看流星社区

 找回密码
 注册账号
查看: 2644|回复: 1

天龙八部3 获得角色当前右键选中对象分析

[复制链接]

该用户从未签到

发表于 2013-7-29 21:51:38 | 显示全部楼层 |阅读模式
0041B190 /. 55 PUSH EBP
0041B191 |. 8BEC MOV EBP,ESP
0041B193 |. 8B91 84000000 MOV EDX,DWORD PTR DS:[ECX+84]
0041B199 |. 8B01 MOV EAX,DWORD PTR DS:[ECX]
0041B19B |. 52 PUSH EDX
0041B19C |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0041B19F |. 6A FF PUSH -1
0041B1A1 |. 52 PUSH EDX
0041B1A2 |. C681 A0000000>MOV BYTE PTR DS:[ECX+A0],1
0041B1A9 |. FF50 38 CALL DWORD PTR DS:[EAX+38]
0041B1AC |. 5D POP EBP
0041B1AD \. C2 0400 RETN 4
0041B1B0 . A1 88152901 MOV EAX,DWORD PTR DS:[1291588] ; 当前选中对象基址
0041B1B5 . 85C0 TEST EAX,EAX
0041B1B7 . 74 1D JE SHORT Game.0041B1D6
0041B1B9 . 56 PUSH ESI
0041B1BA . 8B30 MOV ESI,DWORD PTR DS:[EAX]
0041B1BC . 6A 00 PUSH 0
0041B1BE . 81C1 BC000000 ADD ECX,0BC ; [923A78]+00bc 角色自身字符串ID偏移
0041B1C4 . FF15 EC537E00 CALL DWORD PTR DS:[7E53EC] ; ator@D@2@@std@@QBEPBDXZ
0041B1CA . 8B0D 88152901 MOV ECX,DWORD PTR DS:[1291588]
0041B1D0 . 50 PUSH EAX ; eax=[923A78]+00bc+4 = 字符串
0041B1D1 . FF56 58 CALL DWORD PTR DS:[ESI+58] ; 获得中对象首地址
0041B1D4 . 5E POP ESI
0041B1D5 . C3 RETN
0041B1D6 > 33C0 XOR EAX,EAX
0041B1D8 . C3 RETN






//0041B1D1 . FF56 58 CALL DWORD PTR DS:[ESI+58] ; 获得中对象首地址
00695010 /. 55 PUSH EBP ; 获得当前选中对象首地址
00695011 |. 8BEC MOV EBP,ESP
00695013 |. 6A FF PUSH -1
00695015 |. 68 19A57C00 PUSH Game.007CA519 ; SE 处理程序安装
0069501A |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
00695020 |. 50 PUSH EAX
00695021 |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
00695028 |. 83EC 1C SUB ESP,1C
0069502B |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; [923A78]+00bc+4 = 字符串
0069502E |. 56 PUSH ESI
0069502F |. 8BF1 MOV ESI,ECX ; ecx=[1291588]=当前选中对象基址
00695031 |. 50 PUSH EAX
00695032 |. 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
00695035 |. FF15 30547E00 CALL DWORD PTR DS:[7E5430]
0069503B |. 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
0069503E |. 51 PUSH ECX ; [ebp-28]+4 = 角色字符串ID
0069503F |. 8D55 08 LEA EDX,DWORD PTR SS:[EBP+8]
00695042 |. 52 PUSH EDX ; [923A78]+00bc+4 = 角色字符串ID
00695043 |. 8D4E 34 LEA ECX,DWORD PTR DS:[ESI+34]
00695046 |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0069504D |. E8 FEF8FFFF CALL Game.00694950 ; 获得当前选中对象首地址字符串 写入 [ebp+8]
00695052 |. 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
00695055 |. C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0069505C |. FF15 3C547E00 CALL DWORD PTR DS:[7E543C]
00695062 |. 8B46 3C MOV EAX,DWORD PTR DS:[ESI+3C]
00695065 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00695068 |. 3BC8 CMP ECX,EAX
0069506A |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
0069506D |. 5E POP ESI
0069506E |. 75 1C JNZ SHORT Game.0069508C
00695070 |. 85C0 TEST EAX,EAX
00695072 |. 74 06 JE SHORT Game.0069507A
00695074 |. C700 00000000 MOV DWORD PTR DS:[EAX],0
0069507A |> 33C0 XOR EAX,EAX
0069507C |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0069507F |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
00695086 |. 8BE5 MOV ESP,EBP
00695088 |. 5D POP EBP
00695089 |. C2 0800 RETN 8
0069508C |> 85C0 TEST EAX,EAX
0069508E |. 74 06 JE SHORT Game.00695096
00695090 |. C700 01000000 MOV DWORD PTR DS:[EAX],1
00695096 |> 83C1 24 ADD ECX,24 ; [ebp+8]+24
00695099 |. FF15 EC537E00 CALL DWORD PTR DS:[7E53EC] ; 提取首地址字符串
0069509F |. 50 PUSH EAX ; /push 当前选中对象首地址 10进制字符串
006950A0 |. FF15 34577E00 CALL DWORD PTR DS:[7E5734] ; \字符串转换为 int 型
006950A6 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
006950A9 |. 83C4 04 ADD ESP,4
006950AC |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
006950B3 |. 8BE5 MOV ESP,EBP
006950B5 |. 5D POP EBP
006950B6 \. C2 0800 RETN 8










//0069504D |. E8 FEF8FFFF CALL Game.00694950 ; 获得当前选中对象首地址字符串
00694950 /$ 55 PUSH EBP
00694951 |. 8BEC MOV EBP,ESP
00694953 |. 51 PUSH ECX
00694954 |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C] ; 角色字符串ID
00694957 |. 53 PUSH EBX
00694958 |. 56 PUSH ESI
00694959 |. 57 PUSH EDI
0069495A |. 50 PUSH EAX
0069495B |. 8BD9 MOV EBX,ECX ; ebx=[1291588]+34
0069495D |. E8 FE09D8FF CALL Game.00415360 ; 好像是加密
00694962 |. 8B4B 20 MOV ECX,DWORD PTR DS:[EBX+20] ; eax=DEADC096
00694965 |. 8BF9 MOV EDI,ECX ; ecx = [[1291588]+34+20] = 31
00694967 |. 23F8 AND EDI,EAX ; i = edi & eax //最大31
00694969 |. 8B43 24 MOV EAX,DWORD PTR DS:[EBX+24] ; ecx = [[1291588]+34+24] = 30
0069496C |. 83C4 04 ADD ESP,4
0069496F |. 3BC7 CMP EAX,EDI
00694971 |. 77 09 JA SHORT Game.0069497C ; t1 30大于或等于 edi 跳
00694973 |. D1E9 SHR ECX,1
00694975 |. 83CA FF OR EDX,FFFFFFFF
00694978 |. 2BD1 SUB EDX,ECX
0069497A |. 03FA ADD EDI,EDX
0069497C |> 8B43 14 MOV EAX,DWORD PTR DS:[EBX+14] ; 1 [[1291588]+34+14] 当前地图可选中对象首地址
0069497F |. 8B34B8 MOV ESI,DWORD PTR DS:[EAX+EDI*4] ; [[[1291588]+34+14]+i*4] 角色选中对象的字符串首地址
00694982 |. 8B4CB8 04 MOV ECX,DWORD PTR DS:[EAX+EDI*4+4]
00694986 |. 3BF1 CMP ESI,ECX
00694988 |. 8D04B8 LEA EAX,DWORD PTR DS:[EAX+EDI*4]
0069498B |. 8975 FC MOV DWORD PTR SS:[EBP-4],ESI ; [[[1291588]+34+14]+i*4]
0069498E |. 74 29 JE SHORT Game.006949B9
00694990 |> 8B4D 0C /MOV ECX,DWORD PTR SS:[EBP+C]
00694993 |. 51 |PUSH ECX
00694994 |. 8D56 08 |LEA EDX,DWORD PTR DS:[ESI+8]
00694997 |. 52 |PUSH EDX
00694998 |. FF15 70547E00 |CALL DWORD PTR DS:[7E5470] ; U?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
0069499E |. 83C4 08 |ADD ESP,8
006949A1 |. 84C0 |TEST AL,AL
006949A3 |. 74 25 |JE SHORT Game.006949CA ; t2
006949A5 |. 8B43 14 |MOV EAX,DWORD PTR DS:[EBX+14]
006949A8 |. 8B36 |MOV ESI,DWORD PTR DS:[ESI]
006949AA |. 8B4CB8 04 |MOV ECX,DWORD PTR DS:[EAX+EDI*4+4]
006949AE |. 3BF1 |CMP ESI,ECX
006949B0 |. 8D44B8 04 |LEA EAX,DWORD PTR DS:[EAX+EDI*4+4]
006949B4 |.^ 75 DA \JNZ SHORT Game.00694990
006949B6 |. 8975 FC MOV DWORD PTR SS:[EBP-4],ESI
006949B9 |> 8B53 08 MOV EDX,DWORD PTR DS:[EBX+8]
006949BC |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
006949BF |. 5F POP EDI
006949C0 |. 5E POP ESI
006949C1 |. 8910 MOV DWORD PTR DS:[EAX],EDX
006949C3 |. 5B POP EBX
006949C4 |. 8BE5 MOV ESP,EBP
006949C6 |. 5D POP EBP
006949C7 |. C2 0800 RETN 8
006949CA |> 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C] ; 2
006949CD |. 8975 FC MOV DWORD PTR SS:[EBP-4],ESI
006949D0 |. 83C6 08 ADD ESI,8
006949D3 |. 56 PUSH ESI
006949D4 |. 51 PUSH ECX
006949D5 |. FF15 70547E00 CALL DWORD PTR DS:[7E5470] ; raits@D@std@@V?$allocator@D@2@@0@0@Z
006949DB |. 83C4 08 ADD ESP,8
006949DE |. 84C0 TEST AL,AL
006949E0 |. 74 19 JE SHORT Game.006949FB ; t3
006949E2 |. 8B53 08 MOV EDX,DWORD PTR DS:[EBX+8]
006949E5 |. 8D45 0C LEA EAX,DWORD PTR SS:[EBP+C]
006949E8 |. 5F POP EDI
006949E9 |. 8955 0C MOV DWORD PTR SS:[EBP+C],EDX
006949EC |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
006949EE |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
006949F1 |. 5E POP ESI
006949F2 |. 8908 MOV DWORD PTR DS:[EAX],ECX
006949F4 |. 5B POP EBX
006949F5 |. 8BE5 MOV ESP,EBP
006949F7 |. 5D POP EBP
006949F8 |. C2 0800 RETN 8
006949FB |> 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4] ; 3
006949FE |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
00694A00 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00694A03 |. 5F POP EDI
00694A04 |. 5E POP ESI
00694A05 |. 8908 MOV DWORD PTR DS:[EAX],ECX ; 写入角色选中对象的字符串首地址
00694A07 |. 5B POP EBX
00694A08 |. 8BE5 MOV ESP,EBP
00694A0A |. 5D POP EBP
00694A0B \. C2 0800 RETN 8


//0069495D |. E8 FE09D8FF CALL Game.00415360 ; 好像是加密
00415360 |$ 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4]
00415364 |. 53 PUSH EBX
00415365 |. 55 PUSH EBP
00415366 |. BD EFBEADDE MOV EBP,DEADBEEF ; 常数 = DEADBEEF
0041536B |. FF15 A0537E00 CALL DWORD PTR DS:[7E53A0] ; 获得角色字符串ID 长度 = 8
00415371 |. 8BD8 MOV EBX,EAX
00415373 |. 85DB TEST EBX,EBX
00415375 |. 76 24 JBE SHORT Game.0041539B
00415377 |. 56 PUSH ESI
00415378 |. 57 PUSH EDI
00415379 |. 8BFB MOV EDI,EBX ; /char w_char
0041537B |. C1EF 04 SHR EDI,4 ; |字符串ID 长度/16
0041537E |. 47 INC EDI ; |edi++
0041537F |. 2BDF SUB EBX,EDI ; |ebx = 字符串ID长度-(字符串ID长度/16+1)
00415381 |. 33F6 XOR ESI,ESI ; \
00415383 |> 8B4C24 14 /MOV ECX,DWORD PTR SS:[ESP+14]
00415387 |. 56 |PUSH ESI ; 字符串序号 i
00415388 |. FF15 9C537E00 |CALL DWORD PTR DS:[7E539C] ; 获得字符串中第i个字符的ascii码值 获得角色字符串ID = "000047c9"
0041538E |. 0FBE00 |MOVSX EAX,BYTE PTR DS:[EAX] ; 将当前字符ascii码值 扩展至 eax
00415391 |. 03F7 |ADD ESI,EDI ; 计数 + edi
00415393 |. 03E8 |ADD EBP,EAX ; 常数 = 常数 + ascii码值
00415395 |. 3BF3 |CMP ESI,EBX ; 比较总长度
00415397 |.^ 76 EA \JBE SHORT Game.00415383 ; 小于等于 循环
00415399 |. 5F POP EDI
0041539A |. 5E POP ESI
0041539B |> 8BC5 MOV EAX,EBP
0041539D |. 5D POP EBP
0041539E |. 5B POP EBX
0041539F \. C3 RETN

该用户从未签到

发表于 2013-7-31 06:57:40 | 显示全部楼层
做沙发做沙发做沙发做沙发做沙发做沙发做沙发做沙发做沙发做沙发;P做沙发
点击按钮快速添加回复内容: 支持 高兴 激动 给力 加油 苦寻 生气 回帖 路过 感恩
您需要登录后才可以回帖 登录 | 注册账号

本版积分规则

小黑屋|手机版|Archiver|看流星社区 |网站地图

GMT+8, 2024-3-29 21:51

Powered by Kanliuxing X3.4

© 2010-2019 kanliuxing.com

快速回复 返回顶部 返回列表