aluigi, posted Sat Jun 09, 2018 5:06 pm (35746)

---

In that case how can you know what files have been skipped?
Maybe it has more sense to allow the existent -0 option (it's used in extraction) to be used with the reimport feature for "testing" the injected files, and it would tell you "file1.txt" is ok, "file2.txt" can't be reimported and so on.
That would be easy to implement.

Dima Bilan, posted Sat Jun 09, 2018 5:28 pm (35747)

---

aluigi wrote:

In that case how can you know what files have been skipped?
Maybe it has more sense to allow the existent -0 option (it's used in extraction) to be used with the reimport feature for "testing" the injected files, and it would tell you "file1.txt" is ok, "file2.txt" can't be reimported and so on.
That would be easy to implement.

I do not need to know which files were skipped yet. Just make that it skips all the files that are larger than the original at a time so as not to press a button y each time. But thanks for the advice. In my case, I want it to cut files that are larger than the original. But if you will think of adding and this function, it would be cool.

aluigi, posted Sat Jun 09, 2018 9:46 pm (35750)

---

Truncating a file is for sure something I will never implement because reimporting 8 bytes is not the same as reimporting the 10 bytes I need. There is reimport2.bat for trying reimporting bigger files.

The automatic skip is difficult to insert because there are already 4 choices for the user... a lot, adding a 5th one would be confusing.

-0 in riemport mode is ok

Dima Bilan, posted Sun Jun 10, 2018 7:05 am (35759)

---

aluigi wrote:

Truncating a file is for sure something I will never implement because reimporting 8 bytes is not the same as reimporting the 10 bytes I need. There is reimport2.bat for trying reimporting bigger files.

The automatic skip is difficult to insert because there are already 4 choices for the user... a lot, adding a 5th one would be confusing.

-0 in riemport mode is ok

With this -0 nothing happens. Everything also lists that list.

- do you want to skip this file? (y/N/force)
y will continue with the next file and skip the current file
N (default) will terminate QuickBMS, maybe you can try with the -r -r mode
force will force the reimporting of the file (NEVER use this!!!)

And where should I punch the button y every time until I hang myself.
The automatic skip would be nice. And the fact that someone to confuse and press the wrong option is already his problem.

aluigi, posted Sun Jun 10, 2018 8:03 am (35761)

---

Dima Bilan wrote:

With this -0 nothing happens.

in next quickbms

Dima Bilan, posted Sun Jun 10, 2018 8:33 am (35763)

---

aluigi wrote:

in next quickbms

And when will the next quickbms?

aluigi, posted Fri Jun 15, 2018 7:13 am (35894)

---

QuickBMS will be released this week-end, hopefully tomorrow.

Nicknine, posted Sat Jun 16, 2018 1:14 am (35921)

---

There's no way to know if NameCrc command's lookup has failed and thus, no way to have a fallback naming method. Comparing output variable to "" after running the command returns false. Not sure if it's a bug or not so I eventually decided it to post it here.

aluigi, posted Sat Jun 16, 2018 7:26 am (35925)

---

Here it works correctly in the sleeping dog script, example:

Code:

    namecrc NAME hash MEMORY_FILE10 32 "" "32 -1 0 1 1 1"
    if NAME == ""
        string NAME p "x." hash

Nicknine, posted Sat Jun 16, 2018 6:13 pm (35958)

---

aluigi wrote:

Here it works correctly in the sleeping dog script, example:

Code:

    namecrc NAME hash MEMORY_FILE10 32 "" "32 -1 0 1 1 1"
    if NAME == ""
        string NAME p "x." hash

Strange, I'm pretty sure I tried this before and it didn't work. Oh, well, thanks.

aluigi, posted Sun Jun 17, 2018 6:51 am (35965)

---

I'm going to release quickbms 0.9.0 and the following are 2 examples of C code for using the 3 available IPC interfaces of "quickbms.exe -W 1234" (1234 is the port of the web API which is not covered by the example) and the quickbms_compression function of quickbms.dll:

Code:

// ipctest.c
#include 
#include 
#include 



// example
char            compressed_algo[]   = "zlib";
unsigned char   compressed_data[]   =
                    "\x78\x01\x53\xa6\x0e\xe0\xe5\x02\xc1\xc0\xd2\xcc\xe4\x6c\x27\xdf"
                    "\x60\x5e\xae\xa4\x4a\x05\x9f\xd2\xcc\xf4\x4c\x05\xc7\xd2\xa2\xcc"
                    "\xd4\xdc\xdc\x44\x5e\xae\x54\xdd\xdc\xc4\xcc\x1c\x2b\x85\xdc\x54"
                    "\x87\xc4\x1c\x90\x9c\x5e\x7e\x51\x3a\x2f\x57\x79\x6a\x92\x95\x02"
                    "\x10\x20\x8b\x65\xe4\xe7\xa6\x82\x04\x33\x4a\x4a\x0a\xac\xf4\xf5"
                    "\x0b\x41\xc6\x26\xe5\x16\xeb\x25\xe7\xe7\x02\x25\x53\x73\x0a\x90"
                    "\x24\xab\x52\xf3\x32\x12\x2b\x20\x52\x20\x48\x35\x0f\x01\x00\xe7"
                    "\x38\x3d\x1c";
int             compressed_size     = sizeof(compressed_data) - 1;
unsigned char   *decompressed_data  = NULL;
int             decompressed_size   = 282;



