Results 1 to 7 of 7

Thread: Scripting arbitrary vb6 applications

  1. #1

    Thread Starter
    Frenzied Member
    Join Date
    Jun 2015
    Posts
    1,057

    Scripting arbitrary vb6 applications

    This article may be of interest to people here:

    Gain script access to any compiled Visual Basic 6 executable. Accomplished by instrumentation of the runtime and utilizing design features of the language.

    https://decoded.avast.io/davidzimmer...-applications/
    Last edited by dz32; May 22nd, 2023 at 10:59 AM.

  2. #2
    Frenzied Member
    Join Date
    Aug 2020
    Posts
    1,421

    Re: Scripting arbitrary vb6 applications

    Very useful information

  3. #3
    Addicted Member
    Join Date
    Dec 2021
    Posts
    144

    Re: Scripting arbitrary vb6 applications

    Quote Originally Posted by dz32 View Post
    This article may be of interest to people here:

    Gain script access to any compiled Visual Basic 6 executable. Accomplished by instrumentation of the runtime and utilizing design features of the language.

    https://decoded.avast.io/davidzimmer...-applications/

    Video: https://youtu.be/InF2FfzZUOs

    In other unrelated news, if you were ever interested in how vb6 lays out form controls and their properties, there is a new paper on that as well:

    http://sandsprite.com/blogs/files/Pa...m_Controls.pdf

    and related video

    https://www.youtube.com/watch?v=sy3QQWoQdLM
    Hello dz32,

    In the link https://decoded.avast.io/davidzimmer...-applications/

    How is the vbApp initialized in dll.cpp.

    The two classes of TestApp are made public.
    But how to create their object so that they can be used in the project.


    Thanks

  4. #4

    Thread Starter
    Frenzied Member
    Join Date
    Jun 2015
    Posts
    1,057

    Re: Scripting arbitrary vb6 applications

    Vb app initialization is discussed in the paper and you can search for it in the source code. The runtime initializes it and we just store a copy in an early hook at process startup

    If the classes are held as public members on a form then you can just access the class through the forms collection. There are sample scripts provided for this.

    Code:
    ‘Test.vbs
    Set o = GetObject("remote.forms")
    Set f = o.Item(0)
    WScript.echo Hex(f.pubClass.classMeth("remote class hi"))
    If you need to create your own instance of a new class, or want to use a specific instance of an existing class, both of those are now possible and the capability has been added to vbdec see the following paper for more details

    http://sandsprite.com/blogs/files/VB...d_teardown.pdf

    I think this video covers it as well

    vbdec: live class instances and remote app scripting
    https://youtu.be/InF2FfzZUOs

    Here is a sample script:
    Name:  1D03763A-D5F7-4F31-A543-38C485132DD4.jpg
Views: 294
Size:  23.8 KB
    Last edited by dz32; Feb 6th, 2023 at 04:57 PM.

  5. #5
    Addicted Member
    Join Date
    Dec 2021
    Posts
    144

    Re: Scripting arbitrary vb6 applications

    Quote Originally Posted by dz32 View Post
    Vb app initialization is discussed in the paper and you can search for it in the source code. The runtime initializes it and we just store a copy in an early hook at process startup

    If the classes are held as public members on a form then you can just access the class through the forms collection. There are sample scripts provided for this.

    Code:
    ‘Test.vbs
    Set o = GetObject("remote.forms")
    Set f = o.Item(0)
    WScript.echo Hex(f.pubClass.classMeth("remote class hi"))
    If you need to create your own instance of a new class, or want to use a specific instance of an existing class, both of those are now possible and the capability has been added to vbdec see the following paper for more details

    http://sandsprite.com/blogs/files/VB...d_teardown.pdf

    I think this video covers it as well

    vbdec: live class instances and remote app scripting
    https://youtu.be/InF2FfzZUOs

    Here is a sample script:
    Name:  1D03763A-D5F7-4F31-A543-38C485132DD4.jpg
Views: 294
Size:  23.8 KB
    Hello dz32,

    In the link http://sandsprite.com/blogs/files/VB...d_teardown.pdf

    there is only partial snapshot of int HandleIPCMsg(char* m_msg) function .

    Can you show me the complete part describing the class object creation from objptr
    and then calling the methods in the class object so that I can run pub_vbOpenScript project at https://github.com/avast/ioc/tree/ma...h/vbOpenScript by uncommenting the following line in dll.cpp.

    //retVal = HandleIPCMsg(m_msg);



    Thanks
    Last edited by smkperu; Feb 7th, 2023 at 05:14 AM.

  6. #6

    Thread Starter
    Frenzied Member
    Join Date
    Jun 2015
    Posts
    1,057

    Re: Scripting arbitrary vb6 applications

    Regptr stands for register pointer, it is not creating a new class. The objptr is already a live class instance discovered from the live class enumeration technique.

    I have not opensourced that feature yet. You must complete it on your own or just use the compiled open script dll included with vbdec see the ipc command format below

    Code:
    Function newObj(objName, rotName) As Long
        'new:HexObjInfo_or_objectName:ROTNAME
        SendIPC "new:" & objName & ":" & rotName
        If InStr(1, lastMsg, "NEWROT", vbTextCompare) > 0 Then newObj = 1
    End Function
    
    Function regPtr(ptr As Long, rotName) As Long
        'regptr:hex_objptr:ROTNAME
        SendIPC "regptr:" & Hex(ptr) & ":" & rotName
        If InStr(1, lastMsg, "REGPTR", vbTextCompare) > 0 Then regPtr = 1
    End Function
    The video shows the entire process how to use it. You can figure it out with study. I am tired no more answers.
    Last edited by dz32; Feb 8th, 2023 at 12:43 PM.

  7. #7
    Addicted Member
    Join Date
    Dec 2021
    Posts
    144

    Re: Scripting arbitrary vb6 applications

    Quote Originally Posted by dz32 View Post
    Regptr stands for register pointer, it is not creating a new class. The objptr is already a live class instance discovered from the live class instanced technique.

    I have not opensourced that feature yet. You must complete it on your own or just use the compiled open script dll included with vbdec you can see the ipc command format in the screen shot or watch the raw messages in the vbdec script remote process form as you run a script command using the remote object in the script automation form.

    I’m tired no more answers. You can figure it out with study
    Hello dz32,

    Thankyou for the support.

    Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width