![]() We can also see that the threat actor can craft the archive so that folder and file names are the same.The image below shows that the archive is named trading_system, which hints that it is used to target traders.Our intelligence shows that this vulnerability is being exploited as early as April 2023. JPG file) and also a folder that has the same name as the harmless file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. The issue occurs because a ZIP archive may include a benign file (such as an ordinary. It is related to an RCE vulnerability in WinRAR before version 6.23. GetDefaultIcon = (shinfo.On 23 August 2023, NIST disclosed a critical RCE vulnerability CVE-2023-38831. HImgLarge = SHGetFileInfo(fName, 0, shinfo, .SizeOf(shinfo), SHGFI_ICON Or SHGFI_LARGEICON Or SHGFI_USEFILEATTRIBUTES) HImgSmall = SHGetFileInfo(fName, 0, shinfo, .SizeOf(shinfo), SHGFI_ICON Or SHGFI_SMALLICON Or SHGFI_USEFILEATTRIBUTES)ĮlseIf size = IconSize.LargeIcon Or size = IconSize.Tile Then If size = IconSize.SmallIcon Or size = IconSize.Details Or size = IconSize.List Then Shinfo.szTypeName = New String(Chr(0), 80) Shinfo.szDisplayName = New String(Chr(0), 260) Dim fName As String 'The file name to get the icon from. Dim hImgLarge As IntPtr 'The handle to the system image list. 'Listview View Enumeration 'LargeIcon 0 'Details 1 'SmallIcon 2 'List 3 'Tile 4Įnd Enum Public Shared Function GetDefaultIcon( ByVal filename As String, ByVal size As IconSize) As ĭim hImgSmall As IntPtr 'The handle to the system image list. Private Const SHGFI_LARGEICON = &H0 ' Large icon Private Const SHGFI_USEFILEATTRIBUTES = &H10 ' use passed dwFileAttribute Private nIndex = 0 Public szTypeName As String End Structure Private Declare Ansi Function SHGetFileInfo Lib "shell32.dll" ( ByVal pszPath As String, _īyVal dwFileAttributes As Integer, ByRef psfi As SHFILEINFO, ByVal cbFileInfo As Integer, _ Public hIcon As IntPtr ' : icon Public iIcon As Integer ' : icondex Public dwAttributes As Integer ' : SFGAO_ flags #Region "API's" Private Structure SHFILEINFO Equals( Nothing) ThenĮnd Function '=USAGE= Dim fpp As String = "C:\Program Files\WinRAR\RarExt.dll" Dim bit As Bitmap = GetBitmapFromResources(fpp, 4100) Equals( Nothing) ThenĮnd If If Not hModule. HBitmap = LoadBitmap(hModule, resourcesID)įinally If Not hBitmap. Private Declare Auto Function DeleteObject Lib "gdi32" ( ByVal hObject As IntPtr) As Boolean Private Function GetBitmapFromResources( ByVal FilePath As String, ByVal resourcesID As Integer) As Bitmapĭim hModule As IntPtr = LoadLibrary(FilePath)ĭim bmp As Bitmap = Nothing Dim hBitmap As IntPtr Private Declare Function FreeLibrary Lib "kernel32" ( ByVal hModule As IntPtr) As Boolean Private Declare Auto Function LoadBitmap Lib "user32" ( ByVal hInstance As IntPtr, ByVal lpBitmapName As Integer) As IntPtr Private Declare Auto Function LoadLibrary Lib "kernel32" ( ByVal lpFileName As String) As IntPtr Or use the Forum Code Formatter by JohnWein Please format the code in your posts with the button. ContextMenuStrip = ContextMenuStrip1 End Sub Private Sub WinRarToolStripMenuItem_Click( ByVal sender As System.Object, ByVal e As System.EventArgs) End SubĬoding4fun Be a good forum member mark posts that contain the answers to your questions or those that are helpful I.Image = Bitmap.FromHicon(IC.Handle) End With (I) AddHandler I.Click, AddressOf WinRarToolStripMenuItem_Click Me. Load Dim I As New ToolStripMenuItem( "WinRar" ) With I Dim IC As Icon = ( "C:\Program Files\WinRAR\WinRAR.exe" ) Public Class Form1 Private Sub Form1_Load( ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase. This code does not use the registry or an API but can get the Icon used by an exe and use it in a contextmenustrip Public Function getIconFromFile(ByVal fileLocation As String, ByVal iconIndex As Integer) As Iconĭim bmptr As IntPtr = ExtractIcon(.Handle, fileLocation, iconIndex) ![]() Public Declare Auto Function ExtractIcon Lib "shell32" (ByVal hInstance As IntPtr, ByVal FileName As String, ByVal IconIndex As Integer) As IntPtr Using API, you can specify which icon to extract NET Built-in function : will always extract icon at index 0ĭim ExtractIcon As Icon = ("C:\Program Files\WinRAR\WinRAR.exe") I always use extractIcon API bcos it gives option for icon index. net, it will always extract icon at zero index. For example, if you try to extract icon from portable executable (PE) using built-in function in. so when extracting icon without specify the index location, the PE will automatically set the location to indexĠ. When you add multiple icons to executable or dll library, PE stored them as array list in index location where the first index will be zero (0).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |