详细讲解DNF HOOK 修改魔法星弹全屏改技能伤害射程

清淡小女子 · 发表于 2013-1-24 08:50:06

CTRL+S

输入：PUSH 59DF 魔法星蛋的十进制就是23007

00BB61B5 68 DF590000    push 0x59DF ; 技能代码

这个位置  吧PUSH 的值修改成任何技能代码就可以实现改变技能的功能（写入十六进制）

00BB618D 8B15 1CC18301 mov edx,dword ptr ds:[0x183C11C]
00BB61A0 52             push edx
00BB61A1 8B90 2C030000 mov edx,dword ptr ds:[eax+0x32C]

这几个是EDX  修改EDX的值就可以达到全屏的目的

      280  90  423  70

十六进制：118  5A  1A7  46

慢慢往上跟吧

00BB5F9F 8B06          mov eax,dword ptr ds:[esi]             ; 射程这里可以改  最后一个给他赋值的地方
00BB5FA1 6A FF          push -0x1
00BB5FA3 6A 00          push 0x0
00BB5FA5 6A 0F          push 0xF
00BB5FA7 51             push ecx
00BB5FA8 52             push edx
00BB5FA9 8B90 AC000000 mov edx,dword ptr ds:[eax+0xAC]
00BB5FAF 8BCE          mov ecx,esi
00BB5FB1 FFD2          call edx
00BB5FB3 83C0 3C       add eax,0x3C
00BB5FB6 50             push eax
00BB5FB7 8B06          mov eax,dword ptr ds:[esi]
00BB5FB9 8B90 A8000000 mov edx,dword ptr ds:[eax+0xA8]
00BB5FBF 8BCE          mov ecx,esi
00BB5FC1 FFD2          call edx
00BB5FC3 50             push eax
00BB5FC4 8B85 FCFCFFFF mov eax,dword ptr ss:[ebp-0x304]
00BB5FCA 50             push eax
00BB5FCB 56             push esi
00BB5FCC 8D8D C8FCFFFF lea ecx,dword ptr ss:[ebp-0x338]
00BB5FD2 51             push ecx
00BB5FD3 8D95 C0FCFFFF lea edx,dword ptr ss:[ebp-0x340]
00BB5FD9 52             push edx
00BB5FDA E8 2191B6FF    call 0071F100
00BB5FDF 8B85 C0FCFFFF mov eax,dword ptr ss:[ebp-0x340]
00BB5FE5 0143 4C       add dword ptr ds:[ebx+0x4C],eax
00BB5FE8 8B8D C8FCFFFF mov ecx,dword ptr ss:[ebp-0x338]
00BB5FEE 014B 50       add dword ptr ds:[ebx+0x50],ecx
00BB5FF1 8B16          mov edx,dword ptr ds:[esi]
00BB5FF3 8B82 28020000 mov eax,dword ptr ds:[edx+0x228]
00BB5FF9 83C4 3C       add esp,0x3C
00BB5FFC 8BCE          mov ecx,esi
00BB5FFE FFD0          call eax
00BB6000 8B8D F4FCFFFF mov ecx,dword ptr ss:[ebp-0x30C]
00BB6006 6A 0E          push 0xE
00BB6008 50             push eax
00BB6009 50             push eax
00BB600A 56             push esi
00BB600B 51             push ecx
00BB600C 6A 01          push 0x1
00BB600E 8BCF          mov ecx,edi
00BB6010 E8 0B251F00    call 00DA8520
00BB6015 D99D 0CFDFFFF fstp dword ptr ss:[ebp-0x2F4]
00BB601B 8B16          mov edx,dword ptr ds:[esi]
00BB601D 8B82 28020000 mov eax,dword ptr ds:[edx+0x228]
00BB6023 8BCE          mov ecx,esi
00BB6025 FFD0          call eax
00BB6027 8B8D F4FCFFFF mov ecx,dword ptr ss:[ebp-0x30C]
00BB602D 6A 0E          push 0xE
00BB602F 50             push eax
00BB6030 50             push eax
00BB6031 56             push esi
00BB6032 51             push ecx
00BB6033 6A 00          push 0x0
00BB6035 8BCF          mov ecx,edi
00BB6037 E8 E4241F00    call 00DA8520
