//
// Dump the information about one resource directory entry. If the
// entry is for a subdirectory, call the directory dumping routine
// instead of printing information in this routine.
//
void DumpResourceEntry
(
PIMAGE_RESOURCE_DIRECTORY_ENTRY resDirEntry,
DWORD resourceBase,
DWORD level
)
{
UINT i;
char nameBuffer[128];
PIMAGE_RESOURCE_DATA_ENTRY pResDataEntry;
if ( resDirEntry->OffsetToData & IMAGE_RESOURCE_DATA_IS_DIRECTORY )
{
DumpResourceDirectory( (PIMAGE_RESOURCE_DIRECTORY)
((resDirEntry->OffsetToData & 0x7FFFFFFF) + resourceBase),
resourceBase, level, resDirEntry->Name);
return;
}
// Spit out the spacing for the level indentation
for ( i=0; i < level; i++ )
printf(" ");
if ( resDirEntry->Name & IMAGE_RESOURCE_NAME_IS_STRING )
{
GetResourceNameFromId(resDirEntry->Name, resourceBase, nameBuffer,
sizeof(nameBuffer));
printf("Name: %s DataEntryOffs: %08X\n",
nameBuffer, resDirEntry->OffsetToData);
}
else
{
printf("ID: %08X DataEntryOffs: %08X\n",
resDirEntry->Name, resDirEntry->OffsetToData);
}
// the resDirEntry->OffsetToData is a pointer to an
// IMAGE_RESOURCE_DATA_ENTRY. Go dump out that information. First,
// spit out the proper indentation
for ( i=0; i < level; i++ )
printf(" ");
pResDataEntry = (PIMAGE_RESOURCE_DATA_ENTRY)
(resourceBase + resDirEntry->OffsetToData);
printf("DataRVA: %05X DataSize: %05X CodePage: %X\n",
pResDataEntry->OffsetToData, pResDataEntry->Size,
pResDataEntry->CodePage);
}
//
// Top level routine called to dump out the entire resource hierarchy
//
void DumpResourceSection(DWORD base, PIMAGE_NT_HEADERS pNTHeader)
{
DWORD resourcesRVA;
PIMAGE_RESOURCE_DIRECTORY resDir;
resourcesRVA = GetImgDirEntryRVA(pNTHeader, IMAGE_DIRECTORY_ENTRY_RESOURCE);
if ( !resourcesRVA )
return;
resDir = (PIMAGE_RESOURCE_DIRECTORY)
GetPtrFromRVA( resourcesRVA, pNTHeader, base );
if ( !resDir )
return;
printf("Resources (RVA: %X)\n", resourcesRVA );
DumpResourceDirectory(resDir, (DWORD)resDir, 0, 0);
printf( "\n" );
if ( !fShowResources )
return;
if ( cStrResEntries )
{
printf( "String Table\n" );
DumpStringTable( base, pNTHeader, (DWORD)resDir,
pStrResEntries, cStrResEntries );
printf( "\n" );
}
if ( cDlgResEntries )
{
printf( "Dialogs\n" );
DumpDialogs( base, pNTHeader, (DWORD)resDir,
pDlgResEntries, cDlgResEntries );
printf( "\n" );
}
}
int wmain()
{
HMODULE Module;
HANDLE File = { 0 };
BYTE* MappedFile = { 0 };
BYTE* MappedFile_End = { 0 };
HANDLE FileMapping = { 0 };
ULARGE_INTEGER FileSize;
DWORD Error = { 0 };
IMAGE_NT_HEADERS* NtHeaders = { 0 };
IMAGE_DOS_HEADER* DosHeader = { 0 };
size_t OffsetToPE = { 0 };
IMAGE_RESOURCE_DIRECTORY* TopDirectory = { 0 };
ULONG ResourcesSize = { 0 };
Module = LoadLibraryW(L".\\notepad.exe");
if (!EnumResourceTypesW(Module, EnumTypesProc, 0))
{
DWORD Error = GetLastError();
wprintf(L"EnumResourceTypes failed %x\n", Error);
}
FreeLibrary(Module);
File = CreateFileW(L".\\notepad.exe", GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL);
if (INVALID_HANDLE_VALUE == File)
{
Error = GetLastError();
wprintf(L"CreateFile fails with error: %u", Error);
goto Exit;
}
FileSize.LowPart = GetFileSize(File, &FileSize.HighPart);
if ((FileSize.LowPart == -1) && ((Error = GetLastError()) != 0))
{
wprintf(L"GetFileSize failed with error %u\n", Error);
goto Exit;
}
