Possible next features of QuickBMS

[Dima Bilan]

In that case how can you know what files have been skipped?
Maybe it has more sense to allow the existent -0 option (it's used in extraction) to be used with the reimport feature for "testing" the injected files, and it would tell you "file1.txt" is ok, "file2.txt" can't be reimported and so on.
That would be easy to implement.

I do not need to know which files were skipped yet. Just make that it skips all the files that are larger than the original at a time so as not to press a button y each time. But thanks for the advice. In my case, I want it to cut files that are larger than the original. But if you will think of adding and this function, it would be cool.

[aluigi]

Truncating a file is for sure something I will never implement because reimporting 8 bytes is not the same as reimporting the 10 bytes I need. There is reimport2.bat for trying reimporting bigger files.

The automatic skip is difficult to insert because there are already 4 choices for the user... a lot, adding a 5th one would be confusing.

-0 in riemport mode is ok

[Dima Bilan]

Truncating a file is for sure something I will never implement because reimporting 8 bytes is not the same as reimporting the 10 bytes I need. There is reimport2.bat for trying reimporting bigger files.

The automatic skip is difficult to insert because there are already 4 choices for the user... a lot, adding a 5th one would be confusing.

-0 in riemport mode is ok

With this -0 nothing happens. Everything also lists that list.

- do you want to skip this file? (y/N/force)
y will continue with the next file and skip the current file
N (default) will terminate QuickBMS, maybe you can try with the -r -r mode
force will force the reimporting of the file (NEVER use this!!!)

And where should I punch the button y every time until I hang myself.
The automatic skip would be nice. And the fact that someone to confuse and press the wrong option is already his problem.

[aluigi]

With this -0 nothing happens.

in next quickbms

[Dima Bilan]

in next quickbms

And when will the next quickbms?

[aluigi]

QuickBMS will be released this week-end, hopefully tomorrow.

[Nicknine]

There's no way to know if NameCrc command's lookup has failed and thus, no way to have a fallback naming method. Comparing output variable to "" after running the command returns false. Not sure if it's a bug or not so I eventually decided it to post it here.

[aluigi]

Here it works correctly in the sleeping dog script, example:

Code: Select all

    namecrc NAME hash MEMORY_FILE10 32 "" "32 -1 0 1 1 1"
    if NAME == ""
        string NAME p "%08x." hash

[Nicknine]

Here it works correctly in the sleeping dog script, example:

Code: Select all

    namecrc NAME hash MEMORY_FILE10 32 "" "32 -1 0 1 1 1"
    if NAME == ""
        string NAME p "%08x." hash

Strange, I'm pretty sure I tried this before and it didn't work. Oh, well, thanks.

[aluigi]

I'm going to release quickbms 0.9.0 and the following are 2 examples of C code for using the 3 available IPC interfaces of "quickbms.exe -W 1234" (1234 is the port of the web API which is not covered by the example) and the quickbms_compression function of quickbms.dll:

Code: Select all

// ipctest.c
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>



// example
char            compressed_algo[]   = "zlib";
unsigned char   compressed_data[]   =
                    "\x78\x01\x53\xa6\x0e\xe0\xe5\x02\xc1\xc0\xd2\xcc\xe4\x6c\x27\xdf"
                    "\x60\x5e\xae\xa4\x4a\x05\x9f\xd2\xcc\xf4\x4c\x05\xc7\xd2\xa2\xcc"
                    "\xd4\xdc\xdc\x44\x5e\xae\x54\xdd\xdc\xc4\xcc\x1c\x2b\x85\xdc\x54"
                    "\x87\xc4\x1c\x90\x9c\x5e\x7e\x51\x3a\x2f\x57\x79\x6a\x92\x95\x02"
                    "\x10\x20\x8b\x65\xe4\xe7\xa6\x82\x04\x33\x4a\x4a\x0a\xac\xf4\xf5"
                    "\x0b\x41\xc6\x26\xe5\x16\xeb\x25\xe7\xe7\x02\x25\x53\x73\x0a\x90"
                    "\x24\xab\x52\xf3\x32\x12\x2b\x20\x52\x20\x48\x35\x0f\x01\x00\xe7"
                    "\x38\x3d\x1c";
int             compressed_size     = sizeof(compressed_data) - 1;
unsigned char   *decompressed_data  = NULL;
int             decompressed_size   = 282;



