Hi Shaggy, yeah, that's right, but that's only the "description" of things, and not any actual source code.
---------
Ahhh, I mis-read your last post. Well, I tried GitLab, and they had a 1GB limit. I didn't try GitHub.
Any software I post in these forums written by me is provided "AS IS" without warranty of any kind, expressed or implied, and permission is hereby granted, free of charge and without restriction, to any person obtaining a copy. To all, peace and happiness.
I'm gonna work on a routine to see how many EXEs, DLLs, & OCXs we're actually talking about.
Any software I post in these forums written by me is provided "AS IS" without warranty of any kind, expressed or implied, and permission is hereby granted, free of charge and without restriction, to any person obtaining a copy. To all, peace and happiness.
Hmmm, it's not too bad. I might go through and just delete them.
Shaggy, if you're looking in, anything besides EXEs, DLLs, & OCXs I need to be thinking about?
Here's what I found:
Code:
AntiVirus2004(3-0)\Secure\Kopie von codered.exe Antivirus_1711292202004.zip
Frac2_Final\MYTERR2.EXE A_3D_fract18203911202004.zip
btms.dll Banks_Tran1792759122004.zip
mvbMath.dll Blank_Engi2067755272007.zip
Tools\BE Script\BEScript.exe Blank_Engi2067755272007.zip
Tools\BPF Maker\BPFmaker.exe Blank_Engi2067755272007.zip
Tools\ResPacker\ResMaker.exe Blank_Engi2067755272007.zip
cEdit\grx\icons\cEdit1.exe cEdit189552612005.zip
programmeren\Projecten\Proef\treeview\Treeview.exe CODE_UPLOAD104521052000.zip
Gif89.dll CODE_UPLOAD41483222000.zip
radcfg.exe CODE_UPLOAD5413522000.zip
PORT.DLL COMplotter1627268102003.zip
clinica\clinica.exe consultori198466422006.zip
clinica\CONSULTORIO.exe consultori198466422006.zip
clinica\pplus_us.exe consultori198466422006.zip
setupformdesigner.exe Formdesign168943122004.zip
process memory usage\RAM_usage.exe Get_proces198451412006.zip
Client\Tools\Rar.exe Handle-X_T187133432005.zip
Client\Tools\UnRAR.exe Handle-X_T187133432005.zip
Vnspeech.dll Lite_PAd178855912004.zip
Petrol+Mgt+Sys\res\pd01.dll Petrol_and1845971312005.zip
Petrol+Mgt+Sys\res\pd02.dll Petrol_and1845971312005.zip
Petrol+Mgt+Sys\res\pd03.dll Petrol_and1845971312005.zip
Petrol+Mgt+Sys\res\shiftDe01.dllPetrol_and1845971312005.zip
Petrol+Mgt+Sys\res\shiftDe02.dllPetrol_and1845971312005.zip
Petrol+Mgt+Sys\res\shiftDe03.dllPetrol_and1845971312005.zip
wizard\about.exeProduct_Ac1785808252004.zip
Transport Automation System 1.0\configtas.dll Transport_18194311182004.zip
Transport Automation System 1.0\tasconfig.dll Transport_18194311182004.zip
XP Title.ocx xp_style113406812002.zip
Professional Address Book\Professional Address Book\Niro Address Book.exe [_Address_1857562252005.zip
---------------------
EDIT: I saw an OCA file, so I added those to the list too.
Last edited by Elroy; Sep 6th, 2020 at 12:37 PM.
Any software I post in these forums written by me is provided "AS IS" without warranty of any kind, expressed or implied, and permission is hereby granted, free of charge and without restriction, to any person obtaining a copy. To all, peace and happiness.
Ok, I've purged all these file types from the ZIP files:
EXE
DLL
OCX
OCA
OBJ
EX_
OC_
DL_
From staring at quite a few of the ZIP files, they all pretty much seem like source code now. I'm uploading the new Zip-of-the-Zip files now to Google Drive.
Shaggy, do you think it'd be ok to edit my post #110 and put the link back in? I won't do that until I get your approval.
Also, once you approve it, it makes sense to me to put a thread in the codebank about this as well.
Best Regards,
Elroy
Any software I post in these forums written by me is provided "AS IS" without warranty of any kind, expressed or implied, and permission is hereby granted, free of charge and without restriction, to any person obtaining a copy. To all, peace and happiness.
... anything besides EXEs, DLLs, & OCXs I need to be thinking about?
