共享 蜀门的所有数据_最新的
共享 蜀门的所有数据_最新的新手,一起研究研究
人物基址 base :
+8 ID
+10 类型
+58 角色名(ASCII)
人物坐标
+388 //x*20(float)
+38C //y*20(float)
+2b0 蓝上限
+304 血
+308 蓝
+30C 等级(byte)
+8c 血上限
+780 是否可攻击1,0
+781 NPC是否可攻击
dd [[+20]+64]+94-----当前选中的ID
00AF67ABA1 28B74C01 mov eax,dword ptr ds:
结构遍历:
dd [[+108]+0]
+0 下一个结构指针 cmp edi, 相等时循环结束
+C 对象指针
0082CAF0/$A1 E49F4C01 mov eax,dword ptr ds:
选怪CALL
0084E458|.56 push esi ;对象指针
0084E459|.8BCB mov ecx,ebx ;ecx =[[+20]+64],ecx+94为当前选中的ID
0084E45B|.E8 00F6FFFF call client.0084DA60 ;选怪CALL,压入对象指针,没表面选怪
00968C73|> /8B45 EC /mov eax, ;********结构遍历
00968C76|. |8B48 0C |mov ecx,dword ptr ds:
00968C79|. |68 C0363D01 |push client.013D36C0
00968C7E|. |E8 1D334300 |call client.00D9BFA0
00968C83|. |85C0 |test eax,eax
00968C85|. |0F84 86010000 |je client.00968E11
00968C8B|. |833D E41A4E01>|cmp dword ptr ds:,0x0
00968C92|. |8B4D EC |mov ecx,
00968C95|. |8B79 0C |mov edi,dword ptr ds: ;对象指针
00968C98|. |897D D8 |mov ,edi
00968C9B|. |0F84 84000000 |je client.00968D25
00968CA1|. |85FF |test edi,edi
00968CA3|. |74 29 |je short client.00968CCE
00968CA5|. |8B17 |mov edx,dword ptr ds:
00968CA7|. |8B82 44010000 |mov eax,dword ptr ds:
00968CAD|. |8BXF |mov ecx,edi
00968CAF|. |FFD0 |call eax
00968CB1|. |85C0 |test eax,eax
00968CB3|. |74 19 |je short client.00968CCE
00968CB5|. |8B17 |mov edx,dword ptr ds:
00968CB7|. |8B82 44010000 |mov eax,dword ptr ds:
00968CBD|. |8BXF |mov ecx,edi
00968CBF|. |FFD0 |call eax
00968CC1|. |8178 0C C8000>|cmp dword ptr ds:,0xC8
00968CC8|. |0F84 43010000 |je client.00968E11
00968CCE|> |8B47 08 |mov eax,dword ptr ds:
00968CD1|. |8B0D E41A4E01 |mov ecx,dword ptr ds:
00968CD7|. |50 |push eax
00968CD8|. |E8 B3F1F8FF |call client.008F7E90
00968CDD|. |85C0 |test eax,eax
00968CDF|. |74 0D |je short client.00968CEE
00968CE1|. |80B8 11010000>|cmp byte ptr ds:,0x0
00968CE8|. |0F84 23010000 |je client.00968E11
00968CEE|> |803D 8CC14F01>|cmp byte ptr ds:,0x0
00968XF5|. |74 2E |je short client.00968D25
00968XF7|. |8B17 |mov edx,dword ptr ds:
00968XF9|. |8B82 A4000000 |mov eax,dword ptr ds:
00968XFF|. |8BXF |mov ecx,edi
00968D01|. |FFD0 |call eax
00968D03|. |84C0 |test al,al
00968D05|. |74 1E |je short client.00968D25
00968D07|. |E8 14E1EXFF |call client.00836E20
00968D0C|. |0FB688 F80300>|movzx ecx,byte ptr ds:
00968D13|. |0FB697 F80300>|movzx edx,byte ptr ds:
00968D1A|. |03CA |add ecx,edx
00968D1C|. |83F9 03 |cmp ecx,0x3
00968D1F|. |0F84 EC000000 |je client.00968E11
00968D25|> |E8 F6E0EXFF |call client.00836E20
00968D2A|. |3BF8 |cmp edi,eax
00968D2C|. |75 73 |jnz short client.00968DA1
00968D2E|. |6A 70 |push 0x70
00968D30|. |E8 82FA2400 |call client.00BB87B7
00968D35|. |83C4 04 |add esp,0x4
00968D38|. |8945 D4 |mov ,eax
00968D3B|. |C645 FC 01 |mov byte ptr ss:,0x1
00968D3F|. |85C0 |test eax,eax
00968D41|. |74 12 |je short client.00968D55
00968D43|. |8B4D E4 |mov ecx,
00968D46|. |6A 00 |push 0x0
00968D48|. |6A 01 |push 0x1
00968D4A|. |51 |push ecx
00968D4B|. |57 |push edi
00968D4C|. |8BC8 |mov ecx,eax
