这应该是游戏的寻路关键CALL了,但是不知道如何写这个CALL调用。
请老师帮助阿。。。。。谢谢啦!!!!!!!
0050D310 /. 55 push ebp
0050D311 |. 8BEC mov ebp, esp
0050D313 |. 83EC 3C sub esp, 3C
0050D316 |. 894D C4 mov dword ptr [ebp-3C], ecx ; ecx=053E4DE0
0050D319 |. 837D 08 15 cmp dword ptr [ebp+8], 15
0050D31D |. 0F85 95010000 jnz 0050D4B8 ; 结果不为零则转移
0050D323 |. 8B4D C4 mov ecx, dword ptr [ebp-3C]
0050D326 |. E8 25540700 call 00582750 ; 关联寻路CALL 12
0050D32B |. 8B88 C0020000 mov ecx, dword ptr [eax+2C0]
0050D331 |. 81C1 38080000 add ecx, 838 ; ecx=ecx+838
0050D337 |. E8 4447FAFF call 004B1A80 ; 关联寻路CALL 11
0050D33C |. 8945 F0 mov dword ptr [ebp-10], eax
0050D33F |. 8B4D C4 mov ecx, dword ptr [ebp-3C]
0050D342 |. E8 09540700 call 00582750 ; 关联寻路CALL 10
0050D347 |. 8B88 C0020000 mov ecx, dword ptr [eax+2C0]
0050D34D |. 81C1 38080000 add ecx, 838 ; ecx=ecx+838
0050D353 |. E8 B8030300 call 0053D710 ; 关联寻路CALL 9
0050D358 |. 8945 FC mov dword ptr [ebp-4], eax
0050D35B |. 8B45 10 mov eax, dword ptr [ebp+10]
0050D35E |. 8945 F4 mov dword ptr [ebp-C], eax
0050D361 |. 8B4D 14 mov ecx, dword ptr [ebp+14]
0050D364 |. 894D F8 mov dword ptr [ebp-8], ecx
0050D367 |. C745 E4 11000>mov dword ptr [ebp-1C], 11
0050D36E |. BA 1F030000 mov edx, 31F
0050D373 |. 2B55 F0 sub edx, dword ptr [ebp-10] ; edx=edx - [ebp-10]
0050D376 |. 8955 E0 mov dword ptr [ebp-20], edx
0050D379 |. 8B45 FC mov eax, dword ptr [ebp-4]
0050D37C |. 83C0 11 add eax, 11 ; eax=eax+11
0050D37F |. 8945 EC mov dword ptr [ebp-14], eax
0050D382 |. C745 E8 1F030>mov dword ptr [ebp-18], 31F
0050D389 |. 8B4D F8 mov ecx, dword ptr [ebp-8]
0050D38C |. 51 push ecx ; /Point.Y
0050D38D |. 8B55 F4 mov edx, dword ptr [ebp-C] ; |
0050D390 |. 52 push edx ; |Point.X
0050D391 |. 8D45 E0 lea eax, dword ptr [ebp-20] ; |eax=0012CF5C
0050D394 |. 50 push eax ; |pRect
0050D395 |. FF15 A8936A00 call dword ptr [6A93A8] ; \PtInRect
0050D39B |. 85C0 test eax, eax
0050D39D |. 0F84 15010000 je 0050D4B8 ; 相等则转移
0050D3A3 |. 8B45 10 mov eax, dword ptr [ebp+10]
0050D3A6 |. 2B45 E0 sub eax, dword ptr [ebp-20]
0050D3A9 |. 99 cdq ; 双字转换为四字
0050D3AA |. 2BC2 sub eax, edx ; eax=eax-edx
0050D3AC |. D1F8 sar eax, 1 ; 算术右移
0050D3AE |. 8945 D0 mov dword ptr [ebp-30], eax
0050D3B1 |. 8B4D 14 mov ecx, dword ptr [ebp+14]
0050D3B4 |. 2B4D E4 sub ecx, dword ptr [ebp-1C]
0050D3B7 |. 894D CC mov dword ptr [ebp-34], ecx
0050D3BA |. 8B4D C4 mov ecx, dword ptr [ebp-3C]
0050D3BD |. E8 8E530700 call 00582750 ; 关联寻路CALL 8
0050D3C2 |. 83B8 C0020000>cmp dword ptr [eax+2C0], 0
0050D3C9 |. 75 07 jnz short 0050D3D2 ; 结果不为零则转移
0050D3CB |. 33C0 xor eax, eax
0050D3CD |. E9 EB000000 jmp 0050D4BD
0050D3D2 |> 8B4D C4 mov ecx, dword ptr [ebp-3C]
0050D3D5 |. E8 76530700 call 00582750 ; 关联寻路CALL 7
0050D3DA |. 8B90 C0020000 mov edx, dword ptr [eax+2C0]
0050D3E0 |. C682 D5070000>mov byte ptr [edx+7D5], 0
0050D3E7 |. 8B45 C4 mov eax, dword ptr [ebp-3C]
