在bp send下断后,找到了捡物的地址,但是我试了很多次都不行,大家帮我看看是怎么回事?
反汇编代码:
004780D0 /$ 83EC 0C SUB ESP,0C ; 选择目标的CALL
004780D3 |. 53 PUSH EBX
004780D4 |. 56 PUSH ESI
004780D5 |. 8BF1 MOV ESI,ECX
.......
.......
004781A2 |> \25 000000C0 AND EAX,C0000000
004781A7 |. 3D 000000C0 CMP EAX,C0000000
004781AC |. 0F85 17020000 JNZ ElementC.004783C9
004781B2 |. BB 01000000 MOV EBX,1
004781B7 |. 8BCE MOV ECX,ESI
004781B9 |. 53 PUSH EBX
004781BA |. E8 D1FAFFFF CALL ElementC.00477C90
004781BF |. 8B46 38 MOV EAX,DWORD PTR DS:[ESI+38]
004781C2 |. 8B7C24 1C MOV EDI,DWORD PTR SS:[ESP+1C]
004781C6 |. 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+1C]
004781C9 |. 3BC3 CMP EAX,EBX
004781CB |. 8B87 10010000 MOV EAX,DWORD PTR DS:[EDI+110]
004781D1 |. 75 3A JNZ SHORT ElementC.0047820D
004781D3 |. 53 PUSH EBX
004781D4 |. 50 PUSH EAX
004781D5 |. E8 E659FFFF CALL ElementC.0046DBC0
004781DA |. 84C0 TEST AL,AL
004781DC |. 74 28 JE SHORT ElementC.00478206
004781DE |. 8B0D 34CC9100 MOV ECX,DWORD PTR DS:[91CC34] ; 自动捡物品
004781E4 |. 8B97 10010000 MOV EDX,DWORD PTR DS:[EDI+110]
004781EA |. 8B46 20 MOV EAX,DWORD PTR DS:[ESI+20]
004781ED |. 52 PUSH EDX ; /Arg2
004781EE |. 8B49 20 MOV ECX,DWORD PTR DS:[ECX+20] ; |
004781F1 |. 50 PUSH EAX ; |Arg1
004781F2 |. 81C1 D4000000 ADD ECX,0D4 ; |
004781F8 |. E8 F3441000 CALL ElementC.0057C6F0 ; \主要的CALL JW
004781FD |. 5F POP EDI
004781FE |. 5E POP ESI
004781FF |. 5B POP EBX
00478200 |. 83C4 0C ADD ESP,0C
我想知道的是我应该调用哪个地址? 57C6F0 还是4781F8还是4780D0
还是应该是其他的地址,这3个地址我都试过了,都不对
VB 代码如下
Sub Call_jw()
Dim asm As New clsASM '自动拣物
With asm
.Pushad
.Mov_ECX_DWORD_Ptr &H91CC34
.Mov_EDX_DWORD_Ptr_EDI_Add &H110
.Mov_EAX_DWORD_Ptr_ESI_Add &H20
.Push_EDX
.Mov_ECX_DWORD_Ptr_ECX_Add &H20
.Push_EAX
.Add_ECX &HD4
'.Mov_EAX &H57C6F0
.Mov_EAX &H4181A2
.Call_EAX
.Popad
.Ret
End With
asm.Run_ASM pid
End Sub
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
