Extract the resources (.rsrc section) from PE file

[bonigarcia]

I want to extract the resources (.rsrc section) from the following PE file (152.8 MB). I got that file from the Edge MSI installer (inside the Binary.MicrosoftEdgeInstaller stream).

I tried to use pecli for that aim, and with that, I managed to dump that section using the following command:

$ pecli dump --section rsrc --output extract MicrosoftEdge_X64_116.0.1938.76.exe.\{0D50BFEC-CD6A-4F9A-964C-C7416E3ACB10\} 
Section .rsrc written in extract

As the output says, a file called extract is created. But that is not exactly what I need.

As far as I believe, the .rsrc section in a PE file contains resources indexed by a multiple-level binary-sorted tree structure (see source). And I want to extract that tree structure (composed by folders and files) from the PE file. In theory, in that tree structure I will find the Microsoft Edge binary distribution for Windows.

Is it possible to extract?

Any clue on this is greatly appreciated.

[Te-k]

Technically, you can probably do that with pecli dump -r [RESOURCE] to dump resources one by one, but the issue here is that there aren't any resources in that PE file (even though the .rsrc section is large, I am not sure why). That's why you don't see any resources when doing pecli info on it.