Enhancement Request: Replicate VERSIONINFO
offsecguy opened this issue · 1 comments
I request that a feature be added to the project that allows for the automatic extraction of the VERSIONINFO from the original DLL (if found) and the replication of that information into a resource file in the proxy dll project template. This feature would enable the proxy project to retain the original DLL's versioning information.
At present the current proxy template compiles without VERSIONINFO:
After the enhancement is in place, the final proxy dll would compile with the same VERSIONINFO as the original DLL:
Additionally, an option to timestomp the final proxy dll to match the date of the original dll would be a great addition.
To reproduce the intended outcome manually, you can leverage ResourceHacker and timestomp.
Extract VERSIONINFO from original DLL:
rh.exe -open "C:\Windows\System32\version.dll" -save "version.rc" -action extract -mask VERSIONINFO -log CON
Compile .rc to .res
rh.exe -open "version.rc" -save "version.res" -action compile -log CON
Write final proxy dll with cloned VERSIONFINO:
rh.exe -open "version.dll" -save "version_final.dll" -resource "version.res" -action add -mask VERSIONINFO -log CON
Clone MACE with original DLL timestamps via timestomp:
ts.exe -c "c:\windows\system32\version.dll" "version_final.dll"
Ref: http://www.angusj.com/resourcehacker/
Ref: https://github.com/jackson5sec/timestomp
Hi,
Thanks for this suggestion, it's a very good one. The way Spartacus works is it creates a solution file only when using the --generate-proxy
argument (where Ghidra extracts export definitions etc). I've implemented this within that feature in v1.2.0.
VERSIONINFO Replication
This is now replicated within the target solution (added proxy.rc
and resource.h
files for this).
Timestomp
The only non-intrusive way of implementing the timestomp feature I could come up with, is by using a post-build event and PowerShell. So now, after the DLL is built (only for Release x64
), it will run the following PS commands:
powershell.exe -c (Get-ChildItem "$(TargetPath)").LastWriteTime = (Get-ChildItem "%SOURCEDLL%").LastWriteTime
powershell.exe -c (Get-ChildItem "$(TargetPath)").CreationTime = (Get-ChildItem "%SOURCEDLL%").CreationTime
Let me know if something doesn't work or if you have any other suggestions!
Thanks,
Pavel