WΛЯИING's blog

The truth about P-Code

Wed, 25 May 2011 16:59:58 -0400

Introduction

This article has been written to provide a better and essential information to users of decompilers since I got many complaints from customers of others Visual Basic decompilers because their application weren’t recovered by these decompilers.

The reason is, when you write a Visual Basic 6.0 application you may choose a P-Code or Native code compilation, then your application will be compiled to P-Code or Native code which are very different approaches of compilation, so the decompilation will be different too.

There is a question you may absolutely ask yourself when you need a decompiler for a specific application: Is my application compiled into native or P-Code mode ?

The main problem is that a lot of users got a P-Code decompiler in order to decompile their application, but released with Native Code…

In fact, P-Code decompiler are today almost useless because 90% of Visual Basic 6 application are released with Native Code mode. This article will explain first the difference between P-Code and Native code, and then explain why the rate of Native code application is so important compared to P-Code applications.

I. P-Code Versus Native Code

When you write a line of code in the IDE, Visual Basic breaks it down into expressions and encodes the expressions into a preliminary format called op-codes. In other words, each line is partially precompiled as it is written. Some lines contain shared information that cannot be precompiled independently (mainly Dim statements and procedure definitions). This is why you have to restart if you change certain lines in break mode. The opcodes are compiled into p-code instructions when you compile (in the background if you have the Compile On Demand and Background Compile options set).

At run time, the p-code interpreter works through the program, decoding and executing p-code instructions. These p-code instructions are smaller than equivalent native code instructions, thus dramatically reducing the size of the executable program. But the system must load the p-code interpreter into memory in addition to the code, and it must decode each instruction.

It’s a different story with native code. You start with the same opcodes, but instead of translating to p-code instructions, the compiler translates to native instructions. Because you’re not going to be expecting an instant response while stepping through native code instructions in the IDE, the compiler can look at code from a greater distance; it can analyze blocks of code and find ways to eliminate inefficiency and duplication. The compiler philosophy is that, since you compile only once, you can take as long as you want to analyze as much code as necessary to generate the best results possible.

These two approaches create a disjunction. How can you guarantee that such different ways of analyzing code will generate the same results? Well, you can’t. In fact, if you look at the Advanced Optimizations dialog box (available from the Compile tab of the Project Properties dialog box) you’ll see a warning: "Enabling the following optimizations might prevent correct execution of your program." This might sound like an admission of failure, but welcome to the real world of compilers. Users of other compiled languages understand that optimization is a bonus. If it works, great. If not, turn it off.

On the other hand, very few developers are going to be used to the idea of working in an interpreter during development but releasing compiled code. Most compilers have a debug mode for fast compiles and a release mode for fast code. Visual Basic doesn’t worry about fast compiles because it has a no-compile mode that is faster than the fastest compiler. You get the best of both worlds, but it’s going to take a little while for people to really trust the compiler to generate code that they can’t easily see and debug.

Source : http://vb.mvps.org/hardcore/html/p-codeversusnativecode.htm

II. Proportion of P-Code application in the world

The amount of P-Code developed application is very small compared to Native Code developed application (90% of Visual Basic 6 applications are compiled with Native Code setting -default setting in VB6-), that is one of the reason why I decided to develop VBReFormer more for Native Code than for P-Code.

The massive number of Visual Basic Native application compared to P-Code applications is probably more important due to the fact the default value in the compiler is set up to « Native Code », and of course because native application are almost fast than C++ applications contrary to P-Code applications.

Before choosing a decompiler you must know if it was released for Native application, or for P-Code applications, and if your application was released in P-Code or Native mode.

Note that P-Code is more easy to decompile than Native Code because of it’s high level property.

C#: Adding many SortField to a CrystalReportViewer using reflection

Sat, 09 Apr 2011 22:16:00 -0400

I'm currently working on a project for a client which consists in translating an important management application initially developed in VB6, into C# 3.5, by using decompilation since the client lost his source code. This is my first .Net related post.

The application uses many external components, including the powerful Crystal Report component.

During the development of that new version I faced a problem with the .Net implementation of Crystal Report.

Actually, with Visual Basic 6.0 it was an easy task to add one or many sort fields to the report document in order to sort the result by field (for example by "Lastname", "Firstname", and "ID").

