激战2根据血量找基址为何找不到
血量是浮点型,然后直接能搜到。逐层往上找,得到基址如下:
dd [[[[[]+4]+34]+20]+1dd1(这个参不确定)*4]+16c]+8 血量
求教:这个游戏很奇怪,为什么基址放到fs:里面?要怎么获取。
还有这个1dd1这个,也有上层基址。但是找不到了。下面是我的过程:
00BE9FDA|.8945 F0 |mov ,eax
00BEA02B|> \8B55 F0 |mov edx, ;找到这里找不下去了,edx老是变,下不了条件断点。
00D063F2 .8BF2 mov esi,edx
00D063F9 .FF76 02 push dword ptr ds:;存放的是1dd1
求教高手们都是怎么做的。 00C41C07 CC int3
00C41C08 CC int3
00C41C09 CC int3
00C41C0A CC int3
00C41C0B CC int3
00C41C0C CC int3
00C41C0D CC int3
00C41C0E CC int3
00C41C0F CC int3
00C41C10/$8B0D 2C88CE01 mov ecx,dword ptr ds: 'ECX=0
00C41C16|.64:A1 2C00000>mov eax,dword ptr fs: 'EAX=
00C41C1C|.8B0488 mov eax,dword ptr ds:
00C41C1F|.8B80 04000000 mov eax,dword ptr ds: '人物基址
00C41C25\.C3 retn
00C41C26 CC int3
00C41C27 CC int3
00C41C28 CC int3
00C41C29 CC int3
00C41C2A CC int3
00C41C2B CC int3
00C41C2C CC int3
00C41C2D CC int3
00C41C2E CC int3
00C41C2F CC int3
00C41C30/$8B15 2C88CE01 mov edx,dword ptr ds:
00C41C36|.64:A1 2C00000>mov eax,dword ptr fs:
00C41C3C|.8B0490 mov eax,dword ptr ds:
00C41C3F|.8988 04000000 mov dword ptr ds:,ecx
00C41C45\.C3 retn
00C41C46 CC int3
00C41C47 CC int3
00C41C48 CC int3
00C41C49 CC int3
00C41C4A CC int3
00C41C4B CC int3
00C41C4C CC int3
00C41C4D CC int3
00C41C4E CC int3
00C41C4F CC int3
00C41C50/>55 push ebp
00C41C51|.8BEC mov ebp,esp
00C41C53|.53 push ebx
00C41C54|.56 push esi
00C41C55|.8B75 08 mov esi,
00C41C58|.57 push edi
00C41C59|.8BFA mov edi,edx
00C41C5B|.8BD9 mov ebx,ecx
00C41C5D|.85F6 test esi,esi
Gw2.exe = 8B0000
call Gw2.exe+391C10
01189036 .8B48 34 mov ecx,dword ptr ds:
0161D500 .8B41 40 mov eax,dword ptr ds:
01188E60 > \8B86 6C010000 mov eax,dword ptr ds:
dd [[[[[]+4]+34]+40]+16C]
+8 当前血
+C 最大血
------------坐标
Gw2.exe = 240000
0071EB30/.55 push ebp
0071EB31|.8BEC mov ebp,esp
0071EB33|.56 push esi
0071EB34|.57 push edi
0071EB35|.8B7D 08 mov edi,
0071EB38|.8BF1 mov esi,ecx
0071EB3A|.85FF test edi,edi
0071EB3C|.75 14 jnz XGw2.0071EB52
0071EB3E|.68 A3040000 push 0x4A3
0071EB43|.BA 8C722B01 mov edx,Gw2.012B728C ;ASCII "..\..\..\Engine\Map\Map.cpp"
0071EB48|.B9 7CA31901 mov ecx,Gw2.0119A37C ;ASCII "position"
0071EB4D|.E8 3EA0EXFF call Gw2.005E8B90
0071EB52|>8B46 30 mov eax,dword ptr ds:
0071EB55|.8B4D 0C mov ecx,
0071EB58|.8907 mov dword ptr ds:,eax
0071EB5A|.8B46 34 mov eax,dword ptr ds:
0071EB5D|.8947 04 mov dword ptr ds:,eax
0071EB60|.8B46 38 mov eax,dword ptr ds:
0071EB63|.8947 08 mov dword ptr ds:,eax
0071EB66|.85C9 test ecx,ecx
0071EB68|.74 11 je XGw2.0071EB7B
0071EB6A|.8B46 3C mov eax,dword ptr ds: ;X坐标
0071EB6D|.8901 mov dword ptr ds:,eax
0071EB6F|.8B46 40 mov eax,dword ptr ds: ;Y坐标
0071EB72|.8941 04 mov dword ptr ds:,eax
0071EB75|.8B46 44 mov eax,dword ptr ds: ;Z坐标
0071EB78|.8941 08 mov dword ptr ds:,eax
0071EB7B|>8B4D 10 mov ecx,
0071EB7E|.85C9 test ecx,ecx
0071EB80|.74 11 je XGw2.0071EB93
0071EB82|.8B46 48 mov eax,dword ptr ds:
0071EB85|.8901 mov dword ptr ds:,eax
0071EB87|.8B46 4C mov eax,dword ptr ds:
0071EB8A|.8941 04 mov dword ptr ds:,eax
0071EB8D|.8B46 50 mov eax,dword ptr ds:
0071EB90|.8941 08 mov dword ptr ds:,eax
0071EB93|>5F pop edi
0071EB94|.5E pop esi
0071EB95|.5D pop ebp
0071EB96\.C2 0C00 retn 0xC
0071EB6A - mov eax,
0071EB6D - mov ,eax
0071EB6F - mov eax,
0071EB72 - mov ,eax
0071EB75 - mov eax,
0078B9AF - int 3
0078B9B0 - call Gw2.exe+391C10
0078B9B5 - mov ecx,
0078B9B8 - push 1B
0078B9BA - mov eax,
dd [[[]+4]+18]
+3C X坐标
+40 Y坐标
+44 Z坐标 顶楼主啦..希望楼主多发精品好帖啦.... V5,支持楼主! 希望越办越好, 海加油 路过,看见,支持一下!
页:
[1]