【汉化资料】通用解包器制作工具QuickBMS图文教程2

shane007

ok so set up our c:\temp directory bye extracting our file BoneObject.hsp
) {+ e8 W) v. u1. to c:\temp
: z2 H% ?: S. m+ u# R0 {2. create a new text document called astro.bms
* ~. ]" d: D, M2 Z; ~! p3. and place the newest version of quickbms in the folder also.

9 ~. P( n% g. j/ vOk so open up BoneObject.hsp in your hex editor and lets take a look at it.
  
8 c; y2 ^/ r4 b" L- Hgood we have some plain text.
3 s5 h" \& z  S5 w- cyou will notice I highlighted the first 4 bytes 20 50 53 48 or " PSH" that is a space followed bye P S H.
hmm that seems familiar that is the file extension only backwards. this is know as the idstring
so up until now you would think to write in bms
get IDSTRING long
; l1 @- ^$ V  i2 \there is nothing wrong with that but there is a better command
idstring " PSH"
make sure you include the quotes.
so open your bms string and on the first line type
idstring " PSH"
  m  c1 |% S  G! t- m1 Nthe reason this command is better is it will tell the program not to run if it does not find that string don't try to extract that file.
"aka noob proofing it"
# y& r0 L3 c2 e' m9 T
4 Q. h; m2 B# sOk so now lets look at what we can read I see
Datas\Texture\BoneObject\npc_nagoya_octopus01_body.dds , Datas\Texture\BoneObject\Toon.bmp , Datas\Texture\BoneObject\Toon_a.bmp , Datas\Texture\BoneObject\Toon_zero.bmp
$ D4 l, ^' _' Y5 L! @6 Uso I will assume there are 4 files in this archive.
well lets look at the next 4 bytes and see what it is 01 00 00 00 hmm that is equal to 00 00 00 01 or 1 and we have more files in this archive than that so we do not know what this represents
& x6 W; ]; W$ B3 {5 r# r2 Oso lets write that in bms language
/ l# {2 t# J% k% t. K, q/ {8 q7 ?get UNK1 long
this saves those 4 bytes as the variable UNK1.
0 b6 ?: D& {% O2 ~6 j
9 c1 ?( E$ \  ~ok the next 4 bytes are 04 00 00 00 hmm this translates into 00 00 00 04 or 4
9 J3 N2 m6 }, i0 [/ ^; Q9 ^4 c( phey that is the number of files we counted so lets write that in bms
% W- o8 T: S/ Q3 M' pget FILES long
- }; W6 J( i, H0 [1 `9 _0 qthis saves those 4 bytes as the variable FILES.

the next 4 bytes are 00 00 00 00 well that is equal to zero so for now I will write that in bms
get NULL1 long
: \- ^0 a3 S3 j8 x- I' ~% Wthis saves those 4 bytes as the variable NULL1
) R' ^6 i, L1 |8 ?' U0 e9 o
( i, B: {! {: @( t1 C" Bok now we have reached the first file name Datas\Texture\BoneObject\npc_nagoya_octopus01_body.dds
this is 0x36 bytes long but wait there was no indicator like the last file that told us how long the name is how do we write this?
well lets look for a pattern
Datas\Texture\BoneObject\npc_nagoya_octopus01_body.dds is 0x36
Datas\Texture\BoneObject\Toon.bmp is 0x21
Datas\Texture\BoneObject\Toon_a.bmp is 0x23
Datas\Texture\BoneObject\Toon_zero.bmp is 0x26
# V) _! y" `; q2 |$ a, ?hmm I don't see anything that makes that a pattern.
# G4 m5 f# ~$ U3 wbut I do see all the names are followed bye a lot of zero's. how long is the name + the zeros of each file?
. i3 d) ?* V" q# k$ FDatas\Texture\BoneObject\npc_nagoya_octopus01_body.dds + 0's is 0x80
: B, M3 j+ f3 x5 J7 H3 lDatas\Texture\BoneObject\Toon.bmp + 0's is 0x80
Datas\Texture\BoneObject\Toon_a.bmp + 0's is 0x80
" N9 C/ G( [4 G% y0 M) H6 E8 ZDatas\Texture\BoneObject\Toon_zero.bmp + 0's is 0x80
hey they are all the same size when I include the 0's
so in bms I would write this as
' ]! v8 J( u! |5 p/ @getdstring NAME 0x80
1 P1 _" u9 m: Kthis tells it to grab 0x80 bytes and store the text value of it
and as an added feature it will automatically remove trailing 0's

