2012-2-22 02:22
砖家叫兽
关于废掉另一个叫 EFFAREA文件的代码
额 怎么说呢
继续这两个帖子的
[url]http://www.xycq.net/forum/thread-245813-1-1.html[/url]
[url]http://www.xycq.net/forum/thread-246065-1-1.html[/url]
前面已经匹配了攻击范围 以及 小地图与大地图 分别废掉了 SMLMAP和 HITAREA 两个文件
现在 穿透范围 也就是策略影响范围也与图像匹配了 所以 又废掉一个
[attach]119171[/attach]
0046FD40 /$ 55 PUSH EBP
0046FD41 |. 8BEC MOV EBP,ESP
0046FD43 |. 6A FF PUSH -1
0046FD45 |. 68 A6594800 PUSH Ekd5.004859A6 ; SE 处理程序安装
0046FD4A |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
0046FD50 |. 50 PUSH EAX
0046FD51 |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
0046FD58 |. 83EC 0C SUB ESP,0C
0046FD5B |. 894D E8 MOV DWORD PTR SS:[EBP-18],ECX
0046FD5E |. 0FB689 242000>MOVZX ECX,BYTE PTR DS:[ECX+2024]
0046FD65 |. E8 98420100 CALL Ekd5.00484002
0046FD6A |. E8 B8500100 CALL Ekd5.00484E27
0046FD6F |. 8845 F0 MOV BYTE PTR SS:[EBP-10],AL
0046FD72 |. 3C FF CMP AL,0FF
0046FD74 |. 75 04 JNZ SHORT Ekd5.0046FD7A
0046FD76 |. C645 F0 01 MOV BYTE PTR SS:[EBP-10],1
0046FD7A |> 90 NOP
0046FD7B |. 90 NOP
0046FD7C |. 90 NOP
0046FD7D |. 6A 00 PUSH 0 ; /ShowState = SW_HIDE
0046FD7F |. 8B15 FC5F4B00 MOV EDX,DWORD PTR DS:[4B5FFC] ; |
0046FD85 |. 52 PUSH EDX ; |hWnd => NULL
0046FD86 |. FF15 E0624800 CALL DWORD PTR DS:[<&USER32.ShowWindow>] ; \ShowWindow
0046FD8C |. 6A 0C PUSH 0C
0046FD8E |. E8 50CD0000 CALL Ekd5.0047CAE3
0046FD93 |. 83C4 04 ADD ESP,4
0046FD96 |. 05 00040000 ADD EAX,400
0046FD9B |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX
0046FD9E |. 90 NOP
0046FD9F |. 90 NOP
0046FDA0 |. 90 NOP
0046FDA1 |. 6A 07 PUSH 7
0046FDA3 |. E8 22D40000 CALL Ekd5.0047D1CA
0046FDA8 |. 83C4 04 ADD ESP,4
0046FDAB |. 6A 00 PUSH 0 ; /Arg3 = 00000000
0046FDAD |. 6A 00 PUSH 0 ; |Arg2 = 00000000
0046FDAF |. 6A 00 PUSH 0 ; |Arg1 = 00000000
0046FDB1 |. E8 3BD40000 CALL Ekd5.0047D1F1 ; \Ekd5.0047D1F1
0046FDB6 |. 83C4 0C ADD ESP,0C
0046FDB9 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
0046FDBC |. 05 24100000 ADD EAX,1024
0046FDC1 |. 50 PUSH EAX
0046FDC2 |. 8B0D AC684800 MOV ECX,DWORD PTR DS:[4868AC]
0046FDC8 |. 51 PUSH ECX
0046FDC9 |. 8B15 A8684800 MOV EDX,DWORD PTR DS:[4868A8]
0046FDCF |. 52 PUSH EDX
0046FDD0 |. 6A 00 PUSH 0
0046FDD2 |. 6A 00 PUSH 0
0046FDD4 |. E8 C2E20000 CALL Ekd5.0047E09B
0046FDD9 |. 83C4 14 ADD ESP,14
0046FDDC |. 6A 00 PUSH 0
0046FDDE |. E8 00CD0000 CALL Ekd5.0047CAE3
0046FDE3 |. 83C4 04 ADD ESP,4
0046FDE6 |. 90 NOP
0046FDE7 |. 90 NOP
0046FDE8 |. 90 NOP
0046FDE9 |. 57 PUSH EDI
0046FDEA |. 8B7D EC MOV EDI,DWORD PTR SS:[EBP-14]
0046FDED |. 33C0 XOR EAX,EAX
0046FDEF |. B9 00100000 MOV ECX,1000
0046FDF4 |. F3:AA REP STOS BYTE PTR ES:[EDI]
0046FDF6 |. 5F POP EDI
