- 注册时间
- 2011-11-5
- 最后登录
- 1970-1-1
该用户从未签到
|
本帖最后由 liuyh7788 于 2011-11-23 08:33 编辑
新手不知如何解决。。。。
还请小小版主和知道的老师指点一二阿。。。。谢谢啦!!!
此游戏程序、实时检测鼠标的位置;如果你用鼠标点击了游戏里的NPC对话框选项,它才调用下半段的;不然就返回。。。。。。
这个NPC对话选项CALL难住了,不知如何解决这个问题。。。。。。。呵呵
而且在 0065B260 /. 55 push ebp 这里OD没有显示任何调用这个子函数的上层命令。。。。。
Ctrl+A 分析过后也是没有显示任何调用这个子函数的上层命令。。。。。
汇编代码如下:
----------------------------------------------------------------------------------------
0065B260 /. 55 push ebp
0065B261 |. 8BEC mov ebp, esp
0065B263 |. 83EC 24 sub esp, 24
0065B266 |. 894D E0 mov dword ptr [ebp-20], ecx
0065B269 |. 8B45 E0 mov eax, dword ptr [ebp-20]
0065B26C |. C780 840C0000>mov dword ptr [eax+C84], -1
0065B276 |. 8B4D 10 mov ecx, dword ptr [ebp+10]
0065B279 |. 894D F8 mov dword ptr [ebp-8], ecx
0065B27C |. 8B55 14 mov edx, dword ptr [ebp+14]
0065B27F |. 8955 FC mov dword ptr [ebp-4], edx
0065B282 |. 8D45 F8 lea eax, dword ptr [ebp-8]
0065B285 |. 50 push eax
0065B286 |. 8B4D E0 mov ecx, dword ptr [ebp-20]
0065B289 |. E8 F293F2FF call 00584680
0065B28E |. 837D 08 16 cmp dword ptr [ebp+8], 16
0065B292 |. 75 0A jnz short 0065B29E
0065B294 |. C705 E0EAE200>mov dword ptr [E2EAE0], 1
0065B29E |> C745 F4 00000>mov dword ptr [ebp-C], 0
0065B2A5 |. EB 09 jmp short 0065B2B0
0065B2A7 |> 8B4D F4 /mov ecx, dword ptr [ebp-C]
0065B2AA |. 83C1 01 |add ecx, 1
0065B2AD |. 894D F4 |mov dword ptr [ebp-C], ecx
0065B2B0 |> 8B55 E0 mov edx, dword ptr [ebp-20]
0065B2B3 |. 8B82 300C0000 |mov eax, dword ptr [edx+C30]
0065B2B9 |. 83E8 01 |sub eax, 1
0065B2BC |. 3945 F4 |cmp dword ptr [ebp-C], eax
0065B2BF |. 0F8D 1C010000 |jge 0065B3E1
0065B2C5 |. 8B4D FC |mov ecx, dword ptr [ebp-4]
0065B2C8 |. 51 |push ecx ; /Point.Y
0065B2C9 |. 8B55 F8 |mov edx, dword ptr [ebp-8] ; |
0065B2CC |. 52 |push edx ; |Point.X
0065B2CD |. 8B45 F4 |mov eax, dword ptr [ebp-C] ; |
0065B2D0 |. C1E0 04 |shl eax, 4 ; |
0065B2D3 |. 8B4D E0 |mov ecx, dword ptr [ebp-20] ; |
0065B2D6 |. 8D9401 340C00>|lea edx, dword ptr [ecx+eax+C34] ; |
0065B2DD |. 52 |push edx ; |pRect ;在这里下断的话会不断的断下
0065B2DE |. FF15 ECB36A00 |call dword ptr [6AB3EC] ; \PtInRect ;居然检测鼠标的位子。。。
0065B2E4 |. 85C0 |test eax, eax
0065B2E6 |. 0F84 F0000000 |je 0065B3DC
0065B2EC |. 8B45 E0 |mov eax, dword ptr [ebp-20]
0065B2EF |. 8B4D F4 |mov ecx, dword ptr [ebp-C]
0065B2F2 |. 8988 840C0000 |mov dword ptr [eax+C84], ecx
0065B2F8 |. 833D E0EAE200>|cmp dword ptr [E2EAE0], 0
0065B2FF |. 0F84 D7000000 |je 0065B3DC
0065B305 |. 837D 08 15 |cmp dword ptr [ebp+8], 15
0065B309 |. 0F85 CD000000 |jnz 0065B3DC ; 这里是跳转
0065B30F |. C705 E0EAE200>|mov dword ptr [E2EAE0], 0 ; 到了这里鼠标移动不会被断下,点击选项会断下
0065B319 |. FF15 38B46A00 |call dword ptr [6AB438] ; winmm.timeGetTime
0065B31F |. 8B15 E8EAE200 |mov edx, dword ptr [E2EAE8]
0065B325 |. 81C2 F4010000 |add edx, 1F4
0065B32B |. 3BC2 |cmp eax, edx
0065B32D |. 73 07 |jnb short 0065B336
