我需要帮助解码部分可读的.ini文件。
示例文件:
HEX:
0f 27 00 00 01 00 00 00 1f 00 00 00 00 00 00 00
01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00
67 02 00 00 02 00 00 00 04 00 00 00 b5 d7 cd bc
03 00 00 00 02 00 00 00 d0 01 00 00 93 00 00 00
04 00 00 00 02 00 00 00 4a 01 00 00 03 02 00 00
05 00 00 00 08 00 00 00 56 49 50 65 6e 5f 64 74
07 00 00 00 01 00 00 00 00 00 00 00 1e 00 00 00
1e 00 00 00 43 6c 6f 73 65 57 6e 64 73 28 74 62
6c 41 75 74 6f 43 6c 6f 73 65 57 6e 64 73 31 34
29 3b 00 00 00 00 01 00 00 00 0b 00 00 00 01 00
00 00 01 00 00 00 3d f0 00 00 02 00 00 00 0c 00
00 00 ce ef c6 b7 b2 d6 bf e2 cd bc c6 ac 03 00
00 00 02 00 00 00 00 04 00 00 00 04 00 00 04 00
00 00 02 00 00 00 65 00 00 00 7b 00 00 00 07 00
00 00 01 00 00 00 00 00 00 00 09 00 00 00 01 00
00 00 02 00 00 00 14 00 00 00 01 00 00 00 00 00
ASCII:
................
....J...........
WndTeach........
....˜.........../
...¯...........y
oungteach_d.....
................
...........é€...
.......È·¶¨.....
...k...€........
................
...curre_but_con
firm............
........DestroyG
UIWnd(330);.....
...........
奇怪的是,只有此ini文件中的alfanumeric值不可读。该文件负责GUI定位,从未加密的类似文件判断它应该是这样的:
[WndTeach]
ID=45602 \\Random values as example
Type =3 \\Random values as example
Pos= 181 291 \\Random values as example
Size =10 20 \\Random values as example
BackgroundIndex=youngteach_d
Function = DestroyGUIWnd(330);
[Button1] \\Guess
Type = 3 //Btn Control
ID = 24001
Pos = 2 2
Size = 34 16
BackgroundIndex = curre_but_confirm
根据我的猜测,ID,Type,Pos,Size的值以十六进制存储,因此它们在ASCII中不可读,但BackgroundIndex和Function值可通过使用文本编辑器打开文件来读取。 我从负责加载gui文件的DLL中提取了一些操作码,但我无法理解它:
.text:10061A38 loc_10061A38: ; CODE XREF: CGuiWndImpl::IniToBat(char const *)+CAj
.text:10061A38 lea edx, [ebp+var_E8]
.text:10061A3E push offset a_dat ; ".dat"
.text:10061A43 push edx
.text:10061A44 lea eax, [ebp+Dest]
.text:10061A4A push offset aSS ; "%s%s"
.text:10061A4F push eax ; Dest
.text:10061A50 call ds:sprintf
.text:10061A56 add esp, 10h
.text:10061A59 lea ecx, [ebp+Dest]
.text:10061A5F push 9002h
.text:10061A64 push ecx
.text:10061A65 lea ecx, [ebp+var_20]
.text:10061A68 call ??0CFile@@QAE@PBDI@Z ; CFile::CFile(char const *,uint) //fopen function
.text:10061A6D lea ecx, [ebp+var_68]
.text:10061A70 mov byte ptr [ebp+var_4], 1
.text:10061A74 call sub_100812F0
.text:10061A79 xor esi, esi
.text:10061A7B mov [ebp+Args], eax
.text:10061A7E test eax, eax
.text:10061A80 jle loc_10061BC9
.text:10061A86
.text:10061A86 loc_10061A86: ; CODE XREF: CGuiWndImpl::IniToBat(char const *)+283j
.text:10061A86 push offset aType ; "Type"
.text:10061A8B push esi
.text:10061A8C lea ecx, [ebp+var_68]
.text:10061A8F call sub_10081900
.text:10061A94 mov ecx, eax
.text:10061A96 dec ecx
.text:10061A97 jz loc_10061B99
.text:10061A9D sub ecx, 63h
.text:10061AA0 jz loc_10061B26
.text:10061AA6 sub ecx, 32h
.text:10061AA9 jz short loc_10061B11
.text:10061AAB push eax
.text:10061AAC call sub_10063F30
