Jump to content

Recommended Posts

Posted

well, there is an unsolved issue.

you are using "SHMessageBoxCheckW" , but that does not work like it should. i tried to fix it but i failed. it seems that

shlwapi.dll cannot be used the normal api way. it seems to need a "PeekMessage" call (link) and the function has to be located by "GetProcAddress". another link.

but, unfortunately, i could not make it work either. maybe anyone else can crack this nice function to Autoit ?

j.

Spoiler

I actively support Wikileaks | Freedom for Julian Assange ! | Defend freedom of speech ! | Fight censorship ! | I will not silence.OixB7.jpgDon't forget this IP: 213.251.145.96

 

Posted

well, there is an unsolved issue.

you are using "SHMessageBoxCheckW" , but that does not work like it should. i tried to fix it but i failed. it seems that

shlwapi.dll cannot be used the normal api way. it seems to need a "PeekMessage" call (link) and the function has to be located by "GetProcAddress". another link.

but, unfortunately, i could not make it work either. maybe anyone else can crack this nice function to Autoit ?

j.

The version of ResourcesViewerAndCompiler.au3 that I have on me (working-on version) is using this code:

Func _MessageBoxCheck($iFlag, $sTitle, $sText, $sIdentifier, $iDefault, $hWnd, $iTimeout = 0)

    Local $a_iCall = DllCall("shlwapi.dll", "int", 191, _; "SHMessageBoxCheckW" exported by ordinal prior Vista
            "hwnd", $hWnd, _
            "wstr", $sText, _
            "wstr", $sTitle, _
            "dword", $iFlag, _
            "int", $iDefault, _
            "wstr", $sIdentifier)

    If @error Or $a_iCall[0] = -1 Then
        Return SetError(1, 0, MsgBox($iFlag, $sTitle, $sText, $iTimeout, $hWnd))
    EndIf

    Return SetError(0, 0, $a_iCall[0])

EndFunc

See if that works with you.

New version is a killer, you'll see. Much faster.

♡♡♡

.

eMyvnE

Posted (edited)

yap, that's okay. you should upload it like this !

j. :)

question: does it mean that vista supports "SHMessageBoxCheckW", while xp needs ordinal address ?

this is not documented in msdn.

Edited by jennico
Spoiler

I actively support Wikileaks | Freedom for Julian Assange ! | Defend freedom of speech ! | Fight censorship ! | I will not silence.OixB7.jpgDon't forget this IP: 213.251.145.96

 

Posted

yap, that's okay. you should upload it like this !

j. :)

question: does it mean that vista supports "SHMessageBoxCheckW", while xp needs ordinal address ?

this is not documented in msdn.

Yes, I did extensive testing on this. Vista introduced name SHMessageBoxCheckW, but ordinal value is the same (you can use both).

♡♡♡

.

eMyvnE

Posted

good to know. so i would recommend using the ordinal, as winxp apparently cannot resolve SHMessageBoxCheckW.

Spoiler

I actively support Wikileaks | Freedom for Julian Assange ! | Defend freedom of speech ! | Fight censorship ! | I will not silence.OixB7.jpgDon't forget this IP: 213.251.145.96

 

Posted

I got this error msg. popping up when I try to create an innitial dll.

Posted Image

I`m using winXP sp2 64 bit.

To tell you the truth I'm glad to see that error is under control there.

The problem is created because this script is making 32-bit dlls and unless I'm doing something wrong with compiling part, 64-bit systems aren't able to process them. I don't have access to 64-bit system.

Are you having any other issues with this script?

... btw, I see that FileGetLongName() is failing with you. Can you verify that with help file example?

♡♡♡

.

eMyvnE

Posted

To tell you the truth I'm glad to see that error is under control there.

The problem is created because this script is making 32-bit dlls and unless I'm doing something wrong with compiling part, 64-bit systems aren't able to process them. I don't have access to 64-bit system.

Are you having any other issues with this script?

... btw, I see that FileGetLongName() is failing with you. Can you verify that with help file example?

