冒险解谜游戏中文网 ChinaAVG

标题: paq解包脚本如何写 [打印本页]

作者: byp100 时间: 2009-11-9 02:44
标题: paq解包脚本如何写
分析了半天还是没分析出解压脚本
苏洋的解包动画也看不到。。。。007能分析指导一下吗？
get IDSTRING long
IDSTRING "paq"
get UNK1 long
getdstring NAME 0x13
get ZSIZE long
get SIZE long
get OFFSET long
clog NAME OFFSET ZSIZE SIZE

解压不出东西

作者: shane007 时间: 2009-11-9 08:29
收到，你先说说你分析出了点什么。
是如何分析出的，根据是什么。

可以先手工试试看。offzip.

作者: sylar 时间: 2009-11-10 17:43
解到tga格式文件就出错了。。格式不一样的。。

IDSTRING "paq\\x00"
8 x" h) b3 l% CMath Files += 0xFFFFFF
7 d0 I' f3 D, x& n% C9 Afor i = 0 < FILES8 Z; O# l* Y$ p
savepos TEMSET8 E1 R* e0 d0 M& P; n$ t
findloc NAMESET STRING "\\x00") W4 \: a' s, }: O4 D( e2 c4 Y4 J
math NAMESET -= TEMSET- g2 |, b4 X7 }: z
goto TEMSET/ Z1 {" y/ Z( J1 T. _# ~! j8 g/ O; D
getdstring NAME NAMESET
' S! o# D6 |+ v+ V9 Nget UNK1 short
* G) x5 h" q7 D0 j/ O3 D8 tget UNK2 long
) R# o3 H; {# H" ^, wget ZSIZE long* e+ _8 F8 G* W. Q9 g
get SIZE long3 a, z( G% z% X/ T4 J) E/ Z, M, |
savepos OFFSET . Q+ z5 @3 x( L3 ~+ `8 X
clog NAME OFFSET ZSIZE SIZE ; B2 R8 |) A1 D
math OFFSET += ZSIZE4 V [# t, a; D3 C; i
goto OFFSET8 @( T# F7 I3 n3 m: N
next i

作者: shane007 时间: 2009-11-10 17:50
http://aluigi.altervista.org/mytoolz/offzip.zip

Offset file unzipper 0.3.3 (offzip) .image.
a very useful tool to unpack the zip (zlib/gzip/deflate) data contained in any type of file included raw files, packets, zip archives, executables and anything else.
it's needed only to specify the offset where the zip data starts or using the useful -S search options able to find any possible zip block contained in the provided file.
naturally there are also other options for extracting all the zip blocks which have been found or dumping them as in their original compressed form.
it's also possible to choose a windowBits value for scanning both the zlib (RFC1950) and deflate (RFC1951) blocks (for example -z -15 for common zip files and so on).

作者: byp100 时间: 2009-11-10 23:33

引用第2楼sylar于2009-11-10 17:43发表的 :
0 x& j/ ]& \3 S解到tga格式文件就出错了。。格式不一样的。。

不错，确实能解压一部分，我参考参考写法

也研究研究下007提供的offzip

作者: shane007 时间: 2009-11-11 11:38
offzip.exe -S crimson.paq 1.txt 0  >log.txt

以上命令执行结果如下

Offset file unzipper 0.3.3
by Luigi Auriemma
e-mail: [email protected]
web: aluigi.org

- open input file: crimson.paq
- zip data to check:  32 bytes
- zip windowBits:    15
- seek offset:       0x00000000  (0)

+------------+-------------+-------------------------+
| hex_offset | blocks_dots | zip_size --> unzip_size |
+------------+-------------+-------------------------+
  0x0000001f . 1084 --> 1392
  0x00000478 . 717 --> 911
  0x0000076a . 1750 --> 2235
  0x00000e64 . 1419 --> 1803
  0x00001414 . 1435 --> 1859
  0x000019d3 . 1175 --> 1587
  0x00001e8a . 336 --> 595
  0x00001ff9 . 628 --> 805
  0x0000228b . 874 --> 1096
  0x00002618 . 518 --> 727
  0x00002840 . 510 --> 717
  0x00002a5d . 795 --> 1038
  0x00002d99 . 730 --> 1068
  0x00003096 . 765 --> 1030
  0x000033b2 . 862 --> 1124
  0x0000372f . 1000 --> 1162
  0x00003b37 . 1564 --> 1974
  0x00004174 . 836 --> 1152
  0x000044d9 ....... 13016 --> 30039
  0x000077d1 ... 5949 --> 6860
  0x00008f2f ...... 11007 --> 13484
  0x0000ba4a . 1140 --> 1395
  0x0000beda . 1204 --> 1490
  0x0000c3aa . 1299 --> 1599
  0x0000c8d9 . 1288 --> 1575
  0x0000cdfd . 1790 --> 2366
  0x0000d51a . 445 --> 692
  0x0000d6f5 . 448 --> 674
  0x0000d8d8 ....... 13638 --> 15287
  0x00010e42 .. 2438 --> 4831
  0x000117eb .. 2263 --> 3624
  0x000120e7 .. 3339 --> 5509
  0x00012e13 . 1927 --> 3442
  0x000135bc .... 6722 --> 11728
  0x00015022 .... 6691 --> 11567
  0x00016a63 .............. 28392 --> 34046
  0x0001d96c . 1105 --> 1390
  0x0001dddc ... 5061 --> 5906
  0x0001f1c3 . 1230 --> 1492
  0x0001f6b5 . 527 --> 742
  0x0001f8e7 ... 5383 --> 10576
  0x00020e09 ...... 11923 --> 12569
  0x00023cb7 ......... 16573 --> 17231
  0x00027d8f ........... 20913 --> 21508
  0x0002cf5b ... 4584 --> 5270
  0x0002e164 .......... 18692 --> 29425
  0x00032a89 ........... 20813 --> 31402
  0x00037bf7 ........... 21530 --> 32091
  0x0003d032 .......... 20218 --> 30856
  0x00041f4d ............. 24876 --> 35585
  0x0004809a ............. 25487 --> 36286
  0x0004e44a ........ 14995 --> 26091
  0x00051efe ........ 15273 --> 26325
  0x00055f87 . 1116 --> 1347
  0x00056bb0 .... 7441 --> 8336
  0x000588df . 1736 --> 1944
  0x00071d94 .......... 19391 --> 20105
  0x0007be7d ................. 33201 --> 51406
  0x0009ac56 ................................................ 97337 --> 121280
  0x000b28ab . 895 --> 1152
  0x000b2c48 .......... 19701 --> 24422
  0x000b795b ........ 14367 --> 17136
  0x000bb197 ................. 34478 --> 46125
  0x000c3867 . 1101 --> 1331
  0x000c3cd4 ............... 28739 --> 52702
  0x000cad33 .. 3841 --> 5660
  0x000cbc55 .............................................................................................. 190797 --> 239555
  0x000fa5c3 ............................................ 88794 --> 115842
  0x001100bb ........................ 47271 --> 63393
  0x0011b97f ............................ 55292 --> 70019

- 70 valid zip blocks found

作者: shane007 时间: 2009-11-11 17:43
用这个命令可以解包到目录1下，去掉前面4个字节就是jpg图片
offzip.exe -a crimson.paq 1 0

如果要dump的话,就是，这样的话分析格式就相当简单了
offzip.exe -A crimson.paq 1 0

放上一张解包后的图片
[attach]14737[/attach]

作者: byp100 时间: 2009-11-13 02:33

引用第6楼shane007于2009-11-11 17:43发表的 :" j _" V/ Q0 Z! O4 ]/ g: I# p
用这个命令可以解包到目录1下，去掉前面4个字节就是jpg图片9 n8 [9 Q3 l8 ?
offzip.exe -a crimson.paq 1 0 / H% Y7 @. N- W( {1 c
) L2 i* ~2 \( P& g! r( ]
如果要dump的话,就是，这样的话分析格式就相当简单了
- a b7 H2 x: U) Q9 b6 f0 J8 ^offzip.exe -A crimson.paq 1 0 & `$ `$ R9 @' R2 R) D
.......

谢谢指导，我发现好像是要2次解包，这些天在弄个独立游戏，没时间试试看。

欢迎光临冒险解谜游戏中文网 ChinaAVG (https://chinaavg.com/)