标题: 解读KOEI曹操传代码 [打印本页]
作者:
岱瀛 时间: 2007-1-20 14:12 标题: 解读KOEI曹操传代码
目录
一. 攻击篇
1.1 攻击响应函数
1.2 攻击处理函数
1.3 攻击伤害函数
1.4 伤害计算函数
1.5 攻击显示函数
1.5.1 攻击前的转向,致命一击台词
1.5.2 攻击过程的动作更替
1.5.3 弓兵,弓骑兵动作置慢
1.6 攻击效果函数
1.7 反击处理函数
1.8 升级处理函数
(其他东西米时间整理,算了不发了。)
……………………………………………………..
另外加发一些以前的修改笔记,都是些功能性修改吧,有些笔记在旧本本里,只能微移动硬盘的内容发吧.
[ 本帖最后由 岱瀛 于 2007-12-30 22:02 编辑 ]
作者:
岱瀛 时间: 2007-1-20 14:15
攻击篇
攻击响应函数
43DADA函数响应攻击点击
这个函数,是在战场上点了人物后,跳出那个四个按钮的对话框(如何处理这部分代码在资源篇讲)后,当我们点攻击就触发了。
43DADA其实就是攻击的消息响应处理函数。
要记住,这个函数的局部变量SS:[EBP-C],放了一个重要的入传参数,被属标点到的武将的内存索引地址值. (以后简称Ecx值)
SS:[EBP-8],放了被攻击武将的另外一个索引值,类型和EBP-C不同。 (以后简称栈值)
栈值 和Ecx值的对应关系是:栈值* 0x24+ 004B2C50=Ecx值
标识武将的,除了以上两种,还有一种就是武将Data序号。
0043DADA /$ 55 PUSH EBP
0043DADB |. 8BEC MOV EBP,ESP
0043DADD |. 83EC 0C SUB ESP,0C
0043DAE0 |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX ECX是被点到的武将信息的内存索引,[ECX]就记载着该武将的Data序号
0043DAE3 |. C645 F8 FF MOV BYTE PTR SS:[EBP-8],0FF
0043DAE7 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0043DAEA |. E8 281E0000 CALL Ekd5.0043F917
(这个函数,把Data序号乘以0x48,加上4A1B68,就得到该武将Data信息在内存里的映射地址了。)
0043DAEF |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
0043DAF2 |. 68 FF000000 PUSH 0FF
0043DAF7 |. 6A 01 PUSH 1
0043DAF9 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0043DAFC |. E8 BD1D0000 CALL Ekd5.0043F8BE 这个函数取解攻击范围
0043DB01 |. 50 PUSH EAX ; |Arg2
0043DB02 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; |
0043DB05 |. 8A48 04 MOV CL,BYTE PTR DS:[EAX+4] ; |
0043DB08 |. 51 PUSH ECX ; |Arg1
0043DB09 |. B9 50424B00 MOV ECX, _Ekd.004B4250 ; |
0043DB0E |. E8 2A780100 CALL Ekd5.0045533D ; \ Ekd.0045533D
这个函数又是一个消息监听处理,等待属标点到攻击对象或者点右键取消
0043DB13 |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
0043DB16 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
0043DB19 |. 81E2 FF000000 AND EDX,0FF
0043DB1F |. 81FA FF000000 CMP EDX,0FF
0043DB25 |. 0F84 F2000000 JE Ekd5.0043DC1D 如果点了取消,则跳到最后结束
0043DB2B |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8]
0043DB2E |. 50 PUSH EAX ; /Arg2
0043DB2F |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DB32 |. 8A51 04 MOV DL,BYTE PTR DS:[ECX+4] ; |
0043DB35 |. 52 PUSH EDX ; |Arg1
0043DB36 |. E8 EE7CFFFF CALL Ekd5.00435829 ; \ Ekd.00435829
0043DB3B |. 83C4 08 ADD ESP,8
0043DB3E |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8]
0043DB41 |. 50 PUSH EAX ; /Arg2
0043DB42 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DB45 |. 8A51 04 MOV DL,BYTE PTR DS:[ECX+4] ; |
0043DB48 |. 52 PUSH EDX ; |Arg1
0043DB49 |. B9 F0274900 MOV ECX, Ekd.004927F0 ; |
0043DB4E |. E8 9E89FCFF CALL Ekd.004064F1 ; \ Ekd.004064F1 进入攻击函数
0043DB53 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0043DB56 |. 81E1 FF000000 AND ECX,0FF
0043DB5C |. 6BC9 24 IMUL ECX,ECX,24
0043DB5F |. 81C1 502C4B00 ADD ECX, Ekd.004B2C50
0043DB65 |. E8 26510300 CALL Ekd.00472C90 \返回武将ecx的当前体力 就是被攻击的那个
0043DB6A |. 85C0 TEST EAX,EAX \判断是否为0
0043DB6C |. 0F85 97000000 JNZ Ekd.0043DC09 \不是0跳到后面结束,是表示被攻击武将被打死,继续往下走
0043DB72 |. 6A 2E PUSH 2E ; /Arg1 = 0000002E 2E,就是方天引导攻击的代号
0043DB74 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; |
0043DB77 |. 8B08 MOV ECX,DWORD PTR DS:[EAX] ; |
0043DB79 |. 6BC9 48 IMUL ECX,ECX,48 ; |
0043DB7C |. 81C1 681B4A00 ADD ECX, _Ekd.004A1B68 ; |
0043DB82 |. E8 829EFCFF CALL Ekd.00407A09 ; \ _Ekd.00407A09 检查当前武将是否佩戴引导攻击效果的武器
0043DB87 |. 85C0 TEST EAX,EAX
0043DB89 |. 74 7E JE SHORT Ekd.0043DC09
0043DB8B |. 68 FF000000 PUSH 0FF ; /Arg3 = 000000FF
0043DB90 |. 68 40060000 PUSH 640 ; |Arg2 = 00000640
0043DB95 |. 6A 04 PUSH 4 ; |/Arg3 = 00000004
0043DB97 |. 6A 00 PUSH 0 ; ||Arg2 = 00000000
0043DB99 |. 68 C0120000 PUSH 12C0 ; ||Arg1 = 000012C0
0043DB9E |. B9 38EB4A00 MOV ECX, _Ekd.004AEB38 ; ||
0043DBA3 |. E8 981E0400 CALL Ekd.0047FA40 ; |\ _Ekd.0047FA40
0043DBA8 |. 50 PUSH EAX ; |Arg1
0043DBA9 |. E8 65210400 CALL Ekd.0047FD13 ; \ _Ekd.0047FD13
0043DBAE |. 83C4 0C ADD ESP,0C
0043DBB1 |. 6A 00 PUSH 0
0043DBB3 |. 6A 00 PUSH 0
0043DBB5 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0043DBB8 |. E8 011D0000 CALL Ekd.0043F8BE 函数取解攻击范围
0043DBBD |. 50 PUSH EAX ; |Arg2
0043DBBE |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DBC1 |. 83C1 06 ADD ECX,6 ; |
0043DBC4 |. 51 PUSH ECX ; |Arg1
0043DBC5 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DBC8 |. E8 B989FFFF CALL Ekd.00436586 ; \ Ekd.00436586 这个是确定引导攻击的被攻击对象
0043DBCD |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
0043DBD0 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
0043DBD3 |. 81E2 FF000000 AND EDX,0FF
0043DBD9 |. 81FA FF000000 CMP EDX,0FF
0043DBDF |. 74 28 JE SHORT Ekd.0043DC09 找不到可以引导攻击的对象,退到结束
0043DBE1 |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8]
0043DBE4 |. 50 PUSH EAX ; /Arg2
0043DBE5 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DBE8 |. 8A51 04 MOV DL,BYTE PTR DS:[ECX+4] ; |
0043DBEB |. 52 PUSH EDX ; |Arg1
0043DBEC |. E8 387CFFFF CALL Ekd.00435829 ; \ _Ekd.00435829
0043DBF1 |. 83C4 08 ADD ESP,8
0043DBF4 |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8]
0043DBF7 |. 50 PUSH EAX ; /Arg2
0043DBF8 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DBFB |. 8A51 04 MOV DL,BYTE PTR DS:[ECX+4] ; |
0043DBFE |. 52 PUSH EDX ; |Arg1
0043DBFF |. B9 F0274900 MOV ECX, Ekd.004927F0 ; |
0043DC04 |. E8 E888FCFF CALL Ekd.004064F1 ; \ _Ekd.004064F1 进入攻击函数
0043DC09 |> 6A 06 PUSH 6 ; /Arg1 = 00000006
0043DC0B |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DC0E |. E8 054B0000 CALL Ekd.00442718 ; \ _Ekd.00442718
0043DC13 |. B9 50424B00 MOV ECX, _Ekd.004B4250
0043DC18 |. E8 F65E0100 CALL Ekd.00453B13
0043DC1D |> 8BE5 MOV ESP,EBP
0043DC1F |. 5D POP EBP
0043DC20 \. C3 RETN
//基本上,这个相应函数处理的就是确定攻击方和被攻击方,传入给下一个函数做进一步处理。本函数涉及到的比较重要的内容就是攻击范围的读取,而且也确定了一个特效,就是引导攻击。我们经常看到无限引导的说法,其实通过看这段代码可以很简单的知道,只需要把最后那段JMP回去也就实现了。
//这个函数,实现的功能是相对简单的,道理很明显,友军敌军的攻击并不需要来点攻击按钮,所以更复杂的逻辑是不可能做在这个相应函数里的。
[ 本帖最后由 岱瀛 于 2007-1-20 14:25 编辑 ]
作者:
岱瀛 时间: 2007-1-20 15:07
攻击处理函数
前面已经很清楚的分析过,4064F1是个核心的攻击函数,那么他里面是什么样子的呢?
这个函数,传入的参数有两个,一个是被攻击武将的栈值,一个是攻击武将的Data序号,还有传入了一个内存地址004927F0
局部变量,[EBP-4]保存了内存地址004927F0
004064F1 /$ 55 PUSH EBP
004064F2 |. 8BEC MOV EBP,ESP
004064F4 |. 51 PUSH ECX
004064F5 |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
004064F8 |. 8A45 0C MOV AL,BYTE PTR SS:[EBP+C]
004064FB |. 50 PUSH EAX ; /Arg2
004064FC |. 8A4D 08 MOV CL,BYTE PTR SS:[EBP+8] ; |
004064FF |. 51 PUSH ECX ; |Arg1
00406500 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
00406503 |. E8 F4FCFFFF CALL Ekd5.004061FC ; \Ekd5.004061FC
00406508 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0040650B |. C682 08060000>MOV BYTE PTR DS:[EDX+608],0 \\计数循环,首先令其计数器等于0
00406512 |. EB 15 JMP SHORT Ekd5.00406529 \\开始循环
00406514 |> 8B45 FC /MOV EAX,DWORD PTR SS:[EBP-4]
00406517 |. 8A88 08060000 |MOV CL,BYTE PTR DS:[EAX+608]
0040651D |. 80C1 01 |ADD CL,1 \\计数+1
00406520 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00406523 |. 888A 08060000 |MOV BYTE PTR DS:[EDX+608],CL
00406529 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0040652C |. 33C9 |XOR ECX,ECX
0040652E |. 8A88 08060000 |MOV CL,BYTE PTR DS:[EAX+608]
00406534 |. 83F9 02 |CMP ECX,2
00406537 |. 7D 28 |JGE SHORT Ekd5.00406561 大于等于2就跳出,所以该循环最多两次
00406539 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
0040653C |. E8 C2F8FFFF |CALL Ekd5.00405E03 攻击伤害函数
00406541 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00406544 |. E8 FBF1FFFF |CALL Ekd5.00405744 攻击动作显示函数
00406549 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
0040654C |. E8 38F3FFFF |CALL Ekd5.00405889 攻击后附加属性处理函数
00406551 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00406554 |. E8 28FCFFFF |CALL Ekd5.00406181 判断是否连击函数
00406559 |. 85C0 |TEST EAX,EAX
0040655B |. 75 02 |JNZ SHORT Ekd5.0040655F
0040655D |. EB 02 |JMP SHORT Ekd5.00406561
0040655F |>^ EB B3 \JMP SHORT Ekd5.00406514
00406561 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00406564 |. E8 03F7FFFF CALL Ekd5.00405C6C 经验值处理,升级显示函数
00406569 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0040656C |. E8 29FEFFFF CALL Ekd5.0040639A 反击处理函数
00406571 |. 8BE5 MOV ESP,EBP
00406573 |. 5D POP EBP
00406574 \. C2 0800 RETN 8
这个函数,调用了攻击全过程的所有函数,但是其本身逻辑却相对简单。从设计上讲,这应该是界面UI层和内部业务层之间的一个接口函数。
KOEI的代码,不单可靠性强,其实其设计的合理性更值得学习。
作者:
岱瀛 时间: 2007-1-20 16:29
攻击伤害函数
----恐怖的405E03函数-----
[EBP-4]这个变量是做计数器的
[EBP-8]是放被攻击武将的Ecx值
传进来的就是Ecx放的内存地址量了.本函数里用局部变量[EBP-C]存放004927F0 这个全局地址
这个地方有个很重要处,就是004927F0+i*4+84等于攻击伤害值 (i的值在就是[EBP-4])
[EBP-10] 和MP值相关
[EBP-14] 和HP 值相关
[EBP-18]物理攻击经验值
[EBP-1C]武器经验值
00405E03 /$ 55 PUSH EBP
00405E04 |. 8BEC MOV EBP,ESP
00405E06 |. 83EC 1C SUB ESP,1C
00405E09 |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
00405E0C |. 6A 00 PUSH 0 ; /Arg3 = 00000000
00405E0E |. 6A 74 PUSH 74 ; |Arg2 = 00000074
00405E10 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; |
00405E13 |. 05 84000000 ADD EAX,84 ; |
00405E18 |. 50 PUSH EAX ; |Arg1
00405E19 |. E8 F59E0700 CALL Ekd5.0047FD13 ; \Ekd5.0047FD13
00405E1E |. 83C4 0C ADD ESP,0C
00405E21 |. 6A 00 PUSH 0 ; /Arg3 = 00000000
00405E23 |. 6A 74 PUSH 74 ; |Arg2 = 00000074
00405E25 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
00405E28 |. 81C1 54020000 ADD ECX,254 ; |
00405E2E |. 51 PUSH ECX ; |Arg1
00405E2F |. E8 DF9E0700 CALL Ekd5.0047FD13 ; \Ekd5.0047FD13
00405E34 |. 83C4 0C ADD ESP,0C
00405E37 |. C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
00405E3B |. EB 09 JMP SHORT Ekd5.00405E46
00405E3D |> 8A55 FC /MOV DL,BYTE PTR SS:[EBP-4]
00405E40 |. 80C2 01 |ADD DL,1
00405E43 |. 8855 FC |MOV BYTE PTR SS:[EBP-4],DL
00405E46 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00405E49 |. 25 FF000000 |AND EAX,0FF
00405E4E |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
00405E51 |. 33D2 |XOR EDX,EDX
00405E53 |. 8A5401 10 |MOV DL,BYTE PTR DS:[ECX+EAX+10]
00405E57 |. 81FA FF000000 |CMP EDX,0FF
00405E5D |. 0F84 1A030000 |JE Ekd5.0040617D //退出
00405E63 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00405E66 |. 25 FF000000 |AND EAX,0FF
00405E6B |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
00405E6E |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00405E71 |. 8A4402 10 |MOV AL,BYTE PTR DS:[EDX+EAX+10]
00405E75 |. 8841 01 |MOV BYTE PTR DS:[ECX+1],AL
00405E78 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
00405E7B |. 33D2 |XOR EDX,EDX
00405E7D |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1]
00405E80 |. 8BCA |MOV ECX,EDX
00405E82 |. 6BC9 24 |IMUL ECX,ECX,24
00405E85 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405E8B |. E8 E0970500 |CALL Ekd5.0045F670 获取武将ecx的data编号
00405E90 |. 6BC0 48 |IMUL EAX,EAX,48
00405E93 |. 05 681B4A00 |ADD EAX,Ekd5.004A1B68
00405E98 |. 8945 F8 |MOV DWORD PTR SS:[EBP-8],EAX
00405E9B |. 33C0 |XOR EAX,EAX
00405E9D |. 3B05 042E4900 |CMP EAX,DWORD PTR DS:[492E04]
00405EA3 |. 1BC9 |SBB ECX,ECX
00405EA5 |. F7D9 |NEG ECX
00405EA7 |. 51 |PUSH ECX ; /Arg3
00405EA8 |. 6A 01 |PUSH 1 ; |Arg2 = 00000001
00405EAA |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8] ; |
00405EAD |. 52 |PUSH EDX ; |Arg1
00405EAE |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C] ; |
00405EB1 |. 8B48 0C |MOV ECX,DWORD PTR DS:[EAX+C] ; |
00405EB4 |. E8 925D0300 |CALL Ekd5.0043BC4B ; \Ekd5.0043BC4B 攻击伤害计算
00405EB9 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00405EBC |. 81E1 FF000000 |AND ECX,0FF
00405EC2 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00405EC5 |. 89848A 840000>|MOV DWORD PTR DS:[EDX+ECX*4+84],EAX
00405ECC |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00405ECF |. 25 FF000000 |AND EAX,0FF
00405ED4 |. 85C0 |TEST EAX,EAX
00405ED6 |. 0F85 97000000 |JNZ Ekd5.00405F73
00405EDC |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
00405EDF |. 33D2 |XOR EDX,EDX
00405EE1 |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1]
00405EE4 |. 8BCA |MOV ECX,EDX
00405EE6 |. 6BC9 24 |IMUL ECX,ECX,24
00405EE9 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405EEF |. E8 9CCD0600 |CALL Ekd5.00472C90 返回武将ecx的当前体力
00405EF4 |. 85C0 |TEST EAX,EAX
00405EF6 |. 76 7B |JBE SHORT Ekd5.00405F73
00405EF8 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
00405EFB |. E8 69FEFFFF |CALL Ekd5.00405D69 获取致命一击概率
00405F00 |. 25 FF000000 |AND EAX,0FF
00405F05 |. 50 |PUSH EAX ; /Arg1
00405F06 |. E8 279C0700 |CALL Ekd5.0047FB32 ; \Ekd5.0047FB32 致命一击是否发生
00405F0B |. 83C4 04 |ADD ESP,4
00405F0E |. 85C0 |TEST EAX,EAX
00405F10 |. 74 61 |JE SHORT Ekd5.00405F73 没有发生则跳转
00405F12 |. 6A 39 |PUSH 39 ; /Arg1 = 00000039 39是防御致命一击的效果代号
00405F14 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8] ; |
00405F17 |. E8 ED1A0000 |CALL Ekd5.00407A09 ; \Ekd5.00407A09 检测武将ecx是否装备防致命一击的特殊道具
00405F1C |. 85C0 |TEST EAX,EAX
00405F1E |. 74 18 |JE SHORT Ekd5.00405F38 EAX为0,没有跳转
00405F20 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00405F23 |. 25 FF000000 |AND EAX,0FF
00405F28 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
00405F2B |. C78481 840000>|MOV DWORD PTR DS:[ECX+EAX*4+84],0 这段是致命一击遇见防致命一击的下场
00405F36 |. EB 2E |JMP SHORT Ekd5.00405F66
00405F38 |> 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00405F3B |. 81E2 FF000000 |AND EDX,0FF
00405F41 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
00405F44 |. 8B8490 840000>|MOV EAX,DWORD PTR DS:[EAX+EDX*4+84]
00405F4B |. 6BC0 03 |IMUL EAX,EAX,3
00405F4E |. 99 |CDQ
00405F4F |. 2BC2 |SUB EAX,EDX
00405F51 |. D1F8 |SAR EAX,1
00405F53 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00405F56 |. 81E1 FF000000 |AND ECX,0FF
00405F5C |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00405F5F |. 89848A 840000>|MOV DWORD PTR DS:[EDX+ECX*4+84],EAX
00405F66 |> 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
00405F69 |. C780 04060000>|MOV DWORD PTR DS:[EAX+604],1
00405F73 |> 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
00405F76 |. 33D2 |XOR EDX,EDX
00405F78 |. 8A91 08060000 |MOV DL,BYTE PTR DS:[ECX+608]
00405F7E |. 85D2 |TEST EDX,EDX
00405F80 |. 7E 24 |JLE SHORT Ekd5.00405FA6 如果不是第二次攻击,则跳转,否则继续
00405F82 |. 6A 3A |PUSH 3A ; /Arg1 = 0000003A 防御两次攻击效果代号
00405F84 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8] ; |
00405F87 |. E8 7D1A0000 |CALL Ekd5.00407A09 ; \Ekd5.00407A09 判断被攻击武将是否装备防御两次攻击的道具
00405F8C |. 85C0 |TEST EAX,EAX
00405F8E |. 74 16 |JE SHORT Ekd5.00405FA6 没有装备该道具,跳转
00405F90 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00405F93 |. 25 FF000000 |AND EAX,0FF
00405F98 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
00405F9B |. C78481 840000>|MOV DWORD PTR DS:[ECX+EAX*4+84],0 装备了该道具,伤害值为0
00405FA6 |> 6A 3C |PUSH 3C ; /Arg1 = 0000003C 防御MP效果代号
00405FA8 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8] ; |
00405FAB |. E8 591A0000 |CALL Ekd5.00407A09 ; \Ekd5.00407A09 判断被攻击武将是否装备防御MP的道具
00405FB0 |. 85C0 |TEST EAX,EAX
00405FB2 |. 0F84 AD000000 |JE Ekd5.00406065 没有装备该道具,跳转
00405FB8 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00405FBB |. 33C0 |XOR EAX,EAX
00405FBD |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1]
00405FC0 |. 8BC8 |MOV ECX,EAX
00405FC2 |. 6BC9 24 |IMUL ECX,ECX,24
00405FC5 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405FCB |. E8 70C80600 |CALL Ekd5.00472840 返回被攻击武将的当前MP值
00405FD0 |. 85C0 |TEST EAX,EAX
00405FD2 |. 0F86 8D000000 |JBE Ekd5.00406065 MP小于等于0,无效
00405FD8 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
00405FDB |. 33D2 |XOR EDX,EDX
00405FDD |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1]
00405FE0 |. 8BCA |MOV ECX,EDX
00405FE2 |. 6BC9 24 |IMUL ECX,ECX,24
00405FE5 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405FEB |. E8 50C80600 |CALL Ekd5.00472840 返回被攻击武将的当前MP值
00405FF0 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00405FF3 |. 81E1 FF000000 |AND ECX,0FF
00405FF9 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00405FFC |. 3B848A 840000>|CMP EAX,DWORD PTR DS:[EDX+ECX*4+84]
00406003 |. 73 1B |JNB SHORT Ekd5.00406020 若MP不小于等于伤害值
00406005 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
00406008 |. 33C9 |XOR ECX,ECX
0040600A |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1]
0040600D |. 6BC9 24 |IMUL ECX,ECX,24
00406010 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00406016 |. E8 25C80600 |CALL Ekd5.00472840 返回被攻击武将的当前MP值
0040601B |. 8945 F0 |MOV DWORD PTR SS:[EBP-10],EAX
0040601E |. EB 16 |JMP SHORT Ekd5.00406036
00406020 |> 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00406023 |. 81E2 FF000000 |AND EDX,0FF
00406029 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
0040602C |. 8B8C90 840000>|MOV ECX,DWORD PTR DS:[EAX+EDX*4+84]
00406033 |. 894D F0 |MOV DWORD PTR SS:[EBP-10],ECX 把伤害值取出来放到EBP-10变量
00406036 |> 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00406039 |. 81E2 FF000000 |AND EDX,0FF
0040603F |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
00406042 |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
00406045 |. 898C90 540200>|MOV DWORD PTR DS:[EAX+EDX*4+254],ECX
0040604C |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
0040604F |. 81E2 FF000000 |AND EDX,0FF
00406055 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
00406058 |. C78490 840000>|MOV DWORD PTR DS:[EAX+EDX*4+84],0
00406063 |. EB 74 |JMP SHORT Ekd5.004060D9
00406065 |> 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
00406068 |. 33D2 |XOR EDX,EDX
0040606A |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1]
0040606D |. 8BCA |MOV ECX,EDX
0040606F |. 6BC9 24 |IMUL ECX,ECX,24
00406072 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00406078 |. E8 13CC0600 |CALL Ekd5.00472C90 返回被攻击武将的当前体力
0040607D |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00406080 |. 81E1 FF000000 |AND ECX,0FF
00406086 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00406089 |. 3B848A 840000>|CMP EAX,DWORD PTR DS:[EDX+ECX*4+84] 比较当前体力和伤害值
00406090 |. 73 1B |JNB SHORT Ekd5.004060AD 体力大于伤害则跳转
00406092 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
00406095 |. 33C9 |XOR ECX,ECX
00406097 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1]
0040609A |. 6BC9 24 |IMUL ECX,ECX,24
0040609D |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
004060A3 |. E8 E8CB0600 |CALL Ekd5.00472C90 获取当前体力
004060A8 |. 8945 EC |MOV DWORD PTR SS:[EBP-14],EAX
004060AB |. EB 16 |JMP SHORT Ekd5.004060C3
004060AD |> 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
004060B0 |. 81E2 FF000000 |AND EDX,0FF
004060B6 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
004060B9 |. 8B8C90 840000>|MOV ECX,DWORD PTR DS:[EAX+EDX*4+84]
004060C0 |. 894D EC |MOV DWORD PTR SS:[EBP-14],ECX
004060C3 |> 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
004060C6 |. 81E2 FF000000 |AND EDX,0FF
004060CC |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
004060CF |. 8B4D EC |MOV ECX,DWORD PTR SS:[EBP-14]
004060D2 |. 898C90 840000>|MOV DWORD PTR DS:[EAX+EDX*4+84],ECX 给伤害赋值
004060D9 |> 8A55 FC |MOV DL,BYTE PTR SS:[EBP-4]
004060DC |. 52 |PUSH EDX ; /Arg1
004060DD |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C] ; |
004060E0 |. E8 B6D6FFFF |CALL Ekd5.0040379B ; \Ekd5.0040379B 获取物理攻击所得经验
004060E5 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
004060E8 |. 3B81 28040000 |CMP EAX,DWORD PTR DS:[ECX+428]
004060EE |. 76 11 |JBE SHORT Ekd5.00406101
004060F0 |. 8A55 FC |MOV DL,BYTE PTR SS:[EBP-4]
004060F3 |. 52 |PUSH EDX ; /Arg1
004060F4 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C] ; |
004060F7 |. E8 9FD6FFFF |CALL Ekd5.0040379B ; \Ekd5.0040379B 获取物理攻击所得经验
004060FC |. 8945 E8 |MOV DWORD PTR SS:[EBP-18],EAX
004060FF |. EB 0C |JMP SHORT Ekd5.0040610D
00406101 |> 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
00406104 |. 8B88 28040000 |MOV ECX,DWORD PTR DS:[EAX+428]
0040610A |. 894D E8 |MOV DWORD PTR SS:[EBP-18],ECX
0040610D |> 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00406110 |. 8B45 E8 |MOV EAX,DWORD PTR SS:[EBP-18]
00406113 |. 8982 28040000 |MOV DWORD PTR DS:[EDX+428],EAX
00406119 |. 8A4D FC |MOV CL,BYTE PTR SS:[EBP-4]
0040611C |. 51 |PUSH ECX ; /Arg1
0040611D |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C] ; |
00406120 |. E8 58D8FFFF |CALL Ekd5.0040397D ; \Ekd5.0040397D 获取物理攻击所得武器经验
00406125 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00406128 |. 3B82 2C040000 |CMP EAX,DWORD PTR DS:[EDX+42C]
0040612E |. 76 11 |JBE SHORT Ekd5.00406141
00406130 |. 8A45 FC |MOV AL,BYTE PTR SS:[EBP-4]
00406133 |. 50 |PUSH EAX ; /Arg1
00406134 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C] ; |
00406137 |. E8 41D8FFFF |CALL Ekd5.0040397D ; \Ekd5.0040397D 获取物理攻击所得武器经验
0040613C |. 8945 E4 |MOV DWORD PTR SS:[EBP-1C],EAX
0040613F |. EB 0C |JMP SHORT Ekd5.0040614D
00406141 |> 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
00406144 |. 8B91 2C040000 |MOV EDX,DWORD PTR DS:[ECX+42C]
0040614A |. 8955 E4 |MOV DWORD PTR SS:[EBP-1C],EDX
0040614D |> 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
00406150 |. 8B4D E4 |MOV ECX,DWORD PTR SS:[EBP-1C]
00406153 |. 8988 2C040000 |MOV DWORD PTR DS:[EAX+42C],ECX
00406159 |. 8A55 FC |MOV DL,BYTE PTR SS:[EBP-4]
0040615C |. 52 |PUSH EDX ; /Arg1
0040615D |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C] ; |
00406160 |. E8 20D9FFFF |CALL Ekd5.00403A85 ; \Ekd5.00403A85 获取物理攻击所得防具经验
00406165 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00406168 |. 81E1 FF000000 |AND ECX,0FF
0040616E |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00406171 |. 89848A 300400>|MOV DWORD PTR DS:[EDX+ECX*4+430],EAX
00406178 |.^ E9 C0FCFFFF \JMP Ekd5.00405E3D 跳回循环开始处
0040617D |> 8BE5 MOV ESP,EBP
0040617F |. 5D POP EBP
00406180 \. C3 RETN
这个函数,总体上就是通过伤害计算函数得到伤害值,再判断是否致命,是否连击和是否被防致命防连击。还有是否有用MP来防御伤害的。
最后就是攻击产生的经验和武器经验,防具经验的计算。
这个函数由于代码过长,我这次分析得还比较粗线条,下次有空再仔细分析下,看那么长的汇编代码会头晕的-_-.
作者:
岱瀛 时间: 2007-1-20 17:15
伤害计算函数
0043BC4B
这个函数是计算伤害值的,不仅在攻击这里有调用到,总共四处地方调用该处:
405EB4 真正的打斗是这里调用
00405EA7 |. 51 |PUSH ECX
00405EA8 |. 6A 01 |PUSH 1
00405EAA |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
00405EAD |. 52 |PUSH EDX
00405EAE |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
00405EB1 |. 8B48 0C |MOV ECX,DWORD PTR DS:[EAX+C]
00405EB4 |. E8 925D0300 |CALL Ekd5.0043BC4B
438ABF AI,电脑AI以本计算为依据
00438AB1 |. 6A 00 PUSH 0 ; /Arg3 = 00000000
00438AB3 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
00438AB5 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; |
00438AB8 |. 50 PUSH EAX ; |Arg1
00438AB9 |. 8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98] ; |
00438ABF |. E8 87310000 CALL Ekd5.0043BC4B ; \Ekd5.0043BC4B
438EB8 这个未知
00438E9E |. 6A 00 |PUSH 0
00438EA0 |. 6A 00 |PUSH 0
00438EA2 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
00438EA5 |. 50 |PUSH EAX
00438EA6 |. 8B4D 14 |MOV ECX,DWORD PTR SS:[EBP+14]
00438EA9 |. 81E1 FF000000 |AND ECX,0FF
00438EAF |. 6BC9 24 |IMUL ECX,ECX,24
00438EB2 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00438EB8 |. E8 8E2D0000 |CALL Ekd5.0043BC4B
4406AB 鼠标移动过去,显示攻击伤害时要调用到的
00440691 |> \6A 00 PUSH 0
00440693 |. 6A 00 PUSH 0
00440695 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
00440698 |. 50 PUSH EAX
00440699 |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
0044069C |. 81E1 FF000000 AND ECX,0FF
004406A2 |. 6BC9 24 IMUL ECX,ECX,24
004406A5 |. 81C1 502C4B00 ADD ECX,Ekd5.004B2C50
004406AB |. E8 9BB5FFFF CALL Ekd5大白.0043BC4B
可以看出,本函数属于比较核心的函数。
几个传入参数(三个参数一个Ecx值)
获取攻击武将(ecx值)对被攻击武将(栈值)的物理攻击伤害,10栈为是否反击,0C栈为是否实际值,是则考虑是否命中和随机数
下面是该函数的局部变量
[EBP-4] 掌管着伤害值
[EBP-2C] 为攻击武将号
[EBP-C] 攻击武将的地形加成
[EBP-20] 攻击方武将的攻击力*地形加成的结果值
[EBP-30] 攻击武将的职业
[EBP-24] 为被攻击武将号
[EBP-1C] 被攻击战场武将编号
[EBP-18] 被攻击武将的地形加成
[EBP-14] 被攻击武将的职业
[EBP-10] 被攻击武将的防御力*地形加成的结果
[EBP-8] ???
[EBP-28] 存放一0~6的随机数
[EBP-3C] ???
0043BC4B /$ 55 PUSH EBP
0043BC4C |. 8BEC MOV EBP,ESP
0043BC4E |. 83EC 3C SUB ESP,3C
0043BC51 |. 894D D4 MOV DWORD PTR SS:[EBP-2C],ECX
0043BC54 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0043BC57 |. 50 PUSH EAX
0043BC58 |. E8 2002FDFF CALL Ekd5.0040BE7D //获取被攻击武将的data编号
0043BC5D |. 83C4 04 ADD ESP,4
0043BC60 |. 50 PUSH EAX
0043BC61 |. E8 70280000 CALL Ekd5.0043E4D6 //获取被攻击武将的战场编号
0043BC66 |. 83C4 04 ADD ESP,4
0043BC69 |. 8845 E4 MOV BYTE PTR SS:[EBP-1C],AL
0043BC6C |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
0043BC6F |. 81E1 FF000000 AND ECX,0FF
0043BC75 |. 81F9 FF000000 CMP ECX,0FF
0043BC7B |. 75 07 JNZ SHORT Ekd5.0043BC84
0043BC7D |. 33C0 XOR EAX,EAX
0043BC7F |. E9 0C030000 JMP Ekd5.0043BF90 退出
0043BC84 |> 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
0043BC87 |. 81E2 FF000000 AND EDX,0FF
0043BC8D |. 6BD2 24 IMUL EDX,EDX,24
0043BC90 |. 81C2 502C4B00 ADD EDX,Ekd5.004B2C50
0043BC96 |. 8955 DC MOV DWORD PTR SS:[EBP-24],EDX
0043BC99 |. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
0043BC9C |. E8 AC3B0000 CALL Ekd5.0043F84D //获取攻击武将在当前地形的攻防加成
0043BCA1 |. 8845 F4 MOV BYTE PTR SS:[EBP-C],AL
0043BCA4 |. 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24]
0043BCA7 |. E8 A13B0000 CALL Ekd5.0043F84D // 获取被攻击武将在当前地形的攻防加成
0043BCAC |. 8845 E8 MOV BYTE PTR SS:[EBP-18],AL
0043BCAF |. 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24]
0043BCB2 |. E8 B9F7FFFF CALL Ekd5.0043B470 // 获取被攻击方的职业
0043BCB7 |. 8845 EC MOV BYTE PTR SS:[EBP-14],AL
0043BCBA |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0043BCC1 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
0043BCC8 |. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
0043BCCB |. E8 2E380000 CALL Ekd5.0043F4FE //返回攻击武将的攻击力
0043BCD0 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0043BCD3 |. 81E1 FF000000 AND ECX,0FF
0043BCD9 |. 0FAFC1 IMUL EAX,ECX 攻击力乘以地形加成
0043BCDC |. 33D2 XOR EDX,EDX
0043BCDE |. B9 0A000000 MOV ECX,0A
0043BCE3 |. F7F1 DIV ECX 除以10 (地形加成在DATA里的值是整数的)
0043BCE5 |. 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX
0043BCE8 |. 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24]
0043BCEB |. E8 A5380000 CALL Ekd5.0043F595 //返回被攻击武将的防御力
0043BCF0 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
0043BCF3 |. 81E2 FF000000 AND EDX,0FF
0043BCF9 |. 0FAFC2 IMUL EAX,EDX
0043BCFC |. 33D2 XOR EDX,EDX
0043BCFE |. B9 0A000000 MOV ECX,0A
0043BD03 |. F7F1 DIV ECX
0043BD05 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
0043BD08 |. 837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
0043BD0C |. 74 1E JE SHORT Ekd5.0043BD2C 如果等于0,跳转
0043BD0E |. 68 FF000000 PUSH 0FF
0043BD13 |. 6A 01 PUSH 1 (为1,表示计算攻击命中率)
0043BD15 |. 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24]
0043BD18 |. 52 PUSH EDX
0043BD19 |. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
0043BD1C |. E8 8FF7FFFF CALL Ekd5.0043B4B0 与攻击命中率有关(08栈是被攻击武将,ecx是攻击武将)
0043BD21 |. 85C0 TEST EAX,EAX
0043BD23 |. 75 07 JNZ SHORT Ekd5.0043BD2C 不为0,跳转(攻击没有被格档,攻击被格档则跳转)
0043BD25 |. 33C0 XOR EAX,EAX
0043BD27 |. E9 64020000 JMP Ekd5.0043BF90 退出 没有命中率
0043BD2C |> 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
0043BD2F |. E8 BC260000 CALL Ekd5.0043E3F0 //获取攻击武将的等级
0043BD34 |. 25 FF000000 AND EAX,0FF
0043BD39 |. 83C0 19 ADD EAX,19
0043BD3C |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0043BD3F |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
0043BD42 |. 3B45 F0 CMP EAX,DWORD PTR SS:[EBP-10]
0043BD45 |. 72 12 JB SHORT Ekd5.0043BD59 (如果攻击力小于防御力就跳转)
0043BD47 |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20]
0043BD4A |. 2B4D F0 SUB ECX,DWORD PTR SS:[EBP-10]
0043BD4D |. D1E9 SHR ECX,1
0043BD4F |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0043BD52 |. 03D1 ADD EDX,ECX
0043BD54 |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
0043BD57 |. EB 25 JMP SHORT Ekd5.0043BD7E
0043BD59 |> 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0043BD5C |. 2B45 E0 SUB EAX,DWORD PTR SS:[EBP-20]
0043BD5F |. D1E8 SHR EAX,1
0043BD61 |. 50 PUSH EAX
0043BD62 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0043BD65 |. 51 PUSH ECX
0043BD66 |. E8 333D0400 CALL Ekd5.0047FA9E 返回08栈减0C栈得到的值,负值归0
0043BD6B |. 83C4 08 ADD ESP,8
0043BD6E |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0043BD71 |. 837D FC 00 CMP DWORD PTR SS:[EBP-4],0
0043BD75 |. 75 07 JNZ SHORT Ekd5.0043BD7E
0043BD77 |. C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
0043BD7E |> 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
0043BD81 |. E8 EAF6FFFF CALL Ekd5.0043B470 //获取攻击方的职业
0043BD86 |. 25 FF000000 AND EAX,0FF
0043BD8B |. 8945 D0 MOV DWORD PTR SS:[EBP-30],EAX
0043BD8E |. 8B55 D0 MOV EDX,DWORD PTR SS:[EBP-30]
0043BD91 |. 83EA 01 SUB EDX,1
0043BD94 |. 8955 D0 MOV DWORD PTR SS:[EBP-30],EDX
0043BD97 |. 837D D0 04 CMP DWORD PTR SS:[EBP-30],4
0043BD9B |. 0F87 F7000000 JA Ekd5.0043BE98
0043BDA1 |. 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-30]
0043BDA4 |. FF2485 96BF43>JMP DWORD PTR DS:[EAX*4+43BF96] 下面是个跳转表
0043BF96 . 35BE4300 DD Ekd5大白.0043BE35 01步兵
0043BF9A . ABBD4300 DD Ekd5大白.0043BDAB 02弓兵
0043BF9E . 98BE4300 DD Ekd5大白.0043BE98 3与大于4一样处理 03骑兵
0043BFA2 . ABBD4300 DD Ekd5大白.0043BDAB 04弓骑兵
0043BFA6 . \ABBD4300 DD Ekd5大白.0043BDAB 05炮兵
弓兵,弓骑兵,炮兵都跳转到这里:
0043BDAB |> 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043BDAE |. 81E1 FF000000 AND ECX,0FF
0043BDB4 . 83F9 03 CMP ECX,3 3,骑兵受到150%的远程伤害
0043BDB7 |. 74 1B JE SHORT Ekd5.0043BDD4
0043BDB9 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
0043BDBC |. 81E2 FF000000 AND EDX,0FF
0043BDC2 . 83FA 11 CMP EDX,11 11,训虎受到150%的远程伤害
0043BDC5 |. 74 0D JE SHORT Ekd5.0043BDD4
0043BDC7 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
0043BDCA |. 25 FF000000 AND EAX,0FF
0043BDCF |. 83F8 10 CMP EAX,10 10, 训雄受到150%的远程伤害
0043BDD2 |. 75 0B JNZ SHORT Ekd5.0043BDDF
0043BDD4 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0043BDD7 |. 6BC9 03 IMUL ECX,ECX,3
0043BDDA |. D1E9 SHR ECX,1
0043BDDC |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX //伤害计算 先乘以3,再右移动一位(处以2)
0043BDDF |> 6A 3D PUSH 3D 3D减轻远距损伤的特殊效果代号
0043BDE1 |. 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24]
0043BDE4 |. E8 87380200 CALL Ekd5.0045F670 获取被攻击武将的data编号
0043BDE9 |. 8BC8 MOV ECX,EAX
0043BDEB |. 6BC9 48 IMUL ECX,ECX,48
0043BDEE |. 81C1 681B4A00 ADD ECX,Ekd5.004A1B68
0043BDF4 |. E8 10BCFCFF CALL Ekd5.00407A09 检测被攻击武将是否装备减轻远距损伤的特殊道具
0043BDF9 |. 85C0 TEST EAX,EAX
0043BDFB |. 74 36 JE SHORT Ekd5.0043BE33
0043BDFD |. 6A 3D PUSH 3D 减轻远距损伤
0043BDFF |. 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24]
0043BE02 . E8 69380200 CALL Ekd5.0045F670 获取被攻击武将的data编号
0043BE07 |. 8BC8 MOV ECX,EAX
0043BE09 |. 6BC9 48 IMUL ECX,ECX,48
0043BE0C |. 81C1 681B4A00 ADD ECX,Ekd5.004A1B68
0043BE12 . E8 DBBCFCFF CALL Ekd5.00407AF2 ; \Ekd5. 获取被武将减轻远距损伤的特殊道具的特殊效果值
0043BE17 |. 25 FF000000 AND EAX,0FF
0043BE1C |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0043BE1F |. 0FAFC2 IMUL EAX,EDX
0043BE22 |. 33D2 XOR EDX,EDX
0043BE24 |. B9 64000000 MOV ECX,64
0043BE29 |. F7F1 DIV ECX
0043BE2B |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0043BE2E |. 2BD0 SUB EDX,EAX
0043BE30 |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
0043BE33 |> EB 63 JMP SHORT Ekd5.0043BE98
步兵跳转到这里:
0043BE35 |> 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
0043BE38 |. 25 FF000000 AND EAX,0FF
0043BE3D |. 83F8 03 CMP EAX,3 3表示骑兵只受到步兵60%的伤害
0043BE40 |. 75 2F JNZ SHORT Ekd5.0043BE71 不是骑兵则跳转
0043BE42 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0043BE45 |. 6BC0 03 IMUL EAX,EAX,3
0043BE48 |. 33D2 XOR EDX,EDX
0043BE4A |. B9 05000000 MOV ECX,5
0043BE4F |. F7F1 DIV ECX 乘以3除以5----------------------------60%
0043BE51 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0043BE54 |. 837D FC 00 CMP DWORD PTR SS:[EBP-4],0
0043BE58 |. 75 09 JNZ SHORT Ekd5.0043BE63
0043BE5A |. C745 CC 01000>MOV DWORD PTR SS:[EBP-34],1 如果等于0,则设置为---------------1%
0043BE61 |. EB 06 JMP SHORT Ekd5.0043BE69
0043BE63 |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0043BE66 |. 8955 CC MOV DWORD PTR SS:[EBP-34],EDX
0043BE69 |> 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34]
0043BE6C |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0043BE6F |. EB 27 JMP SHORT Ekd5.0043BE98
0043BE71 |> 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043BE74 |. 81E1 FF000000 AND ECX,0FF
0043BE7A |. 83F9 02 CMP ECX,2 02弓兵受到步兵150%的伤害
0043BE7D |. 74 0E JE SHORT Ekd5.0043BE8D 相等,是弓兵,跳转
0043BE7F |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
0043BE82 |. 81E2 FF000000 AND EDX,0FF
0043BE88 |. 83FA 05 CMP EDX,5 05炮兵受到步兵150%的伤害
0043BE8B |. 75 0B JNZ SHORT Ekd5.0043BE98 不相等,不是炮兵,跳转
0043BE8D |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0043BE90 |. 6BC0 03 IMUL EAX,EAX,3
0043BE93 |. D1E8 SHR EAX,1
0043BE95 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0043BE98 |> 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043BE9B |. 81E1 FF000000 AND ECX,0FF
0043BEA1 |. 83F9 03 CMP ECX,3
0043BEA4 |. 75 4A JNZ SHORT Ekd5.0043BEF0 如果被攻击不是骑兵跳转
0043BEA6 |. 6A 2D PUSH 2D 2D-骑马攻击
0043BEA8 |. 8B55 D4 MOV EDX,DWORD PTR SS:[EBP-2C]
0043BEAB |. 8B0A MOV ECX,DWORD PTR DS:[EDX]
0043BEAD |. 6BC9 48 IMUL ECX,ECX,48
0043BEB0 |. 81C1 681B4A00 ADD ECX,Ekd5.004A1B68
0043BEB6 |. E8 4EBBFCFF CALL Ekd5.00407A09 检测攻击武将是否装备骑马攻击的特殊道具
0043BEBB |. 85C0 TEST EAX,EAX
0043BEBD |. 74 31 JE SHORT Ekd5.0043BEF0
0043BEBF |. 6A 2D PUSH 2D 2D-骑马攻击
0043BEC1 |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
0043BEC4 |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
0043BEC6 |. 6BC9 48 IMUL ECX,ECX,48
0043BEC9 |. 81C1 681B4A00 ADD ECX,Ekd5.004A1B68
0043BECF |. E8 1EBCFCFF CALL Ekd5.00407AF2 获取攻击武将装备骑马攻击道具的特殊效果值
0043BED4 |. 25 FF000000 AND EAX,0FF
0043BED9 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] 把Data的效果值弄进来
0043BEDC |. 0FAFC1 IMUL EAX,ECX 乘以效果值
0043BEDF |. 33D2 XOR EDX,EDX
0043BEE1 |. B9 64000000 MOV ECX,64
0043BEE6 |. F7F1 DIV ECX 除以100
0043BEE8 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0043BEEB |. 03D0 ADD EDX,EAX
0043BEED |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX 加上原来的
0043BEF0 |> 837D 10 00 CMP DWORD PTR SS:[EBP+10],0 判断第三个参数0还是1
0043BEF4 |. 74 29 JE SHORT Ekd5.0043BF1F 如果是0跳转 (反击就是75%就是1)
0043BEF6 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0043BEF9 |. 6BC0 03 IMUL EAX,EAX,3
0043BEFC |. C1E8 02 SHR EAX,2 乘以3除以4
0043BEFF |. 83F8 01 CMP EAX,1
0043BF02 |. 73 09 JNB SHORT Ekd5.0043BF0D 不小于等于1则转移
0043BF04 |. C745 C8 01000>MOV DWORD PTR SS:[EBP-38],1 若小于1则设置为1 --------1%
0043BF0B |. EB 0C JMP SHORT Ekd5.0043BF19
0043BF0D |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] 又是乘以3除以4
0043BF10 |. 6BC9 03 IMUL ECX,ECX,3
0043BF13 |. C1E9 02 SHR ECX,2
0043BF16 |. 894D C8 MOV DWORD PTR SS:[EBP-38],ECX
0043BF19 |> 8B55 C8 MOV EDX,DWORD PTR SS:[EBP-38]
0043BF1C |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
0043BF1F |> 837D 0C 00 CMP DWORD PTR SS:[EBP+C],0 判断第二个参数是0还是1(真正攻击伤害的时候是1)
0043BF23 |. 74 50 JE SHORT Ekd5.0043BF75
0043BF25 |. 6A 07 PUSH 7
0043BF27 |. E8 E73B0400 CALL Ekd5.0047FB13 生成0到6的随机数
0043BF2C |. 83C4 04 ADD ESP,4
0043BF2F |. 8945 D8 MOV DWORD PTR SS:[EBP-28],EAX
0043BF32 |. 837D D8 02 CMP DWORD PTR SS:[EBP-28],2
0043BF36 |. 76 0F JBE SHORT Ekd5.0043BF47 若随机数小于等于2则跳转
0043BF38 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
0043BF3B |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0043BF3E |. 8D5401 FE LEA EDX,DWORD PTR DS:[ECX+EAX-2]
0043BF42 |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
0043BF45 |. EB 2E JMP SHORT Ekd5.0043BF75
0043BF47 |> 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
0043BF4A |. 50 PUSH EAX
0043BF4B |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0043BF4E |. 51 PUSH ECX
0043BF4F |. E8 4A3B0400 CALL Ekd5.0047FA9E 返回08栈减0C栈得到的值,负值归0
0043BF54 |. 83C4 08 ADD ESP,8
0043BF57 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX ([EBP-4] = [EBP-4] – [EBP-28] 负值归0)
0043BF5A |. 837D FC 00 CMP DWORD PTR SS:[EBP-4],0
0043BF5E |. 75 09 JNZ SHORT Ekd5.0043BF69 不为0,转移
0043BF60 |. C745 C4 01000>MOV DWORD PTR SS:[EBP-3C],1 为0,变量[EPP-3C] 标记1,重新标记为1
0043BF67 |. EB 06 JMP SHORT Ekd5.0043BF6F
0043BF69 |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0043BF6C |. 8955 C4 MOV DWORD PTR SS:[EBP-3C],EDX
0043BF6F |> 8B45 C4 MOV EAX,DWORD PTR SS:[EBP-3C]
0043BF72 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX 变为1
0043BF75 |> 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24]
0043BF78 . E8 136D0300 CALL Ekd5.00472C90 返回武将ecx的当前体力
0043BF7D |. 3945 FC CMP DWORD PTR SS:[EBP-4],EAX
0043BF80 . 76 0B JBE SHORT Ekd5.0043BF8D EAX小于等于则转移(返回的是EBP-4变量的值)
0043BF82 |. 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24]
0043BF85 . E8 066D0300 CALL Ekd5.00472C90 返回武将ecx的当前体力
0043BF8A |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX //返回当前体力值
0043BF8D |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0043BF90 |> 8BE5 MOV ESP,EBP
0043BF92 |. 5D POP EBP
0043BF93 \. C2 0C00 RETN 0C
//本函数,其实就是针对攻击方和被攻击方的攻击力防御力计算伤害值,还调用了一个计算命中率的函数.
