Ext文件磁盘浏览工具 rdrext23
本帖最后由 空道 于 2014-10-16 12:08 编辑可将Android 系统整个文件系统镜像出来(类似于 WinHex磁盘拷贝操作) 通过此工具浏览,支持删除文件恢复
顺便Patch了下, 下面是 破解笔记
00409967 /74 59 je short 004099C2 ; 除去提示框
00418ABC 8178 18 00000>cmp dword ptr , 40000 ;这里比较文件大小
00418AC3 0F87 D9000000 ja 00418BA2 ;如果文件大于0x4000就跳转,这里不能跳 ,可以直接NOP掉
00415F6C|.3D 00000400 cmp eax, 40000 ;又一处比较, 这里也不能跳
00415F71 0F87 8F000000 ja 00416006 ;将这个跳转NOP掉
00415F77|>0BC1 or eax, ecx
00416441|.817E 18 00000400 cmp dword ptr ds:, 40000
00416448 EB 48 jmp short rdrext23.00416492
004164CE|.817E 18 00000400 cmp dword ptr ds:, 40000
004164D5 90 nop
004164D6 90 nop
004164D7 90 nop
004164D8 90 nop
004164D9 90 nop
004164DA 90 nop
004164DB|>8B45 08 mov eax, dword ptr ss:
004163DD|.83E8 02 sub eax, 2
004163E0|.74 52 je short rdrext23.00416434 ;y
00404F9E B8 01000000 mov eax, 1
00404FA3 A3 80726B00 mov dword ptr ds:, eax ;关键变量让软件显示已注册
00404FA8|.885D FC mov byte ptr ss:, bl
///这里是原始代码
004F73EC|.81FE 00000C00 cmp esi, 0C0000 ;这里是关键点了, 我们将这里的代码进行Path掉
004F73F2|.76 0F jbe short 004F7403
004F73F4|>BE 00000C00 mov esi, 0C0000
004F73F9|.C785 ECFFF3FF>mov dword ptr , 0
004F7403|>8B07 mov eax, dword ptr
004F7405|.8B50 08 mov edx, dword ptr
004F7408|.6A 00 push 0
004F740A|.6A 00 push 0
004F740C|.8BCF mov ecx, edi
004F740E|.FFD2 call edx
004F7410|.8B07 mov eax, dword ptr
004F7412|.8B50 0C mov edx, dword ptr
004F7415|.56 push esi ;数据长度
004F7416|.8D8D F0FFF3FF lea ecx, dword ptr
004F741C|.51 push ecx ;数据
004F741D|.8BCF mov ecx, edi
004F741F|.FFD2 call edx ;read
004F7421|.33C9 xor ecx, ecx
004F7423|.3BC6 cmp eax, esi
004F7425|.^ 0F85 44FFFFFF jnz 004F736F
004F742B|.3B8D ECFFF3FF cmp ecx, dword ptr
004F7431|.^ 0F85 38FFFFFF jnz 004F736F
004F7437|.8B03 mov eax, dword ptr
004F7439|.8B50 14 mov edx, dword ptr
004F743C|.51 push ecx
004F743D|.51 push ecx
004F743E|.8BCB mov ecx, ebx
004F7440|.FFD2 call edx
004F7442|.8B03 mov eax, dword ptr
004F7444|.8B50 10 mov edx, dword ptr
004F7447|.56 push esi
004F7448|.8D8D F0FFF3FF lea ecx, dword ptr
004F744E|.51 push ecx
004F744F|.8BCB mov ecx, ebx
004F7451|.FFD2 call edx ;WriteFIle
004F7453|.0FB6C0 movzx eax, al
004F7456|.F7D8 neg eax
004F7458|.1BC0 sbb eax, eax
004F745A|.83E0 FC and eax, FFFFFFFC
004F745D|.83C0 04 add eax, 4
004F7460|.EB 05 jmp short 004F7467
004F7462|>B8 01000000 mov eax, 1
004F7467|>8B4D F4 mov ecx, dword ptr
004F746A|.64:890D 00000>mov dword ptr fs:, ecx
004F7471|.59 pop ecx
004F7472|.5F pop edi
004F7473|.5E pop esi
004F7474|.8B4D F0 mov ecx, dword ptr
004F7477|.33CD xor ecx, ebp
004F7479|.E8 CC97FAFF call 004A0C4A
004F747E|.8BE5 mov esp, ebp
004F7480|.5D pop ebp
004F7481\.C3 retn
//Patch代码
004F73EC|.6A 04 push 4
004F73EE|.68 00300000 push 3000
004F73F3|.50 push eax
004F73F4|>6A 00 push 0 ; |Address = NULL
004F73F6|.FF15 E8205300 call dword ptr [<&KERNEL32.VirtualAll>; \VirtualAlloc
004F73FC|.50 push eax
004F73FD|.8B07 mov eax, dword ptr
004F73FF|.8B50 08 mov edx, dword ptr
004F7402|.6A 00 push 0
004F7404|.6A 00 push 0
004F7406|.8BCF mov ecx, edi
004F7408|.FFD2 call edx
004F740A|.8B07 mov eax, dword ptr
004F740C|.8B50 0C mov edx, dword ptr
004F740F|.59 pop ecx
004F7410|.51 push ecx
004F7411|.56 push esi
004F7412|.51 push ecx
004F7413|.8BCF mov ecx, edi
004F7415|.FFD2 call edx
004F7417|.33C9 xor ecx, ecx
004F7419|.3BC6 cmp eax, esi
004F741B|.^ 0F85 4EFFFFFF jnz 004F736F
004F7421|.3B8D ECFFF3FF cmp ecx, dword ptr
004F7427|.^ 0F85 42FFFFFF jnz 004F736F
004F742D|.8B03 mov eax, dword ptr
004F742F|.8B50 14 mov edx, dword ptr
004F7432|.51 push ecx
004F7433|.51 push ecx
004F7434|.8BCB mov ecx, ebx
004F7436|.FFD2 call edx
004F7438|.8B03 mov eax, dword ptr
004F743A|.8B50 10 mov edx, dword ptr
004F743D|.59 pop ecx
004F743E|.51 push ecx
004F743F|.56 push esi
004F7440|.51 push ecx
004F7441|.8BCB mov ecx, ebx
004F7443|.FFD2 call edx
004F7445|.0FB6C0 movzx eax, al
004F7448|.F7D8 neg eax
004F744A|.1BC0 sbb eax, eax
004F744C|.59 pop ecx
004F744D|.68 00800000 push 8000 ; /FreeType = MEM_RELEASE
004F7452|.6A 00 push 0 ; |Size = 0
004F7454|.51 push ecx ; |Address
004F7455|.FF15 E4205300 call dword ptr [<&KERNEL32.VirtualFre>; \VirtualFree
004F745B|.33C0 xor eax, eax
004F745D|.90 nop
004F745E|.90 nop
004F745F|.90 nop
004F7460|.EB 05 jmp short 004F7467
004F7462|>B8 01000000 mov eax, 1
004F7467|>8B4D F4 mov ecx, dword ptr
004F746A|.64:890D 00000>mov dword ptr fs:, ecx
004F7471|.59 pop ecx
004F7472|.5F pop edi
004F7473|.5E pop esi
004F7474|.8B4D F0 mov ecx, dword ptr
004F7477|.33CD xor ecx, ebp
004F7479|.E8 CC97FAFF call 004A0C4A
004F747E|.8BE5 mov esp, ebp
004F7480|.5D pop ebp
004F7481\.C3 retn
下载地址:
**** Hidden Message *****
来得沙发膜拜大神,只可远观也!! 支持版主了,感谢分享精彩 昨天刚用link2sd把我自己的Y210,挂载到SD卡里,今天就见到了这么好的帖子。谢谢了 先支持在看贴,谢谢分享~ {:biggrin:}感谢楼主的分享 顶你一下,好贴要顶! 谢谢,收下了! 谢谢分享!
默默的收藏了