ok so now we have 0xC bytes before I see the next file name
3 E( O$ w1 m# U/ j$ dwhich is 3 long values
' w: x5 {, z8 G, cso lets write those in and we will figure out what they represent later.
  j2 z/ _, J" @4 D$ W; Z* Wget UNK2 long
0 g# x& w! W% L4 M4 n  O" M9 Lget UNK3 long
get UNK4 long

- q3 C% x$ {7 L0 \% jok so now we see the name again
we have our pattern so lets write our script based on what we learned
so it would look like this up until now
4 k# U9 S4 `+ h
Code:
idstring " PSH"
: h/ O; B* }7 ^% hget UNK1 long
get FILES long
get NULL1 long
" X- c7 O3 y3 \" t3 k6 c- Qfor i = 0 < FILES
getdstring NAME 0x80
& W& e/ }! ]3 ~+ C5 gget UNK2 long
7 c/ ]. a! t8 }( g& Jget UNK3 long
1 U# x/ i9 C) P9 Qget UNK4 long
8 j/ @0 N6 {# q4 }clog NAME OFFSET ZSIZE SIZE
next i

& L2 P; s* K* ?. f( X! a& A
. N" f6 {) Y9 G3 t# D5 g6 N5 Cok this may look complex but it is almost identical to the first tutorial file except we added 1 more variable
  r3 |; m5 I4 V5 z8 P7 bZSIZE this represents the compressed file size while SIZE represents the decompressed file size
and we also changed the log command to clog to represent it is a compressed file.
: J: t+ L" V' F/ J; P
ok so now we have our loop and the commands to extract our files but we still need to fill in the variables
; h5 o. {0 E9 j4 u3 y+ SOFFSET ZSIZE SIZE
1 _# U( R7 x. y* v. \+ {so that means our 3 unknown values must represent that but how do we know what order they are in?

Well ill let you in on a cool trick follow the file loop to the end start at Datas\Texture\BoneObject\npc_nagoya_octopus01_body.dds and highlight the whole 0x80 length
then add our 3 unknown variables so that means we are highlighting 0x8C for our length. the first file is from 0x10 - 0x9B
so now do this for the rest of the files and you end up at highlighting 0x1B4 - 0x23F
6 J2 V. F7 ~8 ]) I, ^! x- W+ X  
ok so we reached the end of our loop now what?
well the next 2 bytes are 78 9C and this is an archive extractors best friend when you see this at the start of a file.
4 F# \# h% s1 }% c6 \78 9C represents the standard zlib compression header
- b7 A/ |2 a9 G& nok so this means our first file starts there which is at offset 0x240
% B4 v2 M  R) \. i* w/ A: v1 ?
1 L9 O/ j, o/ n% }& Hwell lets go back to our first file in the list and look at those unknown variables.
24 72 00 00 is = 00 00 72 24 = 0x7224
80 00 02 00 is = 00 02 00 80 = 0x20080
. k* V: h& e9 y40 02 00 00 is = 00 00 02 40 = 0x240
I think we have a winner so the third variable is 0x240 aka the offset
so lets update our script
9 n7 c. J# I6 H
8 N; m6 X6 `( p+ N0 J/ b( s! T
( d0 Q+ Y9 _; z9 D4 U6 T3 VCode:
idstring " PSH"
9 a/ P4 G" n  M% [$ F' K5 dget UNK1 long
$ l, c+ c# R* u5 }+ S3 @get FILES long
get NULL1 long
) o$ j2 n! i/ s+ `0 p9 ]3 rfor i = 0 < FILES
getdstring NAME 0x80
get UNK2 long
# s4 M  n6 _1 t. w7 c# g# ]get UNK3 long
get OFFSET long
clog NAME OFFSET ZSIZE SIZE
* z7 {+ T: g3 Z: `' Rnext i

. H: \$ _" i) K0 A
" {/ [2 ]9 r5 Wnow that just leaves ZSIZE and SIZE
1 E% a7 l& r# P1 w" s: @well bye process of elimination the decompressed file must be bigger than the compressed file so we compare the 2 variables
8 V3 ^6 Y1 x" G3 p6 O: `% k9 T24 72 00 00 is = 00 00 72 24 = 0x7224
80 00 02 00 is = 00 02 00 80 = 0x20080
' @: t, M1 j6 U% t, H1 Xwell 0x20080 is definitely bigger so we now know the last 2 variables
/ e; x6 ?( K( X: I+ k

) @* c' \- j* B: l  G( jCode:
8 [& W# {1 ]# H7 ?" A7 nidstring " PSH"
. q6 m7 J$ u5 d' e' [get UNK1 long
get FILES long
  c$ p" T, Y( I& s, R9 Sget NULL1 long
for i = 0 < FILES
6 M2 a% M9 Y7 Z# O, T, e+ s" Lgetdstring NAME 0x80
5 C8 U/ q+ ^: x0 J) {' a9 zget ZSIZE long
get SIZE long
6 l8 @/ _1 l9 v7 x& Lget OFFSET long
clog NAME OFFSET ZSIZE SIZE
  T  S) `: G( P* ]" Onext i


5 z, H( y) R, s1 [& Qnow try our code out on the file
0 C; [3 _# i8 k$ P' uopen the command prompt and change to the directory
" Z* D1 [8 H9 i7 n' fc:\temp
now type
quickbms.exe -l astro.bms BoneObject.hsp .
yay it listed our files without any errors now lets try extracting them
2 @7 Q( n8 D* w$ `+ W3 A% Pcreate a folder called extract
/ M+ x% D9 ]9 e% ^# `and type
quickbms.exe astro.bms BoneObject.hsp extract
: e8 s9 j$ Y4 v, \5 g7 A+ ?, X* Qif we look in there we now have folders and in those folders are 4 pictures
# O$ H! ?: _/ j) a& o. _' bwe did it.

Let me know if you want more pictures or any way I can improve the tutorials.


Last edited by chrrox on Tue Jun 09, 2009 2:33 pm, edited 1 time in total.

aliangcn

要是大大能把QuickBMS的帮助翻译一下就好了[s:89]

herojimmy

cool turotials ,thx!

深绿

应群里朋友之请，翻译了一下这篇教程，不是完全照翻的，后面差不多是自己rewrite了，希望会有帮助
——————————————————————————————
9 C5 H7 v. t% E7 L) h建立一个目录C:\\temp来放我们解包出的文件

2 b2 ?3 T* i" _5 ~3 F/ M) T, X; ?1，进入C:\\temp文件夹
6 c2 [, A: ~# Y  t2，建立一个新文件 astro.bms（QuickBMS解包脚本）
3，把最新版的quickbms也放到这个文件夹

现在，用你的十六进制编辑器打开BoneObject.hsp，来好好观察一下
7 y: m; ?; y; W& Y  @# {（图）
: N/ V" R+ b1 r+ W" h* \1 ^5 y. W
很好，我们看到了一些清楚的文字
6 l) h- d/ ]3 ^
你会注意到最开始4个字节20 50 53 48，是空格跟上PSH
6 B+ s8 m8 K& j0 E" F8 a7 m& ]9 X看起来就是文件后缀名的反向排列
$ U+ b+ e' U' Y5 r
这被称为idstring（标识字串）
所以，现在在脚本里写上一句
( u, n, N* l9 M
get IDSTRING long       (将四个字节（long）存为IDSTRING)

这没什么错误，不过我们有一条更好的指令
% B1 d6 h! t. ^) n7 l* I9 k8 q: O
idstring " PSH"        
2 W# p/ S0 A% O9 K$ R  k
确保你没漏掉引号。

  _* D6 s- L  E$ q7 L, B0 l这条指令更好是因为你可以告诉程序，如果没有在开头找到这个标识符，那么就不要解包这个文件。
8 v  C# P0 Q6 [/ P6 a* `( X  T
之后继续观察文件，我们可以看到
Datas\\Texture\\BoneObject\\npc_nagoya_octopus01_body.dds , Datas\\Texture\\BoneObject\\Toon.bmp , Datas\\Texture\\BoneObject\\Toon_a.bmp , Datas\\Texture\\BoneObject\\Toon_zero.bmp
所以我假设有4个文件在这个包里。

7 x* C4 H. e4 L( t1 B1 W& s& pok，回到开头标识符，接下来看之后的四个字节，是01 00 00 00，那等于00 00 00 01或者1，文件数量比这要多，所以我们不明白这代表什么

$ N. k: W6 r  B. H; k那么我们在脚本里写这么一句
4 {& t4 r- H9 ], F, q! j
4 X; n& S& [1 \0 @+ T/ nget UNK1 long
这句指令把4个字节存为变量UNK1

/ e. D: J& J, Vok，之后四个字节是04 00 00 00，就是00 00 00 04或者4
这就是包里的文件数量，所以我们在脚本里写这么一句：

; J  y, q$ G+ @! W3 X+ Dget FILES long
这一句把4个字节存为变量FILES

之后四个字节是00 00 00 00，嗯，那就代表0
于是我们这么写
, Z& P: H$ Y( t% D: _( }
% X+ F9 Y/ ~; O1 |. Vget NULL1 long
  k% @! d9 I2 x6 B" \: \! p把这四个字节存为变量 NULL1

好了，现在我们到达了第一个文件的文件名部分
; p$ I: a; ]* ~  Y6 g. m/ v; LDatas\\Texture\\BoneObject\\npc_nagoya_octopus01_body.dds
这个字串的长度是0x36，不过等等，这儿没有一个标示符告诉我们文件名的长度，那么我们该怎么写脚本呢？

well，我们来找找规律
* d. a7 j( K. i- i6 y+ YDatas\\Texture\\BoneObject\\npc_nagoya_octopus01_body.dds is 0x36
Datas\\Texture\\BoneObject\\Toon.bmp is 0x21
# _$ O$ v( c1 J6 P0 j" zDatas\\Texture\\BoneObject\\Toon_a.bmp is 0x23
Datas\\Texture\\BoneObject\\Toon_zero.bmp is 0x26
3 `+ F8 m) `& O; D/ m+ I0 Y+ j
9 o; y9 j0 w, Q. _+ `2 S* E看起来没什么规律，呵呵
# b7 D* h  r) `
不过我注意到，文件名之后都跟着一大堆的00，那么把文件名加上那些0，长度是多少呢？
% Y' O' [$ m2 ?$ Y0 I& x) y% e- N7 J
Datas\\Texture\\BoneObject\\npc_nagoya_octopus01_body.dds + 0's is 0x80   
Datas\\Texture\\BoneObject\\Toon.bmp + 0's is 0x80
Datas\\Texture\\BoneObject\\Toon_a.bmp + 0's is 0x80
8 N% v. d8 S: [, M& VDatas\\Texture\\BoneObject\\Toon_zero.bmp + 0's is 0x80
$ ?. w$ N$ O" S
嘿，看到了吧，他们的长度都是0x80
9 U; f6 v5 G: s8 R" W所以，我们在脚本里这么写
5 N4 y. \8 S* C# y; fgetdstring NAME 0x80

这告诉程序，读取0x80个字节，把他们存到NAME变量里，程序会自动移除后面的那些0

. f" @, E. \% M. e0 u: p5 e9 Mok，那么在下一个文件名之前，我们还有0xC字节的数据，这些是三个long型数据
" x2 k& z- O4 Z# m3 Y$ x0 B; ~1 c5 j我们暂时这么写，之后再来搞清楚他们到底是什么意思
get UNK2 long
get UNK3 long
get UNK4 long
0 A5 @, `5 C" _, H, K
/ i  h# t( Z  g, d4 i那么我们现在又看到了文件名
现在，我们找到了规律，所以按我们之前学到了来写脚本：

, e' @! h3 @* H2 m# N0 a  L/ z4 C, ]代码:
idstring " PSH"
7 O0 ^/ n8 V% l: j- jget UNK1 long
get FILES long
get NULL1 long
for i = 0 < FILES
getdstring NAME 0x80
2 E4 I/ Q) z0 `9 R, ~2 f/ f8 t. Tget UNK2 long
get UNK3 long
" S/ |. ]/ T5 S: |$ u5 ]get UNK4 long
, u6 C- q  a* k& u, a! Cclog NAME OFFSET ZSIZE SIZE
next i