Well, after that error pops out, I can get it to the GUI where I`m supposed to add files, but after I do so, I get an error saying that the target file hasn`t been chosen, or something like that.(I can double check it if you want me to)

FileGetLongName() is failing for me, and what do you want me to do to verify that?...sorry, I`m still a noob here :)

Posted

Well, after that error pops out, I can get it to the GUI where I`m supposed to add files, but after I do so, I get an error saying that the target file hasn`t been chosen, or something like that.(I can double check it if you want me to)

FileGetLongName() is failing for me, and what do you want me to do to verify that?...sorry, I`m still a noob here :)

You don't need to double check. After all, I wrote that code, it would be really weird if I would't know what it says.

Thanks for the feedback, I will adapt to the limitation(s).

As for FileGetLongName() function, just open AutoIt's help file and find description of that function and run attached example.

I wasn't aware of possible limitations of that function.

♡♡♡

.

eMyvnE

  • 3 weeks later...
Posted

I introduced a memory leak with one of the versions (when reloading). Ahhh, well... will be fixed.

I hope I'll finish this new version soon. I's much powerful. It's climbing on top of AutoIt. My peak for sure.

...if you get bored while working with it just hit F5 for some mood.

♡♡♡

.

eMyvnE

Posted

I introduced a memory leak with one of the versions (when reloading). Ahhh, well... will be fixed.

I hope I'll finish this new version soon. I's much powerful. It's climbing on top of AutoIt. My peak for sure.

...if you get bored while working with it just hit F5 for some mood.

Heh nice :D

It was also the first time I opened the source, and it made even more impressed with this. I mean 8k lines, that require some serious work!

Broken link? PM me and I'll send you the file!

Posted

Hi trancexx,

I am trying to figure out that how can i get the Section where the AddressOfEntryPoint exists.

I check in your ResHacker project it just shows the EntryPoint , not mark any section.

This image will tell you exactly what i mean,

In CFF Explorer:

post-36752-1244654801_thumb.jpg

In your project:

post-36752-1244655014_thumb.jpg

I hope you will understand what i want to know.

73 108 111 118 101 65 117 116 111 105 116

Posted (edited)

@Trancexx

I don't know if anyone asked for these or not:

0. Can the data in more resource entries be saved/exported as files?

- - (presumably with options: hex-table view, or the raw data)

I know you have options to save known resource types (eg: icons)

but you could offer the two above data-independent options above for unknown resource types.

(ResHacker, IIRC, only offered hex-table exporting for unknown resources)

1. Could you add processing for the TypeLib data?

Currently, I see your script offers the same information (Hex table view) ResHacker does:

[sS]Posted Image

The alternative is something like eXeScope does with the data:

[sS]Posted Image

I'm not exactly sure how eXeScope processes it, it could be doing it manually or just making a dll-call.

(I never got around to duplicating it in the PE-Scope so don't bother looking there for help :D , sorry.)

2. There's a bug, but I can't reproduce it at the moment- something where the resource [data/image/text] display area stops displaying altogether.

3. The F5 thing scared me because I was going to run another script (F5 of course) and I didn't notice that it was made to do that - could you, perhaps, limit it to starting only when the GUI is active?

- or, perhaps, using a non-blocking method of obtaining the F5 keypress?

- or, alternatively make the hotkey more obscure.

- \Users\Public\Music\Sample Music\One Step Beyond.wma won't exist for everyone [anyone?], you could try some files in %WINDIR%\media\ as an alternative.

Edited by crashdemons

My Projects - WindowDarken (Darken except the active window) Yahsmosis Chat Client (Discontinued) StarShooter Game (Red alert! All hands to battlestations!) YMSG Protocol Support (Discontinued) Circular Keyboard and OSK example. (aka Iris KB) Target Screensaver Drive Toolbar Thingy Rollup Pro (Minimize-to-Titlebar & More!) 2D Launcher physics example Ascii Screenshot AutoIt3 Quine Example ("Is a Quine" is a Quine.) USB Lock (Another system keydrive - with a toast.)

Posted

@Trancexx

If I put an image in a dll useing your compiler, how would I make a script to show the image from the dll?

