CFF Explorer Script

I’m implementing the LUA as scripting language in the CFF Explorer. It’s working very well and I managed to make it support unicode. Actually, it converts unicode down to utf8, but what’s important is that it keeps the characters as they are. The only thing to remember is that the code itself when handling strings is actually working with utf8 ones. That said, it doesn’t matter how the script is saved as a file on disk: it can be ascii, utf8 or unicode.

I’m not only adding functions for handling Portable Executables, but also a few to communicate with the user. Something similar to VBS with message box, input box, open file, save file, open folder etc.

Here’s a little example of how I implemented the message box function:

if MsgBox(“Continue?”, “My Script”, MB_YESNO | MB_ICONQUESTION) == IDYES then
   MsgBox(“Final Message Box”)

The syntax of the message box can be:

MsgBox(Caption, Title)
MsgBox(Caption, Title, Type)

Of course, it will take some other time to write all the functions, but it won’t be too long. What I’m still thinking about is how modify a file multiple times or just one time. E.g.:

AddResource(“filename”, “resname”, ..)

but also:

filehandle = OpenFile(“filename”)
AddResource(filehandle, “resname”, ..)

So that a single file must not necessary be opened for every operation. On the other hand, it would be also very nice to modify a file with just one line of script. So, I’m looking for a way to implement both systems.

11 thoughts on “CFF Explorer Script”

  1. Actually I wanted to report a bug in CFF Explorer.
    When you open up a .net assembly and
    click “Rebuilder>Remove Strong Name Signature”
    it only closes the file and that’s it.

  2. Well, that bug has been already fixed some weeks ago. Try downloading the CFF Exlorer again.

    By the way, the problem was only that the menu “close” had the same ID of the button (strangely enough) and the message was handled in the wrong way.

    Thank you for you report anyway.

  3. – A – sorry about the delay – for not noticing… i forgot to grab for your main websites blog and only watched the other one…

    so here it is…. basicly all we have to do is test, figure out lua is harder than expected, take some tutorials, test again, maybe report some issues, or aditional request…

    And ofcaurce WORSHIP THEE…. as thy art king of reshacking

  4. ahahah

    well it should be quite easy if you just want to do res hacker script things. It would look something like this:

    File = OpenFile(“filename”)

    For these operation you won’t need to learn any lua syntax.

    What do u think? =)

  5. update: many of the guys interested in this project urge you to setup a paypall account when releasing this patcher,

    Needless to say that this feature seems to be what people REALY want and need…

    goodluck and best wishes…

    btw – i hope my email is visible to you as its your blogg, that way if you want to send me some files or testversions, youd know where to contact me… if you prefer IM (thrueg skype, gtalk or msn messenger for live- feed back, also send me a message im usually online from about 10.00 (GMT +1) till 24:00

  6. Hi there,

    I can’t see your email from your profile, could u write it to me?

    I’m asking for it because I decided to send you as soon as possible a first version of the cff with the AddResource command (deleting resources is much easier). So, as I said, I’m started working on it today, as soon as I finish I’ll send you the exe to try.

    There is still a lot to do, and as I said I don’t think I can give you a complete scripting in less than 2 weeks.

  7. Yes, of course. Thank you!

    Yesterday I was working a lot on the scripting and wrote the AddResource function which is almost ready. This doesn’t sound like a lot, but it was a lot of stuff to write. I implemented handles and other stuff in the scripting.

    The possible syntaxes for this function are:

    AddResource(FileName/Handle, ResName/Handle, ResTypeNameOrId)
    AddResource(FileName/Handle, ResName/Handle, ResTypeNameOrId, ResNameOrId)
    AddResource(FileName/Handle, ResName/Handle, ResTypeNameOrId, Language)

    Which basically means that you could call this function in a lot of ways. The first two parameters can be file names or handles, e.g.:

    AddResource(“ciao.exe”, “res.bmp”, RT_BITMAP)


    filehandle = OpenFile(“ciao.exe”)
    AddResource(filehandle, “res.bmp”, RT_BITMAP)

    The return value of this function is either true or false.

    Here’s a little script I wrote yesterday:

    filename = GetOpenFile(“Select a PE…”, “All\n*.*\nexe\n*.exe\ndll\n*.dll\n”)

    if filename == nil then

    resname = GetOpenFile(“Select a bitmap…”, “bmp\n*.bmp\n”)

    if resname == nil then

    bRet = AddResource(filename, resname, RT_BITMAP)

    if bRet == true then
    MsgBox(“Resource Added!”, “MyScript”, MB_ICONINFORMATION)
    MsgBox(“Couldn’t add resource.”, “MyScript”, MB_ICONERROR)

    This script asks for a file, then for a bitmap and then adds the bitmap to the file.

    Or maybe I could add a bitmap to all exes in a given dir chosen by the user, e.g.:

    str = GetDirectory(“Select Directory…”)

    if str then

    reshandle = OpenFile(“res.bmp”)

    hSearchHandle = InitFindFile(str .. “\\*.exe”)

    if hSearchHandle then
    FName = FindFile(hSearchHandle)

    while FName do
    AddResource(FName, reshandle, RT_BITMAP)
    FName = FindFile(hSearchHandle)

    Hope you like it.

    Unfortunately I can’t work on it in the next two days. The next step is to write the SaveResource function.

  8. this sounds realy nice

    ase with the reverse of this code you allready kinda did our work for us LOL –

    instead of one bitmap to all file – we use all bitmaps to one file with the current reshacker with had to include each file in the script and when for example microsoft added a resource or changes one whe had to completely re-touch the script … now it would just make us rename a single bmp file or add one …

    this wil make life so mutch easier if some guy wants to create his own custom package…

Leave a Reply

Your email address will not be published. Required fields are marked *