Тема: HTA & JScript: Resource Extractor - извлечение ресурсов из PE-файлов
Предлагаю вашему вниманию приложение Resource Extractor, которое предназначено для извлечения всех доступных ресурсов любого типа по меньшей мере в сырой (RAW) формат из PE-файлов (.exe, .dll, .ocx, ...) и из файлов некоторых других типов, перечисленных ниже в списке возможностей приложения, включая поврежденные и запакованные файлы с неприемлемыми сдвигами данных (в этом случае показаны имена ресурсов).
Приложение имеет следующие специальные возможности:
пытается незамедлительно извлечь ресурсы в виде порций бинарных данных на ваш жесткий диск рядом с файлом данного приложения, как только какой-нибудь файл брошен на приемник файлов;
не требует установки какого-либо стороннего программного обеспечения и поддерживает любую версию Windows, начиная с XP (возможно и 2000) с определенными ActiveX объектами, не запрещенными по умолчанию;
полностью написано на JScript в файле скриптового формата HTA и использует следующие ActiveX объекты: WbemScripting.SWbemLocator, WindowsInstaller.Installer, SAPI.SpFileStream, ADODB.Stream, htmlfile с возможностями XML и Shell.Explorer.2, также известный как Microsoft Web Browser;
тестировалось и адаптировано для Windows XP, Windows 7 и Windows 10;
не пишет каких-либо записей в реестр и не сохраняет каких-либо персональных данных на вашем жестком диске;
не выходит в сеть каким-либо другим способом, чем попыткой открыть определенные адреса по нажатию на соответствующие контактные ссылки;
его работа сбалансирована во время того, как оно пытается использовать как можно меньше ресурсов памяти и диска в течение своей работы;
работает под любой локалью (locale), включая китайскую;
работает с именами входящих файлов на любой локали (поддержка символов Юникода в именах);
работает как с 32-битными, так и с 64-битными файловыми путями;
использует безопасные имена для извлеченных ресурсов в формате UTF-8;
поддерживает вложенные папки в именах файлов для извлеченных ресурсов (низкоуровневая внутренняя особенность);
сортирует извлеченные ресурсы по папкам в реальном времени, основываясь на их некоторых свойствах;
упаковывает извлеченные ресурсы каждого типа в соответствующий TAR-архив в реальном времени с целью повышения производительности при использовании меньшего количества обращений к диску при записи и для того, чтобы иметь извлеченные ресурсы в компактном виде;
использует папки без даты последнего изменения для сортировки извлеченных ресурсов с целью повышения производительности (низкоуровневая внутренняя особенность);
извлекает все доступные ресурсы любого типа, включая поврежденные или с неверными сдвигами (показывает их имена) из файлов формата PE;
пытается определить расширение извлеченного ресурса в соответствии с его действительным заголовком;
извлекает иконки, курсоры, PNG-файлы и группы иконок и курсоров из ANI-файлов (одиночных или запакованных в PE);
извлекает иконки, курсоры и PNG-файлы из файла группы иконок и курсоров (одиночного или запакованного в PE);
извлекает иконки, курсоры и PNG-файлы из HTA-файла и других форматов, которые имеют внедренные в них при помощи команды "copy source /B" иконки или курсоры (одиночное извлечение);
извлекает PNG-файлы из файлов иконок или курсоров (одиночных или запакованных в PE);
извлекает и восстанавливает строковые данные (STRINGs) в текст формата Юникод для всех объявленных в winnt.h языков, включая корректное определение хорватского, боснийского, сербского, нижнего и верхнего сорбского (извлечение из PE);
преодолевает сложности с большими ID и разными языками во время извлечения иконок и курсоров (запакованных в PE; низкоуровневая внутренняя особенность);
корректирует данные на выходе, когда их параметры могут быть пропущены или неверны в файле ресурса;
использует ширину, если высота равна нулю, во время извлечения иконок и курсоров (одиночных или запакованных в PE, группы иконок и курсоров или ANI-файла);
использует ширину и высоту PNG-файла, если это возможно, для решения проблем с отсутствующими или неверными данными при извлечении иконок и курсоров (одиночных или запакованных в PE, группы иконок и курсоров или ANI-файла);
использует ширину PNG-файла, если его высота равна нулю, во время извлечения иконок и курсоров (одиночных или запакованных в PE, группы иконок и курсоров или ANI-файла);
использует глубину цвета 32 bit в случае, если она меньше 1 или больше 32, во время извлечения иконок и курсоров (одиночных или запакованных в PE, группы иконок и курсоров или ANI-файла);
сортирует курсоры, GIF-файлы и PNG-файлы по ширине и высоте;
сортирует иконки и BMP-файлы по ширине, высоте и глубине цвета;
сортирует строковые данные по основному языку;
сортирует ресурсы неизвестного формата по их первым 4 байтам заголовка.
Приложение демонстрирует:
как работать с настоящими байтами и данными в hex-формате;
как работать с файловыми потоками и потоками памяти в JavaScript;
как писать несжатые TAR-архивы;
как скрыть HTA во время его динамического создания;
как запустить HTA в виде 64-битного процесса без использования системных путей;
как получить часть HTML в скрипте (подход может быть также использован при написании WScript-скриптов);
как решить подтвержденные проблемы с немедленным вызовом <moveTo> или <resizeTo> при старте в Windows XP
и как передать и использовать переменные среды для процесса, созданного с помощью WMI.
Приложение имеет следующие текущие ограничения:
файловая сигнатура <MZ> рассматривается по умолчанию как "DLL" формат;
отсутствует сортировка при извлечении для известных элементов, если они обнаружены в неподходящих ресурсных секциях;
упакованные файлы не поддерживаются по умолчанию;
некоторые элементы со сложной структурой таких типов, как: ACCELERATOR, DIALOG, MENU и VERSION - не восстанавливаются, а извлекаются только в сыром (RAW) формате.
Работа с приложением.
Для запуска приложения скопируйте его исходный код и сохраните его в текстовом файле, сменив его расширение на "hta".
Запуск приложения осуществляется двойным нажатием, как и в случае с обычной программой.
Извлекайте ресурсы из файлов соответствующих типов перетаскиванием этих файлов на приемник файлов данного приложения.
Disclaimer (отказ от ответственности).
Используйте данное приложение полностью на свой страх и риск.
Как и любое другое программное обеспечение, оно может содержать ошибки или даже представлять опасность для вашего компьютера в случае его неправильного использования.
Это приложение является бесплатным программным обеспечением, защищенным авторским правом, и я не несу никакой ответственности за любые повреждения или потерю данных, которые оно могло бы непреднамеренно нанести.
Вы можете изменять его, но, пожалуйста, оставьте комментарий с прямой ссылкой на https://tastyscriptsforfree.wix.com/page/scripts в этом случае.
Исходный код приложения:
Рекомендую использовать AkelPad для просмотра сохраненного приложения с правильными отступами.
<script>
/*
Resource Extractor v4.8.0 (h t t p s://tastyscriptsforfree.wix.com/page/scripts)
Copyright 2017-2020 Vladimir Samarets. All rights reserved.
tastyscriptsforfree@protonmail.com
Initially based on Icon Extractor by Joe Priestley (h t t p s://jsware.net)
and its modification - IconSiphon by Dave Gilpin (h t t p://gilpin.us)
written in VBScript.
Release date: October 15, 2020.
Use this application entirely at your own risk. As any software it could contain bugs or can be even dangerous to your computer in case of its misusage.
This application is copyrighted freeware and I am not responsible for any damage or data loss it could unintentionally cause.
You may modify it but please leave a comment with direct link to https://tastyscriptsforfree.wix.com/page/scripts in that case.
*******
Changes since the last version:
added a workaround for Windows XP to close previous HTA instance properly;
increased perfomance by excluding VBScript and using WindowsInstaller.Installer Record instead of SAPI.SpFileStream for input data processing and by taking into account
ADODB.Stream memory restrictions especially for Windows XP;
less disk access during single extractions;
added a new case and a message part for situation when a file is too big to be processed;
corrected some mistypings in comments.
*******
The purpose of this application:
the application is intendent for extracting of all available resources of any type at least in RAW format from PE files and from some other file types listed below including corrupted or
packed files with inappropriate data shifts (it shows resource names in that case).
*******
The application has the following special features:
it attempts to extract resources immediately as portions of binary data to your hard disk near the application file since some file is dropped on the drop target;
it requires no third party software installation and supports any Windows version since XP with certain ActiveX objects not restricted by default;
it is entirely written in JScript in HTA scripting file format and uses the following ActiveX objects: WbemScripting.SWbemLocator, WindowsInstaller.Installer, SAPI.SpFileStream,
ADODB.Stream, htmlfile with XML features and Shell.Explorer.2 also known as Microsoft Web Browser;
it was tested and adapted for Windows XP, Windows 7 and Windows 10;
it writes no registry values and stores no personal settings on your hard disk;
its work is balanced while it tries to use as less memory and disk resources as possible during its work;
it works in any locale including Chinese;
it works for input files named in any locale (Unicode names support);
it works both for 64 and 32 bit file paths;
it uses safe UTF-8 file names for extracted resources;
it supports nested folders in file names for extracted resources (deep internal feature);
it sorts extracted resources by some of their properties by placing them in corresponding folders in real time;
it packs extracted resources of each type to corresponding TAR archive in real time in order to increase perfomance by using less disk writes and have resources in compact view;
it uses folders with no modification date for extracted resources sorting in order to increase perfomance (deep internal feature);
it extracts all available resources of any type including corrupted or improperly shifted (it shows their names) from PE format files;
it tries to detect extension of extracted resource according to its actual header;
it extracts ICOs, CURs, PNGs and groups of ICOs and CURs from ANI file (single or packed into PE);
it extracts ICOs, CURs, PNGs from ICOs or CURs group file (single or packed into PE);
it extracts ICOs, CURs, PNGs from HTA file and other formats which have icons or cursors embedded in them with "copy source /B" command (single);
it extracts PNGs from ICO or CUR file (single or packed into PE);
it extracts and reconstitutes STRINGs into Unicode TXT format for all declared in winnt.h languages including correct CROATIAN, BOSNIAN, SERBIAN, LOWER_SORBIAN and
UPPER_SORBIAN languages detection (packed into PE);
it settles issues with big IDs and different languages during icons and cursors extraction (packed into PE; deep internal feature);
it corrects output data when its parameters could be missed or wrong in resource file;
it uses width if height is 0 during extraction of icons and cursors (single or packed into PE, ICOs and CURs group or ANI file);
it uses PNG width and height if possible to settle issues with absent or wrong data during extraction of icons and cursors (single or packed into PE, ICOs and CURs group or ANI file);
it uses PNG width if PNG height is 0 during extraction of icons and cursors (single or packed into PE, ICOs and CURs group or ANI file);
it uses 32 bit depth in case bit depth is less than 1 or greater than 32 during extraction of icons and cursors (single or packed into PE, ICOs and CURs group or ANI file);
it sorts cursors, GIFs and PNGs by width and height;
it sorts icons and bitmaps by width, height and bit count;
it sorts strings by primary language;
it sorts unknown resources by their first 4 bytes.
*******
The application demonstrates:
how to work with true bytes and hex data;
how to work with file and memory streams in JavaScript;
how to write uncompressed TAR archives;
how to hide HTA while having it dynamically created;
how to launch HTA as 64 bit without using system paths;
how to obtain HTML part in scripting (could be also used for WScript scripting);
how to deal with confirmed immediate <moveTo> or <resizeTo> issues at application start in Windows XP;
how to deal with confirmed <BeforeNavigate2> issue of Web Browser in Windows XP
and how to pass and use environment variables for process created by WMI.
