Sign in to follow this  
Followers 0
lhw

Need help peering a PE res exist or not via AutoIt

Started by lhw,

6 posts in this topic

#1 ·  Posted

Does autoit can check resource type and name exist or not from a PE file ?

just like

unfortunately ,the important file link is broken, any ideas?

Share this post

Link to post
Share on other sites



#2 ·  Posted

Check out the excellent by trancexx, I'm quite sure it contains what you're looking for :).

de.png OS: Win10-1703 - 64bit - German, AutoIt Version: 3.3.14.2, AutoIt Editor: SciTE, Website: http://www.funk.eu, My unsolved Questions: Get default Window Size and Position, Rotate display by 270 degrees, Get Systray Icons, ... 

prog_icon_amt.png AMT - Auto-Movie-Thumbnailer (2017-Mar-04) prog_icon_cop.png COP - Color Picker (2009-May-21) prog_icon_hmw.png HMW - Hide my Windows (2013-Dec-08) prog_icon_hrc.png HRC - HotKey Resolution Changer (2012-May-16) 

prog_icon_icu.png ICU - Icon Configuration Utility (2013-May-24) prog_icon_smf.png SMF - Search my Files (2017-Jun-18) - THE file info and duplicates search tool prog_icon_ssd.png SSD - Set Sound Device (2017-Sep-16)

Share this post

Link to post
Share on other sites

#3 ·  Posted (edited)

Hi,

Crude knock up of a function that will give true if name and type exists or false if they don't.

#include <Constants.au3>
#include <WinAPI.au3>

Global Const $RT_CURSOR = 1
Global Const $RT_BITMAP = 2
Global Const $RT_ICON = 3
Global Const $RT_MENU = 4
Global Const $RT_DIALOG = 5
Global Const $RT_STRING = 6
Global Const $RT_FONTDIR = 7
Global Const $RT_FONT = 8
Global Const $RT_ACCELERATOR = 9
Global Const $RT_RCDATA = 10
Global Const $RT_MESSAGETABLE = 11
Global Const $RT_GROUP_CURSOR = 12
Global Const $RT_GROUP_ICON = 14
Global Const $RT_VERSION = 16
Global Const $RT_DLGINCLUDE = 17
Global Const $RT_PLUGPLAY = 19
Global Const $RT_VXD = 20
Global Const $RT_ANICURSOR = 21
Global Const $RT_ANIICON = 22
Global Const $RT_HTML = 23
Global Const $RT_MANIFEST = 24


$iBool = _FindResource("explorer.exe", 180, $RT_BITMAP)
ConsoleWrite($iBool & @LF)


; #FUNCTION# =============================================================================================
; Name...........: _FindResource
; Description ...: Check if a resource Name and Type exists in a PE file
; Syntax.........: _FindResource($sFile, $ResName, $ResType)
; Parameters ....: $sFile   - File to look for resource name and type in.
;                  $ResName - Resource name (can be a string or number)
;                  $ResType - Resource type (can be either one of the constants above or can be a string for a custom resource)
;                             Note: If resource Name or Type is a number then don't use quotes around the number.
; Return values .: Success  - Return True if resource exists or False if does not exist and @error 0
;                  Failure  - Return -1 and @error 1 or 2
;                             @error 1 = Unable to load the PE file
;                             @error 2 = DllCall to find resource in loaded PE file failed.
; ========================================================================================================
;
Func _FindResource($sFile, $ResName, $ResType)
    Local $hModule, $wName, $wType, $aRet
    $hModule = _WinAPI_LoadLibraryEx($sFile, $LOAD_LIBRARY_AS_DATAFILE)
    If Not $hModule Then Return SetError(1, 0, -1)
    If IsNumber($ResName) Then
        $wName &= "#" & $ResName
    Else
        $wName = $ResName
    EndIf
    Switch $ResType
        Case 1 To 24
            $wType &= "#" & $ResType
        Case Else
            If IsNumber($ResName) Then
                $wType &= "#" & $ResType
            Else
                $wType = $ResType
            EndIf
    EndSwitch
    $aRet = DllCall('kernel32.dll', 'ptr', 'FindResourceW', 'ptr', $hModule, 'wstr', $wName, 'wstr', $wType)
    If @error Then
        _WinAPI_FreeLibrary($hModule)
        Return SetError(2, 0, -1)
    Else
        _WinAPI_FreeLibrary($hModule)
        Return SetError(0, 0, $aRet[0] <> 0)
    EndIf
EndFunc   ;==>_FindResource

Cheers

Edit: Info of resource functions found Here

Edited by smashly

Share this post

Link to post
Share on other sites

#4 ·  Posted

Hi,

Crude knock up of a function that will give true if name and type exists or false if they don't.

#include <Constants.au3>
#include <WinAPI.au3>

Global Const $RT_CURSOR = 1
Global Const $RT_BITMAP = 2
Global Const $RT_ICON = 3
Global Const $RT_MENU = 4
Global Const $RT_DIALOG = 5
Global Const $RT_STRING = 6
Global Const $RT_FONTDIR = 7
Global Const $RT_FONT = 8
Global Const $RT_ACCELERATOR = 9
Global Const $RT_RCDATA = 10
Global Const $RT_MESSAGETABLE = 11
Global Const $RT_GROUP_CURSOR = 12
Global Const $RT_GROUP_ICON = 14
Global Const $RT_VERSION = 16
Global Const $RT_DLGINCLUDE = 17
Global Const $RT_PLUGPLAY = 19
Global Const $RT_VXD = 20
Global Const $RT_ANICURSOR = 21
Global Const $RT_ANIICON = 22
Global Const $RT_HTML = 23
Global Const $RT_MANIFEST = 24


$iBool = _FindResource("explorer.exe", 180, $RT_BITMAP)
ConsoleWrite($iBool & @LF)


; #FUNCTION# =============================================================================================
; Name...........: _FindResource
; Description ...: Check if a resource Name and Type exists in a PE file
; Syntax.........: _FindResource($sFile, $ResName, $ResType)
; Parameters ....: $sFile   - File to look for resource name and type in.
;                  $ResName - Resource name (can be a string or number)
;                  $ResType - Resource type (can be either one of the constants above or can be a string for a custom resource)
;                             Note: If resource Name or Type is a number then don't use quotes around the number.
; Return values .: Success  - Return True if resource exists or False if does not exist and @error 0
;                  Failure  - Return -1 and @error 1 or 2
;                             @error 1 = Unable to load the PE file
;                             @error 2 = DllCall to find resource in loaded PE file failed.
; ========================================================================================================
;
Func _FindResource($sFile, $ResName, $ResType)
    Local $hModule, $wName, $wType, $aRet
    $hModule = _WinAPI_LoadLibraryEx($sFile, $LOAD_LIBRARY_AS_DATAFILE)
    If Not $hModule Then Return SetError(1, 0, -1)
    If IsNumber($ResName) Then
        $wName &= "#" & $ResName
    Else
        $wName = $ResName
    EndIf
    Switch $ResType
        Case 1 To 24
            $wType &= "#" & $ResType
        Case Else
            If IsNumber($ResName) Then
                $wType &= "#" & $ResType
            Else
                $wType = $ResType
            EndIf
    EndSwitch
    $aRet = DllCall('kernel32.dll', 'ptr', 'FindResourceW', 'ptr', $hModule, 'wstr', $wName, 'wstr', $wType)
    If @error Then
        _WinAPI_FreeLibrary($hModule)
        Return SetError(2, 0, -1)
    Else
        _WinAPI_FreeLibrary($hModule)
        Return SetError(0, 0, $aRet[0] <> 0)
    EndIf
EndFunc   ;==>_FindResource

Cheers

Edit: Info of resource functions found Here

Thanks smashly, Auotit can do more than i image

but it cant recognize user-define resources ,i have a bunch of exe files with resources BIN/250, BIN/130, BIN/301, I just need codes can recognize the location for each of them,then extract BIN files from there via Reshacker,any ideas can recognize non-standard res?

Share this post

Link to post
Share on other sites

#5 ·  Posted (edited)

Hi,

The reason it did not detect a custom resource was a typo error on my part.

Try this to see if you can detect your custom resource now

#include <Constants.au3>
#include <WinAPI.au3>

Global Const $RT_CURSOR = 1
Global Const $RT_BITMAP = 2
Global Const $RT_ICON = 3
Global Const $RT_MENU = 4
Global Const $RT_DIALOG = 5
Global Const $RT_STRING = 6
Global Const $RT_FONTDIR = 7
Global Const $RT_FONT = 8
Global Const $RT_ACCELERATOR = 9
Global Const $RT_RCDATA = 10
Global Const $RT_MESSAGETABLE = 11
Global Const $RT_GROUP_CURSOR = 12
Global Const $RT_GROUP_ICON = 14
Global Const $RT_VERSION = 16
Global Const $RT_DLGINCLUDE = 17
Global Const $RT_PLUGPLAY = 19
Global Const $RT_VXD = 20
Global Const $RT_ANICURSOR = 21
Global Const $RT_ANIICON = 22
Global Const $RT_HTML = 23
Global Const $RT_MANIFEST = 24


$iBool = _FindResource("your.exe", 250, "BIN") ; change to your file, name, type
ConsoleWrite($iBool & @LF)


; #FUNCTION# =============================================================================================
; Name...........: _FindResource
; Description ...: Check if a resource Name and Type exists in a PE file
; Syntax.........: _FindResource($sFile, $ResName, $ResType)
; Parameters ....: $sFile   - File to look for resource name and type in.
;                  $ResName - Resource name (can be a string or number)
;                  $ResType - Resource type (can be either one of the constants above or can be a string for a custom resource)
;                             Note: If resource Name or Type is a number then don't use quotes around the number.
; Return values .: Success  - Return True if resource exists or False if does not exist and @error 0
;                  Failure  - Return -1 and @error 1 or 2
;                             @error 1 = Unable to load the PE file
;                             @error 2 = DllCall to find resource in loaded PE file failed.
; ========================================================================================================
;
Func _FindResource($sFile, $ResName, $ResType)
    Local $hModule, $wName, $wType, $aRet
    $hModule = _WinAPI_LoadLibraryEx($sFile, $LOAD_LIBRARY_AS_DATAFILE)
    If Not $hModule Then Return SetError(1, 0, -1)
    If IsNumber($ResName) Then
        $wName &= "#" & $ResName
    Else
        $wName = $ResName
    EndIf
    Switch $ResType
        Case 1 To 24
            $wType &= "#" & $ResType
        Case Else
            If IsNumber($ResType) Then
                $wType &= "#" & $ResType
            Else
                $wType = $ResType
            EndIf
    EndSwitch
    $aRet = DllCall('kernel32.dll', 'ptr', 'FindResourceW', 'ptr', $hModule, 'wstr', $wName, 'wstr', $wType)
    If @error Then
        _WinAPI_FreeLibrary($hModule)
        Return SetError(2, 0, -1)
    Else
        _WinAPI_FreeLibrary($hModule)
        Return SetError(0, 0, $aRet[0] <> 0)
    EndIf
EndFunc   ;==>_FindResource

You won't need reshacker to extract your custom resource, all can be done with autoit.

More on that later..

Cheers

Edited by smashly

Share this post

Link to post
Share on other sites

#6 ·  Posted (edited)

Hi,

The reason it did not detect a custom resource was a typo error on my part.

Try this to see if you can detect your custom resource now

#include <Constants.au3>
#include <WinAPI.au3>

Global Const $RT_CURSOR = 1
Global Const $RT_BITMAP = 2
Global Const $RT_ICON = 3
Global Const $RT_MENU = 4
Global Const $RT_DIALOG = 5
Global Const $RT_STRING = 6
Global Const $RT_FONTDIR = 7
Global Const $RT_FONT = 8
Global Const $RT_ACCELERATOR = 9
Global Const $RT_RCDATA = 10
Global Const $RT_MESSAGETABLE = 11
Global Const $RT_GROUP_CURSOR = 12
Global Const $RT_GROUP_ICON = 14
Global Const $RT_VERSION = 16
Global Const $RT_DLGINCLUDE = 17
Global Const $RT_PLUGPLAY = 19
Global Const $RT_VXD = 20
Global Const $RT_ANICURSOR = 21
Global Const $RT_ANIICON = 22
Global Const $RT_HTML = 23
Global Const $RT_MANIFEST = 24


$iBool = _FindResource("your.exe", 250, "BIN") ; change to your file, name, type
ConsoleWrite($iBool & @LF)


; #FUNCTION# =============================================================================================
; Name...........: _FindResource
; Description ...: Check if a resource Name and Type exists in a PE file
; Syntax.........: _FindResource($sFile, $ResName, $ResType)
; Parameters ....: $sFile   - File to look for resource name and type in.
;                  $ResName - Resource name (can be a string or number)
;                  $ResType - Resource type (can be either one of the constants above or can be a string for a custom resource)
;                             Note: If resource Name or Type is a number then don't use quotes around the number.
; Return values .: Success  - Return True if resource exists or False if does not exist and @error 0
;                  Failure  - Return -1 and @error 1 or 2
;                             @error 1 = Unable to load the PE file
;                             @error 2 = DllCall to find resource in loaded PE file failed.
; ========================================================================================================
;
Func _FindResource($sFile, $ResName, $ResType)
    Local $hModule, $wName, $wType, $aRet
    $hModule = _WinAPI_LoadLibraryEx($sFile, $LOAD_LIBRARY_AS_DATAFILE)
    If Not $hModule Then Return SetError(1, 0, -1)
    If IsNumber($ResName) Then
        $wName &= "#" & $ResName
    Else
        $wName = $ResName
    EndIf
    Switch $ResType
        Case 1 To 24
            $wType &= "#" & $ResType
        Case Else
            If IsNumber($ResType) Then
                $wType &= "#" & $ResType
            Else
                $wType = $ResType
            EndIf
    EndSwitch
    $aRet = DllCall('kernel32.dll', 'ptr', 'FindResourceW', 'ptr', $hModule, 'wstr', $wName, 'wstr', $wType)
    If @error Then
        _WinAPI_FreeLibrary($hModule)
        Return SetError(2, 0, -1)
    Else
        _WinAPI_FreeLibrary($hModule)
        Return SetError(0, 0, $aRet[0] <> 0)
    EndIf
EndFunc   ;==>_FindResource

You won't need reshacker to extract your custom resource, all can be done with autoit.

More on that later..

Cheers

it works ! :) Cheers

I very appreciate it,look forward to learning...

Edited by lhw

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing AutoIt General Help and Support