It's not the case with .Net implementation of Crystal Report Document, on which you cannot dynamically add sort field to document. You must add the sort field when you're editing the document. It's not really convenient when you don't know how many fields must be sorted when creating the document.

The reason of this missing is not really clear since it's an existing feature on Visual Basic 6.0. We will learn here how to add many SortField to the ReportDocument of a CrystalReportViewer, using reflection.

Imagine you have to sort the request's result by "Firstname", "Lastname", and "ID" fields, using the Crystal report document with the variable "Filename" as the report document path, and the variable "srcDataSet" dataset as the data source:

string[] sortFieldNames = new string[] { "Firstname", "Lastname", "ID" };

ReportDocument reportDocument = new ReportDocument();

reportDocument.FileName = String.Format("rassdk://{0}", Filename);

reportDocument.SetDataSource(srcDataSet.Tables[0]);

SortFields targetSortField = reportDocument.DataDefinition.SortFields;

Here we can modify the sort field (only if existing in the document):

DatabaseFieldDefinition fieldDef = reportDocument.Database.Tables["REPORTS"].Fields["FIRSTNAME"];

targetSortField[0].Field = fieldDef;

targetSortField[0].SortDirection = CrystalDecisions.Shared.SortDirection.AscendingOrder;

But impossible to add directly a new field to that SortFields collection because no method allows performing action:

Actually, it's possible to add a new sort field using the mother inherited class of each used component.

First we get the "SortFields" mother's class of type (CrystalDecisions.ReportAppServer.DataDefModel.SortsClass ) by using the RasSorts private accessor of the SortFields object:

MethodInfo getRasSorts = targetSortField.GetType().GetMethod("get_RasSorts", BindingFlags.NonPublic | BindingFlags.Instance);

object rasSorts = getRasSorts.Invoke(targetSortField, System.Type.EmptyTypes);

It return an object of type CrystalDecisions.ReportAppServer.DataDefModel.SortsClass.

Now we can access to the private "Add" method of the mother's class:

MethodInfo addSort = rasSorts.GetType().GetMethod("Add");

The description of that method show that it accept one parameter of type CrystalDecisions.ReportAppServer.DataDefModel.ISCRSort.

ISCRSort is an interface, so we have to create a new instance of a class that implement the ISCRSort interface. That class is called "SortClass" and come from the "CrystalDecisions.ReportAppServer.DataDefModel" assembly.

Assembly rasAssembly = getRasSorts.ReturnType.Assembly;

ConstructorInfo ciRasSort = rasAssembly.GetType("CrystalDecisions.ReportAppServer.DataDefModel.SortClass").GetConstructor(BindingFlags.Public | BindingFlags.Instance, null, System.Type.EmptyTypes, null);

object rasSort = ciRasSort.Invoke(System.Type.EmptyTypes);

Our "rasSort" object now instantiate the SortClass class, implementing ISCRSort.
Once the SortClass object is created, we must complete it with valid field, else it will return an error on execution.

The SortClass class uses the "RasField" accessor to define the field which will be sorted.

MethodInfo setSortField = rasSort.GetType().GetMethod("set_SortField", BindingFlags.Public | BindingFlags.Instance);

But this method only accepts an object implementing the ISCRField interface:
Void set_SortField(CrystalDecisions.ReportAppServer.DataDefModel.ISCRField);

So we have to extract the object of our field object (called fieldDef) that implement the ISCRField interface, it can be done with the "RasField" accessor of our DatabaseFieldDefinition object called "fieldDef":

MethodInfo getRasField = fieldDef.GetType().GetMethod("get_RasField", BindingFlags.NonPublic | BindingFlags.Instance);

object rasField = getRasField.Invoke(fieldDef, System.Type.EmptyTypes);

And now, the final touch, we add it to the collection:

addSort.Invoke(rasSorts, new object[] { rasSort });

Your new sort field has been adding to the SortFields collection, and you can now modify it:

int n = reportDocument.DataDefinition.SortFields.Count - 1;

reportDocument.DataDefinition.SortFields[n].SortDirection = CrystalDecisions.Shared.SortDirection.AscendingOrder;
reportDocument.DataDefinition.SortFields[n].Field = fieldDef;

That's all.

