Binary: A Plugin for Identifying EXE/DLL Files by Architecture-Type

A collection of especially useful xplorer² topics and ideas. New users may find it helpful to look here before searching the other forums for information. >>>>>> Please post new material in the relevant forum. (New stuff posted here will be removed.) Thanks. -fg-

Moderators: fgagnon, nikos

Kilmatead
Platinum Member
Platinum Member
Posts: 4569
Joined: 2008 Sep 30, 06:52
Location: Dublin

Binary: A Plugin for Identifying EXE/DLL Files by Architecture-Type

Post by Kilmatead » 2017 Mar 25, 15:15

As a disclaimer, I should say that if you're not a developer, geek, anorak, or the type of person who intuitively understands why dogs like to stick their heads out of car-windows when speeding down the dual-carriageway, then this plugin probably isn't for you.

It's not very exciting. It's not sexy. It's not even very flexible. All it does is show whether a binary file is 64-bit or 32-bit. That's it. But if you ever needed to locate/sort/verify or quickly view multiple files by their internal PE-Header architecture-type, then this is for you. Especially useful for searching, as it works in x2 and DeskRule alike.

Image

Installation

This is a WDX "Content" Plugin; all you need is the x2 Plugin Manager (no installation required), and, of course, the plugin itself: Binary v0.0.0.1

Extract the archive, run the plugin manager, then drag-&-drop either the 64-bit (WDX64) or 32-bit (WDX) plugin into the window and click "Apply".

Once x2 has restarted, use <Alt+K> to enter the column selection dialog, and scroll to the bottom of the available columns list - there you'll find a new entry named "Architecture.Binary [X]" - just double-click it and you're done.

The plugin automatically creates a detection-string for EXE and DLL files, but you can add any other extensions you like which are Win-PE types such as OCX, CPL, and DRV (for example, even plugin extensions like 'WDX' are really just renamed DLL files). Please see the x2 Plugin Manager for more details about detection-strings.

Why did you create this thing?

Having a need to verify the architecture of DLL's system-wide, I couldn't find a means of searching through (and for) binaries by their compiled bit-types alone using any of the billions of system properties already available to the average dog-eared x2 user.

As it turns out, there isn't actually a property for this sort of thing, so instead of me running around urinating on every tree in the garden looking for just the right one in need of watering, I decided to plant my own. :wink:

If you look on the internet, there's all sorts of makeshift/workaround methods that people use for this - everything from doing blind searches for specific byte-sequences, to just loading them one by one into dedicated PE-Viewing utilities and looking at the details. Painful, often imprecise, awkward, and of absolutely no use to dogs with their heads in the wind.

All I really wanted was a simple method of searching for text like "32" or "64" in a property field, and the rest would fall into place. To achieve this, the proper method of byte-walking the image-headers to identify the machine-types (_I386 & _IA64/_AMD64) is somewhat complex, but that's what learning is all about (source-code is included, organised into a simple self-contained function which can be exported to other projects easily).

There is an alternate TC Plugin called ExeFormat which can supply similar information (and a bit more), but I wanted a smaller, dedicated, customisable solution. Take your pick. :shrug:

Can the text be customised?

Sure, just open the Binary.ini file (automatically created wherever you placed the plugin itself), and edit the strings to your heart's content. A restart of x2/DeskRule will be required for changes to take effect.

Code: Select all

[Binary]
ColumnName=Architecture
Labels=<?>|x86 (32-Bit)|x64 (64-Bit)
Enjoy.
Last edited by Kilmatead on 2017 Jul 19, 09:49, edited 1 time in total.

User avatar
nikos
Site Admin
Site Admin
Posts: 14355
Joined: 2002 Feb 07, 15:57
Location: UK
Contact:

Re: Binary: A Plugin for Identifying EXE/DLL Files by Architecture-Type

Post by nikos » 2017 Mar 26, 09:58

reinventing the wheel is very educational for the self, albeit irrelevant/waste of effort for the society at large :)

Kilmatead
Platinum Member
Platinum Member
Posts: 4569
Joined: 2008 Sep 30, 06:52
Location: Dublin

Re: Binary: A Plugin for Identifying EXE/DLL Files by Architecture-Type

Post by Kilmatead » 2017 Mar 26, 12:42

Not really - it also serves as a perfectly-formed example of how a simple WDX plugin is structured, without zillions of extra columns and attending functions spread over multiple files (as larger projects would incur). If someone were to look at the source for Khronos, for example, they'd have to sift through three and a half thousand lines of nonsense, whereas this one provides the bare necessities to understand:
  • - 1 column
    - 1 small clearly defined function to service that column
    - a simple means of auto-creating/reading an attending INI
    - and a default auto-created detection-string
...all rolled into a single file that anyone could compile with a minimum of fuss - including a pared-down content header that doesn't include all the superfluous stuff that doesn't apply to x2's implementation of plugins (i.e., all the crap you didn't bother to import, but neglected to mention in your own lack of documentation). :wink:

If you look through the "suggested" examples for creating a plugin from scratch, it takes awhile to figure out what you do and don't need, and to jettison the bad-habits of bloat that are found in almost all other projects. When I was trying to create my first plugin, I would have been only too happy if someone just provided an idiot-proof example (even a column that displayed "Hello World"), so I could figure out how it worked instead of digging through reams of stuff that didn't matter.

Considering that you can create a (minimum) working plugin in around 25-lines of necessary code, which anyone could understand to get the basics, it's surprising that such examples are few and far between.

Thus, while "Binary" is technically duplicate content, that doesn't matter as even your daughter (if she were to know C) would be able to transplant her own code directly into it in 5 minutes without getting too confused (except for the schizophrenic Unicode/Non-Unicode stuff which should never have been allowed to exist in the first place). All the "attending functions" can be largely ignored and left in place to scale to extra columns, etc, as needed in other projects.

Thus, on the odd chance that someone other than myself might try their hand at this merry-go-round, it's quite relevant.

Image

Kilmatead
Platinum Member
Platinum Member
Posts: 4569
Joined: 2008 Sep 30, 06:52
Location: Dublin

Re: Binary: A Plugin for Identifying EXE/DLL Files by Architecture-Type

Post by Kilmatead » 2017 Mar 26, 12:59

Well, ok, 28-lines, give-or-take, ignoring contentplug.h itself:

Code: Select all

#include <Shlwapi.h>
#include "contentplug.h"
#define FieldCount 1
#define HELLO 0

char FieldNames[FieldCount][25] = { "Hello" };
int FieldTypes[FieldCount] = { ft_stringw };

BOOL APIENTRY DllMain(HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) {
	return TRUE;
}

int __stdcall ContentGetValueW(LPWSTR FileName, int FieldIndex, int UnitIndex, void *FieldValue, int maxlen, int flags) {
	switch (FieldIndex) {
		case HELLO :
			wcscpy(FieldValue, L"World");
			break;
		default :
			return ft_nosuchfield;
	}
	return FieldTypes[FieldIndex];
}

int __stdcall ContentGetSupportedField(int FieldIndex, char *FieldName, char *Units, int maxlen) {
	if (FieldIndex < 0 || FieldIndex >= FieldCount)	return ft_nomorefields;
	strcpy(FieldName, FieldNames[FieldIndex]);
	return FieldTypes[FieldIndex];
}

Kilmatead
Platinum Member
Platinum Member
Posts: 4569
Joined: 2008 Sep 30, 06:52
Location: Dublin

Re: Binary: A Plugin for Identifying EXE/DLL Files by Architecture-Type

Post by Kilmatead » 2017 Mar 26, 13:10

If we were really bored, we could have a competition to create the smallest, most least-useful plugin possible, while still remaining functional. The above could be stripped down even more, if one was really trying to prove a point. :wink:

I do miss Dr. Dobb's monthly "most obfuscated code" competition. Classic stuff that. <sigh>

Read my first issue exactly 37 years ago. Scary. (Even scarier that I remember that.)

Damn kids these days could learn a lot from having to type in programmes from magazines just to see how they work. Yeah. Damn kids. Get off my lawn! :D

User avatar
FrizzleFry
Platinum Member
Platinum Member
Posts: 1141
Joined: 2005 Oct 16, 19:09

Re: Binary: A Plugin for Identifying EXE/DLL Files by Architecture-Type

Post by FrizzleFry » 2017 Mar 26, 17:20

Is there a column that shows the length of the filename?

That should be a fairly easy and small plugin.

Kilmatead
Platinum Member
Platinum Member
Posts: 4569
Joined: 2008 Sep 30, 06:52
Location: Dublin

Re: Binary: A Plugin for Identifying EXE/DLL Files by Architecture-Type

Post by Kilmatead » 2017 Mar 26, 18:12

That would be Characters [S], no? That one shows the length of the full path, not, though, the actual filename itself if that's what you're after. :shrug:

User avatar
FrizzleFry
Platinum Member
Platinum Member
Posts: 1141
Joined: 2005 Oct 16, 19:09

Re: Binary: A Plugin for Identifying EXE/DLL Files by Architecture-Type

Post by FrizzleFry » 2017 Mar 26, 20:00

I had forgotten about Characters [S] but what I could use from time to time is the filename length rather than the length of the whole path.

Maybe I'll enter your smallest, most least-useful plugin possible competition :)

Kilmatead
Platinum Member
Platinum Member
Posts: 4569
Joined: 2008 Sep 30, 06:52
Location: Dublin

Re: Binary: A Plugin for Identifying EXE/DLL Files by Architecture-Type

Post by Kilmatead » 2017 Mar 26, 21:08

If you take the source code from above and just change (in FieldTypes) ft_stringw to ft_numeric_32, you can more or less just use it stock.