0x616e2069646561206973206c696b652061206d616e20776974686f7574206120626f64792c20746f206669676874206f6e6520697320746f206e657665722077696e2e2e2e2e

Posted

...

2. There's a bug, but I can't reproduce it at the moment- something where the resource [data/image/text] display area stops displaying altogether.

Maybe for large resource that goes to edit control (as hex)? If it is then it's been taken care of with new version (in a stupid way but...).

I can process TypeLibs. You find that needed? ... will see.

I did F5 intentionally (to be noticed and still no one did :D ).

@Digisoul, let me check on that.

♡♡♡

.

eMyvnE

Posted

@Trancexx

If I put an image in a dll useing your compiler, how would I make a script to show the image from the dll?

This is example posted on General Help And Support. All you need is to change "explorer.exe" to full path of your dll and name of resource from 146 to whatever yours is (RT_BITMAP):

#include <Constants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <WinAPI.au3>

; create gui and pic control
GUICreate("Test GUI", 400, 140, -1, -1, $WS_SIZEBOX)
$hPic = GUICtrlCreatePic("", 10, 30, 0, 0)

; load library
Local $hInstance = _WinAPI_LoadLibraryEx("explorer.exe", $LOAD_LIBRARY_AS_DATAFILE)

; load bitmap
Local $hBitmap_OR = _WinAPI_LoadImage($hInstance, 146, $IMAGE_BITMAP, 0, 0, 0) ; 146 is the name

; free library
_WinAPI_FreeLibrary($hInstance)

; copy hBitmap (to create DIBSECTION)
Local $hBitmap = _WinAPI_CopyBitmap($hBitmap_OR, 8204) ; $LR_COPYDELETEORG|$LR_COPYRETURNORG|$LR_CREATEDIBSECTION

; get desired informations
Local $tBitmap = DllStructCreate("int bmType;" & _
        "int bmWidth;" & _
        "int bmHeight;" & _
        "int bmWidthBytes;" & _
        "ushort bmPlanes;" & _
        "ushort bmBitsPixel;" & _
        "ptr bmBits")

_WinAPI_GetObject($hBitmap, DllStructGetSize($tBitmap), DllStructGetPtr($tBitmap))


; resize pic control
GUICtrlSetPos($hPic, 10, 30, DllStructGetData($tBitmap, "bmWidth"), DllStructGetData($tBitmap, "bmHeight"))

; draw bitmap
Local $STM_SETIMAGE = 370
Local $iMsg = GUICtrlSendMsg($hPic, $STM_SETIMAGE, 0, $hBitmap)

; clean if necessary
If $iMsg Then ; this won't be the case since it's done only once
    _WinAPI_DeleteObject($iMsg)
EndIf

; show GUI
GUISetState()

While 1
    If GUIGetMsg() = $GUI_EVENT_CLOSE Then Exit
WEnd






Func _WinAPI_CopyBitmap($hBitmap, $iFlags)

    Local $aCall = DllCall("User32.dll", "hwnd", "CopyImage", _
            "hwnd", $hBitmap, _
            "dword", 0, _
            "int", 0, _
            "int", 0, _
            "dword", $iFlags) ; LR_COPYDELETEORG 8

    If @error Or Not $aCall[0] Then
        Return SetError(1, 0, 0)
    EndIf

    Return SetError(0, 0, $aCall[0])

EndFunc   ;==>_WinAPI_CopyBitmap

That code covers everything but normally you wouldn't need _WinAPI_CopyBitmap() part because you know how big your image is.

♡♡♡

.

eMyvnE

Posted

I get an error

_winapi_getobject() : The specified procedure cannot be found

0x616e2069646561206973206c696b652061206d616e20776974686f7574206120626f64792c20746f206669676874206f6e6520697320746f206e657665722077696e2e2e2e2e

Posted

I get an error

_winapi_getobject() : The specified procedure cannot be found

Did yo try to debug it?

As I understand, you have win7.

explorer.exe of that OS obviously (?) lacks resource named 146, RT_BITMAP type. There is a comment in that line of the script saying "146 is the name".

