VB6 Virtual Files


Author: Dave
Date: 10.14.23 - 10:01pm


So the python pefile module has the ability parse a PE files data from either a file path or a memory buffer. This is actually kinda nice because sometimes you extract a PE from a resource in memory and then want to switch over to that without a bunch of intermediate files dumped to disk and making AV spaz out on you.

Since I am primarily VB6 based, I already have my own PE file format parser I wrote like 20 years ago. Catch is it is file system based and uses advanced features of the VB Get statement to magically load entire structures from disk with a single call.

Its complex code to write and test, I do not want two different versions of the code one for in memory and one for on disk.

What is a guy to do?!

Well, if your lazy...you do some API hooking and then redirect the file system calls to work seamlessly off of an in memory buffer!

This code is not bulletproof, it blindly assumes all operations will be on a single file handle at this point, but if used carefully it will do the trick.

Experimental but fun. You can download the files here




Comments: (0)

 
Leave Comment:
Name:
Email: (not shown)
Message: (Required)
Math Question: 87 + 11 = ? followed by the letter: K 



About Me
More Blogs
Main Site
Posts: (All)
2024 ( 1 )
2023 (9)
     VB6 Virtual Files
     File handles across dlls
     python abort / script timeout
     py4vb
     VB6 Python embed w/debugger
     python embedding
     VB6 IDE Enhancements
     No Sleep
     A2W no ATL
2022 (4)
     More VB6 - C data passing
     Vb6 Asm listing
     Byte Array C to VB6
     Planet Source Code DVDs
2021 (2)
     Obscure VB
     VB6 IDE SP6
2020 ( 4 )
2019 ( 5 )
2018 ( 6 )
2017 ( 6 )
2016 ( 22 )
2015 ( 15 )
2014 ( 25 )
2013 ( 4 )
2012 ( 10 )
2011 ( 7 )
2010 ( 11 )
2009 ( 3 )