|
|
用CE找到血如下, 然后OD跟入.
血值=[7E5A806C] 631C5264
---------------------------------------------
0048FA4F - 8B 46 04 - mov eax,[esi+04]
0048FA52 - 8B 4D 08 - mov ecx,[ebp+08]
0048FA55 - 89 88 1C240000 - mov [eax+0000241C],ecx <<<<<<<<<<<<<<
0048FA5B - 8B 0D 881B8700 - mov ecx,[00871B88]
0048FA61 - 8B 11 - mov edx,[ecx]
------------------------------------------------
血值=[7E5A806C]
= [eax+0000241C]
= [[esi+4] + 0000241C]
0048FA4F |> \8B46 04 mov eax,dword ptr ds:[esi+4] ; eax = [esi+4] <<<<<<
0048FA52 |. 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
0048FA55 |. 8988 1C240000 mov dword ptr ds:[eax+241C],ecx ; 血= eax+241c 1 <<<<<<<<<<<<
--------------------------------------------------
血值=[7E5A806C]
= [eax+0000241C]
= [[esi+4] + 0000241C]
=[[ecx+4] + 0000241C]
本地调用来自 005EBCDC
0048F9F0 /$ 55 push ebp
0048F9F1 |. 8BEC mov ebp,esp
0048F9F3 |. 56 push esi
0048F9F4 |. 8BF1 mov esi,ecx ; 这里?
--------------------------------------------------------
血值=[7E5A806C]
= [eax+0000241C]
= [[esi+4] + 0000241C]
=[[ecx+4] + 0000241C]
=[[edi+4] + 0000241C]
005EBCDA |. 8BCF mov ecx,edi ; edi
005EBCDC |. E8 0F3DEAFF call Game.0048F9F0 ; 掉血
--------------------------------------------------------------------
血值=[7E5A806C]
= [eax+0000241C]
= [[esi+4] + 0000241C]
=[[ecx+4] + 0000241C]
=[[edi+4] + 0000241C]
=[ [ [ebx+1dc]+4] + 0000241C]
005EBC9D |. 8BBB DC010000 mov edi,dword ptr ds:[ebx+1DC] ; edi = ebx+1dc 3
005EBCA3 |. 74 2B je short Game.005EBCD0 ; 从这里跳到下面
=============================
血值=[7E5A806C]
= [eax+0000241C]
= [[esi+4] + 0000241C]
=[[ecx+4] + 0000241C]
=[[edi+4] + 0000241C]
=[ [ [ebx+1dc]+4] + 0000241C]
=[ [ [eax+1dc]+4] + 0000241C]
005EBC8B |. 8BD8 mov ebx,eax ; ebx = eax
eax=6DB7EC30, (ASCII "X2v")
ebx=7FF63428
===================================
================================
eax 一个地图一个值.
005EBC87 |. 50 push eax ; EAX=657a
005EBC88 |. FF52 44 call dword ptr ds:[edx+44]
005EBC8B |. 8BD8 mov ebx,eax ; eax=7319EC30, (ASCII "X2v")
005EBC87 |. 50 push eax ; eax=00004AA8
005EBC88 |. FF52 44 call dword ptr ds:[edx+44]
005EBC8B |. 8BD8 mov ebx,eax ; eax=71CFFA58, (ASCII "X2v")
005EBC87 |. 50 push eax ; eax=0000658B
005EBC88 |. FF52 44 call dword ptr ds:[edx+44]
005EBC8B |. 8BD8 mov ebx,eax ; eax=71CFFA58, (ASCII "X2v")
005EBC87 |. 50 push eax ; eax=00004AAE
005EBC88 |. FF52 44 call dword ptr ds:[edx+44]
005EBC8B |. 8BD8 mov ebx,eax ; eax=71CFF5A0, (ASCII "X2v")
================================
血值=[7E5A806C]
= [eax+0000241C]
