当前位置:网站首页>Introduction to reverse debugging PE structure resource table 07/07
Introduction to reverse debugging PE structure resource table 07/07
2022-07-04 13:48:00 【51CTO】
Resource table :
PE The related resources in can be located in depth through the program , There is one-to-one correspondence between the obtained binary bytecode and the resource script statement .
These data may be used internally in the source code , such as Menu options 、 Interface description, etc ; It may also be external to the source code , For example, the icon file of the program 、 Background music file 、 To configure Documents, etc. , These data are collectively referred to as resources .
Common resources
The six types of resources commonly used in programs include :
1、 Bitmap resources
2、 cursor resource
3、 Icon resources
4、 Menu resources
5、 Dialog resources
6、 Custom resources
Structure :
IMAGE_RESOURCE_DIRECTORY STRUCT
Characteristics //dd 0000h Resource attribute
TimeDatestamp //dd 0004h Time stamp
MajorVersion //dw 0008h Resource large version number
MinorVersion //dw 0008h Resource minor version number
NumberOfNamedEntries //dw Number of entries named by name
NumberOfIdEntries //dw Number of named entries
IMAGE RESOURCE DIRECTORY ENDS
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
Resource directory structure
typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY {
union {
struct {
DWORD NameOffset : 31; // Resource name offset
DWORD NameIsString : 1; // The resource name is string
};
DWORD Name; // resources / Language type
WORD Id; // Resource numbers ID
};
union {
DWORD OffsetToData; // Data offset address
struct {
DWORD OffsetToDirectory : 31; // Subdirectory offset address
DWORD DataIsDirectory : 1; // Data is directory
};
};
} IMAGE_RESOURCE_DIRECTORY_ENTRY, *PIMAGE_RESOURCE_DIRECTORY_ENTRY;
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
We use tools to experiment
The tools are
1、360zip Program
2、resource hacker Or is it exescope
3、stud_pe
First let's look at PE Resource table
Yes 9 Resource groups
The first resource table
Let's observe
After we have a general understanding of the resource table of the program
Use resource Open the program
We modify the function of the menu
The file will simulate the menu options
Change the first level menu
Open the file in the secondary menu , Change the name
Select compile script
file save as
This document , If you open it directly
We put the files in the program directory
One is genuine , One is our modified program ( shell )
Normal picture
Modified screen
Modification successful .
because PE In the structure, resource tables are set one layer after another . Difficult to analyze manually , So using tools is the best choice .
边栏推荐
- Rsyslog配置及使用教程
- C语言中学生成绩管理系统
- 舔狗舔到最后一无所有(状态机)
- C foundation in-depth learning II
- DGraph: 大规模动态图数据集
- 8 expansion sub packages! Recbole launches 2.0!
- AI painting minimalist tutorial
- 在 Apache 上配置 WebDAV 服务器
- XILINX/system-controller-c/BoardUI/无法连接开发板,任意操作后卡死的解决办法
- Don't turn down, three sentences to clarify the origin of cross domain resource request errors
猜你喜欢
随机推荐
[cloud native | kubernetes] in depth understanding of ingress (12)
mysql三级分销代理关系存储
C#基础深入学习一
Comparative study of the gods in the twilight Era
C语言中学生成绩管理系统
C foundation in-depth learning II
易周金融 | Q1保险行业活跃人数8688.67万人 19家支付机构牌照被注销
在 Apache 上配置 WebDAV 服务器
Introduction to XML III
The only core indicator of high-quality software architecture
Scrapy 框架学习
Oracle was named the champion of Digital Innovation Award by Ventana research
8 expansion sub packages! Recbole launches 2.0!
Interviewer: what is the difference between redis expiration deletion strategy and memory obsolescence strategy?
聊聊支付流程的设计与实现逻辑
Don't turn down, three sentences to clarify the origin of cross domain resource request errors
模块化笔记软件综合评测:Craft、Notion、FlowUs
AI painting minimalist tutorial
C language staff management system
#yyds干货盘点# 解决名企真题:连续最大和