TA的每日心情 | 开心
前天 14:58 |
|---|
签到天数: 10 天 [LV.3]卷轴印记
管理员
 
- 积分
- 97
|
转载:https://tieba.baidu.com/p/6566719813
我将在汇编函数中实现1.13C的地图扩展并且修复关卡无名称的问题
我们拿D2Loader.exe启动为例(Game.exe同理):
方法如下:
将下面所有代码复制到汇编函数中
' ------------------------------------分割线------------------------------------’
写内存字节集 (-1, 十六到十 (“6FD7D2C0”), { 139, 68, 36, 4, 59, 5, 52, 11, 223, 111, 115, 19, 105, 192, 32, 2, 0, 0, 3, 5, 48, 11, 223, 111, 15, 190, 64, 3, 194, 4, 0, 51, 192, 194, 4, 0 })
' 此处相当于:
' 6FD7D2C0 > 8B4424 04 mov eax,dword ptr ss:[esp+0x4] ; D2Common.6FD50000
' 6FD7D2C4 3B05 340BDF6F cmp eax,dword ptr ds:[0x6FDF0B34]
' 6FD7D2CA 73 13 jnb short D2Common.6FD7D2DF
' 6FD7D2CC 69C0 20020000 imul eax,eax,0x220 ; D2Common.6FD50000
' 6FD7D2D2 0305 300BDF6F add eax,dword ptr ds:[0x6FDF0B30]
' 6FD7D2D8 0FBE40 03 movsx eax,byte ptr ds:[eax+0x3]
' 6FD7D2DC C2 0400 retn 0x4
' 6FD7D2DF 33C0 xor eax,eax ; D2Common.6FD50000
' 6FD7D2E1 C2 0400 retn 0x4
写内存字节集 (-1, 十六到十 (“6FD67196”), { 81, 232, 36, 97, 1, 0, 254, 192, 235, 74 })
' 此处相当于:
' 6FD67196 51 push ecx
' 6FD67197 E8 24610100 call D2Common.#10459
' 6FD6719C FEC0 inc al
' 6FD6719E EB 4A jmp short D2Common.6FD671EA
写内存字节集 (-1, 十六到十 (“6FD878D0”), { 81, 232, 234, 89, 255, 255, 254, 192, 144, 144, 144, 144, 235, 49 })
' 此处相当于:
' 6FD878D0 53 push ebx
' 6FD878D1 E8 EA59FFFF call D2Common.#10459
' 6FD878D6 FEC0 inc al
' 6FD878D8 90 nop
' 6FD878D9 90 nop
' 6FD878DA 90 nop
' 6FD878DB 90 nop
' 6FD878DC EB 31 jmp short D2Common.6FD8790F
写内存字节集 (-1, 十六到十 (“6FD87AA0”), { 81, 232, 26, 88, 255, 255, 254, 192, 144, 144, 144, 144, 235, 49 })
' 此处相当于:
' 6FD87AA0 53 push ebx
' 6FD87AA1 E8 1A58FFFF call D2Common.#10459
' 6FD87AA6 FEC0 inc al
' 6FD87AA8 90 nop
' 6FD87AA9 90 nop
' 6FD87AAA 90 nop
' 6FD87AAB 90 nop
' 6FD87AAC EB 31 jmp short D2Common.6FD87ADF
写内存字节集 (-1, 十六到十 (“6FD87B37”), { 81, 232, 131, 87, 255, 255, 254, 192, 235, 77, 144, 144, 144, 144, 144, 144 })
' 此处相当于:
' 6FD87B37 53 push ebx
' 6FD87B38 E8 8357FFFF call D2Common.#10459
' 6FD87B3D FEC0 inc al
' 6FD87B3F EB 4D jmp short D2Common.6FD87B8E
' 6FD87B41 90 nop
' 6FD87B42 90 nop
' 6FD87B43 90 nop
' 6FD87B44 90 nop
' 6FD87B45 90 nop
' 6FD87B46 90 nop
写内存字节集 (-1, 十六到十 (“6FD93613”), { 81, 232, 167, 156, 254, 255, 254, 192, 235, 89, 144, 144, 144 })
' 此处相当于:
' 6FD93613 51 push ecx
' 6FD93614 E8 A79CFEFF call D2Common.#10459
' 6FD93619 FEC0 inc al
' 6FD9361B EB 59 jmp short D2Common.6FD93676
' 6FD9361D 90 nop
' 6FD9361E 90 nop
' 6FD9361F 90 nop
写内存字节集 (-1, 十六到十 (“6FD9A696”), { 82, 232, 36, 44, 254, 255, 254, 192, 235, 63 })
' 此处相当于:
' 6FD9A696 52 push edx
' 6FD9A697 E8 242CFEFF call D2Common.#10459
' 6FD9A69C FEC0 inc al
' 6FD9A69E EB 3F jmp short D2Common.6FD9A6DF
' ------------------------------------分割线------------------------------------’
写内存字节集 (-1, 十六到十 (“6FB10516”), { 129, 236, 160, 16, 0, 0 })
' 此处相当于:
' sub esp,0x10A0
写内存字节集 (-1, 十六到十 (“6FB10536”), { 185, 153, 3, 0, 0 })
' 此处相当于:
' mov ecx,0x399
写内存字节集 (-1, 十六到十 (“6FB1054B”), { 104, 0, 16, 0, 0 })
' 此处相当于:
' push 0x1000
