ExeScanner

Introduction

Inspired by the ResourceHacker from Angus Johnson, I decided to make one of my own. ExeScanner, as the name suggests, can scan an executable file and enumerate all the objects in its resource section. The next version will have two main features:

Resource scripting engine which can compile/decompile resources.
Enumerate other sections of an executable file besides the resource section.

What does ExeScanner do?

ExeScanner allows you to view bitmaps, cursors, icons, strings, dialogs, menus and binary resources in any executable file. Any other resources except the first 6 are shown as the binary resources. Each resource type can be imported or exported. Import facility allows modifying the resources within the executable file with an external file, while export facility allows to extract and save the resources as a file. Dialogs and menus are exceptions to the import/export facility (as they require the resource scripting engine which will be a part of ExeScanner 1.1).

ExeScanner Design Overview (Class Hierarchy)

ExeScanner has been designed keeping in mind the future extensions and generalization of the project. With class hierarchy I have tried to incorporate a symmetric behavior in each object although they might be very different.

There are two base classes PEBase and PEResource. Any object in a PE file should always inherit from PEBase. If it's a resource object, it should inherit from PEResource. In fact, PEResource also inherits from PEBase. These base classes have some methods and members which make its representation and manipulation standardized and reduces code by implementing polymorphic behavior.

Let's have a look at a few classes and what they do:

PortableExecutable - Encapsulates DOS and Windows header. Also holds ResourceSection.
ResourceSection - Encapsulates ResourceSectionHeader and holds ResourceBranch.
ResourceBranch - Each branch represents a broad category of resources like BITMAP, ICON, STRING, BINARY etc. Also holds ResourceNode.
ResourceNode - ResourceNode can hold exactly one resource of any category, i.e., there can be multiple bitmaps in BITMAP category and thus multiple ResourceNode in ResourceBranch with each ResourceNode holding PEResBitmap.
PEResBitmap - Bitmap object.
PEResIcon - Icon object.
PEResCursor - Cursor object.
PEResString - String object.
PEResMenu - Menu object.
PEResBinary - Binary object.
PEResDialog - Dialog object.

Above mentioned seven classes encapsulate the logic to display themselves, import, export, and then when requested, give property info.

PEFile - Encapsulates the I/O to the executable file being scanned. Provides the facility to directly read/write by specifying the offset from the beginning.
PEListTree - It's a doubly linked list that stores each PE object, primarily used for creating navigation tree.

Hope you enjoy using the application. And would welcome your comments/suggestions on how to make it better.

History

ExeScanner 1.0 - Initial release.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here