Vos1.0p font patch making makeup
Let me talk about my turn, I think VOS is compiled in Korean state, so his process (thread) is also Korean, then I just need to change the process's local to Chinese. Find in MSDN, found that there is an API that I am in the style: setthreadlocale. However, VOS did not use setthreadlocale, so I modified the Import table, inserted into setthreadlocale, and inserted the code in the code segment to call setthreadlocale, double-click VOS to run ... The familiar Korean appeared in front of me, fainted on the spot.
Say that I have gone through the hard curve, to tell you, how important it is to look at the direction. The following positive road is much simpler than the bend.
Enter the topic, I use the tool: W32DASM is used to static disassembly, and Softice is used to dynamically track, UltraEdit is used to edit.
First of all, of course, use W32DASM disassembled vos.exe, but also hanseulsoft did not do any nausea-compressed plus shell, easily got the reverse of VOS. We have to do a VOS font patch, the English name of the font is font, searching Font, Sure enough, VOS is used to createFonta, and the font is related to only this function. Continue to search for CreateFonta, found that VOS has used CreateFonta, once at 0043DD0B, and once at 0043DE17.
First look at the call:
0043DDEF 50
Push EAX
// LPSZFACE
: 0043DDF0 0FBF942490000000movsx edx, word ptr [esp 00000090]: 0043DDF8 6A02push 00000002 // fdwPitchAndFamily: 0043DDFA 6A00push 00000000 // fdwQuality: 0043DDFC 0FBF84249C000000movsx eax, word ptr [esp 0000009C]: 0043DE04 6A00push 00000000 // fdwClipPrecision: 0043DE06 6A00push 00000000 / / fdwOutputPrecision: 0043DE08 6A01push 00000001 // fdwCharSet DEFAULT_CHARSET: 0043DE0A 6A00push 00000000 // fdwStrikeOut: 0043DE0C 6A00push 00000000 // fdwUnderline: 0043DE0E 6A00push 00000000 // fdwItalic: 0043DE10 51push ecx // fnWeight: 0043DE11 6A00push 00000000 // nOrientation: 0043DE13 6A00push 00000000 / / NESCAPEMENT: 0043DE15 52PUSH EDX // NWIDTH: 0043DE16 50PUSH EAX // NHEIGHT * REFERENCE TO: GDI32.CREATEFONTA, ORD: 0036H |: 0043DE17 FF1578104400 Call Dword Ptr [00441078]
The parameters of the function in the VC are poured into the stack, so when you look at it, you are familiar with what cretefont this function:
HFONT CreateFont (int nHeight, // logical height of font int nWidth, // logical average character width int nEscapement, // angle of escapement int nOrientation, // base-line orientation angle int fnWeight, // font weight DWORD fdwItalic, / / italic attribute flag DWORD fdwUnderline, // underline attribute flag DWORD fdwStrikeOut, // strikeout attribute flag DWORD fdwCharSet, // character set identifier DWORD fdwOutputPrecision, // output precision DWORD fdwClipPrecision, // clipping precision DWORD fdwQuality, // output quality DWORD FDWPITCHANDFAMILY, / / PITCH AND FAMILY LPCTSTR LPSZFACE / / POINTER TO TYPSZFACE STRING); there is a relationship with the country is fdwcharset parameters. Obviously VOS sets this parameter to haangul_charset, so under Windows installed with Korean fonts, VOS will Show Korean text. In the included directory of the VC, search for haangul_charset, in Wingdi.h: #define haangul_charset 129
129's hexadecimal is 81, and the CREATEFONT of 0043DE17 is 1, 1 is default_charset, so it is not our goal. Look at the first call:
: 0043DCD2 50push eax // lpszFace: 0043DCD3 6A02push 00000002 // fdwPitchAndFamily: 0043DCD5 83E180and ecx, FFFFFF80: 0043DCD8 6A00push 00000000 // fdwQuality: 0043DCDA 6A00push 00000000 // fdwClipPrecision: 0043DCDC 81C181000000 add ecx, 00000081 // <--- source here : 0043DCE2 6A00PUSH 00000000 // fdwoutputPrecision: 0043DCE4 51PUSH ECX // fdwcharset <--- Prisoner is it! ! ! : 0043DCE5 6A00 push 00000000 // fdwStrikeOut: 0043DCE7 6A00push 00000000 // fdwUnderline: 0043DCE9 6A00push 00000000 // fdwItalic: 0043DCEB 52push edx // fnWeight: 0043DCEC 6A00push 00000000 // nOrientation: 0043DCEE 6A00push 00000000 // nEscapement: 0043DCF0 6A00push 00000000 // nWidth : 0043DCF2 6A48push 00000048 // nHeight: 0043DCF4 6A5Apush 0000005A: 0043DCF6 57push edi * Reference To: GDI32.GetDeviceCaps, Ord: 0125h |: 0043DCF7 FF1534104400 Call dword ptr [00441034]: ......: * Reference To: GDI32.CreateFontA, Ord: 0036H: 0043DD0B FF1578104400CALL DWORD PTR [00441078] This call is optimized by VC, the parameters are set in front, getDeviceCaps use two parameters, push it up, you can see that charset is set by register CX, so as long as front
: 0043DCDC 81C181000000 Add ECX, 00000081
Change to
MOV ECX, 1
NOP
Yes.
When I first changed it in Softice, I entered VOS, I saw the familiar Chinese, excited to say.
2003-08-30
By NOWORD (Welcome Reprint)
