-
Jan 6th, 2023, 07:10 AM
#1
Scripting arbitrary vb6 applications
This article may be of interest to people here:
Gain script access to any compiled Visual Basic 6 executable. Accomplished by instrumentation of the runtime and utilizing design features of the language.
https://decoded.avast.io/davidzimmer...-applications/
Last edited by dz32; May 22nd, 2023 at 10:59 AM.
-
Jan 9th, 2023, 08:36 AM
#2
Re: Scripting arbitrary vb6 applications
-
Feb 6th, 2023, 02:26 AM
#3
Addicted Member
Re: Scripting arbitrary vb6 applications
Originally Posted by dz32
Hello dz32,
In the link https://decoded.avast.io/davidzimmer...-applications/
How is the vbApp initialized in dll.cpp.
The two classes of TestApp are made public.
But how to create their object so that they can be used in the project.
Thanks
-
Feb 6th, 2023, 11:05 AM
#4
Re: Scripting arbitrary vb6 applications
Vb app initialization is discussed in the paper and you can search for it in the source code. The runtime initializes it and we just store a copy in an early hook at process startup
If the classes are held as public members on a form then you can just access the class through the forms collection. There are sample scripts provided for this.
Code:
‘Test.vbs
Set o = GetObject("remote.forms")
Set f = o.Item(0)
WScript.echo Hex(f.pubClass.classMeth("remote class hi"))
If you need to create your own instance of a new class, or want to use a specific instance of an existing class, both of those are now possible and the capability has been added to vbdec see the following paper for more details
http://sandsprite.com/blogs/files/VB...d_teardown.pdf
I think this video covers it as well
vbdec: live class instances and remote app scripting
https://youtu.be/InF2FfzZUOs
Here is a sample script:
Last edited by dz32; Feb 6th, 2023 at 04:57 PM.
-
Feb 7th, 2023, 03:59 AM
#5
Addicted Member
Re: Scripting arbitrary vb6 applications
Originally Posted by dz32
Vb app initialization is discussed in the paper and you can search for it in the source code. The runtime initializes it and we just store a copy in an early hook at process startup
If the classes are held as public members on a form then you can just access the class through the forms collection. There are sample scripts provided for this.
Code:
‘Test.vbs
Set o = GetObject("remote.forms")
Set f = o.Item(0)
WScript.echo Hex(f.pubClass.classMeth("remote class hi"))
If you need to create your own instance of a new class, or want to use a specific instance of an existing class, both of those are now possible and the capability has been added to vbdec see the following paper for more details
http://sandsprite.com/blogs/files/VB...d_teardown.pdf
I think this video covers it as well
vbdec: live class instances and remote app scripting
https://youtu.be/InF2FfzZUOs
Here is a sample script:
Hello dz32,
In the link http://sandsprite.com/blogs/files/VB...d_teardown.pdf
there is only partial snapshot of int HandleIPCMsg(char* m_msg) function .
Can you show me the complete part describing the class object creation from objptr
and then calling the methods in the class object so that I can run pub_vbOpenScript project at https://github.com/avast/ioc/tree/ma...h/vbOpenScript by uncommenting the following line in dll.cpp.
//retVal = HandleIPCMsg(m_msg);
Thanks
Last edited by smkperu; Feb 7th, 2023 at 05:14 AM.
-
Feb 7th, 2023, 05:33 AM
#6
Re: Scripting arbitrary vb6 applications
Regptr stands for register pointer, it is not creating a new class. The objptr is already a live class instance discovered from the live class enumeration technique.
I have not opensourced that feature yet. You must complete it on your own or just use the compiled open script dll included with vbdec see the ipc command format below
Code:
Function newObj(objName, rotName) As Long
'new:HexObjInfo_or_objectName:ROTNAME
SendIPC "new:" & objName & ":" & rotName
If InStr(1, lastMsg, "NEWROT", vbTextCompare) > 0 Then newObj = 1
End Function
Function regPtr(ptr As Long, rotName) As Long
'regptr:hex_objptr:ROTNAME
SendIPC "regptr:" & Hex(ptr) & ":" & rotName
If InStr(1, lastMsg, "REGPTR", vbTextCompare) > 0 Then regPtr = 1
End Function
The video shows the entire process how to use it. You can figure it out with study. I am tired no more answers.
Last edited by dz32; Feb 8th, 2023 at 12:43 PM.
-
Feb 7th, 2023, 05:42 AM
#7
Addicted Member
Re: Scripting arbitrary vb6 applications
Originally Posted by dz32
Regptr stands for register pointer, it is not creating a new class. The objptr is already a live class instance discovered from the live class instanced technique.
I have not opensourced that feature yet. You must complete it on your own or just use the compiled open script dll included with vbdec you can see the ipc command format in the screen shot or watch the raw messages in the vbdec script remote process form as you run a script command using the remote object in the script automation form.
I’m tired no more answers. You can figure it out with study
Hello dz32,
Thankyou for the support.
Thanks
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|