诛仙2最新寻路call
诛仙2最新寻路call00d0ee8c 访问地址
00d21430 鼠标点击地址 以这个来寻路的
00445BDD 8B13 mov edx, dword ptr
00445BDF 8957 2C mov dword ptr , edx ; 目的地X坐标
00445BE2 8B43 04 mov eax, dword ptr
00445BE5 8B55 10 mov edx, dword ptr
00445BE8 8947 30 mov dword ptr , eax ; 目的地Z坐标
00445BEB 8B4B 08 mov ecx, dword ptr
00445BEE 8B45 08 mov eax, dword ptr
00445BF1 894F 34 mov dword ptr , ecx ; 目的地Y坐标
00445BF4 50 push eax ; eax=0012ECDC当前坐标
00445BF5 8BCF mov ecx, edi ; edi=00D0EE60
00445BF7 8957 28 mov dword ptr , edx ; 地图ID 00D0EE88
00445BFA E8 71FAFFFF call 00445670 ; 寻路call
00445BFF 8B4D F4 mov ecx, dword ptr
00445C02 5F pop edi
00445C03 5B pop ebx
00445C04 64:890D 0000000>mov dword ptr fs:, ecx
00445C0B 8BE5 mov esp, ebp
00445C0D 5D pop ebp
00445C0E C2 1000 retn 10
上面是call内部调用call还在上一层
0060A706 .E8 D539F3FF call 0053E0E0
0060A70B .8B80 98000000 mov eax, dword ptr
0060A711 .8B0D C4EED000 mov ecx, dword ptr
0060A717 .A3 5C17D200 mov dword ptr , eax
0060A71C .8B41 1C mov eax, dword ptr
0060A71F .8B48 0C mov ecx, dword ptr
0060A722 .85C9 test ecx, ecx
0060A724 .75 03 jnz short 0060A729
0060A726 .8B48 08 mov ecx, dword ptr
0060A729 >8BB9 98000000 mov edi, dword ptr
0060A72F .8B48 0C mov ecx, dword ptr
0060A732 .85C9 test ecx, ecx
0060A734 .75 03 jnz short 0060A739
0060A736 .8B48 08 mov ecx, dword ptr
0060A739 >E8 328CE3FF call 00443370
0060A73E .D940 44 fld dword ptr ;当前X坐标 eax=249442D0 eax=[+1C]+2C]
0060A741 .D940 40 fld dword ptr ;当前Z坐标
0060A744 .D940 3C fld dword ptr ;当前Y坐标
0060A747 .83C0 0C add eax, 0C
0060A74A .6A 00 push 0
0060A74C .D95C24 20 fstp dword ptr ;esp=0012ECBC 12ECDC
0060A750 .57 push edi ;地图ID
0060A751 .8D5424 24 lea edx, dword ptr ;堆栈地址=0012ECDC esp=0012ECB8 12ECDC
0060A755 .D95C24 28 fstp dword ptr ;esp=0012ECB8 12ECE0
0060A759 .68 3014D200 push 00D21430
0060A75E .52 push edx ;0012ECDC
0060A75F .D95C24 34 fstp dword ptr ;esp=0012ECB0 12ECE4
0060A763 .B9 60EED000 mov ecx, 00D0EE60
0060A768 .E8 63B1E3FF call 004458D0
MFC代码
CString strx, stry;
GetDlgItemText(IDC_EDIT1, strx);
GetDlgItemText(IDC_EDIT2, stry);
if (strx == "" || stry == "") return;
float x, y, z;
x = (float)atoi(strx);
y = (float)atoi(stry);
z = (float)0;
__asm
{
mov ebx, 0xD21430
mov eax, x
mov dword ptr , eax
mov eax, z
mov dword ptr , eax
mov eax, y
mov dword ptr , eax
mov eax, 0xD0EEC4
mov eax, dword ptr
mov eax, dword ptr
mov eax, dword ptr
fld dword ptr
fld dword ptr
fld dword ptr
add eax, 0xC
push 0
mov edx, 0x12ECDC
fstp dword ptr
push 2
lea edx, dword ptr
fstp dword ptr
push 0xD21430
push edx
fstp dword ptr
mov ecx, 0xD0EE60
mov eax, 0x4458D0
call eax
}
简化版
// 寻路call
void CallAutoGotoCoordinates(float x, float y, float z, DWORD GotoMapID)
{
DWORD m_CALL_BASE_ADDR = 0xD0EEC4;
DWORD m_OFFSET_ONE_BASE = 0x1C;
DWORD m_OFFSET_ROLE_BASE = 0x2C;
DWORD m_CALL_FIND_ROUTES_PUSH = 0xD21430;
DWORD m_CALL_FIND_ROUTES_MOVE = 0xD0EE60;
DWORD m_CALL_FIND_ROUTES_ADDR = 0x4458D0;
__try
{
__asm
{
mov ebx, m_CALL_FIND_ROUTES_PUSH
mov eax, x
mov dword ptr , eax
mov eax, z
mov dword ptr , eax
mov eax, y
mov dword ptr , eax
mov eax, m_CALL_BASE_ADDR
mov eax, dword ptr
mov edi, m_OFFSET_ONE_BASE
mov eax, dword ptr
mov edi, m_OFFSET_ROLE_BASE
mov eax, dword ptr
lea edx, dword ptr
push 0
push GotoMapID
push m_CALL_FIND_ROUTES_PUSH
push edx
mov ecx, m_CALL_FIND_ROUTES_MOVE
mov eax, m_CALL_FIND_ROUTES_ADDR
call eax
}
}
__except(1){}
}
这call花了我一天时间和一晚了,一晚就找那个esi,真不好找,最后我想了个办法,要传入当前坐标值首地址,那我就直接用自身的坐标地址不行,果然成功了 谢谢分享,很好的思路,我也准备试试 看不懂啊看不懂!!!!怎么样能看懂!!:'( 楼主请教个问题,我看墨鱼冬哥的教程,学着写,但是没有他的那个1.5ec的模块。。。用不起来,这模块怎么弄啊?????
页:
[1]