0065B32F |. 33C0 |xor eax, eax
0065B331 |. E9 BD000000 |jmp 0065B3F3
0065B336 |> FF15 38B46A00 |call dword ptr [6AB438] ; winmm.timeGetTime
0065B33C |. A3 E8EAE200 |mov dword ptr [E2EAE8], eax
0065B341 |. 8D4D E4 |lea ecx, dword ptr [ebp-1C]
0065B344 |. E8 27F4EDFF |call 0053A770 ; NPC对话选项
0065B349 |. 8B45 F4 |mov eax, dword ptr [ebp-C]
0065B34C |. 83C0 01 |add eax, 1
0065B34F |. 8845 EC |mov byte ptr [ebp-14], al
0065B352 |. 8B4D E0 |mov ecx, dword ptr [ebp-20]
0065B355 |. 8B91 880C0000 |mov edx, dword ptr [ecx+C88]
0065B35B |. 8955 E8 |mov dword ptr [ebp-18], edx
0065B35E |. 8B45 E0 |mov eax, dword ptr [ebp-20]
0065B361 |. 8B88 1C0D0000 |mov ecx, dword ptr [eax+D1C]
0065B367 |. 894D F0 |mov dword ptr [ebp-10], ecx
0065B36A |. 6A 10 |push 10
0065B36C |. 8D55 E4 |lea edx, dword ptr [ebp-1C]
0065B36F |. 52 |push edx
0065B370 |. E8 4B80ECFF |call 005233C0 ; NPC对话选项
0065B375 |. 83C4 08 |add esp, 8
0065B378 |. 8B45 E0 |mov eax, dword ptr [ebp-20]
0065B37B |. 0FB788 8E0C00>|movzx ecx, word ptr [eax+C8E]
0065B382 |. 894D DC |mov dword ptr [ebp-24], ecx
0065B385 |. 837D DC 00 |cmp dword ptr [ebp-24], 0
0065B389 |. 74 37 |je short 0065B3C2
0065B38B |. 837D DC 01 |cmp dword ptr [ebp-24], 1
0065B38F |. 74 02 |je short 0065B393
0065B391 |. EB 3E |jmp short 0065B3D1
0065B393 |> 8B55 E0 |mov edx, dword ptr [ebp-20]
0065B396 |. 8B82 300C0000 |mov eax, dword ptr [edx+C30]
0065B39C |. 83E8 02 |sub eax, 2
0065B39F |. 3945 F4 |cmp dword ptr [ebp-C], eax
0065B3A2 |. 75 0F |jnz short 0065B3B3
0065B3A4 |. 6A 00 |push 0
0065B3A6 |. 8B4D E0 |mov ecx, dword ptr [ebp-20]
0065B3A9 |. 8B11 |mov edx, dword ptr [ecx]
0065B3AB |. 8B4D E0 |mov ecx, dword ptr [ebp-20]
0065B3AE |. FF52 40 |call dword ptr [edx+40]
0065B3B1 |. EB 0D |jmp short 0065B3C0
0065B3B3 |> 6A 01 |push 1
0065B3B5 |. 8B45 E0 |mov eax, dword ptr [ebp-20]
0065B3B8 |. 8B10 |mov edx, dword ptr [eax]
0065B3BA |. 8B4D E0 |mov ecx, dword ptr [ebp-20]
0065B3BD |. FF52 40 |call dword ptr [edx+40]
0065B3C0 |> EB 13 |jmp short 0065B3D5
0065B3C2 |> 6A 00 |push 0
0065B3C4 |. 8B45 E0 |mov eax, dword ptr [ebp-20]
0065B3C7 |. 8B10 |mov edx, dword ptr [eax]
0065B3C9 |. 8B4D E0 |mov ecx, dword ptr [ebp-20]
0065B3CC |. FF52 40 |call dword ptr [edx+40]
0065B3CF |. EB 04 |jmp short 0065B3D5
0065B3D1 |> 33C0 |xor eax, eax
0065B3D3 |. EB 1E |jmp short 0065B3F3
0065B3D5 |> B8 04000000 |mov eax, 4
0065B3DA |. EB 17 |jmp short 0065B3F3
0065B3DC |>^ E9 C6FEFFFF \jmp 0065B2A7
0065B3E1 |> 837D 08 15 cmp dword ptr [ebp+8], 15
0065B3E5 |. 75 0A jnz short 0065B3F1
0065B3E7 |. C705 E0EAE200>mov dword ptr [E2EAE0], 0
0065B3F1 |> 33C0 xor eax, eax
0065B3F3 |> 8BE5 mov esp, ebp
0065B3F5 |. 5D pop ebp
0065B3F6 \. C2 1000 retn 10
--------------------------------------------------------------------------------------------------------- |
|