Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 11-23-2013, 22:48
Trit0n Trit0n is offline
Family
 
Join Date: Sep 2011
Location: +47.xxxx / +8.xxxx
Posts: 230
Rept. Given: 57
Rept. Rcvd 88 Times in 48 Posts
Thanks Given: 85
Thanks Rcvd at 132 Times in 54 Posts
Trit0n Reputation: 88
Question about QT Creator and MinGW - (Minimalist GNU for Windows)

Is there a possibility to change the controls (a slider) in a PE ?
The PE has no resources (Resource editors so pointless)
Are there any tools?
Reply With Quote
  #2  
Old 11-24-2013, 03:06
Conquest Conquest is online now
Friend
 
Join Date: Jan 2013
Location: 0x484F4D45
Posts: 125
Rept. Given: 46
Rept. Rcvd 29 Times in 17 Posts
Thanks Given: 31
Thanks Rcvd at 60 Times in 29 Posts
Conquest Reputation: 29
http://forum.exetools.com/attachment.php?attachmentid=7378&stc=1&d=1385233531
^This?
Attached Images
File Type: jpg slider.jpg (3.8 KB, 20 views)
Reply With Quote
  #3  
Old 11-24-2013, 15:47
Dreamer's Avatar
Dreamer Dreamer is offline
Family
 
Join Date: May 2012
Posts: 604
Rept. Given: 613
Rept. Rcvd 659 Times in 257 Posts
Thanks Given: 117
Thanks Rcvd at 170 Times in 128 Posts
Dreamer Reputation: 38
maybe this will help to someone who start with that 200 tutorials outstanding explain

Code:
http://www.youtube.com/user/VoidRealms/videos?sort=p&shelf_index=4&view=0
Reply With Quote
  #4  
Old 11-24-2013, 19:53
Trit0n Trit0n is offline
Family
 
Join Date: Sep 2011
Location: +47.xxxx / +8.xxxx
Posts: 230
Rept. Given: 57
Rept. Rcvd 88 Times in 48 Posts
Thanks Given: 85
Thanks Rcvd at 132 Times in 54 Posts
Trit0n Reputation: 88
Unfortunately I don't have the source code.
the problem is the program uses various horizontal sliders,
the home position is on the left, but I need the home position in the middle.
the generated EXE files under this environment generate code without any recources.
Therefore, all known Recource tools are useless.
I think the controls are all in the .data section.
(There you will find tons of strings "Slider", "ComboBox", etc.)
but the context is a mystery to me.
Therefore, the question whether there is a tool that can visualize this structure.
(and also a change directly in the PE permitting)
Reply With Quote
  #5  
Old 11-24-2013, 21:04
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 300
Rept. Given: 111
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 178
Thanks Rcvd at 215 Times in 92 Posts
deepzero Reputation: 64
No, there isnt. Qt draws its own controls, rather than using native windows ones.


That also means that at some point in the code the value for the slider has to be actively set, typically in the constructor of the Form.

This should be done by calling the setSliderPosition(int) method of the slider.


So what you will want to do is find the " setSliderPosition" export in QtGui.dll, breakpoint it, and somehow figure out which slider is the one you want.
Reply With Quote
  #6  
Old 11-27-2013, 04:51
Trit0n Trit0n is offline
Family
 
Join Date: Sep 2011
Location: +47.xxxx / +8.xxxx
Posts: 230
Rept. Given: 57
Rept. Rcvd 88 Times in 48 Posts
Thanks Given: 85
Thanks Rcvd at 132 Times in 54 Posts
Trit0n Reputation: 88
Seems a little more complex ...
the only references that I can find are (in QtGui (4) dll.):
ASCII "slider_handle"
ASCII "scrollbar_slider"
ASCII "slider_groove"
ASCII "slider_handle"
ASCII "2sliderPressed ()"
ASCII "2sliderMoved (int)"
ASCII "2sliderReleased ()"
ASCII "QAbstractSlider"
ASCII "QSlider"
but none of these references is really useful.
the reference: "sets lider position" is only visible in the PE
setSliderPositionEi:
00324340h: 73 65 74 53 6C 69 64 65 72 50 6F 73 69 74 6F 69; setSliderPositio
00324350h: 6E 45 69 00 72 0D 5A 5F 4E 31 35 51 41 62 73 74; nEi.r._ZN15QAbst
00324360h: 72 61 63 74 53 6C 69 64 65 72 38 73 65 74 56 61; ractSlider8setVa
00324370h: 6C 75 65 45 69 00 00 00 46 0E; lueEi ... F.
The reference: "ZN15Q" is also in the QtGui (4) dll present.
but not in Ollydbg
Any idea?
Reply With Quote
  #7  
Old 11-27-2013, 04:56
mr.exodia mr.exodia is offline
Retired Moderator
 