if (FileSize.HighPart != 0)
{
wprintf(L"file too large\n");
goto Exit;
}
if (FileSize.QuadPart <= (sizeof(IMAGE_DOS_HEADER) + sizeof(IMAGE_NT_HEADERS)))
{
wprintf(L"file too small\n");
goto Exit;
}
FileMapping = CreateFileMappingW(File, NULL, PAGE_READONLY, 0, 0, NULL);
if (FileMapping == NULL)
{
Error = GetLastError();
wprintf(L"CreateFileMapping fails with error: %u", Error);
goto Exit;
}
MappedFile = (BYTE*) MapViewOfFile(FileMapping, FILE_MAP_READ, 0, 0, 0);
if (MappedFile == NULL)
goto Exit;
wprintf(L"MappedFile:%p\n", MappedFile);
MappedFile_End = (MappedFile + FileSize.QuadPart);
DosHeader = (IMAGE_DOS_HEADER*) MappedFile;
if (DosHeader->e_magic != IMAGE_DOS_SIGNATURE)
{
wprintf(L"invalid file");
goto Exit;
}
OffsetToPE = DosHeader->e_lfanew;
if (OffsetToPE >= FileSize.QuadPart)
{
wprintf(L"invalid file");
goto Exit;
}
if ((OffsetToPE + sizeof(IMAGE_NT_HEADERS)) >= FileSize.QuadPart)
{
wprintf(L"invalid file");
goto Exit;
}
NtHeaders = (IMAGE_NT_HEADERS*) (MappedFile + OffsetToPE);
if (NtHeaders->Signature != IMAGE_NT_SIGNATURE)
{
wprintf(L"invalid file");
goto Exit;
}
if (NtHeaders->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR_MAGIC)
{
wprintf(L"invalid file");
goto Exit;
}
if (NtHeaders->OptionalHeader.NumberOfRvaAndSizes < IMAGE_DIRECTORY_ENTRY_RESOURCE)
{
wprintf(L"no resources");
goto Exit;
}
if (NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress == 0)
{
wprintf(L"no resources");
goto Exit;
}
if (NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].Size == 0)
{
wprintf(L"no resources");
goto Exit;
}
TopDirectory = (IMAGE_RESOURCE_DIRECTORY*) ImageDirectoryEntryToData(MappedFile, FALSE, IMAGE_DIRECTORY_ENTRY_RESOURCE, &ResourcesSize);
if (TopDirectory == NULL)
{
wprintf(L"no resources");
goto Exit;
}
DumpResourceDirectory(MappedFile, 0, TopDirectory, TopDirectory);
Exit:
if (MappedFile != NULL)
UnmapViewOfFile(MappedFile);
if (FileMapping != NULL)
CloseHandle(FileMapping);
if ((File != NULL) && (File != INVALID_HANDLE_VALUE))
CloseHandle(File);
return 0;
}
void
DumpResourceDirectoryEntry(
BYTE* MappedFile,
size_t Depth,
IMAGE_RESOURCE_DIRECTORY* TopDirectory,
IMAGE_RESOURCE_DIRECTORY* ContainingDirectory,
IMAGE_RESOURCE_DIRECTORY_ENTRY* Entry,
size_t Index
)
{
WCHAR Buffer[20];
IMAGE_RESOURCE_DIR_STRING_U* String = { 0 };
size_t Length = { 0 };
PCWSTR Chars = { 0 };
ULONG OffsetToDirectory = { 0 };
ULONG DataIsDirectory = { 0 };
if (Entry->Name > INT_MAX)
{
String = (IMAGE_RESOURCE_DIR_STRING_U*) ((Entry->Name & INT_MAX) + (BYTE*) TopDirectory);
Chars = String->NameString;
Length = String->Length;
}
else
{
Length = _snwprintf(Buffer, NUMBER_OF(Buffer), L"#%hx", Entry->Name);
Chars = Buffer;
}
if (Length > INT_MAX)
Length = INT_MAX;
DataIsDirectory = (Entry->OffsetToData > INT_MAX);
OffsetToDirectory = (Entry->OffsetToData & INT_MAX);
#if 0 // more verbose
wprintf(
L"%ls[%lx]:%p:%.*ls IsDirectory:%lx Offset:%lx\n",
((Depth != 0) ? GetSpaces(Depth * INDENT) : L"\n"),
((ULONG) Index),
Entry,
((int) Length),
Chars,
(!! DataIsDirectory),
OffsetToDirectory
);
#else
wprintf(
L"%ls%.*ls\n",
GetSpaces(Depth * INDENT),
((int) Length),
Chars
);
#endif
if (DataIsDirectory)
{
DumpResourceDirectory(
MappedFile,
(Depth + 1),
TopDirectory,
(IMAGE_RESOURCE_DIRECTORY*) (OffsetToDirectory + (BYTE*) TopDirectory)
);
}
}
