Guest User

QuickBMS readme

a guest
Mar 4th, 2014
1,269
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################
  2.  
  3.  
  4. QuickBMS
  5. by Luigi Auriemma
  6. e-mail: aluigi@autistici.org
  7. web: aluigi.org
  8. home: http://quickbms.aluigi.org
  9.  
  10.  
  11. #######################################################################
  12.  
  13.  
  14. 1) Introduction
  15. 2) Usage
  16. 3) Reimport the extracted files
  17. 4) How to create scripts (for developers only!)
  18. 5) Experimental input, output and other features
  19. 6) Notes
  20. 7) Support
  21. 8) Additional credits
  22.  
  23.  
  24. #######################################################################
  25.  
  26. ===============
  27. 1) Introduction
  28. ===============
  29.  
  30.  
  31. QuickBMS is a multiplatform extractor engine that can be programmed
  32. through some simple textual scripts for extracting files and
  33. information from the archives of any program and moreover games.
  34.  
  35. The script language from which QuickBMS is derived is MexScript
  36. documented here: http://wiki.xentax.com/index.php/BMS
  37. So QuickBMS is FULLY compatible with that original syntax and all the
  38. scripts that were created here:
  39. http://forum.xentax.com/viewtopic.php?t=1086
  40.  
  41. QuickBMS supports also the WCX plugins of Total Commander:
  42. http://www.totalcmd.net/directory/packer.html
  43. http://www.ghisler.com/plugins.htm
  44.  
  45. I improved the original BMS language for removing some implied fields
  46. (like the file number in some commands) and adding new commands (like
  47. Encryption) and behaviours (like negative GoTo) that allow QuickBMS to
  48. work with tons of simple and complex formats and even doing things like
  49. modifying files, creating new files with headers and reimporting files
  50. back in their archives.
  51.  
  52. The tool is open source under the GPL license and works on both Windows
  53. and Linux and on both little and big endian architectures like Intel
  54. and PPC.
  55.  
  56. The official homepage of QuickBMS is:
  57.  
  58. http://quickbms.aluigi.org
  59.  
  60. In case it doesn't work try:
  61. http://aluigi.altervista.org/quickbms.htm
  62.  
  63. QuickBMS is perfect for those works in which you need a quick way to
  64. extract information from files and at the same time you would like to
  65. reinject them back without writing a standalone tool from extraction
  66. and rebuilding, moreover if you have 100 different types of archives
  67. to reverse engineer and handle.
  68.  
  69. For Linux users there is a Makefile in the src folder, the only
  70. requirements are openssl, zlib and bzip2 while the optional components
  71. are ucl, mcrypt and tomcrypt (uncomment the commented line near the
  72. end of the Makefile to enable them).
  73. If your distro supports apt-get and you have problems during the usage
  74. of make try the following:
  75.  
  76. apt-get install gcc g++ zlib1g-dev libbz2-dev libssl-dev liblzo2-dev unicode
  77.  
  78.  
  79. #######################################################################
  80.  
  81. ========
  82. 2) Usage
  83. ========
  84.  
  85.  
  86. Simple and quick:
  87. - double-click on quickbms.exe
  88. - select the script or the plugin for the type of archive you want to
  89. extract (for example zip.bms if it's a zip file)
  90. - select the archive or multiple files
  91. you can also select a whole folder by entering in it and then typing
  92. * or "" in the "File name:" field and select Open
  93. - select the output folder where extracting the files (you can specify
  94. any filename, it will be ignored because only the directory is taken)
  95. - watch the progress of the extraction
  96.  
  97. The above one is the simple "GUI" usage but QuickBMS can do various
  98. other things when launched from the console because it supports various
  99. command-line options for advanced users or for who writes scripts.
  100. You can view all the available options simply launching QuickBMS
  101. without arguments, example:
  102.  
  103. Usage: quickbms [options] <script.BMS> <input_archive/folder> [output_folder]
  104.  
  105. Options:
  106. -l list the files without extracting them
  107. -f W filter the files to extract using the W wildcards separated by comma or
  108. semicolon, example -f "*.mp3,*.txt;*myname*"
  109. if the filter starts with ! it's considered an ignore filter
  110. the filter can be also a text file containing filters
  111. example: quickbms -f "*.mp3;!*.ogg" script.bms archive.dat output
  112. example: quickbms -f myfilters_list.txt script.bms archive.dat
  113. please use {} instead of * to avoid problems on Windows
  114. -F W as above but works only with the files in the input folder (if used)
  115. example: quickbms -F "*.dat" script.bms input_folder output_folder
  116. -o if the output files already exist this option will overwrite them
  117. automatically without asking the user confirmation
  118. -k keep the current files if already exist without asking (skip all)
  119. -r experimental reimport option that should work with many archives:
  120. quickbms script.bms archive.pak output_folder
  121. modify the needed files in output_folder and maybe remove the others
  122. quickbms -w -r script.bms archive.pak output_folder
  123. you must read section 3 of quickbms.txt before using this feature
  124. -s SF add a script file or command before the execution of the input script,
  125. useful if an archive uses a different endianess or encryption and so on
  126. SF can be a script or directly the bms instruction you want to execute
  127. -u check if there is a new version of QuickBMS available
  128. -. don't terminate QuickBMS if there is an error while parsing multiple
  129. files (like wrong compression or small file), just continue with the
  130. other files in the folder
  131.  
  132. Advanced options:
  133. -d automatically create an additional output folder with the name of the
  134. input folder and file processed, eg. models/mychar/mychar.arc/FILES,
  135. -d works also if input and output folders are the same (rename folder)
  136. -D similar to -d but will not create the folder with the filename
  137. -E experimental option for automatically reversing the endianess of any
  138. file simply reading it field by field (so each get will produce a put)
  139. -c quick list of the basic BMS commands and some notes about this tool
  140. -S CMD execute the command CMD on each file extracted, you must specify the
  141. #INPUT# placeholder which will be replaced by the name of the file
  142. example: -S "lame -b 192 -t --quiet #INPUT#"
  143. -Y automatically answer yes to any question
  144. -O F redirect the output of all the extracted files to the file F
  145.  
  146. Debug and experimental options:
  147. -v verbose debug information, useful for verifying possible errors
  148. -V alternative verbose output, useful for programmers
  149. -L F dump the offset/size/name of the files inside the file F
  150. -x use the hexadecimal notation in myitoa (debug)
  151. -0 no extraction of files, useful for testing a script without using space
  152. -R needed for the programs that act as interface for QuickBMS
  153. -a S pass arguments to the input script like quickbms_arg1, 2, 3 and so on
  154. -H cool HTML hex viewer output, use it only with very small files!
  155. -X cool hex viewer output on the console (support Less-like keys)
  156. -9 toggle XDBG_ALLOC_ACTIVE (enabled)
  157. -8 toggle XDBG_ALLOC_INDEX (enabled)
  158. -7 toggle XDBG_ALLOC_VERBOSE (disabled)
  159. -6 toggle XDBG_HEAPVALIDATE (disabled)
  160. -3 execute an INT3 before each CallDll, compression and encryption
  161.  
  162. Features and security activation options:
  163. -w enable the write mode required to write physical input files with Put*
  164. -C enable the usage of CallDll without asking permission
  165. -n enable the usage of network sockets
  166. -p enable the usage of processes
  167. -A enable the usage of audio device
  168. -g enable the usage of video graphic device
  169. -m enable the usage of Windows messages
  170. -G enable the GUI mode on Windows
  171.  
  172. Remember that the script and the input archive/folder are ever REQUIRED
  173. and must be specified at the end of the command-line so if you want to
  174. list all the mp3 files in a particular archive you must use:
  175.  
  176. quickbms -l -f "*.mp3" zip.bms myfile.zip
  177. quickbms -l -f "{}.mp3;{}.ogg" zip.bms myfile.zip
  178. quickbms -l -f "*.mp3;*.ogg,*filename*" zip.bms myfile.zip
  179. quickbms -l -f file_containing_the_filters.txt zip.bms myfile.zip
  180.  
  181. QuickBMS supports also a folder as input which means that with a single
  182. command it's possible to unpack all the archives of a game directly
  183. using QuickBMS.
  184.  
  185. Imagine to use the zip.bms script with all the zip files located in the
  186. c:\windows\temp folder:
  187.  
  188. quickbms -F "*.zip" zip.bms "c:\Program Files" c:\output_folder
  189.  
  190. Note: sometimes Windows doesn't like the * char even if used between
  191. quotes, so in case of problems if "*.zip" doesn't work you can
  192. use {} instead of * like "{}.zip"
  193.  
  194. Except for -l, -f, -F and maybe -o and -s options the other are
  195. intended for debugging, special features or enabling/disabling some
  196. options and so should be ignored by the normal users.
  197.  
  198. If the extraction with a particular script is too slow or scanning a
  199. folder takes too much memory and time try using the -9 option that
  200. disables the memory protection.
  201.  
  202. You can apply these options directly in a link/shortcut to quickbms so
  203. that you can use the double-click method and all the command-line
  204. options you desire.
  205.  
  206. In the same package you should find also quickbms_4gb_files.exe
  207. (previously known as quickms64_test.exe) that is an "experimental"
  208. version that uses 64bit numbers instead of the original 32 bits:
  209. - it supports archives and files bigger than 4 gigabytes
  210. - it may have problems to work with some "particular" scripts
  211. - it's a native 32bit application so works on both 32 and 64bit systems
  212. - it's experimental and so not much supported, problems like crashes
  213. and incorrect math operations can happen often
  214.  
  215. ---
  216.  
  217. Advanced users could find useful also the other options:
  218.  
  219. -d automatically creates a folder with the name of the input file where
  220. placing all the files, sometimes it could be useful in some rare
  221. cases where users needed it.
  222.  
  223. -E if you have a bms script that simply reads a file format you can
  224. change the endianess of all its numeric fields on the fly simply
  225. using this option.
  226. for example if you have a "get SIZE long" a 32bit number will be
  227. read as usual and additionally it will be reversed (0x11223344 to
  228. 0x44332211) and placed at the same location.
  229. remember that you need to specify also the -w option with physical
  230. files, alternatively you can save the whole file in a memory file
  231. and then dumping it so that -w is not needed.
  232. with this option is really a joke to convert the endianess of files
  233. between different platforms, like xbox 360 and PC.
  234.  
  235.  
  236. #######################################################################
  237.  
  238. ===============================
  239. 3) Reimport the extracted files
  240. ===============================
  241.  
  242.  
  243. As already said QuickBMS is primarly an extraction tool, anyway from
  244. version 0.4.9 it supports also the -r option that transforms the tool
  245. in a simple reimporter/reinjector and so could be useful in some cases
  246. for who wants to mod or translate a game.
  247.  
  248. The idea consists in being able to reimport ("injecting back") the
  249. modified files in the majority archives without touching a single line
  250. of the script, yeah just reusing the same bms scripts that already
  251. exist!
  252.  
  253. -----------------------------------------------------------------------
  254.  
  255. Using this feature is really trivial and the following is an example
  256. step-by-step:
  257.  
  258. - make a backup copy of the original archive!
  259.  
  260. - extract the files or only those you want to modify (-f option) as you
  261. do normally via the GUI (double-click on quickbms.exe) OR via
  262. command-line:
  263.  
  264. quickbms script.bms archive.pak output_folder
  265.  
  266. - do your modifications to the extracted files and I suggest to delete
  267. the files that have not been modified so that the reimporting process
  268. will be faster, so if you can it's better if in the folder you leave
  269. only the files you have changed
  270. note that their size must be minor or equal than the original!
  271.  
  272. - reimport the files in the archive via the GUI by clicking on the
  273. file called "reimport.bat" OR via command-line:
  274.  
  275. quickbms -w -r script.bms archive.pak output_folder
  276.  
  277. - test the game with the modified archive
  278.  
  279. I repeat that you can use the GUI for the reimporting procedure, just
  280. click on "reimport.bat" found in the quickbms package (it contains the
  281. command quickbms.exe -G -w -r).
  282.  
  283. -----------------------------------------------------------------------
  284.  
  285. Another example:
  286. - first use QuickBMS normally:
  287. archive.pak -> file1.txt
  288. -> file2.dat
  289. -> file3.jpg
  290.  
  291. - second step:
  292. - delete file1.txt and file2.dat
  293. - modify file3.jpg, for example adding a "smile" in it
  294. - save file3.jpg and be sure that it's size is SMALLER or EQUAL than
  295. the original
  296.  
  297. - third step, use the "reimport" shortcut provided in quickbms:
  298. archive.pak <- file1.txt (doesn't exist so it's not reimported)
  299. <- file2.dat (doesn't exist so it's not reimported)
  300. <- file3.jpg (successfully reimported)
  301.  
  302. -----------------------------------------------------------------------
  303.  
  304. Now some important notes about this particular reimporting process:
  305. - you CANNOT increase the size of the files you want to reimport, so
  306. the new files must be minor or equal than the originals
  307. - if the script uses zlib (like comtype zlib or no comtype at all) or
  308. deflate then QuickBMS will automatically use the kzip method which
  309. uses an external executable (kzip.exe) and requires more time and
  310. resources... I enabled this method only because often many users
  311. complain about the size of recompressed files which is too big
  312. - for the maximum compatibility within the thousands of available file
  313. formats I decided to not use tricks for modifying the original
  314. size and compressed_size values (think to those formats that use
  315. encrypted information tables or the scripts that use MEMORY_FILEs
  316. for such tables or that use things like "math SIZE *= 0x800")
  317. - the script is just the same for both the extraction and the
  318. reimporthing steps which means that many of the scripts written by me
  319. and the other users already work, cool!
  320. - the reimporting of compressed files is perfectly possible because
  321. the tool automatically switches to the relative compression algorithm
  322. if available (for example zlib->zlib_compress)
  323. - if the original archive uses complex encryptions that require the
  324. usage of MEMORY_FILEs to perform temporary decryptions then it's NOT
  325. supported and the same is valid for chunked content (like the usage
  326. of the command Append)
  327. - FileXor, FileRot, Encryption and Filecrypt should work correctly
  328. - things like CRCs and hashes can't be supported
  329. - it's possible to reimport also the nameless files (log "" OFFSET SIZE)
  330. the tool will automatically check for files with the same number
  331. so if the file was saved as 00000014.xml it will be reimported
  332. perfectly
  333.  
  334.  
  335. #######################################################################
  336.  
  337. ===============================================
  338. 4) How to create scripts (for developers only!)
  339. ===============================================
  340.  
  341.  
  342. Originally the tool was created for myself for making me able to write
  343. quick extractors for simple archives immediately without writing a line
  344. of C but it revealed to be a so powerful tool that now I use it really
  345. for everything included the parsing of some protocols and much more.
  346.  
  347. So, how to write these scripts?
  348. Well I guess that giving a look at http://wiki.xentax.com/index.php/BMS
  349. is a good first step to understand at least the basis of this language
  350. originally written by Mike Zuurman (alias Mr.Mouse of XeNTaX) in the
  351. far 1997.
  352. Then it's good to take a look at the various examples provided on
  353. http://quickbms.aluigi.org and http://forum.xentax.com/viewforum.php?f=10
  354. and obviously to the following list of available commands and their
  355. description.
  356.  
  357. A programming knowledge and background is not required but it's very
  358. useful for entering in the "logic" of the scripts, while it's required
  359. the full knowledge of the format to implement: reversing is ever useful
  360. for figuring the needed fields.
  361.  
  362. Luckily in the extraction process is not needed to know all the fields
  363. of an archive so a field like a CRC just doesn't matter while the
  364. important fields are ever the filename, the offset and the size of the
  365. files to extract.
  366. You can notice all these useless fields in my scripts because I assign
  367. them the name DUMMY.
  368.  
  369. Note that I will try to keep the following documentation updated as
  370. much as I can, in any case refer also to the source code of quickbms.c
  371. for any other technical doubt or possible additions or particular
  372. behaviour of the tool in particular circumstances.
  373. The fields between [] are optionals.
  374.  
  375. ---
  376.  
  377. A quick list of available commands is available also when QuickBMS is
  378. launched with the -c option, and REMEMBER to read the notes specified
  379. there like the fact that:
  380.  
  381. - everything is considered a variable except if it starts with a number
  382. in which case it's considered a numeric constant so when in this
  383. text I talk about VAR, STRING and other types of data I refer EVER to
  384. both variables and constants because they are EXACTLY the SAME thing
  385.  
  386. - all the commands and the names of the variables are case INsensitive
  387. so "get OFFSET long" is the same as "GeT oFfSeT lOnG"
  388.  
  389. - everything works with signed 32 bit numbers (-2147483648 to
  390. 2147483647) so QuickBMS at the moment could not work well with files
  391. over 2 gigabytes but it can seek on files of 4 gigabytes
  392. so consider the following limits:
  393. - max 4gb for archives
  394. - max 2gb for the contained files
  395. you can try quickbms_4gb_files.exe for working with bigger archives
  396.  
  397. - the so called constant strings (depends by the context of the command)
  398. are handled as strings in C notation like "\x12\x34\\hello\"bye\0"
  399. and so on, in this case you must know a bit how this representation
  400. works.
  401. the keyword is "C language escape characters" or escape sequences,
  402. they are very simple, take a look here:
  403. http://msdn.microsoft.com/en-us/library/h21280bw%28VS.80%29.aspx
  404. http://www.acm.uiuc.edu/webmonkeys/book/c_guide/1.1.html
  405. ONLY some commands support this C string notation for the escape
  406. characters, a quick way to find them is searching the keyword
  407. "(cstring)" without quotes in this document
  408.  
  409. - also hexadecimal numbers are supported if they start with 0x so
  410. 1234 and 0x4d2 are the same thing
  411.  
  412. - any operation made on fields bigger than 8 bits is controlled by the
  413. global endianess, which means that any number and unicode field is
  414. read in little endian by default otherwise it's valid the endianess
  415. specified with the Endian command
  416.  
  417. - comments can be used in C (// and /* */) and BMS syntax (#)
  418.  
  419.  
  420. File numbers:
  421. every file opened in QuickBMS has a number assigned to it and in all
  422. the commands that access to files this number is 0 (main file) if not
  423. specified.
  424. the first opened file is the input archive to which is assigned the
  425. number 0 (zero), the others must be opened with the Open command
  426.  
  427. MEMORY_FILEs:
  428. this is a particular type of temporary file which resides in memory
  429. and works exactly like a normal file.
  430. it's extremely useful for doing tons of things and are supported
  431. various memory files: MEMORY_FILE, MEMORY_FILE2, MEMORY_FILE3 and so
  432. on.
  433. MEMORY_FILE and MEMORY_FILE1 are the same.
  434.  
  435. TEMPORARY_FILE:
  436. exists also another type of file called TEMPORARY_FILE which instead
  437. resides phisically on the hard-disk with that exact name.
  438. although its "temporary" name it's not deleted by the output folder
  439. (anyway at the end of the process QuickBMS will ask if the user wants
  440. to remove it or not) and is created even when it's used the -l option
  441. for listing the files which makes it ideal in certains situations
  442. like when it's used a chunks based file system.
  443. .
  444. indeed in this case using a MEMORY_FILE is a bad idea because the
  445. continuous reallocation of the memory makes it terribly slow except
  446. if you have pre-allocated the space of the MEMORY_FILE with the
  447. PutVarChr command but in that case remains the problem of using too
  448. much memory.
  449. .
  450. for using the temporary file remember to use it like in the following
  451. example:
  452. log TEMPORARY_FILE 0 0 # reset it in case it already exists (optional)
  453. append # enables the append mode
  454. ...
  455. log TEMPORARY_FILE OFFSET SIZE
  456. ...
  457. append # disable the append mode
  458. open "." TEMPORARY_FILE 1 # open the temporary file on the file number 1
  459.  
  460.  
  461. Types of variables supported, also know as datatypes or types:
  462. STRING null delimited string (one byte for each char)
  463. BYTE 8 bit, 0 to 0xff
  464. SHORT 16 bit (aka INT), 0 to 0xffff
  465. THREEBYTE 24 bit, 0 to 0xffffff
  466. LONG 32 bit, 0 to 0xffffffff
  467. LONGLONG fake 64 bit, so only 0 to 0xffffffff but takes 8 bytes in Get
  468. FLOAT 32 bit, 123.345 is got as 123
  469. DOUBLE 64 bit, 123.345 is got as 123
  470. LONGDOUBLE 96 bit, 123.345 is got as 123
  471. VARIABLE read byte per byte till the byte is negative
  472. VARIABLE2 Unreal engine index numbers
  473. VARIABLE3 used in various software
  474. VARIABLE4 used in Battlefield 3 (Frostbite engine)
  475. VARIANT VB/C++ variant type (http://en.wikipedia.org/wiki/Variant_type)
  476. TIME time_t Unix 32bit time
  477. TIME64 64bit time used as FILETIME on Windows
  478. CLSID ClassID like 00000000-0000-0001-0000-000000000000
  479. IPV4 7f 00 00 01 = "127.0.0.1"
  480. IPV6 like 2001:0db8:85a3:0000:0000:8a2e:0370:7334
  481. ASM x86 assembly
  482. ASIZE special type used to return the size of the opened file,
  483. used only with the GET command
  484. FILENAME special type used to return the name of the opened file
  485. like "myfile.zip", used only with the GET command
  486. BASENAME special type used to return the base name of the opened
  487. file like "myfile", used only with the GET command
  488. EXTENSION special type used to return the extension of the opened
  489. file like "zip", used only with the GET command
  490. UNICODE special type used for unicode utf16 strings, the
  491. endianess of the utf16 is the same used globally in the
  492. script (watch the Endian command), it's used also for
  493. converting an unicode string to an ascii one:
  494. Set ASCII_STRING UNICODE UNICODE_STRING
  495. unicode conversion is performed via Win32 API (CP_UTF8
  496. and CP_ACP in case of 0xfffd chars) while on Linux it
  497. uses iconv, fallback on mbtowc and byte=short
  498. BINARY special type used for binary strings in C notation like
  499. "\xff\x00\x12\x34", used mainly as a constant (cstring)
  500. COMPRESSED a special type used for setting big strings and memory
  501. files using a small amount of text, for using this type
  502. you must take the original text/file, compress it with
  503. zlib (you can use my packzip tool) and then encoding the
  504. outputfile with base64 (you can use my bde64 tool) and
  505. placing the result like the following:
  506. set MEMORY_FILE compressed eNrtwbEJACAMBMBecIfvnMUxPuEJAe0UHN81LLzrbYKwDOjI96IN1cLveRfAGqYu
  507. this type is very useful if you want to embed a dll inside
  508. a script without wasting much space
  509. LINE special type used for carriage return/line feed delimited
  510. string (so any string ending with a 0x00, 0x0a or 0x0d)
  511. FULLNAME full path of the file, in reality at the moment it returns
  512. the same path used in the input filename
  513. CURRENT_FOLDER
  514. the path from which has been launched QuickBMS
  515. FILE_FOLDER the path of the loaded input file
  516. BMS_FOLDER the folder where is located the bms script
  517. OUTPUT_FOLDER
  518. the extraction folder (the last argument of QuickBMS)
  519. INPUT_FOLDER
  520. same as above
  521. ALLOC a type used only in the Set command for a particular thing
  522. SIGNED_BYTE
  523. SIGNED_SHORT
  524. SIGNED_THREEBYTE
  525. SIGNED_LONG
  526. UNKNOWN use this to ask the user to insert the content of the variable
  527.  
  528. QuickBMS supports also the experimental multidimensional arrays inside
  529. the variables, example:
  530.  
  531. for i = 0 < 10
  532. get VAR[i] long
  533. for j = 0 < 5
  534. get VAR2[i][j] long
  535. next j
  536. next i
  537.  
  538. But it's possible to access that variable ONLY by specifying the
  539. original name and index, so:
  540.  
  541. print "%VAR[0]%" # fail!
  542.  
  543. math i = 0
  544. print "%VAR[i]%" # ok
  545.  
  546. And now the list of commands in the same order in which they are listed
  547. in the QuickBMS source code in the function parse_bms():
  548.  
  549. .......................................................................
  550. QuickBMSver VERSION
  551. checks if the current version of QuickBMS is enough recent to
  552. support the script... used rarely, mainly for scripts created after
  553. I added or fixed a functionality of the tool.
  554.  
  555. arguments:
  556. VERSION oldest version of QuickBMS for which was created the script.
  557. it's also possible to add some options that are suggested
  558. by the script to the user who must enable them at runtime
  559. if he desires, -9 is the only one supported at the moment
  560.  
  561. examples:
  562. QuickBMSver 0.2.4
  563. QuickBMSver "0.5.14 -9"
  564.  
  565. .......................................................................
  566. Clog NAME OFFSET ZSIZE SIZE [FILENUM]
  567. Extracts the file decompressing it in real-time, this operation
  568. doesn't affect the current position of the input file.
  569. The decompression algorithm used in the operation is decided by the
  570. ComType command.
  571. The content of the extracted file can be decrypted automatically
  572. using the Encryption command.
  573.  
  574. arguments:
  575. NAME name of the output file
  576. OFFSET position of the archive where is located the file
  577. ZSIZE size of the compressed data in the archive
  578. SIZE size of the uncompressed file
  579. FILENUM number of the file associated to the archive (0)
  580.  
  581. examples:
  582. Clog NAME OFFSET ZSIZE SIZE
  583. Clog "dump.dat" 0 ZSIZE 10000000 # the file will have the real size and not 10000000
  584.  
  585. .......................................................................
  586. FindLoc VAR TYPE STRING [FILENUM] [ERR_VALUE]
  587. It finds the first occurrency of a given string or number from the
  588. current offset of the archive.
  589. It's used in those cases when the format of the archive is not known
  590. or it's a particular text file.
  591.  
  592. arguments:
  593. VAR the variable which will receive the offset of the occurrency
  594. TYPE can be STRING, UNICODE or a number
  595. STRING string in C notation or number, depending by the TYPE
  596. (cstring)
  597. FILENUM number of the file associated to the archive (0)
  598. ERR_VALUE by default FindLoc terminates the script if no string
  599. is found but if ERR_VALUE is specified this value will
  600. be assigned to VAR without terminating when there are no
  601. other occurrencies
  602.  
  603. examples:
  604. For
  605. FindLoc OFFSET string "filename="
  606. ...
  607. FindLoc OFFSET string "filename=" 0 ""
  608. if OFFSET == ""
  609. cleanexit
  610. endif
  611. Next
  612.  
  613. .......................................................................
  614. For [VAR] [OP] [VALUE] [COND] [VAR]
  615. ...
  616. Next [VAR]
  617. A classical "for" loop with initializers, conditions and
  618. incrementers.
  619. There is also the Break instruction available to break the loop at
  620. any moment but note that it's not suggested in presence of multiple
  621. For because in some rare cases it may give problems).
  622. Next is the command which delimits the loop and at the same time
  623. increments the given variable if specified.
  624. It's also possible to use a math operation in Next.
  625. Practically it means:
  626. - give VALUE to VAR (or performs a mathematical operation on it)
  627. - perform a loop till the two VARs match the "condition"
  628. - perform all the operations between For and Next
  629. - increment VAR or perform another operation
  630. all the parameters are optionals.
  631.  
  632. arguments:
  633. VAR variable to which assign a value
  634. OP any of the available Math operators
  635. VALUE value to assign to the variable or part of the math operation
  636. COND condition, the same of the IF command
  637. VAR second part of the condition
  638.  
  639. examples:
  640. For i = 0 < FILES
  641. ...
  642. next i
  643. For
  644. # do what you want here, this is an endless loop
  645. Next
  646. For VAR1 = VAR1 != VAR2
  647. # this is exactly the same of using while(VAR1 != VAR2) {...} in C
  648. Next VAR2 /= 3
  649.  
  650. .......................................................................
  651. Get VAR TYPE [FILENUM]
  652. It reads strings and numbers from the open files, it's also the most
  653. used command.
  654.  
  655. arguments:
  656. VAR variable which will receive the read data
  657. TYPE watch the description of the types explained before
  658. FILENUM number of the file associated to the archive (0)
  659.  
  660. examples:
  661. Get OFFSET long
  662. Get NAME string
  663.  
  664. .......................................................................
  665. GetDString VAR LENGTH [FILENUM]
  666. It reads a defined amount of data from the file and stores it in the
  667. given variable.
  668. It's useful with filenames and other strings that have a length
  669. specified in a previous 8, 16 or 32 bit field.
  670.  
  671. arguments:
  672. VAR variable which will receive the read data
  673. LENGTH amount of bytes to read, there is also an experimental
  674. method LENGTH*NUM, for example:
  675. getdstring ARRAY NUMBERS*4
  676. FILENUM number of the file associated to the archive (0)
  677.  
  678. examples:
  679. GetDString NAME NAME_LENGTH
  680. GetDString NAME 0x100
  681.  
  682. .......................................................................
  683. GoTo OFFSET [FILENUM] [TYPE]
  684. It changes the current position in the file, just like fseek()
  685.  
  686. arguments:
  687. OFFSET position to reach, if it's negative it will be considered
  688. an "OFFSET bytes from the end of the file" position.
  689. only the constants can be negative with GoTo while all
  690. the variables will be handled as unsigned (0 to
  691. 0xffffffff)
  692. FILENUM number of the file associated to the archive (0)
  693. TYPE SEEK_SET (default), SEEK_CUR, SEEK_END
  694.  
  695. examples:
  696. GoTo OFFSET
  697. GoTo 0x100
  698. GoTo -4 # 4 bytes before the end of the file
  699.  
  700. .......................................................................
  701. IDString [FILENUM] STRING
  702. It terminates the program if the signature at the current position
  703. of the file differs than the provided string.
  704. If the string doesn't match and it's 4 bytes long QuickBMS will
  705. automatically swap it and perform the compare again, if this time
  706. it matches then the endianess will be changed making the majority
  707. of the scripts written for an architecture (for example PC)
  708. virtually compatible with others (for example Xbox360).
  709. Pay attention to the FILENUM/VAR order different than other commands
  710. (it's the original BMS syntax), anyway QuickBMS will try to fix the
  711. order in case you invert them.
  712.  
  713. arguments
  714. FILENUM number of the file associated to the archive (0)
  715. STRING string in C notation (cstring)
  716.  
  717. examples:
  718. IDString "PK\x03\x04"
  719. IDString " KAP"
  720.  
  721. .......................................................................
  722. Log NAME OFFSET SIZE [FILENUM]
  723. It extracts the file, this operation doesn't affect the current
  724. position of the input file.
  725. The content of the extracted file can be decrypted automatically
  726. using the Encryption command.
  727.  
  728. arguments:
  729. NAME name of the output file
  730. OFFSET position in the archive where is located the file
  731. SIZE amount of the data to extract
  732. FILENUM number of the file associated to the archive (0)
  733.  
  734. examples:
  735. Log NAME OFFSET SIZE
  736. Log "dump.dat" 0 SIZE
  737.  
  738. .......................................................................
  739. Math VAR OP VAR
  740. Mathematical operation between the two variables with the result
  741. placed in the first one.
  742. Note that for compatibility all the operations are performed using
  743. signed 32 bit numbers by default.
  744. This makes the difference with some operation like the shift ones,
  745. so pay attention!
  746. For unsigned operations add an 'u' before OP.
  747.  