VBReFormer: CrackMe Sample #1

Wed, 05 Jan 2011 22:42:00 -0400

Now that VBReFormer is a well advanced decompiler for Visual Basic application, I was searching for some unsolved crackmes in order to made sample of decompiling for learning purpose.

The website Crackmes.de contains an impressive number of crackmes applications, a perfect source of samples.

For the first sample of CrackMe solving with VBReFormer Professional I decided to take “Step 2” from yudi (more informations).

I will show you, step by step, how it’s simple to solve the yudi’s Step 2 using VBReFormer Professional.

Running the application:

We can see that a serial is generated using the name of the user.

How the serial is generated? See the following step.

Now we just open the “Step 2.exe” file with VBReFormer Professional and getting the following result:

We will now take a look to the first method loaded on Visual Basic application.

We can see on this capture that the “Label4” visibility is set to False (not visible) at the beginning of the application.

Take a look to that control in the resource editor of VBReFormer and you will agree that it’s the control that show the message “Registered user!”

We now need to know where the “Label4” control visibility is set to true, and what does the “Timer1” control.

The analysis of the Timer1 control is interesting but not very useful for the following of this tutorial.

We can see here that the “Timer1_Timer” function is called every second by “Timer1” control in order to check that no debuggers, and if one is running, to close it.

We can note that it also close any MessageBox windows.

Now we are looking for the code under the “Try” button which check if the key match with the name.

That “Try” button is the “Command1” button in VBReFormer:

Then just look to the Command1_Click() function in order to see the algorithm of key checking:

The algorithm seems a little complicated for newbie, but complete and without any syntax and source code error from VBReFormer.

That’s a great thing for us; we will be able to test the application into the Visual Basic IDE later (to make a key generator for example).

By analyzing the code we can see the following:

Set var_pv2 = Me.Text1()
var_pv3 = var_pv2.Text()
var_pv10 = (var_pv3)
var_pv11 = (Date$) & (" ")
var_pv12 = (var_pv11) & (Time$)
var_pv13 = (var_pv12)

This part of code is showing us that the key is generated from the Name, but also with the Date and the Time !

That’s meaning it’s almost impossible to generate a key that does not expire the following second.

In order to made the Key Generator, save the project with VBReFormer, and open it with Visual Basic 6.

When it’s opened into the Visual Basic IDE, remove the debugger watching functions and just keep the following:

o Command1_Click

o Command2_Click

Now remove the following conditions block from Command1_Click function:

If (var_num8) Then
    var_pv6 = ("Hey")
    var_pv7 = ("need something")
    var_pv9 = MsgBox(var_pv7, 4160, var_pv6)
End If

These block are showing an alert when the “Name” field and when the “Key” field are empty, but it’s not usefull for a keygen.

At the end of the Command1_Click function we can see the serial check condition:

Set var_pv2 = Me.Text2()
var_pv3 = var_pv2.Text()
var_pv21 = (var_pv3)
var_pv22 = ((var_pv19 Like var_pv21))
If (((var_pv22) = (True))) Then
Set var_pv2 = Me.Label4()
var_pv2.Visible() = True
End If

That code is checking that the serial (stored in var_pv19 variable) generated from the name with the algorithm is the same than the one entered in the “Serial” field (Text2.Text).

To show the generated serial, we just need to replace that condition block by the following line of code:

You must also remove the following line of code which remove the content of the both fields:

Set var_pv2 = Me.Text1()
var_pv2.Text() = ""
Set var_pv2 = Me.Text2()
var_pv2.Text() = ""
Set var_pv2 = Me.Text1()

After all change and simplifications, we have the following keygen code:

Private Sub Command1_Click()
    var_pv10 = Text1.Text
    var_pv13 = Date$ & " " & Time$
    For var_pv14 = 1 To Len(var_pv13) Step 1
        If IsNumeric(Mid$(var_pv13, CLng(var_pv14), 1)) Then
            var_pv15 = Asc(Mid$(var_pv13, CLng(var_pv14), 1))
            If var_pv14 <= Len(var_pv10) Then
                var_pv16 = Str(Asc(Mid$(var_pv10, CLng(var_pv14), 1)))
                var_pv16 = Right$(var_pv16, 1)
                var_pv16 = Val(var_pv16)
            End If

            var_pv18 = var_pv18 & Chr$(CLng(var_pv15 + 17 + var_pv16))
            var_pv18 = var_pv18 & Chr$(CLng(var_pv15 + 17 + var_pv16 * 2))
        End If
    Next var_pv14

