Category:Digital-Forensics/Computer-Forensics/Disassembler/VB

From aldeid
Jump to: navigation, search
You are here
VB

Description

Incomplete.png
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Native code vs p-code

Visual Basic (VB) executables come into two flavors:

Flavor Compilation Debug Disassemble / Decompile
native native machine language OllyDbg, IDA-Pro IDA-Pro
p-code bytecode interpreted by the MSVBM at runtime VB-Decompiler (pro) and WKTVBDE VB-Decompiler
Native code p-code
Vb-malware-native-code-example.png Vb-malware-p-code-example.png

A MicroSoft Visual Basic Virtual Machine (MSVBVM) is used to translates p-code to processor's native machine-code. It consists in a DLL that is loaded by the executable: MSVBVM50.dll (for VB5) or MSVBVM60.dll (for VB6).

Pages in category "Digital-Forensics/Computer-Forensics/Disassembler/VB"

This category contains only the following page.