-
-
[分享]植物大战僵尸 <秒杀>
-
2018-1-1 20:25
-
看见有人分享关于植物大战僵尸的贴,自己也打开CE玩了玩,顺利在无尽模式中玩到40关以上
内容见下
思路:
扫描未知数值
当普通僵尸受到攻击时搜索减少的值
重复N次,获得地址
对地址下写入断点分析其代码来到下图处
点击此处,编辑代码
可以看出EDI里是实时的血量,这里将其改为xor edi,edi 即可直接将血量归0
接着运行游戏,发现有铁桶僵尸和拿报纸的僵尸不受上述代码约束,向上翻看代码发现call由下图来
仔细辨别代码,发现两处cmp有重大嫌疑,将JE改为JNE时发现已实现僵尸秒杀。时间仓促,将CE代码附上以便大家玩耍
此代码将铁桶类僵尸视为普通僵尸
[ENABLE] //code from here to '[DISABLE]' will be used to enable the cheat alloc(newmem,2048) label(returnhere) label(originalcode) label(exit) newmem: //this is allocated memory, you have read,write,execute access //place your code here originalcode: //je PlantsVsZombies.exe+13186B jne PlantsVsZombies.exe+13186B push esi mov eax,ebp exit: jmp returnhere "PlantsVsZombies.exe"+131861: jmp newmem returnhere: [DISABLE] //code from here till the end of the code will be used to disable the cheat dealloc(newmem) "PlantsVsZombies.exe"+131861: je PlantsVsZombies.exe+13186B push esi mov eax,ebp //Alt: db 75 08 56 8B C5
此代码将报纸僵尸类视为普通僵尸
[ENABLE] //code from here to '[DISABLE]' will be used to enable the cheat alloc(newmem,2048) label(returnhere) label(originalcode) label(exit) newmem: //this is allocated memory, you have read,write,execute access //place your code here originalcode: //je PlantsVsZombies.exe+131856 jne PlantsVsZombies.exe+131856 test bl,01 exit: jmp returnhere "PlantsVsZombies.exe"+13183F: jmp newmem returnhere: [DISABLE] //code from here till the end of the code will be used to disable the cheat dealloc(newmem) "PlantsVsZombies.exe"+13183F: je PlantsVsZombies.exe+131856 test bl,01 //Alt: db 75 15 F6 C3 01
此代码将血量归零
[ENABLE] //code from here to '[DISABLE]' will be used to enable the cheat alloc(newmem,2048) label(returnhere) label(originalcode) label(exit) newmem: //this is allocated memory, you have read,write,execute access //place your code here originalcode: //sub edi,[esp+20] xor edi,edi mov [esp+1C],eax exit: jmp returnhere "PlantsVsZombies.exe"+13130F: jmp newmem nop nop nop returnhere: [DISABLE] //code from here till the end of the code will be used to disable the cheat dealloc(newmem) "PlantsVsZombies.exe"+13130F: sub edi,[esp+20] mov [esp+1C],eax //Alt: db 2B 7C 24 20 89 44 24 1C
[培训]《安卓高级研修班(网课)》月薪三万计划,掌 握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
更新秒杀功能,提升攻击力,不再需要考虑僵尸类型 [ENABLE] //code from here to '[DISABLE]' will be used to enable the cheat alloc(newmem,2048) label(returnhere) label(originalcode) label(exit) newmem: //this is allocated memory, you have read,write,execute access //place your code here originalcode: //mov ebp,[esp+10] mov ebp,100000 push edi exit: jmp returnhere "PlantsVsZombies.exe"+1317C9: jmp newmem returnhere: [DISABLE] //code from here till the end of the code will be used to disable the cheat dealloc(newmem) "PlantsVsZombies.exe"+1317C9: mov ebp,[esp+10] push edi //Alt: db 8B 6C 24 10 57 增加大嘴花吞噬冷却 [ENABLE] //code from here to '[DISABLE]' will be used to enable the cheat alloc(newmem,2048) label(returnhere) label(originalcode) label(exit) newmem: //this is allocated memory, you have read,write,execute access //place your code here originalcode: xor eax,eax //add eax,-01 mov [edi+54],eax exit: jmp returnhere "PlantsVsZombies.exe"+6324C: jmp newmem nop returnhere: [DISABLE] //code from here till the end of the code will be used to disable the cheat dealloc(newmem) "PlantsVsZombies.exe"+6324C: add eax,-01 mov [edi+54],eax //Alt: db 83 C0 FF 89 47 54 label(originalcode) label(exit) newmem: //this is allocated memory, you have read,write,execute access //place your code here originalcode: //add dword ptr [edi+58],-01 add dword ptr [edi+58],-ff mov esi,[edi+58] exit: jmp returnhere "PlantsVsZombies.exe"+5FA48: jmp newmem nop nop returnhere: [DISABLE] //code from here till the end of the code will be used to disable the cheat dealloc(newmem) "PlantsVsZombies.exe"+5FA48: add dword ptr [edi+58],-01 mov esi,[edi+58] //Alt: db 83 47 58 FF 8B 77 58  |
|
|
|
|
|
|
|
|
通过植物大战僵尸游戏可以学到好多逆向知识
|
|
|
|
|
|
|
|
|
|
|
|
|
