Thread: how can i read .RData contents in an executable file?

  1. #1
    بابلی ریکا Masterx's Avatar
    Join Date
    Nov 2007
    Location
    Somewhere nearby,Who Cares?
    Posts
    497

    how can i read .RData contents in an executable file?

    hello all, i found out that nearly all of the strings used in a generic .exe file is placed in .rdata session of it! so i was curious how i can read those strings! from that session in C++ ! ,
    ive already given it a try and searched google for any result that might come to help! but no luck !
    can anyone give me a help in this ?
    Highlight Your Codes
    The Boost C++ Libraries (online Reference)

    "...a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are,in short, a perfect match.."
    Bill Bryson


  2. #2
    بابلی ریکا Masterx's Avatar
    Join Date
    Nov 2007
    Location
    Somewhere nearby,Who Cares?
    Posts
    497
    well, lets try this this! have you ever tried opening an exe file using 7zip?
    when you right click on an *.exe and choose extract files!, you will get a folder containing all of the sessions that is included in an exe file , including .rdada , .idata, .text,.rsrc,and .bss and etc
    so let me ask , how can i do the same thing ? and have them in an folder!?
    Highlight Your Codes
    The Boost C++ Libraries (online Reference)

    "...a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are,in short, a perfect match.."
    Bill Bryson


  3. #3
    Hurry Slowly vart's Avatar
    Join Date
    Oct 2006
    Location
    Rishon LeZion, Israel
    Posts
    6,788
    Quote Originally Posted by Masterx View Post
    well, lets try this this! have you ever tried opening an exe file using 7zip?
    when you right click on an *.exe and choose extract files!, you will get a folder containing all of the sessions that is included in an exe file , including .rdada , .idata, .text,.rsrc,and .bss and etc
    so let me ask , how can i do the same thing ? and have them in an folder!?
    why not to take a source code of 7zip and take a look?
    All problems in computer science can be solved by another level of indirection,
    except for the problem of too many layers of indirection.
    – David J. Wheeler

  4. #4
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    What do you ACTUALLY want to do?

    The executable format of MS's files is documented, so you can read them just like any other binary file.

    Or you can use tools like "strings" to read strings from the file, perhaps?

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  5. #5
    بابلی ریکا Masterx's Avatar
    Join Date
    Nov 2007
    Location
    Somewhere nearby,Who Cares?
    Posts
    497
    Quote Originally Posted by matsp View Post
    What do you ACTUALLY want to do?

    The executable format of MS's files is documented, so you can read them just like any other binary file.

    Or you can use tools like "strings" to read strings from the file, perhaps?

    --
    Mats
    ive already gone after it , all of Microsoft executable files utilize a format called "PE"(portable executable) , i read an article concerning that which i found at wiki, well the PE has a structure
    http://upload.wikimedia.org/wikibook...vEngPEFile.JPG
    well , i have no idea which part contains the texts used in .exe, so just by chance i used 7zip and i noticed that there is an .rdata in any exe file that contains strings used in the file(.exe) so i managed to find a way to access that .rdata instead of messing with the whole PE strcuture and get the job more complecated!

    everytime i search about that .rdata! i bump into nonsens!


    and about looking at 7zip source code, well i m just a begginer and dont know much about C++ yet! so i may easily get confused ! anyway im planning to have look too .
    Last edited by Masterx; 03-30-2009 at 08:58 AM.
    Highlight Your Codes
    The Boost C++ Libraries (online Reference)

    "...a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are,in short, a perfect match.."
    Bill Bryson


  6. #6
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    .rdata is no different from any other section of code/data in the PE file - it's the name of one of the segments, just like .data, .bss, .text, etc.

    I still don't understand what your question is? [Your local image won't show because my computer can't read the C: drive on yours - maybe a better idea to upload it rather than link to it?]

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  7. #7
    بابلی ریکا Masterx's Avatar
    Join Date
    Nov 2007
    Location
    Somewhere nearby,Who Cares?
    Posts
    497
    Quote Originally Posted by matsp View Post
    .rdata is no different from any other section of code/data in the PE file - it's the name of one of the segments, just like .data, .bss, .text, etc.

    I still don't understand what your question is? [Your local image won't show because my computer can't read the C: drive on yours - maybe a better idea to upload it rather than link to it?]

    --
    Mats
    my questions are "how can i read the contents of rdata!, where is it located ? and how can i access it? or at least divide an executable file to these sectios! just like 7zip does!

    and about the picture . i use fire fox and ScarpBook addon! , i thoght it retains the links! and doesnt give me the local address !
    Highlight Your Codes
    The Boost C++ Libraries (online Reference)

    "...a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are,in short, a perfect match.."
    Bill Bryson


  8. #8
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Try this page:
    Peering Inside the PE: A Tour of the Win32 Portable Executable File Format

    It may not do exactly what you want, but it's close, I think.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  9. #9
    بابلی ریکا Masterx's Avatar
    Join Date
    Nov 2007
    Location
    Somewhere nearby,Who Cares?
    Posts
    497
    by the way in the picture i posted, there is no sign of these sections! ?
    actually all we are dealing is Dos Headers (MZ stuff, and the text that says it runs under dos or it doesnt! ),PE signature!,Coff Header, Optional headers and section table plus mapped sections!
    so this is the whole PE structure! i cant see any .rdata session!
    it must be somewhere inside one of the other sections! ? (which one? i have no idea!)
    and how to get that sections of these sections . ? still i have no idea! that why i asked for your help

    tanx
    Highlight Your Codes
    The Boost C++ Libraries (online Reference)

    "...a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are,in short, a perfect match.."
    Bill Bryson


  10. #10
    بابلی ریکا Masterx's Avatar
    Join Date
    Nov 2007
    Location
    Somewhere nearby,Who Cares?
    Posts
    497
    Quote Originally Posted by matsp View Post
    Try this page:
    Peering Inside the PE: A Tour of the Win32 Portable Executable File Format

    It may not do exactly what you want, but it's close, I think.

    --
    Mats
    tanx , im on it
    Highlight Your Codes
    The Boost C++ Libraries (online Reference)

    "...a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are,in short, a perfect match.."
    Bill Bryson


Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Can we have vector of vector?
    By ketu1 in forum C++ Programming
    Replies: 24
    Last Post: 01-03-2008, 05:02 AM
  2. help with text input
    By Alphawaves in forum C Programming
    Replies: 8
    Last Post: 04-08-2007, 04:54 PM
  3. C++ std routines
    By siavoshkc in forum C++ Programming
    Replies: 33
    Last Post: 07-28-2006, 12:13 AM
  4. Encryption program
    By zeiffelz in forum C Programming
    Replies: 1
    Last Post: 06-15-2005, 03:39 AM
  5. Simple File encryption
    By caroundw5h in forum C Programming
    Replies: 2
    Last Post: 10-13-2004, 10:51 PM