.text:10061AB1 mov edi, eax
.text:10061AB3 add esp, 4
.text:10061AB6 test edi, edi
.text:10061AB8 jnz short loc_10061AD1
.text:10061ABF push 0A31h ; Args
.text:10061AC4 push offset aBqassertPctrlI ; "ínASSERT(pCtrl) in %d line of %sín"
.text:10061AC9 call sub_10080440
.text:10061ACE add esp, 0Ch
.text:10061AD1
.text:10061AD1 loc_10061AD1: ; CODE XREF: CGuiWndImpl::IniToBat(char const *)+178j
.text:10061AD1 mov edx, [edi]
.text:10061AD3 mov ecx, edi
.text:10061AD5 call dword ptr [edx+0BCh]
.text:10061ADB mov ebx, eax
.text:10061ADD mov eax, [ebp+var_10]
.text:10061AE0 mov edx, [eax+40h]
.text:10061AE3 lea ecx, [eax+40h]
.text:10061AE6 lea eax, [ebp+var_20]
.text:10061AE9 push eax
.text:10061AEA lea eax, [ebp+var_68]
.text:10061AED push esi
.text:10061AEE push eax
.text:10061AEF call dword ptr [edx+68h]
.text:10061AF2 mov edx, [ebx]
.text:10061AF4 lea eax, [ebp+var_20]
.text:10061AF7 push eax
.text:10061AF8 lea ecx, [ebp+var_68]
.text:10061AFB push esi
.text:10061AFC push ecx
.text:10061AFD mov ecx, ebx
.text:10061AFF call dword ptr [edx+6Ch]
.text:10061B02 mov edx, [edi]
.text:10061B04 mov ecx, edi
.text:10061B06 call dword ptr [edx+10h]
.text:10061B09 mov ebx, [ebp+var_10]
.text:10061B0C jmp loc_10061BBD
.text:10061B11 ; ---------------------------------------------------------------------------
.text:10061B11
.text:10061B11 loc_10061B11: ; CODE XREF: CGuiWndImpl::IniToBat(char const *)+169j
.text:10061B11 lea eax, [ebp+var_20]
.text:10061B14 lea ecx, [ebp+var_68]
.text:10061B17 push eax ; struct CFile *
.text:10061B18 push esi ; int
.text:10061B19 push ecx ; struct CIniFile *
.text:10061B1A mov ecx, ebx ; this
.text:10061B1C call ?LoadToFileExLayout@CGuiWndImpl@@AAEXAAVCIniFile@@HAAVCFile@@@Z ; CGuiWndImpl::LoadToFileExLayout(CIniFile &,int,CFile &)
.text:10061B21 jmp loc_10061BBD
.text:10061B26 ; ---------------------------------------------------------------------------
.text:10061B26
.text:10061B26 loc_10061B26: ; CODE XREF: CGuiWndImpl::IniToBat(char const *)+160j
.text:10061B26 push 278h ; unsigned int
.text:10061B2B call ??2@YAPAXI@Z ; operator new(uint)
.text:10061B30 add esp, 4
.text:10061B33 mov [ebp+var_24], eax
.text:10061B36 test eax, eax
.text:10061B38 mov byte ptr [ebp+var_4], 2
.text:10061B3C jz short loc_10061B49
.text:10061B3E mov ecx, eax
.text:10061B40 call ??0CGuiWndImpl@@QAE@XZ ; CGuiWndImpl::CGuiWndImpl(void)
.text:10061B45 mov edi, eax
.text:10061B47 jmp short loc_10061B4B
.text:10061B49 ; ---------------------------------------------------------------------------
.text:10061B49
.text:10061B49 loc_10061B49: ; CODE XREF: CGuiWndImpl::IniToBat(char const *)+1FCj
.text:10061B49 xor edi, edi
.text:10061B4B
.text:10061B4B loc_10061B4B: ; CODE XREF: CGuiWndImpl::IniToBat(char const *)+207j
.text:10061B4B test edi, edi
.text:10061B4D mov byte ptr [ebp+var_4], 1
.text:10061B51 jnz short loc_10061B6A
.text:10061B58 push 0A20h ; Args
.text:10061B5D push offset aBqassertPwndIn ; "ínASSERT(pWnd) in %d line of %sín"
.text:10061B62 call sub_10080440
.text:10061B67 add esp, 0Ch
.text:10061B6A
.text:10061B6A loc_10061B6A: ; CODE XREF: CGuiWndImpl::IniToBat(char const *)+211j
.text:10061B6A mov edx, [ebx+40h]
.text:10061B6D lea eax, [ebp+var_20]
.text:10061B70 lea ecx, [ebx+40h]
.text:10061B73 push eax
.text:10061B74 lea eax, [ebp+var_68]
.text:10061B77 push esi
.text:10061B78 push eax
.text:10061B79 call dword ptr [edx+68h]
.text:10061B7C mov edx, [edi+40h]
.text:10061B7F lea eax, [ebp+var_20]
.text:10061B82 lea ecx, [edi+40h]
.text:10061B85 push eax
.text:10061B86 lea eax, [ebp+var_68]
.text:10061B89 push esi
.text:10061B8A push eax
.text:10061B8B call dword ptr [edx+6Ch]
.text:10061B8E mov edx, [edi]
.text:10061B90 push 1
.text:10061B92 mov ecx, edi
.text:10061B94 call dword ptr [edx+4]
.text:10061B97 jmp short loc_10061BBD
.text:10061B99 ; ---------------------------------------------------------------------------
.text:10061B99
.text:10061B99 loc_10061B99: ; CODE XREF: CGuiWndImpl::IniToBat(char const *)+157j
.text:10061B99 mov eax, [ebx+40h]
.text:10061B9C lea edi, [ebx+40h]
.text:10061B9F lea ecx, [ebp+var_20]
.text:10061BA2 lea edx, [ebp+var_68]
.text:10061BA5 push ecx
.text:10061BA6 push esi
.text:10061BA7 push edx
.text:10061BA8 mov ecx, edi
.text:10061BAA call dword ptr [eax+68h]
.text:10061BAD mov eax, [edi]
.text:10061BAF lea ecx, [ebp+var_20]
.text:10061BB2 push ecx
.text:10061BB3 lea edx, [ebp+var_68]
.text:10061BB6 push esi
.text:10061BB7 push edx
.text:10061BB8 mov ecx, edi
.text:10061BBA call dword ptr [eax+6Ch]
.text:10061BBD
.text:10061BBD loc_10061BBD: ; CODE XREF: CGuiWndImpl::IniToBat(char const *)+1CCj
.text:10061BBD ; CGuiWndImpl::IniToBat(char const *)+1E1j ...
.text:10061BBD mov eax, [ebp+Args]
.text:10061BC0 inc esi
.text:10061BC1 cmp esi, eax
.text:10061BC3 jl loc_10061A86
.text:10061BC9
.text:10061BC9 loc_10061BC9: ; CODE XREF: CGuiWndImpl::IniToBat(char const *)+140j
.text:10061BC9 lea ecx, [ebp+var_20] ; this
.text:10061BCC call ?Close@CFile@@UAEXXZ ; CFile::Close(void)
.text:10061BD1 lea ecx, [ebp+var_20] ; this
.text:10061BD4 mov byte ptr [ebp+var_4], 0
.text:10061BD8 call ??1CFile@@UAE@XZ ; CFile::~CFile(void)
.text:10061BDD lea ecx, [ebp+var_68]
.text:10061BE0 mov [ebp+var_4], 0FFFFFFFFh
.text:10061BE7 call sub_100808D0
.text:10061BEC mov ecx, [ebp+var_C]
.text:10061BEF pop edi
.text:10061BF0 pop esi
.text:10061BF1 mov eax, 1
.text:10061BF6 pop ebx
.text:10061BF7 mov large fs:0, ecx
.text:10061BFE mov esp, ebp
.text:10061C00 pop ebp
.text:10061C01 retn 4
.text:10061C01 ?IniToBat@CGuiWndImpl@@UAEHPBD@Z endp
客户端是用C ++编写的,并使用LUA脚本进行游戏功能,也可能是解码? 游戏客户端(Zero Online)使用与Conquer Online相同的游戏引擎(C3)。 我试着调查Conquer .dat解密,但区别在于那些.dat文件是不可读的,所以我认为它们没有任何共同之处。
官方英文游戏服务器已经死了,所以我想为客户端添加新功能,以便在私人服务器中使用。
感谢您花时间阅读这篇长篇文章,希望我能够成功完成这个项目。