【汉化资料】通用解包器制作工具QuickBMS图文教程2

shane007

ok so set up our c:\temp directory bye extracting our file BoneObject.hsp
) Y5 q6 ?( O8 d9 _1. to c:\temp
: Q% m" [: X- ^0 l5 Y2. create a new text document called astro.bms
3. and place the newest version of quickbms in the folder also.
4 V6 u9 t" \8 S& f" a& s
( J7 S: A/ ?4 t/ t: q- yOk so open up BoneObject.hsp in your hex editor and lets take a look at it.
  
7 [" f0 A3 R7 D7 R; P3 X' Rgood we have some plain text.
; J9 Y5 n4 R: O2 C/ ^you will notice I highlighted the first 4 bytes 20 50 53 48 or " PSH" that is a space followed bye P S H.
, A( h6 v3 y1 Y6 r0 r! Shmm that seems familiar that is the file extension only backwards. this is know as the idstring
1 @$ I2 K1 \& j4 a$ i# R. Aso up until now you would think to write in bms
7 N/ a9 `/ }! [5 `get IDSTRING long
: G, n" E' L$ ~- y- s/ L) Wthere is nothing wrong with that but there is a better command
8 L7 D( i  U  aidstring " PSH"
make sure you include the quotes.
  ~% f: y, i6 p1 ]5 pso open your bms string and on the first line type
idstring " PSH"
: Q% n4 P, i9 t: T2 x/ m& Xthe reason this command is better is it will tell the program not to run if it does not find that string don't try to extract that file.
"aka noob proofing it"
$ ]4 u% ~8 b" W; ], j; V
2 E' J3 L: n1 POk so now lets look at what we can read I see
, Y& r; y, r* ^% DDatas\Texture\BoneObject\npc_nagoya_octopus01_body.dds , Datas\Texture\BoneObject\Toon.bmp , Datas\Texture\BoneObject\Toon_a.bmp , Datas\Texture\BoneObject\Toon_zero.bmp
so I will assume there are 4 files in this archive.
' o( T. A. `* X7 Lwell lets look at the next 4 bytes and see what it is 01 00 00 00 hmm that is equal to 00 00 00 01 or 1 and we have more files in this archive than that so we do not know what this represents
so lets write that in bms language
get UNK1 long
' m  F3 W' y% e9 B2 Q" @# @! T4 U. ithis saves those 4 bytes as the variable UNK1.
1 \/ P" {  [9 ?1 e3 |& V# C' D
0 }5 N" {" N5 d- Qok the next 4 bytes are 04 00 00 00 hmm this translates into 00 00 00 04 or 4
2 D: `6 O: `; U) ?% _hey that is the number of files we counted so lets write that in bms
get FILES long
- K) x7 E9 h( `, b/ qthis saves those 4 bytes as the variable FILES.

/ o+ Q, Z$ }4 I1 c0 Mthe next 4 bytes are 00 00 00 00 well that is equal to zero so for now I will write that in bms
# @' i( m! F! W7 u4 D' ]* Wget NULL1 long
4 I0 X- u- q" K7 F. j/ S) Othis saves those 4 bytes as the variable NULL1
+ C4 a" U- m/ ~( G1 F
ok now we have reached the first file name Datas\Texture\BoneObject\npc_nagoya_octopus01_body.dds
this is 0x36 bytes long but wait there was no indicator like the last file that told us how long the name is how do we write this?
' ^2 M8 j0 K: R, }: P& z% swell lets look for a pattern
Datas\Texture\BoneObject\npc_nagoya_octopus01_body.dds is 0x36
Datas\Texture\BoneObject\Toon.bmp is 0x21
Datas\Texture\BoneObject\Toon_a.bmp is 0x23
Datas\Texture\BoneObject\Toon_zero.bmp is 0x26
9 V$ `; R# ^' c% [( a! O/ ahmm I don't see anything that makes that a pattern.
but I do see all the names are followed bye a lot of zero's. how long is the name + the zeros of each file?
1 A/ [) }- a9 A' D& @Datas\Texture\BoneObject\npc_nagoya_octopus01_body.dds + 0's is 0x80
Datas\Texture\BoneObject\Toon.bmp + 0's is 0x80
& r& v" q& W7 {: fDatas\Texture\BoneObject\Toon_a.bmp + 0's is 0x80
Datas\Texture\BoneObject\Toon_zero.bmp + 0's is 0x80
hey they are all the same size when I include the 0's
/ a) x& F- T- uso in bms I would write this as
% J! L7 W2 O1 N# _getdstring NAME 0x80
this tells it to grab 0x80 bytes and store the text value of it
6 h. }: p5 p/ g$ G* z/ Xand as an added feature it will automatically remove trailing 0's

ok so now we have 0xC bytes before I see the next file name
. e+ l% \2 p  F3 `7 Wwhich is 3 long values
so lets write those in and we will figure out what they represent later.
get UNK2 long
' q. w# \8 a& @- P8 ~get UNK3 long
get UNK4 long
6 z% D% J9 V: P" ^$ \% ]; L2 [
ok so now we see the name again
we have our pattern so lets write our script based on what we learned
( r: a. H/ d- ]+ m/ a0 Pso it would look like this up until now

) K7 |2 F; a! x7 F* x% uCode:
idstring " PSH"
& |7 w: Q1 v8 g- Nget UNK1 long
: W& w1 f2 ~  ~  k* Z2 W0 Tget FILES long
get NULL1 long
for i = 0 < FILES
getdstring NAME 0x80
get UNK2 long
get UNK3 long
get UNK4 long
  ~9 s" _4 n+ p+ ]clog NAME OFFSET ZSIZE SIZE
- }' ?' j' Q- f3 J8 mnext i

# a3 j3 e0 ]* u9 _+ T' K$ t  x* S+ i
ok this may look complex but it is almost identical to the first tutorial file except we added 1 more variable
ZSIZE this represents the compressed file size while SIZE represents the decompressed file size
/ s; s; F# j: x9 Z1 x$ n2 K8 Gand we also changed the log command to clog to represent it is a compressed file.

ok so now we have our loop and the commands to extract our files but we still need to fill in the variables
OFFSET ZSIZE SIZE
so that means our 3 unknown values must represent that but how do we know what order they are in?

' q8 Q, c% j! N# }7 j. K5 CWell ill let you in on a cool trick follow the file loop to the end start at Datas\Texture\BoneObject\npc_nagoya_octopus01_body.dds and highlight the whole 0x80 length
then add our 3 unknown variables so that means we are highlighting 0x8C for our length. the first file is from 0x10 - 0x9B
so now do this for the rest of the files and you end up at highlighting 0x1B4 - 0x23F
  
  W6 r7 j/ L: }8 ]  Aok so we reached the end of our loop now what?
well the next 2 bytes are 78 9C and this is an archive extractors best friend when you see this at the start of a file.
78 9C represents the standard zlib compression header
ok so this means our first file starts there which is at offset 0x240
( x0 m4 S6 g3 `' {5 N1 @
well lets go back to our first file in the list and look at those unknown variables.
24 72 00 00 is = 00 00 72 24 = 0x7224
- A) z4 R' O$ ]9 A80 00 02 00 is = 00 02 00 80 = 0x20080
" f" r, ]+ r- ]* {3 {1 C+ z7 o. Z' r40 02 00 00 is = 00 00 02 40 = 0x240
3 s2 _+ s1 l3 GI think we have a winner so the third variable is 0x240 aka the offset
so lets update our script

( }; h. C. b+ p6 }
: t- T/ S& J9 E/ |# W: Z# S8 eCode:
idstring " PSH"
+ t: x; v+ f& z& L( cget UNK1 long
. @, V, ~' ~) D+ P6 d3 \+ g2 _get FILES long
- I4 B- c0 z1 ]+ _, u' [get NULL1 long
for i = 0 < FILES
. L+ e* n2 [0 b) d% \9 M/ L: Tgetdstring NAME 0x80
) T( x5 E% g9 zget UNK2 long
get UNK3 long
2 J0 `1 w: I9 _get OFFSET long
clog NAME OFFSET ZSIZE SIZE
next i

7 }! y% f, |9 Z+ n# |: Q9 b
now that just leaves ZSIZE and SIZE
well bye process of elimination the decompressed file must be bigger than the compressed file so we compare the 2 variables
( k8 n6 c$ O7 b24 72 00 00 is = 00 00 72 24 = 0x7224
+ ~) v: J  o* r6 s7 C2 }+ l80 00 02 00 is = 00 02 00 80 = 0x20080
+ i# b8 ^3 m9 t. @$ K' s9 W$ o" i9 Lwell 0x20080 is definitely bigger so we now know the last 2 variables
: y9 }. s2 T$ T8 _# z2 v
+ g) p: Y; S! _
Code:
idstring " PSH"
get UNK1 long
get FILES long
: S) r* c& L5 ]5 X- A: I) Nget NULL1 long
1 ^: b- v" I1 r. m# d. }! m) tfor i = 0 < FILES
getdstring NAME 0x80
$ w5 |8 p" J. c1 x, x% E5 vget ZSIZE long
get SIZE long
4 J" e: S9 A4 u" _, Zget OFFSET long
: Y( V# e8 i" h# g. iclog NAME OFFSET ZSIZE SIZE
8 [. D/ Q- @. z( X1 J5 F2 V0 \0 j+ Vnext i


# A  Y0 G/ V5 \8 _  y5 `- mnow try our code out on the file
open the command prompt and change to the directory
c:\temp
' B3 G! p- P' d; l2 \7 p- K. ^9 Gnow type
quickbms.exe -l astro.bms BoneObject.hsp .
& i: N* C3 b# O2 e8 ^yay it listed our files without any errors now lets try extracting them
/ _  L" a" C$ a. Q# M1 G0 i! `9 hcreate a folder called extract
and type
quickbms.exe astro.bms BoneObject.hsp extract
: @( v/ T0 |& w4 ?! J' p  Gif we look in there we now have folders and in those folders are 4 pictures
' z" A4 l+ T' l$ c( s+ \we did it.
& a. C+ p9 u1 N( r& R
Let me know if you want more pictures or any way I can improve the tutorials.
$ ^* C, O; S* w$ s
4 R  F* R+ U1 n) Q& |7 Q  p
Last edited by chrrox on Tue Jun 09, 2009 2:33 pm, edited 1 time in total.

aliangcn

要是大大能把QuickBMS的帮助翻译一下就好了[s:89]

感谢各位前辈，留爪备查。

深绿

应群里朋友之请，翻译了一下这篇教程，不是完全照翻的，后面差不多是自己rewrite了，希望会有帮助
1 u$ D# e0 O  D- o0 V  s——————————————————————————————
建立一个目录C:\\temp来放我们解包出的文件

1，进入C:\\temp文件夹
2，建立一个新文件 astro.bms（QuickBMS解包脚本）
; Q% x& y% ?9 @+ b3 W3，把最新版的quickbms也放到这个文件夹

# M, F3 c. L1 q6 i* Y* i现在，用你的十六进制编辑器打开BoneObject.hsp，来好好观察一下
（图）

很好，我们看到了一些清楚的文字
% a. `# }0 Q  j, ~) c4 j
你会注意到最开始4个字节20 50 53 48，是空格跟上PSH
看起来就是文件后缀名的反向排列
( F- F& G7 z% V8 M
9 R9 L' `) Z& Y这被称为idstring（标识字串）
所以，现在在脚本里写上一句
2 y3 B  \% N7 T/ |* u
* N+ }4 i' d6 w& b- d! |get IDSTRING long       (将四个字节（long）存为IDSTRING)
+ _* S) n! p! W5 s) R
' k5 |: c4 a* h7 `4 d这没什么错误，不过我们有一条更好的指令
) Z( f' n  C/ D- U1 V) J) }" [! W& U
5 E0 Z* Y2 t. N& e5 X. vidstring " PSH"        

+ m7 J5 Q3 C7 Z  j* O8 B  Y8 z确保你没漏掉引号。

% ~5 W4 G/ S# Y1 C这条指令更好是因为你可以告诉程序，如果没有在开头找到这个标识符，那么就不要解包这个文件。
5 u2 q4 R8 i- m7 x3 B1 o
# k4 @/ \  e7 G, I7 }) c2 Q之后继续观察文件，我们可以看到
Datas\\Texture\\BoneObject\\npc_nagoya_octopus01_body.dds , Datas\\Texture\\BoneObject\\Toon.bmp , Datas\\Texture\\BoneObject\\Toon_a.bmp , Datas\\Texture\\BoneObject\\Toon_zero.bmp
所以我假设有4个文件在这个包里。

ok，回到开头标识符，接下来看之后的四个字节，是01 00 00 00，那等于00 00 00 01或者1，文件数量比这要多，所以我们不明白这代表什么

* m& e( B( P& X: _那么我们在脚本里写这么一句
0 N) y6 L! s4 ]% t+ b1 ^
( c$ Z% g, y1 I. @get UNK1 long
这句指令把4个字节存为变量UNK1

ok，之后四个字节是04 00 00 00，就是00 00 00 04或者4
这就是包里的文件数量，所以我们在脚本里写这么一句：

3 A! [$ E8 f% \9 Aget FILES long
8 o! F" }, Y/ l- ]! B! h  d这一句把4个字节存为变量FILES
' c5 c: X# H. J: ?/ t' h1 {1 N8 \
之后四个字节是00 00 00 00，嗯，那就代表0
于是我们这么写
) a. ], T# p0 V
get NULL1 long
# x4 ~' R0 O- t' f7 R把这四个字节存为变量 NULL1

/ @3 b$ H  z$ f好了，现在我们到达了第一个文件的文件名部分
Datas\\Texture\\BoneObject\\npc_nagoya_octopus01_body.dds
这个字串的长度是0x36，不过等等，这儿没有一个标示符告诉我们文件名的长度，那么我们该怎么写脚本呢？
& C+ B" k, x0 S9 t1 g
6 M+ ]  y! x9 Hwell，我们来找找规律
$ f/ p. P2 Z4 y2 q$ {' |# KDatas\\Texture\\BoneObject\\npc_nagoya_octopus01_body.dds is 0x36
Datas\\Texture\\BoneObject\\Toon.bmp is 0x21
; [* ~2 D, |7 N" `% jDatas\\Texture\\BoneObject\\Toon_a.bmp is 0x23
Datas\\Texture\\BoneObject\\Toon_zero.bmp is 0x26

看起来没什么规律，呵呵
: ]! T; j; _8 B9 T& \
不过我注意到，文件名之后都跟着一大堆的00，那么把文件名加上那些0，长度是多少呢？
( K5 w9 {+ m! X! Y) d* i* u* u5 V. p
, D1 b+ Q9 ^( n2 zDatas\\Texture\\BoneObject\\npc_nagoya_octopus01_body.dds + 0's is 0x80   
Datas\\Texture\\BoneObject\\Toon.bmp + 0's is 0x80
/ w# F" V. h+ z/ `4 Q# n8 ~5 @Datas\\Texture\\BoneObject\\Toon_a.bmp + 0's is 0x80
Datas\\Texture\\BoneObject\\Toon_zero.bmp + 0's is 0x80
, g5 V( {* r- D3 {! G
  X5 @; L$ Q( J! M8 J# S$ i6 {' F嘿，看到了吧，他们的长度都是0x80
3 N' z2 a1 v, U* }- _3 j4 V6 D* t5 k所以，我们在脚本里这么写
getdstring NAME 0x80

* N$ r* t% }" G  ]% w6 [: V这告诉程序，读取0x80个字节，把他们存到NAME变量里，程序会自动移除后面的那些0

: d( F1 p! ?- Y2 j0 {ok，那么在下一个文件名之前，我们还有0xC字节的数据，这些是三个long型数据
! N# b! f/ _# r1 |+ n# G- X我们暂时这么写，之后再来搞清楚他们到底是什么意思
( M8 n1 k, B7 t/ v  lget UNK2 long
get UNK3 long
get UNK4 long

