Neato!

By
Aaron Ballman
on March 8, 2007 3:24 PM | | Comments (7)

So I spent the last day or so writing a handy little utility which takes a PE32 executable file and ravishes it, looking for resources. Basically, it just spits the resources out into a tree view control so that you can look at the resources for any executable file. I'm doing this so that I can learn more about the way resources are stored in a PE32 file for an idea that I recently had. I must admit, the code for this project went a lot faster than I anticipated. Granted, I had a general understanding of how PE32 is laid out. But really, it all boils down to the docs from Microsoft on the PE32 specification. Cripes they have good documentation! I recall helping write the Mach-O linker, and there was absolutely no information (at that time, which was a few years ago now) about the Mach format. I was expecting the same to be true of PE32, but it turns out that Microsoft published a 65 page document on the file format, as well as documented all of the structures in the WinNT.h header file. Nice!!

Here's a little picture of what I wrote:

Now I just need to study the code I wrote to look for ways to make it better and understand *why* things work the way they work. Then I can dig into my really fun project (which I'm not at liberty to discuss). :-)

In the meantime, I may turn this into a more polished form. Instead of just showing you the hex view of the resources, I may have it try to display them in a more user-friendly fashion. For instance, show the icons as pictures, show the version information properly, etc. That'd be a good exercise for figuring out those formats anyhow.

7 Comments

By jdiwnabAuthor Profile Page on March 8, 2007 5:46 PM

maybe i'm a noob on this, but what is PE32 format? is it just a windows program?

By Aaron BallmanAuthor Profile Page on March 8, 2007 5:49 PM

PE32 stands for "portable executable 32-bit" file format. It's the executable file format that every Windows application is in. It specifies all of the guts of the application such as what functions does it need to import, what resources does the application have, where's the application's actual code, etc.

By Marco BambiniAuthor Profile Page on March 8, 2007 5:59 PM

Eh eh, maybe I suspect why are you writing a similar application ;-) Great idea Aaron!

By Aaron BallmanAuthor Profile Page on March 8, 2007 6:02 PM

If modifying the resources was my goal, I'd use a regular resource editor to do it. I have more devious goals in mind. ;-)

By ChristianAuthor Profile Page on March 8, 2007 6:13 PM

Hey, the top of your window looks a little blurry. Might want to get some Windex. :D

By jdiwnabAuthor Profile Page on March 8, 2007 6:57 PM

I wonder what devious goals you can do with such a program, if not to edit stuff... ;P

By Christopher on March 9, 2007 12:40 PM

His goals are far from devious, I'm sure :-) Perhaps we're talking about more flexible resource inclusion for a certain project he works on regularly? :-)

Leave a comment

Search

Pages

Categories

Monthly Archives

Blogroll

Friends
REALbasic Related
Win32 Programming

Disclaimer

I'm currently an employee of REAL Software. My blog is mine. The opinions represented in this blog are mine as well and may not represent my employer's opinions. All original material is copyrighted and property of the author.

REALbasic® is a registered trademark of REAL Software, Inc. REAL SQL Server™ and Lingua™ are pending trademarks of REAL Software, Inc. All rights reserved.