Index
> Windows > Write Resource to FileGoto page 1, 2 Next |
| Author |
|
|
typedef
Yes, all is possible.
API's that you'll need: FindResource | http://msdn.microsoft.com/en-us/library/ms648042%28v=VS.85%29.aspx LockResource | http://msdn.microsoft.com/en-us/library/ms648047%28v=vs.85%29.aspx (OR) LoadResource | http://msdn.microsoft.com/en-us/library/ms648046%28v=vs.85%29.aspx CreateFile/Ex | http://msdn.microsoft.com/en-us/library/aa363858%28v=vs.85%29.aspx WriteFile | http://msdn.microsoft.com/en-us/library/aa365747%28v=VS.85%29.aspx CloseHandle | http://msdn.microsoft.com/en-us/library/ms724211%28v=VS.85%29.aspx |
|||
29 Jul 2011, 00:54 |
|
|
GoodbyeWorld
Thanks! I'll post back if I have any further questions!
|
|||
|
29 Jul 2011, 01:08 |
|
|
Overflowz
GoodbyeWorld
and SizeOfResource too  http://msdn.microsoft.com/en-us/library/ms648048%28v=vs.85%29.aspx |
|||
|
29 Jul 2011, 11:15 |
|
|
AsmGuru62
I doubt that you can write to your own EXE file.
|
|||
|
29 Jul 2011, 12:57 |
|
|
GoodbyeWorld
Overflowz:
Yeah I figured that out from MSDN. Thanks though! Everyone and Anyone: I have a question. In another portion of my code I'm using resources to draw an image (or I will be as soon as I can get my image to load  ), I'm using OllyDebug and finding that GetLastError is returning ERROR_INVALID_HANDLE at my breakpoint in the following code:
Code: section '.data' data readable writeable HMOD dd ? SysW dd ? SysH dd ? IMAGE db 'IMAGE',0 BITMAP dd ? ... section '.code' code readable executable push 0 call [GetModuleHandle] mov [HMOD],eax push 0 call [GetSystemMetrics] mov [SysW],eax push 1 call [GetSystemMetrics];user32.dll mov [SysH],eax push 0x00000000 push [SysH] push [SysW] push 0 push IMAGE push [HMOD] call [LoadImage];user32.dll mov [Bitmap],eax int 3 ;Breakpoint ... I'm not sure exactly what I'm doing wrong here. |
|||
|
29 Jul 2011, 13:08 |
|
|
GoodbyeWorld
Oh and I dont want to write to my own EXE. I want to write that resource to a wav file, but that's later on in my code.
|
|||
|
29 Jul 2011, 13:09 |
|
|
revolution
GoodbyeWorld wrote: I'm not sure exactly what I'm doing wrong here. |
|||
|
29 Jul 2011, 13:13 |
|
|
Overflowz
GoodbyeWorld
Maybe this ? BITMAP dd ? mov [Bitmap],eax BITMAP != Bitmap EDIT: as I guess, BITMAP is structure.. |
|||
|
29 Jul 2011, 13:40 |
|
|
GoodbyeWorld
Oh. Yeah. Sorry. I changed it and I'm still getting the error at runtime.
And here's an example: Code: format PE GUI 4.0 INCLUDE 'C:\ASM\FASM\INCLUDE\WIN32A.INC' ENTRY START SECTION '.data' DATA READABLE WRITEABLE IMAGE db 'IMAGE',0 WAVE db 'WAVE',0 HMOD dd ? SysW dd ? SysH dd ? RHand dd ? Bitmap dd ? PointRes dd ? SizeRes dd ? FHAND dd ? FNAME db 'C:\WAVE.wav',0 SECTION '.code' CODE READABLE EXECUTABLE START: push 0 call [GetHandle] mov [HMOD],eax push 0 call [GetSysMet] mov [SysW],eax push 1 call [GetSysMet] mov [SysH],eax push 0x00000000 push [SysH] push [SysW] push 0 push IMAGE push [HMOD] call [LoadImg] mov [Bitmap],eax int 3 push [HMOD] push WAVE push RT_RCDATA call [FindRes] mov [RHand],eax push [HMOD] push [RHand] call [LoadRes] push eax call [LockRes] mov [PointRes],eax push [HMOD] push [RHand] call [SzRes] mov [SizeRes],eax push 0 push 1 xor 2 push 2 push 0 push 0 push GENERIC_ALL push FNAME call [CreateFile] mov [FHAND],eax push 0 push 0 push [SizeRes] push [PointRes] push [FHAND] call [WriteFile] push [FHAND] call [CloseHandle] Cleanup: push [Bitmap] call [DeleteObj] push 0 call[ExitProcess] SECTION '.idata' IMPORT DATA READABLE EXECUTABLE library gdi32,'GDI32.DLL',\ gdiplus,'GDIPLUS.DLL',\ kernel32,'KERNEL32.DLL',\ shell32,'SHELL32.DLL',\ user32,'USER32.DLL',\ winmm,'WINMM.DLL' import shell32,\ Execute,'ShellExecuteA' import kernel32,\ FormatMessage,'FormatMessageA',\ GetLastError,'GetLastError',\ ExitProcess,'ExitProcess',\ GetRsc,'FindResourceA',\ GetHandle,'GetModuleHandleA',\ FindRes,'FindResourceA',\ LoadRes,'LoadResource',\ LockRes,'LockResource',\ SzRes,'SizeofResource',\ WriteFile,'WriteFile',\ CreateFile,'CreateFileA',\ CloseHandle,'CloseHandle' import gdi32,\ GetDC,'GetDC',\ DeleteObj,'DeleteObject' import user32,\ LoadImg,'LoadImageA',\ GetSysMet,'GetSystemMetrics',\ MessageBox,'MessageBoxA' import winmm,\ mciSS,'mciSendStringA' SECTION '.rsrc' DATA READABLE RESOURCE FROM 'MyRes.res' If you need to see the MyRes.res File, let me know. |
|||
|
29 Jul 2011, 13:58 |
|
|
Overflowz
Found some mistakes. When you're calling "FindResource" API, you are using bad argument at ResourceType. Here:
Code: 0040204F |. FF35 0B104000 PUSH DWORD PTR DS:[40100B] ; /ResourceType = "MZ\x80" 00402055 |. 68 06104000 PUSH format.00401006 ; |ResourceName = "WAVE" 0040205A |. 6A 0A PUSH 0A ; |hModule = 0000000A 0040205C |. FF15 A4304000 CALL DWORD PTR DS:[<&KERNEL32.FindResourceA>] ; \FindResourceA instead of buffer, you should use which type of resource it is. For example, place it in RC_RCDATA type and then use: Code: push hMod push <"WAVE"> push RT_RCDATA call [FindResource] You called it reversely  here:
Code: push [HMOD] push WAVE push RT_RCDATA call [FindRes] use invoke instead of PUSH&CALL-s. Code: push RT_RCDATA push WAVE push [HMOD] call [FindRes] Code: invoke FindResource,[HMOD],WAVE,RC_RCDATA Last edited by Overflowz on 29 Jul 2011, 15:30; edited 5 times in total |
|||
|
29 Jul 2011, 14:08 |
|
|
GoodbyeWorld
Wait, you'll need that to compile it, so I'll just go ahead and post it.
I would post the file, but the filename *.res is not allowed.
_________________ Sit vis vobiscum! |
||||||||||
|
29 Jul 2011, 14:10 |
|
|||||||||
|
GoodbyeWorld
If you absolutely have to download the file, http://frazierb.com/MyRes.res
|
|||
|
29 Jul 2011, 14:15 |
|
|
GoodbyeWorld
Thanks, Overflowz!
|
|||
|
29 Jul 2011, 14:26 |
|
|
Overflowz
P.S, are you using debugger to see results ? It would help you a lot.
|
|||
|
29 Jul 2011, 14:28 |
|
|
GoodbyeWorld
Yes, I am using OllyDbg. It's still showing me this when I debug it and get to the breakpoint.
|
||||||||||
|
29 Jul 2011, 14:32 |
|
|||||||||
|
Overflowz
GoodbyeWorld
Instead LoadImage, use LoadBitmap 
Code: push IMAGE push [HMOD] call [LoadBitmap] Works fine for me Last edited by Overflowz on 29 Jul 2011, 14:49; edited 2 times in total |
|||
|
29 Jul 2011, 14:47 |
|
|
GoodbyeWorld
It says it's been superseded by LoadImage, but I'll try it.
|
|||
|
29 Jul 2011, 14:48 |
|
|
GoodbyeWorld
It worked! Thanks!
|
|||
|
29 Jul 2011, 14:51 |
|
|
Overflowz
Here you go, your full working code.
Code: format PE GUI 4.0 include 'WIN32AX.INC' ENTRY START SECTION '.data' DATA READABLE WRITEABLE IMAGE db 'IMAGE',0 WAVE db 'WAVE',0 HMOD dd ? SysW dd ? SysH dd ? RHand dd ? Bitmap dd ? PointRes dd ? SizeRes dd ? FHAND dd ? wbytes dd ? FNAME db 'C:\WAVE.wav',0 SECTION '.code' CODE READABLE EXECUTABLE START: push 0 call [GetHandle] mov [HMOD],eax push 0 call [GetSysMet] mov [SysW],eax push 1 call [GetSysMet] mov [SysH],eax invoke LoadBitmap,[HMOD],IMAGE mov [Bitmap],eax push RT_RCDATA push WAVE push [HMOD] call [FindRes] mov [RHand],eax push [RHand] push [HMOD] call [LoadRes] push eax call [LockRes] mov [PointRes],eax push [RHand] push [HMOD] call [SzRes] mov [SizeRes],eax push 0 push 1 xor 2 push 2 push 0 push 0 push GENERIC_ALL push FNAME call [CreateFile] mov [FHAND],eax push 0 push wbytes push [SizeRes] push [PointRes] push [FHAND] call [WriteFile] push [FHAND] call [CloseHandle] Cleanup: push [Bitmap] call [DeleteObj] push 0 call[ExitProcess] SECTION '.idata' IMPORT DATA READABLE EXECUTABLE library gdi32,'GDI32.DLL',\ gdiplus,'GDIPLUS.DLL',\ kernel32,'KERNEL32.DLL',\ shell32,'SHELL32.DLL',\ user32,'USER32.DLL',\ winmm,'WINMM.DLL' import shell32,\ Execute,'ShellExecuteA' import kernel32,\ FormatMessage,'FormatMessageA',\ GetLastError,'GetLastError',\ ExitProcess,'ExitProcess',\ GetRsc,'FindResourceA',\ GetHandle,'GetModuleHandleA',\ FindRes,'FindResourceA',\ LoadRes,'LoadResource',\ LockRes,'LockResource',\ SzRes,'SizeofResource',\ WriteFile,'WriteFile',\ CreateFile,'CreateFileA',\ CloseHandle,'CloseHandle' import gdi32,\ GetDC,'GetDC',\ DeleteObj,'DeleteObject' import user32,\ LoadImg,'LoadImageA',\ GetSysMet,'GetSystemMetrics',\ MessageBox,'MessageBoxA',\ LoadBitmap,'LoadBitmapA' import winmm,\ mciSS,'mciSendStringA' section '.rsrc' data readable resource from 'MyRes.res' added wbytes for WriteFile and some API calls was called incorrectly. Fixed everything. Next time, try to fix them yourself
P.S I guess you're trying to make some "PRANK VIRUS" )) |
|||
|
29 Jul 2011, 14:59 |
|
| Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|