int main(int argc, char *argv[]) {
    HANDLE  h   = INVALID_HANDLE_VALUE,
            h2  = INVALID_HANDLE_VALUE;
    DWORD   dw;
    int     ipc_mode,
            size;
    char    *name,
            tmp[32];

    if(argc < 2) {
        printf("\nUsage: %s <mode(0,1,2)>\n", argv[0]);
        exit(1);
    }

    ipc_mode = atoi(argv[1]);
    switch(ipc_mode) {
        case 0: name = "\\\\.\\pipe\\quickbms_byte";        break;
        case 1: name = "\\\\.\\pipe\\quickbms";             break;
        case 2: name = "\\\\.\\mailslot\\quickbms\\send";   break;
        default: exit(1); break;
    }

    printf("name %d %s\n", ipc_mode, name);
    h = CreateFile(name, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
    printf("handle %p\n", h);
    if(h == INVALID_HANDLE_VALUE) exit(1);

    switch(ipc_mode) {
        case 0:
            dw = PIPE_READMODE_MESSAGE;
            SetNamedPipeHandleState(h, &dw, NULL, NULL);
            break;
        case 1:
            dw = PIPE_READMODE_BYTE;
            SetNamedPipeHandleState(h, &dw, NULL, NULL);
            break;
        case 2:
            SetMailslotInfo(h, MAILSLOT_WAIT_FOREVER);
            h2 = CreateMailslot("\\\\.\\mailslot\\quickbms\\recv", 0, MAILSLOT_WAIT_FOREVER, NULL);
            if(h2 == INVALID_HANDLE_VALUE) exit(1);
            break;
    }

    SetLastError(0);    // useful but not necessary

    sprintf(tmp, "comtype %s\n", compressed_algo);
    WriteFile(h, tmp, strlen(tmp), &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());

    sprintf(tmp, "%d\n", compressed_size);
    WriteFile(h, tmp, strlen(tmp), &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());

    WriteFile(h, compressed_data, compressed_size, &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());

    sprintf(tmp, "%d\n", decompressed_size);
    WriteFile(h, tmp, strlen(tmp), &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());

    if(ipc_mode == 2) {
        CloseHandle(h);
        h = h2;
    }

    ReadFile(h, tmp, sizeof(tmp), &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());
    size = atoi(tmp);

    decompressed_data = calloc(1, size);

    ReadFile(h, decompressed_data, size, &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());

    CloseHandle(h);

    fwrite(decompressed_data, 1, size, stdout);

    return 0;
}

Code: Select all

// dlltest.c
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>



// example
char            compressed_algo[]   = "zlib";
unsigned char   compressed_data[]   =
                    "\x78\x01\x53\xa6\x0e\xe0\xe5\x02\xc1\xc0\xd2\xcc\xe4\x6c\x27\xdf"
                    "\x60\x5e\xae\xa4\x4a\x05\x9f\xd2\xcc\xf4\x4c\x05\xc7\xd2\xa2\xcc"
                    "\xd4\xdc\xdc\x44\x5e\xae\x54\xdd\xdc\xc4\xcc\x1c\x2b\x85\xdc\x54"
                    "\x87\xc4\x1c\x90\x9c\x5e\x7e\x51\x3a\x2f\x57\x79\x6a\x92\x95\x02"
                    "\x10\x20\x8b\x65\xe4\xe7\xa6\x82\x04\x33\x4a\x4a\x0a\xac\xf4\xf5"
                    "\x0b\x41\xc6\x26\xe5\x16\xeb\x25\xe7\xe7\x02\x25\x53\x73\x0a\x90"
                    "\x24\xab\x52\xf3\x32\x12\x2b\x20\x52\x20\x48\x35\x0f\x01\x00\xe7"
                    "\x38\x3d\x1c";
int             compressed_size     = sizeof(compressed_data) - 1;
unsigned char   *decompressed_data  = NULL;
int             decompressed_size   = 282;



