public static void *MemoryLoadResource(MEMORYMODULE module, void *resource, bool unicode)
{
byte *codeBase = module.codeBase;
IMAGE_RESOURCE_DATA_ENTRY *entry = (IMAGE_RESOURCE_DATA_ENTRY *)resource;
if (entry == null)
{
return(null);
}
return(codeBase + entry->OffsetToData);
}
private unsafe bool processImageResourceDirectoryEntry(IMAGE_RESOURCE_DIRECTORY *pIrd, IMAGE_RESOURCE_DIRECTORY_ENTRY *pIrde, uint baserva, string sResType, IMAGE_SECTION_HEADER *pIsh, byte *pData)
{
//string sResName;
UInt16 nEntries;
uint i;
/*
* if (Convert.ToBoolean((pIrde->Name & 0x80000000) >> 31)) // pIrde->Name ==> NameIsString? see Winnt.h
* {
* IMAGE_RESOURCE_DIR_STRING_U* pDirStringUnicode = (IMAGE_RESOURCE_DIR_STRING_U*)(pIrd + pIrde->OffsetToData);
* sResName = MakeStringFromUTF8((byte*)&pDirStringUnicode->NameString);
* }
*/
if (!Convert.ToBoolean((pIrde->OffsetToData & 0x80000000) >> 31)) // pIrde->OffsetToData ==> DataIsDirectory? see Winnt.h
{
throw new Exception("A resource directory was expected but parsing failed");
}
IMAGE_RESOURCE_DIRECTORY * pIrdLevel_2 = (IMAGE_RESOURCE_DIRECTORY *)((baserva + pIrde->OffsetToData & 0x7fffffff));
IMAGE_RESOURCE_DIRECTORY_ENTRY *pIrdeLevel_2 = (IMAGE_RESOURCE_DIRECTORY_ENTRY *)(pIrdLevel_2 + 1);
nEntries = (UInt16)(pIrdLevel_2->NumberOfIdEntries + pIrdLevel_2->NumberOfNamedEntries);
for (i = 0; i < nEntries; i++)
{
IMAGE_RESOURCE_DATA_ENTRY *irdata = (IMAGE_RESOURCE_DATA_ENTRY *)(baserva + pIrdeLevel_2->OffsetToData);
if (sResType == ResourceType.RT_VERSION.ToString())
{
if (!processVersion_Information(irdata, baserva, pIsh, pData))
{
return(false);
}
}
if (sResType == ResourceType.RT_GROUP_ICON.ToString())
{
if (!processVersion_Icon(irdata, baserva, pIsh, pData))
{
return(false);
}
}
pIrdeLevel_2++;
}
return(true);
}
internal ResourceNode(string name, int nodeFileOffset, PEFile file, bool isLeaf, bool isTop = false)
{
m_file = file;
m_nodeFileOffset = nodeFileOffset;
m_isTop = isTop;
IsLeaf = isLeaf;
Name = name;
if (isLeaf)
{
var buff = m_file.AllocBuff();
IMAGE_RESOURCE_DATA_ENTRY *dataDescr = (IMAGE_RESOURCE_DATA_ENTRY *)buff.Fetch(nodeFileOffset, sizeof(IMAGE_RESOURCE_DATA_ENTRY));
m_dataLen = dataDescr->Size;
m_dataFileOffset = file.Header.RvaToFileOffset(dataDescr->RvaToData);
var data = FetchData(0, m_dataLen, buff);
m_file.FreeBuff(buff);
}
}
private unsafe bool processVersion_Icon(IMAGE_RESOURCE_DATA_ENTRY *irdata, uint baserva, IMAGE_SECTION_HEADER *pIsh, byte *pData)
{
uint offset;
uint ustr_offset;
string sVersionInfoString;
offset = irdata->OffsetToData - pIsh->VirtualAddress + pIsh->PointerToRawData; // OffsetFromRVA
ICOHEADER *piHeader = (ICOHEADER *)(offset + pData);
if (piHeader->imgcount > 0)
{
ICODATA *pIcon = (ICODATA *)(offset + pData + sizeof(ICOHEADER));
//pIcon->
BITMAPINFOHEADER *pDIP = (BITMAPINFOHEADER *)(pData + pIcon->imgadr);
}
return(true);
}
private unsafe bool processVersion_Information(IMAGE_RESOURCE_DATA_ENTRY *irdata, uint baserva, IMAGE_SECTION_HEADER *pIsh, byte *pData)
{
uint offset;
uint ustr_offset;
string sVersionInfoString;
offset = (irdata->OffsetToData - pIsh->VirtualAddress) + pIsh->PointerToRawData; // OffsetFromRVA
VS_VERSIONINFO *pVI = (VS_VERSIONINFO *)(offset + pData);
ustr_offset = (irdata->OffsetToData - pIsh->VirtualAddress) + pIsh->PointerToRawData + (uint)sizeof(VS_VERSIONINFO) + (uint)pData;
IMAGE_RESOURCE_INFO_STRING_U *pDirStringUnicode = (IMAGE_RESOURCE_INFO_STRING_U *)(ustr_offset);
sVersionInfoString = MakeStringFromUTF8_2((byte *)&pDirStringUnicode->String, (int)pVI->wValueLength);
if (sVersionInfoString != "VS_VERSION_INFO")
{
throw new Exception("Invalid VS_VERSION_INFO block detected");
}
uint fixedfileinfo_offset = dword_align(((uint)sizeof(VS_VERSIONINFO) + 2 * ((uint)sVersionInfoString.Length + 1)), (uint)irdata->OffsetToData);
VS_FIXEDFILEINFO *pFFI = (VS_FIXEDFILEINFO *)(fixedfileinfo_offset + offset + pData);
if (pFFI->dwSignature != 0xfeef04bd) // 4277077181
{
throw new Exception("Wrong VS_FIXED_FILE_INFO signature detected.");
}
uint stringfileinfo_offset = dword_align((fixedfileinfo_offset + (uint)sizeof(VS_FIXEDFILEINFO)), (uint)irdata->OffsetToData);
uint original_stringfileinfo_offset = stringfileinfo_offset;
while (true)
{
STRING_FILE_INFO * pSFI = (STRING_FILE_INFO *)(stringfileinfo_offset + offset + pData);
IMAGE_RESOURCE_INFO_STRING_U *pDirStringUnicode_2 = (IMAGE_RESOURCE_INFO_STRING_U *)(ustr_offset + stringfileinfo_offset);
string stringfileinfo_string = MakeStringFromUTF8_2((byte *)&pDirStringUnicode_2->String, pSFI->Length);
if (stringfileinfo_string.StartsWith("StringFileInfo"))
{
//if (pSFI->Type == 1 && pSFI->ValueLength == 0)
//{
uint stringtable_offset = dword_align((stringfileinfo_offset + (uint)sizeof(STRING_FILE_INFO) + 2 * ((uint)stringfileinfo_string.Length) + 1), (uint)irdata->OffsetToData);
while (true)
{
STRING_TABLE *pST = (STRING_TABLE *)(stringtable_offset + offset + pData);
if ((pST->Length + pST->ValueLength) == 0)
{
break;
}
IMAGE_RESOURCE_INFO_STRING_U *pDirStringUnicode_3 = (IMAGE_RESOURCE_INFO_STRING_U *)(ustr_offset + stringtable_offset);
string stringtable_string = MakeStringFromUTF8_2((byte *)&pDirStringUnicode_3->String, pST->Length);
uint entry_offset = dword_align(stringtable_offset + (uint)sizeof(STRING_TABLE) + 2 * ((uint)stringtable_string.Length + 1), (uint)irdata->OffsetToData);
// Now get all entries
while (entry_offset < stringtable_offset + pST->Length)
{
STRING_FORMAT *pSF = (STRING_FORMAT *)(entry_offset + offset + pData);
if ((pSF->Length + pSF->ValueLength) == 0)
{
break;
}
IMAGE_RESOURCE_INFO_STRING_U *pDirStringUnicode_Key = (IMAGE_RESOURCE_INFO_STRING_U *)(ustr_offset + entry_offset);
string key = MakeStringFromUTF8_2((byte *)&pDirStringUnicode_Key->String, pSF->Length);
uint value_offset = dword_align(entry_offset + 2 + (2 * (uint)key.Length + 1), (uint)irdata->OffsetToData);
IMAGE_RESOURCE_INFO_STRING_U *pDirStringUnicode_Value = (IMAGE_RESOURCE_INFO_STRING_U *)(ustr_offset + value_offset - 2);
string value = MakeStringFromUTF8_2((byte *)&pDirStringUnicode_Value->String, pSF->ValueLength);
if (!m_VersionInfo.ContainsKey(key))
{
m_VersionInfo.Add(key, value);
}
else
{
System.Diagnostics.Debug.WriteLine("Schon drinne");
}
if (pSF->Length == 0)
{
entry_offset = stringtable_offset + pST->Length;
}
else
{
entry_offset = dword_align(pSF->Length + entry_offset, (uint)irdata->OffsetToData);
}
}
break;
}
//}
}
else if (stringfileinfo_string.StartsWith("VarFileInfo"))
{
// TODO: Handle VarFileInfo
}
stringfileinfo_offset = stringfileinfo_offset + pSFI->Length;
if (pSFI->Length == 0 || stringfileinfo_offset >= pVI->wLength)
{
break;
}
}
return(true);
}
