Since people seem to believe their code is safe(er) in VB6, despite all the
stuff that has been posted, I went and did a quick check.
In the span of a half an hour, i've downloaded a half dozen VB decompilers
and dissassemblers, and found them for VB3,4,5, and 6.
The majority work on P-Code. In some cases, you get back what looks pretty
much like the ILDasm.exe display (the .NET IL disassembler). In others, it
was scary just how much the output looked like the original code.
I looked at the VB5/6 token reference that someone posted, and with that
information, i could write my own decompiler blind-folded.
Another issue is that with the exception of one of the programs i downloaded,
the rest were not professional software. The one professional decompiler
was supposed to help companies rescue code that was lost. Someone sent me
a VERY good decompiler, but only after i emailed him several times.
So what about native code? I found nearly 15 disassemblers for Win32 PE binaries.
The output, again, is nearly identical to ILDasm.exe. Some even let you modify
the code, which is how people make cracks and introduce viruses to programs.

By the way, here's a quote from the person who developed the original decompiler
for VB3:
"VB4 programs contain no information, that can be modified or removed. That's
better than with the previous VB versions, that included most of the source
code ([[note from Rob: including some comments]]). On the other hand, there
is no (I guarantee: NO) way to protect VB4 (and following versions) executables
against a decompiler."
[snip]
"BTW, possibly I'll include VB5 token code into the disassembler, before
the redesign of the decompiler. Then both VB versions can be handled with
a single decompiler. A VB5 native code decompiler won't be more difficult,
but the handling of the executables differs significantly from handling tokenized
code."

And this guy writes honest to goodness developer tools, such as profilers
and optimizers. IOW: he's not out to steal your code. You can just imagine
what *those* people are capable of.

Which brings me back to my original point:
I found a monstrous amount of material, articles, etc. that talk about how
to secure your code. In all cases, it involves locks, encryptors, and obfuscators.
You'd be surprised how many such tools are out there for VB3-6. In essense,
nothing has changed. Someone can, at the click of a button, materialize all
the good bits of your private code.
Which leads us back to - exactly how much code is really worth locking? And
why exactly are people making such a big deal about it now, when the problem
has existed for years? And guess what - the solution is still the same.

-Rob