Sandsprite Papers

VB6 P-Code / Reversing

Reverse Engineering / Binary Analysis

Visual Basic 6
|
- Binary Reuse of VB6 PCode Functions - Avast 2021
One of my favorite things is binary re-engineering, specifically reusing code from malware as part of my solution to solving it. For this installment we are going to look at how to rip functions from a vb6 pcode executable and call them from our own C loader.
This 10 page paper includes samples and a custom utility to generate the necessary embedding data
This is part of what came out of an 8 month long research project into the vb6 file
format and pcode instruction set.
This paper has been published on the Avast Decoded blog.
(local pdf,
code)
|