= [[esi+4] + 0000241C]
=[[ecx+4] + 0000241C]
=[[edi+4] + 0000241C]
=[ [ [ebx+1dc]+4] + 0000241C]
=[ [ [eax+1dc]+4] + 0000241C]
=[ [ [ [eax+10] +1dc]+4] + 0000241C]
00419F5A |> \8B40 10 mov eax,dword ptr ds:[eax+10] ; eax = [eax+10] 4
00419F5D |. 8BE5 mov esp,ebp
00419F5F |. 5D pop ebp
00419F60 \. C2 0400 retn 4
--------------------------------------------
血值=[7E5A806C]
= [eax+0000241C]
= [[esi+4] + 0000241C]
=[[ecx+4] + 0000241C]
=[[edi+4] + 0000241C]
=[ [ [ebx+1dc]+4] + 0000241C]
=[ [ [eax+1dc]+4] + 0000241C]
=[ [ [ [eax+10] +1dc]+4] + 0000241C]
[ [ [ [ [ebp-4]+10] +1dc]+4] + 0000241C]
00419F4A |. 8B45 FC mov eax,dword ptr ss:[ebp-4] ; eax = [ebp-4]
00419F4D |. 3BC1 cmp eax,ecx
00419F4F |. 5E pop esi
00419F50 |. 75 08 jnz short Game.00419F5A ; 跳
================================
血值=[7E5A806C]
= [eax+0000241C]
= [[esi+4] + 0000241C]
=[[ecx+4] + 0000241C]
=[[edi+4] + 0000241C]
=[ [ [ebx+1dc]+4] + 0000241C]
=[ [ [eax+1dc]+4] + 0000241C]
=[ [ [ [eax+10] +1dc]+4] + 0000241C]
[ [ [ [ [ebp-4]+10] +1dc]+4] + 0000241C]
[ [ [ [ [esp-4]+10] +1dc]+4] + 0000241C]
00419F30 /. 55 push ebp
00419F31 |. 8BEC mov ebp,esp ; ebp = esp
00419F33 |. 51 push ecx
==================================
===========================================
从TOP向下.
0070A554 . 50 push eax ; top
0070A555 . 51 push ecx
0070A556 . E8 0517EEFF call Game.005EBC60__________________
0070A55B . 83C4 08 add esp,8 |
0070A55E . C2 0400 retn 4 |
|
|
005EBC60 /$ 55 push ebp ; 一个超级大的call
005EBC61 |. 8BEC mov ebp,esp
005EBC63 |. 83EC 08 sub esp,8
005EBC66 |. A1 1C0E8700 mov eax,dword ptr ds:[870E1C]
005EBC6B |. 3B05 380E8700 cmp eax,dword ptr ds:[870E38]
005EBC71 |. 53 push ebx
005EBC72 |. 56 push esi
005EBC73 |. 0F85 A40B0000 jnz Game.005EC81D
005EBC79 |. 8B75 08 mov esi,dword ptr ss:[ebp+8]
005EBC7C |. 8B0D C04B8600 mov ecx,dword ptr ds:[864BC0]
005EBC82 |. 8B46 10 mov eax,dword ptr ds:[esi+10]
005EBC85 |. 8B11 mov edx,dword ptr ds:[ecx]
005EBC87 |. 50 push eax ; EAX 一张地图一个值
005EBC88 |. FF52 44 call dword ptr ds:[edx+44]
005EBC8B |. 8BD8 mov ebx,eax ; ebx = eax
005EBC8D |. 85DB test ebx,ebx
005EBC8F |. 895D F8 mov dword ptr ss:[ebp-8],ebx
005EBC92 |. 0F84 850B0000 je Game.005EC81D ; 不跳
005EBC98 |. F646 14 01 test byte ptr ds:[esi+14],1
005EBC9C |. 57 push edi
005EBC9D |. 8BBB DC010000 mov edi,dword ptr ds:[ebx+1DC] ; edi = ebx+1dc 6EBACC40
005EBCA3 |. 74 2B je short Game.005EBCD0 ; 从这里跳到下面
005EBCA5 |. 8B46 28 mov eax,dword ptr ds:[esi+28]
005EBCA8 |. 50 push eax
005EBCA9 |. 8BCF mov ecx,edi
005EBCAB |. E8 001BEAFF call Game.0048D7B0
005EBCB0 |. 8B0D C04B8600 mov ecx,dword ptr ds:[864BC0]
005EBCB6 |. 3B59 70 cmp ebx,dword ptr ds:[ecx+70]
005EBCB9 |. 75 15 jnz short Game.005EBCD0
005EBCBB |. 8B47 04 mov eax,dword ptr ds:[edi+4]
005EBCBE |. 8B0D 780E8700 mov ecx,dword ptr ds:[870E78]
005EBCC4 |. 8B40 64 mov eax,dword ptr ds:[eax+64]
005EBCC7 |. 8B11 mov edx,dword ptr ds:[ecx]
005EBCC9 |. 50 push eax
005EBCCA |. FF92 BC000000 call dword ptr ds:[edx+BC]
005EBCD0 |> F646 14 02 test byte ptr ds:[esi+14],2
005EBCD4 |. 74 0B je short Game.005EBCE1 ; 不跳
005EBCD6 |. 8B4E 30 mov ecx,dword ptr ds:[esi+30]
005EBCD9 |. 51 push ecx
005EBCDA |. 8BCF mov ecx,edi ; 变血
005EBCDC |. E8 0F3DEAFF call Game.0048F9F0
005EBCE1 |> F646 14 04 test byte ptr ds:[esi+14],4
005EBCE5 |. 74 0B je short Game.005EBCF2 ; 跳
005EBCE7 |. 8B56 34 mov edx,dword ptr ds:[esi+34]
005EBCEA |. 52 push edx
005EBCEB |. 8BCF mov ecx,edi ; 变血
005EBCED |. E8 0E3EEAFF call Game.0048FB00
005EBCF2 |> F646 14 08 test byte ptr ds:[esi+14],8
005EBCF6 |. 74 0B je short Game.005EBD03
005EBCF8 |. 8B46 2C mov eax,dword ptr ds:[esi+2C]
005EBCFB |. 50 push eax
005EBCFC |. 8BCF mov ecx,edi ; 变血
|
评分
-
| 参与人数 25 | HB +32 |
THX +17 |
收起
理由
|
|
花盗睡鼠
| + 2 |
+ 1 |
[吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守! |
|
虚心学习
| + 1 |
|
[吾爱汇编论坛52HB.COM]-软件反汇编逆向分析,软件安全必不可少! |
|
Soul1999
| |
+ 1 |
|
|
后学真
| + 1 |
|
|
|
Wayne
| + 1 |
|
[吾爱汇编论坛52HB.COM]-软件反汇编逆向分析,软件安全必不可少! |
|
娄胖胖
| |
+ 1 |
|
|
极速菜
| |
+ 1 |
|
|
飞刀梦想
| + 1 |
|
|
|
l278785481
| + 1 |
|
|
|
zxjzzh
| |
+ 1 |
[吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守! |
|
jaunic
| |
+ 1 |
|
|
ldljlzw
| |
+ 1 |
|
|
消逝的过去
| + 2 |
|
[吾爱汇编论坛52HB.COM]-软件反汇编逆向分析,软件安全必不可少! |
|
kalove
| + 1 |
|
|
|
hetao8003200
| |
+ 1 |
|
|
lies
| + 1 |
|
|
|
Jewel
| + 4 |
+ 1 |
[快捷评语]--你将受到所有人的崇拜! |
|
大手温暖
| + 1 |
+ 1 |
【禁止求破】技术交流,警告一次,望改正! |
|
雪里红
| + 1 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
一只大汉
| + 1 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
闪耀
| + 4 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
倚窗听雨
| + 1 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
逍遥枷锁
| + 4 |
+ 1 |
好人有好报!你的热心我永远不忘!谢谢! |
|
zxy20014
| + 2 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
彡墨鱼灬丶
| + 3 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
查看全部评分
|
[复制链接]
|RSS|手机版|小黑屋|帮助|吾爱汇编
( 
京公网安备11011502005403号 , 京ICP备20003498号-6 )|网站地图
窥视卡
雷达卡
前排沙发占座学习,谢谢大神转的一手好帖
