Become A Resource Hacker

Published Date
01 - Oct - 2006
| Last Updated
01 - Oct - 2006
 
Become A Resource Hacker
Resource Hacker is a freeware utility that allows you to view the cursors, icons, bitmaps, GIF, AVI, and JPEGs embedded within files. These are referred to as resources. For example, an EXE file will have an icon, version number, and more embedded within it. You'll also come across embedded WAV and MIDI resources. Essentially, using the tool, you can view, modify, add, delete, and extract resources in 32-bit Windows executables, DLLs, screensaver (.scr) files, and more. It works on almost all 32-bit versions of Windows, including XP and 98.

In addition to the above, menus and dialogs can be viewed as they would appear in a running application, so you can view, in real-time, the effects of the modifications you make to the file.

Resources can be saved as image files; as script files (.rc); as binary resource files (*.res); or as binary files (.bin). The program can also modify, add and delete resources.

You can download Resource Hacker from www.angusj.com/resourcehacker. It is no longer being updated, however. Extract the contents of the .zip file to a folder of your choice, and you're ready to run the program.

The Interface
After you launch Resource Hacker and open a file such as a DLL or EXE, you will be presented with a window that has a blank space on the right and a list of resources on the left, which appear similar to directories in Windows Explorer. The name of the directories (which are the listed resources) explain what resource of the source file they contain. For example, "Icon" contains icons, "Cursor" contains cursor files, and so on. It's that simple!

In order to view an embedded resource, just double-click on the directory to expand it and click on the name of the resource. Each resource consists of three parts.
  •  Resource Type: This indicates whether the resource is a cursor, bitmap, menu, or whatever.

  •  Resource Name: Each resource has a unique name in a file.

  •  Resource Language: This is the code number of the language used in the file.
Modifying Resources
 Change an icon, cursor or bitmap
As already stated, you can change the icon of an EXE using Resource Hacker. Let's replace the icon of WinRAR.exe with that of utorrent.exe or µTorrent, as in the screenshot. Open WinRAR.exe in Resource Hacker and expand the Icon resource folder. Expand the 2 folder, right-click on 1029, and select "Replace Resource…" Click on "Open file with new icon" and select utorrent.exe. Now click Replace. Save the file, and when you open it, you'll see that the icon has changed!

 Edit menus, strings, and dialog boxes
Select the desired resource (such as String Table > 3858 > 1033). Make your changes by typing in the new text you wish to include, and click Compile Script. The script will be compiled; an error message will come up if something goes wrong, so that you can rectify the problem.

 Add new resources
Click on Action > Add a new Resource. Click the "Open file with new resource" button. Select the resource and click Open. Specify the resource Type, Name and Language, and click on the Add Resource button.

 Add new menu items
New menu items can be added to an application. Go to the desired menu (for example, Menu > 215 > 1033). Add a line anywhere inside POPUP "{Menu Name}" in the following format:

MENUITEM "your_string", 12345, MFT_STRING, MFS_GRAYED | MFS_DEFAULT

Here, "your_string" is the text that will be displayed on the screen, "12345" is the unique identifier which defines the function associated with the menu item (you might need to use trial and error to find it), MFT_STRING means it is a menu item with text, MFS_GRAYED means the menu item is disabled, and MFS_ENABLED means it is enabled. MFS_DEFAULT sets the menu item text to bold.

Let's modify the menus in WinRAR-add a menu called "Test". Open WinRAR.exe using Resource Hacker. In the left of the window, click on Menu > MAIN_MENU > 1049. In the right-hand side, scroll down to the bottom of the window. Before the last closed curly brace, add the following lines:
POPUP "&Test"
{
MENUITEM "&This is a test",190
}

Click "Compile Script" and save the file. On opening WinRAR, you will see an extra menu called "Test" after "Help", and when you click on that, you will see a menu item: "This is a test". Use the Ampersand (&) before the letter you want to set as the item's accelerator. For example, M&enu will make the menu accessible using [Alt] [E].

Be Your Own Anti-Spyware

Bust troublemaking software and tweak your system with HijackThis Nimish Chandiramani

Want more control over your computer's security? Or just want a more in-depth look at what's going on inside the box? HijackThis is an unassuming tool that hides the power to turn you into a human anti-spyware program! This program tells you all, but doesn't make any judgement-so it won't warn you if you're being plagued by adware/spyware/malware, but if you can identify the offending program, you can rid yourself of it permanently. Get it from http://www.spywareinfo.com/~merijn/index.php

You can also end up ridding yourself of some essential Windows services, so watching your step is advisable.

Scanning For Problems
At the HijackThis startup, the first thing you should do is a system scan. Saving a log file is optional, but a good idea when you're just starting out-you might need to show this log to someone else just to get a second opinion. Once you've done the scan, you're presented with a list of entries like "R0 - HKLMSoftware......" and so on. Here's what you should look out for in these entries:

Browser Helper Objects  (BHOs, appear as O2 - BHO: [name] - {etc.}): These are the worst offenders. Any toolbar that you install for IE is a BHO, and has effectively the same control over the computer as you. Malicious code writers usually use this category to wreak their havoc, so if you see something unfamiliar here, mark the checkbox next to it and click "Fix Checked" at the bottom.

Services (O23): Another favourite with malware authors is disguising their programs as NT services; you should make sure that you know the origin of each of these services. If it looks suspicious, Fix It!

Note: Before fixing anything, make sure you're saving backups for those entries. On the bottom-right corner, click Config, and under the Main tab, make sure that the "Make backups before fixing items" checkbox is checked. It's on by default, but you should always double-check.

Restoring Backups
If you start experiencing problems with your system after you've used HijackThis, just restore the last backup you made. If you've just started the program, click on "Open the Misc. Tools Section" or Config if you've already run a scan. Under the Backups tab, you will see a list of backed-up items. Restore them one-by-one till your system runs fine again.

Delete Obnoxious Files
If you've found a malicious EXE that refuses to be End Task-ed through the Windows Task Manager, in order to be able to delete it, salvation is at hand. Under the Misc. Tools tab in HijackThis, you'll find the "Delete a file on reboot" button-its function is quite self-explanatory. It's quite effective, especially if you're infected with a virus that refuses to let you even open the Task Manager. To get rid of malicious services, use "Delete an NT Service"; be careful when using this one, though.

Spy On Ads
If you're worried about data being transmitted from your PC without your knowledge, use the ADS spy to scan your PC. It detects outgoing data from programs like keyloggers and other spyware that transmit your personal data to their parent sites.

Get The Low-down On Your PC
For a more advanced version of the Windows Task Manager, use the Process Manager from the Misc. Tools section. It also shows you which DLL files have been loaded by each program-tremendous value if you're doing this for academic interest.

Finally, if you're ever in doubt about making changes to your system with HijackThis, get some help-post your HijackThis log on a tech forum where more experienced people should be more than willing to assist you.




Team DigitTeam Digit

All of us are better than one of us.