Category:Digital-Forensics/Computer-Forensics/Disassembler/VB
Jump to navigation
Jump to search
| You are here | VB
|
Description
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Native code vs p-code
Visual Basic (VB) executables come into two flavors:
| Flavor | Compilation | Debug | Disassemble / Decompile |
|---|---|---|---|
| native | native machine language | OllyDbg, IDA-Pro | IDA-Pro |
| p-code | bytecode interpreted by the MSVBM at runtime | VB-Decompiler (pro) and WKTVBDE | VB-Decompiler |
| Native code | p-code |
|---|---|
|
|
A MicroSoft Visual Basic Virtual Machine (MSVBVM) is used to translates p-code to processor's native machine-code. It consists in a DLL that is loaded by the executable: MSVBVM50.dll (for VB5) or MSVBVM60.dll (for VB6).
Pages in category "Digital-Forensics/Computer-Forensics/Disassembler/VB"
This category contains only the following page.