A more close to our objective, but a need to view and dump this Image File Directory (IFD), in order to review those TAGs one by one in binary format. A later looks up will enable an oversee for the completeness of individual TAG and information contained.
How to dump this? use the HEX view editor, copy the range from 0x0001268 to the end of file, and then save to a new file call IFD.bin. Notice this IFD.bin is the exact image but a portion from the fax image itself, of course, the file size should be less.
Usually, the debug.exe should be good enough for dumping the binary content from the Windows XP. It is only purpose to record those data bytes into a readable format by any text editor other than HEX viewer. Some little trick has to be adopted if keystroke free is desired. Let's create a batch file for this process without interactively to deal with debug.exe, it will be convenient if the procedure has to be repeated or some other similar purposes.
-----copy the following, and then save as dump.bat-----
debug ifd.bin < %0 > out.txt
# Windows XP, 啟動 DEBUG 並載入ifd.bin, 劇本為 %0 (這個BAT檔), 輸出已重新導向至 OUT.TXT
#pause
goto around
# 上面所有行及最後一行, 非有效DEBUG指令, 所以 DEBUG 不執行而顯示錯誤
# 以下是DEBUG指令, DEBUG 會執行, 輸出已重新導向至 OUT.TXT
# 每行都要有空白, 等於DEBUG執行時按下 ENTER
d 100 21d
q
:around
-----copy the above, save as dump.bat-----
Ensure 2 files are in the same folder (dump.bat & IFD.bin), by clicking the dump.bat to invoke such process, couple seconds later, the file OUT.TXT will be displayed in the same folder. It is time to open what we have from the memory dumping now,
-----this below is the content of OUT.TXT-----
Invalid keyboard code specified
-debug ifd.bin < %0 > out.txt
^ Error
-# Windows XP, 啟動 DEBUG 並載入idf.bin, 劇本為 %0 (這個BAT檔), 輸出已重新導向至
^ Error
-
-#pause
^ Error
-goto around
^ Error
-# 上面所有行及最後一行, 非有效DEBUG指令, 所以 DEBUG 不執行而顯示錯誤
^ Error
-# 以下是DEBUG指令, DEBUG 會執行, 輸出已重新導向至 OUT.TXT
^ Error
-# 每行都要有空白, 等於DEBUG執行時按下 ENTER
^ Error
-
-d 100 21d
139A:0100 13 00 FE 00 04 00 01 00-00 00 02 00 00 00 00 01 ................
139A:0110 04 00 01 00 00 00 C0 06-00 00 01 01 04 00 01 00 ................
139A:0120 00 00 84 04 00 00 02 01-03 00 01 00 00 00 01 00 ................
139A:0130 00 00 03 01 03 00 01 00-00 00 04 00 00 00 06 01 ................
139A:0140 03 00 01 00 00 00 00 00-00 00 0A 01 03 00 01 00 ................
139A:0150 00 00 02 00 00 00 11 01-04 00 01 00 00 00 08 00 ................
139A:0160 00 00 15 01 03 00 01 00-00 00 01 00 00 00 16 01 ................
139A:0170 04 00 01 00 00 00 84 04-00 00 17 01 04 00 01 00 ................
139A:0180 00 00 20 16 00 00 1A 01-05 00 01 00 00 00 16 17 .. .............
139A:0190 00 00 1B 01 05 00 01 00-00 00 1E 17 00 00 24 01 ..............$.
139A:01A0 04 00 01 00 00 00 05 00-00 00 28 01 03 00 01 00 ..........(.....
139A:01B0 00 00 02 00 00 00 29 01-03 00 02 00 00 00 00 00 ......).........
139A:01C0 00 00 31 01 02 00 20 00-00 00 26 17 00 00 47 01 ..1... ...&...G.
139A:01D0 03 00 01 00 00 00 00 00-00 00 48 01 03 00 01 00 ..........H.....
139A:01E0 00 00 00 00 00 00 00 00-00 00 53 66 61 78 CC 00 ..........Sfax..
139A:01F0 00 00 01 00 00 00 62 00-00 00 01 00 00 00 57 69 ......b.......Wi
139A:0200 6E 64 6F 77 73 20 4E 54-20 46 61 78 20 53 65 72 ndows NT Fax Ser
139A:0210 76 65 72 00 20 20 20 20-20 20 20 20 20 00 ver. .
