发布些上古世纪游戏数据与CALL
数据所在模块:x2game获取物品对象CALL:
mov ecx,3A30C678 //背包基址
ADD ECX,0x10
PUSH 1 // 背包位置 从0开始
CALL 3955C3E0 //获取背包物品对象CALL
mov [保存物品对象],eax
[保存物品对象]==物品对象
-------------------------------------------
db 3A30C678+19 背包最大数量 字节型
db 3A30C678+19+1 背包当前数量 字节型
dd 3A30C678+0*0C0+10 背包对象
背包对象+8==物品ID
背包对象+0C==2装备100消耗品0道具
背包对象+10==物品数量
背包对象+1D==当前耐久度 (1字节型)
=======背包基址 ======================================有效
3948DB40/$55 PUSH EBP
3948DB41|.8BEC MOV EBP,ESP
3948DB43|.8B45 08 MOV EAX,DWORD PTR SS: ;8B 45 08 8B C8 83 EC 08 C1 E9 08 56 80 F9 04
3948DB46|.8BC8 MOV ECX,EAX
3948DB48|.83EC 08 SUB ESP,0x8
3948DB4B|.C1E9 08 SHR ECX,0x8
3948DB4E|.56 PUSH ESI
3948DB4F|.80F9 04 CMP CL,0x4
3948DB52|.75 19 JNZ SHORT x2game.3948DB6D
3948DB54|.C1E8 18 SHR EAX,0x18
3948DB57|.8845 FC MOV BYTE PTR SS:,AL
3948DB5A|.E8 A11DFFFF CALL x2game.3947F900
3948DB5F|.8B55 FC MOV EDX,DWORD PTR SS:
3948DB62|.52 PUSH EDX
3948DB63|.8D48 10 LEA ECX,DWORD PTR DS:
3948DB66|.E8 C5D51700 CALL x2game.3960B130
3948DB6B|.EB 0B JMP SHORT x2game.3948DB78
3948DB6D|>50 PUSH EAX
3948DB6E|.B9 78C6303A MOV ECX,x2game.3A30C678 ;基址
3948DB73|.E8 B89B1500 CALL x2game.395E7730
3948DB78|>8BF0 MOV ESI,EAX
3948DB7A|.85F6 TEST ESI,ESI
3948DB7C|.75 07 JNZ SHORT x2game.3948DB85
3948DB7E|.32C0 XOR AL,AL
3948DB80|.5E POP ESI
3948DB81|.8BE5 MOV ESP,EBP
3948DB83|.5D POP EBP
3948DB84|.C3 RETN
3948DB85|>8B46 08 MOV EAX,DWORD PTR DS:
3948DB88|.57 PUSH EDI
3948DB89|.50 PUSH EAX
3948DB8A|.E8 C1250E00 CALL x2game.39570150
3948DB8F|.8BF8 MOV EDI,EAX
3948DB91|.83C4 04 ADD ESP,0x4
3948DB94|.85FF TEST EDI,EDI
3948DB96|.0F84 8E000000 JE x2game.3948DC2A
3948DB9C|.837F 48 08 CMP DWORD PTR DS:,0x8
3948DBA0|.75 6A JNZ SHORT x2game.3948DC0C
3948DBA2|.8B0D B4A6313A MOV ECX,DWORD PTR DS:
3948DBA8|.8B49 14 MOV ECX,DWORD PTR DS:
3948DBAB|.8B11 MOV EDX,DWORD PTR DS:
3948DBAD|.8B42 6C MOV EAX,DWORD PTR DS:
3948DBB0|.FFD0 CALL EAX
3948DBB2|.8B4E 22 MOV ECX,DWORD PTR DS:
3948DBB5|.51 PUSH ECX
3948DBB6|.8B4E 1E MOV ECX,DWORD PTR DS:
3948DBB9|.51 PUSH ECX
3948DBBA|.52 PUSH EDX
3948DBBB|.50 PUSH EAX
3948DBBC|.FF15 A84B6E39 CALL DWORD PTR DS:[<&xlcommon.?XlDiffTim>;xlcommon.?XlDiffTime@@YAN_K0@Z
3948DBC2|.DD05 580E7339 FLD QWORD PTR DS:
