- 注册时间
- 2011-3-6
- 最后登录
- 1970-1-1
该用户从未签到
|
数据所在模块:x2game
获取物品对象CALL:
mov ecx,3A30C678 //背包基址
ADD ECX,0x10
PUSH 1 // 背包位置 从0开始
CALL 3955C3E0 //获取背包物品对象CALL
mov [保存物品对象],eax
[保存物品对象]==物品对象
-------------------------------------------
db 3A30C678+19 背包最大数量 字节型
db 3A30C678+19+1 背包当前数量 字节型
dd 3A30C678+0*0C0+10 背包对象
背包对象+8==物品ID
背包对象+0C== 2装备 100消耗品 0道具
背包对象+10==物品数量
背包对象+1D==当前耐久度 (1字节型)
======= 背包基址 ======================================有效
3948DB40 /$ 55 PUSH EBP
3948DB41 |. 8BEC MOV EBP,ESP
3948DB43 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] ; 8B 45 08 8B C8 83 EC 08 C1 E9 08 56 80 F9 04
3948DB46 |. 8BC8 MOV ECX,EAX
3948DB48 |. 83EC 08 SUB ESP,0x8
3948DB4B |. C1E9 08 SHR ECX,0x8
3948DB4E |. 56 PUSH ESI
3948DB4F |. 80F9 04 CMP CL,0x4
3948DB52 |. 75 19 JNZ SHORT x2game.3948DB6D
3948DB54 |. C1E8 18 SHR EAX,0x18
3948DB57 |. 8845 FC MOV BYTE PTR SS:[EBP-0x4],AL
3948DB5A |. E8 A11DFFFF CALL x2game.3947F900
3948DB5F |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4]
3948DB62 |. 52 PUSH EDX
3948DB63 |. 8D48 10 LEA ECX,DWORD PTR DS:[EAX+0x10]
3948DB66 |. E8 C5D51700 CALL x2game.3960B130
3948DB6B |. EB 0B JMP SHORT x2game.3948DB78
3948DB6D |> 50 PUSH EAX
3948DB6E |. B9 78C6303A MOV ECX,x2game.3A30C678 ; 基址
3948DB73 |. E8 B89B1500 CALL x2game.395E7730
3948DB78 |> 8BF0 MOV ESI,EAX
3948DB7A |. 85F6 TEST ESI,ESI
3948DB7C |. 75 07 JNZ SHORT x2game.3948DB85
3948DB7E |. 32C0 XOR AL,AL
3948DB80 |. 5E POP ESI
3948DB81 |. 8BE5 MOV ESP,EBP
3948DB83 |. 5D POP EBP
3948DB84 |. C3 RETN
3948DB85 |> 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8]
3948DB88 |. 57 PUSH EDI
3948DB89 |. 50 PUSH EAX
3948DB8A |. E8 C1250E00 CALL x2game.39570150
3948DB8F |. 8BF8 MOV EDI,EAX
3948DB91 |. 83C4 04 ADD ESP,0x4
3948DB94 |. 85FF TEST EDI,EDI
3948DB96 |. 0F84 8E000000 JE x2game.3948DC2A
3948DB9C |. 837F 48 08 CMP DWORD PTR DS:[EDI+0x48],0x8
3948DBA0 |. 75 6A JNZ SHORT x2game.3948DC0C
3948DBA2 |. 8B0D B4A6313A MOV ECX,DWORD PTR DS:[0x3A31A6B4]
3948DBA8 |. 8B49 14 MOV ECX,DWORD PTR DS:[ECX+0x14]
3948DBAB |. 8B11 MOV EDX,DWORD PTR DS:[ECX]
3948DBAD |. 8B42 6C MOV EAX,DWORD PTR DS:[EDX+0x6C]
3948DBB0 |. FFD0 CALL EAX
3948DBB2 |. 8B4E 22 MOV ECX,DWORD PTR DS:[ESI+0x22]
3948DBB5 |. 51 PUSH ECX
3948DBB6 |. 8B4E 1E MOV ECX,DWORD PTR DS:[ESI+0x1E]
3948DBB9 |. 51 PUSH ECX
3948DBBA |. 52 PUSH EDX
3948DBBB |. 50 PUSH EAX
3948DBBC |. FF15 A84B6E39 CALL DWORD PTR DS:[<&xlcommon.?XlDiffTim>; xlcommon.?XlDiffTime@@YAN_K0@Z
3948DBC2 |. DD05 580E7339 FLD QWORD PTR DS:[0x39730E58]
3948DBC8 |. 83C4 10 ADD ESP,0x10
3948DBCB |. DBF1 FCOMI ST(0),ST(1)
3948DBCD |. 72 39 JB SHORT x2game.3948DC08
3948DBCF |. D97D 0A FSTCW WORD PTR SS:[EBP+0xA]
3948DBD2 |. 0FB745 0A MOVZX EAX,WORD PTR SS:[EBP+0xA]
3948DBD6 |. 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+0x10]
3948DBD9 |. DEE1 FSUBRP ST(1),ST(0)
3948DBDB |. 0D 000C0000 OR EAX,0xC00
3948DBE0 |. 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX
3948DBE3 |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC]
3948DBE6 |. 5F POP EDI
3948DBE7 |. D96D FC FLDCW WORD PTR SS:[EBP-0x4]
3948DBEA |. 5E POP ESI
3948DBEB |. DF7D F8 FISTP QWORD PTR SS:[EBP-0x8]
3948DBEE |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-0x8]
3948DBF1 |. D96D 0A FLDCW WORD PTR SS:[EBP+0xA]
3948DBF4 |. 69D2 E8030000 IMUL EDX,EDX,0x3E8
3948DBFA |. 8910 MOV DWORD PTR DS:[EAX],EDX
3948DBFC |. C701 C0270900 MOV DWORD PTR DS:[ECX],0x927C0
3948DC02 |. B0 01 MOV AL,0x1
3948DC04 |. 8BE5 MOV ESP,EBP
3948DC06 |. 5D POP EBP
3948DC07 |. C3 RETN
3948DC08 |> DDD9 FSTP ST(1)
3948DC0A |. DDD8 FSTP ST(0)
3948DC0C |> 837F 48 09 CMP DWORD PTR DS:[EDI+0x48],0x9
3948DC10 |. 75 18 JNZ SHORT x2game.3948DC2A
3948DC12 |. 8B55 10 MOV EDX,DWORD PTR SS:[EBP+0x10]
3948DC15 |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC]
3948DC18 |. 52 PUSH EDX
3948DC19 |. 50 PUSH EAX
3948DC1A |. E8 A112EEFF CALL x2game.3936EEC0
3948DC1F |. 83C4 08 ADD ESP,0x8
3948DC22 |. 5F POP EDI
3948DC23 |. B0 01 MOV AL,0x1
3948DC25 |. 5E POP ESI
3948DC26 |. 8BE5 MOV ESP,EBP
3948DC28 |. 5D POP EBP
3948DC29 |. C3 RETN
3948DC2A |> 8B76 08 MOV ESI,DWORD PTR DS:[ESI+0x8]
3948DC2D |. 56 PUSH ESI
3948DC2E |. E8 1D250E00 CALL x2game.39570150
3948DC33 |. 83C4 04 ADD ESP,0x4
3948DC36 |. 85C0 TEST EAX,EAX
3948DC38 |. 75 08 JNZ SHORT x2game.3948DC42
3948DC3A |. 5F POP EDI
3948DC3B |. 32C0 XOR AL,AL
3948DC3D |. 5E POP ESI
3948DC3E |. 8BE5 MOV ESP,EBP
3948DC40 |. 5D POP EBP
3948DC41 |. C3 RETN
3948DC42 |> 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+0x10]
3948DC45 |. 8B55 0C MOV EDX,DWORD PTR SS:[EBP+0xC]
3948DC48 |. 8B80 A0000000 MOV EAX,DWORD PTR DS:[EAX+0xA0]
3948DC4E |. 51 PUSH ECX
3948DC4F |. 52 PUSH EDX
3948DC50 |. 50 PUSH EAX
3948DC51 |. E8 0ABCECFF CALL x2game.39359860
3948DC56 |. 83C4 0C ADD ESP,0xC
3948DC59 |. 5F POP EDI
3948DC5A |. 5E POP ESI
3948DC5B |. 8BE5 MOV ESP,EBP
3948DC5D |. 5D POP EBP
3948DC5E \. C3 RETN
===== 获取背包物品对象CALL =========================================
8B C6 C1 E8 18 3A 41 09
3955C4E0 /$ 55 PUSH EBP
3955C4E1 |. 8BEC MOV EBP,ESP
3955C4E3 |. 56 PUSH ESI
