00632310 /$ 55 push ebp
00632311 |. 8BEC mov ebp,esp
00632313 |. 51 push ecx
00632314 |. 57 push edi
00632315 |. 8B7D 0C mov edi,[arg.2]
00632318 |. 817F 04 08039>cmp dword ptr ds:[edi+0x4],x11-clie.0>; UNICODE "d"
0063231F |. 75 43 jnz short x11-clie.00632364
00632321 |. 837F 08 64 cmp dword ptr ds:[edi+0x8],0x64
00632325 |. 7F 3D jg short x11-clie.00632364
00632327 |. 8B45 08 mov eax,[arg.1]
0063232A |. F740 54 00000>test dword ptr ds:[eax+0x54],0x80000
00632331 |. 74 31 je short x11-clie.00632364
00632333 |. 8B88 C0000000 mov ecx,dword ptr ds:[eax+0xC0]
00632339 |. 8B47 0C mov eax,dword ptr ds:[edi+0xC]
0063233C |. 0FAFC1 imul eax,ecx
0063233F |. C1E8 16 shr eax,0x16
00632342 |. 8D0440 lea eax,dword ptr ds:[eax+eax*2]
00632345 |. 03C0 add eax,eax
00632347 |. 03C0 add eax,eax
00632349 |. 3988 F8299A00 cmp dword ptr ds:[eax+0x9A29F8],ecx
0063234F |. 75 13 jnz short x11-clie.00632364
00632351 |. 39B8 FC299A00 cmp dword ptr ds:[eax+0x9A29FC],edi
00632357 |. 75 0B jnz short x11-clie.00632364
00632359 |. 8B80 002A9A00 mov eax,dword ptr ds:[eax+0x9A2A00]
0063235F |. 5F pop edi ; KernelBa.76682CBA
00632360 |. 8BE5 mov esp,ebp
00632362 |. 5D pop ebp ; KernelBa.76682CBA
00632363 |. C3 retn
00632364 |> 8B45 08 mov eax,[arg.1]
00632367 |. 8B80 AC000000 mov eax,dword ptr ds:[eax+0xAC]
0063236D |. 85C0 test eax,eax
0063236F |. 75 05 jnz short x11-clie.00632376
00632371 |. 5F pop edi ; KernelBa.76682CBA
00632372 |. 8BE5 mov esp,ebp
00632374 |. 5D pop ebp ; KernelBa.76682CBA
00632375 |. C3 retn
00632376 |> 8B48 08 mov ecx,dword ptr ds:[eax+0x8]
00632379 |. 53 push ebx
0063237A |. 56 push esi
0063237B |. 33DB xor ebx,ebx
0063237D |. 33F6 xor esi,esi
0063237F |. 894D FC mov [local.1],ecx
00632382 |. 85C9 test ecx,ecx
00632384 |. 7E 3D jle short x11-clie.006323C3
00632386 |. 83C0 0C add eax,0xC
00632389 |. 8945 0C mov [arg.2],eax
0063238C |. 8D6424 00 lea esp,dword ptr ss:[esp]
00632390 |> 8B4D 0C /mov ecx,[arg.2]
00632393 |. 8B01 |mov eax,dword ptr ds:[ecx]
00632395 |. 8178 04 103E9>|cmp dword ptr ds:[eax+0x4],x11-clie.>
0063239C |. 75 05 |jnz short x11-clie.006323A3
0063239E |. 8B40 0C |mov eax,dword ptr ds:[eax+0xC]
006323A1 |. EB 06 |jmp short x11-clie.006323A9
006323A3 |> 8B80 84000000 |mov eax,dword ptr ds:[eax+0x84]
006323A9 |> 57 |push edi
006323AA |. 50 |push eax
006323AB |. E8 E0BEFFFF |call x11-clie.0062E290
006323B0 |. 8BD8 |mov ebx,eax
006323B2 |. 83C4 08 |add esp,0x8
006323B5 |. 85DB |test ebx,ebx
006323B7 |. 75 0A |jnz short x11-clie.006323C3
006323B9 |. 8345 0C 04 |add [arg.2],0x4
006323BD |. 46 |inc esi
006323BE |. 3B75 FC |cmp esi,[local.1]
006323C1 |.^ 7C CD \jl short x11-clie.00632390
