LOL无限视距OD找法
本帖最后由 Cmc5410 于 2015-1-2 11:30 编辑OD特征码
F30F108E????????F30F1015??????????????F30F2AC0F30F5CC8F30F1005
005A9FB0 6A FF push -0x1
005A9FB2 68 8E1B0101 push Dumped.01011B8E
005A9FB7 64:A1 00000000 mov eax,dword ptr fs:
005A9FBD 50 push eax
005A9FBE 51 push ecx
005A9FBF 56 push esi
005A9FC0 A1 C08B3201 mov eax,dword ptr ds:
005A9FC5 33C4 xor eax,esp
005A9FC7 50 push eax
005A9FC8 8D4424 0C lea eax,dword ptr ss:
005A9FCC 64:A3 00000000 mov dword ptr fs:,eax
005A9FD2 8BF1 mov esi,ecx
005A9FD4 A1 5491E802 mov eax,dword ptr ds:
005A9FD9 A8 01 test al,0x1
005A9FDB 75 33 jnz XDumped.005AA010
005A9FDD 83C8 01 or eax,0x1
005A9FE0 A3 5491E802 mov dword ptr ds:,eax
005A9FE5 6A 00 push 0x0
005A9FE7 6A 00 push 0x0
005A9FE9 BA 6CCE1201 mov edx,Dumped.0112CE6C
005A9FEE C74424 1C 00000000 mov dword ptr ss:,0x0
005A9FF6 B9 641A1601 mov ecx,Dumped.01161A64
005A9FFB E8 30524E00 call Dumped.00A8F230
005AA000 83C4 08 add esp,0x8
005AA003 85C0 test eax,eax
005AA005 0F95C1 setne cl
005AA008 880D 5891E802 mov byte ptr ds:,cl
005AA00E EB 06 jmp XDumped.005AA016
005AA010 8A0D 5891E802 mov cl,byte ptr ds:
005AA016 8B4424 1C mov eax,dword ptr ss:
005AA01A F3:0F108E BC010000 movss xmm1,dword ptr ds:
005AA022 F3:0F1015 88281101 movss xmm2,dword ptr ds:
005AA02A 8B40 4C mov eax,dword ptr ds:
005AA02D F3:0F2AC0 cvtsi2ss xmm0,eax
005AA031 F3:0F5CC8 subss xmm1,xmm0
005AA035 F3:0F1005 7C851001 movss xmm0,dword ptr ds: //0x110857C无限视距
005AA03D 84C9 test cl,cl
005AA03F 74 0E je XDumped.005AA04F
005AA041 85C0 test eax,eax
005AA043 7E 05 jle XDumped.005AA04A
005AA045 0F28CA movaps xmm1,xmm2
005AA048 EB 05 jmp XDumped.005AA04F
005AA04A 79 03 jns XDumped.005AA04F
005AA04C 0F28C8 movaps xmm1,xmm0
005AA04F 0F2FC8 comiss xmm1,xmm0
005AA052 77 0D ja XDumped.005AA061
005AA054 0F2FD1 comiss xmm2,xmm1
005AA057 76 05 jbe XDumped.005AA05E
005AA059 0F28C2 movaps xmm0,xmm2
005AA05C EB 03 jmp XDumped.005AA061
005AA05E 0F28C1 movaps xmm0,xmm1
005AA061 0F2E86 BC010000 ucomiss xmm0,dword ptr ds:
005AA068 9F lahf
005AA069 F6C4 44 test ah,0x44
005AA06C 7B 08 jpo XDumped.005AA076
005AA06E F3:0F1186 BC010000 movss dword ptr ds:,xmm0
005AA076 8B4C24 0C mov ecx,dword ptr ss:
005AA07A 64:890D 00000000 mov dword ptr fs:,ecx
005AA081 59 pop ecx
005AA082 5E pop esi
005AA083 83C4 10 add esp,0x10
005AA086 C2 0400 retn 0x4
或者
F30F115110F30F104110F30F100D
00A03FD0 51 push ecx
00A03FD1 F3:0F103D 7C373401 movss xmm7,dword ptr ds:
00A03FD9 F3:0F1015 B41D0D01 movss xmm2,dword ptr ds:
00A03FE1 0F2FD7 comiss xmm2,xmm7
00A03FE4 F3:0F1059 14 movss xmm3,dword ptr ds:
00A03FE9 F3:0F1071 10 movss xmm6,dword ptr ds:
00A03FEE F3:0F1009 movss xmm1,dword ptr ds:
00A03FF2 F3:0F111C24 movss dword ptr ss:,xmm3
00A03FF7 0F87 AC000000 ja Dumped.00A040A9
00A03FFD 0F2FD1 comiss xmm2,xmm1
00A04000 76 11 jbe XDumped.00A04013
00A04002 F3:0F1159 10 movss dword ptr ds:,xmm3
00A04007 C741 0C 00000000 mov dword ptr ds:,0x0
00A0400E E9 96000000 jmp Dumped.00A040A9