int __stdcall (*quickbms_compression)(char *algo, void *in, int zsize, void *out, int size) = NULL;



int main(int argc, char *argv[]) {
    printf("LoadLibrary %s\n", "quickbms.dll");
    HMODULE hlib = LoadLibrary("quickbms.dll");
    printf("hlib %p\n", hlib);
    if(!hlib) exit(1);

    quickbms_compression = (void *)GetProcAddress(hlib, "quickbms_compression");
    printf("quickbms_compression %p\n", quickbms_compression);

    decompressed_data = calloc(1, decompressed_size);

    printf("input size  %d\n", compressed_size);
    printf("output size %d\n", decompressed_size);
    int size = quickbms_compression(compressed_algo, compressed_data, compressed_size, decompressed_data, decompressed_size);
    printf("output_size %d\n", size);

    if(size >= 0) {
        fwrite(decompressed_data, 1, size, stdout);
    }
    return 0;
}

The compressed data used in the example (same for both) is the header of quickbms.txt

*edit* fixed calling convention, needs to be stdcall.

[aluigi]

QuickBMS 0.9.0 is finally out:
http://quickbms.com

[michalss]

QuickBMS 0.9.0 is finally out:
http://quickbms.com

Perfect. thx a lot any chance of C# example of usage of dll pls?

[aluigi]

Come on there are tons of examples on the Internet about how calling an unmanaged C function of a DLL in C#

[michalss]

Come on there are tons of examples on the Internet about how calling an unmanaged C function of a DLL in C#

Well yeah u right, i just being lazy, but still it would be perfect to add it to quickbms.txt

Hmm but still not sure how build the compress and decompress functions after DLLimport call

[aluigi]

Homework for you: write a simple test in C# for calling quickbms_compression and post the code here in this topic

[michalss]

Homework for you: write a simple test in C# for calling quickbms_compression and post the code here in this topic

Nice ill do my best ill try tommorow.. Anyway i think this DLL is best approach i have to say. If all algos working then mate KUDOS...

LM : Next job would be to export all functions...

[aluigi]

LM : Next job would be to export all functions...

Both quickbms.dll and quickbms.exe 0.9.0 export over 11800 functions

[michalss]

LM : Next job would be to export all functions...

Both quickbms.dll and quickbms.exe 0.9.0 export over 11800 functions

That is just perfect. U exported all functions releated to bms itself and dont need to use qbms.exe anymore? Not sure how u doing it but u are very good dev and revers engineer...

[aluigi]

No, you can use only some few functions for specific jobs, for example some encryption functions or directly some compression algorithms or some utility functions.
Remember that the calling convention is ever cdecl and stdcall is used only for quickbms_compression and quickbms_encryption.

[aluigi]

Ah, I forgot a point about quickbms.dll.
The GPL v2 license on which quickbms is based says that a program using such dll should be licensed under GPL too (open source):
https://opensource.org/licenses/gpl-2.0.php
https://www.gnu.org/licenses/gpl-faq.ht ... timeAndGPL

Now let's try to be not so "strict" about it, if you have a small tool that requires a decompression function and you have no idea how to implement it (maybe because there are no binding for your language and you don't know C)... well who cares, use it and have fun.

If you are making a software which is 100% based on quickbms for multiple core tasks that can't be done elsewhere... that's a completely different thing and it's better if you don't use it if you are not going to make your software open source too.

(Seriously, do really still exist people doing closed source stuff in 2018??? mah)