I have a folder full of shortcuts leading to F: recently due to complications I cannot use the F: drive and it now resides in D:. There are about 100+ shortcuts in the folder, is there anyway to change them in mass? I'd prefer using Batch for this but using external programs will work just as well.
This could done with free tool Xchang32.exe from Clay's Utilities
for Win32 which of course can be also used on Windows x64.
Download ClaysUtils32.zip and extract from ZIP archive Xchang32.exe into folder with the shortcut files.
Important note: Clay Ruth, author of Xchang32.exe and owner of domain clayruth.com died years ago. For that reason the ZIP file with this tool is not available anymore in world wide web although it was permitted explicitly to distribute this package free of charge according to read me file in the ZIP file.
Run the following two commands:
xchang32.exe /i *.lnk "F:^x5C" "D:^x5C"
xchang32.exe /i *.lnk "F^x00:^x00^x5C" "D^x00:^x00^x5C"
The first line replaces case-insensitive all F:\ by D:\ in ASCII in any *.lnk file in current directory.
The second line replaces case-insensitive all F:\ by D:\ in Unicode as shortcut files usually contain file and directory paths in ASCII/ANSI as well as in Unicode.
Note: This quick solution could modify also binary data streams with 46 3A 5C or 66 3A 5C or 46 00 3A 00 5C or 66 00 3A 00 5C in the *.lnk files which do not belong to a directory or file path. But I suppose those byte sequences do not exist in binary data of the shortcut files.
Related
When I try to upload images to some CMS system I'm using, it fails on some JPEGs and others not. After some searching I found that at the bits and bytes level there is a signature that tells if a file is a JPEG or something else. Apparently JPEGs exported from photoshop have a slightly different signature, and my system seems to fails on them. They are still somewhat JPEGs but more like photoshop JPEGS. If I open and export the file in Gimp for example, it works without a problem.
The one that works starts with: FF D8 FF E0 00 10 4A 46 49 46
The one that doesn't work: FF D8 FF ED 00 2C 50 68
Both files end with: FF D9
So my question comes to if there is a way to export those images in photoshop as plain JPEG images?
As you haven't shared a Photoshop-created JPEG file and I can't generate one easily, I can only suggest an untested command to rectify the issue.
You should be able to use exiftool to remove Photoshop-related stuff from a single image like this:
exiftool -photoshop:all= IMAGE.JPG
That may remove more information than you want, so you could copy the original IPTC data back in like this. This will do all the JPEGs in the current directory:
exiftool -photoshop:all= -tagsfromfile # -iptc:all -ext jpg .
I attempt to save a few lines into an output file called Temporal_regions.txt in my folder, so I can continue with further process.
I took a look at some of other post, and they suggested to do this way:
echo "some file content" > /path/to/outputfile
So my returned output looks like this:
1 3 13579 586 Right-Temporal 72 73 66 54
2 5 24680 587 Left-Temporal 89 44 65 56
3 7 34552 599 Right-Temporal 72 75 66 54
4 8 24451 480 Left-Temporal 68 57 47 66
*All of these lines were individually returned as output using the grep command from another file (call it TR.stats)
If I want to store these outputs into the .txt (call it TemperolRegion.txt), I would have to first create the output file right? What would be the command to do this?
Then, I can just simply use the above suggested way to store to the .txt file?
grep "Left-Temporal" TR.stats > /path/to/TemperolRegion.txt
I can't seem to get the commands right.
It sounds like you are missing the directories along the path. In Linux, you have to create the parent directory before you create the file. You can create every directory along the path to the parent by using mkdir with the -p option.
mkdir -p /path/to
grep "Left-Temporal" TR.stats > /path/to/TemperolRegion.txt
Another problem you might have is that you are not in the right directory to TR.stats. In that case you should use the absolute path for that file as well.
grep "Left-Temporal" /path/to/TR.stats > /path/to/TemperolRegion.txt
How to automate task in OllyDBG? I want to create a script.
I bp on a certain address and go to its stack arguments. There are four stack arguments. I use the address of the 2nd argument and the size from the 4th argument and dump the HEX data into a log file.
For example :
I set a breakpoint at 512A12 and I see the following in stack:
00192003 005DB123 RETURN to program.005DB123 from program.00512A12
00192011 0018F058 - 1st argument
00192028 03F48D78 - 2nd argument
00192032 03F48D78 - 3rd argument
00192036 00000500 - 4th argument
So I dump the data from address starting at 00192028 03F48D78 - 2nd argument where 03F48D78 is the address to start the dump from.
And I use the size from the 4th argument 00192036 00000500 - 4th argument where 500 is the size of the data to be dumped.
The data is saved in a log file. It is a hex data from the dump section in OllyDBG.
Now I want to loop this function and automate it. How can this automation be done in Ollyscript or something else?
Afaik none of existing plugins offer windbg's .writemem functionality
uploaded below is an ollydbg plugin enhanced from anonymouse (openrce blog)
modified cmdline plugin with an added command .writemem
Download and put the dll in ollydbg 1.10 plugin path.
possible crash path fixed (FindModule -> Mod-name can be null if FindModule return null in such cases added "unknown_module" string as modulename for sprintf_s)
http://wikisend.com/download/750442/cmdline.dll
This plugin is an enhanced version of modified cmdline plugin for ollydbg 1.10 by anonymouse (openrce blog) and contains one extra command .writemem
enhancements being original source altered considerably to make it compile with visual studio 2010 express (old commands not tested)
one extra command .writemem added (similar to windbg's .writemem)
usage as follows alt+f1 or plugin -> cmdline plugin .
in the dialog box type
writemem [esp+0x4] dword [esp+0x10] c:\dumps
or may be
writemem 0x403085 0x45 f:\foo\blah
first command will dump 0xxxx bytes pointed by [esp+0x10] from address pointed by [esp+0x4] to the preexisting folder c:\dumps
second command will dump 0x45 bytes from 0x402085 to the specified folder
to automate use this command with conditional log breakpoint pass commands to plugin when paused functionality (shift+f4)
in the edit box enter
.writemem <address> <size> <folder path>
.run
when ever the breakpoint is hit the memory contents will be dumped
another snapshot to explain the words better below
This tutorial might help:
http://x9090.blogspot.com/2009/07/ollyscript-tutorial-unpack-upx.html
Also, you can read some scripts carefully to learn more about Olly scripting.
The actual function I need in the end to complete my task is as following.
Its an encryption / Decyption function
0x1 PUSH EBP - the encrypted data is loaded.
0x5 RETN - the data is decrypted
So the encrypted/decrypted data is loaded in the stack values as I earlier explained.
1 - When bp hits 0x1 PUSH EBP
2 - We goto stack values
3 - We follow the 2nd argument as start address for the chunk of encrypted data and the 4th argument for the size of the data.
4- We dump using wrtiemem from cmdline mod
Also we follow the same for decrypted data
1 - When bp hits 0x5 RETN
2 - We goto stack values
3 - We follow the 2nd argument as start address for the chunk of decrypted data and the 4th argument for the size of the data.
4- We dump using wrtiemem from cmdline mod.
I was wondering if the data could be saved in one text file called encdec.txt
Encrypted HEX Values
Decrypted HEX Values.
For exammple:
ENC - 88 F4 62 71 3D 25 CD 7C 72 76 8E 14 95 0B D1 8B
DEC - 3E 2E BA 24 FA 22 47 A0 00 0F A5 0E F7 B0 9C 32
If the above is done then I need to automate the HEX search and replace values from encdec.txt on the target encrypted file.
So the automation would check the line " ENC - 88 F4 62 71 3D 25 CD 7C 72 76 8E 14 95 0B D1 8B " and search for it on the targeted file and replace the values with hex values in "DEC - 3E 2E BA 24 FA 22 47 A0 00 0F A5 0E F7 B0 9C 32"
I've coded the following script in shell that creates a folder in a directory, then moves all images to this directory and then converts it and puts to a folder before. if I do this process manually it works fine, but apparently there's a conflict between the "convert" command and my loop. the "big" folder is the one that will retain the images with its original sizes and then the "tabloid" folder will contain thumbnail-sized formats of the same images.
cd tabloid
mkdir big
mv * big
cd big
for i in 00 01 02 03 04 05 06 07 08 09 10 11
do
convert -resize 351×383 "$i.jpg" "../$i.jpg"
done
it returns the following error:
convert.im6: invalid argument for option `-resize': 351×383 # error/convert.c/ConvertImageCommand/2382.
I don't know what could be wrong with my script. apparently it's in the loop because if I do the process manually (converting image per image via terminal), it works fine.
That's not an ASCII x (0x78) in your convert line that's × (MULTIPLICATION SIGN 0xd7).
I've been trying for hours to solve this. Googling like a maniac aswell. How do I export the FTP-data from a bunch of packages? Like when you export HTTP-packages in Wireshark, in just a few clicks you can export all packages as a single one to a file and then just open the HTML page.
Lets say you downloaded a .zip file (through FTP) and you caught this with Wireshark. Now I want to export all those FTP-data packages containing the .zip file to a copy of the .zip file. How can I do that? I managed to get all hexdumps (I think that's what it is called) of the packages, and it looks like this:
0000 00 50 56 ca 11 d8 00 50 18 03 39 80 08 00 45 00 .PV....P..9...E.
0010 04 34 06 34 40 00 2d 06 d3 6f c1 e7 ec 2a c0 a8 .4.4#.-..o...*..
etc...
Maybe I can convert that somehow? Or is there some other way?
You can use Bro to extract files from FTP traffic (and other protocols as well). Simply run it as follows:
bro -r trace.pcap 'FTP::extract_file_types = /.*/'
The pattern controls the MIME type of the files to extract. Change -r <trace> to -i <interface> when sniffing on a network interface. Bro creates log files in the same directory it is being run. In addition to the basic logs, you'll now find files named
ftp-item_<SERVER-IP>:<SERVER-DATA-PORT>-<CLIENT-IP>:<CLIENT-PORT>.dat
which contain the payload of the FTP data.