3948DBC8|.83C4 10 ADD ESP,0x10
3948DBCB|.DBF1 FCOMI ST(0),ST(1)
3948DBCD|.72 39 JB SHORT x2game.3948DC08
3948DBCF|.D97D 0A FSTCW WORD PTR SS:
3948DBD2|.0FB745 0A MOVZX EAX,WORD PTR SS:
3948DBD6|.8B4D 10 MOV ECX,DWORD PTR SS:
3948DBD9|.DEE1 FSUBRP ST(1),ST(0)
3948DBDB|.0D 000C0000 OR EAX,0xC00
3948DBE0|.8945 FC MOV DWORD PTR SS:,EAX
3948DBE3|.8B45 0C MOV EAX,DWORD PTR SS:
3948DBE6|.5F POP EDI
3948DBE7|.D96D FC FLDCW WORD PTR SS:
3948DBEA|.5E POP ESI
3948DBEB|.DF7D F8 FISTP QWORD PTR SS:
3948DBEE|.8B55 F8 MOV EDX,DWORD PTR SS:
3948DBF1|.D96D 0A FLDCW WORD PTR SS:
3948DBF4|.69D2 E8030000 IMUL EDX,EDX,0x3E8
3948DBFA|.8910 MOV DWORD PTR DS:,EDX
3948DBFC|.C701 C0270900 MOV DWORD PTR DS:,0x927C0
3948DC02|.B0 01 MOV AL,0x1
3948DC04|.8BE5 MOV ESP,EBP
3948DC06|.5D POP EBP
3948DC07|.C3 RETN
3948DC08|>DDD9 FSTP ST(1)
3948DC0A|.DDD8 FSTP ST(0)
3948DC0C|>837F 48 09 CMP DWORD PTR DS:,0x9
3948DC10|.75 18 JNZ SHORT x2game.3948DC2A
3948DC12|.8B55 10 MOV EDX,DWORD PTR SS:
3948DC15|.8B45 0C MOV EAX,DWORD PTR SS:
3948DC18|.52 PUSH EDX
3948DC19|.50 PUSH EAX
3948DC1A|.E8 A112EEFF CALL x2game.3936EEC0
3948DC1F|.83C4 08 ADD ESP,0x8
3948DC22|.5F POP EDI
3948DC23|.B0 01 MOV AL,0x1
3948DC25|.5E POP ESI
3948DC26|.8BE5 MOV ESP,EBP
3948DC28|.5D POP EBP
3948DC29|.C3 RETN
3948DC2A|>8B76 08 MOV ESI,DWORD PTR DS:
3948DC2D|.56 PUSH ESI
3948DC2E|.E8 1D250E00 CALL x2game.39570150
3948DC33|.83C4 04 ADD ESP,0x4
3948DC36|.85C0 TEST EAX,EAX
3948DC38|.75 08 JNZ SHORT x2game.3948DC42
3948DC3A|.5F POP EDI
3948DC3B|.32C0 XOR AL,AL
3948DC3D|.5E POP ESI
3948DC3E|.8BE5 MOV ESP,EBP
3948DC40|.5D POP EBP
3948DC41|.C3 RETN
3948DC42|>8B4D 10 MOV ECX,DWORD PTR SS:
3948DC45|.8B55 0C MOV EDX,DWORD PTR SS:
3948DC48|.8B80 A0000000 MOV EAX,DWORD PTR DS:
3948DC4E|.51 PUSH ECX
3948DC4F|.52 PUSH EDX
3948DC50|.50 PUSH EAX
3948DC51|.E8 0ABCECFF CALL x2game.39359860
3948DC56|.83C4 0C ADD ESP,0xC
3948DC59|.5F POP EDI
3948DC5A|.5E POP ESI
3948DC5B|.8BE5 MOV ESP,EBP
3948DC5D|.5D POP EBP
3948DC5E\.C3 RETN
===== 获取背包物品对象CALL=========================================
8B C6 C1 E8 18 3A 41 09
3955C4E0/$55 PUSH EBP
3955C4E1|.8BEC MOV EBP,ESP
3955C4E3|.56 PUSH ESI
3955C4E4|.8B75 08 MOV ESI,DWORD PTR SS:
3955C4E7|.8BD6 MOV EDX,ESI
3955C4E9|.C1EA 08 SHR EDX,0x8
3955C4EC|.3A15 B517343A CMP DL,BYTE PTR DS:
3955C4F2|.75 1A JNZ SHORT x2game.3955C50E
3955C4F4|.8BC6 MOV EAX,ESI
3955C4F6|.C1E8 10 SHR EAX,0x10
3955C4F9|.3A05 B617343A CMP AL,BYTE PTR DS:
3955C4FF|.75 0D JNZ SHORT x2game.3955C50E
3955C501|.8BC6 MOV EAX,ESI
3955C503|.C1E8 18 SHR EAX,0x18
3955C506|.3A05 B717343A CMP AL,BYTE PTR DS:
3955C50C|.74 1A JE SHORT x2game.3955C528
3955C50E|>3A51 08 CMP DL,BYTE PTR DS:
3955C511|.75 15 JNZ SHORT x2game.3955C528
3955C513|.8BC6 MOV EAX,ESI ;8B C6 C1 E8 18 3A 41 09
3955C515|.C1E8 18 SHR EAX,0x18
3955C518|.3A41 09 CMP AL,BYTE PTR DS: ;背包最大数量 字节型
3955C51B|.73 0B JNB SHORT x2game.3955C528
3955C51D|.50 PUSH EAX ;背包位置索引
3955C51E|.E8 BDFEFFFF CALL x2game.3955C3E0 ;获取背包对象CALL ,背包数组在此CALL内部
3955C523|.5E POP ESI
3955C524|.5D POP EBP
3955C525|.C2 0400 RETN 0x4
3955C528|>33C0 XOR EAX,EAX
3955C52A|.5E POP ESI
3955C52B|.5D POP EBP
3955C52C\.C2 0400 RETN 0x4
dd [+0x4] 周围对象遍历根
dd [+0x4]+15 标志
根]+0C //ID
根]+10]+8//ID
根]+10]+0C //名字
根]+10]+3da8]+10]+41C当前血
根]+10]+3da8]+10]+420当前蓝
+410== 怪,NPC,玩家 类型偏移
dd [[[[[[根+10]+3Da8]+200]+4]+1f8]+2C]+0C //周围怪物坐标,,此地址只能读出怪的坐标。
dd [[[[[[[[根+10]+3Da8]+200]+4]+1f8]+2C]+4]+0C]+90 //这个可以读出怪和NPC坐标,但读不出建筑的坐标。
//====周围对象遍历基址,树,===============================================
39327580/$55 PUSH EBP
39327581|.8BEC MOV EBP,ESP
39327583|.8B0D A871EC39 MOV ECX,DWORD PTR DS:
39327589|.83EC 08 SUB ESP,0x8
3932758C|.53 PUSH EBX
3932758D|.8D41 FF LEA EAX,DWORD PTR DS:
39327590|.8D99 00FCFFFF LEA EBX,DWORD PTR DS:
39327596|.56 PUSH ESI
39327597|.57 PUSH EDI
39327598|.3BC3 CMP EAX,EBX
3932759A|.72 48 JB SHORT x2game.393275E4
3932759C|.8B35 0871EC39 MOV ESI,DWORD PTR DS:
393275A2|.8B7E 04 MOV EDI,DWORD PTR DS:
393275A5|>8BCF /MOV ECX,EDI
393275A7|.8079 15 00 |CMP BYTE PTR DS:,0x0
393275AB|.8BD6 |MOV EDX,ESI
393275AD|.75 15 |JNZ SHORT x2game.393275C4
393275AF|.90 |NOP
393275B0|>3941 0C |/CMP DWORD PTR DS:,EAX
393275B3|.73 05 ||JNB SHORT x2game.393275BA
393275B5|.8B49 08 ||MOV ECX,DWORD PTR DS:
393275B8|.EB 04 ||JMP SHORT x2game.393275BE
393275BA|>8BD1 ||MOV EDX,ECX
393275BC|.8B09 ||MOV ECX,DWORD PTR DS:
393275BE|>8079 15 00 ||CMP BYTE PTR DS:,0x0
393275C2|.^ 74 EC |\JE SHORT x2game.393275B0