In the interests of being long-path-compliant in ContentGetValueW, don't use PathFindFileNameW, but rather (maybe adding some error-checking later) something like:

Code: Select all

*(INT32 *) FieldValue = wcslen(wcsrchr(FileName, L'\\')) - 1;
'Nuff hints? :D

If you can't get it to work, just yodel, and I'll whip it up for ye. :shrug: At least try though - it's easier than it looks and will let you feed your whole village in the future with the milk it produces. Unless, of course, you don't know C, in which case you'll have a rather skinny goat and an unhappy village. :sad:

User avatar
nikos
Site Admin
Site Admin
Posts: 14355
Joined: 2002 Feb 07, 15:57
Location: UK
Contact:

Re: Binary: A Plugin for Identifying EXE/DLL Files by Architecture-Type

Post by nikos » 2017 Mar 27, 05:45

unless you want to dive in another self-discovery trip, here's the abbreviated version
http://www.bleichroth.info/pub/wdx/wdx_ ... unt.html#2

Kilmatead
Platinum Member
Platinum Member
Posts: 4569
Joined: 2008 Sep 30, 06:52
Location: Dublin

Re: Binary: A Plugin for Identifying EXE/DLL Files by Architecture-Type

Post by Kilmatead » 2017 Mar 27, 06:15

"Give a man a fish and you feed him for a day; teach a man to fish and you feed him for a lifetime."

:shrug:

Surely I can't be the only one to see that the deplorable "App-For-That" culture leads to nothing but a pseudo-civilisation of unimaginative docile puppies who live to be slaughtered by Mongols. There's a line to be drawn where helping people do something beyond them is one thing, but spoiling them is something entirely destructive. :cry:

User avatar
nikos
Site Admin
Site Admin
Posts: 14355
Joined: 2002 Feb 07, 15:57
Location: UK
Contact:

Re: Binary: A Plugin for Identifying EXE/DLL Files by Architecture-Type

Post by nikos » 2017 Mar 27, 06:57

ah yes, teaching is a noble way of leading one's life into meaning

but I suspect frizzlefry was just trying to make you get the nuts out of the fire :)

Kilmatead
Platinum Member
Platinum Member
Posts: 4569
Joined: 2008 Sep 30, 06:52
Location: Dublin

Re: Binary: A Plugin for Identifying EXE/DLL Files by Architecture-Type

Post by Kilmatead » 2017 Mar 27, 08:40

nikos wrote:
2017 Mar 27, 06:57
I suspect frizzlefry was just trying to make you get the nuts out of the fire
Call me gullible, but when he said he considered entering the "most least-useful plugin competition", I took that optimistically with hope and a song in my long-troubled heart. Just because you're having a late-mid-life existential crisis (buy a Ferrari already!) doesn't mean the rest of us have to sink into the pessimist mudbank with you! :wink:

User avatar
FrizzleFry
Platinum Member
Platinum Member
Posts: 1141
Joined: 2005 Oct 16, 19:09

Re: Binary: A Plugin for Identifying EXE/DLL Files by Architecture-Type

Post by FrizzleFry » 2017 Mar 27, 18:06

I was hoping you would just whip out a quick filename length plugin but you did not take the bait :)

I was trying to compile the binary plugin source with some of the small gcc ports for Windows because installing the free Visual Studio just seems like overkill... but neither MinGW nor Dev-Cpp would compile successfully... I guess I'm not installing everything they need... It's been a long time since I've done any C or C++ programming.
Last edited by FrizzleFry on 2017 Mar 27, 19:32, edited 2 times in total.

Kilmatead
Platinum Member
Platinum Member
Posts: 4569
Joined: 2008 Sep 30, 06:52
Location: Dublin

Re: Binary: A Plugin for Identifying EXE/DLL Files by Architecture-Type

Post by Kilmatead » 2017 Mar 27, 19:24

I only use GCC MinGW (with CodeBlocks IDE) for everything I build, never Visual Studio, so I know it works. Dev-Cpp is just a cheap IDE pasted onto GCC, so it too should work. If you're building for x64, you'll need one of the GCC x64 variants.

If you could show a compile-log (the errors), we might find what's awry. For simplicities sake, compiling the 28-line example above should be easier (including the contentplug.h header, obviously) - how much can go wrong in 28 lines? Doesn't even require any special linker settings. That one can be turned into a name-length thing with just the 2 edits I mentioned, if the pre-cooked one Nikos laundered doesn't suit your needs. At the very least, you can say you built at least one plugin in your life. :wink:
Last edited by Kilmatead on 2017 Mar 27, 19:38, edited 2 times in total.

Post Reply