enum resource of a process -- does not work
// resource_dump.cpp : this is expected to work, but it does not.
//
#include "stdafx.h"
//#pragma warning(disable:4786)
//#include <windows.h>
//#include <strsafe.h>
//#include <iostream>
//#include <psapi.h>
//#pragma comment(lib,"psapi.lib")
//#include <string>
//#include <algorithm>
//#include <map>
char szBuffer[80]; // print buffer for EnumResourceTypes
DWORD cbWritten; // number of bytes written to res. info. file
size_t cbString; // length of string in sprintf
HRESULT hResult;
HANDLE hFile;
LPCTSTR line_return = ("\n");
class HandleWrapper
{
public:
HandleWrapper(HANDLE h):m_handle(h){
}
~HandleWrapper()
{
if(NULL != m_handle)
CloseHandle(m_handle);
}
HANDLE Detach()
{
HANDLE h = m_handle;
m_handle = NULL;
return h;
}
private:
HANDLE m_handle;
};
void ErrorHandler(LPCTSTR msg)
{
std::cout<<msg<<std::endl;
}
HANDLE get_process_handle(DWORD processID)
{
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID );
return hProcess;
}
bool res_type_to_str(LPTSTR szBuffer,int sizeofbuf,DWORD res_type)
{
//return true if the type is known,
//return false if the type is unknown
std::map<USHORT,std::string> res_type_name;
res_type_name[(USHORT)RT_CURSOR] = "RT_CURSOR";
res_type_name[(USHORT)RT_BITMAP] = "RT_BITMAP";
res_type_name[(USHORT)RT_ICON] = "RT_ICON";
res_type_name[(USHORT)RT_MENU] = "RT_MENU";
res_type_name[(USHORT)RT_DIALOG] = "RT_DIALOG";
res_type_name[(USHORT)RT_STRING] = "RT_STRING";
res_type_name[(USHORT)RT_FONTDIR] = "RT_FONTDIR";
res_type_name[(USHORT)RT_FONT] = "RT_FONT";
res_type_name[(USHORT)RT_ACCELERATOR] = "RT_ACCELERATOR";
res_type_name[(USHORT)RT_RCDATA] = "RT_RCDATA";
res_type_name[(USHORT)RT_MESSAGETABLE] = "RT_MESSAGETABLE";
res_type_name[(USHORT)RT_VERSION] = "RT_VERSION";
res_type_name[(USHORT)RT_DLGINCLUDE] = "RT_DLGINCLUDE";
res_type_name[(USHORT)RT_MANIFEST] = "RT_MANIFEST";
res_type_name[(USHORT)RT_HTML] = "RT_HTML";
res_type_name[(USHORT)RT_ANIICON] = "RT_ANIICON";
res_type_name[(USHORT)RT_ANICURSOR] = "RT_ANICURSOR";
res_type_name[(USHORT)RT_VXD] = "RT_VXD";
res_type_name[(USHORT)RT_PLUGPLAY] = "RT_PLUGPLAY";
if(res_type_name.find(res_type)!=res_type_name.end())
{
hResult = StringCchPrintf(szBuffer, sizeofbuf, "Type: %s\n",
res_type_name[(USHORT)res_type].c_str());
return true;
}
return false;
}
// FUNCTION: EnumLangsFunc(HANDLE, LPSTR, LPSTR, WORD, LONG)
//
// PURPOSE: Resource language callback
BOOL EnumLangsFunc(
HANDLE hModule, // module handle
LPCTSTR lpType, // address of resource type
LPCTSTR lpName, // address of resource name
WORD wLang, // resource language
LONG lParam) // extra parameter, could be
// used for error checking
{
HANDLE hResInfo;
char szBuffer[80];
size_t cbString = 0;
HRESULT hResult;
hResInfo = FindResourceEx((HMODULE)hModule, lpType, lpName,
wLang);
// Write the resource language to the resource information file.