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
Quote:
Originally Posted by Trit0n View Post
Seems a little more complex ...
the only references that I can find are (in QtGui (4) dll.):
ASCII "slider_handle"
ASCII "scrollbar_slider"
ASCII "slider_groove"
ASCII "slider_handle"
ASCII "2sliderPressed ()"
ASCII "2sliderMoved (int)"
ASCII "2sliderReleased ()"
ASCII "QAbstractSlider"
ASCII "QSlider"
but none of these references is really useful.
the reference: "sets lider position" is only visible in the PE
setSliderPositionEi:
00324340h: 73 65 74 53 6C 69 64 65 72 50 6F 73 69 74 6F 69; setSliderPositio
00324350h: 6E 45 69 00 72 0D 5A 5F 4E 31 35 51 41 62 73 74; nEi.r._ZN15QAbst
00324360h: 72 61 63 74 53 6C 69 64 65 72 38 73 65 74 56 61; ractSlider8setVa
00324370h: 6C 75 65 45 69 00 00 00 46 0E; lueEi ... F.
The reference: "ZN15Q" is also in the QtGui (4) dll present.
but not in Ollydbg
Any idea?
http://harmattan-dev.nokia.com/docs/library/html/qt4/qslider.html#tickPosition-prop

Qt sometimes uses strange names, probably you are looking for something like this... if you have programming experience, you could try to make a small program that sets the position and then check which imports are used.

Greetings
Reply With Quote
  #8  
Old 11-27-2013, 05:38
mr.exodia mr.exodia is offline
Retired Moderator
 
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
The export you're looking for is called "_ZN15QAbstractSlider17setSliderPositionEi" (Inside QtGui4.dll / Qt5Widgets.dll)

I made a small example program for you (Qt5, but the idea is the same), the button sets the slider to position 30.

Notice that you also need the class pointer to the slider control, this could be hard to obtain in a target you're not familiar with, but there is some help: the slider type (horizontal/vertical I think) is set inside the code using "_ZN15QAbstractSlider14setOrientationEN2Qt11OrientationE" it will use the same 'this' pointer.

Download: http://rghost.net/50472432

Hope this solves your problem...

Greetings,

Mr. eXoDia
Reply With Quote
  #9  
Old 11-28-2013, 05:09
Trit0n Trit0n is offline
Family
 
Join Date: Sep 2011
Location: +47.xxxx / +8.xxxx
Posts: 230
Rept. Given: 57
Rept. Rcvd 88 Times in 48 Posts
Thanks Given: 85
Thanks Rcvd at 132 Times in 54 Posts
Trit0n Reputation: 88
Thanks for your help!
( Slider.exe is very helpful for the analysis of QT codes)

I have found and analyzed the routine for the PushButton:
Slider.exe:
00401763 8B41 18 MOV EAX, DWORD PTR DS: [ECX +18]
00401766 8B48 04 MOV ECX, DWORD PTR DS: [EAX +4]
00401769 C70424 MOV DWORD PTR SS 1E0000: [ESP], 1E <---- (Decimal 30)
00401770 FF15 D8D34000 CALL DWORD PTR DS:[<&Qt5Widgets._ZN15QAbstractSlider17setSliderPositionEi>]


And for the slider position is "Qt5Widgets._ZN15QAbstractSlider17setSliderPositionEi" be competent.
Qt5Widgets.dll:
61EB0990 /$ /57 PUSH EDI ; Qt5Widgets._ZN15QAbstractSlider17setSliderPositionEi(guessed Arg1)


But for the construction of this slider I can't find a function for the Home position of the slider.
(I mean the Home position in the construction, is currently left but should for me be in the middle at 50)

In Qt5Widgets.dll only these functions (for Sliders) are available:

61EB06F0 .text Export #2233 _ZN15QAbstractSlider10setMaximumEi
61EB06B0 .text Export #2234 _ZN15QAbstractSlider10setMinimumEi
61EB0B40 .text Export #2235 _ZN15QAbstractSlider10timerEventEP11QTimerEvent
61EB0EC0 .text Export #2236 _ZN15QAbstractSlider10wheelEventEP11QWheelEvent
61EB0F00 .text Export #2237 _ZN15QAbstractSlider11changeEventEP6QEvent
620E75E0 .text Export #2238 _ZN15QAbstractSlider11qt_metacallEN11QMetaObject4CallEiPPv
620E7590 .text Export #2239 _ZN15QAbstractSlider11qt_metacastEPKc
61EB0400 .text Export #2240 _ZN15QAbstractSlider11setPageStepEi
61EB0470 .text Export #2241 _ZN15QAbstractSlider11setTrackingEb
620E72C0 .text Export #2242 _ZN15QAbstractSlider11sliderMovedEi
620E7330 .text Export #2243 _ZN15QAbstractSlider12rangeChangedEii
61EB0060 .text Export #2244 _ZN15QAbstractSlider12sliderChangeENS_12SliderChangeE
620E7250 .text Export #2245 _ZN15QAbstractSlider12valueChangedEi
61EB0A30 .text Export #2246 _ZN15QAbstractSlider13keyPressEventEP9QKeyEvent
61EB0380 .text Export #2247 _ZN15QAbstractSlider13setSingleStepEi
61EB0900 .text Export #2248 _ZN15QAbstractSlider13setSliderDownEb
620E7290 .text Export #2249 _ZN15QAbstractSlider13sliderPressedEv
61EB07E0 .text Export #2250 _ZN15QAbstractSlider13triggerActionENS_12SliderActionE
61EB02C0 .text Export #2251 _ZN15QAbstractSlider14setOrientationEN2Qt11OrientationE
620E7300 .text Export #2252 _ZN15QAbstractSlider14sliderReleasedEv
620E7380 .text Export #2253 _ZN15QAbstractSlider15actionTriggeredEi
61EB0CA0 .text Export #2254 _ZN15QAbstractSlider15setRepeatActionENS_12SliderActionEii
621EA05C .rdata Export #2255 _ZN15QAbstractSlider16staticMetaObjectE
61EB0990 .text Export #2256 _ZN15QAbstractSlider17setSliderPositionEi
620E73C0 .text Export #2257 _ZN15QAbstractSlider18qt_static_metacallEP7QObjectN11QMetaObject4CallEiPPv
61EB07B0 .text Export #2258 _ZN15QAbstractSlider19setInvertedControlsEb
61EB0750 .text Export #2259 _ZN15QAbstractSlider21setInvertedAppearanceEb
61EB0F60 .text Export #2260 _ZN15QAbstractSlider5eventEP6QEvent
62100820 .text Export #2261 _ZN15QAbstractSlider6d_funcEv
61EB0620 .text Export #2262 _ZN15QAbstractSlider8setRangeEii
61EB04F0 .text Export #2263 _ZN15QAbstractSlider8setValueEi
61EB0230 .text Export #2264 _ZN15QAbstractSliderC1EP7QWidget
61EB0280 .text Export #2265 _ZN15QAbstractSliderC1ER22QAbstractSliderPrivateP7QWidget
61EB0230 .text Export #2266 _ZN15QAbstractSliderC2EP7QWidget
61EB0280 .text Export #2267 _ZN15QAbstractSliderC2ER22QAbstractSliderPrivateP7QWidget
61EB00F0 .text Export #2268 _ZN15QAbstractSliderD0Ev
61EB00C0 .text Export #2269 _ZN15QAbstractSliderD2Ev
61EB00C0 .text Export #2270 _ZN15QAbstractSliderD1Ev

Can it be that it is not possible to determine a home position of the slider in the design ???
( e.g. in the middle at 50 )
Reply With Quote
  #10  
Old 11-28-2013, 14:21
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 300
Rept. Given: 111
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 178
Thanks Rcvd at 215 Times in 92 Posts
deepzero Reputation: 64
The default home position is 0. If the default position of your slider is zero, then no explicit setSliderPosition(0) call is made.


I dont know what decoration your Qt files use, but mine (though qt4) is fairly straight forward. What you will have to do is find the constructor of the form, and add a call to setSliderPosition. (you might have to call maximum() to find the maximum of the slider first, default is 99)


Can you share your files privately? If so PM me.