393275C4|>8955 FC |MOV DWORD PTR SS:,EDX
393275C7|.3BD6 |CMP EDX,ESI
393275C9|.74 0A |JE SHORT x2game.393275D5
393275CB|.3B42 0C |CMP EAX,DWORD PTR DS:
393275CE|.72 05 |JB SHORT x2game.393275D5
393275D0|.8D4D FC |LEA ECX,DWORD PTR SS:
393275D3|.EB 06 |JMP SHORT x2game.393275DB
393275D5|>8975 F8 |MOV DWORD PTR SS:,ESI
393275D8|.8D4D F8 |LEA ECX,DWORD PTR SS:
393275DB|>3931 |CMP DWORD PTR DS:,ESI
393275DD|.74 0A |JE SHORT x2game.393275E9
393275DF|.48 |DEC EAX
393275E0|.3BC3 |CMP EAX,EBX
393275E2|.^ 73 C1 \JNB SHORT x2game.393275A5
393275E4|>A1 D470EC39 MOV EAX,DWORD PTR DS:
393275E9|>5F POP EDI
393275EA|.5E POP ESI
393275EB|.5B POP EBX
393275EC|.8BE5 MOV ESP,EBP
393275EE|.5D POP EBP
393275EF\.C3 RETN
393275F0/$55 PUSH EBP
393275F1|.8BEC MOV EBP,ESP
393275F3|.51 PUSH ECX
393275F4|.8B45 08 MOV EAX,DWORD PTR SS:
393275F7|.3B05 D470EC39 CMP EAX,DWORD PTR DS:
393275FD|.74 24 JE SHORT x2game.39327623
393275FF|.8D4D 08 LEA ECX,DWORD PTR SS: ;搜一次:8D 4D 08 51 8D 55 FC 52 B9 ???????? E8 ???????? 8B 45 FC
39327602|.51 PUSH ECX
39327603|.8D55 FC LEA EDX,DWORD PTR SS:
39327606|.52 PUSH EDX
39327607|.B9 0471EC39 MOV ECX,x2game.39EC7104 ;周围遍历基址
3932760C|.E8 0FC40000 CALL x2game.39333A20 ;CALL内是周围遍历树
39327611|.8B45 FC MOV EAX,DWORD PTR SS:
39327614|.3B05 0871EC39 CMP EAX,DWORD PTR DS:
3932761A|.74 07 JE SHORT x2game.39327623
3932761C|.8B40 10 MOV EAX,DWORD PTR DS:
3932761F|.8BE5 MOV ESP,EBP
39327621|.5D POP EBP
39327622|.C3 RETN
39327623|>33C0 XOR EAX,EAX
39327625|.8BE5 MOV ESP,EBP
39327627|.5D POP EBP
39327628\.C3 RETN
//============================================================================
取出仓库物品到背包CALL (系统自动选择背包位置)
push 03000300 //03是物品在背包的位置 200是取出标志
CALL 39038C80
add esp,4
存仓库CALL (系统自动选择物品在仓库中的位置)
push 03000200 //03是物品在背包的位置 200是存入标志
CALL 39038C20
add esp,4
远程存取仓库CALL
push 01000300
push 01000200
call 39491d20
add esp,8
======= 存物品到仓库CALL 好用 =====================
39403210/.55 PUSH EBP
39403211|.8BEC MOV EBP,ESP
39403213|.51 PUSH ECX
39403214|.8A4D 0C MOV CL,BYTE PTR SS: ;搜索第一次:8A 4D 0C 32 C0 FE C9 88 4D FF 88 45 FC 66 C7 45 FD 02 00 8B 55 FC 52
39403217|.32C0 XOR AL,AL
39403219|.FEC9 DEC CL
3940321B|.884D FF MOV BYTE PTR SS:,CL