-
-q
-----this above is the content of OUT.TXT-----
clear some stuff and gain this more easy for view
139A:0100 13 00 FE 00 04 00 01 00-00 00 02 00 00 00 00 01 ................
139A:0110 04 00 01 00 00 00 C0 06-00 00 01 01 04 00 01 00 ................
139A:0120 00 00 84 04 00 00 02 01-03 00 01 00 00 00 01 00 ................
139A:0130 00 00 03 01 03 00 01 00-00 00 04 00 00 00 06 01 ................
139A:0140 03 00 01 00 00 00 00 00-00 00 0A 01 03 00 01 00 ................
139A:0150 00 00 02 00 00 00 11 01-04 00 01 00 00 00 08 00 ................
139A:0160 00 00 15 01 03 00 01 00-00 00 01 00 00 00 16 01 ................
139A:0170 04 00 01 00 00 00 84 04-00 00 17 01 04 00 01 00 ................
139A:0180 00 00 20 16 00 00 1A 01-05 00 01 00 00 00 16 17 .. .............
139A:0190 00 00 1B 01 05 00 01 00-00 00 1E 17 00 00 24 01 ..............$.
139A:01A0 04 00 01 00 00 00 05 00-00 00 28 01 03 00 01 00 ..........(.....
139A:01B0 00 00 02 00 00 00 29 01-03 00 02 00 00 00 00 00 ......).........
139A:01C0 00 00 31 01 02 00 20 00-00 00 26 17 00 00 47 01 ..1... ...&...G.
139A:01D0 03 00 01 00 00 00 00 00-00 00 48 01 03 00 01 00 ..........H.....
139A:01E0 00 00 00 00 00 00 00 00-00 00 53 66 61 78 CC 00 ..........Sfax..
139A:01F0 00 00 01 00 00 00 62 00-00 00 01 00 00 00 57 69 ......b.......Wi
139A:0200 6E 64 6F 77 73 20 4E 54-20 46 61 78 20 53 65 72 ndows NT Fax Ser
139A:0210 76 65 72 00 20 20 20 20-20 20 20 20 20 00 ver. .
ha,,, not a bad deal, still remember the 0x13, 0x00 and "Windows NT Fax Server" ? of course, we are in the position, the dump for IFD.bin is done perfectly. Not to mention some memory location of 139A:xxxx from the left of dump, it can be neglect at the moment.
The next, build the IFD structure from this dump for total 0x13 or 19 TAGs. use the HEX editor, press ALT+C, then point and select those BYTE data only, copy and past for a new text file as below,
13 00 FE 00 04 00 01 00-00 00 02 00 00 00 00 01
04 00 01 00 00 00 C0 06-00 00 01 01 04 00 01 00
00 00 84 04 00 00 02 01-03 00 01 00 00 00 01 00
00 00 03 01 03 00 01 00-00 00 04 00 00 00 06 01
03 00 01 00 00 00 00 00-00 00 0A 01 03 00 01 00
00 00 02 00 00 00 11 01-04 00 01 00 00 00 08 00
00 00 15 01 03 00 01 00-00 00 01 00 00 00 16 01
04 00 01 00 00 00 84 04-00 00 17 01 04 00 01 00
00 00 20 16 00 00 1A 01-05 00 01 00 00 00 16 17
00 00 1B 01 05 00 01 00-00 00 1E 17 00 00 24 01
04 00 01 00 00 00 05 00-00 00 28 01 03 00 01 00
00 00 02 00 00 00 29 01-03 00 02 00 00 00 00 00
00 00 31 01 02 00 20 00-00 00 26 17 00 00 47 01
03 00 01 00 00 00 00 00-00 00 48 01 03 00 01 00
00 00 00 00 00 00 00 00-00 00 53 66 61 78 CC 00
00 00 01 00 00 00 62 00-00 00 01 00 00 00 57 69
6E 64 6F 77 73 20 4E 54-20 46 61 78 20 53 65 72
76 65 72 00 20 20 20 20-20 20 20 20 20 00
See, very clean and ready to group those bytes one by one, in order to see specific TAGs structures.
沒有留言:
張貼留言