写内存字节集 (-1, 十六到十 (“6FB1055B”), { 129, 124, 36, 12, 0, 16, 0, 0 })
' 此处相当于:
' cmp dword ptr ss:[esp+0xC],0x1000
写内存字节集 (-1, 十六到十 (“6FB10584”), { 104, 0, 16, 0, 0 })
' 此处相当于:
' push 0x1000
写内存字节集 (-1, 十六到十 (“6FB10619”), { 104, 0, 16, 0, 0 })
' 此处相当于:
' push 0x1000
写内存字节集 (-1, 十六到十 (“6FB11E76”), { 129, 236, 76, 16, 0, 0 })
' 此处相当于:
' sub esp,0x104C
写内存字节集 (-1, 十六到十 (“6FB11EA9”), { 185, 153, 3, 0, 0 })
' 此处相当于:
' mov ecx,0x399
写内存字节集 (-1, 十六到十 (“6FB11EBA”), { 104, 0, 16, 0, 0 })
' 此处相当于:
' push 0x1000
写内存字节集 (-1, 十六到十 (“6FB11ECE”), { 129, 124, 36, 16, 0, 16, 0, 0 })
' 此处相当于:
' cmp dword ptr ss:[esp+0x10],0x1000
写内存字节集 (-1, 十六到十 (“6FB0F2EB”), { 104, 0, 16, 0, 0 })
' 此处相当于:
' push 0x1000
' ------------------------------------分割线------------------------------------’
写内存字节集 (-1, 取模块句柄ex (Diablo_ID, “D2Game.dll”) + 十六到十 (“A2629”), { 233, 140, 83, 5, 0, 144 }) ' 基地址:6FC20000
' 此处相当于:
' 6FCC2629 /E9 8C530500 jmp D2Game_d.6FD179BA
' 6FCC262E |90 nop
写内存字节集 (-1, 取模块句柄ex (Diablo_ID, “D2Game.dll”) + 十六到十 (“F79BA”), { 80, 81, 139, 78, 20, 139, 68, 36, 56, 136, 65, 4, 89, 88, 233, 98, 172, 250, 255, 144 })
' 此处相当于:
' 6FD179BA 50 push eax ; D2Game_d.6FC20000
' 6FD179BB 51 push ecx
' 6FD179BC 8B4E 14 mov ecx,dword ptr ds:[esi+0x14]
' 6FD179BF 8B4424 38 mov eax,dword ptr ss:[esp+0x38]
' 6FD179C3 8841 04 mov byte ptr ds:[ecx+0x4],al
' 6FD179C6 59 pop ecx
' 6FD179C7 58 pop eax
' 6FD179C8 ^ E9 62ACFAFF jmp D2Game_d.6FCC262F
写内存字节集 (-1, 取模块句柄ex (Diablo_ID, “D2Game.dll”) + 十六到十 (“3BE3E”), { 233, 147, 187, 11, 0 })
' 此处相当于:
' 6FC5BE3E /E9 93BB0B00 jmp D2Game_d.6FD179D6
写内存字节集 (-1, 取模块句柄ex (Diablo_ID, “D2Game.dll”) + 十六到十 (“F79D6”), { 139, 84, 36, 4, 139, 90, 104, 83, 106, 0, 81, 233, 93, 68, 244, 255 })
' 此处相当于:
' 6FD179D6 8B5424 04 mov edx,dword ptr ss:[esp+0x4] ; D2Game_d.6FC20000
' 6FD179DA 8B5A 68 mov ebx,dword ptr ds:[edx+0x68]
' 6FD179DD 53 push ebx
' 6FD179DE 6A 00 push 0x0
' 6FD179E0 51 push ecx
' 6FD179E1 ^ E9 5D44F4FF jmp D2Game_d.6FC5BE43
写内存字节集 (-1, 取模块句柄ex (Diablo_ID, “D2Game.dll”) + 十六到十 (“40B4F”), { 233, 156, 110, 11, 0 })
' 此处相当于:
' 6FC60B4F /E9 9C6E0B00 jmp D2Game_d.6FD179F0
写内存字节集 (-1, 取模块句柄ex (Diablo_ID, “D2Game.dll”) + 十六到十 (“F79F0”), { 86, 232, 130, 42, 241, 255, 80, 232, 90, 43, 241, 255, 80, 232, 108, 43, 241, 255, 139, 79, 100, 59, 193, 116, 6, 95, 233, 69, 145, 244, 255, 233, 72, 145, 244, 255 })
' 此处相当于:
' 6FD179F0 56 push esi
' 6FD179F1 E8 822AF1FF call <jmp.&D2Common.#10331>
' 6FD179F6 50 push eax ; D2Game_d.6FC20000
' 6FD179F7 E8 5A2BF1FF call <jmp.&D2Common.#10826>
' 6FD179FC 50 push eax ; D2Game_d.6FC20000
' 6FD179FD E8 6C2BF1FF call <jmp.&D2Common.#10459>
' 6FD17A02 8B4F 64 mov ecx,dword ptr ds:[edi+0x64]
' 6FD17A05 3BC1 cmp eax,ecx
' 6FD17A07 74 06 je short D2Game_d.6FD17A0F
' 6FD17A09 5F pop edi
' 6FD17A0A ^ E9 4591F4FF jmp D2Game_d.6FC60B54
' 6FD17A0F ^ E9 4891F4FF jmp D2Game_d.6FC60B5C
' ------------------------------------分割线------------------------------------’
|
|
|Archiver|手机版|小黑屋|神话暗黑
( 陕ICP备18004004号-1 )
发表于 2020-10-2 00:50:12