ENG客户端main的关键汉化分析
FDE9 对应的是65001 代码页Unicode (UTF-8) 3A8 对应的是936 代码页中国简体 (GB2312) 已经有很简单的办法了,这里是很笨的修改方法。。。。。。 008C9120 /$ 55 push ebp 008C9121 |. 8BEC mov ebp, esp 008C9123 |. 6A FF push -1 008C9125 |. 68 295D9600 push 00965D29 ; SE 处理程序安装 008C912A |. 64:A1 0000000>mov eax, dword ptr fs:[0] 008C9130 |. 50 push eax 008C9131 |. 64:8925 00000>mov dword ptr fs:[0], esp 008C9138 |. 51 push ecx 008C9139 |. 894D F0 mov dword ptr [ebp-10], ecx 008C913C |. C745 FC 00000>mov dword ptr [ebp-4], 0 008C9143 |. 833D 04BE3309>cmp dword ptr [933BE04], 0 008C914A |. 74 05 je short 008C9151 008C914C |. E9 C7000000 jmp 008C9218 008C9151 |> 8B45 F0 mov eax, dword ptr [ebp-10] 008C9154 |. A3 04BE3309 mov dword ptr [933BE04], eax 008C9159 |. 68 08FD9C00 push 009CFD08 ; ASCII "ENG" 008C915E |. 8D4D 08 lea ecx, dword ptr [ebp+8] 008C9161 |. E8 CA92B3FF call 00402430 008C9166 |. 50 push eax 008C9167 |. E8 C4610600 call 0092F330 008C916C |. 83C4 08 add esp, 8 008C916F |. 85C0 test eax, eax 008C9171 |. 75 1F jnz short 008C9192 008C9173 |. 8B4D F0 mov ecx, dword ptr [ebp-10] 008C9176 |. C601 00 mov byte ptr [ecx], 0 008C9179 |. 8B55 F0 mov edx, dword ptr [ebp-10] 008C917C |. C742 04 E4040>mov dword ptr [edx+4], 4E4//3A8 //简单修改这里就能够显示大部分中文 008C9183 |. 8B45 F0 mov eax, dword ptr [ebp-10] 008C9186 |. C740 08 02000>mov dword ptr [eax+8], 2 008C918D |. E9 86000000 jmp 008C9218 008C9192 |> 68 0CFD9C00 push 009CFD0C ; ASCII "POR" 008C9197 |. 8D4D 08 lea ecx, dword ptr [ebp+8] 008C919A |. E8 9192B3FF call 00402430 008C919F |. 50 push eax 008C91A0 |. E8 8B610600 call 0092F330 008C91A5 |. 83C4 08 add esp, 8 008C91A8 |. 85C0 test eax, eax 008C91AA |. 75 1C jnz short 008C91C8 008C91AC |. 8B4D F0 mov ecx, dword ptr [ebp-10] 008C91AF |. C601 01 mov byte ptr [ecx], 1 008C91B2 |. 8B55 F0 mov edx, dword ptr [ebp-10] 008C91B5 |. C742 04 E4040>mov dword ptr [edx+4], 4E4 008C91BC |. 8B45 F0 mov eax, dword ptr [ebp-10] 008C91BF |. C740 08 02000>mov dword ptr [eax+8], 2 008C91C6 |. EB 50 jmp short 008C9218 008C91C8 |> 68 10FD9C00 push 009CFD10 ; ASCII "SPN" 008C943C |. /74 09 je short Main6.008C9447 /////00 008C943E |. |C745 E4 E9FD0>mov [local.7],0xFDE9 //////CodePage//3A8 008C9445 |. |EB 09 jmp short Main6.008C9450 008C9447 |> \8B4D E8 mov ecx,[local.6] 008C944A |. 8B51 04 mov edx,dword ptr ds:[ecx+0x4] 008C944D |. 8955 E4 mov [local.7],edx 008C9450 |> 8B45 E4 mov eax,[local.7] 008C9453 |. 8945 FC mov [local.1],eax 008C9456 |> 6A 00 push 0x0 ; /WideBufSize = 0 008C9458 |. 6A 00 push 0x0 ; |WideCharBuf = NULL 008C945A |. 6A FF push -0x1 ; |StringSize = FFFFFFFF (-1.) 008C945C |. 8B4D 0C mov ecx,[arg.2] ; | 008C945F |. 51 push ecx ; |StringToMap 008C9460 |. 6A 00 push 0x0 ; |Options = 0 008C9462 |. 8B55 FC mov edx,[local.1] ; | 008C9465 |. 52 push edx ; |CodePage //////////这里 008C9466 |. FF15 B8A19600 call dword ptr ds:[<&KERNEL32.MultiByteT>; \MultiByteToWideChar 0041EAA0 |. 8B4D FC mov ecx,[local.1] 0041EAA3 |. E8 98B20000 call Main6.00429D40 0041EAA8 |. 85C0 test eax,eax 0041EAAA |. 74 2C je short Main6.0041EAD8 0041EAAC |. 837D 10 08 cmp [arg.3],0x8 0041EAB0 |. 75 02 jnz short Main6.0041EAB4 0041EAB2 |. EB 24 jmp short Main6.0041EAD8 0041EAB4 |> 8B45 F8 mov eax,[local.2] 0041EAB7 |. 25 FFFF0000 and eax,0xFFFF 0041EABC |. 83F8 21 cmp eax,0x21 0041EABF |. 7C 10 jl short Main6.0041EAD1 0041EAC1 |. 8B4D F8 mov ecx,[local.2] 0041EAC4 |. 81E1 FFFF0000 and ecx,0xFFFF 0041EACA |. 83F9 7E cmp ecx,0x7E 0041EACD |. 7F 02 jg short Main6.0041EAD1 ////02 00改这里解决不能输入中文字符 0041EACF |. EB 07 jmp short Main6.0041EAD8 0041EAD1 |> 33C0 xor eax,eax 0041EAD3 |. E9 A8000000 jmp Main6.0041EB80 0041EAD8 |> E9 86000000 jmp Main6.0041EB63 / 0041EADD |> 8B55 FC mov edx,[local.1] 0041EAE0 |. 8B02 mov eax,dword ptr ds:[edx] 0041EAE2 |. 8B4D FC mov ecx,[local.1] 0041EAE5 |. FF50 64 call dword ptr ds:[eax+0x64] 0041EAE8 |. 8B4D 14 mov ecx,[arg.4] 0041EAEB |. 51 push ecx 0041EAEC |. 8B55 10 mov edx,[arg.3] 0041EAEF |. 52 push edx 0041EAF0 |. 8B45 0C mov eax,[arg.2] 0041EAF3 |. 50 push eax 0041EAF4 |. 8B4D FC mov ecx,[local.1] 0041EAF7 |. E8 C4B40000 call Main6.00429FC0 0041EAFC |. 50 push eax ; |hWnd 0041EAFD |. FF15 B8A49600 call dword ptr ds:[<&USER32.SendMessageA>; \SendMessageA 0041EB03 |. 817D 0C 82020>cmp [arg.2],0x282 0041EB0A |. 75 34 jnz short Main6.0041EB40 0041EB0C |. 6A 02 push 0x2 0041EB0E |. 8B4D FC mov ecx,[local.1] 0041EB11 |. E8 2AB20000 call Main6.00429D40 0041EB16 |. 85C0 test eax,eax 0041EB18 |. 75 0E jnz short Main6.0041EB28 0041EB1A |. 6A 01 push 0x1 0041EB1C |. 8B4D FC mov ecx,[local.1] 0041EB1F |. E8 1CB20000 call Main6.00429D40 0041EB24 |. 85C0 test eax,eax 0041EB26 |. 74 18 je short Main6.0041EB40 0041EB28 |> 8B4D 10 mov ecx,[arg.3] 0041EB2B |. 894D E8 mov [local.6],ecx 0041EB2E |. 837D E8 08 cmp [local.6],0x8 0041EB32 |. 74 02 je short Main6.0041EB36 0041EB34 |. EB 0A jmp short Main6. 这段代码是处理角色名的 004D6440 /$ 55 push ebp 004D6441 |. 8BEC mov ebp, esp 004D6443 |. 51 push ecx 004D6444 |. 8B45 08 mov eax, dword ptr [ebp+8] 004D6447 |. 8945 FC mov dword ptr [ebp-4], eax 004D644A |. EB 09 jmp short 004D6455 004D644C |> 8B4D FC mov ecx, dword ptr [ebp-4] 004D644F |. 83C1 01 add ecx, 1 004D6452 |. 894D FC mov dword ptr [ebp-4], ecx 004D6455 |> 8B55 FC mov edx, dword ptr [ebp-4] 004D6458 |. 33C0 xor eax, eax 004D645A |. 8A02 mov al, byte ptr [edx] 004D645C |. 85C0 test eax, eax 004D645E |. 74 65 je short 004D64C5 004D6460 |. 8B4D FC mov ecx, dword ptr [ebp-4] 004D6463 |. 51 push ecx 004D6464 |. E8 9E714500 call 0092D607 参考高手的修改按照9c的输入方式这样修改就可以中文角色了只能使用部分字符 004D6440 $ 55 push ebp 004D6441 . 8BEC mov ebp, esp 004D6443 . 53 push ebx 004D6444 . 8B5D 08 mov ebx, dword ptr [ebp+8] 004D6447 . 56 push esi 004D6448 . 57 push edi 004D6449 . 33FF xor edi, edi 004D644B . 803B 00 cmp byte ptr [ebx], 0 004D644E . 74 66 je short 004D64B6 004D6450 > 8D341F lea esi, dword ptr [edi+ebx] 004D6453 . 56 push esi 004D6454 . E8 AE714500 call 0092D607 //关键call有兴趣的跟进去分析一下 004D6459 . 83C4 04 add esp, 4 004D645C . 83F8 01 cmp eax, 1 004D645F 75 2C jnz short 004D648D 004D6461 . 8A06 mov al, byte ptr [esi] 004D6463 3C 21 cmp al, 21 ; 比较U+0021 ! 004D6465 72 04 jb short 004D646B 004D6467 3C 27 cmp al, 27 ; 比较U+0027 ’ 是不是!"#$%&’ 004D6469 76 18 jbe short 004D6483 如果是 004D646B 3C 2A cmp al, 2A ; 比较U+002A 004D646D 72 04 jb short 004D6473 004D646F 3C 2F cmp al, 2F ; 比较U+002F /是不是 *+,-./ 004D6471 76 10 jbe short 004D6483 ; 如果是 004D6473 3C 3A cmp al, 3A ; 比较U+003A : 004D6475 72 04 jb short 004D647B 004D6477 3C 40 cmp al, 40 ; 比较U+0040 @ 是不是:;<=>?@ 004D6479 76 08 jbe short 004D6483 如果是 004D647B 3C 7E cmp al, 7E ; 比较U+007E ~ 004D647D 72 30 jb short 004D64AF 004D647F 3C 7E cmp al, 7E ; 比较U+007E ~ 是不是~ 004D6481 77 2C ja short 004D64AF ; 跳转处理 004D6483 5F pop edi ; 不允许使用特殊字符 004D6484 5E pop esi 004D6485 B8 01000000 mov eax, 1 004D648A 5B pop ebx 004D648B 5D pop ebp 004D648C C3 retn 004D648D 8A0E mov cl, byte ptr [esi] 004D648F 80F9 B0 cmp cl, 0B0 004D6492 ^ 72 EF jb short 004D6483 004D6494 80F9 F7 cmp cl, 0F7 004D6497 ^ 77 EA ja short 004D6483 004D6499 8A441F 01 mov al, byte ptr [edi+ebx+1] 004D649D 3C A1 cmp al, 0A1 004D649F ^ 72 E2 jb short 004D6483 004D64A1 3C FE cmp al, 0FE 004D64A3 ^ 77 DE ja short 004D6483 004D64A5 80F9 D7 cmp cl, 0D7 004D64A8 75 04 jnz short 004D64AE 004D64AA 3C FA cmp al, 0FA 004D64AC ^ 73 D5 jnb short 004D6483 004D64AE 47 inc edi 004D64AF 47 inc edi 004D64B0 803C1F 00 cmp byte ptr [edi+ebx], 0 004D64B4 ^ 75 9A jnz short 004D6450 004D64B6 5F pop edi 004D64B7 5E pop esi 004D64B8 33C0 xor eax, eax 004D64BA 5B pop ebx 004D64BB 5D pop ebp 004D64BC C3 retn 中文公告广告发送 0075EB70 |. 50 push eax ; |Arg1 0075EB71 |. E8 0A0E0000 call 0075F980 ; \main.0075F980 0075EB76 |. 83C4 08 add esp, 8 0075EB79 |. E9 F3000000 jmp 0075EC71 0075EB7E |> A1 0028BE07 mov eax, dword ptr [7BE2800] 0075EB83 |. 33C9 xor ecx, ecx 0075EB85 |. 8A48 0E mov cl, byte ptr [eax+E] 0075EB88 |. 85C9 test ecx, ecx 0075EB8A |. /75 51 jnz short 0075EBDD //小于则跳到下面 0075EB8C |. |8B15 0028BE07 mov edx, dword ptr [7BE2800] 0075EB92 |. |0FBF82 2C0200>movsx eax, word ptr [edx+22C] 0075EB99 |. |3D 951E0000 cmp eax, 1E95 0075EB9E |. |74 4C je short 0075EBEC 0075EBA0 |. |8B0D 0028BE07 mov ecx, dword ptr [7BE2800] 0075EBA6 |. |0FBF91 2C0200>movsx edx, word ptr [ecx+22C] 0075EBAD |. |81FA 961E0000 cmp edx, 1E96 0075EBB3 |. |74 37 je short 0075EBEC 0075EBB5 |. |A1 0028BE07 mov eax, dword ptr [7BE2800] 0075EBBA |. |0FBF88 2C0200>movsx ecx, word ptr [eax+22C] 0075EBC1 |. |81F9 971E0000 cmp ecx, 1E97 0075EBC7 |. |74 23 je short 0075EBEC 0075EBC9 |. |8B15 0028BE07 mov edx, dword ptr [7BE2800] 0075EBCF |. |0FBF82 2C0200>movsx eax, word ptr [edx+22C] 0075EBD6 |. |3D B81E0000 cmp eax, 1EB8 0075EBDB |. |74 0F je short 0075EBEC 0075EBDD |> \8D8D 68FFFFFF lea ecx, dword ptr [ebp-98] 0075EBE3 |. 51 push ecx 0075EBE4 |. E8 B7A1E2FF call 00588DA0 0075EBE9 |. 83C4 04 add esp, 4 0075EBEC |> 68 E9FD0000 push 0FDE9 //这里代码页修改成936(3A8)后可以让中文广告等信息发送 0075EBF1 |. 8D4D D8 lea ecx, dword ptr [ebp-28] 0075EBF4 |. E8 87BCCCFF call 0042A880 0075EBF9 |. 50 push eax 0075EBFA |. 8D55 C8 lea edx, dword ptr [ebp-38] 0075EBFD |. 52 push edx 0075EBFE |. E8 2D30CAFF call 00401C30 0075EC03 |. 8BC8 mov ecx, eax ; | 0075EC05 |. E8 C0A81600 call 008C94CA ; \main.008C94CA关键call 0075EC0A |. 6A 5B push 5B 0075EC0C |. 8D4D C8 lea ecx, dword ptr [ebp-38] 0075EC0F |. E8 1C38CAFF call 00402430 0075EC14 |. 50 push eax 008C9574 /$ 55 push ebp 008C9575 |. 8BEC mov ebp, esp 008C9577 |. 6A FF push -1 008C9579 |. 68 3C5D9600 push 00965D3C ; SE 处理程序安装 008C957E |. 64:A1 0000000>mov eax, dword ptr fs:[0] 008C9584 |. 50 push eax 008C9585 |. 64:8925 00000>mov dword ptr fs:[0], esp 008C958C |. 83EC 1C sub esp, 1C 008C958F |. 894D D8 mov dword ptr [ebp-28], ecx 008C9592 |. 8D45 DC lea eax, dword ptr [ebp-24] 008C9595 |. 50 push eax ; /Arg2 008C9596 |. 68 10BE3309 push 0933BE10 ; |Arg1 = 0933BE10 008C959B |. 8D4D E4 lea ecx, dword ptr [ebp-1C] ; | 008C959E |. E8 6D12B6FF call 0042A810 ; \main.0042A810 008C95A3 |. C745 FC 00000>mov dword ptr [ebp-4], 0 008C95AA |. 8B4D 0C mov ecx, dword ptr [ebp+C] 008C95AD |. 51 push ecx ; /Arg1 008C95AE |. 8B4D D8 mov ecx, dword ptr [ebp-28] ; | 008C95B1 |. E8 B6FCFFFF call 008C926C ; \main.008C926C 008C95B6 |. F7D8 neg eax 008C95B8 |. 1BC0 sbb eax, eax 008C95BA |. 25 1702FFFF and eax, FFFF0217 008C95BF |. 05 E9FD0000 add eax, 0FDE9 //3A8 //这修改后发广告角色名就不会是乱码了 008C95C4 |. 8945 E0 mov dword ptr [ebp-20], eax 008C95C7 |. 8B55 0C mov edx, dword ptr [ebp+C] 008C95CA |. 52 push edx 008C95CB |. 8D45 E4 lea eax, dword ptr [ebp-1C] 008C95CE |. 50 push eax 008C95CF |. 8B4D D8 mov ecx, dword ptr [ebp-28] 008C95D2 |. E8 F0FDFFFF call 008C93C7 008C95D7 |. 8B4D E0 mov ecx, dword ptr [ebp-20] 0076282B |. 8945 84 |mov [local.31],eax 0076282E |. EB 09 |jmp short Main6.00762839 00762830 |> 8B45 DC |mov eax,[local.9] 00762833 |. 83E8 01 |sub eax,0x1 00762836 |. 8945 84 |mov [local.31],eax 00762839 |> 8B4D 84 |mov ecx,[local.31] 0076283C |. 