VB Decompiler is a decompiler for programs (EXE, DLL, or OCX) written in Visual Basic 5.0 or 6.0. As you know, a VB program can be compiled either into interpreted p-code or into native code.
If some program was compiled into native code, you cannot restore the source code from machine instructions. But even in this situation, VB decompiler can greatly help you analyze the program, thanks to a powerful disassembler that supports Pentium Pro commands, including MMX and SSE. VB decompiler lets you to disassemble all functions. It includes a code analyzer too, which searches for all API function calls and string references in the disassembled code and converts them into comments for analyzed strings.In general, VB Decompiler is an ideal tool for analyzing VB programs. It's a must-have if you've lost some source code and need to partially restore your project!
As you have indicated decompilation has been around for a long time and these techniques are available for most mature platforms including .NET (this is true of disassembly also). Obfuscators are a popular option for folks seeking an additional layer of protection. I would add that explicit statements from the copyright owner about usage and decompilation is incredibly important. We have made it clear that using the decompiler does require the permission of the copyright holder and further that it is an optional feature.
A relatively small percentage of decompilation attempts may result in failure. This is due to a sequence point null-reference error in ILSpy. We have mitigated the failure by catching these issues and gracefully failing the decompilation attempt.
I placed a breakpoint in line 1081, which is the beginning of smethod_56(). As you can see, the function accepts one parameter - string_0 (Remember, the name of the string variable is generated by the decompiler).
Which means that svhost.exe in the temp directory is actually MSBuild.exe. Since we are actively debugging this process, we could actually navigate to that path and inspect that file ourselves, and surprise surprise: 2b1af7f3a8