Hi,

How do I find whether a VB application is Native code compiled or P-code compiled ?

Is there a utility for it??

Thanks in advance!

Yes and no. The most useful utility you will ever have for questions like this is Google. If you look at this link,

http://kharneth.free.fr/_Tutorials_/CrackMe_Chronos02/index.html
for instance you will see several refences to P-code.

SmartCheck will tell you a file is assembled in P-Code

More commonly, instead of using a tool, You disassemble the file with IDA or Win32dasm. when you disassemble a P-code file you see long stretches of "data" that the disassembler does not understand and cannot translate into regular opcodes.

Look at some pure compiled binary files in a hex editor (ASCII view mode).
Then look at a .NET compiled file.

There is a difference in 'texture' that is very noticeable. Also the .NET version contains many references to .NET-related components etc. It's impossible to not notice the differences.

Edit: Thought the OP meant .NET... but same thing: the texture is different.

Use P32Dasm :-)

http://t4c.ic.cz/forum/showthread.php?t=67

P32Dasm is a VB PCode Decompiler. It can generate String, Numbers, Objects, Import and Export function listing. There is also Jump calculator. For NCode events is here offset listing for setting BPX. You can generate .map files which you can import to DataRescue IDA (LoadMap plugin) or to Olly Debugger (MapConv plugin).

It shows you also if it's PCode or NCode application.

Nice Tool, Darker. I had a bothersome little game I wanted to "restore" and was going nowhere. Your Disassembler made it look easy

Thanks Everybody!!!