//------------------------------------------------------------------------------包裹结构
type
PPackageName=^TPackageName;
TPackageName=record
Name:array[0..15]of AnsiString;
end;
type
PPackageInfo1=^TPackageInfo1;
TPackageInfo1=record
Hold:array [1..$14]of Byte; //$14 //保留 +78+14+0
Info:PPackageName;
end;
type
PPackageInfo2=^TPackageInfo2;
TPackageInfo2=record
Hold:array [1..$8]of Byte; //$8 //保留 +84+8+0
Info:PPackageName;
end;
type //每一格的信息
PPackageStruct=^TPackageStruct;
TPackageStruct=record
Hold:array [1..$1C]of Byte; //$1C //保留 //这里有点诡异 不知为啥 会少4字节 所以下面还是 $1C
Pos:DWORD; //+$1c 在包裹中的位置
Num:DWORD; //+$20 数量
Hold1:array [1..$C]of Byte; //+$2c //保留
id:DWORD; //+$30 ID
Hold2:array [1..$28]of Byte; //+$58 //保留
RwGoods:DWORD; //+$5C 为1 任务物品
Hold3:array [1..$18]of Byte; //+$74 //保留
Point1:PPackageInfo1; //+$78 PName
Hold4:array [1..$8]of Byte; //+$80 //保留
Point2:PPackageInfo2; //+$84 PName
end;
type //包裹数组
PStruct=^TStruct;
TStruct=record
Index:array [0..32]of PPackageStruct;
end;
type
PPackage=^TPackage;
TPackage=record
Hold:array [1..$144]of Byte; //$144 //保留
Struct:PStruct;
end;
//------------------------------------------------------------------------------包裹结构
// 添加个按钮
var
Base:Pointer; //基址(准确说是结构指针)
Pint:Pointer; //用于判断
Package:PPackage; //指向结构首地址
id,Index:DWORD; //物品ID 跟包裹索引
Name:string; //名称
begin
MessageBox(0,'','',0); //方便在OD中找到位置
Index:=StrToInt(FrmMain.Edit2.Text);
Base:= Pointer($01456364); //基址
Package:=Pointer(Base^); //获取结构地址
id:=Package.Struct.Index[Index].id; //索引中包裹的ID
Pint:=@Package.Struct.Index[Index].Point1;
if dword(Pint^)=1 then //取该地址的标志
Name:=PChar(@Package.Struct.Index[Index].Point2.Info.Name) //如果为1 用第二种结构获取名称
else
Name:=PChar(@Package.Struct.Index[Index].Point1.Info.Name);
ShowMessage(IntToStr(dword(Pint^)));
ShowMessage(Name);
end;
//[[[[01456364]+144]+i*4]+30]==id //物品ID
{
if [[[[01456364]+144]+i*4]+78]= 1 then
[[[[01456364]+144]+i*4]+84]+8]==name
else
[[[[01456364]+144]+i*4]+78]+14]==name;
}
求解 结构中第一个如果是数组,为啥缺少4字节?
[课程]Linux pwn 探索篇!