Res: Protocol

TeN. potgnayiaH. wwW vbs small shop

Enter the following URL in IE to see what is going on?

Res: // shell32.dll/2/131

Res: // C: WINDOWSsystem32driversestbus. sys/16/1

Res: // notepad.exe/16/1

Res: // shell32.dll/16/1

Can it be used to analyze the exe dll sys version? All files in Win32 PE format can be analyzed using res: // protocol. The second digit is the resource type, which is defined in winuser. h of VC ++.

# Define RT_CURSOR MAKEINTRESOURCE (1)
# Define RT_BITMAP MAKEINTRESOURCE (2)
# Define RT_ICON MAKEINTRESOURCE (3)
# Define RT_MENU MAKEINTRESOURCE (4)
# Define RT_DIALOG MAKEINTRESOURCE (5)
# Define RT_STRING MAKEINTRESOURCE (6)
# Define RT_FONTDIR MAKEINTRESOURCE (7)
# Define RT_FONT MAKEINTRESOURCE (8)
# Define RT_ACCELERATOR MAKEINTRESOURCE (9)
# Define RT_RCDATA MAKEINTRESOURCE (10)
# Define RT_MESSAGETABLE MAKEINTRESOURCE (11)
# Define RT_VERSION MAKEINTRESOURCE (16)
# Define RT_DLGINCLUDE MAKEINTRESOURCE (17)
# Define RT_PLUGPLAY MAKEINTRESOURCE (19)
# Define RT_VXD MAKEINTRESOURCE (20)
# Define RT_ANICURSOR MAKEINTRESOURCE (21)
# Define RT_ANIICON MAKEINTRESOURCE (22)
# Define RT_HTML MAKEINTRESOURCE (23)

Res: // very useful. It can be used to extract images, AVI, cursors, and icons.

There is also a very NB-specific sysimage protocol used to analyze file icons. It seems that Microsoft has blocked this Protocol only after the last Vulnerability Detected by a file, ie7.

Detailed usage of the "RES: //" protocol in IE

"RES: //" is a predefined protocol of IE 4.0. Its syntax is: "RES: // resource file [/resourcetype]/resource id ".

Resource file: The file name of the module containing resources. Note that the path separator here can only use "", rather than "/".

Resourcetype: Resource type. It is a string or number. Common resource types correspond to a number. For example, BITMAP corresponds to RT_BITMAP = 2. These constants are defined in WINUSER of VC ++. H can be found. If the resource type is a number, add "#" before the number. Resourcetype can be omitted. The default value is RT_HTML = 23, which is the HTML file. RT_HTML is not defined in VC ++ 5.0, but is now widely used.

Resource id: ID of the resource.

VBS code:

Dim oInfo,
A = InputBox ("Full file path? ", Wscript. ScriptName," shell32.dll ")
Msgbox
Set oVer = WScript. GetObject ("res: //" & a & "/16/1 ")
WScript. Sleep 500
OInfo = Split (oVer. body. innerHTML, Chr (01 ))
For I = 1 To UBound (oInfo)
WScript. Echo oInfo (I)
Next