        -+-  P32Dasm 2.80  *  Copyright (C)  DARKER (SCF) 2o11  -+-
        ===========================================================

P32Dasm is a VB PCode + Native code Decompiler. It can generate String, Numbers,
Objects, Import and Export function listing. There is also PCode Jump calculator.
You can set shortcut to your favorite hex editor for fast patching. I personally
prefer Hiew.


How to use it
=============
Load file by pressing F1, from command line or Drag and Drop.


Tips & Tricks
=============
- You can edit output by pressing  button "Edit".  Now you can color interesting
  sections, write yours comments, etc ...
- For fast moving you can use Position manager. Set cursor to some position click
  in Position manager to  "Add" button and enter your description.  Any time you
  need fast jump to your location just doubleclick to your list.
- For VB Native code executables are generated only  MSVBVM,  External calls and
  string references. Usefull for setting BPX, you don't need search  in debugger
  where start some Command Button event etc ...
- On BIG apps I don't recommend use option "Use syntax highlight color" - it's 
  slow, use normal mode
- If you still need syntax highlighting you can use included Syntax highlighting
  for UltraEdit. Just add it to the end of original "wordfile.txt".
- By some problems you can decompile only some parts with "Decompile from offset"
  function. Experienced users only! or read below
- Procedure window has two modes:
  1) "Full Decompiling" ON - by DblClicking on procedure you can search it
  2) "Full Decompiling" OFF - by DblClicking you can manually decompile selected
  procedure. (you don't need decompile whole file, you can explore it on the fly,
  fastest decompile solution!)
- In Object list you can see Object Type displayed with appropriate Icon
- At the beginning of  decompiled output you can see sometime original procedure
  names - this helps you identify missing names for some procedures
- vbCRLF, vbCR, vbLF, vbNullChar, vbTab - are VB constants not strings
- You can easy search for Jumps  by clicking  on Offset and selecting from right
  MouseClick Option "Search:" and you can continue search with F3 key
- You can change Label of autogenerated Position with  "Label" button or current
  Position in main Screen with "Position" Button. There is possibility also save
  your own Position file.
- You can easy jump to specified Offset by clicking on Offset and selecting from
  right MouseClick Option "Internal HexEditor Offset:". Immediately start editor
  and you are on your offset so you can start patching.
- If you want use also HIEW for direct jump, then in Options set in path %1 e.g.
  "your_path\hiew.exe %1"  and in output click inside some offset and click run.
  P32Dasm has algo to detect if it's offset  or memory address.  Address must be
  in format XXXXXXXX:  (check if your HIEW version support jump from commandline
  /O param)
- You can generate  .map files which you can import to  DataRescue IDA  (LoadMap
  plugin) or to Olly Debugger (MapConv plugin).
- In control tree you can see object offset over mouse cursor. This is usefull 
  if you want manualy patch default control properties: label, enabled, disabled,
  visible, timer values ... This can be also exported with Copy All (to clipboard)
  (basic knowledge of object properties structure is needed)

Shortcut keys:
   F1  - Open exe to decompile
   F2  - Save generated output to file
   F3  - Search next
   F4  - Internal HexEditor start
   F5  - Position Manager
   F6  - External editor (Hiew)
   F8  - String References
   F9  - Number References
   F12 - Exit
   Ctrl + C - Copy to clipboard
   Ctrl + F - New search


Supported OCX and DLL:
======================
MSCOMCTL.OCX, RICHTX32.OCX, MSFLXGRD.OCX, MSCOMCT2.OCX, VBOLOCK.OCX, ACTBAR3.OCX
MSINET.OCX, MSWINSCK.OCX,  TABCTL32.OCX, COMCT332.OCX, COMCT32.OCX, JSBBAR16.OCX
COMCT232.OCX,  VSFLEX7L.OCX, THREED32.OCX,  THREED20.OCX, FM20.DLL, GRIDEX20.OCX
JSBBAR16.OCX,  MSDATLST.OCX, TOC.OCX,  SSSPLT30.OCX,  DBLIST32.OCX, DBGRID32.OCX
MSDATGRD.OCX, MSCOMM32.OCX, MSCHRT20.OCX, MSMASK32.OCX


