dcsimg
A Flash Developer Resource Site

Page 1 of 2 12 LastLast
Results 1 to 20 of 23
  1. #1
    Senior Member Alloy Bacon's Avatar
    Join Date
    Apr 2011
    Posts
    926

    Does some one know how to handle the flash .dll or .so

    I am looking for some c++ program that can start the run time by bitshifting the dll

  2. #2
    . fruitbeard's Avatar
    Join Date
    Oct 2011
    Posts
    1,776
    Ask another forum i guessing

  3. #3
    Senior Member Alloy Bacon's Avatar
    Join Date
    Apr 2011
    Posts
    926
    I will be posting daily .flas here that attempt to uncompile the c source code of the flashplayer runtime: https://rpguy.weebly.com/

  4. #4
    Tim (Super Moderator) Northcode's Avatar
    Join Date
    Dec 2000
    Location
    Whitehorse YT
    Posts
    3,765
    You need to be aware that the approach you're attempting will fail (spectacularly) each time Adobe release a new EXE because of the structure of PE files and the nature of optimizing C/C++ compilers. Basically, what you are trying to do (find byte/string fingerprints in the binary) isn't going to work. There is a resources section in the PE file that you can manipulate, but it won't really let you do much (change some strings, icon resources, etc) and there are already tools that can do this.
    When your swf2exe tool just HAS to work
    there's only one choice... SWF Studio

  5. #5
    Senior Member Alloy Bacon's Avatar
    Join Date
    Apr 2011
    Posts
    926
    I changed built in functions on the runtime so the swf only runs for the custom one, found the icon its changeable if you use uncompress functions and rezip it, can change the right click menu copyright adobe name spaces, found some manifests to change the architecture of the runtime (might help to work on other devices) and than rezip the exe... theres abc text in the garbage data that says the runtime its self was written in C, maybe I get a c decompiler for that part. I also saw some things in bytecode data that talk about running it on the ipod and sony psp.
    Last edited by Alloy Bacon; 05-08-2018 at 10:48 PM.

  6. #6
    . fruitbeard's Avatar
    Join Date
    Oct 2011
    Posts
    1,776
    Hi,

    Heres are a couple of links to software that do these sort of things

    Link 1
    Link 2

  7. #7
    Senior Member Alloy Bacon's Avatar
    Join Date
    Apr 2011
    Posts
    926
    ok fruit will try that later.

  8. #8
    Tim (Super Moderator) Northcode's Avatar
    Join Date
    Dec 2000
    Location
    Whitehorse YT
    Posts
    3,765
    If you attempt to modify any code section of a PE file you will invalidate the digital signature and generate a warning when trying to start the EXE. Virus scanners will flag this. The only safe things to modify are things in the resource section and possibly the data section (not very useful). What you think is "garbage data" is likely string resources of the C/C++ runtime library if it's been statically linked with the application. PE files are not compressed unless they have been processed by a third party packing tool (like UPX). Individual resources MAY be compressed but Windows won't be able to display compressed icons, they are stored as raw bitmaps, except for newer PNG icons but then older versions of Windows will just ignore these icons. You can't change the architecture the runtime will work on by tweaking anything in the PE file, the code is generated for a single architecture. Read this https://msdn.microsoft.com/en-us/library/ms809762.aspx and educate yourself a little, it will save you a lot of frustration.
    When your swf2exe tool just HAS to work
    there's only one choice... SWF Studio

  9. #9
    Senior Member Alloy Bacon's Avatar
    Join Date
    Apr 2011
    Posts
    926
    well theres a lot to do with the resource section because you can change the icon to make the projector your own light weight swf app without them knowing its a projector, and hopefully add an swf in the resources and get it to auto launch from there.

  10. #10
    Tim (Super Moderator) Northcode's Avatar
    Join Date
    Dec 2000
    Location
    Whitehorse YT
    Posts
    3,765
    You can't get the Flash player to do anything it won't do normally (like load SWFs from the resource section of the PE file). The Flash EXE used to be just a stub with a magic number at the end, followed by an SWF. It was easy to take the raw EXE and attach a SWF to it. But the Flash EXE has evolved a bit and there are multiple SWFs embedded in the EXE now. My exe2swf tool tries to extract them all but I haven't updated it in a while.
    When your swf2exe tool just HAS to work
    there's only one choice... SWF Studio

  11. #11
    Senior Member Alloy Bacon's Avatar
    Join Date
    Apr 2011
    Posts
    926
    you can just split the byte array of the exe by the separator bytes to distinguish each section of the byte array as a file like you can see where the png for an icon is because the bytearray for it will say IHDR somewhere around the beginning but that is a good tool and was probably around longer than more tools came out to help you with that. I will go for the swf studio as well if you can give me a half discount atleast just to have one of your apps.

