In this paper we will detail a novel way to gain script access to any compiled Visual Basic 6 executable.
This task is accomplished by instrumentation of the runtime and utilizing innate design features of the language.
VB6's IDispatch implementation reveals full function prototypes for internal forms and classes. Let's learn how to recover and extract them.
Reusing binary code from malware is one of my favorite topics. Binary re-engineering and being able to bend compiled code to your will is really just an amazing skill. Allow me to show you the way
Writing a debugger for VB6 P-code has been something I have always wanted to do. Come and let me show you, how far the rabbit hole goes.
Reversing the VB6 in general, and P-Code in particular, has always been a problem area. Let's reveal the inner depths of VB6 P-Code disassembly and the VB6 runtime
Code obfuscation is one of the cornerstones of malware. The harder code is to analyze the longer attackers can fly below the radar and hide the full capabilities of their creations. Code obfuscation techniques are very old and take many many forms from source code modifications, opcode...
This is part one in a series of posts that focus on understanding Visual Basic 6.0 (VB6) code, and the tactics and techniques both malware authors and researchers use around it.