Maybe .vbw files? Technically, not having these can prevent malicious UCs from activating as soon as the project loads. How? Let's say some UC does stuff at startup. It can't activate if it's not displayed and the vbw file may be telling VB to display the form that that UC exists on. Just a thought. Above said, doesn't stop someone from displaying the form manually after VB loads the project. But whether paranoid or not, it's commonsense to scan code pages before playing with other people's code. For example, maybe they are writing to the registry and you don't want that.
Insomnia is just a byproduct of, "It can't be done"
Maybe .vbw files? Technically, not having these can prevent malicious UCs from activating as soon as the project loads. How? Let's say some UC does stuff at startup. It can't activate if it's not displayed and the vbw file may be telling VB to display the form that that UC exists on. Just a thought. Above said, doesn't stop someone from displaying the form manually after VB loads the project. But whether paranoid or not, it's commonsense to scan code pages before playing with other people's code. For example, maybe they are writing to the registry and you don't want that.
Argh, I saw quite a few of those ... and wasn't worrying about them. I'll take a look though.
EDIT: Argh again ... there are 7,615 of the things. I was more-or-less manually deleting the other things, as they were a manageable number. However, I'm not going through and manually deleting 7,615 vbw files. I'll work on how to automate it.
Last edited by Elroy; Sep 6th, 2020 at 04:03 PM.
Any software I post in these forums written by me is provided "AS IS" without warranty of any kind, expressed or implied, and permission is hereby granted, free of charge and without restriction, to any person obtaining a copy. To all, peace and happiness.
However, I'm not going through and manually deleting 7,615 vbw files. I'll work on how to automate it.
That many? When I was a member of PSC, those used to be stripped out for the specific reason of helping prevent malicious code at project load. Looks like their policy or stripping routines stopped doing that. I'm not sure how many projects were uploaded to PSC over the years, but I'd imagine significantly more than 7.6k
Insomnia is just a byproduct of, "It can't be done"
Well, from what I've got, I've got 13,852 separate projects. So, about half of them still have their VBW files in them.
If there are more PSC projects, I've got no idea how to get them.
Any software I post in these forums written by me is provided "AS IS" without warranty of any kind, expressed or implied, and permission is hereby granted, free of charge and without restriction, to any person obtaining a copy. To all, peace and happiness.
Ok, I took a look and I'm probably going to draw the line at these VBW files. Short of unzipping each file, deleting the VBW file(s), and then re-zipping, I don't have any code to directly delete files from ZIP files. I took a look at Wqweto's interface to the 7Zip library, and even that doesn't show an API call for deleting a specific file within a ZIP file.
LaVolpe, if you know of any clean code to do this, I'll take a look at it though. Short of that, I think I'm done, having deleted everything that's a clear binary (see list in post #124).
Also, just as an argument to be allowed to post this here, many of the ZIPs attached around here have VBW files. Not saying it's good ... just saying it.
Any software I post in these forums written by me is provided "AS IS" without warranty of any kind, expressed or implied, and permission is hereby granted, free of charge and without restriction, to any person obtaining a copy. To all, peace and happiness.
LaVolpe, if you know of any clean code to do this, I'll take a look at it though. Short of that, I think I'm done, having deleted everything that's a clear binary (see list in post #124).
Also, just as an argument to be allowed to post this here, many of the ZIPs attached around here have VBW files. Not saying it's good ... just saying it.
Nope, not familiar with any such code to do what you are asking. And regarding the vbw files... the only reason I am even aware of the potential for malicious code being activated just because that file exists, was from PSC. They explained why those were being stripped. As for those existing in tons of zips; no doubt, Even in stuff I zip up at times as I don't remember to exclude it all times. If it could be done easily, it's just a plus. Hopefully most people actually do scan sample projects before blindly hitting Ctrl+F5. As a matter of habit, I always exclude .vbw files when unzipping downloads.
Last edited by LaVolpe; Sep 6th, 2020 at 04:55 PM.
Insomnia is just a byproduct of, "It can't be done"
But... the *.vbw can't execute any code, they just set what code windows are opened, but the code windows don't execute code. It is the forms and UserControls designer windows that can execute code, but not the code windows.
An obscure body in the SK system. The inhabitants call it Earth
Posts
7,900
Re: Re PlanetSourceCode
do you think it'd be ok to edit my post #110 and put the link back in?
Just want to double check (because I haven't read through the whole thread) you've removed all the compiled elements, right? If so, yeah, go ahead and add your link back in. Our rules are really all about avoiding compiled code so it sound's like you've covered that.
