One of the field of the IMAGE_EXPORT_DIRECTORY structure is 'Name'. According to the COFF spec, this field contains the name of the PE file which exports the symbols. I can programmatically read this field. It does really reference the name of the file which exports the symbols. But, can someone explains the meaning of this field? Why does it actually exist? It looks like it could be used as double-check..
The Name field in IMAGE_EXPORT_DIRECTORY contains the internal name of the module (i.e. original name that was used while building the module). This is useful in the cases where the actual file itself is renamed. For example, NT kernel that supports PAE is named as ntkrnlpa.exe. But, the Name field in its IMAGE_EXPORT_DIRECTORY struct still contains ntoskrnl.exe.
Related
As it says on the tin. I'd like to name folders corresponding to "Channels." I'd personally rather use the human-readable name but I was told halfway through development that names cannot be static (for some reason)
Yes ObjectId's are safe as folder names if by safe you mean are they valid folder name.
For example, an ObjectId is a hex value of characters 0-9 and a-z of length 24, which will always be a valid folder name.
If you mean to ask if the ObjectId carries some sensitive information, you should know that it has the date its corresponding document was created embedded in it. Someone with access to the ObjectId would be able to discover when it was created. Whether this is a concern is up to you.
Installer.ProductInfo is this.
I take this script, and I want to get various information (ex: UpgradeCode), where I can see all parameters, witch I cat set instead of "Version" (here installer.ProductInfo(product, "Version")). Yes, I see For Each property In Array..., but it is not enough for me (where "UpgreadeCode"?)). And where did this Array?
For a full list of supported properties check the description of the szProperty parameter of the MsiGetProductInfo function.
Most properties in this article are specified using predefined constants (e.g. INSTALLPROPERTY_HELPLINK instead of "HelpLink"); the actual string names of these properties are defined in the msi.h header file that is part of Windows SDK. A copy of msi.h v.4.0 can also be found online here.
According to this article http://msdn.microsoft.com/en-us/library/ms809762.aspx?ppud=4
we can name the PE sections with custom names.
So in a PE file which its creator has replaced the sections names with his own names,
now if the ".pdata" section for example isn't called ".pdata" anymore so I can't find it by its name.
how can I find the ".pdata"?
Correct, according to the Windows Portable Executable specification and other source like the ones of Matt Pietrek, sections Names are made for the humans! Typically compilers set "standard" names for specific types of sections content (e.g. ".text" for code, etc..). But, these names are fully ignored by the loader. These sections names can be modified using different methods (using pragma or other tools e.g Peid, etc..). The section of interest (.pdata) is associated the IMAGE_DIRECTORY_ENTRY_EXCEPTION directory.
To find the .pdata section (which is BTW an indicator that the image is 64bit) when it has been renamed, all you need to do is to search for the IMAGE_DIRECTORY_ENTRY_EXCEPTION directory, and based on its content, retrieve the section it is located in (as you can do for all directories).
I have 2 different entities in my core data model: project and issue. Each type has unique attributes, so I want to use different UTI document type for each entity. Each UTI document type should have an extension. Unfortunately, NSPersistentStoreCoordinator allows to set only one file extension.
So my question how to export more than one document type with the same extension.
Have you tried something like this in target->Get Info->Properties:
I haven't tested, but I assume something like this would work.
It's impossible (Mac OS X 10.6).
I want to present the user with a list of known file extensions for him to pick. I know that these are stored in the Registry under HKEY_CLASSES_ROOT usually like this:
.txt -> (default)="txtfile"
where txtfile then contains the information about associated programs etc.
Unfortunately that place in the registry also stores lots of other keys, like the file types (e.g. txtfile) and entries like
CAPICOM.Certificates (whatever that is)
How do I determine which of the entries are file extensions? Or is there a different way to get these extensions like an API function?
(I don't think it matters, but I am using Delphi for the program.)
There is no guarantee that every keys preceded by a dot in HKEY_CLASSES_ROOT is intended for file association, but every file association requires creation of a key preceded by a dot. See MSDN on File Types topic.
AFAIK, the method I describe here conforms with how the Windows Set File Associations feature works to get a list of all known file types. It was based on my former observation when I delved into this subject.
To achieve that, you'll need to do intricate steps as follows:
Enumerating every keys preceded by a dot . , you can use RegQueryInfoKey() and RegEnumKeyEx() for this purpose.
In every keys preceded by a dot, look at the default value data:
a. If the default value is not empty, this is enough indication that the "preceding dot key" is intended for file association in all Windows NT version, then try to open the key name as mentioned by the value data, just says TheKeyNameMentioned.
a1) If there is subkeys shell\open\command under TheKeyNameMentioned, then test the existence of the path pointed by the default value of this key; if the path exists, there is a default application associated with the extension; if the path doesn't exists, the default application is unknown. To get the file extension description, look at the default value of TheKeyNameMentioned. To get the program description, first, test whether the following key contain a value-name equal to the EXE file path, that is HKCR\Local Settings\Software\Microsoft\Windows\Shell\MuiCache. If it is there, then look at the value data to get the file description; if it is not there, use GetFileVersionInfo() directly to get the file description.
a2) If there is no subkeys shell\open\command under TheKeyNameMentioned, then the default application is unknown. To get the file extension description, look at the default value of TheKeyNameMentioned.
b. On Windows Vista and later, when the point [a] fails, you need additional check. If the default value is empty, test whether the key has a subkey named OpenWithProgIDs.
If OpenWithProgIDs subkey exists, use RegEnumValue() to find the first encountered value name that meets the criteria, that is, the name of the value name must point to an existing key (just says TheKeyNameMentioned.) with the same name as the value name. If TheKeyNameMentioned exists, this is enough indication that the "preceding dot key" is intended for file association. Read point a1 and a2 for the next steps.
If OpenWithProgIDs subkey doesn't exist, the default application is unknown. To get the file extension description, look at the default value of TheKeyNameMentioned.
Hope that helps. :-)
For a command-line alternative, the assoc command-line program included in Windows shows registered file extensions.
c:\> assoc
.3g2=VLC.3g2
.3gp=VLC.3gp
.3gp2=VLC.3gp2
.3gpp=VLC.3gpp
...
I'm not sure which verb this looks for. Open perhaps? I'm also not sure which extensions will appear in this list. Perhaps the extensions of files that can open from the command line.
To then find out which executable is mapped to each file type, the ftype command will tell:
c:\> ftype VLC.3g2
VLC.3g2="c:\vlc.exe" --started-from-file "%1"
IMHO - all those registry subkeys starting with the dot (.) - are for file extensions.
For instance in your case .txt stands for the "txt" extension, whereas txtfile doesn't start with the dot.
I don't know the details, but it seems you could use the IQueryAssociations interface.