|
给你看我的4.0的代码,是参考了STAR引擎后改的根据攻击范围来先手:
0043AAFB /$ 55 PUSH EBP
0043AAFC |. 8BEC MOV EBP,ESP
0043AAFE |. 83EC 10 SUB ESP,10
0043AB01 |. 894D F0 MOV DWORD PTR SS:[EBP-10],ECX
0043AB04 |. 68 FF000000 PUSH 0FF ; /Arg3 = 000000FF
0043AB09 |. 68 40060000 PUSH 640 ; |Arg2 = 00000640
0043AB0E |. 6A 04 PUSH 4 ; |/Arg3 = 00000004
0043AB10 |. 6A 00 PUSH 0 ; ||Arg2 = 00000000
0043AB12 |. 6A 00 PUSH 0 ; ||Arg1 = 00000000
0043AB14 |. B9 38EB4A00 MOV ECX,004AEB38 ; ||
0043AB19 |. E8 224F0400 CALL 0047FA40 ; |\0047FA40
0043AB1E |. 05 C0120000 ADD EAX,12C0 ; |
0043AB23 |. 50 PUSH EAX ; |Arg1
0043AB24 |. E8 EA510400 CALL 0047FD13 ; \0047FD13
0043AB29 |. 83C4 0C ADD ESP,0C
0043AB2C |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
0043AB2F |. E8 3C34FEFF CALL 0041DF70
0043AB34 |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
0043AB37 |. 6A 00 PUSH 0
0043AB39 |. 6A 00 PUSH 0
0043AB3B |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
0043AB3E |. E8 7B4D0000 CALL 0043F8BE
0043AB43 |. 50 PUSH EAX ; |Arg2
0043AB44 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; |
0043AB47 |. 83C0 06 ADD EAX,6 ; |
0043AB4A |. 50 PUSH EAX ; |Arg1
0043AB4B |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
0043AB4E |. E8 33BAFFFF CALL 00436586 ; \00436586
0043AB53 |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
0043AB56 |. 68 80000000 PUSH 80 ; /Arg1 = 00000080
0043AB5B |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
0043AB5E |. E8 8DAFFEFF CALL 00425AF0 ; \00425AF0
0043AB63 |. 85C0 TEST EAX,EAX
0043AB65 |. 75 4E JNZ SHORT 0043ABB5
0043AB67 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
0043AB6A |. E8 61AFFEFF CALL 00425AD0
0043AB6F |. 3C 04 CMP AL,4
0043AB71 |. 74 42 JE SHORT 0043ABB5
0043AB73 |. 6A 00 PUSH 0
0043AB75 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
0043AB78 |. E8 03950900 CALL 004D4080
0043AB7D |. E8 6EBAFCFF CALL 004065F0 ; \004065F0
0043AB82 |. 50 PUSH EAX
0043AB83 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
0043AB86 |. E8 F5940900 CALL 004D4080
0043AB8B |. E8 77CDFCFF CALL 00407907 ; \00407907
0043AB90 |. 85C0 TEST EAX,EAX
0043AB92 |. 74 21 JE SHORT 0043ABB5
0043AB94 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0043AB97 |. 3C FF CMP AL,0FF
0043AB99 |. 74 1A JE SHORT 0043ABB5
0043AB9B |. 6A 02 PUSH 2 ; /Arg1 = 00000002
0043AB9D |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
0043ABA0 |. E8 4BAFFEFF CALL 00425AF0 ; \00425AF0
0043ABA5 |. 85C0 TEST EAX,EAX
0043ABA7 |. 75 0C JNZ SHORT 0043ABB5
0043ABA9 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
0043ABAC |. E8 1FAFFEFF CALL 00425AD0
0043ABB1 |. 3C 04 CMP AL,4
0043ABB3 |. 75 05 JNZ SHORT 0043ABBA
0043ABB5 |> E9 C4000000 JMP 0043AC7E
0043ABBA |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0043ABBD |. E8 24B1FCFF CALL 00405CE6
0043ABC2 |. E8 9987FCFF CALL 00403360
0043ABC7 |. 66:8B08 MOV CX,WORD PTR DS:[EAX]
0043ABCA |. 66:894D F4 MOV WORD PTR SS:[EBP-C],CX
0043ABCE |. 8A55 F8 MOV DL,BYTE PTR SS:[EBP-8]
0043ABD1 |. 52 PUSH EDX ; /Arg2
