jennico Posted May 18, 2009 Posted May 18, 2009 well, there is an unsolved issue.you are using "SHMessageBoxCheckW" , but that does not work like it should. i tried to fix it but i failed. it seems that shlwapi.dll cannot be used the normal api way. it seems to need a "PeekMessage" call (link) and the function has to be located by "GetProcAddress". another link.but, unfortunately, i could not make it work either. maybe anyone else can crack this nice function to Autoit ?j. Spoiler I actively support Wikileaks | Freedom for Julian Assange ! | Defend freedom of speech ! | Fight censorship ! | I will not silence.Don't forget this IP: 213.251.145.96
trancexx Posted May 18, 2009 Author Posted May 18, 2009 well, there is an unsolved issue. you are using "SHMessageBoxCheckW" , but that does not work like it should. i tried to fix it but i failed. it seems that shlwapi.dll cannot be used the normal api way. it seems to need a "PeekMessage" call (link) and the function has to be located by "GetProcAddress". another link. but, unfortunately, i could not make it work either. maybe anyone else can crack this nice function to Autoit ? j.The version of ResourcesViewerAndCompiler.au3 that I have on me (working-on version) is using this code: Func _MessageBoxCheck($iFlag, $sTitle, $sText, $sIdentifier, $iDefault, $hWnd, $iTimeout = 0) Local $a_iCall = DllCall("shlwapi.dll", "int", 191, _; "SHMessageBoxCheckW" exported by ordinal prior Vista "hwnd", $hWnd, _ "wstr", $sText, _ "wstr", $sTitle, _ "dword", $iFlag, _ "int", $iDefault, _ "wstr", $sIdentifier) If @error Or $a_iCall[0] = -1 Then Return SetError(1, 0, MsgBox($iFlag, $sTitle, $sText, $iTimeout, $hWnd)) EndIf Return SetError(0, 0, $a_iCall[0]) EndFunc See if that works with you. New version is a killer, you'll see. Much faster. ♡♡♡ . eMyvnE
jennico Posted May 18, 2009 Posted May 18, 2009 (edited) yap, that's okay. you should upload it like this ! j. question: does it mean that vista supports "SHMessageBoxCheckW", while xp needs ordinal address ? this is not documented in msdn. Edited May 18, 2009 by jennico Spoiler I actively support Wikileaks | Freedom for Julian Assange ! | Defend freedom of speech ! | Fight censorship ! | I will not silence.Don't forget this IP: 213.251.145.96
trancexx Posted May 18, 2009 Author Posted May 18, 2009 yap, that's okay. you should upload it like this !j. question: does it mean that vista supports "SHMessageBoxCheckW", while xp needs ordinal address ?this is not documented in msdn.Yes, I did extensive testing on this. Vista introduced name SHMessageBoxCheckW, but ordinal value is the same (you can use both). ♡♡♡ . eMyvnE
jennico Posted May 18, 2009 Posted May 18, 2009 good to know. so i would recommend using the ordinal, as winxp apparently cannot resolve SHMessageBoxCheckW. Spoiler I actively support Wikileaks | Freedom for Julian Assange ! | Defend freedom of speech ! | Fight censorship ! | I will not silence.Don't forget this IP: 213.251.145.96
bleed Posted May 18, 2009 Posted May 18, 2009 I got this error msg. popping up when I try to create an innitial dll.I`m using winXP sp2 64 bit.