Code:
void qtslider::btnClicked()
{
	if(ui.horizontalSlider->sliderPosition() != 55)
	{
		ui.verticalSlider->setSliderPosition(50);
		int x = ui.verticalSlider->maximum();
		std::cout << x;

		ui.horizontalSlider->setSliderPosition(55);
		int y = ui.horizontalSlider->maximum();
		std::cout << y;
	}
	else
	{
		ui.verticalSlider->setSliderPosition(0);
		int x = ui.verticalSlider->maximum();
		std::cout << x;

		ui.horizontalSlider->setSliderPosition(0);
		int y = ui.horizontalSlider->maximum();
		std::cout << y;
	}
}




Code:
PUSH EBP
MOV EBP,ESP
SUB ESP,14
MOV [LOCAL.5],ECX
MOV EAX,[LOCAL.5]
MOV ECX,DWORD PTR DS:[EAX+18]
CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::sliderPosition>]        ;  QtGui4.QMainWindow::toolButtonStyle
CMP EAX,37
JE SHORT 00401216
PUSH 32                                                              ;  patch here
MOV ECX,[LOCAL.5]
MOV ECX,DWORD PTR DS:[ECX+1C]
CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::setSliderPosition>]     ;  QtGui4.QAbstractSlider::setSliderPosition
MOV EDX,[LOCAL.5]
MOV ECX,DWORD PTR DS:[EDX+1C]
CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::maximum>]               ;  QtGui4.QSplitterHandle::orientation
MOV [LOCAL.2],EAX
MOV EAX,[LOCAL.2]
PUSH EAX
MOV ECX,DWORD PTR DS:[<&MSVCP90.std::cout>]                          ;  MSVCP90.std::cout
CALL DWORD PTR DS:[<&MSVCP90.std::basic_ostream<char,std::char_trait>;  MSVCP90.std::basic_ostream<char,std::char_traits<char> >::operator<<
PUSH 37                                                              ;  patch here
MOV ECX,[LOCAL.5]
MOV ECX,DWORD PTR DS:[ECX+18]
CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::setSliderPosition>]     ;  QtGui4.QAbstractSlider::setSliderPosition
MOV EDX,[LOCAL.5]
MOV ECX,DWORD PTR DS:[EDX+18]
CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::maximum>]               ;  QtGui4.QSplitterHandle::orientation
MOV [LOCAL.1],EAX
MOV EAX,[LOCAL.1]
PUSH EAX
MOV ECX,DWORD PTR DS:[<&MSVCP90.std::cout>]                          ;  MSVCP90.std::cout
CALL DWORD PTR DS:[<&MSVCP90.std::basic_ostream<char,std::char_trait>;  MSVCP90.std::basic_ostream<char,std::char_traits<char> >::operator<<
JMP SHORT 00401270
PUSH 0
MOV ECX,[LOCAL.5]                                                    ;  patch here
MOV ECX,DWORD PTR DS:[ECX+1C]
CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::setSliderPosition>]     ;  QtGui4.QAbstractSlider::setSliderPosition
MOV EDX,[LOCAL.5]
MOV ECX,DWORD PTR DS:[EDX+1C]
CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::maximum>]               ;  QtGui4.QSplitterHandle::orientation
MOV [LOCAL.4],EAX
MOV EAX,[LOCAL.4]
PUSH EAX
MOV ECX,DWORD PTR DS:[<&MSVCP90.std::cout>]                          ;  MSVCP90.std::cout
CALL DWORD PTR DS:[<&MSVCP90.std::basic_ostream<char,std::char_trait>;  MSVCP90.std::basic_ostream<char,std::char_traits<char> >::operator<<
PUSH 0                                                               ;  patch here
MOV ECX,[LOCAL.5]
MOV ECX,DWORD PTR DS:[ECX+18]
CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::setSliderPosition>]     ;  QtGui4.QAbstractSlider::setSliderPosition
MOV EDX,[LOCAL.5]
MOV ECX,DWORD PTR DS:[EDX+18]
CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::maximum>]               ;  QtGui4.QSplitterHandle::orientation
MOV [LOCAL.3],EAX
MOV EAX,[LOCAL.3]
PUSH EAX
MOV ECX,DWORD PTR DS:[<&MSVCP90.std::cout>]                          ;  MSVCP90.std::cout
CALL DWORD PTR DS:[<&MSVCP90.std::basic_ostream<char,std::char_trait>;  MSVCP90.std::basic_ostream<char,std::char_traits<char> >::operator<<
MOV ESP,EBP
POP EBP                                                              ;  0012FEDC
RETN
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
MinGW - Minimalist GNU for Windows dalkia General Discussion 6 02-29-2016 17:18
Windows 2000 and Windows nt 4 sources, question shady General Discussion 2 04-15-2004 04:17


All times are GMT +8. The time now is 10:32.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )