ResHacker project

jennico · May 18, 2009

well, there is an unsolved issue.

you are using "SHMessageBoxCheckW" , but that does not work like it should. i tried to fix it but i failed. it seems that

shlwapi.dll cannot be used the normal api way. it seems to need a "PeekMessage" call (link) and the function has to be located by "GetProcAddress". another link.

but, unfortunately, i could not make it work either. maybe anyone else can crack this nice function to Autoit ?

j.

trancexx · May 18, 2009

well, there is an unsolved issue.

you are using "SHMessageBoxCheckW" , but that does not work like it should. i tried to fix it but i failed. it seems that
shlwapi.dll cannot be used the normal api way. it seems to need a "PeekMessage" call (link) and the function has to be located by "GetProcAddress". another link.

but, unfortunately, i could not make it work either. maybe anyone else can crack this nice function to Autoit ?

j.

The version of ResourcesViewerAndCompiler.au3 that I have on me (working-on version) is using this code:

Func _MessageBoxCheck($iFlag, $sTitle, $sText, $sIdentifier, $iDefault, $hWnd, $iTimeout = 0)

    Local $a_iCall = DllCall("shlwapi.dll", "int", 191, _; "SHMessageBoxCheckW" exported by ordinal prior Vista
            "hwnd", $hWnd, _
            "wstr", $sText, _
            "wstr", $sTitle, _
            "dword", $iFlag, _
            "int", $iDefault, _
            "wstr", $sIdentifier)

    If @error Or $a_iCall[0] = -1 Then
        Return SetError(1, 0, MsgBox($iFlag, $sTitle, $sText, $iTimeout, $hWnd))
    EndIf

    Return SetError(0, 0, $a_iCall[0])

EndFunc

See if that works with you.

New version is a killer, you'll see. Much faster.

jennico · May 18, 2009

yap, that's okay. you should upload it like this !

j.

question: does it mean that vista supports "SHMessageBoxCheckW", while xp needs ordinal address ?

this is not documented in msdn.

Edited May 18, 2009 by jennico

trancexx · May 18, 2009

yap, that's okay. you should upload it like this !
j.
question: does it mean that vista supports "SHMessageBoxCheckW", while xp needs ordinal address ?
this is not documented in msdn.

Yes, I did extensive testing on this. Vista introduced name SHMessageBoxCheckW, but ordinal value is the same (you can use both).

jennico · May 18, 2009

good to know. so i would recommend using the ordinal, as winxp apparently cannot resolve SHMessageBoxCheckW.

bleed · May 18, 2009

I got this error msg. popping up when I try to create an innitial dll.

Posted Image

I`m using winXP sp2 64 bit.

trancexx · May 18, 2009

I got this error msg. popping up when I try to create an innitial dll.
I`m using winXP sp2 64 bit.

To tell you the truth I'm glad to see that error is under control there.

The problem is created because this script is making 32-bit dlls and unless I'm doing something wrong with compiling part, 64-bit systems aren't able to process them. I don't have access to 64-bit system.

Are you having any other issues with this script?

... btw, I see that FileGetLongName() is failing with you. Can you verify that with help file example?

bleed · May 19, 2009

To tell you the truth I'm glad to see that error is under control there.
The problem is created because this script is making 32-bit dlls and unless I'm doing something wrong with compiling part, 64-bit systems aren't able to process them. I don't have access to 64-bit system.
Are you having any other issues with this script?
... btw, I see that FileGetLongName() is failing with you. Can you verify that with help file example?

Well, after that error pops out, I can get it to the GUI where I`m supposed to add files, but after I do so, I get an error saying that the target file hasn`t been chosen, or something like that.(I can double check it if you want me to)

FileGetLongName() is failing for me, and what do you want me to do to verify that?...sorry, I`m still a noob here

trancexx · May 21, 2009

Well, after that error pops out, I can get it to the GUI where I`m supposed to add files, but after I do so, I get an error saying that the target file hasn`t been chosen, or something like that.(I can double check it if you want me to)
FileGetLongName() is failing for me, and what do you want me to do to verify that?...sorry, I`m still a noob here

You don't need to double check. After all, I wrote that code, it would be really weird if I would't know what it says.

Thanks for the feedback, I will adapt to the limitation(s).

As for FileGetLongName() function, just open AutoIt's help file and find description of that function and run attached example.

I wasn't aware of possible limitations of that function.

trancexx · June 6, 2009

I introduced a memory leak with one of the versions (when reloading). Ahhh, well... will be fixed.

I hope I'll finish this new version soon. I's much powerful. It's climbing on top of AutoIt. My peak for sure.

...if you get bored while working with it just hit F5 for some mood.

monoceres · June 6, 2009

I introduced a memory leak with one of the versions (when reloading). Ahhh, well... will be fixed.
I hope I'll finish this new version soon. I's much powerful. It's climbing on top of AutoIt. My peak for sure.
...if you get bored while working with it just hit F5 for some mood.

