当前位置:网站首页>Introduction to reverse debugging PE structure resource table 07/07
Introduction to reverse debugging PE structure resource table 07/07
2022-07-04 13:48:00 【51CTO】
Resource table :
PE The related resources in can be located in depth through the program , There is one-to-one correspondence between the obtained binary bytecode and the resource script statement .
These data may be used internally in the source code , such as Menu options 、 Interface description, etc ; It may also be external to the source code , For example, the icon file of the program 、 Background music file 、 To configure Documents, etc. , These data are collectively referred to as resources .
Common resources
The six types of resources commonly used in programs include :
1、 Bitmap resources
2、 cursor resource
3、 Icon resources
4、 Menu resources
5、 Dialog resources
6、 Custom resources
Structure :
IMAGE_RESOURCE_DIRECTORY STRUCT
Characteristics //dd 0000h Resource attribute
TimeDatestamp //dd 0004h Time stamp
MajorVersion //dw 0008h Resource large version number
MinorVersion //dw 0008h Resource minor version number
NumberOfNamedEntries //dw Number of entries named by name
NumberOfIdEntries //dw Number of named entries
IMAGE RESOURCE DIRECTORY ENDS
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
Resource directory structure
typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY {
union {
struct {
DWORD NameOffset : 31; // Resource name offset
DWORD NameIsString : 1; // The resource name is string
};
DWORD Name; // resources / Language type
WORD Id; // Resource numbers ID
};
union {
DWORD OffsetToData; // Data offset address
struct {
DWORD OffsetToDirectory : 31; // Subdirectory offset address
DWORD DataIsDirectory : 1; // Data is directory
};
};
} IMAGE_RESOURCE_DIRECTORY_ENTRY, *PIMAGE_RESOURCE_DIRECTORY_ENTRY;
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
We use tools to experiment
The tools are
1、360zip Program
2、resource hacker Or is it exescope
3、stud_pe
First let's look at PE Resource table
Yes 9 Resource groups
The first resource table
Let's observe
After we have a general understanding of the resource table of the program
Use resource Open the program
We modify the function of the menu
The file will simulate the menu options
Change the first level menu
Open the file in the secondary menu , Change the name
Select compile script
file save as
This document , If you open it directly
We put the files in the program directory
One is genuine , One is our modified program ( shell )
Normal picture
Modified screen
Modification successful .
because PE In the structure, resource tables are set one layer after another . Difficult to analyze manually , So using tools is the best choice .
边栏推荐
- [FAQ] summary of common causes and solutions of Huawei account service error 907135701
- remount of the / superblock failed: Permission denied
- AI painting minimalist tutorial
- [cloud native | kubernetes] in depth understanding of ingress (12)
- C#基础深入学习二
- C语言中学生成绩管理系统
- Meituan Ali's Application Practice on multimodal recall
- XML入门二
- The old-fashioned synchronized lock optimization will make it clear to you at once!
- C语言职工管理系统
猜你喜欢
8 expansion sub packages! Recbole launches 2.0!
When MDK uses precompiler in header file, ifdef is invalid
字节面试算法题
光环效应——谁说头上有光的就算英雄
Zhongang Mining: in order to ensure sufficient supply of fluorite, it is imperative to open source and save flow
高效!用虚拟用户搭建FTP工作环境
2022年中国移动阅读市场年度综合分析
诸神黄昏时代的对比学习
高质量软件架构的唯一核心指标
CANN算子:利用迭代器高效实现Tensor数据切割分块处理
随机推荐
It is six orders of magnitude faster than the quantum chemical method. An adiabatic artificial neural network method based on adiabatic state can accelerate the simulation of dual nitrogen benzene der
Personalized online cloud database hybrid optimization system | SIGMOD 2022 selected papers interpretation
易周金融 | Q1保险行业活跃人数8688.67万人 19家支付机构牌照被注销
C语言小型商品管理系统
Rsyslog配置及使用教程
动画与过渡效果
C语言程序设计选题参考
#yyds干货盘点# 解决名企真题:连续最大和
C foundation in-depth learning II
Building intelligent gray-scale data system from 0 to 1: Taking vivo game center as an example
C语言中学生成绩管理系统
CVPR 2022 | transfusion: Lidar camera fusion for 3D target detection with transformer
三星量产3纳米产品引台媒关注:能否短期提高投入产出率是与台积电竞争关键
「小技巧」给Seurat对象瘦瘦身
MySQL45讲——学习极客时间MySQL实战45讲笔记—— 06 | 全局锁和表锁_给表加个字段怎么有这么多阻碍
在 Apache 上配置 WebDAV 服务器
CVPR 2022 | TransFusion:用Transformer进行3D目标检测的激光雷达-相机融合
Commvault 和 Oracle 合作,在 Oracle 云上提供 Metallic数据管理即服务
Meituan Ali's Application Practice on multimodal recall
读《认知觉醒》