顺着楼主分析的再逆回去,如有错误欢迎指正
.dataszTitle1 db '1',0
szTitle2 db '0',0
szTitle db '扫雷',0
szFormat db ' 请启动 扫雷游戏',0
ssBuffer_ dd ?
ssConcat_ dd ?
ssLength1_ dd ?
ssLength2_ dd ?
ssLength_3 dd ?
ssLength_4 dd ?
_Variable1 dd ?
.code
_MinePlug proc uses ebx esi edi hWnd
;这个地址的子程序是00401220,楼主没给,不敢妄自猜测
ret
_MinePlug endp
start:
invoke FindWindow,NULL,addr szTitle
mov @Mine,eax
cmp @Mine,0
jne @F
invoke wsprintf,addr ssBuffer_,addr szFormat
add esp,8
retn
invoke lstrcat,addr ssConcat_, ;这个不知道怎么写了,这个函数的作用是将一个字符串拼接到另一个后
面,楼主却只写一个
invoke _MinePlug,00403380 ;不知道这个00403380的地址是啥
jmp @6
@@:
invoke GetWindowThreadProcess,hWnd,@ThreadID
invoke OpenProcess,VM_READ,FALSE,@ThreadID
mov @Pocess,eax ;保存进程ID
mov @Start,10056AC
invoke ReadProcessMemory,@Pocess,@Start,ssLength1_,4,NULL
mov ssLength1,10056A8
invoke ReadProcessMemory,@Pocess,@Start,ssLength2_,4,NULL
mov ssLength2,1005330
invoke ReadProcessMemory,@Pocess,@start,ssLength3_,4,NULL
mov ssLength3,1005361
invoke ReadProcessMemory,@Pocess,@start,ssLength4_,768,NULL
mov esi,ssLength4_
invoke _MinePlug,00403380
invoke _MinePlug,0040301D
xor eax,eax
mov _Variable1,eax
@@:
xor eax,eax
mov _Variable1,eax
@2:
mov al,byte ptr ds:
inc esi
cmp al,8F
jnz @F
invoke wsprintf,addr szBuffer_,addr szTitle1
add esp,8
jmp @1
@@:
invoke wsprintf,addr szBuffer_,addr szTitle2
add esp,8
@1:
invoke _MinePlug,00401220
inc dword ptr ds:
mov eax,_Variable1
cmp eax,ssLength2_
jnb @3
jmp @2
@3:
invoke _MinePlug,0040301D
mov eax,20
sub eax,ssLength3_
add esi,eax
inc _Variable1
mov eax,_Variable1
cmp eax,09
jnb @6
jmp @B
004011C4:
ret ;猜测的,楼主没有贴出来
end start
页:
1
[2]