(In certain cases we would be able to ask users to attach such a dump file ...)
Code: Select all
GETMESSAGETABLE v. 1.0 Dump the message table from a PE file, and writes the found messages into a text file. Syntax: GETMESSAGETABLE [ PE_File_Path Text_File_Path ] PE_File_Path name of a Portable Executable file (like *.exe or *.mui) Text_File_Path name of a text file where the messages are written Output format: #M 0xmmmmmmmm #L 0xllll : (m = HEX value of the message ID, l = HEX value of the language ID) message text extra line break (not belonging to the message text) A list of language IDs can be downloaded on the Microsoft page: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/
- Dump the message strings of all active languages of cmd.exe.
getmessagetable "%comspec%" "dump.txt"
- Dump only the English message strings of cmd.exe.
getmessagetable "%SystemRoot%\system32\en-US\cmd.exe.mui" "dump.txt"
- Dump the message strings of the system error codes in all active languages.
getmessagetable "%SystemRoot%\system32\kernel32.dll" "dump.txt"
The output file is likely UTF-16-encoded. Even if ANSI codepages are supported, there is little to no chance to find an ANSI-encoded resource.
(x86 binary + C source)