  12. #12
    Tim (Super Moderator) Northcode's Avatar
    Join Date
    Dec 2000
    Location
    Whitehorse YT
    Posts
    3,765
    The IHDR marks the beginning of the PNG image header but there's no guarantee that the projector will have a PNG icon in it. PNG support was first added to ICO files in Vista so any pre-Vista projector will not have PNG files as part of the icon resources. The right way to do it is to parse the resource section. That's harder in ActiponScript because you have to do all the heavy lifting yourself. In C/C++ where you can access the Win32 API, there are functions you can call to help do this.
    When your swf2exe tool just HAS to work
    there's only one choice... SWF Studio

  13. #13
    Senior Member Alloy Bacon's Avatar
    Join Date
    Apr 2011
    Posts
    926
    well if you unzip the projector, I can tell you after observing it alittle more, that you will see a file called .rdata and in .rdata if you go through the bytearray data there are some .dll names, so clearly the unzip apps have not fully unzipped the .exe and you can make a couple of .dll's from the .rdata file, and the .rdata is most likely going to be all of the actionscript 2.0 + 3.0 C/C++ if decompiled after making more files from the .rdata
    Last edited by Alloy Bacon; 05-10-2018 at 09:47 PM.

  14. #14
    Tim (Super Moderator) Northcode's Avatar
    Join Date
    Dec 2000
    Location
    Whitehorse YT
    Posts
    3,765
    The rdata section generally contains debug data and is not used by the EXE. The compiler and linker use this section. It's also not compressed so I'm not sure what you're unzipping. I didn't see any decompression code in your runtime reader FLA.
    When your swf2exe tool just HAS to work
    there's only one choice... SWF Studio

  15. #15
    Senior Member Alloy Bacon's Avatar
    Join Date
    Apr 2011
    Posts
    926
    so far it just goes through all the bytes in the for loop and periodic 50ms breaks cause the for loop would crash, so that's good but right now for decompressing im first using like desktop archivers to decompress and see what type of data they can show, but I see in rdata there are also files that should be made from that because theres dll names. so if rdata is just debugger data like you say than the c,c++ would have to be in the 5mb .text file from unzipping the projector, what do you say, oh and in the .rdata I also see a .bat file that's in that byte code

  16. #16
    Tim (Super Moderator) Northcode's Avatar
    Join Date
    Dec 2000
    Location
    Whitehorse YT
    Posts
    3,765
    Read some information on what's actually in a PE file format before you get all excited by the magic bytes you're "discovering" and the Dunning-Kruger effect completely overtakes you. Once you understand how a PE file is constructed and what's in it you can stop guessing and maybe make some progress. Stumbling along blindly is a waste of time and energy. Knowing what you don't know is the first step to enlightenment.
    When your swf2exe tool just HAS to work
    there's only one choice... SWF Studio

  17. #17
    Senior Member Alloy Bacon's Avatar
    Join Date
    Apr 2011
    Posts
    926
    well if you use my latest app version of the reader 0.0.5, you will see that I added some new functions to read it better, this is proprietary software that is not given to us, the only way is to use the functions I have access to and look for patterns, now I tried some new functions I added to my script and I can tell you the most correct looking way to read the bytes from the .text file is looking like its definitely written using either unsigned bytes or unsigned ints what do you think?

    Trying to read the byte code as shorts or doubles shows negative values or point values which is why they don't appear right.
    Last edited by Alloy Bacon; 05-12-2018 at 07:56 PM.

  18. #18
    Senior Member Alloy Bacon's Avatar
    Join Date
    Apr 2011
    Posts
    926
    especially when they named the file where all the C/C++ is with a .text extension like really you are going to look up .text readers, the best assumption for that is to open it up with notepad, that's probably why they made it go in a .text anyways because no one can help you there a .text opener is the obvious and the data in it is not .text

    I can see that supporters on this forum will call you Dunning-Kruger when doing things out of your own head but that should be reasonable when not everything in life is publically open, the forum leaders are definitely on there way to showing there is a way to open and close everything the right way but that is not reality when not everything is publically open, so until than best way is to build your own decompiler from the skills you have acquired.
    Last edited by Alloy Bacon; 05-12-2018 at 08:22 PM.

  19. #19
    . fruitbeard's Avatar
    Join Date
    Oct 2011
    Posts
    1,776
    Hi,

    Just what is your end game here Alloy, is it so you can put your own tag inside of the flash right click or change an icon in an exe file.
    Or perhaps to reverse engineer flash itself.

    I think everybody has tried to open things with 7zip or WinZip before to see what code they can try to purge.

    Nobody is condemning you for doing your own thing, I think someone is suggesting you crawl before you sprint in the wrong direction.

    I must ask again, who taught you how to use 'then' and 'than'

  20. #20
    Senior Member Alloy Bacon's Avatar
    Join Date
    Apr 2011
    Posts
    926
    I don't think then and than is worth putting time into learning the differnces xD but fine I will look it up.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




Click Here to Expand Forum to Full Width

HTML5 Development Center