r0k
January 28th, 2013, 09:42 AM
Hi there. I'm sure there are very few places where this question might find an answer, but this is probably one of them.
Does anyone know what encoding MS used for their UI dlls and how to decode them?
In preview releases of Win8, some UI elements like the Charms Bar were controlled by plain text xml files stored in various dlls. However, now they are no longer readable, probably binary encoded for faster processing and to stop low level hackers from messing with them:sigh:
Here is an example, this was in authUI-dll and is the last plain text xml in this dll
<duixml>
<ShutdownUI
resid="main"
id="atom(ShutdownMain)"
layout="filllayout()"
sheet="ShutdownUIStyle"
>
<ChoiceMenu
id="atom(ShutdownChoices)"
layout="borderlayout()"
active="mouse|keyboard|pointer"
>
<ItemList
id="atom(ChoiceList)"
layout="verticalflowlayout(0,3,3,0)"
active="mouse|pointer"
behaviors="DUI70::ScrubBehavior()"
/>
</ChoiceMenu>
+++++ SNIP ++++++
Most data however, opens as binary junk in a text editor, and is not much better in an hex editor (even thought you can still see some of the text in an hex editor). This is one of the UI ressources from Windows-UI-Immersive-dll opened in HxD. Notice the duib header where text ressources had duixml
duib....$...`.......................<...7......€€..€.€...€.€.€.."€...€...€...€..........A....€...€.€.€...€..
..€.€...€?€P..€.€.€.€...€&€.€...€?€.....€.€.€...€...€...€...€.......€.....€q..€.€...€.€.€*€.€...€?€.€&€.€.....€`..
€.€...€.€.€...€...€'€.€..!..€.€...€ .!.!..€"..€#.!..€.€$..€ .!.!..€%..€#.!..€.€&..€ .!.!..€'..€#.!..€.€(..€
.!.!..€)..€#.!..€.€*..€ .!.!..€+..€#....€.......€...€ ..€.€...€,....€.€..A.-..€...€/.!€0..€1....€.€2...-..€3
....€...€...€.€..!....€4.%€5....€...€.€..!..€$€6.#€7....€...€.€.....€#€8....€!.!.9...:..€....%€5....€.€
....€#€;....€...€.€.....€#€<....€...€.€.....€.€=....€...€...€...€0...>...............t...Œ...¦...¾...Ò...ü
.......(...n...„...¢...Ê...Ü...ú...............>...V...l...v...–...¤...Ì...ð...........&...F...v...˜...°...Ì.......
B...^...Ž...ª...Ú...ö...&...B...º...Ö...â...î...".......H...t...Ô...Þ...ê.......H...Z...r...¢...Î...m.a.i.n...
p.a.n.e...r.e.s.s.t.r.(.8.7.1.7.,. .l.i.b.r.a.r.y.(.W.i.n.d.o.w.s...U.I...I.m.m.e.r.s.i.v.e...d.l.l.).)
...A.t.o.m.(.P.o.p.u.p.)...f.i.l.l.l.a.y.o.u.t.(.)...D.i.a.l.o.g.S.t.y.l.e...b.e.h.a.v.i.o.r.s...P.V.L.:
.:.A.n.i.m.a.t.i.o.n.T.r.a.p.(.)...D.i.a.l.o.g.R.o.o.t...B.a.c.k.B.u.t.t.o.n...m.o.u.s.e.|.p.o.i.n.t.e.r.|
.k.e.y.b.o.a.r.d.|.n.o.s.y.n.c.f.o.c.u.s...p.u.s.h.b.u.t.t.o.n...A.t.o.m.(.U.p.B.u.t.t.o.n.)...A.t.o.m.(.D.i.
Now, i guess if we can find the right encoding, it would be possible to decode those ressources, mess with them like it was possible in preview releases, then re-encode them and maybe this wouldn't break Windows :cunning: (i plan to mess with those files in VMs anyway).
However, i tried decoding those files as Fast Infoset and EXI formats, but that didn't work.
So, does someone knows how to decode those files? There are probably many more encodings to try, but i'm far from knowing them all. Unfortunately, I consider myself one of those "low level hackers" i mentioned above.
BTW : sorry for the "-" instead of "." in the dll names, but the forum engine thinks i'm trying to post links and refuses my posts if i leave a dot.
Does anyone know what encoding MS used for their UI dlls and how to decode them?
In preview releases of Win8, some UI elements like the Charms Bar were controlled by plain text xml files stored in various dlls. However, now they are no longer readable, probably binary encoded for faster processing and to stop low level hackers from messing with them:sigh:
Here is an example, this was in authUI-dll and is the last plain text xml in this dll
<duixml>
<ShutdownUI
resid="main"
id="atom(ShutdownMain)"
layout="filllayout()"
sheet="ShutdownUIStyle"
>
<ChoiceMenu
id="atom(ShutdownChoices)"
layout="borderlayout()"
active="mouse|keyboard|pointer"
>
<ItemList
id="atom(ChoiceList)"
layout="verticalflowlayout(0,3,3,0)"
active="mouse|pointer"
behaviors="DUI70::ScrubBehavior()"
/>
</ChoiceMenu>
+++++ SNIP ++++++
Most data however, opens as binary junk in a text editor, and is not much better in an hex editor (even thought you can still see some of the text in an hex editor). This is one of the UI ressources from Windows-UI-Immersive-dll opened in HxD. Notice the duib header where text ressources had duixml
duib....$...`.......................<...7......€€..€.€...€.€.€.."€...€...€...€..........A....€...€.€.€...€..
..€.€...€?€P..€.€.€.€...€&€.€...€?€.....€.€.€...€...€...€...€.......€.....€q..€.€...€.€.€*€.€...€?€.€&€.€.....€`..
€.€...€.€.€...€...€'€.€..!..€.€...€ .!.!..€"..€#.!..€.€$..€ .!.!..€%..€#.!..€.€&..€ .!.!..€'..€#.!..€.€(..€
.!.!..€)..€#.!..€.€*..€ .!.!..€+..€#....€.......€...€ ..€.€...€,....€.€..A.-..€...€/.!€0..€1....€.€2...-..€3
....€...€...€.€..!....€4.%€5....€...€.€..!..€$€6.#€7....€...€.€.....€#€8....€!.!.9...:..€....%€5....€.€
....€#€;....€...€.€.....€#€<....€...€.€.....€.€=....€...€...€...€0...>...............t...Œ...¦...¾...Ò...ü
.......(...n...„...¢...Ê...Ü...ú...............>...V...l...v...–...¤...Ì...ð...........&...F...v...˜...°...Ì.......
B...^...Ž...ª...Ú...ö...&...B...º...Ö...â...î...".......H...t...Ô...Þ...ê.......H...Z...r...¢...Î...m.a.i.n...
p.a.n.e...r.e.s.s.t.r.(.8.7.1.7.,. .l.i.b.r.a.r.y.(.W.i.n.d.o.w.s...U.I...I.m.m.e.r.s.i.v.e...d.l.l.).)
...A.t.o.m.(.P.o.p.u.p.)...f.i.l.l.l.a.y.o.u.t.(.)...D.i.a.l.o.g.S.t.y.l.e...b.e.h.a.v.i.o.r.s...P.V.L.:
.:.A.n.i.m.a.t.i.o.n.T.r.a.p.(.)...D.i.a.l.o.g.R.o.o.t...B.a.c.k.B.u.t.t.o.n...m.o.u.s.e.|.p.o.i.n.t.e.r.|
.k.e.y.b.o.a.r.d.|.n.o.s.y.n.c.f.o.c.u.s...p.u.s.h.b.u.t.t.o.n...A.t.o.m.(.U.p.B.u.t.t.o.n.)...A.t.o.m.(.D.i.
Now, i guess if we can find the right encoding, it would be possible to decode those ressources, mess with them like it was possible in preview releases, then re-encode them and maybe this wouldn't break Windows :cunning: (i plan to mess with those files in VMs anyway).
However, i tried decoding those files as Fast Infoset and EXI formats, but that didn't work.
So, does someone knows how to decode those files? There are probably many more encodings to try, but i'm far from knowing them all. Unfortunately, I consider myself one of those "low level hackers" i mentioned above.
BTW : sorry for the "-" instead of "." in the dll names, but the forum engine thinks i'm trying to post links and refuses my posts if i leave a dot.