китайцы угощают кому интересен васик ;) юзает нет вроде
VBKiller use
VBKiller is a VB-assisted reverse analysis tool. The first statement, it does not help you to anti-compiled into VB VB source code, can only make the anti-VB program compilation looks closer to VB code.
With IDA use, can create almost all the VB program category structure, method table, the function body, and the establishment of methods table structure; VB procedures can be identified quoted by COM CLSID and use ProgID named; COM arbitrary procedures can be established (non - the VB compiler can also) the method table, the function body, and the establishment of methods table structure can be analyzed in the VB program in the use of these structures. After these processing, the VB program to be analyzed in the IDA has developed a number of very standardized types, methods, from the reverse has been close to the source.
That method:
Click on the Browse button to select a COM procedures, DLL or Exe or ocx, if not VB program, it is necessary to "non-VB program" ticking there, click on View. The framework sets out on the left side of the selected COM interface for all procedures, if depends on type and enumeration can be selected, "revealed that all the outside interface category." Click on any one interface, displayed on the right side of all the interface method addresses in the method table, methods of the real addresses. If the front seven to demonstrate that the basic approach would require selected "show that the basic interface methods." If non-VB program, the right of the site and a virtual image of the site, the site is image-based procedures ImageBase, and the site is the virtual-memory space assigned to the inside of the initial address, the default procedure probably calculated this address, if not correct, requires manual changes to the method because procedures are operating table is located inside the space, we must know that this two-site can be transformed into static document addresses, it is very important to be filled out, otherwise, there will be recognition errors. Click on the formation IDC, the current can be generated by the selected interface corresponding IDC document category and enumeration is not generating IDC, the IDC loading to the IDA, we can handle automatic identification method addresses of the corresponding. Click on the full formation, it can generate all the IDC document interface (put it in a file inside). Selected "Generation structure" and have the use of two generating button, we can generate the corresponding structure COM established script, the IDC included in the structure of IDA, the IDA will generate a number of corresponding structure, such as : a procedure for the analysis of the database used decryption operation and processing operations, the general should be printed in the ADO and the structure of CAPICOM script.
VBKiller there is a scanning function to identify the COM has not yet been completed.

That same directory, there are several other c document.
Among them, header.c above IDC document is to be contained, it is common function documents;
Vb.c is disseminated on the Internet that vb.idc revised version, the number has not changed, the feeling of many places not work. The script can be used to establish the VB program structure and type of incident;
Vboop.c VB is specifically supporting the object-oriented features of the script.
Inside Do_BasicOOP methods are based mainly on the establishment of good events vb.c table, handling of the corresponding function, if the function had not yet established, it creates function, and changed its name to the function table with the names of the same incident, while the establishment of each category Methods table structure, the area beyond analysis.
ParseAPI to deal with VB internal function, it will scan all the designated function cross-references to the function and re-zone, trying to identify parameters, and add notes to various parameters, if the parameter is register, and then further on to find Register data sources, and add notes. Notes scan function and is designated code inside, the majority of the designated function, according to their own needs, we can add new functions.
ParseNew method for scanning all _ _ vbaNew2 the vbaNew and cross-references, and try to identify the corresponding CLSID, if we can identify, for the corresponding revision of the procedures to facilitate View. Recognition is built to achieve, and now built-in small, we may need to add their own. Scanning yes, if it is found that could not distinguish the CLSID, procedures will be the CLSID write to the directory with the UnKnown.txt, can be analyzed again after the document to see if they did not identify the CLSID, to the registry search for the CLSID obtained after the procedures were in place together with the corresponding procedures can be.
www.unpack.cn/viewthread.php?tid=20119&extra=page%3D1

| Сообщение посчитали полезным:

кто нашёл ссылку, напишите сюда. а то я на этом китайском сайте ничего не пойму.

| Сообщение посчитали полезным:

VBKiller V1.0.2007.1210



3dca_10.12.2007_CRACKLAB.rU.tgz - vbkiller.rar

| Сообщение посчитали полезным:

А чой-то там с букафками?
У кого-нить английская версия есть?

-----
The truth is out of there...

| Сообщение посчитали полезным:

Magister Yoda
Я думаю, имелись ввиду символы в самой программе...

| Сообщение посчитали полезным:

ryden пишет:
Я думаю, имелись ввиду символы в самой программе...
у меня вообще прога не запустилась

| Сообщение посчитали полезным:

-= XjekaCR =-
у меня вообще прога не запустилась

для работы программы нужет .Net Framework 2.0

| Сообщение посчитали полезным:

userdom пишет:
для работы программы нужет .Net Framework 2.0
не, у меня ошибка при инициализации приложения (0xc0000135).

| Сообщение посчитали полезным:

Lumen пишет:
У кого-нить английская версия есть?
Английской версии похпже нет, но есть исходники, компильни и сделай англ.

-----
z+Dw7uLu5+jqLCDq7vLu8PvpIPHs7uMh

| Сообщение посчитали полезным:

-= XjekaCR =-, эта ошибка и говорит, что нужно установить framework

| Сообщение посчитали полезным:

Av0id пишет:
-= XjekaCR =-, эта ошибка и говорит, что нужно установить framework
вечно до меня долго доходит

| Сообщение посчитали полезным:

А если в двух словах и по-русски, что прога делает ?

| Сообщение посчитали полезным:

ToBad
+1

| Сообщение посчитали полезным: