• Welcome to Valhalla Legends Archive.
 

Visual Basic [Disassembly]

Started by n00blar, February 09, 2003, 03:51 PM

Previous topic - Next topic
Print
|
Go Down Pages1
User actions

n00blar

February 09, 2003, 03:51 PM
Have any of you guys disassembled and documented that almighty "do-everything" ThunRTMain function? (I just disassembled and traced it all the way to the Translate/Dispatch message loop) I would document it myself, but why reinvent the wheel? So I'm just curious if any of you guys have done this yet..

n00blar

#1
February 09, 2003, 04:05 PM Last Edit: December 31, 1969, 06:00 PM by 1048312800
Oh, and if anyone wants to document some of the functions in the msvbvm60.dll /w me you are all welcome, I was disassembling it yesterday and saw some quite interesting exported functions =)

warz

#2
February 09, 2003, 04:08 PM Last Edit: December 31, 1969, 06:00 PM by 1048312800
And you can't think of anything more fun to do with your time? lol.

iago

#3
February 09, 2003, 04:35 PM Last Edit: December 31, 1969, 06:00 PM by 1048312800
Can't think of anything better than learning?  Can't find anything better than educating himself a little more by looking at the work done by others in this field?  Nope, I can't think of anything better.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

warz

#4
February 09, 2003, 05:17 PM Last Edit: December 31, 1969, 06:00 PM by 1048312800
Who said better? Oh, did you think *I* said that? I don't remember saying it.. but by all means, if I did please quote me.

Banana fanna fo fanna

#5
February 09, 2003, 05:29 PM Last Edit: December 31, 1969, 06:00 PM by 1048312800
Hook them and see what happens ;)

Type ApiHijack into google.

n00blar

#6
February 10, 2003, 05:29 AM Last Edit: December 31, 1969, 06:00 PM by 1048312800
Storm.ID I'm disassembling ThunRTMain and commenting it myself as I had no real productive feedback from warz (as usual, i suggest admins ban him, but that's just me)

Adron

#7
February 10, 2003, 01:35 PM Last Edit: December 31, 1969, 06:00 PM by 1048312800
What are you using to disassemble/comment it?

n00blar

#8
February 11, 2003, 05:22 PM Last Edit: December 31, 1969, 06:00 PM by 1048312800
IDA

iago

#9
February 11, 2003, 06:11 PM Last Edit: December 31, 1969, 06:00 PM by 1048312800
Which version?  If <4.30 I'll give you 4.30.  It's Leet++ :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Adron

#10
February 12, 2003, 10:48 AM Last Edit: December 31, 1969, 06:00 PM by 1048312800
IDA 4.30 is nice but too slow for me.

indulgence

#11
February 12, 2003, 06:24 PM Last Edit: December 31, 1969, 06:00 PM by 1048312800
The retail version of IDA Pro 4.30 can save the disassembly and loads it rather fast :)

So, um, IDA Pro 4.30 > Everything
<3

Adron

#12
February 12, 2003, 06:33 PM Last Edit: December 31, 1969, 06:00 PM by 1048312800
Umm, it saves the disassembly? Wow! I could've never guessed!  :P

But really, IDA 4.30 is too slow for me. Much slower than 4.17. It just crawls.

iago

#13
February 13, 2003, 05:44 AM Last Edit: December 31, 1969, 06:00 PM by 1048312800
Well, I guess it deends on the computer.  I've had no speed problems with it :P
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Print
|
Go Up Pages1
User actions