[PE结构分析] 11.资源表结构,pe结构

资源表是一个树形结构,可以设置成2的31次方的层数,Windows 使用了3级:

[PE结构分析] 11.资源表结构,pe结构

资源表是一个树形结构,可以设置成2的31次方的层数,Windows 使用了3级:

类型->名称->语言

 

其中涉及到四个结构:

 

Data

Description

Resource Directory Tables (and Resource Directory Entries)

A series of tables, one for each group of nodes in the tree. All top-level (Type) nodes are listed in the first table. Entries in this table point to second-level tables. Each second-level tree has the same Type ID but different Name IDs. Third-level trees have the same Type and Name IDs but different Language IDs.

Each individual table is immediately followed by directory entries, in which each entry has a name or numeric identifier and a pointer to a data description or a table at the next lower level.

Resource Directory Strings

Two-byte-aligned Unicode strings, which serve as string data that is pointed to by directory entries.

Resource Data Description

An array of records, pointed to by tables, that describe the actual size and location of the resource data. These records are the leaves in the resource-description tree.

Resource Data

Raw data of the resource section. The size and location information in the Resource Data Descriptions field delimit the individual regions of resource data.

 

 

 

 

类型->名称->语言

Resource Directory Table

Each resource directory table has the following format. This data
structure should be considered the heading of a table because the table
actually consists of directory entries (described in section 6.9.2,
“Resource Directory Entries”) and this structure:

Offset

Size

Field

Description

  0

4

Characteristics

Resource flags. This field is reserved for future use. It is currently set to zero.

  4

4

Time/Date Stamp

The time that the resource data was created by the resource compiler.

  8

2

Major Version

The major version number, set by the user.

10

2

Minor Version

The minor version number, set by the user.

12

2

Number of Name Entries

The number of directory entries immediately following the table that use strings to identify Type, Name, or Language entries (depending on the level of the table).

14

2

Number of ID Entries

The number of directory entries immediately following the Name entries that use numeric IDs for Type, Name, or Language entries.

图片 1

 

 

Resource Directory Entries

The directory entries make up the rows of a table. Each resource
directory entry has the following format. Whether the entry is a Name or
ID entry is indicated by the resource directory table, which indicates
how many Name and ID entries follow it (remember that all the Name
entries precede all the ID entries for the table). All entries for the
table are sorted in ascending order: the Name entries by case-sensitive
string and the ID entries by numeric value.  Offsets are relative to the
address in the IMAGE_DIRECTORY_ENTRY_RESOURCE DataDirectory.

Offset

Size

Field

Description

0

4

Name Offset

The offset of a string that gives the Type, Name, or Language ID entry, depending on level of table.

0

4

Integer ID

A 32-bit integer that identifies the Type, Name, or Language ID entry.

4

4

Data Entry Offset

High bit 0. Address of a Resource Data entry (a leaf).

4

4

Subdirectory Offset

High bit 1. The lower 31 bits are the address of another resource directory table (the next level down).

其中涉及到四个结构:

 

 

Resource Directory String

The resource directory string area consists of Unicode strings, which
are word-aligned. These strings are stored together after the last
Resource Directory entry and before the first Resource Data entry. This
minimizes the impact of these variable-length strings on the alignment
of the fixed-size directory entries. Each resource directory string has
the following format:

Offset

Size

Field

Description

0

2

Length

The size of the string, not including length field itself.

2

variable

Unicode String

The variable-length Unicode string data, word-aligned.

Data

Description

Resource Directory Tables (and Resource Directory Entries)

A series of tables, one for each group of nodes in the tree. All top-level (Type) nodes are listed in the first table. Entries in this table point to second-level tables. Each second-level tree has the same Type ID but different Name IDs. Third-level trees have the same Type and Name IDs but different Language IDs.

Each individual table is immediately followed by directory entries, in which each entry has a name or numeric identifier and a pointer to a data description or a table at the next lower level.

Resource Directory Strings

Two-byte-aligned Unicode strings, which serve as string data that is pointed to by directory entries.

Resource Data Description

An array of records, pointed to by tables, that describe the actual size and location of the resource data. These records are the leaves in the resource-description tree.

Resource Data

Raw data of the resource section. The size and location information in the Resource Data Descriptions field delimit the individual regions of resource data.

 

 

Resource Data Entry

Each Resource Data entry describes an actual unit of raw data in the
Resource Data area. A Resource Data entry has the following format:

Offset

Size

Field

Description

  0

4

Data RVA

The address of a unit of resource data in the Resource Data area.

  4

4

Size

The size, in bytes, of the resource data that is pointed to by the Data RVA field.

  8

4

Codepage

The code page that is used to decode code point values within the resource data. Typically, the code page would be the Unicode code page.

12

4

Reserved, must be 0.

] 11.资源表结构,pe结构
资源表是一个树形结构,可以设置成2的31次方的层数,Windows 使用了3级:
类型-名称-语言 其中涉及到四…

 

相关文章

发表评论

电子邮件地址不会被公开。 必填项已用*标注

*
*
Website