OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: July 9, 2011 21:41 CDT by Usman .

I am in DESPARATE need of hooking VB 6.0 binary functions to monitor some data and need to inspect the formation of some packets based on that input data. Unfortunately that program is written in older version of VB (i,e VB 6.0) and no source code available and no pdbs.

I tried some of decompilers, they build dissassembly and unable to give the proper decompiled code of VB 6.0 assembly.

More over can I hook this VB 6.0 programmed exe in C++ or in .NET C# VS2010? KINDLY HELP ME OUT IN THIS REGARD , as I am in desperate need of this, I would be obliged.

Regards USman

bossnade		July 12, 2011 11:01.18 CDT
What are you talking about lol, VB imports winsock and calls recv() and send() for winsock comm and InternetOpenUrl() for inet (openurl). I don't understand what your problem is.. Edit: I just realized, you don't know anything about anything -- because you could have just used wireshark or WPE

cod		July 12, 2011 15:31.06 CDT
you have a chance if program was written in VB6, because propabilly it's compiled in native code and not pcode. You can use with VB6 in native ida 5.0, looking on hex code the stub procedures that invoke send/recv api of winsock library.

Usman		July 13, 2011 07:23.14 CDT
All! I am having a vb 6.0 based process (vb 6.0 app), of which the code is written in vb 6.0. Its a small GUI that is hardly having 10-15 text boxes and few drop downs. User is allowed to input the data according to his desire (fill text box, pick values from drop down) and finally the data will send to GSM modem which is installed in the local machine or it is supposed to send the data over network after user clicks "Send". Now here's the problem, and needs to figure out interesting thing. When user clicked "Send", process internally created "AT-Command" by using the input data which user entered. This "AT-Command" will be sent to the GSM modem to configure it. I want this "AT-Command" to view and analyze , as I need to publish this AT-Command for my web users. Here as I dont't have Source Code for this app. So ultimately I have to hook the "Send" function of this process, Right? SO HOW TO HOOK THIS FUNCTION? then problem is : How can vb 6.0 app(process) functions be hooked , so that when process calls "Send", the call should come at "MySend" function. Note: "AT-Command" is used to configure the modem from remote network machine based on user configurations. Regards Usman

cod		July 13, 2011 09:23.20 CDT
did you tried to open with IDA the exe file? you may find a cross reference on command strings ...

Usman		July 13, 2011 11:27.19 CDT
I tried to open the exe in IDA..Unfortunately I didn't have huge exposure to interact with IDA functionality at all. Its a messive assembly syntax which was generated though. More over what does cross reference is all about? what it has to do with my problem? What it is which will lead me to solution? If it is something "imports", i mean the imports of some other dll, yeah i looked upon it and most probably these imports are of (MSVBVM60.dll) or imports of MSCOMM.dll of whome functions do I need to hook somehow. BUT I want to Hook first "Send" function , and then after that I will lead the processing further from this hooked function as "MySend" function to ownwards. Hope you understand, if still you need something , immediately ask me Regards Usman

Usman		July 13, 2011 11:43.46 CDT
Yeah I got!! I got the cross references are the table of "JMP" instructions will take place and make the controls to take away from one point in program on another point of a program. I noticed , but again here i was unable to find a good piece of information. actually I am not able to debug the program in IDA while attaching the process on it. Can you please give me you mailing id, so that you can trace out what I my problem is through IDA? Regards Usman

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit