无聊一次,征三国明文发包...某些人喜欢卖这个了...
008E4990/$53 push ebx008E4991|.8B5C24 0C mov ebx,dword ptr ss:
008E4995|.85DB test ebx,ebx
008E4997|.55 push ebp
008E4998|.8B6C24 0C mov ebp,dword ptr ss:
008E499C|.74 2E je short client.008E49CC
008E499E|.8B03 mov eax,dword ptr ds:
008E49A0|.83F8 04 cmp eax,0x4
008E49A3|.76 27 jbe short client.008E49CC
008E49A5|.3D 00000800 cmp eax,0x80000
008E49AA|.72 27 jb short client.008E49D3
008E49AC|.68 68EAB100 push client.00B1EA68 ;ASCII 09,"if (pMsg-"
008E49B1|.68 0A010000 push 0x10A
008E49B6|.68 B8EAB100 push client.00B1EAB8 ;ASCII "E:\vision\2014.5.11\g2\g2\Contrib\network\network.cpp"
008E49BB|.6A 01 push 0x1
008E49BD|.B9 9CEAB100 mov ecx,client.00B1EA9C ;ASCII "network::Socketer::SendMsg"
008E49C2|.33D2 xor edx,edx
008E49C4|.E8 F7130000 call client.008E5DC0
008E49C9|.83C4 10 add esp,0x10
008E49CC|>5D pop ebp
008E49CD|.32C0 xor al,al
008E49XF|.5B pop ebx
008E49D0|.C2 0800 retn 0x8
008E49D3|>56 push esi
008E49D4|.8B75 00 mov esi,dword ptr ss:
008E49D7|.50 push eax
008E49D8|.E8 A3060000 call client.008E5080
008E49DD|.83C4 04 add esp,0x4
008E49E0|.84C0 test al,al
008E49E2|.5E pop esi
008E49E3|.74 0E je short client.008E49F3
008E49E5|.8BC5 mov eax,ebp
008E49E7|.E8 64FFFFFF call client.008E4950
008E49EC|.5D pop ebp
008E49ED|.32C0 xor al,al
008E49EF|.5B pop ebx
008E49F0|.C2 0800 retn 0x8
008E49F3|>8B0B mov ecx,dword ptr ds:
008E49F5|.57 push edi
008E49F6|.E8 75FXFFFF call client.008E4670
008E49FB|.8B3B mov edi,dword ptr ds:
008E49FD|.8B45 00 mov eax,dword ptr ss:
008E4A00|.53 push ebx
008E4A01|.E8 3A060000 call client.008E5040
008E4A06|.83C4 04 add esp,0x4
008E4A09|.5F pop edi
008E4A0A|.5D pop ebp
008E4A0B|.5B pop ebx
008E4A0C\.C2 0800 retn 0x8
->
008E5040/$53 push ebx
008E5041|.8B5C24 08 mov ebx,dword ptr ss:
008E5045|.56 push esi
008E5046|.8BF0 mov esi,eax
008E5048|.85F6 test esi,esi
008E504A|.74 2B je short client.008E5077
008E504C|.85DB test ebx,ebx
008E504E|.74 27 je short client.008E5077
008E5050|.85FF test edi,edi
008E5052|.7E 23 jle short client.008E5077
008E5054|.8A46 58 mov al,byte ptr ds:
008E5057|.84C0 test al,al
008E5059|.75 1C jnz short client.008E5077
008E505B|.8A4E 59 mov cl,byte ptr ds:
008E505E|.84C9 test cl,cl
008E5060|.74 15 je short client.008E5077
008E5062|.E8 19FXFFFF call client.008E4C80
008E5067|.8B46 48 mov eax,dword ptr ds:
008E506A|.57 push edi
008E506B|.53 push ebx
008E506C|.E8 1F270000 call client.008E7790 ;SendAddr
008E5071|.83C4 08 add esp,0x8
008E5074|.5E pop esi
008E5075|.5B pop ebx
008E5076|.C3 retn
008E5077|>5E pop esi
008E5078|.32C0 xor al,al
008E507A|.5B pop ebx
008E507B\.C3 retn
功能call的追溯可以利用008E4990 跟踪...
具体明文发包利用008E7790 就可以...
其中有1个timeGetTime 引发的tick包会丢给服务端,对下断有一定影响,再进游戏前Retn掉此函数即可...
前排支持一下 过来看看的 嗯~支持一下 支持一下:lol 学习了,谢谢分享、、、 谢谢楼主....感谢 我了个去,顶了 激动人心,无法言表! 太W美了 楼主我不忍直视了 呵呵
页:
[1]
2