[Diagnostics] GETMESSAGETABLE.exe - dump the message table from a PE file (*.exe, *.mui, *.dll)

Message

#1 Post by **aGerman** » 31 Jan 2021 14:26

Quite often we have to deal with the language-specific output of command line utilities. The attached tool will dump the message tables linked with a Portable Executable file, such as *.exe, *.dll, or *.mui. Should work on Vista and newer.
(In certain cases we would be able to ask users to attach such a dump file ...)

Code: Select all

GETMESSAGETABLE v. 1.0
Dump the message table from a PE file, and writes the found messages into a text file.

Syntax:
GETMESSAGETABLE [ PE_File_Path  Text_File_Path ]
  PE_File_Path    name of a Portable Executable file (like *.exe or *.mui)
  Text_File_Path  name of a text file where the messages are written

Output format:
#M 0xmmmmmmmm #L 0xllll : (m = HEX value of the message ID, l = HEX value of the language ID)
message text
extra line break (not belonging to the message text)

A list of language IDs can be downloaded on the Microsoft page:
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/

Examples:
- Dump the message strings of all active languages of cmd.exe.
getmessagetable "%comspec%" "dump.txt"
- Dump only the English message strings of cmd.exe.
getmessagetable "%SystemRoot%\system32\en-US\cmd.exe.mui" "dump.txt"
- Dump the message strings of the system error codes in all active languages.
getmessagetable "%SystemRoot%\system32\kernel32.dll" "dump.txt"

The output file is likely UTF-16-encoded. Even if ANSI codepages are supported, there is little to no chance to find an ANSI-encoded resource.

Steffen

(x86 binary + C source)

DosTips.com

[Diagnostics] GETMESSAGETABLE.exe - dump the message table from a PE file (.exe, .mui, *.dll)

[Diagnostics] GETMESSAGETABLE.exe - dump the message table from a PE file (.exe, .mui, *.dll)