how to extract resources from exe created by meta card?
i try to extract by the followwing program with no results
exescope
reshack
pe explorer
EZ Extract resources
the porgram which created is located here
hxxp://www.metacard.com
its a cross plat form multimedia creating tool i.e. its run on linux as well as windows according to the company

when i tried to extract resources i only get some icons only but i want to edit the images,string in the exe
help me

Are you sure that the images and strings are stored as PE resources? This is not the case with all compilers/linkers.

Anyway, if the exe is packed (this does also seem quite likely if you can only see some icons as resources) you will most likely be able to dump the program from memory, and then take the resources directly from the dumped exe with the tools you mention earlier (even though it might not run due to messed up IAT and so on), but there is of course ways to prevent that too if they would like to. You might have to fiddle with some PE header flags to make the tools look in the correct PE section of the dump too.

thanks for yur help

yes i am sure that resources r in exe only i checked it moving th exe from the folders it comes with

i checked the exe with peid 0.9 and it prompts it is a VC++ exe so i dont think its of use to dump it as its not packed with any protector according to peid and other tools to do scanning
resources in the exe r images,text and some resources r taken from folders it come with i am able to modify only the resources that r in the folder and able to modify those that r in the exe
pl. help me

The answer might sound pretty easy.
As you might know, MOST of the packers are afraid to touch .rsrc section. This is because of the code inside oleaut32.dll - thx to M$. Therefore we may assume that resource DIRECTORY SHOULD be in resource SECTION named ".rsrc". BUT. Some packers are there to steal for example the icon from the exe-file. In this case it is a little bit harder to play around. There are some russian utilities to solve the problem. You can find them on wasm. Rebuild (recalculate) resources and your editors will be able to see them.

but i am able to see the icons and version of the exe(actuaaly it comes with a presentation CD)
then how could it be packed with a packer?
and which tool u r talking of(pl. be specific)
thanks for yur help

hxxp://wxw.wasm.ru/tools/6/resrblds.zip

Packers that process the resource section mostly lift out the icons and other externally important resources to a new resource section, which might be the case for your program too.

dELTA i have looked the exe is not packed and is around 5MB
volodya i will try to work with that tool and let u know if it worked with my exe
by the way can any1 explain why tools like reshack,exescope not working with this exe(VC++) and is not pcked with any packer?

pm send to delta and vladmir

volodya i downloaded the file and it contain 3 tools i used all and all did not solve my problem all just create rsrc section to hd which i opened to see the contents i am looing which did not helped me
i of the program create a rsrc.bin which i am attaching and i did pmed u with the exe link did u see the exe?

Using PE Tools (or simular), what is the size of the resource section? Is it even big enough to hold these images? Have you tried looking in the section to see if the images might be in there? (using a hex editor.)

Have you tried doing an X-Ref for the blit routines, to see where they are getting their source images from? Perhaps they are just stored in a dedicated section or data section.

Even if the images are encrypted in the data section, you can trap the bit blit routines, and patch them to dump the uncompressed bitmaps to disk. Do a search for bit map routines.

i have done that but was not able to find any text i want to change.
i first open the exe in 2 programs 1 by 1
first in hiew and search for the text by pressing the F7 key with no result
then in winhex the same way but with no result
is this what u want me to do?

here is the images of some the resources i have seen by pe tools

http://www.geocities.com/thematrixzone2002/z/

here is somescreenshot which can help me more and pl.. help me
http://www.geocities.com/thematrixzone2002/1/
http://www.geocities.com/thematrixzone2002/myexe/
http://www.geocities.com/thematrixzone2002/screenshot/

pl.. help me

@thematrix:
... as i told you before @ board.anticrack.de, the resource section contains only RT_ICON, RT_GOUPICON and RT_VERSIONINFO. the size is fixed to CA0h in metacard files. The section alignment is 1000h. In case of that, you can use whatever tool you want, you see only this resource types...

Also i told you that the resources are QuickTime format! By showing a screenshot with ultraedit without these informations an answer is hard to find...

cuPegasus then how to edit the quicktime resources then?
i wasted 4-5 days to solve this problem and i am very irritated/confused with this problem
i opened the exe as told by u but there i dont think i can do much
how to edit quicktime resources then?