PE 文件解析6-数据目录[资源表]资源部分1
本帖最后由 appsion 于 2020-11-4 12:29 编辑PE 文件解析6-数据目录[资源表]资源部分1
上文连接: https://www.52pojie.cn/thread-1295982-1-1.html
1. 动态布局
参考地址: https://docs.microsoft.com/zh-cn/cpp/mfc/dynamic-layout?view=msvc-160
格式说明:
资源文件: 项目\项目.rc
IDD_项目_DIALOG AFX_DIALOG_LAYOUT
BEGIN
调整大小x, 调整大小y, 移动x, 移动y
0, 0, 0, 0,
0, 0, 0, 0,
0, 0, 0, 0,
0, 100, 100, 0
END
2. PNG格式
PNG定义了两种类型的数据块, 一种是称为关键数据块(critical chunk), 这是必需的数据块, 另一种叫做辅助数据块(ancillary chunks), 这是可选的数据块.
参考链接: https://www.cnblogs.com/lidabo/p/3701197.html
PNG格式头. 数据: 0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A
3. STYLE_XML
4. 光标
CUR 与 ICON 文件结构一样, 不同的是文件头的图像类型.
参考链接: http://www.360doc.com/content/14/0713/01/2793098_394006406.shtml
光标结构:
// ICON 文件头 6字节, 结构体无参考, 头文件无参考
typedef struct
{
WORD idReserved; // 保留位必须为0
WORD idType; // 图像类型 1(.ico) 2(.cur).
WORD idCount; // 图像数据索引的数量 (icon可以含多个图像数据块, 有几个索引就有几个图像数据块)范围 0~32767, ICONDIRENTRY结构体
icondirentry identries // 图像块索引
} ICONHEAD;
// ICON 图像数据索引 16字节, 结构体无参考, 头文件无参考
typedef struct ICONDIRENTRY
{
BYTE bWidth; // 像素宽度
BYTE bHeight; // 像素高度
WORD bColorCount; // 颜色深度
WORD biPlanes; // 目标设备的平面数
WORD biBitCount; // 每个像素的位数
DWORD dwBytesInRes; // 图像数据块大小(从 BITMAPINFOHEADER 起)
DWORD dwImageOffset; // 图像数据块的偏移,从文件开始处到图像块的偏移.
} ICONDIRENTRY, *LPICONDIRENTRY;
帮助文档: https://docs.microsoft.com/en-us/windows/win32/api/wingdi/ns-wingdi-bitmapinfo
头文件: wingdi.h
// 定义DIB的尺寸和颜色信息
typedef struct tagBITMAPINFO
{
BITMAPINFOHEADER bmiHeader;
RGBQUAD bmiColors;
} BITMAPINFO, *LPBITMAPINFO, *PBITMAPINFO;
结构体: BITMAPINFOHEADER
头文件: wingdi.h
帮助文档: https://docs.microsoft.com/en-us/windows/win32/api/wingdi/ns-wingdi-bitmapinfoheader
typedef struct tagBITMAPINFOHEADER {
DWORD biSize;
LONGbiWidth;
LONGbiHeight;
WORDbiPlanes;
WORDbiBitCount;
DWORD biCompression;
DWORD biSizeImage;
LONGbiXPelsPerMeter;
LONGbiYPelsPerMeter;
DWORD biClrUsed;
DWORD biClrImportant;
} BITMAPINFOHEADER, *LPBITMAPINFOHEADER, *PBITMAPINFOHEADER;
获取光标
参数说明:
m_ItemResourceData->ResourceDataSize // 光标资源大小
ResourceDataFOA // 光标资源指针
// 光标头
ICONHEAD IconHead;
memset(&IconHead, 0, sizeof(ICONHEAD));
IconHead.idReserved = 0;
IconHead.idType = 1;
IconHead.idCount = 1;
// 光标图像索引
ICONDIRENTRY m_ICONDIRENTRY;
memset(&m_ICONDIRENTRY, 0, sizeof(ICONDIRENTRY));
m_ICONDIRENTRY.bWidth = BitmapInfoHead->biWidth;
m_ICONDIRENTRY.bHeight = BitmapInfoHead->biHeight;
m_ICONDIRENTRY.bColorCount = 0;
m_ICONDIRENTRY.biPlanes = 0;
m_ICONDIRENTRY.biBitCount = 0;
m_ICONDIRENTRY.dwBytesInRes = m_ItemResourceData->ResourceDataSize - 4;
m_ICONDIRENTRY.dwImageOffset = sizeof(ICONHEAD) + sizeof(ICONDIRENTRY);
char *CursorBuff = new char;
// 文件头
memcpy(CursorBuff, &IconHead, sizeof(ICONHEAD));
// 图像数据块索引头
memcpy(CursorBuff + sizeof(ICONHEAD), &m_ICONDIRENTRY, sizeof(m_ICONDIRENTRY));
// 图像数据块
memcpy(CursorBuff + sizeof(ICONHEAD) + sizeof(ICONDIRENTRY), ResourceDataFOA + 4, m_ItemResourceData->ResourceDataSize - 4);
5. 位图
参考链接: http://blog.chinaunix.net/uid-112998-id-2886016.html
结构体: BITMAPFILEHEADER
说明: BITMAPFILEHEADER结构包含有关包含DIB的文件的类型,大小和布局的信息。
头文件: wingdi.h
帮助文档: https://docs.microsoft.com/en-us/windows/win32/api/wingdi/ns-wingdi-bitmapfileheader
typedef struct tagBITMAPFILEHEADER {
WORDbfType;
DWORD bfSize;
WORDbfReserved1;
WORDbfReserved2;
DWORD bfOffBits;
} BITMAPFILEHEADER, *LPBITMAPFILEHEADER, *PBITMAPFILEHEADER;
参数说明: 仅供参考, 详细说明请参考原文
结构体: BITMAPINFOHEADER
头文件: wingdi.h
帮助文档: https://docs.microsoft.com/en-us/windows/win32/api/wingdi/ns-wingdi-bitmapinfoheader
参数说明: 仅供参考, 详细说明请参考原文
BITMAPFILEHEADER m_BmpHead;
m_BmpHead.bfType = *(DWORD*)"BM";
m_BmpHead.bfSize = sizeof(BITMAPFILEHEADER);
m_BmpHead.bfReserved1 = 0;
m_BmpHead.bfReserved2 = 0;
m_BmpHead.bfOffBits = sizeof(BITMAPFILEHEADER) + sizeof(BITMAPINFOHEADER);
char* heapBuff = new char
memcpy(heapBuff, &m_BmpHead, sizeof(BITMAPFILEHEADER));
memcpy((char*)heapBuff + 14, ResourceDataFOA, m_ItemResourceData->ResourceDataSize);
6. 图标
CUR 与 ICON 文件结构一样, 不同的是文件头的图像类型.请参见CUR
7. 光标组
光标组资源只存储了光标文件头信息 和光标索引.
// 获取光标图像头数据
ICONHEAD *IconHead = (ICONHEAD *)ResourceDataFOA;
DWORD offset = sizeof(ICONHEAD);
DWORD CurHeadBuffSize = sizeof(ICONHEAD) + sizeof(ICONDIRENTRY)*IconHead->idCount;
char *CurHeadBuff = new char;
memset(CurHeadBuff, 0, sizeof(ICONHEAD) + sizeof(ICONDIRENTRY)*IconHead->idCount);
memcpy(CurHeadBuff, IconHead, sizeof(ICONHEAD));
// 图像数据
for (int i = 0; i < IconHead->idCount; i++)
{
struct CURINFO
{
WORDbWidth; // 图像宽度
WORDbHeight; // 图像高度
WORDbiPlanes; // 目标设备的平面数
WORDbiBitCount; // 每个像素的位数
DWORD bitmapSize; // 图像大小
}*pCurInfo = (CURINFO *)(ResourceDataFOA + offset);
offset += sizeof(CURINFO);
// 图像索引
WORDCurIndex = *(WORD*)(ResourceDataFOA + offset);
offset += sizeof(WORD);
// 图像数据索引
ICONDIRENTRY m_ICONDIRENTRY;
m_ICONDIRENTRY.bWidth = (BYTE)pCurInfo->bWidth;
m_ICONDIRENTRY.bHeight = (BYTE)pCurInfo->bHeight;
m_ICONDIRENTRY.bColorCount = 0;
m_ICONDIRENTRY.biPlanes = 0;
m_ICONDIRENTRY.biBitCount = 0;
m_ICONDIRENTRY.dwBytesInRes = pCurInfo->bitmapSize - 4;
m_ICONDIRENTRY.dwImageOffset = sizeof(ICONDIRENTRY)*IconHead->idCount + sizeof(ICONHEAD) + ImageDataBuffSize;
memcpy(CurHeadBuff + sizeof(ICONHEAD) + sizeof(ICONDIRENTRY) * i , &m_ICONDIRENTRY, sizeof(ICONDIRENTRY));
// 图像数据
char *TempBuff = new char;
memset(TempBuff, 0, ImageDataBuffSize + pCurInfo->bitmapSize - 4);
memcpy(TempBuff, CurIamgeBuff, ImageDataBuffSize);
memcpy(TempBuff + ImageDataBuffSize, m_DataBuff + m_ItemResourceData->ResourceDataFOA + 4, pCurInfo->bitmapSize - 4);
delete CurIamgeBuff;
CurIamgeBuff = TempBuff;
ImageDataBuffSize += pCurInfo->bitmapSize - 4;
}
8. 图标组
图标组与光标组结构相同 请参见光标组
不错,感谢 BUCISOADDAD 謝謝樓主分享{:1_921:} 点进来看一下,发现不明白,太深奥了! 刚好学习这部分 感谢楼主分享{:1_893:}
页:
[1]