3955C4E4 |. 8B75 08 MOV ESI,DWORD PTR SS:[EBP+0x8]
3955C4E7 |. 8BD6 MOV EDX,ESI
3955C4E9 |. C1EA 08 SHR EDX,0x8
3955C4EC |. 3A15 B517343A CMP DL,BYTE PTR DS:[0x3A3417B5]
3955C4F2 |. 75 1A JNZ SHORT x2game.3955C50E
3955C4F4 |. 8BC6 MOV EAX,ESI
3955C4F6 |. C1E8 10 SHR EAX,0x10
3955C4F9 |. 3A05 B617343A CMP AL,BYTE PTR DS:[0x3A3417B6]
3955C4FF |. 75 0D JNZ SHORT x2game.3955C50E
3955C501 |. 8BC6 MOV EAX,ESI
3955C503 |. C1E8 18 SHR EAX,0x18
3955C506 |. 3A05 B717343A CMP AL,BYTE PTR DS:[0x3A3417B7]
3955C50C |. 74 1A JE SHORT x2game.3955C528
3955C50E |> 3A51 08 CMP DL,BYTE PTR DS:[ECX+0x8]
3955C511 |. 75 15 JNZ SHORT x2game.3955C528
3955C513 |. 8BC6 MOV EAX,ESI ; 8B C6 C1 E8 18 3A 41 09
3955C515 |. C1E8 18 SHR EAX,0x18
3955C518 |. 3A41 09 CMP AL,BYTE PTR DS:[ECX+0x9] ; 背包最大数量 字节型
3955C51B |. 73 0B JNB SHORT x2game.3955C528
3955C51D |. 50 PUSH EAX ; 背包位置索引
3955C51E |. E8 BDFEFFFF CALL x2game.3955C3E0 ; 获取背包对象CALL ,背包数组在此CALL内部
3955C523 |. 5E POP ESI
3955C524 |. 5D POP EBP
3955C525 |. C2 0400 RETN 0x4
3955C528 |> 33C0 XOR EAX,EAX
3955C52A |. 5E POP ESI
3955C52B |. 5D POP EBP
3955C52C \. C2 0400 RETN 0x4
dd [[39EC7104+0x4]+0x4] 周围对象遍历根
dd [[39EC7104+0x4]+0x4]+15 标志
根]+0C //ID
根]+10]+8 //ID
根]+10]+0C //名字
根]+10]+3da8]+10]+41C 当前血
根]+10]+3da8]+10]+420 当前蓝
+410 == 怪,NPC,玩家 类型偏移
dd [[[[[[根+10]+3Da8]+200]+4]+1f8]+2C]+0C //周围怪物坐标,,此地址只能读出怪的坐标。
dd [[[[[[[[根+10]+3Da8]+200]+4]+1f8]+2C]+4]+0C]+90 //这个可以读出怪和NPC坐标,但读不出建筑的坐标。
//====周围对象遍历基址,树,===============================================
39327580 /$ 55 PUSH EBP
39327581 |. 8BEC MOV EBP,ESP
39327583 |. 8B0D A871EC39 MOV ECX,DWORD PTR DS:[0x39EC71A8]
39327589 |. 83EC 08 SUB ESP,0x8
3932758C |. 53 PUSH EBX
3932758D |. 8D41 FF LEA EAX,DWORD PTR DS:[ECX-0x1]
39327590 |. 8D99 00FCFFFF LEA EBX,DWORD PTR DS:[ECX-0x400]
39327596 |. 56 PUSH ESI
39327597 |. 57 PUSH EDI
39327598 |. 3BC3 CMP EAX,EBX
3932759A |. 72 48 JB SHORT x2game.393275E4
3932759C |. 8B35 0871EC39 MOV ESI,DWORD PTR DS:[0x39EC7108]
393275A2 |. 8B7E 04 MOV EDI,DWORD PTR DS:[ESI+0x4]
393275A5 |> 8BCF /MOV ECX,EDI
393275A7 |. 8079 15 00 |CMP BYTE PTR DS:[ECX+0x15],0x0
393275AB |. 8BD6 |MOV EDX,ESI
393275AD |. 75 15 |JNZ SHORT x2game.393275C4
393275AF |. 90 |NOP
393275B0 |> 3941 0C |/CMP DWORD PTR DS:[ECX+0xC],EAX
393275B3 |. 73 05 ||JNB SHORT x2game.393275BA
393275B5 |. 8B49 08 ||MOV ECX,DWORD PTR DS:[ECX+0x8]
393275B8 |. EB 04 ||JMP SHORT x2game.393275BE
393275BA |> 8BD1 ||MOV EDX,ECX
393275BC |. 8B09 ||MOV ECX,DWORD PTR DS:[ECX]
393275BE |> 8079 15 00 ||CMP BYTE PTR DS:[ECX+0x15],0x0
393275C2 |.^ 74 EC |\JE SHORT x2game.393275B0
393275C4 |> 8955 FC |MOV DWORD PTR SS:[EBP-0x4],EDX
393275C7 |. 3BD6 |CMP EDX,ESI
393275C9 |. 74 0A |JE SHORT x2game.393275D5
393275CB |. 3B42 0C |CMP EAX,DWORD PTR DS:[EDX+0xC]
393275CE |. 72 05 |JB SHORT x2game.393275D5
393275D0 |. 8D4D FC |LEA ECX,DWORD PTR SS:[EBP-0x4]
393275D3 |. EB 06 |JMP SHORT x2game.393275DB
393275D5 |> 8975 F8 |MOV DWORD PTR SS:[EBP-0x8],ESI
393275D8 |. 8D4D F8 |LEA ECX,DWORD PTR SS:[EBP-0x8]
393275DB |> 3931 |CMP DWORD PTR DS:[ECX],ESI
393275DD |. 74 0A |JE SHORT x2game.393275E9
393275DF |. 48 |DEC EAX
393275E0 |. 3BC3 |CMP EAX,EBX
393275E2 |.^ 73 C1 \JNB SHORT x2game.393275A5
393275E4 |> A1 D470EC39 MOV EAX,DWORD PTR DS:[0x39EC70D4]
393275E9 |> 5F POP EDI
393275EA |. 5E POP ESI
393275EB |. 5B POP EBX
393275EC |. 8BE5 MOV ESP,EBP
393275EE |. 5D POP EBP
393275EF \. C3 RETN
393275F0 /$ 55 PUSH EBP
393275F1 |. 8BEC MOV EBP,ESP
393275F3 |. 51 PUSH ECX
393275F4 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8]
393275F7 |. 3B05 D470EC39 CMP EAX,DWORD PTR DS:[0x39EC70D4]
393275FD |. 74 24 JE SHORT x2game.39327623
393275FF |. 8D4D 08 LEA ECX,DWORD PTR SS:[EBP+0x8] ; 搜一次:8D 4D 08 51 8D 55 FC 52 B9 ???????? E8 ???????? 8B 45 FC
39327602 |. 51 PUSH ECX
39327603 |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-0x4]
39327606 |. 52 PUSH EDX
39327607 |. B9 0471EC39 MOV ECX,x2game.39EC7104 ; 周围遍历基址
3932760C |. E8 0FC40000 CALL x2game.39333A20 ; CALL内是周围遍历树
39327611 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4]
39327614 |. 3B05 0871EC39 CMP EAX,DWORD PTR DS:[0x39EC7108]
3932761A |. 74 07 JE SHORT x2game.39327623
3932761C |. 8B40 10 MOV EAX,DWORD PTR DS:[EAX+0x10]
3932761F |. 8BE5 MOV ESP,EBP
39327621 |. 5D POP EBP
39327622 |. C3 RETN
39327623 |> 33C0 XOR EAX,EAX
39327625 |. 8BE5 MOV ESP,EBP
39327627 |. 5D POP EBP
39327628 \. C3 RETN
//============================================================================
取出仓库物品到背包CALL (系统自动选择背包位置)
push 03000300 //03是物品在背包的位置 200是取出标志
CALL 39038C80
add esp,4
存仓库CALL (系统自动选择物品在仓库中的位置)
push 03000200 //03是物品在背包的位置 200是存入标志
CALL 39038C20
add esp,4
远程存取仓库CALL
push 01000300
push 01000200
call 39491d20
add esp,8
======= 存物品到仓库CALL 好用 =====================
39403210 /. 55 PUSH EBP
39403211 |. 8BEC MOV EBP,ESP
39403213 |. 51 PUSH ECX
39403214 |. 8A4D 0C MOV CL,BYTE PTR SS:[EBP+0xC] ; 搜索第一次:8A 4D 0C 32 C0 FE C9 88 4D FF 88 45 FC 66 C7 45 FD 02 00 8B 55 FC 52
39403217 |. 32C0 XOR AL,AL
39403219 |. FEC9 DEC CL
3940321B |. 884D FF MOV BYTE PTR SS:[EBP-0x1],CL
3940321E |. 8845 FC MOV BYTE PTR SS:[EBP-0x4],AL
39403221 |. 66:C745 FD 0200 MOV WORD PTR SS:[EBP-0x3],0x2
39403227 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4]
3940322A |. 52 PUSH EDX ; EDX=01000200 参数的前面01代表背包的位置
3940322B |. E8 F059C3FF CALL x2game.39038C20 ; 存仓库CALL
39403230 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] ; 成功返回1
39403233 |. 8B01 MOV EAX,DWORD PTR DS:[ECX]
39403235 |. 8B50 2C MOV EDX,DWORD PTR DS:[EAX+0x2C]
39403238 |. 83C4 04 ADD ESP,0x4
3940323B |. FFD2 CALL EDX
3940323D |. 8BE5 MOV ESP,EBP
3940323F |. 5D POP EBP
39403240 \. C2 0800 RETN 0x8
======== 取出仓库物品到背包CALL ================
394086E0 /. 55 PUSH EBP
394086E1 |. 8BEC MOV EBP,ESP
394086E3 |. 51 PUSH ECX ; 51 8A 4D 0C 32 C0 FE C9 88 4D FF 88 45 FC 66 C7 45 FD 03 00 8B 55 FC 52
394086E4 |. 8A4D 0C MOV CL,BYTE PTR SS:[EBP+0xC]
394086E7 |. 32C0 XOR AL,AL
394086E9 |. FEC9 DEC CL
394086EB |. 884D FF MOV BYTE PTR SS:[EBP-0x1],CL
394086EE |. 8845 FC MOV BYTE PTR SS:[EBP-0x4],AL
394086F1 |. 66:C745 FD 0300 MOV WORD PTR SS:[EBP-0x3],0x3
394086F7 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4]
394086FA |. 52 PUSH EDX ; EDX=01000300 01是物品在仓库的位置 300是取出标志
394086FB |. E8 8005C3FF CALL x2game.39038C80 ; 取出仓库物品到背包CALL
39408700 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] ; 成功返回1
39408703 |. 8B01 MOV EAX,DWORD PTR DS:[ECX]
39408705 |. 8B50 2C MOV EDX,DWORD PTR DS:[EAX+0x2C]
39408708 |. 83C4 04 ADD ESP,0x4
3940870B |. FFD2 CALL EDX
3940870D |. 8BE5 MOV ESP,EBP
3940870F |. 5D POP EBP
39408710 \. C2 0800 RETN 0x8
======== 远程存取仓库CALL ==========================
39493C80 /$ 55 PUSH EBP
39493C81 |. 8BEC MOV EBP,ESP
39493C83 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8]
39493C86 |. 8BC8 MOV ECX,EAX ; 搜索三次:8B C8 C1 E9 08 80 F9 04 8B 4D 0C ???? 8B D1 C1 EA 08 80 FA 04
39493C88 |. C1E9 08 SHR ECX,0x8
39493C8B |. 80F9 04 CMP CL,0x4
39493C8E |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC]
39493C91 |. 74 16 JE SHORT x2game.39493CA9
39493C93 |. 8BD1 MOV EDX,ECX
39493C95 |. C1EA 08 SHR EDX,0x8
39493C98 |. 80FA 04 CMP DL,0x4
39493C9B |. 74 0C JE SHORT x2game.39493CA9
39493C9D |. 51 PUSH ECX ; ECX=01000300 存仓是300 取出是200 前面的1是仓库或背包的位置
39493C9E |. 50 PUSH EAX ; EAX=01000200 存仓是200 取出是300 前面的1是仓库或背包的位置
39493C9F |. E8 7CE0FFFF CALL x2game.39491D20 ; ++++++++++++++++
39493CA4 |. 83C4 08 ADD ESP,0x8 ; 远程存取仓库CALL
39493CA7 |. 5D POP EBP
39493CA8 |. C3 RETN
39493CA9 |> 51 PUSH ECX
39493CAA |. 50 PUSH EAX
39493CAB |. E8 5098FFFF CALL x2game.3948D500
39493CB0 |. 83C4 08 ADD ESP,0x8
39493CB3 |. 5D POP EBP
39493CB4 \. C3 RETN |
|