Click here to Skip to main content
11,502,503 members (62,748 online)
Click here to Skip to main content

ExeScanner

, 6 Jun 2005 87.9K 3.9K 100
Rate this:
Please Sign up or sign in to vote.
This article explains how to enumerate all the objects in a Portable Executable and manipulate them.

ExeScanner

Introduction

Inspired by the ResourceHacker from Angus Johnson, I decided to make one of my own. ExeScanner, as the name suggests, can scan an executable file and enumerate all the objects in its resource section. The next version will have two main features:

  1. Resource scripting engine which can compile/decompile resources.
  2. Enumerate other sections of an executable file besides the resource section.

What does ExeScanner do?

ExeScanner allows you to view bitmaps, cursors, icons, strings, dialogs, menus and binary resources in any executable file. Any other resources except the first 6 are shown as the binary resources. Each resource type can be imported or exported. Import facility allows modifying the resources within the executable file with an external file, while export facility allows to extract and save the resources as a file. Dialogs and menus are exceptions to the import/export facility (as they require the resource scripting engine which will be a part of ExeScanner 1.1).

ExeScanner Design Overview (Class Hierarchy)

ExeScanner has been designed keeping in mind the future extensions and generalization of the project. With class hierarchy I have tried to incorporate a symmetric behavior in each object although they might be very different.

There are two base classes PEBase and PEResource. Any object in a PE file should always inherit from PEBase. If it's a resource object, it should inherit from PEResource. In fact, PEResource also inherits from PEBase. These base classes have some methods and members which make its representation and manipulation standardized and reduces code by implementing polymorphic behavior.

Let's have a look at a few classes and what they do:

  • PortableExecutable - Encapsulates DOS and Windows header. Also holds ResourceSection.
  • ResourceSection - Encapsulates ResourceSectionHeader and holds ResourceBranch.
  • ResourceBranch - Each branch represents a broad category of resources like BITMAP, ICON, STRING, BINARY etc. Also holds ResourceNode.
  • ResourceNode - ResourceNode can hold exactly one resource of any category, i.e., there can be multiple bitmaps in BITMAP category and thus multiple ResourceNode in ResourceBranch with each ResourceNode holding PEResBitmap.
  • PEResBitmap - Bitmap object.
  • PEResIcon - Icon object.
  • PEResCursor - Cursor object.
  • PEResString - String object.
  • PEResMenu - Menu object.
  • PEResBinary - Binary object.
  • PEResDialog - Dialog object.

Above mentioned seven classes encapsulate the logic to display themselves, import, export, and then when requested, give property info.

  • PEFile - Encapsulates the I/O to the executable file being scanned. Provides the facility to directly read/write by specifying the offset from the beginning.
  • PEListTree - It's a doubly linked list that stores each PE object, primarily used for creating navigation tree.

Hope you enjoy using the application. And would welcome your comments/suggestions on how to make it better.

History

  • ExeScanner 1.0 - Initial release.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