trancexx Posted May 18, 2009 Author Posted May 18, 2009 I got this error msg. popping up when I try to create an innitial dll.I`m using winXP sp2 64 bit.To tell you the truth I'm glad to see that error is under control there.The problem is created because this script is making 32-bit dlls and unless I'm doing something wrong with compiling part, 64-bit systems aren't able to process them. I don't have access to 64-bit system.Are you having any other issues with this script?... btw, I see that FileGetLongName() is failing with you. Can you verify that with help file example? ♡♡♡ . eMyvnE
bleed Posted May 19, 2009 Posted May 19, 2009 To tell you the truth I'm glad to see that error is under control there.The problem is created because this script is making 32-bit dlls and unless I'm doing something wrong with compiling part, 64-bit systems aren't able to process them. I don't have access to 64-bit system.Are you having any other issues with this script?... btw, I see that FileGetLongName() is failing with you. Can you verify that with help file example?Well, after that error pops out, I can get it to the GUI where I`m supposed to add files, but after I do so, I get an error saying that the target file hasn`t been chosen, or something like that.(I can double check it if you want me to)FileGetLongName() is failing for me, and what do you want me to do to verify that?...sorry, I`m still a noob here
trancexx Posted May 21, 2009 Author Posted May 21, 2009 Well, after that error pops out, I can get it to the GUI where I`m supposed to add files, but after I do so, I get an error saying that the target file hasn`t been chosen, or something like that.(I can double check it if you want me to)FileGetLongName() is failing for me, and what do you want me to do to verify that?...sorry, I`m still a noob here You don't need to double check. After all, I wrote that code, it would be really weird if I would't know what it says.Thanks for the feedback, I will adapt to the limitation(s).As for FileGetLongName() function, just open AutoIt's help file and find description of that function and run attached example.I wasn't aware of possible limitations of that function. ♡♡♡ . eMyvnE
trancexx Posted June 6, 2009 Author Posted June 6, 2009 I introduced a memory leak with one of the versions (when reloading). Ahhh, well... will be fixed. I hope I'll finish this new version soon. I's much powerful. It's climbing on top of AutoIt. My peak for sure. ...if you get bored while working with it just hit F5 for some mood. ♡♡♡ . eMyvnE
monoceres Posted June 6, 2009 Posted June 6, 2009 I introduced a memory leak with one of the versions (when reloading). Ahhh, well... will be fixed.I hope I'll finish this new version soon. I's much powerful. It's climbing on top of AutoIt. My peak for sure....if you get bored while working with it just hit F5 for some mood.Heh nice It was also the first time I opened the source, and it made even more impressed with this. I mean 8k lines, that require some serious work! Broken link? PM me and I'll send you the file!
Digisoul Posted June 10, 2009 Posted June 10, 2009 Hi trancexx, I am trying to figure out that how can i get the Section where the AddressOfEntryPoint exists. I check in your ResHacker project it just shows the EntryPoint , not mark any section. This image will tell you exactly what i mean, In CFF Explorer: In your project: I hope you will understand what i want to know. 73 108 111 118 101 65 117 116 111 105 116
crashdemons Posted June 10, 2009 Posted June 10, 2009 (edited) @TrancexxI don't know if anyone asked for these or not:0. Can the data in more resource entries be saved/exported as files? - - (presumably with options: hex-table view, or the raw data)I know you have options to save known resource types (eg: icons)but you could offer the two above data-independent options above for unknown resource types.(ResHacker, IIRC, only offered hex-table exporting for unknown resources)1. Could you add processing for the TypeLib data?Currently, I see your script offers the same information (Hex table view) ResHacker does:[sS]The alternative is something like eXeScope does with the data:[sS]I'm not exactly sure how eXeScope processes it, it could be doing it manually or just making a dll-call.(I never got around to duplicating it in the PE-Scope so don't bother looking there for help , sorry.)2. There's a bug, but I can't reproduce it at the moment- something where the resource [data/image/text] display area stops displaying altogether.3. The F5 thing scared me because I was going to run another script (F5 of course) and I didn't notice that it was made to do that - could you, perhaps, limit it to starting only when the GUI is active?- or, perhaps, using a non-blocking method of obtaining the F5 keypress?- or, alternatively make the hotkey more obscure.- \Users\Public\Music\Sample Music\One Step Beyond.wma won't exist for everyone [anyone?], you could try some files in %WINDIR%\media\ as an alternative. Edited June 11, 2009 by crashdemons My Projects - WindowDarken (Darken except the active window) Yahsmosis Chat Client (Discontinued) StarShooter Game (Red alert! All hands to battlestations!) YMSG Protocol Support (Discontinued) Circular Keyboard and OSK example. (aka Iris KB) Target Screensaver Drive Toolbar Thingy Rollup Pro (Minimize-to-Titlebar & More!) 2D Launcher physics example Ascii Screenshot AutoIt3 Quine Example ("Is a Quine" is a Quine.) USB Lock (Another system keydrive - with a toast.)
