RainyShadow Posted June 21, 2020 Share Posted June 21, 2020 (edited) 12 minutes ago, jaclaz said: Have you actually tried that program on the specific ETDCtrl.exe? got a link to that? You two often go on about this and that version, but the search doesn't seem to show all results. I'm not going through 50 pages looking for some buried address... Edited June 21, 2020 by RainyShadow Link to comment Share on other sites More sharing options...
dencorso Posted June 21, 2020 Share Posted June 21, 2020 26 minutes ago, RainyShadow said: Why Hex editing? Professional PE file Explorer - double-click the .DLL/import/checksum/etc. and type a new one, save, done. Because using an Exocet to swat a fly is a bit of an overreaction, isn't it? Link to comment Share on other sites More sharing options...
jaclaz Posted June 21, 2020 Share Posted June 21, 2020 Just now, RainyShadow said: got a link to that? Naah, there is the whole driver (and its incredible amount of bloat, 123 MB) : https://pcsupport.lenovo.com/cr/en/products/laptops-and-netbooks/lenovo-g-series-laptops/lenovo-g505s-notebook/downloads/ds035770 jaclaz Link to comment Share on other sites More sharing options...
RainyShadow Posted June 21, 2020 Share Posted June 21, 2020 1 minute ago, dencorso said: Because using an Exocet to swat a fly is a bit of an overreaction, isn't it? No clue what that is. At least they're not using debug for DOS, lol. btw. don't be mislead by "Professional" in the name, it's a small, free program, not some bloated crap. Link to comment Share on other sites More sharing options...
jaclaz Posted June 21, 2020 Share Posted June 21, 2020 Just now, dencorso said: Because using an Exocet to swat a fly is a bit of an overreaction, isn't it? But this is not the case,, it seems like specifically the suggested program does not (cannot) see the way the .dll is checked/accessed (which is seemingly non-standard), if you prefer, it is more like the usefulness of a bycicle to a fish: https://www.fishonabike.com/guinness.htm jaclaz 1 Link to comment Share on other sites More sharing options...
dencorso Posted June 21, 2020 Share Posted June 21, 2020 1 Link to comment Share on other sites More sharing options...
RainyShadow Posted June 21, 2020 Share Posted June 21, 2020 OK, in this specific case you can't edit the imports from ETDFavorite.dll... but only because there are none. It's not a fault of the tool used. But at least it lets you easily search for the strings I actually found that program when looking for something to easily edit the SmartGesture driver some 50 pages ago... Link to comment Share on other sites More sharing options...
Dave-H Posted June 21, 2020 Author Share Posted June 21, 2020 5 hours ago, jaclaz said: Yep, that hexedit i correct , but it is not enough, later there is another call to ETDFavorite.dll. Try doing also: 0x2695: 5E -> 90 0x2292: FF 15 1C 54 58 00 -> 90 90 90 90 90 90 Will it work? Hint: use FC /B to check the patching , here I edited ETDCtrl.exe and the original is saved by TinyHexer as ETDCtrl.exe.bak: fc /b ETDCtrl.exe ETDCtrl.exe.bak Confronto in corso dei file ETDCtrl.exe e ETDCTRL.EXE.BAK 00002292: 90 FF 00002293: 90 15 00002294: 90 1C 00002295: 90 54 00002296: 90 58 00002297: 90 00 00002643: 4C 53 00002695: 90 5E jaclaz OK, I did those hex edits, and ETDCtrl.exe no longer crashes on start, and appears to be running fine. However, the driver is now at the default settings (although they are still shown as correct in ETDAniconf.exe), and there is no icon in the system tray. "Stop Device" no longer works on the Mouse properties tab either. Link to comment Share on other sites More sharing options...
Dave-H Posted June 21, 2020 Author Share Posted June 21, 2020 I've just noticed that your FC printout says 00002643: 4C 53. Did you not say earlier to change the 53 to AC? Which one is right, AC or 4C? Link to comment Share on other sites More sharing options...
jaclaz Posted June 22, 2020 Share Posted June 22, 2020 4C is the correct value, typo . It is well possible that, once the patch is (theoretically) correct, the ETDCtrl.exe does not error out but still doesn't work. If it works, good, if it doesn't we will need to keep the ETDFavorite.dll, it is simply not worth the effort to find more elegant (and more correct/complete) way to patch it. @RainyShadow Waiter, come taste the soup ... https://www.imdb.com/title/tt0094898/quotes/qt1099763 Ah-ha! As said, that program is nice, but it is not suitable for this file and, as a general tool I still prefer CFF explorer (which is a well not suitable for this specific file). jaclaz Link to comment Share on other sites More sharing options...
Dave-H Posted June 22, 2020 Author Share Posted June 22, 2020 (edited) I corrected the value at 02643, but no difference I'm afraid. Strangely though, my FC printout includes changed values at 0150 and 0151, which i'm pretty sure I didn't do! Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. D:\Users\Dave>f: F:\>fc /b etdctrl.exe etdctrl.exe.bak Comparing files ETDCtrl.exe and ETDCTRL.EXE.BAK 00000150: BC 7D 00000151: 62 E9 00002292: 90 FF 00002293: 90 15 00002294: 90 1C 00002295: 90 54 00002296: 90 58 00002297: 90 00 00002643: 4C 53 00002695: 90 5E F:\> Any idea how that might have crept in? Should I return the values to their defaults? EDIT: Just had a thought, is that the result of removing the Favorites menu? Edited June 22, 2020 by Dave-H Addition Link to comment Share on other sites More sharing options...
jumper Posted June 22, 2020 Share Posted June 22, 2020 Timestamp or checksum? Link to comment Share on other sites More sharing options...
Dave-H Posted June 22, 2020 Author Share Posted June 22, 2020 Ah yes, I did run PEChecksum on it earlier at dencorso's recommendation, so that is probably it! So, I guess this isn't going to work. A shame, because we were going to include a modified ETDCtrl.exe anyway because of losing the the Favorites menu, and it would have been nice to get rid of ETDFavorite.dll as well, but never mind! Link to comment Share on other sites More sharing options...
jaclaz Posted June 22, 2020 Share Posted June 22, 2020 No matter if the "Favorites menu" is ever called, the ETDCtrl.exe looks for ETDFavorite.dll and checks the addresses of the four functions in it. This is roughly what I bypassed with the : 00002643: 4C 53 00002695: 90 5E BTW, this is (temporarily) inverting the logic, i.e. if ETDFavorite.dll is present, the ETDCtrl.exe will surely crash. Later it calls the ETDFavorite.dll and this is what I tried to bypass with: 00002292: 90 FF 00002293: 90 15 00002294: 90 1C 00002295: 90 54 00002296: 90 58 00002297: 90 00 then (here) the ETDCtrl.exe runs, but since it doesn't really-really run (because it finds not the hardware) and (here) no icon in the systray is ever created, I have no way to check if there are other calls to ETDFavorite.dll (and those will of course create a crash). jaclaz Link to comment Share on other sites More sharing options...
Dave-H Posted June 23, 2020 Author Share Posted June 23, 2020 (edited) OK, so I guess we leave this as it is then? Do you still want to investigate whether any of the at present hidden functions work? Edited June 23, 2020 by Dave-H Typo Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now