  748. arguments
  749. VAR variable which acts as input and output
  750. OP + sum
  751. * multiplication
  752. / division
  753. - substraction
  754. ^ xor
  755. & and
  756. | or
  757. % modulus
  758. ! negation of var2 (0 becomes 1 and any other value becomes 0)
  759. ~ complement of var2 (like "xor 0xffffffff")
  760. < shift left
  761. > shift right
  762. l rotate left (also <<<)
  763. r rotate right (also >>>)
  764. s byte swapping
  765. w bit swapping
  766. = assign var2 to var1
  767. n negative value of var2 (so -var2)
  768. a absolute value of var2
  769. v radix (also //)
  770. p power (also **)
  771. x alignment, examples:
  772. var1=1, var2=16, result=16
  773. var1=16, var2=16, result=16
  774. var1=17, var2=16, result=32
  775. z common bitswapping (also <>):
  776. var1=0xab, var2=4, result=0xba
  777. var1=0xabcd, var2=4, result=0xdc
  778. var1=0xabcd, var2=8, result=0xcdab
  779. add a 'u' before or after OP for forcing the usage of unsigned
  780. operations useful with shift, divisions and possibly other
  781. operations
  782. any operation starting with a '?' will be considered a
  783. verbose operation, for example ?add is the same of +
  784. QuickBMS supports also all the functions available in
  785. math.h like ?sin, ?cos, ?atan and so on
  786. VAR other input variable
  787.  
  788. examples:
  789. Math SIZE *= 0x100
  790. Math OFFSET <<= 2
  791. Math OFFSET u<<= 2
  792. Math TMP = SIZE
  793. Math TMP ~ TMP
  794. Math TMP n TMP
  795. Math TMP2 a TMP
  796. Math SIZE u/ 5
  797. Math RADIX v= 2
  798.  
  799. .......................................................................
  800. XMath VAR INSTR
  801. Multiple mathematical operations in one line, just a way to avoid
  802. the limitations of the original Math command.
  803. Currently this command is just an experiment and supports only the
  804. most simple operators named with a non-alphanumeric character and
  805. applied to unsigned numbers:
  806. ~ ! < > & ^ | * / % - +
  807. <<< shift left
  808. >>> shift right
  809. ** power
  810. // root
  811. && alignment
  812. <> common bit swapping
  813. %% percentage ("VAR %% 15" will return the 15% of VAR)
  814.  
  815. arguments
  816. VAR variable which acts as output
  817. INSTR the full instruction
  818.  
  819. examples:
  820. XMath VAR "1 + 2 - ((3 + 4) + VAR2)"
  821.  
  822. .......................................................................
  823. Open FOLDER NAME [FILENUM] [EXISTS]
  824. It opens a file for reading, practically it assigns a file number/id
  825. to an existent file that you want to use
  826.  
  827. arguments:
  828. FOLDER FDDE, means that you want to open the file in the same
  829. location of the input one which has the extension
  830. provided with NAME
  831. FDSE, it will consider NAME as a file located in the
  832. same folder of the input file (very useful)
  833. any other value is considered the folder where is located
  834. the file to load so use "." for the current output
  835. folder
  836. NAME read above, NAME can be also a ? in which case QuickBMS
  837. will ask the user to insert the name of the file to open
  838. manually
  839. if NAME is "" then will be performed a flush operation
  840. that could be useful (or not?) only in write mode
  841. FILENUM number of the file associated to the archive (0)
  842. EXISTS if the file doesn't exist this variable will be set to
  843. 0 otherwise 1 (exists). by default QuickBMS terminates
  844. with an error if the file doesn't exist.
  845.  
  846. examples:
  847. Open FDDE DAT 0
  848. Open FDDE IDX 1
  849. Open FDSE "myfile.zip"
  850. Open "." TEMPORARY_FILE 1
  851.  
  852. .......................................................................
  853. SavePos VAR [FILENUM]
  854. Current position of the file, like ftell().
  855.  
  856. arguments:
  857. VAR variable which will contain the offset
  858. FILENUM number of the file associated to the archive (0)
  859.  
  860. examples:
  861. SavePos OFFSET
  862.  
  863. .......................................................................
  864. Set VAR [TYPE] VAR
  865. Command for assigning a constant or a variable to another variable
  866. with the possibility of changing its type (like with unicode)
  867.  
  868. arguments:
  869. VAR output variable or memory file
  870. TYPE useless type, indeed it can be also not specified in
  871. which case will be used the String value.
  872. it's useless because in QuickBMS doesn't exist a real
  873. difference between numbers and strings except some
  874. cases (like unicode, filename, basename, extension
  875. and possibly others).
  876. the STRLEN type can be used as alternative at the
  877. Strlen command
  878. other special types are:
  879. - unicode
  880. - binary (cstring)
  881. - alloc: allocates memory
  882. - filename: takes the filename part from a string (myfile.txt)
  883. - basename: takes the basename part from a string (myfile)
  884. - extension: takes the extension part from a string (txt)
  885. VAR variable or constant to assign
  886.  
  887. examples:
  888. Set i long 0
  889. Set TMP long SIZE
  890. Set TMPNAME NAME
  891. Set MEMORY_FILE binary "\x12\x34\x56\x78"
  892. Set ASCII_VAR unicode UNICODE_VAR # from unicode to string
  893. Set VAR ? ? # the user will be prompted to insert his content
  894.  
  895. .......................................................................
  896. Do
  897. ...
  898. While VAR COND VAR
  899. A not so useful type of cycle where it's performed the check of the
  900. condition at the end of the cycle... really rarely used.
  901. If you need a C-like "while(...) {...}" use the For command.
  902.  
  903. arguments:
  904. VAR first part of the condition
  905. COND condition, check the If command below for additional info
  906. VAR second part of the condition
  907.  
  908. examples:
  909. Do
  910. ...
  911. While OFFSET < MAX_OFFSET
  912.  
  913. .......................................................................
  914. String VAR OP VAR
  915. The equivalent of the Math command for the strings
  916.  
  917. arguments:
  918. VAR input and output variable
  919. OP = just a copy or if var2 is a number it will consider it
  920. a raw string:
  921. var2="0x44434241", result="ABCD"
  922. + append the second string to the first one
  923. - if the second variable is a positive number the
  924. string will be truncated at that amount of bytes
  925. from the end
  926. if the second variable is a negative number the
  927. string will be truncated at that amount of bytes
  928. from the beginning
  929. otherwise will be removed all the occurrencies of
  930. the second string in the variable
  931. ^ xoring of the string with the second one (looped if shorter)
  932. < like strrchr/strrstr but returns the part before it
  933. var1="thisisastring", var2="4", result="isastring"
  934. % truncate the variable at the position obtained by
  935. the modulus of its length and the number in the second
  936. variable
  937. & strchr/strstr
  938. var1="thisisastring", var2="isa", result="isastring"
  939. | strchr/strstr + var2 length
  940. var1="thisisastring", var2="isa", result="string"
  941. $ strrchr/strrstr
  942. ! strrchr/strrstr + var2 length
  943. > if the second variable is a number:
  944. var1="thisisastring", var2="4", result="thisisast"
  945. otherwise:
  946. var1="thisisastring", var2="isa", result="this"
  947. r reversed string
  948. b byte2hex of var2: var2="abc", result="616263"
  949. B as above but uses the var2 as a null delimited string (strlen)
  950. h hex2byte of var2: var2="616263", result="abc"
  951. e experimental encryption based on the Encryption command
  952. E as above but uses the var2 as a null delimited string (strlen)
  953. c experimental compression based on the ComType command
  954. C as above but uses the var2 as a null delimited string (strlen)
  955. u toupper: var2="hello", result="HELLO"
  956. l tolower: var2="HELLO", result="hello"
  957. R replace chars
  958. p a printf-like experimental work-around
  959. the format for float (f) and double (g) works only
  960. for one element, so:
  961. get VAR_LONG long
  962. String TMP p= "%10.10f" VAR_LONG # no VAR2 or VAR3
  963. print "%TMP%"
  964. s a sscanf-like experimental work-around
  965. S string ELEMENTS S= "string1 \"string 2\" 'string3'" VAR1 VAR2 VAR3
  966. x convert a C string (cstring)
  967. VAR the second variable or string
  968.  
  969. note:
  970. you can use also some keywords like strstr instead of & or printf
  971. instead of p and so on
  972.  
  973. examples:
  974. string FULLPATH += NAME
  975. string FULLPATH += \
  976. string NAME -= ".zip"
  977. string NAME -= 4
  978. string PATH R= "." "/"
  979. string FULLPATH p= "c:\folder\%04x%04x.dat" VAR1 VAR2 # VAR1/2 are the input
  980. string FULLPATH s= "c:\folder\%04x%04x.dat" VAR1 VAR2 # VAR1/2 are the output
  981.  
  982. .......................................................................
  983. CleanExit
  984. terminates the script, it's possible also to use just Exit
  985.  
  986. .......................................................................
  987. If VAR COND VAR [...]
  988. ...
  989. [Elif VAR COND VAR]
  990. ...
  991. [Else]
  992. ...
  993. EndIf
  994. It checks various conditions and performes the needed operation
  995. when the condition is verified, in short:
  996. - If is ever the first condition
  997. - Elif is another condition and can be used endless times
  998. - Else is the operation to do when no conditions are met, the last
  999. - EndIf delimits the If command
  1000. It's also possible to use multiple conditions like:
  1001. if VAR1 < VAR2 && VAR3 > VAR4
  1002. elif VAR1 != 0 || VAR2 != 0
  1003.  
  1004. arguments:
  1005. VAR first part of the condition
  1006. COND valid for both strings and numbers:
  1007. < minor
  1008. > major
  1009. != different
  1010. == equal
  1011. >= major/equal
  1012. <= minor/equal
  1013. & string: var2 is included in var1 (strstr)
  1014. number: logical AND
  1015. ^ string: equal
  1016. number: logical XOR
  1017. | number: logical OR
  1018. % number: modulus
  1019. / number: division
  1020. << number: shift left
  1021. >> number: shift right
  1022. ! number: negation
  1023. !! number: true, use it to know if VAR is non-zero
  1024. ~ number: complement
  1025. strncmp if "mystring" strncmp "myst"
  1026. ext compares the string after the last dot
  1027. basename compares the string before the last dot
  1028. any other operation supported by the Math command (valid
  1029. only for the numeric variables)
  1030. add a 'u' before COND for forcing the usage of unsigned
  1031. operations useful with shift, divisions and possibly other
  1032. operations, if the variables are strings then it will
  1033. perform an case sensitive comparison instead of the default
  1034. insensitive one
  1035. VAR second part of the condition
  1036.  
  1037. Examples:
  1038. If NAME != ""
  1039. ...
  1040. Endif
  1041. If MASK & 1
  1042. Elif MASK & 2
  1043. Elif MASK & 4
  1044. Elif MASK & 8
  1045. Else
  1046. Endif
  1047.  
  1048. .......................................................................
  1049. GetCT VAR TYPE CHAR [FILENUM]
  1050. It reads a string till the reaching of the CHAR delimiter.
  1051.  
  1052. arguments
  1053. VAR output variable
  1054. TYPE only unicode is the alternative type, any other value
  1055. is just ignored because doesn't matter for this
  1056. operation
  1057. CHAR the delimiter character as 8bit number
  1058. FILENUM number of the file associated to the archive (0)
  1059.  
  1060. examples:
  1061. GetCT NAME string 0x0a
  1062. GetCT NAME string 0x3b
  1063. set DELIMITER_BYTE long 0x0a
  1064. GetCT NAME string DELIMITER_BYTE
  1065. GetCT NAME unicode 0x0a
  1066.  
  1067. .......................................................................
  1068. ComType ALGO [DICT]
  1069. It selects the specified compression algorithm to use with the Clog
  1070. command.
  1071. It's also possible to choose a number as ALGO for the idea
  1072. about a scanner for being able to guess the possible compression
  1073. algorithm in an unknown compressed data block:
  1074. http://aluigi.org/papers/bms/comtype_scan2.bat
  1075. http://aluigi.org/papers/bms/comtype_scan2.bms
  1076. comtype_scan2.bat comtype_scan2.bms input_file output_folder
  1077. comtype_scan2.bat comtype_scan2.bms input_file output_folder uncompressed_size
  1078. Obviously this feature is only for advanced people who knows exactly
  1079. what they are doing... and works really perfectly.
  1080. Note that some algorithms may work only on Windows
  1081.  
  1082. arguments:
  1083. ALGO copy, simple copy that could be useful in some rare cases with
  1084. data encrypted with block ciphers like AES and blowfish so
  1085. use comtype copy and encryption
  1086. zlib, RFC 1590 (aka windowbit 15, the data starts with a 'x')
  1087. DICT supported
  1088. deflate, RFC 1591 (aka windowbit -15) used for example in the ZIP files
  1089. DICT supported
  1090. lzo1a till lzo2a, LZO (remember that the most used is lzo1x)
  1091. DICT supported
  1092. lzss, with default configuration (dictionary of 4096 bytes)
  1093. this particular algorithm can be fully configured setting the
  1094. EI, EJ and P fields plus another number rarely used.
  1095. for setting them it's enough to use a DICT equal to something
  1096. like "12 4 2" which means EI:12 (N:4096), EJ:4 (F:18), P:2
  1097. lzx, used by the old (aka jurassic) unlzx tool and on Amiga
  1098. gzip, automatic handling of the gzip data
  1099. remember that in this case the uncompressed size is
  1100. ignored and calculated automatically so in CLog use
  1101. ZSIZE ZSIZE
  1102. pkware, the algorithm also known as blast/explode/implode/DCL
  1103. lzma, 5 bytes + lzma (in some cases you may need to use ZSIZE + 5)
  1104. lzma86head, 5 bytes + 8 bytes (size) + lzma
  1105. lzma86dec, 1 byte + 5 bytes + lzma (in some cases you may need to use ZSIZE + 5)
  1106. lzma86dechead, 1 byte + 5 bytes + 8 bytes (size) + lzma
  1107. lzmaefs, the format implemented in ZIP
  1108. bzip2
  1109. XMemDecompress, Xbox 360 LZX algorithm of xcompress.lib
  1110. use DICT to specify a custom WindowSize and CompressionPartitionSize
  1111. like "131072 524288"
  1112. hex, from "01234567" to 4 bytes: 0x01 0x23 0x45 0x67
  1113. base64, from "aGVsbG8=" to "hello", supports also the Gamespy
  1114. and URL chars
  1115. uudecode
  1116. ascii85
  1117. yenc
  1118. COM_LZW_Decompress, used in Vietcong
  1119. milestone_lzw, the lzw algorithm used in the Milestone games
  1120. lzxcab, the lzx algorithm used in the handling of the cab files (libmspack 21 0)
  1121. lzxchm, the lzx algorithm used in the handling of the chm files (libmspack 16 2)
  1122. rlew, 16 bit RLE algorithm used in AIM Racing
  1123. lzjb, a compression used in a file system for *nix
  1124. sfl_block, expand_block from iMatix Standard Function Library
  1125. sfl_rle, expand_rle from iMatix Standard Function Library
  1126. sfl_nulls, expand_nulls from iMatix Standard Function Library
  1127. sfl_bits, expand_bits from iMatix Standard Function Library
  1128. lzma2, 1 bytes + lzma2
  1129. lzma2_86head, 1 bytes + 8 bytes (size) + lzma2
  1130. lzma2_86dec, 1 byte + 1 bytes + lzma2
  1131. lzma2_86dechead, 1 byte + 1 bytes + 8 bytes (size) + lzma2
  1132. nrv2b, UCL
  1133. nrv2d, UCL
  1134. nrv2e, UCL
  1135. huffboh, an unrecognized compression used in the Asura engine
  1136. uncompress, the lzw algorithm used in the compress utility
  1137. (the lzw data starts from offset 3 of the .Z files)
  1138. dmc, Dynamic Markov Compression (DMC)
  1139. lzhuf, aka LZH/LHA
  1140. lzari
  1141. rle7
  1142. rle0
  1143. rle
  1144. rlea, another generic rle decompressor
  1145. use DICT to choose the escape char
  1146. bpe, byte pair encoding
  1147. quicklz
  1148. q3huff, Adaptive Huffman algorithm used in the Quake 3 engine
  1149. unmeng, algorithm used in DreamKiller
  1150. lz2k, algorithm used in various games developed by Traveller's Tales
  1151. darksector, a very basic algorithm used in the game Dark Sector
  1152. mszh, used in the LossLess Codec Library
  1153. un49g, used in the games of 49Games
  1154. unthandor, used in the old game Thandor
  1155. doomhuff, huffman used in doom, hexen, skulltag and other doom ports
  1156. the DICT field can be used to specify a custom HuffFreq table (256 float elements)
  1157. aplib
  1158. tzar_lzss, used in Tzar of HaemimontGames
  1159. DICT must contain the name of the variable with the algorithm
  1160. number to use, example: ComType tzar_lzss MYVAR
  1161. lzf, aka fastlz
  1162. clz77, the lz77 algorithm available on http://compressions.sourceforge.net/about.html
  1163. lzrw1
  1164. dhuff, Huffman Decompression in LDS ("lossless datacompression sources" kit 1.1)
  1165. fin, from LDS
  1166. lzah (not tested)
  1167. lzh12, aka -lh4-
  1168. lzh13, aka -lh5-
  1169. grzip, aka GRZipII
  1170. ckrle, Chilkat RLE
  1171. quad, note that in this version I removed the handling
  1172. of the first 32bit number containing the size of the
  1173. uncompressed data
  1174. balz, note that in this version I removed the handling of
  1175. the first 9 bytes from the files that contains an ID byte and
  1176. a 64bit field containing the size of the uncompressed data
  1177. (the working of this algorithm is not guarantee)
  1178. deflate64
  1179. shrink (not tested)
  1180. z-base-32
  1181. base32hex
  1182. base32crockford
  1183. base32nintendo
  1184. base???, if ALGO starts with "base" then will be taken its
  1185. subsequent number (for example 32 if it's "base32") and
  1186. used for the conversion. the function supports ANY base
  1187. conversion from 2 to 256.
