A PE resource directory -- difficulty in understanding it ...

Tech-Archive recommends: Speed Up your PC by fixing your registry

Hello All,

I've mapped a PE-executable into memory, and am looking at the
Resource-directory. I'vegot a problem in understanding how its build up :
The "root" directory normally enumerates the "sections" (icon, dialog, etc),
and than points to that sub-section. But wait : that pointer does not
actualy need to point to a sub-section, it can allso directly point to a
"leaf" holding the data.

And that is where I become lost : why should te root-directory be able to
directly point to data ? If it does it cannot assign a name or ID to the
resource (meaning: the root-level *most* point to a "node", never to a
"leaf") , and why should there be multiple levels of "nodes" before reaching
the "leaves" ?

The below is a dump of an executable created by Borlands Tasm 5.0 package.
It shows an Icon-resource with *two* nodes before reaching the "leaf". I
have no idea why that second node" is there .... Allso, what does that
second ID (ID:0000) signify ?

I would be gratefull for any kind of info to the subject, as mu searches of
the web did not shed much light on it (like http://www.jps.at/pefile.html
figure 2)

Regards,
Rudy Wieser


-- [ Resource-directory (root) ]--
00000000
476B9966
0000
0000
0000
0003
00000003 80000028 '<Icon>'
--[ node #1 ]---
00000000
476B9966
0000
0000
0000
0002
00000001 80000088 'ID:0001'
-- [ node #2 ]--
00000000
476B9966
0000
0000
0000
0001
00000000 00000118 'ID:0000'
--[ leaf ]--
00007178
00000128
00000000
00000000



.