0043ABD2 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; |
0043ABD5 |. 8A48 04 MOV CL,BYTE PTR DS:[EAX+4] ; |
0043ABD8 |. 51 PUSH ECX ; |Arg1
0043ABD9 |. E8 4BACFFFF CALL 00435829 ; \00435829
0043ABDE |. 83C4 08 ADD ESP,8
0043ABE1 |. 68 FF000000 PUSH 0FF ; /Arg3 = 000000FF
0043ABE6 |. 8A55 F8 MOV DL,BYTE PTR SS:[EBP-8] ; |
0043ABE9 |. 52 PUSH EDX ; |Arg2
0043ABEA |. 6A 01 PUSH 1 ; |Arg1 = 00000001
0043ABEC |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
0043ABEF |. E8 94680000 CALL 00441488 ; \00441488
0043ABF4 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0043ABF7 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0043ABFA |. E8 97BBFFFF CALL 00436796
0043ABFF |. 90 NOP
0043AC00 |. 90 NOP
0043AC01 |. 90 NOP
0043AC02 |. 85C0 TEST EAX,EAX
0043AC04 |. 74 0D JE SHORT 0043AC13
0043AC06 |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8]
0043AC09 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
0043AC0C |. 8A51 04 MOV DL,BYTE PTR DS:[ECX+4]
0043AC0F |. 52 PUSH EDX
0043AC10 |. 50 PUSH EAX
0043AC11 |. EB 0A JMP SHORT 0043AC1D
0043AC13 |> FF75 F8 PUSH DWORD PTR SS:[EBP-8]
0043AC16 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
0043AC19 |. 8A51 04 MOV DL,BYTE PTR DS:[ECX+4]
0043AC1C |. 52 PUSH EDX
0043AC1D |> B9 F0274900 /MOV ECX,004927F0 ; |
0043AC22 |. E8 CAB8FCFF |CALL 004064F1 ; \004064F1
0043AC27 |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
0043AC2A |. FF75 F8 |PUSH DWORD PTR SS:[EBP-8] ; /Arg1
0043AC2D |. E8 B6BCFFFF |CALL 004368E8 ; \004368E8
0043AC32 |. 85C0 |TEST EAX,EAX
0043AC34 |. 75 2A |JNZ SHORT 0043AC60
0043AC36 |. 8A4D F8 |MOV CL,BYTE PTR SS:[EBP-8]
0043AC39 |. E8 A8B0FCFF |CALL 00405CE6
0043AC3E |. E8 4D800300 |CALL 00472C90
0043AC43 |. 85C0 |TEST EAX,EAX
0043AC45 |. 75 19 |JNZ SHORT 0043AC60
0043AC47 |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
0043AC4A |. E8 1DBCFFFF |CALL 0043686C
0043AC4F |. 84C0 |TEST AL,AL
0043AC51 |. 74 0D |JE SHORT 0043AC60
0043AC53 |. 8855 F8 |MOV BYTE PTR SS:[EBP-8],DL
0043AC56 |. 52 |PUSH EDX
0043AC57 |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
0043AC5A |. 8A50 04 |MOV DL,BYTE PTR DS:[EAX+4]
0043AC5D |. 52 |PUSH EDX
0043AC5E |.^EB BD \JMP SHORT 0043AC1D
0043AC60 |> 6A 02 PUSH 2 ; /Arg1 = 00000002
0043AC62 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
0043AC65 |. E8 AE7A0000 CALL 00442718 ; \00442718
0043AC6A |. 6A 04 PUSH 4 ; /Arg1 = 00000004
0043AC6C |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
0043AC6F |. E8 A47A0000 CALL 00442718 ; \00442718
0043AC74 |. B9 50424B00 MOV ECX,004B4250
0043AC79 |. E8 958E0100 CALL 00453B13
0043AC7E |> 8BE5 MOV ESP,EBP
0043AC80 |. 5D POP EBP
0043AC81 \. C3 RETN
0043DADA /$ 55 PUSH EBP
0043DADB |. 8BEC MOV EBP,ESP
0043DADD |. 83EC 0C SUB ESP,0C
0043DAE0 |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
0043DAE3 |. C645 F8 FF MOV BYTE PTR SS:[EBP-8],0FF
0043DAE7 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0043DAEA |. E8 461E0000 CALL 0043F935
0043DAEF |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
0043DAF2 |. 68 FF000000 PUSH 0FF
0043DAF7 |. 6A 01 PUSH 1
0043DAF9 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0043DAFC |. E8 BD1D0000 CALL 0043F8BE
0043DB01 |. 50 PUSH EAX ; |Arg2
0043DB02 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; |
0043DB05 |. 8A48 04 MOV CL,BYTE PTR DS:[EAX+4] ; |
0043DB08 |. 51 PUSH ECX ; |Arg1
0043DB09 |. B9 50424B00 MOV ECX,004B4250 ; |
0043DB0E |. E8 2A780100 CALL 0045533D ; \0045533D
0043DB13 |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
0043DB16 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
0043DB19 |. 80FA FF CMP DL,0FF
0043DB1C |. 0F84 94000000 JE 0043DBB6
0043DB22 |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8]
0043DB25 |. 50 PUSH EAX ; /Arg2
0043DB26 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DB29 |. 8A51 04 MOV DL,BYTE PTR DS:[ECX+4] ; |
0043DB2C |. 52 PUSH EDX ; |Arg1
0043DB2D |. E8 F77CFFFF CALL 00435829 ; \00435829
0043DB32 |. 83C4 08 ADD ESP,8
0043DB35 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0043DB38 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0043DB3B |. E8 568CFFFF CALL 00436796
0043DB40 |. 90 NOP
0043DB41 |. 90 NOP
0043DB42 |. 90 NOP
0043DB43 |. 85C0 TEST EAX,EAX
0043DB45 |. 74 0D JE SHORT 0043DB54
0043DB47 |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8]
0043DB4A |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0043DB4D |. 8A51 04 MOV DL,BYTE PTR DS:[ECX+4]
0043DB50 |. 52 PUSH EDX
0043DB51 |. 50 PUSH EAX
0043DB52 |. EB 0B JMP SHORT 0043DB5F
0043DB54 |> 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0043DB57 |. 50 PUSH EAX
0043DB58 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0043DB5B |. 8A51 04 MOV DL,BYTE PTR DS:[ECX+4]
0043DB5E |. 52 PUSH EDX
0043DB5F |> B9 F0274900 /MOV ECX,004927F0 ; |
0043DB64 |. E8 8889FCFF |CALL 004064F1 ; \004064F1
0043DB69 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
0043DB6C |. FF75 F8 |PUSH DWORD PTR SS:[EBP-8] ; /Arg1
0043DB6F |. E8 748DFFFF |CALL 004368E8 ; \004368E8
0043DB74 |. 85C0 |TEST EAX,EAX
0043DB76 |. 75 2A |JNZ SHORT 0043DBA2
0043DB78 |. 8A4D F8 |MOV CL,BYTE PTR SS:[EBP-8]
0043DB7B |. E8 6681FCFF |CALL 00405CE6
0043DB80 |. E8 0B510300 |CALL 00472C90
0043DB85 |. 85C0 |TEST EAX,EAX
0043DB87 |. 75 19 |JNZ SHORT 0043DBA2
0043DB89 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
0043DB8C |. E8 DB8CFFFF |CALL 0043686C
0043DB91 |. 84C0 |TEST AL,AL
0043DB93 |. 74 0D |JE SHORT 0043DBA2
0043DB95 |. 8855 F8 |MOV BYTE PTR SS:[EBP-8],DL
0043DB98 |. 52 |PUSH EDX
0043DB99 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
0043DB9C |. 8A50 04 |MOV DL,BYTE PTR DS:[EAX+4]
0043DB9F |. 52 |PUSH EDX
0043DBA0 |.^EB BD \JMP SHORT 0043DB5F
0043DBA2 |> 6A 06 PUSH 6 ; /Arg1 = 00000006
0043DBA4 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DBA7 |. E8 6C4B0000 CALL 00442718 ; \00442718
0043DBAC |. B9 50424B00 MOV ECX,004B4250
0043DBB1 |. E8 5D5F0100 CALL 00453B13
0043DBB6 |> 8BE5 MOV ESP,EBP
0043DBB8 |. 5D POP EBP
