-
Notifications
You must be signed in to change notification settings - Fork 2
/
resdump.asm
446 lines (412 loc) · 10.8 KB
/
resdump.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
.data
szstrCursor db '[Cursor]',0
szstrBitmap db '[Bitmap]',0
szstrIcon db '[Icon]',0
szstrMenu db '[Menu]',0
szstrDialog db '[Dialog]',0
szstrString db '[String]',0
szstrFontDir db '[FontDir]',0
szstrFont db '[Font]',0
szstrAccelerator db '[Accelerator]',0
szstrRcData db '[Unformatted Resource]',0
szstrMsgTable db '[Message Table]',0
szstrGroupCursor db '[Group Cursor]',0
szstrGroupIcon db '[Group Icon]',0
szstrVersion db '[Version]',0
szstrAniCursor db '[Animated Cursor]',0
szstrUnknown db '[???]',0
szOffset2Data db '[!] Offset2Data : %08X',20H
db ' ;Size :%08X',0
szFileExt db '\%08X.dat',0
szBmpExt db '\%08X.bmp',0
szIconExt db '\%08X.ico',0
szAniCurExt db '\%08X.ani',0
szCurExt db '\%08X.cur',0
szBinExt db '\%08X.bin',0
szNoResource db 'Resource NOT found in this file!',0
szBrowseTitle db 'Select a location for saving dumpped file(s):',0
szResData db 'Resource Data',0
szPleaseWait db 'Please wait ...',0
szDumpDlgTitle db '[Resource Dumper]',0
_DlgProc proto :DWORD,:DWORD,:DWORD,:DWORD
_SeekData proto :DWORD,:DWORD
_StoreData proto :DWORD,:DWORD
_RealDo proto :DWORD
Rva2Offset equ _RVAToRAW
hDlg dd ?
hPreItem dd ?
dwIsOver dd ?
dwReadyWrite dd ?
dwResType dd ?
szSavePath db 260 dup(?)
;##############################
.code
_ResourceDump proc lParam:DWORD
.if stFile.lpMem
invoke DialogBoxParam,stFile.hInstance,800,stFile.hWinMain,offset _DlgProc,0
.endif
ret
_ResourceDump endp
_DlgProc proc uses esi edi,hWnd:DWORD,uMsg:DWORD,wParam:DWORD,lParam:DWORD
LOCAL @szBuf[260]:BYTE
LOCAL @stBi:BROWSEINFO
.if uMsg == WM_INITDIALOG
push hWnd
pop hDlg
mov dwReadyWrite,0
invoke _RealDo,0
invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,stFile.hIcon
invoke SendDlgItemMessage,hDlg,1,TVM_SETIMAGELIST,TVSIL_NORMAL,stFile.hImageList ;; hImageList --> global variable
.elseif uMsg == WM_COMMAND
mov eax,wParam
and eax,0FFFFH
.if eax == 1000 ;; dump resource.
invoke CoInitialize,0
.if eax == S_OK
xor eax,eax
mov ecx,sizeof BROWSEINFO
lea edi,@stBi
cld
rep stosb
push hWnd
pop @stBi.hwndOwner
lea eax,@szBuf
mov @stBi.pszDisplayName,eax
mov @stBi.lpszTitle,offset szBrowseTitle
mov @stBi.ulFlags,BIF_RETURNONLYFSDIRS or BIF_STATUSTEXT or BIF_USENEWUI
invoke SHBrowseForFolder,addr @stBi
.if eax
invoke SHGetPathFromIDList,eax,offset szSavePath
.if eax
mov dwReadyWrite,1
invoke SendMessage,hWnd,WM_SETTEXT,0,offset szPleaseWait
invoke _RealDo,0
invoke SendMessage,hWnd,WM_SETTEXT,0,offset szDumpDlgTitle
.endif
.endif
invoke CoUninitialize
.endif
.elseif eax == 1001
jmp ___@@@QuitDumpResource
.endif
.elseif uMsg == WM_CLOSE
___@@@QuitDumpResource:
invoke EndDialog,hWnd,0
.else
xor eax,eax
ret
.endif
mov eax,1
ret
_DlgProc endp
_AddItem proc uses esi edi hIndex:DWORD,lpStr:DWORD,dwImg:DWORD ;; dwImg --> NOT use anymore
LOCAL @stTvi:TV_INSERTSTRUCT
.if lpStr
xor eax,eax
mov ecx,sizeof TV_INSERTSTRUCT
lea edi,@stTvi
cld
rep stosb
.if hIndex
push hIndex
.else
push TVI_ROOT
.endif
pop @stTvi.hParent
mov @stTvi.hInsertAfter,TVI_LAST
mov @stTvi.item.imask,TVIF_IMAGE or TVIF_TEXT or TVIF_IMAGE or TVIF_SELECTEDIMAGE
mov @stTvi.item.iImage,0
mov @stTvi.item.iSelectedImage,1
mov @stTvi.item.cchTextMax,260
push lpStr
pop @stTvi.item.pszText
invoke SendDlgItemMessage,hDlg,1,TVM_INSERTITEM,0,addr @stTvi
.endif
ret
_AddItem endp
_RealDo proc uses esi edi,lParam:DWORD
LOCAL @szBuf[260]:BYTE
invoke SendDlgItemMessage,hDlg,1,TVM_DELETEITEM,0,TVI_ROOT
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;PART 1
mov esi,stFile.lpMem
.if WORD PTR [esi] != 'ZM'
invoke _AddItem,0,offset szNoDos,1
ret
.endif
add esi,[esi+3CH]
.if WORD PTR [esi] != 'EP'
invoke _AddItem,0,offset szNoPE,1
ret
.endif
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;PART 2
movzx eax,[esi+IMAGE_NT_HEADERS.OptionalHeader.Magic]
.if eax == 010BH
add esi,24+92+4
.elseif eax == 020BH
add esi,24+108+4
.endif
;;IMAGE_DATA_DIRECTORY
add esi,10H
mov ecx,esi
add ecx,04H
pushad
.if DWORD PTR [esi] == 00H
popad
invoke _AddItem,0,offset szNoResource,1
invoke GetDlgItem,hDlg,1000
.if eax
invoke ShowWindow,eax,SW_HIDE
.endif
ret
.endif
popad
invoke Rva2Offset,stFile.lpMem,DWORD PTR [esi]
mov esi,eax
add esi,stFile.lpMem
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;PART 3
mov edi,eax
invoke _AddItem,0,offset szResData,1
push eax
pop hChild1
mov hPreItem,eax
;;call ()... to add data items.
invoke _SeekData,esi,esi
ret
_RealDo endp
_SeekData proc uses esi edi ebx,lpFirstRes:DWORD,lpLastPos:DWORD
LOCAL @dwCount:DWORD
LOCAL @szBuf[260]:BYTE
mov esi,lpLastPos
assume esi:PTR IMAGE_RESOURCE_DIRECTORY
xor eax,eax
movzx eax,[esi].NumberOfNamedEntries
xor ecx,ecx
movzx ecx,[esi].NumberOfIdEntries
mov @dwCount,eax
add @dwCount,ecx
;;
add esi,sizeof IMAGE_RESOURCE_DIRECTORY
.while @dwCount
assume esi:PTR IMAGE_RESOURCE_DIRECTORY_ENTRY
mov eax,[esi].Name1
.if eax & 80000000H
and eax,7FFFFFFFH
add eax,lpFirstRes
movzx ecx,WORD PTR [eax]
add eax,2
mov ebx,eax
invoke WideCharToMultiByte,CP_ACP,WC_COMPOSITECHECK,ebx,\
ecx,addr @szBuf,sizeof @szBuf,0,0
lea ecx,@szBuf
.else
.if !dwIsOver
.if eax == 1
mov ecx,offset szstrCursor
mov dwResType,100000B
.elseif eax == 2
mov ecx,offset szstrBitmap
mov dwResType,10B
.elseif eax == 3
mov ecx,offset szstrIcon
mov dwResType,100B
.elseif eax == 4
mov ecx,offset szstrMenu
mov dwResType,0
.elseif eax == 5
mov ecx,offset szstrDialog
mov dwResType,0
.elseif eax == 6
mov ecx,offset szstrString
mov dwResType,0
.elseif eax == 7
mov ecx,offset szstrFontDir
mov dwResType,0
.elseif eax == 8
mov ecx,offset szstrFont
mov dwResType,0
.elseif eax == 9
mov ecx,offset szstrAccelerator
mov dwResType,0
.elseif eax == 10
mov ecx,offset szstrRcData
mov dwResType,10000B
.elseif eax == 11
mov ecx,offset szstrMsgTable
mov dwResType,0
.elseif eax == 12
mov ecx,offset szstrGroupCursor
mov dwResType,0
.elseif eax == 14
mov ecx,offset szstrGroupIcon
mov dwResType,0
.elseif eax == 16
mov ecx,offset szstrVersion
mov dwResType,0
.elseif eax == 15H
mov ecx,offset szstrAniCursor
mov dwResType,1000B
.else
mov ecx,offset szstrUnknown
mov dwResType,0
.endif
push hChild1
pop hPreItem
invoke _AddItem,hPreItem,ecx,1
push hPreItem
pop hChild1
mov hPreItem,eax
.endif
.endif
mov eax,[esi].OffsetToData
.if eax & 80000000H
and eax,7FFFFFFFH
add eax,lpFirstRes
inc dwIsOver
invoke _SeekData,lpFirstRes,eax
dec dwIsOver
.else
add eax,lpFirstRes
assume eax:PTR IMAGE_RESOURCE_DATA_ENTRY
mov ebx,[eax].OffsetToData
mov ecx,[eax].Size1
assume eax:nothing
invoke Rva2Offset,stFile.lpMem,ebx
pushad
invoke wsprintf,addr @szBuf,offset szOffset2Data,eax,ecx
invoke _AddItem,hPreItem,addr @szBuf,1
popad
;;get data here!
