PE资源结构及读取

最新推荐文章于 2021-12-19 13:56:19 发布
原创 最新推荐文章于 2021-12-19 13:56:19 发布 · 2.6k 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#null #exception #dialog #string #microsoft #image

本文深入探讨了Windows可执行文件(PE)的资源结构,包括对话框、字符串、图像等,并详细阐述了如何从PE文件中提取和读取这些资源。通过实例解析,了解微软的资源管理机制,有助于提升对Windows程序逆向分析和二进制修改的理解。

 

PE 资源结构及读取
作者: Sunline               lisunlin0@yahoo.com.cn       2007 7
源代码下载 :http://download.youkuaiyun.com/source/359338   其中的 Source 文件夹中 .

       下面的一些函数是我在学习 PE 结构时参考 Matt Pietrek 的《 A Tour of the Win32 Portable Executable File Format 》和 Microsoft 的《 Visual Studio, Microsoft Portable Executable and Common Object File Format Specification 》以及部分网上的代码所写成的,是研究如何直接读取 PE 资源的一手资料 ( 比如其中的 LoadString LoadAccelerators LoadMenu LoadIcon 函数,没有其它任何可用的参考资料 , VC 调试时跟踪到相应的函数内部,通过汇编代码和自己丰富的想象力才搞清楚的。 ) ,希望可以给研究 PE 格式的朋友一些帮助。其中大部分是自己 Debug 得出的,可能有不妥的地方,敬请斧正。
// ResFunc.cpp
// 描述:
//             从PE文件中取得资源
// 作者:
//             SunLine 2007年07月
// Description:
//             get resources from a pe module
// Authority:
//             Write by Sunline July, 2007
// All rights reserved.
 
 
#include <windows.h>
#include "ResFunc.h"
#include "libc.h"
 
extern "C"
{     
       DWORD __stdcall _SizeofResource(HMODULE hModule, HRSRC hResInfo)
       {
              DWORD dwRet;
              if(hResInfo)
                     dwRet = PIMAGE_RESOURCE_DATA_ENTRY(hResInfo)->Size;
              else
                     dwRet = 0;
              return dwRet;
       }
 
       HGLOBAL __stdcall _LoadResource( HMODULE hModule, HRSRC hResInfo)
       {
              HGLOBAL hRet;
              if(hResInfo)
                     hRet = HGLOBAL((LPBYTE)hModule + PIMAGE_RESOURCE_DATA_ENTRY(hResInfo)->OffsetToData);
              else
                     hRet = NULL;
              return hRet;
       }
 
       LPVOID __stdcall _LockResource(HGLOBAL hResData)
       {
              return (LPVOID)hResData;
       }
 
       HRSRC   __stdcall _FindResourceA( HMODULE hModule, LPCSTR lpName, LPCSTR lpType)
       {
              return _FindResourceExA(hModule, lpType, lpName, 0);
       }
       HRSRC   __stdcall _FindResourceW( HMODULE hModule, LPCWSTR lpName, LPCWSTR lpType)
       {
              return _FindResourceExW(hModule, lpType, lpName, 0);
       }
 
       HRSRC   __stdcall _FindResourceExA(HMODULE hModule, LPCSTR lpType, LPCSTR lpName, WORD wLanguage)
       {
              HRSRC hRsrc = NULL;
              WCHAR wTypeName[MAX_PATH];
              WCHAR wResName[MAX_PATH];
              LPWSTR pwTypeName;
              LPWSTR pwResName;
              if(MAKEINTRESOURCEA(lpType) == lpType)
              {
                     pwTypeName = (LPWSTR)lpType;
              }
              else
              {
                     int nTypeLen = lstrlenA(lpType) + 1;
                     int nUnicodeStrLen = nTypeLen * sizeof(WCHAR);
                     pwTypeName = (LPWSTR)_malloc(nUnicodeStrLen);
                     nUnicodeStrLen = MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, /
                            lpType, nTypeLen, wTypeName, nUnicodeStrLen);
                     pwTypeName = wTypeName;
              }
 
              if(MAKEINTRESOURCEA(lpName) == lpName)
              {
                     pwResName = (LPWSTR)lpName;
              }
              else
              {
                     int nNameLen = lstrlenA(lpName) + 1;
                     int nUnicodeStrLen = nNameLen * sizeof(WCHAR);
                     nUnicodeStrLen = MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, /
                            lpType, nNameLen, wResName, nUnicodeStrLen);
                     pwResName = wResName;
              }
 
              if(pwTypeName && pwResName)
              {
                     hRsrc = _FindResourceExW(hModule, pwTypeName, pwResName, wLanguage);
              }
              else
                     hRsrc = NULL;
              return hRsrc;
       }
 
