Author: David Zimmer
Date: 07.15.19 - 5:01am
Since VB6 PCode analysis is a specialty and a weak spot in corporate IT security I have been researching the subject extensively.
Its a long slow road and intricate subject. Structure parsing and pcode disassembly engines are complete and I have been pouring through the 1100+ opcodes adding argument decodings and object resolvers.
I have also implemented a p-code debugging engine complete with breakpoints and memory inspection.
More super cool and powerful features are in the works, but I am not going to reveal them quite yet :)
One other note pcode disassemblers that show the opcode only and hide the arguments byte code is problematic. NONE of the p-code tools currently decode arguments for all opcodes and they are hiding this data from you.
I have also found grievous errors in their decodings that make the disassembly dangerously wrong for malware analysts.