00A04013 0F2FF9 comiss xmm7,xmm1
00A04016 76 03 jbe XDumped.00A0401B
00A04018 0F28F9 movaps xmm7,xmm1
00A0401B F3:0F1025 EC110F01 movss xmm4,dword ptr ds:
00A04023 F3:0F5EE1 divss xmm4,xmm1
00A04027 F3:0F101D 8C860D01 movss xmm3,dword ptr ds:
00A0402F 0F28CC movaps xmm1,xmm4
00A04032 F3:0F1069 0C movss xmm5,dword ptr ds:
00A04037 F3:0F59CF mulss xmm1,xmm7
00A0403B 0F28C1 movaps xmm0,xmm1
00A0403E F3:0F5905 F04E1401 mulss xmm0,dword ptr ds:
00A04046 F3:0F59C1 mulss xmm0,xmm1
00A0404A F3:0F5905 F4AD1301 mulss xmm0,dword ptr ds:
00A04052 F3:0F59C1 mulss xmm0,xmm1
00A04056 F3:0F59C1 mulss xmm0,xmm1
00A0405A F3:0F59C1 mulss xmm0,xmm1
00A0405E F3:0F58CB addss xmm1,xmm3
00A04062 F3:0F58C1 addss xmm0,xmm1
00A04066 F3:0F1049 10 movss xmm1,dword ptr ds:
00A0406B F3:0F5C0C24 subss xmm1,dword ptr ss:
00A04070 F3:0F5ED8 divss xmm3,xmm0
00A04074 0F28D1 movaps xmm2,xmm1
00A04077 F3:0F59D4 mulss xmm2,xmm4
00A0407B F3:0F58D5 addss xmm2,xmm5
00A0407F F3:0F59D7 mulss xmm2,xmm7
00A04083 0F28C2 movaps xmm0,xmm2
00A04086 F3:0F58D1 addss xmm2,xmm1
00A0408A F3:0F59C4 mulss xmm0,xmm4
00A0408E F3:0F5CE8 subss xmm5,xmm0
00A04092 F3:0F59D3 mulss xmm2,xmm3
00A04096 F3:0F581424 addss xmm2,dword ptr ss:
00A0409B F3:0F59EB mulss xmm5,xmm3
00A0409F F3:0F1169 0C movss dword ptr ds:,xmm5
00A040A4 F3:0F1151 10 movss dword ptr ds:,xmm2
00A040A9 F3:0F1061 14 movss xmm4,dword ptr ds:
00A040AE F3:0F100D 105A1001 movss xmm1,dword ptr ds:
00A040B6 0F28C4 movaps xmm0,xmm4
00A040B9 F3:0F5C41 10 subss xmm0,dword ptr ds:
00A040BE F3:0F1051 04 movss xmm2,dword ptr ds:
00A040C3 F3:0F1059 10 movss xmm3,dword ptr ds:
00A040C8 F3:0F5CDE subss xmm3,xmm6
00A040CC 0F54C1 andps xmm0,xmm1
00A040CF 0F2FD0 comiss xmm2,xmm0
00A040D2 76 0E jbe XDumped.00A040E2
00A040D4 F3:0F1161 10 movss dword ptr ds:,xmm4
00A040D9 C741 0C 00000000 mov dword ptr ds:,0x0
00A040E0 EB 1F jmp XDumped.00A04101
00A040E2 0F54D9 andps xmm3,xmm1
00A040E5 0F2FD3 comiss xmm2,xmm3
00A040E8 76 17 jbe XDumped.00A04101
00A040EA 0F2FE6 comiss xmm4,xmm6
00A040ED 76 06 jbe XDumped.00A040F5
00A040EF F3:0F58D6 addss xmm2,xmm6
00A040F3 EB 07 jmp XDumped.00A040FC
00A040F5 F3:0F5CF2 subss xmm6,xmm2
00A040F9 0F28D6 movaps xmm2,xmm6
00A040FC F3:0F1151 10 movss dword ptr ds:,xmm2
00A04101 F3:0F1041 10 movss xmm0,dword ptr ds:
00A04106 F3:0F100D 7C851001 movss xmm1,dword ptr ds://////0x110857C即为无限视距基址
00A0410E 0F2FC1 comiss xmm0,xmm1
00A04111 77 0D ja XDumped.00A04120
00A04113 F3:0F100D 88281101 movss xmm1,dword ptr ds:
00A0411B 0F2FC8 comiss xmm1,xmm0
00A0411E 76 07 jbe XDumped.00A04127
00A04120 F3:0F1149 10 movss dword ptr ds:,xmm1
00A04125 59 pop ecx
00A04126 C3 retn或者
OD搜索所有常量 0x110857C
可找到上面2个地址
005AA035 movss xmm0,dword ptr ds: ds:=2250.000
00A04106 movss xmm1,dword ptr ds: ds:=2250.000
沙发来也{:6_225:}
附加LOL?这不科学吧?
其实找到后没用关键是如何过TP检测 这个是个大问题
复制了这么多代码 感觉看不懂
{:6_225:}这是附加LOL吗? 完全不科学!
其实我想知道这个特征码是怎么找出来的..
我也想知道特征码是怎么找出来的
求解特征码怎么找出来的
页:
[1]