PDA

View Full Version : VB 6 Form breakpoint

houdinihar
12-02-2006, 02:12 PM
I need some help on determining what function call I should use to break in on a VB 6 Form. In win32 API I know to use a dialogboxparam or createdialogboxparam, etc, but in VB I don't know. Any help would be appreciated.
thank you,
houdinihar
fileoffset
12-06-2006, 03:48 AM
You could try: __vbaNew
sarge
12-11-2006, 01:47 PM
Do you know if your app is compiled as PCode or NCode?

If it's PCode, you want to break in the the Procedure Call Engine at the opcode desired.

I'm assuming that your question really is, "I want to run my VB app until the desired form appears, then break when I click <something> in/on that form." In this case, you will want to put your break point on the first piece of code within that <something>. This requires that you find the entry point for that specific piece of code. I can tell you how to do that, but it get's involved, so before I do, I want to make sure this info is what you really do want.
However.......

If your question is "I want to break just before the form code is actually called", you need to know a few things:
1. What's the opcode for a CALL function? (0x0D, usually)
2. How many parameters does the 0x0D opcode need? (2)
3. How many bytes are the parameters? (2 each)
4. What do the parameters represent (First two are function code, second two not applicable)
5. What is the function code for calling for a form activation/display (0x02B0)

Put these together, and you are looking for the PCode sequence 0x0D, 0xB0, 0x02, 0x??, 0x??

Now, this sequence would be used for ALL form calls; the info as to WHICH form is to be called in contained in the PCode data that just preceedes the above sequence. That, in itself, is another analysis effort.

If your app is compiled to Ncode, a debugger will do the job, but you will need to know the insides of the VB6 Virtual Machine. That's a "whole 'nother story"

More info needed here.

Good luck.

Sarge

PS to mods:
1. Is it appropriate to publish the URL of a tool or tools that do this type of analysis?
2. I am heavily into VB6 PCode; I don't see much here. Would it be desireable to start a new thread/section on reverse engineering VB6 PCode? With maybe some tutorials on the VB6 app structures?

Thanks