Log in

View Full Version : GDI Reversing


Kayaker
August 21st, 2001, 23:44
Hi All,

And now for something completely different...

Here's a little program I've played with to explore the GDI functions. It's possible to change the way a program looks as well as the way it behaves.

h**p://www.simtel.net/pub/simtelnet/win95/desktop/we2001e.zip
h**p://www.wineye.net/download/wineye2001e.exe
(585Kb)

This is a silly desktop utility which displays a pair of eyes that follow your mouse around. It uses a resource dll for all its window and control creation, but the eyes themselves are created runtime with GDI functions.

To figure out what APIs are used and when, you need to use an API monitor such as APISpy32. Once you've determined where and how the eyes are created you can change any of the parameters to control their drawing. The program itself allows you to change many of the parameters yourself, but the idea is to modify them through code instead.

The project is more just to explore the routines on your own, but a few suggested tasks are to:

1. Get rid of the nag screen, since everybody loves nag screens ;p

2. Stop the eyes from disappearing when the mouse hovers directly over them.

3. Make the left eye 50% smaller.

4. Make the right eye 50% larger, but don't allow the region to be "clipped".

5. Change the color of the pupil to some other color than the default.

6. Have the eyes positioned elsewhere on the screen, say the upper right or center, as they are created.

7. An advanced task might be to add a menu item to allow moving the eyes to the upper right corner of the screen. This would require adding a new menu resource and breaking into code when the item is selected. From there new code would have to be added which emulated or accessed the existing code which draws and positions the eyes.

If anybody gets this last task, a little tutorial would be beneficial to everyone

A little different from the norm, but the principles are exactly the same as when working with other APIs and when performing other reversing tasks. When looking at the GDI output in APISpy32 you can pull out patterns in the calls, as well as the addresses and parameters of the API calls that are used in creating each separate eye, pupil and iris. If you can sort out what functions control which graphic, you can then go about modifying them. I might suggest monitoring with APISpy32 *before* getting rid of the nag screen, since it creates a nice break in the output.

You can modify the parameters runtime in SoftIce and see their effect, but if you can patch the file permanently all the better. Don't ignore the Kernel and User APIs which control window and rectangle creation. You'll need to modify your winice.dat file to include EXP=c:\WINDOWS\SYSTEM\GDI32.DLL.

Good luck and have fun.

Cheers,
Kayaker

CoDe_InSiDe
August 22nd, 2001, 01:42
Hi Kayaker,

Hmm, different kind of project
I want to say 2 things now:

1. A little bug in the program, when the Nag Screen comes up try pressing with your right mouse button on the Eye Icon in the taskbar, the program will crash

2. About your fifth task (Changing the pupil) you can do that in the program itself ;D

Ok, that's all hehe
Further examination will follow (i think)

Cya...

CoDe_InSiDe

Fake51
August 23rd, 2001, 07:40
Interesting to see the move to something almost not about cracking, but solely on rce (only the nag left). Guess this is a good turn.

Bluajn cxielojn
Fake

[yAtEs]
August 24th, 2001, 08:17
This sounds like some evil plan to make the perfect set of eyes for Kayaker, i would strongly advise against this task

regards, yates.

Kayaker
August 24th, 2001, 09:38
LOL [yAtEs], Nah, if I had wanted to coerce people to do my evil bidding I would have used a sexy graphic of a gorgeous girl and asked "Make the left one 50% bigger, make the right one 50% bigger..."

Regards

[yAtEs]
August 25th, 2001, 10:55
_heh_

Clandestiny
August 25th, 2001, 12:25
Kayaker, you're incorrigible