hResult = StringCchPrintf(szBuffer, 80/sizeof(TCHAR),
"\t\tLanguage: %u\n", (USHORT) wLang);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return FALSE;
}
hResult = StringCchLength(szBuffer, 80/sizeof(TCHAR), &cbString);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return FALSE;
}
WriteFile(hFile, szBuffer, (DWORD) cbString,
&cbWritten, NULL);
// Write the resource handle and size to buffer.
cbString = StringCchPrintf(szBuffer,
sizeof(szBuffer)/sizeof(szBuffer[0]),
"\t\thResInfo == %lx, Size == %lu\n\n",
hResInfo,
SizeofResource((HMODULE)hModule, (HRSRC)hResInfo));
WriteFile(hFile, szBuffer, (DWORD) cbString,
&cbWritten, NULL);
return TRUE;
}
// FUNCTION: EnumNamesFunc(HANDLE, LPSTR, LPSTR, LONG)
//
// PURPOSE: Resource name callback
BOOL EnumNamesFunc(
HANDLE hModule, // module handle
LPCTSTR lpType, // address of resource type
LPTSTR lpName, // address of resource name
LONG lParam) // extra parameter, could be
// used for error checking
{
size_t cbString;
HRESULT hResult;
// Write the resource name to a resource information file.
// The name may be a string or an unsigned decimal
// integer, so test before printing.
if ((ULONG)lpName & 0xFFFF0000)
{
hResult = StringCchPrintf(szBuffer, 80/sizeof(TCHAR),
"\tName: %s\n", lpName);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return FALSE;
}
}
else
{
hResult = StringCchPrintf(szBuffer, 80/sizeof(TCHAR),
"\tName: %u\n", (USHORT)lpName);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return FALSE;
}
}
hResult = StringCchLength(szBuffer, 80/sizeof(TCHAR), &cbString);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return FALSE;
}
WriteFile(hFile, szBuffer, (DWORD) cbString,
&cbWritten, NULL);
// Find the languages of all resources of type
// lpType and name lpName.
EnumResourceLanguages((HMODULE)hModule,
lpType,
lpName,
(ENUMRESLANGPROC)EnumLangsFunc,
0);
return TRUE;
}
// FUNCTION: EnumTypesFunc(HANDLE, LPSTR, LONG)
//
// PURPOSE: Resource type callback
BOOL EnumTypesFunc(
HANDLE hModule, // module handle
LPTSTR lpType, // address of resource type
LONG lParam) // extra parameter, could be
// used for error checking
{
size_t cbString;
HRESULT hResult;
// Write the resource type to a resource information file.
// The type may be a string or an unsigned decimal
// integer, so test before printing.
if ((ULONG)lpType & 0xFFFF0000)
{
long res_type = atoi(lpType);
if(res_type_to_str(szBuffer,80/sizeof(TCHAR),res_type) == false)
hResult = StringCchPrintf(szBuffer, 80/sizeof(TCHAR),
"Type: %s\n", lpType);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return FALSE;
}
}
else
{
if(res_type_to_str(szBuffer,80/sizeof(TCHAR),(USHORT)lpType) ==
false)
hResult = StringCchPrintf(szBuffer, 80/sizeof(TCHAR),
"Type: %u\n", (USHORT)lpType);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return FALSE;
}
}
hResult = StringCchLength(szBuffer, 80/sizeof(TCHAR), &cbString);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return FALSE;
}
WriteFile(hFile, szBuffer, (DWORD) cbString,
&cbWritten, NULL);
// Find the names of all resources of type lpType.
EnumResourceNames((HMODULE)hModule,
lpType,
(ENUMRESNAMEPROC)EnumNamesFunc,
0);
return TRUE;
}
DWORD get_process_id(LPCTSTR process_name)
{
DWORD ret = -1;
DWORD aProcesses[1024], cbNeeded = 0, cProcesses = 0;
unsigned int i = 0;
if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
return ret;
std::string key = process_name;
std::transform(key.begin(), key.end(), key.begin(),
(int(*)(int)) toupper);
cProcesses = cbNeeded / sizeof(DWORD);
for ( i = 0; i < cProcesses; i++ )
{
DWORD processID = aProcesses[i];
char szProcessName[MAX_PATH] = "<unknown>";
HANDLE hProcess = get_process_handle( processID );
HandleWrapper proce_obj(hProcess);
if (NULL != hProcess )
{
HMODULE hMod;
DWORD cbNeeded;
if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod),
&cbNeeded) )
{
GetModuleBaseName( hProcess, hMod, szProcessName,
sizeof(szProcessName) );
}
}
std::transform(szProcessName, szProcessName+sizeof(szProcessName),
szProcessName,
(int(*)(int)) toupper);
if(strstr(szProcessName,key.c_str()))
return processID;
}
return ret;
}
void dump_res(LPCTSTR process_name)
{
//dump resource of a process
if(NULL == process_name || '\0' == process_name[0])
return;
HANDLE hExe = get_process_handle(get_process_id(process_name));
if (hExe == NULL)
{
ErrorHandler("Failed to find the process");
return;
}
// Create a file to contain the resource info.
hFile = CreateFile("resinfo.txt", // name of file
GENERIC_READ | GENERIC_WRITE, // access mode
0, // share mode
(LPSECURITY_ATTRIBUTES) NULL, // default security
CREATE_ALWAYS, // create flags
FILE_ATTRIBUTE_NORMAL, // file attributes
(HANDLE) NULL); // no template
if (hFile == INVALID_HANDLE_VALUE) {
ErrorHandler("Could not open file.");
}
HandleWrapper file_handle_obj(hFile);
hResult = StringCchPrintf(szBuffer, 80/sizeof(TCHAR),
"The file contains the following resources:\n\n");
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return;
}
hResult = StringCchLength(szBuffer, 80/sizeof(TCHAR), &cbString);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return;
}
WriteFile(hFile, // file to hold resource info.
szBuffer, // what to write to the file
(DWORD) cbString, // number of bytes in szBuffer
&cbWritten, // number of bytes written
NULL); // no overlapped I/O
HMODULE hMods[1024];
DWORD cbNeeded = 0;
unsigned int i = 0;
if( EnumProcessModules(hExe, hMods, sizeof(hMods), &cbNeeded))
{
for ( i = 0; i < (cbNeeded / sizeof(HMODULE)); i++ )
{
char szModName[MAX_PATH];
DWORD dwcount = 0;
// Get the full path to the module's file.
if ( GetModuleFileNameEx( hExe, hMods[i], szModName,
sizeof(szModName)))
{
// Print the module name and handle value.
printf("\t%s (0x%08X)\n", szModName, hMods[i] );
WriteFile(hFile,szModName,strlen(szModName),&dwcount,NULL);
WriteFile(hFile,line_return,strlen(line_return),&dwcount,
NULL);
}
SetErrorMode(SEM_FAILCRITICALERRORS);SEM_NOOPENFILEERRORBOX;
HMODULE hDllModule =
LoadLibraryEx(szModName,NULL,LOAD_LIBRARY_AS_DATAFILE);
SetErrorMode(0);
if(hDllModule)
{
EnumResourceTypes(hDllModule, // module handle
(ENUMRESTYPEPROC)EnumTypesFunc, // callback function
0);
FreeLibrary(hDllModule);// extra parameter
}
else
{
LPCTSTR load_failed = "failed to load the file\n";
WriteFile(hFile,load_failed,strlen(load_failed),&dwcount,
NULL);
}
}
}
}
int main(int argc, char* argv[])
{
printf("Dump resource of a process!\n");
dump_res("uedit32.exe");
system("pause");
return 0;
}
//
#include "stdafx.h"
//#pragma warning(disable:4786)
//#include <windows.h>
//#include <strsafe.h>
//#include <iostream>
//#include <psapi.h>
//#pragma comment(lib,"psapi.lib")
//#include <string>
//#include <algorithm>
//#include <map>
char szBuffer[80]; // print buffer for EnumResourceTypes
DWORD cbWritten; // number of bytes written to res. info. file
size_t cbString; // length of string in sprintf
HRESULT hResult;
HANDLE hFile;
LPCTSTR line_return = ("\n");
class HandleWrapper
{
public:
HandleWrapper(HANDLE h):m_handle(h){
}
~HandleWrapper()
{
if(NULL != m_handle)
CloseHandle(m_handle);
}
HANDLE Detach()
{
HANDLE h = m_handle;
m_handle = NULL;
return h;
}
private:
HANDLE m_handle;
};
void ErrorHandler(LPCTSTR msg)
{
std::cout<<msg<<std::endl;
}
HANDLE get_process_handle(DWORD processID)
{
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID );
return hProcess;
}
bool res_type_to_str(LPTSTR szBuffer,int sizeofbuf,DWORD res_type)
{
//return true if the type is known,
//return false if the type is unknown
std::map<USHORT,std::string> res_type_name;
res_type_name[(USHORT)RT_CURSOR] = "RT_CURSOR";
res_type_name[(USHORT)RT_BITMAP] = "RT_BITMAP";
res_type_name[(USHORT)RT_ICON] = "RT_ICON";
res_type_name[(USHORT)RT_MENU] = "RT_MENU";
res_type_name[(USHORT)RT_DIALOG] = "RT_DIALOG";
res_type_name[(USHORT)RT_STRING] = "RT_STRING";
res_type_name[(USHORT)RT_FONTDIR] = "RT_FONTDIR";
res_type_name[(USHORT)RT_FONT] = "RT_FONT";
res_type_name[(USHORT)RT_ACCELERATOR] = "RT_ACCELERATOR";
res_type_name[(USHORT)RT_RCDATA] = "RT_RCDATA";
res_type_name[(USHORT)RT_MESSAGETABLE] = "RT_MESSAGETABLE";
res_type_name[(USHORT)RT_VERSION] = "RT_VERSION";
res_type_name[(USHORT)RT_DLGINCLUDE] = "RT_DLGINCLUDE";
res_type_name[(USHORT)RT_MANIFEST] = "RT_MANIFEST";
res_type_name[(USHORT)RT_HTML] = "RT_HTML";
res_type_name[(USHORT)RT_ANIICON] = "RT_ANIICON";
res_type_name[(USHORT)RT_ANICURSOR] = "RT_ANICURSOR";
res_type_name[(USHORT)RT_VXD] = "RT_VXD";
res_type_name[(USHORT)RT_PLUGPLAY] = "RT_PLUGPLAY";
if(res_type_name.find(res_type)!=res_type_name.end())
{
hResult = StringCchPrintf(szBuffer, sizeofbuf, "Type: %s\n",
res_type_name[(USHORT)res_type].c_str());
return true;
}
return false;
}
// FUNCTION: EnumLangsFunc(HANDLE, LPSTR, LPSTR, WORD, LONG)
//
// PURPOSE: Resource language callback
BOOL EnumLangsFunc(
HANDLE hModule, // module handle
LPCTSTR lpType, // address of resource type
LPCTSTR lpName, // address of resource name
WORD wLang, // resource language
LONG lParam) // extra parameter, could be
// used for error checking
{
HANDLE hResInfo;
char szBuffer[80];
size_t cbString = 0;
HRESULT hResult;
hResInfo = FindResourceEx((HMODULE)hModule, lpType, lpName,
wLang);
// Write the resource language to the resource information file.
hResult = StringCchPrintf(szBuffer, 80/sizeof(TCHAR),
"\t\tLanguage: %u\n", (USHORT) wLang);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return FALSE;
}
hResult = StringCchLength(szBuffer, 80/sizeof(TCHAR), &cbString);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return FALSE;
}
WriteFile(hFile, szBuffer, (DWORD) cbString,
&cbWritten, NULL);
// Write the resource handle and size to buffer.
cbString = StringCchPrintf(szBuffer,
sizeof(szBuffer)/sizeof(szBuffer[0]),
"\t\thResInfo == %lx, Size == %lu\n\n",
hResInfo,
SizeofResource((HMODULE)hModule, (HRSRC)hResInfo));
WriteFile(hFile, szBuffer, (DWORD) cbString,
&cbWritten, NULL);
return TRUE;
}
// FUNCTION: EnumNamesFunc(HANDLE, LPSTR, LPSTR, LONG)
//
// PURPOSE: Resource name callback
BOOL EnumNamesFunc(
HANDLE hModule, // module handle
LPCTSTR lpType, // address of resource type
LPTSTR lpName, // address of resource name
LONG lParam) // extra parameter, could be
// used for error checking
{
size_t cbString;
HRESULT hResult;
// Write the resource name to a resource information file.
// The name may be a string or an unsigned decimal
// integer, so test before printing.
if ((ULONG)lpName & 0xFFFF0000)
{
hResult = StringCchPrintf(szBuffer, 80/sizeof(TCHAR),
"\tName: %s\n", lpName);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return FALSE;
}
}
else
{
hResult = StringCchPrintf(szBuffer, 80/sizeof(TCHAR),
"\tName: %u\n", (USHORT)lpName);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return FALSE;
}
}
hResult = StringCchLength(szBuffer, 80/sizeof(TCHAR), &cbString);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return FALSE;
}
WriteFile(hFile, szBuffer, (DWORD) cbString,
&cbWritten, NULL);
// Find the languages of all resources of type
// lpType and name lpName.
EnumResourceLanguages((HMODULE)hModule,
lpType,
lpName,
(ENUMRESLANGPROC)EnumLangsFunc,
0);
return TRUE;
}
// FUNCTION: EnumTypesFunc(HANDLE, LPSTR, LONG)
//
// PURPOSE: Resource type callback
BOOL EnumTypesFunc(
HANDLE hModule, // module handle
LPTSTR lpType, // address of resource type
LONG lParam) // extra parameter, could be
// used for error checking
{
size_t cbString;
HRESULT hResult;
// Write the resource type to a resource information file.
// The type may be a string or an unsigned decimal
// integer, so test before printing.
if ((ULONG)lpType & 0xFFFF0000)
{
long res_type = atoi(lpType);
if(res_type_to_str(szBuffer,80/sizeof(TCHAR),res_type) == false)
hResult = StringCchPrintf(szBuffer, 80/sizeof(TCHAR),
"Type: %s\n", lpType);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return FALSE;
}
}
else
{
if(res_type_to_str(szBuffer,80/sizeof(TCHAR),(USHORT)lpType) ==
false)
hResult = StringCchPrintf(szBuffer, 80/sizeof(TCHAR),
"Type: %u\n", (USHORT)lpType);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return FALSE;
}
}
hResult = StringCchLength(szBuffer, 80/sizeof(TCHAR), &cbString);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return FALSE;
}
WriteFile(hFile, szBuffer, (DWORD) cbString,
&cbWritten, NULL);
// Find the names of all resources of type lpType.
EnumResourceNames((HMODULE)hModule,
lpType,
(ENUMRESNAMEPROC)EnumNamesFunc,
0);
return TRUE;
}
DWORD get_process_id(LPCTSTR process_name)
{
DWORD ret = -1;
DWORD aProcesses[1024], cbNeeded = 0, cProcesses = 0;
unsigned int i = 0;
if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
return ret;
std::string key = process_name;
std::transform(key.begin(), key.end(), key.begin(),
(int(*)(int)) toupper);
cProcesses = cbNeeded / sizeof(DWORD);
for ( i = 0; i < cProcesses; i++ )
{
DWORD processID = aProcesses[i];
char szProcessName[MAX_PATH] = "<unknown>";
HANDLE hProcess = get_process_handle( processID );
HandleWrapper proce_obj(hProcess);
if (NULL != hProcess )
{
HMODULE hMod;
DWORD cbNeeded;
if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod),
&cbNeeded) )
{
GetModuleBaseName( hProcess, hMod, szProcessName,
sizeof(szProcessName) );
}
}
std::transform(szProcessName, szProcessName+sizeof(szProcessName),
szProcessName,
(int(*)(int)) toupper);
if(strstr(szProcessName,key.c_str()))
return processID;
}
return ret;
}
void dump_res(LPCTSTR process_name)
{
//dump resource of a process
if(NULL == process_name || '\0' == process_name[0])
return;
HANDLE hExe = get_process_handle(get_process_id(process_name));
if (hExe == NULL)
{
ErrorHandler("Failed to find the process");
return;
}
// Create a file to contain the resource info.
hFile = CreateFile("resinfo.txt", // name of file
GENERIC_READ | GENERIC_WRITE, // access mode
0, // share mode
(LPSECURITY_ATTRIBUTES) NULL, // default security
CREATE_ALWAYS, // create flags
FILE_ATTRIBUTE_NORMAL, // file attributes
(HANDLE) NULL); // no template
if (hFile == INVALID_HANDLE_VALUE) {
ErrorHandler("Could not open file.");
}
HandleWrapper file_handle_obj(hFile);
hResult = StringCchPrintf(szBuffer, 80/sizeof(TCHAR),
"The file contains the following resources:\n\n");
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return;
}
hResult = StringCchLength(szBuffer, 80/sizeof(TCHAR), &cbString);
if (FAILED(hResult))
{
// Add code to fail as securely as possible.
return;
}
WriteFile(hFile, // file to hold resource info.
szBuffer, // what to write to the file
(DWORD) cbString, // number of bytes in szBuffer
&cbWritten, // number of bytes written
NULL); // no overlapped I/O
HMODULE hMods[1024];
DWORD cbNeeded = 0;
unsigned int i = 0;
if( EnumProcessModules(hExe, hMods, sizeof(hMods), &cbNeeded))
{
for ( i = 0; i < (cbNeeded / sizeof(HMODULE)); i++ )
{
char szModName[MAX_PATH];
DWORD dwcount = 0;
// Get the full path to the module's file.
if ( GetModuleFileNameEx( hExe, hMods[i], szModName,
sizeof(szModName)))
{
// Print the module name and handle value.
printf("\t%s (0x%08X)\n", szModName, hMods[i] );
WriteFile(hFile,szModName,strlen(szModName),&dwcount,NULL);
WriteFile(hFile,line_return,strlen(line_return),&dwcount,
NULL);
}
SetErrorMode(SEM_FAILCRITICALERRORS);SEM_NOOPENFILEERRORBOX;
HMODULE hDllModule =
LoadLibraryEx(szModName,NULL,LOAD_LIBRARY_AS_DATAFILE);
SetErrorMode(0);
if(hDllModule)
{
EnumResourceTypes(hDllModule, // module handle
(ENUMRESTYPEPROC)EnumTypesFunc, // callback function
0);
FreeLibrary(hDllModule);// extra parameter
}
else
{
LPCTSTR load_failed = "failed to load the file\n";
WriteFile(hFile,load_failed,strlen(load_failed),&dwcount,
NULL);
}
}
}
}
int main(int argc, char* argv[])
{
printf("Dump resource of a process!\n");
dump_res("uedit32.exe");
system("pause");
return 0;
}
posted by Onega | 4:55 AM
0 Comments:
Post a Comment
<< Home