ZenHAX
http://zenhax.com/

Possible next features of QuickBMS
http://zenhax.com/viewtopic.php?f=13&t=19
Page 16 of 17

Author:  Dima Bilan [ Sat Jun 09, 2018 5:28 pm ]
Post subject:  Re: Possible next features of QuickBMS

aluigi wrote:
In that case how can you know what files have been skipped?
Maybe it has more sense to allow the existent -0 option (it's used in extraction) to be used with the reimport feature for "testing" the injected files, and it would tell you "file1.txt" is ok, "file2.txt" can't be reimported and so on.
That would be easy to implement.


I do not need to know which files were skipped yet. Just make that it skips all the files that are larger than the original at a time so as not to press a button y each time. But thanks for the advice. In my case, I want it to cut files that are larger than the original. But if you will think of adding and this function, it would be cool.

Author:  aluigi [ Sat Jun 09, 2018 9:46 pm ]
Post subject:  Re: Possible next features of QuickBMS

Truncating a file is for sure something I will never implement because reimporting 8 bytes is not the same as reimporting the 10 bytes I need. There is reimport2.bat for trying reimporting bigger files.

The automatic skip is difficult to insert because there are already 4 choices for the user... a lot, adding a 5th one would be confusing.

-0 in riemport mode is ok

Author:  Dima Bilan [ Sun Jun 10, 2018 7:05 am ]
Post subject:  Re: Possible next features of QuickBMS

aluigi wrote:
Truncating a file is for sure something I will never implement because reimporting 8 bytes is not the same as reimporting the 10 bytes I need. There is reimport2.bat for trying reimporting bigger files.

The automatic skip is difficult to insert because there are already 4 choices for the user... a lot, adding a 5th one would be confusing.

-0 in riemport mode is ok


With this -0 nothing happens. Everything also lists that list.

- do you want to skip this file? (y/N/force)
y will continue with the next file and skip the current file
N (default) will terminate QuickBMS, maybe you can try with the -r -r mode
force will force the reimporting of the file (NEVER use this!!!)

And where should I punch the button y every time until I hang myself.
The automatic skip would be nice. And the fact that someone to confuse and press the wrong option is already his problem.

Author:  aluigi [ Sun Jun 10, 2018 8:03 am ]
Post subject:  Re: Possible next features of QuickBMS

Dima Bilan wrote:
With this -0 nothing happens.

in next quickbms

Author:  Dima Bilan [ Sun Jun 10, 2018 8:33 am ]
Post subject:  Re: Possible next features of QuickBMS

aluigi wrote:
in next quickbms


And when will the next quickbms?

Author:  aluigi [ Fri Jun 15, 2018 7:13 am ]
Post subject:  Re: Possible next features of QuickBMS

QuickBMS will be released this week-end, hopefully tomorrow.

Author:  Nicknine [ Sat Jun 16, 2018 1:14 am ]
Post subject:  Re: Possible next features of QuickBMS

There's no way to know if NameCrc command's lookup has failed and thus, no way to have a fallback naming method. Comparing output variable to "" after running the command returns false. Not sure if it's a bug or not so I eventually decided it to post it here.

Author:  aluigi [ Sat Jun 16, 2018 7:26 am ]
Post subject:  Re: Possible next features of QuickBMS

Here it works correctly in the sleeping dog script, example:
Code:
    namecrc NAME hash MEMORY_FILE10 32 "" "32 -1 0 1 1 1"
    if NAME == ""
        string NAME p "%08x." hash

Author:  Nicknine [ Sat Jun 16, 2018 6:13 pm ]
Post subject:  Re: Possible next features of QuickBMS

aluigi wrote:
Here it works correctly in the sleeping dog script, example:
Code:
    namecrc NAME hash MEMORY_FILE10 32 "" "32 -1 0 1 1 1"
    if NAME == ""
        string NAME p "%08x." hash

Strange, I'm pretty sure I tried this before and it didn't work. Oh, well, thanks.

Author:  aluigi [ Sun Jun 17, 2018 6:51 am ]
Post subject:  Re: Possible next features of QuickBMS

I'm going to release quickbms 0.9.0 and the following are 2 examples of C code for using the 3 available IPC interfaces of "quickbms.exe -W 1234" (1234 is the port of the web API which is not covered by the example) and the quickbms_compression function of quickbms.dll:

Code:
// ipctest.c
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>



// example
char            compressed_algo[]   = "zlib";
unsigned char   compressed_data[]   =
                    "\x78\x01\x53\xa6\x0e\xe0\xe5\x02\xc1\xc0\xd2\xcc\xe4\x6c\x27\xdf"
                    "\x60\x5e\xae\xa4\x4a\x05\x9f\xd2\xcc\xf4\x4c\x05\xc7\xd2\xa2\xcc"
                    "\xd4\xdc\xdc\x44\x5e\xae\x54\xdd\xdc\xc4\xcc\x1c\x2b\x85\xdc\x54"
                    "\x87\xc4\x1c\x90\x9c\x5e\x7e\x51\x3a\x2f\x57\x79\x6a\x92\x95\x02"
                    "\x10\x20\x8b\x65\xe4\xe7\xa6\x82\x04\x33\x4a\x4a\x0a\xac\xf4\xf5"
                    "\x0b\x41\xc6\x26\xe5\x16\xeb\x25\xe7\xe7\x02\x25\x53\x73\x0a\x90"
                    "\x24\xab\x52\xf3\x32\x12\x2b\x20\x52\x20\x48\x35\x0f\x01\x00\xe7"
                    "\x38\x3d\x1c";
int             compressed_size     = sizeof(compressed_data) - 1;
unsigned char   *decompressed_data  = NULL;
int             decompressed_size   = 282;



int main(int argc, char *argv[]) {
    HANDLE  h   = INVALID_HANDLE_VALUE,
            h2  = INVALID_HANDLE_VALUE;
    DWORD   dw;
    int     ipc_mode,
            size;
    char    *name,
            tmp[32];

    if(argc < 2) {
        printf("\nUsage: %s <mode(0,1,2)>\n", argv[0]);
        exit(1);
    }

    ipc_mode = atoi(argv[1]);
    switch(ipc_mode) {
        case 0: name = "\\\\.\\pipe\\quickbms_byte";        break;
        case 1: name = "\\\\.\\pipe\\quickbms";             break;
        case 2: name = "\\\\.\\mailslot\\quickbms\\send";   break;
        default: exit(1); break;
    }

    printf("name %d %s\n", ipc_mode, name);
    h = CreateFile(name, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
    printf("handle %p\n", h);
    if(h == INVALID_HANDLE_VALUE) exit(1);

    switch(ipc_mode) {
        case 0:
            dw = PIPE_READMODE_MESSAGE;
            SetNamedPipeHandleState(h, &dw, NULL, NULL);
            break;
        case 1:
            dw = PIPE_READMODE_BYTE;
            SetNamedPipeHandleState(h, &dw, NULL, NULL);
            break;
        case 2:
            SetMailslotInfo(h, MAILSLOT_WAIT_FOREVER);
            h2 = CreateMailslot("\\\\.\\mailslot\\quickbms\\recv", 0, MAILSLOT_WAIT_FOREVER, NULL);
            if(h2 == INVALID_HANDLE_VALUE) exit(1);
            break;
    }

    SetLastError(0);    // useful but not necessary

    sprintf(tmp, "comtype %s\n", compressed_algo);
    WriteFile(h, tmp, strlen(tmp), &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());

    sprintf(tmp, "%d\n", compressed_size);
    WriteFile(h, tmp, strlen(tmp), &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());

    WriteFile(h, compressed_data, compressed_size, &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());

    sprintf(tmp, "%d\n", decompressed_size);
    WriteFile(h, tmp, strlen(tmp), &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());

    if(ipc_mode == 2) {
        CloseHandle(h);
        h = h2;
    }

    ReadFile(h, tmp, sizeof(tmp), &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());
    size = atoi(tmp);

    decompressed_data = calloc(1, size);

    ReadFile(h, decompressed_data, size, &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());

    CloseHandle(h);

    fwrite(decompressed_data, 1, size, stdout);

    return 0;
}

Code:
// dlltest.c
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>



// example
char            compressed_algo[]   = "zlib";
unsigned char   compressed_data[]   =
                    "\x78\x01\x53\xa6\x0e\xe0\xe5\x02\xc1\xc0\xd2\xcc\xe4\x6c\x27\xdf"
                    "\x60\x5e\xae\xa4\x4a\x05\x9f\xd2\xcc\xf4\x4c\x05\xc7\xd2\xa2\xcc"
                    "\xd4\xdc\xdc\x44\x5e\xae\x54\xdd\xdc\xc4\xcc\x1c\x2b\x85\xdc\x54"
                    "\x87\xc4\x1c\x90\x9c\x5e\x7e\x51\x3a\x2f\x57\x79\x6a\x92\x95\x02"
                    "\x10\x20\x8b\x65\xe4\xe7\xa6\x82\x04\x33\x4a\x4a\x0a\xac\xf4\xf5"
                    "\x0b\x41\xc6\x26\xe5\x16\xeb\x25\xe7\xe7\x02\x25\x53\x73\x0a\x90"
                    "\x24\xab\x52\xf3\x32\x12\x2b\x20\x52\x20\x48\x35\x0f\x01\x00\xe7"
                    "\x38\x3d\x1c";
int             compressed_size     = sizeof(compressed_data) - 1;
unsigned char   *decompressed_data  = NULL;
int             decompressed_size   = 282;



