Dialog rc To source code utility

[JRS]

Who would be the target user for this utility? A C programmer or a BASIC programmer looking for a light weight GUI?

What are the advantages of converting the resource file to code rather than use it as intended?

[Mike Lobanovsky]

John,

I guess one of the intended advantages is described in this message.

However I am afraid SDK style dialogs can hardly be regarded as an exhaustive solution to the problem. One could easily design a simple enough Spy++ - like tool that would be able to take a pixel-perfect programmatic snapshot of any GUI currently available on screen in real time, visible or invisible, as long as the GUI being hacked is comprised of native frame window/dialog classes and Common Controls, or ThunderRT... (VB6) controls and forms and ActiveX'es, or T... (Delphi) control classes and forms and ActiveX'es.

OTOH alien GUI frameworks like GTK or Qt or similar that don't use the OS native stock assets at all, or OpenGL widgets that can closely emulate Windows 10 Common Controls like those found in recent builds of IUP would be much, much harder, if not entirely impossible, to hack.

[JRS]

On a positive note there finally seems to be serious activity addressing native OSX, Android, iOS and the web (JS library) with the IUP direction. I'm all for write once and run on everything like Script BASIC promotes.

Resource Hacker™ looks like a pretty cool tool.


      VALUE "CompanyName", "Microsoft Corporation"
      VALUE "FileDescription", "Visual Basic"
      VALUE "FileVersion", "6.00.9782"
      VALUE "InternalName", "VB6.EXE"
      VALUE "ProductName", "Visual Basic"
      VALUE "LegalCopyright", "Copyright © 1987-2000 Microsoft Corp."
      VALUE "LegalTrademarks", "Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation"
      VALUE "ProductVersion", "6.00.9782"
      VALUE "Comments", "February 23, 2004"

[Mike Lobanovsky]

Regarding the "hacking" of GUI layouts in 3rd party programs,

• According to the U.S. and European law, GUI design cannot be covered with patent and/or copyright protection; and
• UpdateResource() is a legitimate user space Win32 API.

That's probably why you will never find MS itself being at suit with anybody for having its own GUIs hacked every now and then. Every single interactive menu editor around is a clone of their VB6 IDE Menu Editor GUI, and most 3rd party visual designers and RADs are based, with different degrees of success and usability, on various MS Visual Studio implementations.

ResHacker is a mighty and very popular tool to manage Windows PE resources cleanly outside their original development environments and it is also scriptable to allow for command line/batch file usage.

[Arnold]

... looking for a light weight GUI?

Yes. I think ResEd + Dlg2Src will be a visual gui designer which will make it easier to create the necessary statements. For creating OygenBasic code this will be very helpful. As a hobby programmer I also consider the possibility to compare the code with different languages as a great bonus. I myself would like to see the styles by name but this could be done as a second step.

One could easily design a simple enough Spy++ - like tool ...

Could linking resources to an exe or dll influence the negative behaviour of some (free version) AV-Scanners? I found many false positives reported about 32 bit executables, and these are not only OxygenBasic compiled programs. (VirusTotal helps a lot)

Roland

[Mike Lobanovsky]

Could linking resources to an exe or dll influence the negative behaviour of some (free version) AV-Scanners?

Roland,

Here we have already discussed the adverse effects of not having appropriate resources embedded in a Windows executable.

You might want to experiment yourself by taking a known false alarm provoking Oxygen executable and add valid icon, version info, and manifest resources to it in ResHacker, and then submit it to VirusTotal again to see if it would still be flagged as (potential) malware.

To summarize, a Windows executable should have:

• sufficient size (at least 1.5KB);
• valid file time stamp;
• valid file checksum (ResHacker updates this PE header field automatically upon resource modification);
• embedded icon, version info, and manifest resources.

Failure to comply with one or more of these points is highly likely to provoke a false alarm by at least one of the AV scanners clustered at VirusTotal and similar sites.

OTOH adding or deleting dialog, image, menu and similar resources to/from the executable will not affect the executable's performance at VirusTotal.

[Arnold]

Hi Mike,

can you help me with this special case?

As MS Security Essentials has ended for my 32-bit Windows Vista, I installed a free version of Virus scanner.

What a mess now! There are messages about apps which ran ok for years. I am even prevented to run my own batch files. It will take some time to put this inconsistency in order again.

