Delphi font modification

zhaozj2021-02-08  552

Delphi font modification

statement

Individuals can freely reprint this article, but should maintain the integrity of the original text and inform me; if the business reprint first contact me first.

There is no clear or unclear note that this article is completely correct, read and use this article is your own choice, I am not responsible.

If you find that this article has a wrong place, please give me a pointed out; if you don't understand anything, please give me a given.

Opinions, suggestions and proposed issues are best written in my home page http://llf.126.com's message.

Foreword

When Hanhua people were in the Delphi program of Chinese CTRIS2000, the font settings in RCDATA were modified, but there was still a form of fonts. I helped him to make changes, here, I will talk about the Delphi program as an example. Modification of the font font size.

Originally, I thought that I would say clearly, but now it seems that it is not necessarily, so I still say it.

Delphi program font

About the font of the Delphi program, I think about three situations:

First, RCDATA format. There are many tools for this format font size, such as Exescope, Reshacker and other tools can be modified, and this is also the most way of using the font settings in the Delphi program, and most Delphi programs are only using this. The way, and its modification is relatively mature, so I don't discuss this approach.

Second, the SDK format. Some Delphi programs do not use Delphi default VCL running libraries in order to pursue the smallest independent executable file size, but use the SDK programming method, but this program is not much, if there is, the head is also very small, generally a few K, more than a dozen K, if the font is not coordinated in these programs, you can use and modify the same method to modify the same method.

Third, VCL internal format. VCL is a library used by delphi. It is likely to use a form that is not what we hope. However, I want to go, and there is only the INPUTBOX similar to the VB function, that is, CTRIS2000 The form of the name is required, so we have to talk about the modification of the font of the program of this approach, and almost certainly fixed in inputbox, of course, even this kind of situation is similar to the C font. Modify, not VB. (I don't know the function name of the function of the same function in Delphi, so it is temporarily called INPUTBOX).

Modification process

The process I modified is more cumbersome, so I cause complex parts here, simply say.

First, use W32DASM to reverse the Ctris2000.exe, store, open the Ctris2000.Alf file, find CreateFont, without CreateFontA, without CreateFontA, without CreateFontA, without CreateFonta, this is a bothering start. Continue to find, found that CreateFontIndirecta is called by three places, and addresses are 4124ec, 420460, and 42A7F3.

Run the TRW2000, tall Ctris2000.exe, then type "BPX 4124EC", "BPX 420460" and "BPX 42A7F3" setting breakpoints, press "F5" to run, type "DD * ESP" to view the top pointer of the stack The content of the address is found, and most of the case the beginning of this address is "fffffffff4", that is, "-12", it is normal, but once, it is "ffffffffff5", that is, "-11", in it Let's see the name "MS Sans Serif" of this font. Check Ctris2000.exe with Reshacker, found that all "MS SANS SERIF, 8" were changed to "Song, 9", so we first change these without changing these items to "Song, 9". 9 ", the deployment.

Open Ctris2000.exe with UEDIT, find "MS Sans Serif", only one, at 0x5B0B8, for verification, change this "MS SANS Serif", run the program, discovery that input form is really like us What I want to become "Song, 12".

The 0x5b0b8 is in the data segment, so the data base offset = the base site data RVA - data OFFSET = 40000H 5C000H - 5AE00 = 401200h, so 0x5B0B8 is 401200h 5B0B8 = 45 C2B8H in the code. Find "0045c2b8" in ctris2000.alf, did not find, then find "0045c2b", find a few, such as "0045c2b7", "0045c2b6" and "0045c2b0", very strange.

Run TRW2000, transfer to Ctris2000.exe, when the point is the same, when running to CreateFonta, type "DD 0045C2B0", see what it is? It turned out to be "ffffffffff5"! Ok, put "0045C2B0" as a breakthrough.

Open Ctris2000.Alf, find "0045C2B0", discover two places, the code is as follows:

* Reference by a call at address:

|: 0041979B

|

00419604 53 Push EBX

00419605 56 PUSH ESI

00419606 57 Push EDI

00419607 6A48 PUSH 00000048

: 00419609 A1D0E54500 MOV EAX, DWORD PTR [0045E5D0]

: 0041960E 50 Push EAX

0041960fi 6A08 Push 00000008

* Reference to: kernel32.muldiv, ord: 0000h

|

00419611 E836Befeff Call 0040544C

: 00419616 F7D8 NEG EAX

: 00419618 A3B0C24500 MOV DWORD PTR [0045C2B0], EAX: 0041961D A13CD64500 MOV Eax, DWORD PTR [0045D63C]

: 00419622 80780800 CMP Byte PTR [EAX 08], 00

00419777735

: 00419628 E893FFFFFFFFFFF CALL 004195C0

: 0041962D 8BD8 MOV EBX, EAX

: 0041962F 8BC3 MOV EAX, EBX

00419631 2C80 SUB AL, 80

00419633752D JNE 00419662

: 00419635 Be68964100 MOV ESI, 00419668

: 0041963A BFB7C24500 MOV EDI, 0045C2B7

: 0041963F B904000000 MOV ECX, 00000004

: 00419644 F3 REPZ

: 00419645 A5 MOVSD

00419646 6A48 PUSH 00000048

: 00419648 A1D0E54500 MOV EAX, DWORD PTR [0045E5D0]

: 0041964D 50 Push EAX

0041964E 6A09 Push 00000009

* Reference to: kernel32.muldiv, ord: 0000h

|

: 00419650 E8F7BDFEFF CALL 0040544C

00419655 F7D8 NEG EAX

: 00419657 A3B0C24500 MOV DWORD PTR [0045C2B0], EAX

: 0041965C 881DB6C24500 MOV BYTE PTR [0045C2B6], BL

* Reference by A (u) Nconditional OR (C) OONDitional Jump At Addresses:

|: 00419626 (C),: 00419633 (C)

|

: 00419662 5F POP EDI

: 00419663 5E POP ESI

: 00419664 5B POP EBX

00419665 C3 RET

I don't know if you can probably understand the code above, but it is basically the same as the MSDN, which is extracted in the "C-Document Modification":

NHEIGHT = -muldiv (Pointsize, GetDeviceCaps (HDC, Logpixelsy), 72);

We can see that "6A08" in "0041960F" is pound value, we need 9 pound fonts, so change "6A08" to "6A09". Code base offset = base site code RVA - code OFFSET = 400000H 1000H - 400H = 400C00H, 41960FH - 400C00H = 18A0FH, that is, "6A08" at 0x18A0F. Therefore, the final revision is this: "MS SANS Serif" at 0x5B0B8 is changed to "Song"; the 6A08 at 0x18A0F is changed to 6A09.

Although I have simplified the process, it seems to be very troublesome, then there is a simple way? some.

First, if you don't have such a modification, don't stay, change the "MS Sans Serif" is a simple and effective way, unfortunately, the font is relatively large.

Second, first change "MS SANS Serif" to "Song", then use W32DASM to compile the traditional procedures after the Chinese, open the * .alf file with EmEditor, press "Ctrl F", find a lookup dialog, select " Use expressions ", enter" Push 00000008 / N / N * Reference to: kernel32.muldiv, "in the text you want to find,", to find a lot of "08" to "09" to try it until get Correct results.

It should be noted that the second method is only applicable to the font modification of the Delphi program, and the first method is suitable for all programs. In addition, I can't affirmed the second method because I didn't see other similar Delphi programs. If you have seen it, you may wish to try.

转载请注明原文地址:https://www.9cbs.com/read-187.html

New Post(0)