  1188. for bases major than 64 will be used a char table starting
  1189. from byte 0x00 so base128 will have a charset from 0 to 0x7f
  1190. brieflz
  1191. paq6, raw data block
  1192. shcodec
  1193. hstest_hs_unpack (never tested, could be removed in future)
  1194. hstest_unpackc (never tested, could be removed in future)
  1195. sixpack (never tested)
  1196. ashford (never tested, could be removed in future)
  1197. jcalg
  1198. jam
  1199. lzhlib
  1200. srank
  1201. zzip
  1202. scpack
  1203. DICT supported (for the SCPACK_TABLE field)
  1204. rle3
  1205. bpe2
  1206. bcl_huf, Basic Compression Library
  1207. bcl_lz, Basic Compression Library
  1208. bcl_rice, Basic Compression Library
  1209. you must use DICT to specify the format (1 to 8)
  1210. bcl_rle, Basic Compression Library
  1211. bcl_sf, Basic Compression Library
  1212. scz
  1213. szip
  1214. ppmd, ppmd var.i rev.1 with ZIP specifics so 2 bytes of info followed by the compressed data
  1215. ppmdi_raw
  1216. ppmdg (could not work!)
  1217. ppmdg_raw, requires DICT "par1 par2" (could not work!)
  1218. ppmdh (could not work!)
  1219. ppmdh_raw, requires DICT "par1 par2" (could not work!)
  1220. ppmdj (could not work!)
  1221. ppmdj_raw, requires DICT "par1 par2 par3" (could not work!)
  1222. sr3c
  1223. huffmanlib
  1224. sfastpacker, smart+simple mode
  1225. sfastpacker2, smart-mode only
  1226. dk2, used in Dungeon Keeper 2 and other Bullfrog/EA games
  1227. lz77wii, (use input size as output size in clog)
  1228. lz77wii_raw10, tag 0x10 lz77
  1229. darkstone, lz77 compression used in the game DarkStone
  1230. sfl_block_chunked, as sfl_block with automatic handling of
  1231. the chunks if used
  1232. yuke_bpe, used in the PS2 games developed by Yuke
  1233. stalker_lza, used in STALKER, use the output size equal to
  1234. the compressed one (it's handled internally)
  1235. prs_8ing
  1236. puyo_cnx, raw compressed data from offset 0x10
  1237. puyo_cxlz, raw compressed data from offset 0x8
  1238. puyo_lz00, raw compressed data from offset 0x32
  1239. puyo_lz01, raw compressed data from offset 0x10
  1240. puyo_lzss, raw compressed data from offset 0x4
  1241. puyo_onz, raw compressed data from offset 0x4
  1242. puyo_prs
  1243. falcom
  1244. cpk, used by the CRI developers
  1245. bzip2_file, exactly like bzip2 but it automatically calculates
  1246. the output size, so use ZSIZE ZSIZE in clog
  1247. lz77wii_raw11, tag 0x11 lzss
  1248. lz77wii_raw20, tag 0x20 huffman (not supported at the moment)
  1249. lz77wii_raw30, tag 0x30 rle
  1250. lz77wii_raw40
  1251. pglz, postgresql compression (headerless)
  1252. UnPackSLZ
  1253. slz_01, used in tri-ace slz type 1
  1254. slz_02, used in tri-ace slz type 2
  1255. slz_03, used in tri-ace slz type 2
  1256. lzhl
  1257. d3101
  1258. squeeze
  1259. lzrw3
  1260. tdcb_ahuff
  1261. tdcb_arith
  1262. tdcb_arith1
  1263. tdcb_arith1e
  1264. tdcb_arithn
  1265. tdcb_compand
  1266. tdcb_huff
  1267. tdcb_lzss, dict for INDEX_BIT_COUNT, LENGTH_BIT_COUNT, DUMMY9, END_OF_STREAM
  1268. tdcb_lzw12
  1269. tdcb_lzw15v
  1270. tdcb_silence
  1271. rdc
  1272. ilzr
  1273. dmc2
  1274. diffcomp
  1275. lzr
  1276. lzs (aka mppc)
  1277. lzs_big (aka mppc_big)
  1278. mohlzss
  1279. mohrle
  1280. yaz0 (aka szs)
  1281. byte2hex
  1282. un434a
  1283. xxdecode
  1284. pack, the one supported in gzip
  1285. unzip_dynamic (automatic zlib/deflate and output size, cool)
  1286. zlib_noerror, as zlib but doesn't quit in case of errors
  1287. deflate_noerror, as zlib but doesn't quit in case of errors
  1288. ppmdh
  1289. ppmdh_raw
  1290. rnc
  1291. rnc_raw
  1292. pak_explode, alone in the dark
  1293. KENS_Nemesis
  1294. KENS_Kosinski
  1295. KENS_Kosinski_moduled
  1296. KENS_Enigma
  1297. KENS_Saxman
  1298. dragonballz (STPZ/0DCS/0LCS/STPK archives, Spyke developers?)
  1299. NitroSDK (nitroCompLib)
  1300. zdaemon, like doomhuff but different freq table
  1301. skulltag, like doomhuff but different freq table
  1302. msf
  1303. stargunner
  1304. ntcompress
  1305. crle
  1306. ctw
  1307. DACT_DELTA
  1308. DACT_MZLIB2
  1309. DACT_MZLIB
  1310. DACT_RLE
  1311. DACT_SNIBBLE
  1312. DACT_TEXT
  1313. DACT_TEXTRLE
  1314. EXECUTE:
  1315. use DICT to specify the command to execute using #INPUT#
  1316. instead of the input filename and #OUTPUT# for the output
  1317. one and the various variables like you do for the Print
  1318. command, example:
  1319. comtype EXECUTE "ctw.exe d #INPUT# #OUTPUT#"
  1320. comtype EXECUTE "ctw.exe d #INPUT# %NAME%"
  1321. clog "output.dat" 0 ZSIZE ZSIZE # SIZE is not needed
  1322. CALLDLL:
  1323. exactly as above but allows to specify a calldll command
  1324. executed on input ("#INPUT#", "#OUTPUT#" and %VAR%),
  1325. experimental
  1326. lz77_0
  1327. lzbss
  1328. bpaq0
  1329. lzpx, lzpxj
  1330. mar_rle
  1331. gdcm_rle
  1332. dict
  1333. rep
  1334. lzp (it's a preprocessor and not a real compression)
  1335. elias_delta
  1336. elias_gamma
  1337. elias_omega
  1338. packbits
  1339. darksector_nochunks
  1340. enet
  1341. eduke32, lzwuncompress
  1342. xu4_rle
  1343. rvl, lemur int compression
  1344. lzfu, MS RTF
  1345. lzfu_raw
  1346. xu4_lzw
  1347. he3, without the HE3\x0d signature and output size
  1348. iris, Ultima Online algorithms
  1349. iris_huffman
  1350. iris_uo_huffman
  1351. ntfs
  1352. pdb
  1353. COMPRLIB_SPREAD
  1354. COMPRLIB_RLE1
  1355. COMPRLIB_RLE2
  1356. COMPRLIB_RLE3
  1357. COMPRLIB_RLE4
  1358. COMPRLIB_ARITH
  1359. COMPRLIB_SPLAY
  1360. cabextract, it may be the same lzx of mspack
  1361. mrci
  1362. hd2_01
  1363. hd2_08
  1364. hd2_01raw
  1365. rtl_lznt1
  1366. rtl_xpress, looks not supported by XP/7
  1367. rtl_xpress_huff, looks not supported by XP/7
  1368. prs
  1369. sega_lz77
  1370. saint_seya, used for GMI compression
  1371. ntcompress30
  1372. ntcompress40
  1373. yakuza, used by SEGA CS1 team
  1374. lz4 (the algorithm of lz4hc is the same)
  1375. snappy
  1376. lunar_lz1 to lz18
  1377. lunar_rle1 to rle4
  1378. goldensun
  1379. luminousarc
  1380. lzv1
  1381. fastlzah, it should be identical to lzf
  1382. zax
  1383. shrinker
  1384. mmini_huffman
  1385. mmini_lz1
  1386. mmini
  1387. clzw
  1388. lzham
  1389. lpaq8
  1390. sega_lzs2, automatic handling of CM/lzs2 and decompressed size
  1391. wolf
  1392. coreonline
  1393. mszip, "CK" included (from libmspack)
  1394. qtm, (from libmspack)
  1395. mslzss, (from libmspack)
  1396. mslzss1, (from libmspack)
  1397. mslzss2, (from libmspack)
  1398. kwaj, mslzh (from libmspack)
  1399. lzlib
  1400. dflt
  1401. lzma_dynamic, automatic output size
  1402. lzma2_dynamic, automatic output size
  1403. lzma2_efs
  1404. lzxcab_delta
  1405. lzxchm_delta
  1406. ffce
  1407. SCUMMVM1 -> SCUMMVM53 many algorithms used in Scummvm
  1408. lzs_unzip, PSP_Nanoha
  1409. legend_of_mana
  1410. dizzy
  1411. edl1
  1412. edl2
  1413. dungeon_kid
  1414. frontmission2
  1415. rleinc1
  1416. rleinc2
  1417. evolution
  1418. unknown1 -> unknown19
  1419. blackdesert
  1420. blackdesert_raw
  1421. pucrunch
  1422. zpaq
  1423. --------------------------------
  1424. --- recompression algorithms ---
  1425. --------------------------------
  1426. zlib_compress
  1427. deflate_compress
  1428. lzo1_compress
  1429. lzo1x_compress
  1430. lzo2a_compress
  1431. xmemlzx_compress
  1432. bzip2_compress
  1433. gzip_compress
  1434. lzss_compress
  1435. sfl_block_compress
  1436. sfl_rle_compress
  1437. sfl_nulls_compress
  1438. sfl_bits_compress
  1439. lzf_compress
  1440. brieflz_compress
  1441. jcalg_compress
  1442. bcl_huf_compress
  1443. bcl_lz_compress
  1444. bcl_rice_compress
  1445. bcl_rle_compress
  1446. bcl_sf_compress
  1447. szip_compress
  1448. huffmanlib_compress
  1449. lzma_compress
  1450. lzma_86head_compress
  1451. lzma_86dec_compress
  1452. lzma_86dechead_compress
  1453. lzma_efs_compress
  1454. falcom_compress
  1455. kzip_zlib_compress
  1456. kzip_deflate_compress
  1457. prs_compress
  1458. rnc_compress
  1459. lz4_compress
  1460. sfl_block_chunked_compress
  1461. *note:
  1462. you can find the updated list in the COMP_ enumeration
  1463. inside quickbms.c
  1464. DICT an optional C string containing the bytes of the dictionary
  1465. or particular parameters depending by the chosen algorithm
  1466. (cstring)
  1467. Note that DICT is a cstring or a variable if you specify also
  1468. a length:
  1469. comtype algo "\x11\x22\x33" // static binary dictionary
  1470. comtype algo DICT DICT_SIZE // variable dictionary
  1471.  
  1472. .......................................................................
  1473. ReverseLong VAR
  1474. Classical swap that inverts a 32bit variable from 0x44332211 to
  1475. 0x11223344 and viceversa.
  1476.  
  1477. arguments:
  1478. VAR variable to flip
  1479.  
  1480. .......................................................................
  1481. ReverseShort VAR
  1482. Classical swap that inverts a 16bit variable from 0x2211 to 0x1122
  1483. and viceversa.
  1484.  
  1485. arguments:
  1486. VAR variable to flip
  1487.  
  1488. .......................................................................
  1489. ReverseLongLong VAR
  1490. Classical swap that inverts a 32bit variable from 0x8877665544332211
  1491. to 0x1122334455667788 and viceversa.
  1492. this command works only with quickbms_4gb_files.exe
  1493.  
  1494. arguments:
  1495. VAR variable to flip
  1496.  
  1497. .......................................................................
  1498. Endian TYPE
  1499. It changes the current global endianess of the read/written data,
  1500. the default one is little endian.
  1501.  
  1502. arguments:
  1503. TYPE little/intel endianess where 0x11223344 is stored as 44 33 22 11
  1504. big/network endianess where 0x11223344 is stored as 11 22 33 44
  1505. change/invert different endianess, if it was big now will be little
  1506.  
  1507. Examples:
  1508. print "little endian"
  1509. endian big
  1510. print "big endian"
  1511. endian little
  1512. print "little endian"
  1513. endian change
  1514. print "little->big endian"
  1515.  
  1516. .......................................................................
  1517. FileXOR SEQ [OFFSET]
  1518. Any read operation (Get, *Log and so on) on any file will perform
  1519. also the xoring of the read data with the numbers contained in the
  1520. given string or in the given variable.
  1521. The OFFSET field by default is zero which means that if the data
  1522. must be xored with more than one byte (a "xor key") the first byte
  1523. of the xor key is the first byte at OFFSET which is 0 by default
  1524. (beginning of the file).
  1525. Recap: the FileXOR command works with ANY file access
  1526.  
  1527. arguments:
  1528. SEQ sequence of space-separated 8bit numbers, it can be a:
  1529. - sequence of bytes separated by space like 0x12 or
  1530. "0x12 0x34 0x56" or directly a C hex string like
  1531. "\x12\x34\x56"
  1532. - a numeric variable
  1533. - a string that doesn't start with numbers, '\' or '-'
  1534. at the moment it's not possible to use a key in string
  1535. mode (use the Encryption command for doing it) so if you
  1536. have a string convert it to a numeric sequence first.
  1537. set it to 0 or "" for disabling the xor
  1538. OFFSET needed only for the xor key offset.
  1539. if the archive is xored with a xor key from its beginning
  1540. (so first byte of the archive xored with the first one
  1541. of the key) this argument is usually not necessary
  1542. if instead it's the file to extract that is xored, this
  1543. argument must have the same offset of the file (so
  1544. just reuse the same OFFSET used in Log)
  1545.  