       HRSRC   __stdcall _FindResourceExW(HMODULE hModule, LPCWSTR lpType, LPCWSTR lpName, WORD wLanguage)
       {
              PIMAGE_RESOURCE_DATA_ENTRY res = NULL;
              if(hModule == NULL)
                     hModule = GetModuleHandleW(NULL);
              if((lpName != 0) && (lpType != 0))
              {
                     if(!hModule)
                            hModule = GetModuleHandleA(NULL);
                     PIMAGE_RESOURCE_DIRECTORY pResDir = PIMAGE_RESOURCE_DIRECTORY( /
                            LPBYTE(hModule) + PIMAGE_NT_HEADERS((LPBYTE)hModule + /
                            PIMAGE_DOS_HEADER(hModule)->e_lfanew)->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress/
                            );
                     ProcRes(res, hModule, LPBYTE(pResDir), pResDir, LEVELE_RESDIR, lpName, lpType, wLanguage);
              }
              return (HRSRC)res;
       }
 
       // Accelerators function
       HACCEL __stdcall _LoadAcceleratorsA( HINSTANCE hInst, LPCSTR lpTableName)
       {
              int nAccItem = 0;
              PACCTABENTRY pAccTabEntry = (PACCTABENTRY)_GetResDataA(hInst, lpTableName, (LPCSTR)RT_ACCELERATOR);
              for(nAccItem = 0; TRUE; nAccItem++)
              {
                     WORD wFlags = pAccTabEntry[nAccItem].fFlags;
                     if(wFlags & 0x80) // The entry is last in an accelerator table.
                     {
                            if(wFlags & 0x60) // 0x60 is binary 01100000, the low 5 bits is legal;
                                   nAccItem = 0;
                            else
                                   nAccItem++;
                            break;
                     }
              }
              LPACCEL lpAcc = (LPACCEL)_malloc(nAccItem * sizeof(ACCEL));
              for(int i = 0; i < nAccItem; i++)
              {
                     //lpAcc[i].fVirt = pAccTabEntry[i].fFlags;
                     //lpAcc[i].key = pAccTabEntry[i].wAnsi;
                     //lpAcc[i].cmd = pAccTabEntry[i].wId;
                     lpAcc[i] = (ACCEL&)(pAccTabEntry[i]);
              }
              HACCEL hRet = CreateAcceleratorTableW(lpAcc, nAccItem);
              return hRet;
       }
 
       HACCEL __stdcall _LoadAcceleratorsW( HINSTANCE hInst, LPCWSTR lpTableName)
       {
              int nAccItem = 0;
              PACCTABENTRY pAccTabEntry = (PACCTABENTRY)_LoadResource((HMODULE)hInst,
                     _FindResourceW(hInst, (LPCWSTR)lpTableName, (LPCWSTR)RT_ACCELERATOR));
              int i;
              for(nAccItem = 0; TRUE; nAccItem++)
              {
                     WORD wFlags = pAccTabEntry[nAccItem].fFlags;
                     if(wFlags & 0x80) // The entry is last in an accelerator table.
                     {
                            if(wFlags & 0x60) // 0x60 is binary 01100000, the low 5 bits is legal;
                                   nAccItem = 0;
                            else
                                   nAccItem++;
                            break;
                     }
              };
              LPACCEL lpAcc = (LPACCEL)_malloc(nAccItem * sizeof(ACCEL));
              for(i = 0; i < nAccItem; i++)
              {
                     //lpAcc[i].fVirt = pAccTabEntry[i].fFlags;
                     //lpAcc[i].key = pAccTabEntry[i].wAnsi;
                     //lpAcc[i].cmd = pAccTabEntry[i].wId;
                     lpAcc[i] = (ACCEL&)(pAccTabEntry[i]);
              }
              return CreateAcceleratorTableW(lpAcc, nAccItem);
       }
 
       BOOL     __stdcall _DestroyAcceleratorTable(HACCEL hAccel)
       {
              if(hAccel)
              {
                     _free(hAccel);
                     return TRUE;
              }
              else
                     return FALSE;
       }
 
       // String functions
       int           __stdcall _LoadStringA(LPVOID hInst, UINT uID, LPSTR lpBuffer, int nBufMax)
       {
              int nLen = 0;
              LPCWSTR lpwStr = 0;
              int nItem = (uID & 0xF);
              PIMAGE_RESOURCE_DATA_ENTRY res = NULL;
              ULONG_PTR uName = (LOWORD(uID)>>4) + 1;
              if((uID != 0) && (lpBuffer != 0) && (nBufMax != 0))
              {
                     PIMAGE_RESOURCE_DIRECTORY pResDir = PIMAGE_RESOURCE_DIRECTORY( /
                            LPBYTE(hInst) + PIMAGE_NT_HEADERS((LPBYTE)hInst + PIMAGE_DOS_HEADER(hInst)->e_lfanew)->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress/
                            );
 
                     if(0 == ProcRes(res, hInst, LPBYTE(pResDir), pResDir, LEVELE_RESDIR, (LPCWSTR)uName, (LPCWSTR)RT_STRING, 0))
                     {
                            PWCHAR lpVoid = PWCHAR((LPBYTE)hInst + res->OffsetToData);
                            while(nItem != 0)
                            {
                                   nItem--;
                                   lpVoid += *(PWORD)lpVoid;
                                   lpVoid++;
                            }
                            // nLen = *PWORD( lpVoid - sizeof(WORD));
                            PUSTR pStr = (PUSTR)lpVoid;
                            if(pStr->wLen <= nBufMax)
                            {
                                   nLen = WideCharToMultiByte(CP_ACP, WC_NO_BEST_FIT_CHARS, pStr->pBuffer, pStr->wLen, lpBuffer, nBufMax, 0, 0);
                                   *((PCHAR)lpBuffer + nLen) = 0;
                            }
                            else
                                   nLen = 0;
                     }
              }
              return nLen;
       }
       int           __stdcall _LoadStringW(LPVOID hInst, UINT uID, LPWSTR lpBuffer, int nBufMax)
       {
              int nLen = 0;
              LPCWSTR lpwStr = 0;
              int nItem = (uID & 0xF);
              PIMAGE_RESOURCE_DATA_ENTRY res = NULL;
              ULONG_PTR uName = (LOWORD(uID)>>4) + 1; // 字符串是以字符串的ID号的16的模来分组的,即GroupId = uID / 16, String order in group = uID % 16
              if((uID != 0) && (lpBuffer != 0) && (nBufMax != 0))
              {
                     PIMAGE_RESOURCE_DIRECTORY pResDir = PIMAGE_RESOURCE_DIRECTORY( /
                            LPBYTE(hInst) + PIMAGE_NT_HEADERS((LPBYTE)hInst + PIMAGE_DOS_HEADER(hInst)->e_lfanew)->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress/
                            );
 
                     if(0 == ProcRes(res, hInst, LPBYTE(pResDir), pResDir, LEVELE_RESDIR, (LPCWSTR)uName, (LPCWSTR)RT_STRING, 0))
                     {
                            PWCHAR lpVoid = PWCHAR((LPBYTE)hInst + res->OffsetToData);
                            while(nItem != 0)
                            {
                                   nItem--;
                                   lpVoid += *(PWORD)lpVoid;
                                   lpVoid++;
                            }
                            //nLen = *PWORD( lpVoid - sizeof(WORD));
                            PUSTR pStr = (PUSTR)lpVoid;
                            if(pStr->wLen <= nBufMax)
                            {
                                   nLen = pStr->wLen;
                                   lstrcpyW((LPWSTR)lpBuffer, pStr->pBuffer);
                                   *((PWCHAR)lpBuffer + nLen) = 0; // Write 0 to the trail
                            }
                            else
                                   nLen = 0;
                     }
              }
              return nLen;
       }
 
       // ICON, Cursor and other image functions
       // 使用ResourceHack.exe查看生成的ICON组,可以发现ICON是首先按 颜色升序,然后按 图标大小 降序来排列的
       //
       int           __stdcall _LookupIconIdFromDirectory( PBYTE presbits, BOOL fIcon)
       {
              if(!presbits)
                     return 0;
              int nRet = 0;
              int cx_icon = GetSystemMetrics(SM_CXICON);
              int cy_icon = GetSystemMetrics(SM_CYICON);
              unsigned int dmBitsPerPel;
              DEVMODE dvm;
              BOOL bRet = EnumDisplaySettings(NULL,ENUM_CURRENT_SETTINGS,&dvm);
              dmBitsPerPel = dvm.dmBitsPerPel;
              PRESICONCURSORHEADER pIconCursorHeader = (PRESICONCURSORHEADER)presbits;
              int nItemCount = pIconCursorHeader->wItemCount;
              PRESDIR pResDir = 0;
              PRESDIR pRetResDir = 0;
              pResDir = pRetResDir = (PRESDIR)(presbits + sizeof(RESICONCURSORHEADER));
              if(fIcon) // lookup for icon
              {
                     for( ; nItemCount > 0; nItemCount--)
                     {
                            unsigned int n;
                            n = dmBitsPerPel - pResDir->ResInfo.Icon.ColorCount;
                            if((n > 0) && ((pResDir->ResInfo.Icon.ColorCount - pRetResDir->ResInfo.Icon.ColorCount) > 0))
                            {
                                   n = cx_icon - pResDir->ResInfo.Icon.Width;
                                   if((n >= 0) && ((pResDir->ResInfo.Icon.Width - pRetResDir->ResInfo.Icon.Width) >= 0))
                                   {
                                          n = cy_icon - pResDir->ResInfo.Icon.Height;
                                          if(n >= 0)
                                          {
                                                 pRetResDir = pResDir;
                                          }
                                   }
                            }
                            else if(n == 0)
                            {
                                   n = cx_icon - pResDir->ResInfo.Icon.Width;
                                   if((n >= 0) && ((pResDir->ResInfo.Icon.Width - pRetResDir->ResInfo.Icon.Width) >= 0))
                                   {
                                          n = cy_icon - pResDir->ResInfo.Icon.Height;
                                          if(n >= 0)
                                          {
                                                 pRetResDir = pResDir;
                                          }
                                   }
                            }
                            pResDir++;
                     }
              }
              else // lookup for cursor
              {
                     for( ; nItemCount > 0; nItemCount--)
                     {
                            unsigned int n;
                            n = cx_icon - pResDir->ResInfo.Cursor.Width;
                            if((n > 0) && ((pResDir->ResInfo.Cursor.Width - pRetResDir->ResInfo.Cursor.Width) > 0))
                            {
                                   n = cy_icon - pResDir->ResInfo.Cursor.Height;
                                   if(n >= 0)
                                   {
                                          pRetResDir = pResDir;
                                   }
                            }
                            else if(n == 0)
                            {
                                   n = cy_icon - pResDir->ResInfo.Cursor.Height;
                                   if(n >= 0)
                                   {
                                          pRetResDir = pResDir;
                                   }
                            }
                            pResDir++;
                     }
              }
              nRet = pRetResDir->IconCursorId;
              return nRet;
       }
 