Known limitations, Bugs
=======================
- Searching strings with regional characters can cause that no string is found!
  (this is M$ RichTextBox bug or some Unicode problems ...)
- In native code are sometimes displayed "???????????" strings, this can contain
  usefull strings, just ignore it if isn't interesting
- At the end of procedure (PCode) after ExitProcHresult you  get sometime random
  opcodes that are not valid - just ignore it. You can suppress  them by setting
  "Check End Bytes" to higher value, but you can get after some errors "Not found
  jump destination" then go down with this value :-)
- In "Decompile from offset" (PCode) mode are Strings,  Calls and Properties not
  displayed in case that you do not fit to the correct range.
- If P32Dasm speak your language it doesn't mean that it also fully support your
  language (displaying Objects from Executable ...)
- Always only one instance of internal HexEditor can be running in memory
- If you want reset settings to default values just delete in registry this key:
  HKEY_CURRENT_USER\Software\VB and VBA Program Settings\P32Dasm\Settings
- IDA Visual Basic debugger plugin is NOT available in this package!


System requirements
===================
P32Dasm need Visual Basic 6.0 run-time files + additional OCX files:
MSCOMCTL.OCX, COMDLG32.OCX and RICHTX32.OCX.

for missing OCXs you can download this:

  Microsoft Visual Basic 6.0 Service Pack 6 Cumulative Update
  -----------------------------------------------------------
  VB60SP6-KB957924-v2-x86-ENU.msi    9.8MB

  To obtain this file, visit the following Microsoft Web site:
  http://www.microsoft.com/downloads/details.aspx?FamilyID=CB824E35-0403-45C4-9E41-459F0EB89E36

  To install this cumulative update rollup, you must have at least Windows Installer 3.1
  or a later version installed on the computer. To obtain the latest version of 
  Windows Installer for the computer, visit the following Microsoft Web site:
  http://www.microsoft.com/downloads/details.aspx?familyid=5A58B56F-60B6-4412-95B9-54D056D6F9F4

  Setup installs versions of the Microsoft Visual Basic run-time files required by
  all applications created with Visual Basic 6.0. The files include the fixes shipped
  with Service Pack 6 for Visual Basic 6.0:

  Also contain these files needed by P32Dasm:
      Comdlg32.ocx
      Mscomctl.ocx
      Richtx32.ocx

for missing Visual Basic 6.0 run-time you can download this:

  Visual Basic 6.0 SP6 run-time files
  -----------------------------------
  VB6.0-KB290887-X86.exe            1.0MB

  To obtain this file, visit the following Microsoft Web site:
  http://www.microsoft.com/downloads/details.aspx?FamilyId=7B9BA261-7A9C-43E7-9117-F673077FFB3C

  VBRun60sp6.exe installs the following core files that are included with 
  Visual Studio 6.0 Service Pack 6:

      Asycfilt.dll
      Comcat.dll
      Msvbvm60.dll
      Oleaut32.dll
      Olepro32.dll
      Stdole2.tlb


Credits
=======
Thank you:
  Kood - for some new ideas
  Ivuso - for IDA Visual Basic Debugger plugin
  Sarge, VBgamer45 - for your help
  Eugegne Suslikov - for Hiew
  Hakeem, suddenLy, killlcn, llAmElliK, GPcH, Thomas, suCRACK - Translators
  Yoda - for 16Edit

Greetings: 
  JosephCo - You old man, remember me ? (This is first VB PCode Guru !)
  All known people from Exetools, -=[t4C]=- and Woodmann forum
  and all slovak crackers and hackers ...

Visit http://progress-tools.x10.mx  for more information or updates. If you have
some ideas, comments, improvements or you find some bug you can mail to me at
darker[at]inmail[dot]sk


History
=======
0.5 - [13.03.2005] - OCX Release
+ Display Caption to objects:  Text,  Label,  Form, CheckBox, OptionButton,
    Frame, Menu
+ Stop button (Break process)
* Fixed some opcodes
+ Added support for Events:
    MSCOMCTL.OCX Controls: ListView, Toolbar, StatusBar, ImageCombo,
                           ProgressBar, TreeView, TabStrip, Slider
    RICHTX32.OCX: RichTextBox
* Fixed menu decompiling

0.6 - [17.03.2005] - Optimization Release
* Fixed OCX recognition
+ Add Options window
+ Add OCX Library name to Object window
+ Add Menu popup on right click mouse
* Better handling end of procedure (Check End Bytes Option)
+ Compacting DB, from 64kb to 33kb by same functionality :-)
+ Optimized code for better speed

0.7 - [27.03.2005] - Easter Release
+ Added Properties recognition
+ Added recognition of 24 new objects
* Better procedure ending
* Fixed Control recognition
+ Unknown counter added
* Fixed some opcodes
+ Added Buttons separators, Removed customizing
+ Jumps Speed Up
* Fixed Jumps recognitions
+ Added Syntax Coloring OFF

0.8 - [05.04.2005] - Ladybird Release
* BIG! Speed Up by processing large apps
+ Added MRU files
+ Moved storing settings from ini to registry
* Fixed some opcodes
+ Detection VB5 apps (but not supported yet)

0.9 - [09.04.2005] - Soya Release
* Fixed apps with no controls
+ Improved Import, Export Dll recognition
+ Identifing SubMain procedure
+ Added Partial decompilation (Start Step - End Step)
* Fixed some opcodes
+ Error handling

1.0 - [14.04.2005] - Green Release
* Improved Objects listing
+ Added Procedure listing with two modes:
  1) Find selected procedure on DblClick
  2) Decompile selected procedure on DblClick (you don't need decompile 
     whole file, you can explore it on the fly)
+ Added Syntax highlighting for PCode to UltraEdit

1.1 - [19.04.2005] - Dll Release
+ Added VB6 Dll and OCX support
* Small speed optimization
+ Added support for Events:
    MSFLXGRD.OCX: MSFlexGrid

1.2 - [04.05.2005] - VB5 Release
+ Added VB5 support
* Fixed 2 opcodes
* Fixed one rare bug on some applications
+ Show Options screen in taskbar
* Fixed "Check file" function in case that file doesn't exist
* Fixed working on chinese system (Thanx SunYJ for testing)

1.3 - [12.05.2005] - Ice Hockey Release (Canada - Slovakia 5:4, Damn! :-)
+ Added displaying of Object by unknown Events
+ Added type Icons for Controls (You can see now Type of Control)
+ Added support for Events:
    MSCOMCT2.OCX: Animation, UpDown, MonthView, DTPicker, FlatScrollBar
    VBOLOCK.OCX : LockIt
+ Added "Allways on Top"
* Fixed bug on some rare Import Tables

1.4b - [23.05.2005] - "Love is in the Air" Release
+ Change Font Option
* Fixed decompiling of dummy Procedures (P32Dasm stop responding)
+ Added support for Events:
    MSINET.OCX  : Inet
    MSWINSCK.OCX: Winsock
    TABCTL32.OCX: SSTab
* Fixed Crash on non-english Windows

1.5 - [29.05.2005] - Sunny Release
+ Added some support for unpacked Apps
* Improved Error handling
+ Display offsets for NCode events (Usefull for setting BPX :-)

1.6 - [22.07.2005] - Summer Release
* Fixed Control recognition
+ Added support for Events:
    COMCT32.OCX : TabStrip, Toolbar, StatusBar, ProgressBar, TreeView,
                  ListView, Slider
    COMCT332.OCX: CoolBar
    COMCT232.OCX: Animation, UpDown

1.7 - [31.07.2005] - "Where is the fuc*ing Sun ?" Release
* Fixed some OCX Events recognition
+ More Procedures are now recognized (VB5)
+ Added listing of Procedures (only if exist)
+ Added Refresh button to Control/Procedure window
+ Added support for Events:
    TOC.OCX     : Toc

1.8 - [19.08.2005] - "Make Peace No War!" Release
+ Really incredible  Speed Up by decompiling  with  "No Colors" and "Output
  to File" Option
+ Added identifing of some  VB Constant (vbCRLF,  vbCR,  vbLF,  vbNullChar,
  vbTab,  vbBack)
+ Added Search String under Cursor
+ Added to Position Manager: Save, Load, Update Label and Position

1.9 - [07.09.2005] - Engaged Release
+ Now you can tanslate P32Dasm into other languages
+ Added in List of Strings new Menu for fast view of other Objects
+ Added Posibility of saving Project as pure Text
* Fixed recognition of some OCX and their Events in VB5
* Fixed Position Manager problems by "Output to File" Setting
* Fixed rare bug with Procedure Names
* Fixed some screen Issues by switching between Windows
+ Added support for Events of FM20.DLL

2.0 - [16.10.2005] - "Born to be Free" Release
+ Added support for Events of VSFLEX7L.OCX  THREED32.OCX  THREED20.OCX  and
    SSSPLT30.OCX
+ Added save last Dir
+ Added Support for rebuilded Apps
+ Small Speed Up
+ Added additional info by Timers
+ Added Russian and German translation
+ In Objects window by Copy function show also object type
* Fixed bug "On Top" in Position Screen

2.1 - [03.11.2005] - "13th week" Release
+ Added Internal Hex Editor
+ Added Export events to .map Files (for IDA, Olly ...)
* Fixed default filename by saving Project

2.2 - [04.01.2006] - Birthday Release
* Fixed crash on some apps
* Fixed crash on exit by unsupported apps
* Fixed crash on strange SectionHeaders
* Fixed crash on some ImportTables
* Fixed VB5/VB6 recognition by unpacked apps
+ Added support to some obfuscated apps
+ Added some class types

2.3 - [24.05.2006] - "Terezka" Release
* Fixed "On Top" displaying in Procedure/Object window
* Fixed "Edit Output" refresh on loading new file
+ Added Spanish translation

2.4 - [03.11.2008] - Alex Release
+ Native code fast preview (display MSVBVM calls + string references)
+ Added new class types
+ Added designer identificaton
+ Posibility direct jump to offset in HIEW
+ Improoved Debug mode
+ Filter out not supported "In DB doesn't exist ..."
+ Added Possibility disable creation of Position Files
+ Added support for Events of  JSBBAR16.OCX,  MSDATLST.OCX,  GRIDEX20.OCX  and
  ACTBAR3.OCX
+ Faster decompiling
* Default syntax coloring Off (slow)
* New search shortcut changed from F7 to Ctrl + F
* Fixed External API scan
* Fixed crash when is missing 16Edit.dll
* Better Unicode String handling
- Removed "Output to file" settings

2.5 - [14.06.2009] - Slovakia Release
* Changed app font for better language support
* Fixed storing wrong window possition
* Fixed displaying other language characters (tested on Russian, check screen)
* Word over cursor support other languages (take word divided by spaces)
 (Beware! Due some RichTextBox bug or unicode problems some strings with special
  REGIONAL CHARACTERS will be not found in main window!)
* Fixed Word over cursor string length extraction for other languages
* Fixed crash on some VB5 apps
+ Possibility select and apply font charset for better output (language support)
+ Search in tree
+ Added support for Events of DBLIST32.OCX, DBGRID32.OCX, MSDATGRD.OCX,
  MSCOMM32.OCX, MSCHRT20.OCX, MSMASK32.OCX

2.6 - [24.12.2009] - Christmas Release
+ Added procedure names identification
+ More objects recognition
+ Added reading more details (Enumerators, Constants, Events and Properties)
+ Added new Events icon for better resolution
+ Internal code tidy up and changes for displaying better debug info
+ More procedures details identified on some strange type apps (NCode)
- Removed displaying of procedure names list in output (moved to real names)
* fixed working of MRU files
* Fixed bug: missing end address in one procedure NCode object
* Fixed some GUI problems when app use visual styles

2.7 - [04.12.2010] - "Another start" Release
+ Added support for IDA Visual Basic Debugger plugin (source export)
+ Added "Heurestic assign unknown procedures into objects" (not all but it
  helps a lot of in native code apps!)
+ Adding VB5 SubMain to list of procedures if it's missing in list
+ Added parameters to some opcodes
* Fixed Drag & Drop files into P32Dasm (thanx Ivuso)

2.8 - [24.05.2011] - "It's my life" Release
+ Added identification of some created objects
+ Added identification of some CALLs and Objects
* Fixed some unknown CALLs
+ Better CALLs naming
+ Small speed up
+ Added better procedure naming in NCode (also for calls)
+ Better naming of Unknown Events
* Fixed export of some procedure names to IDA Visual Basic Debugger plugin
+ Possibility open any file extension (renamed malware or virus)
+ Default save extension: check if it's enabled Coloring and then set *.txt/*.rtf
+ Some changes in output formating
+ Now selected text is default string for searching
+ Removed some false alarm messages (In DB doesn't exist)
* Fixed crash on some big applications
* Fixed load and jump to offset in Hiew if cursor is not on address
+ Added display object offset and object ID in controls tree over mouse cursor, 
  also included in export (Copy All) Usefull if you want manualy patch default 
  control properties: label, enabled, disabled, visible, timer values ...
+ Added object ID to controls tree output
* Fixed wrong Event identification in some cases
+ Added identification of Private/Public function/procedures
+ Added identification of parameter names
- Removed some non usefull counters
