Monday, July 27, 2009

Using SyntaxHighlighter javascript library

See this link for instructions on how to use SyntaxHighlighter library within Blogger.


Dump PE format string resource

Code below can be used to dump PE string resource using python.

import os
import re
import pefile #
import sys

def DumpStr(fname):
        pe = pefile.PE(fname)
        print sys.exc_info()[0]
        print "Continue to the next exe/dll"

    # The List will contain all the extracted Unicode strings
    strings = list()

    # Fetch the index of the resource directory entry containing the strings
        rt_string_idx = [
   for entry in
    except (ValueError,AttributeError):
    # Get the directory entry

    rt_string_directory = pe.DIRECTORY_ENTRY_RESOURCE.entries[rt_string_idx]

    # For each of the entries (which will each contain a block of 16 strings)
    for entry in

      # Get the RVA of the string data and
      # size of the string data
      data_rva =[0].data.struct.OffsetToData
      size =[0].data.struct.Size

      # Retrieve the actual data and start processing the strings
      data = pe.get_memory_mapped_image()[data_rva:data_rva+size]
      offset = 0
      while True:
        # Exit once there's no more data to read
        if offset>=size:
        # Fetch the length of the unicode string
        ustr_length = pe.get_word_from_data(data[offset:offset+2], 0)
        offset += 2

        # If the string is empty, skip it
        if ustr_length==0:

        # Get the Unicode string
        ustr = pe.get_string_u_at_rva(data_rva+offset, max_length=ustr_length)
        offset += ustr_length*2

    for strx in strings:
        sSearch = "Set Device"
        m =,strx)
        if m:
            print strx

dirList = os.listdir(path)
for fname in dirList:
    m ="exe|dll",fname)
    if m:
        print os.path.join(path,fname)
        fullname = os.path.join(path,fname)


Mouse Invisible in VirtualBox guest

In VirtualBox 3.0.2, I have noticed that most of the times the mouse goes invisible on text areas. For example, if you are in Notepad, once you starting writing some text in the text area the mouse pointer goes into the black hole. The work around is really easy. Go to (Windows XP) Control Panel –> Mouse –> Pointers, then select Windows Black (system scheme).


Monday, July 20, 2009

Partimage invalid compression level workaround

For some reason, some diskimages created using partimage will encounter "invalid compression level" when restored. See below for the workaround to restore the image back.

#: ntfs-3g /dev/sda1 /mnt/windows #: mv /mnt/windows/img/vista.img.000 /mnt/windows/img/vista.img.gz #: gunzip -c /mnt/windows/img/vista.img.gz | partimage restore /dev/sda1 stdin


Sunday, July 19, 2009

Installing Easy Peasy in EEE PC 900 using external hard drive

Easy Peasy is a linux distribution tuned for EEE PC (Asus Netbook) computers.

D:\Software\iso\syslinux\win32>syslinux.exe -m -a -d / i: -f

Working with swapfile

Swappiness ness%27%27

Thursday, July 02, 2009

Windows dialog rc file is using dialog system units

This has never occurred to me before, I have been tweaking win32 API for awhile, but I really never paid much attention with the dimensions as saved in resource files for dialog boxes. Interestingly, the units stored in rc file are not really in pixel but rather in dialog unit. :( My understanding is that this will make the dialog independent of the font size. If user/developer changes the font size, the dialog box will adjust accordingly. Seems like a neat idea but I was dumbfounded at first sight.

It makes my life harder though as I am trying to cross-reference runtime dialog boxes against design time. I was planning to cross ref them using the dimensions but it turns out to be not a good option.

The quest is on...........

Related links:


Wednesday, July 01, 2009

Working with memory leaks

Detecting and Isolating Memory Leaks (link)

Debugging Tutorial
Debug Tutorial Part 3: The Heap (link)

Assembly Language Reference

Webseter: The place on the Internet to Learn Assembly(link)

MASM 6.1 download (link)