The only thing I'd add, now that you've removed all the exes etc, is it small enough to upload direct to VBF? If so it's a bit better if you do so but if it's still too large then go ahead and link it.
Another thing you might want to consider is whether this is suitable to go in the Utilities section. We do allow compiled code in there (as long as it's got the associated source along side it) but specify that users download it at their own risk.
Finally, I just want to say hats off to you for going to such lengths to honour both the word and the spirit of our rules at the same time as going out of your way to make available something that others want. I'm genuinely quite taken aback by that.
The best argument against democracy is a five minute conversation with the average voter - Winston Churchill
Hadoop actually sounds more like the way they greet each other in Yorkshire - Inferrd
But... the *.vbw can't execute any code, they just set what code windows are opened, but the code windows don't execute code. It is the forms and UserControls designer windows that can execute code, but not the code windows.
True. The vbw file tells VB which forms and code pages to display when the project starts up. When a form loads in the IDE with a usercontrol on it, the usercontrol executes code. So in a sense, the vbw file is activating the usercontrol in that scenario. And without the vbw, that form would not be displayed when the project loaded.
Insomnia is just a byproduct of, "It can't be done"
An obscure body in the SK system. The inhabitants call it Earth
Posts
7,900
Re: Re PlanetSourceCode
Why not creating a special folder on VBForums called PSC, where to upload all code with their desriptions?
I think you're basically describing the Utilities section. It's not limited to PlanetSourceCode but it is a place where users can upload useful utilities they want to offer up to the community and we do allow compiled elements in there, (though we do ask that the source is also made available).
If I've missed the point of your suggestion then I'd suggest starting up a thread in the forum feedback section.
The best argument against democracy is a five minute conversation with the average voter - Winston Churchill
Hadoop actually sounds more like the way they greet each other in Yorkshire - Inferrd
True. The vbw file tells VB which forms and code pages to display when the project starts up. When a form loads in the IDE with a usercontrol on it, the usercontrol executes code. So in a sense, the vbw file is activating the usercontrol in that scenario. And without the vbw, that form would not be displayed when the project loaded.
Now, I can't tell you what combination of actions within the IDE sets the values in the vbw file the way it does. VB options has an effect? Service Pack has an effect? Don't know.
If you want to have a form show up in design when you load a project, try this for proof of concept.
- With NotePad open any VBW for any unloaded project with forms
- inside the vbw file, you should see one or more forms listed
- pick one or two and remove the "C" at the end of the line, but leave the trailing comma
- save the vbw file
- now reopen the project; the form should be in design-view
Again, I don't know how VB writes that file. But I think any character other than C shows the form. C = CodePage? A long time ago, I scanned lots of vbw files out of curiosity. The most common characters I saw at the end of those lines were C, Z, and nothing/space.
Last edited by LaVolpe; Sep 7th, 2020 at 10:31 AM.
Insomnia is just a byproduct of, "It can't be done"
I think you're basically describing the Utilities section. It's not limited to PlanetSourceCode but it is a place where users can upload useful utilities they want to offer up to the community and we do allow compiled elements in there, (though we do ask that the source is also made available).
If I've missed the point of your suggestion then I'd suggest starting up a thread in the forum feedback section.
I know that, but it is to split with real utilities section, with PSC in order to avoid to be a totally junk part. (PSC has a lot of junk sources)
Or a sub folder
Yes, you are right, removing the last C it loads the form.
Maybe VB saw this a security issue and some service pack defaulted to C? I would have to scan all my vbw files to find one that doesn't have a trailing C, but I know I've seen them. But even if it was fixed in a service pack, then why does the SP6 allow it to be displayed when no C? In any case, this is how someone with malicious intent can cause damage, especially if we ran our IDE elevated, thus giving the UC code full admin privileges.
Insomnia is just a byproduct of, "It can't be done"
Yes, they could execute anything by doing that. It is a dangerous thing.
Simple solution, after downloading projects, extract everything but the vbw file. If you extracted it, then delete it afterwards. And of course, visually scan code and never run unknown source projects elevated until you have scanned it.
Paranoia? Not really, I personally dislike code writing to the registry, especially via APIs (until I understand why). So, I tend to look for that stuff. At least most on this site would never intentionally upload malicious code; it's the unintentional oops-code that maybe people should worry about.
Edited: For you VB add-in authors, maybe this is something you may want to consider -- prevent anything but code pages being displayed when projects are opened within the IDE? I know I'd use it.
Last edited by LaVolpe; Sep 7th, 2020 at 12:07 PM.
Insomnia is just a byproduct of, "It can't be done"
Also, LaVolpe, I'll put a note in the CodeBank post about the VBW files, and also visually scanning the code. Actually, that goes for any code we download.
Any software I post in these forums written by me is provided "AS IS" without warranty of any kind, expressed or implied, and permission is hereby granted, free of charge and without restriction, to any person obtaining a copy. To all, peace and happiness.
Also, LaVolpe, I'll put a note in the CodeBank post about the VBW files, and also visually scanning the code. Actually, that goes for any code we download.
Unless I uploaded it
Insomnia is just a byproduct of, "It can't be done"
hahaha, actually, when running through the ZIPs, I did notice a whole section that was prefaced with LaVolpe....
Any software I post in these forums written by me is provided "AS IS" without warranty of any kind, expressed or implied, and permission is hereby granted, free of charge and without restriction, to any person obtaining a copy. To all, peace and happiness.
hahaha, actually, when running through the ZIPs, I did notice a whole section that was prefaced with LaVolpe....
Almost wish you can delete 80% of that stuff -- I was such a novice for the first few years, trying to tackle all sorts of things at once. Only later on when I settled down to focus on tackling one topic at a time, did I become a better writer. In other words, lots of that code would probably make me embarrassed to see it potentially used/referenced today.
Insomnia is just a byproduct of, "It can't be done"
Almost wish you can delete 80% of that stuff -- I was such a novice for the first few years, trying to tackle all sorts of things at once. Only later on when I settled down to focus on tackling one topic at a time, did I become a better writer. In other words, lots of that code would probably make me embarrassed to see it potentially used/referenced today.
hahaha, nahhh, it's there for eternity for all the world to see.
Any software I post in these forums written by me is provided "AS IS" without warranty of any kind, expressed or implied, and permission is hereby granted, free of charge and without restriction, to any person obtaining a copy. To all, peace and happiness.
PSC being a humbling experience in 2020 for all of the "authors" in there :-))
In PSC's prime, VB6 not on the chopping block, so many members, few rules for what was posted, tons of feedback, great place to cut one's teeth. But also lots of junk code, half-thought out stuff, few gems. But there were coders there that were very experienced and shared without hesitation. I learned so much from many of them.
Last edited by LaVolpe; Sep 7th, 2020 at 02:51 PM.
Insomnia is just a byproduct of, "It can't be done"
In PSC's prime, VB6 not on the chopping block, so many members, few rules for what was posted, tons of feedback, great place to cut one's teeth. But also lots of junk code, half-thought out stuff, few gems. But there were coders there that were very experienced and shared without hesitation. I learned so much from many of them.
True!
My first submission was Hyperlink Sample (one API function used:-). The unintended twist was that the sample link opened the default browser and voted 5 for the very submission with no user intervention. Needless to say this easily won the monthly contest and forced PSC to change voting page to POST requests. . .
Btw, Elroy, did you have any trouble "decrypting" the ZIP files or was it as simple as XOR'ing with &HFF?
Well, I managed to get a-hold of that Decode PSC File.exe utility and just started by decoding a couple of them. The first thing I noticed was that the PCS files were the same size as the ZIP files. So, I pulled them up in a hex editor and set them side-by-side. The beginning of the hex files were the same. However, once you scrolled down, it was completely different. I thought about staring at it long enough to figure out what was going on, but then decided to just write a program to "automate" that little Decode PSC File.exe program, and that's what I did.
Just lots of FindWindow, LockSetForegroundWindow, SetForegroundWindow, SendInput, etc, etc. But I already had that stuff, and I've done it several times before.
It tied up my computer for about 6 hours. But, once I got it all stable, I just let it run overnight.
-------
I used your cls_Gen_Unzip (I may have renamed it) class to unzip the files. The class with the Init, Count, Unzip, FileName, etc. Friend methods. Once they were converted to ZIP files, your class worked perfectly.
EDIT: I needed to unzip them to get the title and description out of the @PSC_???.txt internal file. Also, I used your class to search (and delete) all those EXE etc files. I actually had to do the deletions manually (using a combination of 7Zip and Windows Explorer).
Any software I post in these forums written by me is provided "AS IS" without warranty of any kind, expressed or implied, and permission is hereby granted, free of charge and without restriction, to any person obtaining a copy. To all, peace and happiness.
... Btw, Elroy, did you have any trouble "decrypting" the ZIP files or was it as simple as XOR'ing with &HFF?
cheers,
</wqw>
PSC files encryption is a bit nasty as some files are not fully encrypted but only some sections of the ZIP (local file header, central directory file header, end central directory record) could be encrypted. Repairing these partly encrypted archives will result in lost files. Same happens if just ignore the errors during extracting.
I've made a tool (VB.NET) to analyze and decrypt sections but there is a problem when the starting for the file sections are not encrypted but the next sections are (encrypted). The result ZIP file cannot be fully extracted due to some errors (depends on the archiver what message is returned). If all ZIP sections are encrypted the result archive is extracted successfully.
Probably it is few bad bytes but I will check it next days. After that I will publish the source of the tool.
BTW my idea is to have project that will transfer all PSC ISOs projects (contributions) to repositories in centralized Git organization like GitHub, GitLab, Gitea, Gogs and others. Currently I am planning to use Gitea API to create repos as Gitea is very easy to self-host for testing the process.
Edit: Forgot to mention that only one file is not extracted from the partially encrypted archives. So it is really few bad bytes error.
Last edited by peterst; Sep 7th, 2020 at 03:47 PM.
I'll keep the submissions ZIP files online until I figure out how to upload each source code as separate repo to github with proper README with original image and every other info from the mdb file. Biggest problem will be how to recreate votes on PSC as stars on github, next to probably hundreds of fake accounts :-))
Probably it is few bad bytes but I will check it next days. After that I will publish the source of the tool.
Yes.
Originally Posted by peterst
BTW my idea is to have project that will transfer all PSC ISOs projects (contributions) to repositories in centralized Git organization like GitHub, GitLab, Gitea, Gogs and others. Currently I am planning to use Gitea API to create repos as Gitea is very easy to self-host for testing the process.
I'll be using Elroy's effort to extract each submission into a repo under PSC org on github w/ proper README in markdown w/ images and more info.
Coming up with repo names is the first problem. Have to strip junk from project title/description and come up with 2-4 meaningful words while preventing duplicate names.
...
I'll be using Elroy's effort to extract each submission into a repo under PSC org on github w/ proper README in markdown w/ images and more info.
Coming up with repo names is the first problem. Have to strip junk from project description and come up with 2-4 meaningful words while preventing duplicate names.
cheers,
</wqw>
These are some of the steps my project is planned to have. Here is my list:
Decrypt and extract projects from each CD to own directory
Copy in properly named directory each project
Remove unnecessary or dangerous files (exe, ocx, etc. - configurable in configuration file)
For each project create README.md from existing readme file and all other required files like .gitignore
Create copy of each project in separate directory where Git repositories will be initialized
Connect to Gitea via API and for each project create new repository, initialize local git repo and perform initial commit
Just as a further FYI, there were about 10 of those PCS/ZIP files that didn't have a @PCS_ReadMe_????.txt file within them. For consistency, I created one that basically said...
Title: unknown
Description: unknown
...and threw that into the PCS/ZIP files where it was missing. It was truly only a small handful though.
Any software I post in these forums written by me is provided "AS IS" without warranty of any kind, expressed or implied, and permission is hereby granted, free of charge and without restriction, to any person obtaining a copy. To all, peace and happiness.
Yes, proper .gitignore and .gitattributes must be created for any VB repo.
Existing @PSC_ReadMe_Xxxx.txt file is not very useful/complete but the PscEnc.mdb database contains the full description as last edited by the original author.
You don't need gogs/gitea API at all. Just register a remote then push local repo to it using git.exe. You can later "expose" the remote under gogs/gitea frontend for browsing.
Yes, proper .gitignore and .gitattributes must be created for any VB repo.
Existing @PSC_ReadMe_Xxxx.txt file is not very useful/complete but the PscEnc.mdb database contains the full description as last edited by the original author.
You don't need gogs/gitea API at all. Just register a remote then push local repo to it using git.exe. You can later "expose" the remote under gogs/gitea frontend for browsing.
cheers,
</wqw>
Well, I think I'm done with my part. Anyone/everyone is totally welcome to take what I've done and do with it whatever they like.
Best Regards,
Elroy
Any software I post in these forums written by me is provided "AS IS" without warranty of any kind, expressed or implied, and permission is hereby granted, free of charge and without restriction, to any person obtaining a copy. To all, peace and happiness.
...
You don't need gogs/gitea API at all. Just register a remote then push local repo to it using git.exe. You can later "expose" the remote under gogs/gitea frontend for browsing.
Creating remote repo in organization requires use of API. Having thousands of projects will require thousands of repos. That's what I am thinking of the process steps.