006323C3 |> 817F 04 08039>cmp dword ptr ds:[edi+0x4],x11-clie.0>; UNICODE "d"
006323CA |. 75 62 jnz short x11-clie.0063242E
006323CC |. 837F 08 64 cmp dword ptr ds:[edi+0x8],0x64
006323D0 |. 7F 5C jg short x11-clie.0063242E
006323D2 |. 8B55 08 mov edx,[arg.1] //mov edx,dword ptr ss:[ebp+0x8]
006323D5 |. 52 push edx
006323D6 |. E8 35E9FFFF call x11-clie.00630D10
006323DB |. 83C4 04 add esp,0x4
006323DE |. 85C0 test eax,eax
006323E0 |. 74 4C je short x11-clie.0063242E
006323E2 |. 8B45 08 mov eax,[arg.1] // [arg.1]= dword ptr ss:[ebp+0x8]
006323E5 |. 8B88 C0000000 mov ecx,dword ptr ds:[eax+0xC0] //(((edi+0c)*(eax+0c0))/0x400000+((edi+0c)* (eax+0c0))/0x400000*2)*4+9A29F8
006323EB |. 8B47 0C mov eax,dword ptr ds:[edi+0xC]
006323EE |. 0FAFC1 imul eax,ecx ; ((eax*ecx)/0x400000+(eax*ecx)/0x400000*2)*2*2+9A29F8
006323F1 |. C1E8 16 shr eax,0x16 ; (eax/0x400000+eax/0x400000*2)*2*2+9A29F8
006323F4 |. 8D3440 lea esi,dword ptr ds:[eax+eax*2] ;
006323F7 |. 03F6 add esi,esi
006323F9 |. 03F6 add esi,esi ; esi=(eax+eax*2)*2*2
006323FB |. 898E F8299A00 mov dword ptr ds:[esi+0x9A29F8],ecx ; (eax+eax*2)*2*2+9A29F8
00632401 |. 899E 002A9A00 mov dword ptr ds:[esi+0x9A2A00],ebx
00632407 |. FF07 inc dword ptr ds:[edi]
00632409 |. 8B86 FC299A00 mov eax,dword ptr ds:[esi+0x9A29FC]
0063240F |. FF08 dec dword ptr ds:[eax]
00632411 |. 8B86 FC299A00 mov eax,dword ptr ds:[esi+0x9A29FC]
00632417 |. 8338 00 cmp dword ptr ds:[eax],0x0
0063241A |. 75 0C jnz short x11-clie.00632428
0063241C |. 8B48 04 mov ecx,dword ptr ds:[eax+0x4]
0063241F |. 8B51 18 mov edx,dword ptr ds:[ecx+0x18]
00632422 |. 50 push eax
00632423 |. FFD2 call edx
00632425 |. 83C4 04 add esp,0x4
00632428 |> 89BE FC299A00 mov dword ptr ds:[esi+0x9A29FC],edi
0063242E |> 5E pop esi ; KernelBa.76682CBA
0063242F |. 8BC3 mov eax,ebx
00632431 |. 5B pop ebx ; KernelBa.76682CBA
00632432 |. 5F pop edi ; KernelBa.76682CBA
00632433 |. 8BE5 mov esp,ebp
00632435 |. 5D pop ebp ; KernelBa.76682CBA
00632436 \. C3 retn
上个月游戏没更新的时候在CE里面找到的
有可能是人物属性的
00632349 - 39 88 F8299A00 - cmp [eax+009A29F8],ecx
006323FB - 89 8E F8299A00 - mov [esi+009A29F8],ecx
快捷栏1 ?
00632349 - 39 88 F8299A00 - cmp [eax+009A29F8],ecx
006323FB - 89 8E F8299A00 - mov [esi+009A29F8],ecx
当时血值什么的搜索精确数值 找到的值 就是不变的 被打血值也不变....
然后我搜随机初始值的时候 发现几个绿色的地址
然后我找什么访问了这个地址的时候 发现 走路跑步切换/掉血/体力/魔法/回血/按快捷键 都跟上面的
00632349 ,006323FB这两个地方有关
然后我就附加进OD看了下 006323FB ,(代码红色的地方),因为是新手,也无法确定哪个参数,就想试一试先找 这个地址
但是带到上面那个绿色的位置就不对了....哪里错了
还有这样一直找下去能找到基址吗? 感觉要是一直找下去那个公式越来越大...还有那些 乘除的地方怎么办?(就算最后找个基址)
游戏是 TAI YA史诗 上个月的找到的绿色地址009A57DO 跟血值...一堆有关 009A400C这个当时是切换 走路 跑步会变化固定的两个值
我想问下 我怎么能直接找他的血值 还有参数什么的,是不是这个网游 有什么保护?? 新手见谅啊
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