//由于伤害设计兵种相克,防御远程攻击和骑马攻击两种特殊属性的计算,所以也写在了这个函数里面
//AI的选择也是根据这个函数出的结果为依据的.
[ 本帖最后由 岱瀛 于 2007-1-21 13:18 编辑 ]
作者:
岱瀛 时间: 2007-1-21 14:53
攻击动作函数
00405744
传入参数:
Ecx 是 攻击武将的Ecx值
局部变量
[EBP-D8] 保存攻击武将的Ecx值
00405744 /$ 55 PUSH EBP
00405745 |. 8BEC MOV EBP,ESP
00405747 |. 81EC D8000000 SUB ESP,0D8
0040574D |. 898D 28FFFFFF MOV DWORD PTR SS:[EBP-D8],ECX
00405753 |. 8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]
00405759 |. 8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
0040575F |. 8A51 10 MOV DL,BYTE PTR DS:[ECX+10]
00405762 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
00405765 |. 8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
0040576B |. E8 1FE4FFFF CALL Ekd5.00403B8F ; 里面加载ATK图了
00405770 |. 8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]
00405776 |. 33C9 XOR ECX,ECX
00405778 |. 8A48 01 MOV CL,BYTE PTR DS:[EAX+1]
0040577B |. 6BC9 24 IMUL ECX,ECX,24
0040577E |. 81C1 502C4B00 ADD ECX,Ekd5.004B2C50
00405784 |. E8 978B0300 CALL Ekd5.0043E320 获取攻击武将的朝向(这个时候武将的朝向已经变了,而看到的不一样)
00405789 |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
0040578C |. 8B95 28FFFFFF MOV EDX,DWORD PTR SS:[EBP-D8]
00405792 |. 8A02 MOV AL,BYTE PTR DS:[EDX]
00405794 |. 50 PUSH EAX ; /Arg2
00405795 |. 8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8] ; |
0040579B |. 8A51 01 MOV DL,BYTE PTR DS:[ECX+1] ; |
0040579E |. 52 PUSH EDX ; |Arg1
0040579F |. E8 85000300 CALL Ekd5.00435829 ; \Ekd5.00435829
004057A4 |. 83C4 08 ADD ESP,8
004057A7 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
004057A9 |. 8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8] ; |
004057AF |. E8 D1E5FFFF CALL Ekd5.00403D85 ; \Ekd5.00403D85 里面加载了SPC图
004057B4 |. 8A45 FC MOV AL,BYTE PTR SS:[EBP-4]
004057B7 |. 50 PUSH EAX ; /Arg1
004057B8 |. 8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8] ; |
004057BE |. 33D2 XOR EDX,EDX ; |
004057C0 |. 8A51 01 MOV DL,BYTE PTR DS:[ECX+1] ; |
004057C3 |. 8BCA MOV ECX,EDX ; |
004057C5 |. 6BC9 24 IMUL ECX,ECX,24 ; |
004057C8 |. 81C1 502C4B00 ADD ECX,Ekd5.004B2C50 ; |
004057CE |. E8 9D0E0000 CALL Ekd5.00406670 ; \Ekd5.00406670 设置攻击武将朝向为08栈
004057D3 |. 68 FF000000 PUSH 0FF ; /Arg2 = 000000FF
004057D8 |. 8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8] ; |
004057DE |. 8A48 01 MOV CL,BYTE PTR DS:[EAX+1] ; |
004057E1 |. 51 PUSH ECX ; |Arg1
004057E2 |. E8 42000300 CALL Ekd5.00435829 ; \Ekd5.00435829
004057E7 |. 83C4 08 ADD ESP,8
004057EA |. 8B95 28FFFFFF MOV EDX,DWORD PTR SS:[EBP-D8]
004057F0 |. 8B4A 0C MOV ECX,DWORD PTR DS:[EDX+C]
004057F3 |. E8 68DBFFFF CALL Ekd5.00403360 //纯粹看代码里是把Ecx压栈然后再+6返回,但是没分析为什么要这样做
004057F8 |. 66:8B00 MOV AX,WORD PTR DS:[EAX]
004057FB |. 66:8945 F8 MOV WORD PTR SS:[EBP-8],AX
004057FF |. 8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
00405805 |. 8A51 01 MOV DL,BYTE PTR DS:[ECX+1]
00405808 |. 52 PUSH EDX ; /Arg3
00405809 |. 8A45 F9 MOV AL,BYTE PTR SS:[EBP-7] ; |
0040580C |. 50 PUSH EAX ; |Arg2
0040580D |. 8A4D F8 MOV CL,BYTE PTR SS:[EBP-8] ; |
00405810 |. 51 PUSH ECX ; |Arg1
00405811 |. B9 50424B00 MOV ECX,Ekd5.004B4250 ; |
00405816 |. E8 08F90400 CALL Ekd5.00455123 ; \Ekd5.00455123 重画武将形象,把朝向弄好。
0040581B |. 8B95 28FFFFFF MOV EDX,DWORD PTR SS:[EBP-D8]
00405821 |. 83BA 04060000>CMP DWORD PTR DS:[EDX+604],0 //判断是否发生致命一击
00405828 |. 74 50 JE SHORT Ekd5.0040587A
0040582A |. 6A 19 PUSH 19 ; /Arg1 = 00000019
0040582C |. E8 01A30700 CALL Ekd5.0047FB32 ; \Ekd5.0047FB32 25%概率的事件是否发生
00405831 |. 83C4 04 ADD ESP,4
00405834 |. 85C0 TEST EAX,EAX
00405836 |. 74 42 JE SHORT Ekd5.0040587A //概率没有发生,结束, 发生则说出致命一击的台词
00405838 |. 8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]
0040583E |. 8B48 04 MOV ECX,DWORD PTR DS:[EAX+4]
00405841 |. 51 PUSH ECX ; /Arg2
00405842 |. 8D95 2CFFFFFF LEA EDX,DWORD PTR SS:[EBP-D4] ; |
00405848 |. 52 PUSH EDX ; |Arg1
00405849 |. E8 E1670000 CALL Ekd5.0040C02F ; \Ekd5.0040C02F
0040584E |. 83C4 08 ADD ESP,8
00405851 |. 8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]
00405857 |. 8B48 0C MOV ECX,DWORD PTR DS:[EAX+C]
0040585A |. E8 6AA40300 CALL Ekd5.0043FCC9
0040585F |. 8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
00405865 |. 8B51 04 MOV EDX,DWORD PTR DS:[ECX+4]
00405868 |. 52 PUSH EDX ; /Arg2
00405869 |. 8D85 2CFFFFFF LEA EAX,DWORD PTR SS:[EBP-D4] ; |
0040586F |. 50 PUSH EAX ; |Arg1
00405870 |. B9 F05D4B00 MOV ECX,Ekd5.004B5DF0 ; |
00405875 |. E8 E33D0500 CALL Ekd5.0045965D ; \Ekd5.0045965D
0040587A |> 8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
00405880 |. E8 64ECFFFF CALL Ekd5.004044E9 //画面显示函数
00405885 |. 8BE5 MOV ESP,EBP
00405887 |. 5D POP EBP
00405888 \. C3 RETN
//本函数,进行了一些画面处理,比如武将的转向和致命一击台词。然后调用了攻击过程全动作的函数,分析比较粗,调用到的几个函数还没有仔细分析,
//还有几个朝向问题,数字朝向有点奇怪。
[ 本帖最后由 岱瀛 于 2007-1-21 15:11 编辑 ]
作者:
岱瀛 时间: 2007-1-21 14:55
攻击画面函数
004044E9函数
又是一个万恶的恐怖函数
建议先看我最后用C翻译的结果,对于反汇编过长的函数,我一般都是先从代码结构上,从总体上把握,直接自己翻译成C代码,然后再分段的研究,直接上千行万行的汇编看下去,人会崩溃的.不过翻译过程其实也不简单,我个人比较熟悉和喜欢C/C++,也简单了解过C和汇编转换的一般对应关系,所以就翻译成C了.象小笨那种喜欢pascal的,估计就自己翻成pascal容易看点.
004044E9 /$ 55 PUSH EBP
004044EA |. 8BEC MOV EBP,ESP
004044EC |. B8 38100000 MOV EAX,1038
004044F1 |. E8 6ACC0700 CALL Ekd5.00481160
004044F6 |. 56 PUSH ESI
004044F7 |. 898D CCEFFFFF MOV DWORD PTR SS:[EBP-1034],ECX
004044FD |. 8B85 CCEFFFFF MOV EAX,DWORD PTR SS:[EBP-1034]
00404503 |. 8B48 0C MOV ECX,DWORD PTR DS:[EAX+C]
00404506 |. E8 55EEFFFF CALL Ekd5.00403360 //纯粹看代码里是把Ecx压栈然后再+6返回,但是没分析为什么要这样做
0040450B |. 66:8B08 MOV CX,WORD PTR DS:[EAX]
0040450E |. 66:898D E8EFF>MOV WORD PTR SS:[EBP-1018],CX
00404515 |. 8B95 CCEFFFFF MOV EDX,DWORD PTR SS:[EBP-1034]
0040451B |. 33C0 XOR EAX,EAX
0040451D |. 8A42 01 MOV AL,BYTE PTR DS:[EDX+1]
00404520 |. 8BC8 MOV ECX,EAX
00404522 |. 6BC9 24 IMUL ECX,ECX,24
00404525 |. 81C1 502C4B00 ADD ECX,Ekd5.004B2C50
0040452B |. E8 30EEFFFF CALL Ekd5.00403360 //纯粹看代码里是把Ecx压栈然后再+6返回,但是没分析为什么要这样做
00404530 |. 66:8B08 MOV CX,WORD PTR DS:[EAX]
00404533 |. 66:898D E0EFF>MOV WORD PTR SS:[EBP-1020],CX
0040453A |. 8BB5 E8EFFFFF MOV ESI,DWORD PTR SS:[EBP-1018]
00404540 |. 81E6 FF000000 AND ESI,0FF
00404546 |. B9 50424B00 MOV ECX,Ekd5.004B4250
0040454B |. E8 43D50400 CALL Ekd5.00451A93 //纯粹看代码,是把Ecx压栈后,取Ecx+4所指的内存地址的值返回
00404550 |. 99 CDQ
00404551 |. B9 30000000 MOV ECX,30
00404556 |. F7F9 IDIV ECX
00404558 |. 2BF0 SUB ESI,EAX
0040455A |. 89B5 F4EFFFFF MOV DWORD PTR SS:[EBP-100C],ESI
00404560 |. 8BB5 E9EFFFFF MOV ESI,DWORD PTR SS:[EBP-1017]
00404566 |. 81E6 FF000000 AND ESI,0FF
0040456C |. B9 50424B00 MOV ECX,Ekd5.004B4250
00404571 |. E8 2ED50400 CALL Ekd5.00451AA4 //纯粹看代码,是把Ecx压栈后,取Ecx+8所指的内存地址的值返回
00404576 |. 99 CDQ
00404577 |. B9 30000000 MOV ECX,30
0040457C |. F7F9 IDIV ECX
0040457E |. 2BF0 SUB ESI,EAX
00404580 |. 89B5 ECEFFFFF MOV DWORD PTR SS:[EBP-1014],ESI
00404586 |. 8BB5 E0EFFFFF MOV ESI,DWORD PTR SS:[EBP-1020]
0040458C |. 81E6 FF000000 AND ESI,0FF
00404592 |. B9 50424B00 MOV ECX,Ekd5.004B4250
00404597 |. E8 F7D40400 CALL Ekd5.00451A93 //纯粹看代码,是把Ecx压栈后,取Ecx+4所指的内存地址的值返回
0040459C |. 99 CDQ
0040459D |. B9 30000000 MOV ECX,30
004045A2 |. F7F9 IDIV ECX
004045A4 |. 2BF0 SUB ESI,EAX
004045A6 |. 89B5 F8EFFFFF MOV DWORD PTR SS:[EBP-1008],ESI
004045AC |. 8BB5 E1EFFFFF MOV ESI,DWORD PTR SS:[EBP-101F]
004045B2 |. 81E6 FF000000 AND ESI,0FF
004045B8 |. B9 50424B00 MOV ECX,Ekd5.004B4250
004045BD |. E8 E2D40400 CALL Ekd5.00451AA4 //纯粹看代码,是把Ecx压栈后,取Ecx+8所指的内存地址的值返回
004045C2 |. 99 CDQ
004045C3 |. B9 30000000 MOV ECX,30
004045C8 |. F7F9 IDIV ECX
004045CA |. 2BF0 SUB ESI,EAX
004045CC |. 89B5 FCEFFFFF MOV DWORD PTR SS:[EBP-1004],ESI
004045D2 |. 8B95 F4EFFFFF MOV EDX,DWORD PTR SS:[EBP-100C]
004045D8 |. 6BD2 30 IMUL EDX,EDX,30
004045DB |. 8995 DCEFFFFF MOV DWORD PTR SS:[EBP-1024],EDX
004045E1 |. 8B85 ECEFFFFF MOV EAX,DWORD PTR SS:[EBP-1014]
004045E7 |. 6BC0 30 IMUL EAX,EAX,30
004045EA |. 83C0 38 ADD EAX,38
004045ED |. 8985 D8EFFFFF MOV DWORD PTR SS:[EBP-1028],EAX
004045F3 |. 8B8D F8EFFFFF MOV ECX,DWORD PTR SS:[EBP-1008]
004045F9 |. 6BC9 30 IMUL ECX,ECX,30
004045FC |. 898D D4EFFFFF MOV DWORD PTR SS:[EBP-102C],ECX
00404602 |. 8B95 FCEFFFFF MOV EDX,DWORD PTR SS:[EBP-1004]
00404608 |. 6BD2 30 IMUL EDX,EDX,30
0040460B |. 83C2 38 ADD EDX,38
0040460E |. 8995 D0EFFFFF MOV DWORD PTR SS:[EBP-1030],EDX
00404614 |. C785 F0EFFFFF>MOV DWORD PTR SS:[EBP-1010],0
0040461E |. EB 0F JMP SHORT Ekd5.0040462F
00404620 |> 8B85 F0EFFFFF /MOV EAX,DWORD PTR SS:[EBP-1010]
00404626 |. 83C0 01 |ADD EAX,1
00404629 |. 8985 F0EFFFFF |MOV DWORD PTR SS:[EBP-1010],EAX
0040462F |> 83BD F0EFFFFF> CMP DWORD PTR SS:[EBP-1010],1B
循环了27次,中间有空,也就是攻击的过程不会一闪而过,曹操传里的图都是4针,要做八针的攻击效果图,就必须在这做文章了
00404636 |. 0F83 C1100000 |JNB Ekd5.004056FD (if (变量>27) goto 结束 )
0040463C |. 8B8D F0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1010]
00404642 |. 898D C8EFFFFF |MOV DWORD PTR SS:[EBP-1038],ECX
00404648 |. 83BD C8EFFFFF>|CMP DWORD PTR SS:[EBP-1038],19
0040464F |. 0F87 92100000 |JA Ekd5.004056E7 (if (变量>25) goto 4056E7循环点)
00404655 |. 8B85 C8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1038]
0040465B |. 33D2 |XOR EDX,EDX
0040465D |. 8A90 2A574000 |MOV DL,BYTE PTR DS:[EAX+40572A]
0040572A . 00 DB 00 ; 分支 00405702 索引表
0040572B . 09 DB 09
0040572C . 01 DB 01
0040572D . 09 DB 09
0040572E . 09 DB 09
0040572F . 09 DB 09
00405730 . 09 DB 09
00405731 . 09 DB 09
00405732 . 02 DB 02
00405733 . 09 DB 09
00405734 . 09 DB 09
00405735 . 09 DB 09
00405736 . 03 DB 03
00405737 . 04 DB 04
00405738 . 05 DB 05
00405739 . 06 DB 06
0040573A . 09 DB 09
0040573B . 07 DB 07
0040573C . 09 DB 09
0040573D . 09 DB 09
0040573E . 09 DB 09
0040573F . 09 DB 09
00405740 . 09 DB 09
00405741 . 09 DB 09
00405742 . 09 DB 09
00405743 . 08 DB 08
00404663 |. FF2495 025740>|JMP DWORD PTR DS:[EDX*4+405702] 跳转的计算
00405702 . \6A464000 DD Ekd5.0040466A ; 分支表 被用于 00404663
00405706 . 08484000 DD Ekd5.00404808
0040570A . 31494000 DD Ekd5.00404931
0040570E . BC4C4000 DD Ekd5.00404CBC
00405712 . 964D4000 DD Ekd5.00404D96
00405716 . FA4F4000 DD Ekd5.00404FFA
0040571A . 2C524000 DD Ekd5.0040522C
0040571E . 5F534000 DD Ekd5.0040535F
00405722 . 4A554000 DD Ekd5.0040554A
00405726 . E7564000 DD Ekd5.004056E7
0040466A |> E8 6C9F0100 |CALL Ekd5.0041E5DB
0040466F |. 8B8D ECEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1014]
00404675 |. 51 |PUSH ECX ; /Arg2
00404676 |. 8B95 F4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-100C] ; |
0040467C |. 52 |PUSH EDX ; |Arg1
0040467D |. E8 77F0FFFF |CALL Ekd5.004036F9 ; \Ekd5.004036F9
00404682 |. 83C4 08 |ADD ESP,8
00404685 |. 8B85 FCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1004]
0040468B |. 50 |PUSH EAX ; /Arg2
0040468C |. 8B8D F8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1008] ; |
00404692 |. 51 |PUSH ECX ; |Arg1
00404693 |. E8 61F0FFFF |CALL Ekd5.004036F9 ; \Ekd5.004036F9
00404698 |. 83C4 08 |ADD ESP,8
0040469B |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0040469D |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0040469F |. 68 00490000 |PUSH 4900 ; |Arg1 = 00004900
004046A4 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
004046A9 |. E8 92B30700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
004046AE |. 50 |PUSH EAX ; /Arg5
004046AF |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
004046B1 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
004046B3 |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
004046B9 |. 83EA 08 |SUB EDX,8 ; |
004046BC |. 52 |PUSH EDX ; |Arg2
004046BD |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
004046C3 |. 83E8 08 |SUB EAX,8 ; |
004046C6 |. 50 |PUSH EAX ; |Arg1
004046C7 |. E8 1AD30400 |CALL Ekd5.004519E6 ; \Ekd5.004519E6
004046CC |. 83C4 14 |ADD ESP,14
004046CF |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
004046D1 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
004046D3 |. 68 00590000 |PUSH 5900 ; |Arg1 = 00005900
004046D8 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
004046DD |. E8 5EB30700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
004046E2 |. 50 |PUSH EAX ; /Arg5
004046E3 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
004046E5 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
004046E7 |. 8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030] ; |
004046ED |. 83E9 08 |SUB ECX,8 ; |
004046F0 |. 51 |PUSH ECX ; |Arg2
004046F1 |. 8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C] ; |
004046F7 |. 83EA 08 |SUB EDX,8 ; |
004046FA |. 52 |PUSH EDX ; |Arg1
004046FB |. E8 E6D20400 |CALL Ekd5.004519E6 ; \Ekd5.004519E6
00404700 |. 83C4 14 |ADD ESP,14
00404703 |. B9 083D4B00 |MOV ECX,Ekd5.004B3D08
00404708 |. E8 23200000 |CALL Ekd5.00406730
0040470D |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
0040470F |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404711 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404713 |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
00404718 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
0040471D |. E8 1EB30700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404722 |. 50 |PUSH EAX ; |Arg5
00404723 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404725 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404727 |. 8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030] ; |
0040472D |. 83E8 08 |SUB EAX,8 ; |
00404730 |. 50 |PUSH EAX ; |Arg2
00404731 |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
00404737 |. 83E9 08 |SUB ECX,8 ; |
0040473A |. 51 |PUSH ECX ; |Arg1
0040473B |. E8 D3D10400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404740 |. 83C4 18 |ADD ESP,18
00404743 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00404745 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404747 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404749 |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
0040474E |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404753 |. E8 E8B20700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404758 |. 50 |PUSH EAX ; |Arg5
00404759 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
0040475B |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
0040475D |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
00404763 |. 83EA 08 |SUB EDX,8 ; |
00404766 |. 52 |PUSH EDX ; |Arg2
00404767 |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
0040476D |. 83E8 08 |SUB EAX,8 ; |
00404770 |. 50 |PUSH EAX ; |Arg1
00404771 |. E8 9DD10400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404776 |. 83C4 18 |ADD ESP,18
00404779 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
0040477F |. 33D2 |XOR EDX,EDX
00404781 |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1]
00404784 |. 52 |PUSH EDX ; /Arg3
00404785 |. 8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030] ; |
0040478B |. 50 |PUSH EAX ; |Arg2
0040478C |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
00404792 |. 51 |PUSH ECX ; |Arg1
00404793 |. E8 87A30300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
00404798 |. 83C4 0C |ADD ESP,0C
0040479B |. 6A 04 |PUSH 4
0040479D |. 6A 00 |PUSH 0
0040479F |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
004047A5 |. 33C0 |XOR EAX,EAX
004047A7 |. 8A02 |MOV AL,BYTE PTR DS:[EDX]
004047A9 |. 8BF0 |MOV ESI,EAX
004047AB |. 69F6 00630000 |IMUL ESI,ESI,6300
004047B1 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004047B7 |. 33D2 |XOR EDX,EDX
004047B9 |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
004047BB |. 52 |PUSH EDX ; /Arg1
004047BC |. E8 549D0300 |CALL Ekd5.0043E515 ; \Ekd5.0043E515
004047C1 |. 83C4 04 |ADD ESP,4
004047C4 |. 83C0 06 |ADD EAX,6 ; |
004047C7 |. 69C0 00090000 |IMUL EAX,EAX,900 ; |
004047CD |. 03F0 |ADD ESI,EAX ; |
004047CF |. 56 |PUSH ESI ; |Arg1
004047D0 |. B9 80AB4A00 |MOV ECX,Ekd5.004AAB80 ; |
004047D5 |. E8 66B20700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
004047DA |. 50 |PUSH EAX ; /Arg6
004047DB |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
004047E1 |. 8A08 |MOV CL,BYTE PTR DS:[EAX] ; |
004047E3 |. 51 |PUSH ECX ; |Arg5
004047E4 |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
004047E6 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
004047E8 |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
004047EE |. 52 |PUSH EDX ; |Arg2
004047EF |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
004047F5 |. 50 |PUSH EAX ; |Arg1
004047F6 |. E8 81CB0400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
004047FB |. 83C4 18 |ADD ESP,18
004047FE |. E8 F39D0100 |CALL Ekd5.0041E5F6
00404803 |. E9 DF0E0000 |JMP Ekd5.004056E7
00404808 |> E8 CE9D0100 |CALL Ekd5.0041E5DB 第一个攻击动作
0040480D |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
0040480F |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404811 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404813 |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
00404818 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
0040481D |. E8 1EB20700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404822 |. 50 |PUSH EAX ; |Arg5
00404823 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404825 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404827 |. 8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030] ; |
0040482D |. 83E9 08 |SUB ECX,8 ; |
00404830 |. 51 |PUSH ECX ; |Arg2
00404831 |. 8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C] ; |
00404837 |. 83EA 08 |SUB EDX,8 ; |
0040483A |. 52 |PUSH EDX ; |Arg1
0040483B |. E8 D3D00400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404840 |. 83C4 18 |ADD ESP,18
00404843 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00404845 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404847 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404849 |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
0040484E |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404853 |. E8 E8B10700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404858 |. 50 |PUSH EAX ; |Arg5
00404859 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
0040485B |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
0040485D |. 8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028] ; |
00404863 |. 83E8 08 |SUB EAX,8 ; |
00404866 |. 50 |PUSH EAX ; |Arg2
00404867 |. 8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024] ; |
0040486D |. 83E9 08 |SUB ECX,8 ; |
00404870 |. 51 |PUSH ECX ; |Arg1
00404871 |. E8 9DD00400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404876 |. 83C4 18 |ADD ESP,18
00404879 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
0040487F |. 33C0 |XOR EAX,EAX
00404881 |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1]
00404884 |. 50 |PUSH EAX ; /Arg3
00404885 |. 8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030] ; |
0040488B |. 51 |PUSH ECX ; |Arg2
0040488C |. 8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C] ; |
00404892 |. 52 |PUSH EDX ; |Arg1
00404893 |. E8 87A20300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
00404898 |. 83C4 0C |ADD ESP,0C
0040489B |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0040489D |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0040489F |. 6A 00 |PUSH 0 ; |Arg1 = 00000000
004048A1 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
004048A6 |. E8 95B10700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
004048AB |. 50 |PUSH EAX ; /Arg6
004048AC |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
004048B2 |. 8A08 |MOV CL,BYTE PTR DS:[EAX] ; |
004048B4 |. 51 |PUSH ECX ; |Arg5
004048B5 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
004048B7 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
004048B9 |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
004048BF |. 83EA 08 |SUB EDX,8 ; |
004048C2 |. 52 |PUSH EDX ; |Arg2
004048C3 |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
004048C9 |. 83E8 08 |SUB EAX,8 ; |
004048CC |. 50 |PUSH EAX ; |Arg1
004048CD |. E8 AACA0400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
004048D2 |. 83C4 18 |ADD ESP,18
004048D5 |. E8 1C9D0100 |CALL Ekd5.0041E5F6 第一个攻击动作
004048DA |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004048E0 |. 8B49 0C |MOV ECX,DWORD PTR DS:[ECX+C]
004048E3 |. E8 3EB70300 |CALL Ekd5.00440026
004048E8 |. 85C0 |TEST EAX,EAX
004048EA |. 74 10 |JE SHORT Ekd5.004048FC
004048EC |. 6A 01 |PUSH 1 ; /Arg2 = 00000001
004048EE |. 6A 22 |PUSH 22 ; |Arg1 = 00000022
004048F0 |. B9 B0694B00 |MOV ECX,Ekd5.004B69B0 ; |
004048F5 |. E8 80FD0600 |CALL Ekd5.0047467A ; \Ekd5.0047467A
004048FA |. EB 30 |JMP SHORT Ekd5.0040492C
004048FC |> 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00404902 |. 8B4A 0C |MOV ECX,DWORD PTR DS:[EDX+C]
00404905 |. E8 FFB60300 |CALL Ekd5.00440009
0040490A |. 85C0 |TEST EAX,EAX
0040490C |. 74 10 |JE SHORT Ekd5.0040491E
0040490E |. 6A 01 |PUSH 1 ; /Arg2 = 00000001
00404910 |. 6A 25 |PUSH 25 ; |Arg1 = 00000025
00404912 |. B9 B0694B00 |MOV ECX,Ekd5.004B69B0 ; |
00404917 |. E8 5EFD0600 |CALL Ekd5.0047467A ; \Ekd5.0047467A
0040491C |. EB 0E |JMP SHORT Ekd5.0040492C
0040491E |> 6A 01 |PUSH 1 ; /Arg2 = 00000001
00404920 |. 6A 20 |PUSH 20 ; |Arg1 = 00000020
00404922 |. B9 B0694B00 |MOV ECX,Ekd5.004B69B0 ; |
00404927 |. E8 4EFD0600 |CALL Ekd5.0047467A ; \Ekd5.0047467A
0040492C |> E9 B60D0000 |JMP Ekd5.004056E7 返回最后
00404931 |> E8 A59C0100 |CALL Ekd5.0041E5DB
00404936 |. B9 083D4B00 |MOV ECX,Ekd5.004B3D08
0040493B |. E8 F01D0000 |CALL Ekd5.00406730
00404940 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00404942 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404944 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404946 |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
0040494B |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404950 |. E8 EBB00700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404955 |. 50 |PUSH EAX ; |Arg5
00404956 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404958 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
0040495A |. 8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030] ; |
00404960 |. 83E8 08 |SUB EAX,8 ; |
00404963 |. 50 |PUSH EAX ; |Arg2
00404964 |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
0040496A |. 83E9 08 |SUB ECX,8 ; |
0040496D |. 51 |PUSH ECX ; |Arg1
0040496E |. E8 A0CF0400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404973 |. 83C4 18 |ADD ESP,18
00404976 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00404978 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
0040497A |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
0040497C |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
00404981 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404986 |. E8 B5B00700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
0040498B |. 50 |PUSH EAX ; |Arg5
0040498C |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
0040498E |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404990 |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
00404996 |. 83EA 08 |SUB EDX,8 ; |
00404999 |. 52 |PUSH EDX ; |Arg2
0040499A |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
004049A0 |. 83E8 08 |SUB EAX,8 ; |
004049A3 |. 50 |PUSH EAX ; |Arg1
004049A4 |. E8 6ACF0400 |CALL Ekd5.00451913 ; \Ekd5.00451913
004049A9 |. 83C4 18 |ADD ESP,18
004049AC |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004049B2 |. 33D2 |XOR EDX,EDX
004049B4 |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1]
004049B7 |. 52 |PUSH EDX ; /Arg3
004049B8 |. 8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030] ; |
004049BE |. 50 |PUSH EAX ; |Arg2
004049BF |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
004049C5 |. 51 |PUSH ECX ; |Arg1
004049C6 |. E8 54A10300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
004049CB |. 83C4 0C |ADD ESP,0C
004049CE |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
004049D4 |. 8B4A 0C |MOV ECX,DWORD PTR DS:[EDX+C]
004049D7 |. E8 2DB60300 |CALL Ekd5.00440009
004049DC |. 85C0 |TEST EAX,EAX
004049DE |. 0F84 78010000 |JE Ekd5.00404B5C
004049E4 |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
004049EA |. 83B8 04060000>|CMP DWORD PTR DS:[EAX+604],0
004049F1 |. 0F84 0D010000 |JE Ekd5.00404B04
004049F7 |. 68 00100000 |PUSH 1000 ; /Arg3 = 00001000
004049FC |. 8D8D 00F0FFFF |LEA ECX,DWORD PTR SS:[EBP-1000] ; |
00404A02 |. 51 |PUSH ECX ; |Arg2
00404A03 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404A05 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404A07 |. 68 00100000 |PUSH 1000 ; ||Arg1 = 00001000
00404A0C |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404A11 |. E8 2AB00700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404A16 |. 50 |PUSH EAX ; |Arg1
00404A17 |. E8 E1B20700 |CALL Ekd5.0047FCFD ; \Ekd5.0047FCFD
00404A1C |. 83C4 0C |ADD ESP,0C
00404A1F |. 8D95 00F0FFFF |LEA EDX,DWORD PTR SS:[EBP-1000]
00404A25 |. 52 |PUSH EDX ; /Arg6
00404A26 |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
00404A2C |. 8A08 |MOV CL,BYTE PTR DS:[EAX] ; |
00404A2E |. 51 |PUSH ECX ; |Arg5
00404A2F |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404A31 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404A33 |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
00404A39 |. 83EA 08 |SUB EDX,8 ; |
00404A3C |. 52 |PUSH EDX ; |Arg2
00404A3D |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
00404A43 |. 83E8 08 |SUB EAX,8 ; |
00404A46 |. 50 |PUSH EAX ; |Arg1
00404A47 |. E8 30C90400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00404A4C |. 83C4 18 |ADD ESP,18
00404A4F |. E8 A29B0100 |CALL Ekd5.0041E5F6
00404A54 |. 6A 01 |PUSH 1 ; /Arg2 = 00000001
00404A56 |. 6A 21 |PUSH 21 ; |Arg1 = 00000021
00404A58 |. B9 B0694B00 |MOV ECX,Ekd5.004B69B0 ; |
00404A5D |. E8 18FC0600 |CALL Ekd5.0047467A ; \Ekd5.0047467A
00404A62 |. C685 E4EFFFFF>|MOV BYTE PTR SS:[EBP-101C],0
00404A69 |. EB 0F |JMP SHORT Ekd5.00404A7A
00404A6B |> 8A8D E4EFFFFF |/MOV CL,BYTE PTR SS:[EBP-101C]
00404A71 |. 80C1 01 ||ADD CL,1
00404A74 |. 888D E4EFFFFF ||MOV BYTE PTR SS:[EBP-101C],CL
00404A7A |> 8B95 E4EFFFFF | MOV EDX,DWORD PTR SS:[EBP-101C]
00404A80 |. 81E2 FF000000 ||AND EDX,0FF
00404A86 |. 83FA 06 ||CMP EDX,6
00404A89 |. 7D 77 ||JGE SHORT Ekd5.00404B02
00404A8B |. 6A 01 ||PUSH 1 ; /Arg1 = 00000001
00404A8D |. B9 181B4B00 ||MOV ECX,Ekd5.004B1B18 ; |
00404A92 |. E8 A9E8FFFF ||CALL Ekd5.00403340 ; \Ekd5.00403340
00404A97 |. E8 447A0200 ||CALL Ekd5.0042C4E0
00404A9C |. E8 3A9B0100 ||CALL Ekd5.0041E5DB
00404AA1 |. 8B85 E4EFFFFF ||MOV EAX,DWORD PTR SS:[EBP-101C]
00404AA7 |. 25 FF000000 ||AND EAX,0FF
00404AAC |. 99 ||CDQ
00404AAD |. 2BC2 ||SUB EAX,EDX
00404AAF |. D1F8 ||SAR EAX,1
00404AB1 |. 83C0 01 ||ADD EAX,1
00404AB4 |. 50 ||PUSH EAX ; /Arg4
00404AB5 |. 6A 40 ||PUSH 40 ; |Arg3 = 00000040
00404AB7 |. 6A 40 ||PUSH 40 ; |Arg2 = 00000040
00404AB9 |. 8D85 00F0FFFF ||LEA EAX,DWORD PTR SS:[EBP-1000] ; |
00404ABF |. 50 ||PUSH EAX ; |Arg1
00404AC0 |. E8 FBB80200 ||CALL Ekd5.004303C0 ; \Ekd5.004303C0
00404AC5 |. 83C4 10 ||ADD ESP,10
00404AC8 |. 8D8D 00F0FFFF ||LEA ECX,DWORD PTR SS:[EBP-1000]
00404ACE |. 51 ||PUSH ECX ; /Arg6
00404ACF |. 8B95 CCEFFFFF ||MOV EDX,DWORD PTR SS:[EBP-1034] ; |
00404AD5 |. 8A02 ||MOV AL,BYTE PTR DS:[EDX] ; |
00404AD7 |. 50 ||PUSH EAX ; |Arg5
00404AD8 |. 6A 40 ||PUSH 40 ; |Arg4 = 00000040
00404ADA |. 6A 40 ||PUSH 40 ; |Arg3 = 00000040
00404ADC |. 8B8D D8EFFFFF ||MOV ECX,DWORD PTR SS:[EBP-1028] ; |
00404AE2 |. 83E9 08 ||SUB ECX,8 ; |
00404AE5 |. 51 ||PUSH ECX ; |Arg2
00404AE6 |. 8B95 DCEFFFFF ||MOV EDX,DWORD PTR SS:[EBP-1024] ; |
00404AEC |. 83EA 08 ||SUB EDX,8 ; |
00404AEF |. 52 ||PUSH EDX ; |Arg1
00404AF0 |. E8 87C80400 ||CALL Ekd5.0045137C ; \Ekd5.0045137C
00404AF5 |. 83C4 18 ||ADD ESP,18
00404AF8 |. E8 F99A0100 ||CALL Ekd5.0041E5F6
00404AFD |.^ E9 69FFFFFF |\JMP Ekd5.00404A6B
00404B02 |> EB 3D |JMP SHORT Ekd5.00404B41
00404B04 |> 6A 04 |PUSH 4 ; /Arg3 = 00000004
00404B06 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
00404B08 |. 68 00100000 |PUSH 1000 ; |Arg1 = 00001000
00404B0D |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
00404B12 |. E8 29AF0700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00404B17 |. 50 |PUSH EAX ; /Arg6
00404B18 |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
00404B1E |. 8A08 |MOV CL,BYTE PTR DS:[EAX] ; |
00404B20 |. 51 |PUSH ECX ; |Arg5
00404B21 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404B23 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404B25 |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
00404B2B |. 83EA 08 |SUB EDX,8 ; |
00404B2E |. 52 |PUSH EDX ; |Arg2
00404B2F |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
00404B35 |. 83E8 08 |SUB EAX,8 ; |
00404B38 |. 50 |PUSH EAX ; |Arg1
00404B39 |. E8 3EC80400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00404B3E |. 83C4 18 |ADD ESP,18
00404B41 |> E8 B09A0100 |CALL Ekd5.0041E5F6
00404B46 |. 6A 08 |PUSH 8 ; /Arg1 = 00000008
00404B48 |. B9 181B4B00 |MOV ECX,Ekd5.004B1B18 ; |
00404B4D |. E8 EEE7FFFF |CALL Ekd5.00403340 ; \Ekd5.00403340
00404B52 |. E8 89790200 |CALL Ekd5.0042C4E0
00404B57 |. E9 5B010000 |JMP Ekd5.00404CB7
00404B5C |> 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
00404B62 |. 83B9 04060000>|CMP DWORD PTR DS:[ECX+604],0
00404B69 |. 0F84 09010000 |JE Ekd5.00404C78
00404B6F |. 68 00100000 |PUSH 1000 ; /Arg3 = 00001000
00404B74 |. 8D95 00F0FFFF |LEA EDX,DWORD PTR SS:[EBP-1000] ; |
00404B7A |. 52 |PUSH EDX ; |Arg2
00404B7B |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404B7D |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404B7F |. 6A 00 |PUSH 0 ; ||Arg1 = 00000000
00404B81 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404B86 |. E8 B5AE0700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404B8B |. 50 |PUSH EAX ; |Arg1
00404B8C |. E8 6CB10700 |CALL Ekd5.0047FCFD ; \Ekd5.0047FCFD
00404B91 |. 83C4 0C |ADD ESP,0C
00404B94 |. 8D85 00F0FFFF |LEA EAX,DWORD PTR SS:[EBP-1000]
00404B9A |. 50 |PUSH EAX ; /Arg6
00404B9B |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00404BA1 |. 8A11 |MOV DL,BYTE PTR DS:[ECX] ; |
00404BA3 |. 52 |PUSH EDX ; |Arg5
00404BA4 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404BA6 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404BA8 |. 8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028] ; |
00404BAE |. 83E8 08 |SUB EAX,8 ; |
00404BB1 |. 50 |PUSH EAX ; |Arg2
00404BB2 |. 8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024] ; |
00404BB8 |. 83E9 08 |SUB ECX,8 ; |
00404BBB |. 51 |PUSH ECX ; |Arg1
00404BBC |. E8 BBC70400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00404BC1 |. 83C4 18 |ADD ESP,18
00404BC4 |. E8 2D9A0100 |CALL Ekd5.0041E5F6
00404BC9 |. 6A 01 |PUSH 1 ; /Arg2 = 00000001
00404BCB |. 6A 21 |PUSH 21 ; |Arg1 = 00000021
00404BCD |. B9 B0694B00 |MOV ECX,Ekd5.004B69B0 ; |
00404BD2 |. E8 A3FA0600 |CALL Ekd5.0047467A ; \Ekd5.0047467A
00404BD7 |. C685 E4EFFFFF>|MOV BYTE PTR SS:[EBP-101C],0
00404BDE |. EB 0F |JMP SHORT Ekd5.00404BEF
00404BE0 |> 8A95 E4EFFFFF |/MOV DL,BYTE PTR SS:[EBP-101C]
00404BE6 |. 80C2 01 ||ADD DL,1
00404BE9 |. 8895 E4EFFFFF ||MOV BYTE PTR SS:[EBP-101C],DL
00404BEF |> 8B85 E4EFFFFF | MOV EAX,DWORD PTR SS:[EBP-101C]
00404BF5 |. 25 FF000000 ||AND EAX,0FF
00404BFA |. 83F8 06 ||CMP EAX,6
00404BFD |. 7D 77 ||JGE SHORT Ekd5.00404C76
00404BFF |. 6A 01 ||PUSH 1 ; /Arg1 = 00000001
00404C01 |. B9 181B4B00 ||MOV ECX,Ekd5.004B1B18 ; |
00404C06 |. E8 35E7FFFF ||CALL Ekd5.00403340 ; \Ekd5.00403340
00404C0B |. E8 D0780200 ||CALL Ekd5.0042C4E0
00404C10 |. E8 C6990100 ||CALL Ekd5.0041E5DB
00404C15 |. 8B85 E4EFFFFF ||MOV EAX,DWORD PTR SS:[EBP-101C]
00404C1B |. 25 FF000000 ||AND EAX,0FF
00404C20 |. 99 ||CDQ
00404C21 |. 2BC2 ||SUB EAX,EDX
00404C23 |. D1F8 ||SAR EAX,1
00404C25 |. 83C0 01 ||ADD EAX,1
00404C28 |. 50 ||PUSH EAX ; /Arg4
00404C29 |. 6A 40 ||PUSH 40 ; |Arg3 = 00000040
00404C2B |. 6A 40 ||PUSH 40 ; |Arg2 = 00000040
00404C2D |. 8D8D 00F0FFFF ||LEA ECX,DWORD PTR SS:[EBP-1000] ; |
00404C33 |. 51 ||PUSH ECX ; |Arg1
00404C34 |. E8 87B70200 ||CALL Ekd5.004303C0 ; \Ekd5.004303C0
00404C39 |. 83C4 10 ||ADD ESP,10
00404C3C |. 8D95 00F0FFFF ||LEA EDX,DWORD PTR SS:[EBP-1000]
00404C42 |. 52 ||PUSH EDX ; /Arg6
00404C43 |. 8B85 CCEFFFFF ||MOV EAX,DWORD PTR SS:[EBP-1034] ; |
00404C49 |. 8A08 ||MOV CL,BYTE PTR DS:[EAX] ; |
00404C4B |. 51 ||PUSH ECX ; |Arg5
00404C4C |. 6A 40 ||PUSH 40 ; |Arg4 = 00000040
00404C4E |. 6A 40 ||PUSH 40 ; |Arg3 = 00000040
00404C50 |. 8B95 D8EFFFFF ||MOV EDX,DWORD PTR SS:[EBP-1028] ; |
00404C56 |. 83EA 08 ||SUB EDX,8 ; |
00404C59 |. 52 ||PUSH EDX ; |Arg2
00404C5A |. 8B85 DCEFFFFF ||MOV EAX,DWORD PTR SS:[EBP-1024] ; |
00404C60 |. 83E8 08 ||SUB EAX,8 ; |
00404C63 |. 50 ||PUSH EAX ; |Arg1
00404C64 |. E8 13C70400 ||CALL Ekd5.0045137C ; \Ekd5.0045137C
00404C69 |. 83C4 18 ||ADD ESP,18
00404C6C |. E8 85990100 ||CALL Ekd5.0041E5F6
00404C71 |.^ E9 6AFFFFFF |\JMP Ekd5.00404BE0
00404C76 |> EB 3A |JMP SHORT Ekd5.00404CB2
00404C78 |> 6A 04 |PUSH 4 ; /Arg3 = 00000004
00404C7A |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
00404C7C |. 6A 00 |PUSH 0 ; |Arg1 = 00000000
00404C7E |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
00404C83 |. E8 B8AD0700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00404C88 |. 50 |PUSH EAX ; /Arg6
00404C89 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00404C8F |. 8A11 |MOV DL,BYTE PTR DS:[ECX] ; |
00404C91 |. 52 |PUSH EDX ; |Arg5
00404C92 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404C94 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404C96 |. 8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028] ; |
00404C9C |. 83E8 08 |SUB EAX,8 ; |
00404C9F |. 50 |PUSH EAX ; |Arg2
00404CA0 |. 8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024] ; |
00404CA6 |. 83E9 08 |SUB ECX,8 ; |
00404CA9 |. 51 |PUSH ECX ; |Arg1
00404CAA |. E8 CDC60400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00404CAF |. 83C4 18 |ADD ESP,18
00404CB2 |> E8 3F990100 |CALL Ekd5.0041E5F6 被攻击者第一个动作
00404CB7 |> E9 2B0A0000 |JMP Ekd5.004056E7
00404CBC |> E8 1A990100 |CALL Ekd5.0041E5DB //第二个攻击动作
00404CC1 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00404CC3 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404CC5 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404CC7 |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
00404CCC |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404CD1 |. E8 6AAD0700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404CD6 |. 50 |PUSH EAX ; |Arg5
00404CD7 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404CD9 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404CDB |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
00404CE1 |. 83EA 08 |SUB EDX,8 ; |
00404CE4 |. 52 |PUSH EDX ; |Arg2
00404CE5 |. 8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C] ; |
00404CEB |. 83E8 08 |SUB EAX,8 ; |
00404CEE |. 50 |PUSH EAX ; |Arg1
00404CEF |. E8 1FCC0400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404CF4 |. 83C4 18 |ADD ESP,18
00404CF7 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00404CF9 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404CFB |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404CFD |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
00404D02 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404D07 |. E8 34AD0700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404D0C |. 50 |PUSH EAX ; |Arg5
00404D0D |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404D0F |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404D11 |. 8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028] ; |
00404D17 |. 83E9 08 |SUB ECX,8 ; |
00404D1A |. 51 |PUSH ECX ; |Arg2
00404D1B |. 8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024] ; |
00404D21 |. 83EA 08 |SUB EDX,8 ; |
00404D24 |. 52 |PUSH EDX ; |Arg1
00404D25 |. E8 E9CB0400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404D2A |. 83C4 18 |ADD ESP,18
00404D2D |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00404D33 |. 33C9 |XOR ECX,ECX
00404D35 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1]
00404D38 |. 51 |PUSH ECX ; /Arg3
00404D39 |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
00404D3F |. 52 |PUSH EDX ; |Arg2
00404D40 |. 8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C] ; |
00404D46 |. 50 |PUSH EAX ; |Arg1
00404D47 |. E8 D39D0300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
00404D4C |. 83C4 0C |ADD ESP,0C
00404D4F |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
00404D51 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
00404D53 |. 68 00100000 |PUSH 1000 ; |Arg1 = 00001000
00404D58 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
00404D5D |. E8 DEAC0700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00404D62 |. 50 |PUSH EAX ; /Arg6
00404D63 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00404D69 |. 8A11 |MOV DL,BYTE PTR DS:[ECX] ; |
00404D6B |. 52 |PUSH EDX ; |Arg5
00404D6C |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404D6E |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404D70 |. 8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028] ; |
00404D76 |. 83E8 08 |SUB EAX,8 ; |
00404D79 |. 50 |PUSH EAX ; |Arg2
00404D7A |. 8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024] ; |
00404D80 |. 83E9 08 |SUB ECX,8 ; |
00404D83 |. 51 |PUSH ECX ; |Arg1
00404D84 |. E8 F3C50400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00404D89 |. 83C4 18 |ADD ESP,18
00404D8C |. E8 65980100 |CALL Ekd5.0041E5F6 第二个攻击动作
00404D91 |. E9 51090000 |JMP Ekd5.004056E7
00404D96 |> E8 40980100 |CALL Ekd5.0041E5DB
00404D9B |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00404D9D |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404D9F |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404DA1 |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
00404DA6 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404DAB |. E8 90AC0700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404DB0 |. 50 |PUSH EAX ; |Arg5
00404DB1 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404DB3 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404DB5 |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
00404DBB |. 83EA 08 |SUB EDX,8 ; |
00404DBE |. 52 |PUSH EDX ; |Arg2
00404DBF |. 8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C] ; |
00404DC5 |. 83E8 08 |SUB EAX,8 ; |
00404DC8 |. 50 |PUSH EAX ; |Arg1
00404DC9 |. E8 45CB0400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404DCE |. 83C4 18 |ADD ESP,18
00404DD1 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00404DD3 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404DD5 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404DD7 |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
00404DDC |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404DE1 |. E8 5AAC0700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404DE6 |. 50 |PUSH EAX ; |Arg5
00404DE7 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404DE9 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404DEB |. 8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028] ; |
00404DF1 |. 83E9 08 |SUB ECX,8 ; |
00404DF4 |. 51 |PUSH ECX ; |Arg2
00404DF5 |. 8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024] ; |
00404DFB |. 83EA 08 |SUB EDX,8 ; |
00404DFE |. 52 |PUSH EDX ; |Arg1
00404DFF |. E8 0FCB0400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404E04 |. 83C4 18 |ADD ESP,18
00404E07 |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00404E0D |. 33C9 |XOR ECX,ECX
00404E0F |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1]
00404E12 |. 6BC9 24 |IMUL ECX,ECX,24
00404E15 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00404E1B |. E8 70DE0600 |CALL Ekd5.00472C90
00404E20 |. 85C0 |TEST EAX,EAX
00404E22 |. 75 35 |JNZ SHORT Ekd5.00404E59
00404E24 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00404E2A |. 33C0 |XOR EAX,EAX
00404E2C |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1]
00404E2F |. 50 |PUSH EAX ; /Arg3
00404E30 |. 8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030] ; |
00404E36 |. 51 |PUSH ECX ; |Arg2
00404E37 |. 8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C] ; |
00404E3D |. 52 |PUSH EDX ; |Arg1
00404E3E |. E8 DC9C0300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
00404E43 |. 83C4 0C |ADD ESP,0C
00404E46 |. 6A 01 |PUSH 1 ; /Arg2 = 00000001
00404E48 |. 6A 07 |PUSH 7 ; |Arg1 = 00000007
00404E4A |. B9 B0694B00 |MOV ECX,Ekd5.004B69B0 ; |
00404E4F |. E8 26F80600 |CALL Ekd5.0047467A ; \Ekd5.0047467A
00404E54 |. E9 5A010000 |JMP Ekd5.00404FB3
00404E59 |> 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00404E5F |. 83B8 84000000>|CMP DWORD PTR DS:[EAX+84],0
00404E66 |. 0F85 A5000000 |JNZ Ekd5.00404F11
00404E6C |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
00404E72 |. 83B9 54020000>|CMP DWORD PTR DS:[ECX+254],0
00404E79 |. 0F85 92000000 |JNZ Ekd5.00404F11
00404E7F |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
00404E81 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
00404E83 |. 68 00400000 |PUSH 4000 ; |Arg1 = 00004000
00404E88 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
00404E8D |. E8 AEAB0700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00404E92 |. 50 |PUSH EAX ; /Arg6
00404E93 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
00404E99 |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1] ; |
00404E9C |. 50 |PUSH EAX ; |Arg5
00404E9D |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
00404E9F |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00404EA1 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00404EA7 |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
00404EAD |. 0391 10060000 |ADD EDX,DWORD PTR DS:[ECX+610] ; |
00404EB3 |. 52 |PUSH EDX ; |Arg2
00404EB4 |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
00404EBA |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
00404EC0 |. 0388 0C060000 |ADD ECX,DWORD PTR DS:[EAX+60C] ; |
00404EC6 |. 51 |PUSH ECX ; |Arg1
00404EC7 |. E8 B0C40400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00404ECC |. 83C4 18 |ADD ESP,18
00404ECF |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00404ED5 |. 8A02 |MOV AL,BYTE PTR DS:[EDX]
00404ED7 |. 50 |PUSH EAX ; /Arg2
00404ED8 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00404EDE |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1] ; |
00404EE1 |. 52 |PUSH EDX ; |Arg1
00404EE2 |. E8 42090300 |CALL Ekd5.00435829 ; \Ekd5.00435829
00404EE7 |. 83C4 08 |ADD ESP,8
00404EEA |. 6A 01 |PUSH 1 ; /Arg2 = 00000001
00404EEC |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
00404EF2 |. 33C9 |XOR ECX,ECX ; |
00404EF4 |. 83B8 04060000>|CMP DWORD PTR DS:[EAX+604],0 ; |
00404EFB |. 0F95C1 |SETNE CL ; |
00404EFE |. 83C1 1E |ADD ECX,1E ; |
00404F01 |. 51 |PUSH ECX ; |Arg1
00404F02 |. B9 B0694B00 |MOV ECX,Ekd5.004B69B0 ; |
00404F07 |. E8 6EF70600 |CALL Ekd5.0047467A ; \Ekd5.0047467A
00404F0C |. E9 A2000000 |JMP Ekd5.00404FB3
00404F11 |> 68 00090000 |PUSH 900 ; /Arg3 = 00000900
00404F16 |. 8D95 00F0FFFF |LEA EDX,DWORD PTR SS:[EBP-1000] ; |
00404F1C |. 52 |PUSH EDX ; |Arg2
00404F1D |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404F1F |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404F21 |. 68 00400000 |PUSH 4000 ; ||Arg1 = 00004000
00404F26 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404F2B |. E8 10AB0700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404F30 |. 50 |PUSH EAX ; |Arg1
00404F31 |. E8 C7AD0700 |CALL Ekd5.0047FCFD ; \Ekd5.0047FCFD
00404F36 |. 83C4 0C |ADD ESP,0C
00404F39 |. 6A 0C |PUSH 0C ; /Arg4 = 0000000C
00404F3B |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00404F3D |. 6A 30 |PUSH 30 ; |Arg2 = 00000030
00404F3F |. 8D85 00F0FFFF |LEA EAX,DWORD PTR SS:[EBP-1000] ; |
00404F45 |. 50 |PUSH EAX ; |Arg1
00404F46 |. E8 75B40200 |CALL Ekd5.004303C0 ; \Ekd5.004303C0
00404F4B |. 83C4 10 |ADD ESP,10
00404F4E |. 8D8D 00F0FFFF |LEA ECX,DWORD PTR SS:[EBP-1000]
00404F54 |. 51 |PUSH ECX ; /Arg6
00404F55 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
00404F5B |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1] ; |
00404F5E |. 50 |PUSH EAX ; |Arg5
00404F5F |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
00404F61 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00404F63 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00404F69 |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
00404F6F |. 0391 10060000 |ADD EDX,DWORD PTR DS:[ECX+610] ; |
00404F75 |. 52 |PUSH EDX ; |Arg2
00404F76 |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
00404F7C |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
00404F82 |. 0388 0C060000 |ADD ECX,DWORD PTR DS:[EAX+60C] ; |
00404F88 |. 51 |PUSH ECX ; |Arg1
00404F89 |. E8 EEC30400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00404F8E |. 83C4 18 |ADD ESP,18
00404F91 |. 6A 01 |PUSH 1 ; /Arg2 = 00000001
00404F93 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
00404F99 |. 33C0 |XOR EAX,EAX ; |
00404F9B |. 83BA 04060000>|CMP DWORD PTR DS:[EDX+604],0 ; |
00404FA2 |. 0F95C0 |SETNE AL ; |
00404FA5 |. 83C0 23 |ADD EAX,23 ; |
00404FA8 |. 50 |PUSH EAX ; |Arg1
00404FA9 |. B9 B0694B00 |MOV ECX,Ekd5.004B69B0 ; |
00404FAE |. E8 C7F60600 |CALL Ekd5.0047467A ; \Ekd5.0047467A
00404FB3 |> 6A 04 |PUSH 4 ; /Arg3 = 00000004
00404FB5 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
00404FB7 |. 68 00200000 |PUSH 2000 ; |Arg1 = 00002000
00404FBC |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
00404FC1 |. E8 7AAA0700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00404FC6 |. 50 |PUSH EAX ; /Arg6
00404FC7 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00404FCD |. 8A11 |MOV DL,BYTE PTR DS:[ECX] ; |
00404FCF |. 52 |PUSH EDX ; |Arg5
00404FD0 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404FD2 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404FD4 |. 8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028] ; |
00404FDA |. 83E8 08 |SUB EAX,8 ; |
00404FDD |. 50 |PUSH EAX ; |Arg2
00404FDE |. 8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024] ; |
00404FE4 |. 83E9 08 |SUB ECX,8 ; |
00404FE7 |. 51 |PUSH ECX ; |Arg1
00404FE8 |. E8 8FC30400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00404FED |. 83C4 18 |ADD ESP,18
00404FF0 |. E8 01960100 |CALL Ekd5.0041E5F6 第三个攻击动作 被攻击者动作也有(被攻击者图发光)
00404FF5 |. E9 ED060000 |JMP Ekd5.004056E7
00404FFA |> E8 DC950100 |CALL Ekd5.0041E5DB
00404FFF |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00405001 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00405003 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00405005 |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
0040500A |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
0040500F |. E8 2CAA0700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00405014 |. 50 |PUSH EAX ; |Arg5
00405015 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00405017 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00405019 |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
0040501F |. 83EA 08 |SUB EDX,8 ; |
00405022 |. 52 |PUSH EDX ; |Arg2
00405023 |. 8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C] ; |
00405029 |. 83E8 08 |SUB EAX,8 ; |
0040502C |. 50 |PUSH EAX ; |Arg1
0040502D |. E8 E1C80400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00405032 |. 83C4 18 |ADD ESP,18
00405035 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00405037 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00405039 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
0040503B |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
00405040 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00405045 |. E8 F6A90700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
0040504A |. 50 |PUSH EAX ; |Arg5
0040504B |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
0040504D |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
0040504F |. 8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028] ; |
00405055 |. 83E9 08 |SUB ECX,8 ; |
00405058 |. 51 |PUSH ECX ; |Arg2
00405059 |. 8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024] ; |
0040505F |. 83EA 08 |SUB EDX,8 ; |
00405062 |. 52 |PUSH EDX ; |Arg1
00405063 |. E8 ABC80400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00405068 |. 83C4 18 |ADD ESP,18
0040506B |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00405071 |. 33C9 |XOR ECX,ECX
00405073 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1]
00405076 |. 6BC9 24 |IMUL ECX,ECX,24
00405079 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
0040507F |. E8 0CDC0600 |CALL Ekd5.00472C90
00405084 |. 85C0 |TEST EAX,EAX
00405086 |. 75 27 |JNZ SHORT Ekd5.004050AF
00405088 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
0040508E |. 33C0 |XOR EAX,EAX
00405090 |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1]
00405093 |. 50 |PUSH EAX ; /Arg3
00405094 |. 8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030] ; |
0040509A |. 51 |PUSH ECX ; |Arg2
0040509B |. 8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C] ; |
004050A1 |. 52 |PUSH EDX ; |Arg1
004050A2 |. E8 789A0300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
004050A7 |. 83C4 0C |ADD ESP,0C
004050AA |. E9 36010000 |JMP Ekd5.004051E5
004050AF |> 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
004050B5 |. 83B8 84000000>|CMP DWORD PTR DS:[EAX+84],0
004050BC |. 75 7F |JNZ SHORT Ekd5.0040513D
004050BE |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004050C4 |. 83B9 54020000>|CMP DWORD PTR DS:[ECX+254],0
004050CB |. 75 70 |JNZ SHORT Ekd5.0040513D
004050CD |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
004050CF |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
004050D1 |. 68 00400000 |PUSH 4000 ; |Arg1 = 00004000
004050D6 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
004050DB |. E8 60A90700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
004050E0 |. 50 |PUSH EAX ; /Arg6
004050E1 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
004050E7 |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1] ; |
004050EA |. 50 |PUSH EAX ; |Arg5
004050EB |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
004050ED |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
004050EF |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
004050F5 |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
004050FB |. 0391 10060000 |ADD EDX,DWORD PTR DS:[ECX+610] ; |
00405101 |. 52 |PUSH EDX ; |Arg2
00405102 |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
00405108 |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
0040510E |. 0388 0C060000 |ADD ECX,DWORD PTR DS:[EAX+60C] ; |
00405114 |. 51 |PUSH ECX ; |Arg1
00405115 |. E8 62C20400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
0040511A |. 83C4 18 |ADD ESP,18
0040511D |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00405123 |. 8A02 |MOV AL,BYTE PTR DS:[EDX]
00405125 |. 50 |PUSH EAX ; /Arg2
00405126 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
0040512C |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1] ; |
0040512F |. 52 |PUSH EDX ; |Arg1
00405130 |. E8 F4060300 |CALL Ekd5.00435829 ; \Ekd5.00435829
00405135 |. 83C4 08 |ADD ESP,8
00405138 |. E9 A8000000 |JMP Ekd5.004051E5
0040513D |> 68 00090000 |PUSH 900 ; /Arg3 = 00000900
00405142 |. 8D85 00F0FFFF |LEA EAX,DWORD PTR SS:[EBP-1000] ; |
00405148 |. 50 |PUSH EAX ; |Arg2
00405149 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
0040514B |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
0040514D |. 68 00400000 |PUSH 4000 ; ||Arg1 = 00004000
00405152 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00405157 |. E8 E4A80700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
0040515C |. 50 |PUSH EAX ; |Arg1
0040515D |. E8 9BAB0700 |CALL Ekd5.0047FCFD ; \Ekd5.0047FCFD
00405162 |. 83C4 0C |ADD ESP,0C
00405165 |. 6A 0C |PUSH 0C ; /Arg4 = 0000000C
00405167 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00405169 |. 6A 30 |PUSH 30 ; |Arg2 = 00000030
0040516B |. 8D8D 00F0FFFF |LEA ECX,DWORD PTR SS:[EBP-1000] ; |
00405171 |. 51 |PUSH ECX ; |Arg1
00405172 |. E8 49B20200 |CALL Ekd5.004303C0 ; \Ekd5.004303C0
00405177 |. 83C4 10 |ADD ESP,10
0040517A |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00405180 |. 83BA 04060000>|CMP DWORD PTR DS:[EDX+604],0
00405187 |. 74 19 |JE SHORT Ekd5.004051A2
00405189 |. 6A 04 |PUSH 4 ; /Arg6 = 00000004
0040518B |. 6A 0F |PUSH 0F ; |Arg5 = 0000000F
0040518D |. 6A 0F |PUSH 0F ; |Arg4 = 0000000F
0040518F |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00405191 |. 6A 30 |PUSH 30 ; |Arg2 = 00000030
00405193 |. 8D85 00F0FFFF |LEA EAX,DWORD PTR SS:[EBP-1000] ; |
00405199 |. 50 |PUSH EAX ; |Arg1
0040519A |. E8 9FB30200 |CALL Ekd5.0043053E ; \Ekd5.0043053E
0040519F |. 83C4 18 |ADD ESP,18
004051A2 |> 8D8D 00F0FFFF |LEA ECX,DWORD PTR SS:[EBP-1000]
004051A8 |. 51 |PUSH ECX ; /Arg6
004051A9 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
004051AF |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1] ; |
004051B2 |. 50 |PUSH EAX ; |Arg5
004051B3 |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
004051B5 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
004051B7 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
004051BD |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
004051C3 |. 0391 10060000 |ADD EDX,DWORD PTR DS:[ECX+610] ; |
004051C9 |. 52 |PUSH EDX ; |Arg2
004051CA |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
004051D0 |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
004051D6 |. 0388 0C060000 |ADD ECX,DWORD PTR DS:[EAX+60C] ; |
004051DC |. 51 |PUSH ECX ; |Arg1
004051DD |. E8 9AC10400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
004051E2 |. 83C4 18 |ADD ESP,18
004051E5 |> 6A 04 |PUSH 4 ; /Arg3 = 00000004
004051E7 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
004051E9 |. 68 00300000 |PUSH 3000 ; |Arg1 = 00003000
004051EE |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
004051F3 |. E8 48A80700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
004051F8 |. 50 |PUSH EAX ; /Arg6
004051F9 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
004051FF |. 8A02 |MOV AL,BYTE PTR DS:[EDX] ; |
00405201 |. 50 |PUSH EAX ; |Arg5
00405202 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00405204 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00405206 |. 8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028] ; |
0040520C |. 83E9 08 |SUB ECX,8 ; |
0040520F |. 51 |PUSH ECX ; |Arg2
00405210 |. 8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024] ; |
00405216 |. 83EA 08 |SUB EDX,8 ; |
00405219 |. 52 |PUSH EDX ; |Arg1
0040521A |. E8 5DC10400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
0040521F |. 83C4 18 |ADD ESP,18
00405222 |. E8 CF930100 |CALL Ekd5.0041E5F6 第四个攻击动作
00405227 |. E9 BB040000 |JMP Ekd5.004056E7
0040522C |> E8 AA930100 |CALL Ekd5.0041E5DB
00405231 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00405233 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00405235 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00405237 |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
0040523C |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00405241 |. E8 FAA70700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00405246 |. 50 |PUSH EAX ; |Arg5
00405247 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00405249 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
0040524B |. 8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030] ; |
00405251 |. 83E8 08 |SUB EAX,8 ; |
00405254 |. 50 |PUSH EAX ; |Arg2
00405255 |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
0040525B |. 83E9 08 |SUB ECX,8 ; |
0040525E |. 51 |PUSH ECX ; |Arg1
0040525F |. E8 AFC60400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00405264 |. 83C4 18 |ADD ESP,18
00405267 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00405269 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
0040526B |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
0040526D |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
00405272 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00405277 |. E8 C4A70700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
0040527C |. 50 |PUSH EAX ; |Arg5
0040527D |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
0040527F |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00405281 |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
00405287 |. 83EA 08 |SUB EDX,8 ; |
0040528A |. 52 |PUSH EDX ; |Arg2
0040528B |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
00405291 |. 83E8 08 |SUB EAX,8 ; |
00405294 |. 50 |PUSH EAX ; |Arg1
00405295 |. E8 79C60400 |CALL Ekd5.00451913 ; \Ekd5.00451913
0040529A |. 83C4 18 |ADD ESP,18
0040529D |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004052A3 |. 33D2 |XOR EDX,EDX
004052A5 |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1]
004052A8 |. 8BCA |MOV ECX,EDX
004052AA |. 6BC9 24 |IMUL ECX,ECX,24
004052AD |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
004052B3 |. E8 D8D90600 |CALL Ekd5.00472C90
004052B8 |. 85C0 |TEST EAX,EAX
004052BA |. 75 24 |JNZ SHORT Ekd5.004052E0
004052BC |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
004052C2 |. 33C9 |XOR ECX,ECX
004052C4 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1]
004052C7 |. 51 |PUSH ECX ; /Arg3
004052C8 |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
004052CE |. 52 |PUSH EDX ; |Arg2
004052CF |. 8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C] ; |
004052D5 |. 50 |PUSH EAX ; |Arg1
004052D6 |. E8 44980300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
004052DB |. 83C4 0C |ADD ESP,0C
004052DE |. EB 38 |JMP SHORT Ekd5.00405318
004052E0 |> 6A 04 |PUSH 4 ; /Arg3 = 00000004
004052E2 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
004052E4 |. 68 00400000 |PUSH 4000 ; |Arg1 = 00004000
004052E9 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
004052EE |. E8 4DA70700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
004052F3 |. 50 |PUSH EAX ; /Arg6
004052F4 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
004052FA |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1] ; |
004052FD |. 52 |PUSH EDX ; |Arg5
004052FE |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
00405300 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00405302 |. 8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030] ; |
00405308 |. 50 |PUSH EAX ; |Arg2
00405309 |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
0040530F |. 51 |PUSH ECX ; |Arg1
00405310 |. E8 67C00400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00405315 |. 83C4 18 |ADD ESP,18
00405318 |> 6A 04 |PUSH 4 ; /Arg3 = 00000004
0040531A |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0040531C |. 68 00300000 |PUSH 3000 ; |Arg1 = 00003000
00405321 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
00405326 |. E8 15A70700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
0040532B |. 50 |PUSH EAX ; /Arg6
0040532C |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
00405332 |. 8A02 |MOV AL,BYTE PTR DS:[EDX] ; |
00405334 |. 50 |PUSH EAX ; |Arg5
00405335 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00405337 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00405339 |. 8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028] ; |
0040533F |. 83E9 08 |SUB ECX,8 ; |
00405342 |. 51 |PUSH ECX ; |Arg2
00405343 |. 8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024] ; |
00405349 |. 83EA 08 |SUB EDX,8 ; |
0040534C |. 52 |PUSH EDX ; |Arg1
0040534D |. E8 2AC00400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00405352 |. 83C4 18 |ADD ESP,18
00405355 |. E8 9C920100 |CALL Ekd5.0041E5F6 被攻击者动作 (发光没了)
0040535A |. E9 88030000 |JMP Ekd5.004056E7
0040535F |> E8 77920100 |CALL Ekd5.0041E5DB
00405364 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00405366 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00405368 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
0040536A |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
0040536F |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00405374 |. E8 C7A60700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00405379 |. 50 |PUSH EAX ; |Arg5
0040537A |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
0040537C |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
0040537E |. 8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030] ; |
00405384 |. 83E8 08 |SUB EAX,8 ; |
00405387 |. 50 |PUSH EAX ; |Arg2
00405388 |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
0040538E |. 83E9 08 |SUB ECX,8 ; |
00405391 |. 51 |PUSH ECX ; |Arg1
00405392 |. E8 7CC50400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00405397 |. 83C4 18 |ADD ESP,18
0040539A |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
0040539C |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
0040539E |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
004053A0 |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
004053A5 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
004053AA |. E8 91A60700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
004053AF |. 50 |PUSH EAX ; |Arg5
004053B0 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
004053B2 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
004053B4 |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
004053BA |. 83EA 08 |SUB EDX,8 ; |
004053BD |. 52 |PUSH EDX ; |Arg2
004053BE |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
004053C4 |. 83E8 08 |SUB EAX,8 ; |
004053C7 |. 50 |PUSH EAX ; |Arg1
004053C8 |. E8 46C50400 |CALL Ekd5.00451913 ; \Ekd5.00451913
004053CD |. 83C4 18 |ADD ESP,18
004053D0 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004053D6 |. 33D2 |XOR EDX,EDX
004053D8 |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1]
004053DB |. 8BCA |MOV ECX,EDX
004053DD |. 6BC9 24 |IMUL ECX,ECX,24
004053E0 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
004053E6 |. E8 A5D80600 |CALL Ekd5.00472C90
004053EB |. 85C0 |TEST EAX,EAX
004053ED |. 75 64 |JNZ SHORT Ekd5.00405453
004053EF |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
004053F5 |. 33C9 |XOR ECX,ECX
004053F7 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1]
004053FA |. 51 |PUSH ECX ; /Arg3
004053FB |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
00405401 |. 52 |PUSH EDX ; |Arg2
00405402 |. 8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C] ; |
00405408 |. 50 |PUSH EAX ; |Arg1
00405409 |. E8 11970300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
0040540E |. 83C4 0C |ADD ESP,0C
00405411 |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
00405413 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
00405415 |. 68 00300000 |PUSH 3000 ; |Arg1 = 00003000
0040541A |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
0040541F |. E8 1CA60700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00405424 |. 50 |PUSH EAX ; /Arg6
00405425 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
0040542B |. 8A11 |MOV DL,BYTE PTR DS:[ECX] ; |
0040542D |. 52 |PUSH EDX ; |Arg5
0040542E |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00405430 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00405432 |. 8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028] ; |
00405438 |. 83E8 08 |SUB EAX,8 ; |
0040543B |. 50 |PUSH EAX ; |Arg2
0040543C |. 8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024] ; |
00405442 |. 83E9 08 |SUB ECX,8 ; |
00405445 |. 51 |PUSH ECX ; |Arg1
00405446 |. E8 31BF0400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
0040544B |. 83C4 18 |ADD ESP,18
0040544E |. E9 DB000000 |JMP Ekd5.0040552E
00405453 |> 6A 04 |PUSH 4 ; /Arg3 = 00000004
00405455 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
00405457 |. 68 00400000 |PUSH 4000 ; |Arg1 = 00004000
0040545C |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
00405461 |. E8 DAA50700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00405466 |. 50 |PUSH EAX ; /Arg6
00405467 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
0040546D |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1] ; |
00405470 |. 50 |PUSH EAX ; |Arg5
00405471 |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
00405473 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00405475 |. 8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030] ; |
0040547B |. 51 |PUSH ECX ; |Arg2
0040547C |. 8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C] ; |
00405482 |. 52 |PUSH EDX ; |Arg1
00405483 |. E8 F4BE0400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00405488 |. 83C4 18 |ADD ESP,18
0040548B |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0040548D |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0040548F |. 68 00300000 |PUSH 3000 ; |Arg1 = 00003000
00405494 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
00405499 |. E8 A2A50700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
0040549E |. 50 |PUSH EAX ; /Arg6
0040549F |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
004054A5 |. 8A08 |MOV CL,BYTE PTR DS:[EAX] ; |
004054A7 |. 51 |PUSH ECX ; |Arg5
004054A8 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
004054AA |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
004054AC |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
004054B2 |. 83EA 08 |SUB EDX,8 ; |
004054B5 |. 52 |PUSH EDX ; |Arg2
004054B6 |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
004054BC |. 83E8 08 |SUB EAX,8 ; |
004054BF |. 50 |PUSH EAX ; |Arg1
004054C0 |. E8 B7BE0400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
004054C5 |. 83C4 18 |ADD ESP,18
004054C8 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004054CE |. 83B9 84000000>|CMP DWORD PTR DS:[ECX+84],0
004054D5 |. 74 25 |JE SHORT Ekd5.004054FC
004054D7 |. 6A 18 |PUSH 18 ; /Arg4 = 00000018
004054D9 |. 6A 12 |PUSH 12 ; |Arg3 = 00000012
004054DB |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
004054E1 |. 8B82 84000000 |MOV EAX,DWORD PTR DS:[EDX+84] ; |
004054E7 |. 50 |PUSH EAX ; |Arg2
004054E8 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
004054EE |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1] ; |
004054F1 |. 52 |PUSH EDX ; |Arg1
004054F2 |. E8 FAA50400 |CALL Ekd5.0044FAF1 ; \Ekd5.0044FAF1
004054F7 |. 83C4 10 |ADD ESP,10
004054FA |. EB 32 |JMP SHORT Ekd5.0040552E
004054FC |> 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00405502 |. 83B8 54020000>|CMP DWORD PTR DS:[EAX+254],0
00405509 |. 74 23 |JE SHORT Ekd5.0040552E
0040550B |. 6A 18 |PUSH 18 ; /Arg4 = 00000018
0040550D |. 6A 45 |PUSH 45 ; |Arg3 = 00000045
0040550F |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00405515 |. 8B91 54020000 |MOV EDX,DWORD PTR DS:[ECX+254] ; |
0040551B |. 52 |PUSH EDX ; |Arg2
0040551C |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
00405522 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1] ; |
00405525 |. 51 |PUSH ECX ; |Arg1
00405526 |. E8 C6A50400 |CALL Ekd5.0044FAF1 ; \Ekd5.0044FAF1
0040552B |. 83C4 10 |ADD ESP,10
0040552E |> E8 C3900100 |CALL Ekd5.0041E5F6 显示伤害点数
00405533 |. 8B95 F0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1010]
00405539 |. 52 |PUSH EDX ; /Arg1
0040553A |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00405540 |. E8 41ECFFFF |CALL Ekd5.00404186 ; \Ekd5.00404186
00405545 |. E9 9D010000 |JMP Ekd5.004056E7
0040554A |> 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00405550 |. 8B88 84000000 |MOV ECX,DWORD PTR DS:[EAX+84]
00405556 |. 51 |PUSH ECX
00405557 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
0040555D |. 33C0 |XOR EAX,EAX
0040555F |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1]
00405562 |. 8BC8 |MOV ECX,EAX
00405564 |. 6BC9 24 |IMUL ECX,ECX,24
00405567 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
0040556D |. E8 1ED70600 |CALL Ekd5.00472C90
00405572 |. 50 |PUSH EAX ; |Arg1
00405573 |. E8 26A50700 |CALL Ekd5.0047FA9E ; \Ekd5.0047FA9E
00405578 |. 83C4 08 |ADD ESP,8
0040557B |. 8BF0 |MOV ESI,EAX
0040557D |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
00405583 |. 33D2 |XOR EDX,EDX
00405585 |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1]
00405588 |. 8BCA |MOV ECX,EDX
0040558A |. 6BC9 24 |IMUL ECX,ECX,24
0040558D |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405593 |. E8 D8A00500 |CALL Ekd5.0045F670
00405598 |. 8BC8 |MOV ECX,EAX
0040559A |. 6BC9 48 |IMUL ECX,ECX,48
0040559D |. 81C1 0000D600 |ADD ECX,0D60000
004055A3 |. E8 731C0000 |CALL Ekd5.0040721B
004055A8 |. 33D2 |XOR EDX,EDX
004055AA |. B9 05000000 |MOV ECX,5
004055AF |. F7F1 |DIV ECX
004055B1 |. 3BF0 |CMP ESI,EAX
004055B3 |. 73 1D |JNB SHORT Ekd5.004055D2
004055B5 |. 6A 20 |PUSH 20 ; /Arg1 = 00000020
004055B7 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
004055BD |. 33C0 |XOR EAX,EAX ; |
004055BF |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1] ; |
004055C2 |. 8BC8 |MOV ECX,EAX ; |
004055C4 |. 6BC9 24 |IMUL ECX,ECX,24 ; |
004055C7 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50 ; |
004055CD |. E8 46D10300 |CALL Ekd5.00442718 ; \Ekd5.00442718
004055D2 |> E8 04900100 |CALL Ekd5.0041E5DB
004055D7 |. 8B8D FCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1004]
004055DD |. 51 |PUSH ECX ; /Arg2
004055DE |. 8B95 F8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1008] ; |
004055E4 |. 52 |PUSH EDX ; |Arg1
004055E5 |. E8 0FE1FFFF |CALL Ekd5.004036F9 ; \Ekd5.004036F9
004055EA |. 83C4 08 |ADD ESP,8
004055ED |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
004055EF |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
004055F1 |. 68 00590000 |PUSH 5900 ; |Arg1 = 00005900
004055F6 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
004055FB |. E8 40A40700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00405600 |. 50 |PUSH EAX ; /Arg5
00405601 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00405603 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00405605 |. 8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030] ; |
0040560B |. 83E8 08 |SUB EAX,8 ; |
0040560E |. 50 |PUSH EAX ; |Arg2
0040560F |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
00405615 |. 83E9 08 |SUB ECX,8 ; |
00405618 |. 51 |PUSH ECX ; |Arg1
00405619 |. E8 C8C30400 |CALL Ekd5.004519E6 ; \Ekd5.004519E6
0040561E |. 83C4 14 |ADD ESP,14
00405621 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00405623 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00405625 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00405627 |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
0040562C |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00405631 |. E8 0AA40700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00405636 |. 50 |PUSH EAX ; |Arg5
00405637 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00405639 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
0040563B |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
00405641 |. 83EA 08 |SUB EDX,8 ; |
00405644 |. 52 |PUSH EDX ; |Arg2
00405645 |. 8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C] ; |
0040564B |. 83E8 08 |SUB EAX,8 ; |
0040564E |. 50 |PUSH EAX ; |Arg1
0040564F |. E8 BFC20400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00405654 |. 83C4 18 |ADD ESP,18
00405657 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00405659 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
0040565B |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
0040565D |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
00405662 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00405667 |. E8 D4A30700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
0040566C |. 50 |PUSH EAX ; |Arg5
0040566D |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
0040566F |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00405671 |. 8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028] ; |
00405677 |. 83E9 08 |SUB ECX,8 ; |
0040567A |. 51 |PUSH ECX ; |Arg2
0040567B |. 8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024] ; |
00405681 |. 83EA 08 |SUB EDX,8 ; |
00405684 |. 52 |PUSH EDX ; |Arg1
00405685 |. E8 89C20400 |CALL Ekd5.00451913 ; \Ekd5.00451913
0040568A |. 83C4 18 |ADD ESP,18
0040568D |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00405693 |. 33C9 |XOR ECX,ECX
00405695 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1]
00405698 |. 51 |PUSH ECX ; /Arg3
00405699 |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
0040569F |. 52 |PUSH EDX ; |Arg2
004056A0 |. 8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C] ; |
004056A6 |. 50 |PUSH EAX ; |Arg1
004056A7 |. E8 73940300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
004056AC |. 83C4 0C |ADD ESP,0C
004056AF |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004056B5 |. 33D2 |XOR EDX,EDX
004056B7 |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
004056B9 |. 52 |PUSH EDX ; /Arg3
004056BA |. 8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028] ; |
004056C0 |. 50 |PUSH EAX ; |Arg2
004056C1 |. 8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024] ; |
004056C7 |. 51 |PUSH ECX ; |Arg1
004056C8 |. E8 52940300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
004056CD |. 83C4 0C |ADD ESP,0C
004056D0 |. E8 218F0100 |CALL Ekd5.0041E5F6 回复正常 (攻击者和被攻击)
004056D5 |. 8B95 F0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1010]
004056DB |. 52 |PUSH EDX ; /Arg1
004056DC |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
004056E2 |. E8 9FEAFFFF |CALL Ekd5.00404186 ; \Ekd5.00404186
004056E7 |> 6A 01 |PUSH 1 ; /Arg1 = 00000001 多数返回点
004056E9 |. B9 181B4B00 |MOV ECX,Ekd5.004B1B18 ; |
004056EE |. E8 4DDCFFFF |CALL Ekd5.00403340 ; \Ekd5.00403340
004056F3 |. E8 E86D0200 |CALL Ekd5.0042C4E0
004056F8 |.^ E9 23EFFFFF \JMP Ekd5.00404620
004056FD |> 5E POP ESI
004056FE |. 8BE5 MOV ESP,EBP
00405700 |. 5D POP EBP
00405701 \. C3 RETN
以上这个函数实在是太长了,而核心处也就是攻击动作的那个部分。四针图的出现顺序和被攻击图的迭代更替,由于曾经分析过想改成八针图,所以这段代码也分析过,下面看看用类C分析的结果吧,看上面这段反汇编实在太累了。
void攻击画面函数 ()
{
dispose
for (int i=0;i<=27;i++)
{
j=i;
if (j<=25)
{
switch(a)
{
case : 0 //0040466A
(调整了攻击和被攻击者的对应方向,如果方向本身没有问题,则被攻击者会按原方向换一个MOV图,
之前分析的上一层函数是攻击武将的朝向)
Call 004036F9([EBP-1014],[EBp-100C])
Call 004036F9([EBP-1004],[EBp-1008])
Call 0047FA40(4900,0,4)
Call 004519E6(([EBP-1024]-8),[EBP-1028]-8,40,40,0047FA40的返回值)
Call 0047FA40(5900,0,4)
Call 004519E6([EBP-102C]-8,[EBP-1030]-8,40,40,0047FA40的返回值)
CALL Ekd5.00406730
Call 47FA40(5900,0,4)
Call 451913([EBP-102C]-8,[EBP-1030]-8,40,40,0047FA40的返回值,0)
Call 47FA40(5900,0,4)
Call 451913([EBP-1024]-8,[EBP-1028]-8,40,40,0047FA40的返回值,0)
CALL Ekd5.0043EB1F ([EBP-102C],[EBP-1030],EDX)
CALL Ekd5.0043E515
CALL Ekd5.0047FA40
CALL Ekd5.0045137C
CALL Ekd5.0041E5F6
break;
case : 1 //00404808
攻击者第一个动作
//Call 0041E5DB
//Call 0047FA40(5900,0,4)
//Call 00451913
([EBP-102C]-8,[EBP-1030]-8,40,40,EAX(0047FA40的返回值),0)
(有两个参数是40,40代表图片的宽和高)
//Call 0047FA40(4900,0,4)
//Call 00451913
([EBP-1024]-8,[EBP-1028]-8,40,40,EAX(0047FA40的返回值),0)
//Call 0043EB1F
([EBP-102C],[EBP-1030],EAX)
//Call 0047FA40 (0,0,4)
//Call 0045137C ([EBP-1024],[EBP-1028],40,40,ECX,(0047FA40的返回值)
//Call 0041E5F6 画图
if(CALL 004400A2)-----------------------------------//004400E1)
{
Call 0047467A(0x22,1) 正常的步兵攻击
}
else
{
if(call 004400A2)
{
Call 0047467A(0x25,1) 弓兵,弓骑兵类的攻击
}
else
{
Call 0047467A(0x20,1) 暴击
}
}
break;
case : 2 //00404931
被攻击者有动作
(换了一个MOV图)
//Call 0041E5DB
//Call 00406730
//Call 0047FA40
//Call 00451913
//Call 0047FA40
//Call 00451913
//Call 0043EB1F
//Call 00440009
//
break;
case : 3 //00404cbc
攻击者第二个攻击动作
//Call 0041E5DB
//Call 0047FA40(5900,0,4)
//Call 00451913
([EBP-102C]-8,[EBP-1030]-8,40,40,EAX(0047FA40的返回值),0)
//Call 0047FA40(4900,0,4)
//Call 00451913
([EBP-1024]-8,[EBP-1028]-8,40,40,EAX(0047FA40的返回值),0)
//Call 0043EB1F
([EBP-102C],[EBP-1030],EDX)
//Call 0047FA40(1000,0,4)
/*00404D63 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00404D69 |. 8A11 |MOV DL,BYTE PTR DS:[ECX] ; |
00404D6B |. 52 |PUSH EDX ; |Arg5
*/
//Call 0045137C([EBP-1024],[EBP-1028],40,40,EDX,(0047FA40的返回值)
//Call 0041E5F6 画图
break;
case : 4 //00404d96
攻击者第三个攻击动作
被攻击者被攻击且发光动作(或者是格档)
//Call 0041E5DB
//Call 0047FA40
//Call 00451913(40*40)
//Call 0047FA40
//Call 00451913
if(Call 00472C90 当前ecx武将体力)
{
if(变量1!=0||变量2!=0)
{
CALL 0047FA40(4000,0,4)
Call 0047FCFD
Call 004303C0
CALL 0045137C(30*30)
CALL 0047467A
}
else
{
Call 0047FA40(4000,0,4)
Call 0045137C
Call 00435829
Call 0047467A
}
}
else
{
CALL Ekd5.0043EB1F
CALL Ekd5.0047467A
}
CALL 0047FA40(2000,0,4)
Call 0045137C(40*40)
Call 0041E5F6 //画图
break;
case : 5 //00404FFA
攻击者第四个攻击动作
//Call 0041E5DB
//Call 0047FA40
//Call 00451913
//Call 0047FA40
//Call 00451913
if(Call 00472C90)
{
if (变量1!=0||变量2!=0)
{
//Call 0047FA40 (4000,0,4)
//Call 0047FCFD
//Call 004303C0
if (变量3==0)
{
//Call 0045137C (图的大小是30*30)
}
else
{
//Call 0043053E
}
}
else
{
//Call 0047FA40 (4000,0,4)
//Call 0045137C (图的大小是30*30)
//Call 00435829
}
}
else
{
//Call 0043EB1F
}
//Call 0047FA40 (3000,0,4)
//Call 0045137C
//Call 0041E5F6
break;
case : 6 //0040522C
被攻击者不发光(或者格档后回复正常)
break;
case : 7 //0040535F
显示伤害点数
break;
case : 8 //0040554A
回复正常(攻击者和被攻击者都回复正常)
break;
default:
}
}
//调用了两个函数
//A(1);
//B();
}
return;
}
在第一个攻击动作的时候,我们看到还调用了另外一个对我们修改比较有意义的函数,004400A2 ,我们知道,弓兵,弓骑兵的攻击有变慢的一下,道理就在这。
[ 本帖最后由 岱瀛 于 2007-1-21 15:33 编辑 ]
作者:
岱瀛 时间: 2007-1-21 14:56
攻击判断函数:
这个函数终于比较简单了
攻击时候,这个是判断是否是弓兵弓骑兵,倒置攻击动作变慢的函数
004400A2 /$ 55 PUSH EBP
004400A3 |. 8BEC MOV EBP,ESP
004400A5 |. 83EC 10 SUB ESP,10
004400A8 |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
004400AB |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
004400AE |. E8 BDB3FFFF CALL Ekd5.0043B470 //获取攻击武将职业代号
004400B3 |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
004400B6 |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8]
004400B9 |. 8845 F0 MOV BYTE PTR SS:[EBP-10],AL
004400BC |. 807D F0 02 CMP BYTE PTR SS:[EBP-10],2
004400C0 |. 74 08 JE SHORT Ekd5.004400CA //等于2,表示原曹操传弓兵,给值1返回
004400C2 |. 807D F0 04 CMP BYTE PTR SS:[EBP-10],4
004400C6 |. 74 02 JE SHORT Ekd5.004400CA //等于4,表示原曹操传弓骑兵,给值1返回
004400C8 |. EB 09 JMP SHORT Ekd5.004400D3
004400CA |> C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1 返回1
004400D1 |. EB 07 JMP SHORT Ekd5.004400DA
004400D3 |> C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0 返回0
004400DA |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004400DD |. 8BE5 MOV ESP,EBP
004400DF |. 5D POP EBP
004400E0 \. C3 RETN
[ 本帖最后由 岱瀛 于 2007-1-21 15:36 编辑 ]
作者:
岱瀛 时间: 2007-1-21 20:58
攻击效果函数
局部变量:
*([EBP-C]的值+8)就是攻击武将的Ecx值
00405889 /$ 55 PUSH EBP
0040588A |. 8BEC MOV EBP,ESP
0040588C |. 83EC 0C SUB ESP,0C
0040588F |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
00405892 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00405895 |. 33C9 XOR ECX,ECX
00405897 |. 8A88 24040000 MOV CL,BYTE PTR DS:[EAX+424]
0040589D |. F7D9 NEG ECX
0040589F |. 1BC9 SBB ECX,ECX
004058A1 |. 41 INC ECX
004058A2 |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
004058A5 |. C645 F8 00 MOV BYTE PTR SS:[EBP-8],0
004058A9 |. EB 09 JMP SHORT Ekd5.004058B4
004058AB |> 8A55 F8 /MOV DL,BYTE PTR SS:[EBP-8]
004058AE |. 80C2 01 |ADD DL,1
004058B1 |. 8855 F8 |MOV BYTE PTR SS:[EBP-8],DL
004058B4 |> 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004058B7 |. 25 FF000000 |AND EAX,0FF
004058BC |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
004058BF |. 33D2 |XOR EDX,EDX
004058C1 |. 8A5401 10 |MOV DL,BYTE PTR DS:[ECX+EAX+10]
004058C5 |. 81FA FF000000 |CMP EDX,0FF
004058CB |. 0F84 97030000 |JE Ekd5.00405C68 //退出
004058D1 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
004058D4 |. 25 FF000000 |AND EAX,0FF
004058D9 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
004058DC |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
004058DF |. 8A4402 10 |MOV AL,BYTE PTR DS:[EDX+EAX+10]
004058E3 |. 8841 01 |MOV BYTE PTR DS:[ECX+1],AL
004058E6 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
004058E9 |. 81E1 FF000000 |AND ECX,0FF
004058EF |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
004058F2 |. 83BC8A 84000000 00 |CMP DWORD PTR DS:[EDX+ECX*4+84],0
004058FA |. 75 19 |JNZ SHORT Ekd5.00405915
004058FC |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
004058FF |. 25 FF000000 |AND EAX,0FF
00405904 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
00405907 |. 83BC81 54020000 00 |CMP DWORD PTR DS:[ECX+EAX*4+254],0
0040590F |. 0F84 55010000 |JE Ekd5.00405A6A
00405915 |> 6A 23 |PUSH 23 ; /Arg1 = 00000023 23-混乱攻击
00405917 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C] ; |
0040591A |. 8B4A 08 |MOV ECX,DWORD PTR DS:[EDX+8] ; |
0040591D |. E8 E7200000 |CALL Ekd5.00407A09 ; \Ekd5.00407A09 判断攻击武将是否装备混乱攻击的道具
00405922 |. 85C0 |TEST EAX,EAX
00405924 |. 74 18 |JE SHORT Ekd5.0040593E
00405926 |. 6A 08 |PUSH 8 ; /Arg1 = 00000008 异常代码8,表示混乱
00405928 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C] ; |
0040592B |. 33C9 |XOR ECX,ECX ; |
0040592D |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1] ; |
00405930 |. 6BC9 24 |IMUL ECX,ECX,24 ; |
00405933 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50 ; |
00405939 |. E8 820D0000 |CALL Ekd5.004066C0 ; \Ekd5.004066C0 将被攻击武将设置为混乱状态
0040593E |> 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00405941 |. 8B4A 08 |MOV ECX,DWORD PTR DS:[EDX+8]
00405944 |. E8 C70C0000 |CALL Ekd5.00406610 获取攻击武将的兵种
00405949 |. 25 FF000000 |AND EAX,0FF
0040594E |. 83F8 32 |CMP EAX,32 判断是否为第51号兵种,原土偶
00405951 |. 75 26 |JNZ SHORT Ekd5.00405979
00405953 |. 6A 3C |PUSH 3C ; /Arg1 = 0000003C
00405955 |. E8 D8A10700 |CALL Ekd5.0047FB32 ; \Ekd5.0047FB32 判断60%的概率事件是否发生
0040595A |. 83C4 04 |ADD ESP,4
0040595D |. 85C0 |TEST EAX,EAX
0040595F |. 74 18 |JE SHORT Ekd5.00405979
00405961 |. 6A 08 |PUSH 8 ; /Arg1 = 00000008 异常代码8,表示混乱
00405963 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C] ; |
00405966 |. 33C9 |XOR ECX,ECX ; |
00405968 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1] ; |
0040596B |. 6BC9 24 |IMUL ECX,ECX,24 ; |
0040596E |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50 ; |
00405974 |. E8 470D0000 |CALL Ekd5.004066C0 ; \Ekd5.004066C0 将被攻击武将设置为混乱状态
00405979 |> 6A 24 |PUSH 24 ; /Arg1 = 00000024 24-中毒攻击
0040597B |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C] ; |
0040597E |. 8B4A 08 |MOV ECX,DWORD PTR DS:[EDX+8] ; |
00405981 |. E8 83200000 |CALL Ekd5.00407A09 ; \Ekd5.00407A09 检测攻击武将是否装备中毒攻击道具
00405986 |. 85C0 |TEST EAX,EAX
00405988 |. 74 18 |JE SHORT Ekd5.004059A2
0040598A |. 6A 10 |PUSH 10 ; /Arg1 = 00000010 10中毒状态
0040598C |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C] ; |
0040598F |. 33C9 |XOR ECX,ECX ; |
00405991 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1] ; |
00405994 |. 6BC9 24 |IMUL ECX,ECX,24 ; |
00405997 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50 ; |
0040599D |. E8 1E0D0000 |CALL Ekd5.004066C0 ; \Ekd5.004066C0 将被攻击武将设置为中毒状态
004059A2 |> 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
004059A5 |. 8B4A 08 |MOV ECX,DWORD PTR DS:[EDX+8]
004059A8 |. E8 630C0000 |CALL Ekd5.00406610 获取攻击武将的兵种
004059AD |. 25 FF000000 |AND EAX,0FF
004059B2 |. 83F8 31 |CMP EAX,31 判断是否是第50号兵种,原木人
004059B5 |. 75 26 |JNZ SHORT Ekd5.004059DD
004059B7 |. 6A 3C |PUSH 3C ; /Arg1 = 0000003C
004059B9 |. E8 74A10700 |CALL Ekd5.0047FB32 ; \Ekd5.0047FB32 60%的几率是否发生
004059BE |. 83C4 04 |ADD ESP,4
004059C1 |. 85C0 |TEST EAX,EAX
004059C3 |. 74 18 |JE SHORT Ekd5.004059DD
004059C5 |. 6A 10 |PUSH 10 ; /Arg1 = 00000010 10中毒状态
004059C7 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C] ; |
004059CA |. 33C9 |XOR ECX,ECX ; |
004059CC |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1] ; |
004059CF |. 6BC9 24 |IMUL ECX,ECX,24 ; |
004059D2 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50 ; |
004059D8 |. E8 E30C0000 |CALL Ekd5.004066C0 ; \Ekd5.004066C0 将被攻击武将设置为中毒状态
004059DD |> 6A 25 |PUSH 25 ; /Arg1 = 00000025 25-麻痹攻击
004059DF |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C] ; |
004059E2 |. 8B4A 08 |MOV ECX,DWORD PTR DS:[EDX+8] ; |
004059E5 |. E8 1F200000 |CALL Ekd5.00407A09 ; \Ekd5.00407A09 判断攻击武将是否装备麻痹攻击道具
004059EA |. 85C0 |TEST EAX,EAX
004059EC |. 74 18 |JE SHORT Ekd5.00405A06
004059EE |. 6A 02 |PUSH 2 ; /Arg1 = 00000002 2麻痹状态
004059F0 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C] ; |
004059F3 |. 33C9 |XOR ECX,ECX ; |
004059F5 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1] ; |
004059F8 |. 6BC9 24 |IMUL ECX,ECX,24 ; |
004059FB |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50 ; |
00405A01 |. E8 BA0C0000 |CALL Ekd5.004066C0 ; \Ekd5.004066C0 将被攻击武将设置为麻痹状态
00405A06 |> 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00405A09 |. 8B4A 08 |MOV ECX,DWORD PTR DS:[EDX+8]
00405A0C |. E8 FF0B0000 |CALL Ekd5.00406610 获取武将ecx的兵种
00405A11 |. 25 FF000000 |AND EAX,0FF
00405A16 |. 83F8 2A |CMP EAX,2A 判断是否等于第43兵种,驯熊师
00405A19 |. 75 26 |JNZ SHORT Ekd5.00405A41
00405A1B |. 6A 3C |PUSH 3C ; /Arg1 = 0000003C
00405A1D |. E8 10A10700 |CALL Ekd5.0047FB32 ; \Ekd5.0047FB32 判断60%的概率事件是否发生
00405A22 |. 83C4 04 |ADD ESP,4
00405A25 |. 85C0 |TEST EAX,EAX
00405A27 |. 74 18 |JE SHORT Ekd5.00405A41
00405A29 |. 6A 02 |PUSH 2 ; /Arg1 = 00000002 2麻痹状态
00405A2B |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C] ; |
00405A2E |. 33C9 |XOR ECX,ECX ; |
00405A30 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1] ; |
00405A33 |. 6BC9 24 |IMUL ECX,ECX,24 ; |
00405A36 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50 ; |
00405A3C |. E8 7F0C0000 |CALL Ekd5.004066C0 ; \Ekd5.004066C0 将被攻击武将设置为麻痹状态
00405A41 |> 6A 26 |PUSH 26 ; /Arg1 = 00000026 26禁咒攻击
00405A43 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C] ; |
00405A46 |. 8B4A 08 |MOV ECX,DWORD PTR DS:[EDX+8] ; |
00405A49 |. E8 BB1F0000 |CALL Ekd5.00407A09 ; \Ekd5.00407A09 判断攻击武将是否装备禁咒攻击道具
00405A4E |. 85C0 |TEST EAX,EAX
00405A50 |. 74 18 |JE SHORT Ekd5.00405A6A
00405A52 |. 6A 04 |PUSH 4 ; /Arg1 = 00000004 4禁咒状态
00405A54 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C] ; |
00405A57 |. 33C9 |XOR ECX,ECX ; |
00405A59 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1] ; |
00405A5C |. 6BC9 24 |IMUL ECX,ECX,24 ; |
00405A5F |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50 ; |
00405A65 |. E8 560C0000 |CALL Ekd5.004066C0 ; \Ekd5.004066C0 将被攻击武将设置为禁咒状态
00405A6A |> 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00405A6D |. 52 |PUSH EDX ; /Arg8
00405A6E |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8] ; |
00405A71 |. 25 FF000000 |AND EAX,0FF ; |
00405A76 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C] ; |
00405A79 |. 8B9481 30040000 |MOV EDX,DWORD PTR DS:[ECX+EAX*4+430] ; |
00405A80 |. 52 |PUSH EDX ; |Arg7
00405A81 |. 6A 00 |PUSH 0 ; |Arg6 = 00000000
00405A83 |. 6A 00 |PUSH 0 ; |Arg5 = 00000000
00405A85 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8] ; |
00405A88 |. 25 FF000000 |AND EAX,0FF ; |
00405A8D |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C] ; |
00405A90 |. 8B9481 54020000 |MOV EDX,DWORD PTR DS:[ECX+EAX*4+254] ; |
00405A97 |. 52 |PUSH EDX ; |Arg4
00405A98 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8] ; |
00405A9B |. 25 FF000000 |AND EAX,0FF ; |
00405AA0 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C] ; |
00405AA3 |. 8B9481 84000000 |MOV EDX,DWORD PTR DS:[ECX+EAX*4+84] ; |
00405AAA |. 52 |PUSH EDX ; |Arg3
00405AAB |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C] ; |
00405AAE |. 8A08 |MOV CL,BYTE PTR DS:[EAX] ; |
00405AB0 |. 51 |PUSH ECX ; |Arg2
00405AB1 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C] ; |
00405AB4 |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1] ; |
00405AB7 |. 50 |PUSH EAX ; |Arg1
00405AB8 |. E8 C7AE0400 |CALL Ekd5.00450984 ; \Ekd5.00450984
00405ABD |. 83C4 20 |ADD ESP,20
00405AC0 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
00405AC3 |. 33D2 |XOR EDX,EDX
00405AC5 |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1]
00405AC8 |. 8BCA |MOV ECX,EDX
00405ACA |. 6BC9 24 |IMUL ECX,ECX,24
00405ACD |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405AD3 |. E8 B8D10600 |CALL Ekd5.00472C90 返回被攻击武将的当前体力
00405AD8 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
00405ADB |. 81E1 FF000000 |AND ECX,0FF
00405AE1 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00405AE4 |. 2B848A 84000000 |SUB EAX,DWORD PTR DS:[EDX+ECX*4+84]
00405AEB |. 50 |PUSH EAX ; /Arg1
00405AEC |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C] ; |
00405AEF |. 33C9 |XOR ECX,ECX ; |
00405AF1 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1] ; |
00405AF4 |. 6BC9 24 |IMUL ECX,ECX,24 ; |
00405AF7 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50 ; |
00405AFD |. E8 CB9B0300 |CALL Ekd5.0043F6CD ; \Ekd5.0043F6CD
00405B02 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00405B05 |. 33C0 |XOR EAX,EAX
00405B07 |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1]
00405B0A |. 8BC8 |MOV ECX,EAX
00405B0C |. 6BC9 24 |IMUL ECX,ECX,24
00405B0F |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405B15 |. E8 26CD0600 |CALL Ekd5.00472840 返回被攻击武将的当前MP值
00405B1A |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
00405B1D |. 81E1 FF000000 |AND ECX,0FF
00405B23 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00405B26 |. 2B848A 54020000 |SUB EAX,DWORD PTR DS:[EDX+ECX*4+254]
00405B2D |. 50 |PUSH EAX ; /Arg1
00405B2E |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C] ; |
00405B31 |. 33C9 |XOR ECX,ECX ; |
00405B33 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1] ; |
00405B36 |. 6BC9 24 |IMUL ECX,ECX,24 ; |
00405B39 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50 ; |
00405B3F |. E8 CA9B0300 |CALL Ekd5.0043F70E ; \Ekd5.0043F70E
00405B44 |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
00405B47 |. 81E2 FF000000 |AND EDX,0FF
00405B4D |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
00405B50 |. 8B8C90 30040000 |MOV ECX,DWORD PTR DS:[EAX+EDX*4+430]
00405B57 |. 51 |PUSH ECX
00405B58 |. 6A 01 |PUSH 1
00405B5A |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00405B5D |. 33C0 |XOR EAX,EAX
00405B5F |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1]
00405B62 |. 8BC8 |MOV ECX,EAX
00405B64 |. 6BC9 24 |IMUL ECX,ECX,24
00405B67 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405B6D |. E8 FE9A0500 |CALL Ekd5.0045F670
00405B72 |. 8BC8 |MOV ECX,EAX ; |
00405B74 |. 6BC9 48 |IMUL ECX,ECX,48 ; |
00405B77 |. 81C1 681B4A00 |ADD ECX,Ekd5.004A1B68 ; |
00405B7D |. E8 54270000 |CALL Ekd5.004082D6 ; \Ekd5.004082D6
00405B82 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
00405B85 |. 81E1 FF000000 |AND ECX,0FF
00405B8B |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00405B8E |. 83BC8A 84000000 00 |CMP DWORD PTR DS:[EDX+ECX*4+84],0
00405B96 |. 0F8E AD000000 |JLE Ekd5.00405C49
00405B9C |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
00405B9F |. 33C9 |XOR ECX,ECX
00405BA1 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1]
00405BA4 |. 6BC9 24 |IMUL ECX,ECX,24
00405BA7 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405BAD |. E8 DED00600 |CALL Ekd5.00472C90 返回武将ecx的当前体力
00405BB2 |. 85C0 |TEST EAX,EAX
00405BB4 |. 0F86 8F000000 |JBE Ekd5.00405C49
00405BBA |. 6A 3E |PUSH 3E 3E-自动使用豆
00405BBC |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00405BBF |. 33C0 |XOR EAX,EAX
00405BC1 |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1]
00405BC4 |. 8BC8 |MOV ECX,EAX
00405BC6 |. 6BC9 24 |IMUL ECX,ECX,24
00405BC9 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405BCF |. E8 9C9A0500 |CALL Ekd5.0045F670 获取被攻击武将的data编号
00405BD4 |. 8BC8 |MOV ECX,EAX ; |
00405BD6 |. 6BC9 48 |IMUL ECX,ECX,48 ; |
00405BD9 |. 81C1 681B4A00 |ADD ECX,Ekd5.004A1B68 ; |
00405BDF |. E8 251E0000 |CALL Ekd5.00407A09 ; \Ekd5.00407A09 判断被攻击武将是否装备豆袋
00405BE4 |. 85C0 |TEST EAX,EAX
00405BE6 |. 74 61 |JE SHORT Ekd5.00405C49
00405BE8 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
00405BEB |. 33D2 |XOR EDX,EDX
00405BED |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1]
00405BF0 |. 8BCA |MOV ECX,EDX
00405BF2 |. 6BC9 24 |IMUL ECX,ECX,24
00405BF5 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405BFB |. E8 54A30300 |CALL Ekd5.0043FF54 获取被攻击武将属于哪一方
00405C00 |. 85C0 |TEST EAX,EAX
00405C02 |. 74 2E |JE SHORT Ekd5.00405C32 非我方跳转,不判断仓库豆的数量
00405C04 |. 6A 57 |PUSH 57 ; /Arg1 = 00000057 这个就是恢复用豆的序号
00405C06 |. B9 70074B00 |MOV ECX,Ekd5.004B0770 ; |
00405C0B |. E8 2E7F0000 |CALL Ekd5.0040DB3E ; \Ekd5.0040DB3E 判断我方仓库是否有豆
00405C10 |. 25 FF000000 |AND EAX,0FF
00405C15 |. 85C0 |TEST EAX,EAX
00405C17 |. 7E 17 |JLE SHORT Ekd5.00405C30 小于等于0,没有豆,跳转
00405C19 |. 6A 00 |PUSH 0 ; /Arg4 = 00000000
00405C1B |. 6A 00 |PUSH 0 ; |Arg3 = 00000000
00405C1D |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C] ; |
00405C20 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1] ; |
00405C23 |. 51 |PUSH ECX ; |Arg2
00405C24 |. 6A 57 |PUSH 57 ; |Arg1 = 00000057 这个就是恢复用豆的序号
00405C26 |. B9 50774900 |MOV ECX,Ekd5.00497750 ; |
00405C2B |. E8 13800100 |CALL Ekd5.0041DC43 ; \Ekd5.0041DC43 使用豆
00405C30 |> EB 17 |JMP SHORT Ekd5.00405C49
00405C32 |> 6A 01 |PUSH 1 ; /Arg4 = 00000001
00405C34 |. 6A 00 |PUSH 0 ; |Arg3 = 00000000
00405C36 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C] ; |
00405C39 |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1] ; |
00405C3C |. 50 |PUSH EAX ; |Arg2
00405C3D |. 6A 57 |PUSH 57 ; |Arg1 = 00000057 这个就是恢复用豆的序号
00405C3F |. B9 50774900 |MOV ECX,Ekd5.00497750 ; |
00405C44 |. E8 FA7F0100 |CALL Ekd5.0041DC43 ; \Ekd5.0041DC43 使用豆
00405C49 |> 6A 20 |PUSH 20 ; /Arg1 = 00000020
00405C4B |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C] ; |
00405C4E |. 33D2 |XOR EDX,EDX ; |
00405C50 |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1] ; |
00405C53 |. 8BCA |MOV ECX,EDX ; |
00405C55 |. 6BC9 24 |IMUL ECX,ECX,24 ; |
00405C58 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50 ; |
00405C5E |. E8 2D0A0000 |CALL Ekd5.00406690 ; \Ekd5.00406690 恢复被攻击武将的行动
00405C63 |.^ E9 43FCFFFF \JMP Ekd5.004058AB
00405C68 |> 8BE5 MOV ESP,EBP
00405C6A |. 5D POP EBP
00405C6B \. C3 RETN
//这个函数看起来相对简单,但是涉及到很多种特殊效果,为修改者必读的函数
作者:
岱瀛 时间: 2007-12-30 21:08 标题: 兵种特殊每回合能力
0043C7DF |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0043C7E2 |. E8 A9C4FDFF CALL WaGan.00418C90
0043C7E7 |. 25 FF000000 AND EAX,0FF
0043C7EC |. 83F8 02 CMP EAX,2
0043C7EF |. 74 05 JE SHORT WaGan.0043C7F6
0043C7F1 |. E9 7B010000 JMP WaGan.0043C971
0043C7F6 |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0043C7F9 |. E8 3218FEFF CALL WaGan.0041E030
0043C7FE |. 25 FF000000 AND EAX,0FF
0043C803 |. 85C0 TEST EAX,EAX
0043C805 |. 90 NOP
0043C806 |. 90 NOP
0043C807 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0043C80A |. E8 F9080000 CALL WaGan.0043D108 判断兵种是否合适 内带转圈
0043C80F |. 85C0 TEST EAX,EAX
0043C811 |. 74 1E JE SHORT WaGan.0043C831
0043C813 |. 6A 01 PUSH 1 ; /Arg4 = 00000001
0043C815 |. 68 9E000000 PUSH 9E ; |Arg3 = 0000009E
0043C81A |. 6A 04 PUSH 4 ; |Arg2 = 00000004 使用的魔法种类
0043C81C |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; |
0043C81F |. 8B08 MOV ECX,DWORD PTR DS:[EAX] ; |
0043C821 |. 51 PUSH ECX ; |Arg1
0043C822 |. B9 F05D4B00 MOV ECX,WaGan.004B5DF0 ; |
0043C827 |. E8 30E20100 CALL WaGan.0045AA5C ; \WaGan.0045AA5C
0043C82C |. E9 40010000 JMP WaGan.0043C971
0043C831 |> 6A 01 PUSH 1 ; /Arg1 = 00000001
0043C833 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
43D108函数:
0043D225 |. 83F8 10 |CMP EAX,10 判断兵种
0043D228 |. 0F85 D2020000 |JNZ WaGan.0043D500
0043D22E |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
0043D231 |. E8 DA94FCFF |CALL WaGan.00406710
0043D236 |. 8BF0 |MOV ESI,EAX
0043D238 |. 8B8D B0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-150]
0043D23E |. E8 CD94FCFF |CALL WaGan.00406710
0043D243 |. 3BF0 |CMP ESI,EAX
0043D245 |. 0F85 B5020000 |JNZ WaGan.0043D500
0043D24B |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
0043D24E |. E8 3DBAFDFF |CALL WaGan.00418C90
0043D253 |. 25 FF000000 |AND EAX,0FF
0043D258 |. 83F8 02 |CMP EAX,2
0043D25B |. 0F85 9F020000 |JNZ WaGan.0043D500
0043D261 |. 68 D0BB4800 |PUSH WaGan.0048BBD0 ; /Arg1 = 0048BBD0 ASCII "SSWA"
0043D266 |. 8D8D ECFEFFFF |LEA ECX,DWORD PTR SS:[EBP-114] ; |
0043D26C |. E8 C428FEFF |CALL WaGan.0041FB35 ; \WaGan.0041FB35
0043D271 |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0043D273 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0043D275 |. 68 00690000 |PUSH 6900 ; |Arg1 = 00006900
0043D27A |. B9 C8E44A00 |MOV ECX,WaGan.004AE4C8 ; |
0043D27F |. E8 BC270400 |CALL WaGan.0047FA40 ; \WaGan.0047FA40
0043D284 |. 50 |PUSH EAX
0043D285 |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
0043D288 |. E8 23F0FDFF |CALL WaGan.0041C2B0
0043D28D |. 25 FF000000 |AND EAX,0FF ; |
0043D292 |. 50 |PUSH EAX ; |/Arg1
0043D293 |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10] ; ||
0043D296 |. E8 AD290000 |CALL WaGan.0043FC48 ; |\WaGan.0043FC48
0043D29B |. 25 FF000000 |AND EAX,0FF ; |
0043D2A0 |. 50 |PUSH EAX ; |Arg1
0043D2A1 |. 8D8D ECFEFFFF |LEA ECX,DWORD PTR SS:[EBP-114] ; |
0043D2A7 |. E8 DD29FEFF |CALL WaGan.0041FC89 ; \WaGan.0041FC89
0043D2AC |. 8D8D ECFEFFFF |LEA ECX,DWORD PTR SS:[EBP-114]
0043D2B2 |. E8 0EC0FDFF |CALL WaGan.004192C5
0043D2B7 |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0043D2B9 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0043D2BB |. 6A 00 |PUSH 0 ; |Arg1 = 00000000
0043D2BD |. B9 C8E44A00 |MOV ECX,WaGan.004AE4C8 ; |
0043D2C2 |. E8 79270400 |CALL WaGan.0047FA40 ; \WaGan.0047FA40
0043D2C7 |. 8985 D0FEFFFF |MOV DWORD PTR SS:[EBP-130],EAX
0043D2CD |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0043D2CF |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0043D2D1 |. 68 00690000 |PUSH 6900 ; |Arg1 = 00006900
0043D2D6 |. B9 C8E44A00 |MOV ECX,WaGan.004AE4C8 ; |
0043D2DB |. E8 60270400 |CALL WaGan.0047FA40 ; \WaGan.0047FA40
0043D2E0 |. 8985 E4FEFFFF |MOV DWORD PTR SS:[EBP-11C],EAX
0043D2E6 |. 68 00090000 |PUSH 900 ; /Arg3 = 00000900
0043D2EB |. 8B95 D0FEFFFF |MOV EDX,DWORD PTR SS:[EBP-130] ; |
0043D2F1 |. 52 |PUSH EDX ; |Arg2
0043D2F2 |. 8B85 E4FEFFFF |MOV EAX,DWORD PTR SS:[EBP-11C] ; |
0043D2F8 |. 50 |PUSH EAX ; |Arg1
0043D2F9 |. E8 FF290400 |CALL WaGan.0047FCFD ; \WaGan.0047FCFD
0043D2FE |. 83C4 0C |ADD ESP,0C
0043D301 |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0043D303 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0043D305 |. 68 00100000 |PUSH 1000 ; |Arg1 = 00001000
0043D30A |. B9 C8E44A00 |MOV ECX,WaGan.004AE4C8 ; |
0043D30F |. E8 2C270400 |CALL WaGan.0047FA40 ; \WaGan.0047FA40
0043D314 |. 8985 D0FEFFFF |MOV DWORD PTR SS:[EBP-130],EAX
0043D31A |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0043D31C |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0043D31E |. 68 007B0000 |PUSH 7B00 ; |Arg1 = 00007B00
0043D323 |. B9 C8E44A00 |MOV ECX,WaGan.004AE4C8 ; |
0043D328 |. E8 13270400 |CALL WaGan.0047FA40 ; \WaGan.0047FA40
0043D32D |. 8985 E4FEFFFF |MOV DWORD PTR SS:[EBP-11C],EAX
0043D333 |. 68 00090000 |PUSH 900 ; /Arg3 = 00000900
0043D338 |. 8B8D D0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-130] ; |
0043D33E |. 51 |PUSH ECX ; |Arg2
0043D33F |. 8B95 E4FEFFFF |MOV EDX,DWORD PTR SS:[EBP-11C] ; |
0043D345 |. 52 |PUSH EDX ; |Arg1
0043D346 |. E8 B2290400 |CALL WaGan.0047FCFD ; \WaGan.0047FCFD
0043D34B |. 83C4 0C |ADD ESP,0C
0043D34E |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0043D350 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0043D352 |. 68 00200000 |PUSH 2000 ; |Arg1 = 00002000
0043D357 |. B9 C8E44A00 |MOV ECX,WaGan.004AE4C8 ; |
0043D35C |. E8 DF260400 |CALL WaGan.0047FA40 ; \WaGan.0047FA40
0043D361 |. 8985 D0FEFFFF |MOV DWORD PTR SS:[EBP-130],EAX
0043D367 |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0043D369 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0043D36B |. 68 00720000 |PUSH 7200 ; |Arg1 = 00007200
0043D370 |. B9 C8E44A00 |MOV ECX,WaGan.004AE4C8 ; |
0043D375 |. E8 C6260400 |CALL WaGan.0047FA40 ; \WaGan.0047FA40
0043D37A |. 8985 E4FEFFFF |MOV DWORD PTR SS:[EBP-11C],EAX
0043D380 |. 68 00090000 |PUSH 900 ; /Arg3 = 00000900
0043D385 |. 8B85 D0FEFFFF |MOV EAX,DWORD PTR SS:[EBP-130] ; |
0043D38B |. 50 |PUSH EAX ; |Arg2
0043D38C |. 8B8D E4FEFFFF |MOV ECX,DWORD PTR SS:[EBP-11C] ; |
0043D392 |. 51 |PUSH ECX ; |Arg1
0043D393 |. E8 65290400 |CALL WaGan.0047FCFD ; \WaGan.0047FCFD
0043D398 |. 83C4 0C |ADD ESP,0C
0043D39B |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0043D39D |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0043D39F |. 68 00300000 |PUSH 3000 ; |Arg1 = 00003000
0043D3A4 |. B9 C8E44A00 |MOV ECX,WaGan.004AE4C8 ; |
0043D3A9 |. E8 92260400 |CALL WaGan.0047FA40 ; \WaGan.0047FA40
0043D3AE |. 8985 D0FEFFFF |MOV DWORD PTR SS:[EBP-130],EAX
0043D3B4 |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0043D3B6 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0043D3B8 |. 68 007B0000 |PUSH 7B00 ; |Arg1 = 00007B00
0043D3BD |. B9 C8E44A00 |MOV ECX,WaGan.004AE4C8 ; |
0043D3C2 |. E8 79260400 |CALL WaGan.0047FA40 ; \WaGan.0047FA40
0043D3C7 |. 8985 E4FEFFFF |MOV DWORD PTR SS:[EBP-11C],EAX
0043D3CD |. 8B95 D0FEFFFF |MOV EDX,DWORD PTR SS:[EBP-130]
0043D3D3 |. 52 |PUSH EDX ; /Arg4
0043D3D4 |. 8B85 E4FEFFFF |MOV EAX,DWORD PTR SS:[EBP-11C] ; |
0043D3DA |. 50 |PUSH EAX ; |Arg3
0043D3DB |. 6A 30 |PUSH 30 ; |Arg2 = 00000030
0043D3DD |. 6A 30 |PUSH 30 ; |Arg1 = 00000030
0043D3DF |. E8 6F1AFEFF |CALL WaGan.0041EE53 ; \WaGan.0041EE53
0043D3E4 |. 83C4 10 |ADD ESP,10
0043D3E7 |. 8A8D E9FEFFFF |MOV CL,BYTE PTR SS:[EBP-117]
0043D3ED |. 51 |PUSH ECX ; /Arg2
0043D3EE |. 8A95 E8FEFFFF |MOV DL,BYTE PTR SS:[EBP-118] ; |
0043D3F4 |. 52 |PUSH EDX ; |Arg1
0043D3F5 |. B9 50424B00 |MOV ECX,WaGan.004B4250 ; |
0043D3FA |. E8 407C0100 |CALL WaGan.0045503F ; \WaGan.0045503F
0043D3FF |. 66:8B85 E8FEFFFF |MOV AX,WORD PTR SS:[EBP-118]
0043D406 |. 50 |PUSH EAX ; /Arg1
0043D407 |. E8 72260100 |CALL WaGan.0044FA7E ; \WaGan.0044FA7E
0043D40C |. 83C4 04 |ADD ESP,4
0043D40F |. 8985 B8FEFFFF |MOV DWORD PTR SS:[EBP-148],EAX
0043D415 |. 8995 BCFEFFFF |MOV DWORD PTR SS:[EBP-144],EDX
0043D41B |. 8B8D B8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-148]
0043D421 |. 898D C0FEFFFF |MOV DWORD PTR SS:[EBP-140],ECX
0043D427 |. 8B95 BCFEFFFF |MOV EDX,DWORD PTR SS:[EBP-144]
0043D42D |. 8995 C4FEFFFF |MOV DWORD PTR SS:[EBP-13C],EDX
0043D433 |. 66:8B85 E8FEFFFF |MOV AX,WORD PTR SS:[EBP-118]
0043D43A |. 50 |PUSH EAX ; /Arg2
0043D43B |. 8D8D C8FEFFFF |LEA ECX,DWORD PTR SS:[EBP-138] ; |
0043D441 |. 51 |PUSH ECX ; |Arg1
0043D442 |. E8 D8250100 |CALL WaGan.0044FA1F ; \WaGan.0044FA1F
0043D447 |. 83C4 08 |ADD ESP,8
0043D44A |. C785 D4FEFFFF 0000>|MOV DWORD PTR SS:[EBP-12C],0 转圈的代码
0043D454 |. EB 0F |JMP SHORT WaGan.0043D465
0043D456 |> 8B95 D4FEFFFF |/MOV EDX,DWORD PTR SS:[EBP-12C]
0043D45C |. 83C2 01 ||ADD EDX,1
0043D45F |. 8995 D4FEFFFF ||MOV DWORD PTR SS:[EBP-12C],EDX
0043D465 |> 83BD D4FEFFFF 04 | CMP DWORD PTR SS:[EBP-12C],4
0043D46C |. 0F87 84000000 ||JA WaGan.0043D4F6
0043D472 |. E8 6411FEFF ||CALL WaGan.0041E5DB
0043D477 |. 8B85 C9FEFFFF ||MOV EAX,DWORD PTR SS:[EBP-137]
0043D47D |. 25 FF000000 ||AND EAX,0FF
0043D482 |. 50 ||PUSH EAX ; /Arg2
0043D483 |. 8B8D C8FEFFFF ||MOV ECX,DWORD PTR SS:[EBP-138] ; |
0043D489 |. 81E1 FF000000 ||AND ECX,0FF ; |
0043D48F |. 51 ||PUSH ECX ; |Arg1
0043D490 |. E8 6462FCFF ||CALL WaGan.004036F9 ; \WaGan.004036F9
0043D495 |. 83C4 08 ||ADD ESP,8
0043D498 |. 6A 04 ||PUSH 4 ; /Arg3 = 00000004
0043D49A |. 6A 00 ||PUSH 0 ; |Arg2 = 00000000
0043D49C |. 8B85 D4FEFFFF ||MOV EAX,DWORD PTR SS:[EBP-12C] ; |
0043D4A2 |. 33D2 ||XOR EDX,EDX ; |
0043D4A4 |. B9 04000000 ||MOV ECX,4 ; |
0043D4A9 |. F7F1 ||DIV ECX ; |
0043D4AB |. C1E2 0C ||SHL EDX,0C ; |
0043D4AE |. 52 ||PUSH EDX ; |Arg1
0043D4AF |. B9 C8E44A00 ||MOV ECX,WaGan.004AE4C8 ; |
0043D4B4 |. E8 87250400 ||CALL WaGan.0047FA40 ; \WaGan.0047FA40
0043D4B9 |. 50 ||PUSH EAX ; /Arg6
0043D4BA |. 8A95 DCFEFFFF ||MOV DL,BYTE PTR SS:[EBP-124] ; |
0043D4C0 |. 52 ||PUSH EDX ; |Arg5
0043D4C1 |. 6A 30 ||PUSH 30 ; |Arg4 = 00000030
0043D4C3 |. 6A 30 ||PUSH 30 ; |Arg3 = 00000030
0043D4C5 |. 8B85 C4FEFFFF ||MOV EAX,DWORD PTR SS:[EBP-13C] ; |
0043D4CB |. 50 ||PUSH EAX ; |Arg2
0043D4CC |. 8B8D C0FEFFFF ||MOV ECX,DWORD PTR SS:[EBP-140] ; |
0043D4D2 |. 51 ||PUSH ECX ; |Arg1
0043D4D3 |. E8 A43E0100 ||CALL WaGan.0045137C ; \WaGan.0045137C
0043D4D8 |. 83C4 18 ||ADD ESP,18
0043D4DB |. E8 1611FEFF ||CALL WaGan.0041E5F6
0043D4E0 |. 6A 02 ||PUSH 2 ; /Arg1 = 00000002
0043D4E2 |. B9 181B4B00 ||MOV ECX,WaGan.004B1B18 ; |
0043D4E7 |. E8 545EFCFF ||CALL WaGan.00403340 ; \WaGan.00403340
0043D4EC |. E8 EFEFFEFF ||CALL WaGan.0042C4E0
0043D4F1 |.^ E9 60FFFFFF |\JMP WaGan.0043D456
0043D4F6 |> C785 E0FEFFFF 0100>|MOV DWORD PTR SS:[EBP-120],1
0043D500 |>^ E9 7AFCFFFF \JMP WaGan.0043D17F
0043D505 |> 8B95 E0FEFFFF MOV EDX,DWORD PTR SS:[EBP-120]
0043D50B |. 8995 B4FEFFFF MOV DWORD PTR SS:[EBP-14C],EDX
0043D511 |. C745 FC FFFFFFFF MOV DWORD PTR SS:[EBP-4],-1
作者:
岱瀛 时间: 2007-12-30 21:09 标题: 兵种转圈的全部代码
0043D44A |. C785 D4FEFFFF 0000>|MOV DWORD PTR SS:[EBP-12C],0
0043D454 |. EB 0F |JMP SHORT WaGan.0043D465
0043D456 |> 8B95 D4FEFFFF |/MOV EDX,DWORD PTR SS:[EBP-12C]
0043D45C |. 83C2 01 ||ADD EDX,1
0043D45F |. 8995 D4FEFFFF ||MOV DWORD PTR SS:[EBP-12C],EDX
0043D465 |> 83BD D4FEFFFF 04 | CMP DWORD PTR SS:[EBP-12C],4
0043D46C |. 0F87 84000000 ||JA WaGan.0043D4F6
0043D472 |. E8 6411FEFF ||CALL WaGan.0041E5DB
0043D477 |. 8B85 C9FEFFFF ||MOV EAX,DWORD PTR SS:[EBP-137]
0043D47D |. 25 FF000000 ||AND EAX,0FF
0043D482 |. 50 ||PUSH EAX ; /Arg2
0043D483 |. 8B8D C8FEFFFF ||MOV ECX,DWORD PTR SS:[EBP-138] ; |
0043D489 |. 81E1 FF000000 ||AND ECX,0FF ; |
0043D48F |. 51 ||PUSH ECX ; |Arg1
0043D490 |. E8 6462FCFF ||CALL WaGan.004036F9 ; \WaGan.004036F9
0043D495 |. 83C4 08 ||ADD ESP,8
0043D498 |. 6A 04 ||PUSH 4 ; /Arg3 = 00000004
0043D49A |. 6A 00 ||PUSH 0 ; |Arg2 = 00000000
0043D49C |. 8B85 D4FEFFFF ||MOV EAX,DWORD PTR SS:[EBP-12C] ; |
0043D4A2 |. 33D2 ||XOR EDX,EDX ; |
0043D4A4 |. B9 04000000 ||MOV ECX,4 ; |
0043D4A9 |. F7F1 ||DIV ECX ; |
0043D4AB |. C1E2 0C ||SHL EDX,0C ; |
0043D4AE |. 52 ||PUSH EDX ; |Arg1
0043D4AF |. B9 C8E44A00 ||MOV ECX,WaGan.004AE4C8 ; |
0043D4B4 |. E8 87250400 ||CALL WaGan.0047FA40 ; \WaGan.0047FA40
0043D4B9 |. 50 ||PUSH EAX ; /Arg6
0043D4BA |. 8A95 DCFEFFFF ||MOV DL,BYTE PTR SS:[EBP-124] ; |
0043D4C0 |. 52 ||PUSH EDX ; |Arg5
0043D4C1 |. 6A 30 ||PUSH 30 ; |Arg4 = 00000030
0043D4C3 |. 6A 30 ||PUSH 30 ; |Arg3 = 00000030
0043D4C5 |. 8B85 C4FEFFFF ||MOV EAX,DWORD PTR SS:[EBP-13C] ; |
0043D4CB |. 50 ||PUSH EAX ; |Arg2
0043D4CC |. 8B8D C0FEFFFF ||MOV ECX,DWORD PTR SS:[EBP-140] ; |
0043D4D2 |. 51 ||PUSH ECX ; |Arg1
0043D4D3 |. E8 A43E0100 ||CALL WaGan.0045137C ; \WaGan.0045137C
0043D4D8 |. 83C4 18 ||ADD ESP,18
0043D4DB |. E8 1611FEFF ||CALL WaGan.0041E5F6
0043D4E0 |. 6A 02 ||PUSH 2 ; /Arg1 = 00000002
0043D4E2 |. B9 181B4B00 ||MOV ECX,WaGan.004B1B18 ; |
0043D4E7 |. E8 545EFCFF ||CALL WaGan.00403340 ; \WaGan.00403340
0043D4EC |. E8 EFEFFEFF ||CALL WaGan.0042C4E0
0043D4F1 |.^ E9 60FFFFFF |\JMP WaGan.0043D456
作者:
岱瀛 时间: 2007-12-30 21:10 标题: 战场里的对话
0042D05B |. E8 F1110500 CALL WaGan.0047E251
0042D060 |. 83C4 14 ADD ESP,14
0042D063 |. 6A 00 PUSH 0 ; /Arg5 = 00000000
0042D065 |. 6A 60 PUSH 60 ; |Arg4 = 00000060
0042D067 |. 68 B0010000 PUSH 1B0 ; |Arg3 = 000001B0
0042D06C |. 8B8D ACFEFFFF MOV ECX,DWORD PTR SS:[EBP-154] ; |
0042D072 |. 51 PUSH ECX ; |Arg2
0042D073 |. 8B95 B0FEFFFF MOV EDX,DWORD PTR SS:[EBP-150] ; |
0042D079 |. 52 PUSH EDX ; |Arg1
0042D07A |. B9 30694B00 MOV ECX,WaGan.004B6930 ; |
0042D07F E8 37650400 CALL WaGan.004735BB 与底色有关的
0042D084 |. 6A 00 PUSH 0 ; /Arg3 = 00000000
0042D086 |. 6A 1F PUSH 1F ; |Arg2 = 0000001F
0042D088 |. 6A 04 PUSH 4 ; |Arg1 = 00000004
0042D08A |. E8 62010500 CALL WaGan.0047D1F1 ; \WaGan.0047D1F1
0042D08F |. 83C4 0C ADD ESP,0C
0042D092 |. 83BD A8FEFFFF>CMP DWORD PTR SS:[EBP-158],0
0042D099 |. 0F84 04010000 JE WaGan.0042D1A3
0042D09F |. 8B85 E4FEFFFF MOV EAX,DWORD PTR SS:[EBP-11C]
0042D0A5 |. 25 FF000000 AND EAX,0FF
0042D0AA |. 8985 90FDFFFF MOV DWORD PTR SS:[EBP-270],EAX
0042D0B0 |. 83BD 90FDFFFF>CMP DWORD PTR SS:[EBP-270],3
0042D0B7 |. 0F87 C5000000 JA WaGan.0042D182
0042D0BD |. 8B8D 90FDFFFF MOV ECX,DWORD PTR SS:[EBP-270]
0042D0CA |> \68 00010000 PUSH 100 ; /Arg3 = 00000100
0042D0CF |. 8D95 F8FEFFFF LEA EDX,DWORD PTR SS:[EBP-108] ; |
0042D0D5 |. 52 PUSH EDX ; |Arg2
0042D0D6 |. 6A 04 PUSH 4 ; |/Arg3 = 00000004
0042D0D8 |. 6A 00 PUSH 0 ; ||Arg2 = 00000000
0042D0DA |. 68 C0970100 PUSH 197C0 ; ||Arg1 = 000197C0
0042D0DF |. B9 50EB4A00 MOV ECX,WaGan.004AEB50 ; ||
0042D0E4 |. E8 57290500 CALL WaGan.0047FA40 ; |\WaGan.0047FA40
0042D0E9 |. 50 PUSH EAX ; |Arg1
0042D0EA |. E8 0E2C0500 CALL WaGan.0047FCFD ; \WaGan.0047FCFD
0042D0EF |. 83C4 0C ADD ESP,0C
0042D0F2 |. 6A 10 PUSH 10 ; /Arg3 = 00000010
0042D0F4 |. 6A 10 PUSH 10 ; |Arg2 = 00000010
0042D0F6 |. 8D85 F8FEFFFF LEA EAX,DWORD PTR SS:[EBP-108] ; |
0042D0FC |. 50 PUSH EAX ; |Arg1
0042D0FD |. E8 5A1CFFFF CALL WaGan.0041ED5C ; \WaGan.0041ED5C
0042D102 |. 83C4 0C ADD ESP,0C
0042D105 |. EB 7B JMP SHORT WaGan.0042D182
0042D182 |> \8D8D F8FEFFFF LEA ECX,DWORD PTR SS:[EBP-108]
0042D188 |. 51 PUSH ECX
0042D189 |. 6A 10 PUSH 10
0042D18B |. 6A 10 PUSH 10
0042D18D |. 8B95 A4FEFFFF MOV EDX,DWORD PTR SS:[EBP-15C] 纵坐标
0042D193 |. 52 PUSH EDX
0042D194 |. 8B85 BCFEFFFF MOV EAX,DWORD PTR SS:[EBP-144] 横坐标
0042D19A |. 50 PUSH EAX
0042D19B |. E8 FB0E0500 CALL WaGan.0047E09B 这个是头顶的那个显示
0042D1A0 |. 83C4 14 ADD ESP,14
0042D1A3 |> 8B8D D0FEFFFF MOV ECX,DWORD PTR SS:[EBP-130]
0042D1A9 |. E8 F9A3FDFF CALL WaGan.004075A7
0042D1AE |. 50 PUSH EAX ; /Arg3 个就是头相的代号
0042D1AF |. 8B8D ACFEFFFF MOV ECX,DWORD PTR SS:[EBP-154] ; | 头相纵坐标
0042D1B5 |. 83C1 08 ADD ECX,8 ; |
0042D1B8 |. 51 PUSH ECX ; |Arg2
0042D1B9 |. 8B15 18C84800 MOV EDX,DWORD PTR DS:[48C818] ; |
0042D1BF |. F7DA NEG EDX ; |
0042D1C1 |. 1BD2 SBB EDX,EDX ; |
0042D1C3 |. 81E2 A0FEFFFF AND EDX,FFFFFEA0 ; |
0042D1C9 |. 81C2 68010000 ADD EDX,168 ; |
0042D1CF |. 8B85 B0FEFFFF MOV EAX,DWORD PTR SS:[EBP-150] ; | 头相横坐标
0042D1D5 |. 03C2 ADD EAX,EDX ; |
0042D1D7 |. 50 PUSH EAX ; |Arg1
0042D1D8 |. E8 0417FFFF CALL WaGan.0041E8E1 ; \WaGan.0041E8E1 这个在加载头象
0042D1DD |. 83C4 0C ADD ESP,0C
0042D1E0 |. 6A 3A PUSH 3A ; /Arg1 = 0000003A 蓝色
0042D1E2 |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
0042D1E7 |. E8 981AFEFF CALL WaGan.0040EC84 ; \WaGan.0040EC84 名字的颜色显示
0042D1EC |. 8B8D ACFEFFFF MOV ECX,DWORD PTR SS:[EBP-154] 名字纵坐标+6
0042D1F2 |. 83C1 06 ADD ECX,6 //0B
0042D1F5 |. 51 PUSH ECX ; /Arg2
0042D1F6 |. 8B15 18C84800 MOV EDX,DWORD PTR DS:[48C818] ; |
0042D1FC |. F7DA NEG EDX ; |
0042D1FE |. 1BD2 SBB EDX,EDX ; |
0042D200 |. 83E2 50 AND EDX,50 ; |
0042D203 |. 83C2 10 ADD EDX,10 ; | //48
0042D206 |. 8B85 B0FEFFFF MOV EAX,DWORD PTR SS:[EBP-150] ; | 名字横坐标
0042D20C |. 03C2 ADD EAX,EDX ; |
0042D20E |. 99 CDQ ; |
0042D20F |. 83E2 07 AND EDX,7 ; |
0042D212 |. 03C2 ADD EAX,EDX ; |
0042D214 |. C1F8 03 SAR EAX,3 ; |
0042D217 |. 50 PUSH EAX ; |Arg1
0042D218 |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
0042D21D |. E8 B519FEFF CALL WaGan.0040EBD7 ; \WaGan.0040EBD7
0042D222 |. 8B8D D0FEFFFF MOV ECX,DWORD PTR SS:[EBP-130]
0042D228 |. E8 2AA5FDFF CALL WaGan.00407757
0042D22D |. 50 PUSH EAX ; /Arg3
0042D22E |. 68 28C84800 PUSH WaGan.0048C828 ; |Arg2 = 0048C828 ASCII "%s"
0042D233 |. 68 382F4900 PUSH WaGan.00492F38 ; |Arg1 = 00492F38
0042D238 |. E8 6328FEFF CALL WaGan.0040FAA0 ; \WaGan.0040FAA0
0042D23D |. 83C4 0C ADD ESP,0C
0042D240 |. 6A 12 PUSH 12 ; /Arg6 = 00000012
0042D242 |. 6A 00 PUSH 0 ; |Arg5 = 00000000
0042D244 |. 6A 40 PUSH 40 ; |Arg4 = 00000040 高度
0042D246 |. 68 20010000 PUSH 120 ; |Arg3 = 00000120
0042D24B |. 8B85 ACFEFFFF MOV EAX,DWORD PTR SS:[EBP-154] ; |对话框白色部分的中间处的纵坐标
0042D251 |. 83C0 1A ADD EAX,1A ; | //09
0042D254 |. 50 PUSH EAX ; |Arg2
0042D255 |. 8B0D 18C84800 MOV ECX,DWORD PTR DS:[48C818] ; |
0042D25B |. F7D9 NEG ECX ; |
0042D25D |. 1BC9 SBB ECX,ECX ; |
0042D25F |. 83E1 50 AND ECX,50 ; |
0042D262 |. 83C1 20 ADD ECX,20 ; |
0042D265 |. 8B95 B0FEFFFF MOV EDX,DWORD PTR SS:[EBP-150] ; | 横坐标
0042D26B |. 03D1 ADD EDX,ECX ; |
0042D26D |. 52 PUSH EDX ; |Arg1
0042D26E |. E8 3014FFFF CALL WaGan.0041E6A3 ; \WaGan.0041E6A3
0042D273 |. 83C4 18 ADD ESP,18
0042D276 |. 6A 00 PUSH 0 ; /Arg3 = 00000000
0042D278 |. 6A 1F PUSH 1F ; |Arg2 = 0000001F
0042D27A |. 6A 04 PUSH 4 ; |Arg1 = 00000004
0042D27C |. E8 70FF0400 CALL WaGan.0047D1F1 ; \WaGan.0047D1F1
0042D281 |. 83C4 0C ADD ESP,0C
0042D284 |. 6A 04 PUSH 4 ; /Arg3 = 00000004
0042D286 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
0042D288 |. A1 18C84800 MOV EAX,DWORD PTR DS:[48C818] ; |
0042D28D |. F7D8 NEG EAX ; |
0042D28F |. 1BC0 SBB EAX,EAX ; |
0042D291 |. 24 00 AND AL,0 ; |
0042D293 |. 05 C0990100 ADD EAX,199C0 ; |
0042D298 |. 50 PUSH EAX ; |Arg1
0042D299 |. B9 50EB4A00 MOV ECX,WaGan.004AEB50 ; |
0042D29E |. E8 9D270500 CALL WaGan.0047FA40 ; \WaGan.0047FA40
0042D2A3 |. 50 PUSH EAX
0042D2A4 |. 6A 10 PUSH 10
0042D2A6 |. 6A 10 PUSH 10
0042D2A8 |. 8B8D ACFEFFFF MOV ECX,DWORD PTR SS:[EBP-154] 尖角的纵坐标
0042D2AE |. 83C1 3C ADD ECX,3C
0042D2B1 |. 51 PUSH ECX
0042D2B2 |. 8B15 18C84800 MOV EDX,DWORD PTR DS:[48C818]
0042D2B8 |. F7DA NEG EDX
0042D2BA |. 1BD2 SBB EDX,EDX
0042D2BC |. 80E2 00 AND DL,0
0042D2BF |. 81C2 50010000 ADD EDX,150
0042D2C5 |. 8B85 B0FEFFFF MOV EAX,DWORD PTR SS:[EBP-150] 尖角的横坐标
0042D2CB |. 03C2 ADD EAX,EDX
0042D2CD |. 50 PUSH EAX
0042D2CE |. E8 C80D0500 CALL WaGan.0047E09B
0042D2D3 |. 83C4 14 ADD ESP,14
0042D2D6 |. 6A 04 PUSH 4 ; /Arg3 = 00000004
0042D2D8 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
0042D2DA |. 68 C09A0100 PUSH 19AC0 ; |Arg1 = 00019AC0
0042D2DF |. B9 50EB4A00 MOV ECX,WaGan.004AEB50 ; |
0042D2E4 |. E8 57270500 CALL WaGan.0047FA40 ; \WaGan.0047FA40
0042D2E9 |. 50 PUSH EAX
0042D2EA |. 6A 40 PUSH 40
0042D2EC |. 6A 10 PUSH 10
0042D2EE |. 8B8D ACFEFFFF MOV ECX,DWORD PTR SS:[EBP-154] 对话框里左边的白色部分纵坐标
0042D2F4 |. 83C1 1A ADD ECX,1A
0042D2F7 |. 51 PUSH ECX
0042D2F8 |. 8B15 18C84800 MOV EDX,DWORD PTR DS:[48C818]
0042D2FE |. F7DA NEG EDX
0042D300 |. 1BD2 SBB EDX,EDX
0042D302 |. 83E2 50 AND EDX,50
0042D305 |. 83C2 10 ADD EDX,10
0042D308 |. 8B85 B0FEFFFF MOV EAX,DWORD PTR SS:[EBP-150] 横坐标
0042D30E |. 03C2 ADD EAX,EDX
0042D310 |. 50 PUSH EAX
0042D311 |. E8 850D0500 CALL WaGan.0047E09B
0042D316 |. 83C4 14 ADD ESP,14
0042D319 |. 6A 04 PUSH 4 ; /Arg3 = 00000004
0042D31B |. 6A 00 PUSH 0 ; |Arg2 = 00000000
0042D31D |. 68 C09E0100 PUSH 19EC0 ; |Arg1 = 00019EC0
0042D322 |. B9 50EB4A00 MOV ECX,WaGan.004AEB50 ; |
0042D327 |. E8 14270500 CALL WaGan.0047FA40 ; \WaGan.0047FA40
0042D32C |. 50 PUSH EAX
0042D32D |. 6A 40 PUSH 40
0042D32F |. 6A 10 PUSH 10
0042D331 |. 8B8D ACFEFFFF MOV ECX,DWORD PTR SS:[EBP-154] 对话框右半边部分纵作标
0042D337 |. 83C1 1A ADD ECX,1A
0042D33A |. 51 PUSH ECX
0042D33B |. 8B15 18C84800 MOV EDX,DWORD PTR DS:[48C818]
0042D341 |. F7DA NEG EDX
0042D343 |. 1BD2 SBB EDX,EDX
0042D345 |. 83E2 50 AND EDX,50
0042D348 |. 81C2 40010000 ADD EDX,140
0042D34E |. 8B85 B0FEFFFF MOV EAX,DWORD PTR SS:[EBP-150] 横坐标
0042D354 |. 03C2 ADD EAX,EDX
0042D356 |. 50 PUSH EAX
0042D357 |. E8 3F0D0500 CALL WaGan.0047E09B
0042D35C |. 83C4 14 ADD ESP,14
0042D35F |. E8 9212FFFF CALL WaGan.0041E5F6 画图
0042D364 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0042D2D6 68 D8902E00 PUSH 2E90D8 气泡尖朝左,适合人脸朝左。 2E9318,气泡尖朝右,适合脸朝右
0042D2DB 6A 18 PUSH 18
0042D2DD 6A 18 PUSH 18
0042D2DF 8B85 ACFEFFFF MOV EAX,DWORD PTR SS:[EBP-154] 纵坐标
0042D2E5 83C0 5E ADD EAX,5E
0042D2E8 90 NOP
0042D2E9 90 NOP
0042D2EA 50 PUSH EAX
0042D2EB 8B85 B0FEFFFF MOV EAX,DWORD PTR SS:[EBP-150] 横坐标
0042D2F1 05 D5000000 ADD EAX,0D5
0042D2F6 50 PUSH EAX
0042D2F7 E8 9F0D0500 CALL WaGan.0047E09B
0042D063 . 6A 00 PUSH 0
0042D065 68 20010000 PUSH 120
0042D06A 68 60020000 PUSH 260
0042D06F . 8B8D ACFEFFFF MOV ECX,DWORD PTR SS:[EBP-154]
0042D075 81E9 80000000 SUB ECX,80
0042D07B 51 PUSH ECX
0042D07C 8B8D B0FEFFFF MOV ECX,DWORD PTR SS:[EBP-150]
0042D082 81E9 80000000 SUB ECX,80
0042D088 51 PUSH ECX
0042D089 B9 30694B00 MOV ECX,WaGan.004B6930
0042D08E 90 NOP
0042D08F 90 NOP
0042D090 90 NOP
0042D091 90 NOP
0042D092 83BD A8FEFFFF>CMP DWORD PTR SS:[EBP-158],0 ; 0表示人物未在战场上 EBP-158
0042D099 . 0F84 04010000 JE WaGan.0042D1A3
42D107 战场说话...
0042D364 . 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0042D367 . 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0042D36A . C785 F4FEFFFF>MOV DWORD PTR SS:[EBP-10C],1
0042D374 . B9 70074B00 MOV ECX,WaGan.004B0770
0042D379 . E8 B2EFFEFF CALL WaGan.0041C330
0042D37E . 8885 D8FEFFFF MOV BYTE PTR SS:[EBP-128],AL
0042D384 . 8B95 D8FEFFFF MOV EDX,DWORD PTR SS:[EBP-128]
0042D38A . 81E2 FF000000 AND EDX,0FF
0042D390 . F7DA NEG EDX
0042D392 . 1BD2 SBB EDX,EDX
0042D394 . F7DA NEG EDX
0042D396 . 8995 C8FEFFFF MOV DWORD PTR SS:[EBP-138],EDX
0042D39C . B9 70074B00 MOV ECX,WaGan.004B0770
0042D3A1 . E8 6AD5FFFF CALL WaGan.0042A910
0042D3A6 . 25 00080000 AND EAX,800
0042D3AB . 85C0 TEST EAX,EAX
0042D3AD . 74 07 JE SHORT WaGan.0042D3B6
0042D3AF . C685 D8FEFFFF>MOV BYTE PTR SS:[EBP-128],3
0042D3B6 > 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0042D3B9 . 33C9 XOR ECX,ECX
0042D3BB . 8A08 MOV CL,BYTE PTR DS:[EAX]
0042D3BD . 85C9 TEST ECX,ECX
0042D3BF . 0F84 87010000 JE WaGan.0042D54C
0042D3C5 . C785 E8FEFFFF>MOV DWORD PTR SS:[EBP-118],1E
0042D3CF . 83BD F4FEFFFF>CMP DWORD PTR SS:[EBP-10C],0
0042D3D6 . 75 3F JNZ SHORT WaGan.0042D417
0042D3D8 . E8 FE11FFFF CALL WaGan.0041E5DB
0042D3DD . 6A 12 PUSH 12 ; /Arg6 = 00000012
0042D3DF . 6A 00 PUSH 0 ; |Arg5 = 00000000
0042D3E1 . 6A 40 PUSH 40 ; |Arg4 = 00000040
0042D3E3 . 68 20010000 PUSH 120 ; |Arg3 = 00000120
0042D3E8 . 8B95 ACFEFFFF MOV EDX,DWORD PTR SS:[EBP-154] ; |
0042D3EE . 83C2 1A ADD EDX,1A ; |
0042D3F1 . 52 PUSH EDX ; |Arg2
0042D3F2 . A1 18C84800 MOV EAX,DWORD PTR DS:[48C818] ; |
0042D3F7 . F7D8 NEG EAX ; |
0042D3F9 . 1BC0 SBB EAX,EAX ; |
0042D3FB . 83E0 50 AND EAX,50 ; |
0042D3FE . 83C0 20 ADD EAX,20 ; |
0042D401 . 8B8D B0FEFFFF MOV ECX,DWORD PTR SS:[EBP-150] ; |
0042D407 . 03C8 ADD ECX,EAX ; |
0042D409 . 51 PUSH ECX ; |Arg1
0042D40A . E8 9412FFFF CALL WaGan.0041E6A3 ; \WaGan.0041E6A3
0042D40F . 83C4 18 ADD ESP,18
0042D412 . E8 DF11FFFF CALL WaGan.0041E5F6
0042D417 > 6A 00 PUSH 0 ; /lParam = 0
0042D419 . 6A 00 PUSH 0 ; |wParam = 0
0042D41B . 68 02020000 PUSH 202 ; |Message = WM_LBUTTONUP
0042D420 . 8B15 686A4B00 MOV EDX,DWORD PTR DS:[4B6A68] ; |
0042D426 . 52 PUSH EDX ; |hWnd => 7064A
0042D427 . FF15 F4624800 CALL DWORD PTR DS:[<&USER32.SendMessageA>; \SendMessageA
0042D42D . 6A 1F PUSH 1F ; /Arg1 = 0000001F
0042D42F . B9 382F4900 MOV ECX,WaGan.00492F38 ; |
0042D434 . E8 4B18FEFF CALL WaGan.0040EC84 ; \WaGan.0040EC84
0042D439 . C685 F0FEFFFF>MOV BYTE PTR SS:[EBP-110],0
0042D440 . EB 0E JMP SHORT WaGan.0042D450
0042D442 > 8A85 F0FEFFFF MOV AL,BYTE PTR SS:[EBP-110]
0042D448 . 04 01 ADD AL,1
0042D44A . 8885 F0FEFFFF MOV BYTE PTR SS:[EBP-110],AL
0042D450 > 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0042D453 . 33D2 XOR EDX,EDX
0042D455 . 8A11 MOV DL,BYTE PTR DS:[ECX]
0042D457 . 85D2 TEST EDX,EDX
0042D459 . 74 71 JE SHORT WaGan.0042D4CC
0042D45B . 8B85 F0FEFFFF MOV EAX,DWORD PTR SS:[EBP-110]
0042D461 . 25 FF000000 AND EAX,0FF
0042D466 . 3B85 DCFEFFFF CMP EAX,DWORD PTR SS:[EBP-124]
0042D46C . 7D 5E JGE SHORT WaGan.0042D4CC
0042D46E . 8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138]
0042D474 . 51 PUSH ECX ; /Arg4
0042D475 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
0042D478 . 52 PUSH EDX ; |Arg3
0042D479 . 8B85 ACFEFFFF MOV EAX,DWORD PTR SS:[EBP-154] ; |
0042D47F . 0385 E8FEFFFF ADD EAX,DWORD PTR SS:[EBP-118] ; |
0042D485 . 50 PUSH EAX ; |Arg2 = 00000256
0042D486 . 8B0D 18C84800 MOV ECX,DWORD PTR DS:[48C818] ; |
0042D48C . F7D9 NEG ECX ; |
0042D48E . 1BC9 SBB ECX,ECX ; |
0042D490 . 83E1 50 AND ECX,50 ; |
0042D493 . 83C1 18 ADD ECX,18 ; |
0042D496 . 8B85 B0FEFFFF MOV EAX,DWORD PTR SS:[EBP-150] ; |
0042D49C . 03C1 ADD EAX,ECX ; |
0042D49E . 99 CDQ ; |
0042D49F . 83E2 07 AND EDX,7 ; |
0042D4A2 . 03C2 ADD EAX,EDX ; |
0042D4A4 . C1F8 03 SAR EAX,3 ; |
0042D4A7 . 50 PUSH EAX ; |Arg1
0042D4A8 . E8 03F4FFFF CALL WaGan.0042C8B0 ; \WaGan.0042C8B0
0042D4AD . 83C4 10 ADD ESP,10
0042D4B0 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0042D4B3 . 03D0 ADD EDX,EAX
0042D4B5 . 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
0042D4B8 . 8B85 E8FEFFFF MOV EAX,DWORD PTR SS:[EBP-118]
0042D4BE . 83C0 14 ADD EAX,14
0042D4C1 . 8985 E8FEFFFF MOV DWORD PTR SS:[EBP-118],EAX
0042D4C7 .^ E9 76FFFFFF JMP WaGan.0042D442
0042D4CC > B9 B07F4900 MOV ECX,WaGan.00497FB0
0042D4AD . 83C4 10 ADD ESP,10
0042D4B0 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0042D4B3 . 03D0 ADD EDX,EAX
0042D4B5 . 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
0042D4B8 . 8B85 E8FEFFFF MOV EAX,DWORD PTR SS:[EBP-118]
0042D4BE . 83C0 14 ADD EAX,14
0042D4C1 . 8985 E8FEFFFF MOV DWORD PTR SS:[EBP-118],EAX
0042D4C7 .^ E9 76FFFFFF JMP WaGan.0042D442
0042D4CC > B9 B07F4900 MOV ECX,WaGan.00497FB0
0042D4D1 . E8 908BFFFF CALL WaGan.00426066
0042D4D6 . 6A 00 PUSH 0 ; /lParam = 0
0042D4D8 . 6A 00 PUSH 0 ; |wParam = 0
0042D4DA . 68 02020000 PUSH 202 ; |Message = WM_LBUTTONUP
0042D4DF . 8B0D 686A4B00 MOV ECX,DWORD PTR DS:[4B6A68] ; |
0042D4E5 . 51 PUSH ECX ; |hWnd => 2F02E0
0042D4E6 . FF15 F4624800 CALL DWORD PTR DS:[<&USER32.SendMessageA>; \SendMessageA
0042D4EC . 8B95 D8FEFFFF MOV EDX,DWORD PTR SS:[EBP-128]
0042D4F2 . 81E2 FF000000 AND EDX,0FF
0042D4F8 . 8995 8CFDFFFF MOV DWORD PTR SS:[EBP-274],EDX
0042D4FE . 83BD 8CFDFFFF 03 CMP DWORD PTR SS:[EBP-274],3
0042D505 . 77 36 JA SHORT WaGan.0042D53D
0042D507 . 8B85 8CFDFFFF MOV EAX,DWORD PTR SS:[EBP-274]
0042D50D . FF2485 E1D54200 JMP DWORD PTR DS:[EAX*4+42D5E1]
0042D514 > 6A 0F PUSH 0F ; /Arg1 = 0000000F
0042D516 . E8 2BF1FFFF CALL WaGan.0042C646 ; \WaGan.0042C646
0042D51B . 83C4 04 ADD ESP,4
0042D51E . EB 1D JMP SHORT WaGan.0042D53D
0042D520 > 6A 0A PUSH 0A ; /Arg1 = 0000000A
0042D522 . E8 1FF1FFFF CALL WaGan.0042C646 ; \WaGan.0042C646
0042D527 . 83C4 04 ADD ESP,4
0042D52A . EB 11 JMP SHORT WaGan.0042D53D
0042D52C > 6A 14 PUSH 14 ; /Arg1 = 00000014
0042D52E . E8 13F1FFFF CALL WaGan.0042C646 ; \WaGan.0042C646
0042D533 . 83C4 04 ADD ESP,4
0042D536 . EB 05 JMP SHORT WaGan.0042D53D
0042D538 > E8 F6F1FFFF CALL WaGan.0042C733
0042D53D > C785 F4FEFFFF 0000>MOV DWORD PTR SS:[EBP-10C],0
0042D547 .^ E9 6AFEFFFF JMP WaGan.0042D3B6
0042D54C > B9 B07F4900 MOV ECX,WaGan.00497FB0
0042D551 . E8 108BFFFF CALL WaGan.00426066
0042D556 . B9 30694B00 MOV ECX,WaGan.004B6930
0042D55B . E8 C3600400 CALL WaGan.00473623
0042D560 . 83BD A8FEFFFF 00 CMP DWORD PTR SS:[EBP-158],0
0042D567 . 74 21 JE SHORT WaGan.0042D58A
0042D569 . 8D8D A4FDFFFF LEA ECX,DWORD PTR SS:[EBP-25C]
0042D56F . 51 PUSH ECX
0042D570 . 6A 10 PUSH 10
0042D572 . 6A 10 PUSH 10
0042D574 . 8B95 A4FEFFFF MOV EDX,DWORD PTR SS:[EBP-15C]
0042D57A . 52 PUSH EDX
0042D57B . 8B85 BCFEFFFF MOV EAX,DWORD PTR SS:[EBP-144]
0042D581 . 50 PUSH EAX
0042D582 . E8 140B0500 CALL WaGan.0047E09B
0042D587 . 83C4 14 ADD ESP,14
0042D58A > 8B8D B8FEFFFF MOV ECX,DWORD PTR SS:[EBP-148]
0042D590 . 81E1 FF000000 AND ECX,0FF
0042D596 . 81F9 FF000000 CMP ECX,0FF
0042D59C . 74 1D JE SHORT WaGan.0042D5BB
0042D59E . 8B95 B8FEFFFF MOV EDX,DWORD PTR SS:[EBP-148]
0042D5A4 . 81E2 FF000000 AND EDX,0FF
0042D5AA . 83FA 01 CMP EDX,1
0042D5AD . 74 0C JE SHORT WaGan.0042D5BB
0042D5AF . C785 88FDFFFF 0000>MOV DWORD PTR SS:[EBP-278],0
0042D5B9 . EB 0A JMP SHORT WaGan.0042D5C5
0042D5BB > C785 88FDFFFF 0100>MOV DWORD PTR SS:[EBP-278],1
0042D5C5 > 8B85 88FDFFFF MOV EAX,DWORD PTR SS:[EBP-278]
0042D5CB . 5E POP ESI
作者:
岱瀛 时间: 2007-12-30 21:11 标题: 在战场里的对话改掉对话框加上小气泡的研究
0042CB6D $ 55 PUSH EBP
0042CB6E . 8BEC MOV EBP,ESP
0042CB70 . 81EC 78020000 SUB ESP,278
0042CB76 . 53 PUSH EBX
0042CB77 . 56 PUSH ESI
0042CB78 . C685 B8FEFFFF FF MOV BYTE PTR SS:[EBP-148],0FF
0042CB7F . 817D 0C 00040000 CMP DWORD PTR SS:[EBP+C],400
0042CB86 . 73 14 JNB SHORT WaGan.0042CB9C
0042CB88 . 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
0042CB8B . 50 PUSH EAX ; /Arg1
0042CB8C . E8 CFF2FDFF CALL WaGan.0040BE60 ; \WaGan.0040BE60
0042CB91 . 83C4 04 ADD ESP,4
0042CB94 . 8985 94FDFFFF MOV DWORD PTR SS:[EBP-26C],EAX
0042CB9A . EB 0A JMP SHORT WaGan.0042CBA6
0042CB9C > C785 94FDFFFF 0000>MOV DWORD PTR SS:[EBP-26C],0
0042CBA6 > 8B8D 94FDFFFF MOV ECX,DWORD PTR SS:[EBP-26C]
0042CBAC . 898D D0FEFFFF MOV DWORD PTR SS:[EBP-130],ECX
0042CBB2 . B9 50424B00 MOV ECX,WaGan.004B4250
0042CBB7 . E8 88920200 CALL WaGan.00455E44
0042CBBC . 99 CDQ
0042CBBD . B9 30000000 MOV ECX,30
0042CBC2 . F7F9 IDIV ECX
0042CBC4 . 8885 D4FEFFFF MOV BYTE PTR SS:[EBP-12C],AL
0042CBCA . B9 50424B00 MOV ECX,WaGan.004B4250
0042CBCF . E8 97920200 CALL WaGan.00455E6B
0042CBD4 . 99 CDQ
0042CBD5 . B9 30000000 MOV ECX,30
0042CBDA . F7F9 IDIV ECX
0042CBDC . 8885 C0FEFFFF MOV BYTE PTR SS:[EBP-140],AL
0042CBE2 . 8B85 D4FEFFFF MOV EAX,DWORD PTR SS:[EBP-12C]
0042CBE8 . 25 FF000000 AND EAX,0FF
0042CBED . 99 CDQ
0042CBEE . 2BC2 SUB EAX,EDX
0042CBF0 . D1F8 SAR EAX,1
0042CBF2 . 8885 B4FEFFFF MOV BYTE PTR SS:[EBP-14C],AL
0042CBF8 . 8B85 C0FEFFFF MOV EAX,DWORD PTR SS:[EBP-140]
0042CBFE . 25 FF000000 AND EAX,0FF
0042CC03 . 99 CDQ
0042CC04 . 2BC2 SUB EAX,EDX
0042CC06 . D1F8 SAR EAX,1
0042CC08 . 8885 C4FEFFFF MOV BYTE PTR SS:[EBP-13C],AL
0042CC0E . 8B95 B4FEFFFF MOV EDX,DWORD PTR SS:[EBP-14C]
0042CC14 . 81E2 FF000000 AND EDX,0FF
0042CC1A . 6BD2 30 IMUL EDX,EDX,30
0042CC1D . 8995 ECFEFFFF MOV DWORD PTR SS:[EBP-114],EDX
0042CC23 . 8B85 C4FEFFFF MOV EAX,DWORD PTR SS:[EBP-13C]
0042CC29 . 25 FF000000 AND EAX,0FF
0042CC2E . 6BC0 30 IMUL EAX,EAX,30
0042CC31 . 8985 E0FEFFFF MOV DWORD PTR SS:[EBP-120],EAX
0042CC37 . C785 A8FEFFFF 0000>MOV DWORD PTR SS:[EBP-158],0
0042CC41 . 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
0042CC44 . 6BC9 48 IMUL ECX,ECX,48
0042CC47 . 81C1 0000D600 ADD ECX,0D60000
0042CC4D . E8 8AAE0400 CALL WaGan.00477ADC
0042CC52 . 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
0042CC55 . 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0042CC58 . 81E1 FF000000 AND ECX,0FF
0042CC5E . 81F9 FF000000 CMP ECX,0FF
0042CC64 . 0F84 DE020000 JE WaGan.0042CF48
0042CC6A . 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0042CC6D . 81E1 FF000000 AND ECX,0FF
0042CC73 . 6BC9 24 IMUL ECX,ECX,24
0042CC76 . 81C1 502C4B00 ADD ECX,WaGan.004B2C50
0042CC7C . E8 0FC0FEFF CALL WaGan.00418C90
0042CC81 . 25 FF000000 AND EAX,0FF
0042CC86 . 83F8 02 CMP EAX,2
0042CC89 . 0F85 B9020000 JNZ WaGan.0042CF48
0042CC8F . C785 A8FEFFFF 0100>MOV DWORD PTR SS:[EBP-158],1
0042CC99 . 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0042CC9C . 81E1 FF000000 AND ECX,0FF
0042CCA2 . 6BC9 24 IMUL ECX,ECX,24
0042CCA5 . 81C1 502C4B00 ADD ECX,WaGan.004B2C50
0042CCAB . E8 B066FDFF CALL WaGan.00403360
0042CCB0 . 66:8B10 MOV DX,WORD PTR DS:[EAX]
0042CCB3 . 66:8995 98FDFFFF MOV WORD PTR SS:[EBP-268],DX
0042CCBA . 8B9D 98FDFFFF MOV EBX,DWORD PTR SS:[EBP-268]
0042CCC0 . 81E3 FF000000 AND EBX,0FF
0042CCC6 . B9 50424B00 MOV ECX,WaGan.004B4250
0042CCCB . E8 C34D0200 CALL WaGan.00451A93
0042CCD0 . 99 CDQ
0042CCD1 . B9 30000000 MOV ECX,30
0042CCD6 . F7F9 IDIV ECX
0042CCD8 . 2BD8 SUB EBX,EAX
0042CCDA . 889D 9CFDFFFF MOV BYTE PTR SS:[EBP-264],BL
0042CCE0 . 8B9D 99FDFFFF MOV EBX,DWORD PTR SS:[EBP-267]
0042CCE6 . 81E3 FF000000 AND EBX,0FF
0042CCEC . B9 50424B00 MOV ECX,WaGan.004B4250
0042CCF1 . E8 AE4D0200 CALL WaGan.00451AA4
0042CCF6 . 99 CDQ
0042CCF7 . B9 30000000 MOV ECX,30
0042CCFC . F7F9 IDIV ECX
0042CCFE . 2BD8 SUB EBX,EAX
0042CD00 . 889D A0FDFFFF MOV BYTE PTR SS:[EBP-260],BL
0042CD06 . 8B95 9CFDFFFF MOV EDX,DWORD PTR SS:[EBP-264]
0042CD0C . 81E2 FF000000 AND EDX,0FF
0042CD12 . 83FA 02 CMP EDX,2
0042CD15 . 7C 22 JL SHORT WaGan.0042CD39
0042CD17 . 8B85 9CFDFFFF MOV EAX,DWORD PTR SS:[EBP-264]
0042CD1D . 25 FF000000 AND EAX,0FF
0042CD22 . 8B8D D4FEFFFF MOV ECX,DWORD PTR SS:[EBP-12C]
0042CD28 . 81E1 FF000000 AND ECX,0FF
0042CD2E . 83E9 02 SUB ECX,2
0042CD31 . 3BC1 CMP EAX,ECX
0042CD33 . 0F8C E9000000 JL WaGan.0042CE22
0042CD39 > 8B95 9CFDFFFF MOV EDX,DWORD PTR SS:[EBP-264]
0042CD3F . 81E2 FF000000 AND EDX,0FF
0042CD45 . 83FA 02 CMP EDX,2
0042CD48 . 7D 32 JGE SHORT WaGan.0042CD7C
0042CD4A . 8B85 9CFDFFFF MOV EAX,DWORD PTR SS:[EBP-264]
0042CD50 . 25 FF000000 AND EAX,0FF
0042CD55 . 83C0 01 ADD EAX,1
0042CD58 . 6BC0 30 IMUL EAX,EAX,30
0042CD5B . 83C0 10 ADD EAX,10
0042CD5E . 8985 B0FEFFFF MOV DWORD PTR SS:[EBP-150],EAX
0042CD64 . 8B8D B0FEFFFF MOV ECX,DWORD PTR SS:[EBP-150]
0042CD6A . 83E9 10 SUB ECX,10
0042CD6D . 898D BCFEFFFF MOV DWORD PTR SS:[EBP-144],ECX
0042CD73 . C685 E4FEFFFF 03 MOV BYTE PTR SS:[EBP-11C],3
0042CD7A . EB 39 JMP SHORT WaGan.0042CDB5
0042CD7C > 8B95 9CFDFFFF MOV EDX,DWORD PTR SS:[EBP-264]
0042CD82 . 81E2 FF000000 AND EDX,0FF
0042CD88 . 6BD2 30 IMUL EDX,EDX,30
0042CD8B . 81EA C0010000 SUB EDX,1C0
0042CD91 . 8995 B0FEFFFF MOV DWORD PTR SS:[EBP-150],EDX
0042CD97 . 8B85 9CFDFFFF MOV EAX,DWORD PTR SS:[EBP-264]
0042CD9D . 25 FF000000 AND EAX,0FF
0042CDA2 . 6BC0 30 IMUL EAX,EAX,30
0042CDA5 . 83E8 10 SUB EAX,10
0042CDA8 . 8985 BCFEFFFF MOV DWORD PTR SS:[EBP-144],EAX
0042CDAE . C685 E4FEFFFF 01 MOV BYTE PTR SS:[EBP-11C],1
0042CDB5 > 8B8D A0FDFFFF MOV ECX,DWORD PTR SS:[EBP-260]
0042CDBB . 81E1 FF000000 AND ECX,0FF
0042CDC1 . 8B95 C4FEFFFF MOV EDX,DWORD PTR SS:[EBP-13C]
0042CDC7 . 81E2 FF000000 AND EDX,0FF
0042CDCD . 3BCA CMP ECX,EDX
0042CDCF . 7D 19 JGE SHORT WaGan.0042CDEA
0042CDD1 . 8B85 A0FDFFFF MOV EAX,DWORD PTR SS:[EBP-260]
0042CDD7 . 25 FF000000 AND EAX,0FF
0042CDDC . 6BC0 30 IMUL EAX,EAX,30
0042CDDF . 83C0 08 ADD EAX,8
0042CDE2 . 8985 ACFEFFFF MOV DWORD PTR SS:[EBP-154],EAX
0042CDE8 . EB 1B JMP SHORT WaGan.0042CE05
0042CDEA > 8B8D A0FDFFFF MOV ECX,DWORD PTR SS:[EBP-260]
0042CDF0 . 81E1 FF000000 AND ECX,0FF
0042CDF6 . 83C1 01 ADD ECX,1
0042CDF9 . 6BC9 30 IMUL ECX,ECX,30
0042CDFC . 83E9 68 SUB ECX,68
0042CDFF . 898D ACFEFFFF MOV DWORD PTR SS:[EBP-154],ECX
0042CE05 > 8B95 A0FDFFFF MOV EDX,DWORD PTR SS:[EBP-260]
0042CE0B . 81E2 FF000000 AND EDX,0FF
0042CE11 . 6BD2 30 IMUL EDX,EDX,30
0042CE14 . 83C2 10 ADD EDX,10
0042CE17 . 8995 A4FEFFFF MOV DWORD PTR SS:[EBP-15C],EDX
0042CE1D . E9 24010000 JMP WaGan.0042CF46
0042CE22 > 8B85 9CFDFFFF MOV EAX,DWORD PTR SS:[EBP-264]
0042CE28 . 25 FF000000 AND EAX,0FF
0042CE2D . 6BC0 30 IMUL EAX,EAX,30
0042CE30 . 3D C8000000 CMP EAX,0C8
0042CE35 . 7D 1D JGE SHORT WaGan.0042CE54
0042CE37 . 8B8D 9CFDFFFF MOV ECX,DWORD PTR SS:[EBP-264]
0042CE3D . 81E1 FF000000 AND ECX,0FF
0042CE43 . 83E9 01 SUB ECX,1
0042CE46 . 6BC9 30 IMUL ECX,ECX,30
0042CE49 . 83C1 08 ADD ECX,8
0042CE4C . 898D B0FEFFFF MOV DWORD PTR SS:[EBP-150],ECX
0042CE52 . EB 5F JMP SHORT WaGan.0042CEB3
0042CE54 > 8BB5 9CFDFFFF MOV ESI,DWORD PTR SS:[EBP-264]
0042CE5A . 81E6 FF000000 AND ESI,0FF
0042CE60 . 83C6 01 ADD ESI,1
0042CE63 . 6BF6 30 IMUL ESI,ESI,30
0042CE66 . 81C6 C8000000 ADD ESI,0C8
0042CE6C . B9 50424B00 MOV ECX,WaGan.004B4250
0042CE71 . E8 CE8F0200 CALL WaGan.00455E44
0042CE76 . 3BF0 CMP ESI,EAX
0042CE78 . 7C 20 JL SHORT WaGan.0042CE9A
0042CE7A . 8B95 D4FEFFFF MOV EDX,DWORD PTR SS:[EBP-12C]
0042CE80 . 81E2 FF000000 AND EDX,0FF
0042CE86 . 83EA 01 SUB EDX,1
0042CE89 . 6BD2 30 IMUL EDX,EDX,30
0042CE8C . 81EA B8010000 SUB EDX,1B8
0042CE92 . 8995 B0FEFFFF MOV DWORD PTR SS:[EBP-150],EDX
0042CE98 . EB 19 JMP SHORT WaGan.0042CEB3
0042CE9A > 8B85 9CFDFFFF MOV EAX,DWORD PTR SS:[EBP-264]
0042CEA0 . 25 FF000000 AND EAX,0FF
0042CEA5 . 6BC0 30 IMUL EAX,EAX,30
0042CEA8 . 2D B8000000 SUB EAX,0B8
0042CEAD . 8985 B0FEFFFF MOV DWORD PTR SS:[EBP-150],EAX
0042CEB3 > 8B8D 9CFDFFFF MOV ECX,DWORD PTR SS:[EBP-264]
0042CEB9 . 81E1 FF000000 AND ECX,0FF
0042CEBF . 6BC9 30 IMUL ECX,ECX,30
0042CEC2 . 83C1 10 ADD ECX,10
0042CEC5 . 898D BCFEFFFF MOV DWORD PTR SS:[EBP-144],ECX
0042CECB . 8B95 A0FDFFFF MOV EDX,DWORD PTR SS:[EBP-260]
0042CED1 . 81E2 FF000000 AND EDX,0FF
0042CED7 . 8B85 C4FEFFFF MOV EAX,DWORD PTR SS:[EBP-13C]
0042CEDD . 25 FF000000 AND EAX,0FF
0042CEE2 . 3BD0 CMP EDX,EAX
0042CEE4 . 7D 33 JGE SHORT WaGan.0042CF19
0042CEE6 . 8B8D A0FDFFFF MOV ECX,DWORD PTR SS:[EBP-260]
0042CEEC . 81E1 FF000000 AND ECX,0FF
0042CEF2 . 83C1 01 ADD ECX,1
0042CEF5 . 6BC9 30 IMUL ECX,ECX,30
0042CEF8 . 83C1 10 ADD ECX,10
0042CEFB . 898D ACFEFFFF MOV DWORD PTR SS:[EBP-154],ECX
0042CF01 . 8B95 ACFEFFFF MOV EDX,DWORD PTR SS:[EBP-154]
0042CF07 . 83EA 10 SUB EDX,10
0042CF0A . 8995 A4FEFFFF MOV DWORD PTR SS:[EBP-15C],EDX
0042CF10 . C685 E4FEFFFF 00 MOV BYTE PTR SS:[EBP-11C],0
0042CF17 . EB 2D JMP SHORT WaGan.0042CF46
0042CF19 > 8B85 A0FDFFFF MOV EAX,DWORD PTR SS:[EBP-260]
0042CF1F . 25 FF000000 AND EAX,0FF
0042CF24 . 6BC0 30 IMUL EAX,EAX,30
0042CF27 . 83E8 70 SUB EAX,70
0042CF2A . 8985 ACFEFFFF MOV DWORD PTR SS:[EBP-154],EAX
0042CF30 . 8B8D ACFEFFFF MOV ECX,DWORD PTR SS:[EBP-154]
0042CF36 . 83C1 60 ADD ECX,60
0042CF39 . 898D A4FEFFFF MOV DWORD PTR SS:[EBP-15C],ECX
0042CF3F . C685 E4FEFFFF 02 MOV BYTE PTR SS:[EBP-11C],2
0042CF46 > EB 21 JMP SHORT WaGan.0042CF69
0042CF48 > 8B95 ECFEFFFF MOV EDX,DWORD PTR SS:[EBP-114]
0042CF4E . 81EA D8000000 SUB EDX,0D8
0042CF54 . 8995 B0FEFFFF MOV DWORD PTR SS:[EBP-150],EDX
0042CF5A . 8B85 E0FEFFFF MOV EAX,DWORD PTR SS:[EBP-120]
0042CF60 . 83E8 30 SUB EAX,30
0042CF63 . 8985 ACFEFFFF MOV DWORD PTR SS:[EBP-154],EAX
0042CF69 > B9 50424B00 MOV ECX,WaGan.004B4250
0042CF6E . E8 DC4A0200 CALL WaGan.00451A4F
0042CF73 . 8B8D B0FEFFFF MOV ECX,DWORD PTR SS:[EBP-150]
0042CF79 . 03C8 ADD ECX,EAX
0042CF7B . 898D B0FEFFFF MOV DWORD PTR SS:[EBP-150],ECX
0042CF81 . B9 50424B00 MOV ECX,WaGan.004B4250
0042CF86 . E8 D54A0200 CALL WaGan.00451A60
0042CF8B . 8B95 ACFEFFFF MOV EDX,DWORD PTR SS:[EBP-154]
0042CF91 . 03D0 ADD EDX,EAX
0042CF93 . 8995 ACFEFFFF MOV DWORD PTR SS:[EBP-154],EDX
0042CF99 . B9 50424B00 MOV ECX,WaGan.004B4250
0042CF9E . E8 AC4A0200 CALL WaGan.00451A4F
0042CFA3 . 8B8D BCFEFFFF MOV ECX,DWORD PTR SS:[EBP-144]
0042CFA9 . 03C8 ADD ECX,EAX
0042CFAB . 898D BCFEFFFF MOV DWORD PTR SS:[EBP-144],ECX
0042CFB1 . B9 50424B00 MOV ECX,WaGan.004B4250
0042CFB6 . E8 A54A0200 CALL WaGan.00451A60
0042CFBB . 8B95 A4FEFFFF MOV EDX,DWORD PTR SS:[EBP-15C]
0042CFC1 . 03D0 ADD EDX,EAX
0042CFC3 . 8995 A4FEFFFF MOV DWORD PTR SS:[EBP-15C],EDX
0042CFC9 . 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
0042CFCC . 83E0 10 AND EAX,10
0042CFCF . F7D8 NEG EAX
0042CFD1 . 1BC0 SBB EAX,EAX
0042CFD3 . F7D8 NEG EAX
0042CFD5 . 8985 CCFEFFFF MOV DWORD PTR SS:[EBP-134],EAX
0042CFDB . C785 DCFEFFFF 0300>MOV DWORD PTR SS:[EBP-124],3
0042CFE5 . E8 6DF5FFFF CALL WaGan.0042C557
0042CFEA . E8 EC15FFFF CALL WaGan.0041E5DB
0042CFEF . 6A 04 PUSH 4 ; /Arg1 = 00000004
0042CFF1 . B9 382F4900 MOV ECX,WaGan.00492F38 ; |
0042CFF6 . E8 3B1DFEFF CALL WaGan.0040ED36 ; \WaGan.0040ED36
0042CFFB . 6A 00 PUSH 0 ; /Arg1 = 00000000
0042CFFD . B9 382F4900 MOV ECX,WaGan.00492F38 ; |
0042D002 . E8 B51CFEFF CALL WaGan.0040ECBC ; \WaGan.0040ECBC
0042D007 . 8B0D 201B4B00 MOV ECX,DWORD PTR DS:[4B1B20]
0042D00D . 3B8D D0FEFFFF CMP ECX,DWORD PTR SS:[EBP-130]
0042D013 . 74 1D JE SHORT WaGan.0042D032
0042D015 . 33D2 XOR EDX,EDX
0042D017 . 833D 18C84800 00 CMP DWORD PTR DS:[48C818],0
0042D01E . 0F94C2 SETE DL
0042D021 . 8915 18C84800 MOV DWORD PTR DS:[48C818],EDX
0042D027 . 8B85 D0FEFFFF MOV EAX,DWORD PTR SS:[EBP-130]
0042D02D . A3 201B4B00 MOV DWORD PTR DS:[4B1B20],EAX
0042D032 > 837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
0042D036 . 75 0A JNZ SHORT WaGan.0042D042
0042D038 . C705 18C84800 0100>MOV DWORD PTR DS:[48C818],1
0042D042 > 8D8D A4FDFFFF LEA ECX,DWORD PTR SS:[EBP-25C]
0042D048 . 51 PUSH ECX
0042D049 . 6A 10 PUSH 10
0042D04B . 6A 10 PUSH 10
0042D04D . 8B95 A4FEFFFF MOV EDX,DWORD PTR SS:[EBP-15C]
0042D053 . 52 PUSH EDX
0042D054 . 8B85 BCFEFFFF MOV EAX,DWORD PTR SS:[EBP-144]
0042D05A . 50 PUSH EAX
0042D05B . E8 F1110500 CALL WaGan.0047E251
0042D060 . 83C4 14 ADD ESP,14
0042D063 . 6A 00 PUSH 0
0042D065 . 68 00010000 PUSH 100
0042D06A . 68 00020000 PUSH 200
0042D06F . 8B8D ACFEFFFF MOV ECX,DWORD PTR SS:[EBP-154]
0042D075 . 83E9 10 SUB ECX,10
0042D078 . 51 PUSH ECX
0042D079 . 8B95 B0FEFFFF MOV EDX,DWORD PTR SS:[EBP-150]
0042D07F . 52 PUSH EDX
0042D080 . B9 30694B00 MOV ECX,WaGan.004B6930
0042D085 . E8 54710A00 CALL WaGan.004D41DE
0042D08A . 90 NOP
0042D08B . 90 NOP
0042D08C . 90 NOP
0042D08D . 90 NOP
0042D08E . 90 NOP
0042D08F . 90 NOP
0042D090 . 90 NOP
0042D091 . 90 NOP
0042D092 . 83BD A8FEFFFF 00 CMP DWORD PTR SS:[EBP-158],0 ; 0表示人物未在战场上
0042D099 . 0F84 04010000 JE WaGan.0042D1A3
0042D09F . 8B85 E4FEFFFF MOV EAX,DWORD PTR SS:[EBP-11C]
0042D0A5 . 25 FF000000 AND EAX,0FF
0042D0AA . 8985 90FDFFFF MOV DWORD PTR SS:[EBP-270],EAX
0042D0B0 . 83BD 90FDFFFF 03 CMP DWORD PTR SS:[EBP-270],3
0042D0B7 . 0F87 C5000000 JA WaGan.0042D182
0042D0BD . 8B8D 90FDFFFF MOV ECX,DWORD PTR SS:[EBP-270]
0042D0C3 . FF248D D1D54200 JMP DWORD PTR DS:[ECX*4+42D5D1]
0042D0CA > 68 00010000 PUSH 100 ; /Arg3 = 00000100
0042D0CF . 8D95 F8FEFFFF LEA EDX,DWORD PTR SS:[EBP-108] ; |
0042D0D5 . 52 PUSH EDX ; |Arg2
0042D0D6 . 6A 04 PUSH 4 ; |/Arg3 = 00000004
0042D0D8 . 6A 00 PUSH 0 ; ||Arg2 = 00000000
0042D0DA . 68 C0970100 PUSH 197C0 ; ||Arg1 = 000197C0
0042D0DF . B9 50EB4A00 MOV ECX,WaGan.004AEB50 ; ||
0042D0E4 . E8 57290500 CALL WaGan.0047FA40 ; |\WaGan.0047FA40
0042D0E9 . 50 PUSH EAX ; |Arg1
0042D0EA . E8 0E2C0500 CALL WaGan.0047FCFD ; \WaGan.0047FCFD
0042D0EF . 83C4 0C ADD ESP,0C
0042D0F2 . 6A 10 PUSH 10 ; /Arg3 = 00000010
0042D0F4 . 6A 10 PUSH 10 ; |Arg2 = 00000010
0042D0F6 . 8D85 F8FEFFFF LEA EAX,DWORD PTR SS:[EBP-108] ; |
0042D0FC . 50 PUSH EAX ; |Arg1
0042D0FD . E8 5A1CFFFF CALL WaGan.0041ED5C ; \WaGan.0041ED5C
0042D102 . 83C4 0C ADD ESP,0C
0042D105 . EB 7B JMP SHORT WaGan.0042D182
0042D107 > 68 00010000 PUSH 100 ; /Arg3 = 00000100
0042D10C . 8D8D F8FEFFFF LEA ECX,DWORD PTR SS:[EBP-108] ; |
0042D112 . 51 PUSH ECX ; |Arg2
0042D113 . 6A 04 PUSH 4 ; |/Arg3 = 00000004
0042D115 . 6A 00 PUSH 0 ; ||Arg2 = 00000000
0042D117 . 68 C0970100 PUSH 197C0 ; ||Arg1 = 000197C0
0042D11C . B9 50EB4A00 MOV ECX,WaGan.004AEB50 ; ||
0042D121 . E8 1A290500 CALL WaGan.0047FA40 ; |\WaGan.0047FA40
0042D126 . 50 PUSH EAX ; |Arg1
0042D127 . E8 D12B0500 CALL WaGan.0047FCFD ; \WaGan.0047FCFD
0042D12C . 83C4 0C ADD ESP,0C
0042D12F . EB 51 JMP SHORT WaGan.0042D182
0042D131 > 68 00010000 PUSH 100 ; /Arg3 = 00000100
0042D136 . 8D95 F8FEFFFF LEA EDX,DWORD PTR SS:[EBP-108] ; |
0042D13C . 52 PUSH EDX ; |Arg2
0042D13D . 6A 04 PUSH 4 ; |/Arg3 = 00000004
0042D13F . 6A 00 PUSH 0 ; ||Arg2 = 00000000
0042D141 . 68 C0960100 PUSH 196C0 ; ||Arg1 = 000196C0
0042D146 . B9 50EB4A00 MOV ECX,WaGan.004AEB50 ; ||
0042D14B . E8 F0280500 CALL WaGan.0047FA40 ; |\WaGan.0047FA40
0042D150 . 50 PUSH EAX ; |Arg1
0042D151 . E8 A72B0500 CALL WaGan.0047FCFD ; \WaGan.0047FCFD
0042D156 . 83C4 0C ADD ESP,0C
0042D159 . EB 27 JMP SHORT WaGan.0042D182
0042D15B > 8D85 F8FEFFFF LEA EAX,DWORD PTR SS:[EBP-108]
0042D161 . 50 PUSH EAX ; /Arg4
0042D162 . 6A 04 PUSH 4 ; |/Arg3 = 00000004
0042D164 . 6A 00 PUSH 0 ; ||Arg2 = 00000000
0042D166 . 68 C0960100 PUSH 196C0 ; ||Arg1 = 000196C0
0042D16B . B9 50EB4A00 MOV ECX,WaGan.004AEB50 ; ||
0042D170 . E8 CB280500 CALL WaGan.0047FA40 ; |\WaGan.0047FA40
0042D175 . 50 PUSH EAX ; |Arg3
0042D176 . 6A 10 PUSH 10 ; |Arg2 = 00000010
0042D178 . 6A 10 PUSH 10 ; |Arg1 = 00000010
0042D17A . E8 D41CFFFF CALL WaGan.0041EE53 ; \WaGan.0041EE53
0042D17F . 83C4 10 ADD ESP,10
0042D182 > C605 06F34C00 01 MOV BYTE PTR DS:[4CF306],1
0042D189 . 68 ECF24C00 PUSH WaGan.004CF2EC
0042D18E . FF35 F4F24C00 PUSH DWORD PTR DS:[4CF2F4] ; Mark.00C20000
0042D194 . 6A 05 PUSH 5
0042D196 . E8 A96F0A00 CALL WaGan.004D4144
0042D19B . 90 NOP
作者:
岱瀛 时间: 2007-12-30 21:12 标题: 作用对象确认函数
因为作用对象确认函数(共14处,1处攻击,6处道具,剩余的7处应该是策略)
423165,423f03的时候 参数是02
四个参数
一个Ecx值
(43DB0E)攻击的时候:四个参数是:0FF,01,攻击范围,武将ECX; Ecx==004B4250
(六个地方:)
道具的时候:四个参数是:??,04,?????,武将 ECX; Ecx==004B4250
(4237B4小补给,423165灼热,)
策略的时候:四个参数是:??,03,?????, 武将 ECX Ecx==004B4250
参数:
+14:
+10:01是攻击,02是攻击性策略(对敌),03是恢复性策略(对我),04是道具(对我)
+C: 攻击范围
+8: Ecx, CL是战场形象编号
局部变量:
6个
-4 1表示是使用道具或者恢复性策略,0表示攻击性
-8 1表示循环中,选择确定上则变成0,退出消息循环
-C
-10
-14 0FF
-18 放的是4B250
0045533D /$ 55 PUSH EBP
0045533E |. 8BEC MOV EBP,ESP
00455340 |. 83EC 18 SUB ESP,18
00455343 |. 56 PUSH ESI
00455344 |. 894D E8 MOV DWORD PTR SS:[EBP-18],ECX
00455347 |. C745 F8 01000>MOV DWORD PTR SS:[EBP-8],1
0045534E |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
00455355 |. C645 EC FF MOV BYTE PTR SS:[EBP-14],0FF
00455359 |. 8D4D F4 LEA ECX,DWORD PTR SS:[EBP-C]
0045535C |. E8 AFA30000 CALL 复件_Ekd.0045F710
00455361 |. 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
00455364 |. E8 A7A30000 CALL 复件_Ekd.0045F710
00455369 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0045536C |. 81E1 FF000000 AND ECX,0FF
00455372 |. 6BC9 24 IMUL ECX,ECX,24
00455375 |. 81C1 502C4B00 ADD ECX,复件_Ekd.004B2C50
0045537B |. E8 5007FDFF CALL 复件_Ekd.00425AD0
00455380 |. 25 FF000000 AND EAX,0FF
00455385 |. 83F8 07 CMP EAX,7
00455388 |. 74 18 JE SHORT 复件_Ekd.004553A2
0045538A |. 33C0 XOR EAX,EAX
0045538C |. A0 30424B00 MOV AL,BYTE PTR DS:[4B4230]
00455391 |. 83E0 04 AND EAX,4
00455394 |. 85C0 TEST EAX,EAX
00455396 |. 75 0A JNZ SHORT 复件_Ekd.004553A2
00455398 |. A0 282C4B00 MOV AL,BYTE PTR DS:[4B2C28]
0045539D |. E9 70030000 JMP 复件_Ekd.00455712 退出,
004553A2 |> 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+10]
004553A5 |. 81E1 FF000000 AND ECX,0FF
004553AB |. 83F9 03 CMP ECX,3 判断是否是使用恢复性策略
004553AE |. 74 0E JE SHORT 复件_Ekd.004553BE
004553B0 |. 8B55 10 MOV EDX,DWORD PTR SS:[EBP+10]
004553B3 |. 81E2 FF000000 AND EDX,0FF
004553B9 |. 83FA 04 CMP EDX,4 判断是否是使用道具
004553BC |. 75 07 JNZ SHORT 复件_Ekd.004553C5
004553BE |> C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
004553C5 |> 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
004553C8 |. 81E1 FF000000 AND ECX,0FF
004553CE |. 6BC9 24 IMUL ECX,ECX,24
004553D1 |. 81C1 502C4B00 ADD ECX,复件_Ekd.004B2C50 这个是武将的Ecx值
004553D7 |. E8 84DFFAFF CALL 复件_Ekd.00403360 武将Ecx值+6
004553DC |. 50 PUSH EAX ; /Arg1
004553DD |. 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10] ; |
004553E0 |. E8 BB11FBFF CALL 复件_Ekd.004065A0 ; \复件_Ekd.004065A0 对EBP-10赋值,ECX武将在战场上的坐标位置
004553E5 |. 68 FF000000 PUSH 0FF ; /Arg3 = 000000FF
004553EA |. 68 40060000 PUSH 640 ; |Arg2 = 00000640
004553EF |. 6A 04 PUSH 4 ; |/Arg3 = 00000004
004553F1 |. 6A 00 PUSH 0 ; ||Arg2 = 00000000
004553F3 |. 68 C0120000 PUSH 12C0 ; ||Arg1 = 000012C0
004553F8 |. B9 38EB4A00 MOV ECX,复件_Ekd.004AEB38 ; ||
004553FD |. E8 3EA60200 CALL 复件_Ekd.0047FA40 ; |\复件_Ekd.0047FA40 取了一个鸟值
00455402 |. 50 PUSH EAX ; |Arg1
00455403 |. E8 0BA90200 CALL 复件_Ekd.0047FD13 ; \复件_Ekd.0047FD13
00455408 |. 83C4 0C ADD ESP,0C
0045540B |. 6A 00 PUSH 0 ; /Arg4 = 00000000
0045540D |. 33C0 XOR EAX,EAX ; |
0045540F |. 837D FC 00 CMP DWORD PTR SS:[EBP-4],0 ; |
00455413 |. 0F95C0 SETNE AL ; |
00455416 |. 50 PUSH EAX ; |Arg3 攻击性还是辅助性
00455417 |. 8A4D 0C MOV CL,BYTE PTR SS:[EBP+C] ; |
0045541A |. 51 PUSH ECX ; |Arg2 攻击范围
0045541B |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10] ; |
0045541E |. 52 PUSH EDX ; |Arg1 武将左标位置
0045541F |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
00455422 |. 81E1 FF000000 AND ECX,0FF ; |
00455428 |. 6BC9 24 IMUL ECX,ECX,24 ; |
0045542B |. 81C1 502C4B00 ADD ECX,复件_Ekd.004B2C50 ; |
00455431 |. E8 5011FEFF CALL 复件_Ekd.00436586 ; \复件_Ekd.00436586
00455436 |. 8845 EC MOV BYTE PTR SS:[EBP-14],AL 计算范围内适合的部队
00455439 |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C] 攻击范围
0045543C |. 25 FF000000 AND EAX,0FF
00455441 |. 3D FF000000 CMP EAX,0FF
00455446 |. 74 17 JE SHORT 复件_Ekd.0045545F 如果是0FF,不计算,直接显示
00455448 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0045544B |. 51 PUSH ECX ; /Arg3 攻击性或者辅助性
0045544C |. 8A55 0C MOV DL,BYTE PTR SS:[EBP+C] ; |
0045544F |. 52 PUSH EDX ; |Arg2 攻击范围
00455450 |. 66:8B45 F0 MOV AX,WORD PTR SS:[EBP-10] ; |
00455454 |. 50 PUSH EAX ; |Arg1
00455455 |. B9 50424B00 MOV ECX,复件_Ekd.004B4250 ; |
0045545A |. E8 7DE5FFFF CALL 复件_Ekd.004539DC ; \复件_Ekd.004539DC
0045545F |> 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
00455462 |. E8 ACE6FFFF CALL 复件_Ekd.00453B13 显示攻击范围
00455467 |. 8A4D 08 MOV CL,BYTE PTR SS:[EBP+8]
0045546A |. 880D D85D4B00 MOV BYTE PTR DS:[4B5DD8],CL
00455470 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] //攻击范围内是否有合适的部队
00455473 |. 81E2 FF000000 AND EDX,0FF
00455479 |. 81FA FF000000 CMP EDX,0FF
0045547F |. 75 2D JNZ SHORT 复件_Ekd.004554AE 不等于FF,表示范围内有适合的部队
00455481 |. 837D FC 00 CMP DWORD PTR SS:[EBP-4],0 攻击性
00455485 |. 74 11 JE SHORT 复件_Ekd.00455498
00455487 |. 68 FCE24800 PUSH 复件_Ekd.0048E2FC ; /Arg2 = 0048E2FC 范围内没有我军部队
0045548C |. 6A 02 PUSH 2 ; |Arg1 = 00000002
0045548E |. E8 06A2FDFF CALL 复件_Ekd.0042F699 ; \复件_Ekd.0042F699 显示信息
00455493 |. 83C4 08 ADD ESP,8
00455496 |. EB 0F JMP SHORT 复件_Ekd.004554A7
00455498 |> 68 14E34800 PUSH 复件_Ekd.0048E314 ; /Arg2 = 0048E314 范围内没有敌军部队
0045549D |. 6A 02 PUSH 2 ; |Arg1 = 00000002
0045549F |. E8 F5A1FDFF CALL 复件_Ekd.0042F699 ; \复件_Ekd.0042F699 显示信息
004554A4 |. 83C4 08 ADD ESP,8
004554A7 |> C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0 //退出循环
004554AE |> 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
004554B1 |. 25 FF000000 AND EAX,0FF
004554B6 |. 83F8 01 CMP EAX,1 等于1是攻击进入的
004554B9 |. 75 1F JNZ SHORT 复件_Ekd.004554DA
004554BB |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
004554BE |. 81E1 FF000000 AND ECX,0FF
004554C4 |. 6BC9 24 IMUL ECX,ECX,24
004554C7 |. 81C1 502C4B00 ADD ECX,复件_Ekd.004B2C50
004554CD |. E8 45A4FEFF CALL 复件_Ekd.0043F917
004554D2 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004554D5 |. 8841 61 MOV BYTE PTR DS:[ECX+61],AL
004554D8 |. EB 38 JMP SHORT 复件_Ekd.00455512 攻击进入消息循环监听
004554DA |> 8B55 10 MOV EDX,DWORD PTR SS:[EBP+10]
004554DD |. 81E2 FF000000 AND EDX,0FF
004554E3 |. 83FA 02 CMP EDX,2
004554E6 |. 74 0D JE SHORT 复件_Ekd.004554F5 等于2
004554E8 |. 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
004554EB |. 25 FF000000 AND EAX,0FF
004554F0 |. 83F8 03 CMP EAX,3
004554F3 |. 75 1D JNZ SHORT 复件_Ekd.00455512 进入消息循环监听 (不等于2,又不等于3则进入)
004554F5 |> 8B4D 14 MOV ECX,DWORD PTR SS:[EBP+14]
004554F8 |. 81E1 FF000000 AND ECX,0FF
004554FE |. 6BC9 46 IMUL ECX,ECX,46
00455501 |. 81C1 C0F44A00 ADD ECX,复件_Ekd.004AF4C0
00455507 |. E8 4406FDFF CALL 复件_Ekd.00425B50
0045550C |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
0045550F |. 8841 61 MOV BYTE PTR DS:[ECX+61],AL
00455512 |> 837D F8 00 /CMP DWORD PTR SS:[EBP-8],0
00455516 |. 0F84 8B010000 |JE 复件_Ekd.004556A7
0045551C |. 8A55 14 |MOV DL,BYTE PTR SS:[EBP+14]
0045551F |. 52 |PUSH EDX ; /Arg2
00455520 |. 8A45 10 |MOV AL,BYTE PTR SS:[EBP+10] ; |
00455523 |. 50 |PUSH EAX ; |Arg1
00455524 |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18] ; |
00455527 |. E8 7DECFFFF |CALL 复件_Ekd.004541A9 ; \复件_Ekd.004541A9 鼠标监听
0045552C |. 50 |PUSH EAX ; /Arg1
0045552D |. 8D4D F4 |LEA ECX,DWORD PTR SS:[EBP-C] ; |
00455530 |. E8 6B10FBFF |CALL 复件_Ekd.004065A0 ; \复件_Ekd.004065A0
00455535 |. E8 8A950200 |CALL 复件_Ekd.0047EAC4
0045553A |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
0045553D |. 81E1 FF000000 |AND ECX,0FF
00455543 |. 81F9 FF000000 |CMP ECX,0FF
00455549 |. 75 10 |JNZ SHORT 复件_Ekd.0045555B
0045554B |. C745 F8 00000>|MOV DWORD PTR SS:[EBP-8],0 退出循环,标为false
00455552 |. C645 EC FF |MOV BYTE PTR SS:[EBP-14],0FF
00455556 |. E9 4C010000 |JMP 复件_Ekd.004556A7 点了取消退出
0045555B |> 6A 04 |PUSH 4 ; /Arg3 = 00000004
0045555D |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0045555F |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C] ; |
00455562 |. 81E2 FF000000 |AND EDX,0FF ; |
00455568 |. 8B45 F5 |MOV EAX,DWORD PTR SS:[EBP-B] ; |
0045556B |. 25 FF000000 |AND EAX,0FF ; |
00455570 |. 33C9 |XOR ECX,ECX ; |
00455572 |. 8A0D 2C424B00 |MOV CL,BYTE PTR DS:[4B422C] ; |
00455578 |. 0FAFC1 |IMUL EAX,ECX ; |
0045557B |. 8D9402 C01200>|LEA EDX,DWORD PTR DS:[EDX+EAX+1>; |
00455582 |. 52 |PUSH EDX ; |Arg1
00455583 |. B9 38EB4A00 |MOV ECX,复件_Ekd.004AEB38 ; |
00455588 |. E8 B3A40200 |CALL 复件_Ekd.0047FA40 ; \复件_Ekd.0047FA40
0045558D |. 33C9 |XOR ECX,ECX
0045558F |. 8A08 |MOV CL,BYTE PTR DS:[EAX]
00455591 |. 81F9 FF000000 |CMP ECX,0FF
00455597 |. 0F84 E8000000 |JE 复件_Ekd.00455685 不在范围内
0045559D |. 8D55 F4 |LEA EDX,DWORD PTR SS:[EBP-C]
004555A0 |. 52 |PUSH EDX ; /Arg1
004555A1 |. E8 DE02FEFF |CALL 复件_Ekd.00435884 ; \复件_Ekd.00435884
004555A6 |. 83C4 04 |ADD ESP,4
004555A9 |. 8845 EC |MOV BYTE PTR SS:[EBP-14],AL
004555AC |. 8B45 EC |MOV EAX,DWORD PTR SS:[EBP-14]
004555AF |. 25 FF000000 |AND EAX,0FF
004555B4 |. 3D FF000000 |CMP EAX,0FF
004555B9 |. 0F84 C4000000 |JE 复件_Ekd.00455683
004555BF |. 837D FC 00 |CMP DWORD PTR SS:[EBP-4],0
004555C3 |. 74 60 |JE SHORT 复件_Ekd.00455625 攻击性的判断
004555C5 |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8]
004555C8 |. 81E1 FF000000 |AND ECX,0FF
004555CE |. 6BC9 24 |IMUL ECX,ECX,24
004555D1 |. 81C1 502C4B00 |ADD ECX,复件_Ekd.004B2C50
004555D7 |. E8 3411FBFF |CALL 复件_Ekd.00406710
004555DC |. 8BF0 |MOV ESI,EAX
004555DE |. 8B4D EC |MOV ECX,DWORD PTR SS:[EBP-14]
004555E1 |. 81E1 FF000000 |AND ECX,0FF
004555E7 |. 6BC9 24 |IMUL ECX,ECX,24
004555EA |. 81C1 502C4B00 |ADD ECX,复件_Ekd.004B2C50
004555F0 |. E8 1B11FBFF |CALL 复件_Ekd.00406710
004555F5 |. 3BF0 |CMP ESI,EAX
004555F7 |. 74 23 |JE SHORT 复件_Ekd.0045561C
004555F9 |. 6A 01 |PUSH 1 ; /Arg2 = 00000001
004555FB |. 6A 02 |PUSH 2 ; |Arg1 = 00000002
004555FD |. B9 B0694B00 |MOV ECX,复件_Ekd.004B69B0 ; |
00455602 |. E8 73F00100 |CALL 复件_Ekd.0047467A ; \复件_Ekd.0047467A
00455607 |. 68 2CE34800 |PUSH 复件_Ekd.0048E32C ; /Arg2 = 0048E32C 这是敌军部队
0045560C |. 6A 02 |PUSH 2 ; |Arg1 = 00000002
0045560E |. E8 86A0FDFF |CALL 复件_Ekd.0042F699 ; \复件_Ekd.0042F699 显示提示信息
00455613 |. 83C4 08 |ADD ESP,8
00455616 |. C645 EC FF |MOV BYTE PTR SS:[EBP-14],0FF
0045561A |. EB 07 |JMP SHORT 复件_Ekd.00455623
0045561C |> C745 F8 00000>|MOV DWORD PTR SS:[EBP-8],0 退出循环,标为false
00455623 |> EB 5E |JMP SHORT 复件_Ekd.00455683
00455625 |> 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8]
00455628 |. 81E1 FF000000 |AND ECX,0FF
0045562E |. 6BC9 24 |IMUL ECX,ECX,24
00455631 |. 81C1 502C4B00 |ADD ECX,复件_Ekd.004B2C50
00455637 |. E8 D410FBFF |CALL 复件_Ekd.00406710
0045563C |. 8BF0 |MOV ESI,EAX
0045563E |. 8B4D EC |MOV ECX,DWORD PTR SS:[EBP-14]
00455641 |. 81E1 FF000000 |AND ECX,0FF
00455647 |. 6BC9 24 |IMUL ECX,ECX,24
0045564A |. 81C1 502C4B00 |ADD ECX,复件_Ekd.004B2C50
00455650 |. E8 BB10FBFF |CALL 复件_Ekd.00406710
00455655 |. 3BF0 |CMP ESI,EAX
00455657 |. 75 23 |JNZ SHORT 复件_Ekd.0045567C
00455659 |. 6A 01 |PUSH 1 ; /Arg2 = 00000001
0045565B |. 6A 02 |PUSH 2 ; |Arg1 = 00000002
0045565D |. B9 B0694B00 |MOV ECX,复件_Ekd.004B69B0 ; |
00455662 |. E8 13F00100 |CALL 复件_Ekd.0047467A ; \复件_Ekd.0047467A
00455667 |. 68 3CE34800 |PUSH 复件_Ekd.0048E33C ; /Arg2 = 0048E33C 不能攻击我军部队
0045566C |. 6A 02 |PUSH 2 ; |Arg1 = 00000002
0045566E |. E8 26A0FDFF |CALL 复件_Ekd.0042F699 ; \复件_Ekd.0042F699 显示提示信息
00455673 |. 83C4 08 |ADD ESP,8
00455676 |. C645 EC FF |MOV BYTE PTR SS:[EBP-14],0FF
0045567A |. EB 07 |JMP SHORT 复件_Ekd.00455683
0045567C |> C745 F8 00000>|MOV DWORD PTR SS:[EBP-8],0 退出循环,标为false
00455683 |> EB 1D |JMP SHORT 复件_Ekd.004556A2
00455685 |> 6A 01 |PUSH 1 ; /Arg2 = 00000001
00455687 |. 6A 02 |PUSH 2 ; |Arg1 = 00000002
00455689 |. B9 B0694B00 |MOV ECX,复件_Ekd.004B69B0 ; |
0045568E |. E8 E7EF0100 |CALL 复件_Ekd.0047467A ; \复件_Ekd.0047467A
00455693 |. 68 50E34800 |PUSH 复件_Ekd.0048E350 ; /Arg2 = 0048E350 不在范围内
00455698 |. 6A 02 |PUSH 2 ; |Arg1 = 00000002
0045569A |. E8 FA9FFDFF |CALL 复件_Ekd.0042F699 ; \复件_Ekd.0042F699 显示提示信息
0045569F |. 83C4 08 |ADD ESP,8
004556A2 |>^ E9 6BFEFFFF \JMP 复件_Ekd.00455512
004556A7 |> 6A 00 PUSH 0 ; /Arg3 = 00000000
004556A9 |. 68 FF000000 PUSH 0FF ; |Arg2 = 000000FF
004556AE |. 66:8B4D F0 MOV CX,WORD PTR SS:[EBP-10] ; |
004556B2 |. 51 PUSH ECX ; |Arg1
004556B3 |. B9 50424B00 MOV ECX,复件_Ekd.004B4250 ; |
004556B8 |. E8 1FE3FFFF CALL 复件_Ekd.004539DC ; \复件_Ekd.004539DC
004556BD |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004556C0 |. E8 57EFFFFF CALL 复件_Ekd.0045461C
004556C5 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004556C8 |. E8 46E4FFFF CALL 复件_Ekd.00453B13
004556CD |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
004556D0 |. 81E2 FF000000 AND EDX,0FF
004556D6 |. 81FA FF000000 CMP EDX,0FF
004556DC |. 75 13 JNZ SHORT 复件_Ekd.004556F1
004556DE |. 6A 01 PUSH 1 ; /Arg2 = 00000001
004556E0 |. 6A 01 PUSH 1 ; |Arg1 = 00000001
004556E2 |. B9 B0694B00 MOV ECX,复件_Ekd.004B69B0 ; |
004556E7 |. E8 8EEF0100 CALL 复件_Ekd.0047467A ; \复件_Ekd.0047467A
004556EC |. E8 0F6FFDFF CALL 复件_Ekd.0042C600
004556F1 |> 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004556F4 |. C640 61 00 MOV BYTE PTR DS:[EAX+61],0
004556F8 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004556FB |. C781 781B0000>MOV DWORD PTR DS:[ECX+1B78],0
00455705 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
00455707 |. E8 0F61FDFF CALL 复件_Ekd.0042B81B ; \复件_Ekd.0042B81B
0045570C |. 83C4 04 ADD ESP,4
0045570F |. 8A45 EC MOV AL,BYTE PTR SS:[EBP-14]
00455712 |> 5E POP ESI
00455713 |. 8BE5 MOV ESP,EBP
00455715 |. 5D POP EBP
00455716 \. C2 1000 RETN 10
监听循环
+C 如果是道具,则有道具序号
+8 04表示道具
ecx: 4b250
004541A9 /$ 55 PUSH EBP
004541AA |. 8BEC MOV EBP,ESP
004541AC |. 83EC 20 SUB ESP,20
004541AF |. 56 PUSH ESI
004541B0 |. 894D E8 MOV DWORD PTR SS:[EBP-18],ECX 4b250
004541B3 |. 33C0 XOR EAX,EAX
004541B5 |. A0 40424B00 MOV AL,BYTE PTR DS:[4B4240]
004541BA |. 83E0 01 AND EAX,1
004541BD |. 85C0 TEST EAX,EAX
004541BF |. 75 26 JNZ SHORT WaGan1.004541E7
004541C1 |. 8A0D 40424B0>MOV CL,BYTE PTR DS:[4B4240]
004541C7 |. 80C9 01 OR CL,1
004541CA |. 880D 40424B0>MOV BYTE PTR DS:[4B4240],CL
004541D0 |. B9 44424B00 MOV ECX,WaGan1.004B4244
004541D5 |. E8 36B50000 CALL WaGan1.0045F710
004541DA |. 68 CE444500 PUSH WaGan1.004544CE
004541DF |. E8 1CCF0200 CALL WaGan1.00481100
004541E4 |. 83C4 04 ADD ESP,4
004541E7 |> C645 FC FF MOV BYTE PTR SS:[EBP-4],0FF
004541EB |. C645 F0 FF MOV BYTE PTR SS:[EBP-10],0FF
004541EF |. C745 F4 0100>MOV DWORD PTR SS:[EBP-C],1
004541F6 |. C745 F8 0000>MOV DWORD PTR SS:[EBP-8],0
004541FD |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
00454200 |. E8 2DFCFFFF CALL WaGan1.00453E32
00454205 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
00454208 |. E8 9BFCFFFF CALL WaGan1.00453EA8
0045420D |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
00454210 |. E8 EEFDFFFF CALL WaGan1.00454003
00454215 |. 50 PUSH EAX ; /Arg1
00454216 |. B9 44424B00 MOV ECX,WaGan1.004B4244 ; |
0045421B |. E8 8023FBFF CALL WaGan1.004065A0 ; \WaGan1.004065A0
00454220 |. 68 44424B00 PUSH WaGan1.004B4244 ; /Arg1 = 004B4244
00454225 |. E8 5A16FEFF CALL WaGan1.00435884 ; \WaGan1.00435884
0045422A |. 83C4 04 ADD ESP,4
0045422D |. 8845 F0 MOV BYTE PTR SS:[EBP-10],AL
00454230 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
00454233 |. 81E2 FF00000>AND EDX,0FF
00454239 |. 85D2 TEST EDX,EDX
0045423B |. 75 08 JNZ SHORT WaGan1.00454245
0045423D |. 8A45 F0 MOV AL,BYTE PTR SS:[EBP-10]
00454240 |. 8845 E7 MOV BYTE PTR SS:[EBP-19],AL
00454243 |. EB 04 JMP SHORT WaGan1.00454249
00454245 |> C645 E7 FF MOV BYTE PTR SS:[EBP-19],0FF
00454249 |> 8A4D E7 MOV CL,BYTE PTR SS:[EBP-19]
0045424C |. 884D FC MOV BYTE PTR SS:[EBP-4],CL
0045424F |. 6A 00 PUSH 0 ; /lParam = 0
00454251 |. 6A 00 PUSH 0 ; |wParam = 0
00454253 |. 68 02020000 PUSH 202 ; |Message = WM_LBUTTONUP
00454258 |. 8B15 686A4B0>MOV EDX,DWORD PTR DS:[4B6A68] ; |
0045425E |. 52 PUSH EDX ; |hWnd => 5D032E
0045425F |. FF15 F462480>CALL DWORD PTR DS:[<&USER32.Send>; \SendMessageA
00454265 |> E8 0183FDFF /CALL WaGan1.0042C56B
0045426A |. 83F8 01 |CMP EAX,1
0045426D |. 75 29 |JNZ SHORT WaGan1.00454298
0045426F |. E8 F782FDFF |CALL WaGan1.0042C56B
00454274 |. 83F8 01 |CMP EAX,1
00454277 |. 75 1F |JNZ SHORT WaGan1.00454298
00454279 |. 33C0 |XOR EAX,EAX
0045427B |. A0 34424B00 |MOV AL,BYTE PTR DS:[4B4234]
00454280 |. 85C0 |TEST EAX,EAX
00454282 |. 75 14 |JNZ SHORT WaGan1.00454298
00454284 |. 33C9 |XOR ECX,ECX
00454286 |. 8A0D 44424B0>|MOV CL,BYTE PTR DS:[4B4244]
0045428C |. 81F9 FF00000>|CMP ECX,0FF
00454292 |. 0F85 1502000>|JNZ WaGan1.004544AD
00454298 |> E8 27A80200 |CALL WaGan1.0047EAC4
0045429D |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18]
004542A0 |. E8 03FCFFFF |CALL WaGan1.00453EA8
004542A5 |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18]
004542A8 |. E8 5C040000 |CALL WaGan1.00454709
004542AD |. 85C0 |TEST EAX,EAX
004542AF |. 75 2A |JNZ SHORT WaGan1.004542DB
004542B1 |. B9 181B4B00 |MOV ECX,WaGan1.004B1B18
004542B6 |. E8 35B5FDFF |CALL WaGan1.0042F7F0
004542BB |. 85C0 |TEST EAX,EAX
004542BD |. 74 1C |JE SHORT WaGan1.004542DB
004542BF |. B9 083D4B00 |MOV ECX,WaGan1.004B3D08
004542C4 |. E8 6724FBFF |CALL WaGan1.00406730
004542C9 |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18]
004542CC |. E8 42F8FFFF |CALL WaGan1.00453B13
004542D1 |. 6A 04 |PUSH 4 ; /Arg1 = 00000004
004542D3 |. E8 F381FDFF |CALL WaGan1.0042C4CB ; \WaGan1.0042C4CB
004542D8 |. 83C4 04 |ADD ESP,4
004542DB |> 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18]
004542DE |. E8 20FDFFFF |CALL WaGan1.00454003
004542E3 |. 50 |PUSH EAX ; /Arg1
004542E4 |. B9 44424B00 |MOV ECX,WaGan1.004B4244 ; |
004542E9 |. E8 B222FBFF |CALL WaGan1.004065A0 ; \WaGan1.004065A0
004542EE |. 68 44424B00 |PUSH WaGan1.004B4244 ; /Arg1 = 004B4244
004542F3 |. E8 8C15FEFF |CALL WaGan1.00435884 ; \WaGan1.00435884
004542F8 |. 83C4 04 |ADD ESP,4
004542FB |. 8845 F0 |MOV BYTE PTR SS:[EBP-10],AL
004542FE |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00454301 |. 81E2 FF00000>|AND EDX,0FF
00454307 |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
0045430A |. 25 FF000000 |AND EAX,0FF
0045430F |. 3BD0 |CMP EDX,EAX
00454311 |. 0F84 7E01000>|JE WaGan1.00454495
00454317 |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18]
0045431A |. E8 13FBFFFF |CALL WaGan1.00453E32
0045431F |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
00454322 |. 81E1 FF00000>|AND ECX,0FF
00454328 |. 81F9 FF00000>|CMP ECX,0FF
0045432E |. 0F84 5B01000>|JE WaGan1.0045448F
00454334 |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
00454337 |. 81E1 FF00000>|AND ECX,0FF
0045433D |. 6BC9 24 |IMUL ECX,ECX,24
00454340 |. 81C1 502C4B0>|ADD ECX,WaGan1.004B2C50
00454346 |. E8 4549FCFF |CALL WaGan1.00418C90
0045434B |. 25 FF000000 |AND EAX,0FF
00454350 |. 83F8 02 |CMP EAX,2
00454353 |. 0F85 3601000>|JNZ WaGan1.0045448F
00454359 |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0045435B |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0045435D |. 33D2 |XOR EDX,EDX ; |
0045435F |. 8A15 44424B0>|MOV DL,BYTE PTR DS:[4B4244] ; |
00454365 |. 33C0 |XOR EAX,EAX ; |
00454367 |. A0 45424B00 |MOV AL,BYTE PTR DS:[4B4245] ; |
0045436C |. 33C9 |XOR ECX,ECX ; |
0045436E |. 8A0D 2C424B0>|MOV CL,BYTE PTR DS:[4B422C] ; |
00454374 |. 0FAFC1 |IMUL EAX,ECX ; |
00454377 |. 8D9402 C0120>|LEA EDX,DWORD PTR DS:[EDX+EAX+1>; |
0045437E |. 52 |PUSH EDX ; |Arg1
0045437F |. B9 38EB4A00 |MOV ECX,WaGan1.004AEB38 ; |
00454384 |. E8 B7B60200 |CALL WaGan1.0047FA40 ; \WaGan1.0047FA40
00454389 |. 33C9 |XOR ECX,ECX
0045438B |. 8A08 |MOV CL,BYTE PTR DS:[EAX]
0045438D |. 81F9 FF00000>|CMP ECX,0FF
00454393 |. 0F84 AE00000>|JE WaGan1.00454447
00454399 |. 8B55 08 |MOV EDX,DWORD PTR SS:[EBP+8]
0045439C |. 81E2 FF00000>|AND EDX,0FF
004543A2 |. 83FA 03 |CMP EDX,3
004543A5 |. 74 16 |JE SHORT WaGan1.004543BD
004543A7 |. 8B45 08 |MOV EAX,DWORD PTR SS:[EBP+8]
004543AA |. 25 FF000000 |AND EAX,0FF
004543AF |. 83F8 04 |CMP EAX,4 表示道具
004543B2 |. 74 09 |JE SHORT WaGan1.004543BD
004543B4 |. C745 E0 0000>|MOV DWORD PTR SS:[EBP-20],0
004543BB |. EB 07 |JMP SHORT WaGan1.004543C4
004543BD |> C745 E0 0100>|MOV DWORD PTR SS:[EBP-20],1
004543C4 |> 8B4D E0 |MOV ECX,DWORD PTR SS:[EBP-20]
004543C7 |. 894D EC |MOV DWORD PTR SS:[EBP-14],ECX
004543CA |. 33D2 |XOR EDX,EDX
004543CC |. 8A15 D85D4B0>|MOV DL,BYTE PTR DS:[4B5DD8]
004543D2 |. 8BCA |MOV ECX,EDX
004543D4 |. 6BC9 24 |IMUL ECX,ECX,24
004543D7 |. 81C1 502C4B0>|ADD ECX,WaGan1.004B2C50
004543DD |. E8 2E23FBFF |CALL WaGan1.00406710
004543E2 |. 8BF0 |MOV ESI,EAX
004543E4 |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
004543E7 |. 81E1 FF00000>|AND ECX,0FF
004543ED |. 6BC9 24 |IMUL ECX,ECX,24
004543F0 |. 81C1 502C4B0>|ADD ECX,WaGan1.004B2C50
004543F6 |. E8 1523FBFF |CALL WaGan1.00406710
004543FB |. 33C9 |XOR ECX,ECX
004543FD |. 3BF0 |CMP ESI,EAX
004543FF |. 0F94C1 |SETE CL
00454402 |. 394D EC |CMP DWORD PTR SS:[EBP-14],ECX
00454405 |. 75 27 |JNZ SHORT WaGan1.0045442E
00454407 |. 8A55 0C |MOV DL,BYTE PTR SS:[EBP+C]
0045440A |. 52 |PUSH EDX ; /Arg3
0045440B |. A0 D85D4B00 |MOV AL,BYTE PTR DS:[4B5DD8] ; |
00454410 |. 50 |PUSH EAX ; |Arg2
00454411 |. 8A4D 08 |MOV CL,BYTE PTR SS:[EBP+8] ; |
00454414 |. 51 |PUSH ECX ; |Arg1
00454415 |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10] ; |
00454418 |. 81E1 FF00000>|AND ECX,0FF ; |
0045441E |. 6BC9 24 |IMUL ECX,ECX,24 ; |
00454421 |. 81C1 502C4B0>|ADD ECX,WaGan1.004B2C50 ; |
00454427 |. E8 91C0FEFF |CALL WaGan1.004404BD ; \WaGan1.004404BD
0045442C |. EB 17 |JMP SHORT WaGan1.00454445
0045442E |> 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
00454431 |. 81E1 FF00000>|AND ECX,0FF
00454437 |. 6BC9 24 |IMUL ECX,ECX,24
0045443A |. 81C1 502C4B0>|ADD ECX,WaGan1.004B2C50
00454440 |. E8 59C0FEFF |CALL WaGan1.0044049E
00454445 |> EB 17 |JMP SHORT WaGan1.0045445E
00454447 |> 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
0045444A |. 81E1 FF00000>|AND ECX,0FF
00454450 |. 6BC9 24 |IMUL ECX,ECX,24
00454453 |. 81C1 502C4B0>|ADD ECX,WaGan1.004B2C50
00454459 |. E8 40C0FEFF |CALL WaGan1.0044049E
0045445E |> 8B15 08754B0>|MOV EDX,DWORD PTR DS:[4B7508]
00454464 |. 52 |PUSH EDX ; /hWnd => 000A0464 ('武将情报',class='#32770',parent=005D032E)
00454465 |. FF15 C862480>|CALL DWORD PTR DS:[<&USER32.IsW>; \IsWindowVisible
0045446B |. 85C0 |TEST EAX,EAX
0045446D |. 74 20 |JE SHORT WaGan1.0045448F
0045446F |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
00454472 |. 81E1 FF00000>|AND ECX,0FF
00454478 |. 6BC9 24 |IMUL ECX,ECX,24
0045447B |. 81C1 502C4B0>|ADD ECX,WaGan1.004B2C50
00454481 |. E8 EAB10000 |CALL WaGan1.0045F670
00454486 |. 50 |PUSH EAX ; /Arg1
00454487 |. E8 09530200 |CALL WaGan1.00479795 ; \WaGan1.00479795
0045448C |. 83C4 04 |ADD ESP,4
0045448F |> 8A45 F0 |MOV AL,BYTE PTR SS:[EBP-10]
00454492 |. 8845 FC |MOV BYTE PTR SS:[EBP-4],AL
00454495 |> E8 D180FDFF |CALL WaGan1.0042C56B
0045449A |. 83F8 02 |CMP EAX,2
0045449D |. 75 09 |JNZ SHORT WaGan1.004544A8
0045449F |. C745 F4 0000>|MOV DWORD PTR SS:[EBP-C],0
004544A6 |. EB 05 |JMP SHORT WaGan1.004544AD
004544A8 |>^ E9 B8FDFFFF \JMP WaGan1.00454265
004544AD |> 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004544B0 |. E8 7DF9FFFF CALL WaGan1.00453E32
004544B5 |. 837D F4 00 CMP DWORD PTR SS:[EBP-C],0
004544B9 |. 75 07 JNZ SHORT WaGan1.004544C2
004544BB |. C605 44424B0>MOV BYTE PTR DS:[4B4244],0FF
004544C2 |> B8 44424B00 MOV EAX,WaGan1.004B4244
004544C7 |. 5E POP ESI
004544C8 |. 8BE5 MOV ESP,EBP
004544CA |. 5D POP EBP
004544CB \. C2 0800 RETN 8
作者:
岱瀛 时间: 2007-12-30 21:13 标题: 战斗画面研究
传入参数:
Ecx 是 攻击武将的Ecx值
局部变量
[EBP-D8] 保存攻击武将的Ecx值
00405744 /$ 55 PUSH EBP
00405745 |. 8BEC MOV EBP,ESP
00405747 |. 81EC D8000000 SUB ESP,0D8
0040574D |. 898D 28FFFFFF MOV DWORD PTR SS:[EBP-D8],ECX
00405753 |. 8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]
00405759 |. 8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
0040575F |. 8A51 10 MOV DL,BYTE PTR DS:[ECX+10]
00405762 |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
00405765 |. 8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
0040576B |. E8 1FE4FFFF CALL Ekd5.00403B8F ; 里面加载ATK图了
00405770 |. 8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]
00405776 |. 33C9 XOR ECX,ECX
00405778 |. 8A48 01 MOV CL,BYTE PTR DS:[EAX+1]
0040577B |. 6BC9 24 IMUL ECX,ECX,24
0040577E |. 81C1 502C4B00 ADD ECX,Ekd5.004B2C50
00405784 |. E8 978B0300 CALL Ekd5.0043E320 获取攻击武将的朝向(这个时候武将的朝向已经变了,而看到的不一样)
00405789 |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
0040578C |. 8B95 28FFFFFF MOV EDX,DWORD PTR SS:[EBP-D8]
00405792 |. 8A02 MOV AL,BYTE PTR DS:[EDX]
00405794 |. 50 PUSH EAX ; /Arg2
00405795 |. 8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8] ; |
0040579B |. 8A51 01 MOV DL,BYTE PTR DS:[ECX+1] ; |
0040579E |. 52 PUSH EDX ; |Arg1
0040579F |. E8 85000300 CALL Ekd5.00435829 ; \Ekd5.00435829
004057A4 |. 83C4 08 ADD ESP,8
004057A7 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
004057A9 |. 8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8] ; |
004057AF |. E8 D1E5FFFF CALL Ekd5.00403D85 ; \Ekd5.00403D85 里面加载了SPC图
004057B4 |. 8A45 FC MOV AL,BYTE PTR SS:[EBP-4]
004057B7 |. 50 PUSH EAX ; /Arg1
004057B8 |. 8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8] ; |
004057BE |. 33D2 XOR EDX,EDX ; |
004057C0 |. 8A51 01 MOV DL,BYTE PTR DS:[ECX+1] ; |
004057C3 |. 8BCA MOV ECX,EDX ; |
004057C5 |. 6BC9 24 IMUL ECX,ECX,24 ; |
004057C8 |. 81C1 502C4B00 ADD ECX,Ekd5.004B2C50 ; |
004057CE |. E8 9D0E0000 CALL Ekd5.00406670 ; \Ekd5.00406670 设置攻击武将朝向为08栈
004057D3 |. 68 FF000000 PUSH 0FF ; /Arg2 = 000000FF
004057D8 |. 8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8] ; |
004057DE |. 8A48 01 MOV CL,BYTE PTR DS:[EAX+1] ; |
004057E1 |. 51 PUSH ECX ; |Arg1
004057E2 |. E8 42000300 CALL Ekd5.00435829 ; \Ekd5.00435829
004057E7 |. 83C4 08 ADD ESP,8
004057EA |. 8B95 28FFFFFF MOV EDX,DWORD PTR SS:[EBP-D8]
004057F0 |. 8B4A 0C MOV ECX,DWORD PTR DS:[EDX+C]
004057F3 |. E8 68DBFFFF CALL Ekd5.00403360
004057F8 |. 66:8B00 MOV AX,WORD PTR DS:[EAX]
004057FB |. 66:8945 F8 MOV WORD PTR SS:[EBP-8],AX
004057FF |. 8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
00405805 |. 8A51 01 MOV DL,BYTE PTR DS:[ECX+1]
00405808 |. 52 PUSH EDX ; /Arg3
00405809 |. 8A45 F9 MOV AL,BYTE PTR SS:[EBP-7] ; |
0040580C |. 50 PUSH EAX ; |Arg2
0040580D |. 8A4D F8 MOV CL,BYTE PTR SS:[EBP-8] ; |
00405810 |. 51 PUSH ECX ; |Arg1
00405811 |. B9 50424B00 MOV ECX,Ekd5.004B4250 ; |
00405816 |. E8 08F90400 CALL Ekd5.00455123 ; \Ekd5.00455123 重画武将形象,把朝向弄好。
0040581B |. 8B95 28FFFFFF MOV EDX,DWORD PTR SS:[EBP-D8]
00405821 |. 83BA 04060000>CMP DWORD PTR DS:[EDX+604],0 //判断是否发生致命一击
00405828 |. 74 50 JE SHORT Ekd5.0040587A
0040582A |. 6A 19 PUSH 19 ; /Arg1 = 00000019
0040582C |. E8 01A30700 CALL Ekd5.0047FB32 ; \Ekd5.0047FB32 25%概率的事件是否发生
00405831 |. 83C4 04 ADD ESP,4
00405834 |. 85C0 TEST EAX,EAX
00405836 |. 74 42 JE SHORT Ekd5.0040587A //概率没有发生,结束, 发生则说出致命一击的台词
00405838 |. 8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]
0040583E |. 8B48 04 MOV ECX,DWORD PTR DS:[EAX+4]
00405841 |. 51 PUSH ECX ; /Arg2
00405842 |. 8D95 2CFFFFFF LEA EDX,DWORD PTR SS:[EBP-D4] ; |
00405848 |. 52 PUSH EDX ; |Arg1
00405849 |. E8 E1670000 CALL Ekd5.0040C02F ; \Ekd5.0040C02F
0040584E |. 83C4 08 ADD ESP,8
00405851 |. 8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]
00405857 |. 8B48 0C MOV ECX,DWORD PTR DS:[EAX+C]
0040585A |. E8 6AA40300 CALL Ekd5.0043FCC9
0040585F |. 8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
00405865 |. 8B51 04 MOV EDX,DWORD PTR DS:[ECX+4]
00405868 |. 52 PUSH EDX ; /Arg2
00405869 |. 8D85 2CFFFFFF LEA EAX,DWORD PTR SS:[EBP-D4] ; |
0040586F |. 50 PUSH EAX ; |Arg1
00405870 |. B9 F05D4B00 MOV ECX,Ekd5.004B5DF0 ; |
00405875 |. E8 E33D0500 CALL Ekd5.0045965D ; \Ekd5.0045965D
0040587A |> 8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
00405880 |. E8 64ECFFFF CALL Ekd5.004044E9 //画面显示函数
00405885 |. 8BE5 MOV ESP,EBP
00405887 |. 5D POP EBP
00405888 \. C3 RETN
004044E9 /$ 55 PUSH EBP
004044EA |. 8BEC MOV EBP,ESP
004044EC |. B8 38100000 MOV EAX,1038 (另外两处的调用200c 2040)
004044F1 |. E8 6ACC0700 CALL Ekd5.00481160
004044F6 |. 56 PUSH ESI
004044F7 |. 898D CCEFFFFF MOV DWORD PTR SS:[EBP-1034],ECX
004044FD |. 8B85 CCEFFFFF MOV EAX,DWORD PTR SS:[EBP-1034]
00404503 |. 8B48 0C MOV ECX,DWORD PTR DS:[EAX+C]
00404506 |. E8 55EEFFFF CALL Ekd5.00403360
0040450B |. 66:8B08 MOV CX,WORD PTR DS:[EAX]
0040450E |. 66:898D E8EFF>MOV WORD PTR SS:[EBP-1018],CX
00404515 |. 8B95 CCEFFFFF MOV EDX,DWORD PTR SS:[EBP-1034]
0040451B |. 33C0 XOR EAX,EAX
0040451D |. 8A42 01 MOV AL,BYTE PTR DS:[EDX+1]
00404520 |. 8BC8 MOV ECX,EAX
00404522 |. 6BC9 24 IMUL ECX,ECX,24
00404525 |. 81C1 502C4B00 ADD ECX,Ekd5.004B2C50
0040452B |. E8 30EEFFFF CALL Ekd5.00403360
00404530 |. 66:8B08 MOV CX,WORD PTR DS:[EAX]
00404533 |. 66:898D E0EFF>MOV WORD PTR SS:[EBP-1020],CX
0040453A |. 8BB5 E8EFFFFF MOV ESI,DWORD PTR SS:[EBP-1018]
00404540 |. 81E6 FF000000 AND ESI,0FF
00404546 |. B9 50424B00 MOV ECX,Ekd5.004B4250
0040454B |. E8 43D50400 CALL Ekd5.00451A93
00404550 |. 99 CDQ
00404551 |. B9 30000000 MOV ECX,30
00404556 |. F7F9 IDIV ECX
00404558 |. 2BF0 SUB ESI,EAX
0040455A |. 89B5 F4EFFFFF MOV DWORD PTR SS:[EBP-100C],ESI
00404560 |. 8BB5 E9EFFFFF MOV ESI,DWORD PTR SS:[EBP-1017]
00404566 |. 81E6 FF000000 AND ESI,0FF
0040456C |. B9 50424B00 MOV ECX,Ekd5.004B4250
00404571 |. E8 2ED50400 CALL Ekd5.00451AA4
00404576 |. 99 CDQ
00404577 |. B9 30000000 MOV ECX,30
0040457C |. F7F9 IDIV ECX
0040457E |. 2BF0 SUB ESI,EAX
00404580 |. 89B5 ECEFFFFF MOV DWORD PTR SS:[EBP-1014],ESI
00404586 |. 8BB5 E0EFFFFF MOV ESI,DWORD PTR SS:[EBP-1020]
0040458C |. 81E6 FF000000 AND ESI,0FF
00404592 |. B9 50424B00 MOV ECX,Ekd5.004B4250
00404597 |. E8 F7D40400 CALL Ekd5.00451A93
0040459C |. 99 CDQ
0040459D |. B9 30000000 MOV ECX,30
004045A2 |. F7F9 IDIV ECX
004045A4 |. 2BF0 SUB ESI,EAX
004045A6 |. 89B5 F8EFFFFF MOV DWORD PTR SS:[EBP-1008],ESI
004045AC |. 8BB5 E1EFFFFF MOV ESI,DWORD PTR SS:[EBP-101F]
004045B2 |. 81E6 FF000000 AND ESI,0FF
004045B8 |. B9 50424B00 MOV ECX,Ekd5.004B4250
004045BD |. E8 E2D40400 CALL Ekd5.00451AA4
004045C2 |. 99 CDQ
004045C3 |. B9 30000000 MOV ECX,30
004045C8 |. F7F9 IDIV ECX
004045CA |. 2BF0 SUB ESI,EAX
004045CC |. 89B5 FCEFFFFF MOV DWORD PTR SS:[EBP-1004],ESI
004045D2 |. 8B95 F4EFFFFF MOV EDX,DWORD PTR SS:[EBP-100C]
004045D8 |. 6BD2 30 IMUL EDX,EDX,30
004045DB |. 8995 DCEFFFFF MOV DWORD PTR SS:[EBP-1024],EDX
004045E1 |. 8B85 ECEFFFFF MOV EAX,DWORD PTR SS:[EBP-1014]
004045E7 |. 6BC0 30 IMUL EAX,EAX,30
004045EA |. 83C0 38 ADD EAX,38
004045ED |. 8985 D8EFFFFF MOV DWORD PTR SS:[EBP-1028],EAX
004045F3 |. 8B8D F8EFFFFF MOV ECX,DWORD PTR SS:[EBP-1008]
004045F9 |. 6BC9 30 IMUL ECX,ECX,30
004045FC |. 898D D4EFFFFF MOV DWORD PTR SS:[EBP-102C],ECX
00404602 |. 8B95 FCEFFFFF MOV EDX,DWORD PTR SS:[EBP-1004]
00404608 |. 6BD2 30 IMUL EDX,EDX,30
0040460B |. 83C2 38 ADD EDX,38
0040460E |. 8995 D0EFFFFF MOV DWORD PTR SS:[EBP-1030],EDX
00404614 |. C785 F0EFFFFF>MOV DWORD PTR SS:[EBP-1010],0
0040461E |. EB 0F JMP SHORT Ekd5.0040462F
00404620 |> 8B85 F0EFFFFF /MOV EAX,DWORD PTR SS:[EBP-1010]
00404626 |. 83C0 01 |ADD EAX,1
00404629 |. 8985 F0EFFFFF |MOV DWORD PTR SS:[EBP-1010],EAX
0040462F |> 83BD F0EFFFFF> CMP DWORD PTR SS:[EBP-1010],1B
00404636 |. 0F83 C1100000 |JNB Ekd5.004056FD (if (变量>27) goto 结束 )
0040463C |. 8B8D F0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1010]
00404642 |. 898D C8EFFFFF |MOV DWORD PTR SS:[EBP-1038],ECX
00404648 |. 83BD C8EFFFFF>|CMP DWORD PTR SS:[EBP-1038],19
0040464F |. 0F87 92100000 |JA Ekd5.004056E7 (if (变量>25) goto 4056E7循环点)
00404655 |. 8B85 C8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1038]
0040465B |. 33D2 |XOR EDX,EDX
0040465D |. 8A90 2A574000 |MOV DL,BYTE PTR DS:[EAX+40572A]
0040572A . 00 DB 00 ; 分支 00405702 索引表
0040572B . 09 DB 09
0040572C . 01 DB 01
0040572D . 09 DB 09
0040572E . 09 DB 09 //02
0040572F . 09 DB 09
00405730 . 09 DB 09 //03
00405731 . 09 DB 09
00405732 . 02 DB 02 //01
00405733 . 09 DB 09
00405734 . 09 DB 09 //03
00405735 . 09 DB 09
00405736 . 03 DB 03 //04
00405737 . 04 DB 04 //05
00405738 . 05 DB 05 //05
00405739 . 06 DB 06 //06
0040573A . 09 DB 09
0040573B . 07 DB 07
0040573C . 09 DB 09
0040573D . 09 DB 09
0040573E . 09 DB 09
0040573F . 09 DB 09
00405740 . 09 DB 09
00405741 . 09 DB 09
00405742 . 09 DB 09
00405743 . 08 DB 08
00404663 |. FF2495 025740>|JMP DWORD PTR DS:[EDX*4+405702] 跳转的计算
00405702 . \6A464000 DD Ekd5.0040466A ; 分支表 被用于 00404663
00405706 . 08484000 DD Ekd5.00404808
0040570A . 31494000 DD Ekd5.00404931
0040570E . BC4C4000 DD Ekd5.00404CBC
00405712 . 964D4000 DD Ekd5.00404D96
00405716 . FA4F4000 DD Ekd5.00404FFA
0040571A . 2C524000 DD Ekd5.0040522C
0040571E . 5F534000 DD Ekd5.0040535F
00405722 . 4A554000 DD Ekd5.0040554A
00405726 . E7564000 DD Ekd5.004056E7
0040466A |> E8 6C9F0100 |CALL Ekd5.0041E5DB
0040466F |. 8B8D ECEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1014]
00404675 |. 51 |PUSH ECX ; /Arg2
00404676 |. 8B95 F4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-100C] ; |
0040467C |. 52 |PUSH EDX ; |Arg1
0040467D |. E8 77F0FFFF |CALL Ekd5.004036F9 ; \Ekd5.004036F9
00404682 |. 83C4 08 |ADD ESP,8
00404685 |. 8B85 FCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1004]
0040468B |. 50 |PUSH EAX ; /Arg2
0040468C |. 8B8D F8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1008] ; |
00404692 |. 51 |PUSH ECX ; |Arg1
00404693 |. E8 61F0FFFF |CALL Ekd5.004036F9 ; \Ekd5.004036F9
00404698 |. 83C4 08 |ADD ESP,8
0040469B |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0040469D |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0040469F |. 68 00490000 |PUSH 4900 ; |Arg1 = 00004900
004046A4 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
004046A9 |. E8 92B30700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
004046AE |. 50 |PUSH EAX ; /Arg5
004046AF |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
004046B1 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
004046B3 |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
004046B9 |. 83EA 08 |SUB EDX,8 ; |
004046BC |. 52 |PUSH EDX ; |Arg2
004046BD |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
004046C3 |. 83E8 08 |SUB EAX,8 ; |
004046C6 |. 50 |PUSH EAX ; |Arg1
004046C7 |. E8 1AD30400 |CALL Ekd5.004519E6 ; \Ekd5.004519E6
004046CC |. 83C4 14 |ADD ESP,14
004046CF |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
004046D1 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
004046D3 |. 68 00590000 |PUSH 5900 ; |Arg1 = 00005900
004046D8 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
004046DD |. E8 5EB30700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
004046E2 |. 50 |PUSH EAX ; /Arg5
004046E3 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
004046E5 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
004046E7 |. 8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030] ; |
004046ED |. 83E9 08 |SUB ECX,8 ; |
004046F0 |. 51 |PUSH ECX ; |Arg2
004046F1 |. 8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C] ; |
004046F7 |. 83EA 08 |SUB EDX,8 ; |
004046FA |. 52 |PUSH EDX ; |Arg1
004046FB |. E8 E6D20400 |CALL Ekd5.004519E6 ; \Ekd5.004519E6
00404700 |. 83C4 14 |ADD ESP,14
00404703 |. B9 083D4B00 |MOV ECX,Ekd5.004B3D08
00404708 |. E8 23200000 |CALL Ekd5.00406730
0040470D |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
0040470F |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404711 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404713 |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
00404718 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
0040471D |. E8 1EB30700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404722 |. 50 |PUSH EAX ; |Arg5
00404723 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404725 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404727 |. 8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030] ; |
0040472D |. 83E8 08 |SUB EAX,8 ; |
00404730 |. 50 |PUSH EAX ; |Arg2
00404731 |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
00404737 |. 83E9 08 |SUB ECX,8 ; |
0040473A |. 51 |PUSH ECX ; |Arg1
0040473B |. E8 D3D10400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404740 |. 83C4 18 |ADD ESP,18
00404743 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00404745 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404747 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404749 |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
0040474E |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404753 |. E8 E8B20700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404758 |. 50 |PUSH EAX ; |Arg5
00404759 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
0040475B |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
0040475D |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
00404763 |. 83EA 08 |SUB EDX,8 ; |
00404766 |. 52 |PUSH EDX ; |Arg2
00404767 |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
0040476D |. 83E8 08 |SUB EAX,8 ; |
00404770 |. 50 |PUSH EAX ; |Arg1
00404771 |. E8 9DD10400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404776 |. 83C4 18 |ADD ESP,18
00404779 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
0040477F |. 33D2 |XOR EDX,EDX
00404781 |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1]
00404784 |. 52 |PUSH EDX ; /Arg3
00404785 |. 8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030] ; |
0040478B |. 50 |PUSH EAX ; |Arg2
0040478C |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
00404792 |. 51 |PUSH ECX ; |Arg1
00404793 |. E8 87A30300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
00404798 |. 83C4 0C |ADD ESP,0C
0040479B |. 6A 04 |PUSH 4
0040479D |. 6A 00 |PUSH 0
0040479F |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
004047A5 |. 33C0 |XOR EAX,EAX
004047A7 |. 8A02 |MOV AL,BYTE PTR DS:[EDX]
004047A9 |. 8BF0 |MOV ESI,EAX
004047AB |. 69F6 00630000 |IMUL ESI,ESI,6300
004047B1 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004047B7 |. 33D2 |XOR EDX,EDX
004047B9 |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
004047BB |. 52 |PUSH EDX ; /Arg1
004047BC |. E8 549D0300 |CALL Ekd5.0043E515 ; \Ekd5.0043E515
004047C1 |. 83C4 04 |ADD ESP,4
004047C4 |. 83C0 06 |ADD EAX,6 ; |
004047C7 |. 69C0 00090000 |IMUL EAX,EAX,900 ; |
004047CD |. 03F0 |ADD ESI,EAX ; |
004047CF |. 56 |PUSH ESI ; |Arg1
004047D0 |. B9 80AB4A00 |MOV ECX,Ekd5.004AAB80 ; |
004047D5 |. E8 66B20700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
004047DA |. 50 |PUSH EAX ; /Arg6
004047DB |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
004047E1 |. 8A08 |MOV CL,BYTE PTR DS:[EAX] ; |
004047E3 |. 51 |PUSH ECX ; |Arg5
004047E4 |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
004047E6 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
004047E8 |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
004047EE |. 52 |PUSH EDX ; |Arg2
004047EF |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
004047F5 |. 50 |PUSH EAX ; |Arg1
004047F6 |. E8 81CB0400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
004047FB |. 83C4 18 |ADD ESP,18
004047FE |. E8 F39D0100 |CALL Ekd5.0041E5F6
00404803 |. E9 DF0E0000 |JMP Ekd5.004056E7
00404808 |> E8 CE9D0100 |CALL Ekd5.0041E5DB 第一个攻击动作
0040480D |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
0040480F |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404811 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404813 |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
00404818 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
0040481D |. E8 1EB20700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404822 |. 50 |PUSH EAX ; |Arg5
00404823 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404825 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404827 |. 8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030] ; |
0040482D |. 83E9 08 |SUB ECX,8 ; |
00404830 |. 51 |PUSH ECX ; |Arg2
00404831 |. 8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C] ; |
00404837 |. 83EA 08 |SUB EDX,8 ; |
0040483A |. 52 |PUSH EDX ; |Arg1
0040483B |. E8 D3D00400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404840 |. 83C4 18 |ADD ESP,18
00404843 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00404845 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404847 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404849 |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
0040484E |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404853 |. E8 E8B10700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404858 |. 50 |PUSH EAX ; |Arg5
00404859 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
0040485B |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
0040485D |. 8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028] ; |
00404863 |. 83E8 08 |SUB EAX,8 ; |
00404866 |. 50 |PUSH EAX ; |Arg2
00404867 |. 8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024] ; |
0040486D |. 83E9 08 |SUB ECX,8 ; |
00404870 |. 51 |PUSH ECX ; |Arg1
00404871 |. E8 9DD00400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404876 |. 83C4 18 |ADD ESP,18
00404879 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
0040487F |. 33C0 |XOR EAX,EAX
00404881 |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1]
00404884 |. 50 |PUSH EAX ; /Arg3
00404885 |. 8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030] ; |
0040488B |. 51 |PUSH ECX ; |Arg2
0040488C |. 8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C] ; |
00404892 |. 52 |PUSH EDX ; |Arg1
00404893 |. E8 87A20300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
00404898 |. 83C4 0C |ADD ESP,0C
0040489B |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0040489D |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0040489F |. 6A 00 |PUSH 0 ; |Arg1 = 00000000
004048A1 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
004048A6 |. E8 95B10700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
004048AB |. 50 |PUSH EAX ; /Arg6
004048AC |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
004048B2 |. 8A08 |MOV CL,BYTE PTR DS:[EAX] ; |
004048B4 |. 51 |PUSH ECX ; |Arg5
004048B5 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
004048B7 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
004048B9 |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
004048BF |. 83EA 08 |SUB EDX,8 ; |
004048C2 |. 52 |PUSH EDX ; |Arg2
004048C3 |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
004048C9 |. 83E8 08 |SUB EAX,8 ; |
004048CC |. 50 |PUSH EAX ; |Arg1
004048CD |. E8 AACA0400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
004048D2 |. 83C4 18 |ADD ESP,18
004048D5 |. E8 1C9D0100 |CALL Ekd5.0041E5F6 第一个攻击动作
004048DA |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004048E0 |. 8B49 0C |MOV ECX,DWORD PTR DS:[ECX+C]
004048E3 |. E8 3EB70300 |CALL Ekd5.00440026
004048E8 |. 85C0 |TEST EAX,EAX
004048EA |. 74 10 |JE SHORT Ekd5.004048FC
004048EC |. 6A 01 |PUSH 1 ; /Arg2 = 00000001
004048EE |. 6A 22 |PUSH 22 ; |Arg1 = 00000022
004048F0 |. B9 B0694B00 |MOV ECX,Ekd5.004B69B0 ; |
004048F5 |. E8 80FD0600 |CALL Ekd5.0047467A ; \Ekd5.0047467A
004048FA |. EB 30 |JMP SHORT Ekd5.0040492C
004048FC |> 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00404902 |. 8B4A 0C |MOV ECX,DWORD PTR DS:[EDX+C]
00404905 |. E8 FFB60300 |CALL Ekd5.00440009
0040490A |. 85C0 |TEST EAX,EAX
0040490C |. 74 10 |JE SHORT Ekd5.0040491E
0040490E |. 6A 01 |PUSH 1 ; /Arg2 = 00000001
00404910 |. 6A 25 |PUSH 25 ; |Arg1 = 00000025
00404912 |. B9 B0694B00 |MOV ECX,Ekd5.004B69B0 ; |
00404917 |. E8 5EFD0600 |CALL Ekd5.0047467A ; \Ekd5.0047467A
0040491C |. EB 0E |JMP SHORT Ekd5.0040492C
0040491E |> 6A 01 |PUSH 1 ; /Arg2 = 00000001
00404920 |. 6A 20 |PUSH 20 ; |Arg1 = 00000020
00404922 |. B9 B0694B00 |MOV ECX,Ekd5.004B69B0 ; |
00404927 |. E8 4EFD0600 |CALL Ekd5.0047467A ; \Ekd5.0047467A
0040492C |> E9 B60D0000 |JMP Ekd5.004056E7 返回最后
00404931 |> E8 A59C0100 |CALL Ekd5.0041E5DB
00404936 |. B9 083D4B00 |MOV ECX,Ekd5.004B3D08
0040493B |. E8 F01D0000 |CALL Ekd5.00406730
00404940 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00404942 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404944 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404946 |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
0040494B |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404950 |. E8 EBB00700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404955 |. 50 |PUSH EAX ; |Arg5
00404956 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404958 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
0040495A |. 8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030] ; |
00404960 |. 83E8 08 |SUB EAX,8 ; |
00404963 |. 50 |PUSH EAX ; |Arg2
00404964 |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
0040496A |. 83E9 08 |SUB ECX,8 ; |
0040496D |. 51 |PUSH ECX ; |Arg1
0040496E |. E8 A0CF0400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404973 |. 83C4 18 |ADD ESP,18
00404976 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00404978 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
0040497A |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
0040497C |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
00404981 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404986 |. E8 B5B00700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
0040498B |. 50 |PUSH EAX ; |Arg5
0040498C |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
0040498E |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404990 |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
00404996 |. 83EA 08 |SUB EDX,8 ; |
00404999 |. 52 |PUSH EDX ; |Arg2
0040499A |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
004049A0 |. 83E8 08 |SUB EAX,8 ; |
004049A3 |. 50 |PUSH EAX ; |Arg1
004049A4 |. E8 6ACF0400 |CALL Ekd5.00451913 ; \Ekd5.00451913
004049A9 |. 83C4 18 |ADD ESP,18
004049AC |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004049B2 |. 33D2 |XOR EDX,EDX
004049B4 |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1]
004049B7 |. 52 |PUSH EDX ; /Arg3
004049B8 |. 8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030] ; |
004049BE |. 50 |PUSH EAX ; |Arg2
004049BF |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
004049C5 |. 51 |PUSH ECX ; |Arg1
004049C6 |. E8 54A10300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
004049CB |. 83C4 0C |ADD ESP,0C
004049CE |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
004049D4 |. 8B4A 0C |MOV ECX,DWORD PTR DS:[EDX+C]
004049D7 |. E8 2DB60300 |CALL Ekd5.00440009
004049DC |. 85C0 |TEST EAX,EAX
004049DE |. 0F84 78010000 |JE Ekd5.00404B5C
004049E4 |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
004049EA |. 83B8 04060000>|CMP DWORD PTR DS:[EAX+604],0
004049F1 |. 0F84 0D010000 |JE Ekd5.00404B04
004049F7 |. 68 00100000 |PUSH 1000 ; /Arg3 = 00001000
004049FC |. 8D8D 00F0FFFF |LEA ECX,DWORD PTR SS:[EBP-1000] ; |
00404A02 |. 51 |PUSH ECX ; |Arg2
00404A03 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404A05 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404A07 |. 68 00100000 |PUSH 1000 ; ||Arg1 = 00001000
00404A0C |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404A11 |. E8 2AB00700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404A16 |. 50 |PUSH EAX ; |Arg1
00404A17 |. E8 E1B20700 |CALL Ekd5.0047FCFD ; \Ekd5.0047FCFD
00404A1C |. 83C4 0C |ADD ESP,0C
00404A1F |. 8D95 00F0FFFF |LEA EDX,DWORD PTR SS:[EBP-1000]
00404A25 |. 52 |PUSH EDX ; /Arg6
00404A26 |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
00404A2C |. 8A08 |MOV CL,BYTE PTR DS:[EAX] ; |
00404A2E |. 51 |PUSH ECX ; |Arg5
00404A2F |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404A31 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404A33 |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
00404A39 |. 83EA 08 |SUB EDX,8 ; |
00404A3C |. 52 |PUSH EDX ; |Arg2
00404A3D |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
00404A43 |. 83E8 08 |SUB EAX,8 ; |
00404A46 |. 50 |PUSH EAX ; |Arg1
00404A47 |. E8 30C90400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00404A4C |. 83C4 18 |ADD ESP,18
00404A4F |. E8 A29B0100 |CALL Ekd5.0041E5F6
00404A54 |. 6A 01 |PUSH 1 ; /Arg2 = 00000001
00404A56 |. 6A 21 |PUSH 21 ; |Arg1 = 00000021
00404A58 |. B9 B0694B00 |MOV ECX,Ekd5.004B69B0 ; |
00404A5D |. E8 18FC0600 |CALL Ekd5.0047467A ; \Ekd5.0047467A
00404A62 |. C685 E4EFFFFF>|MOV BYTE PTR SS:[EBP-101C],0
00404A69 |. EB 0F |JMP SHORT Ekd5.00404A7A
00404A6B |> 8A8D E4EFFFFF |/MOV CL,BYTE PTR SS:[EBP-101C]
00404A71 |. 80C1 01 ||ADD CL,1
00404A74 |. 888D E4EFFFFF ||MOV BYTE PTR SS:[EBP-101C],CL
00404A7A |> 8B95 E4EFFFFF | MOV EDX,DWORD PTR SS:[EBP-101C]
00404A80 |. 81E2 FF000000 ||AND EDX,0FF
00404A86 |. 83FA 06 ||CMP EDX,6
00404A89 |. 7D 77 ||JGE SHORT Ekd5.00404B02
00404A8B |. 6A 01 ||PUSH 1 ; /Arg1 = 00000001
00404A8D |. B9 181B4B00 ||MOV ECX,Ekd5.004B1B18 ; |
00404A92 |. E8 A9E8FFFF ||CALL Ekd5.00403340 ; \Ekd5.00403340
00404A97 |. E8 447A0200 ||CALL Ekd5.0042C4E0
00404A9C |. E8 3A9B0100 ||CALL Ekd5.0041E5DB
00404AA1 |. 8B85 E4EFFFFF ||MOV EAX,DWORD PTR SS:[EBP-101C]
00404AA7 |. 25 FF000000 ||AND EAX,0FF
00404AAC |. 99 ||CDQ
00404AAD |. 2BC2 ||SUB EAX,EDX
00404AAF |. D1F8 ||SAR EAX,1
00404AB1 |. 83C0 01 ||ADD EAX,1
00404AB4 |. 50 ||PUSH EAX ; /Arg4
00404AB5 |. 6A 40 ||PUSH 40 ; |Arg3 = 00000040
00404AB7 |. 6A 40 ||PUSH 40 ; |Arg2 = 00000040
00404AB9 |. 8D85 00F0FFFF ||LEA EAX,DWORD PTR SS:[EBP-1000] ; |
00404ABF |. 50 ||PUSH EAX ; |Arg1
00404AC0 |. E8 FBB80200 ||CALL Ekd5.004303C0 ; \Ekd5.004303C0
00404AC5 |. 83C4 10 ||ADD ESP,10
00404AC8 |. 8D8D 00F0FFFF ||LEA ECX,DWORD PTR SS:[EBP-1000]
00404ACE |. 51 ||PUSH ECX ; /Arg6
00404ACF |. 8B95 CCEFFFFF ||MOV EDX,DWORD PTR SS:[EBP-1034] ; |
00404AD5 |. 8A02 ||MOV AL,BYTE PTR DS:[EDX] ; |
00404AD7 |. 50 ||PUSH EAX ; |Arg5
00404AD8 |. 6A 40 ||PUSH 40 ; |Arg4 = 00000040
00404ADA |. 6A 40 ||PUSH 40 ; |Arg3 = 00000040
00404ADC |. 8B8D D8EFFFFF ||MOV ECX,DWORD PTR SS:[EBP-1028] ; |
00404AE2 |. 83E9 08 ||SUB ECX,8 ; |
00404AE5 |. 51 ||PUSH ECX ; |Arg2
00404AE6 |. 8B95 DCEFFFFF ||MOV EDX,DWORD PTR SS:[EBP-1024] ; |
00404AEC |. 83EA 08 ||SUB EDX,8 ; |
00404AEF |. 52 ||PUSH EDX ; |Arg1
00404AF0 |. E8 87C80400 ||CALL Ekd5.0045137C ; \Ekd5.0045137C
00404AF5 |. 83C4 18 ||ADD ESP,18
00404AF8 |. E8 F99A0100 ||CALL Ekd5.0041E5F6
00404AFD |.^ E9 69FFFFFF |\JMP Ekd5.00404A6B
00404B02 |> EB 3D |JMP SHORT Ekd5.00404B41
00404B04 |> 6A 04 |PUSH 4 ; /Arg3 = 00000004
00404B06 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
00404B08 |. 68 00100000 |PUSH 1000 ; |Arg1 = 00001000
00404B0D |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
00404B12 |. E8 29AF0700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00404B17 |. 50 |PUSH EAX ; /Arg6
00404B18 |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
00404B1E |. 8A08 |MOV CL,BYTE PTR DS:[EAX] ; |
00404B20 |. 51 |PUSH ECX ; |Arg5
00404B21 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404B23 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404B25 |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
00404B2B |. 83EA 08 |SUB EDX,8 ; |
00404B2E |. 52 |PUSH EDX ; |Arg2
00404B2F |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
00404B35 |. 83E8 08 |SUB EAX,8 ; |
00404B38 |. 50 |PUSH EAX ; |Arg1
00404B39 |. E8 3EC80400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00404B3E |. 83C4 18 |ADD ESP,18
00404B41 |> E8 B09A0100 |CALL Ekd5.0041E5F6
00404B46 |. 6A 08 |PUSH 8 ; /Arg1 = 00000008
00404B48 |. B9 181B4B00 |MOV ECX,Ekd5.004B1B18 ; |
00404B4D |. E8 EEE7FFFF |CALL Ekd5.00403340 ; \Ekd5.00403340
00404B52 |. E8 89790200 |CALL Ekd5.0042C4E0
00404B57 |. E9 5B010000 |JMP Ekd5.00404CB7
00404B5C |> 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
00404B62 |. 83B9 04060000>|CMP DWORD PTR DS:[ECX+604],0
00404B69 |. 0F84 09010000 |JE Ekd5.00404C78
00404B6F |. 68 00100000 |PUSH 1000 ; /Arg3 = 00001000
00404B74 |. 8D95 00F0FFFF |LEA EDX,DWORD PTR SS:[EBP-1000] ; |
00404B7A |. 52 |PUSH EDX ; |Arg2
00404B7B |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404B7D |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404B7F |. 6A 00 |PUSH 0 ; ||Arg1 = 00000000
00404B81 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404B86 |. E8 B5AE0700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404B8B |. 50 |PUSH EAX ; |Arg1
00404B8C |. E8 6CB10700 |CALL Ekd5.0047FCFD ; \Ekd5.0047FCFD
00404B91 |. 83C4 0C |ADD ESP,0C
00404B94 |. 8D85 00F0FFFF |LEA EAX,DWORD PTR SS:[EBP-1000]
00404B9A |. 50 |PUSH EAX ; /Arg6
00404B9B |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00404BA1 |. 8A11 |MOV DL,BYTE PTR DS:[ECX] ; |
00404BA3 |. 52 |PUSH EDX ; |Arg5
00404BA4 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404BA6 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404BA8 |. 8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028] ; |
00404BAE |. 83E8 08 |SUB EAX,8 ; |
00404BB1 |. 50 |PUSH EAX ; |Arg2
00404BB2 |. 8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024] ; |
00404BB8 |. 83E9 08 |SUB ECX,8 ; |
00404BBB |. 51 |PUSH ECX ; |Arg1
00404BBC |. E8 BBC70400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00404BC1 |. 83C4 18 |ADD ESP,18
00404BC4 |. E8 2D9A0100 |CALL Ekd5.0041E5F6
00404BC9 |. 6A 01 |PUSH 1 ; /Arg2 = 00000001
00404BCB |. 6A 21 |PUSH 21 ; |Arg1 = 00000021
00404BCD |. B9 B0694B00 |MOV ECX,Ekd5.004B69B0 ; |
00404BD2 |. E8 A3FA0600 |CALL Ekd5.0047467A ; \Ekd5.0047467A
00404BD7 |. C685 E4EFFFFF>|MOV BYTE PTR SS:[EBP-101C],0
00404BDE |. EB 0F |JMP SHORT Ekd5.00404BEF
00404BE0 |> 8A95 E4EFFFFF |/MOV DL,BYTE PTR SS:[EBP-101C]
00404BE6 |. 80C2 01 ||ADD DL,1
00404BE9 |. 8895 E4EFFFFF ||MOV BYTE PTR SS:[EBP-101C],DL
00404BEF |> 8B85 E4EFFFFF | MOV EAX,DWORD PTR SS:[EBP-101C]
00404BF5 |. 25 FF000000 ||AND EAX,0FF
00404BFA |. 83F8 06 ||CMP EAX,6
00404BFD |. 7D 77 ||JGE SHORT Ekd5.00404C76
00404BFF |. 6A 01 ||PUSH 1 ; /Arg1 = 00000001
00404C01 |. B9 181B4B00 ||MOV ECX,Ekd5.004B1B18 ; |
00404C06 |. E8 35E7FFFF ||CALL Ekd5.00403340 ; \Ekd5.00403340
00404C0B |. E8 D0780200 ||CALL Ekd5.0042C4E0
00404C10 |. E8 C6990100 ||CALL Ekd5.0041E5DB
00404C15 |. 8B85 E4EFFFFF ||MOV EAX,DWORD PTR SS:[EBP-101C]
00404C1B |. 25 FF000000 ||AND EAX,0FF
00404C20 |. 99 ||CDQ
00404C21 |. 2BC2 ||SUB EAX,EDX
00404C23 |. D1F8 ||SAR EAX,1
00404C25 |. 83C0 01 ||ADD EAX,1
00404C28 |. 50 ||PUSH EAX ; /Arg4
00404C29 |. 6A 40 ||PUSH 40 ; |Arg3 = 00000040
00404C2B |. 6A 40 ||PUSH 40 ; |Arg2 = 00000040
00404C2D |. 8D8D 00F0FFFF ||LEA ECX,DWORD PTR SS:[EBP-1000] ; |
00404C33 |. 51 ||PUSH ECX ; |Arg1
00404C34 |. E8 87B70200 ||CALL Ekd5.004303C0 ; \Ekd5.004303C0
00404C39 |. 83C4 10 ||ADD ESP,10
00404C3C |. 8D95 00F0FFFF ||LEA EDX,DWORD PTR SS:[EBP-1000]
00404C42 |. 52 ||PUSH EDX ; /Arg6
00404C43 |. 8B85 CCEFFFFF ||MOV EAX,DWORD PTR SS:[EBP-1034] ; |
00404C49 |. 8A08 ||MOV CL,BYTE PTR DS:[EAX] ; |
00404C4B |. 51 ||PUSH ECX ; |Arg5
00404C4C |. 6A 40 ||PUSH 40 ; |Arg4 = 00000040
00404C4E |. 6A 40 ||PUSH 40 ; |Arg3 = 00000040
00404C50 |. 8B95 D8EFFFFF ||MOV EDX,DWORD PTR SS:[EBP-1028] ; |
00404C56 |. 83EA 08 ||SUB EDX,8 ; |
00404C59 |. 52 ||PUSH EDX ; |Arg2
00404C5A |. 8B85 DCEFFFFF ||MOV EAX,DWORD PTR SS:[EBP-1024] ; |
00404C60 |. 83E8 08 ||SUB EAX,8 ; |
00404C63 |. 50 ||PUSH EAX ; |Arg1
00404C64 |. E8 13C70400 ||CALL Ekd5.0045137C ; \Ekd5.0045137C
00404C69 |. 83C4 18 ||ADD ESP,18
00404C6C |. E8 85990100 ||CALL Ekd5.0041E5F6
00404C71 |.^ E9 6AFFFFFF |\JMP Ekd5.00404BE0
00404C76 |> EB 3A |JMP SHORT Ekd5.00404CB2
00404C78 |> 6A 04 |PUSH 4 ; /Arg3 = 00000004
00404C7A |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
00404C7C |. 6A 00 |PUSH 0 ; |Arg1 = 00000000
00404C7E |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
00404C83 |. E8 B8AD0700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00404C88 |. 50 |PUSH EAX ; /Arg6
00404C89 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00404C8F |. 8A11 |MOV DL,BYTE PTR DS:[ECX] ; |
00404C91 |. 52 |PUSH EDX ; |Arg5
00404C92 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404C94 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404C96 |. 8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028] ; |
00404C9C |. 83E8 08 |SUB EAX,8 ; |
00404C9F |. 50 |PUSH EAX ; |Arg2
00404CA0 |. 8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024] ; |
00404CA6 |. 83E9 08 |SUB ECX,8 ; |
00404CA9 |. 51 |PUSH ECX ; |Arg1
00404CAA |. E8 CDC60400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00404CAF |. 83C4 18 |ADD ESP,18
00404CB2 |> E8 3F990100 |CALL Ekd5.0041E5F6 被攻击者第一个动作
00404CB7 |> E9 2B0A0000 |JMP Ekd5.004056E7
00404CBC |> E8 1A990100 |CALL Ekd5.0041E5DB //第二个攻击动作
00404CC1 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00404CC3 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404CC5 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404CC7 |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
00404CCC |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404CD1 |. E8 6AAD0700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404CD6 |. 50 |PUSH EAX ; |Arg5
00404CD7 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404CD9 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404CDB |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
00404CE1 |. 83EA 08 |SUB EDX,8 ; |
00404CE4 |. 52 |PUSH EDX ; |Arg2
00404CE5 |. 8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C] ; |
00404CEB |. 83E8 08 |SUB EAX,8 ; |
00404CEE |. 50 |PUSH EAX ; |Arg1
00404CEF |. E8 1FCC0400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404CF4 |. 83C4 18 |ADD ESP,18
00404CF7 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00404CF9 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404CFB |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404CFD |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
00404D02 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404D07 |. E8 34AD0700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404D0C |. 50 |PUSH EAX ; |Arg5
00404D0D |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404D0F |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404D11 |. 8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028] ; |
00404D17 |. 83E9 08 |SUB ECX,8 ; |
00404D1A |. 51 |PUSH ECX ; |Arg2
00404D1B |. 8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024] ; |
00404D21 |. 83EA 08 |SUB EDX,8 ; |
00404D24 |. 52 |PUSH EDX ; |Arg1
00404D25 |. E8 E9CB0400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404D2A |. 83C4 18 |ADD ESP,18
00404D2D |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00404D33 |. 33C9 |XOR ECX,ECX
00404D35 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1]
00404D38 |. 51 |PUSH ECX ; /Arg3
00404D39 |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
00404D3F |. 52 |PUSH EDX ; |Arg2
00404D40 |. 8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C] ; |
00404D46 |. 50 |PUSH EAX ; |Arg1
00404D47 |. E8 D39D0300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
00404D4C |. 83C4 0C |ADD ESP,0C
00404D4F |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
00404D51 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
00404D53 |. 68 00100000 |PUSH 1000 ; |Arg1 = 00001000
00404D58 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
00404D5D |. E8 DEAC0700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00404D62 |. 50 |PUSH EAX ; /Arg6
00404D63 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00404D69 |. 8A11 |MOV DL,BYTE PTR DS:[ECX] ; |
00404D6B |. 52 |PUSH EDX ; |Arg5
00404D6C |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404D6E |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404D70 |. 8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028] ; |
00404D76 |. 83E8 08 |SUB EAX,8 ; |
00404D79 |. 50 |PUSH EAX ; |Arg2
00404D7A |. 8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024] ; |
00404D80 |. 83E9 08 |SUB ECX,8 ; |
00404D83 |. 51 |PUSH ECX ; |Arg1
00404D84 |. E8 F3C50400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00404D89 |. 83C4 18 |ADD ESP,18
00404D8C |. E8 65980100 |CALL Ekd5.0041E5F6 第二个攻击动作
00404D91 |. E9 51090000 |JMP Ekd5.004056E7
00404D96 |> E8 40980100 |CALL Ekd5.0041E5DB
00404D9B |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00404D9D |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404D9F |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404DA1 |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
00404DA6 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404DAB |. E8 90AC0700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404DB0 |. 50 |PUSH EAX ; |Arg5
00404DB1 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404DB3 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404DB5 |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
00404DBB |. 83EA 08 |SUB EDX,8 ; |
00404DBE |. 52 |PUSH EDX ; |Arg2
00404DBF |. 8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C] ; |
00404DC5 |. 83E8 08 |SUB EAX,8 ; |
00404DC8 |. 50 |PUSH EAX ; |Arg1
00404DC9 |. E8 45CB0400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404DCE |. 83C4 18 |ADD ESP,18
00404DD1 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00404DD3 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404DD5 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404DD7 |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
00404DDC |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404DE1 |. E8 5AAC0700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404DE6 |. 50 |PUSH EAX ; |Arg5
00404DE7 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404DE9 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404DEB |. 8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028] ; |
00404DF1 |. 83E9 08 |SUB ECX,8 ; |
00404DF4 |. 51 |PUSH ECX ; |Arg2
00404DF5 |. 8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024] ; |
00404DFB |. 83EA 08 |SUB EDX,8 ; |
00404DFE |. 52 |PUSH EDX ; |Arg1
00404DFF |. E8 0FCB0400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00404E04 |. 83C4 18 |ADD ESP,18
00404E07 |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00404E0D |. 33C9 |XOR ECX,ECX
00404E0F |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1]
00404E12 |. 6BC9 24 |IMUL ECX,ECX,24
00404E15 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00404E1B |. E8 70DE0600 |CALL Ekd5.00472C90
00404E20 |. 85C0 |TEST EAX,EAX
00404E22 |. 75 35 |JNZ SHORT Ekd5.00404E59
00404E24 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00404E2A |. 33C0 |XOR EAX,EAX
00404E2C |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1]
00404E2F |. 50 |PUSH EAX ; /Arg3
00404E30 |. 8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030] ; |
00404E36 |. 51 |PUSH ECX ; |Arg2
00404E37 |. 8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C] ; |
00404E3D |. 52 |PUSH EDX ; |Arg1
00404E3E |. E8 DC9C0300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
00404E43 |. 83C4 0C |ADD ESP,0C
00404E46 |. 6A 01 |PUSH 1 ; /Arg2 = 00000001
00404E48 |. 6A 07 |PUSH 7 ; |Arg1 = 00000007
00404E4A |. B9 B0694B00 |MOV ECX,Ekd5.004B69B0 ; |
00404E4F |. E8 26F80600 |CALL Ekd5.0047467A ; \Ekd5.0047467A
