本文介绍了NSIS反编译器的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述 29岁程序员，3月因学历无情被辞！ 任何熟悉 NSIS 反编译器的人(谷歌不是 :-))Anyone familiar with NSIS decompiler (google wasn't :-) )谢谢，E推荐答案如何访问 NSIS 安装程序脚本?好的，这就是那篇文章的重点.How to access the NSIS Installer Script?Okay that's the big topic for that post.http:///netcologne.dl.sourceforge.net/project/nsis/NSIS%202/2.09/nsis-2.09-src.tar.bz2nsis-2.09-src\Source\exehead\fileform.cnsis-2.09-src\Source\exehead\fileform.hnsis-2.09-src\Source\exehead\fileform.cnsis-2.09-src\Source\exehead\fileform.h#define FH_SIG 0xDEADBEEF// neato surprise signature that goes in firstheader. :)#define FH_INT1 0x6C6C754E // 'Null'#define FH_INT2 0x74666F73 // 'soft'#define FH_INT3 0x74736E49 // 'Inst'typedef struct{ int flags; // FH_FLAGS_* int siginfo; // FH_SIG int nsinst[3]; // FH_INT1,FH_INT2,FH_INT3 // these point to the header+sections+entries+stringtable in the datablock int length_of_header; // this specifies the length of all the data (including the firstheader and CRC) int length_of_all_following_data;} firstheader;数据样本:$ ==> 00000000 ....$+4 DEADBEEF$+8 6C6C754E Null$+C 74666F73 soft$+10 74736E49 Inst$+14 000268E2 157 922 length_of_header (inside <<Compressed Data>>)$+18 011947CB 18 433 995 length_of_all_following_data <<Compressed Data>>$+011947CB CRC32获取<<压缩数据>>未压缩Getting <<Compressed Data>> Uncompressed好吧，这个数据被写入 %temp%但是 ShareMode=None 和 Attributes = DELETE_ON_CLOSE 所以你不能访问它.Well this data is written to %temp%however with ShareMode=None and Attributes = DELETE_ON_CLOSE so you can't access it.Fix: Inside 'NSIS Setup.exe'Replace 68 00 01 00 04 with 68 00 00 00 00 To avoid that this tempfile get's create with DELETE_ON_CLOSEBackground: 00402E56 |. 68 00010004 PUSH 4000100 ; |Attributes = TEMPORARY|DELETE_ON_CLOSE ^^^^^^^^^^^-Patch Target 00402E5B |. 6A 02 PUSH 2 ; |Mode = CREATE_ALWAYS 00402E5D |. 53 PUSH EBX ; |pSecurity 00402E5E |. 53 PUSH EBX ; |ShareMode 00402E65 |. 68 000000C0 PUSH C0000000 ; |Access = GENERIC_READ|GENERIC_WRITE 00402E6A |. 50 PUSH EAX ; |FileName 00402E6B |. FF15 90704000 CALL [<&KERNEL32.CreateFileA>] ; \CreateFileA好的，那个大 <> 未压缩的临时文件是这样开始的:Okay that big <> Uncompressed temporary file starts like this:00000000 E2 68 02 00 A0 00 00 00 2C 01 00 00 08 00 00 00 2C âh   , ,E2 68 02 00 -> 000268E2 157 922 length_of_header(内部 )E2 68 02 00 -> 000268E2 157 922 length_of_header (inside <>)只要切出这个数据块，NSIS 脚本就可以作为未压缩的原始数据Just cut out this datablock and well have the NSIS script as uncompressed Raw其余数据是 7z 将为您提取的数据文件.The rest of data are data files that 7z will extract for you.更新:获取通用提取器使用cmdTotal 1.02 (c) 2006/2007 KaKeeware, http://www.kakeeware.com带插件:InstExpl.wcx或多或少成功提取 Nullsoft Setup.exe.小心不要太相信提取的文件 - 有些东西已损坏.(为此更喜欢 7zip.)然而，该程序的主要内容是script.bin那是在我测试的 3-4 示例中，状态良好.:)to more or less successfully extract a Nullsoft Setup.exe.Be careful don't trust much on the extracted files - there are somethings corrupted.(Prefer 7zip for that.)However the main thing of that procedure is thescript.binThat was on the 3-4 example I test in good shape. :)好的更新:这是我的一个非常早期的版本NullsoftDecompiler 1.2 alphaOkay an update:Here's an really early version of myNullsoftDecompiler 1.2 alpha目前它仍在大量开发中，但这是它的第一个未完成的原始版本.At the moment it's still heavily under development however here's the first raw unfinished version of it.更新(大约一年后):NullsoftDecompiler 3最后我添加了解压支持.UPDATE(About a year later):NullsoftDecompiler 3Finally I added decompression support. 这篇关于NSIS反编译器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！