# b( N! U+ }6 Mok，这看起来可能有一点复杂，不过应该跟第一篇教程差不多，除了我们多加了一个变量ZSIZE，它表示压缩过的文件大小，而SIZE代表没压缩过的文件大小
我们同样将log命令改为clog，表示这是一个压缩过的文件。

现在，我们有了循环，指令来解包，不过先得给这三个变量赋值
OFFSET ZSIZE SIZE
" x& E4 {2 O3 w2 R7 b- J
这意味着我们那三个未知变量很有可能代表的就是他们，那么我们怎么知道顺序呢？

好，现在让我们来到这个循环的末尾，定位到最后一个文件的文件名，选择0x8C个字节。
然后之后2个字节是78 9C，这是一个解包器的最好朋友，尤其当你在一个文件的开头看到它时。
9 q/ u/ C5 B& ^* b0 n8 L78 9C 是标准zlib压缩格式的头部标识
: A5 A( [+ y% L: g* O
- a# t6 Y" a  k+ \/ P! P& n所以，这意味着我们的第一个文件从偏移0x240开始
/ t0 A" r/ b  J. Q5 ^
# f. X& H9 c8 W& ^( ?之后，我们回到列表里的第一个文件，看看这些未知变量。
; j- G% \( G! W$ t24 72 00 00 代表0x7224
80 00 02 00 代表0x20080
5 }& D8 W$ y  d6 E5 O5 _5 G40 02 00 00 代表0x240

我想我们至少知道第三个变量0x240代表着偏移量
* `# z5 A8 j: l# G  K3 |- m2 E: ?5 [那么，更新一下脚本：
1 t% Y$ I+ G1 a
- ^( E- {7 U7 C& Z. J5 O* V- s代码:
6 q% ?1 h+ p, ?& {( y4 Xidstring " PSH"
get UNK1 long
& O# j) w1 ?; ^% l) Z! E. T' M. C6 Dget FILES long
, H: T* J. K( `! z) Iget NULL1 long
- ]# B) q3 K2 r- |. B; z4 bfor i = 0 < FILES
getdstring NAME 0x80
' c& N3 h! x  k; Uget UNK2 long
) K# p$ a  ^3 [' s8 `( Vget UNK3 long
get OFFSET long
clog NAME OFFSET ZSIZE SIZE
( M# d$ S9 I7 K4 P$ K' c6 P8 wnext i
& s7 S* ]0 U* }* G' B( N
好了，现在还剩下ZSIZE和SIZE
. s* ~+ B$ K7 y' d" G$ X显然，压缩后的文件大小要比原来的要小，那么比较一下这两个变量
3 B1 z. D  {& f5 y一个是0x7224,一个是0x20080
1 ^& n  G2 M& `! }  H显然，后者要大，于是我们这么改写脚本：
" u2 }$ i6 V4 H& O4 F. O, ?
代码:
idstring " PSH"
get UNK1 long
get FILES long
get NULL1 long
for i = 0 < FILES
getdstring NAME 0x80
get ZSIZE long
get SIZE long
get OFFSET long
: O  L6 k7 G2 p; }# a* C: Eclog NAME OFFSET ZSIZE SIZE
4 W" n) l3 z. k# Tnext i

# i- ]! o  o8 u6 L( ?好了，现在试试我们的代码吧。
$ q6 {5 r: {; m1 p6 d0 j; E" e5 ]打开命令提示符，进入到c:\\temp目录
: ?7 y) J7 }. E
9 x) e! K9 F& L3 T输入 quickbms.exe -l astro.bms BoneObject.hsp
他会列出我们的文件，没有提示任何错误
1 K. A, R8 D8 f+ b. o/ P好了，现在我们建立一个目录 extract
4 o$ L6 e% k3 @; x8 z输入quickbms.exe astro.bms BoneObject.hsp extract

  W  V% R! S! o, @/ ^1 C好了，现在我们在目录里有了4张图片，我们完成了。

感谢各位前辈，留爪备查。