    For var_pv14 = 1 To 24 Step 4
        var_pv19 = var_pv19 & Mid$(var_pv18, CLng(var_pv14), 4) & "-"
    Next var_pv14

    var_pv20 = Len(var_pv19) - 1
    var_pv19 = Mid$(var_pv19, 1, var_pv20)
    Text2.Text = var_pv19
End Sub

We now have to test our keygen:

The first window is the windows of our KeyGen created from the original crackme, and the second window is the one of the original Crackme, with the key from the KeyGen.

The result is that our keygen work perfectly!

Just note that the use of date and time make your key valid for only 1 minute after having generated it.

Is it possible to bypass that limitation?

Yes it is ! In fact, to get the “Registered user!” message you even don’t need a key generator. By reading the code you can see that the operator used to perform a comparison between the both string key is the “Like” operator.

The “like” operator allows to comparate a string and a pattern…

Then you just can set “*” into the serial field and you will have a key which will be valid at anytime, with any name:

Source code of the key generator can be downloaded here:

http://www.decompiler-vb.net/documentation/crackmes/step_2.zip

Enjoy it !

Crystal Reports : Point sur le déploiement

Sat, 04 Dec 2010 12:37:00 -0400

Avant Visual Studio 2008 :

J'écris cet article car les solutions de déploiement d'une application .Net employant Crystal Reports ont quelques peux évoluées depuis Visual Studio 2008. En effet afin de déployer son application avec les librairies de Crystal Reports il suffisait d'ajouter les « merge modules » ou modules de fusion suivant à son projet d'installation et de déploiement :

Crystal Reports 2003 :
- Crystal_Database_Access2003.msm
- Crystal_Database_Access2003_enu.msm
- Crystal_regwiz2003.msm
Crystal Reports 2005 :
- CrystalReportsRedist2005_x86.msm

L'idée des merge modules de pouvoir intégrer facilement des fichiers et librairies supplémentaire à une solution de déploiement/installation.

Après Visual Studio 2008 :

Cette solution n'est plus d'actualité avec Crystal Reports 2008 qui ne s'intègre plus aussi facilement à un package de déploiement .Net, il faut désormais inclure l'installation des composants Crystal Reports au processus d'installation de votre application, en plus de votre propre solution de déploiement. Ces fichiers sont inclus à l'installation de Visual Studio 2008 et disponibles dans les dossiers suivants :

Crystal Reports Basic for Visual Studio 2008 (x86)

C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bootstrapper\Packages\CrystalReports10_5\CRRedist2008_x86.msi

Crystal Reports Basic for Visual Studio 2008 (x64)

C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bootstrapper\Packages\CrystalReports10_5\CRRedist2008_x64.msi

Crystal Reports Basic for Visual Studio 2008 (IA64)

C:\Program Files\Microsoft Visual Studio 9.0\Crystal Reports\CRRedist\IA64\CRRedist2008_ia64.msi

Il est également possible d'obtenir les fichiers d'installation de Crystal Reports, toutes versions confondu via le site de l'éditeur http://service.sap.com/sap/bc/bsp/spn/bobj_download/main.htm.

Et Crystal Reports dans Visual Studio 2010 ?

Ceux qui utilisent la version bêta de Visual Studio 2010 l'auront remarqué, Crystal Reports est tout simplement absent. Pour les inquiets, Scott Nonnenberg (Program Manager, Visual C# Team) a annoncé que Crystal Reports for Visual Studio 2010 sera publié séparément au lieu d'être inclus directement dans Visual Studio.

Plus d'informations par ici :

http://msdn.microsoft.com/en-us/library/aa288411(VS.71).aspx

http://msdn.microsoft.com/en-us/library/ms225231.aspx

VBReFormer: How to alter a Visual Basic 6.0 application

Sat, 22 May 2010 21:59:00 -0400

English:

One of the most exiting feature of VBReFormer is design edition mode for binaries Visual Basic applications.

I have done this webcast to show that we can easily edit and alter an executable written with Visual Basic 6 with help of my half-decompiler VBReFormer 2007 Professional Edition.