00BB603C D99D E8FCFFFF fstp dword ptr ss:[ebp-0x318]
00BB6042 0FB795 E0FCFFFF movzx edx,word ptr ss:[ebp-0x320]
00BB6049 F3:0F2C85 0CFDF>cvttss2si eax,dword ptr ss:[ebp-0x2F4]
00BB6051 F3:0F2C8D E8FCF>cvttss2si ecx,dword ptr ss:[ebp-0x318]
00BB6059 68 E8030000    push 0x3E8
00BB605E 52             push edx
00BB605F 50             push eax                               ; 在这里hook 可以达到修改攻击力的目的
00BB6060 51             push ecx
00BB6061 E8 1ADB5000    call 010C3B80
00BB6066 83C4 10       add esp,0x10
00BB6069 0FB795 E0FCFFFF movzx edx,word ptr ss:[ebp-0x320]
00BB6070 F3:0F1005 2C0C3>movss xmm0,dword ptr ds:[0x13E0C2C]
00BB6078 68 E8030000    push 0x3E8
00BB607D 52             push edx
00BB607E 6A FF          push -0x1
00BB6080 51             push ecx
00BB6081 F3:0F110424    movss dword ptr ss:[esp],xmm0
00BB6086 6A 00          push 0x0
00BB6088 68 0100FFFF    push 0xFFFF0001
00BB608D 83E8 64       sub eax,0x64
00BB6090 6A 05          push 0x5
00BB6092 8BCF          mov ecx,edi
00BB6094 8985 E8FCFFFF mov dword ptr ss:[ebp-0x318],eax
00BB609A E8 D1311F00    call 00DA9270
00BB609F F3:0F1005 2C0C3>movss xmm0,dword ptr ds:[0x13E0C2C]
00BB60A7 50             push eax                               ; 攻击伤害
00BB60A8 6A FF          push -0x1
00BB60AA 51             push ecx
00BB60AB F3:0F110424    movss dword ptr ss:[esp],xmm0
00BB60B0 6A 00          push 0x0
00BB60B2 68 0100FFFF    push 0xFFFF0001
00BB60B7 6A 04          push 0x4
00BB60B9 8BCF          mov ecx,edi
00BB60BB E8 B0311F00    call 00DA9270
00BB60C0 50             push eax
00BB60C1 E8 BADA5000    call 010C3B80
00BB60C6 83C4 10       add esp,0x10
00BB60C9 50             push eax
00BB60CA B9 14C18301    mov ecx,0x183C114
00BB60CF C705 1CC18301 0>mov dword ptr ds:[0x183C11C],0x0
00BB60D9 E8 02BF88FF    call 00441FE0
00BB60DE B8 E8030000    mov eax,0x3E8
00BB60E3 56             push esi
00BB60E4 8BCF          mov ecx,edi
00BB60E6 66:3985 E0FCFFF>cmp word ptr ss:[ebp-0x320],ax
00BB60ED 72 04          jb short 00BB60F3
00BB60EF 6A 05          push 0x5
00BB60F1 EB 02          jmp short 00BB60F5
00BB60F3 6A 04          push 0x4
00BB60F5 E8 961F1F00    call 00DA8090
00BB60FA 50             push eax                               ; 这里是穿刺
00BB60FB B9 14C18301    mov ecx,0x183C114
00BB6100 E8 7BBE88FF    call 00441F80
00BB6105 8B16          mov edx,dword ptr ds:[esi]
00BB6107 8B82 B4070000 mov eax,dword ptr ds:[edx+0x7B4]
00BB610D 6A 56          push 0x56
00BB610F 8BCE          mov ecx,esi
00BB6111 FFD0          call eax
00BB6113 85C0          test eax,eax
00BB6115 7E 70          jle short 00BB6187
00BB6117 8B16          mov edx,dword ptr ds:[esi]
00BB6119 8B82 B4070000 mov eax,dword ptr ds:[edx+0x7B4]
00BB611F 6A 00          push 0x0