那么我们现在又看到了文件名
& N& k4 z; U) P0 P2 |: w现在，我们找到了规律，所以按我们之前学到了来写脚本：
! `2 F+ T& G8 o! ^* R. V( ]& {/ M
代码:
idstring " PSH"
get UNK1 long
get FILES long
( d) M7 _" [) K% A1 A  `get NULL1 long
for i = 0 < FILES
- u" h$ [9 d, @4 X  I( J. E2 j1 ngetdstring NAME 0x80
get UNK2 long
1 ~7 K4 M: Q2 X0 @. U: q  Aget UNK3 long
get UNK4 long
: s: v& j. W- {; `1 P" A' i* p% Uclog NAME OFFSET ZSIZE SIZE
2 F' r4 c0 X1 c$ n' v# A3 Enext i

ok，这看起来可能有一点复杂，不过应该跟第一篇教程差不多，除了我们多加了一个变量ZSIZE，它表示压缩过的文件大小，而SIZE代表没压缩过的文件大小
我们同样将log命令改为clog，表示这是一个压缩过的文件。

9 h/ u. h  F1 i/ a7 n. ^- j现在，我们有了循环，指令来解包，不过先得给这三个变量赋值
OFFSET ZSIZE SIZE
' l' ^9 M7 B, u
. |* T% F3 c) x  t/ _9 }这意味着我们那三个未知变量很有可能代表的就是他们，那么我们怎么知道顺序呢？
; x: [" O/ O; ~5 ?+ J. D
好，现在让我们来到这个循环的末尾，定位到最后一个文件的文件名，选择0x8C个字节。
然后之后2个字节是78 9C，这是一个解包器的最好朋友，尤其当你在一个文件的开头看到它时。
' b, {1 \0 ]! A: @3 {% O78 9C 是标准zlib压缩格式的头部标识
; z* B* H: ?: r' S
所以，这意味着我们的第一个文件从偏移0x240开始
# U5 x1 |# p6 Q1 _6 {7 u' H: M& P
之后，我们回到列表里的第一个文件，看看这些未知变量。
24 72 00 00 代表0x7224
( H. U+ Y0 ]3 h$ s8 A' R. v3 n80 00 02 00 代表0x20080
3 P& X) K+ W( q* z- _  s  H0 _& r40 02 00 00 代表0x240

我想我们至少知道第三个变量0x240代表着偏移量
那么，更新一下脚本：
. }0 y) m* h" }/ u! r
代码:
idstring " PSH"
1 G( t8 O) s; S: E" U" vget UNK1 long
get FILES long
$ Q; n0 q" Z+ z9 b  `' R5 Y5 Vget NULL1 long
for i = 0 < FILES
3 i) J3 B. V8 ^getdstring NAME 0x80
get UNK2 long
get UNK3 long
, E/ n: _# K' J% l: }get OFFSET long
clog NAME OFFSET ZSIZE SIZE
next i
( h% ^& f0 g, J5 \  [  D
; q- ^1 K- ?. F好了，现在还剩下ZSIZE和SIZE
显然，压缩后的文件大小要比原来的要小，那么比较一下这两个变量
一个是0x7224,一个是0x20080
显然，后者要大，于是我们这么改写脚本：
& Q* K# B+ _1 q/ x- m( B
代码:
) g9 R* J2 p- e( ^* vidstring " PSH"
get UNK1 long
get FILES long
5 Y6 X6 P7 o" q$ Y/ a! y* f1 Yget NULL1 long
for i = 0 < FILES
* ]# T/ P7 C% @3 ]$ U7 h7 s0 wgetdstring NAME 0x80
get ZSIZE long
% q/ A8 F. t$ Q: o! c6 m- `) Nget SIZE long
get OFFSET long
1 P/ c! y. `! D5 o: b6 _clog NAME OFFSET ZSIZE SIZE
4 H" L: K+ e, T2 G. Nnext i

好了，现在试试我们的代码吧。
; ?: K+ Q) h& m4 {打开命令提示符，进入到c:\\temp目录
; |# u) ^0 q1 R# Q9 S
8 _8 X$ e+ q' H4 |2 l0 F& W. \输入 quickbms.exe -l astro.bms BoneObject.hsp
' B* ]8 Y! o8 Q4 F他会列出我们的文件，没有提示任何错误
' ~6 ]4 u- j4 P2 K好了，现在我们建立一个目录 extract
, d- L+ H7 f* }5 m0 w+ \输入quickbms.exe astro.bms BoneObject.hsp extract

# Q$ V4 V: C0 u( N好了，现在我们在目录里有了4张图片，我们完成了。

herojimmy

cool turotials ,thx!