RE: VisualBasic auditing

From: Kayne Ian (Softlab) (Ian.Kayne@softlab.co.uk)
Date: 02/19/03

  • Next message: spacewalker: "Re: Is this an off-by-one overflow?" 
    From: "Kayne Ian (Softlab)" <Ian.Kayne@softlab.co.uk>
To: Vuln-Dev <VULN-DEV@SECURITYFOCUS.COM>
Date: Wed, 19 Feb 2003 09:27:37 -0000

    I believe that up until version 4, VB apps were interpreted at runtime via
    what was basically a JIT compiler. I've got an app around here somewhere
    that will "dissassemble" an exe built in VB back to it's source and forms.
    After v4, I believe (don't quote me) that VB actually compiles the code in
    the traditional sense. If you load VB (I've only checked VB6), create an
    app, go File - Make YourApp.exe, then click the Options button in the "Save"
    dialog, you can change the compiler options on the "Compile" tab.

    If you're after an exploit for VB, I'd guess a good place to start is any
    time it interfaces with win32api. IIRC, VB does some odd stuff with handles
    and gdi objects...

    IIRC.

    Ian Kayne
    Technical Specialist - IT Solutions
    Softlab Ltd - A BMW Company

    > -----Original Message-----
    > From: Some d00d [mailto:shavidi@yahoo.com]
    > Sent: 16 February 2003 19:13
    > To: vuln-dev@securityfocus.com
    > Subject: VisualBasic auditing
    >
    >
    > Hi folks
    >
    >
    > I am auditing some network application and a
    >
    > significant number of them are written in MS Visual
    >
    > Basic. Have anyone done some work on exploiting VB
    >
    > software before? I assume that traditional methods such
    >
    > as buffer overflows will not work here.
    >
    >
    > Are there any tools around for this (such as VB
    >
    > disassemblers and de-scramblers)?
    >
    > Can you point me to any sources of information?
    >
    >
    > Thanks in advance, SD

     

    ********************************************************************
    This email and any files transmitted with it are confidential and
    intended solely for the use of the individual or entity to whom
    they are addressed.

    If you are not the intended recipient or the person responsible for
    delivering to the intended recipient, be advised that you have received
    this email in error and that any use of the information contained within
    this email or attachments is strictly prohibited.

    Internet communications are not secure and Softlab does not accept
    any legal responsibility for the content of this message. Any opinions
    expressed in the email are those of the individual and not necessarily
    those of the Company.

    If you have received this email in error, or if you are concerned with
    the content of this email please notify the IT helpdesk by telephone
    on +44 (0)121 788 5480.

    ********************************************************************

    • Quantcast