*******
The application has the following current limitations:
<MZ> file signature is treated as DLL by default;
known items found in inappropriate resource sections are not sorted during extraction;
packed files are not supported by default;
some items with complex structure such as ACCELERATORs, DIALOGs, MENUs and VERSIONs are not reconstituted but extracted in RAW format only.
*******
Basic source codes, documentation and articles I used:
'IconSiphon' source code I started with that was kindly shared by Dave Gilpin along with suggestions of what to read at first;
'Icon Extractor' source code I found on JSWare and continued with;
'Resource section of PE files as relates to the icon extractor scripts from JSWare.' (from iconex.zip of Icon Extractor) by Joe Priestley
(h t t p s://w w w.jsware.net/jsware/scrfiles.php5#iconextr);
'The Portable Executable File Format from Top to Bottom' by Randy Kath (1997)
(h t t p://w w w.csn.ul.ie/~caolan/pub/winresdump/winresdump/doc/pefile2.html);
'Peering Inside the PE: A Tour of the Win32 Portable Executable File Format' by Matt Pietrek (March, 1994)
(h t t p s://docs.microsoft.com/en-us/previous-versions/ms809762(v=msdn.10));
'Icons in Win32' by John Hornick (September 29, 1995)
(h t t p s://docs.microsoft.com/en-us/previous-versions/ms997538(v=msdn.10));
'File Resource Management Library (.NET)' by Daniel Doubrovkine (September 16, 2009)
(h t t p s://w w w.codeproject.com/Articles/27373/File-Resource-Management-Library-NET);
'Create and work with binary data in ASP/VBScript' by Antonin Foller
(h t t p s://w w w.motobit.com/tips/detpg_BinASP/);
'Convert a binary data (BinaryRead) to a string by VBS' by Antonin Foller
(h t t p s://w w w.motobit.com/tips/detpg_binarytostring/);
'VBS: Easy way of base64 decoding' by mozers, JSman and Xameleon (March, 2012) in Russian
(h t t p://forum.script-coding.com/viewtopic.php?id=6957);
'VBS: ADODB.Stream analog that does not load all file into memory at once' by Xameleon and JSman (March, 2010) in Russian shows basic usage of SAPI.spFileStream
(h t t p://forum.script-coding.com/viewtopic.php?id=4284);
'WSC: Script Component for reading file resources via r e s:// protocol' by Xameleon (February, 2017) in Russian
(h t t p://forum.script-coding.com/viewtopic.php?id=12420);
'Extracting MSI Resources' by Joe Priestley shows basic usage of WindowsInstaller.Installer
(h t t p s://w w w.jsware.net/jsware/msicode.php5#extres);
'"Not enough storage is available to complete this operation" when base64-encoding a zip file' discussion on stackoverflow.com describes memory restrictions
you should be aware of while working with ADODB.Stream
(h t t p s://stackoverflow.com/questions/41237920/not-enough-storage-is-available-to-complete-this-operation-when-base64-encodin);
'Resource Types' (May 31, 2018) by Microsoft Corporation
(h t t p s://docs.microsoft.com/en-us/windows/win32/menurc/resource-types);
'File Format Specifications' by Jorn Daub
(h t t p://w w w.daubnet.com/en/file-formats);
'Tutorial Aufbau von: .ani Cursor RIFF-Dateien' by Tools and Tips in German
(h t t p://w w w.toolsandtips.de/Tutorial/Aufbau-Animierte-Cursor.htm);
'Tutorial Aufbau von: Icon und Cursor Dateien' by Tools and Tips in German
(h t t p://w w w.toolsandtips.de/Tutorial/Aufbau-Icon-Cursor.htm);
'Tutorial Aufbau von: DIB-, .bmp, Bitmap-Dateien' by Tools and Tips in German
(h t t p://w w w.toolsandtips.de/Tutorial/Aufbau-Bitmap-bmp-DIB.htm);
'Tutorial Aufbau von: Ressourcen- .res-Dateien' by Tools and Tips in German
(h t t p://w w w.toolsandtips.de/Tutorial/Aufbau-Ressource-res.htm);
'Introduce Animated Cursors to Java GUIs, Part 2' by Joseph W. Wilkinson (April 18, 2008)
(h t t p s://w w w.informit.com/articles/article.aspx?p=1189080);
'PNG (Portable Network Graphics) Specification' by Mark Adler and others (October 01, 1996)
(h t t p s://w w w.w3.org/TR/REC-png-961001);
'The format of string resources' by Raymond Chen (January 30, 2004)
(h t t p s://devblogs.microsoft.com/oldnewthing/20040130-00/?p=40813);
'String Resources' by Aaron Ballman (December 08, 2011)
h t t p://blog.aaronballman.com/2011/12/string-resources/);
'winnt.h' by Microsoft Corporation;
'Using Windows Resource Language Codes for Attribution' by Tyler (December 23, 2014)
(h t t p s://blog.korelogic.com/blog/2014/12/23/resource_language_codes);
'Windows Locale Codes - Sortable list' by Israel Hanukoglu
(h t t p s://w w w.science.co.il/language/Locale-codes.php);
'To learn numbers of resources' discussion on stackoverflow.com
(h t t p s://stackoverflow.com/questions/6499930/to-learn-numbers-of-resources);
'List of file signatures' (July 31, 2020)
(h t t p s://en.wikipedia.org/wiki/List_of_file_signatures);
'tar (computing)' by ggkarir.com
(h t t p://ggkarir.com/IT/en/107-4/tar_15240_ggkarir.html);
'VBScript Scripting Techniques: Environment Variables' by Rob van der Woude
(h t t p s://w w w.robvanderwoude.com/vbstech_data_environment.php);
'Using Win32_ProcessStartup to change environment' post by Rico Rosenlund
(h t t p s://microsoft.public.scripting.wsh.narkive.com/hW1GURnH/using-win32-processstartup-to-change-environment);
'VBScript Scripting Techniques: HTAs' by Rob van der Woude
(h t t p s://w w w.robvanderwoude.com/vbstech_hta.php);
'Hacking around HTA files' by Emeric Nasi explains embedding icon into HTA
(h t t p://blog.sevagas.com/?Hacking-around-HTA-files);
'InternetExplorer and WebBrowser objects' by Ludogovskiy Aleksander in Russian
(h t t p s://script-coding.com/WSH/WebBrowser.html);
'Windows Script 5.6 Documentation' (script56.chm) by Microsoft Corporation
(h t t p s://w w w.microsoft.com/en-us/download/confirmation.aspx?id=2764);
'MSDN' related documentation by Microsoft Corporation
(h t t p s://docs.microsoft.com/en-us/);
'Binary Files and the File System Object Do Not Mix' by Eric Lippert (April 20, 2005)
(h t t p s://docs.microsoft.com/en-us/archive/blogs/ericlippert/binary-files-and-the-file-system-object-do-not-mix);
'The Absolute Minimum Every Software Developer Absolutely, Positively Must Know About Unicode and Character Sets (No Excuses!)' by Joel Spolsky (October 8, 2003)
(h t t p s://w w w.joelonsoftware.com/2003/10/08/the-absolute-minimum-every-software-developer-absolutely-positively-must-know-about-unicode-and-character-sets-no-excuses/);
'Currupted file in non-english locale (encoding problem?)' discussion on stackoverflow.com
(h t t p s://stackoverflow.com/questions/57220922/currupted-file-in-non-english-locale-encoding-problem/57271085#57271085);
Windows XP BeforeNavigate2 issue:
'BUG: The BeforeNavigate2 event of the WebBrowser control does not fire if hosted in a Visual Basic .NET 2002 application'
on c-bit.net and support.microsoft.com (September 14, 2005)
(h t t p://c-bit.net/kb/311298/EN-US/, h t t p://support.microsoft.com/kb/311298/EN-US/);
'BUG: The BeforeNavigate2 Event of WebBrowser Control Does Not Fire If Hosted in a Visual C# .NET Application'
on c-bit.net and support.microsoft.com (June 25, 2004)
(h t t p://c-bit.net/kb/325079/EN-US/, h t t p://support.microsoft.com/kb/325079/EN-US/);
Windows XP moveTo and resizeTo issues:
'"Access is denied" by executing .hta file with JScript on Windows XP x64' discussion on stackoverflow.com (January 21, 2009)
(h t t p s://stackoverflow.com/questions/464679/access-is-denied-by-executing-hta-file-with-jscript-on-windows-xp-x64);
'Something strange with HTAs' discussion on social.technet.microsoft.com (September 19, 2011)
(h t t p s://social.technet.microsoft.com/Forums/officeocs/en-US/92bf1e76-ebd5-4462-bd52-533e69305a5c/something-strange-with-htas?forum=ITCG).
*******
Basic software I used:
AkelPad 4.9.8 by Aleksander Shengalts and Alexey Kuznetsov (as development environment)
(h t t p://akelpad.sourceforge.net/en/download.php);
OLE/COM Object Viewer v2.10.059 (oleview.exe) by Charlie Kindel, Michael Nelson, and Michael Antonio (for documentation purposes);
Resource Hacker v5.1.7 by Angus Johnson (for testing purposes)
(h t t p://w w w.angusj.com/resourcehacker/);
Restorator v3.90 by Bome Software (for testing purposes)
(h t t p s://w w w.bome.com/products/restorator#downloads2);
PE Explorer v1.99 by Heaventools Software (for testing purposes)
(h t t p://w w w.heaventools.com/download-pe-explorer.htm).
*/
offscreenBuffering=true; //postpone the application window appearance till its UI is ready
var O=function(o){return new ActiveXObject(o);},
WSS=O('WScript.Shell'),
env=WSS.Environment('Process'),
cP=decodeURIComponent(location.pathname); //current path
var h=document.documentElement.firstChild; //head
if(env('is64bit')) //checks whether the application is launched as 64 bit or not and launches it as 64 bit in order to process 64 bit locations
{
resizeTo(380,204);
h.insertBefore(document.createElement('<hta:application maximizeButton=no border=dialog contextMenu=no selection=no innerBorder=no scroll=no>'),h.firstChild);
document.title='Resource Extractor';
var SF=O('WindowsInstaller.Installer').CreateRecord(1), //source file stream
S=O('ADODB.Stream'), //source memory stream
CM=O('ADODB.Stream'), //common memory stream
T=O('ADODB.Stream'), //TAR memory stream
TF=O('SAPI.SpFileStream'), //TAR file stream
/*
SAPI.SpMemoryStream could be easier to use because it allows writing strings along with bytes in mixed data mode <Text> without
switching between these modes and because it allows jumps forward over unwritten bytes by using <Seek> while ADODB.Stream doesn't
but SAPI.SpMemoryStream is dirty (not filled with zero bytes) and slower in Windows XP in case of such jumps while VBScript is also much slower
than JScript so ADODB.Stream in JScript is used as memory stream here instead of SAPI.SpMemoryStream in VBScript.
[
Unfortunately, no other ActiveX objects known to me and built in any Windows by default rather than SAPI.SpFileStream or WindowsInstaller.Installer
return true bytes one by one or return true bytes in JScript without their changes during file reading:
SAPI.SpFileStream <Read> method requires access to data by reference where VBScript is needed so it's not acceptable because pure JScript is expected while
JScript neither supports accessing data by reference nor it accepts changes of objects or their properties by default used as output data for ActiveX objects,
however JScript does accept such output object changes, for example, for XML <transformNodeToObject>, so this output data
behaviour depends on certain ActiveX object or component.
