We develop a database application. The user asks for a new feature: Copy blobs into the clipboard such that Windows Explorer can paste them as new files. One solution is to save the blobs into a temporary folder and add these temporary files to the clipboard.
But I'm looking for a better solution. Is it possible to hook the paste action in Windows Explorer and save the blobs to the destination path by myself?
I've never tried it but I think it is indeed possible. Please take a look at the MSDN Documentation for Shell Clipboard Formats. CFSTR_FILECONTENTS and CFSTR_FILEDESCRIPTOR are the formats you are likely supposed to handle.
Additionally, I found an article at Code Project which provides a demo program: How to drag a virtual file from your app into Windows Explorer.
Update: An example written in .NET:
Creating something from nothing
Creating something from nothing, asynchronously
From the MSDN article Handling Shell Data Transfer Scenarios
Existing files should be offered with the CF_HDROP format.
Offer file-like data with CFSTR_FILECONTENTS/CFSTR_FILEDESCRIPTOR
formats. This approach allows the
target to create a file from a data
object without needing to know
anything about the underlying data
storage. You should normally present
the data as an IStream interface. This
data transfer mechanism is more
flexible than a global memory object
and uses much less memory.
Two other good articles to read from MSDN are:
Shell Data Object
Shell Clipboard Formats
When I first started working on using the clipboard to transfer files I printed off all three articles and read them several times.
Dealing with the interfaces can be quite involved. I have found two good libraries out there to help with this.
The The Drag and Drop Component Suite for Delphi. If you scroll down on the home page you will see some FAQs are good reading. There are also a lot of sample applications with the download. I think the AsyncSource demos should be helpful for what you are looking for. The suite is freeware with source. The code seems to be well commented.
I am currently using the Transfer#Once component from Quasidata. It is not free but is very inexpensive. I initially used Transfer#Once because at the time it was better supported than the Drag and Drop component suite. However, that situation has reversed itself. Transfer#Once does not yet support Delphi 2009. When I get around to moving my application I will probably switch components. The Transfer#Once code is included with purchase. Personally I found the Drag and Drop code to be much easier to read and follow.
I'd say that explorer does the copying to the destination files itself, so there's no way to directly write the destination files. This makes sense, because the names of the source files can only come from the application that copied the data to the clipboard, which need not be explorer. OTOH the names of the destination files may actually differ, because files of the same name could already exist in the destination folder, and only explorer can create the modified names for the destination files (like by prepending "Copy of " or by appending " (2)" to the base file name).
You will need to provide the clipboard format for the Windows Explorer so that it can paste the files. The documentation of standard clipboard formats suggests that CF_HDROP is the right one. With this clipboard format you would provide a list of source file names, but the files do need to exist of course, so you will need to save them to disc.
You could try to make the process as light-weight as possible, though. Usually when a user copies data to the clipboard it is put there immediately, whether or not it will be used for a paste operation. For your application that would mean that you would need to create the files and put the list of file names into the clipboard, every time. However, Windows does support a mode called Delayed Rendering, which is used exactly for such cases. Basically you put only an empty stub of the data onto the clipboard, and only when another application tries to access the data it will be requested from your app. So you could implement this in a way that only when the user tries to paste the files into explorer you would save them to disc and return the list of file names.
It's been a while since I toyed with copy/paste, but I'm pretty sure you can do what you're suggesting (insert the blob as a new file into the clipboard).
I seem to remember that depending on how you add to the clipboard you can specify what sort of data you're copying. I think if you get that data type right, you'll be able to paste as though you'd copied from windows explorer.
I'll try and dig out some more details this evening if I have a chance (I don't have all my bookmarks here at work)...
[Edit] Have a look at the wxWidgets documentation on drag and drop. That was what I'd been working with and it gives some hints about data types.
What are you writing in? Delphi?
[Edit2] I think this may actually be a limitation of Windows(?). It might just be the wxWidgets documentation, but there's a suggestion that you only copy filenames rather than the files themselves. If that's the case, you're going to have to ue your original suggestion of creating a temp file first :-(
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
I have several malware repositories however I am unable to get bin files to execute or files as windows classifies them. I have included some file names so you can see what I'm working with. I have been trying to mount some of the files which are Bin files with no luck.
Tank_3d.jar
b0ffb939b3df60f8561fadf2cbfa1733_WEXTRACT.EXE_
userinit.exe with a desktop.BIN
why the extra file with the executable?
13ce4cd747e450a129d900e842315328 and windows says type of file is file?
Any help you can provide would be greatly appreciated I have searched the web but I haven't found any sites that tell you how to execute these files for obvious reasons. I have changed some of the file extensions to .exe and some of them will execute in this manner. However, a lot of them still will not. I have conducted static analysis of these files prior to trying to do dynamic analysis. Also I forgot to add I'm doing this research for a university thank you
The question is not completely clear to me but as I understood from what you said, you have some files (probably related to some malware/ransomware) that you don't know how to execute them.
Before just starting to execute a malware or whatever suspicious file, you need to collect as much information as possible about your files. This step is called information gathering. So this is what you need to do:
(these are optional steps and can be changed based on your experience)
Calculate the MD5 hash of the file then search the MD5 value in VirusTotal or Hybrid-Analysis to check if these engines already analyzed this sample or not.
(or you can directly upload your sample to these engines without calculating the MD5 value)
Search on Google for whatever information you have about your file (even you can search the file name itself). You don't want to re-analyze the sample if someone already did that for you unless you are looking for some variants or some specific features. Even in that case, reading other related analysis report can help you do it faster.
Get the type of the file using whatever tool to extract the magic header (signature) of the file. I would say use Linux file command but you can use other tools as well.
Try to open the file in a hex editor/display software (you can find lots of them if you search), to see if there is anything interesting in the file.
use Linux Strings or Windows Strings commands to extract human-readable strings from the file to see what you can find.
Doing all the above mentioned steps, you will have the idea how you should deal with the file.
Use Peid or Die (Detect it easy) to extract the programming language and possible packer name/entropy of the file.
and finally, to execute different file formats:
If it's a .jar file: java -jar sample.jar
If it's a .dll file: use rundll32 or OllyDBG.
If you have an .exe file: just run it.
People who start learning malware analysis, they just try to execute the file or start with dynamic analysis but one needs to know that these steps are very helpful before executing the sample since most of the time you will get what you want from information gathering and static analysis.
If you explain better the problem, maybe people can help you better!
Edit:
I am going to add this part to the answer to cover the comments.
why are there additional files in the malware folder like an executable with a bin file?
This is a simple trick which has been used by malware writers for several years. For example, in one scenario, the main file of the malware can be an executable file (.exe) but it's actually not harmful at all!!!. All it is doing is to download another file (e.g., .dll file) which is the real malicious code (you can call it the payload). However, sending and receiving .dll files is also suspicious, so malware authors use other file extensions or whatever to hide the malicious content (like .bin file or even .png file in one of the variants of Emotet). The problem is that you CAN NOT execute these files just like that! since sometimes there are encrypted/encoded.
You need to know the procedure of executing them which is only possible to know if you reverse engineer the sample.
for example:
13ce4cd747e450a129d900e842315328 -> .DLL file
This means you may be able to analyze it using Ollydbg or any debugger + rundll32 but there is no guarantee!! it may be encrypted or encoded and only the parent file (.exe sample for example) can decrypt/decode it!
I am now interested in performing memory analysis of the malware which I possess. however the problem I encountered was how to execute a lot of the ransomware files I have to examine
I would say it would be nice to execute all of them using Win10 VM + cuckoo sandbox and dump the memory for further analysis. It's all automatic job and can be done nicely.
What are the best practices for where a cross-platform FireMonkey program should put INI files? Are INI files even the right approach?
For Android: in "shared storage"
For MacOS: in INI file
https://delphihaven.wordpress.com/2015/06/11/ccr-prefsinifile-on-github/
CCR.PrefsIniFile on GitHub by Chris Rolliston (he is on stackoverflow also: https://stackoverflow.com/users/2778930/chris-rolliston)
Just a small post to say the the native Preferences API wrappers for Android, iOS and OS X I published to Google Code a while back are now on GitHib:
https://github.com/chrisrolliston/CCR.PrefsIniFile
Both the Android and Apple versions should also now compile in XE8.
If you are searching for one location that will fit all platforms then I'm afraid you won't find it.
You see each platforms has its own preference on where the settings files are stored.
So you should read each platforms guidelines and make sure your program uses those locations.
Failing to do so and trying to save the settings in some different folder might fail completely as many platforms limit of which folders can your application access at all.
Now as for which format should you use? Should this be INI files or something else?
On windows it is completely up to you which format you use. You can use system registry, INI files (pretty common), XML files (becoming quite common lately) or even some custom formats like Typed files (binary files) that Delphi is capable of working with.
But this does not apply to all platforms. Some platforms might even limit you in which format you store your settings.
So again you should read the platform preferences on this matter and adapt.
In windows INI files became ubiquitous as a fast, easy to use method. But as they became larger they became much slower and it was difficult to implement structured storage. Hence the move away from INI files towards Registry/Registries. But that is not an option for cross platform, so there has been some drive back towards INI file structures, but depending on size this could still be slow. One of the more interesting approaches I have seen is in this skill sprint which (mis)uses JSON to create files equivalent to old INI files (and allows structure too). See here JSON - the new INI file. As to where, I think you need to read the recommendations for each target as the recommended location could be different for each.
I have an old help file project, but the original project was lost in a hard drive crash. The original was created using HelpScribble, but now I've decompiled it into WinCHM. I have recreated the help file after decompiling the original compiled CHM file. However, to my knowledge, there is no way to identify the mappings to direct an application to certain Context ID's.
What I'm wondering is if there's a way to read the compiled CHM file and extract the Context ID of each topic in the help file? I would hate to have to iterate through individual numbers from 0 to 5,000 from what I've seen in the original software source. This is a large system, and has a corresponding large help file for every possible scenario in the software.
You can use the chmls tool from the FreePascal project. Invoke it like this:
chmls extractalias MyHelpFile.chm
The output are files named MyHelpFile.ali and MyHelpFile.h containing the IDs and targets of your aliases.
I need to translate SAP BO InfoView interface. The language we require doesn't have native BO language pack.
I discovered a bunch of .properties files, translated them, but not all of the texts was converted.
Maybe someone could give me some advices, or some ideas for solution?
Thanks.
I would think any text not in the properties or xml config files are in 2 main places:
Hard coded in the JSP files. A general search and replace should work at finding where these are.
The Java applet WebI controller. This one is compiled and packaged jar. I believe this is where the text that you haven't been able to translate yet resides. This one will be trickier to update and changes to it will most likely end any support from SAP if you run into troubles.
I need to make an app that will let users select some options, click a button, and a separate compiled app is created. Is this possible? I am using delphi 7 and 2010.
Thanks for the replies. Here is a little more info.
It would have to be a graphical app and create a graphical app.
What I want is the user to fire up 'App A' (I originally made), be able to select some options (I apologize for the secrecy. I think this is a million dollar idea that probably 3 people may find useful :) then use the program to create 'App B.' 'App B' can then be distributed to end users and 'App B' is a single executable that includes a compiled app plus the configuration data. I don't care how, but I need 'App B' to be a single executable.
I wouldn't even need to use Delphi for the final compiled app. If there is some sort of "pseudo-compiler" that I can call from Delphi that would marry a precompiled exe and a separate config file into a single executable. That would work just fine as well.
Thank you for the replies and help.
Thank you.
I also faced a similar situation once. I had to produce an exe using my exe. I didn't want to go the compiling a source code because of complexity and license problems.
Lets call the parent app P and child app C. Also lets assume that whatever option C needs can be summed up in a config file (XML/INI etc). What I ended-up doing was:
Create P and C. Inserted C in resource data of P.
When user clicked the button after selecting options, P would extract C from its resource data.
Created an XML file containing the options selected by user and inserted it in C's resource data.
So whenever C will run, it will use the options given in the XML file stuffed in it. It looks like complicated and hacky but is reliable and simple. Do a google on "delphi embedding resource in exe" and you will find plenty of articles to do above.
It is possible. You will need a Delphi 7 (or compatible) compiler (command line at least) on the target machine. You will also need all the source code for the compiled application and that includes all the third party libraries if you use any.
When you have it all set just call the command line compiler (DCC32.EXE) with the proper parameters and paths.
You can use two approaches for this:
Call ShellExecute
Call CreateProcess
You will have more control over the execution with CreateProcess. Also you will have to watch out for legal issues and licences if you plan to use the compiler this way.
Given that the Delphi compiler can't be redistributed, one solution if the user has not a copy of Delphi may be to use a script engine (i.e. RemObjects PascalScript, but there are others), generate code for it, and embed that code (i.e. within a resource) in an executable that will execute it when launched.
Create a separate stub executable that implements all the logic you need, and that reads its configuration from its own local resources (look at the TResourceStream class to help you load a resource at runtime).
Include that stub executable as an RCDATA resource in your main app's resources when it is compiled.
At runtime, the main app can extract the stub executable from its resources when needed, save it to disk, and insert the necessary configuration data into the stub's resources using the Win32 API UpdateResource() function.
Without knowing more about why you think you need to do this, I assume you don't actually need to do this. Given the stated requirements, I'd simply have one app, written in Delphi, that looks for the existence of configuration data (.ini file, registry, etc..) In the absence of this, it presents a screen that "will let users select some options, click a button". Then the options are stored in a .ini file, and the rest of the program proceeds, making use of those options.
Alternately, I'd use some pascal scripting, such as provided by TMS.
If you are looking for a way to crank out custom-branded versions of an app, maybe use Inno Setup with a ResHacker step. i.e. gather requirements in Inno, spit out your .exe into a temp directory, use ResHacker to modify the .exe, copy it into the program folder.