       HICON   __stdcall _LoadIconA( HINSTANCE hInst, LPCSTR lpIconName)
       {
              HICON hIcon;
              HRSRC   hRsrc = NULL;
              HGLOBAL      hGlobal = NULL;
              LPVOID lpRes = NULL;
              int        nID;
              if(lpIconName > (LPCSTR)0x8000)
                     hIcon = LoadIconA(hInst, lpIconName);
              else
              {
                     if( (lpRes = _GetResDataA(hInst, lpIconName, (LPCSTR)RT_GROUP_ICON)) == NULL)
                            return NULL;
                     nID = _LookupIconIdFromDirectory( (PBYTE)lpRes, TRUE );
                     if( (hRsrc = _FindResourceA( hInst, MAKEINTRESOURCEA(nID), (LPCSTR)RT_ICON )) == NULL )
                            return NULL;
                     if( (hGlobal = _LoadResource( hInst, hRsrc )) == NULL )
                            return NULL;
                     if( (lpRes = _LockResource(hGlobal)) == NULL )
                            return NULL;
                     hIcon = CreateIconFromResource( (PBYTE)lpRes, _SizeofResource(hInst, hRsrc), TRUE, 0x00030000 );
              }
              return hIcon;
       }
 
       HICON   __stdcall _LoadIconW( HINSTANCE hInst, LPCWSTR lpIconName)
       {
              HICON hIcon;
              HRSRC   hRsrc = NULL;
              HGLOBAL      hGlobal = NULL;
              LPVOID lpRes = NULL;
              int        nID;
              if(lpIconName > (LPCWSTR)0x8000)
                     hIcon = LoadIconW(hInst, lpIconName);
              else
              {
                     if( (lpRes = _GetResDataW(hInst, lpIconName, RT_GROUP_ICON)) == NULL)
                            return NULL;
                     nID = _LookupIconIdFromDirectory( (PBYTE)lpRes, TRUE );
                     if( (hRsrc = _FindResourceW( hInst, MAKEINTRESOURCEW(nID), (LPCWSTR)RT_ICON )) == NULL )
                            return NULL;
                     if( (hGlobal = _LoadResource( hInst, hRsrc )) == NULL )
                            return NULL;
                     if( (lpRes = _LockResource(hGlobal)) == NULL )
                            return NULL;
                     hIcon = CreateIconFromResource( (PBYTE)lpRes, _SizeofResource(hInst, hRsrc), TRUE, 0x00030000 );
              }
              return hIcon;
       }
 
       BOOL     __stdcall _DestroyIcon(HICON hIcon)
       {
              return DestroyIcon(hIcon);
       }
 
       HCURSOR __stdcall _LoadCursorA(HINSTANCE hInst, LPCSTR lpCursorName)
       {
              HCURSOR hCursor;
              HRSRC   hRsrc = NULL;
              HGLOBAL      hGlobal = NULL;
              LPVOID lpRes = NULL;
              int        nID;
              if(lpCursorName > (LPCSTR)0x1000)
                     hCursor = LoadCursorA(hInst, lpCursorName);
              else
              {
                     if( (lpRes = _GetResDataA(hInst, lpCursorName, (LPCSTR)RT_GROUP_CURSOR)) == NULL )
                            return NULL;
 
                     nID = _LookupIconIdFromDirectory( (PBYTE)lpRes, FALSE );
                     if( (hRsrc = _FindResourceA( hInst, MAKEINTRESOURCEA(nID), (LPCSTR)RT_CURSOR)) == NULL )
                            return NULL;
                     if( (hGlobal = _LoadResource( hInst, hRsrc )) == NULL )
                            return NULL;
                     if( (lpRes = _LockResource(hGlobal)) == NULL )
                            return NULL;
                     hCursor = CreateIconFromResource( (PBYTE)lpRes, _SizeofResource(hInst,hRsrc), FALSE, 0x00030000 );
              }
              return hCursor;
       }
 