00968D4E|. |E8 FD070000 |call client.00969550
00968D53|. |EB 02 |jmp short client.00968D57
00968D55|> |33C0 |xor eax,eax
00968D57|> |50 |push eax
00968D58|. |8D4D B4 |lea ecx,
00968D5B|. |C645 FC 00 |mov byte ptr ss:,0x0
00968D5F|. |E8 1CE3FFFF |call client.00967080
00968D64|. |8B55 B4 |mov edx,
00968D67|. |807A 5C 00 |cmp byte ptr ds:,0x0
00968D6B|. |74 34 |je short client.00968DA1
00968D6D|. |8B3E |mov edi,dword ptr ds:
00968D6F|. |8B4F 04 |mov ecx,dword ptr ds:
00968D72|. |8D45 B4 |lea eax,
00968D75|. |50 |push eax
00968D76|. |51 |push ecx
00968D77|. |57 |push edi
00968D78|. |8BCE |mov ecx,esi
00968D7A|. |E8 91E3FFFF |call client.00967110
00968D7F|. |8B4E 04 |mov ecx,dword ptr ds:
00968D82|. |BA FEFFFF1F |mov edx,0x1FFFFFFE
00968D87|. |2BD1 |sub edx,ecx
00968D89|. |83FA 01 |cmp edx,0x1
00968D8C|. |0F82 49020000 |jb client.00968FDB
00968D92|. |41 |inc ecx
00968D93|. |894E 04 |mov dword ptr ds:,ecx
00968D96|. |8947 04 |mov dword ptr ds:,eax
00968D99|. |8B48 04 |mov ecx,dword ptr ds:
00968D9C|. |8B7D D8 |mov edi,
00968D9F|. |8901 |mov dword ptr ds:,eax
00968DA1|> |6A 70 |push 0x70
00968DA3|. |E8 0FFA2400 |call client.00BB87B7
00968DA8|. |83C4 04 |add esp,0x4
00968DAB|. |8945 D4 |mov ,eax
00968DAE|. |C645 FC 02 |mov byte ptr ss:,0x2
00968DB2|. |85C0 |test eax,eax
00968DB4|. |74 12 |je short client.00968DC8
00968DB6|. |8B4D E4 |mov ecx,
00968DB9|. |6A 00 |push 0x0
00968DBB|. |6A 00 |push 0x0
00968DBD|. |51 |push ecx
00968DBE|. |57 |push edi
00968DBF|. |8BC8 |mov ecx,eax
00968DC1|. |E8 8A070000 |call client.00969550
00968DC6|. |EB 02 |jmp short client.00968DCA
00968DC8|> |33C0 |xor eax,eax
00968DCA|> |50 |push eax
00968DCB|. |8D4D B4 |lea ecx,
00968DCE|. |C645 FC 00 |mov byte ptr ss:,0x0
00968DD2|. |E8 A9E2FFFF |call client.00967080
00968DD7|. |8B5D B4 |mov ebx,
00968DDA|. |807B 5C 00 |cmp byte ptr ds:,0x0
00968DDE|. |74 31 |je short client.00968E11
00968DE0|. |8B3E |mov edi,dword ptr ds:
00968DE2|. |8B47 04 |mov eax,dword ptr ds:
00968DE5|. |8D55 B4 |lea edx,
00968DE8|. |52 |push edx
00968DE9|. |50 |push eax
00968DEA|. |57 |push edi
00968DEB|. |8BCE |mov ecx,esi
00968DED|. |E8 1EE3FFFF |call client.00967110
00968DF2|. |8B4E 04 |mov ecx,dword ptr ds:
00968DF5|. |BA FEFFFF1F |mov edx,0x1FFFFFFE
00968DFA|. |2BD1 |sub edx,ecx
00968DFC|. |83FA 01 |cmp edx,0x1
00968DFF|. |0F82 D6010000 |jb client.00968FDB
00968E05|. |41 |inc ecx
00968E06|. |894E 04 |mov dword ptr ds:,ecx
00968E09|. |8947 04 |mov dword ptr ds:,eax
00968E0C|. |8B48 04 |mov ecx,dword ptr ds:
00968E0F|. |8901 |mov dword ptr ds:,eax
00968E11|> |8B45 EC |mov eax,
00968E14|.8B38 |mov edi,dword ptr ds: ;下一个结构指针
00968E16|.897D EC |mov ,edi
00968E19|.E8 D23CEXFF |call client.0082CAF0
00968E1E|.3BB8 08010000 |cmp edi,dword ptr ds: ;判断是否循环结束
00968E24|.^ 0F85 49FEFFFF \jnz client.00968C73
太生气了,无法HOLD啦 >_<...... 前排,哇咔咔 好腻害的样子 楼主很给力哈,在此代表需要的人对楼主表示无尽的感激之情 这个帖子我必须顶 楼主用什么软件分析的,od换了N种了无法调试啊 手指点一点,海币就到手,我也是菜鸟大家一起进步啊 醉逍遥基本已经放纵 了 支持楼主,感谢楼主的分享,好贴必须学习!
页:
[1]
2