  1546. examples:
  1547. filexor 0xff
  1548. filexor "0x12 0x34 123 255"
  1549. filexor MYXORBYTE
  1550. filexor "0x12 0x34 123 255" OFFSET
  1551. filexor "\x12\x34\x7b\xff"
  1552. Log NAME OFFSET SIZE
  1553.  
  1554. .......................................................................
  1555. FileRot SEQ [OFFSET]
  1556. Exactly as for FileXOR but it performs a sum operation.
  1557. For example if SEQ is 0x01 and the file contains "hello" it will
  1558. become "ifmmp" while if SEQ is -1 or 0xff it will become "gdkkn".
  1559. -1 and 0xff are the same because it's a 8 bit number.
  1560. Recap: the FileRot command works with ANY file access
  1561.  
  1562. watch the previous arguments and examples.
  1563.  
  1564. .......................................................................
  1565. FileCrypt SEQ [OFFSET]
  1566. Experimental, it works only if has been already specified and
  1567. enabled the Encryption command and practically applies those
  1568. algorithms to the normal file reading operations.
  1569. Note that at the moment OFFSET is unused and SEQ can be only 1 for
  1570. activating it and "" to disable it.
  1571. Remember that the encryption algorithms usually work on blocks of
  1572. data so this command is probably useless, consider it only a test
  1573. that costed me nothing to implement.
  1574.  
  1575. full example:
  1576. get NAMESZ long
  1577. encryption xor "\x11\x22\x33\x44"
  1578. filecrypt 1
  1579. getdstring NAME NAMESZ
  1580. filecrypt ""
  1581. encryption "" ""
  1582.  
  1583. .......................................................................
  1584. Strlen VAR VAR
  1585. It calculates the length of the second variable (as string) and
  1586. stores it in the first one.
  1587. The length is the amount of bytes till the reaching of a 0 delimiter.
  1588. note that for practical reasons this command can be emulated also
  1589. using "set VAR strlen VAR"
  1590.  
  1591. arguments
  1592. VAR destination variable which will contain the length
  1593. VAR variable of which calculating the length
  1594.  
  1595. examples
  1596. strlen NAME_LENGTH NAME
  1597. strlen NAMESZ NAME
  1598.  
  1599. .......................................................................
  1600. GetVarChr VAR VAR OFFSET [TYPE]
  1601. A particular and sometimes very useful command which works exactly
  1602. like accessing to an array of elements contained in the second
  1603. variable (so a string or a memory file).
  1604. This simple but effective method allows the customization of strings
  1605. and variables for example for creating a custom header (like a DDS)
  1606. and moreover for performing operations on a piece of the memory (like
  1607. a custom encryption algorithm).
  1608. Some real examples are my Deer Hunter 2004/2005 scripts.
  1609.  
  1610. arguments
  1611. VAR destination variable which will contain the read element
  1612. VAR variable or memory file from which you want to get the
  1613. element
  1614. OFFSET position of the second variable where taking the element
  1615. TYPE if not specified it's a BYTE so a 8bit number, you can
  1616. choose any of the available data types and it will go
  1617. in the destination variable
  1618.  
  1619. examples:
  1620. For i = 0 < SIZE
  1621. GetVarChr TMP MEMORY_FILE i
  1622. GetVarChr TMP MEMORY_FILE i long
  1623. # GetVarChr TMP MEMORY_FILE i string
  1624. Next i
  1625.  
  1626. .......................................................................
  1627. PutVarChr VAR OFFSET VAR [TYPE]
  1628. The "write-mode" alternative of the previous command which allows
  1629. to perform various complex operations with custom algorithms (like
  1630. in my Deer Hunter 2004/2005 scripts).
  1631. Note that PutVarChr can be also used as an allocator of memory that
  1632. could be useful for example in the implementation of custom
  1633. decompression algorithms or, moreover, for pre-allocating a
  1634. MEMORY_FILE avoiding to waste time and memory with the incremental
  1635. allocation, remember only to use Log MEMORY_FILE 0 0 after it for
  1636. resetting the position of the MEMORY_FILE.
  1637.  
  1638. arguments
  1639. VAR variable or memory file to which you want to put the
  1640. element
  1641. OFFSET position of the first variable where placing the element,
  1642. it can be also negative in which case it will work from
  1643. the end of the variable (may not work in some conditions)
  1644. VAR source variable which will contain the element to write
  1645. TYPE if not specified it's a BYTE so a 8bit number, you can
  1646. choose any of the available data types and it will go
  1647. in the destination variable
  1648.  
  1649. examples:
  1650. For i = 0 < SIZE
  1651. GetVarChr TMP MEMORY_FILE i
  1652. Math TMP ^= 0xff
  1653. PutVarChr MEMORY_FILE i TMP
  1654. Next i
  1655.  
  1656. .......................................................................
  1657. Debug [MODE]
  1658. Switch command which enables the -v option in real-time for a
  1659. specific portion of the script, used only for debugging.
  1660. if MODE is specified (any positive or negative number) then QuickBMS
  1661. will only display the content of the variables read/written with the
  1662. Get/Put commands... it's really very useful and cool for debugging
  1663. file formats and protocols in an easy way.
  1664.  
  1665. .......................................................................
  1666. Padding VAR [FILENUM]
  1667. When called it performs an automatic GoTo to the next position of
  1668. the file skipping the padded data.
  1669. Imagine to have a file where it's used an alignment of 4 bytes and
  1670. your current file offset is 0x39, if you use Padding 4 the offset
  1671. will be automatically changed to 0x3c.
  1672. The padding is referred to the beginning of the file (offset 0).
  1673.  
  1674. arguments:
  1675. VAR size of the alignment, for example 4 or 16 and so on
  1676. FILENUM number of the file associated to the archive (0)
  1677.  
  1678. examples:
  1679. Get NAME string
  1680. Padding 4
  1681. get OFFSET long
  1682.  
  1683. .......................................................................
  1684. Append
  1685. Switch command which enables the append mode in the *Log commands,
  1686. so if the output filename is still the same it will be not
  1687. overwritten while it will be concatenated.
  1688. Note that the user must ever confirm the appending for security
  1689. reasons.
  1690.  
  1691. Examples:
  1692. append
  1693. Log "dump.dat" 0 0x10
  1694. Log "dump.dat" 0x10 0x100
  1695.  
  1696. The following is a particular example for allocating a MEMORY_FILE
  1697. and using it instead of TEMPORARY_FILE saving space on the disk and
  1698. performances:
  1699. math TMP = CHUNKS
  1700. math TMP *= 0x8000
  1701. log MEMORY_FILE 0 0
  1702. putvarchr MEMORY_FILE TMP 0 # improves the speed with pre-allocation
  1703. log MEMORY_FILE 0 0 # reset the position and size of the file
  1704. append
  1705. for i = 0 < CHUNKS
  1706. ...
  1707. clog MEMORY_FILE OFFSET ZSIZE 0x8000
  1708. next i
  1709. append
  1710. get SIZE asize MEMORY_FILE
  1711.  
  1712. .......................................................................
  1713. Encryption ALGO KEY [IVEC] [MODE] [KEYLEN]
  1714. One of the most interesting commands which allow to set a decryption
  1715. algorithm used for any read operation on the files.
  1716. resuming: the Encryption command works ONLY with Log and CLog.
  1717. QuickBMS supports also the hashing algorithms of OpenSSL, the hash
  1718. will be placed in binary mode in the variable QUICKBMS_HASH and in
  1719. hex mode in QUICKBMS_HEXHASH.
  1720.  
  1721. arguments:
  1722. ALGO aes, Rijndael
  1723. blowfish
  1724. des
  1725. 3des-112
  1726. 3des-168
  1727. rc4
  1728. tea, use IVEC for specifying custom delta, sum, endian (0/1) and cycles
  1729. xtea, use IVEC for specifying custom delta, endian (0/1) and cycles
  1730. xxtea, use IVEC for specifying custom delta, endian (0/1) and cycles
  1731. idea
  1732. swap
  1733. math, exactly like the command plus the size of the numbers: encryption math "^u= 0x11223344 1" 32
  1734. that means this encryption can do tons of operations
  1735. including xor, rot, rotate and so on
  1736. the "1" after the math operation means if we want to respect the size of each element (ignore)
  1737. ivec is the size of each element (8 bits default)
  1738. xmath, key is the operation to perform for each element
  1739. ivec is the size of each element (8 bits default)
  1740. use #INPUT# to indentify the element read from the data: encryption xmath "#INPUT# + 1" 8
  1741. random, pseudo random incrementer (Linear congruential generator) xored with the input
  1742. key contains a number corresponding to the algorithms listed on
  1743. http://en.wikipedia.org/wiki/Linear%5Fcongruential%5Fgenerator#Parameters_in_common_use
  1744. (0 is the first one) plus other algorithms like mersenne and so on.
  1745. the second parameter in the key is the seed.
  1746. ivec is the size of each element (8 bits default).
  1747. encryption random "0 0x12345678" 32
  1748. xor
  1749. rot
  1750. rotate, an 8/16/32/64bit ror
  1751. reverse, flip the file
  1752. incremental,
  1753. encryption "incremental xor" 0 0x01 # 8bit xor incremented by 1 each time
  1754. encryption "incremental rot" 0x100 0x11223344 # 32bit rot starting from 0x100 incremented
  1755. # by 0x11223344 each time
  1756. charset, the substitution algorithm which uses a charset of 256 chars
  1757. charset2, as above but the substituition is inverted (confortable in some rare cases)
  1758. twofish
  1759. cast5
  1760. seed
  1761. serpent
  1762. ice
  1763. icecrypt, ICE algorithm with key implemented as in the homonym
  1764. program, the difference with "ice" is ONLY in the key
  1765. rotor, added as experiment, ivec contains the number of rotors (12)
  1766. ssc, Leverage SSC
  1767. wincrypt, aka cryptdecrypt or cryptencrypt
  1768. use the ivec field for specifying (only those you need, not all):
  1769. - the hashing algorithm (CryptCreateHash, you can find the key here)
  1770. - the encryption algorithm (CryptDeriveKey)
  1771. - the provider type (CryptAcquireContext)
  1772. - Microsoft provider name (like MS_DEF_DH_SCHANNEL_PROV)
  1773. - CryptDeriveKey flags (like CRYPT_CREATE_SALT)
  1774. - CryptDecrypt flags (like CRYPT_OAEP)
  1775. example:
  1776. encryption CryptDecrypt "mykey" "CALG_MD5 CALG_RC4 PROV_RSA_FULL"
  1777. encryption CryptDecrypt "1111" "CALG_MD5 CALG_RC4 PROV_RSA_FULL CRYPT_CREATE_SALT CRYPT_OAEP"
  1778. cryptunprotect, key is used to specify the entropy so the default is ""
  1779. zipcrypto, remember that the first 12 bytes are the encryption header
  1780. set the ivec to 1 for automatically cutting the first 12 bytes
  1781. md_null, from OpenSSL (does nothing)
  1782. md2, from OpenSSL (not available)
  1783. md4, from OpenSSL
  1784. md5, from OpenSSL
  1785. sha, from OpenSSL
  1786. sha1, from OpenSSL
  1787. dss, from OpenSSL
  1788. dss1, from OpenSSL
  1789. ecdsa, from OpenSSL
  1790. sha224, from OpenSSL
  1791. sha256, from OpenSSL
  1792. sha384, from OpenSSL
  1793. sha512, from OpenSSL
  1794. mdc2, from OpenSSL
  1795. ripemd160, from OpenSSL
  1796. whirlpool, from OpenSSL
  1797. enc_null, from OpenSSL (does nothing)
  1798. des_ecb, from OpenSSL
  1799. des_ede, from OpenSSL
  1800. des_ede3, from OpenSSL
  1801. des_ede_ecb, from OpenSSL
  1802. des_ede3_ecb, from OpenSSL
  1803. des_cfb64, from OpenSSL
  1804. des_cfb1, from OpenSSL
  1805. des_cfb8, from OpenSSL
  1806. des_ede_cfb64, from OpenSSL
  1807. des_ede_cfb1, from OpenSSL
  1808. des_ede_cfb8, from OpenSSL
  1809. des_ede3_cfb64, from OpenSSL
  1810. des_ede3_cfb1, from OpenSSL
  1811. des_ede3_cfb8, from OpenSSL
  1812. des_ofb, from OpenSSL
  1813. des_ede_ofb, from OpenSSL
  1814. des_ede3_ofb, from OpenSSL
  1815. des_cbc, from OpenSSL
  1816. des_ede_cbc, from OpenSSL
  1817. des_ede3_cbc, from OpenSSL
  1818. desx_cbc, from OpenSSL
  1819. dev_crypto_des_ede3_cbc, from OpenSSL
  1820. dev_crypto_rc4, from OpenSSL
  1821. dev_crypto_md5, from OpenSSL
  1822. rc4, from OpenSSL
  1823. rc4_40, from OpenSSL
  1824. idea_ecb, from OpenSSL
  1825. idea_cfb64, from OpenSSL
  1826. idea_ofb, from OpenSSL
  1827. idea_cbc, from OpenSSL
  1828. rc2_ecb, from OpenSSL
  1829. rc2_cbc, from OpenSSL
  1830. rc2_40_cbc, from OpenSSL
  1831. rc2_64_cbc, from OpenSSL
  1832. rc2_cfb64, from OpenSSL
  1833. rc2_ofb, from OpenSSL
  1834. bf_ecb, from OpenSSL (bf stands for blowfish)
  1835. bf_cbc, from OpenSSL
  1836. bf_cfb64, from OpenSSL
  1837. bf_ofb, from OpenSSL
  1838. cast5_ecb, from OpenSSL
  1839. cast5_cbc, from OpenSSL
  1840. cast5_cfb64, from OpenSSL
  1841. cast5_ofb, from OpenSSL
  1842. rc5_32_12_16_cbc, from OpenSSL (not available)
  1843. rc5_32_12_16_ecb, from OpenSSL (not available)
  1844. rc5_32_12_16_cfb64, from OpenSSL (not available)
  1845. rc5_32_12_16_ofb, from OpenSSL (not available)
  1846. aes_128_ecb, from OpenSSL
  1847. aes_128_cbc, from OpenSSL
  1848. aes_128_cfb1, from OpenSSL
  1849. aes_128_cfb8, from OpenSSL
  1850. aes_128_cfb128, from OpenSSL
  1851. aes_128_ofb, from OpenSSL
  1852. aes_128_ctr, from OpenSSL
  1853. aes_192_ecb, from OpenSSL
  1854. aes_192_cbc, from OpenSSL
  1855. aes_192_cfb1, from OpenSSL
  1856. aes_192_cfb8, from OpenSSL
  1857. aes_192_cfb128, from OpenSSL
  1858. aes_192_ofb, from OpenSSL
  1859. aes_192_ctr, from OpenSSL
  1860. aes_256_ecb, from OpenSSL
  1861. aes_256_cbc, from OpenSSL
  1862. aes_256_cfb1, from OpenSSL
  1863. aes_256_cfb8, from OpenSSL
  1864. aes_256_cfb128, from OpenSSL
  1865. aes_256_ofb, from OpenSSL
  1866. aes_256_ctr, from OpenSSL
  1867. camellia_128_ecb, from OpenSSL
  1868. camellia_128_cbc, from OpenSSL
  1869. camellia_128_cfb1, from OpenSSL
  1870. camellia_128_cfb8, from OpenSSL
  1871. camellia_128_cfb128, from OpenSSL
  1872. camellia_128_ofb, from OpenSSL
  1873. camellia_192_ecb, from OpenSSL
  1874. camellia_192_cbc, from OpenSSL
  1875. camellia_192_cfb1, from OpenSSL
  1876. camellia_192_cfb8, from OpenSSL
  1877. camellia_192_cfb128, from OpenSSL
  1878. camellia_192_ofb, from OpenSSL
  1879. camellia_256_ecb, from OpenSSL
  1880. camellia_256_cbc, from OpenSSL
  1881. camellia_256_cfb1, from OpenSSL
  1882. camellia_256_cfb8, from OpenSSL
  1883. camellia_256_cfb128, from OpenSSL
  1884. camellia_256_ofb, from OpenSSL
  1885. seed_ecb, from OpenSSL
  1886. seed_cbc, from OpenSSL
  1887. seed_cfb128, from OpenSSL
  1888. seed_ofb, from OpenSSL
  1889. mcrypt blowfish
  1890. mcrypt des
  1891. mcrypt tripledes
  1892. mcrypt threeway
  1893. mcrypt gost
  1894. mcrypt safer-sk64
  1895. mcrypt safer-sk128
  1896. mcrypt cast-128
  1897. mcrypt xtea
  1898. mcrypt rc2
  1899. mcrypt twofish
  1900. mcrypt cast-256
  1901. mcrypt saferplus
  1902. mcrypt loki97
  1903. mcrypt serpent
  1904. mcrypt rijndael-128
  1905. mcrypt rijndael-192
  1906. mcrypt rijndael-256
  1907. mcrypt enigma
  1908. mcrypt arcfour
  1909. mcrypt wake
  1910. 3way
  1911. skipjack
  1912. anubis
  1913. aria
  1914. crypton
  1915. frog
  1916. gost
  1917. lucifer
  1918. mars
  1919. misty1
  1920. noekeon
  1921. seal
  1922. safer
  1923. kirk, used in PSP eboot encryption, use the ivec to specify
  1924. the keys/encryption to use (default is 1, refer to libkirk
  1925. for major information)
  1926. pc1, automatic 128/256 bit selection based on key length
  1927. tomcrypt
  1928. modes: ecb, cfb, ofb, cbc, ctr, lrw, f8, xts
  1929. encryptions: blowfish, rc5, rc6, rc2, saferp, safer_k64,
  1930. safer_k128, safer_sk64, safer_sk128, rijndael, aes,
  1931. rijndael_enc, aes_enc, xtea, twofish, des, des3, cast5,
  1932. noekeon, skipjack, khazad, anubis, kseed, kasumi
  1933. hashing: multi2, chc, whirlpool, sha512, sha384, sha256,
  1934. sha224, sha1, md5, md4, md2, tiger, rmd128, rmd160,
  1935. rmd256, rmd320
  1936. example: Encryption "tomcrypt rijndael ecb" "0123456789abcdef"
  1937. crc, a complete and powerful checksum function that can
  1938. be fully configured in any aspect:
  1939. key is the polynomial (use "" for the default crc32 0x77073096)
  1940. ivec contains the size of the crc (8/16/32), the initial
  1941. value (like -1), the final xor value (-1, the complement),
  1942. the type (various supported), the reverse mode during
  1943. the generation of the table and the bitmask_side (0 or 1 where
  1944. 1 is the most used one).
