#include"pch.h"
/*
$-28 | 41:B8 01000000 | mov r8d,1 |
$-22 | 48:8BD3 | mov rdx,rbx |
$-1F | 48:8BCF | mov rcx,rdi |
$-1C | E8 C5560000 | call game.4FB9A140 |
$-17 | EB 39 | jmp game.4FB94AB6 |
$-15 | 48:8BD3 | mov rdx,rbx |
$-12 | 48:8BCF | mov rcx,rdi |
$-F | E8 18C70000 | call <game.使用技能动作>
$-A | EB 2C | jmp game.4FB94AB6 |
$-8 | 8B53 60 | mov edx,dword ptr ds:[rbx+60] |
$-5 | E8 3E40CFFF | call game.4F888AD0 |
$ ==> | EB 22 | jmp game.4FB94AB6 | EB 22 8B 53 08 48 8B CF
$+2 | 8B53 08 | mov edx,dword ptr ds:[rbx+8] |
$+5 | 48:8BCF | mov rcx,rdi |
$+8 | E8 210E0000 | call <game.感情表现>
$+D | EB 15 | jmp game.4FB94AB6 |
$+F | 8B53 08 | mov edx,dword ptr ds:[rbx+8] |
$+12 | 48:8BCF | mov rcx,rdi |
$+15 | E8 D4890000 | call game.4FB9D480 |
$+1A | EB 08 | jmp game.4FB94AB6 |
$+1C | 48:8BD3 | mov rdx,rbx |
$-63 | 48:8B0D 5605A400 | mov rcx,qword ptr ds:[<RCX_CALL_SKILL_ACTION>] |
$-5C | 48:8BD0 | mov rdx,rax |
$-59 | E8 FECB1400 | call <game.使用技能动作> |
$-54 | E9 7D010000 | jmp game.4FA54724 |
$-4F | 48:8D15 DA215000 | lea rdx,qword ptr ds:[4FF56788] | 000000004FF56788:"toypet_search"
$-48 | 48:8BCB | mov rcx,rbx |
$-45 | FF15 498F4200 | call qword ptr ds:[<&_stricmp>] |
$-3F | 85C0 | test eax,eax |
$-3D | 75 07 | jne game.4FA545C2 |
$-3B | BA 7BC30000 | mov edx,C37B |
$-36 | EB C5 | jmp game.4FA54587 |
$-34 | 48:8D15 AF215000 | lea rdx,qword ptr ds:[4FF56778] | 000000004FF56778:"toypet_unsummon"
$-2D | 48:8BCB | mov rcx,rbx |
$-2A | FF15 2E8F4200 | call qword ptr ds:[<&_stricmp>] |
$-24 | 85C0 | test eax,eax |
$-22 | 75 0A | jne game.4FA545E0 |
$-20 | E8 C57EDEFF | call game.4F83C4A0 |
$-1B | E9 44010000 | jmp game.4FA54724 |
$-16 | 41:B8 0E000000 | mov r8d,E |
$-10 | 48:8D15 C3215000 | lea rdx,qword ptr ds:[4FF567B0] | 000000004FF567B0:"toypet_emotion"
$-9 | 48:8BCB | mov rcx,rbx |
$-6 | FF15 128F4200 | call qword ptr ds:[<&_strnicmp>] |
$ ==> | 85C0 | test eax,eax | 85C0751D488D4B0EFF15
$+2 | 75 1D | jne game.4FA54617 |
$+4 | 48:8D4B 0E | lea rcx,qword ptr ds:[rbx+E] |
$+8 | FF15 5C894200 | call qword ptr ds:[<&atol>] |
$+E | 48:8B0D E504A400 | mov rcx,qword ptr ds:[<RCX_CALL_SKILL_ACTION>] |
$+15 | 8BD0 | mov edx,eax |
$+17 | E8 AE121400 | call <game.感情表现> |
$+1C | E9 0D010000 | jmp game.4FA54724 |
$+21 | 48:85DB | test rbx,rbx |
$+24 | 0F84 00010000 | je game.4FA54720 |
$+2A | 803B 00 | cmp byte ptr ds:[rbx],0 |
$+2D | 0F84 F7000000 | je game.4FA54720 |
$+33 | 66:0F6F05 5F165800 | movdqa xmm0,xmmword ptr ds:[4FFD5C90] |
$+3B | 49:C7C0 FFFFFFFF | mov r8,FFFFFFFFFFFFFFFF |
*/
UINT_PTR CALL_USE_SKILL_感情表现()
{
char sz_tzm_Code[] = "85C0751D488D4B0EFF15"; //
char sz_tzm_Code_buf[256] = { 0 };
SIZE_T nSize = HexStrToBytes(sz_tzm_Code, sz_tzm_Code_buf, 256);
UINT_PTR Finded_OFFSET = findbase.FindCode((BYTE*)sz_tzm_Code_buf, (BYTE)nSize);
//CALL地址=当前EIP+指令长度+指令偏移
//CALL_OFFSET=EIP偏移+5+(int)指令偏移
//ok
//ok
{
char sz_VarName_A[] = "RCX_CALL_USE_SKILL2"; //需要修改 012
UINT_PTR EIP偏移 = Finded_OFFSET + 0x0E;////需要修改
int 指令偏移 = R4(findbase.GetExeBase() + EIP偏移 + 3);//int 指令偏移=R4((UINT_PTR)&findbase.ExeBuf[EIP偏移+1]);
BYTE 指令长度 = 7;
UINT_PTR CALL_OFFSET = EIP偏移 + 指令长度 + 指令偏移;
UINT64 check8 = R8(findbase.GetExeBase() + CALL_OFFSET);
if (Finded_OFFSET && CALL_OFFSET % 8 == 0)//
{
gdbg.printFA("%s.%s=0x%010X; // % 20s+%09X OK \r\n", findbase.wowexe.c_str(), sz_VarName_A, CALL_OFFSET, findbase.m_exeName.c_str(), CALL_OFFSET);
}
else
{
gdbg.printFA("%s.%s=0x%010X; // % 20s+%09X ER \r\n", findbase.wowexe.c_str(), sz_VarName_A, 0, findbase.m_exeName.c_str(), CALL_OFFSET);
}
}
{
char sz_VarName_A[] = "CALL_USE_SKILL_感情表现"; //需要修改 012
UINT_PTR EIP偏移 = Finded_OFFSET + 0x17;////需要修改
int 指令偏移 = R4(findbase.GetExeBase() + EIP偏移 + 1);//int 指令偏移=R4((UINT_PTR)&findbase.ExeBuf[EIP偏移+1]);
BYTE 指令长度 = 5;
UINT_PTR CALL_OFFSET = EIP偏移 + 指令长度 + 指令偏移;
UINT64 check8 = R8(findbase.GetExeBase() + CALL_OFFSET);
if (Finded_OFFSET && CALL_OFFSET % 8 == 0)//
{
gdbg.printFA("%s.%s=0x%010X; // % 20s+%09X OK \r\n", findbase.wowexe.c_str(), sz_VarName_A, CALL_OFFSET, findbase.m_exeName.c_str(), CALL_OFFSET);
}
else
{
gdbg.printFA("%s.%s=0x%010X; // % 20s+%09X ER \r\n", findbase.wowexe.c_str(), sz_VarName_A, 0, findbase.m_exeName.c_str(), CALL_OFFSET);
}
}
return 2;
}
|
|小黑屋|手机版|郁金香外挂技术-郁金香灬老师
( 苏ICP备10059359号 )
发表于 2021-1-11 16:29:08