00BB6121 6A 00          push 0x0
00BB6123 6A 0E          push 0xE
00BB6125 6A FF          push -0x1
00BB6127 6A FF          push -0x1
00BB6129 56             push esi
00BB612A 6A 56          push 0x56
00BB612C 8BCE          mov ecx,esi
00BB612E FFD0          call eax
00BB6130 8B16          mov edx,dword ptr ds:[esi]
00BB6132 50             push eax
00BB6133 8B82 E4070000 mov eax,dword ptr ds:[edx+0x7E4]
00BB6139 6A 08          push 0x8
00BB613B 6A 56          push 0x56
00BB613D 8BCE          mov ecx,esi
00BB613F FFD0          call eax
00BB6141 8BC8          mov ecx,eax
00BB6143 E8 A8211F00    call 00DA82F0
00BB6148 D9BD FAFCFFFF fstcw word ptr ss:[ebp-0x306]
00BB614E 0FB785 FAFCFFFF movzx eax,word ptr ss:[ebp-0x306]
00BB6155 0D 000C0000    or eax,0xC00
00BB615A 8985 0CFDFFFF mov dword ptr ss:[ebp-0x2F4],eax
00BB6160 D9AD 0CFDFFFF fldcw word ptr ss:[ebp-0x2F4]
00BB6166 DB9D 0CFDFFFF fistp dword ptr ss:[ebp-0x2F4]
00BB616C 66:8B8D 0CFDFFF>mov cx,word ptr ss:[ebp-0x2F4]
00BB6173 0FB7D1       movzx edx,cx
00BB6176 52             push edx
00BB6177 B9 14C18301    mov ecx,0x183C114
00BB617C D9AD FAFCFFFF fldcw word ptr ss:[ebp-0x306]
00BB6182 E8 E96186FF    call 0041C370
00BB6187 8B0D 18C18301 mov ecx,dword ptr ds:[0x183C118]
00BB618D 8B15 1CC18301 mov edx,dword ptr ds:[0x183C11C]       ; 范围
00BB6193 6A 00          push 0x0
00BB6195 8B06          mov eax,dword ptr ds:[esi]
00BB6197 6A 00          push 0x0
00BB6199 51             push ecx
00BB619A 8B8D E8FCFFFF mov ecx,dword ptr ss:[ebp-0x318]
00BB61A0 52             push edx                               ; 范围
00BB61A1 8B90 2C030000 mov edx,dword ptr ds:[eax+0x32C]       ; 范围
00BB61A7 6A 00          push 0x0
00BB61A9 6A 04          push 0x4
00BB61AB 6A 3C          push 0x3C
00BB61AD 6A 00          push 0x0
00BB61AF 6A 2C          push 0x2C
00BB61B1 6A 00          push 0x0
00BB61B3 53             push ebx
00BB61B4 51             push ecx
00BB61B5 68 DF590000    push 0x59DF                            ; 技能代码

=================================范围======================

00BB618D 8B15 1CC18301 mov edx,dword ptr ds:[0x183C11C]       ; 范围

这一句够写入数值所以就在这里直接写吧无需HOOK

先恢复= = 要不等等掉线了。。。
=================================伤害======================
0F423F=999999
00BB60C9 50             push eax
00BB60CA B9 14C18301    mov ecx,0x183C114
00BB60CF C705 1CC18301 0>mov dword ptr ds:[0x183C11C],0x0

00BB618D BA 11010000    mov edx,0x111
00BB6192 90             nop

00BB60C9  ^\E9 32A784FF    jmp 00400800
00BB60CE 90             nop

00400800 B8 33333300 mov eax,0x333333
00400805 50          push eax
00400806 B9 14C18301 mov ecx,0x183C114
0040080B E9 BF587B00 jmp 00BB60CF

		自动登录	找回密码
密码			注册账号

详细讲解DNF HOOK 修改魔法星弹全屏 改技能 伤害 射程

详细讲解DNF HOOK 修改魔法星弹全屏改技能伤害射程