想把一个单机游戏文件解压出来
[IMG]http://pic.unpack.cn:88/forum/201111/19/2233124dx5i45u0rz0hfud.jpg
类似于这样的文件,想把里面的图片解压出来。
听别人说找 SetFilePointer,找到了 offset。不知道该怎么搞了
上这段的代码
00562560 $ 81EC 20010000 SUB ESP, 120
00562566 . A1 B8CE6800 MOV EAX, DWORD PTR [68CEB8]
0056256B . 33C4 XOR EAX, ESP
0056256D . 898424 1C0100>MOV DWORD PTR [ESP+11C], EAX
00562574 . 8B8424 280100>MOV EAX, DWORD PTR [ESP+128]
0056257B . 53 PUSH EBX
0056257C . 55 PUSH EBP
0056257D . 8BAC24 2C0100>MOV EBP, DWORD PTR [ESP+12C] ; [esp+12C]
00562584 . 56 PUSH ESI
00562585 . 894C24 1C MOV DWORD PTR [ESP+1C], ECX
00562589 . 57 PUSH EDI
0056258A . 8B7D 14 MOV EDI, DWORD PTR [EBP+14] ; ```
0056258D . 8D4C24 14 LEA ECX, DWORD PTR [ESP+14]
00562591 . 51 PUSH ECX
00562592 . 8B08 MOV ECX, DWORD PTR [EAX]
00562594 . 895424 20 MOV DWORD PTR [ESP+20], EDX
00562598 . 897C24 1C MOV DWORD PTR [ESP+1C], EDI
0056259C . 33DB XOR EBX, EBX
0056259E . E8 DDA5EAFF CALL ワケあり.0040CB80
005625A3 . 68 03010000 PUSH 103
005625A8 . 8D5424 2D LEA EDX, DWORD PTR [ESP+2D]
005625AC . 53 PUSH EBX
005625AD . 52 PUSH EDX
005625AE . 885C24 34 MOV BYTE PTR [ESP+34], BL
005625B2 . E8 29CB0700 CALL ワケあり.005DF0E0
005625B7 . 8B4C24 20 MOV ECX, DWORD PTR [ESP+20]
005625BB . 8D4424 34 LEA EAX, DWORD PTR [ESP+34]
005625BF . 8BD0 MOV EDX, EAX
005625C1 . 83C4 0C ADD ESP, 0C
005625C4 . BE 04010000 MOV ESI, 104
005625C9 . 2BCA SUB ECX, EDX
005625CB . EB 03 JMP SHORT ワケあり.005625D0
005625CD 8D49 00 LEA ECX, DWORD PTR [ECX]
005625D0 > 8D96 FAFEFF7F LEA EDX, DWORD PTR [ESI+7FFFFEFA]
005625D6 . 85D2 TEST EDX, EDX
005625D8 . 74 11 JE SHORT ワケあり.005625EB
005625DA . 8A1401 MOV DL, BYTE PTR [ECX+EAX]
005625DD . 84D2 TEST DL, DL
005625DF . 74 0A JE SHORT ワケあり.005625EB
005625E1 . 8810 MOV BYTE PTR [EAX], DL
005625E3 . 40 INC EAX
005625E4 . 83EE 01 SUB ESI, 1
005625E7 .^ 75 E7 JNZ SHORT ワケあり.005625D0
005625E9 . EB 04 JMP SHORT ワケあり.005625EF
005625EB > 85F6 TEST ESI, ESI
005625ED . 75 01 JNZ SHORT ワケあり.005625F0
005625EF > 48 DEC EAX
005625F0 > 33F6 XOR ESI, ESI
005625F2 . 395D 10 CMP DWORD PTR [EBP+10], EBX
005625F5 . 8818 MOV BYTE PTR [EAX], BL
005625F7 . 7E 25 JLE SHORT ワケあり.0056261E
005625F9 . 8DA424 000000>LEA ESP, DWORD PTR [ESP]
00562600 > 8D4424 28 LEA EAX, DWORD PTR [ESP+28]
00562604 . 57 PUSH EDI
00562605 . 50 PUSH EAX
00562606 . E8 34B10700 CALL ワケあり.005DD73F
0056260B . 83C4 08 ADD ESP, 8
0056260E . 85C0 TEST EAX, EAX
00562610 . 74 49 JE SHORT ワケあり.0056265B
00562612 . 46 INC ESI ; ESI
00562613 . 81C7 20010000 ADD EDI, 120
00562619 . 3B75 10 CMP ESI, DWORD PTR [EBP+10]
0056261C .^ 7C E2 JL SHORT ワケあり.00562600
0056261E > 8B4424 14 MOV EAX, DWORD PTR [ESP+14]
00562622 . 83C0 F0 ADD EAX, -10
00562625 . 8D48 0C LEA ECX, DWORD PTR [EAX+C]
00562628 . 83CA FF OR EDX, FFFFFFFF
0056262B . F0:0FC111 LOCK XADD DWORD PTR [ECX], EDX ; 锁定前缀
0056262F . 4A DEC EDX
00562630 . 85D2 TEST EDX, EDX
00562632 . 7F 0A JG SHORT ワケあり.0056263E
00562634 . 8B08 MOV ECX, DWORD PTR [EAX]
00562636 . 8B11 MOV EDX, DWORD PTR [ECX]
00562638 . 50 PUSH EAX
00562639 . 8B42 04 MOV EAX, DWORD PTR [EDX+4]
0056263C . FFD0 CALL NEAR EAX
0056263E > 32C0 XOR AL, AL
00562640 > 8B8C24 2C0100>MOV ECX, DWORD PTR [ESP+12C]
00562647 . 5F POP EDI
00562648 . 5E POP ESI
00562649 . 5D POP EBP
0056264A . 5B POP EBX
0056264B . 33CC XOR ECX, ESP
0056264D . E8 8F780700 CALL ワケあり.005D9EE1
00562652 . 81C4 20010000 ADD ESP, 120
00562658 . C2 0800 RETN 8
0056265B > 8B5424 18 MOV EDX, DWORD PTR [ESP+18]
0056265F . 8D0CF6 LEA ECX, DWORD PTR [ESI+ESI*8]
00562662 . C1E1 05 SHL ECX, 5
00562665 . 8BB411 040100>MOV ESI, DWORD PTR [ECX+EDX+104]
0056266C . 8D0411 LEA EAX, DWORD PTR [ECX+EDX] ; ECX+EDX
0056266F . 8B80 08010000 MOV EAX, DWORD PTR [EAX+108] ; [EAX+108
00562675 . 8B4D 04 MOV ECX, DWORD PTR [EBP+4]
00562678 . 6A 00 PUSH 0 ; /Origin = FILE_BEGIN
0056267A . 6A 00 PUSH 0 ; |pOffsetHi = NULL
0056267C . 50 PUSH EAX ; |OffsetLo
0056267D . 51 PUSH ECX ; |hFile
0056267E . FF15 C8716100 CALL NEAR DWORD PTR [<&KERNEL32.SetFi>; \SetFilePointer
00562684 . 8B55 04 MOV EDX, DWORD PTR [EBP+4]
00562687 . 895424 24 MOV DWORD PTR [ESP+24], EDX
0056268B . 85F6 TEST ESI, ESI
0056268D . 74 62 JE SHORT ワケあり.005626F1
0056268F . A1 505A6A00 MOV EAX, DWORD PTR [6A5A50]
00562694 . 85C0 TEST EAX, EAX
00562696 . 75 12 JNZ SHORT ワケあり.005626AA
00562698 . 50 PUSH EAX ; /MaximumSize => 4AC0000 (78381056.)
00562699 . 68 00040000 PUSH 400 ; |InitialSize = 400 (1024.)
0056269E . 50 PUSH EAX ; |Flags => 4AC0000
0056269F . FF15 F0716100 CALL NEAR DWORD PTR [<&KERNEL32.HeapC>; \HeapCreate
005626A5 . A3 505A6A00 MOV DWORD PTR [6A5A50], EAX
005626AA > 56 PUSH ESI ; /HeapSize
005626AB . 6A 08 PUSH 8 ; |Flags = HEAP_ZERO_MEMORY
005626AD . 50 PUSH EAX ; |hHeap
005626AE . FF15 F4716100 CALL NEAR DWORD PTR [<&KERNEL32.HeapA>; \HeapAlloc
005626B4 . 8BF8 MOV EDI, EAX
005626B6 . 85FF TEST EDI, EDI
005626B8 . 75 08 JNZ SHORT ワケあり.005626C2
005626BA . FF15 18716100 CALL NEAR DWORD PTR [<&KERNEL32.GetLa>; [GetLastError
005626C0 . EB 2F JMP SHORT ワケあり.005626F1
005626C2 > A1 505A6A00 MOV EAX, DWORD PTR [6A5A50]
005626C7 . 57 PUSH EDI ; /pMemory
005626C8 . 6A 00 PUSH 0 ; |Flags = 0
005626CA . 50 PUSH EAX ; |hHeap => 04AC0000
005626CB . FF15 EC716100 CALL NEAR DWORD PTR [<&KERNEL32.HeapS>; \HeapSize
005626D1 . 8B5424 24 MOV EDX, DWORD PTR [ESP+24]
005626D5 . 0105 4C5A6A00 ADD DWORD PTR [6A5A4C], EAX
005626DB . 6A 00 PUSH 0 ; /pOverlapped = NULL
005626DD . 8D4C24 1C LEA ECX, DWORD PTR [ESP+1C] ; |
005626E1 . 51 PUSH ECX ; |pBytesRead
005626E2 . 56 PUSH ESI ; |BytesToRead
005626E3 . 57 PUSH EDI ; |Buffer
005626E4 . 52 PUSH EDX ; |hFile
005626E5 . 895C24 2C MOV DWORD PTR [ESP+2C], EBX ; |
005626E9 . FF15 A8716100 CALL NEAR DWORD PTR [<&KERNEL32.ReadF>; \ReadFile
005626EF . 8BDF MOV EBX, EDI
005626F1 > 8A45 20 MOV AL, BYTE PTR [EBP+20]
005626F4 . 84C0 TEST AL, AL ; Switch (cases 1..4)
005626F6 . 74 66 JE SHORT ワケあり.0056275E
005626F8 . 3C 01 CMP AL, 1
005626FA . 75 1B JNZ SHORT ワケあり.00562717
005626FC . 8B6D 1C MOV EBP, DWORD PTR [EBP+1C] ; Case 1 of switch 005626F4
005626FF . 8B7C24 1C MOV EDI, DWORD PTR [ESP+1C]
00562703 . 56 PUSH ESI
00562704 . 55 PUSH EBP
00562705 . 8BD3 MOV EDX, EBX
00562707 . E8 94F1FFFF CALL ワケあり.005618A0
0056270C . 8B4C24 28 MOV ECX, DWORD PTR [ESP+28]
00562710 . 83C4 08 ADD ESP, 8
00562713 . 8901 MOV DWORD PTR [ECX], EAX
00562715 . EB 47 JMP SHORT ワケあり.0056275E
00562717 > 3C 02 CMP AL, 2
00562719 . 74 43 JE SHORT ワケあり.0056275E
0056271B . 3C 03 CMP AL, 3
0056271D . 75 1B JNZ SHORT ワケあり.0056273A
0056271F . 8B6D 1C MOV EBP, DWORD PTR [EBP+1C] ; Case 3 of switch 005626F4
00562722 . 8B7C24 1C MOV EDI, DWORD PTR [ESP+1C]
00562726 . 56 PUSH ESI
00562727 . 55 PUSH EBP
00562728 . 8BD3 MOV EDX, EBX
0056272A . E8 B1F2FFFF CALL ワケあり.005619E0
0056272F . 8B5424 28 MOV EDX, DWORD PTR [ESP+28]
00562733 . 83C4 08 ADD ESP, 8
00562736 . 8902 MOV DWORD PTR [EDX], EAX
00562738 . EB 24 JMP SHORT ワケあり.0056275E
0056273A > 3C 04 CMP AL, 4
0056273C . 75 20 JNZ SHORT ワケあり.0056275E
0056273E . 8B4424 20 MOV EAX, DWORD PTR [ESP+20] ; Case 4 of switch 005626F4
00562742 . 8B4C24 1C MOV ECX, DWORD PTR [ESP+1C]
00562746 . 50 PUSH EAX ; /Arg3
00562747 . 56 PUSH ESI ; |Arg2
00562748 . 53 PUSH EBX ; |Arg1
00562749 . 8D5424 1F LEA EDX, DWORD PTR [ESP+1F] ; |
0056274D . C64424 1F 00 MOV BYTE PTR [ESP+1F], 0 ; |
00562752 . E8 C947FEFF CALL ワケあり.00546F20 ; \ワケあり.00546F20
00562757 . 8BF3 MOV ESI, EBX
00562759 . E8 024A0000 CALL ワケあり.00567160
0056275E > 8B4424 14 MOV EAX, DWORD PTR [ESP+14] ; Default case of switch 005626F4
00562762 . 83C0 F0 ADD EAX, -10
00562765 . 8D48 0C LEA ECX, DWORD PTR [EAX+C]
00562768 . 83CA FF OR EDX, FFFFFFFF
0056276B . F0:0FC111 LOCK XADD DWORD PTR [ECX], EDX ; 锁定前缀
0056276F . 4A DEC EDX
00562770 . 85D2 TEST EDX, EDX
00562772 . 7F 0A JG SHORT ワケあり.0056277E
00562774 . 8B08 MOV ECX, DWORD PTR [EAX]
00562776 . 8B11 MOV EDX, DWORD PTR [ECX]
00562778 . 50 PUSH EAX
00562779 . 8B42 04 MOV EAX, DWORD PTR [EDX+4]
0056277C . FFD0 CALL NEAR EAX
0056277E > B0 01 MOV AL, 1
00562780 .^ E9 BBFEFFFF JMP ワケあり.00562640
请汉化高手解答下解压流程
游戏名 叫[ILLUSION] ワケあり! 是I社的游戏,种子不知道怎么传上来�Α[/IMG]
[课程]FART 脱壳王!加量不加价!FART作者讲授!
