Tracing features in VB Decompiler



Following several months of meticulous work, we are thrilled to introduce an enhanced version of VB Decompiler. This time around, we have also revamped its key feature - Native Code decompilation. Many users of VB Decompiler had been eagerly awaiting this update, and after a significant amount of refactoring the codebase, we were able to redesign and greatly improve the emulator. Now you can partially debug programs compiled in Native Code and P-Code on the built-in emulator without needing to run them on an actual CPU!



VB Decompiler Native Code Tracer


Tracing (or, to be more exact, step-by-step emulation) allows you to pause the emulation at each line of assembly code, enabling you to inspect the processor and co-processor registers, the stack, and variables. As the code is processed by the emulator rather than executed on a real processor, this functionality will prove invaluable for virus analysts working in anti-virus labs examining malware.



VB Decompiler Tracer for Visual Basic Native Code files


Now a few words about some nuances of implementation. Tracing is possible for an individual function only, while the emulator assumes that at the time of processing this function, the stack, registers, and variables are empty. At present, although there is support for a huge number of Intel x86 processor commands, there are still unsupported commands that are skipped during tracing. Additionally, the tracer does not display flag changes. In the current implementation, flags only affect the processing of cmp and jcc commands. External function calls are not supported either; however, stdcall and cdecl calls are correctly handled with corresponding stack adjustments (sub esp, XX and add esp, XX). Currently, tracing in reverse, loops and jumps over commands is also not possible (there is step-by-step forward emulation performed). Otherwise, the tool is very close to regular tracing and quite convenient to use (keyboard-based continuation and cancellation of tracing are supported).



VB Decompiler assembler code tracer


Unfortunately, this feature is not included in the basic Business license for VB decompiler. Due to the enormous time investment required for implementing the described tracing capabilities, the highly specialized of this functionality, and the limited number of potential users - tracing will require purchasing VB Decompiler Business license with tracing features.





Main     News     Products     Documentation     Articles     Download     Order now     About us    

Privacy policy