首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 加壳脱壳
    3. 发新帖
[求助]如何更改文件读取路径?绿化
发表于: 2014-10-3 10:16 9209

[求助]如何更改文件读取路径?绿化

时光鸟 活跃值
2014-10-3 10:16
9209
我有个软件,安装会将配置文件写入到 C:\Documents and Settings\Administrator\Application Data  中

我想绿色化,把 C:\Documents and Settings\Administrator\Application Data 中的配置文件全部搬到 当前程序的目录下,整个包放在电脑的任何地方可以直接运行!

而且这个写入路径并不是通过配置文件实现的!

是不是要在OD中找到appdata环境变量的读取位置?将这个系统环境变量修改为程序当前目录?

请有经验的高手,指点方法,万分感激!

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 0
支持
分享
最新回复 (22)
yuchengton
雪    币: 261
活跃值: (51)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
2
貌似直接改程序的环境变量就好
2014-10-3 10:33
0
时光鸟
雪    币: 43
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
3
OD下,下什么断点?
2014-10-3 10:38
0
kxltsuper
雪    币: 5
活跃值: (11)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
4
copyfile()试一试
2014-10-3 12:24
0
时光鸟
雪    币: 43
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
5
看不懂,请说的明确些
2014-10-3 14:59
0
Kisesy
雪    币: 6525
活跃值: (3373)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
私信
6
你的思路是对的,只要把读取后的路径写为空或者让读取路径的函数返回判断为假,windows的机制会让软件默认就会写到软件自身路径
但是这个方法并不是所有软件适用
如果你技术够好,也可以写汇编,把读取当前路径的API写上,这个是最好的方法
2014-10-3 19:47
0
时光鸟
雪    币: 43
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
7
请问,读取appdata 和 当前路径的 api 分别是什么? 不知道这个,就不好在OD中下断
2014-10-3 20:00
0
Kisesy
雪    币: 6525
活跃值: (3373)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
私信
8
不好说,我见好几个这种函数了,但都没记下来,就记了个SHGetSpecialFolderPath
读当前路径的,你自己找吧,我忘了
2014-10-3 20:02
0
yuchengton
雪    币: 261
活跃值: (51)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
9
没必要下断点呀。。直接加一句SetEnvironmentVariable把APPDATA改成你要的目录或者NULL就好。。。
(目测有效)
2014-10-3 20:05
0
VCKFC
雪    币: 9941
活跃值: (2143)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
私信
10
直接Hook CreateFile
修改路径就行了
2014-10-3 20:17
0
时光鸟
雪    币: 43
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
11
多个地方都有,如果能断在appdata处,直接修改最好了,加SetEnvironmentVariable不完整
2014-10-3 20:23
0
时光鸟
雪    币: 43
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
12
我认为找到appdata的关键点,直接改为当前目录即可!

但这个工作我之前完全没做过,理论上基本空白,所以恳求各路大神指点方向!如果能说得详细一点,更加感激不尽!
2014-10-3 20:53
0
yuchengton
雪    币: 261
活跃值: (51)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
13
呃APPDATA就是环境变量啊,通过SetEnvironmentVariable可以改变这个程序的环境变量。只要在启动的地方跳到自己的代码call SetEnvironmentVariable然后跳回去就好了呀。。
2014-10-3 21:02
0
时光鸟
雪    币: 43
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
14
你的意思我明白,我就是找不到原有的这个点,所以不好下手,随便找个地方写,别的路径也会改掉的
2014-10-3 21:06
0
时光鸟
雪    币: 43
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
15
通过跟随找到的SetEnvironmentVariable在系统领空
2014-10-3 21:12
0
时光鸟
雪    币: 43
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
16
原安装包是有壳的,我是解包后,主程序脱壳后绿色化完成的, 但是主程序还会在读取appdata中的配置文件,而这些配置文件是安装时才会写入appdata的,我目前只想把appdata中配置文件放回当前目录,但不知道主程序中如何把appdata改掉
2014-10-3 21:22
0
yuchengton
雪    币: 261
活跃值: (51)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
17
我觉得你可以改释放后主程序的EXE,在OEP跳到自己的代码改了环境变量然后跳回去
对了读取环境变量是GetEnvironmentVariable,你可以试试能不能断下
2014-10-3 22:03
0
时光鸟
雪    币: 43
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
18
试过了,断不下来
2014-10-3 22:28
0
KuNgBiM
雪    币: 817
活跃值: (1927)
能力值: ( LV12,RANK:2670 )
在线值:
发帖
回帖
粉丝
私信
19
要绿化 没那么麻烦,很多打包工具都支持这些appdata环境的支持
2014-10-4 13:17
0
时光鸟
雪    币: 43
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
20
主程序里面的exe读取的是appdata环境,如果用打包工具,是不是还要生成一个文件?我想直接改这个主程序
2014-10-4 20:12
0
时光鸟
雪    币: 43
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
21
找到位置了:

00428184    54              push esp
00428185    6A 00           push 0
00428187    6A 00           push 0
00428189    6A 2A           push 2A
0042818B    6A 00           push 0
0042818D    E8 CAE1FEFF     call <jmp.&shfolder.SHGetFolderPathW>
00428192    85C0            test eax,eax

这是SHGetFolderPath函数的五个参数:
SHGetFolderPath(_In_   HWND hwndOwner,  _In_   int nFolder,  _In_   HANDLE hToken,  _In_   DWORD dwFlags,  _Out_  LPTSTR pszPath);

很显然,第二个参数,也就是push 2A 是关键,试着改为1A或3A都成功,但是将push 2A改为push 0 却不成功!

只是不明白的是,push 2A 这里入栈的是不是就是appdata这个参数?请详细告知,非常感谢!
2014-10-4 20:51
0
MPL
雪    币: 175
活跃值: (40)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
22
2a是啥,1a才是appdata啊。
CSIDL_FLAG_CREATE (0x8000)
Version 5.0. Combine this CSIDL with any of the following CSIDLs to force the creation of the associated folder. 

CSIDL_ADMINTOOLS (0x0030)
Version 5.0. The file system directory that is used to store administrative tools for an individual user. The Microsoft Management Console (MMC) will save customized consoles to this directory, and it will roam with the user.

CSIDL_ALTSTARTUP (0x001d)
The file system directory that corresponds to the user's nonlocalized Startup program group.

CSIDL_APPDATA (0x001a)
Version 4.71. The file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\username\Application Data. This CSIDL is supported by the redistributable Shfolder.dll for systems that do not have the Microsoft Internet Explorer 4.0 integrated Shell installed.

CSIDL_BITBUCKET (0x000a)
The virtual folder containing the objects in the user's Recycle Bin.

CSIDL_CDBURN_AREA (0x003b)
Version 6.0. The file system directory acting as a staging area for files waiting to be written to CD. A typical path is C:\Documents and Settings\username\Local Settings\Application Data\Microsoft\CD Burning.

CSIDL_COMMON_ADMINTOOLS (0x002f)
Version 5.0. The file system directory containing administrative tools for all users of the computer.

CSIDL_COMMON_ALTSTARTUP (0x001e)
The file system directory that corresponds to the nonlocalized Startup program group for all users. Valid only for Microsoft Windows NT systems.

CSIDL_COMMON_APPDATA (0x0023)
Version 5.0. The file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.

CSIDL_COMMON_DESKTOPDIRECTORY (0x0019)
The file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop. Valid only for Windows NT systems.

CSIDL_COMMON_DOCUMENTS (0x002e)
The file system directory that contains documents that are common to all users. A typical paths is C:\Documents and Settings\All Users\Documents. Valid for Windows NT systems and Microsoft Windows 95 and Windows 98 systems with Shfolder.dll installed.

CSIDL_COMMON_FAVORITES (0x001f)
The file system directory that serves as a common repository for favorite items common to all users. Valid only for Windows NT systems.

CSIDL_COMMON_MUSIC (0x0035)
Version 6.0. The file system directory that serves as a repository for music files common to all users. A typical path is C:\Documents and Settings\All Users\Documents\My Music.

CSIDL_COMMON_PICTURES (0x0036)
Version 6.0. The file system directory that serves as a repository for image files common to all users. A typical path is C:\Documents and Settings\All Users\Documents\My Pictures.

CSIDL_COMMON_PROGRAMS (0x0017)
The file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs. Valid only for Windows NT systems.

CSIDL_COMMON_STARTMENU (0x0016)
The file system directory that contains the programs and folders that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu. Valid only for Windows NT systems.

CSIDL_COMMON_STARTUP (0x0018)
The file system directory that contains the programs that appear in the Startup folder for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs\Startup. Valid only for Windows NT systems.

CSIDL_COMMON_TEMPLATES (0x002d)
The file system directory that contains the templates that are available to all users. A typical path is C:\Documents and Settings\All Users\Templates. Valid only for Windows NT systems.

CSIDL_COMMON_VIDEO (0x0037)
Version 6.0. The file system directory that serves as a repository for video files common to all users. A typical path is C:\Documents and Settings\All Users\Documents\My Videos.

CSIDL_COMPUTERSNEARME (0x003d)
The folder representing other machines in your workgroup.

CSIDL_CONNECTIONS (0x0031)
The virtual folder representing Network Connections, containing network and dial-up connections. 

CSIDL_CONTROLS (0x0003)
The virtual folder containing icons for the Control Panel applications.

CSIDL_COOKIES (0x0021)
The file system directory that serves as a common repository for Internet cookies. A typical path is C:\Documents and Settings\username\Cookies.

CSIDL_DESKTOP (0x0000)
The virtual folder representing the Windows desktop, the root of the namespace.

CSIDL_DESKTOPDIRECTORY (0x0010)
The file system directory used to physically store file objects on the desktop (not to be confused with the desktop folder itself). A typical path is C:\Documents and Settings\username\Desktop.

CSIDL_DRIVES (0x0011)
The virtual folder representing My Computer, containing everything on the local computer: storage devices, printers, and Control Panel. The folder may also contain mapped network drives.

CSIDL_FAVORITES (0x0006)
The file system directory that serves as a common repository for the user's favorite items. A typical path is C:\Documents and Settings\username\Favorites.

CSIDL_FLAG_DONT_UNEXPAND (0x2000)
Combine with another CSIDL constant to ensure expanding of environment variables.

CSIDL_FLAG_DONT_VERIFY (0x4000)
Combine with another CSIDL constant, except for CSIDL_FLAG_CREATE, to return an unverified folder path—with no attempt to create or initialize the folder.

CSIDL_FONTS (0x0014)
A virtual folder containing fonts. A typical path is C:\Windows\Fonts.

CSIDL_HISTORY (0x0022)
The file system directory that serves as a common repository for Internet history items.

CSIDL_INTERNET (0x0001)
A viritual folder for Internet Explorer (icon on desktop).

CSIDL_INTERNET_CACHE (0x0020)
Version 4.72. The file system directory that serves as a common repository for temporary Internet files. A typical path is C:\Documents and Settings\username\Local Settings\Temporary Internet Files.

CSIDL_LOCAL_APPDATA (0x001c)
Version 5.0. The file system directory that serves as a data repository for local (nonroaming) applications. A typical path is C:\Documents and Settings\username\Local Settings\Application Data.

CSIDL_MYDOCUMENTS (0x000c)
Version 6.0. The virtual folder representing the My Documents desktop item.

CSIDL_MYMUSIC (0x000d)
The file system directory that serves as a common repository for music files. A typical path is C:\Documents and Settings\User\My Documents\My Music.

CSIDL_MYPICTURES (0x0027)
Version 5.0. The file system directory that serves as a common repository for image files. A typical path is C:\Documents and Settings\username\My Documents\My Pictures.

CSIDL_MYVIDEO (0x000e)
Version 6.0. The file system directory that serves as a common repository for video files. A typical path is C:\Documents and Settings\username\My Documents\My Videos.

CSIDL_NETHOOD (0x0013)
A file system directory containing the link objects that may exist in the My Network Places virtual folder. It is not the same as CSIDL_NETWORK, which represents the network namespace root. A typical path is C:\Documents and Settings\username\NetHood.

CSIDL_NETWORK (0x0012)
A virtual folder representing Network Neighborhood, the root of the network namespace hierarchy.

CSIDL_PERSONAL (0x0005)
Version 6.0. The virtual folder representing the My Documents desktop item. This is equivalent to CSIDL_MYDOCUMENTS. 
Previous to Version 6.0. The file system directory used to physically store a user's common repository of documents. A typical path is C:\Documents and Settings\username\My Documents. This should be distinguished from the virtual My Documents folder in the namespace. To access that virtual folder, use SHGetFolderLocation, which returns the ITEMIDLIST for the virtual location, or refer to the technique described in Managing the File System.


