回复 #159 dnts0318 的帖子
00407AF2 55 push ebp
00407AF3 8BEC mov ebp,esp
00407AF5 83EC 18 sub esp,18
00407AF8 894D F0 mov dword ptr ss:[ebp-10],ecx
00407AFB C645 F8 00 mov byte ptr ss:[ebp-8],0
00407AFF C645 FC FF mov byte ptr ss:[ebp-4],0FF
00407B03 C645 F4 00 mov byte ptr ss:[ebp-C],0
00407B07 33C0 xor eax,eax
00407B09 EB 07 jmp short Ekd5.00407B12
00407B0B 8A45 F4 mov al,byte ptr ss:[ebp-C]
00407B0E 40 inc eax
00407B0F 8845 F4 mov byte ptr ss:[ebp-C],al
00407B12 3C 01 cmp al,1
00407B14 0F8F 8A000000 jg Ekd5.00407BA4
00407B1A 8A55 F4 mov dl,byte ptr ss:[ebp-C]
00407B1D 52 push edx
00407B1E 8B4D F0 mov ecx,dword ptr ss:[ebp-10]
00407B21 E8 BA1A0000 call Ekd5.004095E0
00407B26 8845 E8 mov byte ptr ss:[ebp-18],al
00407B29 52 push edx
00407B2A 8B4D F0 mov ecx,dword ptr ss:[ebp-10]
00407B2D E8 BEEAFFFF call Ekd5.004065F0
00407B32 3C FF cmp al,0FF
00407B34 ^ 74 D5 je short Ekd5.00407B0B
00407B36 8AC8 mov cl,al
00407B38 81E1 FF000000 and ecx,0FF
00407B3E 6BC9 19 imul ecx,ecx,19
00407B41 81C1 40114A00 add ecx,Ekd5.004A1140
00407B47 894D EC mov dword ptr ss:[ebp-14],ecx
00407B4A E8 1F4C0000 call Ekd5.0040C76E
00407B4F 85C0 test eax,eax
00407B51 ^ 7E B8 jle short Ekd5.00407B0B
00407B53 8B4D EC mov ecx,dword ptr ss:[ebp-14]
00407B56 E8 C5190000 call Ekd5.00409520
00407B5B 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
00407B5E 3AC8 cmp cl,al
00407B60 ^ 75 A9 jnz short Ekd5.00407B0B
00407B62 8B4D EC mov ecx,dword ptr ss:[ebp-14]
00407B65 E8 46620100 call Ekd5.0041DDB0
00407B6A 8B55 E8 mov edx,dword ptr ss:[ebp-18]
00407B6D E8 7EF0FFFF call Ekd5.00406BF0
00407B72 8845 F8 mov byte ptr ss:[ebp-8],al
00407B75 ^ EB 94 jmp short Ekd5.00407B0B
00407B77 1E push ds
00407B78 28FF sub bh,bh
00407B7A FF1E call far fword ptr ds:[esi]
00407B7C 1E push ds
00407B7D FF64FF 64 jmp dword ptr ds:[edi+edi*8+64]
00407B81 C8 C864FF enter 64C8,0FF
00407B85 FFFF ??? ; 未知命令
00407B87 FF50 FF call dword ptr ds:[eax-1]
00407B8A FFFF ??? ; 未知命令
00407B8C 18FF sbb bh,bh
00407B8E FF0D 013C3CFF dec dword ptr ds:[FF3C3C01]
00407B94 FF1E call far fword ptr ds:[esi]
00407B96 28FF sub bh,bh
00407B98 FF50 1E call dword ptr ds:[eax+1E]
00407B9B FF18 call far fword ptr ds:[eax]
00407B9D 28FF sub bh,bh
00407B9F FF28 jmp far fword ptr ds:[eax]
00407BA1 3C 28 cmp al,28
00407BA3 59 pop ecx
00407BA4 6A 02 push 2
00407BA6 8B4D F0 mov ecx,dword ptr ss:[ebp-10]
00407BA9 E8 42EAFFFF call Ekd5.004065F0
00407BAE 8845 FC mov byte ptr ss:[ebp-4],al
00407BB1 8B55 FC mov edx,dword ptr ss:[ebp-4]
00407BB4 81E2 FF000000 and edx,0FF
00407BBA 81FA FF000000 cmp edx,0FF
00407BC0 74 43 je short Ekd5.00407C05
00407BC2 8B4D FC mov ecx,dword ptr ss:[ebp-4]
00407BC5 81E1 FF000000 and ecx,0FF
00407BCB 6BC9 19 imul ecx,ecx,19