int __stdcall (*quickbms_compression)(char *algo, void *in, int zsize, void *out, int size) = NULL;



int main(int argc, char *argv[]) {
    printf("LoadLibrary %s\n", "quickbms.dll");
    HMODULE hlib = LoadLibrary("quickbms.dll");
    printf("hlib %p\n", hlib);
    if(!hlib) exit(1);

    quickbms_compression = (void *)GetProcAddress(hlib, "quickbms_compression");
    printf("quickbms_compression %p\n", quickbms_compression);

    decompressed_data = calloc(1, decompressed_size);

    printf("input size  %d\n", compressed_size);
    printf("output size %d\n", decompressed_size);
    int size = quickbms_compression(compressed_algo, compressed_data, compressed_size, decompressed_data, decompressed_size);
    printf("output_size %d\n", size);

    if(size >= 0) {
        fwrite(decompressed_data, 1, size, stdout);
    }
    return 0;
}

The compressed data used in the example (same for both) is the header of quickbms.txt

*edit* fixed calling convention, needs to be stdcall.

Author:  aluigi [ Sun Jun 17, 2018 10:34 am ]
Post subject:  Re: Possible next features of QuickBMS

QuickBMS 0.9.0 is finally out:
http://quickbms.com

Author:  michalss [ Mon Jun 18, 2018 5:01 pm ]
Post subject:  Re: Possible next features of QuickBMS

aluigi wrote:
QuickBMS 0.9.0 is finally out:
http://quickbms.com



Perfect. thx a lot any chance of C# example of usage of dll pls?

Author:  aluigi [ Mon Jun 18, 2018 5:23 pm ]
Post subject:  Re: Possible next features of QuickBMS

Come on there are tons of examples on the Internet about how calling an unmanaged C function of a DLL in C# :D

Author:  michalss [ Mon Jun 18, 2018 8:37 pm ]
Post subject:  Re: Possible next features of QuickBMS

aluigi wrote:
Come on there are tons of examples on the Internet about how calling an unmanaged C function of a DLL in C# :D


Well yeah u right, i just being lazy, but still it would be perfect to add it to quickbms.txt :D

Hmm but still not sure how build the compress and decompress functions after DLLimport call :(

Author:  aluigi [ Mon Jun 18, 2018 8:41 pm ]
Post subject:  Re: Possible next features of QuickBMS

Homework for you: write a simple test in C# for calling quickbms_compression and post the code here in this topic :)

Author:  michalss [ Mon Jun 18, 2018 8:44 pm ]
Post subject:  Re: Possible next features of QuickBMS

aluigi wrote:
Homework for you: write a simple test in C# for calling quickbms_compression and post the code here in this topic :)



Nice ill do my best ill try tommorow.. :) Anyway i think this DLL is best approach i have to say. If all algos working then mate KUDOS... :)

LM : Next job would be to export all functions... :D

Author:  aluigi [ Mon Jun 18, 2018 8:58 pm ]
Post subject:  Re: Possible next features of QuickBMS

michalss wrote:
LM : Next job would be to export all functions... :D

Both quickbms.dll and quickbms.exe 0.9.0 export over 11800 functions

Author:  michalss [ Mon Jun 18, 2018 9:38 pm ]
Post subject:  Re: Possible next features of QuickBMS

aluigi wrote:
michalss wrote:
LM : Next job would be to export all functions... :D

Both quickbms.dll and quickbms.exe 0.9.0 export over 11800 functions


That is just perfect. U exported all functions releated to bms itself and dont need to use qbms.exe anymore? Not sure how u doing it but u are very good dev and revers engineer...

Author:  aluigi [ Mon Jun 18, 2018 9:55 pm ]
Post subject:  Re: Possible next features of QuickBMS

No, you can use only some few functions for specific jobs, for example some encryption functions or directly some compression algorithms or some utility functions.
Remember that the calling convention is ever cdecl and stdcall is used only for quickbms_compression and quickbms_encryption.

Author:  aluigi [ Tue Jun 19, 2018 7:12 am ]
Post subject:  Re: Possible next features of QuickBMS

Ah, I forgot a point about quickbms.dll.
The GPL v2 license on which quickbms is based says that a program using such dll should be licensed under GPL too (open source):
https://opensource.org/licenses/gpl-2.0.php
https://www.gnu.org/licenses/gpl-faq.ht ... timeAndGPL

Now let's try to be not so "strict" about it, if you have a small tool that requires a decompression function and you have no idea how to implement it (maybe because there are no binding for your language and you don't know C)... well who cares, use it and have fun.

If you are making a software which is 100% based on quickbms for multiple core tasks that can't be done elsewhere... that's a completely different thing and it's better if you don't use it if you are not going to make your software open source too.

(Seriously, do really still exist people doing closed source stuff in 2018??? mah)

Page 16 of 17 All times are UTC
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/