VbDec is a VB6 P-Code Disassembler and debugger.
Features:
- Can Properly disassemble and resolve most common VB6 Pcode
- Live debugging of PCode exes w/ single stepping, breakpoints etc.
- Live stack display with diffing to highlight changes
- Memory window & data viewer for Variant, Date, Array, etc
- Ability to persistently patch memory, nop instructions
- modify stack values and reset EIP in the debugger.
- Disassembly viewer supports renaming functions, adding comments
- Click to navigate functions in disasm and esc go back in history
- Comprehensive search tools for strings, text, api references, etc.
- Ability to resolve class names from live object pointers in debugger
- COM aware: dynamically lookup libraries and resolve function names
- Export disassembly to database, or for standalone viewer app
- Standalone viewer to share disassemblies with non-licensed users.
- Explore VB6 internal structures, calculate offsets
- Constant pool viewer to manually explore data
- Can be automated through a plugin framework or Javascript
- Script editor supports syntax highlighting and basic intellisense.
Screen shots (Click to enlarge)
COM Support |
Const Pool Viewer |
Data Viewer w/Array |
Data Viewer w/Date |
Patch/Nop Interface |
String references |
VBDec is currently being reserved as an internal only tool. If you have
specific VB6 Reverse Engineering needs we can help. Contact us for more
details.
There are several demo videos
and blog posts
showing vbdec in action. Sample output and the standalone viewer are available to verified parties on request.
Automation script examples can be found here.
If you are new to VB reversing I have setup a dedicated section
of the site to get you started. Special thanks goes out to VBGamer45 for his work on the open source Semi VB Decompiler
,Mr Silver & Mr Snow for their articles on WKTVB Debugger, all the reversers from the vb-decompiler.theautomaters.com
message board, and all the other reversers who contributed a ton of hard work to get us where we are today.
|
|
