Analytic features in VB Decompiler
We are delighted to introduce a new license for VB Decompiler specifically tailored for criminologists and anti-virus analysts. In this version equipped with automatic analytical capabilities, VB Decompiler generates an extensive report detailing the activity of decompiled software on a user's computer. The analyst receives a comprehensive overview of the program segments (procedures and functions) that execute various operations involving files, registry, windows, processes, as well as employ Visual Basic services to call functions by name (CallByName) and access memory addresses directly (VarPtr).
This data significantly accelerates the analysis of potentially malicious programs in terms of their functionality. This greatly simplifies the workload for anti-virus experts. Furthermore, this described functionality will prove beneficial for criminologists seeking to discover hidden, undocumented features within analyzed software.
How it works
Running VB Decompiler, just open the binary file being analyzed. Ensure that the "Analyze Prototypes" option is enabled in the settings (accessible via the menu "Tools" -> "Options"). Upon completion of the analysis process, a report on the program's functionality will be automatically generated and opened for you.
The report has been split into two sections: a concise summary and an extended version including links to relevant string references. In the initial section, we can see addresses and names of procedures and functions containing code for working with files, registry, network, and other interesting operations.
In the second part, VB Decompiler also provides string references from each of these functions (if available). This enables you to roughly estimate which files or registry keys are being manipulated without having to delve into each specific procedure. Of course, only unencrypted and non-obfuscated lines will be displayed.
The report window enables you to swiftly access each function's corresponding code, examine binary data in the hex editor, and navigate to the addresses of string arrangements. Just double-click a function's name to jump to its code; for the hex editor, just double-click on the virtual address preceding the function or string name.
To return to the report, click the "A" button located above the object tree; this will automatically position your cursor at the point where you concluded your analysis before moving to a different function. Transitions between previously opened functions are facilitated by the "<" and ">" buttons situated above the object tree. The left-pointing arrow ("<") also corresponds to the keyboard's "Esc" hotkey.
Within the report interface, you have access to features for selecting and copying lines. Additionally, you may save your report by navigating to "File" -> "Save analytics report".
We hope this functionality will greatly simplify your work on analyzing files. VB Decompiler Business license with analytic features is ready for purchase.