續:突如奇來的高科技電子零件

改做的步驟太約是這樣:
1. 利用IDA分析DPFMate.exe, 找出儲存bmp的地址
2. 寫一個新的exe去取代DPFMate.exe

LanguageUnicode.ini是用來儲存button上的文字
應該成為分析用的flag

LanguageUnicode.ini

[Language]
Lan_1=English
Lan_2=Chinese
Lan_3=French

[English]
IDC_STATIC_PREVIEW=Preview:
IDC_STATIC_PICSINDPF=Pictures In Preview Album:
IDC_BTN_ADDTODPF=Add
IDC_BUTTON_DRAWRECT=Rect
IDC_BUTTON_CLEARRECT=Clear
IDC_BUTTON_CHANGE_L=RotateL
IDC_BUTTON_CHANGE=RotateR
IDC_BUTTON_SEND=Download
IDC_BUTTON_SELECTALL=All
IDC_BUTTON_DELECT=Delete
IDC_BUTTON_SAVE=Save
IDC_BUTTON_SAVEALL=SaveAll
ID_EXIT=Exit
IDC_BTN_SETTING=Setting
IDC_STATIC_HIDSTATUS=Total Pictures

IDC_BUTTON_ZOOMINTIPS=Zoom In
IDC_BUTTON_ZOOMOUTTIPS=Zoom Out
IDC_BUTTON_DRAWRECTTIPS=Draw Rect
IDC_BUTTON_CLEARRECTTIPS=Clear Rect
IDC_BTN_ADDTODPFTIPS=Add Photo
IDC_BUTTON_SAVEALLTIPS=Save all
IDC_BUTTON_SELECTALLTIPS=Select All
IDC_BUTTON_CHANGE_LTIPS=Rotate Left
IDC_BUTTON_CHANGETIPS=Rotate Right
IDC_BUTTON_SENDTIPS=download to synchronize
IDC_BUTTON_DELECTTIPS=Delete
IDC_BUTTON_SAVETIPS=Save As
ID_EXITTIPS=Exit
IDC_BTN_SETTINGTIPS=Setting
IDC_STATIC_JPGQUALITY=Jpg Quality:

DELETE_TIPS_1=Please select at least a pic before you delete it!
DELETE_TIPS_2=Delete the selected photo(s) YES NO?
SAVE_TIPS_1=You should select one pic at least!
SAVE_TIPS_2=Want to save as BMP files, please select Yes, else if you want to save as DPF files, please select NO!
STOP_TIPS_1=Stop download and quit?
EXIT_TIPS_1=The pictures in the Preview Album are not synchronized with the Digital Photo Frame. Do you really want to quit (and NOT download)?
EXIT_TIPS_2=Really want to quit?
MEMFULL_TIPS_1=The maximum number of images has been reached.  Delete some images before adding any more.
READFINISH_TIPS=Reading Finished!
DEVICEON_TIPS=DPF Attach!!
DEVICEOFF_TIPS=DPF Detached!!
STATUSBAR_LEFT=Info:

NOTFINDPID_TIPS=Your DPF PID was not writed on the StartInfo.ini file, please Check the file StartInfoUnicode.ini!
INSERTDEVICE_TIPS=Please insert your Digital Picture Frame first!
OPENPICFAIL_TIPS=Open picture file failed!The picture maybe destroyed or oversize!
OPENCLIPBOARDFAIL_TIPS=Cannot open the system clipboard!
SAVEPICFINISH_TIPS=All pics were saved!
STOPDOWNLOAD_TIPS=Stopping……
WRITEINPROTECT_TIPS=Download address wrong!It should not write in the protected address!
ALLOCMEMFAIL_TIPS=Allocate memory failed, not enough memory to use!
DOWNLOADFAIL_TIPS="Download pics failed!If you donot pull out the USB cable, please change an USB port or USB cable and try again!
SENDING_TIPS=Sending data, Please operate after sending finished!
PICDESTROY_TIPS=The picture is destroyed!
SYSTEMCOLOR_TIPS=The color quality of the system is less than 16 bit, the application cannot use in this situation!
VERIFYADDR_TIPS=Verify read the beginning address of user pics error!
VERIFYINDEX_TIPS=Verify failed! Please insert the Device and try again!
COMPRESSRATE_TIPS=This device donot surpport this compressed rate!
VERIFYPICINDEX_TIPS=Verify failed after write the pic index info!
AUTHORIZATE_TIPS=Authorization error! Your device can not use this application!
SYNCHRONIZETIME_TIPS=Synchronize time failed!
IDENTIFYFLASH_TIPS=Unknow the flash of the DPF, please contact the manufacturer to get support!
GETFLASHID_TIPS=Cannot get the Flash ID!Please insert the DPF again!
GETLCDSIZE_TIPS=Cannot get the LCD size from firmware!
LCDSIZEZERO_TIPS=LCD width is 0, it must have something wrong with your DPF!
USBERROR_TIPS=USB transmission error, please change another USB port or USB cable or insert again and try again!
NOPICS_TIPS=No photos in device!
DOWNLOADING_TIPS=Sending
DOWNFINISH_TIPS=Finished!
READVERIFY_TIPS=Cannot read the verify value from the DPF!
READCONTRAST_TIPS=Read LCD contrast info failed!
UPDATINGINDEX_TIPS=Updating......
SAVEDIR_TIPS=Choose Save Directory
WARN_TIPS=Don't pullout USB cable while reading or writing!
DRAG_TIPS=Please drag less than 15 files at a time!
FONTCOLOR_TIPS=Fontcolor
BACKGROUND_TIPS=Background
IDOK_TIPS=OK
CANCEL_TIPS=Cancel

ABOUT_SYSMENU=About
SETTOPMOST=Set Topmost
SETTOPMOST_TIPS=Set Topmost
MY_COMPUTER=My Computer
DESK_TOP=Desktop

LANGUAGE_MENU=Language
SUBMENU_1=English
SUBMENU_2=Chinese
SUBMENU_3=French


 利用debugger找出download button的function, 位置太約是loc_405275

跳到loc_405275的段落中找到function sub_4020F7 和 sub_40A993

分別跳到 sub_4020F7 和 sub_40A993後發現 sub_40A993 有類似 download 的program

從LanguageUnicode.ini中得知  DOWNLOADING_TIPS=Sending  和 DOWNFINISH_TIPS=Finished! 是 下載 圖片到device的flag

這兩個nodes之間應該是儲存.bmp的logic.

本身打算把device內的file全部刪除

不幸的事就從這裡發生............. (ノ °` Д ´° )ノ  ┴┴"
從DPFMate.exe入手的確找出了bmp的address,
但device的讀取方法並不是用一般的USB, 而是用USB CD-ROM

順帶一提USB Driver 是Sonic Solutions的產品
手上沒有還原成USB的工具 這個device不太值得用上太多的時間,
所以只好放置 ........ (´・ω・`)