 |
DevSource RSS FEEDS | |
| |
 Want an easy way to keep up with breaking tech news? And the Get DevSource headlines delivered to your desktop with RSS. | |
| | ||
2008-03-26
Article Rating:
/ 9
| Table of Contents: |
| Rate This Article: | Add This Article To: |
|
( Page 1 of 4 )
Have you ever wanted to write a program that retrieves bitmaps, cursors, dialogs, icons, menus, and other types of resources from portable executable (PE)-based EXE and DLL files? This article helps with this task by presenting a console-based Windows utility program that retrieves a PE file's bitmaps, cursors, and icons; dumps these resources to .bmp, .cur, and .ico files, respectively; and creates an .rc file with appropriate resource statements that describe these resources.
Before presenting this program, the article presents resource theory, which the program uses to accomplish its tasks -- it
doesn't rely on EnumResourceTypes() and other resource-oriented Windows API functions to enumerate and retrieve
resources. You learn how to locate a PE file's resource section, discover this section's resource directory structure, and
explore some of the formats in which resource data is stored. You also tour an example program's resource section, which
reinforces your understanding of these topics.
Locate the resource section
Microsoft's PE file format organizes PE-based EXEs and DLLs into several sections, including text, data, and (optionally) resource. The utility program needs to know a few things about this format in order to locate the resource section -- it ignores the other sections. These items are summarized in Figure 1.
Figure 1: Overview of the PE file format.
According to Figure 1, a PE file begins with a relic from the old MS-DOS operating system: the MZ header. This header appears
at the beginning of DOS-based EXE files and provides information that MS-DOS needs to run the EXE. It's described by the
Windows SDK's C-based IMAGE_DOS_HEADER data structure.
| Note |
|---|
| The MZ header begins with the hexadecimal sequence 4D 5A, which can be interpreted as the ASCII string "MZ". This string stands for Mark Zbikowski, one of MS-DOS's developers. |
IMAGE_DOS_HEADER provides an e_lfanew field that contains a zero-based offset to the PE file's
"PE\0\0" signature. The utility program uses this field to bypass the MS-DOS real-mode stub program and locate the PE
signature. If this signature is missing, the program outputs an error message.
| Note |
|---|
| Attempting to execute a PE-based EXE file under MS-DOS or real-mode Windows causes the operating system to run the stub program, which outputs a message about not being able to execute this file. |
The PE signature is followed by the PE file header, which provides basic information about the file. The only header item of interest to the utility program is the number of sections in the PE file. The program uses this value to determine how many section headers are present in its search for the resource section.
Following the PE file header is the PE optional header. Unlike the file header, the optional header provides information critical to loading a PE file into memory -- section alignment is an example. Because the optional header contains nothing essential for retrieving resources, it's ignored by the utility program.
The optional header is followed by section headers, which provide information about the sections that follow. Each section
header specifies a name that identifies its companion section. For example, the resource section (if present) is named .rsrc. The section header also provides the section's starting location.
|
|
 |
|
 |
|
|
|