i am trying to open and edit a file that contains some type of custom protection.
file game :gameguard.des
its from lineage2/interlude/system file.
this is not the original version though, it has been modified to block some packets sent to the server.
i've used VS2010 to open it and it shows me the memory and the contents in hex, like viewing computer memory.
here is the file attached. http://www20.zippyshare.com/v/88173717/file.html
so my question is, how can i open it viewing the code in a higher level and edit it? what tools i need to use to do that?
regards, George
This is a Win32 program. You can try to disassemble it, but it's itself a binary file and what the VS2010 is showing you is correct, because it's showing it most probably in HEX format to you.
You need to first figure out which compiler was used to compile this application, then maybe it helps you to refactor the executable.
The fact that you can not directly run this application might be just the extension, maybe if you change the extension to .exe, it runs under windows. I don't recommend it though.
Related
I recently released a software to our customer, it will be installed on one machine at one location and maybe later at two other locations. It is a prototype and has to be tested.
This is a compiled Matlab GUI which runs scanning, does some image analysis and produces report. All is fine here. But I've got a complaint that batch-file I use is a thing from past DOS times, should not be used and looks unprofessional... Currently, the user should set up one path in batch file before the first use and then always run batch file. This bat-file kills some processes to avoid conflicts, including any running instances of the GUI, sets the path for results and runs the GUI. I proposed them to create a shortcut to this bat-file with a nice logo (such that they don't see the .bat extension ;)), but they are still unhappy.
What to do is probably not the main question here - client is always right and I should remove .bat somehow to make them happy. But is it really so unprofessional to release technical, not mass software using bat-files? Or is it just one person's opinion?
Personally I think if you already have a GUI, then use that to do the pre-processing. There is nothing wrong with using batch files, but using one when you have a GUI doesn't seem like the best way to do it.
Alternatively create a GUI with the same look as the main program to ask the user for the details it needs. For me it's not about professionalism, but how easy it is for the user to do what they need to do.
I see nothing wrong with using a batch file for small projects (especially during the testing phase if that is easier for you and delivers something to the client quicker). However, depending on the size of the project, it is nice to have an EXE to deliver to the client with a proper icon and what not.
I would agree with the customer that an EXE looks more professional. Whether it is or not... I'm not sure. The .bat files just seem a little slapped together whether that is true or not.
I would say this is similar to when people call PHP programs scripts because a lot of the times they are simple scirpts. But, then there are frameworks out there like Cake and Kohanna that are more than what someone would typically classify as a script but, since it's PHP there is still that connotation.
A batch file is not unprofessional. The batch "language" has disadvantages and outright problems (error handling!!) but it gets the job done and that's the point.
The problem is that it shows the internals of the program and some people are scared by this. They don't want to see anything like this and so try to find a disapproving label. The quickest solution is to hide the batch file behind a "vanity cover", or in this case an exe that hides the working from terrified eyes.
One simple possibility is to use an self-extracting zip file eg: http://www.7zsfx.info/en/
Ok my question is a little odd. But here we go.
I am trying to develop an executable file "wrapper" and a console program. The task of the console program is to copy Icons and Version Informations from another exe file to the wrapper file so that both the wrapper file and the exe file looks exactly same. Apart from that the exe file is appended to the wrapper file at the end. So that when the wrapper is executed it can extract and execute the appended exe file.
My question is how do I create the wrapper file so as to accomodate the Icons and Version info from other exe file ? I mean How should my resource file be ?
And next is How to copy Icons and version info. I hv searched and found a few codes and MSDN instructions but everyone of them uses FindResource, LoadResource, etc. But by following this method, I am losing the original contents of the wrapper file. The size of my file reduces from originally 67kb to 14kb and when I open up in notepad, I see lots of contents are gone ...
can anything be done by using SHGetFileInfo() ? This can be used to get HICON from the exe file. but how do I use this HICON to replace the icon resource in the wrapper file ??
The basic approach in your previous question is correct. You definitely don't want to be mucking around with SHGetFileInfo and HICONs. The type of resource shouldn't matter.
Your wrapper should start with no resources. This ensures, for example, that any icon you add will be both first and lowest numbered and thus guaranteed to be used as the app icon.
To understand what's happening with your code, use a tool that can view the resources in the resulting exe. Visual C++ Express can't do this, but the paid versions can. Alternatively, Google turns up a bunch of free utilities to do this. Here's one, I don't know if it's any good. The page also contains links to some other tools.
