Accenture/Spartacus

Enhancement Request: Replicate VERSIONINFO

offsecguy opened this issue · 1 comments

I request that a feature be added to the project that allows for the automatic extraction of the VERSIONINFO from the original DLL (if found) and the replication of that information into a resource file in the proxy dll project template. This feature would enable the proxy project to retain the original DLL's versioning information.

At present the current proxy template compiles without VERSIONINFO:
image

After the enhancement is in place, the final proxy dll would compile with the same VERSIONINFO as the original DLL:
image

Additionally, an option to timestomp the final proxy dll to match the date of the original dll would be a great addition.

To reproduce the intended outcome manually, you can leverage ResourceHacker and timestomp.

Extract VERSIONINFO from original DLL:
rh.exe -open "C:\Windows\System32\version.dll" -save "version.rc" -action extract -mask VERSIONINFO -log CON

Compile .rc to .res
rh.exe -open "version.rc" -save "version.res" -action compile -log CON

Write final proxy dll with cloned VERSIONFINO:
rh.exe -open "version.dll" -save "version_final.dll" -resource "version.res" -action add -mask VERSIONINFO -log CON

Clone MACE with original DLL timestamps via timestomp:
ts.exe -c "c:\windows\system32\version.dll" "version_final.dll"

Ref: http://www.angusj.com/resourcehacker/
Ref: https://github.com/jackson5sec/timestomp

Hi,

Thanks for this suggestion, it's a very good one. The way Spartacus works is it creates a solution file only when using the --generate-proxy argument (where Ghidra extracts export definitions etc). I've implemented this within that feature in v1.2.0.

VERSIONINFO Replication

This is now replicated within the target solution (added proxy.rc and resource.h files for this).

Timestomp

The only non-intrusive way of implementing the timestomp feature I could come up with, is by using a post-build event and PowerShell. So now, after the DLL is built (only for Release x64), it will run the following PS commands:

powershell.exe -c (Get-ChildItem "$(TargetPath)").LastWriteTime = (Get-ChildItem "%SOURCEDLL%").LastWriteTime
powershell.exe -c (Get-ChildItem "$(TargetPath)").CreationTime = (Get-ChildItem "%SOURCEDLL%").CreationTime

Let me know if something doesn't work or if you have any other suggestions!

Thanks,
Pavel