Finding and accessing resources in PE

Hi,

My driver needs to read a named resource from it’s image, but I was not able
to find any API to do that in kernel-mode.
My last resort is to get the IMAGE_DIRECTORY_ENTRY_RESOURCE using
RtlImageDirectoryEntryToData() and parse it my self, but it’s probably wiser
to use a global const instead and give up the whole “reading resources in
kerenl-mode” idea.

After some debugging I found some functions which I think can help like
LdrAccessResource, LdrpAccessResourceData, LdrFindResource_U,
LdrpSearchResourceSection_U, but I don’t think it will be wise to use
them…

I’m lost.
Is there something I’m missing? Is this really not exported functionality in
the kernel?

Thanks,
Shahar

If you can incorporate the data as a const global, do that. It is much
easier and you don’t have to delve into undocumented and unsupported
APIs. Also consider reading the value out of the registry if applicable
(ie if it is going to change over the lifetime of the driver and it is
signed and you want to change it and not invalidate the signature).

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Shahar Talmi
Sent: Wednesday, March 30, 2005 12:49 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Finding and accessing resources in PE

Hi,

My driver needs to read a named resource from it’s image, but I was not
able
to find any API to do that in kernel-mode.
My last resort is to get the IMAGE_DIRECTORY_ENTRY_RESOURCE using
RtlImageDirectoryEntryToData() and parse it my self, but it’s probably
wiser
to use a global const instead and give up the whole “reading resources
in
kerenl-mode” idea.

After some debugging I found some functions which I think can help like
LdrAccessResource, LdrpAccessResourceData, LdrFindResource_U,
LdrpSearchResourceSection_U, but I don’t think it will be wise to use
them…

I’m lost.
Is there something I’m missing? Is this really not exported
functionality in
the kernel?

Thanks,
Shahar


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The value only changes between releases of my driver, this is why I want to
incorporate the data inside the driver’s image. I guess I’ll be using a
global const then, too bad there are no documented APIs for reading the
image’s resources.

Thanks,
Shahar

“Doron Holan” wrote in message
news:xxxxx@ntdev…
If you can incorporate the data as a const global, do that. It is much
easier and you don’t have to delve into undocumented and unsupported
APIs. Also consider reading the value out of the registry if applicable
(ie if it is going to change over the lifetime of the driver and it is
signed and you want to change it and not invalidate the signature).

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Shahar Talmi
Sent: Wednesday, March 30, 2005 12:49 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Finding and accessing resources in PE

Hi,

My driver needs to read a named resource from it’s image, but I was not
able
to find any API to do that in kernel-mode.
My last resort is to get the IMAGE_DIRECTORY_ENTRY_RESOURCE using
RtlImageDirectoryEntryToData() and parse it my self, but it’s probably
wiser
to use a global const instead and give up the whole “reading resources
in
kerenl-mode” idea.

After some debugging I found some functions which I think can help like
LdrAccessResource, LdrpAccessResourceData, LdrFindResource_U,
LdrpSearchResourceSection_U, but I don’t think it will be wise to use
them…

I’m lost.
Is there something I’m missing? Is this really not exported
functionality in
the kernel?

Thanks,
Shahar


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Parse your driver’s binary image yourself. IIRC the PVOID to the image
start (to MZ letters) is in the DRIVER_OBJECT.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Shahar Talmi”
To: “Windows System Software Devs Interest List”
Sent: Thursday, March 31, 2005 12:49 AM
Subject: [ntdev] Finding and accessing resources in PE

> Hi,
>
> My driver needs to read a named resource from it’s image, but I was not able
> to find any API to do that in kernel-mode.
> My last resort is to get the IMAGE_DIRECTORY_ENTRY_RESOURCE using
> RtlImageDirectoryEntryToData() and parse it my self, but it’s probably wiser
> to use a global const instead and give up the whole “reading resources in
> kerenl-mode” idea.
>
> After some debugging I found some functions which I think can help like
> LdrAccessResource, LdrpAccessResourceData, LdrFindResource_U,
> LdrpSearchResourceSection_U, but I don’t think it will be wise to use
> them…
>
> I’m lost.
> Is there something I’m missing? Is this really not exported functionality in
> the kernel?
>
> Thanks,
> Shahar
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com