int main(int argc, char *argv[]) {
    HANDLE  h   = INVALID_HANDLE_VALUE,
            h2  = INVALID_HANDLE_VALUE;
    DWORD   dw;
    int     ipc_mode,
            size;
    char    *name,
            tmp[32];

    if(argc < 2) {
        printf("\nUsage: %s \n", argv[0]);
        exit(1);
    }

    ipc_mode = atoi(argv[1]);
    switch(ipc_mode) {
        case 0: name = "\\\\.\\pipe\\quickbms_byte";        break;
        case 1: name = "\\\\.\\pipe\\quickbms";             break;
        case 2: name = "\\\\.\\mailslot\\quickbms\\send";   break;
        default: exit(1); break;
    }

    printf("name %d %s\n", ipc_mode, name);
    h = CreateFile(name, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
    printf("handle %p\n", h);
    if(h == INVALID_HANDLE_VALUE) exit(1);

    switch(ipc_mode) {
        case 0:
            dw = PIPE_READMODE_MESSAGE;
            SetNamedPipeHandleState(h, &dw, NULL, NULL);
            break;
        case 1:
            dw = PIPE_READMODE_BYTE;
            SetNamedPipeHandleState(h, &dw, NULL, NULL);
            break;
        case 2:
            SetMailslotInfo(h, MAILSLOT_WAIT_FOREVER);
            h2 = CreateMailslot("\\\\.\\mailslot\\quickbms\\recv", 0, MAILSLOT_WAIT_FOREVER, NULL);
            if(h2 == INVALID_HANDLE_VALUE) exit(1);
            break;
    }

    SetLastError(0);    // useful but not necessary

    sprintf(tmp, "comtype %s\n", compressed_algo);
    WriteFile(h, tmp, strlen(tmp), &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());

    sprintf(tmp, "%d\n", compressed_size);
    WriteFile(h, tmp, strlen(tmp), &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());

    WriteFile(h, compressed_data, compressed_size, &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());

    sprintf(tmp, "%d\n", decompressed_size);
    WriteFile(h, tmp, strlen(tmp), &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());

    if(ipc_mode == 2) {
        CloseHandle(h);
        h = h2;
    }

    ReadFile(h, tmp, sizeof(tmp), &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());
    size = atoi(tmp);

    decompressed_data = calloc(1, size);

    ReadFile(h, decompressed_data, size, &dw, NULL);
    printf("dw %d (%d)\n", (int)dw, (int)GetLastError());

    CloseHandle(h);

    fwrite(decompressed_data, 1, size, stdout);

    return 0;
}

Code:

// dlltest.c
#include 
#include 
#include 



// example
char            compressed_algo[]   = "zlib";
unsigned char   compressed_data[]   =
                    "\x78\x01\x53\xa6\x0e\xe0\xe5\x02\xc1\xc0\xd2\xcc\xe4\x6c\x27\xdf"
                    "\x60\x5e\xae\xa4\x4a\x05\x9f\xd2\xcc\xf4\x4c\x05\xc7\xd2\xa2\xcc"
                    "\xd4\xdc\xdc\x44\x5e\xae\x54\xdd\xdc\xc4\xcc\x1c\x2b\x85\xdc\x54"
                    "\x87\xc4\x1c\x90\x9c\x5e\x7e\x51\x3a\x2f\x57\x79\x6a\x92\x95\x02"
                    "\x10\x20\x8b\x65\xe4\xe7\xa6\x82\x04\x33\x4a\x4a\x0a\xac\xf4\xf5"
                    "\x0b\x41\xc6\x26\xe5\x16\xeb\x25\xe7\xe7\x02\x25\x53\x73\x0a\x90"
                    "\x24\xab\x52\xf3\x32\x12\x2b\x20\x52\x20\x48\x35\x0f\x01\x00\xe7"
                    "\x38\x3d\x1c";
int             compressed_size     = sizeof(compressed_data) - 1;
unsigned char   *decompressed_data  = NULL;
int             decompressed_size   = 282;



int __stdcall (*quickbms_compression)(char *algo, void *in, int zsize, void *out, int size) = NULL;



int main(int argc, char *argv[]) {
    printf("LoadLibrary %s\n", "quickbms.dll");
    HMODULE hlib = LoadLibrary("quickbms.dll");
    printf("hlib %p\n", hlib);
    if(!hlib) exit(1);

    quickbms_compression = (void *)GetProcAddress(hlib, "quickbms_compression");
    printf("quickbms_compression %p\n", quickbms_compression);

    decompressed_data = calloc(1, decompressed_size);

    printf("input size  %d\n", compressed_size);
    printf("output size %d\n", decompressed_size);
    int size = quickbms_compression(compressed_algo, compressed_data, compressed_size, decompressed_data, decompressed_size);
    printf("output_size %d\n", size);

    if(size >= 0) {
        fwrite(decompressed_data, 1, size, stdout);
    }
    return 0;
}

