###ACTION: SEARCH FOR SIMILAR PROCEDURES

To search for similar procedures, use:

  vbclient.py -a search [--noLibrary] [--limit] sha1/0xrva1 sha1/0xrva2 ...

The search command searches procedures similar to a given one. A procedures is identified as sha1/0xrva, where sha1 is the sha1 of the binary and rva is the relative virtual address of the procedures in hex format.

TODO: Describe --noLibrary and --limit option.

###ACTION: SHOW LIST OF PROCEDURES IN A BINARY

Before searching for similar procedures, you need the list of procedures. The list of procedures in a binary may be queried using the following command.

 vbclient.py -a show arg

The show command takes the sha1 of the binary as arg. It produces the output in json format.

###ACTION: GET CONTENT OF PROCEDURES

Once similar procedures are found, as user may wish to compare their code. You can get the code of a procedure using the following command.

  vbclient.py -a show [--noLibrary] [--limit] sha1/0xrva1 sha1/0xrva2 ...

The show command gives quite a bit of information for each procedure. For each block of a procedure it gives its code, semantics, generalized code, and generalized semantics. In addition, it also gives the strings accessed in a procedure and the Windows APIs referenced in the procedure.