Since ResourcesViewerAndCompiler.au3 is written for these purposes just load your explorer.exe in it and see what is there.

Btw, I said that normally you wouldn't need _WinAPI_CopyBitmap() part. Well, _WinAPI_GetObject() is part of that part. :D

I didn't say that for other resources, such as icons, you use AutoIt's built-in functions.

♡♡♡

.

eMyvnE

Posted

Hi trancexx,

I am trying to figure out that how can i get the Section where the AddressOfEntryPoint exists.

I check in your ResHacker project it just shows the EntryPoint , not mark any section.

This image will tell you exactly what i mean,

In CFF Explorer:

post-36752-1244654801_thumb.jpg

In your project:

post-36752-1244655014_thumb.jpg

I hope you will understand what i want to know.

Ok, here it is...

After you got AddressOfEntryPoint you do something like this:

#include <WinAPI.au3>

$sModule = "FullPathTo\WSCinstall.exe"

;Load it (DllOpen() or whatever):
DllOpen($sModule)

$iAddressOfEntryPoint = 0x000AF1E0; DllStructGetData($tIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint") from ResourcesViewerAndCompiler.au3

; Calculate offset:
$iAddress = _WinAPI_GetModuleHandle($sModule) + $iAddressOfEntryPoint

; Create structure to hold data of our interest:
Local $tStructure = DllStructCreate("byte[12]", $iAddress)

;Get data:
$bData = DllStructGetData($tStructure, 1)

;Write it to see what it is:
ConsoleWrite($bData & @CRLF)

What it writes if UPX is used? It should be something like this (X is some/any hex):

0x60BEXXXXXXXX8DBEXXXXXXXX...

It means:

60 - pushad

BEXXXXXXXX - mov esi, XXXXXXXX<-

8DXXXXXXXX - lea edi, dword[esi+XXXXXXXX<-

... - more code

This pattern appears to be considered as UPX signature.

♡♡♡

.

eMyvnE

Posted

Ok, here it is...

After you got AddressOfEntryPoint you do something like this:

#include <WinAPI.au3>

$sModule = "FullPathTo\WSCinstall.exe"

;Load it (DllOpen() or whatever):
DllOpen($sModule)

$iAddressOfEntryPoint = 0x000AF1E0; DllStructGetData($tIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint") from ResourcesViewerAndCompiler.au3

; Calculate offset:
$iAddress = _WinAPI_GetModuleHandle($sModule) + $iAddressOfEntryPoint

; Create structure to hold data of our interest:
Local $tStructure = DllStructCreate("byte[12]", $iAddress)

;Get data:
$bData = DllStructGetData($tStructure, 1)

;Write it to see what it is:
ConsoleWrite($bData & @CRLF)

What it writes if UPX is used? It should be something like this (X is some/any hex):

0x60BEXXXXXXXX8DBEXXXXXXXX...

It means:

60 - pushad

BEXXXXXXXX - mov esi, XXXXXXXX<-

8DXXXXXXXX - lea edi, dword[esi+XXXXXXXX<-

... - more code

This pattern appears to be considered as UPX signature.

thank you for your reply but my need is a bit different, i just want to know that which section contain IMAGE_SCN_CNT_CODE,

anyways i got the code from Code Project

VC:
if( pSectionHeader->VirtualAddress <= dwEntryPoint &&
    dwEntryPoint < pSectionHeader->VirtualAddress +
                     pSectionHeader->Misc.VirtualSize )
{ break; }

AutoIt :
Local $VA = DllStructGetData($tIMAGE_SECTION_HEADER, "VirtualAddress")
Local $VSZ = DllStructGetData($tIMAGE_SECTION_HEADER, "UnionOfData")
Local $AddressOfEntryPoint = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint")
If ($VA <= $AddressOfEntryPoint) And $AddressOfEntryPoint < ($VA+$VSZ) Then
   ConsoleWrite("Execution Starts at SEC# "&$i&" :"&$Section&@CRLF)
EndIf

73 108 111 118 101 65 117 116 111 105 116

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...