0043DBB9 \. C3 RETN
00436796 /$ 55 PUSH EBP
00436797 |. 8BEC MOV EBP,ESP
00436799 |. 83EC 18 SUB ESP,18
0043679C |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
0043679F |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
004367A2 |. E8 3FF5FCFF CALL 00405CE6
004367A7 |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
004367AA |. 6A 08 PUSH 8 ; /Arg1 = 00000008
004367AC |. E8 2FFFFCFF CALL 004066E0 ; \004066E0
004367B1 |. 85C0 TEST EAX,EAX
004367B3 |. 75 64 JNZ SHORT 00436819
004367B5 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
004367B8 |. E8 C3D80900 CALL 004D4080
004367BD |. 894D F0 MOV DWORD PTR SS:[EBP-10],ECX
004367C0 |. 6A 45 PUSH 45
004367C2 |. E8 D4D80900 CALL 004D409B
004367C7 |. 85C0 TEST EAX,EAX
004367C9 |. 74 4E JE SHORT 00436819
004367CB |. 33D2 XOR EDX,EDX
004367CD |. 42 INC EDX
004367CE |> 8B4D F8 /MOV ECX,DWORD PTR SS:[EBP-8]
004367D1 |. E8 9A8E0200 |CALL 0045F670
004367D6 |. 8945 EC |MOV DWORD PTR SS:[EBP-14],EAX
004367D9 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
004367DC |. E8 8F8E0200 |CALL 0045F670
004367E1 |. 83FA 00 |CMP EDX,0
004367E4 |. 74 16 |JE SHORT 004367FC
004367E6 |. FF75 EC |PUSH DWORD PTR SS:[EBP-14] ; /Arg2
004367E9 |. 50 |PUSH EAX ; |Arg1
004367EA |. B9 F05D4B00 |MOV ECX,004B5DF0 ; |
004367EF |. E8 2B000000 |CALL 0043681F ; \0043681F
004367F4 |. 84C0 |TEST AL,AL
004367F6 |. 74 21 |JE SHORT 00436819
004367F8 |. 33D2 |XOR EDX,EDX
004367FA |.^EB D2 \JMP SHORT 004367CE
004367FC |> 6A 00 PUSH 0 ; /Arg6 = 00000000
004367FE |. 6A 00 PUSH 0 ; |Arg5 = 00000000
00436800 |. 6A 00 PUSH 0 ; |Arg4 = 00000000
00436802 |. 68 FF000000 PUSH 0FF ; |Arg3 = 000000FF
00436807 |. FF75 EC PUSH DWORD PTR SS:[EBP-14] ; |Arg2
0043680A |. 50 PUSH EAX ; |Arg1
0043680B |. B9 F05D4B00 MOV ECX,004B5DF0 ; |
00436810 |. E8 130C0200 CALL 00457428 ; \00457428
00436815 |. B0 01 MOV AL,1
00436817 |. EB 02 JMP SHORT 0043681B
00436819 |> 33C0 XOR EAX,EAX
0043681B |> 8BE5 MOV ESP,EBP
0043681D |. 5D POP EBP
0043681E \. C3 RETN
0043681F /$ 55 PUSH EBP
00436820 |. 8BEC MOV EBP,ESP
00436822 |. 83EC 1C SUB ESP,1C
00436825 |. 56 PUSH ESI
00436826 |. 894D E4 MOV DWORD PTR SS:[EBP-1C],ECX
00436829 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0043682C |. E8 1FD80900 CALL 004D4050
00436831 |. E8 A6120400 CALL 00477ADC
00436836 |. 8845 F4 MOV BYTE PTR SS:[EBP-C],AL
00436839 |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
0043683C |. E8 0FD80900 CALL 004D4050
00436841 |. E8 96120400 CALL 00477ADC
00436846 |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
00436849 |. C605 FA3F5000 >MOV BYTE PTR DS:[503FFA],1
00436850 |. FF75 F8 PUSH DWORD PTR SS:[EBP-8] ; /Arg2
00436853 |. FF75 F4 PUSH DWORD PTR SS:[EBP-C] ; |Arg1
00436856 |. E8 4D4A0200 CALL 0045B2A8 ; \0045B2A8
0043685B |. 83C4 08 ADD ESP,8
0043685E |. 5E POP ESI
0043685F |. C605 FA3F5000 >MOV BYTE PTR DS:[503FFA],0
00436866 |. 8BE5 MOV ESP,EBP
00436868 |. 5D POP EBP
00436869 \. C2 0800 RETN 8
前两段是调用先手、引导、奋战的程序,后面是先手的代码。最好参考着4.0来看,否则你不知道某些函数的作用是什么。
|
