- 注册时间
- 2011-11-5
- 最后登录
- 1970-1-1
该用户从未签到
|
006574D0 /$ 55 push ebp
006574D1 |. 8BEC mov ebp, esp
006574D3 |. 83EC 0C sub esp, 0C
006574D6 |. 56 push esi
006574D7 |. 57 push edi
006574D8 |. 894D F4 mov dword ptr [ebp-C], ecx
006574DB |. 8B45 F4 mov eax, dword ptr [ebp-C]
006574DE |. 8B4D 08 mov ecx, dword ptr [ebp+8]
006574E1 |. 8988 880C0000 mov dword ptr [eax+C88], ecx
006574E7 |. 8B55 F4 mov edx, dword ptr [ebp-C]
006574EA |. C782 300C0000>mov dword ptr [edx+C30], 0
006574F4 |. 8B45 F4 mov eax, dword ptr [ebp-C]
006574F7 |. C780 080C0000>mov dword ptr [eax+C08], 0
00657501 |. 8B4D F4 mov ecx, dword ptr [ebp-C]
00657504 |. C681 EC010000>mov byte ptr [ecx+1EC], 0
0065750B |. 8B55 F4 mov edx, dword ptr [ebp-C]
0065750E |. C682 160D0000>mov byte ptr [edx+D16], 0
00657515 |. 68 E8030000 push 3E8
0065751A |. 6A 00 push 0
0065751C |. 8B45 F4 mov eax, dword ptr [ebp-C]
0065751F |. 05 1D080000 add eax, 81D
00657524 |. 50 push eax
00657525 |. E8 D604FBFF call 00607A00
0065752A |. 83C4 0C add esp, 0C
0065752D |. 8B4D F4 mov ecx, dword ptr [ebp-C]
00657530 |. 66:8B55 08 mov dx, word ptr [ebp+8]
00657534 |. 66:8991 8C0C0>mov word ptr [ecx+C8C], dx
0065753B |. 8B45 F4 mov eax, dword ptr [ebp-C]
0065753E |. 66:8B4D 10 mov cx, word ptr [ebp+10]
00657542 |. 66:8988 8E0C0>mov word ptr [eax+C8E], cx
00657549 |. 8B55 F4 mov edx, dword ptr [ebp-C]
0065754C |. 66:8B45 14 mov ax, word ptr [ebp+14]
00657550 |. 66:8982 900C0>mov word ptr [edx+C90], ax
00657557 |. 68 00040000 push 400
0065755C |. 8B4D 0C mov ecx, dword ptr [ebp+C]
0065755F |. 51 push ecx
00657560 |. E8 CB16DBFF call 00408C30 ; 返回值可能是NPC的ID
00657565 |. 8945 FC mov dword ptr [ebp-4], eax
00657568 |. C745 F8 00000>mov dword ptr [ebp-8], 0
0065756F |. EB 09 jmp short 0065757A
00657571 |> 8B55 F8 /mov edx, dword ptr [ebp-8]
00657574 |. 83C2 01 |add edx, 1
00657577 |. 8955 F8 |mov dword ptr [ebp-8], edx
0065757A |> 8B45 F8 mov eax, dword ptr [ebp-8]
0065757D |. 3B45 FC |cmp eax, dword ptr [ebp-4]
00657580 |. 7D 56 |jge short 006575D8 ; 大于等于/不小于时转移
00657582 |. 8B4D 0C |mov ecx, dword ptr [ebp+C]
00657585 |. 034D F8 |add ecx, dword ptr [ebp-8]
00657588 |. 0FBE11 |movsx edx, byte ptr [ecx]
0065758B |. 85D2 |test edx, edx
0065758D |. 75 02 |jnz short 00657591 ; 条件转移指令
0065758F |. EB 47 |jmp short 006575D8
00657591 |> 8B45 0C |mov eax, dword ptr [ebp+C]
00657594 |. 0345 F8 |add eax, dword ptr [ebp-8]
00657597 |. 0FBE08 |movsx ecx, byte ptr [eax]
0065759A |. 83F9 23 |cmp ecx, 23
0065759D |. 75 37 |jnz short 006575D6 ; 功能: ZF=0,转至标号处执行
0065759F |. 8B55 F4 |mov edx, dword ptr [ebp-C]
006575A2 |. 8B82 300C0000 |mov eax, dword ptr [edx+C30]
006575A8 |. 83C0 01 |add eax, 1
006575AB |. 8B4D F4 |mov ecx, dword ptr [ebp-C]
006575AE |. 8981 300C0000 |mov dword ptr [ecx+C30], eax
006575B4 |. 8B55 F4 |mov edx, dword ptr [ebp-C]
006575B7 |. 8B82 300C0000 |mov eax, dword ptr [edx+C30]
006575BD |. 8B4D F8 |mov ecx, dword ptr [ebp-8]
006575C0 |. 83C1 01 |add ecx, 1
006575C3 |. 8B55 F4 |mov edx, dword ptr [ebp-C]
006575C6 |. 898C82 080C00>|mov dword ptr [edx+eax*4+C08], ec>
006575CD |. 8B45 0C |mov eax, dword ptr [ebp+C]
006575D0 |. 0345 F8 |add eax, dword ptr [ebp-8]
006575D3 |. C600 00 |mov byte ptr [eax], 0
006575D6 |>^ EB 99 \jmp short 00657571
006575D8 |> 8B4D 0C mov ecx, dword ptr [ebp+C]
006575DB |. 51 push ecx
006575DC |. 8B55 F4 mov edx, dword ptr [ebp-C]
006575DF |. 81C2 EC010000 add edx, 1EC
006575E5 |. 52 push edx
006575E6 |. E8 4509FBFF call 00607F30
006575EB |. 83C4 08 add esp, 8
006575EE |. 6A 01 push 1
006575F0 |. 8B45 F4 mov eax, dword ptr [ebp-C]
006575F3 |. 05 EC010000 add eax, 1EC
006575F8 |. 50 push eax
006575F9 |. 8B4D F4 mov ecx, dword ptr [ebp-C]
006575FC |. 8B89 180D0000 mov ecx, dword ptr [ecx+D18]
00657602 |. E8 1922F4FF call 00599820
00657607 |. 8B55 F4 mov edx, dword ptr [ebp-C]
0065760A |. 83BA 300C0000>cmp dword ptr [edx+C30], 0
00657611 |. 7C 0C jl short 0065761F ; 功能: 小于/不大于等于时转移
00657613 |. 8B45 F4 mov eax, dword ptr [ebp-C]
00657616 |. 83B8 300C0000>cmp dword ptr [eax+C30], 6
0065761D |. 7E 07 jle short 00657626 ; 功能: 小于等于/不大于时转移
0065761F |> 33C0 xor eax, eax
00657621 |. E9 A8000000 jmp 006576CE
00657626 |> C745 F8 01000>mov dword ptr [ebp-8], 1
0065762D |. EB 09 jmp short 00657638
0065762F |> 8B4D F8 /mov ecx, dword ptr [ebp-8]
00657632 |. 83C1 01 |add ecx, 1
00657635 |. 894D F8 |mov dword ptr [ebp-8], ecx
00657638 |> 8B55 F4 mov edx, dword ptr [ebp-C]
0065763B |. 8B45 F8 |mov eax, dword ptr [ebp-8]
0065763E |. 3B82 300C0000 |cmp eax, dword ptr [edx+C30]
00657644 |. 7D 79 |jge short 006576BF ; 功能: 大于等于/不小于时转移
00657646 |. 8B4D F8 |mov ecx, dword ptr [ebp-8]
00657649 |. 8B55 F4 |mov edx, dword ptr [ebp-C]
0065764C |. 8B45 F8 |mov eax, dword ptr [ebp-8]
0065764F |. 8B75 F4 |mov esi, dword ptr [ebp-C]
00657652 |. 8B8C8A 0C0C00>|mov ecx, dword ptr [edx+ecx*4+C0C>
00657659 |. 2B8C86 080C00>|sub ecx, dword ptr [esi+eax*4+C08>
00657660 |. 51 |push ecx
00657661 |. 8B55 F8 |mov edx, dword ptr [ebp-8]
00657664 |. 8B45 F4 |mov eax, dword ptr [ebp-C]
00657667 |. 8B4D 0C |mov ecx, dword ptr [ebp+C]
0065766A |. 038C90 080C00>|add ecx, dword ptr [eax+edx*4+C08>
00657671 |. 51 |push ecx
00657672 |. 8B55 F8 |mov edx, dword ptr [ebp-8]
00657675 |. 6BD2 64 |imul edx, edx, 64 ; 带符号乘法
00657678 |. 8B45 F4 |mov eax, dword ptr [ebp-C]
0065767B |. 8D8C10 1D0800>|lea ecx, dword ptr [eax+edx+81D]
00657682 |. 51 |push ecx
00657683 |. E8 D8FFFAFF |call 00607660
00657688 |. 83C4 0C |add esp, 0C
0065768B |. 8B55 F8 |mov edx, dword ptr [ebp-8]
0065768E |. 6BD2 64 |imul edx, edx, 64 ; 带符号乘法
00657691 |. 8B45 F4 |mov eax, dword ptr [ebp-C]
00657694 |. 8D8C10 1D0800>|lea ecx, dword ptr [eax+edx+81D]
0065769B |. 8B55 F8 |mov edx, dword ptr [ebp-8]
0065769E |. 8B45 F4 |mov eax, dword ptr [ebp-C]
006576A1 |. 8B75 F8 |mov esi, dword ptr [ebp-8]
006576A4 |. 8B7D F4 |mov edi, dword ptr [ebp-C]
006576A7 |. 8B9490 0C0C00>|mov edx, dword ptr [eax+edx*4+C0C>
006576AE |. 2B94B7 080C00>|sub edx, dword ptr [edi+esi*4+C08>
006576B5 |. C64411 FF 00 |mov byte ptr [ecx+edx-1], 0
006576BA |.^ E9 70FFFFFF \jmp 0065762F
006576BF |> 6A 01 push 1
006576C1 |. 8B45 F4 mov eax, dword ptr [ebp-C]
006576C4 |. 8B10 mov edx, dword ptr [eax]
006576C6 |. 8B4D F4 mov ecx, dword ptr [ebp-C]
006576C9 |. FF52 40 call dword ptr [edx+40] ; NPC对话框CALL
006576CC |. 33C0 xor eax, eax
006576CE |> 5F pop edi ; mswsock.719C237A
006576CF |. 5E pop esi
006576D0 |. 8BE5 mov esp, ebp
006576D2 |. 5D pop ebp
006576D3 \. C2 1400 retn 14
这是我找到的侠义道;与NPC对话子函数,调出对话框已知道了如下
006576BF |> 6A 01 push 1
006576C1 |. 8B45 F4 mov eax, dword ptr [ebp-C]
006576C4 |. 8B10 mov edx, dword ptr [eax]
006576C6 |. 8B4D F4 mov ecx, dword ptr [ebp-C]
006576C9 |. FF52 40 call dword ptr [edx+40] ; NPC对话框CALL
但这个子函数里上面还有调NPC的 ID 的 CLL,等等;
看了一下午还没研究出来;
有朋友研究过侠义道这个游戏的吗?呵呵,给个帮助阿。。。 |
|
发表于 2011-11-9 19:52:29
发表于 2011-11-10 09:12:08
楼主
