Yara isPCode rule

import "pe"
//ywbPath: ./ -r

rule isVB6_PCode
{
    condition:
        pe.is_32bit() and pe.imports("msvbvm60.dll") and
        uint32( //vbheader.projectInfo.isNativeCode 
            uint32(
                uint32(pe.entry_point+1)-pe.image_base+0x30
            )-pe.image_base+0x20 
        ) == 0
}




rule test
{

    condition:
        pe.is_32bit() and pe.imports("msvbvm60.dll") and
        (
            pe.dbg(pe.image_base) and 
            pe.dbg("vbheader struct va:", uint32(pe.entry_point+1)) and 
            pe.dbg("project info struct:", uint32((uint32(pe.entry_point+1)-pe.image_base)+0x30)) and  
            pe.dbg("isNativeCode:",
                uint32(uint32((uint32(pe.entry_point+1)-pe.image_base)+0x30)-pe.image_base+0x20)
            )
        
        )
}