0046FDF7 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0046FDFA |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0046FDFD |. 50 PUSH EAX
0046FDFE |. E8 ADD90600 CALL Ekd5.004DD7B0
0046FE03 |. 90 NOP
0046FE04 |. 90 NOP
0046FE05 |. 90 NOP
0046FE06 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0046FE09 |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
0046FE10 |. 8BE5 MOV ESP,EBP
0046FE12 |. 5D POP EBP
0046FE13 \. C3 RETN
压缩 并作为接口
[color=Silver][[i] 本帖最后由 砖家叫兽 于 2012-2-22 02:26 编辑 [/i]][/color]
2012-2-22 02:31
砖家叫兽
0046FE20 /. 55 PUSH EBP
0046FE21 |. 8BEC MOV EBP,ESP
0046FE23 |. 51 PUSH ECX
0046FE24 |. 60 PUSHAD
0046FE25 |. 0FB65D 08 MOVZX EBX,BYTE PTR SS:[EBP+8]
0046FE29 |. 6A FE PUSH -2
0046FE2B |. 5E POP ESI
0046FE2C |. EB 01 JMP SHORT Ekd5.0046FE2F
0046FE2E |> 46 /INC ESI
0046FE2F |> 83FE 02 CMP ESI,2
0046FE32 |. 7F 25 |JG SHORT Ekd5.0046FE59
0046FE34 |. 6A FE |PUSH -2
0046FE36 |. 5F |POP EDI
0046FE37 |. EB 01 |JMP SHORT Ekd5.0046FE3A
0046FE39 |> 47 |/INC EDI
0046FE3A |> 83FF 02 | CMP EDI,2
0046FE3D |. 7F 18 ||JG SHORT Ekd5.0046FE57
0046FE3F |. 56 ||PUSH ESI ; /Arg3
0046FE40 |. 57 ||PUSH EDI ; |Arg2
0046FE41 |. 53 ||PUSH EBX ; |Arg1
0046FE42 |. E8 49840000 ||CALL Ekd5.00478290 ; \Ekd5.00478290
0046FE47 |. 85C0 ||TEST EAX,EAX
0046FE49 |. 74 0A ||JE SHORT Ekd5.0046FE55
0046FE4B |. 56 ||PUSH ESI ; /Arg2
0046FE4C |. 57 ||PUSH EDI ; |Arg1
0046FE4D |. 8B4D FC ||MOV ECX,DWORD PTR SS:[EBP-4] ; |
0046FE50 |. E8 1B830000 ||CALL Ekd5.00478170 ; \Ekd5.00478170
0046FE55 |>^ EB E2 |\JMP SHORT Ekd5.0046FE39
0046FE57 |>^ EB D5 \JMP SHORT Ekd5.0046FE2E
0046FE59 |> 61 POPAD
0046FE5A |. 8BE5 MOV ESP,EBP
0046FE5C |. 5D POP EBP
0046FE5D \. C2 0400 RETN 4
穿透范围比攻击范围小 最远3格 其中包括穿透 和 大范围
大范围 从-2到2
00478170 /$ 55 PUSH EBP
00478171 |. 8BEC MOV EBP,ESP
00478173 |. 51 PUSH ECX
00478174 |. 60 PUSHAD
00478175 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00478178 |. 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C]
0047817B |. 83C0 03 ADD EAX,3
0047817E |. 83C2 03 ADD EDX,3
00478181 |. 69D2 40020000 IMUL EDX,EDX,240
00478187 |. 6BC0 09 IMUL EAX,EAX,9
0047818A |. 03C2 ADD EAX,EDX
0047818C |. 03C8 ADD ECX,EAX
0047818E |. 8BD9 MOV EBX,ECX
00478190 |. 33F6 XOR ESI,ESI
00478192 |> 33FF /XOR EDI,EDI
00478194 |. 83FE 09 |CMP ESI,9
00478197 |. 73 3C |JNB SHORT Ekd5.004781D5
00478199 |> 83FF 09 |/CMP EDI,9
0047819C |. 73 31 ||JNB SHORT Ekd5.004781CF
0047819E |. 85F6 ||TEST ESI,ESI
004781A0 |. 74 26 ||JE SHORT Ekd5.004781C8
004781A2 |. 83FE 08 ||CMP ESI,8
004781A5 |. 74 21 ||JE SHORT Ekd5.004781C8
004781A7 |. 85FF ||TEST EDI,EDI
004781A9 |. 74 1D ||JE SHORT Ekd5.004781C8
004781AB |. 83FF 08 ||CMP EDI,8
004781AE |. 74 18 ||JE SHORT Ekd5.004781C8
004781B0 |. 837D 08 00 ||CMP DWORD PTR SS:[EBP+8],0
004781B4 |. 75 06 ||JNZ SHORT Ekd5.004781BC
004781B6 |. 837D 0C 00 ||CMP DWORD PTR SS:[EBP+C],0
004781BA |. 74 06 ||JE SHORT Ekd5.004781C2
004781BC |> C6043B 66 ||MOV BYTE PTR DS:[EBX+EDI],66
004781C0 |. EB 0A ||JMP SHORT Ekd5.004781CC
004781C2 |> C6043B 37 ||MOV BYTE PTR DS:[EBX+EDI],37
004781C6 |. EB 04 ||JMP SHORT Ekd5.004781CC
004781C8 |> C6043B FF ||MOV BYTE PTR DS:[EBX+EDI],0FF
004781CC |> 47 ||INC EDI
004781CD |.^ EB CA |\JMP SHORT Ekd5.00478199
004781CF |> 46 |INC ESI
004781D0 |. 83C3 40 |ADD EBX,40
004781D3 |.^ EB BD \JMP SHORT Ekd5.00478192
004781D5 |> 61 POPAD
004781D6 |. 8BE5 MOV ESP,EBP
004781D8 |. 5D POP EBP
004781D9 \. C2 0800 RETN 8
与攻击范围不同点在于 这里 ADD EDX,3 因为
最远3格 3+1+3=7 而 7*9=63
所以
00478194 |. 83FE 09 |CMP ESI,9
00478199 |> 83FF 09 |/CMP EDI,9
004781AB |. 83FF 08 ||CMP EDI,8
这些就不解释了 参考另一个帖子
然后 还有一个不一样的
004DD820 55 PUSH EBP
004DD821 8BEC MOV EBP,ESP
004DD823 51 PUSH ECX
004DD824 60 PUSHAD
004DD825 8BD9 MOV EBX,ECX
004DD827 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
004DD82A 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C]
004DD82D 85D2 TEST EDX,EDX
004DD82F 74 02 JE SHORT Ekd5.004DD833
004DD831 8BD0 MOV EDX,EAX
004DD833 83C0 03 ADD EAX,3
004DD836 69C0 40020000 IMUL EAX,EAX,240
004DD83C 03D8 ADD EBX,EAX
004DD83E 8BC2 MOV EAX,EDX
004DD840 F7D8 NEG EAX
004DD842 83C2 03 ADD EDX,3
004DD845 83C0 03 ADD EAX,3
004DD848 6BC0 09 IMUL EAX,EAX,9
004DD84B 6BD2 09 IMUL EDX,EDX,9
004DD84E 6A FF PUSH -1
004DD850 52 PUSH EDX
004DD851 50 PUSH EAX
004DD852 8BCB MOV ECX,EBX
004DD854 58 POP EAX
004DD855 83F8 FF CMP EAX,-1
004DD858 74 37 JE SHORT Ekd5.004DD891
004DD85A 03C8 ADD ECX,EAX
004DD85C 33F6 XOR ESI,ESI
004DD85E 33FF XOR EDI,EDI
004DD860 83FE 09 CMP ESI,9
004DD863 73 2A JNB SHORT Ekd5.004DD88F
004DD865 83FF 09 CMP EDI,9
004DD868 73 1F JNB SHORT Ekd5.004DD889
004DD86A 85F6 TEST ESI,ESI
004DD86C 74 14 JE SHORT Ekd5.004DD882
004DD86E 83FE 08 CMP ESI,8
004DD871 74 0F JE SHORT Ekd5.004DD882
004DD873 85FF TEST EDI,EDI
004DD875 74 0B JE SHORT Ekd5.004DD882
004DD877 83FF 08 CMP EDI,8
004DD87A 74 06 JE SHORT Ekd5.004DD882
004DD87C C60439 A6 MOV BYTE PTR DS:[ECX+EDI],0A6
004DD880 EB 04 JMP SHORT Ekd5.004DD886
004DD882 C60439 FF MOV BYTE PTR DS:[ECX+EDI],0FF
004DD886 47 INC EDI
004DD887 ^ EB DC JMP SHORT Ekd5.004DD865
004DD889 46 INC ESI
004DD88A 83C3 40 ADD EBX,40
004DD88D ^ EB CF JMP SHORT Ekd5.004DD85E
004DD88F ^ EB C1 JMP SHORT Ekd5.004DD852
004DD891 61 POPAD
004DD892 8BE5 MOV ESP,EBP
004DD894 5D POP EBP
004DD895 C2 0800 RETN 8
这个是显示直线穿透 以及本人创造的“三分剑术”
细心的朋友可以发现一个细节 这里的颜色又有些不一样了
哈哈