.if dwReadyWrite
invoke _StoreData,eax,ecx
.endif
.endif
assume esi:nothing
add esi,sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY
dec @dwCount
.endw
ret
_SeekData endp
_StoreData proc uses esi edi ebx,lpOffset:DWORD,dwSize:DWORD
LOCAL @szBuf[260]:BYTE
LOCAL @szBuf_[260]:BYTE
LOCAL @stBmpHeader:BITMAPFILEHEADER
LOCAL @hFile:DWORD
mov esi,lpOffset
add esi,stFile.lpMem
push esi
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
invoke lstrcpy,addr @szBuf,offset szSavePath
invoke Sleep,50
call GetTickCount
mov ecx,dwResType
.if ecx == 10B
invoke wsprintf,addr @szBuf_,offset szBmpExt,eax
.elseif ecx == 100B
invoke wsprintf,addr @szBuf_,offset szIconExt,eax
.elseif ecx == 1000B
invoke wsprintf,addr @szBuf_,offset szAniCurExt,eax
.elseif ecx == 10000B
invoke wsprintf,addr @szBuf_,offset szBinExt,eax
.elseif ecx == 100000B
invoke wsprintf,addr @szBuf_,offset szCurExt,eax
.else
invoke wsprintf,addr @szBuf_,offset szFileExt,eax
.endif
invoke lstrcat,addr @szBuf,addr @szBuf_
;; @szBuf has stored radomize file name.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;create file and prepar to write data.
invoke CreateFile,addr @szBuf,GENERIC_WRITE,FILE_SHARE_READ,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0
.if eax == -1
pop esi
ret
.endif
mov @hFile,eax
mov ecx,dwResType
.if ecx == 10B
lea edi,@stBmpHeader
mov al,'M'
shl eax,8
mov al,'B'
cld
stosw
mov eax,dwSize
add eax,sizeof BITMAPFILEHEADER ;; for bmp
cld
stosd
xor eax,eax
cld
stosd
mov al,36H
and eax,0FFH
stosd
push ecx
invoke WriteFile,@hFile,addr @stBmpHeader,sizeof BITMAPFILEHEADER,esp,0
pop ecx
.elseif ecx == 100B || ecx == 100000B
.if ecx == 100B
mov ebx,1
.else
mov ebx,2
.endif
xor eax,eax
mov ecx,22
lea edi,@szBuf
cld
rep stosb
lea edi,@szBuf
xor eax,eax
cld
stosw
mov eax,ebx
cld
stosw
mov eax,1
cld
stosw
add esi,4
cld
lodsd ;; width
cld
stosb
cld
lodsd ;; height
cld
stosb
add edi,2
cld
lodsw ;; planes
.if ebx == 02
xor eax,eax
.endif
cld
stosw
cld
lodsw ;; bitcount
.if ebx == 02
xor eax,eax
.endif
cld
stosw
inc esi
mov eax,dwSize ;; image size
.if ebx == 02
sub eax,4
.endif
cld
stosd
mov eax,16H
cld
stosd
push ebx
invoke WriteFile,@hFile,addr @szBuf,22,esp,0
pop ebx
.endif
pop esi
.if ebx == 02
add esi,4
.endif
invoke WriteFile,@hFile,esi,dwSize,esp,0
invoke CloseHandle,@hFile
ret
_StoreData endp