p-code is the intermediate code that was used in Visual Basic (before .NET). I would like to know where I can find resources/tools related to analysis of these virtual machine codes.
Asked
Active
Viewed 3.8k times
15
-
about P32Dasm , on their page, they mention "IDA Visual Basic debugger plugin" for debugging with IDA , but this plugin is impossible to find... does anyone know about this? – George Dima Aug 25 '13 at 13:49
-
Here's an old RE-Reddit thread asking a similar question http://www.reddit.com/r/ReverseEngineering/comments/djhb7/tools_for_reversing_vb/ – alexanderh Aug 29 '13 at 23:20
3 Answers
16
Alex Ionescu, co-author of the latest "Windows Internals" book and contributor to ReactOS, wrote a good paper on the topic of VB decompilation quite a while ago. Here the direct link to the PDF (originally from http://www.alex-ionescu.com/vb.pdf).
The paper documents the structures and constants of the file format itself and probably goes a long way in accompanying the information on the opcode list from the other answer.
0xC0000022L
- 10,908
- 9
- 41
- 79
12
They are some tools can be useful in reversing p-code binary
vb-decompiler lite (free ver): very good decompiler can be download from vb-decompiler official site
P32Dasm: another p-code decompiler see here and see below of page how they debug p-code with IDA
WKTVBDE: p-code debugger, I don't work with it but good to try, to download search tuts4you.com site
Arash
- 229
- 1
- 8
