qq-win-db-key icon indicating copy to clipboard operation
qq-win-db-key copied to clipboard
verified publisher icon QQBackup

9.9.22.40990 x86 offset

Open loquat opened this issue 2 months ago • 1 comments

9.9.22.40990 x86

idb文件开头 QQ.exe:002D0000 .686p QQ.exe:002D0000 .mmx QQ.exe:002D0000 .model flat

.text:57E98160 ; int __cdecl sub_57E98160(const void *, char *, int, int) .text:57E98160 sub_57E98160 proc near ; CODE XREF: sub_5722C930+CE↑p .text:57E98160 ; sub_57E98120+27↑p ... .text:57E98160 .text:57E98160 arg_0= dword ptr 4 .text:57E98160 arg_4= dword ptr 8 .text:57E98160 arg_8= dword ptr 0Ch .text:57E98160 arg_C= dword ptr 10h .text:57E98160 .text:57E98160 push ebp .text:57E98161 push ebx .text:57E98162 push edi .text:57E98163 push esi .text:57E98164 mov edi, [esp+10h+arg_4] .text:57E98168 mov esi, [esp+10h+arg_0] .text:57E9816C push edi .text:57E9816D push esi .text:57E9816E push offset aNtSqlite3KeyV2 ; "nt_sqlite3_key_v2: db=%p zDb=%s" .text:57E98173 push 8 .text:57E98175 call sub_5865E980 .text:57E9817A add esp, 10h .text:57E9817D test esi, esi .text:57E9817F jz short loc_57E981A9 .text:57E98181 mov ebx, [esp+10h+arg_8] .text:57E98185 test ebx, ebx .text:57E98187 jz short loc_57E981A9 .text:57E98189 mov ebp, [esp+10h+arg_C] .text:57E9818D test ebp, ebp .text:57E9818F jz short loc_57E981A9 .text:57E98191 push edi .text:57E98192 push esi .text:57E98193 call sub_57E97AD0 .text:57E98198 add esp, 8 .text:57E9819B push ebp .text:57E9819C push ebx .text:57E9819D push eax .text:57E9819E push esi .text:57E9819F call sub_57E97EA0 .text:57E981A4 add esp, 10h .text:57E981A7 jmp short loc_57E981BD .text:57E981A9 ; --------------------------------------------------------------------------- .text:57E981A9 .text:57E981A9 loc_57E981A9: ; CODE XREF: sub_57E98160+1F↑j .text:57E981A9 ; sub_57E98160+27↑j ... .text:57E981A9 push offset aNtSqlite3KeyV2_0 ; "nt_sqlite3_key_v2: no key provided" .text:57E981AE push 1 .text:57E981B0 call sub_5865E980 .text:57E981B5 add esp, 8 .text:57E981B8 mov eax, 1 .text:57E981BD .text:57E981BD loc_57E981BD: ; CODE XREF: sub_57E98160+47↑j .text:57E981BD pop esi .text:57E981BE pop edi .text:57E981BF pop ebx .text:57E981C0 pop ebp .text:57E981C1 retn .text:57E981C1 sub_57E98160 endp .text:57E981C1 .text:57E981C1 ; --------------------------------------------------------------------------- .text:57E981C2 align 10h

loquat avatar Nov 05 '25 06:11 loquat

谢谢贡献!现在的主要问题是,找offset并不难,但是判断QQ版本、选择对应的pattern还没有实现。另外relocation也需要处理。 因为同样原因受阻的还有 https://github.com/QQBackup/qq-win-db-key/pull/56

Young-Lord avatar Nov 05 '25 11:11 Young-Lord