You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 1, 2024. It is now read-only.
I request that a feature be added to the project that allows for the automatic extraction of the VERSIONINFO from the original DLL (if found) and the replication of that information into a resource file in the proxy dll project template. This feature would enable the proxy project to retain the original DLL's versioning information.
At present the current proxy template compiles without VERSIONINFO:
After the enhancement is in place, the final proxy dll would compile with the same VERSIONINFO as the original DLL:
Additionally, an option to timestomp the final proxy dll to match the date of the original dll would be a great addition.
To reproduce the intended outcome manually, you can leverage ResourceHacker and timestomp.
Extract VERSIONINFO from original DLL: rh.exe -open "C:\Windows\System32\version.dll" -save "version.rc" -action extract -mask VERSIONINFO -log CON
Compile .rc to .res rh.exe -open "version.rc" -save "version.res" -action compile -log CON
Write final proxy dll with cloned VERSIONFINO: rh.exe -open "version.dll" -save "version_final.dll" -resource "version.res" -action add -mask VERSIONINFO -log CON
Clone MACE with original DLL timestamps via timestomp: ts.exe -c "c:\windows\system32\version.dll" "version_final.dll"
Thanks for this suggestion, it's a very good one. The way Spartacus works is it creates a solution file only when using the --generate-proxy argument (where Ghidra extracts export definitions etc). I've implemented this within that feature in v1.2.0.
VERSIONINFO Replication
This is now replicated within the target solution (added proxy.rc and resource.h files for this).
Timestomp
The only non-intrusive way of implementing the timestomp feature I could come up with, is by using a post-build event and PowerShell. So now, after the DLL is built (only for Release x64), it will run the following PS commands:
I request that a feature be added to the project that allows for the automatic extraction of the VERSIONINFO from the original DLL (if found) and the replication of that information into a resource file in the proxy dll project template. This feature would enable the proxy project to retain the original DLL's versioning information.
At present the current proxy template compiles without VERSIONINFO:
After the enhancement is in place, the final proxy dll would compile with the same VERSIONINFO as the original DLL:
Additionally, an option to timestomp the final proxy dll to match the date of the original dll would be a great addition.
To reproduce the intended outcome manually, you can leverage ResourceHacker and timestomp.
Extract VERSIONINFO from original DLL:
rh.exe -open "C:\Windows\System32\version.dll" -save "version.rc" -action extract -mask VERSIONINFO -log CON
Compile .rc to .res
rh.exe -open "version.rc" -save "version.res" -action compile -log CON
Write final proxy dll with cloned VERSIONFINO:
rh.exe -open "version.dll" -save "version_final.dll" -resource "version.res" -action add -mask VERSIONINFO -log CON
Clone MACE with original DLL timestamps via timestomp:
ts.exe -c "c:\windows\system32\version.dll" "version_final.dll"
Ref: http://www.angusj.com/resourcehacker/
Ref: https://github.com/jackson5sec/timestomp
The text was updated successfully, but these errors were encountered: