PE::ResourceReader

PE::ResourceReader

post id: 74

post length: 4744

post datetime: 1/11/2011 8:30:09 PM

post ip: 10.10.10.254

PE::ResourceReader [In VB.NET]

Упрощенный парсер ресурсов /обход дерева ресурсов трехуровневой

ветвистости , без получения их типа/.

Цель /см. предыдущий пост/:

[*] Получить RVA.

[*] пересчитать.

[*] Записать.

Sub GetResources(ByRef Data As Byte(), ByVal _DirectoryEntry As Integer)

'

Dim ofs As Integer = _DirectoryEntry

Dim RESOURCE_DIRECTORY(3) As [RESOURCE_DIRECTORY] _

, RESOURCE_DIRECTORY_ENTRY(3) As [RESOURCE_DIRECTORY_ENTRY]

RESOURCE_DIRECTORY(0) _

= ReadStructure(Data, New [RESOURCE_DIRECTORY], _DirectoryEntry)

While RESOURCE_DIRECTORY(0).NumberOfIDEntries > 0

RESOURCE_DIRECTORY_ENTRY(0) _

= ReadStructure(Data, New [RESOURCE_DIRECTORY_ENTRY], _DirectoryEntry)

RESOURCE_DIRECTORY_ENTRY(0).DataEntryRVA _

= ofs + RESOURCE_DIRECTORY_ENTRY(0).DataEntryRVA << 1 >> 1

'

RESOURCE_DIRECTORY(1) _

= ReadStructure(Data, New [RESOURCE_DIRECTORY], RESOURCE_DIRECTORY_ENTRY(0).DataEntryRVA)

While RESOURCE_DIRECTORY(1).NumberOfIDEntries > 0

RESOURCE_DIRECTORY_ENTRY(1) _

= ReadStructure(Data, New [RESOURCE_DIRECTORY_ENTRY], RESOURCE_DIRECTORY_ENTRY(0).DataEntryRVA)

RESOURCE_DIRECTORY_ENTRY(1).DataEntryRVA _

= ofs + RESOURCE_DIRECTORY_ENTRY(1).DataEntryRVA << 1 >> 1

'

RESOURCE_DIRECTORY(2) _

= ReadStructure(Data, New [RESOURCE_DIRECTORY], RESOURCE_DIRECTORY_ENTRY(1).DataEntryRVA)

While RESOURCE_DIRECTORY(2).NumberOfIDEntries > 0

RESOURCE_DIRECTORY_ENTRY(2) _

= ReadStructure(Data, New [RESOURCE_DIRECTORY_ENTRY], RESOURCE_DIRECTORY_ENTRY(1).DataEntryRVA)

RESOURCE_DIRECTORY_ENTRY(2).DataEntryRVA _

= ofs + RESOURCE_DIRECTORY_ENTRY(2).DataEntryRVA << 1 >> 1

'

RESOURCE_DIRECTORY(3) _

= ReadStructure(Data, New [RESOURCE_DIRECTORY], RESOURCE_DIRECTORY_ENTRY(2).DataEntryRVA)

'

Console.WriteLine(String.Concat(" RVA: ", RESOURCE_DIRECTORY(3).RVA, " [", Hex(RESOURCE_DIRECTORY(3).RVA), "]"))

Console.WriteLine(String.Concat(" SIZE: ", RESOURCE_DIRECTORY(3).Size, " [", Hex(RESOURCE_DIRECTORY(3).Size), "]"))

'

RESOURCE_DIRECTORY(2).NumberOfIDEntries -= 1

End While

'

RESOURCE_DIRECTORY(1).NumberOfIDEntries -= 1

End While

'

RESOURCE_DIRECTORY(0).NumberOfIDEntries -= 1

End While

'

End Sub

#Region " D.E.C.L.A.R.E "

<StructLayout(LayoutKind.Sequential, Size:=16, Pack:=1)> _

Public Structure RESOURCE_DIRECTORY

Dim RVA _

, Size As Integer _

, MajorVersion _

, MinorVersion _

, NumberOfNameEntries _

, NumberOfIDEntries As Int16

End Structure

<StructLayout(LayoutKind.Sequential, Size:=8, Pack:=1)> _

Public Structure RESOURCE_DIRECTORY_ENTRY

Dim NameRVA _

, DataEntryRVA As Integer

End Structure

#End Region

#Region "U T I L S"

Public Shared Function ReadStructure(ByRef IData As Byte(), ByVal obj As Object, ByRef ofs As Integer) AsObject

'

Try

Dim size As Integer = Marshal.SizeOf(obj)

'

Dim ptr As IntPtr = Marshal.AllocHGlobal(size)

'

Marshal.Copy(IData, ofs, ptr, size)

'

obj = Marshal.PtrToStructure(ptr, obj.GetType)

'

Marshal.FreeHGlobal(ptr)

'

ofs = ofs + size

'

Catch ex As Exception

End Try

'

Return obj

''

End Function

Public Shared Sub WriteStructure(ByRef IData As Byte(), ByVal obj As Object, ByVal ofs As Integer)

'

Try

Dim size As Integer = Marshal.SizeOf(obj)

'

Dim ptr As IntPtr = Marshal.AllocHGlobal(size)

'

Marshal.StructureToPtr(obj, ptr, False)

'

Marshal.Copy(ptr, IData, ofs, size)

'

Marshal.FreeHGlobal(ptr)

'

Catch ex As Exception

End Try

''

End Sub

#End Region

THE END