Inspired by the ResourceHacker from Angus Johnson, I decided to make one of my own. ExeScanner, as the name suggests, can scan an executable file and enumerate all the objects in its resource section. The next version will have two main features:
- Resource scripting engine which can compile/decompile resources.
- Enumerate other sections of an executable file besides the resource section.
What does ExeScanner do?
ExeScanner allows you to view bitmaps, cursors, icons, strings, dialogs, menus and binary resources in any executable file. Any other resources except the first 6 are shown as the binary resources. Each resource type can be imported or exported. Import facility allows modifying the resources within the executable file with an external file, while export facility allows to extract and save the resources as a file. Dialogs and menus are exceptions to the import/export facility (as they require the resource scripting engine which will be a part of ExeScanner 1.1).
ExeScanner Design Overview (Class Hierarchy)
ExeScanner has been designed keeping in mind the future extensions and generalization of the project. With class hierarchy I have tried to incorporate a symmetric behavior in each object although they might be very different.
There are two base classes
PEResource. Any object in a PE file should always inherit from
PEBase. If it's a resource object, it should inherit from
PEResource. In fact,
PEResource also inherits from
PEBase. These base classes have some methods and members which make its representation and manipulation standardized and reduces code by implementing polymorphic behavior.
Let's have a look at a few classes and what they do:
PortableExecutable - Encapsulates DOS and Windows header. Also holds
ResourceSection - Encapsulates
ResourceSectionHeader and holds
ResourceBranch - Each branch represents a broad category of resources like BITMAP, ICON, STRING, BINARY etc. Also holds
ResourceNode can hold exactly one resource of any category, i.e., there can be multiple bitmaps in BITMAP category and thus multiple
ResourceBranch with each
PEResBitmap - Bitmap object.
PEResIcon - Icon object.
PEResCursor - Cursor object.
PEResString - String object.
PEResMenu - Menu object.
PEResBinary - Binary object.
PEResDialog - Dialog object.
Above mentioned seven classes encapsulate the logic to display themselves, import, export, and then when requested, give property info.
PEFile - Encapsulates the I/O to the executable file being scanned. Provides the facility to directly read/write by specifying the offset from the beginning.
PEListTree - It's a doubly linked list that stores each PE object, primarily used for creating navigation tree.
Hope you enjoy using the application. And would welcome your comments/suggestions on how to make it better.
- ExeScanner 1.0 - Initial release.