Index
> Windows > How icons are set ? |
| Author |
|
|
asmhack 31 Aug 2011, 00:01
Indeed, icons are stored inside of a resource, then windows explorer loads them for better GUI experience.
|
|||
31 Aug 2011, 00:01 |
|
|
Overflowz 31 Aug 2011, 00:03
Ohh, Explorer. Can you point me which API calls it uses to set icons to them ? Thanks.
|
|||
|
31 Aug 2011, 00:03 |
|
|
asmhack 31 Aug 2011, 00:09
Overflowz wrote: Ohh, Explorer. Yeah, Surprise! I assume: LoadLibrary FindResource LoadResource LockResource CreateIconFromResourceEx DrawIcon Dunno, ask bill, that's too insane stuff for me anyway |
|||
|
31 Aug 2011, 00:09 |
|
|
Overflowz 31 Aug 2011, 00:15
billy = silly
for making things like these =D Thanks anyway, I'm going to debug now. |
|||
|
31 Aug 2011, 00:15 |
|
|
Overflowz 31 Aug 2011, 00:21
None of them appers to be valid.. It uses some other technique :\
-- nobody knows ?? |
|||
|
31 Aug 2011, 00:21 |
|
|
bitshifter 03 Sep 2011, 02:55
There are really TWO icon mechanisms.
1) used by resource compiler. 2) loaded for window class. The icon on a desktop or folder view is #1 The icon on a window or taskbar is #2 Although both can use same resource. So what you wanna do? Play with resource section in PE file? |
|||
|
03 Sep 2011, 02:55 |
|
|
typedef 03 Sep 2011, 03:15
asmhack wrote:
I think explorer does it this way. Check the registry for associated file type icon(if not exe). If not found, it loads the unknown file type icon. Or if an exe Code: ;http://msdn.microsoft.com/en-us/library/bb759792%28v=vs.85%29.aspx DWORD_PTR SHGetFileInfo( __in LPCTSTR pszPath, DWORD dwFileAttributes, __inout SHFILEINFO *psfi, UINT cbFileInfo, UINT uFlags ); Then Shell32.dll LoadLibrary FindResource LoadResource LockResource puts the icon in Global memory and passes the handle to explorer, then explorer adds it to its List View image list and then draws it in the List View. |
|||
|
03 Sep 2011, 03:15 |
|
|
Overflowz 03 Sep 2011, 13:06
bitshifter
I'm trying to debug explorer.exe, just want to know how it does that job. typedef none of these APIs are working for that. I did breakpoints on that calls but after refreshing desktop, breakpoints are not passed, just execution goes normally.. on which API I should set breakpoint ? Thanks. |
|||
|
03 Sep 2011, 13:06 |
|
|
typedef 03 Sep 2011, 14:43
@Overflowz
if you hook the current explorer, you'll freeze, make sure you do 'open file' in OllyDbg to create a new instance. |
|||
|
03 Sep 2011, 14:43 |
|
|
revolution 03 Sep 2011, 15:50
"CTRL-SHIFT-ESC / file:new" is always available for restarting explorer. I periodically restart explorer to free up the memory leaks.
|
|||
|
03 Sep 2011, 15:50 |
|
|
typedef 03 Sep 2011, 16:59
^^^Last time I did that I didn't know I got hit by a virus and my Task Manager was disabled. lol
 |
|||
|
03 Sep 2011, 16:59 |
|
< Last Thread | Next Thread > |
Forum Rules:
|