某音频文件经过优化编码,发现解码以后是通过Wav Out API播放的.不具体研究他是如何解密的,直接Hook Wav 播放的API得到原始数据:
#include <mmsystem.h>
#pragma comment( lib, "winmm.lib" )
数据头的格式:
extern "C" __declspec(dllexport) MMRESULT WINAPI MyWaveOutOpen( LPHWAVEOUT phwo, UINT uDeviceID, LPCWAVEFORMATEX pwfx, DWORD_PTR dwCallback, DWORD_PTR dwInstance, DWORD fdwOpen)
{
FILE *fp = fopen("test.dump.log","a+");
if(fp)
{
fprintf(fp,"waveOutOpen\n");
fprintf(fp,"pwfx->cbSize:%d\n",pwfx->cbSize);
fprintf(fp,"pwfx->nAvgBytesPerSec:%d\n",pwfx->nAvgBytesPerSec);
fprintf(fp,"pwfx->nBlockAlign:%d\n",pwfx->nBlockAlign);
fprintf(fp,"pwfx->nChannels:%d\n",pwfx->nChannels);
fprintf(fp,"pwfx->nSamplesPerSec:%d\n",pwfx->nSamplesPerSec);
fprintf(fp,"pwfx->wBitsPerSample:%d\n",pwfx->wBitsPerSample);
fprintf(fp,"pwfx->wFormatTag:%d\n",pwfx->wFormatTag);
fclose(fp);
}
return waveOutOpen(phwo,uDeviceID,pwfx,dwCallback,dwInstance,fdwOpen);
}
原始数据:
extern "C" __declspec(dllexport) MMRESULT MyWaveOutWrite(HWAVEOUT hwo, LPWAVEHDR pwh, UINT cbwh )
{
FILE *fp = fopen("test.dump.log","a+");
if(fp)
{
fprintf(fp,"BufferLength:%d,Flags:%d-- cbwh:%d \n",pwh->dwBufferLength,pwh->dwFlags, cbwh);
fclose(fp);
}
FILE *fpEx;
fpEx = fopen("test.dump","ab+");
if(fpEx)
{
fseek(fpEx,0,SEEK_END);
fwrite(pwh->lpData,1,pwh->dwBufferLength,fpEx);
fclose(fpEx);
}
//return MMSYSERR_NOERROR; //
return waveOutWrite(hwo,pwh,cbwh);
}