#1
|
|||
|
|||
Question about QT Creator and MinGW - (Minimalist GNU for Windows)
Is there a possibility to change the controls (a slider) in a PE ?
The PE has no resources (Resource editors so pointless) Are there any tools? |
#2
|
|||
|
|||
http://forum.exetools.com/attachment.php?attachmentid=7378&stc=1&d=1385233531
^This? |
#3
|
||||
|
||||
maybe this will help to someone who start with that 200 tutorials outstanding explain
Code:
http://www.youtube.com/user/VoidRealms/videos?sort=p&shelf_index=4&view=0 |
#4
|
|||
|
|||
Unfortunately I don't have the source code.
the problem is the program uses various horizontal sliders, the home position is on the left, but I need the home position in the middle. the generated EXE files under this environment generate code without any recources. Therefore, all known Recource tools are useless. I think the controls are all in the .data section. (There you will find tons of strings "Slider", "ComboBox", etc.) but the context is a mystery to me. Therefore, the question whether there is a tool that can visualize this structure. (and also a change directly in the PE permitting) |
#5
|
||||
|
||||
No, there isnt. Qt draws its own controls, rather than using native windows ones.
That also means that at some point in the code the value for the slider has to be actively set, typically in the constructor of the Form. This should be done by calling the setSliderPosition(int) method of the slider. So what you will want to do is find the " setSliderPosition" export in QtGui.dll, breakpoint it, and somehow figure out which slider is the one you want. |
#6
|
|||
|
|||
Seems a little more complex ...
the only references that I can find are (in QtGui (4) dll.): ASCII "slider_handle" ASCII "scrollbar_slider" ASCII "slider_groove" ASCII "slider_handle" ASCII "2sliderPressed ()" ASCII "2sliderMoved (int)" ASCII "2sliderReleased ()" ASCII "QAbstractSlider" ASCII "QSlider" but none of these references is really useful. the reference: "sets lider position" is only visible in the PE setSliderPositionEi: 00324340h: 73 65 74 53 6C 69 64 65 72 50 6F 73 69 74 6F 69; setSliderPositio 00324350h: 6E 45 69 00 72 0D 5A 5F 4E 31 35 51 41 62 73 74; nEi.r._ZN15QAbst 00324360h: 72 61 63 74 53 6C 69 64 65 72 38 73 65 74 56 61; ractSlider8setVa 00324370h: 6C 75 65 45 69 00 00 00 46 0E; lueEi ... F. The reference: "ZN15Q" is also in the QtGui (4) dll present. but not in Ollydbg Any idea? |
#7
|
|||
|
|||
Quote:
Qt sometimes uses strange names, probably you are looking for something like this... if you have programming experience, you could try to make a small program that sets the position and then check which imports are used. Greetings |
#8
|
|||
|
|||
The export you're looking for is called "_ZN15QAbstractSlider17setSliderPositionEi" (Inside QtGui4.dll / Qt5Widgets.dll)
I made a small example program for you (Qt5, but the idea is the same), the button sets the slider to position 30. Notice that you also need the class pointer to the slider control, this could be hard to obtain in a target you're not familiar with, but there is some help: the slider type (horizontal/vertical I think) is set inside the code using "_ZN15QAbstractSlider14setOrientationEN2Qt11OrientationE" it will use the same 'this' pointer. Download: http://rghost.net/50472432 Hope this solves your problem... Greetings, Mr. eXoDia |
#9
|
|||
|
|||
Thanks for your help!
( Slider.exe is very helpful for the analysis of QT codes) I have found and analyzed the routine for the PushButton: Slider.exe: 00401763 8B41 18 MOV EAX, DWORD PTR DS: [ECX +18] 00401766 8B48 04 MOV ECX, DWORD PTR DS: [EAX +4] 00401769 C70424 MOV DWORD PTR SS 1E0000: [ESP], 1E <---- (Decimal 30) 00401770 FF15 D8D34000 CALL DWORD PTR DS:[<&Qt5Widgets._ZN15QAbstractSlider17setSliderPositionEi>] And for the slider position is "Qt5Widgets._ZN15QAbstractSlider17setSliderPositionEi" be competent. Qt5Widgets.dll: 61EB0990 /$ /57 PUSH EDI ; Qt5Widgets._ZN15QAbstractSlider17setSliderPositionEi(guessed Arg1) But for the construction of this slider I can't find a function for the Home position of the slider. (I mean the Home position in the construction, is currently left but should for me be in the middle at 50) In Qt5Widgets.dll only these functions (for Sliders) are available: 61EB06F0 .text Export #2233 _ZN15QAbstractSlider10setMaximumEi 61EB06B0 .text Export #2234 _ZN15QAbstractSlider10setMinimumEi 61EB0B40 .text Export #2235 _ZN15QAbstractSlider10timerEventEP11QTimerEvent 61EB0EC0 .text Export #2236 _ZN15QAbstractSlider10wheelEventEP11QWheelEvent 61EB0F00 .text Export #2237 _ZN15QAbstractSlider11changeEventEP6QEvent 620E75E0 .text Export #2238 _ZN15QAbstractSlider11qt_metacallEN11QMetaObject4CallEiPPv 620E7590 .text Export #2239 _ZN15QAbstractSlider11qt_metacastEPKc 61EB0400 .text Export #2240 _ZN15QAbstractSlider11setPageStepEi 61EB0470 .text Export #2241 _ZN15QAbstractSlider11setTrackingEb 620E72C0 .text Export #2242 _ZN15QAbstractSlider11sliderMovedEi 620E7330 .text Export #2243 _ZN15QAbstractSlider12rangeChangedEii 61EB0060 .text Export #2244 _ZN15QAbstractSlider12sliderChangeENS_12SliderChangeE 620E7250 .text Export #2245 _ZN15QAbstractSlider12valueChangedEi 61EB0A30 .text Export #2246 _ZN15QAbstractSlider13keyPressEventEP9QKeyEvent 61EB0380 .text Export #2247 _ZN15QAbstractSlider13setSingleStepEi 61EB0900 .text Export #2248 _ZN15QAbstractSlider13setSliderDownEb 620E7290 .text Export #2249 _ZN15QAbstractSlider13sliderPressedEv 61EB07E0 .text Export #2250 _ZN15QAbstractSlider13triggerActionENS_12SliderActionE 61EB02C0 .text Export #2251 _ZN15QAbstractSlider14setOrientationEN2Qt11OrientationE 620E7300 .text Export #2252 _ZN15QAbstractSlider14sliderReleasedEv 620E7380 .text Export #2253 _ZN15QAbstractSlider15actionTriggeredEi 61EB0CA0 .text Export #2254 _ZN15QAbstractSlider15setRepeatActionENS_12SliderActionEii 621EA05C .rdata Export #2255 _ZN15QAbstractSlider16staticMetaObjectE 61EB0990 .text Export #2256 _ZN15QAbstractSlider17setSliderPositionEi 620E73C0 .text Export #2257 _ZN15QAbstractSlider18qt_static_metacallEP7QObjectN11QMetaObject4CallEiPPv 61EB07B0 .text Export #2258 _ZN15QAbstractSlider19setInvertedControlsEb 61EB0750 .text Export #2259 _ZN15QAbstractSlider21setInvertedAppearanceEb 61EB0F60 .text Export #2260 _ZN15QAbstractSlider5eventEP6QEvent 62100820 .text Export #2261 _ZN15QAbstractSlider6d_funcEv 61EB0620 .text Export #2262 _ZN15QAbstractSlider8setRangeEii 61EB04F0 .text Export #2263 _ZN15QAbstractSlider8setValueEi 61EB0230 .text Export #2264 _ZN15QAbstractSliderC1EP7QWidget 61EB0280 .text Export #2265 _ZN15QAbstractSliderC1ER22QAbstractSliderPrivateP7QWidget 61EB0230 .text Export #2266 _ZN15QAbstractSliderC2EP7QWidget 61EB0280 .text Export #2267 _ZN15QAbstractSliderC2ER22QAbstractSliderPrivateP7QWidget 61EB00F0 .text Export #2268 _ZN15QAbstractSliderD0Ev 61EB00C0 .text Export #2269 _ZN15QAbstractSliderD2Ev 61EB00C0 .text Export #2270 _ZN15QAbstractSliderD1Ev Can it be that it is not possible to determine a home position of the slider in the design ??? ( e.g. in the middle at 50 ) |
#10
|
||||
|
||||
The default home position is 0. If the default position of your slider is zero, then no explicit setSliderPosition(0) call is made.
