Tools WhitePapers Our Open Source Projects Blogs Contact Us
VBDec


VbDec is a free VB6 P-Code Disassembler and debugger.

Features:
  • List structs, api, function names and offsets for all Vb6 binaries
  • Generate IDA scripts for functions and structures
  • Determine prototypes for public members
  • Properly disassemble and resolve most common VB6 P-code
  • Basic native disassembly engine for quick viewing
  • Powerful search UI for code, funcs, strings, opcodes, and structures.
  • Live debugging of P-Code exes w/ single stepping, breakpoints etc.
  • Live stack display with diffing to highlight changes
  • Data viewer for Variant, Date, Array, etc
  • Memory window displays data for multiple types with click navigation
  • Ability to persistently patch memory, nop instructions
  • Modify stack values and reset EIP in the debugger.
  • Disassembly viewer supports renaming functions, adding comments
  • Click to navigate functions in disasm and esc go back in history
  • Ability to resolve class names from live object pointers in debugger
  • COM aware: dynamically lookup libraries and resolve function names
  • Export disassembly to database
  • Explore VB6 internal structures, calculate offsets
  • Constant pool viewer to manually explore data
  • Explore hidden native stubs included in all VB6 executables
  • Can be automated through a plugin framework or Javascript
  • Script editor supports syntax highlighting and basic intellisense.
  • Supports command line execution


Screen shots (Click to enlarge)

COM Support
Const Pool Viewer

Data Viewer w/Array
Data Viewer w/Date

Patch/Nop Interface
String references


Special thanks goes out to VBGamer45 for his work on the open source Semi VB Decompiler ,Mr Silver & Mr Snow for their articles on WKTVB Debugger, all the reversers from the vb-decompiler.theautomaters.com message board. There are also several articles in my Papers section of interest. Thanks again to all the reversers who contributed a ton of hard work to get us where we are today.

Download

If you want some pcode files to test against here are a bunch with source.

There are also a couple large open source projects in there such as pdfstreamdumper, scivb2.

Note: Disassembly will be improved with the dependancies installed.