0050D3EA |. C680 18020000>mov byte ptr [eax+218], 0
0050D3F1 |. 6A 00 push 0
0050D3F3 |. 8B4D C4 mov ecx, dword ptr [ebp-3C]
0050D3F6 |. 8B11 mov edx, dword ptr [ecx]
0050D3F8 |. 8B4D C4 mov ecx, dword ptr [ebp-3C]
0050D3FB |. FF52 40 call dword ptr [edx+40] ; 关联寻路CALL 6
0050D3FE |. 833D B4ADB700>cmp dword ptr [B7ADB4], 0
0050D405 |. 75 07 jnz short 0050D40E ; 结果不为零则转移
0050D407 |. 33C0 xor eax, eax
0050D409 |. E9 AF000000 jmp 0050D4BD
0050D40E |> 8D45 D4 lea eax, dword ptr [ebp-2C] ; eax=1
0050D411 |. 50 push eax ; eax=0012CF50
0050D412 |. 8D4D C8 lea ecx, dword ptr [ebp-38] ; ecx=053E42F0
0050D415 |. 51 push ecx ; ecx=0012CF44
0050D416 |. 8B0D B4ADB700 mov ecx, dword ptr [B7ADB4]
0050D41C |. E8 3F6D0500 call 00564160 ; 关联寻路CALL 5
0050D421 |. 8B55 C8 mov edx, dword ptr [ebp-38] ; edx=人物X坐标
0050D424 |. 2B55 D0 sub edx, dword ptr [ebp-30]
0050D427 |. 52 push edx ; edx=FFFFFFEA
0050D428 |. E8 F5AA0F00 call 00607F22 ; 关联寻路CALL 4
0050D42D |. 83C4 04 add esp, 4
0050D430 |. 8945 D8 mov dword ptr [ebp-28], eax
0050D433 |. 8B45 D4 mov eax, dword ptr [ebp-2C] ; edx=人物Y坐标
0050D436 |. 2B45 CC sub eax, dword ptr [ebp-34]
0050D439 |. 50 push eax
0050D43A |. E8 E3AA0F00 call 00607F22 ; 关联寻路CALL 3
0050D43F |. 83C4 04 add esp, 4
0050D442 |. 8945 DC mov dword ptr [ebp-24], eax
0050D445 |. 837D D8 0F cmp dword ptr [ebp-28], 0F
0050D449 |. 7F 06 jg short 0050D451 ; 大于则转移
0050D44B |. 837D DC 0F cmp dword ptr [ebp-24], 0F
0050D44F |. 7E 54 jle short 0050D4A5 ; 小于或等于则转移
0050D451 |> 8B4D C4 mov ecx, dword ptr [ebp-3C] ; ecx=057B5BD8
0050D454 |. E8 47060000 call 0050DAA0 ; 关联寻路CALL 2
0050D459 |. 6A 00 push 0
0050D45B |. 8B4D CC mov ecx, dword ptr [ebp-34]
0050D45E |. 51 push ecx ; 小地图目的地Y坐标
0050D45F |. 8B55 D0 mov edx, dword ptr [ebp-30]
0050D462 |. 52 push edx ; 小地图目的地X坐标
0050D463 |. 8B4D C4 mov ecx, dword ptr [ebp-3C] ; ecx=053E4708
0050D466 |. E8 45070000 call 0050DBB0 ; 关联寻路CALL 1
0050D46B |. A1 B4ADB700 mov eax, dword ptr [B7ADB4]
0050D470 |. 0FB748 40 movzx ecx, word ptr [eax+40]
0050D474 |. D1E1 shl ecx, 1 ; 逻辑左移
0050D476 |. 8B15 107A9800 mov edx, dword ptr [987A10]
0050D47C |. 8B82 C0020000 mov eax, dword ptr [edx+2C0]
0050D482 |. 8988 CC070000 mov dword ptr [eax+7CC], ecx
0050D488 |. 8B0D B4ADB700 mov ecx, dword ptr [B7ADB4]
0050D48E |. 0FB751 42 movzx edx, word ptr [ecx+42]
0050D492 |. A1 107A9800 mov eax, dword ptr [987A10]
0050D497 |. 8B88 C0020000 mov ecx, dword ptr [eax+2C0]
0050D49D |. 8991 D0070000 mov dword ptr [ecx+7D0], edx
0050D4A3 |. EB 13 jmp short 0050D4B8
0050D4A5 |> 8B55 CC mov edx, dword ptr [ebp-34]
0050D4A8 |. 52 push edx
0050D4A9 |. 8B45 D0 mov eax, dword ptr [ebp-30]
0050D4AC |. 50 push eax
0050D4AD |. 8B0D B4ADB700 mov ecx, dword ptr [B7ADB4]
0050D4B3 |. E8 08760300 call 00544AC0
0050D4B8 |> B8 01000000 mov eax, 1
0050D4BD |> 8BE5 mov esp, ebp
0050D4BF |. 5D pop ebp
0050D4C0 \. C2 1000 retn 10
[课程]Linux pwn 探索篇!