Reusing Pcode Functions
Author: David Zimmer
Date: 05.17.20 - 8:18pm
One of my favorite things is binary re-engineering, specifically reusing code from malware as part of my solution to solving it. I have had several blog posts on this over the years.
For this installment we are going to look at how to rip functions from a vb6 pcode executable and call them from our own C loader.
This 10 page paper includes
This research is part of what came out of an 8 month long research project into the vb6 file format and pcode instruction set.
Downloads: Paper & Samples
Update: At reader request I have expanded vbRip's scope to load dlls and show multiple modules.
Below is the video that started me down this research path:
Comments: (1)On 05.18.20 - 7:56pm Dave wrote: