Make your own free website on Tripod.com

修正 WinHex 中文化版中存在的ASCII字型/字號問題

作者: 樹袋熊 & 飛鷹 (flithawk)


---------------------------------轉載開始-----------------------------------

飛鷹:

  您好 ! 首先感謝您為我們中文化這麼好的編輯器。因我平時一般都是使用UltraEdit作為編輯器,這次因為需要修改記憶體,就從線上下載了您最近中文化的WinHex 10.00。啟動後,程式主界面上顯示的不是新細明體字,而選項中的設定字型項也沒有新細明體可供選擇。我經過調試,發現還是可以改為新細明體顯示的。

首先調試的是選項中的自定義字型這個地方:

:0042D2F1 MOV [ESP+14],4041
:0042D2F9 PUSH ESP
:0042d2FA CALL ChooseFontA

和UltraEdit一樣,程式是將 CHOOSEFONTA.Flags 定義為了4041h,只要改為41h即可選擇新細明體。

再次啟動程式,選擇新細明體9號字,可以看到只是改變了十六進制編輯框中的文字,而視窗邊顯示的文字並未改變。

因為程式是使用 DrawTextA 函數顯示文字的,而這個函數一般是使用 SelectObject 來設定字型的。透過對這個函數的攔截,可以找到程式是透過下面兩個字義字型的函數來決定視窗文字顯示的:



     原始指令             修改後的指令

:00450401 CMP BYTE [EBP-9],0D     CMP BYTE [EBP-9],0D
:00450405 JA 00450411         JMP 450411
:00450407 MOV EAX,[0046D524]
:0045040C CMP BYTE [EAX],2
:0045040F JNZ 00450458                ; 這裡如果跳轉將會使用 GetStockObject 函數檢取預定義字型。
:00450411 PUSH 00450A24        PUSH 450A2C  ; 這裡原來是指向字型Arial
:00450416 PUSH 22           PUSH 0
:00450418 PUSH 2            PUSH 2
:0045041A PUSH 0            PUSH 0
:0045041C PUSH 0            PUSH 0
:0045041E PUSH 0            PUSH 86
:00450420 PUSH 0            PUSH 0
:00450422 PUSH 0            PUSH 0
:00450424 PUSH 0            PUSH 0
:00450426 PUSH 64           PUSH 64
:00450428 PUSH 0            PUSH 0
:0045042A PUSH 0            PUSH 0
:0045042C PUSH 0            PUSH 0
:0045042E MOV EAX,[0048D524]      PUSH FFFFFFF4
:00450433 CMP BYTE [EAX],2       NOP
:00450436 SETA AL           NOP
:00450439 AND EAX,7F          NOP
:0045043C AND EAX,0E          NOP
:0045043F PUSH EAX           NOP
:00450440 CALL CreateFontA



     原始指令             修改後的指令

:004504D7 MOV EAX,[0046D170]      PUSH 450A2C  ; 這裡原指向字型Helv,將「Helv」改為「新細明體」。
:004504DC CMP BYTE [EAX],0       PUSH 0     ; 因為地方不夠,所以寫到這來了。
:004504DF JZ 004504F3         JMP 004504F3
:004504E1 PUSH 11
:004504E3 CALL GetStockObject             ; 本程式中,這個函數也是用來檢取預定義字型的。
:004504E8 MOV EDX,[0046D0C8]             ; 所以一定要跳過這個函數。
:004504EE MOV [EDX+C],EAX
:004504F1 JMP 00450520
:004504F3 PUSH 00450A2C        PUSH 2
:004504F8 PUSH 0            PUSH 0
:004504FA PUSH 2            PUSH 0
:004504FC PUSH 0            PUSH 86
:004504FE PUSH 0            PUSH 0
:00450500 PUSH 0            PUSH 0
:00450502 PUSH 0            PUSH 0
:00450504 PUSH 0            PUSH 64
:00450506 PUSH 0            PUSH 0
:00450508 PUSH 64           PUSH 0
:0045050A PUSH 0            PUSH 0
:0045050C PUSH 0            PUSH FFFFFFF4
:0045050E PUSH 0            NOP
:00450510 PUSH 12
:00450512 CALL CreateFontA