The compressed data used in the example (same for both) is the header of quickbms.txt

*edit* fixed calling convention, needs to be stdcall.

aluigi, posted Sun Jun 17, 2018 10:34 am (35977)

---

QuickBMS 0.9.0 is finally out:
http://quickbms.com

michalss, posted Mon Jun 18, 2018 5:01 pm (36013)

---

aluigi wrote:

QuickBMS 0.9.0 is finally out:
http://quickbms.com

Perfect. thx a lot any chance of C# example of usage of dll pls?

aluigi, posted Mon Jun 18, 2018 5:23 pm (36014)

---

Come on there are tons of examples on the Internet about how calling an unmanaged C function of a DLL in C#

michalss, posted Mon Jun 18, 2018 8:37 pm (36015)

---

aluigi wrote:

Come on there are tons of examples on the Internet about how calling an unmanaged C function of a DLL in C#

Well yeah u right, i just being lazy, but still it would be perfect to add it to quickbms.txt

Hmm but still not sure how build the compress and decompress functions after DLLimport call

aluigi, posted Mon Jun 18, 2018 8:41 pm (36016)

---

Homework for you: write a simple test in C# for calling quickbms_compression and post the code here in this topic

michalss, posted Mon Jun 18, 2018 8:44 pm (36017)

---

aluigi wrote:

Homework for you: write a simple test in C# for calling quickbms_compression and post the code here in this topic

Nice ill do my best ill try tommorow.. Anyway i think this DLL is best approach i have to say. If all algos working then mate KUDOS...

LM : Next job would be to export all functions...

aluigi, posted Mon Jun 18, 2018 8:58 pm (36018)

---

michalss wrote:

LM : Next job would be to export all functions...

Both quickbms.dll and quickbms.exe 0.9.0 export over 11800 functions

michalss, posted Mon Jun 18, 2018 9:38 pm (36019)

---

aluigi wrote:

michalss wrote:

LM : Next job would be to export all functions...

Both quickbms.dll and quickbms.exe 0.9.0 export over 11800 functions

That is just perfect. U exported all functions releated to bms itself and dont need to use qbms.exe anymore? Not sure how u doing it but u are very good dev and revers engineer...

aluigi, posted Mon Jun 18, 2018 9:55 pm (36021)

---

No, you can use only some few functions for specific jobs, for example some encryption functions or directly some compression algorithms or some utility functions.
Remember that the calling convention is ever cdecl and stdcall is used only for quickbms_compression and quickbms_encryption.

aluigi, posted Tue Jun 19, 2018 7:12 am (36024)

---

Ah, I forgot a point about quickbms.dll.
The GPL v2 license on which quickbms is based says that a program using such dll should be licensed under GPL too (open source):
https://opensource.org/licenses/gpl-2.0.php
https://www.gnu.org/licenses/gpl-faq.ht ... timeAndGPL

Now let's try to be not so "strict" about it, if you have a small tool that requires a decompression function and you have no idea how to implement it (maybe because there are no binding for your language and you don't know C)... well who cares, use it and have fun.

If you are making a software which is 100% based on quickbms for multiple core tasks that can't be done elsewhere... that's a completely different thing and it's better if you don't use it if you are not going to make your software open source too.

(Seriously, do really still exist people doing closed source stuff in 2018??? mah)

michalss, posted Tue Jun 19, 2018 7:28 pm (36035)

---

aluigi wrote:

QuickBMS 0.9.0 is finally out:
http://quickbms.com

Where is a download link luigi pls ? Is exe same as dll ?

aluigi, posted Tue Jun 19, 2018 8:21 pm (36038)

---

The link is not on the homepage but I posted it some posts ago and it's in quickbms.txt:
http://aluigi.org/papers/quickbms_dll.zip

michalss, posted Fri Jun 22, 2018 11:12 am (36111)

---

Having hard time to make it work on C# to be honest..

Code:

[DllImport("quickbms.dll", EntryPoint = "quickbms_compression")]
        private static extern int quickbms_compression(string algo, byte[] inData, int zsize, byte[] outData, int size);

        private void testCompression()
        {
            var rr = quickbms_compression("", null, 1000, null, 5000);

        }

Not sure if this is correct, dont know how to properly declarate it and how to write decompress and compress functions...

michalss, posted Wed Jul 11, 2018 5:07 am (36672)

---

Hi Aluigi, we have finally found some time and implemented small wrapper around your great quickbms dll tool for C# and it works great for decompression and encryption / decryption. The only problem we now have is with compression and hashes - zlib_compress or deflate_compress etc. does not work like they should ( - error in src\extra\xalloc.c line 678: xdbg_realloc()
Error: memory allocation problem), we have also tested NULL array as output data, which eliminates error, but produces no comprimed data (returned size is zero). As for hashes, we have no idea how to get the computed hash - so far it returns identical data as input. If currently not possible / implemented with hashes -
we suggest another separate interface for hashes with custom hash output (instead of replacing input) and hash_size (in byte form is fine) is an option or replace input completely by resizing input array to default hash size (after computation - but this option is least favored)