作者:askformore
上次上传了个英文版 OD1.10 的 DIY,感觉很粗糙,当时由于打包压缩时误删了笔记,所以只能上传成品附件,也没空重写。近来,有些时间就重来一次,把功能稍作完善一下,本想使菜单能看见工具的图标的,美化一下的,可是脑子里没门,现在也够用,就算了。
DIY 过程如下(下面的内容多数不是为新手准备的):
首先,我们用LordPE加载 OD1.10 中文版,翻到 区段 和目录 部分,将重定位表偏移地址记住,然后擦除重定位表的所有相关信息,用16进制工具裁掉那个section的内容,因为我们要加入资源,而资源表又不是在最后的 section,或者你可以独立将重定位表保存起来,等 DIY 成功了再补回来也是可以的。另外,对于截获OD1.10的 消息流 的位置的方法,可参阅 pll621 老大的文章
在菜单资源上 添加需要的菜单“工具(&T)”,如下:
……
POPUP "帮助(&H)"
{
MENUITEM "版本信息(&A)", 2501
MENUITEM "帮助内容(&C)", 2502
MENUITEM SEPARATOR
MENUITEM "选择 API 帮助文件(&P)", 2503
MENUITEM "打开 API 帮助文件(&H)", 2504
}
POPUP "工具(&T)"
{
MENUITEM "自定义工具", 2509
MENUITEM SEPARATOR
MENUITEM "计算器", 2510
}
}
下面是我自己取名的对话窗口资源脚本: DIA_CFG_TOOLMENU
DIA_CFG_TOOLMENU DIALOG 80, 30, 271, 225
STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU
CAPTION "配置工具菜单"
LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
FONT 9, "宋体"
{
CONTROL "选择工具", 9099, BUTTON, BS_GROUPBOX | WS_CHILD | WS_VISIBLE, 8, 9, 258, 191
CONTROL "", 9041, EDIT, ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 45, 20, 160, 12
CONTROL "", 9042, EDIT, ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 45, 38, 160, 12
CONTROL "", 9043, EDIT, ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 45, 56, 160, 12
CONTROL "", 9044, EDIT, ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 45, 74, 160, 12
CONTROL "", 9045, EDIT, ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 45, 92, 160, 12
CONTROL "", 9046, EDIT, ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 45, 110, 160, 12
CONTROL "", 9047, EDIT, ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 45, 128, 160, 12
CONTROL "", 9048, EDIT, ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 45, 146, 160, 12
CONTROL "", 9049, EDIT, ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 45, 164, 160, 12
CONTROL "", 9050, EDIT, ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 45, 182, 160, 12
CONTROL "Tool01:", 9021, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 13, 21, 30, 9
CONTROL "Tool02:", 9022, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 13, 39, 30, 9
CONTROL "Tool03:", 9023, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 13, 57, 30, 9
CONTROL "Tool04:", 9024, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 13, 75, 30, 9
CONTROL "Tool05:", 9025, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 13, 94, 30, 9
CONTROL "Tool06:", 9026, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 14, 112, 30, 9
CONTROL "Tool07:", 9027, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 13, 129, 30, 9
CONTROL "Tool08:", 9028, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 13, 147, 30, 9
CONTROL "Tool09:", 9029, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 13, 165, 30, 9
CONTROL "Tool10:", 9030, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 13, 183, 30, 9
CONTROL "更改", 9001, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 209, 17, 50, 14
CONTROL "更改", 9002, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 209, 36, 50, 14
CONTROL "更改", 9003, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 209, 55, 50, 14
CONTROL "更改", 9004, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 209, 72, 50, 14
CONTROL "更改", 9005, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 209, 90, 50, 14
CONTROL "更改", 9006, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 209, 108, 50, 14
CONTROL "更改", 9007, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 209, 126, 50, 14
CONTROL "更改", 9008, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 209, 144, 50, 14
CONTROL "更改", 9009, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 209, 162, 50, 14
CONTROL "更改", 9010, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 209, 180, 50, 14
CONTROL "确定(&O)", 8888, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 74, 205, 50, 14
CONTROL "取消(&C)", 2, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 154, 205, 50, 14
}
上面是一个我盗取一个游戏模拟器配置菜单的对话窗口模块,各控件名称和 ID(最好不存在冲突) 全改了,位置也微调好了,反正调整到自己满意就可以!
你自己可以在 ResHacker 上测试,可是用它进补成功的!
浏览资源得知,“确定”和“取消”的 ID 分别是 2 和 1 ,我这里确定改为 8888,希望它发落去!