CSIDL_PHOTOALBUMS (0x0045)
Windows Vista. The virtual folder used to store photo albums, typically username\My Pictures\Photo Albums.

CSIDL_PLAYLISTS (0x003f)
Windows Vista. The virtual folder used to store play albums, typically username\My Music\Playlists.

CSIDL_PRINTERS (0x0004)
The virtual folder containing installed printers.

CSIDL_PRINTHOOD (0x001b)
The file system directory that contains the link objects that can exist in the Printers virtual folder. A typical path is C:\Documents and Settings\username\PrintHood.

CSIDL_PROFILE (0x0028)
Version 5.0. The user's profile folder. A typical path is C:\Documents and Settings\username. Applications should not create files or folders at this level; they should put their data under the locations referred to by CSIDL_APPDATA or CSIDL_LOCAL_APPDATA.

CSIDL_PROGRAM_FILES (0x0026)
Version 5.0. The Program Files folder. A typical path is C:\Program Files.

CSIDL_PROGRAM_FILES_COMMON (0x002b)
Version 5.0. A folder for components that are shared across applications. A typical path is C:\Program Files\Common. Valid only for Windows NT, Windows 2000, and Windows XP systems. Not valid for Windows Millennium Edition (Windows Me).

CSIDL_PROGRAMS (0x0002)
The file system directory that contains the user's program groups (which are themselves file system directories). A typical path is C:\Documents and Settings\username\Start Menu\Programs. 

CSIDL_RECENT (0x0008)
The file system directory that contains shortcuts to the user's most recently used documents. A typical path is C:\Documents and Settings\username\My Recent Documents. To create a shortcut in this folder, use SHAddToRecentDocs. In addition to creating the shortcut, this function updates the Shell's list of recent documents and adds the shortcut to the My Recent Documents submenu of the Start menu.

CSIDL_RESOURCES (0x0038)
Windows Vista. The file system directory that contains resource data. A typical path is C:\Windows\Resources.

CSIDL_SAMPLE_MUSIC (0x0040)
Windows Vista. The file system directory that contains sample music. A typical path is C:\Documents and Settings\username\My Documents\My Music\Sample Music.

CSIDL_SAMPLE_PLAYLISTS (0x0041)
Windows Vista. The file system directory that contains sample playlists. A typical path is C:\Documents and Settings\username\My Documents\My Music\Sample Playlists.

CSIDL_SAMPLE_PICTURES (0x0042)
Windows Vista. The file system directory that contains sample pictures. A typical path is C:\Documents and Settings\username\My Documents\My Pictures\Sample Pictures.

CSIDL_SAMPLE_VIDEOS (0x0043)
Windows Vista. The file system directory that contains sample videos. A typical path is C:\Documents and Settings\username\My Documents\My Videos\Sample Videos.

CSIDL_SENDTO (0x0009)
The file system directory that contains Send To menu items. A typical path is C:\Documents and Settings\username\SendTo.

CSIDL_STARTMENU (0x000b)
The file system directory containing Start menu items. A typical path is C:\Documents and Settings\username\Start Menu.

CSIDL_STARTUP (0x0007)
The file system directory that corresponds to the user's Startup program group. The system starts these programs whenever any user logs onto Windows NT or starts Windows 95. A typical path is C:\Documents and Settings\username\Start Menu\Programs\Startup.

CSIDL_SYSTEM (0x0025)
Version 5.0. The Windows System folder. A typical path is C:\Windows\System32.

CSIDL_TEMPLATES (0x0015)
The file system directory that serves as a common repository for document templates. A typical path is C:\Documents and Settings\username\Templates.

CSIDL_WINDOWS (0x0024)
Version 5.0. The Windows directory or SYSROOT. This corresponds to the %windir% or %SYSTEMROOT% environment variables. A typical path is C:\Windows.
2014-10-11 21:56
0
时光鸟
雪    币: 43
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
23
是的,我也看到这个了,不知道为何开始调试时出现的是2A,后来有时1A,但是我把这个改为3A解决问题了
2014-10-12 15:29
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//