• Welcome to Valhalla Legends Archive.
 

Can VB 6 be decompiled

Started by DeTaiLs, April 02, 2004, 03:52 PM

Previous topic - Next topic

Adron

Sounds like dotfuscator makes code inefficient, and sounds like reversing dotfuscated code just requires making a list of what changes they can do and reverse them. Just look at anywhere you see a lot of overloading and fix that... ;)

Banana fanna fo fanna

Inefficient? Not really...maybe an extra step in compilation but that's it.

iago

It's really no worse than everything being stored in eax, ebx, etc.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


K

Quote from: Adron on April 10, 2004, 05:50 AM
Sounds like dotfuscator makes code inefficient, and sounds like reversing dotfuscated code just requires making a list of what changes they can do and reverse them. Just look at anywhere you see a lot of overloading and fix that... ;)

You could try that, but you still wouldn't have the originial function names.  I'm not saying its secure, but for non comercial applications I think it's fine.  You just have to be careful not to let it rename things that you rely on the names of; I ran into a problem with this when I accidentally allowed it to rename my CharacterClasses enumeration in a Diablo 2 character editor, when I frequently used the string representation of the enumeration value as a display.  "Character class: ΓΏ"  doesn't convey information too well.

iago

You have no need for an obfuscator if you write open source code.  That's my solution :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Banana fanna fo fanna

No matter what anyone says, you won't make money :)

iago

Quote from: St0rm.iD on April 10, 2004, 04:38 PM
No matter what anyone says, you won't make money :)

What, off opensource or closedsource?  I'm not sure whether you're making fun of opensource or vb or what.

In defense of opensource, it's great for personal projects but I can see how it would be a problem with commercial projects.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Adron

Quote from: St0rm.iD on April 10, 2004, 08:58 AM
Inefficient? Not really...maybe an extra step in compilation but that's it.

It obviously changes the program when represented as .net bytecode, adding new classes and more code. Are you saying that all of its changes can be optimized away when generating the machine-specific representation?

Adron

Quote from: K on April 10, 2004, 02:17 PM
You could try that, but you still wouldn't have the originial function names.  I'm not saying its secure, but for non comercial applications I think it's fine.

Ah, I didn't know .net stored the original function names in its compiled form. I had assumed any non-exported function/variable names were gone already.

hismajesty

I beleive you can ask Microsoft to do it, for a fee.

Networks

#25
Wow after searching about a day straight for the reverse engineering and searching through many other boards I have concluded that their some decompilers but they aren't as great as you may think. There are 1 - 2 that are ever remotely decent one called VB RezQ but you must buy it for the full version and this will not show you functions of any sort and its really not what you want unless you truly want help to get your program back.

My Conclusion:
There aren't any REAL VB6 decompilers but there things that will help you if you need to find a properties of one of your controls.

Basically you won't find anything that'll be even close to the source in vb6 so don't waste your time since I have.