking with W32Dasm by ACiD BuRN.	26/10/99
EyeCU v1.1	Timer limits and nab box removing by SHeeP140.	31/08/99
Lan-Box v1.01	Following an algorithm in SmartCheck by ACiD BuRN.	26/10/99
Little Drummer Boy	Understanding decompiled VB forms by Bomber Monkey.	19/02/99
Mouse & Key Recorder v2.5.2	Filling in the gaps left by SmartCheck with ASM Key Generator.	06/10/99
MusicMatch JukeBox v2.03 & v2.51	More VB5 reversing, includes C++ Key Generator.	21/01/99
News Poster Pro v5.3.4 with Prophecy's stack approach.	2 approaches to VB5 reversing with C Key Generator.	21/12/98
Split32 v1.1	A concept tutorial by PaRKeR, using SmartCheck to reverse engineer.	14/12/98
The World vs Transcender Corp.	Simple serial number catching by AlpHaz.	21/07/99
widYa-cL's Guide to VB5 serial catching.	Pretty Good Solitaire 98 & Pam v1.13.	26/02/99
Wave Events v2.0	Learn about the FPU and protections using it.	18/02/99
WinArj98	VB4 code tracking by BigMoM with Win32 ASM Key Generator.	03/12/98
Win Sensual Jack	Tracking VB4 string manipulation to an inevitable compare.	29/10/98