Freely available resource hacking applications

Question

I am using Resource Hacker as a tool to extract out resources like icon, images, etc. from .dll or .exe file. In addition, I am using it to crack some small Windows application. However, it does not work with all Win32 Application, especially with those that are zipped by .exe compressor.

Are there any other open source applications, that I can use to crack and extract resources out of .dll and .exe files?

Answer 1

If the previously suggested resource editors aren't to your liking, you can find descriptions and reviews of several resource editors here: http://www.woodmann.com/collaborative/tools/index.php/Category:Resource_Editors

In case you have trouble accessing that page (as per the comments below), here is the list of resource editors as of 2022-10-12:

• PE Explorer (paid, discontinued, last updated 2012)
• Resource Hacker (Reshacker) (proprietary)
• Explorer Suite (proprietary,last updated 2012)
• Anolis Resourcer (FLOSS, discontinued, last updated 2009, down) - archived download
• eXeScope
• ResFixer (last updated 2008)
• Resourcer for .NET (no longer available)
• StringEditor
• Stud_PE (last updated 2012)
• XN Resource Editor (FLOSS, basically discontinued)
• RisohEditor (FLOSS, active)
• Honorable mention: ResourcesExtract can mass-extract resources

PS: Woodman.com was referenced a few times above and archived versions of it can be found here

Answer 2

You can use ResEdit which is a resource editor for Windows programs available in both 32 Bit and 64 Bit versions.

You can download this freeware application from this link

Answer 3

• XN Resource Editor (open source under MPL; see also here)

• Resource Editor (free)

• ResEd (a free and open-source expert for Delphi)

Answer 4

I personally recommend CFF Explorer for reversing purposes as it provides a large volume of additional information on a binary.

Answer 5

I am not so sure what you mean with "zipped by .exe compressor", but if you mean packed executables, then the easiest to EXTRACT packed resources is as follows:

1. Run the executable, preferably in Virtual Machine.
2. Dump it using any memory dumper e.g. "Virtual Section Dumper".
3. Use a PE editor e.g. Stud_PE to fix the section table by shrinking the value of the NumberOfSections field into only one. (One big section) and adjusting Raw/VirtualSize and Raw/VirtualOffset accordingly.
4. Use Resource Hacker.

N.B.: You can try with more than one Resource editor e.g. ResEdit since many resource editors out there follow weird rules for PE header as they only expect typical PE headers.

Ironically, one resource editor expects the resources to be embedded in a section named .rsrc, otherwise it rejects them. Others don't see resources if embedded in a section marked as IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x80.

One the other hand if you can attach to the running process without problems (No or bypassed Anti-Attaching tricks), you can use OllyDbg v1.10 for that as follows:

1. After attach, Select "View" then "Memory" Alt+M). You will get list of sections beside other memory blocks.
2. Spot the resources section. e.g. .rsrc. Right-Click the target section and "View all resources". You will then a list of well-sorted resources.
3. Right-Click whichever resource you want and select "dump". A new window will pop up.
4. Right-Click inside the hex view of the new window and select "Backup" and "Save data to file".

Hope it helps