The format is simple for the initial files (dlls) but then from the "PAMU" format it starts to not work as expected so the best solution is offzip.
It's enough to launch offzip on the executable to dump all the files compressed with zlib.
You can use the following script to convert/extract the audio files to wav by using quickbms on the whole folder where you extracted the files with offzip:
Code: Select all
get SIZE asize
get NAME unicode
padding 8
savepos OFFSET
math SIZE -= OFFSET
if SIZE > 0
getdstring SIGN 4
if SIGN == "RIFF"
string NAME += ".wav"
log NAME OFFSET SIZE
endif
endifIf you want to dump all the executable sections and resources you can use this script:
http://aluigi.org/papers/bms/others/parse_exe.bms
(I wrote it just to test quickbms with the Windows PE files but it's useful)
Then you can use the following script to extract the format before the "PAMU" one, it contains just few dlls so it's not much useful but if you want to try:
Code: Select all
comtype unzip_dynamic
idstring "wwww"
get DUMMY long
get DUMMY long
get SIZE long # PAMU
get DUMMY long
get ZERO long
get ZERO long
get FILES long
for i = 0 < FILES
get NAMESZ short
math NAMESZ *= 2
getdstring NAME NAMESZ
set NAME unicode NAME
get ZERO long
get SIZE long
savepos OFFSET
clog NAME OFFSET SIZE SIZE
math OFFSET += SIZE
goto OFFSET
next i