  1945. default values: 0xedb88320 32 -1 -1 0 0 1
  1946. if you need the classical crc16 (0xc0c1) use:
  1947. encryption crc 0xa001 "16 0 0 0 0 1"
  1948. or just encryption crc "" 16
  1949. the result is placed in the variable QUICKBMS_CRC
  1950. for additional info: http://aluigi.org/papers/bms/quickbms_crc_engine.txt
  1951. EXECUTE:
  1952. use KEY to specify the command to execute using #INPUT#
  1953. instead of the input filename and #OUTPUT# for the output
  1954. one and you can also specify a variable by using the %VAR%
  1955. notation.
  1956. IMPORTANT NOTE: do NOT use encryption execute if the output
  1957. will be bigger than the input, use Clog in that case!
  1958. example: encryption EXECUTE "mycrypt.exe d #INPUT# #OUTPUT#"
  1959. another full example:
  1960. get SIZE asize
  1961. encryption EXECUTE "lame.exe -V 4 #INPUT# #OUTPUT#"
  1962. log "newfile.mp3" 0 SIZE
  1963. encryption EXECUTE "otherprog.exe #INPUT# #OUTPUT# %SIZE%"
  1964. log "newfile2.mp3" 0 SIZE
  1965. CALLDLL:
  1966. exactly as above except that variables don't need to be
  1967. specified by '%' because calldll already handles them
  1968. but don't worry because even if you do the result should
  1969. not change, experimental
  1970. encryption calldll "test.dll myfunction cdecl RET #INPUT# SIZE"
  1971. get SIZE asize
  1972. log "newfile.mp3" 0 SIZE
  1973. "" "", disable the encryption
  1974. note that for the algorithms supported by mcrypt you
  1975. can force their loading by preceeding ALGO with "mcrypt"
  1976. like "mcrypt_enigma" and you can decide also their mode
  1977. like "mcrypt_enigma_ecb" or "mcrypt_enigma_cbc", list:
  1978. cbc, ecb, cfb, ofb and nofb
  1979. KEY the key to use in C notation like "\x11\x22\x33\x44" or
  1980. "this is my key" (cstring)
  1981. this value can be also a variable or a memory file
  1982. set ALGO and KEY to "" for disabling the encryption
  1983. IVEC the ivec to use in C notation (cstring), an ivec is an
  1984. additional key used for increasing the security of
  1985. encryption algorithms that are usually defined as ECB
  1986. without ivec and CBC (and other names) with ivec
  1987. MODE 0 for decryption (default), 1 for forcing the encryption mode
  1988. if no ivec is used remember to place a "" at its place
  1989. KEYLEN forces the usage of a certain length of the key, this one
  1990. has been introduced only for avoiding the problem of using
  1991. a variable as KEY containing zeroes in it
  1992.  
  1993. examples:
  1994. Encryption aes "0123456789abcdef" "" 1 # encryption without ivec
  1995. Log MEMORY_FILE 0 SIZE
  1996. Encryption aes "0123456789abcdef" # decryption without ivec
  1997. Log "redecrypted_file.dat" 0 SIZE MEMORY_FILE
  1998. Encryption aes "\x12\x34\x56\x78"
  1999. set MEMORY_FILE binary "\x12\x34\x56\x78"
  2000. Encryption aes MEMORY_FILE
  2001. Encryption aes MY_VARIABLE
  2002. Encryption md5 ""
  2003.  
  2004. .......................................................................
  2005. Print MESSAGE
  2006. It prints a string in C notation with the values of the variables if
  2007. they are specified between two % chars.
  2008. It's also possible to specify the maximum amount of bytes to
  2009. visualize (or a variable containing such value) and if they must be
  2010. displayed in hex or dump mode specifying some flags after a '|' like
  2011. in the examples.
  2012.  
  2013. arguments:
  2014. MESSAGE C notation string, each %VAR% word is converted to its
  2015. value (cstring)
  2016.  
  2017. examples:
  2018. print "the variable OFFSET of the file %FILENAME% has the value %OFFSET%"
  2019. print "this is the first line\nthis is the second line\n"
  2020. print "variable %VAR% and %VAR2%"
  2021. print "variable %VAR|h% and %VAR2|hex%"
  2022. print "variable %VAR|3% and %VAR2|4%"
  2023. print "variable %VAR|3h% and %VAR2|h4%"
  2024. print "variable %VAR|dump16%"
  2025. print "variable %VAR|dumpVARSZ%"
  2026.  
  2027. .......................................................................
  2028. GetArray VAR ARRAY VAR
  2029. and
  2030. PutArray ARRAY VAR VAR
  2031. Experimental commands to save variables in bidimentional arrays.
  2032. They work on a dynamic array where is possible to store the
  2033. variables, something like a temporary place or a stack.
  2034. It's highly suggested to pre-allocate the array if you know the
  2035. max value, example: PutArray 0 FILES 0
  2036.  
  2037. examples:
  2038. PutArray 0 0 FIRST_VAR
  2039. PutArray 0 1 SECOND_VAR
  2040. GetArray FIRST_VAR 0 0
  2041. GetArray SECOND_VAR 0 1
  2042.  
  2043. .......................................................................
  2044. SortArray ARRAY [ALL]
  2045. Experimental sorting of the arrays in ascending order (like 0 to 99)
  2046. based on the values in the array ARRAY.
  2047. If ALL is different than zero then the sorting will affect ALL the
  2048. available arrays, which means that their positions will match those
  2049. of the sorted array.
  2050.  
  2051. examples:
  2052. putarray 0 0 "zzz"
  2053. putarray 0 1 "aaa"
  2054. putarray 0 2 "bbb"
  2055. sortarray 0
  2056. for i = 0 < 3
  2057. getarray TMP 0 i
  2058. print "%TMP%"
  2059. next i
  2060.  
  2061. .......................................................................
  2062. CallFunction NAME [KEEP_VAR] [ARG1] [ARG2] ... [ARGn]
  2063. StartFunction NAME
  2064. ...
  2065. EndFunction
  2066. Calling and declaration of a function identified by NAME where the
  2067. values of the variables are saved till the termination of the
  2068. function when they are restored.
  2069. It works very well for recursive archives like those used by "The
  2070. Void" and "Another Day".
  2071. So remember the rule: the content of the variables is restored when
  2072. the function terminates, except if you set KEEP_VAR to 1 in which
  2073. case any change is permament BUT the script will be faster.
  2074. It's a good idea to place all the functions (StartFunction till
  2075. EndFunction) at the end of the scripts.
  2076. It's also possible to pass optional arguments to the function, they
  2077. will have the name of the function plus ARGnumber, for example:
  2078. MYFUNCTION_ARG1 amd MYFUNCTION_ARG2.
  2079. Doesn't exist a return value at the moment.
  2080.  
  2081. arguments:
  2082. NAME name assigned to the function
  2083. KEEP_VAR set to 1 if you want to keep the content of the variables
  2084. without resetting them, in short words:
  2085. 0 = for recursive functions (default)
  2086. 1 = for normal functions that change variables
  2087. this is faster and suggested in most cases
  2088.  
  2089. examples:
  2090. watch thevoid.bms and fear.bms
  2091.  
  2092. .......................................................................
  2093. ScanDir PATH NAME SIZE [FILTER]
  2094. Function without a real usage, it simply scans the PATH folder and
  2095. fills the NAME and SIZE variables with the name and the size of
  2096. each file found.
  2097. At the moment this function doesn't have a purpose so ignore it.
  2098. Use -F in quickbms for filtering the scanned files if you used a
  2099. folder as input (I tell this because some users could think to use
  2100. this command for that purpose which is not needed).
  2101.  
  2102. arguments:
  2103. PATH must be ".", the current folder
  2104. NAME output variable which receives the name of the file, it
  2105. will be "" when there are no other files
  2106. SIZE output variable which receives the size of the file, it
  2107. will be -1 when there are no other files
  2108. FILTER same job as -F, this filter is valid only if -F wasn't
  2109. specified
  2110.  
  2111. examples:
  2112. For
  2113. ScanDir "." NAME SIZE
  2114. if NAME == ""
  2115. cleanexit
  2116. endif
  2117. Next
  2118. ...
  2119. For
  2120. ScanDir "." NAME SIZE "*.jpg"
  2121. if NAME == ""
  2122. cleanexit
  2123. endif
  2124. Next
  2125.  
  2126. .......................................................................
  2127. CallDLL DLLNAME FUNC/OFF CONV RET [ARG1] [ARG2] ... [ARGn]
  2128. This is the command which allows to use plugins inside QuickBMS.
  2129. the idea came from the possibility of using the custom
  2130. decompression/decryption functions (both exported and internals)
  2131. located in executables and dlls avoiding the boring reversing of
  2132. all the functions.
  2133. It works with both real files and MEMORY_FILEs (even if they contain
  2134. dll data!).
  2135. Unfortunately this is not much possible with the functions got from
  2136. executables where are used static variables due to some technical
  2137. reasons (memory addresses that don't match due to the different
  2138. relocation of the executable inside the memory), for example if the
  2139. function uses the memory between 006c0000 and 006d0000 it's highly
  2140. possible that such range of memory is not allocated or is already
  2141. in use because the executable has not been loaded (LoadLibrary) in
  2142. its original address because already occupied.
  2143. Obviously there are no problems with the DLLs.
  2144. Note that you can even use a dll inside a MEMORY_FILE but be sure
  2145. it's not packed because may not work.
  2146.  
  2147. arguments:
  2148. DLLNAME name of the dll or executable where is located the
  2149. function, example "mylib.dll"
  2150. QuickBMS can even load raw binary files that contain
  2151. only the dumped function... very useful
  2152. FUNC/OFF it can be the name of the function to import in which
  2153. case it must be exported by the dll/exe
  2154. or the relative offset where is located the function,
  2155. remember that the relative offset is NOT the absolute
  2156. one but it's the offset related to the image base of
  2157. the exe/dll (so if normally the dll loads at offset
  2158. 10000000 and the function is at 10012345 then the
  2159. offset is 0x12345)
  2160. CONV calling convention:
  2161. stdcall: aka winapi, used by default in Visual C
  2162. cdecl: used by almost any other C/C++ compiler
  2163. fastcall: Microsoft/gcc fastcall
  2164. borland: the fastcall convension used by the Borland
  2165. compilers like Delphi
  2166. watcom
  2167. pascal
  2168. safecall
  2169. syscall
  2170. optlink
  2171. carion
  2172. thiscall
  2173. RET the variable which will contain the value returned by
  2174. the function, use "" if there is no return value.
  2175. if you use *RET or &RET then the return value will be
  2176. copied in the RET variable as a string
  2177. [ARGS] all the arguments of the function, it's also possible
  2178. to use pointers to arguments if they are preceded by a
  2179. & or a * like &SIZE which means that the dll/code
  2180. receives the address of that variable and can modify
  2181. its content.
  2182. it works only with numeric variables
  2183.  
  2184. examples:
  2185. idstring LZ2K
  2186. get SIZE long
  2187. get ZSIZE long
  2188. log MEMORY_FILE 0xc ZSIZE
  2189. putvarchr MEMORY_FILE2 SIZE 0 # like malloc
  2190. #calldll "TransformersDemo.exe" 0x263c50 cdecl "" MEMORY_FILE MEMORY_FILE2 ZSIZE SIZE # 00663C50
  2191. calldll "unlzk.dll" "unlz2k" cdecl SIZE MEMORY_FILE MEMORY_FILE2 ZSIZE SIZE
  2192. log "dump.dat" 0 SIZE MEMORY_FILE2
  2193.  
  2194. .......................................................................
  2195. Put VAR TYPE [FILENUM]
  2196. ...
  2197. PutDString VAR LENGTH [FILENUM]
  2198. ...
  2199. PutCT VAR TYPE CHAR [FILENUM]
  2200. ...
  2201. These commands are EXACTLY like the Get* functions except for the
  2202. fact that they perform write operations.
  2203. For using these commands on a phisical file (so MEMORY_FILEs
  2204. excluded) MUST be used the -w option at runtime needed for both
  2205. technical and security reasons.
  2206. If you want to write a string without the NULL delimiter use:
  2207. putct "your_string" string -1
  2208.  
  2209. .......................................................................
  2210. GetBits VAR BITS [FILENUM]
  2211. This is an experimental function for reading bits from the files.
  2212. when you use a GoTo function or change the current offset of the
  2213. file with a Get* command the variable containing the bit position
  2214. (practically the amount of bits read from the previously byte taken
  2215. from the file) will be set to 0.
  2216. Note that the function is 100% endian compatible so the result
  2217. changes if you choose the little or big endian mode, remember it in
  2218. case the results don't match what you expected.
  2219.  