For more information about VBReFormer: http://www.decompiler-vb.net/.

French:

L'une des plus importante fonction de VBReFormer est la possibilité d'éditer le design de vos applications Visual Basic même une fois compilé.

J'ai donc réalisé ce petit webcast pour montrer que l'on peut facilement éditer un exécutable écrit en Visual Basic 6 avec l'aide de mon semi-décompilateur VBReFormer 2007 Professional Edition.

Pour plus de renseignements à propos de VBReFormer: http://www.decompiler-vb.net/ .

D'ailleurs, pour ceux que la traduction d'applications intéresse, je vous conseille d'aller visiter le site de la communauté des traducteurs francophones (http://www.toutfr.com/) qui est une communauté de passionnés très sympathique .

New release: VBReFormer 5.4 Professional

Thu, 05 Nov 2009 17:11:35 -0400

I’m proud to announce the release and availability of VBReFormer Professional 5.4 (for licensed users).

The updated version of VBReFormer can be downloaded from your client account!
http://www.decompiler-vb.net/account.aspx

What’s new in VBReFormer Professional 5.4 ?

1. The analysis engine for disassembling and decompiling has been modified to recover language structure information (in order to decompile If/End If/Do/Loop/While blocks).

Then VBReFormer is now able to decompile simple conditions block like If/End If and Do/Loop/While conditions block.

2. The event name from controls is now back and shown on the code.

3. Conditions with Variant type and floating points type (Single and Double) is now supported because we included lot of news Visual Basic Virtual Machine functions:

__vbaVarTstEq
__vbaVarTstGe
__vbaVarTstGt
__vbaVarTstLe
__vbaVarTstLt
__vbaVarTstNe

4. An important bugfix has been applied. The problem was that VBReFormer sometime crashed on loading application on Windows XP, and was not showing every code from Visual Basic objects (vb6.old library was not properly setup).

5. New preference setting: You can now choose if you want to show only assembly code, only Visual Basic code, or the both.

How to bypass Visual Basic 6.0 application security forms ?

Tue, 26 May 2009 17:17:00 -0400

In the year 2002, while I was working on my Visual Basic decompiler, VBReFormer, I discovered an interesting way on how to bypass the startup login form of any secured Visual Basic 6.0 application.

Any information presented here is only for learning purposes.

This is an important issue for the following reasons:

This issue affects almost 100% of Visual Basic applications secured by a startup security form or startup license form
This issue is common to Visual Basic 4.0 to Visual Basic 6.0
This issue does not need any assembler knowledge to be applied, really quick and fast to apply

In this article, I will show you how your application can be bypassed by this vulnerability, and how you can secure your application against this issue.

Description of the vulnerability:

The internal Visual Basic application structure provides a table in which each form configuration properties are stored.

The main data of each user form, user control and designer are stored on a table of form header which provides the following information: signature, unique identifier, startup attribute, address of the form, and reserved bytes.

The issue is that the startup attribute is really easy to change in order to make the main form of an application the startup form of your application.

Scenario of attack:

We will work with a hexadecimal editor in order to analyze and edit the application. It's the only needed tool.

In the following scenario, the sample application we will bypass has two form called "frmMain" and "frmLicense". The "frmMain" form is the Main form, and the "frmLicense" form is a form asking licensing information in order to access to the Main form, then the application is secured by a "frmLicense" form which is the startup form.

First of all, you must search and found the Visual Basic Header, which contains all important information of your application. To find it, just search the Visual Basic Header signature ("VB5!") into the binary:

0000 0000 7011 4000 4C00 0000 5642 3521
F01F 5642 3646 522E 444C 4C00 0000 0000
7E00 0000 0000 0000 0000 0000 0000 0A00
0C04 0000 0904 0000 0000 0000 6C16 4000
80F0 3000 00FF FFFF 0800 0000 0100 0000
0100 0000 E900 0000 3C12 4000 3C12 4000
3411 4000 7800 0000 8000 0000 8800 0000
8900 0000 0000 0000 0000 0000 0000 0000
0000 0000 5072 6F6A 6574 3300 5072 6F6A
6574 3100 0050 726F 6A65 7431 0000 0000

....p.@.L...VB5!
..VB6FR.DLL.....
~...............
............l.@.
..0.............
........<.@.<.@.
4.@.x...........
................
....Projet3.Proj
et1..Projet1....