我找了这对话窗口(消息流较少的进行“盗版”)--> “版本信息”菜单
代码:--------------------------------------------------------------------------------
00440C3C push ebp
00440C3D mov ebp,esp
00440C3F add esp,-480
00440C45 mov eax,dword ptr ss:[ebp+10]
00440C48 mov edx,dword ptr ss:[ebp+C]
00440C4B sub edx,110 ; Switch (cases 110..112)
00440C51 je short 00440C62 ; NEWHAND.00440C62
00440C53 dec edx
00440C54 je short 00440CB2 ; NEWHAND.00440CB2
00440C56 dec edx
00440C57 je 00440CF7 ; NEWHAND.00440CF7
00440C5D jmp 00440D0E ; NEWHAND.00440D0E
00440C62 mov byte ptr ss:[ebp-480],0 ; Case 110 (WM_INITDIALOG) of switch 00440C4B
00440C69 mov byte ptr ss:[ebp-440],0
00440C70 lea eax,dword ptr ss:[ebp-440]
00440C76 lea ecx,dword ptr ss:[ebp-480]
00440C7C push eax ; /Arg6
00440C7D push ecx ; |Arg5
00440C7E push 0A ; |Arg4 0000000A
00440C80 push 1 ; |Arg3 00000001
00440C82 lea eax,dword ptr ss:[ebp-400] ; |
00440C88 push 4B9073 ; |Arg2 004B9073 ASCII 0A,"NewHand v%"
00440C8D push eax ; |Arg1
00440C8E call 004A6C2C ; /NEWHAND.004A6C2C
00440C93 add esp,18
00440C96 lea edx,dword ptr ss:[ebp-400]
00440C9C push edx ; /Text
00440C9D push 0E75 ; |ControlID E75 (3701.)
00440CA2 mov ecx,dword ptr ss:[ebp+8] ; |
00440CA5 push ecx ; |hWnd
00440CA6 call 004AF58E ; /SetDlgItemTextA
00440CAB call 00546360 ; // 原指令 mov eax,1
00440CB0 jmp short 00440D10 ; NEWHAND.00440D10
00440CB2 mov edx,eax ; Case 111 (WM_COMMAND) of switch 00440C4B
00440CB4 and dx,0FFFF
00440CB9 cmp dx,1
00440CBD je short 00440CC5 ; NEWHAND.00440CC5
00440CBF cmp dx,2
00440CC3 jnz short 00440CD2 ; NEWHAND.00440CD2
00440CC5 push 0 ; /Result 0
00440CC7 mov ecx,dword ptr ss:[ebp+8] ; |
00440CCA push ecx ; |hWnd
00440CCB call 004AF3EA ; /EndDialog
00440CD0 jmp short 00440D0E ; NEWHAND.00440D0E
00440CD2 call 00546206 ; // 原指令 cmp dx,0e76
00440CD7 jnz short 00440D0E ; NEWHAND.00440D0E
00440CD9 push 0 ; /IsShown 0
00440CDB push 4B91A4 ; |DefDir "."
00440CE0 push 0 ; |Parameters NULL
00440CE2 push 4B917F ; |FileName "http://home.t-online.de/home/NewHand"
00440CE7 push 4B917A ; |Operation "open"
00440CEC mov eax,dword ptr ss:[ebp+8] ; |
00440CEF push eax ; |hWnd
00440CF0 call 004AF342 ; /ShellExecuteA
00440CF5 jmp short 00440D0E ; NEWHAND.00440D0E
00440CF7 and eax,0FFF0 ; Case 112 (WM_SYSCOMMAND) of switch 00440C4B
00440CFC cmp eax,0F060
00440D01 jnz short 00440D0E ; NEWHAND.00440D0E
00440D03 push 0 ; /Result 0
00440D05 mov edx,dword ptr ss:[ebp+8] ; |
00440D08 push edx ; |hWnd
00440D09 call 004AF3EA ; /EndDialog
00440D0E xor eax,eax ; Default case of switch 00440C4B
00440D10 mov esp,ebp
00440D12 pop ebp
00440D13 retn 10
00440D16 nop
00440D17 nop
00440D18 push 0 ; /lParam NULL
00440D1A mov eax,dword ptr ds:[4D3B80] ; |
00440D1F push 440C3C ; |DlgProc NEWHAND.00440C3C //借用一下这里
00440D24 push eax ; |hOwner > NULL
00440D25 mov edx,dword ptr ds:[4D3B78] ; |
00440D2B push 4B91A6 ; |pTemplate "DIA_ABOUT"
00440D30 push edx ; |hInst > NULL
00440D31 call 004AF3C6 ; /DialogBoxParamA
00440D36 retn--------------------------------------------------------------------------------
1 2 3 4 下一页 |
安全中国首页 > 文章中心 > 工具技巧