I've got a Windows minidump (C code) and a corresponding exe file. Unfortunately, I don't have the exact matching .pdb files, but I do have .pdbs that contain the exact same code just built at a different time. In Windbg, I can use:
.symopt+0x40
To tell it to load anything, even mismatched symbol files. This works great in this particular instance, and I'm able to get a proper call stack. I'm just curious as to whether or not Visual Studio has any such feature. We use pretty much every different version of VS here, so it doesn't matter which version it might be in. Thanks.
Try this utility:
ChkMatch utility can be used to check whether an executable and debug information file match. It can also be used to enforce matching between an executable and debug information file, if they are compatible.
For more information about debug information matching and related issues, see this article.
Supported debug information formats: DBG, PDB 2.0, PDB 7.0...
There is no override, but the poster to this question found a way to modify the PDB files to make them match the EXE.
Thanks to one of the comments on the
first answer, I checked out a link to
the pdfs of the book "Undocumented
Windows 2000 Secrets: A Programmers
Cookbook". And the author goes into
great detail about the pdb file
format. As I said before, I had
already loaded the pdb into a hex
editor and flipped some bits around
appearing that I made the
age/signature match, but it didn't
work. Well, after using the utility
from the W2k secrets book to "explode"
the pdb into the included streams, I
found out that they hide another
reference to the age in stream
3!!!!!!! Once I flipped that one as
well, it matched up in windbg.
Not sure if you want to go to this much trouble, but it looks like it can be done. If this is for production support then it could be worth your while.
Visual Studio and Windbg match pdbs by comparing the timestamps in the Executable header with timestamps store in the pdb file. You can view the timestamp by running dumpin /headers .
I haven't used chkmatch but modifying either the exe or pdb to match each other should work fine.
Be aware that this technique may not be enough to debug your binary. John Robbins in his book 'Debugging Windows' (which I can recommend) mentions that he's seen different build results from the identical source tree built at almost identical times.
Always build pdb symbols with your builds (including release builds) and archive them alongside the build products and include the .map file for good measure.
According to this post its possible to use sos windbg commands as well in visual studio. But i am not sure if ".symopt" also falls into this category.
I'm told that in VS2019 (16.7 .. 16.8 ballpark) that they switched to a multi-threaded PDB file generator to speed that up.
A side effect is that sections of the file, being generated on different threads, may end up in a different order in the file.
Bottom line, it is even more important than before that you use the PDB that was built with the EXE and no other.
In C following this article (http://blogs.msdn.com/oldnewthing/archive/2006/12/21/1340571.aspx), we have succesfully been able to grab the file version information out of windows files however there are some files that seem to have a different mechanism for storing the version information that is not addressed in the article and was wondering if anyone had any ideas here.
One example of a file would be system32/oledlg.dll. Going through the file byte by byte we come to a chunk where the version information SHOULD be stored:
F^#i^#l^#e^#V^#e^#r^#s^#i^#o^#n^#^#^#^#^1.0 (x^#p^#s^#p^#.^#0^#8^#0^#4^#1^#3
^#-^#2^#1^#0^#8^#)^#^#^#^#^#.^#^G^#^A^#I^#n^#t^#e^#r^#n^#a^#l^#N^#a^#m^#e
That we can see is 1.0. However, when you look at the file information in windows the version is actually 5.1.2600.5512. The method in the article works for most files but there are a few instances I have come across where I am running into the above problem. Anyone have any experience with this? I only have access to standard C.
Based on the follow up article posted in the comment, does that mean there is no way to grab the actual file version from a file with a corrupted file info block?
I should also add that I am grabbing the files from a windows box, and then examining them on linux with a C program to grab the file info.
IT turns out the wrong peice of info for that file was being used to get the version, didn't actually need the File Version block but the "VS_VERSION_INFO" block.
I've an application, that uses encrypted (txt) files to store data. After investigating the decompiled assembly I concluded that it's a file of some DBMS. So how can find out which DBMS is this application using to store it's data, so that I can attach that file to the correct DBMS.
This is little application and there is no license problem. I can just ask the owner to gimme the data, but just curious to solve this myself.
MORE INFO:
Platform is Windows, and after trying couple of decompilers I concluded that it WAS written in Visual C++. However I couldn't fully decompile this exe, otherwise I just could find out it from the source code.
A couple ideas.
If opening the file in a HEX editor doesn't give you any information (like a magic identifier at the start of the file, which you can pop into google, then:
Use the depends tool from microsoft to grab a list of the DLLs being loaded by the application. Chances are whatever DBMS it's using is contained in an external library.
If the first two suggestions yield nothing, load the executable into IDA pro freeware and have a look at the code which is creating these files.