|
Over the years I have invested heavily in product R&D building a wide
assortment of new skills, and fostering a diverse background and understanding.
These are some of the papers I have developed along my journey that I make freely available to help others along. |
Sandsprite Papers
VB6 P-Code / Reversing
Scripting Arbitrary VB6 Apps
Recovery of VB6 prototypes
VB6 P-Code Disassembly
Writing a P-Code Debugger
VB6 P-Code Obfuscation
Binary Data Hiding in VB6
Binary Reuse of VB6 PCode
Parsing VB6 Form Controls
VB6 Variable Initilization
Reverse Engineering / Binary Analysis
Visual Basic 6
- Binary Reuse of VB6 PCode Functions - Avast 2021
One of my favorite things is binary re-engineering, specifically reusing code from malware as part of my solution to solving it. For this installment we are going to look at how to rip functions from a vb6 pcode executable and call them from our own C loader.
This 10 page paper includes samples and a custom utility to generate the necessary embedding data
This is part of what came out of an 8 month long research project into the vb6 file format and pcode instruction set.
This paper has been published on the Avast Decoded blog. (local pdf, code)