I can confirm that Scripting.FileSystemObject can change a group of true bytes it reads in a way inappropriate for true bytes
especially for locales similar to Chinese so it does not preserve all true bytes during reading,
but I can also confirm it can read, can return in JScript and write in appropriate way blocks of pairs of true bytes for those
locales if file is opened as Unicode so each pair of true bytes is treated as one Unicode symbol,
and finally Scripting.FileSystemObject is much slower than SAPI.SpFileStream even during file size obtaining;
SAPI.SpCustomStream binded to SAPI.SpFileStream can't return true bytes in pure JScript;
it could be probably possible to pass stream from SAPI.SpStream (binded to SAPI.SpFileStream) to ADODB.Stream
via <RemoteCopyTo> for its further reading in pure JScript but SAPI.SpStream is not accessible for scripting;
SAPI.SpVoice <SpeakStream> binded to SAPI.SpFileStream takes more time than needed and makes inappropriate
changes to output stream which are not acceptable for true bytes reading;
ADODB.Stream <LoadFromFile> and <SaveToFile> can't read or write true bytes one by one;
CDO.Message <GetDecodedContentStream> can't read true bytes one by one;
Microsoft.XMLHTTP or Msxml2.XMLHTTP <send> can read true bytes one by one but it does not process corresponding
<Range> request headers properly for localhost so it does not read true bytes one by one for localhost.
]
It is also possible to use 'r e s://' protocol with Microsoft.XMLHTTP or Msxml2.XMLHTTP <send> for obtaining resource data when its ID
is known but I can confirm this is much slower than peering inside the PE so 'r e s://' protocol is not used here for these purposes.
WScript or WSH is also not used here because it can't accept Unicode file names as <Arguments> so I decided to use Web Browser
in HTA instead and deal with its confirmed issue regarding <BeforeNavigate2> event in Windows XP (see below).
*/
msg= //block of all application messages
[
'Welcome!</div><br><a href="ht'+'tps://tastyscriptsforfree.wix.com/page/scripts" title="ht'+'tps://tastyscriptsforfree.wix.com/page/scripts">'+document.title+
' v4.8.0</a><br>© 2017-2020 Vladimir Samarets.<br><a href="mail'+'to:tastyscriptsforfree'+'@'+'protonmail.com?subject='+document.title+
' v4.8.0">tastyscriptsforfree'+'@'+'protonmail.com</a><br><br><p style="font-size:8pt;">Initially based on Icon Extractor by <a href="ht'+'tps://jsware.net" title="ht'+'tps://jsware.net">'+
'Joe Priestley</a><br>and its modification - IconSiphon by <a href="ht'+'tp://gilpin.us" title="ht'+'tp://gilpin.us">Dave Gilpin</a><br>written in VBScript.</p>',
'Drop a file here.</div>',
'-= Processing =-</div><br>',
'Extracted in ',
"-= Error =-</div><br>The item is not a file, can't be accessed or is too big.<br>Try to extract from its copy instead.",
"-= Error =-</div><br>The file is in use or can't be accessed.<br>Try to extract from its copy instead.",
'-= Error =-</div><br>The file is not a PE, ANI, ICO or CUR file<br>or a file with embedded icon or cursor.',
'-= Error =-</div><br>Resource Section not found.',
'-= Error =-</div><br>No resources found in Resource Section.',
'-= Error =-</div><br>Some resources are not extracted<br>due to wrong data or inappropriate locations.',
'-= Error =-</div><br>Unknown error occured.<br>Please send me the file you have just dropped.<br>Thank you!'
],
rTypes= //resource ID to type matching
{
1:'CURSOR',
2:'BITMAP',
3:'ICON',
4:'MENU',
5:'DIALOG',
6:'STRING',
7:'FONTDIR',
8:'FONT',
9:'ACCELERATOR',
10:'RCDATA',
11:'MESSAGETABLE',
12:'GROUP_CURSOR',
14:'GROUP_ICON',
16:'VERSION',
17:'DLGINCLUDE',
19:'PLUGPLAY',
20:'VXD',
21:'ANICURSOR',
22:'ANIICON',
23:'HTML',
24:'MANIFEST'
},
exts= //file first bytes to extension matching in hex string format
{
'4d5a':'646c6c', //'dll'
'424d':'626d70', //'bmp'
'fffb':'6d7033', //'mp3'
'fff3':'6d7033', //'mp3'
'fff2':'6d7033', //'mp3'
'4d546864':'6d6964', //'mid'
'4d534346':'636162', //'cab'
'7b5c72746631':'727466', //'rtf'
'3c73766720':'737667', //'svg'
'377abcaf271c':'377a', //'7z'
'504b0304':'7a6970', //'zip'
'504b0506':'7a6970', //'zip'
'504b0708':'7a6970', //'zip'
'89504e470d0a1a0a':'706e67', //'png'
'3c68776e6476696577':'747874', //'txt'
'3c6c696e6b656c656d656e74':'747874', //'txt'
'3c68746d6c3e':'68746d', //'htm'
'efbbbf3c68746d6c3e':'68746d', //'htm'
'fffe3c00680074006d006c003e00':'68746d', //'htm'
'3c3f786d6c20':'786d6c', //'xml'
'efbbbf3c3f786d6c20':'786d6c', //'xml'
'3c647569786d6c3e':'786d6c', //'xml'
'efbbbf3c647569786d6c3e':'786d6c', //'xml'
'fffe3c003f0078006d006c002000':'786d6c', //'xml'
'fffe3c0064007500690078006d006c003e00':'786d6c', //'xml'
'474946383961':'676966', //'gif'
'474946383761':'676966', //'gif'
'ffd8ffe000104a4649460001':'6a7067', //'jpg'
'ffd8ffdb':'6a7067', //'jpg'
'ffd8ffee':'6a7067', //'jpg'
'00000100':'69636f', //'ico'
'00000200':'637572', //'cur'
'52494646':'52494646', //RIFFPART
'ffd8ffe1':'ffd8ffe1' //JPGPART
},
end=1, //indicates whether a dropped item is processed or not
begin=1, //indicates whether a DB timeout for Web Browser reset is needed or not
nDB, //indicates whether DownloadBegin Web Browser event has been catched or not
pause, //indicates whether drop target is allowed or not
ms, //message screen that hides Web Browser during dropped items processing
fP, //file path
folders, //folders for sorting of resources
dBO, //data body offset
dBOs, //data body offsets
stDBO, //step data body offset
shift, //data shift for RT_CURSOR
ext, //file extension in hex string
RTDSOStart, //RT_<data> (RT_ICON or RT_CURSOR) section start offset
RTDSOEnd, //RT_<data> (RT_ICON or RT_CURSOR) section end offset
RTISOStart, //RT_ICON section start offset
RTISOEnd, //RT_ICON section end offset
RTCSOStart, //RT_CURSOR section start offset
RTCSOEnd, //RT_CURSOR section end offset
dIndex, //data index
gIndex, //data group index
rError, //indicates whether there are errors during extraction of icons or cursors or not
dt, //current date
dtChsm, //current date checksum
currentUTCTimeHx, //current date in UTC time hex format
hex, //XML node in hex format
base64, //XML node in base64 format (not used here)
str, //XML node in string format
defaultCharset; //document default charset (not used here)
!function alert(m,s) //a small library written by me for obtaining extended <alert> (see below) as well as <defaultCharset>
{ //and XML nodes without using XML ActiveX object of certain version (it could be also used for WScript scripting);
var d=GetObject('\\','htmlfile'); //<GetObject> is used instead of <new ActiveXObject> because obtaining <defaultCharset> from the latter
//produces script fault if WScript is used as host in Windows XP
d.write("<xml><_ xmlns:dt='urn:schemas-microsoft-com:datatypes'><_ dt:dt='bin.hex'/><_ dt:dt='bin.base64'/><_/></_></xml>");
defaultCharset=d.defaultCharset;
var xml=d.documentElement.firstChild.children[1];
xml.preserveWhiteSpace=1;
xml=xml.firstChild;
hex=xml.childNodes[0];
base64=xml.childNodes[1];
str=xml.childNodes[2];
alert=function(m,s) //extended 'alert' <message, message shift at start or 0 by default>
{
d.parentWindow.alert(s?m.substr(s):m);
}
}();
var sM=function(m,c) //show message <message, background color>
{
ms.innerHTML='<div style="font-size:12pt;">'+m;
ms.style.background=c;
},
sDM=function(d) //show default message <delay>
{
setTimeout
(
function()
{
pause=0;
setTimeout
(
function()
{
if(!pause)
sM(msg[1],'mediumaquamarine');
},
100
);
},
d
);
},
sEM=function(p) //show error message <position of error message in the list of application messages>
{
var e;
try
{
TF.Close(); //trying to close TAR file stream if it is opened
}
catch(e)
{
;
}
setTimeout
(
function()
{
sM(msg[p],'salmon'); //showing error message
},
1000
);
sDM(3000); //showing default message
},
sOpen=function(p) //open source file <path of source file>
{
SF.SetStream(1,p); //open source file stream for reading
},
tOpen=function(p) //create and open TAR file <path of TAR file>
{
TF.Format.Type=1; //text
TF.Open(p,3); //open TAR file stream for writing
},
sRd=function(c) //read bytes of source file stream <count of bytes from previous position>
{
return strToBt(SF.ReadStream(1,c,3),'Unicode',2); //<msiReadStreamDirect>
},
sBt=function(s,c) //read bytes of source memory stream <start position, count of bytes>
{
S.Position=s;
return S.Read(c);
},
sSt=function(c) //set initial bytes from source file stream to source memory stream <count of bytes>
{
S.Position=0;
