当前位置:网站首页>Introduction to reverse debugging PE structure resource table 07/07
Introduction to reverse debugging PE structure resource table 07/07
2022-07-04 13:48:00 【51CTO】
Resource table :
PE The related resources in can be located in depth through the program , There is one-to-one correspondence between the obtained binary bytecode and the resource script statement .
These data may be used internally in the source code , such as Menu options 、 Interface description, etc ; It may also be external to the source code , For example, the icon file of the program 、 Background music file 、 To configure Documents, etc. , These data are collectively referred to as resources .
Common resources
The six types of resources commonly used in programs include :
1、 Bitmap resources
2、 cursor resource
3、 Icon resources
4、 Menu resources
5、 Dialog resources
6、 Custom resources
Structure :
IMAGE_RESOURCE_DIRECTORY STRUCT
Characteristics //dd 0000h Resource attribute
TimeDatestamp //dd 0004h Time stamp
MajorVersion //dw 0008h Resource large version number
MinorVersion //dw 0008h Resource minor version number
NumberOfNamedEntries //dw Number of entries named by name
NumberOfIdEntries //dw Number of named entries
IMAGE RESOURCE DIRECTORY ENDS
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
Resource directory structure
typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY {
union {
struct {
DWORD NameOffset : 31; // Resource name offset
DWORD NameIsString : 1; // The resource name is string
};
DWORD Name; // resources / Language type
WORD Id; // Resource numbers ID
};
union {
DWORD OffsetToData; // Data offset address
struct {
DWORD OffsetToDirectory : 31; // Subdirectory offset address
DWORD DataIsDirectory : 1; // Data is directory
};
};
} IMAGE_RESOURCE_DIRECTORY_ENTRY, *PIMAGE_RESOURCE_DIRECTORY_ENTRY;
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
We use tools to experiment
The tools are
1、360zip Program
2、resource hacker Or is it exescope
3、stud_pe
First let's look at PE Resource table
Yes 9 Resource groups
The first resource table
Let's observe
After we have a general understanding of the resource table of the program
Use resource Open the program
We modify the function of the menu
The file will simulate the menu options
Change the first level menu
Open the file in the secondary menu , Change the name
Select compile script
file save as
This document , If you open it directly
We put the files in the program directory
One is genuine , One is our modified program ( shell )
Normal picture
Modified screen
Modification successful .
because PE In the structure, resource tables are set one layer after another . Difficult to analyze manually , So using tools is the best choice .
边栏推荐
- 7 月数据库排行榜:MongoDB 和 Oracle 分数下降最多
- DGraph: 大规模动态图数据集
- 【AI系统前沿动态第40期】Hinton:我的深度学习生涯与研究心法;Google辟谣放弃TensorFlow;封神框架正式开源
- C语言小型商品管理系统
- 模块化笔记软件综合评测:Craft、Notion、FlowUs
- Using nsproxy to forward messages
- Use fail2ban to prevent password attempts
- 提高MySQL深分页查询效率的三种方案
- The only core indicator of high-quality software architecture
- Optional values and functions of the itemized contenttype parameter in the request header
猜你喜欢
上汽大通MAXUS正式发布全新品牌“MIFA”,旗舰产品MIFA 9正式亮相!
![[cloud native | kubernetes] in depth understanding of ingress (12)](/img/34/67eae1e5df89bb0a356a1c29a5e007.png)
[cloud native | kubernetes] in depth understanding of ingress (12)
三星量产3纳米产品引台媒关注:能否短期提高投入产出率是与台积电竞争关键
从0到1建设智能灰度数据体系:以vivo游戏中心为例
高效!用虚拟用户搭建FTP工作环境
unity不识别rider的其中一种解决方法
After the game starts, you will be prompted to install HMS core. Click Cancel, and you will not be prompted to install HMS core again (initialization failure returns 907135003)
JVM series - stack and heap, method area day1-2
【云原生 | Kubernetes篇】深入了解Ingress(十二)
分布式BASE理论
随机推荐
【云原生 | Kubernetes篇】深入了解Ingress(十二)
诸神黄昏时代的对比学习
Xilinx/system-controller-c/boardui/ unable to connect to the development board, the solution of jamming after arbitrary operation
Besides, rsync+inotify realizes real-time backup of data
C语言课程设计题
MySQL45讲——学习极客时间MySQL实战45讲笔记—— 06 | 全局锁和表锁_给表加个字段怎么有这么多阻碍
"Tips" to slim down Seurat objects
A data person understands and deepens the domain model
"Pre training weekly" issue 52: shielding visual pre training and goal-oriented dialogue
AI painting minimalist tutorial
XML入门二
SQL language
Excuse me, have you encountered this situation? CDC 1.4 cannot use timestamp when connecting to MySQL 5.7
7 月数据库排行榜:MongoDB 和 Oracle 分数下降最多
Web knowledge supplement
高质量软件架构的唯一核心指标
CANN算子:利用迭代器高效实现Tensor数据切割分块处理
SQL语言
C#基础补充
Etcd storage, watch and expiration mechanism