VB Decompiler

Libor · New User Joined: 11 Aug 2004 Posts: 13

seems that nobody on this site is interested in disassembling msvbvm60.dll or vba6.dll....
I think those DLLs could contain interesting and helpful functions....

Dr Memory · Expert Joined: 16 Aug 2004 Posts: 147 Location: Surrey, UK

621,021 lines in my MSVBVM60.lst file ...

Not interested in VBA6.dll myself, though .......

ionescu007 · Sometimes here Joined: 21 Aug 2004 Posts: 33

I've disassembled 65% of ThunRTMain...a huge part of the runtime are each of the native controls (I've found a table describing them all) and their handlers/events/methods/properties. The rest are simple COM/OLE functions that could simply made into stubs calline oleaut32. Most of the array/string types in VB are actualyl OLE and documented.

Best regards,
Alex Ionescu
Kernel Developer, ReactOS
President, Relsoft Technologies

Libor · New User Joined: 11 Aug 2004 Posts: 13

Do you know some Eb* functions?
e.g. EbExecuteLine - http://www.tek-tips.com/faqs.cfm?fid=492
It is quite interesting.

Dr Memory · Expert Joined: 16 Aug 2004 Posts: 147 Location: Surrey, UK

They are VBA interface routines aren't they? They'd turn into VBA's pcode?

Cheers, Alex, but why only 65% ???? Borg freeware did the whole thing in about 10-15 minutes.

ionescu007 · Sometimes here Joined: 21 Aug 2004 Posts: 33

I don't see how any company/person can transform 300KB of ASM code into over 2500 lines of compilable C Code in 15 minutes. Few people can write 2500 lines of C in an hour from their own head, much less from ASM. Are you sure we are talking about the same thing?

Best regards,
Alex Ionescu
Kernel Developer, ReactOS
President, Relsoft Technologies

Libor · New User Joined: 11 Aug 2004 Posts: 13

Yes, they are. VB IDE uses this dll too.
Call it (Eb*) like normal API.

ionescu007 · Sometimes here Joined: 21 Aug 2004 Posts: 33

Libor, I was referring to Dr's post, although I just realized he was joking around...I think.

Best regards,
Alex Ionescu
Kernel Developer, ReactOS
President, Relsoft Technologies

Dr Memory · Expert Joined: 16 Aug 2004 Posts: 147 Location: Surrey, UK

Alex,

Libor was responding to my qn about Eb functions, I think!

Re: terminology, my apologies, I just seem to be using the wrong lexicon!

By "disassembling" I was referring to the process of producing a symbolic assembler listing, suitably cross-referenced and symbolised, etc, as Borg does .... it can be "re-assembled"

Coming up to a HLL, even C, I'd call "decompiling", a far harder task obviously ... if you're decompiling MSVBM60 into "C", your times d make much more sense!

Cheers

ionescu007 · Sometimes here Joined: 21 Aug 2004 Posts: 33

No you're right, it's my fault for not having said decompiling.

In other news, I've spent the whole night proving that most of the -1 "flags" or starting "nulls" in the structures are because those values are hardcoded or removed to 0 (Basically each heap has a pointer to the master heap as its first element. the compiler sets this to 0 when compiling, so many of the object structures start with a null because of this). Most of the 0xffffffff are also hard-coded and will never change. I suspect they are "reserved" values for future versions of VB that never came out.

Best regards,
Alex Ionescu
Kernel Developer, ReactOS
President, Relsoft Technologies

Dr Memory · Expert Joined: 16 Aug 2004 Posts: 147 Location: Surrey, UK

That's a relief .... cheers!

Dr Memory · Expert Joined: 16 Aug 2004 Posts: 147 Location: Surrey, UK

BTW, why C? Why not compile it back into something readable?

Libor · New User Joined: 11 Aug 2004 Posts: 13

...something more readable...VB

Alex-did you uncover what happens in DLLMain (msvbvm60.dll)? Or you are working only on ThunRTMain?

ionescu007 · Sometimes here Joined: 21 Aug 2004 Posts: 33

C is very readable..... VB just makes things ugly. What looks simpler to you...

{
PVB_HEADER Header

MessageBox (ULONG_PTR)Header +Header->bSZProjectName
}
or...

{
Declare function lstrlenA lib kernel32 src origin...
declare function lstrcpyna lib ....
Dim Header as VB_HEADER
Dim TempString as String, StringLen As long

RtlMoveMemory Header, HeaderPtr, Len(Header)
StringLen = lstrlen(HeaderPtr + Header.oProjectName)
TempString = String$(StringLen, 0)
lstrcpyn(TempString, StringLen)
Msgbox TempString
}

Libor: DllMain is a sub-part of thunRTmain, it will be easy.

Best regards,
Alex Ionescu
Kernel Developer, ReactOS
President, Relsoft Technologies

Dr Memory · Expert Joined: 16 Aug 2004 Posts: 147 Location: Surrey, UK

Just for interest's sake, here's a screenshot of my little runtime function.

Here I've just taken my old "Process/Module Viewer" and added an option to disassemble any function I click on in the exports window.

Notes:

golem · Often here Joined: 18 Nov 2002 Posts: 73

EbExecuteLine interesting... Quite interesting. Really? What exactly can you do with it?

A quick search only shows VB5/6 declaration statements for EbExecuteLine curiously devoid of any actual code/usage.

C more readable than VB. THAT is funny (in a WORN kind of way )!

>seems that nobody on this site is interested in disassembling
>msvbvm60.dll or vba6.dll....
Au contraire... Way back when JosephCo et al were with us they refused to share any of their hard fought info (or tools/methodology) and is the only reason we don't have a Level 10 capable (100% ) VB5/6 decompiler...

I seem to recall that some of us actually thought we could take VB5/6 to Linux. No really!

Carry on!
golem

_aLfa_ · Posted: Thu Aug 26, 2004 4:33 pm Post subject: Re: EbExectuteLine...

[="golem":2573ub3x]Au contraire... Way back when JosephCo et al were with us they refused to share any of their hard fought info (or tools/methodology) and is the only reason we don't have a Level 10 capable (100% ) VB5/6 decompiler...[/:2573ub3x]

Well, I never saw many info from you either; only some nice thoughs but nothing that could help us making a better decompiler
_________________
One thing only I know, and that is that I know nothing. (Socrates)

golem · Often here Joined: 18 Nov 2002 Posts: 73

>I never saw many info from you either
Are you sure that is the story you want to go with?

You are on a roll Alfa. Been watching your rapid progress the last few weeks.

Have you considered xrefing ((exe) offsets to) your structures definitions to your 'sample' programs? ( Like gDL does automagically... )

Carry on!
golem

_aLfa_ · Posted: Thu Aug 26, 2004 6:00 pm Post subject:

My rapid progress?
I've been away for more than 1 year

I do like your gDL (at least the idea, because I never 'saw' it working), we are trying to do a better gDL (this time online) and with your knowlegde maybe you could help (2 heads thinking are better than 1)
_________________
One thing only I know, and that is that I know nothing. (Socrates)

Dr Memory · Expert Joined: 16 Aug 2004 Posts: 147 Location: Surrey, UK

[="golem":2osak3xl]C more readable than VB. THAT is funny [/:2osak3xl]

I think I like golem ...

Dr Memory · Expert Joined: 16 Aug 2004 Posts: 147 Location: Surrey, UK

We could run a conference for a week on this subject alone ....

Hey, not a bad idea .......................... Amsterdam is nice at this time of year

ionescu007 · Sometimes here Joined: 21 Aug 2004 Posts: 33

I got a VB app running inside ReactOS with a custom-written runtime (5KB!) so it's perfect feasible. At least anything that won't use forms.

Best regards,
Alex Ionescu
Kernel Developer, ReactOS
President, Relsoft Technologies

Libor · New User Joined: 11 Aug 2004 Posts: 13

EbExecuteLine - example code
http://www.freevbcode.com/ShowCode.Asp?ID=1901

golem · Often here Joined: 18 Nov 2002 Posts: 73

Thanks for the url Libor.

>What exactly can you do with it?
Let me rephrase... Has anyone been able to do do anything useful with EbExecuteLine? An example might be like making hidden info available or gaining programmatic access to the IDE or (insert some exotic hackerish decompiler writer concept here )?

> At least anything that won't use forms.
I think I HURT myself...

Carry on!
golem

Dr Memory · Expert Joined: 16 Aug 2004 Posts: 147 Location: Surrey, UK

You realise it's IDE only?

