Embed a resource to a static library (nothing is impossible)

I needed to embed a resource (icon) to a static library so we can deploy just the .lib and .h files with no need to include any graphics or .rc files.

I wanted my static library to be used by any application including such that don’t have any graphic user interface, i.e. Console applications, etc.

I posted a question in Stack Overflow and Code Project and the responses were: That’s not possible…

Here is the question I have posted:

Is there a way to embed resources (such as icons, dialogs) in a c++ (Win32 API) static library? My purpose is to embed an icon in the static library in a way that functions that use LoadIcon will work as if it was a normal .exe so the main application can only link to the static library and include a header file, with no requirement to add other files such as .rc files, or .ico files, etc. Clearly the main application who uses the static library doesn’t have this resource so LoadIcon will fail, however I was wondering if there is a workaround to make it work. A static array with the icon data can work as long as the standard API calls (such as LoadIcon) will work.

To explain further, the person who will be using the static library will only have 2 files: .lib and .h and will not have any .rc file

 

Comments that followed:

“It is not possible, you can stop looking. Consider a DLL project instead.

At Code Project I was pointed to the following Stack Overflow thread:

” I read them but we wish to deploy 2 files: .lib and .h. These solutions require deploying the .rc file and having whoever uses our static library to link / include it as well.”
 
“Then there is no solution from my point of view.
The SO thread covers it all.”

Here is the solution I have found after some research I found a way. Using my method, an icon can be used as an integral part of a static library and such library can be used by any type of application, including a console one (which doesn’t have any resource segment whatsoever).

1. Icon is converted to a static array of BYTE. bin2c can be used for that.

2. Data is converted into a HICON handle. Here is how I have done that:

HICON GetIcon()
{ 
   DWORD dwTmp;
   int offset;
   HANDLE hFile;
   HICON hIcon = NULL;
   offset = LookupIconIdFromDirectoryEx(s_byIconData, TRUE, 0, 0, LR_DEFAULTCOLOR);
   if (offset != 0)
   {
      hIcon = CreateIconFromResourceEx(s_byIconData + offset, 0, TRUE, 0x00030000, 0, 0, LR_DEFAULTCOLOR | LR_DEFAULTSIZE);
   }
   return hIcon;  
}
3. GetIcon is used instead of LoadIcon.
Instead of calling:

I call

m_hIcon = GetIcon()

To test it, I created a Console application and a new static library. I added to the static library the XMessageBox class which allows using a custom icon.
The Console application just calls a function located at the static library and the icon is displayed!

See also:

Flawless Integration with PayPal

We have recently added a unique feature to Wizdome: payment processing embedded in your program using just few lines of source code.

Wizdome has a built-in payment processing engine which allows you to accept payments from any credit card holder (regardless of being a PayPal customer) and pay for unlocking your software or for specific features. As part of Datattoo Recovery, one of our other products, the customer can pay per each MB of successfully restored data.

To process payments you need to choose 2 routes:

  1. Apply as a PayPal developers and obtain your own PayPal credentials
  2. Use Wizdome credentials and receive all payments from Secured Globe, Inc.

Technically, the SG_PayPal API is used as described below. Following, your program can continue as before, while Wizdome will continue monitor the status of each payment initiated and in the event of a successful payment to a Pending Transaction, the credit (“max” value) of the associated Restriction, will be updated accordingly, so if your program checks the allowed maximum value per each per-defined Restriction, the value will become higher and your software can give additional access flawlessly.

Void InitPayPal(BOOL Sandbox, LPTSTR User, LPTSTR password, LPTSTR signature, LPTSTR successUrl, LPTSTR failedURL)

Sandbox – indicates whether you are testing your integration using PayPal's Sandbox account, or going live.

User – your PayPal user name

Password – your PayPal password

Signature – you PayPal signature

successUrl – a url leading to a web page which you wish to be shown after successful payment.

failedURL – a url leading to a web page which you wish to be shown after failed / cancalled payment.

Initiating a payment

When you wish to initiate a payment, you call

BOOL InitiatePaypalPayment(int nUnits, int PricePerUnit, LPWSTR UnitName, LPWSTR RestrictionName)

nUnits (integer) - number of unique needed to be purchased

PricePerUnit (integer) - cost per each unit (in default currency).

UnitName (string) - the name of the unit to be purchased

RestrictionName (string) - optional - the name of any restriction tied to this transaction

For example: if you would like a data recovery software to allow recovery of 15 MB for the price of $15, and provided that a Restriction named “MB_RESTRICTION” was defined, you call this function using the following parameters:

InitiatePaypalPayment(15,1,L”MB”,L”MB_RESTRICTION”);

Currency

By default the currency used for transactions is USD, however that can be changed.

Tying a transaction to a Restriction

Wizdome allows you to tie a transaction (payment) to a Restriction. When you do so, the user will be able to lift or change a Restriction by making a payment and without having to switch versions, restart your program or restart any work done by your end-users.

 

 

Free Forensics Tools

Here are free forensics tools I have added recently:

https://sourceforge.net/projects/chrome-credentials-viewer/

https://sourceforge.net/projects/firefox-credentials-viewer/

https://sourceforge.net/projects/ie-credentials-viewer/

Also you can read about these tools in the following articles:

https://www.codeproject.com/Articles/1164749/The-Secrets-of-Wi-Fi-Credentials

https://www.codeproject.com/Articles/1167954/Firefox-Credentials-Secrets

https://www.codeproject.com/Articles/1167935/The-Secrets-of-Google-Chrome-Credentials

https://www.codeproject.com/Articles/1167943/The-Secrets-of-Internet-Explorer-Credentials

How to play with the ‘date’ taken’ attribute of photos

Original article I have published at Code Project

http://www.codeproject.com/Articles/792931/Date-time-batch-changer-for-photos-and-other-files

Source code

Executable to download

Background

I recently looked for photos and videos of an important event and couldn’t understand why I can’t find any video files, even though I recalled that my wife and my daughter took both photos and videos…

I then realized that our still camera (Nokia D5000) and camcorder (Sony) are both set up with the wrong time, each with a different wrong time… One was 7 hours and 36 minutes earlier and the other was 3 hours later. That was the reason for the confusion, and I spent a lot of time checking backups, etc. thinking my precious files were somehow deleted.  I calculated the correct times of both video and photo files, adjusting their time stamp and happily found out that both occurred within the same time frame, so everything was OK. I then setup the time of the camcorder and the camera to the correct time. and looked for a way to fix the incorrect time stamps of my photos and video files. That is when I decided to program such tool myself…

Introduction

Even though there can be many occasions in which a program like the one I am about to introduce, can be useful, I originally developed it for the purpose of adjusting wrong time stamp of photos and videos, which are a result of incorrect settings or timezone in the camcoder or camera.  The idea is to define the following:

  • Path – where to look (will bring a path dialog box where the user can type or choose the start path to search. For example: c:\ or c:\users\myuser\documents\

  • Query – what to look for (for example all files ending with .AVI, or all files within a certain date, or files which contain a certain string in their name).

  • Date related attributes to apply to– which can be either:

    • Date Created
    • Date Last Modified
    • Date Last Accessed
    • Date Taken
  • Requested change – which can be either:

    • Fixed date and time, for example: 7.7.2014 01:00
    • Relative change of currently stamped date and time, for example: 7 and a half hours earlier (Dec 12, 2014 12:31AM will be adjusted to: Dec 11, 2014 5:01PM)

The Building Blocks

Searching for files based on a given criteria

Our application allows you to either state the extension of files searched for, the name (or part of it) but also to process only files having a certain date/time stamp. I will elaborate about the various attributes files have, which are date/time related in the next section, however, for the simplicity of this article, our program changes all of these attribute at once. A ComboBox is used to allow the user to make the selection among the above options.

Changing a file’s date/time related attributes

There are several attributes which are relevant for our goal, among them:

  • Date Created- The date and time in which the file was first created.
  • Date Modified- The date and time in which the file was last modified.
  • Date Accessed – The date and time in which the file was last accessed.

for photos there is another important attribute: Date Taken. That is the date and time a photo was taken.

For the purpose of the article, “photos” are identified by their extension and include .jpg and .nef (Nokia) photos, but that of course can and should be enhanced.


The Date Taken Property

The Date Taken property appears as one of the optional columns Windows Explorer allows to choose. This property is only valid for photos. Unlike the other date related file properties, this one is taken from the EXIF (Exchange Image File format) of the image file.

In order to read and manipulate the EXIF of the file, I have used exif.cpp and exif.h written by Davide Pizzolato, which based his work on jhead-1.8 by Matthias Wandel.

When a file is identified as a photo, getTakenXap is called:

Then the current “Date Taken” attribute value is used to call parseXapTime.

Calculating date and time differences

If you look at web sites like this one, you can check the possibilities covered in the code, for example changing the date/time stamp of a file so it will show 7 and a half hours backward.

To do such calculations from an application, we can use CTime for storing the time, and CTimeSpan for the calculations.

CTime

The CTime class is used to hold an absolute time and date.

Microsoft provides 7 different constructors for the CTime class which amongst others, allows you to do the following:

  1. Create a time class using a Standard Library time_t calender time.
  2. Create a time class using a dos date and time.
  3. Create a time class using a Win32 SYSTEMTIME or FILETIME
  4. Create a time class using individual entries for year, month, day, hour, minute, and second.

By incorporating the ANSI time_t data type, the CTime class provides all the functionalities discussed above in section 1. It also has methods to get the time in SYSTEMTIME or FILETIME or GMT format.

In addition this class also overloads the +, -, = , ==, <, <<, >> operators to provide many more useful features.

You can find the definition of CTime class in afx.h header file and it is as following:

The Process

First you select the search creteria, and / or a folder where you wish to start…

Alternatively, files can be just dragged and dropped to the dialog box.

Note: in this version only one file can be dragged, but that will be fixed later.

For the purpose of this article, I have created a folder named “test” and copied there many files, and folders. These files are both photos (.jpg) and non photos (.txt).

After the files are found based on the search criteria, selected or dragged and dropped, the process starts. Each file is checked and its date/time attributes are changed.

  • If a certain date and time are requested, the change takes into consideration the local time zone and whether day light savings is on or off.

}

  • An “Undo” button allows reversing any change.
  • The log of the changes that have taken place is displayed on screen, along with the date/time before and after the process.
  • The user can check via check boxes which dates should be changed.
  • The dates include the “Date Taken” attribute which is unique for photos (such as .jpg and camera specific files such as .NEF files (Nikon camera), etc. That is done via accessing the EXIF of the graphic file.

User Interface

As part of my efforts to make my small application user friendly and easy to use, I have done the following:

  • Keeping last entered values:

    Since there are two types of input from the user: a fixed date / time and a relative time (number of hours), which are indicated by setting a Combo box to either “Relative Date” or “Fixed Date”, it is important that when the user switches between the two, the last value entered will be show. For example, if you entered the fixed date “2000/01/01” and then entered 8:30 as a Relative Date, when you select “Fixed Date” again, the last value “2000/01/01” should be shown, and when switching back to Relative Date, the last relative value, “8:30” should be shown as well.

  • Allowing flexible data entry

    It should be possible to enter the following as a fixed date:

    • 2000/01/01 00:00:00
    • 2000/01/01 00:00
    • 2000/01/01

          It should be possible to enter a relative time in various ways:

  • 10 (means 10 hours forward)
  • -5 (means 5 hours backward)
  • 10:30 (means 10 and a half hours forward)

and so on…

  • Error handling

    In case there is an error, such as a file being locked, the log entry of this specific file is marked as “Failed” and the process continues.

Code Signing

As I am involved with large scale projects, my software venture purchases a Code Signing Certificate from Verisign (they cost $499 a year, and are suitable also for Kernel drivers).

To sign an executable, I use a tool named kSign by Commodo.

The difference between signing your executables and not signing them can be explained by the warrning your customer will get when trying to download a non signed executable.

and also:

But if your executable is signed, the user will get this message:

Which is better. Obtaining a Verisign certificate means that your identity (or your company’s identity) are fully verified.

Final Notes

Thanks to Aha-Soft for the icon used for the demo application. Copyright © 2000-2014 Aha-Soft

If you find bugs, please feel free to send me the revised source code Smile | :)

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Target Eye Revealed – part 6

This new article contains another portion of the Target Eye Monitoring System’s source code along with the secret behind the method used by Target Eye to hide its files. Target Eye was able to hide its own files along with all files collected from the target machine, prior to sending it to its operator. The article explains how these files are hidden, along with exposes how to reveal these hidden files.

The default UI

Target Eye uses a simple (and yet unique) mechanism  to hide files but the trick will work on most new Windows systems (including Windows 8) that because the only option to reveal these hidden files is not part of the default user interface of the Windows Files Explorer, so even if the “Show Hidden Items” is checked, the Target Eye hidden files will not be revealed.

You can read more and browse further parts of the Target Eye source code in the following articles:

1.  The first article is about Target Eye’s Auto Update mechanism, and how it is capable of checking for updates, downloading them when there are, installing them and running them instead of the old version currently running, all of the above, with no end-user intervention.

2. The second article was about the Target Eye’s screen capturing mechanism, and how compact JPG files are created combining a reasonable image quality and a small footprint.

3. The third article was about the Shopping List mechanism.

4. The forth article is about Keyboard capturing.

5.The fifth article deals with the packaging used to let our Secret Agent in. In other words, how Target Eye can be used to wrap it with what we refer to as “cover story”

6. The Sixth article explains how files are hidden and when, along with exposing how to reveal these hidden files.

סדרת מאמרים אודות תוכנת Target Eye

Here is a list of articles I have written about Target Eye Monitoring System

Target Eye Revealed – part 1

http://www.codeproject.com/Articles/310530/Target-Eye-Revealed-part-1-Target-Eyes-Unique-Auto

Target Eye Revealed – part 2

http://www.codeproject.com/Articles/460498/Target-Eye-Revealed-part-2-Target-Eyes-Screen-Capt

Target Eye Revealed – part 3

http://www.codeproject.com/Articles/461344/Target-Eye-Revealed-part-3-The-Shopping-List-Mecha

Target Eye Revealed – part 4

http://www.codeproject.com/Articles/635134/Target-Eye-Revealed-part-4-Keyboard-Capturing

Target Eye Revealed – part 5

http://www.codeproject.com/Articles/635384/Target-Eye-Revealed-The-Cover-Story

Target Eye Revealed – part 6

http://www.codeproject.com/Articles/785450/Target-Eye-Revealed-part-6-File-Hiding

2012 במבט לאחור

The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.

Here’s an excerpt:

600 people reached the top of Mt. Everest in 2012. This blog got about 7,100 views in 2012. If every person who reached the top of Mt. Everest viewed this blog, it would have taken 12 years to get that many views.

Click here to see the complete report.

האקרים טורקים הפילו 50 אתרים ישראלים

קבוצת האקרים טורקיים הפילה לאחרונה 50 אתרים ישראלים.

הם כתבו על כך בדף הפייסבוק שלהם

בעליו של אחד האתרים פנה אלי בבקשת עזרה דחופה אותה נתתי בשמחה.

רוב האתרים ברשימה (אם לא כולם) מאוכסנים בשרתים של נט ויזיון. בשל סיבות טכניות (ואחרות) לא ניתן היה לקבל מהם סיוע ממשי. הם שינו את הסיסמה אולם לא עלה בידם לשחזר את תוכן האתר לפני הפריצה.

האתר הפרוץ הוביל לדף בודד ובו התוכן והתמונות הבאות:

ברור ש-50 האתרים נפרצו בהעדר אמצעי אבטחה מינימליים.

לאחר הפריצה, הקשיחה חברת נט ויזיון את הכניסה לשרת, וכך הפך כל נסיון לסייע לקשה יותר. על מנת להכנס לשרת נדרש ממני לתת את כתובת ה-IP שלי, לקבל אישור לכניסה מכתובת זו, ורק אז להכנס. למה חושבים על זה רק אחרי שאתרים נפרצים? (על זה נאמר: too little. Too late). הגבלה כזו הייתה מונעת את הפריצה, ולאחר הפריצה האטה את הסרת דברי הנאצה.

הסעודים שיתפו פעולה

בשלב מסויים חשבתי להסיר את התמונות, ובדקתי היכן הן מאוכסנות. לא הפתיע לגלות שהם מאוכסנות בחברה היושבת בסעודיה. לא היו לי הרבה ציפיות אולם פניתי לאותה חברה בבקשה להסיר תמונות אלה, בשל היותן מסיתות ופוגעות.

התשובה לא אחרה לבוא. למען האמת, תגובת הסעודים הייתה מהירה מתגובת נט ויזיון…

וכך נראה האתר אחרי ההסרה:

לעומת זאת, לא נראה פתרון מהכיוון הישראלי. זה היה מתסכל. חשבתי שזה עניין של דקות. כבר נראה יותר הגיוני לפרוץ מחדש לאתר כדי להחליף פריצה אחת (של הטורקים) בפריצה חדשה (שלנו)…. בסופו של דבר (יום למחרת) לא היה צורך לפרוץ. נט ויזיון הצליחו לסגור את האתר (אם כי לא לשחזר אותו), וזה מוביל לחלק החשוב: איך למנוע פריצה.

איך להגן על אתר בפני פריצה

1. להשתמש בסיסמאות חזקות לממשק עריכת האתר, העלאת תכנים באמצעות FTP (סיסמה נפרדת), התחברות מרחוק לשרת (Remote Desktop) – גם כאן, סיסמה נפרדת.

2. החליפו את הסיסמאות אחת לחודש.

3. השתמשו בסטנדרטי קידוד שימנעו ככל האפשר פריצה באמצעות SQL Injection

4. הגדירו את הכניסה לאתר באופן שמתיר כניסה אך ורק מכתובת (או מספר כתובות) IP, וחוסמת את הכניסה מכתובות אחרות. לחליפין, ניתן לחסום גישה ממדינות מסויימות אולם האקרים יכולים להשתמש בProxie שיתחזה לכתובת מישראל. לעומת זאת, בלתי אפשרי להתחזות לכתובת IP ספציפית.

5. בצעו גיבוי על בסיס קבוע והשתמשו בשירותי אכסון הכוללים גיבוי יומי של השרת.

6. הפעילו Firewall ו-Antivirus על השרת, ובצעו עדכונים באופן קבוע (Windows Update).