Valhalla Legends Archive

Is it even possible to turn a Binary code or w/e from HeXedit workshop to a VB form of code so you can edit certain programs?
and if I do what would the extension be?

I recommend that you have this post deleted and act as if it never happend.

What you're looking to do is called disassembly.  There are some VB disassemblers, but they work only on executables written in Visual Basic.  If you're truly interested in doing this sort of thing (as in, more than hexing your name into a program), I suggest taking EvilCheese's Reverse Engineering class.

The level of abstraction provided by higher programming languages (C/C++/VB) is not preserved once the code is compiled to machine code.

This means that while your basic operations and logic are how you wrote them, the handling of your variables and logic structures is entirely unlike what you see in your sourcecode.

Higher languages use many devices to allow the programmer to more easily conceptualise (and thus write) complex algorithms and procedures.

A compiler takes these and reduces them down to opcodes which the processor understands directly. Named variables become merely bits of data stored in the stack/heap/registers, and your if while do and select statements become a series of conditional jumps and jump tables.

In general, the more abstract the programming language used to develop the original application, the harder it will be to reverse engineer it to anything approaching the original format, as many abstraction devices merely "cease to exist" at that level.

Add into that the fact that most modern compilers add their own optimisations to the produced code, and you face quite a hard (but extremely fun) task.

As Cuphead pointed out.... if you want a good starting point for learning to do this.. you might want to check out the course I'm running on it

Check the post in CupHead's member forum for details.

If the program was written in VB3, there is an excellent disassembler you might find somewhere by using google (something like "dodo" or similar, don't remember exactly).

For any version of VB newer than VB3, it's impossible to make such an accurate disassembly, because of the way the compiler was redesigned.

a = b + c
in c becomes:
mov a, b //note that a and b represent registers
add a, c
this is nearly impossible to reverse because, once all of the work to get rid of variables and use registers/the stack/heap is done, the asm becomes a sort of word jumble: there are only so many registers, so the compiler must either store information directly in memory, or swap out registers with information in memory. furthermore, variable names and comments would be impossible to preserve.

in vb, the code becomes:
push 1000h //4096ms
call __VBA_HOG_CPU
push [a]
push b
push c
call __VBA_ADD_STUFF_UP
call __VBA_RANDOM_RUNTIME_ERROR
while it is still impossible to preserve variable names and comments, its is (relatively) easy to reverse vb asm.


and to all you asm junkies, yes i do realise that a is a register in the c asm and not the vb asm

Quote from: Yoni on June 13, 2003, 04:59 AM
If the program was written in VB3, there is an excellent disassembler you might find somewhere by using google (something like "dodo" or similar, don't remember exactly).

For any version of VB newer than VB3, it's impossible to make such an accurate disassembly, because of the way the compiler was redesigned.

Lies!! VB4 and less can be disassembled.  I actually have a VB3/4 disassembler somewhere, I think, but I doubt that's useful to this guy.

Quote from: iago on June 13, 2003, 07:57 AM

Quote from: Yoni on June 13, 2003, 04:59 AM
If the program was written in VB3, there is an excellent disassembler you might find somewhere by using google (something like "dodo" or similar, don't remember exactly).

For any version of VB newer than VB3, it's impossible to make such an accurate disassembly, because of the way the compiler was redesigned.

Lies!! VB4 and less can be disassembled.  I actually have a VB3/4 disassembler somewhere, I think, but I doubt that's useful to this guy.

i think what you mean to say is that 3 and 4 have been done successfully. it would not be impossible to write a decent decompiler for 5/6.

[edit] decompiler not disassembler >.<

I think it's impossible to write a decompiler for 5 and 6 (otherwise, why isn't there one?)  But anything can be disassembled.

What about Numega SmartCheck?  I havn't really used it, but it's a debugger designed just for VB.

Nah SmartCheck isn't really a debugger.  It's a source code rules checker.  Nothing more than scanning the text and looking for rules violation.  Calls them errors if they find a violation.  Like, you can set a rule to require Mid$() instead of Mid(), so that you're not using the variant version.  Or, set the rule the other way!  The logic being the variants reduce errors in production applications.  SmartCheck comes with a few hundred rules, you can add more, edit or remove the exiting ones.

But! SmartCheck can do this on binaries (without source) which makes it somewhat valuable to reverse engineers too.

Quote from: iago on June 13, 2003, 06:03 PM
I think it's impossible to write a decompiler for 5 and 6 (otherwise, why isn't there one?)  But anything can be disassembled.

The earlier VB versions had two alternate forms for storing their source files - text or binary. The binary format was the same format as packaged inside the executable files generated by the VB compiler.

VB5 and VB6 support compiling native programs. Those programs will be about as hard as a C program to discompile. They also don't support loading binary source files, so if you want to write a discompiler for non-native (i.e. pcode) VB5/VB6 programs, you'd have to also write a binary-to-text converter for them.

All in all it'd be a lot more work than writing a discompiler for the earlier VBs was.

VB5/6 can be decompiled to a certain degree assuming you have the pcode ;p other than that, it becomes far too abstract to successfully decompile it.

NuMega SmartCheck does help yes, and does give you a more or less graphical view of whats going on behind the scenes *AS IT EXECUTES*

To put it plainly, no vb5+ decompiler exists on the market to date.

Yes you can dis*ASSEMBLE* anything, however decompiling is another story =)

With regards to the vb3/4 decompiler, search for "Dodi's Discompiler" on google -- And no, Discompiler is not a spelling mistake, that is what the individual named his actual application (assuming native tongue not english). It works successfully for Vb3 & Vb4.