894D DC |mov [local.9],ecx 0076283F |. 8D55 D4 |lea edx,[local.11] 00762842 |. 52 |push edx 00762843 |. 8B45 DC |mov eax,[local.9] 00762846 |. 50 |push eax 00762847 |. 8B4D DC |mov ecx,[local.9] 0076284A |. 51 |push ecx 0076284B |. 6A 00 |push 0x0 0076284D |. 8D55 AC |lea edx,[local.21] 00762850 |. 52 |push edx 00762851 |. 8D4D E4 |lea ecx,[local.7] 00762854 |. E8 C780CCFF |call Main6.0042A920 00762859 |. 8945 80 |mov [local.32],eax 0076285C |. 8B45 80 |mov eax,[local.32] 0076285F |. 8985 7CFFFFFF |mov [local.33],eax 00762865 |. C645 FC 02 |mov byte ptr ss:[ebp-0x4],0x2 00762869 |. 8B8D 7CFFFFFF |mov ecx,[local.33] 0076286F |. E8 0C80CCFF |call Main6.0042A880 00762874 |. 50 |push eax 00762875 |. E8 ADABCBFF |call Main6.0041D427 0076287A |. 8BC8 |mov ecx,eax 0076287C |. E8 D4ACCBFF |call Main6.0041D555 00762881 |. 50 |push eax 00762882 |. E8 A9F3C9FF |call Main6.00401C30 00762887 |. 8BC8 |mov ecx,eax 00762889 |. E8 D56E1600 |call Main6.008C9763 0076288E |. C645 FC 01 |mov byte ptr ss:[ebp-0x4],0x1 00762892 |. 8D4D AC |lea ecx,[local.21] 00762895 |. E8 A67FCCFF |call Main6.0042A840 0076289A |.^ E9 51FFFFFF \jmp Main6.007627F0 0076289F |> 68 E9FD0000 push 0xFDE9 //////////////////改0x3a8解决不能显示中文信息 007628A4 |. 8B4D DC mov ecx,[local.9] 007628A7 |. 51 push ecx 007628A8 |. 6A 00 push 0x0 007628AA |. 8D55 9C lea edx,[local.25] 007628AD |. 52 push edx 007628AE |. 8D4D E4 lea ecx,[local.7] 007628B1 |. E8 6A80CCFF call Main6.0042A920 007628B6 |. 8985 78FFFFFF mov [local.34],eax 007628BC |. 8B85 78FFFFFF mov eax,[local.34] 007628C2 |. 8985 74FFFFFF mov [local.35],eax 007628C8 |. C645 FC 03 mov byte ptr ss:[ebp-0x4],0x3 007628CC |. 8B8D 74FFFFFF mov ecx,[local.35] 007628D2 |. E8 A97FCCFF call Main6.0042A880 007628D7 |. 50 push eax 007628D8 |. 8B4D 10 mov ecx,[arg.3] 007628DB |. 51 push ecx 007628DC |. E8 4FF3C9FF call Main6.00401C30 007628E1 |. 8BC8 mov ecx,eax 007628E3 |. E8 E26B1600 call Main6.008C94CA 007628E8 |. C645 FC 01 mov byte ptr ss:[ebp-0x4],0x1 007628EC |. 8D4D 9C lea ecx,[local.25] 007628EF |. E8 4C7FCCFF call Main6.0042A840 007628F4 |. 68 E9FD0000 push 0xFDE9 //////////////////?????????????? 007628F9 |. 8D4D E4 lea ecx,[local.7] 007628FC |. E8 AF7FCCFF call Main6.0042A8B0 00762901 |. 2B45 DC sub eax,[local.9] 00762904 |. 50 push eax 00762905 |. 8B55 DC mov edx,[local.9] 00762908 |. 52 push edx 00762909 |. 8D45 8C lea eax,[local.29] 0076290C |. 50 push eax 0076290D |. 8D4D E4 lea ecx,[local.7] 00762910 |. E8 0B80CCFF call Main6.0042A920 00762915 |. 8985 70FFFFFF mov [local.36],eax 0076291B |. 8B8D 70FFFFFF mov ecx,[local.36] 00762921 |. 898D 6CFFFFFF mov [local.37],ecx 00762927 |. C645 FC 04 mov byte ptr ss:[ebp-0x4],0x4 0076292B |. 8B8D 6CFFFFFF mov ecx,[local.37] 本文出自 7j45 > 奇迹一条龙