  2220. arguments:
  2221. VAR destination variable, can be a number if the bits are
  2222. from 0 to 32 or a string for major sizes
  2223. BITS number of bits to read
  2224. FILENUM number of the file associated to the archive (0)
  2225.  
  2226. .......................................................................
  2227. PutBits VAR BITS [FILENUM]
  2228. Write mode, same format as GetBits
  2229.  
  2230. .......................................................................
  2231. Include FILENAME
  2232. This command loads another script in the current one, it can be
  2233. useful if you have many general functions and you want to avoid to
  2234. copy&paste them in any new script with the problem of updating them
  2235. if needed.
  2236.  
  2237. include "general.bms"
  2238. ->
  2239. load general.bms
  2240. load current bms script
  2241.  
  2242. .......................................................................
  2243.  
  2244. QuickBMS can handle also some minimalistic and experimental C
  2245. structures like:
  2246.  
  2247. debug 1 # needed to show the collected information
  2248. struct test {
  2249. int var1;
  2250. char var2;
  2251. char *mystring;
  2252. uint8_t data[10];
  2253. }
  2254.  
  2255. These operations are all converted to Get* commands while they are
  2256. converted in Put* if there is a '=' after them, like:
  2257.  
  2258. debug 1
  2259. struct test {
  2260. int var1 = 0x11111111;
  2261. char var2 = 0x22;
  2262. char *mystring = "hello";
  2263. uint8_t data[10] = OTHER_VAR;
  2264. }
  2265.  
  2266. Maybe in future versions it could be improved but for the moment it's
  2267. classified as an experimental and secondary feature.
  2268.  
  2269.  
  2270. #######################################################################
  2271.  
  2272. ================================================
  2273. 5) Experimental input, output and other features
  2274. ================================================
  2275.  
  2276.  
  2277. From version 0.5.1 of QuickBMS I started to implement some alternative
  2278. input/output methods.
  2279. At the moment these alternatives cover the following operations:
  2280.  
  2281. - network socket operations specified by an URL like udp:// and tcp://
  2282. so the tool can be used to send custom packets and data via TCP and
  2283. UDP to one or more network hosts.
  2284. needed option: -n or -network
  2285. URL format:
  2286. tcp://host:port
  2287. tcp://host:port,ssl,force_new_socket
  2288.  
  2289. - process operations specified by an URL like process:// or memory://
  2290. and allow to read and write the various processes running on the
  2291. system.
  2292. needed option: -p or -process
  2293. URL format:
  2294. process://process_name
  2295. process://pid
  2296. process://pid:module_name
  2297.  
  2298. Experimental debug mode available by adding "debug" after the
  2299. parameters: process://pid/debug
  2300. in this way the process will be debugged by QuickBMS and when
  2301. there is a breakpoint or an exception the process will be freezed
  2302. and all the registers dumped in variables with their names.
  2303. additionally QuickBMS will keep in memory all the INT3 you set
  2304. and automatically restore them when you want to continue the
  2305. execution.
  2306. you can find an example script here:
  2307. http://aluigi.org/papers/bms/others/simraceway_getkey.bms
  2308.  
  2309. - audio operations specified by an URL like audio:// or wave://
  2310. and allow to record audio from the default input device (like
  2311. microphone) and play.
  2312. currently the "device" parameter is not used.
  2313. needed option: -A or -audio
  2314. URL format:
  2315. audio://device,sample_rate,channels,bits
  2316.  
  2317. - video operations specified by an URL like video:// or graphic://
  2318. and allow to grab the screen and display the images.
  2319. set window_name to null or none for using the whole screen in read
  2320. mode.
  2321. needed option: -g or -video
  2322. URL format:
  2323. audio://window_name,width,height,bits
  2324.  
  2325. - Windows messages specified by an URL like winmsg:// but at the moment
  2326. it's possible only to send messages and using 3 long numbers:
  2327. message, wparam and lparam.
  2328. needed option: -m or -winmsg
  2329. URL format:
  2330. winmsg://window_name
  2331.  
  2332. -----------------------------------------------------------------------
  2333.  
  2334. I had this crazy idea in my mind for over one year and I decided to
  2335. implement it now just because it's completely crazy and can work only
  2336. if the user uses the needed options at command-line for security
  2337. reasons.
  2338.  
  2339. After all QuickBMS implements a lot of algorithms so for me it's a lot
  2340. more comfortable to be able to use it for my tests with the network
  2341. data and I guess some modders could find useful the process operations
  2342. for dumping textures and other models directly from the memory.
  2343. In any case keep well in mind that this is all experimental stuff.
  2344.  
  2345. The following is an example script for the network operations:
  2346.  
  2347. log MEMORY_FILE 0 0
  2348. put 0x11111111 long MEMORY_FILE
  2349. put 0x22222222 long MEMORY_FILE
  2350. put 0x33333333 long MEMORY_FILE
  2351. put "hello" string MEMORY_FILE
  2352. put 0x44444444 long MEMORY_FILE
  2353. get SIZE asize MEMORY_FILE
  2354. log "tcp://127.0.0.1:1234" 0 SIZE MEMORY_FILE
  2355. log "udp://localhost:1234" 0 SIZE MEMORY_FILE
  2356.  
  2357. or
  2358.  
  2359. log MEMORY_FILE 0 0
  2360. put "GET / HTTP/1.0" line MEMORY_FILE
  2361. put "User-Agent: Mozilla" line MEMORY_FILE
  2362. put "Referer: http://localhost/test.htm" line MEMORY_FILE
  2363. put "" line MEMORY_FILE
  2364. get SIZE asize MEMORY_FILE
  2365. log "tcp://127.0.0.1:80" 0 SIZE MEMORY_FILE
  2366.  
  2367. command-line:
  2368. quickbms -n script.bms "" ""
  2369.  
  2370. While the following is a simple HTTP download that can be used with
  2371. quickbms -n script.bms "tcp://aluigi.org:80" "" > output.htm
  2372.  
  2373. get HOST filename
  2374. string HOST p= "Host: %s" HOST
  2375. put "GET / HTTP/1.1" line
  2376. put HOST line
  2377. put "User-Agent: Mozilla" line
  2378. put "Connection: close" line
  2379. put "" line
  2380. for
  2381. get DATA line
  2382. print "%DATA%"
  2383. next
  2384.  
  2385. Funny example that inverts the colors of the first notepad window:
  2386.  
  2387. set NAME string "video://notepad"
  2388. open "" NAME
  2389. get SIZE asize
  2390. filexor 0xff
  2391. log NAME 0 SIZE
  2392.  
  2393. launch notepad and then:
  2394. quickbms -g script.bms "" ""
  2395.  
  2396. how to close firefox:
  2397. put 18 long # WM_QUIT
  2398. put 0 long # wParam
  2399. put 0 long # lParam
  2400. quickbms -m script.bms "winmsg://firefox" ""
  2401.  
  2402. In future I could decide to add other operations and I'm interested in
  2403. any other idea.
  2404.  
  2405. Other experimental features are the support of the majority of commands
  2406. used in templates of WinHEX:
  2407. http://www.x-ways.net/winhex/templates/index.html
  2408.  
  2409. Usually these templates work immediately while sometimes it's necessary
  2410. only to separate some arguments manually like "arg1""arg2" to
  2411. "arg1" "arg2".
  2412.  
  2413. QuickBMS has also the great feature of dumping an HTML file with the
  2414. parsed format highlighted through the option -H.
  2415. This is a very cool feature that can help many people and doesn't
  2416. require additional modifications, just use the original BMS scripts as
  2417. usual.
  2418.  
  2419. The QuickBMS process supports some return code numbers, you can find
  2420. the list at the beginning of src\defs.h.
  2421. QUICKBMS_OK (success) is ever 0 while QUICKBMS_ERROR_* are referred to
  2422. problems.
  2423.  
  2424.  
  2425. #######################################################################
  2426.  
  2427. ========
  2428. 6) Notes
  2429. ========
  2430.  
  2431.  
  2432. The following are some exceptions in the usage of QuickBMS, not real
  2433. bugs but things that can't work (at least at the moment) due to the
  2434. very flexible nature of the tool or things that it's useful or
  2435. interesting to know:
  2436.  
  2437. x (SOLVED!)
  2438. Log "123.txt" OFFSET SIZE
  2439. It creates the file 123 and not 123.txt, this happens because "123.txt"
  2440. is considered a constant number due to the rule that everything
  2441. starting with a number (or a '-') is handled as a constant number.
  2442. This behaviour didn't happen with the previous versions of the tool
  2443. because wasn't used the number optimization which saves tons of cpu
  2444. cycles in some scripts.
  2445. From version 0.3.12 I decided to implement the full verification of
  2446. the string to know if it's a number or a string, luckily there is
  2447. almost no loss of performances
  2448.  
  2449. - Number and strings, due to the usage of the optimizations the following
  2450. script will NOT result in "mytest46600x12349999999999", the result will
  2451. be "mytest4660-1717986919":
  2452. set NAME string "mytest"
  2453. set NUM long 0x1234
  2454. string NAME += NUM
  2455. print "%NAME%"
  2456. set NUM string "0x12349999999999"
  2457. string NAME += NUM
  2458. print "%NAME%"
  2459. This is a good compromise because the previous situation is very very
  2460. "rare" and in any case can be bypassed using multiple "string NAME += chr"
  2461. and the gain in performance is incredible for the multiple in-script
  2462. operations, so this is the best solution.
  2463.  
  2464. x (SOLVED!)
  2465. set NAME string MEMORY_FILE
  2466. log NAME 0 0
  2467. It produces no phisical file because it's considered a MEMORY_FILE, it
  2468. happens because the dumping function receives "MEMORY_FILE" as output
  2469. file name.
  2470. At the moment there is no fix anyway it's a very very rare event
  2471. (never happened to find an archive containing a file with that name)
  2472. and so not a priority.
  2473. Fixed in version 0.5.17 by checking if the name of the file is the
  2474. name of a variable or its content.
  2475.  
  2476. - Any Clog operation with a compressed or uncompressed size minor/equal
  2477. than zero produces a file with a zero size, but this is not a problem
  2478. of the tool because it's the perfectly logical behaviour in these
  2479. situations.
  2480. If it's necessary to use a compression which gets the SIZE value
  2481. automatically (like base64 or stalker_lza) is enough to specify the
  2482. compressed size as uncompressed size:
  2483. clog NAME OFFSET ZSIZE ZSIZE
  2484. or
  2485. clog NAME OFFSET ZSIZE 1
  2486.  
  2487. ? (partially solved)
  2488. All the extracted files are loaded completely in memory before being
  2489. dumped for various technical reasons so if the file to dump has a
  2490. size of 800 megabytes this is the same size which will be allocated
  2491. in memory or even double or more if the file must be decompressed, so
  2492. it's good to have a good amount of free RAM when handling big archives
  2493. or at least a good virtual memory/swap space.
  2494. This mechanism is not used for files that don't require encryption
  2495. and compression in which case the operation is performed 1:1 using
  2496. a temporary buffer of only 1 megabyte.
  2497.  
  2498. - The tool has been created to be 100% compatible with the original
  2499. MexScript language and its syntax/logic, so I tried to add less new
  2500. commands as I could and if possible providing an alternative using
  2501. the original set of commands (for example the Strlen command and
  2502. "Set VAR strlen VAR"), I tried also to maintain the logic of the
  2503. program (for example encryptions and compressions applied in the
  2504. file operations only).
  2505. So if something looks complex it has been made for matching the
  2506. original structure and logic of the scripting language
  2507.  
  2508. - QuickBMS grants compatibility to the original MexScript language that
  2509. implements also some fixed variables like:
  2510. EXTRCNT, BytesRead, NotEOF, SOF, EOF
  2511. If you are writing a script for QuickBMS maybe try to avoid these
  2512. variable names
  2513.  
  2514. - QuickBMS uses many third party code (mainly compression) and even if
  2515. I tried to adjust them a bit unfortunately many of these external
  2516. functions were a disaster or missed any security requirement.
  2517. that's the reason why the comtype scanning feature causes so many
  2518. crashes with invalid data.
  2519. From version 0.5.5 I added a particular type of allocation management
  2520. that allows a better debugging of the code and at the same time
  2521. protects the heap from contiguous buffer overflow and underflow
  2522. (so it can do nothing versus "buff[0x11223344] = 'a'), it's not a
  2523. solution but at least helps me a lot and limits the problems caused
  2524. by third party unsecure code.
  2525. the only protection of the stack is -fstack-protector-all
  2526.  
  2527. - Security:
  2528. It's hard to make the tool completely safe anyway the following are
  2529. some notes and solutions:
  2530. - allocated memory set as read/write only with guarded page before and
  2531. after the buffer
  2532. - usage of gcc -fstack-protector-all
  2533. - user EVER prompted of activating dangerous features like the usage
  2534. of dlls and the calling of external executables
  2535. - some checks to avoid the problems caused by the big redundant code
  2536. of which QuickBMS is full (unfortunately)
  2537. - keep in mind that QuickBMS is mainly a testing tool in which I
  2538. preferred to insert strange and particular features rather than
  2539. making it let's say "secure" for any user, it's the responsibility
  2540. of the user to use only trusted scripts and paying attention to the
  2541. warnings displayed by the tool
  2542.  
  2543. - The EXECUTE mode of ComType and Encryption will grant compatibility
  2544. with any compression and encryption tool (command-line) based on
  2545. algorithms not yet supported by QuickBMS and at the same time avoids
  2546. the rush of trying to implement "everything" as soon as possible.
  2547. I used system() for this command just because I want that it
  2548. compatible with any possible program included those which require
  2549. input from stdin and output to console (example:
  2550. "file.exe < #INPUT# > #OUTPUT#").
  2551.  
  2552. x (SOLVED!)
  2553. Crash caused by HsSrv.dll.
  2554. The Asus Xonar and Unixonar drivers cause the crash of QuickBMS for the
  2555. following reason: HsSrv.dll is automatically injected in any process
  2556. and this dll checks all the allocated memory for the presence of a "MZ"
  2557. signature (the one used for the executables):
  2558. 1000B462 CALL DWORD PTR DS:[<&KERNEL32.VirtualQuery>]
  2559. 1000B468 TEST EAX,EAX
  2560. 1000B46A JBE SHORT 1000B4BE
  2561. 1000B46C CMP DWORD PTR SS:[EBP-24],1000 ; check if State is MEM_COMMIT
  2562. 1000B473 JNE SHORT 1000B48B
  2563. 1000B475 TEST WORD PTR SS:[EBP-20],0100 ; check if Protect contains PAGE_GUARD
  2564. 1000B47B JNZ SHORT 1000B48B
  2565. 1000B47D AND DWORD PTR SS:[EBP-4],00000000
  2566. 1000B481 CMP WORD PTR DS:[ESI],5A4D ; check if the buffer starts with MZ
  2567. QuickBMS uses a particular memory protection mechanism that in the
  2568. recent versions switched from PAGE_GUARD to PAGE_NOACCESS, that's
  2569. why HsSrv.dll crashes: if Protect contains PAGE_GUARD then it skips the
  2570. MZ check but now it's PAGE_NOACCESS.
  2571. Using MEM_COMMIT | MEM_RESERVE doesn't help to skip the code with the
  2572. first check because VirtualQuery returns only MEM_COMMIT.
  2573. Asus should fix the bug by checking if Protect is set to a non-readable
  2574. flag, I have NOT contacted them.
  2575. Some possible solutions are the following:
  2576. - disable the GX mode (emulated EAX) of the Asus driver
  2577. - disable the Asus HookSupport Manager application (HsMgr.exe)
  2578. - start QuickBMS with the -9 option (create a link)
  2579. - contact Asus! :)
  2580. Note that the problem seems to happen only when QuickBMS is launched
  2581. with the GUI (double-click) while it's calling the Windows API
  2582. GetOpenFileName.
  2583. From version 0.5.25c I use PAGE_GUARD to avoid any problem with buggy
  2584. third party drivers.
  2585.  
  2586.  
  2587. Other things to know or strange behaviours will be listed when I will
  2588. figure (or remember) them.
  2589.  
  2590. A curiosity for who is crazy for the optimizations of the compilers:
  2591. the PPMD (ppmd var.i rev.1) algorithm compiled with -O3 (gcc) is a lot
  2592. slower than if compiled with -O2 and not much different is the
  2593. situation of the other algorithms.
  2594. While with -Os the code is smaller (about 300kb the Windows exe) but
  2595. there is a loss of performances of max 15/20% with some algorithms
  2596. (like PPMD) and scripts with many get/putvarchr and math operations.
  2597.  
  2598.  
  2599. #######################################################################
  2600.  
  2601. ==========
  2602. 7) Support
  2603. ==========
  2604.  
  2605.  
  2606. QuickBMS, like the majority of my projects, is fully supported by me
  2607. and is ever in continous development for adding new encryption and
  2608. compression algorithms or fixing bugs because I'm the first user of
  2609. this tool and so I have a direct interest in it.
  2610.  
  2611. The latest version is available on the following website:
  2612.  
  2613. http://quickbms.aluigi.org
  2614.  
  2615. There are RSS feeds available on my website so stay tune for any update
  2616. of QuickBMS and my other tools:
  2617.  
  2618. http://aluigi.org/rss.php
  2619.  
  2620. Remember to contact me for any doubt or new idea regarding QuickBMS
  2621. via e-mail at aluigi@autistici.org
  2622.  
  2623. Alternatively you can also post your doubts in the Code section of the
  2624. Xentax forum on http://forum.xentax.com/viewforum.php?f=13
  2625.  
  2626. My forum on http://forum.aluigi.org is no longer supported but maybe
  2627. you can find some additional and old information and examples.
  2628.  
  2629. If you want to help QuickBMS it's enough that you spread the word about
  2630. it and make videos that show how easy is using it because often people
  2631. don't read this manual and they could have some difficulties.
  2632.  
  2633. In short, talk about it and you will help it.
  2634.  
  2635. QuickBMS wants to be THE EXTRACTION TOOL for almost everything so
  2636. "help it to help yourself" :)
  2637.  
  2638.  
  2639. #######################################################################
  2640.  
  2641. =====================
  2642. 8) Additional credits
  2643. =====================
  2644.  
  2645.  
  2646. QuickBMS uses various public-domain code and code released under
  2647. GPL/LGPL or other open source and free licences.
  2648.  
  2649. Compression:
  2650. - zlib, inflateback9 (for deflate64) and blast of Jean-loup Gailly and
  2651. Mark Adler http://www.zlib.net
  2652. - LZO of Markus F.X.J. Oberhumer http://www.oberhumer.com/opensource/lzo/
  2653. - LZSS, LZARI, LZHUF of Haruhiko Okumura
  2654. - unlzx.c of Erik Meusel
  2655. - LZMA and LZMA2 of Igor Pavlov http://www.7-zip.org
  2656. - bzip2 of Julian Seward http://www.bzip.org
  2657. - ascii85 partially derived from http://www.stillhq.com/svn/trunk/ascii85/decode85.c
  2658. - libmspack of Stuart Caie http://www.cabextract.org.uk/libmspack/
  2659. - lzjb from http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/fs/zfs/lzjb.c
  2660. - iMatix SFL compression http://download.imatix.com/pub/
  2661. - UCL of Markus F.X.J. Oberhumer http://www.oberhumer.com/opensource/lzo/
  2662. - code from the uncompress utility of "The Regents of the University of California"
  2663. - Dynamic Markov Compression implementation of Gordon V. Cormack
  2664. http://plg1.cs.uwaterloo.ca/~ftp/dmc/dmc.c
  2665. - many algorithms from ScummVM
  2666. http://scummvm.sourceforge.net
  2667. - bpe of Philip Gage http://www.csse.monash.edu.au/cluster/RJK/Compress/bpd.c
  2668. - QuickLZ of Lasse Mikkel Reinhold http://www.quicklz.com
  2669. - Quake 3 Huffman code of Id Software http://www.idsoftware.com
  2670. - mszh from the LossLess Codec Library
  2671. - Doom Huffman code from the Doom/Hexen source code
  2672. - aPLib of Jшrgen Ibsen http://www.ibsensoftware.com/products_aPLib.html
  2673. - LZF of Marc Alexander Lehmann http://home.schmorp.de/marc/liblzf.html
  2674. - LZ77 of Arkadi Kagan http://compressions.sourceforge.net/about.html
  2675. - LZRW1 of Ross Williams http://www.ross.net/compression/lzrw1.html
  2676. - an Huffman implementation of Bill Demas on LDS
  2677. - the FIN algorithm (useless and very close to LZSS) on LDS
  2678. - LZAH/LZH12/13 of Dik T. Winter http://homepages.cwi.nl/~dik/english/ftp.html
  2679. - GRZipII/libGRZip of Grebnov Ilya (only the win32 code is linked to it
  2680. because it's composed by many files and it's not a priority)
  2681. - rle of Chilkat Software http://www.chilkatsoft.com/chilkatdx/ck_rle.htm#source
  2682. - Quad of Ilia Muraviev http://quad.sourceforge.net
  2683. - Balz of Ilia Muraviev http://balz.sourceforge.net
  2684. - unshrink of Info-Zip http://www.info-zip.org/UnZip.html
  2685. - PPMd algorithms of Dmitry Shkarin http://compression.ru/ds/
  2686. - BriefLZ of Jшrgen Ibsen http://www.ibsensoftware.com/download.html
  2687. - PAQ6 of Matt Mahoney http://cs.fit.edu/~mmahoney/compression/paq.html#paq6
  2688. - shcodec of Simakov Alexander http://webcenter.ru/~xander/
  2689. - hstest of tom ehlert
  2690. - SixPack of Philip G. Gage
  2691. - ashford of Charles Ashford
  2692. - JCALG1 of Jeremy Collake http://www.bitsum.com/jcalg1.htm
  2693. - jam/unjam of W. Jiang
  2694. - lzhlib of Haruhiko Okumura and Kerwin F. Medina for the adaptation of the code
  2695. - Srank P M Fenwick http://www.cs.auckland.ac.nz/~peter-f/FTPfiles/srank.c
  2696. - Zziplib/Zzlib of Damien Debin http://damiendebin.net/archives/zzip/download.php#zzlib
  2697. - scpack of Philip Gage
  2698. - rle3 and bpe2:
  2699. http://musyozoku211.blog118.fc2.com/blog-entry-13.html
  2700. http://blog-imgs-17.fc2.com/m/u/s/musyozoku211/bpe2.txt
  2701. http://blog-imgs-17.fc2.com/m/u/s/musyozoku211/rle3.txt
  2702. - Basic Compression Library of Marcus Geelnard http://bcl.comli.eu
  2703. - SCZ of Carl Kindman http://scz-compress.sourceforge.net
  2704. - szip of HDF Group http://www.hdfgroup.org/doc_resource/SZIP/
  2705. - sr3c of Kenneth Oksanen http://cessu.blogspot.com
  2706. - Huffman library of Douglas Ryan Richardson http://huffman.sourceforge.net
  2707. - SFastPacker of Aleksey Kuznetsov http://www.utilmind.com/delphi3.html
  2708. - lz77wii of Hector Martin http://wiibrew.org/wiki/Wii.py
  2709. - prs 8ing code posted by tpu http://forum.xentax.com/viewtopic.php?p=30387#p30387
  2710. - puyo compressions of not.nmn and nickwor http://code.google.com/p/puyotools/
  2711. - falcom compression of http://www.geocities.jp/pokan_chan/
  2712. - cpk of hcs http://hcs64.com/files/utf_tab04.zip
  2713. - DSDecmp/goldensun/luminousarc of Barubary http://code.google.com/p/dsdecmp/
  2714. - pglz_decompress PostgreSQL Global Development Group http://www.postgresql.org/
  2715. - SLZ: versions of Adisak Pochanayon and CUE
  2716. - LZH-Light of Sergey Ignatchenko ftp://66.77.27.238/sourcecode/cuj/1998/cujoct98.zip
  2717. - d3101 of Advanced Hardware Architectures/HP
  2718. - squeeze (R. Greenlaw, Amiga port by Rick Schaeffer ???)
  2719. - some algorithms of Mark Nelson & Jean-loup Gailly from The Data Compression Book
  2720. - Ed Ross Data Compression
  2721. - ilzr of Jose Renau Ardevol
  2722. - some code from the C User's Journal
  2723. - dmc by T.L. Yu
  2724. - 'Uses libLZR by BenHur' http://www.psp-programming.com/benhur/
  2725. - lzs of Matthew Chapman http://www.rdesktop.org
  2726. - yaz0 of thakis (http://www.amnoid.de/gc/)
  2727. - RNC by Jon http://www.yoda.arachsys.com/dk/
  2728. (previouly I used a fork made by Simon Tatham)
  2729. - PAK_explode of Cyril VOILA
  2730. - The KENS Project Development Team
  2731. - dragonballz by Geoffrey W. Curtis
  2732. - unstargun by Adam Nielsen / The_coder
  2733. - ntcompress from Nintendo Wii Revolution SDK
  2734. - crle of Arkadi Kagan http://compressions.sourceforge.net/about.html
  2735. - CTW by Frans Willems http://www.ele.tue.nl/ctw
  2736. - DACT by Roy Keene http://www.rkeene.org/oss/dact/
  2737. - algorithms by Brendan G Bohannon http://bgb-sys.sourceforge.net
  2738. - lzpxj by Ilia Muraviev and Jan Ondrus http://sourceforge.net/projects/lzpx/
  2739. - rle from ftp://ftp.elf.stuba.sk/pub/pc/pack/mar.rar
  2740. - rle from http://gdcm.sourceforge.net
  2741. - dict from http://freearc.org/download/research/dict.zip
  2742. - rep from http://freearc.org/download/research/rep.zip
  2743. - lzp by Dmitry Shkarin http://www.compression.ru/ds/lzp.rar
  2744. - kzip by Ken Silverman http://advsys.net/ken/utils.htm
  2745. - enet http://enet.bespin.org
  2746. - eduke32 http://eduke32.com
  2747. - xu4 - Ultima IV recreated http://sourceforge.net/projects/xu4/
  2748. - Lemur http://www.lemurproject.org
  2749. - lzfu by Dave Smith and Carl Byington http://www.five-ten-sg.com/libpst/
  2750. - he3 by Eric Prevoteau http://savannah.nongnu.org/projects/dctc/
  2751. - Ultima Iris http://www.iris2.de http://ultimairis.sourceforge.net
  2752. - http://sourceforge.net/projects/linux-ntfs/
  2753. - pdb2txt http://code.google.com/p/pdb2txt/
  2754. - Comprlib http://sourceforge.net/projects/comprlib/
  2755. - prs by Fuzziqer http://www.fuzziqersoftware.com/projects.html
  2756. - sega_lz77 converted from an ICE decompression tool developed by
  2757. scriptkiddie (XentaX's forum)
  2758. - saint_seya compression by MrAdults (Seсor Casaroja's Noesis)
  2759. http://forum.xentax.com/viewtopic.php?p=52279#p52279
  2760. - lz4 by Yann Collet http://code.google.com/p/lz4/
  2761. - Snappy http://code.google.com/p/snappy/
  2762. - Lunar compression dll by FuSoYa http://fusoya.eludevisibility.org
  2763. - lzv1 by Hermann Vogt
  2764. - FastLZ by Ariya Hidayat http://fastlz.org
  2765. - zax http://code.google.com/p/zax/
  2766. - data-shrinker by fusiyuan http://code.google.com/p/data-shrinker/
  2767. - mmini by Adam Ierymenko http://code.google.com/p/mmini/
  2768. - clzw by Vladimir Antonenko http://code.google.com/p/clzw/
  2769. - lzham by Richard Geldreich http://code.google.com/p/lzham/
  2770. - lpaq8 by Matt Mahoney http://www.cs.fit.edu/~mmahoney/compression/
  2771. - sega_lzs2 by Treeki
  2772. - Core Online decompression by Ekey http://www.progamercity.net
  2773. - lzlib http://lzip.nongnu.org/lzip.html
  2774. - some compression tools from http://www.romhacking.net
  2775. - pucrunch by Pasi 'Albert' Ojala
  2776. - libzpaq by Matt Mahoney http://mattmahoney.net/dc/zpaq.html
  2777.  
  2778. Encryption:
  2779. - all the algorithms provided by OpenSSL http://www.openssl.org
  2780. - xtea from PolarSSL http://www.polarssl.org
  2781. - some encryption algorithms from GnuPG and libgcrypt http://www.gnupg.org
  2782. - ICE of Matthew Kwan http://www.darkside.com.au/ice/index.html
  2783. - Rotor module from the Python source code
  2784. - http://mcrypt.sourceforge.net
  2785. - all the various public algorithms implemented in version 0.4.1 like
  2786. 3way, anubis, gost, skipjack and so on
  2787. - libkirk of Draan http://code.google.com/p/kirk-engine/
  2788. - PC1 Encryption Algorithm of Alexander Pukall http://membres.multimania.fr/pc1/
  2789. - LibTomCrypt http://libtom.org/?page=features&newsitems=5&whatfile=crypt
  2790. - libmcrypt http://sourceforge.net/projects/mcrypt/files/Libmcrypt/
  2791.  
  2792. Others:
  2793. - MemoryModule of Joachim Bauch https://github.com/fancycode/MemoryModule
  2794. - various signatures from http://mark0.net/soft-trid-e.html
  2795. - various signatures from http://toorcon.techpathways.com/uploads/headersig.txt
  2796. - Ollydbg disasm library http://www.ollydbg.de
  2797. - optional BeaEngine dissassembler library http://www.beaengine.org
  2798. (maybe will be used in future, not now)
  2799. - uthash and utlist http://troydhanson.github.io/uthash/
  2800. - optimized QuickBMS icon by Jan Vorel
  2801.  
  2802. Notes:
  2803. - some (many?) of the original codes have been modified a bit to make
  2804. them usable in QuickBMS for the memory2memory (aka in-memory)
  2805. decompression and for other possible fixes or for reducing the amount
  2806. of code (for example removing the compression routine leaving only the
  2807. decompression one)
  2808. note that I avoided to make this third-party code more secure because
  2809. it's not the job of QuickBMS, so almost all the code (except some
  2810. rare cases) has been used "as-is", the only limitations come from the
  2811. general protection mechanisms adopted in QuickBMS like my heap
  2812. handling and -fstack-protector-all
  2813. - the files/libraries which have been modified have the header
  2814. "// modified by Luigi Auriemma" which is meant just to show that it's
  2815. not the 100% original code and it must be NOT considered like a credit
  2816. (so I claim nothing about them, the original license and authors are
  2817. still untouched)
  2818. - if the files have been modified or don't have the original license
  2819. information (could happen only with small functions that didn't
  2820. contain a license header in origin) please follow the provided links
  2821. for more details
  2822. - almost all the algorithms implemented here have been selected because
  2823. have or could have been used or it has been claimed to have been used
  2824. in real software/games or they are enough known to deserve their
  2825. implementation in QuickBMS, then I prefer to have many algorithms
  2826. implemented also to help my compression and encryption scanners
  2827. (comtype_scan2.bat/bms and encryption_scan.bat/bms)
  2828. - tell me if I forgot someone/something in this section, my memory and
  2829. level of attention are quite ridiculous so it's highly possible that
  2830. some credits are not complete.
  2831. and tell me also if it's necessary to include other files or comments
  2832. inside these third-party files or about them.
  2833. I included the list to the original websitest as additional reference
  2834. also for having major information about their license in case the
  2835. included files don't have it in their comments (/* */)
  2836.  
  2837.  
  2838. #######################################################################
RAW Paste Data