00407BCE 81C1 40114A00 add ecx,Ekd5.004A1140
00407BD4 E8 67190000 call Ekd5.00409540
00407BD9 25 FF000000 and eax,0FF
00407BDE 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
00407BE1 81E1 FF000000 and ecx,0FF
00407BE7 3BC1 cmp eax,ecx
00407BE9 75 1A jnz short Ekd5.00407C05
00407BEB 8B4D FC mov ecx,dword ptr ss:[ebp-4]
00407BEE 81E1 FF000000 and ecx,0FF
00407BF4 6BC9 19 imul ecx,ecx,19
00407BF7 81C1 40114A00 add ecx,Ekd5.004A1140
00407BFD E8 6E610100 call Ekd5.0041DD70
00407C02 8845 F8 mov byte ptr ss:[ebp-8],al
00407C05 8A45 F8 mov al,byte ptr ss:[ebp-8]
00407C08 8BE5 mov esp,ebp
00407C0A 5D pop ebp
00407C0B C2 0400 retn 4
00407C0E 55 push ebp
00407C0F 8BEC mov ebp,esp
00407C11 83EC 1C sub esp,1C
00407C14 894D F0 mov dword ptr ss:[ebp-10],ecx
00407C17 33C9 xor ecx,ecx
00407C19 894D F4 mov dword ptr ss:[ebp-C],ecx
00407C1C C645 F8 00 mov byte ptr ss:[ebp-8],0
00407C20 33C0 xor eax,eax
00407C22 EB 07 jmp short Ekd5.00407C2B
00407C24 8A45 F8 mov al,byte ptr ss:[ebp-8]
00407C27 40 inc eax
00407C28 8845 F8 mov byte ptr ss:[ebp-8],al
00407C2B 3C 01 cmp al,1
00407C2D 0F8F 9E000000 jg Ekd5.00407CD1
00407C33 8A55 F8 mov dl,byte ptr ss:[ebp-8]
00407C36 52 push edx
00407C37 8B4D F0 mov ecx,dword ptr ss:[ebp-10]
00407C3A E8 B1E9FFFF call Ekd5.004065F0
00407C3F 25 FF000000 and eax,0FF
00407C44 8945 FC mov dword ptr ss:[ebp-4],eax
00407C47 3C FF cmp al,0FF
00407C49 ^ 74 D9 je short Ekd5.00407C24
00407C4B 8A45 F8 mov al,byte ptr ss:[ebp-8]
00407C4E 50 push eax
00407C4F 8B4D F0 mov ecx,dword ptr ss:[ebp-10]
00407C52 E8 89190000 call Ekd5.004095E0
00407C57 8845 E8 mov byte ptr ss:[ebp-18],al
00407C5A 50 push eax
00407C5B 8B4D FC mov ecx,dword ptr ss:[ebp-4]
00407C5E 6BC9 19 imul ecx,ecx,19
00407C61 81C1 40114A00 add ecx,Ekd5.004A1140
00407C67 894D EC mov dword ptr ss:[ebp-14],ecx
00407C6A E8 054A0000 call Ekd5.0040C674
00407C6F 25 FF000000 and eax,0FF
00407C74 8945 E4 mov dword ptr ss:[ebp-1C],eax
00407C77 8B4D FC mov ecx,dword ptr ss:[ebp-4]
00407C7A 51 push ecx
00407C7B E8 9AEBFFFF call Ekd5.0040681A
00407C80 83C4 04 add esp,4
00407C83 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
00407C86 3AC8 cmp cl,al
00407C88 75 0B jnz short Ekd5.00407C95
00407C8A 8B45 E4 mov eax,dword ptr ss:[ebp-1C]
00407C8D 8B4D F4 mov ecx,dword ptr ss:[ebp-C]
00407C90 03C8 add ecx,eax
00407C92 894D F4 mov dword ptr ss:[ebp-C],ecx
00407C95 8B4D EC mov ecx,dword ptr ss:[ebp-14]
00407C98 E8 D14A0000 call Ekd5.0040C76E
00407C9D 85C0 test eax,eax
00407C9F 74 2B je short Ekd5.00407CCC
00407CA1 8B55 FC mov edx,dword ptr ss:[ebp-4]
00407CA4 52 push edx
00407CA5 E8 E4EAFFFF call Ekd5.0040678E
00407CAA 83C4 04 add esp,4
00407CAD 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
00407CB0 3AC8 cmp cl,al
