首页
社区
课程
招聘
[原创]关于Windows7全系列水印去除的逆向分析
发表于: 2009-5-8 16:16 14024

[原创]关于Windows7全系列水印去除的逆向分析

2009-5-8 16:16
14024
收藏
免费 7
支持
分享
最新回复 (29)
雪    币: 199
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
jox
26
年底应该就出Windows 7 正式版 , 3月就出反盗版补丁, 期待牛人们反出来啊!我感觉基本都是老外们反出来!
2009-5-12 14:14
0
雪    币: 230
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
27
感觉楼主很是用心,只要用心,很多问题处理起来都会变得容易!
2009-5-12 22:33
0
雪    币: 370
活跃值: (15)
能力值: ( LV9,RANK:170 )
在线值:
发帖
回帖
粉丝
28
我喜欢这种文章

另外deepxw的补丁都很不错,不知道他是否也在本坛有ID?
2009-5-12 22:44
0
雪    币: 370
活跃值: (15)
能力值: ( LV9,RANK:170 )
在线值:
发帖
回帖
粉丝
29
How To Remove Watermark By Programing

--------------------------------------------------------------------------------

作者:   发布时间:2009-05-10 12:59:02   浏览次数:45

Some friends asked me how to remove the watermark by programming, now, I have post a demo to google code. You can found the source code at http://code.google.com/p/removewatermark/

Main steps:
Load the user32.dll.mui into memory by API LoadLibraryEx().
Find the string table by FindResourceEx(), and load it by LoadResource(), LockResource().

Look up the watermark string in string table, we can get the string virtual address and length, then calculate the string offset base the module address, and we get the file offset.
Map the file to memory, just simple zero the watermark string.
In order to make the procedure simple, so use the simplest method.

Finally, re-check sum the file.
OK, all done.

Code snippet:

// Load string from resource with special langID
//
BOOL LoadStringExx(
HINSTANCE hInst, // Hinstance of lib
WORD wLangID, // Language ID of resource
PRES_STRING_INFO pInfo // Pointer to the string info
)

{
HRSRC hFindRes; // Handle of the resources has been found
HGLOBAL hLoadRes; // Handle of the resources has been loaded
LPVOID pRes; // Pointer to the resources
UINT nBlockID; // String block ID

pInfo->dwFileOffset = 0; // String offset in the file
pInfo->dwBytes = 0; // String length, in bytes
pInfo->pszText = NULL;

nBlockID = pInfo->uStringID / 16 + 1;

__try
{
// find the string block
hFindRes = FindResourceEx(hInst, RT_STRING, MAKEINTRESOURCE(nBlockID), wLangID);
if(!hFindRes )
{
__leave;
}

hLoadRes = LoadResource(hInst, hFindRes);
if(!hLoadRes )
{
__leave;
}

pRes = LockResource(hLoadRes);
if(!pRes )
{
__leave;
}

WCHAR* pParse = (WCHAR *)pRes; // Pointer to the String block
UINT nIndex = pInfo->uStringID % 16; // Calculate the string index
int nLen;
UINT i;

// 16 strings per block
for( i = 0; i < (nIndex & 15); i++ )
{
pParse += 1 + (int)*pParse;
}

// OK, we get it
nLen = (UINT)*pParse; // The length of the target string.
pParse += 1; // Pointer to the target string

// Main point, calculate the string offset
pInfo->dwFileOffset = (DWORD) ( (DWORD_PTR)pParse - (DWORD_PTR)hInst ) + 1;
pInfo->dwBytes = nLen * sizeof(WCHAR);

// allocate memory
pInfo->pszText = (LPWSTR)MALLOC((nLen + 1) * sizeof(WCHAR));
if (!pInfo->pszText)
__leave;

// copy string for return
CopyMemory((LPVOID)pInfo->pszText, (LPVOID)pParse, pInfo->dwBytes);
*(PWCHAR)((DWORD_PTR)pInfo->pszText + pInfo->dwBytes) = 0;

}
__finally
{
// Clean up, free memory

if (pRes)
UnlockResource(pRes);

if (hFindRes)
FreeResource(hFindRes);
}

// if pointer is null, we return a NULL string
if (!pInfo->pszText)
{
pInfo->pszText = (LPWSTR)MALLOC(sizeof(WCHAR));
pInfo->pszText[0] = 0;
}

return TRUE;

} // LoadStringExx()
2009-5-12 22:49
0
雪    币: 590
活跃值: (177)
能力值: ( LV9,RANK:680 )
在线值:
发帖
回帖
粉丝
30
非常感谢快雪时晴另外提供修改源码
2009-5-13 15:20
0
游客
登录 | 注册 方可回帖
返回
//