VB Decompiler Hosted by TheAutomaters.com     Memberlist   Interfacde decompiler      VB Decompiler Forum Index -> The Interface Author Message Anonymous New User Joined: 10 Feb 2008 Posts: 0 Posted: Sun May 11, 2003 12:43 pm     Post subject: Interfacde decompiler http://membres.lycos.fr/hexman/vbeditor/VBEDITORII.zip try this out and tell me if it's what ur looking for! Back to top Anonymous New User Joined: 10 Feb 2008 Posts: 0 Posted: Sun Jun 08, 2003 9:36 pm     Post subject: Most difficult is decompile the Code Section. Perhaps until either impossible. I compiled a project example 2 times and noticed that .EXE never is equal. Somebody knows the reason? Very good work. Regards, pt Back to top Anonymous New User Joined: 10 Feb 2008 Posts: 0 Posted: Mon Jun 09, 2003 12:38 am     Post subject: Semi encryption par of the code is half encrypted, but i doubt it is the source code, if u notice the code must be some kinfd of randomed with time clock but we might be able to get the key if we look at teh first character encrypted....... try to compare then and look carefully at the first place where it doens't match l, then look at the folowing and try to find an algorytm for decryption... good luck Back to top MrUnleaded Site Admin Joined: 21 Sep 2002 Posts: 385 Location: California Posted: Mon Jun 09, 2003 4:45 pm     Post subject: Re: Semi encryption [="hexman":3s0wsqkx]par of the code is half encrypted, but i doubt it is the source code, if u notice the code must be some kinfd of randomed with time clock but we might be able to get the key if we look at teh first character encrypted....... try to compare then and look carefully at the first place where it doens't match l, then look at the folowing and try to find an algorytm for decryption... good luck [/:3s0wsqkx] Um... sorry but you are slightly wrong. the exes [by default] are not encrypted...they are just compiled....im not sure if there is a reason for the movement of the structures...but if you find your entry point and follwow the format of the structures that are posted on the Structures forum....that should help you out alot. anyways goodluck _________________ -MrU Back to top Anonymous New User Joined: 10 Feb 2008 Posts: 0 Posted: Tue Jun 10, 2003 9:35 am     Post subject: please confirm: another example: Regards pt Back to top Anonymous New User Joined: 10 Feb 2008 Posts: 0 Posted: Tue Jun 10, 2003 4:38 pm     Post subject: [="pt":x1u490fd]Most difficult is decompile the Code Section. Perhaps until either impossible. I compiled a project example 2 times and noticed that .EXE never is equal. Somebody knows the reason? Very good work. Regards, pt[/:x1u490fd] Hi. You'll find that the pcode does not change. Some of the bits do, but I do not know why this would be. The jumpto: changes from exe to exe, generally depending on the size of the gui section. Other than this, I cant give you any new knowledge Back to top sarge Moderator Joined: 24 Sep 2002 Posts: 194 Posted: Mon Jun 23, 2003 1:13 pm     Post subject: > I compiled a project example 2 times and noticed that .EXE never is equal. Somebody knows the reason? > When VB compiles, it does not compile cleanly. A lot of unneeded garbage is placed in the exe. In addition, truely variable information such as time, date, and computer info, is also included. Of course, it makes sense that if compiled on the same computer on the same day, that that particular portion of the info will be identical, although the time would obviously be different. But the significant item is the garbage; this is just whatever stuff is in the memory left over from whatever operations/applications you were preforming/running before the compile occurred. It is even suggested by many, that, to get a purer exe, after you have finalized the code, to shut down your system and re-start, then compile first thing. Note that this only minimizes the garbage; it does not eliminate it...thus, the term "purer" code, instead of "pure" code. ----------------------- In regards to your colorized pictures, you are on the right track in that you have picked out many of the significant bytes the correspond to your source code. My suggestion would be to now attack the remaining bytes in that block, comparing them to the opcode operations. You will see, for example, that the first count in your for-next loops, is not just obvious by virture of it value that you see in the exe (which you have found), but is pushed on the stack in preparation for the following operation. Further, you will see that a for-next loop, in pcode, does not "flow" like it does in the source code: Source code flow: For...... For..... For..... Next Next Next PCode flow For..... (routine 1) call/gosub next routine = routine 2 Next For.....(routine 2) call/gosub next routine = routine 3 Next For.....(routine 3) Next What, you don't see this flow in the exe? That's because you have not yet analyzed the remaining bytes in the routines. In there, you will see calls/jumps, end-of-lines, and other items that allow the pcode parser to function. Anyway, keep up the good work... Sarge Back to top    VB Decompiler Forum Index -> The Interface All times are GMT Page 1 of 1   You can post new topics in this forum You can reply to topics in this forum You can edit your posts in this forum You can delete your posts in this forum You can vote in polls in this forum Powered by phpBB © 2001, 2005 phpBB Group