Libor · New User Joined: 11 Aug 2004 Posts: 13

..stop...it was only an example of one interesting function
i wanted only to say that there could be more interesting functions like that one

Dr Memory · Expert Joined: 16 Aug 2004 Posts: 147 Location: Surrey, UK

Sorry, Libor, the dog, or AOL, ate the bit where I had said "That's fascinating ... "

It'd be interesting to find one that returned the pcode maybe

Or perhaps a way to manufacture a Debug object at runtime? Imagine showing a debug window (I mean a real VB one) from an EXE, that'd be exotic .....

golem · Often here Joined: 18 Nov 2002 Posts: 73

Stop! Stop what? Asking questions... Never going to happen Libor.

It's all a matter of pushing the envelope. Your pointing out EbExecuteLine is BEYOND fascinating.

>You realise it's IDE only?
Access to the full symbol set, on the fly code changes (mostly , on the fly break, on the fly debug...

Is there any other way to run VB?

Let's review where we are (vis-a-vis EbExecuteLine)...

On the surface it provides no more capability than crtl-breaking to debug immediate window AND these 'RE' discussions/forum entries found on the net don't really do anything more than parrot what everyone has 'discovered' about this DLL entry, with my apologies to the first RE.

Let's scrap the veneer off of this thing. It's not like MS publishes an API doc on how to use these 'internals', no? This thing smacks of a prior RE effort. What we have is someone grabbed the library call name... Deciphered that there are 4 parms, only 2 of which have even been named. If either of these two longs are input options for... and masked...

Sure leaves a lot of room for Hmmm...s.

I don't know... Consider in the IDE. You can make code changes on the fly, that I have yet to see be duplicated with the type of transparency (to the IDE user ) and ease of use in any other environment.

While a program is loaded and running, the IDE user can interrupt the execution, say via a breakpoint, and ADD A LINE OF CODE and then resume...

Implications?

There is sure a lot of the internals of the IDE that haven't been explored... In fact, I would go so far as to say it is virtually unexplored. Is EbExecuteLine the start of a bread crumb trail in this quest to map out the IDE or just a mere minor curiousity?

Carry on!
golem

Dr Memory · Expert Joined: 16 Aug 2004 Posts: 147 Location: Surrey, UK

You'll have noticed a project reset is required for some changes, like anything that changes the symbol table - VBA is, I suspect, merely providing the same service to the IDE that it does to others, it's a dynamic interpreter...

I imagine a symbol table is defined, then EbExecuteLine can be called over and over while that table is valid...

You can insert any line on the fly because the source is just a linked list array of strings, so it's no problem - until you invalidate the current symbol table...

I read somewhere that VBA and VB6 pcode is different - it's probably just that there are special opcodes for the IDE, and for pcode runtime, maybe?

Dr Memory · Expert Joined: 16 Aug 2004 Posts: 147 Location: Surrey, UK

It's all COM of course - I doubt you are actually meant to call it directly, but via some interface on an object (the symbol table or context perhaps?) - project reset is trash current object and create new one...

Alex said over on another thread that the compile-time COM stuff is all generated by VBA6.dll .... that is interesting

ionescu007 · Sometimes here Joined: 21 Aug 2004 Posts: 33

VBA6.dll is three things:

1) A Mini-Runtime for VBA files (includes stuff like rtcMessageBox, rtcBeep and other rtc (RunTime Calls).

2) The Internal VB Compiler (it creates all the structures)

3) The VB Interpreter in IDE. (Eb calls)

Best regards,
Alex Ionescu
Kernel Developer, ReactOS
President, Relsoft Technologies

vbgamer45 · Posted: Sun Aug 29, 2004 1:46 am Post subject:

Internal VB Compiler hmm. Got to check that out.

golem · Often here Joined: 18 Nov 2002 Posts: 73

And?

Carry on!
golem

ionescu007 · Sometimes here Joined: 21 Aug 2004 Posts: 33

vbgamer45: Where do you think I'm getting all the proper values for the strutctures for the compiler from, as well as knowing when something is "IDE use only"? It's all in VBA.

Best regards,
Alex Ionescu
Kernel Developer, ReactOS
President, Relsoft Technologies

golem · Often here Joined: 18 Nov 2002 Posts: 73

Please God, I just want to be like all of the other people!
What's that? Stupid, petty, AND vindictive...