corgano Posted June 11, 2009 Posted June 11, 2009 @Trancexx If I put an image in a dll useing your compiler, how would I make a script to show the image from the dll? 0x616e2069646561206973206c696b652061206d616e20776974686f7574206120626f64792c20746f206669676874206f6e6520697320746f206e657665722077696e2e2e2e2e
trancexx Posted June 11, 2009 Author Posted June 11, 2009 ... 2. There's a bug, but I can't reproduce it at the moment- something where the resource [data/image/text] display area stops displaying altogether.Maybe for large resource that goes to edit control (as hex)? If it is then it's been taken care of with new version (in a stupid way but...). I can process TypeLibs. You find that needed? ... will see. I did F5 intentionally (to be noticed and still no one did ). @Digisoul, let me check on that. ♡♡♡ . eMyvnE
trancexx Posted June 11, 2009 Author Posted June 11, 2009 @Trancexx If I put an image in a dll useing your compiler, how would I make a script to show the image from the dll?This is example posted on General Help And Support. All you need is to change "explorer.exe" to full path of your dll and name of resource from 146 to whatever yours is (RT_BITMAP): expandcollapse popup#include <Constants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #include <WinAPI.au3> ; create gui and pic control GUICreate("Test GUI", 400, 140, -1, -1, $WS_SIZEBOX) $hPic = GUICtrlCreatePic("", 10, 30, 0, 0) ; load library Local $hInstance = _WinAPI_LoadLibraryEx("explorer.exe", $LOAD_LIBRARY_AS_DATAFILE) ; load bitmap Local $hBitmap_OR = _WinAPI_LoadImage($hInstance, 146, $IMAGE_BITMAP, 0, 0, 0) ; 146 is the name ; free library _WinAPI_FreeLibrary($hInstance) ; copy hBitmap (to create DIBSECTION) Local $hBitmap = _WinAPI_CopyBitmap($hBitmap_OR, 8204) ; $LR_COPYDELETEORG|$LR_COPYRETURNORG|$LR_CREATEDIBSECTION ; get desired informations Local $tBitmap = DllStructCreate("int bmType;" & _ "int bmWidth;" & _ "int bmHeight;" & _ "int bmWidthBytes;" & _ "ushort bmPlanes;" & _ "ushort bmBitsPixel;" & _ "ptr bmBits") _WinAPI_GetObject($hBitmap, DllStructGetSize($tBitmap), DllStructGetPtr($tBitmap)) ; resize pic control GUICtrlSetPos($hPic, 10, 30, DllStructGetData($tBitmap, "bmWidth"), DllStructGetData($tBitmap, "bmHeight")) ; draw bitmap Local $STM_SETIMAGE = 370 Local $iMsg = GUICtrlSendMsg($hPic, $STM_SETIMAGE, 0, $hBitmap) ; clean if necessary If $iMsg Then ; this won't be the case since it's done only once _WinAPI_DeleteObject($iMsg) EndIf ; show GUI GUISetState() While 1 If GUIGetMsg() = $GUI_EVENT_CLOSE Then Exit WEnd Func _WinAPI_CopyBitmap($hBitmap, $iFlags) Local $aCall = DllCall("User32.dll", "hwnd", "CopyImage", _ "hwnd", $hBitmap, _ "dword", 0, _ "int", 0, _ "int", 0, _ "dword", $iFlags) ; LR_COPYDELETEORG 8 If @error Or Not $aCall[0] Then Return SetError(1, 0, 0) EndIf Return SetError(0, 0, $aCall[0]) EndFunc ;==>_WinAPI_CopyBitmap That code covers everything but normally you wouldn't need _WinAPI_CopyBitmap() part because you know how big your image is. ♡♡♡ . eMyvnE
corgano Posted June 11, 2009 Posted June 11, 2009 I get an error _winapi_getobject() : The specified procedure cannot be found 0x616e2069646561206973206c696b652061206d616e20776974686f7574206120626f64792c20746f206669676874206f6e6520697320746f206e657665722077696e2e2e2e2e
trancexx Posted June 11, 2009 Author Posted June 11, 2009 I get an error_winapi_getobject() : The specified procedure cannot be foundDid yo try to debug it?As I understand, you have win7. explorer.exe of that OS obviously (?) lacks resource named 146, RT_BITMAP type. There is a comment in that line of the script saying "146 is the name".Since ResourcesViewerAndCompiler.au3 is written for these purposes just load your explorer.exe in it and see what is there.Btw, I said that normally you wouldn't need _WinAPI_CopyBitmap() part. Well, _WinAPI_GetObject() is part of that part. I didn't say that for other resources, such as icons, you use AutoIt's built-in functions. ♡♡♡ . eMyvnE
trancexx Posted June 18, 2009 Author Posted June 18, 2009 Hi trancexx, I am trying to figure out that how can i get the Section where the AddressOfEntryPoint exists. I check in your ResHacker project it just shows the EntryPoint , not mark any section. This image will tell you exactly what i mean, In CFF Explorer: In your project: I hope you will understand what i want to know.Ok, here it is... After you got AddressOfEntryPoint you do something like this: #include <WinAPI.au3> $sModule = "FullPathTo\WSCinstall.exe" ;Load it (DllOpen() or whatever): DllOpen($sModule) $iAddressOfEntryPoint = 0x000AF1E0; DllStructGetData($tIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint") from ResourcesViewerAndCompiler.au3 ; Calculate offset: $iAddress = _WinAPI_GetModuleHandle($sModule) + $iAddressOfEntryPoint ; Create structure to hold data of our interest: Local $tStructure = DllStructCreate("byte[12]", $iAddress) ;Get data: $bData = DllStructGetData($tStructure, 1) ;Write it to see what it is: ConsoleWrite($bData & @CRLF) What it writes if UPX is used? It should be something like this (X is some/any hex): 0x60BEXXXXXXXX8DBEXXXXXXXX... It means: 60 - pushad BEXXXXXXXX - mov esi, XXXXXXXX<- 8DXXXXXXXX - lea edi, dword[esi+XXXXXXXX<- ... - more code This pattern appears to be considered as UPX signature. ♡♡♡ . eMyvnE
Digisoul Posted June 18, 2009 Posted June 18, 2009 Ok, here it is... After you got AddressOfEntryPoint you do something like this: #include <WinAPI.au3> $sModule = "FullPathTo\WSCinstall.exe" ;Load it (DllOpen() or whatever): DllOpen($sModule) $iAddressOfEntryPoint = 0x000AF1E0; DllStructGetData($tIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint") from ResourcesViewerAndCompiler.au3 ; Calculate offset: $iAddress = _WinAPI_GetModuleHandle($sModule) + $iAddressOfEntryPoint ; Create structure to hold data of our interest: Local $tStructure = DllStructCreate("byte[12]", $iAddress) ;Get data: $bData = DllStructGetData($tStructure, 1) ;Write it to see what it is: ConsoleWrite($bData & @CRLF) What it writes if UPX is used? It should be something like this (X is some/any hex): 0x60BEXXXXXXXX8DBEXXXXXXXX... It means: 60 - pushad BEXXXXXXXX - mov esi, XXXXXXXX<- 8DXXXXXXXX - lea edi, dword[esi+XXXXXXXX<- ... - more code This pattern appears to be considered as UPX signature.thank you for your reply but my need is a bit different, i just want to know that which section contain IMAGE_SCN_CNT_CODE, anyways i got the code from Code Project VC: if( pSectionHeader->VirtualAddress <= dwEntryPoint && dwEntryPoint < pSectionHeader->VirtualAddress + pSectionHeader->Misc.VirtualSize ) { break; } AutoIt : Local $VA = DllStructGetData($tIMAGE_SECTION_HEADER, "VirtualAddress") Local $VSZ = DllStructGetData($tIMAGE_SECTION_HEADER, "UnionOfData") Local $AddressOfEntryPoint = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint") If ($VA <= $AddressOfEntryPoint) And $AddressOfEntryPoint < ($VA+$VSZ) Then ConsoleWrite("Execution Starts at SEC# "&$i&" :"&$Section&@CRLF) EndIf 73 108 111 118 101 65 117 116 111 105 116
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now