;------------------------------------------------------------------------------------------------------------
һ޸ģ װPEļԴ

    *. ԭ±ԴʹԴ󣬿ܻʹļƫƵ´

    1. ȽҪ޸ĵEkd5.exe ļһݣΪEkd5().exe

    2. LordPE ==> [ѡ] ==> [PE ༭] һѡ[αԶС] ==> [ȷ]

    3. [PE༭] ==> Ekd5().exe ==> [] ==> Ҽ ==> []

    4. [.NewSec] Ҽ ==> [༭] ==> ޸[С]  [С] Ϊ00010000

    5. [.NewSec] [ַ] ֵҵ 00118000 ==> [ȷ] ==> ˳LordPE

    6. FixRes ==> [Dump] ==> [NewRVA] Ϊ00118000 ([.NewSec] [ַ] ֵ) ==> [FileAlignment] Ϊ1000

    7. [PE File] Ekd5().exe ==> [Res File] ļҵ D:\rsrc.bin

    8. [Dump Resource] ==> תɹʱ½ǻʾResource was dumped successfully.  ==> ˳FixRes

    9. ɾEkd5().exe

    10. LordPE ==> [PE༭] ==> Ҫ޸ĵEkd5.exe (ע⣺δһ) ==> []

    11. Ҽ ==> [Ӵ] ==> 򿪸ת rsrc.bin ==>   ʾɹ 

    12. [.rsrc] Ҽ ==> [༭] ==> [] Ϊ.nodata ==> [С] Ϊ 0F600

    13. [־] ߵ[ ..] ť[α־] ==> ͬʱѡ[Ϊִ][ɶȡ][д][ִд]
        [ѳʼ] ==> [ȷ]

    14. [rsrc.bin] Ҽ ==> [༭] ==> [] Ϊ.rsrc ==> [ַ] [С] ֵ
        ҵ 00118000  00010000

    15. Ͻ[X] ر[α] ==> [Ŀ¼] Ŀ¼Ϣ ==> ޸[Դ] һ[RVA] Ϊ00118000
        ==> ޸[Դ] һ[С] Ϊ00010000  ==> [] ==> ˳LordPE

;------------------------------------------------------------------------------------------------------------

ڶ޸ģ ǨPEļĹԴĿ¼һµĶԻԴ

    *. ڶԻĿ¼ֱӸŹڶĿ¼Ǩƾ޷µĶԻ


    1. ODװEkd5.exeڶĿ¼ǨƵ005274E0H = 00518000H + 0F4E0H

    *. 005274E0H [.rsrc] [ַ] 00118000 + ԭ[.rsrc] [С] 0000F4E0H + [PEļĬװַ] 00400000

    *. [ԴĿ¼_һ] ϢΪ00518038        0C 00 00 00 68 02 00 80
       [ԴĿ¼_һ] ͼϢΪ00518040        0E 00 00 00 D8 02 00 80

       ҪǨƵΪ00518268H  = 00518000H + 0268HǨƴСΪ70H(DEC: 112) = 2D8H - 268H

         00 00 00 00 00 00 00 00 04 00 00 00 00 00 0C 00
         73 00 00 00 60 08 00 80 74 00 00 00 78 08 00 80
         75 00 00 00 90 08 00 80 76 00 00 00 A8 08 00 80
         77 00 00 00 C0 08 00 80 78 00 00 00 D8 08 00 80
         79 00 00 00 F0 08 00 80 7A 00 00 00 08 09 00 80
         7B 00 00 00 20 09 00 80 7D 00 00 00 38 09 00 80
         7E 00 00 00 50 09 00 80 7F 00 00 00 68 09 00 80


    2. Ŀ¼¹offsetΪ: 0F4E0H

         0051803CH    68 02  ==>  E0 F4


    3. 00518268H λԭ

        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00


    4. IDĶԻ

        0051814EH    22 00  ==>  23 00

        *. 00518140  00 00 00 00    ; [ԴڶĿ¼] ¶ԻIMAGE_RESOURCE_DIRECTORY ṹ
                     00 00 00 00
                     04 00
                     00 00
                     01 00          ; ַԴ
                     22 00          ; IDԴ


    5. (ڶ) IMAGE_RESOURCE_DIRECTORY_ENTRY ṹ

       00518268H    00 00 00 00 00 00 00 00  ==>  91 01 00 00 78 02 00 80

        *. 91 01 00 00    ; λΪ0ʾΪIDʹ
           78 02 00 80    ; λΪ1ʱ, λָһ()ݵַ


    6. () IMAGE_RESOURCE_DIRECTORY IMAGE_RESOURCE_DATA_ENTRY ṹ00518278H 

       00 00 00 00 00 00 00 00 04 00 00 00 00 00 01 00
       04 08 00 00 90 02 00 00 60 75 12 00 2C 00 00 00
       E4 04 00 00 00 00 00 00

       *. 00518278H  00 00 00 00    ; ¶ԻIMAGE_RESOURCE_DIRECTORYṹ
                     00 00 00 00
                     04 00
                     00 00
                     00 00
                     01 00

       *. 00518288H  04 08 00 00
                     90 02 00 00    ; λΪ0λָIMAGE_RESOURCE_DATA_ENTRYṹ

       *. 00518290H  60 75 12 00    ; ԴRVA127560H(ĶԻַ - PEļװַ)
                     2C 00 00 00    ; Դݳ  2CH
                     E4 04 00 00    ; ҳһΪ0
                     00 00 00 00    ; ֶ


    7. ĶԻԴݿ00527560H 

       01 00 FF FF 00 00 00 00 00 00 02 00 40 00 20 40
       00 00 00 00 00 00 BB 00 5E 00 00 00 00 00 00 00
       09 00 00 00 00 01 8B 5B 53 4F 00 00


    8. ResHackerEkd5.exe ==> [Ի] ==> [401] ==> CTRL+A ==> DELETE, ճԴű

401 DIALOG 0, 0, 228, 98
STYLE DS_MODALFRAME | DS_CENTER | WS_POPUP | WS_VISIBLE | WS_CAPTION
CAPTION "ԭ佫趨"
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
FONT 9, ""
{
   CONTROL "", 2000, STATIC, SS_BITMAP | WS_CHILD | WS_VISIBLE, 3, 3, 80, 80 
   CONTROL "Ա", -1, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 7, 87, 24, 8 
   CONTROL "", 2002, BUTTON, BS_AUTORADIOBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 33, 87, 22, 8 
   CONTROL "Ů", 2003, BUTTON, BS_AUTORADIOBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 57, 87, 22, 8 
   CONTROL "", 2020, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_DISABLED | WS_TABSTOP, 87, 26, 9, 12 
   CONTROL "", 2021, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 87, 51, 9, 12 
   CONTROL "", -1, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 108, 8, 26, 8 
   CONTROL "", 2033, EDIT, ES_LEFT | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 138, 5, 60, 12 
   CONTROL "ְҵ", -1, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 108, 22, 24, 8 
   CONTROL "", 2005, COMBOBOX, CBS_DROPDOWNLIST | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 132, 19, 48, 50 
   CONTROL "", -1, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 184, 22, 24, 8 
   CONTROL "40", 2006, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 210, 22, 8, 7 
   CONTROL "", -1, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 108, 37, 24, 8 
   CONTROL "70", 2007, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 137, 37, 12, 7 
   CONTROL "+", 2022, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 152, 37, 12, 7 
   CONTROL "-", 2027, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_DISABLED | WS_TABSTOP, 167, 37, 12, 7 
   CONTROL "(B)", 2012, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 182, 37, 12, 7 
   CONTROL "ͳʣ", -1, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 108, 49, 24, 8 
   CONTROL "70", 2008, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 137, 49, 12, 7 
   CONTROL "+", 2023, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 152, 49, 12, 7 
   CONTROL "-", 2028, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_DISABLED | WS_TABSTOP, 167, 49, 12, 7 
   CONTROL "(B)", 2013, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 182, 49, 12, 7 
   CONTROL "", -1, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 108, 61, 24, 8 
   CONTROL "70", 2009, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 137, 61, 12, 7 
   CONTROL "+", 2024, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 152, 61, 12, 7 
   CONTROL "-", 2029, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_DISABLED | WS_TABSTOP, 167, 61, 12, 7 
   CONTROL "(B)", 2014, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 182, 61, 12, 7 
   CONTROL "ٶȣ", -1, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 108, 73, 24, 8 
   CONTROL "70", 2010, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 137, 73, 12, 7 
   CONTROL "+", 2025, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 152, 73, 12, 7 
   CONTROL "-", 2030, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_DISABLED | WS_TABSTOP, 167, 73, 12, 7 
   CONTROL "(B)", 2015, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 182, 73, 12, 7 
   CONTROL "", -1, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 108, 85, 24, 8 
   CONTROL "70", 2011, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 137, 85, 12, 7 
   CONTROL "+", 2026, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 152, 85, 12, 7 
   CONTROL "-", 2031, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_DISABLED | WS_TABSTOP, 167, 85, 12, 7 
   CONTROL "(B)", 2016, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 182, 85, 12, 7 
   CONTROL "", 2001, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 201, 70, 23, 11 
   CONTROL "ȷ", 2032, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_DISABLED | WS_TABSTOP, 201, 84, 23, 11 
}


   ==> [ű (C)] ==> [ļ] ע⣺ResHackerʱԶݵļƫƣ