Not able to load a VB application [Archive] - RCE Messageboard's Regroupment

View Full Version : Not able to load a VB application

yuvarar

August 24th, 2006, 07:15

Hi All,
Whenever I try to load a VB executable in OllyDbg v1.10(OS:Windows XP Professional), I keep getting this error:

Quote:

Inexact floating-point result - use Shift+F7/F8/F9 to pass exception to program.

Is this a Anti-Debugger Trick? I dont think so because I have the plugins like Hide Debugger, IsDebuggerPresent installed.

Someone please help...

Thanks in advance!!!

naides

August 24th, 2006, 07:26

May be is a trick, may be is just an exception. What happens when you do Shift F9 and pass the exception to the program?

What happens when you run the app first then attach it to Olly debug?

Is the app p-code or compilated?

Common wisdom says that plain old tracing of a VB application with a debugger (Olly) seldom helps. . .

yuvarar

August 24th, 2006, 07:50

Thanks for the reply!

When I press Shift+F9, nothing happens. Then I pressed F9 and I got the message

Quote:

INT3 command at ntdll.DbgBreakpoint

When attached Olly to the running process, it says

Quote:

Attached process stopped at ntdll.DbgBreakpoint

When F9 is pressed, got the same error message as mentioned in my previous post.

I am not sure if the VB application is Native/P-code compiled..(may be some one help...)

PS: I tried to run the application with Numega SmartCheck but it crashed.
But I could successfully decompile the application with VB Decompiler Lite V2.5

disavowed

August 24th, 2006, 10:23

> When F9 is pressed, got the same error message as mentioned in my
> previous post.

Keep pressing Shift-F9.

blabberer

August 24th, 2006, 12:34

or if you dont want to keep pressing shift+f9

add this exception to ignore list

options -> debuging options -> exceptions -> add last exception
-> chckmark ignore this check box -> ok

now you can just shift f9 one time and it will probably run
withoutproblems or crash

if it crashed then its upto
some mischief and you have work to do to find whats it upto

else its some incompatibilty between myriad versions of
os compilers bug of authors and other innumerable aspects

so whats the solution read around find entry point
hard break trace trace trace trace till it finds that
you a stubborn guy/gal and fails in front of you and spitting
its secrets of why its crashing , generarting exceptions

oh btw tracing vb applications in olly may be a little pain
as naides opined but but as he also stated some where else
in another thread there is nothing to beat tracing
(including finding out tricks that stop you from tracing)
if you prefer to name some of the vb jump tables find vbhelper plugin by joe stewert

or simply find this sequnce

sub dword ptr ss:[esp+const],const
jmp const

there will be several of them

thats your entry point into the wndproc on almost
all vb applications

Code:



Found sequences

Address    Disassembly                 Comment

00401C20   SUB     DWORD PTR SS:[ESP+4], 3B  

00402258   SUB     DWORD PTR SS:[ESP+4], 43

00402265   SUB     DWORD PTR SS:[ESP+4], 57

00402272   SUB     DWORD PTR SS:[ESP+4], 4B

i found this sequnce on xyz vb application
-->right click set break point on everycommand

Code:



Breakpoints

Address  Module  Active    Disassembly              Comment

00401C20   vb  Always    SUB     DWORD PTR SS:[ESP+4], 3B

00402258   vb  Always    SUB     DWORD PTR SS:[ESP+4], 43

00402265   vb  Always    SUB     DWORD PTR SS:[ESP+4], 57

00402272   vb  Always    SUB     DWORD PTR SS:[ESP+4], 4B

f9nned the application

and ollydbg broke

Log data, item 0
Address=00402258
Message=Breakpoint at vb.00402258
the sequnce it broke was

00402258 SUB DWORD PTR SS:[ESP+4], 43
00402260 JMP vb.00402CA0

f7iing two time i land here

Code:



00402CA0  PUSH    EBP

00402CA1  MOV     EBP, ESP

00402CA3  SUB     ESP, 18

00402CA6  PUSH  <JMP.&MSVBVM60.__vbaE; SE handler installation



<-----------snip ---------------------->

00402D05  CALL    NEAR DWORD PTR DS:[<&MSVBVM60.__vbaOnErr>;  MSVBVM60.__vbaOnError

00402D0B  MOV     DWORD PTR SS:[EBP-4], 3

00402D12  PUSH    0

00402D14  PUSH    vb.004024F0      ;  UNICODE "OllyDbg - vb.exe"

00402D19  LEA     EDX, DWORD PTR SS:[EBP-30]

00402D1C  PUSH    EDX           ;  MSVBVM60.734242A0

00402D1D  CALL    NEAR DWORD PTR DS:[<&MSVBVM60.__vbaStrTo>;  MSVBVM60.__vbaStrToAnsi



 <------------------- snip ------------------>

thats it you can beat it now

Iwarez

August 28th, 2006, 14:48

The exception you recieve is no anti-debugger trick. I debugged a lot of (my own) vb programs and you recieve this exception for example when an object is searched in a collection that does not exist. Nothing to worry about and you can indeed add it to the ignore list.

yuvarar

August 31st, 2006, 00:57

Thanks everyone for the reply. The problem is solved by adding the exception to the Ignore list.

Thanks a lot!!!