總的來說就是在Winhex.exe中

尋找: C744241441400000

改為: C744241441000000

尋找字串: Helv
改為字串: 新細明體

尋找: 807DF70D770A
改為: 807DF70DEB0A

尋找: 68240A45006A226A026A006A006A006A006A006A006A646A006A006A00A124D546008038020F97C083E07F83C00E50
改為: 682C0A45006A006A026A006A0068860000006A006A006A006A646A006A006A0068F4FFFFFF90909090909090909090

尋找: A170D146008038007412
改為: 682C0A45006A0090EB12

尋找: 682C0A45006A006A026A006A006A006A006A006A006A646A006A006A006A12
改為: 6A026A006A0068860000006A006A006A006A646A006A006A0068F4FFFFFF90

以上將所有數據列出來了,方便您用工具直接尋找、替換。
我分析了一下,以上代碼只在程式初使化過程中被使用,後面沒有再使用過,估計應該不會有什麼問題。


樹袋熊
http://www.365hz.net


---------------------------------轉載結束-----------------------------------


    在上面的這篇文章中,我覺得改字號時,是否可以這樣來寫: 6AF4,而不必寫成68F4FFFFFF,寫成6AF4可以節省很多字節空間,這種寫法在 WinHex 中獲得了成功;還有就是上面文章中說道的: 可以找到程式是透過下面兩個字義字型的函數來決定視窗文字顯示的,但在實際運用中我發現好像只要改找到的第一處字型函數就行了,不必再改第二處了。

    下面是在修改 WinHex 10.0 SR-7 ASCII字型/字號問題時採取下來的編譯代碼:

一、選項中的自定義字型的地方:

修改前:

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042D5B1(C)
|
:0042D5BD C744241441400000 mov [esp+14], 00004041

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042D5BB(U)
|
:0042D5C5 54 push esp

* Reference To: comdlg32.ChooseFontA, Ord:0000h
|
:0042D5C6 E8111DFFFF Call 0041F2DC
:0042D5CB 85C0 test eax, eax
:0042D5CD 7478 je 0042D647
:0042D5CF 8D44243C lea eax, dword ptr [esp+3C]
:0042D5D3 E864F6FDFF call 0040CC3C
:0042D5D8 84C0 test al, al
:0042D5DA 74B6 je 0042D592
:0042D5DC 8D44243C lea eax, dword ptr [esp+3C]
:0042D5E0 50 push eax

* Reference To: gdi32.CreateFontIndirectA, Ord:0000h


修改後:

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042D5B1(C)
|

* Possible Ref to Menu: MenuID_0001, Item: "Markierung l□chen"
|
:0042D5BD C744241441000000 mov [esp+14], 00000041 ***被改處***

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042D5BB(U)
|
:0042D5C5 54 push esp

* Reference To: comdlg32.ChooseFontA, Ord:0000h
|
:0042D5C6 E8111DFFFF Call 0041F2DC
:0042D5CB 85C0 test eax, eax
:0042D5CD 7478 je 0042D647
:0042D5CF 8D44243C lea eax, dword ptr [esp+3C]
:0042D5D3 E864F6FDFF call 0040CC3C
:0042D5D8 84C0 test al, al
:0042D5DA 74B6 je 0042D592
:0042D5DC 8D44243C lea eax, dword ptr [esp+3C]
:0042D5E0 50 push eax

* Reference To: gdi32.CreateFontIndirectA, Ord:0000h



二、視窗中顯示的文字:

修改前:

* Reference To: gdi32.CreateFontA, Ord:0000h
|
:00450877 E8604AFBFF Call 004052DC
:0045087C 8B15CCD04600 mov edx, dword ptr [0046D0CC]
:00450882 894204 mov dword ptr [edx+04], eax
:00450885 807DF70D cmp byte ptr [ebp-09], 0D
:00450889 770A ja 00450895
:0045088B A134D54600 mov eax, dword ptr [0046D534]
:00450890 803802 cmp byte ptr [eax], 02
:00450893 7647 jbe 004508DC

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00450889(C)
|

* Possible StringData Ref from Code Obj ->"Arial"
|
:00450895 68C40E4500 push 00450EC4

* Possible Ref to Menu: MenuID_0001, Item: "Nullbytes einf黦en... Strg+0"
|
:0045089A 6A22 push 00000022

* Possible Reference to Menu: MenuID_0002
|
:0045089C 6A02 push 00000002
:0045089E 6A00 push 00000000
:004508A0 6A00 push 00000000
:004508A2 6A00 push 00000000
:004508A4 6A00 push 00000000
:004508A6 6A00 push 00000000
:004508A8 6A00 push 00000000

* Possible Ref to Menu: MenuID_0001, Item: "Zeilenanfang Strg+Pos1"
|
:004508AA 6A64 push 00000064
:004508AC 6A00 push 00000000
:004508AE 6A00 push 00000000
:004508B0 6A00 push 00000000
:004508B2 A134D54600 mov eax, dword ptr [0046D534]
:004508B7 803802 cmp byte ptr [eax], 02
:004508BA 0F97C0 seta al
:004508BD 83E07F and eax, 0000007F
:004508C0 83C00E add eax, 0000000E
:004508C3 50 push eax

* Reference To: gdi32.CreateFontA, Ord:0000h
|
:004508C4 E8134AFBFF Call 004052DC


修改後:

* Reference To: gdi32.CreateFontA, Ord:0000h
|
:00450877 E8604AFBFF Call 004052DC
:0045087C 8B15CCD04600 mov edx, dword ptr [0046D0CC]
:00450882 894204 mov dword ptr [edx+04], eax
:00450885 807DF70D cmp byte ptr [ebp-09], 0D
:00450889 EB0A jmp 00450895 ***被改處***
:0045088B A134D54600 mov eax, dword ptr [0046D534]
:00450890 803802 cmp byte ptr [eax], 02
:00450893 7647 jbe 004508DC

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00450889(U)
|

* Possible StringData Ref from Code Obj ->"新細明體" ***被改處***
|
:00450895 68C40E4500 push 00450EC4
:0045089A 6A00 push 00000000 ***被改處***

* Possible Reference to Menu: MenuID_0002
|
:0045089C 6A02 push 00000002
:0045089E 6A00 push 00000000
:004508A0 6A00 push 00000000

* Possible Ref to Menu: MenuID_0001, Item: "Symbole anordnen"
|
:004508A2 6A01 push 00000001 ***被改處***
:004508A4 6A00 push 00000000
:004508A6 6A00 push 00000000
:004508A8 6A00 push 00000000

* Possible Ref to Menu: MenuID_0001, Item: "Zeilenanfang Strg+Pos1"
|
:004508AA 6A64 push 00000064
:004508AC 6A00 push 00000000
:004508AE 6A00 push 00000000
:004508B0 6A00 push 00000000
:004508B2 6AF4 push FFFFFFF4 ***被改處***
:004508B4 90 nop ***被改處***
:004508B5 90 nop ***被改處***
:004508B6 90 nop ***被改處***
:004508B7 90 nop ***被改處***
:004508B8 90 nop ***被改處***
:004508B9 90 nop ***被改處***
:004508BA 90 nop ***被改處***
:004508BB 90 nop ***被改處***
:004508BC 90 nop ***被改處***
:004508BD 90 nop ***被改處***
:004508BE 90 nop ***被改處***
:004508BF 90 nop ***被改處***
:004508C0 90 nop ***被改處***
:004508C1 90 nop ***被改處***
:004508C2 90 nop ***被改處***
:004508C3 90 nop ***被改處***

* Reference To: gdi32.CreateFontA, Ord:0000h
|
:004508C4 E8134AFBFF Call 004052DC
 

(完)



回教學