3940321E|.8845 FC MOV BYTE PTR SS:,AL
39403221|.66:C745 FD 0200 MOV WORD PTR SS:,0x2
39403227|.8B55 FC MOV EDX,DWORD PTR SS:
3940322A|.52 PUSH EDX ;EDX=01000200参数的前面01代表背包的位置
3940322B|.E8 F059C3FF CALL x2game.39038C20 ;存仓库CALL
39403230|.8B4D 08 MOV ECX,DWORD PTR SS: ;成功返回1
39403233|.8B01 MOV EAX,DWORD PTR DS:
39403235|.8B50 2C MOV EDX,DWORD PTR DS:
39403238|.83C4 04 ADD ESP,0x4
3940323B|.FFD2 CALL EDX
3940323D|.8BE5 MOV ESP,EBP
3940323F|.5D POP EBP
39403240\.C2 0800 RETN 0x8
========取出仓库物品到背包CALL================
394086E0/.55 PUSH EBP
394086E1|.8BEC MOV EBP,ESP
394086E3|.51 PUSH ECX ;51 8A 4D 0C 32 C0 FE C9 88 4D FF 88 45 FC 66 C7 45 FD 03 00 8B 55 FC 52
394086E4|.8A4D 0C MOV CL,BYTE PTR SS:
394086E7|.32C0 XOR AL,AL
394086E9|.FEC9 DEC CL
394086EB|.884D FF MOV BYTE PTR SS:,CL
394086EE|.8845 FC MOV BYTE PTR SS:,AL
394086F1|.66:C745 FD 0300 MOV WORD PTR SS:,0x3
394086F7|.8B55 FC MOV EDX,DWORD PTR SS:
394086FA|.52 PUSH EDX ;EDX=01000300 01是物品在仓库的位置300是取出标志
394086FB|.E8 8005C3FF CALL x2game.39038C80 ;取出仓库物品到背包CALL
39408700|.8B4D 08 MOV ECX,DWORD PTR SS: ;成功返回1
39408703|.8B01 MOV EAX,DWORD PTR DS:
39408705|.8B50 2C MOV EDX,DWORD PTR DS:
39408708|.83C4 04 ADD ESP,0x4
3940870B|.FFD2 CALL EDX
3940870D|.8BE5 MOV ESP,EBP
3940870F|.5D POP EBP
39408710\.C2 0800 RETN 0x8
========远程存取仓库CALL ==========================
39493C80/$55 PUSH EBP
39493C81|.8BEC MOV EBP,ESP
39493C83|.8B45 08 MOV EAX,DWORD PTR SS:
39493C86|.8BC8 MOV ECX,EAX ;搜索三次:8B C8 C1 E9 08 80 F9 04 8B 4D 0C ???? 8B D1 C1 EA 08 80 FA 04
39493C88|.C1E9 08 SHR ECX,0x8
39493C8B|.80F9 04 CMP CL,0x4
39493C8E|.8B4D 0C MOV ECX,DWORD PTR SS:
39493C91|.74 16 JE SHORT x2game.39493CA9
39493C93|.8BD1 MOV EDX,ECX
39493C95|.C1EA 08 SHR EDX,0x8
39493C98|.80FA 04 CMP DL,0x4
39493C9B|.74 0C JE SHORT x2game.39493CA9
39493C9D|.51 PUSH ECX ;ECX=01000300存仓是300 取出是200前面的1是仓库或背包的位置
39493C9E|.50 PUSH EAX ;EAX=01000200存仓是200 取出是300前面的1是仓库或背包的位置
39493C9F|.E8 7CE0FFFF CALL x2game.39491D20 ;++++++++++++++++
39493CA4|.83C4 08 ADD ESP,0x8 ;远程存取仓库CALL
39493CA7|.5D POP EBP
39493CA8|.C3 RETN
39493CA9|>51 PUSH ECX
39493CAA|.50 PUSH EAX
39493CAB|.E8 5098FFFF CALL x2game.3948D500
39493CB0|.83C4 08 ADD ESP,0x8
39493CB3|.5D POP EBP
39493CB4\.C3 RETN
页:
[1]