Note that the Visual Basic header has a length of 0x68 bytes, but this is not the most important information because we only need 2 bytes from this header to continue.

The information we need is the address of the Form Header Table, stored at the offset 0x4D of the Visual Basic Header.

Here we can read the address 0x0040123C. This is the Virtual Address of the Form Header Table, and we must convert it into a real address.

Basically, if your software is a Visual Basic 6.0 application, it mean that the Form Header Table is stored at the real address 0x0000123C = (0x0040123C - 0x00400000) in your application.

We now have to go to the address 0x123C to see the Form Header Table:

5000 0000 BBD5 839F DDD7 CC41 BD2F 2358 28D2 B2E6 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 9C00 0000 0000 0000 7011 4000 4C00 0000	frmLicense
5000 0000 BC8B D132 ACD5 8E46 80EA 6E9A F88F C04D 0000 0000 0000 0000 0000 0000 0000 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 9C00 0000 0000 0000 7C1C 4000 9C00 0000	frmMain

We can see on the above sample there is a table of two "Form Header", one header per form: "frmLicense" and "frmMain".

A Form Header starts with the 0x50000000 signature, and has a length of 0x50 bytes.

The information we need, here highlighted in blue is the Control Flag.

The Control Flag can take the following values:

Form Type	Startup	Dec	Hex	Bin
SDI Form	N	0	0x0000	0b0000000000000000
MDI Container Form	N	1	0x0001	0b0000000000000001
SDI Form	Y	16	0x0010	0b0000000000010000
MDI Container Form	Y	17	0x0011	0b0000000000010001
MDI Child Form	Y	18	0x0012	0b0000000000010010
SDI Form With Window control	N	128	0x0080	0b0000000010000000
SDI Form With Window control	Y	144	0x0090	0b0000000010010000

The above example show that the "frmLicense" Control Flag is set to 0x0010 (SDI Form [startup]) and the "frmMain" Startup Flag is set to 0x0000 (SDI Form [no startup]) meaning the "frmLicense" form is the startup form of the application.

The objective being to bypass the "frmLicense" form, we now have to exchange the startup flag of the both forms in order to make the "frmMain" form the startup form of the application.

5000 0000 BBD5 839F DDD7 CC41 BD2F 2358 28D2 B2E6 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 9C00 0000 0000 0000 7011 4000 4C00 0000	frmLicence
5000 0000 BC8B D132 ACD5 8E46 80EA 6E9A F88F C04D 0000 0000 0000 0000 0000 0000 0000 0000 0100 0000 1000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 9C00 0000 0000 0000 7C1C 4000 9C00 0000	frmMain

This is so simple to apply, just one byte to change, and the "frmMain" form is set to startup form of the application.

Now, when you start the application, you have a direct access to the "frmMain" form, bypassing the "frmLicense" form.

How to protect your application against this vulnerability ?

We have seen on the above scenario that all Visual Basic 4.0 to 6.0 applications are potentially affected by this issue; there are existing applications, commonly called "Visual Basic Universal Cracker" which allows making this work on automatic way, just with one click.

Then it's very important, when you write your application, to think about this issue in order to prevent against applying it on your application. There are different ways to setup protection your application against the application of this issue.

The different solutions are grouped into two categories, which are the code side solutions, and the binary side solutions.

Binary side solutions are applied after the application has been compiled, like packers, compressors, or external solutions of licensing.

Code source side solutions are directly applied on the source code of your application. For example you can define a simple global variable which will be checked during all the execution of your application, and on each form. Another solution is to define the startup form on the Sub Main() procedure of your application. Of course, that is not sufficient to secure your application against advanced crackers, but on this way you will protect your software against a common and simple vulnerability.

Opening blog

Thu, 22 May 2008 21:45:00 -0400

Hello,

My name is Sylvain Bruyere, I'm a freelance/developer focused on Microsoft development languages, and I develop a native Visual Basic decompiler since the year 1999, called VBReFormer.

After years of research on decompiler technologies, I am glad to announce the opening of this blog that will focus on knowledge-depth development for Visual Basic, related to object modeling, compilation, decompilation, and security.

As you can guess, I will talk in this blog of my experiences with Visual Basic development, and others related experiences.