RE: VisualBasic auditing

From: Kayne Ian (Softlab) (Ian.Kayneat_private)
Date: Wed Feb 19 2003 - 01:27:37 PST

Next message: spacewalker: "Re: Is this an off-by-one overflow?"

Previous message: gr00vy: "Re: VisualBasic auditing2"
Maybe in reply to: Some d00d: "VisualBasic auditing"
Next in thread: Arjun Pednekar: "Re: VisualBasic auditing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I believe that up until version 4, VB apps were interpreted at runtime via
what was basically a JIT compiler. I've got an app around here somewhere
that will "dissassemble" an exe built in VB back to it's source and forms.
After v4, I believe (don't quote me) that VB actually compiles the code in
the traditional sense. If you load VB (I've only checked VB6), create an
app, go File - Make YourApp.exe, then click the Options button in the "Save"
dialog, you can change the compiler options on the "Compile" tab.

If you're after an exploit for VB, I'd guess a good place to start is any
time it interfaces with win32api. IIRC, VB does some odd stuff with handles
and gdi objects...

IIRC.

Ian Kayne
Technical Specialist - IT Solutions
Softlab Ltd - A BMW Company


> -----Original Message-----
> From: Some d00d [mailto:shavidiat_private]
> Sent: 16 February 2003 19:13
> To: vuln-devat_private
> Subject: VisualBasic auditing
> 
> 
> Hi folks
> 
> 
> I am auditing some network application and a 
> 
> significant number of them are written in MS Visual 
> 
> Basic. Have anyone done some work on exploiting VB 
> 
> software before? I assume that traditional methods such 
> 
> as buffer overflows will not work here.
> 
> 
> Are there any tools around for this (such as VB 
> 
> disassemblers and de-scramblers)?
> 
> Can you point me to any sources of information?
> 
> 
> Thanks in advance, SD




 


******************************************************************** 
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom 
they are addressed. 

If you are not the intended recipient or the person responsible for 
delivering to the intended recipient, be advised that you have received 
this email in error and that any use of the information contained within 
this email or attachments is strictly prohibited. 

Internet communications are not secure and Softlab does not accept 
any legal responsibility for the content of this message. Any opinions 
expressed in the email are those of the individual and not necessarily 
those of the Company. 

If you have received this email in error, or if you are concerned with 
the content of this email please notify the IT helpdesk by telephone 
on +44 (0)121 788 5480. 

********************************************************************

Next message: spacewalker: "Re: Is this an off-by-one overflow?"
Previous message: gr00vy: "Re: VisualBasic auditing2"
Maybe in reply to: Some d00d: "VisualBasic auditing"
Next in thread: Arjun Pednekar: "Re: VisualBasic auditing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 20 2003 - 08:49:24 PST