Therefore I checked my slider project with Virustotal. These are my results:

Sliders.dll 64-bit: 0/57
Sliders.exe 64-bit: 1/57 (Invincea - generic.a)

Stand-alone:
Sliders.exe 64-bit: 0/56

Sliders.dll 32-bit: 4/57
 Bkav      W32eHeur Virus02
 Qihoo-360   HEUR/QVM40 1 0000 Malware Gen
 Rising      Malware Heuristic!ET#84% (rdm+)
 Symantec   Heur AdvML B
Sliders.exe 32-bit: 7/57
 Avast, Avira (no cloud), Bkav, Invincea, Qihoo-360, Rising, Symantec

Stand-alone:
Sliders.exe 32-bit: 12/57
 ALYac, Ad-Aware, Arcabit, Avast, BitDefender, Bkav, Emisoft, F-Secure, GData, eScan, Qihoo-360, Rising.

Is this not crazy? I always used the same code and the same procedure. 64-bit performs better than 32-bit. 32-bit dll performs better than stand-alone 32-bit executable.

What is still missing? What can I do to improve the results for 32-bit? (I will of course check the items you addressed).

Roland

[Mike Lobanovsky]

Stand-alone:
Sliders.exe 32-bit: 12/57
 ALYac, Ad-Aware, Arcabit, Avast, BitDefender, Bkav, Emisoft, F-Secure, GData, eScan, Qihoo-360, Rising.
Is this not crazy?

It is, Roland. Actually you were lucky. My own test yielded 13/57 adding putinist ruSSian Yandex to the bargain.

... can you help me with this special case?

I tried but I failed to get rid of false alarms entirely. I added a valid XP+ manifest to your exe and fixed the PE file checksum. It immediately brought the number of false alarms down to 4/57 but unfortunately not 0/57.

Qihoo-360 turned out to be the most obstinate AV "scanner" of all with its oh-my-gawd-so-generic HEUR/QVM20.1.0000.Malware.Gen diagnosis. If you google for what it really is you will find out that in about 30% cases this "alarm" is added simply because at least one other (sic!) AV "scanner" at VirusTotal has (falsely) flagged the file as "potential malware"! Heuristics, my ass!!!

Now you should understand what I mean saying those cheap'n'fake antiviruses are the last thing that an intelligent human being should care for.

================================================

Actually this isn't your problem, Roland. It's Charles' problem and mine. It is our task to find such layouts for our compilers that will make all those freakin' "scanners" tuck their tails between their legs. But it is a very arduous and non-rewarding task. If it makes you feel any better, I can wisper secretly in your ear that FBSL's 2KB large Fbsl_Tiny.exe stub whose only task is to launch Fbsl.dll and pass a script buffer to it for execution, is flagged 5/57 at VirusTotal. Even one of J.C.Fuller's 64-bit examples for his Dlg2Sdk tool compiled with MS VS2013/2015 Visual C++ is a piece of malware flagged 1/57.

OTOH I can prove that if I deliberately modify an MS product, say, one of their IDE executables, and add a timer to it and a command to ShellExecute("del c:\ *"), the VirusTotal results will still be 0/57!

How can one compete fairly in this rotten world of total bribery and lucre???!!!

[Arnold]

Thank you Mike, for your analyses. It is comforting to know that not everything is lost. From my own experience some years ago with a previous PC I know that some of the (free version - I cannot judge the full version) AV scanners do not really protect against a real attack.

I think it is so unfair if some of the programs (not only Oxygen apps) are blamed for being Malware and there is no clue what the reason is. Only the excuse that it could also be a false positive. This is not helpful.

Roland

[Mike Lobanovsky]

However I am afraid SDK style dialogs can hardly be regarded as an exhaustive solution to the problem. One could easily design a simple enough Spy++ - like tool that would be able to take a pixel-perfect programmatic snapshot of any GUI currently available on screen in real time, visible or invisible, as long as the GUI being hacked is comprised of native frame window/dialog classes and Common Controls, or ThunderRT... (VB6) controls and forms and ActiveX'es, or T... (Delphi) control classes and forms and ActiveX'es.

This thread exemplifies exactly what I meant writing the message I'm self quoting above.

Great minds think alike. 




(NB: Public Domain = do with the sources whatever you like )

[JRS]

Mike,

I would like to see PBWinSpy converted to OxygenBasic as our first PowerBASIC to O2 conversion. At least when completed we will have a useful tool.

BTW: The option to capture and generate code for children doesn't seem to be working correctly. Selecting the dialog should select all the controls within it. IMHO

John