Visual Basic reversed engineering

Re: Visual Basic reversed engineering

On Mon, 13 Mar 2006 08:05:56 +0100, "qwert" <nospam@nospam. nl> wrote:
[color=blue]
>Hello,
>
>I have an application (.exe) build in Visual Basic 6. The code (and
>programmer) are gone. The program doesn't work because it looks for a ms
>access file (.mdb) in an unknown directory. I need to figure out which
>directory this is. Is there anyway to do this? The direcory is probably
>hard-coded in the .exe, so could it be still in there as a string? Open the
>.exe with some tool and look for strings? Or is there a way to step through
>a running vb application?[/color]

I use a very old and honky File Viewer/Editor



That would be my first line of attack

The next line would be to try FileMon :-


[color=blue]
>This probably isn't a vb6 question, but that is what I work with and that is
>what this application is build with and I have no idea how to accomplish
>such a task, or if it's even possible. So any help would great,[/color]

Re: Visual Basic reversed engineering

qwert wrote:[color=blue]
> Hello,
>
> I have an application (.exe) build in Visual Basic 6. The code (and
> programmer) are gone. The program doesn't work because it looks for a ms
> access file (.mdb) in an unknown directory. I need to figure out which
> directory this is. Is there anyway to do this? The direcory is probably
> hard-coded in the .exe, so could it be still in there as a string? Open the
> .exe with some tool and look for strings? Or is there a way to step through
> a running vb application?[/color]

I'd use FileMon from SysInternals to see what files its trying to access.

(Follow up to alt.comp.lang.v isualbasic failed as my ISP doesn't have it.)

--
Dean Earley (dean.earley@ic ode.co.uk)
i-Catcher Development Team

iCode Systems

Re: Visual Basic reversed engineering

Thanks for the answers.

FileMon is pretty handy. Good tip. Also, it turns out that if you simply
drag the exe file to notepad, the strings show up. But only with a 'space'
char between each of them. Don't know if this trick always works.




"J French" <erewhon@nowher e.uk> wrote in message
news:44152031.8 2424423@news.bt openworld.com.. .[color=blue]
> On Mon, 13 Mar 2006 08:05:56 +0100, "qwert" <nospam@nospam. nl> wrote:
>[color=green]
> >Hello,
> >
> >I have an application (.exe) build in Visual Basic 6. The code (and
> >programmer) are gone. The program doesn't work because it looks for a ms
> >access file (.mdb) in an unknown directory. I need to figure out which
> >directory this is. Is there anyway to do this? The direcory is probably
> >hard-coded in the .exe, so could it be still in there as a string? Open[/color][/color]
the[color=blue][color=green]
> >.exe with some tool and look for strings? Or is there a way to step[/color][/color]
through[color=blue][color=green]
> >a running vb application?[/color]
>
> I use a very old and honky File Viewer/Editor
>
> www.jerryfrench.co.uk/fd.zip
>
> That would be my first line of attack
>
> The next line would be to try FileMon :-
>
> http://www.sysinternals.com
>[color=green]
> >This probably isn't a vb6 question, but that is what I work with and that[/color][/color]
is[color=blue][color=green]
> >what this application is build with and I have no idea how to accomplish
> >such a task, or if it's even possible. So any help would great,[/color]
>
>[/color]

Re: Visual Basic reversed engineering


"qwert" <nospam@nospam. nl> wrote in message
news:QoSdnR9zfe KdLYvZRVnyiA@ca sema.nl...[color=blue]
> Thanks for the answers.
>
> FileMon is pretty handy. Good tip. Also, it turns out that if you simply
> drag the exe file to notepad, the strings show up. But only with a 'space'
> char between each of them. Don't know if this trick always works.
>
>[/color]

Yes it always works for literal strings in code. (The ones you define as
"abcde")
You will find they are stored at the bottom of the executable file within
the same area of a data segment. (the old term, but still descriptive, <g>)

The compiler does this in order to manage identical string optimizations
("Eliminate Duplicate Strings"). If for example you define "abcde" in your
code more than once, the optimizer will substitute the same address for both
strings and only store it once.

The reason you are seeing 'spaces' between the characters is because while
they were declared as ANSI (8byte chars), they are stored as Unicode (16byte
chars).

hth
-ralph



[color=blue]
>
>
> "J French" <erewhon@nowher e.uk> wrote in message
> news:44152031.8 2424423@news.bt openworld.com.. .[color=green]
> > On Mon, 13 Mar 2006 08:05:56 +0100, "qwert" <nospam@nospam. nl> wrote:
> >[color=darkred]
> > >Hello,
> > >
> > >I have an application (.exe) build in Visual Basic 6. The code (and
> > >programmer) are gone. The program doesn't work because it looks for a[/color][/color][/color]
ms[color=blue][color=green][color=darkred]
> > >access file (.mdb) in an unknown directory. I need to figure out which
> > >directory this is. Is there anyway to do this? The direcory is probably
> > >hard-coded in the .exe, so could it be still in there as a string? Open[/color][/color]
> the[color=green][color=darkred]
> > >.exe with some tool and look for strings? Or is there a way to step[/color][/color]
> through[color=green][color=darkred]
> > >a running vb application?[/color]
> >
> > I use a very old and honky File Viewer/Editor
> >
> > www.jerryfrench.co.uk/fd.zip
> >
> > That would be my first line of attack
> >
> > The next line would be to try FileMon :-
> >
> > http://www.sysinternals.com
> >[color=darkred]
> > >This probably isn't a vb6 question, but that is what I work with and[/color][/color][/color]
that[color=blue]
> is[color=green][color=darkred]
> > >what this application is build with and I have no idea how to[/color][/color][/color]
accomplish[color=blue][color=green][color=darkred]
> > >such a task, or if it's even possible. So any help would great,[/color]
> >
> >[/color][/color]