I am going to make a tutorial for using quickbms for extracting archives that are no extractors for.
I am going to start off easy then add more and more difficult archives so you can learn and write your own scripts.
the tools you need are just 4 things.
1. A HEX editor I use HxD
2.Quick BMS
http://aluigi.org/papers/quickbms.zip3. a text editor like wordpad
4. a calculator that supports hex like the one built into windows.
We will start with a game called FEZ (Fantasy Earth Zero)
this is a great archive format for someone to learn bms scripting from.
I attached a sample.
website
http://tw.fez.gamania.com/installer
http://tw.dl.gamania.com/fez/FEZ_1103.exethis game uses textures with wrong headers mainly dds and some tga and some kind of .mdl format.
ok so you can download the full installer or this sample pac file here
http://www.MegaShare.com/1029061ok so open the file up in your hex editor so you see what I have open here
so if you look to the right you will notice some readable text
Etc\aura.tex , Etc\cursor.tex , Etc\mahoujin.tex , Etc\env2.tex , and Etc\kaze.tex .
so just looking with out eyes we now know that there are at least 5 files in this bin file and after we extract them they will be placed in a folder called Etc.
so lets start looking at the other parts of the header in this file we will start with the first 4 bytes
well we have 05 00 00 00
whenever you are working with archives for computer games 99% of the time you read the values in reverse so the above number
would not be 5,000,000 but instead would be read as 00 00 00 05 or 5
Well if we remember from earlier we saw 5 file names and our first 4 bytes of our file are equal to 5 so there is a good chance we just discovered where the file count is stored in this archive.
data is stored in groups of 4 bytes " a long" 2 bytes " a short" or 1 byte "a byte" so we have our first part of our script
get FILES long
this tells quickbms to read a long value "aka 4 bytes" and store it as the variable FILES.
ok the next 4 bytes 74 00 00 00 are not needed in order for quickbms to extract our files but it represents the total size of our header.
so I will write the next line of code for quickbms
get HEADERSZ long
this stores the header size in the variable HEADERSZ
ok now we have 2 more bytes before the file name
so that is 0C 00 well 2 bytes is know as a short. but what does 00 0C stand for?
if we highlight the whole name of the file in out hex editor it shows us a length of C
.gif "Smile")
we found the name length so we would write that as
get NSIZE short
this stores the 2 bytes in the variable NSIZE representing the length of the name
well next comes the name so to store that as a word in bms language we will write the next line
getdstring NAME NSIZE
this is saying store a string "aka a word" in the variable NAME and its length is equal to the variable NSIZE.
ok now we have another 4 bytes after the name 7C 00 00 00
well we already know the name of the file so now to extract the file we need to know its size and location in the archive.
7C is not a very big number for the size of the file to lets see what happens if we go to offset 7C
in HxD press ctrl +E and type in 7c for the start and end then click ok.
you should look like this after clicking ok
hmm this looks good it looks like a file header IMG0 so we will write out line saying that is the start of the file
get OFFSET long
this stores the 4 bytes as the variable OFFSET
ok the next 4 bytes are 70 10 00 00 well that looks bigger so lets see if that is the size of out file so it will translate into 00 00 10 70 or 1070
so lets go to our offset 7C and then we will add in the length column 1070
wow look at that I see TRUEVISION-XFILE that is a classic tga ending and we also end just before IMG0 which was the start of our first file
so that means we found our size
we write that as
get SIZE long
this stores the 4 bytes in the variable SIZE
ok now we have 2 bytes then the next file name hmm that seems familiar
lets see 0E 00so that means it translates into 00 0E or E
well the last 2 bytes we had before a name was the name size lets see if it still holds true
it does the name length is E
so that means we found where the pattern in the header repeats and we identified all that we need to extract the files so now we can finish our script and our extractor.
whenever the pattern starts you want to begin a loop so it will keep cycling through it until there are no files left. the easiest way to write that is.
for i = 0 < FILES
this means run the following commands until i = 0 and set i = FILES
so we will put that before our NSIZE variable because that is where the pattern starts.
next you want it to write out the file and we do that with the log command in the following format
log NAME OFFSET SIZE
this says write the file name and fill it with the data starting at the variable OFFSET and a length of SIZE.
now this is great but we want it to keep repeating the loop till there are no more files so we must add
next i
at the end so the loop continues.
ok so now save the file we created as extract.bms
and put Etc.pac extract.bms and quickbms.exe all in the same folder for wthis demo we will say c:\temp
so now at the command prompt change to that directory and type
quickbms.exe -l extract.bms Etc.pac .
this will list the the file contents and size or give you an error if your script is not correct.
Yay it worked
now lets try extracting them create a folder in c:\temp called extracted
now type the command
quickbms.exe extract.bms Etc.pac extracted
yes it worked now they are in the filder and extracted.
Code:
get FILES long
get HEADERSZ long
for i = 0 < FILES
get NSIZE short
getdstring NAME NSIZE
get OFFSET long
get SIZE long
log NAME OFFSET SIZE
next i
Let me know what you think of this tutorial and if you want me to continue on with more examples and more compex scripts.
Login
Register
FAQ
Search
