7 replies to this topic

[sydetys]

Hi! I have heard that there is no direct windows API to get icon and saving it on hard disk.
So I started learning PE file structure in hopes that I can extract it using PE editor and hex editor.

IS that possble?

I am asking because I don´t wanna waste my time if this isn´t possible.

I know ICON is in .rsrc section area (optional header) and IMAGE_DIRECTORY_ENTRY_RESOURCE 2.

In PE header there is also tiny area called .rsrc, isn´t value there starting offset of resource area?

PE editor lets me choose to copy ALL data from .rsrc area into file.

There is much c¤%p in it. but if I am correct icon should be somewhere there, right?

How would I identify icon data from all that area? any clues/hints, GREAT links on this matter?


thanx

[sydetys]

BTW, I found that PE editor searches resources and showed icon picture.

It also gave "RVA to data" and Size of that icon, also name entries and ID entries.

Anything I can do with that info while pinpointing icon in file?

I tried to calculate end of icon: RVA to data +/- Size but noo.

RVA to data to data IS starting offset?

Should I do this calculation instead: VA (or base image) - RVA to data and after that RVA to data + Size = end of icon?

[D-Tox]

what about a simple PE resource editor
such as:

http://www.wilsonc.d...ourceeditor.htm

might be far more easier than extracting the ICON from the exe by hand, even if it is possible.

Also if you're into programming, you may use the dedicated OS functions for that such as ExtractIcon and ExtractIconEx

http://msdn.microsoft.com/en-us/library/ms648068(VS.85).aspx

Once you have the handle on the icon, there are a few ways to copy the structure on disk.

[sydetys]

what about a simple PE resource editor
such as:

http://www.wilsonc.d...ourceeditor.htm

might be far more easier than extracting the ICON from the exe by hand, even if it is possible.

Also if you're into programming, you may use the dedicated OS functions for that such as ExtractIcon and ExtractIconEx

http://msdn.microsoft.com/en-us/library/ms648068(VS.85).aspx

Once you have the handle on the icon, there are a few ways to copy the structure on disk.

I tried ExtractIconEx but I´m not at that level in c++ yet.

And I don´t wanna use editor which automatically rips icon and saves on disk because I want to learn to do it myself. And I suspect that d10resourceeditor does just that.

So that proves it´s possible. good.

[D-Tox]

you'll easily find a few places where there are pieces of code that are doing exactly what you want

[illwill]

http://www.codeproje...mExeorDLLs.aspx

[sydetys]

http://www.codeproje...mExeorDLLs.aspx

Yep, I found that but before I checked any source/demo..

I managed on my own.

Magic was to add ONLY bitmapheader 1st into a new ,blank, file and then add icon data from .exe, nothing else => bitmap file. in .exe bitmap started in resource directory directly from bitmapinfoheader skipping main header.

Of course there must be that too somewhere.

With this goofing I learned to understand a lot about .exe/dll structure and the stuff which is showing on hex editor view.