I dont know what decoration your Qt files use, but mine (though qt4) is fairly straight forward. What you will have to do is find the constructor of the form, and add a call to setSliderPosition. (you might have to call maximum() to find the maximum of the slider first, default is 99) Can you share your files privately? If so PM me. Code:
void qtslider::btnClicked() { if(ui.horizontalSlider->sliderPosition() != 55) { ui.verticalSlider->setSliderPosition(50); int x = ui.verticalSlider->maximum(); std::cout << x; ui.horizontalSlider->setSliderPosition(55); int y = ui.horizontalSlider->maximum(); std::cout << y; } else { ui.verticalSlider->setSliderPosition(0); int x = ui.verticalSlider->maximum(); std::cout << x; ui.horizontalSlider->setSliderPosition(0); int y = ui.horizontalSlider->maximum(); std::cout << y; } } Code:
PUSH EBP MOV EBP,ESP SUB ESP,14 MOV [LOCAL.5],ECX MOV EAX,[LOCAL.5] MOV ECX,DWORD PTR DS:[EAX+18] CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::sliderPosition>] ; QtGui4.QMainWindow::toolButtonStyle CMP EAX,37 JE SHORT 00401216 PUSH 32 ; patch here MOV ECX,[LOCAL.5] MOV ECX,DWORD PTR DS:[ECX+1C] CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::setSliderPosition>] ; QtGui4.QAbstractSlider::setSliderPosition MOV EDX,[LOCAL.5] MOV ECX,DWORD PTR DS:[EDX+1C] CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::maximum>] ; QtGui4.QSplitterHandle::orientation MOV [LOCAL.2],EAX MOV EAX,[LOCAL.2] PUSH EAX MOV ECX,DWORD PTR DS:[<&MSVCP90.std::cout>] ; MSVCP90.std::cout CALL DWORD PTR DS:[<&MSVCP90.std::basic_ostream<char,std::char_trait>; MSVCP90.std::basic_ostream<char,std::char_traits<char> >::operator<< PUSH 37 ; patch here MOV ECX,[LOCAL.5] MOV ECX,DWORD PTR DS:[ECX+18] CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::setSliderPosition>] ; QtGui4.QAbstractSlider::setSliderPosition MOV EDX,[LOCAL.5] MOV ECX,DWORD PTR DS:[EDX+18] CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::maximum>] ; QtGui4.QSplitterHandle::orientation MOV [LOCAL.1],EAX MOV EAX,[LOCAL.1] PUSH EAX MOV ECX,DWORD PTR DS:[<&MSVCP90.std::cout>] ; MSVCP90.std::cout CALL DWORD PTR DS:[<&MSVCP90.std::basic_ostream<char,std::char_trait>; MSVCP90.std::basic_ostream<char,std::char_traits<char> >::operator<< JMP SHORT 00401270 PUSH 0 MOV ECX,[LOCAL.5] ; patch here MOV ECX,DWORD PTR DS:[ECX+1C] CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::setSliderPosition>] ; QtGui4.QAbstractSlider::setSliderPosition MOV EDX,[LOCAL.5] MOV ECX,DWORD PTR DS:[EDX+1C] CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::maximum>] ; QtGui4.QSplitterHandle::orientation MOV [LOCAL.4],EAX MOV EAX,[LOCAL.4] PUSH EAX MOV ECX,DWORD PTR DS:[<&MSVCP90.std::cout>] ; MSVCP90.std::cout CALL DWORD PTR DS:[<&MSVCP90.std::basic_ostream<char,std::char_trait>; MSVCP90.std::basic_ostream<char,std::char_traits<char> >::operator<< PUSH 0 ; patch here MOV ECX,[LOCAL.5] MOV ECX,DWORD PTR DS:[ECX+18] CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::setSliderPosition>] ; QtGui4.QAbstractSlider::setSliderPosition MOV EDX,[LOCAL.5] MOV ECX,DWORD PTR DS:[EDX+18] CALL DWORD PTR DS:[<&QtGui4.QAbstractSlider::maximum>] ; QtGui4.QSplitterHandle::orientation MOV [LOCAL.3],EAX MOV EAX,[LOCAL.3] PUSH EAX MOV ECX,DWORD PTR DS:[<&MSVCP90.std::cout>] ; MSVCP90.std::cout CALL DWORD PTR DS:[<&MSVCP90.std::basic_ostream<char,std::char_trait>; MSVCP90.std::basic_ostream<char,std::char_traits<char> >::operator<< MOV ESP,EBP POP EBP ; 0012FEDC RETN |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
MinGW - Minimalist GNU for Windows | dalkia | General Discussion | 6 | 02-29-2016 17:18 |
Windows 2000 and Windows nt 4 sources, question | shady | General Discussion | 2 | 04-15-2004 04:17 |