Decompiler

Anyone know where I can get a good decompiler for VB6? There was this program on my computer which deleted my win.com file. Luckily I have two computers and a spare floppy. I just want to decompile this (if I can) so I know what else it has done.

Decompiler for VB6 you can forget about. But, if you are willing to take the risk of deleting win.com again, you can try and find SmartCheck. It allows you to view the VB Code as it executes, etc. It also incorporates itself into VB's IDE. Pretty cool.

SmartCheck is produced by NuMega. I don't think it's available on their site though. And your program might incorporate ways of detecting SmartCheck, and Then it doesn't execute.

Nah, I think I will just leave it how it is. But I think it might delete the win.com every time Windows closes, so I think I'll make a program to put it back in. That way I can't lose!

Why don't you make a backup of win.com and try it then?
Or e-mail me the other program, and i'll check it for you?
If you want.

Let me know, and i'll post my e-mail address

Yeah OK I'll send it to you.

This program is only 8 kb. I made a program like that size but all it did was beep at random times to piss the user off. Wasn't that clever because you could just play an MP3 or something in the background.

Anyway don't forget to post your e-mail address, or if you don't want to post it in public, send an e-mail to [email protected] and I'll reply.

I need a decomiler for VB6 too, but what and where is the win.com file and can i get my source back ?

Try searching some warez sites. They might have it.

If you find a decompiler for vb the person that wrote it must be a god.

PsyVision, you Win.com file is necessary to boot Windows, and it is found in your C:\Windows\ directory. I suggest you make a backup of it now, unless you have two computers with Windows on it.

Go to http://www.sub-list.com/ they have links to thousands of Warez sites like Hacking, Cracking, Movies, Games, Apps etc...

Other warzes sites are

http://www.warez.com
http://www.dw2000.com (if doesn't work try .net)
http://www.totalwarez.net

USE a hex editor, and open the program in it.

In the imports section search for the string
(must be there) "w i n . c o m " in it and
rename it to something like "f o o . c o m" .
so that the program deletes foo.com instead of
win.com. &:-)

Using warez is piracy ! BEWARE

Howdoes this help me get my source back though ?

Hex Editing doesn't get your original source code back.

If you had deleted it, just use Recover98 (www.recover98.com) to get your source code back.

what was the name of the program that deleted your win.com?
and what was the program "advertised" to do?

I'll try recover coz the win.com file is still there i just wiped the code

did u scan this program with a current and up to date virus scanner. I got a virus on my computer that corrupted the explorer.exe file. it might be a virus in this file.

This program is called "-lsb-jpg.scr" obviously meaning "Lesbian JPEG". It's not a virus because it came up with a Run-time error, saying something about an invalid API call.

What does VB compile programs into? Somebody told me it was Assembly, and if it is and you can read it then let me know!

I tried scanning it with a Trojan and Virus scanner but they both found nothing. This was just a new release thing which won't get very far.

I dont think there is a way to successfully decompile a VB6 executable.

However, if you visit http://www.sysinternals.com there are some great utilities which could help you.

The two which could help in this instance is FileMon And RegMon. They will record any Filesystem operations or Registry operations. So when you run the executable you will get a list of what files it reads/edits as well as what files it looks for but arnt actually there. You also get the same sort of response for the registry.

As I said before, yes, you can decompile it, but it will be in Assembler code, not VB code.

Actually, that is technically not decompiling, it's disassembling. SmartCheck is pretty nice, but if you plan on using it, prepare to spend the day going through your code. It's VERY thorough. I've used it on several occasions. To me, it's just not worth the time it takes.

Quote:

---

Originally posted by NeilAvent

The two which could help in this instance is FileMon And RegMon. They will record any Filesystem operations or Registry operations. So when you run the executable you will get a list of what files it reads/edits as well as what files it looks for but arnt actually there. You also get the same sort of response for the registry. [/B]

---

Does this save it into a log? Because if it doesn't it is pretty much useless as after this program deletes the Win.com file (and others) it shuts down you computer automatically, force quitting all open applications.

How did you get your font to have serifs on it?

I suppose you can just use the quote things. Like this:
[ quote ]
and
[ /quote ]

removing the spaces from each one. There is also [ code ] and [ url ] and more. I don't know about them though, and this thread is supposed to be about a Decompiler!

actually if it is a .scr then it could have a virus because .scr is only a .exe with a different name. it could have vbscript in it and that could be a virus.

Dreamlax
On your last post, you had fonts with the serifs, is there a code you put to do it?

Code:

---

Testing

---

[b]

Code:

---

Testing

---

Quote:

---

Originally posted by Megatron
Dreamlax
On your last post, you had fonts with the serifs, is there a code you put to do it?

Code:

---

Testing

---

Code:

---

Testing

---

---

whats a serif?

[ quote ] [ i ] stuff [ / i ] [ / quote ]
might do it....

Nah, I don't think it is a virus because it hasn't done any more damage. It's one of those programs that only does it once and then is supposed to delete itself. But I think this one couldn't delete itself because it gave a runtime error and an Invalid API call error.

Also, how do you delete an open application? Would Kill do it?

i.e.

Code:

---

Kill "C:\Dreamlax\open_exe.exe"

---

Or is there something else you have to do?