       HCURSOR __stdcall _LoadCursorW(HINSTANCE hInst, LPCWSTR lpCursorName)
       {
              HCURSOR hCursor;
              HRSRC   hRsrc = NULL;
              HGLOBAL      hGlobal = NULL;
              LPVOID lpRes = NULL;
              int        nID;
              if(lpCursorName > (LPCWSTR)0x1000)
                     hCursor = LoadCursorW(hInst, lpCursorName);
              else
              {
                     if( (lpRes = _GetResDataW(hInst, lpCursorName, RT_GROUP_CURSOR)) == NULL )
                            return NULL;
 
                     nID = _LookupIconIdFromDirectory( (PBYTE)lpRes, FALSE );
                     if( (hRsrc = _FindResourceW( hInst, MAKEINTRESOURCEW(nID), (LPCWSTR)RT_CURSOR)) == NULL )
                            return NULL;
                     if( (hGlobal = _LoadResource( hInst, hRsrc )) == NULL )
                            return NULL;
                     if( (lpRes = _LockResource(hGlobal)) == NULL )
                            return NULL;
                     hCursor = CreateIconFromResource( (PBYTE)lpRes, _SizeofResource(hInst,hRsrc), FALSE, 0x00030000 );
              }
              return hCursor;
       }
 
       BOOL     __stdcall _DestroyCursor(HCURSOR hCursor)
       {
              return DestroyCursor(hCursor);
       }
 
       HBITMAP __stdcall _LoadBitmapA( HINSTANCE hInst, LPCSTR lpBitmapName)
       {
              HBITMAP hRet = NULL;
              BITMAP *pBitMap;
              HGLOBAL hResData = _GetResDataA(hInst, lpBitmapName, (LPCSTR)RT_BITMAP);
              if(hResData)
              {
                     pBitMap = (BITMAP *)_LockResource(hResData);
                     hRet = CreateBitmapIndirect(pBitMap);
              }
              return hRet;
       }
 
       HBITMAP __stdcall _LoadBitmapW( HINSTANCE hInst, LPCWSTR lpBitmapName)
       {
              HBITMAP hRet;
              BITMAP *pBitMap = (BITMAP *)_GetResDataW(hInst, lpBitmapName, RT_BITMAP);
              if(pBitMap)
                     hRet = CreateBitmapIndirect(pBitMap);
              else
                     hRet = NULL;
              return hRet;
       }
 
       BOOL     __stdcall _DeleteObject(HGDIOBJ hObject)
       {
              return DeleteObject(hObject);
       }
 
       // Memu functions
       HMENU __stdcall _LoadMenuA( HINSTANCE hInst, LPCSTR lpMenuName)
       {
              HMENU hMenu = NULL;
              MENUTEMPLATEW *pMemnuTemplate = (MENUTEMPLATEW *)_GetResDataA(hInst, lpMenuName, (LPCSTR)RT_MENU);
              if(pMemnuTemplate)
                     hMenu = LoadMenuIndirectA(pMemnuTemplate);
              return hMenu;
       }
 
       HMENU __stdcall _LoadMenuW( HINSTANCE hInst, LPCWSTR lpMenuName)
       {
              HMENU hMenu = NULL;
              MENUTEMPLATEW *pMemnuTemplate = (MENUTEMPLATEW *)_GetResDataW(hInst, lpMenuName, RT_MENU);
              if(pMemnuTemplate)
                     hMenu = LoadMenuIndirectW(pMemnuTemplate);
              return hMenu;
       }
 
       BOOL     __stdcall _DestroyMenu(HMENU hMenu)
       {
              return DestroyMenu(hMenu);
       }
 
       // Dialog functions
       HWND WINAPI _CreateDialogParamA( HINSTANCE hInst, LPCSTR lpTemplateName, HWND hWndParent,
              DLGPROC lpDialogFunc, LPARAM dwInitParam)
       {
              HWND hWnd = 0;
              LPCDLGTEMPLATEA pDlgTemplate = (LPCDLGTEMPLATEA)_GetResDataA(hInst, lpTemplateName, (LPCSTR)RT_DIALOG);
              if(pDlgTemplate)
                     hWnd = CreateDialogIndirectParamA(hInst, pDlgTemplate,       hWndParent, lpDialogFunc, dwInitParam);
              return hWnd;
       }
 
       HWND WINAPI _CreateDialogParamW( HINSTANCE hInst, LPCWSTR lpTemplateName, HWND hWndParent,
              DLGPROC lpDialogFunc, LPARAM dwInitParam)
       {
              HWND hWnd = 0;
              LPCDLGTEMPLATEW pDlgTemplate = (LPCDLGTEMPLATEW)_GetResDataW(hInst, lpTemplateName, (LPCWSTR)RT_DIALOG);
              if(pDlgTemplate)
                     hWnd = CreateDialogIndirectParamW(hInst, pDlgTemplate,      hWndParent, lpDialogFunc, dwInitParam);
              return hWnd;
       }
 
       INT_PTR __stdcall _DialogBoxParamA( HINSTANCE hInst, LPCSTR lpTemplateName, /
              HWND hWndParent, DLGPROC lpDialogFunc, LPARAM dwInitParam)
       {
              INT_PTR hWnd = 0;
              LPCDLGTEMPLATEA pDlgTemplate = (LPCDLGTEMPLATEA)_GetResDataA(hInst, lpTemplateName, (LPCSTR)RT_DIALOG);
              if(pDlgTemplate)
                     hWnd = DialogBoxIndirectParamA(hInst, pDlgTemplate, hWndParent, lpDialogFunc, dwInitParam);
              return hWnd;
       }
 