Carry on!
golem
Head gNonsense Developer AND
Supreme Commander
Igotnu Thin Technologies

AND here I thought we were going to be friends.

sarge · Moderator Joined: 24 Sep 2002 Posts: 194

Reminds me of a previous MB where I used to hang out...

Sarge

_aLfa_ · Posted: Sun Aug 29, 2004 2:11 pm Post subject:

" title="Laughing" />
_________________
One thing only I know, and that is that I know nothing. (Socrates)

golem · Often here Joined: 18 Nov 2002 Posts: 73

AND? Where was I?

>a project reset is required for some changes
Yes, absolutely true.

>like anything that changes the symbol table...
Yes and no.

For example:

(Within the context of a subroutine, the local variable declarations while a program is executing, in break )

Add in a new variable declaration at the end of the list > Works.
Add in a new variable declaration at the beginning of the list > Works.
Add in a new UDT variable declaration at the end of the list > Works.
Change variable name > Nope.
Change variable type > Nope.
Remove a newly added variable declaration (not yet referenced ) > Nope.
Touch anything (even the leading space count) on a UDT declaration/Redim > Nope (AND a real clue )

>until you invalidate the current symbol table...
One can only hazard a guess (Any 'proper' confirmations? ) that Docs should be tweaked to read to say something like...

>until you invalidate the current dynamic symbol table...
Sorry Doc, I didn't get it quite right, but I think you get the point...

You CAN make on the fly additions to the symbol table. Wow!

>VBA6.dll is three things:
>1) A Mini-Runtime for VBA files
Nah! (gn) . Nothing 'Mini-' about it. More like:

1) VBA Runtime.

Slightly different environment VB IDE vs VBA. If anything it just seems like VBA, operating within other applications, would by necessity have to have more extensions, but it seems the IDE should have access to the same basic capabilities via GetObject/SetObject...

With almost no exposure to VBA, I just don't know.

>I read somewhere that VBA and VB6 pcode is different
A quick line count of the pcode opcodes yields the number 1332 (for VB5 and including the VB6 'extensions' ). Maybe a better way to describe might be that the environments share a core of the same opcodes but have their own ranges of opcodes to support certain types of extended capabilities. (Based on my limited research ).

After all consider the typical opcode...

Mnemoic Operand(s) [(Environment)]

In fact, there is some evidence 'VB' was ported/setup up to run in other environments... Based on the 'labels'. There was a/some 'Apple'? (Thank you Anna ) opcodes. Can't seem to locate them at this moment... (Don't you just hate it when that happens? ).

Carry on!
golem

Dr Memory · Expert Joined: 16 Aug 2004 Posts: 147 Location: Surrey, UK

Here's my new Christmas wish list:

New Harley[/*:m:20e5hlre]

A compiler generator! [/*:m:20e5hlre]

Nothing flash!

I dream up the new VB statements or expressions I want while I'm in the bath - so I reach for the laptop

... it falls in the bath, but I have a backup ...

... I run the tool, ULTIMATE VB6, I type some BNF off the top of my head into the SYNTAX window, tap-tap-tap, some sort of code template spec in the other, click-click-click, press a button, thud, groan ...... forgot to adjust the SEMANTICS switches, try again, YES, here we go ..... hey presto ......

.... I click on the old "hammer and Tongs" icon to start the IDE, and I am in the brand new SDK!

What a stunt! Now THAT would rock the Doctor's socks, I can tell you!

_aLfa_ · Posted: Sun Aug 29, 2004 5:34 pm Post subject:

o_O
_________________
One thing only I know, and that is that I know nothing. (Socrates)

Dr Memory · Expert Joined: 16 Aug 2004 Posts: 147 Location: Surrey, UK

Does that mean you already got one???

Anna Wrecksit · New User Joined: 16 Jan 2004 Posts: 3

[="golem":3tz2t0zi]
In fact, there is some evidence 'VB' was ported/setup up to run in other environments... Based on the 'labels'. There was a/some 'Mac'(/Apple?) opcodes. Can't seem to locate them at this moment... (Don't you just hate it when that happens? ).
[/:3tz2t0zi]

The AppleScript references come from VBA's origins in Excel (v4 IIRC?). They lived on when VB was rewritten (VB 4) based on VBA. Excel was cross-platform, but I don't think VB was ever ported back to the Mac.

Anna