TTFPlus 3.3 32-bit demo
A "quiver" in Visual Basic 5

by Vizion
(18 September 1997)

Courtesy of Fravia's page of reverse engineering

Well, A visual basic 5 target (without strings) with a quiver protection, very well reversed by Vizion, even if, as usual with protectionists that are NOT careful enough, you could have directly searched insie the dead listing the strings: "MSVBVM50.rtcMsgBox" and "cmp ax, 000A"
 :::: TARGET
 TTFPlus 3.3 32-bit demo (url :

 :::: TOOLS 
 W32Dasm 8.9, SoftIce for NT 3.01, UltraEdit-32 4.40b

 Quiver protection (see +ORC, lesson 4.1). Internal counter. 
 The demo counts the number of times you select a font you like to see.

 :::: REMARK(s)
 You will need to change winice.dat for this crack. Open winice.dat in your
 favorite text editor and add the next line,


 Save the file and restart your computer if SoftIce is loaded.

 Like always, I start with loading the target in W32Dasm. The first thing I
 noticed was that there were no String References. Pretty annoying if you
 ask me. If you take a look at the list of .dll files that are used you'll
 see only one :

  MSVBVM50.DLL aka. Microsoft Visual Basic Virtual Machine 5.0 (I think)

 Ok, this is quite new, and I haven't seen any tutorials on a VB5 program.
 Due to the lack of String References and the usage of only one .dll file
 we need a "new" approach to crack this baby, I suggest you sit down and
 start thinking about the way to crack this target...

 Well I came up with the following idea.

 Start the target and select several times a font, after 10x clicking you'll
 get the nag screen telling you... well read it :). The problem is that you
 need to restart the target if you want to use it some more.

 Back in W32Dasm, take a look at the imported functions from the .dll,

 Addr:0F0D3109 hint(0000) Name: __vbaStrBool
 Addr:0F01A5AE hint(0000) Name: __vbaExitProc
 Addr:0F0239B1 hint(0000) Name: __vbaFileCloseAll
 Addr:0F023FA0 hint(0000) Name: __vbaOnError
 Addr:0F04F618 hint(0000) Name: __vbaObjSet
 Addr:0F0CF404 hint(0253) Name: rtcMsgBox                    

 (c) Vizion 1997. All rights reversed
You are deep inside fravia's page of reverse engineering, choose your way out:

homepage links red anonymity +ORC students' essays tools cocktails
academy database antismut search_forms mail_fravia
is reverse engineering legal?