S.Type=2; //text
S.Charset='Unicode';
S.WriteText(SF.ReadStream(1,c,3)); //<msiReadStreamDirect>
S.SetEOS();
S.Position=0;
S.Type=1; //binary
},
tBt=function(s,c) //read bytes of TAR file stream <start position, count of bytes>
{
T.Position=s;
return T.Read(c);
},
rp=function(s,c) //repeat string <string, count of repeat>
{
for(var i=0,r=s;++i<c;r+=s);
return r;
},
strToBt=function(s,c,p) //convert string of certain charset to bytes <string, charset, bytes shift at start or 0 by default>
{
CM.Position=0;
CM.Type=2; //text
CM.Charset=c;
CM.WriteText(s);
CM.SetEOS();
CM.Position=0;
CM.Type=1; //binary
CM.Position=p||0;
return CM.Read();
},
uStrToBt=function(s) //convert Unicode string to bytes <string>
{
str.text=s;
return str.nodeTypedValue;
},
utf8StrToBt=function(s) //convert Utf8 string to bytes <string> and calculate their checksum and count
{
if(s||s===0)
{
utf8StrToBt.chsm=btToHx(s=strToBt(s,'utf-8',3)).chsm();
utf8StrToBt.ct=CM.Position*2-6;
}
else
utf8StrToBt.chsm=utf8StrToBt.ct=0;
return s;
},
ansiStrToBt=function(s) //convert ANSI string to bytes <string> and calculate their checksum and count
{
if(s||s===0)
{
ansiStrToBt.chsm=btToHx(s=strToBt(s,'Windows-1252')).chsm();
ansiStrToBt.ct=CM.Position*2;
}
else
ansiStrToBt.chsm=ansiStrToBt.ct=0;
return s;
},
hxToBt=function(h) //convert hex string to bytes <hex string>
{
hex.text=h;
return hex.nodeTypedValue;
},
btToNm=function(b) //convert bytes to number <bytes>
{
return parseInt(btToRvHx(b),16);
},
btToHx=function(b) //convert bytes to hex string <bytes>
{
hex.nodeTypedValue=b;
return hex.text;
},
btToRvHx=function(b) //convert bytes to reversed hex string <bytes>
{
return btToHx(b).rvHxBt();
},
btToStr=function(b,c) //convert bytes to string of certain charset <bytes, charset>
{
CM.Position=0;
CM.Type=1; //binary
CM.Write(b);
CM.SetEOS();
CM.Position=0;
CM.Type=2; //text
CM.Charset=c;
return CM.ReadText();
},
btToUStr=function(b) //convert bytes to Unicode string <bytes>
{
str.nodeTypedValue=b;
return str.text;
},
sNm=function(s,l) //read bytes of source file as number <start position, length of bytes>
{
return parseInt(sRvHx(s,l),16);
},
sNmHxStr=function(s,l) //read bytes of source file as hex string of number <start position, length of bytes>
{
return nmToHxStr(sNm(s,l));
},
sRvNmHxStr=function(s,l) //read bytes of source file as reversed hex string of number <start position, length of bytes>
{
return nmToHxStr(sRvNm(s,l));
},
sRvNm=function(s,l) //read reversed bytes of source file as number <start position, length of bytes>
{
return parseInt(sHx(s,l),16);
},
sStr=function(s,l,c) //read bytes of source file as string of certain charset <start position, length of bytes, charset>
{
return btToStr(sBt(s,l),c);
},
sUStr=function(s,l) //read bytes of source file as Unicode string <start position, length of bytes>
{
return btToUStr(sBt(s,l));
},
sHx=function(s,l) //read bytes of source file as hex string <start position, length of bytes, charset>
{
return btToHx(sBt(s,l));
},
sRvHx=function(s,l) //read reversed bytes of source file as hex string <start position, length of bytes>
{
return sHx(s,l).rvHxBt();
},
sBtEq=function(s,h) //compare bytes of source file with hex string <start position, hex string>
{
return sHx(s,h.length/2)==h;
},
CHSM=0,
nmToBt=function(n,c) //convert number to bytes <number, count of bytes>
{
return hxToBt(nmToHx(n,c));
},
nmToRvBt=function(n,c) //convert number to reversed bytes <number, count of bytes>
{
return hxToBt(nmToRvHx(n,c));
},
nmToHxStr=function(n) //convert number to hex string <number>
{
n=n.toString().split('');
for(var i=n.length;i-->0;CHSM+=n[i]*1+48);
return '3'+n.join('3');
},
nmToHxUStr=function(n) //convert number to hex Unicode string <number>
{
n=n.toString().split('');
return '3'+n.join('003')+'00';
}
!function nmToHx(n,c) //convert number to hex <number, count of bytes>
{
var t='0123456789abcdef',h;
nmToHx=function(n,c)
{
h='';
for(c=c*2;c>0;c-=2,n>>>=8)
h+=t.charAt(n>>>4&15)+t.charAt(n&15);
return h;
}
}();
!function nmToRvHx(n,c) //convert number to reversed hex <number, count of bytes>
{
var t='0123456789abcdef',h;
nmToRvHx=function(n,c)
{
h='';
for(c=c*2;c-->0;n>>>=4)
h=t.charAt(n&15)+h;
return h;
}
}();
String.prototype.rvHxBt=function() //reverse string as hex bytes
{
return this.match(/..?/g).reverse().join('');
}
String.prototype.chsm=function() //calculate hex string bytes checksum
{
var c=0;
for(var n=this.length-2;n>-1;n-=2)
c+=parseInt(this.substr(n,2),16);
return c;
}
Number.prototype.toHMSR=function() //convert date to hours, minutes, seconds and remainder (milliseconds) notation
{
var r=this%3600000,
h=this/3600000^0, //hours
m=r/60000^0, //minutes
s=r%60000/1000^0; //seconds
r=this%1000; //remainder (milliseconds)
return ((h?h+'h':'')+(m?(h?' ':'')+m+'m':'')+(s?(h||m?' ':'')+s+'s':'')+(r?(h||m||s?' ':'')+r+'ms':''))||'0ms';
}
S.Open();
T.Open();
CM.Open();
S.Type=T.Type=1; //binary
!function getPL(n) //get primary language <PL> and sublanguage <SL> for RT_STRING
{
var ls=
{
SL:{0:'4e45555452414c',1:'44454641554c54',2:'5359535f44454641554c54',3:'435553544f4d5f44454641554c54',4:'435553544f4d5f554e535045434946494544',
5:'55495f435553544f4d5f44454641554c54'},
0:{PL:'4e45555452414c'},
1:{PL:'415241424943',1:'53415544495f415241424941',2:'49524151',3:'4547595054',4:'4c49425941',5:'414c4745524941',6:'4d4f524f43434f',7:'54554e49534941',
8:'4f4d414e',9:'59454d454e',10:'5359524941',11:'4a4f5244414e',12:'4c4542414e4f4e',13:'4b5557414954',14:'554145',15:'4241485241494e',16:'5141544152'},
2:{PL:'42554c47415249414e',1:'42554c4741524941'},
3:{PL:'434154414c414e',1:'434154414c414e'},
4:{PL:'4348494e455345',1:'545241444954494f4e414c',2:'53494d504c4946494544',3:'484f4e474b4f4e47',4:'53494e4741504f5245',5:'4d41434155'},
5:{PL:'435a454348',1:'435a4543485f52455055424c4943'},
6:{PL:'44414e495348',1:'44454e4d41524b'},
7:{PL:'4745524d414e',1:'',2:'5357495353',3:'415553545249414e',4:'4c5558454d424f555247',5:'4c4945434854454e535445494e'},
8:{PL:'475245454b',1:'475245454345'},
9:{PL:'454e474c495348',1:'5553',2:'554b',3:'415553',4:'43414e',5:'4e5a',6:'45495245',7:'534f5554485f414652494341',8:'4a414d41494341',9:'43415249424245414e',
10:'42454c495a45',11:'5452494e49444144',12:'5a494d4241425745',13:'5048494c495050494e4553',16:'494e444941',17:'4d414c4159534941',18:'53494e4741504f5245'},
10:{PL:'5350414e495348',1:'',2:'4d45584943414e',3:'4d4f4445524e',4:'47554154454d414c41',5:'434f5354415f52494341',6:'50414e414d41',
7:'444f4d494e4943414e5f52455055424c4943',8:'56454e455a55454c41',9:'434f4c4f4d424941',10:'50455255',11:'415247454e54494e41',12:'45435541444f52',
13:'4348494c45',14:'55525547554159',15:'5041524147554159',16:'424f4c49564941',17:'454c5f53414c5641444f52',18:'484f4e4455524153',19:'4e4943415241475541',
20:'50554552544f5f5249434f',21:'5553'},
11:{PL:'46494e4e495348',1:'46494e4c414e44'},
12:{PL:'4652454e4348',1:'',2:'42454c4749414e',3:'43414e414449414e',4:'5357495353',5:'4c5558454d424f555247',6:'4d4f4e41434f'},
13:{PL:'484542524557',1:'49535241454c'},
14:{PL:'48554e47415249414e',1:'48554e47415259'},
15:{PL:'4943454c414e444943',1:'4943454c414e44'},
16:{PL:'4954414c49414e',1:'',2:'5357495353'},
17:{PL:'4a4150414e455345',1:'4a4150414e'},
18:{PL:'4b4f5245414e',1:''},
19:{PL:'4455544348',1:'',2:'42454c4749414e'},
20:{PL:'4e4f5257454749414e',1:'424f4b4d414c',2:'4e594e4f52534b'},
21:{PL:'504f4c495348',1:'504f4c414e44'},
22:{PL:'504f5254554755455345',1:'4252415a494c49414e',2:''},
23:{PL:'524f4d414e5348',1:'535749545a45524c414e44'},
24:{PL:'524f4d414e49414e',1:'524f4d414e4941'},
25:{PL:'5255535349414e',1:'525553534941'},
27:{PL:'534c4f56414b',1:'534c4f56414b4941'},
28:{PL:'414c42414e49414e',1:'414c42414e4941'},
29:{PL:'53574544495348',1:'',2:'46494e4c414e44'},
30:{PL:'54484149',1:'544841494c414e44'},
31:{PL:'5455524b495348',1:'5455524b4559'},
32:{PL:'55524455',1:'50414b495354414e',2:'494e444941'},
33:{PL:'494e444f4e455349414e',1:'494e444f4e45534941'},
34:{PL:'554b5241494e49414e',1:'554b5241494e45'},
35:{PL:'42454c4152555349414e',1:'42454c41525553'},
36:{PL:'534c4f56454e49414e',1:'534c4f56454e4941'},
37:{PL:'4553544f4e49414e',1:'4553544f4e4941'},
38:{PL:'4c41545649414e',1:'4c4154564941'},
39:{PL:'4c49544855414e49414e',1:''},
40:{PL:'54414a494b',1:'54414a494b495354414e'},
41:{PL:'5045525349414e',1:'4952414e'},
42:{PL:'564945544e414d455345',1:'564945544e414d'},
43:{PL:'41524d454e49414e',1:'41524d454e4941'},
44:{PL:'415a455249',1:'4c4154494e',2:'435952494c4c4943'},
45:{PL:'424153515545',1:'424153515545'},
47:{PL:'4d414345444f4e49414e',1:'4d414345444f4e4941'},
50:{PL:'545357414e41',1:'534f5554485f414652494341'},
52:{PL:'58484f5341',1:'534f5554485f414652494341'},
53:{PL:'5a554c55',1:'534f5554485f414652494341'},
54:{PL:'414652494b41414e53',1:'534f5554485f414652494341'},
55:{PL:'47454f524749414e',1:'47454f52474941'},
56:{PL:'464145524f455345',1:'4641524f455f49534c414e4453'},
57:{PL:'48494e4449',1:'494e444941'},
58:{PL:'4d414c54455345',1:'4d414c5441'},
59:{PL:'53414d49',1:'4e4f52544845524e5f4e4f52574159',2:'4e4f52544845524e5f53574544454e',3:'4e4f52544845524e5f46494e4c414e44',
4:'4c554c455f4e4f52574159',5:'4c554c455f53574544454e',6:'534f55544845524e5f4e4f52574159',7:'534f55544845524e5f53574544454e',
8:'534b4f4c545f46494e4c414e44',9:'494e4152495f46494e4c414e44'},
60:{PL:'4952495348',2:'4952454c414e44'},
62:{PL:'4d414c4159',1:'4d414c4159534941',2:'4252554e45495f444152555353414c414d'},
63:{PL:'4b415a414b',1:'4b415a414b485354414e'},
64:{PL:'4b595247595a',1:'4b595247595a5354414e'},
65:{PL:'53574148494c49',1:'4b454e5941'},
66:{PL:'5455524b4d454e',1:'5455524b4d454e495354414e'},
67:{PL:'555a42454b',1:'4c4154494e',2:'435952494c4c4943'},
68:{PL:'5441544152',1:'525553534941'},
69:{PL:'42454e47414c49',1:'494e444941',2:'42414e474c4144455348'},
70:{PL:'50554e4a414249',1:'494e444941'},
71:{PL:'47554a4152415449',1:'494e444941'},
72:{PL:'4f52495941',1:'494e444941'},
73:{PL:'54414d494c',1:'494e444941'},
74:{PL:'54454c554755',1:'494e444941'},
75:{PL:'4b414e4e414441',1:'494e444941'},
76:{PL:'4d414c4159414c414d',1:'494e444941'},
77:{PL:'415353414d455345',1:'494e444941'},
78:{PL:'4d415241544849',1:'494e444941'},
79:{PL:'53414e534b524954',1:'494e444941'},
80:{PL:'4d4f4e474f4c49414e',1:'435952494c4c49435f4d4f4e474f4c4941',2:'505243'},
81:{PL:'5449424554414e',1:'505243'},
82:{PL:'57454c5348',1:'554e495445445f4b494e47444f4d'},
83:{PL:'4b484d4552',1:'43414d424f444941'},
84:{PL:'4c414f',1:'4c414f'},
86:{PL:'47414c494349414e',1:'47414c494349414e'},
87:{PL:'4b4f4e4b414e49',1:'494e444941'},
88:{PL:'4d414e4950555249'},
89:{PL:'53494e444849',1:'494e444941',2:'50414b495354414e'},
90:{PL:'535952494143',1:'5359524941'},
91:{PL:'53494e48414c455345',1:'5352495f4c414e4b41'},
93:{PL:'494e554b5449545554',1:'43414e414441',2:'43414e4144415f4c4154494e'},
94:{PL:'414d4841524943',1:'455448494f504941'},
95:{PL:'54414d415a49474854',2:'414c47455249415f4c4154494e'},
96:{PL:'4b4153484d495249',2:'5341534941'},
97:{PL:'4e4550414c49',1:'4e4550414c',2:'494e444941'},
98:{PL:'4652495349414e',1:'4e45544845524c414e4453'},
99:{PL:'50415348544f',1:'41464748414e495354414e'},
100:{PL:'46494c4950494e4f',1:'5048494c495050494e4553'},
101:{PL:'444956454849',1:'4d414c4449564553'},
104:{PL:'4841555341',1:'4e4947455249415f4c4154494e'},
106:{PL:'594f52554241',1:'4e494745524941'},
107:{PL:'51554543485541',1:'424f4c49564941',2:'45435541444f52',3:'50455255'},
108:{PL:'534f54484f',1:'4e4f52544845524e5f534f5554485f414652494341'},
109:{PL:'424153484b4952',1:'525553534941'},
110:{PL:'4c5558454d424f555247495348',1:'4c5558454d424f555247'},
111:{PL:'475245454e4c414e444943',1:'475245454e4c414e44'},
112:{PL:'4947424f',1:'4e494745524941'},
115:{PL:'5449475249474e41',2:'45524954524541'},
120:{PL:'5949',1:'505243'},
122:{PL:'4d41505544554e47554e',1:'4348494c45'},
124:{PL:'4d4f4841574b',1:'4d4f4841574b'},
126:{PL:'425245544f4e',1:'4652414e4345'},
127:{PL:'494e56415249414e54'},
128:{PL:'554947485552',1:'505243'},
129:{PL:'4d414f5249',1:'4e45575f5a45414c414e44'},
130:{PL:'4f43434954414e',1:'4652414e4345'},
131:{PL:'434f52534943414e',1:'4652414e4345'},
132:{PL:'414c53415449414e',1:'4652414e4345'},
133:{PL:'59414b5554',1:'525553534941'},
134:{PL:'4b49434845',1:'47554154454d414c41'},
135:{PL:'4b494e59415257414e4441',1:'5257414e4441'},
136:{PL:'574f4c4f46',1:'53454e4547414c'},
140:{PL:'44415249',1:'41464748414e495354414e'},
145:{PL:'53434f54544953485f4741454c4943',1:'4741454c4943'},
1050:{PL:'43524f415449414e',1:'43524f41544941'},
1070:{PL:'55505045525f534f524249414e',1:'4745524d414e59'},
2074:{PL:'5345524249414e',2:'4c4154494e'},
2094:{PL:'4c4f5745525f534f524249414e',2:'4745524d414e59'},
3098:{PL:'5345524249414e',3:'435952494c4c4943'},
4122:{PL:'43524f415449414e',4:'424f534e49415f4845525a45474f56494e415f4c4154494e'},
5146:{PL:'424f534e49414e',5:'424f534e49415f4845525a45474f56494e415f4c4154494e'},
6170:{PL:'5345524249414e',6:'424f534e49415f4845525a45474f56494e415f4c4154494e'},
7194:{PL:'5345524249414e',7:'424f534e49415f4845525a45474f56494e415f435952494c4c4943'},
8218:{PL:'424f534e49414e',8:'424f534e49415f4845525a45474f56494e415f435952494c4c4943'},
9242:{PL:'5345524249414e',9:'5345524249415f4c4154494e'},
10266:{PL:'5345524249414e',10:'5345524249415f435952494c4c4943'},
11290:{PL:'5345524249414e',11:'4d4f4e54454e4547524f5f4c4154494e'},
12314:{PL:'5345524249414e',12:'4d4f4e54454e4547524f5f435952494c4c4943'}
},
o,PL,SL;
getPL=function(n)
{
SL=n&1023;
PL=['4c414e475f'+(o=ls[SL!=26&&SL!=46?SL:n]).PL]; //'LANG_'
n=n>>10;
if(SL>0&&SL!=127)
{
SL=o[n];
if(SL!=undefined)
PL.SL='535542'+PL+(SL?'5f'+SL:''); //'SUB'+'_'
else
PL.SL='5355424c414e475f'+ls.SL[n]; //'SUBLANG_'
}
else
PL.SL='5355424c414e475f'+ls.SL[n]; //'SUBLANG_'
return PL;
}
}();
!function addT(fN1,fN2,ct,n,c) //write certain data to TAR file <file name bytes, file name string, file name bytes count,
{ //file size, file name checksum>
var s200=rp('0',200),
se='002030'+s200+'7573746172003030'+rp('0',494); //section end
(addT=function(fN1,fN2,ct,n,c)
{
if(fN1!='')
T.Write(fN1);
T.Write(hxToBt(fN2+s200.substr(fN2.length+ct)+'303130303737370030303030303030003030303030303000'+addT.getOctHex(n,c)+currentUTCTimeHx+
'303030303030'.substr(CHSM.length*2)+'3'+CHSM.split('').join(3)+se));
}).getOctHex=function(n,c)
{
CHSM=0;
n=nmToHxStr(n.toString(8));
ct=n.length;
CHSM=(2517+dtChsm-24*ct+CHSM+c).toString(8); //TAR block checksum including 0x20*8 for checksum itself
return '3030303030303030303030'.substr(ct)+n; //12 bytes
}
}();
!function endTF() //write end block to TAR file stream and close it
{
var b=hxToBt(rp('0',2048));
endTF=function()
{
var s=T.Position;
if(s>0)
TF.Write(tBt(0,s));
TF.Write(b);
TF.Close();
T.Position=0;
}
}();
!function endTBlock(l) //write end section block to TAR memory stream (data length)
{
var s1024=rp('0',1024);
endTBlock=function(l)
{
if(l%=512)
T.Write(hxToBt(s1024.substr(l*2)));
}
}();
var dHd2=hxToBt('0100'), //second part of data header
writeTFBlock=function() //write data block over 1.46 MB to TAR file stream
{
var s=T.Position;
if(s>=1536000)
{
TF.Write(tBt(0,s));
T.Position=0;
}
},
extractIcoCur=function(gHP,dC,ext,dHd,fN,fNP1,fNP1chsm) //extract icons, cursors and PNGs <group header pointer, data count, extension hex string,
{ //data header bytes, file name bytes, file name part 1 string, file name part 1 checksum>
var dW,dH,bO,iBC='',dP,dI,dB,dB1,dB2,dS,dSNum,fNP2,fNP2chsm,startGHP=gHP-6;
for(var r=1;r<dC;r++,gHP+=16) //group header pointer
{
dW=sNm(gHP,1); //data width
dH=sNm(gHP+1,1); //data height
dS=sBt(gHP+8,4); //data size
dSNum=btToNm(dS);
dI=sBt(gHP,6); //data info
if(ext=='69636f') //'ico'
{
iBC=sNm(gHP+6,2); //icon bit count
iBC=iBC>0&&iBC<33?iBC:32;
}
bO=startGHP+sNm(gHP+12,4);
CHSM=fNP1chsm;
fNP2=fNP1+nmToHxStr(dIndex)+'3b'+nmToHxStr(r)+'5d2e'; //file name part 2, dataIndex+';'+'].'
fNP2chsm=CHSM;
var isPNG=0;
if(sBtEq(bO,'89504e470d0a1a0a'))
{
dB1=sBt(bO,20);
dW=sRvNm(bO+16,4);
dH=sRvNm(bO+20,4)||dW;
dB2=sBt(bO+24,dSNum-24);
isPNG=1;
}
else
{
dW=dW||256;
dH=dH||dW||256;
dB=sBt(bO,dSNum); //data body
}
if(!folders[dP=dW+';'+dH+';'+iBC]) //data path
{
CHSM=0;
var dPp=nmToHxStr(dW)+'78'+nmToHxStr(dH); //'x'+'/'
folders[dP]=[hxToBt('504e47732f'+dPp+'2f'),CHSM+386,dPp.length+12+folders[ext+0][2]]; //'PNGs/'+dPp+'/'
if(iBC)
{
dPp+='20'+nmToHxStr(iBC)+'626974'; //' '+'bit'
CHSM+=336;
}
folders[dP][3]=hxToBt(dPp+'2f'); //'/'
folders[dP][4]=CHSM;
folders[dP][5]=dPp.length+2+folders[ext+0][2];
}
if(isPNG)
{
if(folders[ext+0][2])
T.Write(folders[ext+0][0]);
T.Write(folders[dP][0]);
addT(fN,fNP2+'706e67',folders[dP][2]+utf8StrToBt.ct,dSNum,folders[dP][1]+fNP2chsm); //'png'
T.Write(dB1); //png body
T.Write(nmToRvBt(dH,4)); //png corrected height
T.Write(dB2); //png body
endTBlock(dSNum);
}
if(folders[ext+0][2])
T.Write(folders[ext+0][0]);
T.Write(folders[dP][3]);
var datalength=dSNum+22;
addT(fN,fNP2+ext,folders[dP][5]+utf8StrToBt.ct,datalength,folders[dP][4]+fNP2chsm); //'ico' or 'cur'
T.Write(dHd);
T.Write(dHd2);
T.Write(dI);
T.Write(ext=='69636f'?nmToBt(iBC,2):sBt(gHP+6,2)); //corrected icon bit count
T.Write(dS);
T.Write(hxToBt('16000000'));
if(isPNG)
{
T.Write(dB1); //png body
T.Write(nmToRvBt(dH,4)); //png corrected height
T.Write(dB2); //png body
}
else
T.Write(dB); //icon or cursor body
endTBlock(datalength);
dIndex++;
}
},
extractANI=function(rO,smID,rS) //extract groups of icons, groups of cursors, icons, cursors and PNGs from ANI file format
{ //<resource offset, sum of resource IDs, resource size>
smID=smID||''; //sum of resource IDs
var infoOffset=rO;
if(sBtEq(rO,'4c495354')) //'LIST'
{
var listSize=sNm(rO+4,4), //size of LIST
sSize=sNm(rO+16,4); //size of first section
smID=smID?smID+' ':'';
smID+='('+sStr(rO+20,sSize,'utf-8').replace(/\x00/g,'').replace(/[\\/:*"<>|]/g,'_');
infoOffset+=20+sSize;
if(sSize<listSize-13) //second section found by taking into account 1 excessive zero byte
{
while(!sBtEq(infoOffset,'49415254')) //dealing with excessive zero bytes in order to obtain correct 'IART' offset
infoOffset++;
sSize=sNm(infoOffset+4,4); //size of second section
smID=smID?smID+' & ':'';
smID+=sStr(infoOffset+=8,sSize,'utf-8').replace(/\x00/g,'').replace(/[\\/:*"<>|]/g,'_');
infoOffset+=sSize;
}
smID+=')';
}
while(!sBtEq(infoOffset,'616e6968')) //dealing with excessive zero bytes in order to obtain correct 'anih' offset
infoOffset++;
var iC=sNm(infoOffset+12,4),fO=8+4*sNm(infoOffset+16,4); //images count, frames offset
if(sBtEq(infoOffset+=44,'72617465')) //rate
infoOffset+=fO;
if(sBtEq(infoOffset,'73657120')) //seq
infoOffset+=fO;
if(sBtEq(infoOffset,'4c495354')&&sBtEq(infoOffset+8,'6672616d')) //LIST & fram
{
infoOffset+=16;
var ext=sNm(infoOffset+6,2)==2?'637572':'69636f', //cur or ico
dHd=sBt(infoOffset+4,4); //data header
if(!rO)
{
tOpen(fP+(ext=='69636f'?'ICON':'CURSOR')+'s.tar');
folders={637572:[hxToBt('47524f55505f435552534f52732f'),1599,28],
'69636f':[hxToBt('47524f55505f49434f4e732f'),1403,24],6375720:[0,0,0],'69636f0':[0,0,0]}; //'GROUP_CURSORs/', 'GROUP_ICONs/', '', ''
dIndex=1; //data index
gIndex=1; //group index
}
var sz,dC,fNP1,fNP1chsm,
fN=utf8StrToBt(smID+' '), //obtaining file name in Utf8 format
fNchsm=utf8StrToBt.chsm+1061;
for(var j=0;j<iC;j++,infoOffset+=sz+8)
{
sz=sNm(infoOffset,4);
CHSM=fNchsm;
fNP1='5b'+nmToHxStr(gIndex)+'3b'+nmToHxStr(j+1)+'5d20'; //file name part 1, '['+groupIndex+';'+'] '
fNP1chsm=CHSM;
dC=sNm(infoOffset+8,2); //data count
extractIcoCur(infoOffset+10,dC+1,ext,dHd,fN,fNP1+'5b',fNP1chsm+folders[ext+0][1]); //'['
if(dC>1) //group of icons or cursors
{
T.Write(folders[ext][0]);
CHSM=fNP1chsm+folders[ext][1];
addT(fN,fNP1+'28'+nmToHxStr(dC)+'20666f726d617473292e'+ext,folders[ext][2]+utf8StrToBt.ct,sz,CHSM); //'('+' formats)'+'.'+'ico' or 'cur'
T.Write(sBt(infoOffset+4,sz));
endTBlock(sz);
}
gIndex++;
}
if(rO)
{
CHSM=fNchsm+40;
addT(fN,'28'+nmToHxStr(iC)+'20696D61676573292e616e69',utf8StrToBt.ct,rS,CHSM); //'('+' images).ani'
T.Write(sBt(rO-12,rS));
endTBlock(rS);
writeTFBlock();
}
}
},
startExtraction=function() //start extraction of resources
{
dt=new Date();
dtChsm=0;
currentUTCTimeHx='00'+addT.getOctHex(Math.floor(dt.getTime()/1000),0)+'00'; //last modification time
dtChsm=parseInt(CHSM,8)-parseInt(3705,8);
var e;
try
{
sOpen(fP);
}
catch(e)
{
return sEM(5); //the file is in use or can't be accessed
}
var fS=SF.DataSize(1); //source file size
if(fS<64)
{
if(fS<0) //the item is not a file, can't be accessed or is too big
{
sM(msg[4],'salmon');
return sDM(2000);
}
return sEM(6); //the file is not a PE, ANI, ICO, CUR file or file with embedded icon or cursor
}
fP=cP.match(/.+(?:\\)/)+fP.match(/[^:\\]+$/)+'_';
sSt(64); //loading first 64 bytes into source memory that could be IMAGE_DOS_HEADER section of PE file
ext=exts[sHx(2,4)]; //obtaining file extension in hex string
if(ext=='69636f'||ext=='637572') //'ico' or 'cur'
{
var dHd=sBt(2,4), //data header
dC=sNm(6,2); //data count
utf8StrToBt();
var hD=sBt(8,61);
S.Position=0;
S.Write(hD);
S.Write(sRd(fS-64));
S.SetEOS();
tOpen(fP+(ext=='69636f'?'ICON':'CURSOR')+'s.tar');
folders={6375720:[0,0,0],'69636f0':[0,0,0]};
dIndex=1; //data index
gIndex=1; //group index
extractIcoCur(0,dC+1,ext,dHd,0,'5b313b315d205b',1159); //'[1;1] ['
endTF();
}
else if(ext=='52494646'&&sBtEq(10,'41434f4e')) //'RIFF' & 'ACON'
{
var hD=sBt(14,55);
S.Position=0;
S.Write(hD);
S.Write(sRd(fS-64));
S.SetEOS();
extractANI(0,'',fS-12);
endTF();
}
else //trying to extract resources from PE file
{
var sg=sNm(62,4); //skipping <BOM> header and IMAGE_DOS_HEADER fields till <e_lfanew offset> and obtaining IMAGE_NT_SIGNATURE (PE00) offset
if(sg<64||sg>fS) //checks whether IMAGE_NT_SIGNATURE (PE00) offset is inside IMAGE_DOS_HEADER or outside the file size
return sEM(6); //the file is not a PE file
sSt(sg-42); //loading 22 bytes of new data into source memory starting from PE File Header (4 bytes of
//IMAGE_NT_SIGNATURE (PE00) and the rest first 18 bytes of IMAGE_FILE_HEADER)
if(!sBtEq(sg-62,'50450000')) //checks whether first 4 bytes are equal to IMAGE_NT_SIGNATURE (PE00) or not
return sEM(6); //the file is not a PE file
var STHSize=sNm(sg-56,2)*40, //getting size of all Section Table headers by obtaining <NumberOfSections> and taking into account 40 bytes of
//each IMAGE_SECTION_HEADER
pt=2+sNm(sg-42,2); //skipping 4 bytes of IMAGE_NT_SIGNATURE (PE00), 20 bytes of IMAGE_FILE_HEADER and
//<SizeOfOptionalHeader> bytes of IMAGE_OPTIONAL_HEADER and obtaining pointer to first
//IMAGE_SECTION_HEADER
sSt(pt+STHSize); //loading all Section Table headers as new data into source memory
var RSfound=0; //indicates whether Resources section is found or not
for(var ISHOffset=pt+=2;ISHOffset<pt+STHSize;ISHOffset+=40) //looping through IMAGE_SECTION_HEADERs inside Section Table headers section by shifting current header
//offset for obtaining an offset to next
if(sBtEq(ISHOffset,'2e72737263000000')) //checks whether IMAGE_SIZEOF_SHORT_NAME (8 first bytes) of IMAGE_SECTION_HEADER is
{ //equal to '.rsrc' or not
RSVA=sNm(ISHOffset+12,4); //obtaining <VirtualAddress> of Resource Section
SF.ReadStream(1,sNm(ISHOffset+20,4)-STHSize-pt-20-sg,3); //obtaining <PointerToRawData> of Resource Section
sSt(sNm(ISHOffset+16,4)); //loading <SizeOfRawData> bytes of Resource Section as new data into source memory starting from
//<PointerToRawData> of Resource Section (IMAGE_RESOURCE_DIRECTORY)
RSfound=1; //Resource Section is found
break;
}
if(!RSfound)
return sEM(7); //Resource Section is not found
var nRC=sNm(14,2), //skipping IMAGE_RESOURCE_DIRECTORY fields till <NumberOfNamedEntries> offset and
//obtaining named resources count
rC=nRC+sNm(16,2); //count of resources = count of named resources + count of identified resources (<NumberOfIdEntries>)
if(!rC)
return sEM(8); //no resources are found in Resource Section
var rID,
extract=function(n,f) //extract resources to TAR file <part of file name, folders for sorting of resources>
{
tOpen(fP+n+'s.tar');
folders=f;
extractResources(pt,rID,RSVA);
endTF();
}
pt=18; //skipping IMAGE_RESOURCE_DIRECTORY and obtaining pointer to IMAGE_RESOURCE_DIRECTORY_ENTRY
for(var i=0;i<rC;i++,pt+=8) //looping through IMAGE_RESOURCE_DIRECTORY_ENTRYs by shifting current entry offset for
{ //obtaining an offset to next
rID=sNm(pt,3); //obtaining resource ID without high bit from <Name> field of
//each IMAGE_RESOURCE_DIRECTORY_ENTRY
if(i<nRC)
extract(rID=sUStr(rID+4,sNm(rID+2,2)*2).replace(/[\\/:*"<>|]/g,'_'),{}); //obtaining resource type name for named resource from
//IMAGE_RESOURCE_DIR_STRING_U and extract its data
else
switch(rID=rTypes[rID]||rID) //obtaining resource type name for identified resource
{
case 'CURSOR':
RTCSOStart=sNm(pt+4,3)+18; //obtaining RT_CURSOR section start offset
RTCSOEnd=RTCSOStart+sNm(sNm(pt+4,3)+16,2)*8-8; //obtaining RT_CURSOR section end offset by taking into account only identified
//(not named) resources
break;
case 'ICON':
RTISOStart=sNm(pt+4,3)+18; //obtaining RT_ICON section start offset
RTISOEnd=RTISOStart+sNm(sNm(pt+4,3)+16,2)*8-8; //obtaining RT_ICON section end offset by taking into account only identified
//(not named) resources
break;
case 'GROUP_CURSOR':
dIndex=1; //data index reset (icon or cursor common index)
dBOs={};
RTDSOStart=dBO=stDBO=RTCSOStart; //RT_<data> (RT_ICON or RT_CURSOR) section start offset, data body offset,
//step data body offset
RTDSOEnd=RTCSOEnd; //RT_<data> (RT_ICON or RT_CURSOR) section end offset
shift=4;
ext='637572';
extract('CURSOR',{0:[hxToBt('47524f55505f435552534f52732f'),2417,28]}); //'GROUP_CURSOR/', extract data of cursor groups
