-
-
[分享]植物大战僵尸 <秒杀>
-
发表于: 2018-1-1 20:25
-
看见有人分享关于植物大战僵尸的贴,自己也打开CE玩了玩,顺利在无尽模式中玩到40关以上
内容见下
思路:
扫描未知数值
当普通僵尸受到攻击时搜索减少的值
重复N次,获得地址
对地址下写入断点分析其代码来到下图处
点击此处,编辑代码
点击此处,编辑代码
可以看出EDI里是实时的血量,这里将其改为xor edi,edi 即可直接将血量归0
接着运行游戏,发现有铁桶僵尸和拿报纸的僵尸不受上述代码约束,向上翻看代码发现call由下图来
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
更新秒杀功能,提升攻击力,不再需要考虑僵尸类型 [ENABLE] //code from here to '[DISABLE]' will be used to enable the cheat alloc(newmem,2048) label(returnhere) label(originalcode) label(exit) newmem: //this is allocated memory, you have read,write,execute access //place your code here originalcode: //mov ebp,[esp+10] mov ebp,100000 push edi exit: jmp returnhere "PlantsVsZombies.exe"+1317C9: jmp newmem returnhere: [DISABLE] //code from here till the end of the code will be used to disable the cheat dealloc(newmem) "PlantsVsZombies.exe"+1317C9: mov ebp,[esp+10] push edi //Alt: db 8B 6C 24 10 57 增加大嘴花吞噬冷却 [ENABLE] //code from here to '[DISABLE]' will be used to enable the cheat alloc(newmem,2048) label(returnhere) label(originalcode) label(exit) newmem: //this is allocated memory, you have read,write,execute access //place your code here originalcode: xor eax,eax //add eax,-01 mov [edi+54],eax exit: jmp returnhere "PlantsVsZombies.exe"+6324C: jmp newmem nop returnhere: [DISABLE] //code from here till the end of the code will be used to disable the cheat dealloc(newmem) "PlantsVsZombies.exe"+6324C: add eax,-01 mov [edi+54],eax //Alt: db 83 C0 FF 89 47 54 label(originalcode) label(exit) newmem: //this is allocated memory, you have read,write,execute access //place your code here originalcode: //add dword ptr [edi+58],-01 add dword ptr [edi+58],-ff mov esi,[edi+58] exit: jmp returnhere "PlantsVsZombies.exe"+5FA48: jmp newmem nop nop returnhere: [DISABLE] //code from here till the end of the code will be used to disable the cheat dealloc(newmem) "PlantsVsZombies.exe"+5FA48: add dword ptr [edi+58],-01 mov esi,[edi+58] //Alt: db 83 47 58 FF 8B 77 58  |
|
|
|
|
|
|
|
|
通过植物大战僵尸游戏可以学到好多逆向知识
|
|
|
|
|
|
|
|
|
|
|
|
|