00407CB2 75 18 jnz short Ekd5.00407CCC
00407CB4 8B4D EC mov ecx,dword ptr ss:[ebp-14]
00407CB7 E8 F4600100 call Ekd5.0041DDB0
00407CBC 8B55 E8 mov edx,dword ptr ss:[ebp-18]
00407CBF E8 2CEFFFFF call Ekd5.00406BF0
00407CC4 8B55 F4 mov edx,dword ptr ss:[ebp-C]
00407CC7 03D0 add edx,eax
00407CC9 8955 F4 mov dword ptr ss:[ebp-C],edx
00407CCC ^ E9 53FFFFFF jmp Ekd5.00407C24
00407CD1 6A 02 push 2
00407CD3 8B4D F0 mov ecx,dword ptr ss:[ebp-10]
00407CD6 E8 15E9FFFF call Ekd5.004065F0
00407CDB 25 FF000000 and eax,0FF
00407CE0 8945 FC mov dword ptr ss:[ebp-4],eax
00407CE3 3C FF cmp al,0FF
00407CE5 74 31 je short Ekd5.00407D18
00407CE7 8B4D FC mov ecx,dword ptr ss:[ebp-4]
00407CEA 51 push ecx
00407CEB E8 2AEBFFFF call Ekd5.0040681A
00407CF0 83C4 04 add esp,4
00407CF3 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
00407CF6 3AC8 cmp cl,al
00407CF8 75 1E jnz short Ekd5.00407D18
00407CFA 8B4D FC mov ecx,dword ptr ss:[ebp-4]
00407CFD 6BC9 19 imul ecx,ecx,19
00407D00 81C1 40114A00 add ecx,Ekd5.004A1140
00407D06 E8 65600100 call Ekd5.0041DD70
00407D0B 25 FF000000 and eax,0FF
00407D10 8B4D F4 mov ecx,dword ptr ss:[ebp-C]
00407D13 03C8 add ecx,eax
00407D15 894D F4 mov dword ptr ss:[ebp-C],ecx
00407D18 8B45 F4 mov eax,dword ptr ss:[ebp-C]
00407D1B 8BE5 mov esp,ebp
00407D1D 5D pop ebp
00407D1E C2 0400 retn 4
以下找个空白位置写(上面调用以下函数的地址也要相应改变,如00407D4D E8 9EEEFFFF call Ekd5.00406BF0)
00406BF0 55 push ebp
00406BF1 8BEC mov ebp,esp
00406BF3 81E2 FF000000 and edx,0FF
00406BF9 33C9 xor ecx,ecx
00406BFB 8A08 mov cl,byte ptr ds:[eax]
00406BFD 8078 FB 0D cmp byte ptr ds:[eax-5],0D
00406C01 77 0D ja short Ekd5.00406C10
00406C03 8A40 FE mov al,byte ptr ds:[eax-2]
00406C06 3C 19 cmp al,19
00406C08 75 09 jnz short Ekd5.00406C13
00406C0A 4A dec edx
00406C0B 0FAFCA imul ecx,edx
00406C0E EB 37 jmp short Ekd5.00406C47
00406C10 8A40 FE mov al,byte ptr ds:[eax-2]
00406C13 25 FF000000 and eax,0FF
00406C18 80FA 05 cmp dl,5(5级后效果为原来1.5倍)
00406C1B 72 2A jb short Ekd5.00406C47
00406C1D 3C 2B cmp al,2B
00406C1F 74 14 je short Ekd5.00406C35
00406C21 3C 2A cmp al,2A
00406C23 75 04 jnz short Ekd5.00406C29
00406C25 D1E1 shl ecx,1
00406C27 EB 0C jmp short Ekd5.00406C35
00406C29 3C 3E cmp al,3E
00406C2B 75 03 jnz short Ekd5.00406C30
00406C2D 41 inc ecx
00406C2E EB 05 jmp short Ekd5.00406C35
00406C30 6BC9 03 imul ecx,ecx,3
00406C33 D1E9 shr ecx,1
00406C35 80FA 09 cmp dl,9(9级以后数值可任意指定,按宝物效果号顺序)
00406C38 72 0D jb short Ekd5.00406C47
00406C3A 83E8 12 sub eax,12
00406C3D 8A80 777B4000 mov al,byte ptr ds:[eax+407B77](9级数值指定地址,就在上面改的第一块中)
00406C43 3C FF cmp al,0FF
00406C45 75 02 jnz short Ekd5.00406C49
00406C47 8BC1 mov eax,ecx
00406C49 8BE5 mov esp,ebp
00406C4B 5D pop ebp
00406C4C C3 retn
[ 本帖最后由 yanguodong 于 2009-3-13 22:17 编辑 ]
|