- 注册时间
- 2011-8-8
- 最后登录
- 1970-1-1
该用户从未签到
|
下面是call的寻找过程
下
吃药
00547B77 . 8B9424 B40000>mov edx,dword ptr ss:[esp+0xB4]
00547B7E . 8B8424 B00000>mov eax,dword ptr ss:[esp+0xB0]
00547B85 . 8B4C24 14 mov ecx,dword ptr ss:[esp+0x14]
00547B89 . 52 push edx
00547B8A . 50 push eax
00547B8B . 55 push ebp
00547B8C . 53 push ebx
00547B8D . E8 4EDDFEFF call xajh.005358E0
00547B92 . EB 18 jmp Xxajh.00547BAC
00547B94 > 8B8C24 B40000>mov ecx,dword ptr ss:[esp+0xB4]
00547B9B . 8B9424 B00000>mov edx,dword ptr ss:[esp+0xB0]
00547BA2 . 51 push ecx ; 位置
00547BA3 . 52 push edx ; 2
00547BA4 . E8 776B6400 call xajh.00B8E720 ; 吃药
00547BA9 . 83C4 08 add esp,0x8
00547BAC > 8D4C24 40 lea ecx,dword ptr ss:[esp+0x40]
00547BB0 . E8 2B48F5FF call xajh.0049C3E0
00547BB5 . DB8424 B00000>fild dword ptr ss:[esp+0xB0]
00547BBC . 8D4424 14 lea eax,dword ptr ss:[esp+0x14]
00547BC0 . 50 push eax
打开NPC
0070926D > \83B8 3C010000>cmp dword ptr ds:[eax+0x13C],0x0
00709274 . 56 push esi
00709275 . 8BB0 40010000 mov esi,dword ptr ds:[eax+0x140]
0070927B . 57 push edi
0070927C . 8BB8 44010000 mov edi,dword ptr ds:[eax+0x144]
00709282 . 74 0B je Xxajh.0070928F
00709284 . 5F pop edi
00709285 . 5E pop esi
00709286 . 894424 04 mov dword ptr ss:[esp+0x4],eax
0070928A .^ E9 D1FBFFFF jmp xajh.00708E60
0070928F > E8 3C0BDAFF call xajh.004A9DD0
00709294 57 push edi ; 01000000
00709295 56 push esi ; 00000111
00709296 8D88 C8010000 lea ecx,dword ptr ds:[eax+0x1C8] ; 09DEB8C0
0070929C E8 CF4D4800 call xajh.00B8E070
007092A1 . 5F pop edi
007092A2 . B0 01 mov al,0x1
007092A4 . 5E pop esi
交任务
00A33BB9 |> \8B8E 84020000 mov ecx,dword ptr ds:[esi+0x284]
00A33BBF |. 8B81 30040000 mov eax,dword ptr ds:[ecx+0x430]
00A33BC5 |. 8B15 1CD57401 mov edx,dword ptr ds:[0x174D51C] ; xajh.01000000
00A33BCB |. 8B0D 10D57401 mov ecx,dword ptr ds:[0x174D510]
00A33BD1 |. 53 push ebx ; 0
00A33BD2 |. 57 push edi ; FFFFFFFF
00A33BD3 |. 50 push eax ; FFFFFFFF
00A33BD4 |. A1 18D57401 mov eax,dword ptr ds:[0x174D518]
00A33BD9 |. 52 push edx ; 01000000
00A33BDA |. 8B15 08D57401 mov edx,dword ptr ds:[0x174D508]
00A33BE0 |. 50 push eax ; 00000062 xx
00A33BE1 |. 51 push ecx ; 0000D93C xx
00A33BE2 |. 52 push edx ; 00001202
00A33BE3 |. E8 38FBFFFF call xajh.00A33720
00A33BE8 |. 83C4 1C add esp,0x1C
00A33BEB |. 83F8 02 cmp eax,0x2
00A33BEE |. 75 15 jnz Xxajh.00A33C05
00A33BF0 |. 8B06 mov eax,dword ptr ds:[esi]
00A33BF2 |. 8B50 1C mov edx,dword ptr ds:[eax+0x1C]
00A33BF5 |. 6A 01 push 0x1
00A33BF7 |. 6A 00 push 0x0
00A33BF9 |. 6A 00 push 0x0
00A33BFB |. 8BCE mov ecx,esi
00A33BFD |. FFD2 call edx
00A33BFF |. 5F pop edi
00A33C00 |. 5E pop esi
接任务
00A332B0 . 813D 0CD57401>cmp dword ptr ds:[0x174D50C],0x80000006
00A332BA . 56 push esi
00A332BB . 8BF1 mov esi,ecx
00A332BD . 8B86 84020000 mov eax,dword ptr ds:[esi+0x284]
00A332C3 . 8B88 34040000 mov ecx,dword ptr ds:[eax+0x434]
00A332C9 . 8B80 38040000 mov eax,dword ptr ds:[eax+0x438]
00A332CF . 75 53 jnz Xxajh.00A33324
00A332D1 . 50 push eax ; 0
00A332D2 . A1 14D57401 mov eax,dword ptr ds:[0x174D514]
00A332D7 . 51 push ecx ; FFFFFFFF
00A332D8 . 8B0D 08D57401 mov ecx,dword ptr ds:[0x174D508]
00A332DE . 50 push eax ; 2B0E3A10
00A332DF . 51 push ecx ; 00001201
00A332E0 . E8 4BF1FFFF call xajh.00A32430 ; 接任务
00A332E5 . 83C4 10 add esp,0x10
00A332E8 . 84C0 test al,al
00A332EA . 74 18 je Xxajh.00A33304
00A332EC . 8B16 mov edx,dword ptr ds:[esi]
00A332EE . 8B82 A0000000 mov eax,dword ptr ds:[edx+0xA0]
00A332F4 . 6A 01 push 0x1
00A332F6 . 6A 00 push 0x0
00A332F8 . 56 push esi
00A332F9 . 8BCE mov ecx,esi
寻路
00A01F31 . C2 0C00 retn 0xC
00A01F34 > 6A 00 push 0x0
00A01F36 . 8BCF mov ecx,edi
00A01F38 . E8 B36ECEFF call xajh.006E8DF0
00A01F3D . E8 EEBBDBFF call xajh.007BDB30
00A01F42 D905 EC9D1601 fld dword ptr ds:[0x1169DEC]
00A01F48 8B80 38010000 mov eax,dword ptr ds:[eax+0x138]
00A01F4E 6A 00 push 0x0
00A01F50 6A 01 push 0x1
00A01F52 6A 01 push 0x1
00A01F54 6A 00 push 0x0
00A01F56 6A 00 push 0x0
00A01F58 6A 00 push 0x0
00A01F5A 6A 00 push 0x0
00A01F5C 51 push ecx ; 088F8150
00A01F5D D91C24 fstp dword ptr ss:[esp]
00A01F60 50 push eax
00A01F61 68 3CB97401 push xajh.0174B93C ; 0174B93C=xajh.0174B93C
00A01F66 E8 C5FAE5FF call xajh.00861A30
00A01F6B 8BC8 mov ecx,eax
00A01F6D E8 2EB6CEFF call xajh.006ED5A0
00A01F72 5F pop edi
00A01F73 5E pop esi
6A 00 6A 01 6A 01 6A 00 6A 00 6A 00 6A 00
采集
006EA9AF |> \8B8B 70040000 mov ecx,dword ptr ds:[ebx+0x470]
006EA9B5 |. 8B93 6C040000 mov edx,dword ptr ds:[ebx+0x46C]
006EA9BB |. 8B83 78040000 mov eax,dword ptr ds:[ebx+0x478]
006EA9C1 |. 51 push ecx ; 0
006EA9C2 |. 8B4C24 70 mov ecx,dword ptr ss:[esp+0x70]
006EA9C6 |. 52 push edx ; 0
006EA9C7 |. 8B5424 1C mov edx,dword ptr ss:[esp+0x1C]
006EA9CB |. 50 push eax ; 0
006EA9CC |. 8B4424 34 mov eax,dword ptr ss:[esp+0x34]
006EA9D0 |. 51 push ecx ; FFFFFFFF
006EA9D1 |. 52 push edx ; FFFFFFFF
006EA9D2 |. 56 push esi ; esi=02000000 (xajh.02000000)
006EA9D3 |. 50 push eax ; 000086C0
006EA9D4 |. E8 F7F3DBFF call xajh.004A9DD0 ; 采集
006EA9D9 |. 8BC8 mov ecx,eax
006EA9DB |. E8 6096FFFF call xajh.006E4040 ; 采集2
006EA9E0 |. E9 FF050000 jmp xajh.006EAFE4
006EA9E5 |> 85DB test ebx,ebx ; Case E of switch 006EA79E
006EA9E7 |. 8B06 mov eax,dword ptr ds:[esi]
006EA9E9 |. 8B76 04 mov esi,dword ptr ds:[esi+0x4]
006EA9EC |. 894424 28 mov dword ptr ss:[esp+0x28],eax
006EA9F0 |. 897424 2C mov dword ptr ss:[esp+0x2C],esi
对话NPC
00A24A07 . E8 C4990300 call xajh.00A5E3D0
00A24A0C . 8BF0 mov esi,eax
00A24A0E . 85F6 test esi,esi
00A24A10 . 7C 21 jl Xxajh.00A24A33
00A24A12 . 8B0D D0D27401 mov ecx,dword ptr ds:[0x174D2D0]
00A24A18 . E8 F3A40300 call xajh.00A5EF10
00A24A1D . 3BF0 cmp esi,eax
00A24A1F . 7D 12 jge Xxajh.00A24A33
00A24A21 . 8B4424 08 mov eax,dword ptr ss:[esp+0x8]
00A24A25 . 50 push eax ; 51512DD0
00A24A26 . 56 push esi ; 00000000
00A24A27 . E8 84C8FFFF call xajh.00A212B0 ; 1
00A24A2C . 83C4 08 add esp,0x8
00A24A2F . B0 01 mov al,0x1
00A24A31 . 5E pop esi
00A24A32 . C3 retn
00A24A33 > 32C0 xor al,al
00A24A35 . 5E pop esi
整理包裹
009F16D0 . 56 push esi
009F16D1 . 8BF1 mov esi,ecx
009F16D3 . 8B86 80020000 mov eax,dword ptr ds:[esi+0x280]
009F16D9 . 83F8 03 cmp eax,0x3 ; Switch (cases 0..3)
009F16DC . 57 push edi
009F16DD . 77 23 ja Xxajh.009F1702
009F16DF . FF2485 70179F>jmp dword ptr ds:[eax*4+0x9F1770]
009F16E6 > BF 02000000 mov edi,0x2 ; Case 0 of switch 009F16D9
009F16EB . EB 18 jmp Xxajh.009F1705
009F16ED > BF 06000000 mov edi,0x6 ; Case 1 of switch 009F16D9
009F16F2 . EB 11 jmp Xxajh.009F1705
009F16F4 > BF 05000000 mov edi,0x5 ; Case 2 of switch 009F16D9
009F16F9 . EB 0A jmp Xxajh.009F1705
009F16FB > BF 08000000 mov edi,0x8 ; Case 3 of switch 009F16D9
009F1700 . EB 03 jmp Xxajh.009F1705
009F1702 > 83CF FF or edi,0xFFFFFFFF ; Default case of switch 009F16D9
009F1705 > E8 468BABFF call xajh.004AA250
009F170A . 8B40 08 mov eax,dword ptr ds:[eax+0x8] ; [eax+0x8]
009F170D . 57 push edi ; 00000002
009F170E . 8BC8 mov ecx,eax ; 1AB99710
009F1710 . E8 4BC2B2FF call xajh.0051D960
009F1715 . 83F8 F6 cmp eax,-0xA
009F1718 . 75 17 jnz Xxajh.009F1731
009F171A . 6A 00 push 0x0
009F171C . 6A 00 push 0x0
009F171E . 6A 00 push 0x0
009F1720 . 6A 00 push 0x0
009F1722 . 6A 00 push 0x0
009F1724 . 6A FF push -0x1
009F1726 . 6A FF push -0x1
009F1728 . 6A 0B push 0xB
009F172A . 68 F1230000 push 0x23F1
009F172F . EB 18 jmp Xxajh.009F1749
009F1731 > 83F8 FF cmp eax,-0x1
009F1734 . 75 33 jnz Xxajh.009F1769
009F1736 . 6A 00 push 0x0
万能按钮
00D25550 /$ 53 push ebx
00D25551 |. 56 push esi
00D25552 |. 57 push edi
00D25553 |. 8BF9 mov edi,ecx
00D25555 |. 8B07 mov eax,dword ptr ds:[edi]
00D25557 |. 8B50 04 mov edx,dword ptr ds:[eax+0x4]
00D2555A |. FFD2 call edx
00D2555C |. 8B5C24 10 mov ebx,dword ptr ss:[esp+0x10]
00D25560 |. 8BF0 mov esi,eax
00D25562 |> 8B46 04 /mov eax,dword ptr ds:[esi+0x4]
00D25565 |. 53 |push ebx ; 2AEC3B74
00D25566 |. 50 |push eax ; 0174FA68
00D25567 |. 8BCF |mov ecx,edi
00D25569 |. E8 52EBFFFF |call xajh.00D240C0 ; 万能按钮call
00D2556E |. 84C0 |test al,al
00D25570 |. 75 0C |jnz Xxajh.00D2557E
00D25572 |. 8B36 |mov esi,dword ptr ds:[esi]
00D25574 |. 85F6 |test esi,esi
00D25576 |.^ 75 EA \jnz Xxajh.00D25562
00D25578 |. 5F pop edi
00D25579 |. 5E pop esi
00D2557A |. 5B pop ebx
00D2557B |. C2 0400 retn 0x4
00D2557E |> 5F pop edi
00D2557F |. 5E pop esi
00D25580 |. B0 01 mov al,0x1
00D25582 |. 5B pop ebx
00D25583 \. C2 0400 retn 0x4
下面是部分数据的寻找过程
队伍
0060D1FF - D9 86 7C010000 - fld dword ptr [esi+0000017C] <<ESI=2C7A42B0
00A06F7C - 8B 34 82 - mov esi,[edx+eax*4] <<EAX=00000016 EDX=07EE5560
00A06F72 - 8B 95 14010000 - mov edx,[ebp+00000114] <<EBP=205B3030
004DA5E4 - 8B 4B 70 - mov ecx,[ebx+70] <<EBX=088D5570 00731551 - 8B 8E 880E0000 - mov ecx,[esi+00000E88] <<ESI=2B0D98A0
005ECE1A - 8B 5F 0C - mov ebx,[edi+0C] <<EDI=07730CB8 EBX=205B3030 <<ECX=117D4640 ECX=2061E8C0
004DA636 - 8B 4B 6C - mov ecx,[ebx+6C] <<EBX=088D5570
00687D1C - 8B 46 10 - mov eax,[esi+10] <<ESI=54C7D848
00A078FF - 8B AB F40D0000 - mov ebp,[ebx+00000DF4] <<EBX=2BDA19E8
0049F335 - 8B 87 8C000000 - mov eax,[edi+0000008C] <<EDI=08AA0FA0
地面物品
00708886 - D9 82 7C010000 - fld dword ptr [edx+0000017C] <<EDX=306C7668
00507F4F - 8B 42 08 - mov eax,[[[[[[xajh.exe+F25B38]+24]+0000021C]+0x24+08]+edx*4]+08] <<EDX=568E85F0
00507F24 - 8B 14 90 - mov edx,[[[[[xajh.exe+F25B38]+24]+0000021C]+0x24+08]+edx*4] <<EAX=10E45068
00507F21 - 8B 41 08 - mov eax,[[[[xajh.exe+F25B38]+24]+0000021C]+0x24+08] <<ECX=08CD7104
00B458F4 |. 8D6F 24 lea ebp,[[[xajh.exe+F25B38]+24]+0000021C]+0x24
0075EA02 - 8B 88 1C020000 - mov ecx,[[[xajh.exe+F25B38]+24]+0000021C] <<EAX=091F0FA0
005FBFB1 - 8B 48 24 - mov ecx,[[xajh.exe+F25B38]+24] <<EAX=01326FA0
004AA260 - A1 385B3201 - mov eax,[xajh.exe+F25B38] <<
[[[[[[xajh.exe+F25B38]+24]+0000021C]+2C]+0]+08]+17C
附近NPC
005E9B34 - D9 86 7C010000 - fld dword ptr [esi+0000017C] <<ESI=454846C0
005F5E8E - 8B 30 - mov esi,[eax] << 00A07506 - 8B 34 B8 - mov esi,[eax+edi*4] <<EDI=00000000 EAX=20873550
00A07500 - 8B 85 A4000000 - mov eax,[ebp+000000A4] <<EBP=46C44890
006E6FBD - 8B 48 74 - mov ecx,[eax+74] <<EAX=09321570
004CBB69 - 8B 46 08 - mov eax,[esi+08] <<ESI=2B677650 005FAC6E - 8B 41 0C - mov eax,[ecx+0C] <<ECX=2EC2D5A8 EDI=45EA40D0 EDI=46C44890 ECX=53BFE960 EBX=6436C4B0 EDX=648EE060 |
|
发表于 2013-7-31 10:43:57
