天龙八部3 获得角色当前右键选中对象分析
0041B190 /. 55 PUSH EBP0041B191 |. 8BEC MOV EBP,ESP
0041B193 |. 8B91 84000000 MOV EDX,DWORD PTR DS:
0041B199 |. 8B01 MOV EAX,DWORD PTR DS:
0041B19B |. 52 PUSH EDX
0041B19C |. 8B55 08 MOV EDX,DWORD PTR SS:
0041B19F |. 6A FF PUSH -1
0041B1A1 |. 52 PUSH EDX
0041B1A2 |. C681 A0000000>MOV BYTE PTR DS:,1
0041B1A9 |. FF50 38 CALL DWORD PTR DS:
0041B1AC |. 5D POP EBP
0041B1AD \. C2 0400 RETN 4
0041B1B0 . A1 88152901 MOV EAX,DWORD PTR DS: ; 当前选中对象基址
0041B1B5 . 85C0 TEST EAX,EAX
0041B1B7 . 74 1D JE SHORT Game.0041B1D6
0041B1B9 . 56 PUSH ESI
0041B1BA . 8B30 MOV ESI,DWORD PTR DS:
0041B1BC . 6A 00 PUSH 0
0041B1BE . 81C1 BC000000 ADD ECX,0BC ; +00bc 角色自身字符串ID偏移
0041B1C4 . FF15 EC537E00 CALL DWORD PTR DS: ; ator@D@2@@std@@QBEPBDXZ
0041B1CA . 8B0D 88152901 MOV ECX,DWORD PTR DS:
0041B1D0 . 50 PUSH EAX ; eax=+00bc+4 = 字符串
0041B1D1 . FF56 58 CALL DWORD PTR DS: ; 获得中对象首地址
0041B1D4 . 5E POP ESI
0041B1D5 . C3 RETN
0041B1D6 > 33C0 XOR EAX,EAX
0041B1D8 . C3 RETN
//0041B1D1 . FF56 58 CALL DWORD PTR DS: ; 获得中对象首地址
00695010 /. 55 PUSH EBP ; 获得当前选中对象首地址
00695011 |. 8BEC MOV EBP,ESP
00695013 |. 6A FF PUSH -1
00695015 |. 68 19A57C00 PUSH Game.007CA519 ; SE 处理程序安装
0069501A |. 64:A1 0000000>MOV EAX,DWORD PTR FS:
00695020 |. 50 PUSH EAX
00695021 |. 64:8925 00000>MOV DWORD PTR FS:,ESP
00695028 |. 83EC 1C SUB ESP,1C
0069502B |. 8B45 08 MOV EAX,DWORD PTR SS: ; +00bc+4 = 字符串
0069502E |. 56 PUSH ESI
0069502F |. 8BF1 MOV ESI,ECX ; ecx==当前选中对象基址
00695031 |. 50 PUSH EAX
00695032 |. 8D4D D8 LEA ECX,DWORD PTR SS:
00695035 |. FF15 30547E00 CALL DWORD PTR DS:
0069503B |. 8D4D D8 LEA ECX,DWORD PTR SS:
0069503E |. 51 PUSH ECX ; +4 = 角色字符串ID
0069503F |. 8D55 08 LEA EDX,DWORD PTR SS:
00695042 |. 52 PUSH EDX ; +00bc+4 = 角色字符串ID
00695043 |. 8D4E 34 LEA ECX,DWORD PTR DS:
00695046 |. C745 FC 00000>MOV DWORD PTR SS:,0
0069504D |. E8 FEF8FFFF CALL Game.00694950 ; 获得当前选中对象首地址字符串 写入
00695052 |. 8D4D D8 LEA ECX,DWORD PTR SS:
00695055 |. C745 FC FFFFF>MOV DWORD PTR SS:,-1
0069505C |. FF15 3C547E00 CALL DWORD PTR DS:
00695062 |. 8B46 3C MOV EAX,DWORD PTR DS:
00695065 |. 8B4D 08 MOV ECX,DWORD PTR SS:
00695068 |. 3BC8 CMP ECX,EAX
0069506A |. 8B45 0C MOV EAX,DWORD PTR SS:
0069506D |. 5E POP ESI
0069506E |. 75 1C JNZ SHORT Game.0069508C
00695070 |. 85C0 TEST EAX,EAX
00695072 |. 74 06 JE SHORT Game.0069507A
00695074 |. C700 00000000 MOV DWORD PTR DS:,0
0069507A |> 33C0 XOR EAX,EAX
0069507C |. 8B4D F4 MOV ECX,DWORD PTR SS:
0069507F |. 64:890D 00000>MOV DWORD PTR FS:,ECX
00695086 |. 8BE5 MOV ESP,EBP
00695088 |. 5D POP EBP
00695089 |. C2 0800 RETN 8
0069508C |> 85C0 TEST EAX,EAX
0069508E |. 74 06 JE SHORT Game.00695096
00695090 |. C700 01000000 MOV DWORD PTR DS:,1
00695096 |> 83C1 24 ADD ECX,24 ; +24
00695099 |. FF15 EC537E00 CALL DWORD PTR DS: ; 提取首地址字符串
0069509F |. 50 PUSH EAX ; /push 当前选中对象首地址 10进制字符串
006950A0 |. FF15 34577E00 CALL DWORD PTR DS: ; \字符串转换为 int 型
006950A6 |. 8B4D F4 MOV ECX,DWORD PTR SS:
006950A9 |. 83C4 04 ADD ESP,4
006950AC |. 64:890D 00000>MOV DWORD PTR FS:,ECX
006950B3 |. 8BE5 MOV ESP,EBP
006950B5 |. 5D POP EBP
006950B6 \. C2 0800 RETN 8
//0069504D |. E8 FEF8FFFF CALL Game.00694950 ; 获得当前选中对象首地址字符串
00694950 /$ 55 PUSH EBP
00694951 |. 8BEC MOV EBP,ESP
00694953 |. 51 PUSH ECX
00694954 |. 8B45 0C MOV EAX,DWORD PTR SS: ; 角色字符串ID
00694957 |. 53 PUSH EBX
00694958 |. 56 PUSH ESI
00694959 |. 57 PUSH EDI
0069495A |. 50 PUSH EAX
0069495B |. 8BD9 MOV EBX,ECX ; ebx=+34
0069495D |. E8 FE09D8FF CALL Game.00415360 ; 好像是加密
00694962 |. 8B4B 20 MOV ECX,DWORD PTR DS: ; eax=DEADC096
00694965 |. 8BF9 MOV EDI,ECX ; ecx = [+34+20] = 31
00694967 |. 23F8 AND EDI,EAX ; i = edi & eax //最大31
00694969 |. 8B43 24 MOV EAX,DWORD PTR DS: ; ecx = [+34+24] = 30
0069496C |. 83C4 04 ADD ESP,4
0069496F |. 3BC7 CMP EAX,EDI
00694971 |. 77 09 JA SHORT Game.0069497C ; t1 30大于或等于 edi 跳
00694973 |. D1E9 SHR ECX,1
00694975 |. 83CA FF OR EDX,FFFFFFFF
00694978 |. 2BD1 SUB EDX,ECX
0069497A |. 03FA ADD EDI,EDX
0069497C |> 8B43 14 MOV EAX,DWORD PTR DS: ; 1 [+34+14] 当前地图可选中对象首地址
0069497F |. 8B34B8 MOV ESI,DWORD PTR DS: ; [[+34+14]+i*4] 角色选中对象的字符串首地址
00694982 |. 8B4CB8 04 MOV ECX,DWORD PTR DS:
00694986 |. 3BF1 CMP ESI,ECX
00694988 |. 8D04B8 LEA EAX,DWORD PTR DS:
0069498B |. 8975 FC MOV DWORD PTR SS:,ESI ; [[+34+14]+i*4]
0069498E |. 74 29 JE SHORT Game.006949B9
00694990 |> 8B4D 0C /MOV ECX,DWORD PTR SS:
00694993 |. 51 |PUSH ECX
00694994 |. 8D56 08 |LEA EDX,DWORD PTR DS:
00694997 |. 52 |PUSH EDX
00694998 |. FF15 70547E00 |CALL DWORD PTR DS: ; U?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
0069499E |. 83C4 08 |ADD ESP,8
006949A1 |. 84C0 |TEST AL,AL
006949A3 |. 74 25 |JE SHORT Game.006949CA ; t2
006949A5 |. 8B43 14 |MOV EAX,DWORD PTR DS:
006949A8 |. 8B36 |MOV ESI,DWORD PTR DS:
006949AA |. 8B4CB8 04 |MOV ECX,DWORD PTR DS:
006949AE |. 3BF1 |CMP ESI,ECX
006949B0 |. 8D44B8 04 |LEA EAX,DWORD PTR DS:
006949B4 |.^ 75 DA \JNZ SHORT Game.00694990
006949B6 |. 8975 FC MOV DWORD PTR SS:,ESI
006949B9 |> 8B53 08 MOV EDX,DWORD PTR DS:
006949BC |. 8B45 08 MOV EAX,DWORD PTR SS:
006949BF |. 5F POP EDI
006949C0 |. 5E POP ESI
006949C1 |. 8910 MOV DWORD PTR DS:,EDX
006949C3 |. 5B POP EBX
006949C4 |. 8BE5 MOV ESP,EBP
006949C6 |. 5D POP EBP
006949C7 |. C2 0800 RETN 8
006949CA |> 8B4D 0C MOV ECX,DWORD PTR SS: ; 2
006949CD |. 8975 FC MOV DWORD PTR SS:,ESI
006949D0 |. 83C6 08 ADD ESI,8
006949D3 |. 56 PUSH ESI
006949D4 |. 51 PUSH ECX
006949D5 |. FF15 70547E00 CALL DWORD PTR DS: ; raits@D@std@@V?$allocator@D@2@@0@0@Z
006949DB |. 83C4 08 ADD ESP,8
006949DE |. 84C0 TEST AL,AL
006949E0 |. 74 19 JE SHORT Game.006949FB ; t3
006949E2 |. 8B53 08 MOV EDX,DWORD PTR DS:
006949E5 |. 8D45 0C LEA EAX,DWORD PTR SS:
006949E8 |. 5F POP EDI
006949E9 |. 8955 0C MOV DWORD PTR SS:,EDX
006949EC |. 8B08 MOV ECX,DWORD PTR DS:
006949EE |. 8B45 08 MOV EAX,DWORD PTR SS:
006949F1 |. 5E POP ESI
006949F2 |. 8908 MOV DWORD PTR DS:,ECX
006949F4 |. 5B POP EBX
006949F5 |. 8BE5 MOV ESP,EBP
006949F7 |. 5D POP EBP
006949F8 |. C2 0800 RETN 8
006949FB |> 8D45 FC LEA EAX,DWORD PTR SS: ; 3
006949FE |. 8B08 MOV ECX,DWORD PTR DS:
00694A00 |. 8B45 08 MOV EAX,DWORD PTR SS:
00694A03 |. 5F POP EDI
00694A04 |. 5E POP ESI
00694A05 |. 8908 MOV DWORD PTR DS:,ECX ; 写入角色选中对象的字符串首地址
00694A07 |. 5B POP EBX
00694A08 |. 8BE5 MOV ESP,EBP
00694A0A |. 5D POP EBP
00694A0B \. C2 0800 RETN 8
//0069495D |. E8 FE09D8FF CALL Game.00415360 ; 好像是加密
00415360 |$ 8B4C24 04 MOV ECX,DWORD PTR SS:
00415364 |. 53 PUSH EBX
00415365 |. 55 PUSH EBP
00415366 |. BD EFBEADDE MOV EBP,DEADBEEF ; 常数 = DEADBEEF
0041536B |. FF15 A0537E00 CALL DWORD PTR DS: ; 获得角色字符串ID 长度 = 8
00415371 |. 8BD8 MOV EBX,EAX
00415373 |. 85DB TEST EBX,EBX
00415375 |. 76 24 JBE SHORT Game.0041539B
00415377 |. 56 PUSH ESI
00415378 |. 57 PUSH EDI
00415379 |. 8BFB MOV EDI,EBX ; /char w_char
0041537B |. C1EF 04 SHR EDI,4 ; |字符串ID 长度/16
0041537E |. 47 INC EDI ; |edi++
0041537F |. 2BDF SUB EBX,EDI ; |ebx = 字符串ID长度-(字符串ID长度/16+1)
00415381 |. 33F6 XOR ESI,ESI ; \
00415383 |> 8B4C24 14 /MOV ECX,DWORD PTR SS:
00415387 |. 56 |PUSH ESI ; 字符串序号 i
00415388 |. FF15 9C537E00 |CALL DWORD PTR DS: ; 获得字符串中第i个字符的ascii码值 获得角色字符串ID = "000047c9"
0041538E |. 0FBE00 |MOVSX EAX,BYTE PTR DS: ; 将当前字符ascii码值 扩展至 eax
00415391 |. 03F7 |ADD ESI,EDI ; 计数 + edi
00415393 |. 03E8 |ADD EBP,EAX ; 常数 = 常数 + ascii码值
00415395 |. 3BF3 |CMP ESI,EBX ; 比较总长度
00415397 |.^ 76 EA \JBE SHORT Game.00415383 ; 小于等于 循环
00415399 |. 5F POP EDI
0041539A |. 5E POP ESI
0041539B |> 8BC5 MOV EAX,EBP
0041539D |. 5D POP EBP
0041539E |. 5B POP EBX
0041539F \. C3 RETN ;P做沙发;P做沙发;P做沙发;P做沙发;P做沙发;P做沙发;P做沙发;P做沙发;P做沙发;P做沙发;P做沙发
页:
[1]