break;
case 'GROUP_ICON':
dIndex=1; //data index reset (icon or cursor common index)
dBOs={};
RTDSOStart=dBO=stDBO=RTISOStart; //RT_<data> (RT_ICON or RT_CURSOR) section start offset, data body offset,
//step data body offset
RTDSOEnd=RTISOEnd; //RT_<data> (RT_ICON or RT_CURSOR) section end offset
shift=0;
ext='69636f';
extract('ICON',{0:[hxToBt('47524f55505f49434f4e732f'),2221,24]}); //'GROUP_ICON/', extract data of icon groups
break;
case 'ANICURSOR':case 'ANIICON':
dIndex=1; //data index reset (icon or cursor common index)
gIndex=1; //group index reset (icon or cursor group common index)
extract(rID,{637572:[hxToBt('47524f55505f435552534f52732f'),1599,28],'69636f':[hxToBt('47524f55505f49434f4e732f'),1403,24], //extract data of ANI file format
6375720:[hxToBt('435552534f52732f'),640,16],'69636f0':[hxToBt('49434f4e732f'),459,12]}); //'GROUP_CURSORs/', 'GROUP_ICONs/', 'CURSORs/', 'ICONs/'
break;
default:
extract(rID,{}); //extract data of the rest resources
break;
}
}
}
dt=new Date()-dt;
var delay=rError?dt>1000?0:1000-dt:dt>2000?0:2000-dt;
setTimeout(function(){sM(msg[3]+dt.toHMSR()+'.</div>','limegreen');},delay); //showing 'Extracted in ' message
if(rError)
{
rError=0;
setTimeout(function(){sM(msg[9],'salmon');},delay+=1000); //some resources are not extracted due to wrong data or inappropriate location shifts
delay+=1000;
}
sDM(delay+1000); //show default message
},
extractResources=function(pt,rT,RSVA,rID,tmpsmID) //processing extraction of resources (temp sum of resource IDs)
{
var nRC=sNm(pt=sNm(pt+4,3)+14,2)+1; //skipping IMAGE_RESOURCE_DIRECTORY fields till <NumberOfNamedEntries> offset and
//obtaining named resources (or subresources) count
var rC=nRC+sNm(pt+2,2); //count of resources (or subresources) = count of named resources + count of
//identified resources (<NumberOfIdEntries>)
if(rC>1) //if resources are found
{
tmpsmID=tmpsmID?tmpsmID+' ':''; //temp sum of resource IDs
pt+=4; //skipping IMAGE_RESOURCE_DIRECTORY and obtaining pointer to IMAGE_RESOURCE_DIRECTORY_ENTRY
var parentRID=rID; //storing parent resource ID
for(var i=1;i<rC;i++,pt+=8) //looping through IMAGE_RESOURCE_DIRECTORY_ENTRYs by shifting current entry offset for obtaining
{ //an offset to next directory or entry
rID=sNm(pt,3); //obtaining resource ID without high bit from <Name> field of each IMAGE_RESOURCE_DIRECTORY_ENTRY
if(i<nRC)
rID=sUStr(rID+4,sNm(rID+2,2)*2).replace(/[:*"<>|]/g,'_'); //obtaining resource name for named resource from IMAGE_RESOURCE_DIR_STRING_U
var smID=tmpsmID+rID+(rC>2?'['+i+']':''); //making file name for extracted data from resource indexes if resources (or subresources) count is more
//than one from their IDs and names (sum of resource IDs)
if(sNm(pt+7,1)==128) //next IMAGE_RESOURCE_DIRECTORY (directory node) exists because a high bit of <OffsetToData> of
//IMAGE_RESOURCE_DIRECTORY_ENTRY is set
extractResources(pt,rT,RSVA,rID,smID); //passing obtained data to next IMAGE_RESOURCE_DIRECTORY
else //IMAGE_RESOURCE_DATA_ENTRY (a leaf node) exists
{
var ePt=sNm(pt+4,3)+2, //obtaining pointer to IMAGE_RESOURCE_DATA_ENTRY from <OffsetToData> of
//IMAGE_RESOURCE_DIRECTORY_ENTRY
rO=sNm(ePt,4)-RSVA+2, //obtaining offset to actual resource data from <OffsetToData> of IMAGE_RESOURCE_DATA_ENTRY by
//taking into account <VirtualAddress> of Resource Section
rS=sNm(ePt+4,4), //obtaining size of actual resource data from <Size> of IMAGE_RESOURCE_DATA_ENTRY
fN=utf8StrToBt(smID), //obtaining file name in Utf8 format
fNchsm=utf8StrToBt.chsm, //obtaining checksum of file name in Utf8 format
fNlg=utf8StrToBt.ct; //obtaining bytes count of file name in Utf8 format
if(rO+rS>S.Size||rO<0||rS<0)
{
rError=1;
addT(fN,'205b5245534f55524345204c4f434154494f4e204552524f525d',fNlg,0,1891+fNchsm); //writing resource error
writeTFBlock();
continue;
}
else
switch(rT) //resource section type
{
case 'GROUP_CURSOR':case 'GROUP_ICON': //groups icons or groups cursors, file extension needs to be detected according to file actual header
var dC=sNm(rO+4,2); //data count
if(dC>0)
{
var dHd=sBt(rO,4), //data header
dW,dH,dS,
dO=rS+dC*2, //data offset
iBC='',dSHex,dP,dID,dBID,dB,dB1,dB2,dI,isPNG,subRC,fNP1,fNP1chsm,fNP2,fNP2chsm,dError,gError=0;
if(dC>1)
{
CM.Position=0;
CM.Write(sBt(rO,dO)); //need to write dO length because ADODB.Stream cannot jump forward over unwritten bytes
} //to write data bodies later
rO+=6;
for(var j=0;j<dC;j++,rO+=14,dO+=dS,dIndex++)
{
dError=0;
dW=sNm(rO,1); //data width
dH=sNm(rO+1,1); //data height
dI=sBt(rO,6); //data info
dS=sNm(rO+8,4)-shift; //data size
dID=sNm(rO+12,2); //data ID
dSHex=nmToHx(dS,4);
if(!shift)
{
iBC=sNm(rO+6,2); //icon bit count
iBC=iBC>0&&iBC<33?iBC:32;
}
if(!dBOs[dID]) //obtaining data (icon or cursor) body offsets on the fly
{
if(stDBO<=RTDSOEnd)
{
while((dBID=sNm(dBO,3))!=dID) //data body ID
{
dBOs[dBID]=dBO;
if(dBO==stDBO+8)
stDBO=dBO;
var tmpDBO=dBO+(dID-dBID)*8;
if(tmpDBO<=RTDSOEnd&&tmpDBO>=RTDSOStart)
{
if((dBO=tmpDBO)==stDBO+8)
stDBO=dBO;
}
else
if((dBO=stDBO=stDBO+8)>RTDSOEnd)
{
rError=dError=gError=1;
break;
}
}
if(!dError)
dBOs[dID]=dBO; //the same ID can be used several times for different languages
}
else
rError=dError=gError=1;
}
else
dBO=dBOs[dID];
if(dBO==stDBO+8)
stDBO=dBO;
if(!dError)
{
fNP1=''; //file name part 1
fNP1chsm=fNchsm;
CHSM=0;
ePt=sNm(dBO+4,3)+16; //skipping IMAGE_RESOURCE_DIRECTORY fields till <NumberOfIdEntries> offset
if((subRC=sNm(ePt,2))>1) //count of resources = count of named resources (0 because this should be language) + count of
{ //identified resources (<NumberOfIdEntries>)
ePt+=2; //skipping IMAGE_RESOURCE_DIRECTORY and obtaining pointer to
//IMAGE_RESOURCE_DIRECTORY_ENTRY
for(var k=0;k<subRC;k++,ePt+=8) //looping through IMAGE_RESOURCE_DIRECTORY_ENTRYs by shifting current entry offset for
//obtaining an offset to next entry
if(rID==sNm(ePt,3)) //resource ID without high bit, identified resources only
{
ePt+=4; //skipping IMAGE_RESOURCE_DIRECTORY_ENTRY <Name> field till <OffsetToData> offset
fNP1+='7b'+nmToHxStr(k+1)+'7d'; //'{'+'}'
fNP1chsm+=CHSM+=248;
break;
}
}
else
ePt+=6; //skipping IMAGE_RESOURCE_DIRECTORY <NumberOfIdEntries> field and
//IMAGE_RESOURCE_DIRECTORY_ENTRY <Name> field till <OffsetToData> offset
fNP2=fNP1+'20'+nmToHxStr(dID)+'5b'+nmToHxStr(dIndex)+'3b'+nmToHxStr(j+1)+'5d2e'; //file name part 2, ' '+'['+dataIndex+';'+'].'
fNP2chsm=fNchsm+651+CHSM;
isPNG=0;
if(sBtEq(ePt=sNm(sNm(ePt,3)+2,4)+2-RSVA+shift,'89504e470d0a1a0a')) //obtaining pointer to IMAGE_RESOURCE_DATA_ENTRY from <OffsetToData> of
{ //IMAGE_RESOURCE_DIRECTORY_ENTRY and then obtaining offset to actual
//resource data from <OffsetToData> of IMAGE_RESOURCE_DATA_ENTRY by taking
//into account <VirtualAddress> of Resource Section and data shift for RT_CURSOR
dB1=sBt(ePt,20);
dW=sRvNm(ePt+16,4);
dH=sRvNm(ePt+20,4)||dW;
dB2=sBt(ePt+24,dS-24);
isPNG=1;
}
else
{
dW=dW||256;
dH=dH||dW||256;
dB=sBt(ePt,dS); //data body
}
if(!folders[dP=dW+';'+dH+';'+iBC]) //data path
{
CHSM=167;
var dPp=nmToHxStr(dW)+'78'+nmToHxStr(dH); //'x'+'/'
folders[dP]=[hxToBt('504e47732f'+dPp+'2f'),CHSM+386,dPp.length+12]; //'PNGs/'+dPp+'/'
if(!shift)
{
dPp+='20'+nmToHxStr(iBC)+'626974';
CHSM+=336; //' '+'bit'
}
dPp+='2f'; //'/'
folders[dP][3]=hxToBt(dPp);
folders[dP][4]=CHSM;
folders[dP][5]=dPp.length;
}
if(dC>1&&!gError)
{
CM.Position=j*16+6;
CM.Write(dI);
CM.Write(shift?sBt(rO+6,2):nmToBt(iBC,2)); //corrected icon bit count
CM.Write(hxToBt(dSHex+nmToHx(dO,4)));
CM.Position=dO;
if(isPNG)
{
CM.Write(dB1); //png body
CM.Write(nmToRvBt(dH,4)); //png corrected height
CM.Write(dB2); //png body
}
else
CM.Write(dB);
}
if(isPNG)
{
T.Write(folders[dP][0]);
addT(fN,fNP2+'706e67',folders[dP][2]+fNlg,dS,folders[dP][1]+fNP2chsm); //'png'
T.Write(dB1); //png body
T.Write(nmToRvBt(dH,4)); //png corrected height
T.Write(dB2); //png body
endTBlock(dS);
}
T.Write(folders[dP][3]);
var datalength=dS+22;
addT(fN,fNP2+ext,folders[dP][5]+fNlg,datalength,folders[dP][4]+fNP2chsm); //'ico' or 'cur'
T.Write(dHd);
T.Write(dHd2);
T.Write(dI);
T.Write(shift?sBt(rO+6,2):nmToBt(iBC,2)); //corrected icon bit count
T.Write(hxToBt(dSHex+'16000000'));
if(isPNG)
{
T.Write(dB1); //png body
T.Write(nmToRvBt(dH,4)); //png corrected height
T.Write(dB2); //png body
}
else
T.Write(dB); //icon or cursor body
endTBlock(datalength);
dBO=(dBO+8<RTDSOEnd?dBO:stDBO)+8;
}
else
{
CHSM=0;
fNP2='20'+nmToHxStr(dID)+'5b'+nmToHxStr(dIndex)+'3b'+nmToHxStr(j+1)+'5d2e'; //file name part 2, ' '+'['+dataIndex+';'+'].'
