Is it safe to replace some characters of a string resides in a DLL file using a Hex Editor? I'm not going to introduce new chars or remove any existing one, so the file size won't be changed. And what I am going to do is to replace some embedded SQL string which is written in lower-case, and make the chars of that string upper-case. Is it OK, or does it corrupt the DLL and make it unloadable? By the way, this DLL is not digitally signed with a code signing certificate.
unless the owner of the dll does some kind of validation of it, using a checksum for instance, it won't break anything.
(afaik most windows system dlls are watched somehow for modifications and windows will complain if you change them)
Related
I've been successful in using form.location.resx files to localize the strings associated with form controls. However, I don't see how to (safely!) add strings to the .resx file(s) and then access them for such things as message boxes.
If I try to add a string to the .resx file using Visual Studio (2017), I get a warning dialog pop-up telling me that this could corrupt the "project item" (form) or my changes could be lost if I change the associated form.
Also, if I use this method, would I need to manually add my strings to each language file separately?
Alternatively, I could create a bunch of Labels to the form with visible=false and then edit their strings in the .resx files and use something like:
msgbox(LabelSampleMessage.text,MsgBoxStyle.Information,LabelSampleMessage2.text)
But that seems like it would be massively inefficient.
For Windows Forms, the best way to do this is to go into the Designer and set the Language property on the form. This will create a formName.Designer.languagecode.resx file for you. Then you just edit the Text properties of the controls. The changes will go to the resx file for the language you're editing. You can even have different layout and control spacing for each language (useful if a label is short in English but translates to something long in German).
For MessageBox messages, you do the same thing with the Resources.resx file. Just put all the messages in your Resources and duplicate the resx file for each language. Then use the Resource editor to translate the message in the other languages. You can then look up the message using My.Resources.Default.SomeMessageKey
#David: Note that I'm the author of a commercial ".resx" localization program for VS (in the interest of full disclosure). Yes, dwilliss is correct, though the names he used are a little off. For Windows forms, you can't manually update the ".resx" files yourself (directly), hence the warning from VS (don't know why they did things this way - go figure). You won't get that warning for strings you put in "Resources.resx" however. Just manually add "Resources.[LangCode].resx" and update it on your own. You have to add the keys yourself (again, no warnings). You can then simply access each string via the static properties seen in the "code-behind" file "Resources.Designer.cs" (one static property exists for each string you add). These are what MSFT calls "strongly typed" resources. If you access, say, "YourApp.Properties.Resources.SomeMessage" for instance (from "Resources.Designer.cs"), it will be returned in whatever language is currently set in "System.Threading.Thread.CurrentThread.CurrentUICulture" (assuming that language's satellite assembly is installed of course). This is all a pain and highly error-prone for other reasons as well, hence the reason I wrote my program (shameless plug but MSFT's way does work, though it's very primitive for handling translation in general - a professional organization relying on an external translator will save a lot of problems and $ in the long run by using a 3rd-party translation program, not mine necessarily though it would be my tool of choice of course, but anything is better than handling it manually).
I have to port an old VB6 program to VB.NET and stumbled across an old ".res" (Resource) file, which is stored in binary format. Using VS 2013, I can embed that file into my .NET project, and VS shows me that it contains simply a string table.
The problem is, I cannnot figure out how to bring those res file into a more modern text format, or how to load the strings directly from the res file. I linked file to my application es an embedded resource, but all my atttempts to use VB6.LoadResString from the "Visual Basic Compatibility library" lead to an exception, showing the key was not found.
Furthermore, it seems VS does not allow me to copy/paste the string table into a text file, at least, not at a whole. Actually, it allows me to copy/paste one string after another, but as you can imagine, that is extremely cumbersome and error-prone. That is why I am looking for a better solution. Any ideas?
There is a functional VB6 Class for doing this at:
ResDecomp Class Decompiles RES Files
Sample programs are included, one of them a sort of "viewer" and the other just extracts RT_STRING resource strings to an XML document. You could easily change the latter to dump the string values to a text file, database, etc. instead.
Embed the .res file to a simple VB6 program which loops from min to the max ID and write out the strings to a text file using LoadResString (error trap for missing IDs).
Lets say you have some code in your app with a hard coded string.
If somevalue = "test123" Then
End If
Once the application is compiled, is it possible for someone to modify the .exe file and change 'test123' to something else? If so, would it only work if the string contained the same number of characters?
It's possible but not necessarily straightforward. For example, if your string is loaded in memory, someone could use a memory manager tool to modify the value of the string's address directly.
Alternatively, they could decompile your app, change the string, and recompile it to create a new assembly with the new string. However, whether this is likely to happen depends on your app and how important it is for that string to be changed.
You could use an obfuscator to make it a bit harder to do but, ultimately, a determined cracker would be able to do it. The question is whether that string is important enough to worry about and, if so, maybe consider an alternative approach such as using a web service to provide the string.
Strings hard-coded without any obfuscation techniques can easily be found inside compiled executables by openign them up in any HEX-editor. Once found, replacing the string is possible in 2 ways :
1. Easy way (*conditions apply)
If the following conditions apply in your case, this is a very quick-fire way of modifying the hard-coded strings in the executable binary.
length(new-string) <= length(old-string)
No logic in the code to check for executable modification using CRC.
This is a viable option ONLY if the new string is equal or shorter than the old string. Use a hex-editor to find occurrences of the old string and replace it with the new string. Pad an extra space with NULL i.e. 0x00
For example old-long-string in the binary
is modified to a shorter new-string and padded with null characters to the same length as the original string in the binary executable file
Note that such modifications to the executable files are detected by any code that verifies the checksum of the binary file against the pre-calculate checksum of the original binary executable file.
2. Harder way (applicable in almost all cases)
De-compiling the binary to native code opens up the possibility to modify any strings (and even code) and rebuild it to obtain the new binary executable.
There exist dozens of such de-compiler tools to decompile vb.net (Visual Studio.net, in general). An excellent detailed comparison of the most popular ones (ILspy, JustDecompile, DotPeek, .NET Reflector to name a few ) can be found here.
There do exist scenarios in which even the harder way will NOT be successful. This is the case when the original developer has used obfuscation techniques to prevent the strings from being detected and modified in the executable binary. One such obfuscation technique is storing encrypted strings.
I know i can use 7z or winrar but i want to learn this for myself.
How would i implement a self extracting archive? I can use C# or C++ but let me run down the problem.
When i open the exe i need some kind of GUI asking where to extract the files. Once the user says ok I should obviously extract them. I implemented a simple example in C# winforms already BUT my problem is HOW do i get the filenames and binary of the files into an exe?
One upon a time i ask Is it safe to add extra data to end of exe? and the answer suggested if i just add data to the end of the exe it may be picked up by a virus scanner. Now its pretty easy to write the length of the archive as the last 4bytes and just append the data to my generic exe and i do believe my process can read my own exe so this could work. But it feels hacky and i rather not have people accuse me of writing virus just because i am using this technique. Whats the proper way to implement this?
Note: I checked the self-extracting tag and many of the question is how to manipulate self extracting and not how to implement. Except this one which is asking something else Self-extracting self-checking executable
-edit- I made two self extracting with 7z and compared them. It looks like... well it IS the 7z.sfx file but with a regular 7z archive appended. So... there is nothing wrong with doing this? Is there a better way? I'm targeting windows and can use the C# compiler to help but i don't know how much extra work or how difficult it may be programmatically and maybe adding data to end of exe isnt bad?
It is possible. I used the following technique once, when we needed to distribute updates for the application, but the computers were configured so that the end user had no permissions to change application files. The update was supposed to log on to administrator account and update required files (so we came across identical problem: how to distribute many files as a single executable).
The solution were file resources in C#. All you need to do is:
Create a resource file in your C# project (file ending with .resx).
Add new resource of type "file". You can easily add existing files as byte[] resources.
In program you can simply extract resource as file:
System.IO.FileStream file = new System.IO.FileStream("C:\\PathToFile",
System.IO.FileMode.OpenOrCreate);
System.IO.BinaryWriter writer = new System.IO.BinaryWriter(file);
writer.Write(UpdateApplication.Data.DataValue, 0, UpdateApplication.Data.DataValue.Length);
(Here UpdateApplication.Data denotes binary resource).
Our solution lacked compression, but I believe this is easily achieved with libraries such as C#ZipLib.
I hope this solution is virus-scanner-safe, as this method creates complete, valid executable file.
Am writing a simple application which can write a to pdf,doc,xls and access files. so far it can write to word.i also want it to be able to navigate a hard disk and open these files using filters.
i was using this code to write to the files
My.Computer.FileSystem.WriteAllText(SaveFileDialog1.FileName, TextBox1.Text, False)
how can i write to pdf and access files and also navigate and open files using openFileDialog?
You should be using System.IO for writting to files. Read the documentation on StreamWriter. It is very straight forward. One of the constructors for streamwriter accepts a string representation of the path to the file, and overloads allow you to specify a FileMode enumeration value. Normally you will use FileMode.OpenOrCreate when writting to the file.
OpenFileDialog is also straightforward. Create an instance and access the selected file property to get a string representation of the path. Use the static File.Exists("path") to check that a valid path was returned, then use the give path to open the file with a StreamReader.
There is more than one way to skin a cat here because static oriented FileInfo and DirectoryInfo are provided in System.IO, and there are the corresponding File and Directory classes which must be instantiated.
The use of these classes is very straightforward so I'm not going to sit here and type you example code but that should get you started.
As far as creating PDF and XLS files, I am assuming that you already have raw bytes that are in the correct format for those file types? If not, I can't help you there off hand. There are no Formatters in the .NET Framework that will convert ASCII or Unicode strings to a format that is acceptable for PDF or XLS that I am aware of. You are going to either need to dig into the specifics of those file formats or find a third party utility that will format your raw bytes or text into something those specifications.
If you are recieving the PDF and XLS data in the raw already properly formatted just use BinaryWriter to create the new file and write the raw array of bytes.