Vishalsinh Jhala
Web Developer
United States United States
No Biography provided

Comments and Discussions

 
Questiondis is excellent but dere's smthing i want 2 know Pin
Member 448281617-Dec-08 3:16
memberMember 448281617-Dec-08 3:16 
GeneralExcellent job !!! Pin
CastorTiu18-Oct-06 8:46
memberCastorTiu18-Oct-06 8:46 
GeneralA bug Pin
H.B.Shen11-Apr-06 3:00
memberH.B.Shen11-Apr-06 3:00 
QuestionPE Graphical Area Access? Pin
IslamianFalcon24-Nov-05 20:06
memberIslamianFalcon24-Nov-05 20:06 
GeneralExcellent work Pin
i8412-Sep-05 23:55
memberi8412-Sep-05 23:55 
GeneralNice Work Pin
BitsAndBytes21-Jun-05 22:21
memberBitsAndBytes21-Jun-05 22:21 
GeneralNice Pin
ThatsAlok21-Jun-05 18:45
memberThatsAlok21-Jun-05 18:45 
Generalmfc70.dll Pin
Lee Middleotn10-Jun-05 15:48
memberLee Middleotn10-Jun-05 15:48 
GeneralRe: mfc70.dll Pin
Arie Levy21-Oct-09 0:20
memberArie Levy21-Oct-09 0:20 
GeneralGreat! Pin
CharlieLei9-Jun-05 15:16
sussCharlieLei9-Jun-05 15:16 
GeneralPhoto scan Pin
Armen Hakobyan9-Jun-05 1:21
memberArmen Hakobyan9-Jun-05 1:21 
Questionwhich ceil()? Pin
Unruled Boy8-Jun-05 16:01
memberUnruled Boy8-Jun-05 16:01 
AnswerRe: which ceil()? Pin
Christian Graus8-Jun-05 16:27
memberChristian Graus8-Jun-05 16:27 
AnswerRe: which ceil()? Pin
rkh07916-Jun-05 8:54
memberrkh07916-Jun-05 8:54 
Generalnice work. Pin
bevpet7-Jun-05 10:19
memberbevpet7-Jun-05 10:19 
Questionwhy not just use visual studio? Pin
yafan7-Jun-05 3:25
memberyafan7-Jun-05 3:25 
AnswerRe: why not just use visual studio? Pin
Tom Archer7-Jun-05 16:59
memberTom Archer7-Jun-05 16:59 
AnswerRe: why not just use visual studio? Pin
Vishalsinh Jhala7-Jun-05 18:29
memberVishalsinh Jhala7-Jun-05 18:29 
GeneralRe: why not just use visual studio? Pin
ahz8-Jun-05 7:23
memberahz8-Jun-05 7:23 
GeneralRe: why not just use visual studio? Pin
John M. Drescher9-Jun-05 3:34
memberJohn M. Drescher9-Jun-05 3:34 
GeneralRe: why not just use visual studio? Pin
ahz10-Jun-05 6:48
memberahz10-Jun-05 6:48 
GeneralRe: why not just use visual studio? Pin
Vishalsinh Jhala13-Jun-05 1:50
memberVishalsinh Jhala13-Jun-05 1:50 
GeneralRe: why not just use visual studio? Pin
ahz16-Jun-05 8:35
memberahz16-Jun-05 8:35 
AnswerRe: why not just use visual studio? Pin
Super Lloyd14-Jun-05 12:58
memberSuper Lloyd14-Jun-05 12:58 
GeneralRe: why not just use visual studio? Pin
Super Lloyd14-Jun-05 13:00
memberSuper Lloyd14-Jun-05 13:00 
Questionc# ? Pin
Trance Junkie7-Jun-05 0:56
memberTrance Junkie7-Jun-05 0:56 
Generalmust 5! Pin
f27-Jun-05 0:28
memberf27-Jun-05 0:28 
GeneralRe: must 5! Pin
Geert van Horrik7-Jun-05 1:01
memberGeert van Horrik7-Jun-05 1:01 
GeneralRe: must 5! Pin
f27-Jun-05 3:48
memberf27-Jun-05 3:48 
GeneralRe: must 5! Pin
Geert van Horrik7-Jun-05 4:32
memberGeert van Horrik7-Jun-05 4:32 
GeneralRe: must 5! Pin
Vishalsinh Jhala7-Jun-05 17:59
memberVishalsinh Jhala7-Jun-05 17:59 
GeneralRe: must 5! Pin
kevinf110816-Jun-05 2:49
memberkevinf110816-Jun-05 2:49 
GeneralRe: must 5! Pin
Franz R.14-Jun-05 0:10
memberFranz R.14-Jun-05 0:10 
GeneralFor the other sections... Pin
Merrion7-Jun-05 0:27
memberMerrion7-Jun-05 0:27 
GeneralExcellent :-) Pin
Nishant Sivakumar6-Jun-05 23:01
staffNishant Sivakumar6-Jun-05 23:01 
GeneralGreat work... Pin
Geert van Horrik6-Jun-05 22:43
memberGeert van Horrik6-Jun-05 22:43 
GeneralRe: Great work... Pin
Vishalsinh Jhala6-Jun-05 22:52
memberVishalsinh Jhala6-Jun-05 22:52 
GeneralRe: Great work... Pin
Vishalsinh Jhala6-Jun-05 23:05
memberVishalsinh Jhala6-Jun-05 23:05 
GeneralRe: Great work... Pin
Geert van Horrik6-Jun-05 23:59
memberGeert van Horrik6-Jun-05 23:59 
GeneralRe: Great work... Pin
Vishalsinh Jhala7-Jun-05 1:13
memberVishalsinh Jhala7-Jun-05 1:13 
GeneralRe: Great work... Pin
Geert van Horrik7-Jun-05 1:39
memberGeert van Horrik7-Jun-05 1:39 
GeneralRe: Great work... Pin
Vishalsinh Jhala7-Jun-05 17:54
memberVishalsinh Jhala7-Jun-05 17:54 
GeneralRe: Great work... Pin
P Reid15-Jun-05 5:28
sussP Reid15-Jun-05 5:28 
GeneralRe: Great work... Pin
Geert van Horrik15-Jun-05 5:44
memberGeert van Horrik15-Jun-05 5:44 
GeneralExcellent work Pin
iberg6-Jun-05 22:16
memberiberg6-Jun-05 22:16 
GeneralRe: Excellent work Pin
mlkeS14-Jun-05 14:12
membermlkeS14-Jun-05 14:12 
Generalvc6 version.. Pin
FireEmissary6-Jun-05 22:16
memberFireEmissary6-Jun-05 22:16 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.150520.1 | Last Updated 7 Jun 2005
Article Copyright 2005 by Vishalsinh Jhala
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid