4 replies to this topic

[Wonko the Sane]

In the tradition of mostly half-@§§edly put together batch scripts , here is one that should be able to provide dll version info and (hopefully) state to which OS it belongs .

Of course it simply works for the simple chore that it works for .

Not a highly sophisticated detect engine tested for years on any possible .dll, only tested some 15 minutes on a few example ones .

 

dll_ver.g4b

 

!BAT
# String is "FileV" in Unicode
if "%1"=="" goto :usage
set file=%~dpnx1
set string=\x01\x00\x46\x00\x69\x00\x6C\x00\x65\x00\x56\x00
set version=
set char=

debug off
cat --hex --locate=%string% %file% > nul
set /a offbase = %?% + 27

set /a counter=1
:loop
set /a figure=0
set /a offset=%offbase%+%counter%
cat --skip=%offset% --length=1 %file% | set char=

:floop
if "%char%"=="%figure%" set version=%version%%%char%
set /a figure=%figure%+1
if "%figure%"=="10" goto :fnext
goto :floop

:fnext
if "%char%"=="." set version=%version%%%char%
set /a counter=%counter%+1
if "%counter%"=="30" goto :next
goto :loop

:next
set majmin=%version:~0,3%
set os=Unknown Operating System
if "%majmin%"=="5.0" set os=Windows 2000
if "%majmin%"=="5.1" set os=Windows XP
if "%majmin%"=="5.2" set os=Windows XP 64-bit or Server 2003
if "%majmin%"=="6.0" set os=Windows Vista or Server 2008
if "%majmin%"=="6.1" set os=Windows 7 or Server 2008 R2
if "%majmin%"=="6.2" set os=Windows 8 or Server 2012

echo File %file%
echo appears being part of %os%
set version


goto :EOF


:usage
echo This batch should print the version of .dll's
echo tested on 32-bit ONLY
echo You must provide a fully qualified path as parameter.
echo Example:
echo (hd0,0)/Windows/System32/aaaamon.dll
echo or a valid relative path from current ROOT:
echo /Windows/System32/aaaamon.dll

Wonko

Attached Files

•  dll_ver.zip   771bytes   525 downloads

[steve6375]

Looks useful, but if I map a windows install ISO to (0xff) and hook it, I cannot access the files inside as they are joliet nor RR. So I can't use it to tell if an ISO is 32-bit or 64-bit windows.  

[Wonko the Sane]

Looks useful, but if I map a windows install ISO to (0xff) and hook it, I cannot access the files inside as they are joliet nor RR. So I can't use it to tell if an ISO is 32-bit or 64-bit windows.  

Well, since most Windows install disks will have .dll's CAB compressed or residing inside a .wim (and this inside an UDF volume), it seems to me like you have found a multi-level example of a not-simple chore that this batch will NOT help you to perform .

 

JFYI, I can check however the version of /i386/system32/ntdll.dll on XP CD's .

 

On the other hand, if you have on a disk (example) a C:\Windows with XP on it and and a D:\Windows with 7 on it, this thingy may have some use.

 

If you want to detect (original) install cd/dvd images you may want to port isoinfo (possibly with UDF support) to grub4dos or more simply use a similar as the above approach, but looking for the cd/dvd label/Volume id.

 

Wonko

[steve6375]

The files on the Win7 Install ISO have dll's in the \source folder which could have been tested to see if we are trying to boot a 64-bit WinPE on a 32-bit only system. But not if grub4dos can't read the ISOs :-( 

[Wonko the Sane]

The files on the Win7 Install ISO have dll's in the \source folder which could have been tested to see if we are trying to boot a 64-bit WinPE on a 32-bit only system. But not if grub4dos can't read the ISOs :-( 

yep, but that's is a "generic" issue with grub4dos (and I think is not really joliet/rockridge as much as CDFS/UDF ).

Still, if there are .dll's, one could look at the RAW data, locate the name of a specific .dll searching blindly in the RAW sectors, and use the location of the hit as start addres to search for "FileV". 

It could work... 

 

Wonko