Analysis of English-speaking dzd courseware documents

1. Overview

For basic information about dzd and the dzd Format Conversion Program txt2dzd, see here.

Looking for information about dzd documents, I first thought of many dzd documents and client software on the official website .www.englishto.com. I downloaded for PPC and for Java. first, the client for PPC is compiled in Ida. After being confused by the arm commands, I decided to try the Java version.

I have never touched java before. I just heard that Java bytecode can be decompiled very well. I found Xiaoying Java anti-compiler on the Internet. It's really good. I almost restored the source code, I can't think of a dish as an alternative open-source dish. these codes are much more loose than those of arm commands. The most lovely code is private Boolean is_zm (char N); (is _ letter !), The author has implemented it. Is it difficult to provide functions such as isalpha in j2s? We started our reverse journey without talking nonsense.

 

2. Start
Tools
Hexadecimal editor ultraedit
Xiaoying Java anti-Compiler
Windows Calculator

Code
To get the source code of the Java client, we are most concerned with its file I/O. You only need to know the general structure of the document.
The following is the code snippet of the bookview constructor class. It reads the basic information of some documents:

Inputstream input = getclass (). getresourceasstream ("ebook. Jeb ");
Datainputstream ebookfilehandle = new datainputstream (input );
The program only reads the ebook. the Jeb document is clearly not the dzd document we want to study, but I guess that since the structure of the document under the dish door is certainly the same, it is probably out of the hands of the same engineer, I guess it is correct.

 

M_bybookcount = ebookfilehandle. readbyte (); reads chapter count chapcount. The author uses bybookcount as the variable name.

Int nmaxcount = ebookfilehandle. readint ();
M_cbookdata = new char [ebookfilehandle. readint ()]; read document data size bookdatacount

M_nfilesnamelen = ebookfilehandle. readint (); namelen ()

M_pnbooknameinfo = new int [nmaxcount + 20];
For (INT I = 0; I <nmaxcount; I ++) m_pnbooknameinfo [I] = ebookfilehandle. readint (); read document information bookinfo

M_pbooklineinfo = new byte [2 * m_bybookcount + 2 * nmaxcount]; Allocate row information lineinfo storage space

Ebookfilehandle. Read (m_pbooklineinfo, 0, 2 * m_bybookcount); read Partial row Information

The following is the code snippet of the showbook function:

Inputstream input = getclass (). getresourceasstream ("ebook. Jeb ");
Datainputstream ebookfilehandle = new datainputstream (input); still reads this file

Ebookfilehandle. Skip (m_pnbooknameinfo [m_byusercfgdata [9]); storage file offset in booknameinfo [m_byusercfgdata [9] plineinfo

 

Ebookfilehandle. Read (m_pbooklineinfo, 2 * m_bybookcount, m_pnbooknameinfo [m_bybookcount + m_byuser1_data [9] * 2); read Partial row Information

M_necharnum = m_pnbooknameinfo [m_bybookcount * 2 + m_byuser1_data [9]; booklineinfo contains English characters
M_nccharnum = m_pnbooknameinfo [m_bybookcount * 3 + m_byuser1_data [9]; booklineinfo contains Chinese Characters

For (int K = 0; k <m_necharnum ;){
M_cbookdata [I] = (char) ebookfilehandle. readbyte (); reads English document data, ASCII characters
K ++;
I ++;
}
For (int K = 0; k <m_nccharnum ;){
M_cbookdata [I] = ebookfilehandle. readchar (); reads Chinese document data, Unicode string
K ++;
I ++;
}

After studying other functions, we have learned about the general structure of the Jeb document. it is estimated that the dzd document structure is roughly similar and divided into several chapters. when reading, the lines in Chinese and English are separated from the lines in Chinese. We can see that the lines are structured, rather than the loose and non-structured TXT documents. dzd has a line of information to control line interruptions. one byte represents a line of English characters. The next byte represents a line of Chinese characters.

 

Comparison
After knowing the general structure, you can use ultraedit to further analyze the location of the above data in the document. go to the English website to find several standard dzd documents and compare them in ultraedit. some software provides the file comparison function, but I still only use ultraedit for visual observation. we can find that all the control data is used before English characters. There are more than a dozen differences, which correspond to the variables mentioned above. most of the data is numerical (if you are not sure, you can use a calculator to convert the hexadecimal format to the decimal format). You can guess and verify the data based on the document size, the number of title characters, and other information. this speculation is the most important step in reverse engineering. when the meaning of all the bytes is clear, you can write a program that generates the dzd document.

Since the Java source code of the Operation dzd document has been given, the guess here is very simple. however, if the disassembly code is given, you need to be familiar with the compilation code generated by the compiler, because the abstract capabilities of the anti-assembler are extremely limited. imagine yourself as a developer and how to solve this problem. in this process of speculation, there may be several bytes of meaning that you may have been thinking for a few days and cannot solve it, but you may flash in the light, which is probably the charm of reverse. in a sense, reverse engineering has a subtle relationship with natural science research. isn't it a reversal for scientists to study the material world and then transform the world?

 

:

 

Attached dzd document structure: