以前的学习笔记 蜀门-人物属性的查找笔记
本帖最后由 笨鸟我先飞 于 2019-3-21 19:00 编辑粘贴自自己当时的学习笔记的mht文件,不会上传排版...图片没啥东西,仅仅是CE或OD当时的截图而已我会把整个网页的截图放到最后
通过来回变动人物的血量,找出4个地址来
再次变动人物血量发现有两个地址是和当前血量有关系的
OD里分别DD这两个地址通过对这两个地址分别下写入内点后追出来的表达式几乎一样, 都是dd +1290+298]=HP只不过第一个的后面还有一个类似数组一样的表达式
第二个地址好追一点
1 第二步
200489730/.55 PUSH EBP
300489731|.8BEC MOV EBP,ESP
400489733|.83EC0CSUB ESP,0C
500489736|.53 PUSH EBX
600489737|.8B5D08MOV EBX,DWORDPTRSS:
70048973A|.56 PUSH ESI
80048973B|.57 PUSH EDI
90048973C|.8D45F4LEA EAX,DWORDPTRSS:
100048973F|.50 PUSH EAX
1100489740 |. 53 PUSH EBX
1200489741 |. 33F6 XOR ESI,ESI
1300489743 |. 6A 04 PUSH 4
1400489745 |. 8BF9 MOV EDI,ECX
;EDI=ecx,对象的指针来源于上层,继续返回
1500489747 |. 8975 F4 MOV DWORD PTR SS:,ESI
160048974A |. E8 E1C57600 CALL client.00BF5D30
170048974F |. 8975 FC MOV DWORD PTR SS:,ESI
1800489752 |. 8975 F8 MOV DWORD PTR SS:,ESI
1900489755 |. BE 01000000 MOV ESI,1
200048975A |. 3973 04 CMP DWORD PTR DS:,ESI
210048975D |. 75 41 JNZ SHORT client.004897A0
220048975F |. 56 PUSH ESI
2300489760 |. 8D4D FC LEA ECX,DWORD PTR SS:
2400489763 |. 51 PUSH ECX
2500489764 |. 8BCB MOV ECX,EBX
2600489766 |. E8 256C7500 CALL client.00BE0390
270048976B |. 3975 FC CMP DWORD PTR SS:,ESI
280048976E |. 75 10 JNZ SHORT client.00489780
2900489770 |. 8D87 90120000 LEA EAX,DWORD PTR DS: ;
大偏移
3000489776 |. 50 PUSH EAX
3100489777 |. 8D4F 58 LEA ECX,DWORD PTR DS:
320048977A |. 53 PUSH EBX
3333 F6 6A 04 8B F9 89 75 F4 E8 ?? ?? ?? ?? 89 75 FC 89 75 F8 BE0100000039
73 04 75 ?? 56 8D 4D FC 51 8B CB E8 ?? ?? ?? ?? 39 75 FC 75 ??8D
34+0x31
1 第一步
2004ADE1D|.83C4 0CADD ESP,0C
3004ADE20|.837E 04 01CMP DWORD PTR DS:,1
4004ADE24|.6A 01PUSH 1
5004ADE26|.75 1FJNZ SHORT client.004ADE47
6004ADE28|.8D4D 08LEA ECX,DWORD PTR SS:
7004ADE2B|.51PUSH ECX
8004ADE2C|.8BCEMOV ECX,ESI
9004ADE2E|.E8 5D257300CALL client.00BE0390
10004ADE33|.837D 08 01CMP DWORD PTR SS:,1
11004ADE37|.74 33JE SHORT client.004ADE6C
12004ADE39|.8B97 98020000MOV EDX,DWORD PTR DS:
13004ADE3F |.8993 98020000MOV DWORD PTR DS:,EDX
14004ADE45 |.EB 35JMP SHORT client.004ADE7C
15004ADE47 |>8B83 98020000MOV EAX,DWORD PTR DS:
16004ADE4D |.33C9XOR ECX,ECX
17004ADE4F |.3B87 98020000CMP EAX,DWORD PTR DS:
18004ADE55 |.8D55 0CLEA EDX,DWORD PTR SS:
19004ADE58 |.0F95C1SETNZ CL
20004ADE5B |.52PUSH EDX
21004ADE5C |.894D 0CMOV DWORD PTR SS:,ECX
22004ADE5F |.8BCEMOV ECX,ESI
23004ADE61 |.E8 2A257300CALL client.00BE0390
24004ADE66 |.837D 0C 01CMP DWORD PTR SS:,1
25004ADE6A |.75 10JNZ SHORT client.004ADE7C
26004ADE6C |>6A 04PUSH 4
27004ADE6E |.8D83 98020000LEA EAX,DWORD PTR DS: ;
血量的偏移
28004ADE74 |.50PUSH EAX
298B 83 ?? ?? ???? 33 C9 3B 87?? ?? ?? ?? 8D 55 0C 0F 95 C1 52894D0C8BCE
E8 ?? ?? ?? ??83 7D 0C 01 75?? 6A 04 8D 83 98 02 00 00 50
30+0x29
1 第三步
20086AF70/. 55PUSH EBP
30086AF71|. 8BECMOV EBP,ESP
40086AF73|. 8B0D FC554801MOV ECX,DWORD PTR DS:;
人物对象的基地址
50086AF79|. 83EC 08SUB ESP,8
60086AF7C|. 85C9TEST ECX,ECX
70086AF7E|. 0F84 77010000JE client.0086B0FB
80086AF84|. 8B01MOV EAX,DWORD PTR DS:
90086AF86|. 8B90 C0010000MOV EDX,DWORD PTR DS:
100086AF8C|. 56PUSH ESI
110086AF8D|. 8B75 08MOV ESI,DWORD PTR SS:
120086AF90|. 56PUSH ESI
130086AF91|. FFD2CALL EDX
140086AF93|. A1 FC554801MOV EAX,DWORD PTR DS:
150086AF98|. 6A 04PUSH 4
160086AF9A|. 05 70170000ADD EAX,1770
170086AF9F|. 50PUSH EAX
180086AFA0|. 8BCEMOV ECX,ESI
190086AFA2|.E8 894C3700 CALL client.00BDFC30
200086AFA7|.8B0D FC554801 MOV ECX,DWORD PTR DS:
210086AFAD|.81C1 74170000 ADD ECX,1774
220086AFB3|.6A 04 PUSH 4
230086AFB5|.51 PUSH ECX
240086AFB6|.8BCE MOV ECX,ESI
250086AFB8|.E8 734C3700 CALL client.00BDFC30
260086AFBD|.803D C43C4801>CMP BYTE PTR DS:,0
270086AFC4|.0F84 B0000000 JE client.0086B07A
280086AFCA|.A1 FC554801 MOV EAX,DWORD PTR DS:
290086AFCF|.D980 70170000 FLD DWORD PTR DS:
300086AFD5|.53 PUSH EBX
310086AFD6|.D95D FC FSTP DWORD PTR SS:
320086AFD9|.57 PUSH EDI
330086AFDA|.D980 74170000 FLD DWORD PTR DS:
340086AFE0|.D95D F8 FSTP DWORD PTR SS:
350086AFE3|.D980 70030000 FLD DWORD PTR DS:
360086AFE9|.D865 FC FSUB DWORD PTR SS:
370086AFEC|.D980 74030000 FLD DWORD PTR DS:
380086AFF2|.D865 F8 FSUB DWORD PTR SS:
390086AFF5|.DCC8 FMUL ST,ST
400086AFF7|.D9C1 FLD ST(1)
410086AFF9|.DECA FMULP ST(2),ST
420086AFFB|.DEC1 FADDP ST(1),ST
430086AFFD|.D95D F8 FSTP DWORD PTR SS:
44
4553 D9 5DFC 57D9 80 ?? ?? ?? ?? D9 5D F8 D9 80 ?? ?? ?? ?? D865FCD980??
?? ?? ??D8 65F8 DC C8 D9 C1 DE CA DE C1 D9 5D F8 E8 ?? ?? ????8B108BC8
8B 42 50
46-0a
由于后期有事此游戏略过了.记录以便以后学习.BY:笨鸟我先飞
先学习了,高手,谢谢
页:
[1]