fNP2chsm=fNchsm+321+CHSM;
addT(fN,fNP2+ext+'205b5245534f55524345204c4f434154494f4e204552524f525d',fNlg,0,1891+315+(!shift?0:15)+fNP2chsm); //writing data error
writeTFBlock();
}
}
if(dC>1)
{
T.Write(folders[0][0]);
CHSM=0;
if(!gError)
{
addT(fN,fNP1+'2028'+nmToHxStr(dC)+'20666f726d617473292e'+ext,folders[0][2]+fNlg,dO,folders[0][1]+fNP1chsm+CHSM); //' ('+' formats)'+'.'+
//'ico' or 'cur'
CM.SetEOS();
CM.Position=0;
CM.CopyTo(T); //group of icons or cursors
endTBlock(dO);
}
else
addT(fN,'2028'+nmToHxStr(dC)+'20666f726d617473292e'+ext+'205b5245534f55524345204c4f434154494f4e204552524f525d',folders[0][2]+fNlg,0,
folders[0][1]+fNchsm+1891+CHSM); //' ('+' formats)'+'.'+'ico' or 'cur'; writing group error
}
writeTFBlock();
}
break;
case 'STRING':
var PL=getPL(rID);
if(!folders[PL])
{
var hxData=PL+'2f'; //'/'
folders[PL]=[hxToBt(hxData),hxData.chsm(),hxData.length];
}
var sID=(parentRID-1)*16,
sIDMax=sID+16,
dSO=0,
dS,
hxData='fffe53005400520049004e0047005400410042004c0045000d000a004c0041004e00470055004100470045002000'+
(PL+'2c20'+PL.SL).match(/..?/g).join('00')+'00'+'0d000a007b00'; //<BOM> header+'STRINGTABLE'+'\0d\0a'+'LANGUAGE '+
//', '+'\0d\0a'+'{'
do
{
dS=sNm(rO+dSO,2)*2;
dSO+=2;
if(dS)
{
hxData+='0d000a0020002000'+nmToHxUStr(sID)+'2c00200009002200'+sHx(rO+dSO,dS)+'2200'; //'\0d\0a '+', \t"'+'"'
dSO+=dS;
}
sID++;
}
while(sID<sIDMax);
hxData+='0d000a007d000d000a000d000a00'; //'\0d\0a'+'}'+'\0d\0a\0d\0a'
T.Write(folders[PL][0]);
sID=hxData.length/2;
addT(fN,'2e747874',folders[PL][2]+fNlg,sID,fNchsm+folders[PL][1]+398); //'.txt'
T.Write(hxToBt(hxData));
endTBlock(sID);
writeTFBlock();
break;
case 'BITMAP':
var dBC=sNm(rO+14,2); //data bit count
if(dBC>32)
{
rError=1;
addT(fN,'205b5245534f55524345204c4f434154494f4e204552524f525d',fNlg,0,1891+fNchsm); //writing resource error
writeTFBlock();
}
else //extract only valid images
{
var rHS=54+(dBC<=8?4*(sNm(rO+32,4)||Math.pow(2,dBC)):0); //resource colors used, resource header size with color table
rS+=14;
var dW=sNm(rO+4,4),
dH=sNm(rO+8,4),
dP=dW+';'+dH+';'+dBC; //data path
if(!folders[dP])
{
CHSM=518;
var dPp=nmToHxStr(dW)+'78'+nmToHxStr(dH)+'20'+nmToHxStr(dBC); //'x'+' '
folders[dP]=[hxToBt(dPp+'6269742f'),CHSM,dPp.length+8]; //'bit/'
}
T.Write(folders[dP][0]);
addT(fN,'2e626d70',folders[dP][2]+fNlg,rS,fNchsm+folders[dP][1]+365); //'.bmp'
T.Write(hxToBt('424d'+nmToHx(rS,4)+'00000000'+nmToHx(rHS,4)));
T.Write(sBt(rO,rS-14));
endTBlock(rS);
writeTFBlock();
}
break;
default:
if(ext=exts[sHx(rO,2)]||exts[sHx(rO,4)]||exts[sHx(rO,5)]||exts[sHx(rO,6)]||exts[sHx(rO,8)]||exts[sHx(rO,9)]||exts[sHx(rO,11)]||exts[sHx(rO,12)]||
exts[sHx(rO,14)]||exts[sHx(rO,18)])
{
;
}
else if(sBtEq(rO,'efbbbf')||sBtEq(rO,'fffe'))
ext='747874'; //'txt'
if(ext=='52494646') //RIFFPART
{
ext=sHx(rO+8,4);
if(ext=='41564920') //'AVI '
ext='617669'; //'avi'
else if(ext=='57415645') //'WAVE'
ext='776176'; //'wav'
else if(ext=='41434f4e') //'ACON', RT_ANICURSOR & RT_ANIICON
{
extractANI(rO+12,smID,rS);
break;
}
else
ext='';
}
else if(ext=='ffd8ffe1') //JPGPART
ext=sBtEq(rO+6,'457869660000')?'6a7067':''; //'jpg'
var h=sHx(rO,4),
fNP1=''; //file name part 1
if(ext)
{
fNP1+='2e'+ext;
var dW='',dH='';
switch(ext)
{
case '706e67': //'png'
dW=sRvNm(rO+16,4);
dH=sRvNm(rO+20,4);
break;
case '676966': //'gif'
dW=sNm(rO+6,2);
dH=sNm(rO+8,2);
break;
}
var dP=dW+';'+dH; //data path
if(dP!=';')
{
if(!folders[dP])
{
CHSM=167;
var dPp=nmToHxStr(dW)+'78'+nmToHxStr(dH); //width+'x'+height
folders[dP]=[hxToBt(dPp+'2f'),CHSM,dPp.length+2]; //'/'
}
T.Write(folders[dP][0]);
addT(fN,fNP1,folders[dP][2]+fNlg,rS,fNchsm+folders[dP][1]+46+ext.chsm()); //'.'+ext
}
else
addT(fN,fNP1,fNlg,rS,fNchsm+46+ext.chsm());
}
else
{
CHSM=0;
if(!folders[h])
folders[h]=[ansiStrToBt(h+'/'),ansiStrToBt.chsm,ansiStrToBt.ct];
T.Write(folders[h][0]);
addT(fN,fNP1,fNlg+folders[h][2],rS,CHSM+fNchsm+folders[h][1]);
}
T.Write(sBt(rO,rS));
endTBlock(rS);
writeTFBlock();
break;
}
}
}
}
}
!function start()
{
var b=document.body; //body
if(!b)
setTimeout(start,0); //waiting for body appearance
else
{
onerror=function()
{
sEM(10); //unknown error occured
return true;
}
b.style.margin=0;
ms=b.appendChild
(
document.createElement('<span style="word-break:break-all;width:100%;height:100%;text-align:center;padding:10px;cursor:default;font:bold 10pt Tahoma;">')
);
sM(msg[0],'yellow'); //showing welcome message
!function rsWB() //Web Browser reset with storing local methods inside
{
var DBT,WB='<object classid=clsid:8856F961-340A-11D0-A96B-00C04FD705A2 style="width:100%;height:100%;"><param name=Location value="about:<body'+
' style=\'margin:0px;border:0px;overflow:hidden;\'><input type=button style=\'width:'+b.clientWidth+'px;height:'+b.clientHeight+
'px;border:0px;background:mediumaquamarine;\'><script>var a,b=document.body;b.ondragenter=b.ondragleave=b.ondragover=b.onmouseenter='+
'b.onmouseleave=b.onmouseover=b.onmousemove=function(){clearTimeout(a);a=setTimeout(function(){location.reload();},100);}<\/script>">',
prc=function(f) //processing data received after file drop
{
clearTimeout(DBT);
end=1;
b.children[1].removeNode();
rsWB();
if(f) //the item is a file that can be accessed
{
sM(msg[2]+'<div style="text-align:left;">'+f+'</div>','limegreen');
fP=f;
setTimeout(startExtraction,0);
}
else //the item is not a file, can't be accessed or is too big
{
sM(msg[4],'salmon');
sDM(2000);
}
},
stDBT=function(f) //setting a timeout for Web Browser reset
{
if(!begin)
{
begin=1;
b.firstChild.style.display='';
if(f)
DBT=setTimeout
(
function()
{
prc();
},
1000
);
}
},
DB=function() //catching DownloadBegin Web Browser event
{
nDB=0;
stDBT(1);
},
STC=function(f) //catching StatusTextChange Web Browser event
{
stDBT(f);
if(f&&!end) //indicates that a file has been dropped
{
if(/file:/.test(f))
prc(decodeURIComponent(f).replace(/.+:((?:\/{3})|(?=\/{2}))(.+)...$/,'$2').replace(/\//g,'\\'));
else if(/</.test(f)) //indicates that drag target is leaved without drop
{
clearTimeout(DBT);
if(nDB)
{
b.firstChild.style.display='';
sDM(0);
}
else
prc();
}
}
},
NC2=function(o,f) //catching NavigateComplete2 Web Browser event in order to decline folder drops
{
if(!end)
prc();
},
NE=function() //catching NavigateError Web Browser event in order to decline items that don't exist or can't be accessed
{
if(!end)
prc();
}
rsWB=function() //Web Browser reset is needed because its events can't be declined further in JavaScript,
{ //BeforeNavigate2 event has also a confirmed issue and can't be catched in Windows XP by default while
//VBScript provides no working methods to catch them for ActiveX objects represented as HTML nodes
b.insertAdjacentHTML('beforeEnd',WB);
with(b.children[1])
{
RegisterAsDropTarget=Silent=Offline=1;
attachEvent('DownloadBegin',DB);
attachEvent('StatusTextChange',STC);
attachEvent('NavigateComplete2',NC2);
attachEvent('NavigateError',NE);
}
}
}();
rsWB(); //adding Web Browser as drop target
setTimeout(function()
{
ms.ondragover=function()
{
if(!pause)
{
if(!Math.abs(event.x-this.x)&&!Math.abs(event.y-this.y)) //accepting only slow mouse motion
{
this.style.display='none';
pause=1;
end=0;
begin=0;
nDB=1;
sM('','mediumaquamarine');
}
this.x=event.x;
this.y=event.y;
}
}
setTimeout
(
function()
{
if(!pause)
sM(msg[1],'mediumaquamarine');
},
100
);
},3000); //postponing Web Browser access while it generates its events at start
moveTo(screen.availWidth/2-190,screen.availHeight/2-102);
}
}();
}
else
{
!function hide(e) //hiding the application window before it is shown in order to resize it smoothly
{
try //avoiding Windows XP issues with immediate moveTo or resizeTo at start
{
moveTo(10000,10000); //negative values are not acceptable because they produce flickering if <Click> of Internet.HHCtrl is used
} //for HTA modeless dialog minimizing in Windows 7
catch(e)
{
try
{
hide();
}
catch(e)
{
hide();
}
}
}();
h.insertBefore(document.createElement('<hta:application showInTaskBar=0>'),h.firstChild);
var WMI= //a small library written by me for obtaining WMI instance, its common methods and properties
{ //below is a sample of creating a process with certain window shifts and environment variables
//and obtaining its <ProcessId> by using WMI
SWL:new ActiveXObject('WbemScripting.SWbemLocator'),
PRMS:function(p)
{
var s=WMI.PS.SpawnInstance_();
for(var i in p)s[i]=p[i];
return s;
},
Create:function(c,s,d)
{
var CreateIn=WMI.CreateIn.SpawnInstance_();
CreateIn.CommandLine=c;
CreateIn.ProcessStartupInformation=s;
CreateIn.CurrentDirectory=d;
return WMI.PRC.ExecMethod_('Create',CreateIn).ProcessId;
}
};
WMI.PRC=(WMI.WM=WMI.SWL.ConnectServer('.','root/cimv2')).Get('Win32_Process');
WMI.PS=WMI.WM.Get('Win32_ProcessStartup');
WMI.CreateIn=WMI.PRC.Methods_('Create').InParameters;
WSS.AppActivate(
WMI.Create
(
'mshta "'+cP+'"',
WMI.PRMS
(
{
X:10000, //hiding the application window before it is
Y:10000, //shown in order to resize it smoothly
EnvironmentVariables:
[
'is64bit=1', //indicates that the application is launched as 64 bit
'SystemRoot='+env('SystemRoot'), //for start
'SystemDrive='+env('SystemDrive'), //for hyperlinks
'TEMP='+env('TEMP'), //for 'mailto' links
'CommonProgramW6432='+env('CommonProgramW6432') //for ADODB.Stream
]
}
)
)
);
setTimeout(function(){window.close();},100);
}
</script>