Extract .exe Resources with dd
From Leo's Notes
Last edited on 14 June 2020, at 23:23.
One method of extracting resources from a binary file is to first locate the start of each resource segment by its file header and then extract it out until the next file header.
For example, to get all audio resources (a .wav file with a file header of 'RIFF'), get all the offsets where the string 'RIFF' starts and extract the data from there until the next header:
Location=0
strings -a -t d SIMTOWER.EXE | grep -i RIFF | awk '{print $1}' | while read i ; do
if [ $Location -eq 0 ] ; then
Location=$i
continue
fi
Length=$(($i-$Location))
dd if=SIMTOWER.EXE of=$Location bs=1 count=$Length skip=$Location
Location=$i
done
# The last record will need to be extracted manually.
# You could assume it goes until the end of the binary and extract
# the segment from $Location to `du -b SIMTOWER.EXE`.