       INT_PTR __stdcall _DialogBoxParamW( HINSTANCE hInst, LPCWSTR lpTemplateName, /
              HWND hWndParent, DLGPROC lpDialogFunc, LPARAM dwInitParam)
       {
              INT_PTR hWnd = 0;
              LPCDLGTEMPLATEW pDlgTemplate = (LPCDLGTEMPLATEW)_GetResDataW(hInst, lpTemplateName, (LPCWSTR)RT_DIALOG);
              if(pDlgTemplate)
                     hWnd = DialogBoxIndirectParamW(hInst, pDlgTemplate, hWndParent, lpDialogFunc, dwInitParam);
              return hWnd;
       }
 
       // some assist functions
       int           __stdcall ProcRes(PIMAGE_RESOURCE_DATA_ENTRY &lpSResource,LPVOID lpFile, LPVOID lpResBase, /
              PIMAGE_RESOURCE_DIRECTORY lpResDir, int dwLevel, LPCWSTR lpResName, LPCWSTR lpResType, WORD wLanguage)
       {
              int nRet = ERROR_UNKNOW;
              __try
              {
                     PIMAGE_RESOURCE_DIRECTORY pResDir = lpResDir;
                     WORD nResCount = pResDir->NumberOfIdEntries + pResDir->NumberOfNamedEntries;
                     PIMAGE_RESOURCE_DIRECTORY_ENTRY pResDirEntry = PIMAGE_RESOURCE_DIRECTORY_ENTRY((LPBYTE)pResDir + sizeof(IMAGE_RESOURCE_DIRECTORY));
                     nRet = ERROR_NORES;
                     while(nResCount != 0)
                     {
                            if(pResDirEntry->DataIsDirectory)
                            {
                                   PIMAGE_RESOURCE_DIRECTORY lpSubResDir = PIMAGE_RESOURCE_DIRECTORY((LPBYTE)lpResBase + pResDirEntry->OffsetToDirectory);
                                   if(dwLevel == LEVELE_RESDIR)
                                   {
                                          if(pResDirEntry->NameIsString)
                                          {
                                                 PIMAGE_RESOURCE_DIR_STRING_U lpName = PIMAGE_RESOURCE_DIR_STRING_U((LPBYTE)lpResBase + pResDirEntry->NameOffset);
                                                 WORD nLen = lpName->Length;
                                                 PWCHAR pwStr = lpName->NameString;                                     
                                                 if((_CmpNameW((LPCWSTR)lpResType, pwStr) == 0))
                                                        nRet = ProcRes(lpSResource,lpFile, lpResBase, lpSubResDir, LEVELE_RESITEM, lpResName, lpResType, wLanguage);                
                                          }
                                          else
                                          {
                                                 if( 0 == ((LPBYTE)lpResType - pResDirEntry->Name))
                                                        nRet = ProcRes(lpSResource,lpFile, lpResBase, lpSubResDir, LEVELE_RESITEM, lpResName, lpResType, wLanguage);
                                          }
                                   }
                                   else if(dwLevel == LEVELE_RESITEM)
                                   {
                                          if(pResDirEntry->NameIsString)   // 以字符串方式命名
                                          {
                                                 PIMAGE_RESOURCE_DIR_STRING_U lpName = PIMAGE_RESOURCE_DIR_STRING_U((LPBYTE)lpResBase + pResDirEntry->NameOffset);
                                                 WORD nLen = lpName->Length;
                                                 PWCHAR pwStr = lpName->NameString;
                                                 if( 0 == _CmpNameW((LPCWSTR)lpName, pwStr))
                                                        nRet = ProcRes(lpSResource,lpFile, lpResBase, lpSubResDir, LEVELE_RES, lpResName, lpResType, wLanguage);
                                          }
                                          else         // 以ID方式命名
                                          {
                                                 if( 0 == ((LPBYTE)lpResName - pResDirEntry->Name))
                                                        nRet = ProcRes(lpSResource,lpFile, lpResBase, lpSubResDir, LEVELE_RES, lpResName, lpResType, wLanguage);
                                          }
                                   }
                                   else
                                   {
                                          nRet = ERROR_UNKNOW;
                                          break;     // error
                                   }
                            }
                            else         // dwLevel == LEVELE_RES
                            {
                                   lpSResource = PIMAGE_RESOURCE_DATA_ENTRY((LPBYTE)lpResBase + pResDirEntry->OffsetToData);
                                   if(wLanguage != 0)
                                   {
                                          if(lpSResource->CodePage == (UINT)wLanguage)
                                          {
                                                 nRet = ERROR_SUCCESS;
                                          }
                                          else
                                                 nRet = ERROR_LANGUAGE;
                                   }
                                   else // wLanguage == 0 , ignore the langue type
                                   {
                                          nRet = ERROR_SUCCESS;
                                   }
                            }
                            if(nRet == ERROR_SUCCESS)                               
                                   break;                         
                            pResDirEntry++;
                            nResCount--;
                     }
              }
              __except(EXCEPTION_EXECUTE_HANDLER)
              {
                     nRet = ERROR_UNKNOW;
              }
              return nRet;
       }
 
       //LPVOID __stdcall GetResW(LPVOID hInst, LPCWSTR lpName, LPCWSTR lpType)
       //{
       //     //RESOURCE res = {0, 0};
       //     PIMAGE_RESOURCE_DATA_ENTRY res;
       //     if((lpName != 0) && (lpType != 0))
       //     {
       //            PIMAGE_RESOURCE_DIRECTORY pResDir = PIMAGE_RESOURCE_DIRECTORY( /
       //                   LPBYTE(hInst) + PIMAGE_NT_HEADERS((LPBYTE)hInst + PIMAGE_DOS_HEADER(hInst)->e_lfanew)->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress/
       //                   );
       //            ProcRes(res, hInst, LPBYTE(pResDir), pResDir, LEVELE_RESDIR, lpName, lpType, 0);
       //     }
       //     return (LPBYTE)hInst + res->OffsetToData;
       //}
       // common resource functions
       // Accelerators function
       // ICON, Cursor and other image functions
       BOOL     __stdcall IsStringA(LPCSTR lpcStr)
       {
              BOOL fRet;
              /* version 1 */
              //SYSTEM_INFO SystemInfo;
              //GetSystemInfo(&SystemInfo);
              //if((lpString > SystemInfo.lpMinimumApplicationAddress) && (lpString < SystemInfo.lpMaximumApplicationAddress))
              //{
              //     fRet = TRUE;
              //}
              //else
              //     fRet = FALSE;
 
              /* version 2 */
              //if( ((LOWORD)lpcStr != 0) && ((ULONG_PTR)lpcStr >> (8*sizeof(WORD)) )
              //     fRet = TRUE;
              //else
              //     fRet = FALSE;
 
              /* version 3 */
              __try
              {
                     while(*lpcStr);
                     fRet = TRUE;
              }
              __except(EXCEPTION_EXECUTE_HANDLER)
              {
                     fRet = FALSE;
              }
              return fRet;
       }
       BOOL     __stdcall IsStringW(LPCWSTR lpcwStr)
       {
              BOOL fRet;
              /* version 1 */
              //SYSTEM_INFO SystemInfo;
              //GetSystemInfo(&SystemInfo);
              //if((lpString > SystemInfo.lpMinimumApplicationAddress) && (lpString < SystemInfo.lpMaximumApplicationAddress))
              //{
              //     fRet = TRUE;
              //}
              //else
              //     fRet = FALSE;
 
              /* version 2 */
              //if( ((LOWORD)lpcStr != 0) && ((ULONG_PTR)lpcStr >> (8*sizeof(WORD)) )
              //     fRet = TRUE;
              //else
              //     fRet = FALSE;
 
              /* version 3 */
              __try
              {
                     while(*lpcwStr);
                     fRet = TRUE;
              }
              __except(EXCEPTION_EXECUTE_HANDLER)
              {
                     fRet = FALSE;
              }
              return fRet;
       }
 
       int           __stdcall _CmpNameW(LPCWSTR lpName1, LPCWSTR lpName2)
       {
              int nRet = 1;
              __try
              {
                     while( *lpName1 & *lpName2)
                     {
                            nRet = *lpName1 - *lpName2;
                            lpName1++;
                            lpName2++;
                     }
              }
              __except(EXCEPTION_EXECUTE_HANDLER)
              {
                     nRet = 1;
              }
              return nRet;
       }
}
 
sunlin7
关注
Windows PE资源表编程(枚举资源树)
天使也掉毛
02-08 2263
资源枚举     写一个例子,枚举一个PE文件的资源表。首先说下资源相关的作为铺垫。 1.资源类型也是PE可选头中数据目录的一种。位于第三个类型。 2.资源目录分为三层。第四层是描述文件相关的。这些结构是按照二叉排序树的结构存的。每一个节点都可以看成是一段连续的数据块(1个资源目录头+n个资源目录项)。 3.整体基本结构: OK,基础知识就简单说这些。如果还是
25. PE结构-PE详解之资源
墨痕诉清风的博客
03-05 1364
资源结构 资源PE 文件中非常重要的部分,几乎所有的PE 文件中都包含着资源,与导入表和导出表相比,资源的组织方式要复杂很多,其实我们只要看下图就知道俺所言不虚。 分3级:1 资源类型 ,2 资源ID, 3 资源代码页, 4 最后指向资源 我们知道我们的资源有很多种类型,每种类型的资源中可能存在多个资源项,这些资源项用不同的ID 或者名称来区分。但是要将这么多种类型的不同ID 的资源有...
PE-资源
megaparsec
12-19 2243
PE资源PE中的相关资源可以通过程序进行深度定位,所获取的二进制字节码与资源脚本语句之间是一一对应的这些数据可能是源代码内部需要用到的常景,比如 菜单选项、界面描述等;也可能是源代码外部的,比如程序的图标文件、背景音乐文件、配置 文件等,以上这些数据统称为资源
PE资源查看工具 最好用
12-17
详细的 PE文件头信息、资源、数据目录,可编辑重定位信息,资源,等,支持修改后保存
PE资源分析
03-21 1405
PE资源分析_备忘(假设文件以Image形式影射):1,得到IMAGE_NT_HEADERS2,得到第一个Section ==>pSection=IMAGE_FIRST_SECTION(pNtHeader);3,得到.rsrc ==> pResSection++; where pResSection->Name==".rsrc"4,得到PIMAGE_RESOURCE_DIRECTORY resDi
PE资源结构读取.txt
06-21
下面将详细阐述PE资源结构的基本概念、组成部分以及如何读取这些资源。 ### PE资源结构 PE资源结构PE文件格式中一个重要的组成部分,它用于存储应用程序的各种资源,如图标、菜单、位图、字符串表、对话框模板等...
pdf格式Pe文件结构图及工具源码,pe文件结构详解,C,C++
09-10
PDF格式的PE文件结构图及工具源码是一个深入解析PE(Portable Executable)文件格式的资源,涵盖了C和C++编程语言的相关知识。PE文件格式是Windows操作系统中用于执行程序和动态链接库(DLLs)的主要文件格式。下面...
PE资源结构解析与读取代码详解
"该资源是一个关于PE(Portable Executable)文件格式的文档,主要涉及PE文件中的资源结构以及如何读取这些资源。作者Sunline提供了部分代码实现,包括SizeofResource、LoadResource和LockResource等函数,用于获取...
pe文件解析:读取pe信息获取文件资源(源码)
03-01
这篇源码主要涉及的是如何解析PE文件并获取其中的资源信息。在Windows系统中,无论是可执行程序(EXE)、动态链接库(DLL)还是驱动程序(SYS),它们都遵循PE文件格式。下面将详细讨论PE文件结构以及解析过程。 1....
rs.rar_PE 资源_PE资源_pe文件_rs
09-23
标题"rs.rar_PE资源_PE资源_pe文件_rs"暗示我们关注的是与PE文件资源相关的操作,特别是涉及"rs"的某个过程或工具。"rs"可能是指资源脚本(Resource Script)或者某种特定的资源操作。在这个场景下,它可能是用于...
PE文件资源修改工具包
09-03
PE文件资源修改工具,可修改PE文件的各种资源:字符串、图片等。含有使用Resource Hacker工具
获取PE文件的导入表
04-02
获取PE文件的导入表中模块和API信息的源代码
PE--资源
SUNE__学无止境
05-24 556
本来该用递归来写的,奈何总是写不出来,所以写了一个遍历3层结构的程序。以后来写递归的 VOID _GetResourceInfo1(PVOID pFileBuffer) { PIMAGE_DOS_HEADER pDosHeader = NULL; PIMAGE_NT_HEADERS pNtHeaders = NULL; PIMAGE_RESOURCE_DIRECTORY_
PE文件解析之资源表解析
zhang14916的博客
12-19 1367
根据PE文件格式我们可以快速找到目录表数组位置,在目录表数组中我们可以找到资源表在哪里 我们看出资源表位置为0x4000,大小为0xb20。 资源表所对应数据结构IMAGE_RESOURCE_DIRECTORY typedef struct _IMAGE_RESOURCE_DIRECTORY {           DWORD   Characteristics;         ...
PE文件资源解析(二)图标资源的解析
老狼的专栏
04-21 756
EnumResourceLanguages回调函数里面涵盖了我们所需要的几个参数信息,定义如下: BOOL CALLBACK EnumResourceLanguagesProc( HMODULE hModule,//PE文件实例句柄 LPCSTR lpType, //资源类型 LPCSTR lpName, //资源名称 WORD wLa...
分析pe文件资源(学习)
多媒体编程、网络编程、系统编程、网络安全编程、驱动编程
07-02 1264
PE文件,全称Portable       Executable文件,是Windows系统可执行文件采用的普遍格式,像我们平时接触的EXE、DLL、OCX,甚至SYS文件都属于PE文件的范畴。为了在可执行文件中方便的引用其它类型资源内容,PE文件有一个独立的资源段,将程序执行所需要的全部资源文件链接到PE文件内部方便使用。今天我们就来研究一下PE文件资源段的内容与格式。 在研究PE文件资源
PE文件资源简介
weixin_43575859的博客
03-15 567
PE文件中的资源部分占PE文件很大的一个比例,资源包括光标,位图,菜单等等还有十几种标准类型,处理标准类型还有自定义类型。资源的组织方式很像磁盘目录的组织的方式,或者说像数据结构中的树型结构PE文件中资源的组织方式如下图: 从上图可以看到资源块是由很多种结构组成的,第一层目录也就是根目录的第一个结构是一个IMAGE_RESOURCE_DIRECTORY结构,它也就是IMAGE_OPTION...
PE总结13 --PE文件结构之 解析资源
oBuYiSeng的博客
12-11 2829
// 资源表2.cpp : 定义控制台应用程序的入口点。 // #include "stdafx.h" #include #include #include DWORD RVA2Offset(DWORD dwRva, PIMAGE_NT_HEADERS32 pNt) { DWORD dwOffset = 0; PIMAGE_SECTION_HEADER pSection = I
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值