Heh nice

It was also the first time I opened the source, and it made even more impressed with this. I mean 8k lines, that require some serious work!

Digisoul · June 10, 2009

Hi trancexx,

I am trying to figure out that how can i get the Section where the AddressOfEntryPoint exists.

I check in your ResHacker project it just shows the EntryPoint , not mark any section.

This image will tell you exactly what i mean,

In CFF Explorer:

In your project:

I hope you will understand what i want to know.

crashdemons · June 10, 2009

@Trancexx

I don't know if anyone asked for these or not:

0. Can the data in more resource entries be saved/exported as files?

- - (presumably with options: hex-table view, or the raw data)

I know you have options to save known resource types (eg: icons)

but you could offer the two above data-independent options above for unknown resource types.

(ResHacker, IIRC, only offered hex-table exporting for unknown resources)

1. Could you add processing for the TypeLib data?

Currently, I see your script offers the same information (Hex table view) ResHacker does:

[sS] Posted Image

The alternative is something like eXeScope does with the data:

[sS] Posted Image

I'm not exactly sure how eXeScope processes it, it could be doing it manually or just making a dll-call.

(I never got around to duplicating it in the PE-Scope so don't bother looking there for help , sorry.)

2. There's a bug, but I can't reproduce it at the moment- something where the resource [data/image/text] display area stops displaying altogether.

3. The F5 thing scared me because I was going to run another script (F5 of course) and I didn't notice that it was made to do that - could you, perhaps, limit it to starting only when the GUI is active?

- or, perhaps, using a non-blocking method of obtaining the F5 keypress?

- or, alternatively make the hotkey more obscure.

- \Users\Public\Music\Sample Music\One Step Beyond.wma won't exist for everyone [anyone?], you could try some files in %WINDIR%\media\ as an alternative.

Edited June 11, 2009 by crashdemons

corgano · June 11, 2009

@Trancexx

If I put an image in a dll useing your compiler, how would I make a script to show the image from the dll?

trancexx · June 11, 2009

...
2. There's a bug, but I can't reproduce it at the moment- something where the resource [data/image/text] display area stops displaying altogether.

Maybe for large resource that goes to edit control (as hex)? If it is then it's been taken care of with new version (in a stupid way but...).

I can process TypeLibs. You find that needed? ... will see.

I did F5 intentionally (to be noticed and still no one did ).

@Digisoul, let me check on that.

trancexx · June 11, 2009

@Trancexx

If I put an image in a dll useing your compiler, how would I make a script to show the image from the dll?

This is example posted on General Help And Support. All you need is to change "explorer.exe" to full path of your dll and name of resource from 146 to whatever yours is (RT_BITMAP):

#include <Constants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <WinAPI.au3>

; create gui and pic control
GUICreate("Test GUI", 400, 140, -1, -1, $WS_SIZEBOX)
$hPic = GUICtrlCreatePic("", 10, 30, 0, 0)

; load library
Local $hInstance = _WinAPI_LoadLibraryEx("explorer.exe", $LOAD_LIBRARY_AS_DATAFILE)

; load bitmap
Local $hBitmap_OR = _WinAPI_LoadImage($hInstance, 146, $IMAGE_BITMAP, 0, 0, 0) ; 146 is the name

; free library
_WinAPI_FreeLibrary($hInstance)

; copy hBitmap (to create DIBSECTION)
Local $hBitmap = _WinAPI_CopyBitmap($hBitmap_OR, 8204) ; $LR_COPYDELETEORG|$LR_COPYRETURNORG|$LR_CREATEDIBSECTION

; get desired informations
Local $tBitmap = DllStructCreate("int bmType;" & _
        "int bmWidth;" & _
        "int bmHeight;" & _
        "int bmWidthBytes;" & _
        "ushort bmPlanes;" & _
        "ushort bmBitsPixel;" & _
        "ptr bmBits")

_WinAPI_GetObject($hBitmap, DllStructGetSize($tBitmap), DllStructGetPtr($tBitmap))


; resize pic control
GUICtrlSetPos($hPic, 10, 30, DllStructGetData($tBitmap, "bmWidth"), DllStructGetData($tBitmap, "bmHeight"))

; draw bitmap
Local $STM_SETIMAGE = 370
Local $iMsg = GUICtrlSendMsg($hPic, $STM_SETIMAGE, 0, $hBitmap)

; clean if necessary
If $iMsg Then ; this won't be the case since it's done only once
    _WinAPI_DeleteObject($iMsg)
EndIf

; show GUI
GUISetState()

While 1
    If GUIGetMsg() = $GUI_EVENT_CLOSE Then Exit
WEnd






Func _WinAPI_CopyBitmap($hBitmap, $iFlags)

    Local $aCall = DllCall("User32.dll", "hwnd", "CopyImage", _
            "hwnd", $hBitmap, _
            "dword", 0, _
            "int", 0, _
            "int", 0, _
            "dword", $iFlags) ; LR_COPYDELETEORG 8

    If @error Or Not $aCall[0] Then
        Return SetError(1, 0, 0)
    EndIf

    Return SetError(0, 0, $aCall[0])

EndFunc   ;==>_WinAPI_CopyBitmap

That code covers everything but normally you wouldn't need _WinAPI_CopyBitmap() part because you know how big your image is.

corgano · June 11, 2009

I get an error

_winapi_getobject() : The specified procedure cannot be found

trancexx · June 11, 2009

I get an error
_winapi_getobject() : The specified procedure cannot be found

Did yo try to debug it?

As I understand, you have win7.

explorer.exe of that OS obviously (?) lacks resource named 146, RT_BITMAP type. There is a comment in that line of the script saying "146 is the name".

Since ResourcesViewerAndCompiler.au3 is written for these purposes just load your explorer.exe in it and see what is there.

Btw, I said that normally you wouldn't need _WinAPI_CopyBitmap() part. Well, _WinAPI_GetObject() is part of that part.

I didn't say that for other resources, such as icons, you use AutoIt's built-in functions.

trancexx · June 18, 2009

Hi trancexx,

I am trying to figure out that how can i get the Section where the AddressOfEntryPoint exists.
I check in your ResHacker project it just shows the EntryPoint , not mark any section.

This image will tell you exactly what i mean,

In CFF Explorer:

In your project:

I hope you will understand what i want to know.

Ok, here it is...

After you got AddressOfEntryPoint you do something like this:

#include <WinAPI.au3>

$sModule = "FullPathTo\WSCinstall.exe"

;Load it (DllOpen() or whatever):
DllOpen($sModule)

$iAddressOfEntryPoint = 0x000AF1E0; DllStructGetData($tIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint") from ResourcesViewerAndCompiler.au3

; Calculate offset:
$iAddress = _WinAPI_GetModuleHandle($sModule) + $iAddressOfEntryPoint

; Create structure to hold data of our interest:
Local $tStructure = DllStructCreate("byte[12]", $iAddress)

;Get data:
$bData = DllStructGetData($tStructure, 1)

;Write it to see what it is:
ConsoleWrite($bData & @CRLF)

What it writes if UPX is used? It should be something like this (X is some/any hex):

0x60BEXXXXXXXX8DBEXXXXXXXX...

It means:

60 - pushad

BEXXXXXXXX - mov esi, XXXXXXXX<-

8DXXXXXXXX - lea edi, dword[esi+XXXXXXXX<-

... - more code

This pattern appears to be considered as UPX signature.

Digisoul · June 18, 2009

Ok, here it is...

After you got AddressOfEntryPoint you do something like this:
#include <WinAPI.au3>

$sModule = "FullPathTo\WSCinstall.exe"

;Load it (DllOpen() or whatever):
DllOpen($sModule)

$iAddressOfEntryPoint = 0x000AF1E0; DllStructGetData($tIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint") from ResourcesViewerAndCompiler.au3

; Calculate offset:
$iAddress = _WinAPI_GetModuleHandle($sModule) + $iAddressOfEntryPoint

; Create structure to hold data of our interest:
Local $tStructure = DllStructCreate("byte[12]", $iAddress)

;Get data:
$bData = DllStructGetData($tStructure, 1)

;Write it to see what it is:
ConsoleWrite($bData & @CRLF)
What it writes if UPX is used? It should be something like this (X is some/any hex):
0x60BEXXXXXXXX8DBEXXXXXXXX...
It means:
60 - pushad
BEXXXXXXXX - mov esi, XXXXXXXX<-
8DXXXXXXXX - lea edi, dword[esi+XXXXXXXX<-
... - more code

This pattern appears to be considered as UPX signature.

thank you for your reply but my need is a bit different, i just want to know that which section contain IMAGE_SCN_CNT_CODE,

anyways i got the code from Code Project

VC:
if( pSectionHeader->VirtualAddress <= dwEntryPoint &&
    dwEntryPoint < pSectionHeader->VirtualAddress +
                     pSectionHeader->Misc.VirtualSize )
{ break; }

AutoIt :
Local $VA = DllStructGetData($tIMAGE_SECTION_HEADER, "VirtualAddress")
Local $VSZ = DllStructGetData($tIMAGE_SECTION_HEADER, "UnionOfData")
Local $AddressOfEntryPoint = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint")
If ($VA <= $AddressOfEntryPoint) And $AddressOfEntryPoint < ($VA+$VSZ) Then
   ConsoleWrite("Execution Starts at SEC# "&$i&" :"&$Section&@CRLF)
EndIf

ResHacker project

Recommended Posts

Link to comment

Share on other sites

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

trancexx

Skrip

trancexx

Posted Images

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members