OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: April 28, 2012 02:52 CDT by DriEm .

Inspired by Angus Johnson's Resource Hacker and by Chris Eagle's "The IDA Pro Book", I developed a compact resource viewer to be used with IDA version 5.0 or higher.

The plugin is invoked by Alt+F5 hotkey or from Edit/Plugin sub-menu. It opens a subview and lists all resources contained in a Windows PE executable, provided that the executable has been loaded into IDA with the "Load resources" option checked. Double-click on a list record to display that resource.

Click below for a screenshot of the plugin listing the resources of NOTEPAD.EXE:

It is still rudimentary, and I plan to add more features in the future. Please leave your comments here.

--------------------------------

Name: IDA Resource Viewer plugin
Version: 0.6
Author: DriEm
Distribution: Binary only
Platform: IDA for Windows version 5.0 or higher
Price: Free for non-commercial use
Description: Resource viewer for IDA

Download: https://rapidshare.com/files/1648962871/idares.plw
MD5: f038506b867e06c017e69928f0aed0cb

Download version 0.3 for IDA Freeware Vesrion 5.0: https://rapidshare.com/files/3819039869/idaresfr.plw
MD5: 9f6d7bff1e03356007e9a6e74fda06dd

waleedassar		April 28, 2012 15:51.28 CDT
Nice plugin, but it is subject to "stack overflow" due to an infinite loop when processing a specially crafted resource directory. http://ollytlscatch.googlecode.com/files/antiResHacker.exe N.B. Resource Hacker is also subject to this bug.

DriEm		April 29, 2012 16:39.01 CDT
> waleedassar: Nice plugin, but it is subject to \"stack overflow\" due to an infinite loop when processing a specially crafted resource directory. > > http://ollytlscatch.googlecode.com/files/antiResHacker.exe > > N.B. Resource Hacker is also subject to this bug. Thanks for pointing this out. I've fixed it, click below for a screenshot of the plugin listing the resources of "antiResHacker.exe": I'll integrate the fix into the next release.

jduck		April 29, 2012 20:58.42 CDT
Are you planning to release the source??

DriEm		May 1, 2012 12:20.50 CDT
> jduck: Are you planning to release the source?? Nope. I plan to release an updated version within a few days.

DriEm		May 2, 2012 09:40.43 CDT
Version 0.2 released, head post updated accordingly. Changes: - "infinite loop" vulnerability (as pointed out by waleedassar) fixed - if the selected resource is a bitmap, it is displayed in a dialog box

waleedassar		May 2, 2012 11:38.04 CDT
Another infinite loop already exists. No stack overflow, just a typical infinite loop. Two demos have been included in the archive below. http://www.filefactory.com/file/5v4iva89en85/n/idares_loops_rar

DriEm		May 11, 2012 11:55.56 CDT
> waleedassar: Another infinite loop already exists. No stack overflow, just a typical infinite loop. > > Two demos have been included in the archive below. > > http://www.filefactory.com/file/5v4iva89en85/n/idares_loops_rar What do your example EXEs do? Do they use resources?

waleedassar		May 11, 2012 13:59.52 CDT
Yes, they embed resources. http://uploadpic.org/v.php?img=Lg3hb8YWjk http://uploadpic.org/v.php?img=b4R3yayQCI

DriEm		May 13, 2012 13:59.08 CDT
Version 0.3 released, head post updated accordingly. Changes: - another "infinite loop" vulnerability fixed (thanks again to waleedassar) - execution speed-up through minor changes - plugin compiled for IDA Freeware Version 5.0 (this is the currently distributed free IDA version)

DriEm		June 12, 2012 13:28.21 CDT
Version 0.6 released, head post updated accordingly. Changes: - displaying more resource types (bitmaps, icons, cursors, dialogs, strings, menus) - for MFC executables, the event handler for a dialog button and for a menu item is printed out to IDA's Output window (may be redundant) - for Delphi executables, all event handlers for a form's buttons are printed out to IDA's Output window (tested on Embarcadero Delphi 2010 executables)

r2x64		May 12, 2013 09:27.10 CDT
Hey, any new downloading link for this? It seems that the old links don't work anymore.

Note: Registration is required to post to the forums.

There are 29,898 total registered users.

Recently Created Topics
Decompiling raw bina...	May/22
Incorrect bitness wh...	May/20
PaiMei stalker modul...	May/19
Attach to program us...	May/13
IDA PRO how to make ...	May/12
FACT: OpenRCE is dead.	May/08
Int 3 anti debug?	May/05
help needed - Beginn...	May/03
Attaching IDA Pro to...	Apr/27
File type	Apr/21

Recent Forum Posts
Ollydbg 2.0 - Plugin...	openrce...
IDA PRO how to make ...	codeinject
FACT: OpenRCE is dead.	codeinject
IDA Resource Viewer ...	r2x64
FACT: OpenRCE is dead.	djnemo
FACT: OpenRCE is dead.	codeinject
FACT: OpenRCE is dead.	pedram
help needed - Beginn...	araujo
Attaching IDA Pro to...	codeinject
Int 3 anti debug?	codeinject

Recent Blog Entries
	lowpriority	Apr/13
OllyMigrate Plugin for Olly...
	everdox	Mar/08
2 anti-trace mechanisms spe...
	everdox	Mar/07
Advanced debugging techniques
	everdox	Mar/06
Branch tracing and LBR acce...
	everdox	Mar/05
Using pre-paged in virtual ...
More ...

Recent Blog Comments
	clarisonic on:	Apr/03
New version of Ollydbg!
	clarisonic on:	Apr/03
New version of Ollydbg!
	trackerx90 on:	Mar/04
SuppressDebugMsg As Anti-De...
	coachfactory on:	Feb/25
Portable Executable Format ...
	coachfactory on:	Feb/25
A new Anti-Olly trick.
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

View Gallery (11) / Submit