04 Sep 2020

Hacking resources for fun and no profit, part 1

In this article I'll show how I made VMWare Workstation 15 awesome again using a little-known Resource Hacker feature called "scripting".

But first, a bit of background..

Upgrade of VMWare

People who know me know that I prefer stable, tried-and-true solutions. Be it my primary operating system, the tools I'm using or things I eat for breakfast. Once I know that something is good, I don't want to change it.

So, for a long time I was using VMWare Workstation 10. It just worked. But as the new versions of Windows came out, they started requiring hypervisor to support some specific features. Otherwise it just won't work. For example, to be able to install Windows 10 1803, you will need VMWare 14.x. To install Windows 10 1903, you will need VMWare 15.x.

And so, after a long time of holding out, I decided to upgrade.

Installation went fine, VMWare started up and I was greeted with this:

Can you tell me whether the network card is enabled? Printer? Sound card?

Here, I'll enlarge that gray piece of crap. Can you tell me now?

If you had to look or think twice, the new icons failed to do their job.

Who the hell designed these new icons? They are all gray-fucking-teal. Where are the colors? Colors are important part of user experience, we use colors every day to quickly judge situations and make decisions!

Also, in my opinion, these icons look like they have been beaten by the ugly stick. confused

Just for comparison, here's how it looked like in VMWare 10:

Everything is crystal clear here - colourless icon means "disabled", coloured icon with a green dot means "enabled". Activity is indicated by green dot turning light-green.

No, this is not going to work. I need my pretty VMWare 10 icons back!

Scripting Resource Hacker

Quick look around tells us that all icons are located in the vmapputil.dll. My first idea was to take Resource Hacker and replace few icons manually. But as it turns out, there are ~700 icons in the DLL. smile Of course, I could manually go through all of them, choose the most important ones and replace them.

Well, no. That will take too much time and I'm not a trained monkey. Let's automate that thing!

First, we need to extract all pretty icons from the old VMWare DLL. You can do it using Resource Hacker by right-clicking the "Icon" and choosing "Save [Icon] resources...". You'll get an .RC file and lots of ICO files in a folder.

Next, we need to replace corresponding icons in the new VMWare DLL. Using GUI, you can only replace one icon at a time. But Resource Hacker also supports command-line and scripts. Time to read the fabulous manual! smile

syntax: ResHacker.exe -script ScriptFile
ScriptFile is a text file with the following layout:
//comments are preceded by double slashes

-addoverwrite ResourceSrc, ResourceMask

-addoverwrite MainIcon.ico, ICONGROUP,MAINICON,0

OK, that looks reasonable.

To make a huge script replacing all the icons, I'll use the .RC file we got earlier and some magic of search and replace. This is what we have now:

and this is what we want to get:

Depending on your text editor, one regex could be enough. Maybe two regexes. Maybe a regex and some cut-and-paste of text blocks. Just for the learning purposes I used Visual Studio editor:

Then I ran Resource Hacker using command line ResourceHacker.exe -script myscript.txt and here's the final result:

So much better! smile


Sometimes reversing is not about breaking some copy-protection or figuring out what some malware does. Sometimes it's just for a little bit of fun and entertainment.

Keep reversing fun!

15 thoughts on “Hacking resources for fun and no profit, part 1

  1. For sure, this feature of resource hacker was unknown to me: I'm not exactly the kind of person who reads fully the manuals. :P

    A fast look at the 'Quick start' section and I'm done with them, LoL.

    So thanks a lot: you made me rembember resource hacker has indeed a manual ;)

    Best Regards

        • It's a LUA based scripting language.

          Quick Example (ReplaceResource.cff):

          Run with:
          "CFF Explorer.exe" ReplaceResource.cff

          Just My two cents.

          Best Regards,

          • Not a typo, just WordPress removing everything that looks-like-an-html-tag™. Tried to fix that, see if it's any better now?

          • Much better, thank you!
            Anyway, the important was you got the idea ;)

            The typo I was referring to is this one:

            Should have been:

            There were too much handles :D

            Thanks a lot and Best Regards,

  2. Hello master kao, i know this is out of the topic can you check this new mmorpg game name Talisman Online Mobile? If we can bypass the game protection .

    • Perhaps you could tell me what is protected in that game? I quickly looked at the Assembly-CSharp.dll, and it is not even obfuscated.

      • Hello sir Kao, you mean you can alter the game? like modding the game with unlimited diamonds and other features in the current game?

        • No, I mean that there is no protection in Assembly-CSharp.dll :)

          I don't mod games, I just research game protection mechanisms. Talisman is "always online" game. I believe that you will not be able to get unlimited diamonds because player inventory is likely stored on servers.

          • ahh, I see :) thank you for this clarification sir Kao I always admire your work when it comes to protection :) kudos! anyways, if you have time sir, these hide features in molebox still got no update? like we were still using the text? to unpack the hide names?

  3. [x] Looks like this file is protected with Enigma Protector, not Enigma Virtual Box.
    [x] It is not supported by my unpacker

    what can i do
    where I can found Enigma Protector unpack

Leave a Reply

  • Be nice to me and everyone else.
  • If you are reporting a problem in my tool, please upload the file which causes the problem.
    I can`t help you without seeing the file.
  • Links in comments are visible only to me. Other visitors cannot see them.

Your email address will not be published.

eight  −  three  =