00404E54 |. E9 5A010000 |JMP Ekd5.00404FB3
00404E59 |> 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00404E5F |. 83B8 84000000>|CMP DWORD PTR DS:[EAX+84],0
00404E66 |. 0F85 A5000000 |JNZ Ekd5.00404F11
00404E6C |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
00404E72 |. 83B9 54020000>|CMP DWORD PTR DS:[ECX+254],0
00404E79 |. 0F85 92000000 |JNZ Ekd5.00404F11
00404E7F |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
00404E81 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
00404E83 |. 68 00400000 |PUSH 4000 ; |Arg1 = 00004000
00404E88 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
00404E8D |. E8 AEAB0700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00404E92 |. 50 |PUSH EAX ; /Arg6
00404E93 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
00404E99 |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1] ; |
00404E9C |. 50 |PUSH EAX ; |Arg5
00404E9D |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
00404E9F |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00404EA1 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00404EA7 |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
00404EAD |. 0391 10060000 |ADD EDX,DWORD PTR DS:[ECX+610] ; |
00404EB3 |. 52 |PUSH EDX ; |Arg2
00404EB4 |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
00404EBA |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
00404EC0 |. 0388 0C060000 |ADD ECX,DWORD PTR DS:[EAX+60C] ; |
00404EC6 |. 51 |PUSH ECX ; |Arg1
00404EC7 |. E8 B0C40400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00404ECC |. 83C4 18 |ADD ESP,18
00404ECF |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00404ED5 |. 8A02 |MOV AL,BYTE PTR DS:[EDX]
00404ED7 |. 50 |PUSH EAX ; /Arg2
00404ED8 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00404EDE |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1] ; |
00404EE1 |. 52 |PUSH EDX ; |Arg1
00404EE2 |. E8 42090300 |CALL Ekd5.00435829 ; \Ekd5.00435829
00404EE7 |. 83C4 08 |ADD ESP,8
00404EEA |. 6A 01 |PUSH 1 ; /Arg2 = 00000001
00404EEC |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
00404EF2 |. 33C9 |XOR ECX,ECX ; |
00404EF4 |. 83B8 04060000>|CMP DWORD PTR DS:[EAX+604],0 ; |
00404EFB |. 0F95C1 |SETNE CL ; |
00404EFE |. 83C1 1E |ADD ECX,1E ; |
00404F01 |. 51 |PUSH ECX ; |Arg1
00404F02 |. B9 B0694B00 |MOV ECX,Ekd5.004B69B0 ; |
00404F07 |. E8 6EF70600 |CALL Ekd5.0047467A ; \Ekd5.0047467A
00404F0C |. E9 A2000000 |JMP Ekd5.00404FB3
00404F11 |> 68 00090000 |PUSH 900 ; /Arg3 = 00000900
00404F16 |. 8D95 00F0FFFF |LEA EDX,DWORD PTR SS:[EBP-1000] ; |
00404F1C |. 52 |PUSH EDX ; |Arg2
00404F1D |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00404F1F |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00404F21 |. 68 00400000 |PUSH 4000 ; ||Arg1 = 00004000
00404F26 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00404F2B |. E8 10AB0700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00404F30 |. 50 |PUSH EAX ; |Arg1
00404F31 |. E8 C7AD0700 |CALL Ekd5.0047FCFD ; \Ekd5.0047FCFD
00404F36 |. 83C4 0C |ADD ESP,0C
00404F39 |. 6A 0C |PUSH 0C ; /Arg4 = 0000000C
00404F3B |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00404F3D |. 6A 30 |PUSH 30 ; |Arg2 = 00000030
00404F3F |. 8D85 00F0FFFF |LEA EAX,DWORD PTR SS:[EBP-1000] ; |
00404F45 |. 50 |PUSH EAX ; |Arg1
00404F46 |. E8 75B40200 |CALL Ekd5.004303C0 ; \Ekd5.004303C0
00404F4B |. 83C4 10 |ADD ESP,10
00404F4E |. 8D8D 00F0FFFF |LEA ECX,DWORD PTR SS:[EBP-1000]
00404F54 |. 51 |PUSH ECX ; /Arg6
00404F55 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
00404F5B |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1] ; |
00404F5E |. 50 |PUSH EAX ; |Arg5
00404F5F |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
00404F61 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00404F63 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00404F69 |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
00404F6F |. 0391 10060000 |ADD EDX,DWORD PTR DS:[ECX+610] ; |
00404F75 |. 52 |PUSH EDX ; |Arg2
00404F76 |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
00404F7C |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
00404F82 |. 0388 0C060000 |ADD ECX,DWORD PTR DS:[EAX+60C] ; |
00404F88 |. 51 |PUSH ECX ; |Arg1
00404F89 |. E8 EEC30400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00404F8E |. 83C4 18 |ADD ESP,18
00404F91 |. 6A 01 |PUSH 1 ; /Arg2 = 00000001
00404F93 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
00404F99 |. 33C0 |XOR EAX,EAX ; |
00404F9B |. 83BA 04060000>|CMP DWORD PTR DS:[EDX+604],0 ; |
00404FA2 |. 0F95C0 |SETNE AL ; |
00404FA5 |. 83C0 23 |ADD EAX,23 ; |
00404FA8 |. 50 |PUSH EAX ; |Arg1
00404FA9 |. B9 B0694B00 |MOV ECX,Ekd5.004B69B0 ; |
00404FAE |. E8 C7F60600 |CALL Ekd5.0047467A ; \Ekd5.0047467A
00404FB3 |> 6A 04 |PUSH 4 ; /Arg3 = 00000004
00404FB5 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
00404FB7 |. 68 00200000 |PUSH 2000 ; |Arg1 = 00002000
00404FBC |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
00404FC1 |. E8 7AAA0700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00404FC6 |. 50 |PUSH EAX ; /Arg6
00404FC7 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00404FCD |. 8A11 |MOV DL,BYTE PTR DS:[ECX] ; |
00404FCF |. 52 |PUSH EDX ; |Arg5
00404FD0 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00404FD2 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00404FD4 |. 8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028] ; |
00404FDA |. 83E8 08 |SUB EAX,8 ; |
00404FDD |. 50 |PUSH EAX ; |Arg2
00404FDE |. 8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024] ; |
00404FE4 |. 83E9 08 |SUB ECX,8 ; |
00404FE7 |. 51 |PUSH ECX ; |Arg1
00404FE8 |. E8 8FC30400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00404FED |. 83C4 18 |ADD ESP,18
00404FF0 |. E8 01960100 |CALL Ekd5.0041E5F6 第三个攻击动作 被攻击者动作也有(被攻击者图发光)
00404FF5 |. E9 ED060000 |JMP Ekd5.004056E7
00404FFA |> E8 DC950100 |CALL Ekd5.0041E5DB
00404FFF |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00405001 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00405003 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00405005 |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
0040500A |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
0040500F |. E8 2CAA0700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00405014 |. 50 |PUSH EAX ; |Arg5
00405015 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00405017 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00405019 |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
0040501F |. 83EA 08 |SUB EDX,8 ; |
00405022 |. 52 |PUSH EDX ; |Arg2
00405023 |. 8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C] ; |
00405029 |. 83E8 08 |SUB EAX,8 ; |
0040502C |. 50 |PUSH EAX ; |Arg1
0040502D |. E8 E1C80400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00405032 |. 83C4 18 |ADD ESP,18
00405035 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00405037 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00405039 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
0040503B |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
00405040 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00405045 |. E8 F6A90700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
0040504A |. 50 |PUSH EAX ; |Arg5
0040504B |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
0040504D |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
0040504F |. 8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028] ; |
00405055 |. 83E9 08 |SUB ECX,8 ; |
00405058 |. 51 |PUSH ECX ; |Arg2
00405059 |. 8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024] ; |
0040505F |. 83EA 08 |SUB EDX,8 ; |
00405062 |. 52 |PUSH EDX ; |Arg1
00405063 |. E8 ABC80400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00405068 |. 83C4 18 |ADD ESP,18
0040506B |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00405071 |. 33C9 |XOR ECX,ECX
00405073 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1]
00405076 |. 6BC9 24 |IMUL ECX,ECX,24
00405079 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
0040507F |. E8 0CDC0600 |CALL Ekd5.00472C90
00405084 |. 85C0 |TEST EAX,EAX
00405086 |. 75 27 |JNZ SHORT Ekd5.004050AF
00405088 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
0040508E |. 33C0 |XOR EAX,EAX
00405090 |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1]
00405093 |. 50 |PUSH EAX ; /Arg3
00405094 |. 8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030] ; |
0040509A |. 51 |PUSH ECX ; |Arg2
0040509B |. 8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C] ; |
004050A1 |. 52 |PUSH EDX ; |Arg1
004050A2 |. E8 789A0300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
004050A7 |. 83C4 0C |ADD ESP,0C
004050AA |. E9 36010000 |JMP Ekd5.004051E5
004050AF |> 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
004050B5 |. 83B8 84000000>|CMP DWORD PTR DS:[EAX+84],0
004050BC |. 75 7F |JNZ SHORT Ekd5.0040513D
004050BE |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004050C4 |. 83B9 54020000>|CMP DWORD PTR DS:[ECX+254],0
004050CB |. 75 70 |JNZ SHORT Ekd5.0040513D
004050CD |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
004050CF |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
004050D1 |. 68 00400000 |PUSH 4000 ; |Arg1 = 00004000
004050D6 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
004050DB |. E8 60A90700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
004050E0 |. 50 |PUSH EAX ; /Arg6
004050E1 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
004050E7 |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1] ; |
004050EA |. 50 |PUSH EAX ; |Arg5
004050EB |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
004050ED |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
004050EF |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
004050F5 |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
004050FB |. 0391 10060000 |ADD EDX,DWORD PTR DS:[ECX+610] ; |
00405101 |. 52 |PUSH EDX ; |Arg2
00405102 |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
00405108 |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
0040510E |. 0388 0C060000 |ADD ECX,DWORD PTR DS:[EAX+60C] ; |
00405114 |. 51 |PUSH ECX ; |Arg1
00405115 |. E8 62C20400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
0040511A |. 83C4 18 |ADD ESP,18
0040511D |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00405123 |. 8A02 |MOV AL,BYTE PTR DS:[EDX]
00405125 |. 50 |PUSH EAX ; /Arg2
00405126 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
0040512C |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1] ; |
0040512F |. 52 |PUSH EDX ; |Arg1
00405130 |. E8 F4060300 |CALL Ekd5.00435829 ; \Ekd5.00435829
00405135 |. 83C4 08 |ADD ESP,8
00405138 |. E9 A8000000 |JMP Ekd5.004051E5
0040513D |> 68 00090000 |PUSH 900 ; /Arg3 = 00000900
00405142 |. 8D85 00F0FFFF |LEA EAX,DWORD PTR SS:[EBP-1000] ; |
00405148 |. 50 |PUSH EAX ; |Arg2
00405149 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
0040514B |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
0040514D |. 68 00400000 |PUSH 4000 ; ||Arg1 = 00004000
00405152 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00405157 |. E8 E4A80700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
0040515C |. 50 |PUSH EAX ; |Arg1
0040515D |. E8 9BAB0700 |CALL Ekd5.0047FCFD ; \Ekd5.0047FCFD
00405162 |. 83C4 0C |ADD ESP,0C
00405165 |. 6A 0C |PUSH 0C ; /Arg4 = 0000000C
00405167 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00405169 |. 6A 30 |PUSH 30 ; |Arg2 = 00000030
0040516B |. 8D8D 00F0FFFF |LEA ECX,DWORD PTR SS:[EBP-1000] ; |
00405171 |. 51 |PUSH ECX ; |Arg1
00405172 |. E8 49B20200 |CALL Ekd5.004303C0 ; \Ekd5.004303C0
00405177 |. 83C4 10 |ADD ESP,10
0040517A |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00405180 |. 83BA 04060000>|CMP DWORD PTR DS:[EDX+604],0
00405187 |. 74 19 |JE SHORT Ekd5.004051A2
00405189 |. 6A 04 |PUSH 4 ; /Arg6 = 00000004
0040518B |. 6A 0F |PUSH 0F ; |Arg5 = 0000000F
0040518D |. 6A 0F |PUSH 0F ; |Arg4 = 0000000F
0040518F |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00405191 |. 6A 30 |PUSH 30 ; |Arg2 = 00000030
00405193 |. 8D85 00F0FFFF |LEA EAX,DWORD PTR SS:[EBP-1000] ; |
00405199 |. 50 |PUSH EAX ; |Arg1
0040519A |. E8 9FB30200 |CALL Ekd5.0043053E ; \Ekd5.0043053E
0040519F |. 83C4 18 |ADD ESP,18
004051A2 |> 8D8D 00F0FFFF |LEA ECX,DWORD PTR SS:[EBP-1000]
004051A8 |. 51 |PUSH ECX ; /Arg6
004051A9 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
004051AF |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1] ; |
004051B2 |. 50 |PUSH EAX ; |Arg5
004051B3 |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
004051B5 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
004051B7 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
004051BD |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
004051C3 |. 0391 10060000 |ADD EDX,DWORD PTR DS:[ECX+610] ; |
004051C9 |. 52 |PUSH EDX ; |Arg2
004051CA |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
004051D0 |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
004051D6 |. 0388 0C060000 |ADD ECX,DWORD PTR DS:[EAX+60C] ; |
004051DC |. 51 |PUSH ECX ; |Arg1
004051DD |. E8 9AC10400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
004051E2 |. 83C4 18 |ADD ESP,18
004051E5 |> 6A 04 |PUSH 4 ; /Arg3 = 00000004
004051E7 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
004051E9 |. 68 00300000 |PUSH 3000 ; |Arg1 = 00003000
004051EE |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
004051F3 |. E8 48A80700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
004051F8 |. 50 |PUSH EAX ; /Arg6
004051F9 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
004051FF |. 8A02 |MOV AL,BYTE PTR DS:[EDX] ; |
00405201 |. 50 |PUSH EAX ; |Arg5
00405202 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00405204 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00405206 |. 8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028] ; |
0040520C |. 83E9 08 |SUB ECX,8 ; |
0040520F |. 51 |PUSH ECX ; |Arg2
00405210 |. 8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024] ; |
00405216 |. 83EA 08 |SUB EDX,8 ; |
00405219 |. 52 |PUSH EDX ; |Arg1
0040521A |. E8 5DC10400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
0040521F |. 83C4 18 |ADD ESP,18
00405222 |. E8 CF930100 |CALL Ekd5.0041E5F6 第四个攻击动作
00405227 |. E9 BB040000 |JMP Ekd5.004056E7
0040522C |> E8 AA930100 |CALL Ekd5.0041E5DB
00405231 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00405233 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00405235 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00405237 |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
0040523C |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00405241 |. E8 FAA70700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00405246 |. 50 |PUSH EAX ; |Arg5
00405247 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00405249 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
0040524B |. 8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030] ; |
00405251 |. 83E8 08 |SUB EAX,8 ; |
00405254 |. 50 |PUSH EAX ; |Arg2
00405255 |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
0040525B |. 83E9 08 |SUB ECX,8 ; |
0040525E |. 51 |PUSH ECX ; |Arg1
0040525F |. E8 AFC60400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00405264 |. 83C4 18 |ADD ESP,18
00405267 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00405269 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
0040526B |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
0040526D |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
00405272 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00405277 |. E8 C4A70700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
0040527C |. 50 |PUSH EAX ; |Arg5
0040527D |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
0040527F |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00405281 |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
00405287 |. 83EA 08 |SUB EDX,8 ; |
0040528A |. 52 |PUSH EDX ; |Arg2
0040528B |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
00405291 |. 83E8 08 |SUB EAX,8 ; |
00405294 |. 50 |PUSH EAX ; |Arg1
00405295 |. E8 79C60400 |CALL Ekd5.00451913 ; \Ekd5.00451913
0040529A |. 83C4 18 |ADD ESP,18
0040529D |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004052A3 |. 33D2 |XOR EDX,EDX
004052A5 |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1]
004052A8 |. 8BCA |MOV ECX,EDX
004052AA |. 6BC9 24 |IMUL ECX,ECX,24
004052AD |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
004052B3 |. E8 D8D90600 |CALL Ekd5.00472C90
004052B8 |. 85C0 |TEST EAX,EAX
004052BA |. 75 24 |JNZ SHORT Ekd5.004052E0
004052BC |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
004052C2 |. 33C9 |XOR ECX,ECX
004052C4 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1]
004052C7 |. 51 |PUSH ECX ; /Arg3
004052C8 |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
004052CE |. 52 |PUSH EDX ; |Arg2
004052CF |. 8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C] ; |
004052D5 |. 50 |PUSH EAX ; |Arg1
004052D6 |. E8 44980300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
004052DB |. 83C4 0C |ADD ESP,0C
004052DE |. EB 38 |JMP SHORT Ekd5.00405318
004052E0 |> 6A 04 |PUSH 4 ; /Arg3 = 00000004
004052E2 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
004052E4 |. 68 00400000 |PUSH 4000 ; |Arg1 = 00004000
004052E9 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
004052EE |. E8 4DA70700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
004052F3 |. 50 |PUSH EAX ; /Arg6
004052F4 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
004052FA |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1] ; |
004052FD |. 52 |PUSH EDX ; |Arg5
004052FE |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
00405300 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00405302 |. 8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030] ; |
00405308 |. 50 |PUSH EAX ; |Arg2
00405309 |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
0040530F |. 51 |PUSH ECX ; |Arg1
00405310 |. E8 67C00400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00405315 |. 83C4 18 |ADD ESP,18
00405318 |> 6A 04 |PUSH 4 ; /Arg3 = 00000004
0040531A |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0040531C |. 68 00300000 |PUSH 3000 ; |Arg1 = 00003000
00405321 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
00405326 |. E8 15A70700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
0040532B |. 50 |PUSH EAX ; /Arg6
0040532C |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
00405332 |. 8A02 |MOV AL,BYTE PTR DS:[EDX] ; |
00405334 |. 50 |PUSH EAX ; |Arg5
00405335 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00405337 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00405339 |. 8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028] ; |
0040533F |. 83E9 08 |SUB ECX,8 ; |
00405342 |. 51 |PUSH ECX ; |Arg2
00405343 |. 8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024] ; |
00405349 |. 83EA 08 |SUB EDX,8 ; |
0040534C |. 52 |PUSH EDX ; |Arg1
0040534D |. E8 2AC00400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00405352 |. 83C4 18 |ADD ESP,18
00405355 |. E8 9C920100 |CALL Ekd5.0041E5F6 被攻击者动作 (发光没了)
0040535A |. E9 88030000 |JMP Ekd5.004056E7
0040535F |> E8 77920100 |CALL Ekd5.0041E5DB
00405364 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00405366 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00405368 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
0040536A |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
0040536F |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00405374 |. E8 C7A60700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00405379 |. 50 |PUSH EAX ; |Arg5
0040537A |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
0040537C |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
0040537E |. 8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030] ; |
00405384 |. 83E8 08 |SUB EAX,8 ; |
00405387 |. 50 |PUSH EAX ; |Arg2
00405388 |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
0040538E |. 83E9 08 |SUB ECX,8 ; |
00405391 |. 51 |PUSH ECX ; |Arg1
00405392 |. E8 7CC50400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00405397 |. 83C4 18 |ADD ESP,18
0040539A |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
0040539C |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
0040539E |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
004053A0 |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
004053A5 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
004053AA |. E8 91A60700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
004053AF |. 50 |PUSH EAX ; |Arg5
004053B0 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
004053B2 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
004053B4 |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
004053BA |. 83EA 08 |SUB EDX,8 ; |
004053BD |. 52 |PUSH EDX ; |Arg2
004053BE |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
004053C4 |. 83E8 08 |SUB EAX,8 ; |
004053C7 |. 50 |PUSH EAX ; |Arg1
004053C8 |. E8 46C50400 |CALL Ekd5.00451913 ; \Ekd5.00451913
004053CD |. 83C4 18 |ADD ESP,18
004053D0 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004053D6 |. 33D2 |XOR EDX,EDX
004053D8 |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1]
004053DB |. 8BCA |MOV ECX,EDX
004053DD |. 6BC9 24 |IMUL ECX,ECX,24
004053E0 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
004053E6 |. E8 A5D80600 |CALL Ekd5.00472C90
004053EB |. 85C0 |TEST EAX,EAX
004053ED |. 75 64 |JNZ SHORT Ekd5.00405453
004053EF |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
004053F5 |. 33C9 |XOR ECX,ECX
004053F7 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1]
004053FA |. 51 |PUSH ECX ; /Arg3
004053FB |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
00405401 |. 52 |PUSH EDX ; |Arg2
00405402 |. 8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C] ; |
00405408 |. 50 |PUSH EAX ; |Arg1
00405409 |. E8 11970300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
0040540E |. 83C4 0C |ADD ESP,0C
00405411 |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
00405413 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
00405415 |. 68 00300000 |PUSH 3000 ; |Arg1 = 00003000
0040541A |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
0040541F |. E8 1CA60700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00405424 |. 50 |PUSH EAX ; /Arg6
00405425 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
0040542B |. 8A11 |MOV DL,BYTE PTR DS:[ECX] ; |
0040542D |. 52 |PUSH EDX ; |Arg5
0040542E |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00405430 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00405432 |. 8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028] ; |
00405438 |. 83E8 08 |SUB EAX,8 ; |
0040543B |. 50 |PUSH EAX ; |Arg2
0040543C |. 8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024] ; |
00405442 |. 83E9 08 |SUB ECX,8 ; |
00405445 |. 51 |PUSH ECX ; |Arg1
00405446 |. E8 31BF0400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
0040544B |. 83C4 18 |ADD ESP,18
0040544E |. E9 DB000000 |JMP Ekd5.0040552E
00405453 |> 6A 04 |PUSH 4 ; /Arg3 = 00000004
00405455 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
00405457 |. 68 00400000 |PUSH 4000 ; |Arg1 = 00004000
0040545C |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
00405461 |. E8 DAA50700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00405466 |. 50 |PUSH EAX ; /Arg6
00405467 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
0040546D |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1] ; |
00405470 |. 50 |PUSH EAX ; |Arg5
00405471 |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
00405473 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00405475 |. 8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030] ; |
0040547B |. 51 |PUSH ECX ; |Arg2
0040547C |. 8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C] ; |
00405482 |. 52 |PUSH EDX ; |Arg1
00405483 |. E8 F4BE0400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
00405488 |. 83C4 18 |ADD ESP,18
0040548B |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0040548D |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0040548F |. 68 00300000 |PUSH 3000 ; |Arg1 = 00003000
00405494 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
00405499 |. E8 A2A50700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
0040549E |. 50 |PUSH EAX ; /Arg6
0040549F |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
004054A5 |. 8A08 |MOV CL,BYTE PTR DS:[EAX] ; |
004054A7 |. 51 |PUSH ECX ; |Arg5
004054A8 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
004054AA |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
004054AC |. 8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028] ; |
004054B2 |. 83EA 08 |SUB EDX,8 ; |
004054B5 |. 52 |PUSH EDX ; |Arg2
004054B6 |. 8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024] ; |
004054BC |. 83E8 08 |SUB EAX,8 ; |
004054BF |. 50 |PUSH EAX ; |Arg1
004054C0 |. E8 B7BE0400 |CALL Ekd5.0045137C ; \Ekd5.0045137C
004054C5 |. 83C4 18 |ADD ESP,18
004054C8 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004054CE |. 83B9 84000000>|CMP DWORD PTR DS:[ECX+84],0
004054D5 |. 74 25 |JE SHORT Ekd5.004054FC
004054D7 |. 6A 18 |PUSH 18 ; /Arg4 = 00000018
004054D9 |. 6A 12 |PUSH 12 ; |Arg3 = 00000012
004054DB |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
004054E1 |. 8B82 84000000 |MOV EAX,DWORD PTR DS:[EDX+84] ; |
004054E7 |. 50 |PUSH EAX ; |Arg2
004054E8 |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
004054EE |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1] ; |
004054F1 |. 52 |PUSH EDX ; |Arg1
004054F2 |. E8 FAA50400 |CALL Ekd5.0044FAF1 ; \Ekd5.0044FAF1
004054F7 |. 83C4 10 |ADD ESP,10
004054FA |. EB 32 |JMP SHORT Ekd5.0040552E
004054FC |> 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00405502 |. 83B8 54020000>|CMP DWORD PTR DS:[EAX+254],0
00405509 |. 74 23 |JE SHORT Ekd5.0040552E
0040550B |. 6A 18 |PUSH 18 ; /Arg4 = 00000018
0040550D |. 6A 45 |PUSH 45 ; |Arg3 = 00000045
0040550F |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00405515 |. 8B91 54020000 |MOV EDX,DWORD PTR DS:[ECX+254] ; |
0040551B |. 52 |PUSH EDX ; |Arg2
0040551C |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034] ; |
00405522 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1] ; |
00405525 |. 51 |PUSH ECX ; |Arg1
00405526 |. E8 C6A50400 |CALL Ekd5.0044FAF1 ; \Ekd5.0044FAF1
0040552B |. 83C4 10 |ADD ESP,10
0040552E |> E8 C3900100 |CALL Ekd5.0041E5F6 显示伤害点数
00405533 |. 8B95 F0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1010]
00405539 |. 52 |PUSH EDX ; /Arg1
0040553A |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
00405540 |. E8 41ECFFFF |CALL Ekd5.00404186 ; \Ekd5.00404186
00405545 |. E9 9D010000 |JMP Ekd5.004056E7
0040554A |> 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00405550 |. 8B88 84000000 |MOV ECX,DWORD PTR DS:[EAX+84]
00405556 |. 51 |PUSH ECX
00405557 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
0040555D |. 33C0 |XOR EAX,EAX
0040555F |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1]
00405562 |. 8BC8 |MOV ECX,EAX
00405564 |. 6BC9 24 |IMUL ECX,ECX,24
00405567 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
0040556D |. E8 1ED70600 |CALL Ekd5.00472C90
00405572 |. 50 |PUSH EAX ; |Arg1
00405573 |. E8 26A50700 |CALL Ekd5.0047FA9E ; \Ekd5.0047FA9E
00405578 |. 83C4 08 |ADD ESP,8
0040557B |. 8BF0 |MOV ESI,EAX
0040557D |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
00405583 |. 33D2 |XOR EDX,EDX
00405585 |. 8A51 01 |MOV DL,BYTE PTR DS:[ECX+1]
00405588 |. 8BCA |MOV ECX,EDX
0040558A |. 6BC9 24 |IMUL ECX,ECX,24
0040558D |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405593 |. E8 D8A00500 |CALL Ekd5.0045F670
00405598 |. 8BC8 |MOV ECX,EAX
0040559A |. 6BC9 48 |IMUL ECX,ECX,48
0040559D |. 81C1 0000D600 |ADD ECX,0D60000
004055A3 |. E8 731C0000 |CALL Ekd5.0040721B
004055A8 |. 33D2 |XOR EDX,EDX
004055AA |. B9 05000000 |MOV ECX,5
004055AF |. F7F1 |DIV ECX
004055B1 |. 3BF0 |CMP ESI,EAX
004055B3 |. 73 1D |JNB SHORT Ekd5.004055D2
004055B5 |. 6A 20 |PUSH 20 ; /Arg1 = 00000020
004055B7 |. 8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034] ; |
004055BD |. 33C0 |XOR EAX,EAX ; |
004055BF |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1] ; |
004055C2 |. 8BC8 |MOV ECX,EAX ; |
004055C4 |. 6BC9 24 |IMUL ECX,ECX,24 ; |
004055C7 |. 81C1 502C4B00 |ADD ECX,Ekd5.004B2C50 ; |
004055CD |. E8 46D10300 |CALL Ekd5.00442718 ; \Ekd5.00442718
004055D2 |> E8 04900100 |CALL Ekd5.0041E5DB
004055D7 |. 8B8D FCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1004]
004055DD |. 51 |PUSH ECX ; /Arg2
004055DE |. 8B95 F8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1008] ; |
004055E4 |. 52 |PUSH EDX ; |Arg1
004055E5 |. E8 0FE1FFFF |CALL Ekd5.004036F9 ; \Ekd5.004036F9
004055EA |. 83C4 08 |ADD ESP,8
004055ED |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
004055EF |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
004055F1 |. 68 00590000 |PUSH 5900 ; |Arg1 = 00005900
004055F6 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; |
004055FB |. E8 40A40700 |CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00405600 |. 50 |PUSH EAX ; /Arg5
00405601 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00405603 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00405605 |. 8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030] ; |
0040560B |. 83E8 08 |SUB EAX,8 ; |
0040560E |. 50 |PUSH EAX ; |Arg2
0040560F |. 8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C] ; |
00405615 |. 83E9 08 |SUB ECX,8 ; |
00405618 |. 51 |PUSH ECX ; |Arg1
00405619 |. E8 C8C30400 |CALL Ekd5.004519E6 ; \Ekd5.004519E6
0040561E |. 83C4 14 |ADD ESP,14
00405621 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00405623 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00405625 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00405627 |. 68 00590000 |PUSH 5900 ; ||Arg1 = 00005900
0040562C |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00405631 |. E8 0AA40700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
00405636 |. 50 |PUSH EAX ; |Arg5
00405637 |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
00405639 |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
0040563B |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
00405641 |. 83EA 08 |SUB EDX,8 ; |
00405644 |. 52 |PUSH EDX ; |Arg2
00405645 |. 8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C] ; |
0040564B |. 83E8 08 |SUB EAX,8 ; |
0040564E |. 50 |PUSH EAX ; |Arg1
0040564F |. E8 BFC20400 |CALL Ekd5.00451913 ; \Ekd5.00451913
00405654 |. 83C4 18 |ADD ESP,18
00405657 |. 6A 00 |PUSH 0 ; /Arg6 = 00000000
00405659 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
0040565B |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
0040565D |. 68 00490000 |PUSH 4900 ; ||Arg1 = 00004900
00405662 |. B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8 ; ||
00405667 |. E8 D4A30700 |CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
0040566C |. 50 |PUSH EAX ; |Arg5
0040566D |. 6A 40 |PUSH 40 ; |Arg4 = 00000040
0040566F |. 6A 40 |PUSH 40 ; |Arg3 = 00000040
00405671 |. 8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028] ; |
00405677 |. 83E9 08 |SUB ECX,8 ; |
0040567A |. 51 |PUSH ECX ; |Arg2
0040567B |. 8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024] ; |
00405681 |. 83EA 08 |SUB EDX,8 ; |
00405684 |. 52 |PUSH EDX ; |Arg1
00405685 |. E8 89C20400 |CALL Ekd5.00451913 ; \Ekd5.00451913
0040568A |. 83C4 18 |ADD ESP,18
0040568D |. 8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00405693 |. 33C9 |XOR ECX,ECX
00405695 |. 8A48 01 |MOV CL,BYTE PTR DS:[EAX+1]
00405698 |. 51 |PUSH ECX ; /Arg3
00405699 |. 8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030] ; |
0040569F |. 52 |PUSH EDX ; |Arg2
004056A0 |. 8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C] ; |
004056A6 |. 50 |PUSH EAX ; |Arg1
004056A7 |. E8 73940300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
004056AC |. 83C4 0C |ADD ESP,0C
004056AF |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004056B5 |. 33D2 |XOR EDX,EDX
004056B7 |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
004056B9 |. 52 |PUSH EDX ; /Arg3
004056BA |. 8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028] ; |
004056C0 |. 50 |PUSH EAX ; |Arg2
004056C1 |. 8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024] ; |
004056C7 |. 51 |PUSH ECX ; |Arg1
004056C8 |. E8 52940300 |CALL Ekd5.0043EB1F ; \Ekd5.0043EB1F
004056CD |. 83C4 0C |ADD ESP,0C
004056D0 |. E8 218F0100 |CALL Ekd5.0041E5F6 回复正常 (攻击者和被攻击)
004056D5 |. 8B95 F0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1010]
004056DB |. 52 |PUSH EDX ; /Arg1
004056DC |. 8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034] ; |
004056E2 |. E8 9FEAFFFF |CALL Ekd5.00404186 ; \Ekd5.00404186
004056E7 |> 6A 01 |PUSH 1 ; /Arg1 = 00000001 多数返回点
004056E9 |. B9 181B4B00 |MOV ECX,Ekd5.004B1B18 ; |
004056EE |. E8 4DDCFFFF |CALL Ekd5.00403340 ; \Ekd5.00403340
004056F3 |. E8 E86D0200 |CALL Ekd5.0042C4E0
004056F8 |.^ E9 23EFFFFF \JMP Ekd5.00404620
004056FD |> 5E POP ESI
004056FE |. 8BE5 MOV ESP,EBP
00405700 |. 5D POP EBP
00405701 \. C3 RETN
00403B8F /$ 55 PUSH EBP
00403B90 |. 8BEC MOV EBP,ESP
00403B92 |. 6A FF PUSH -1
00403B94 |. 68 8C4F4800 PUSH Ekd5.00484F8C ; SE 处理程序安装
00403B99 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
00403B9F |. 50 PUSH EAX
00403BA0 |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
00403BA7 |. 81EC 1C010000 SUB ESP,11C
00403BAD |. 898D DCFEFFFF MOV DWORD PTR SS:[EBP-124],ECX
00403BB3 |. 8B85 DCFEFFFF MOV EAX,DWORD PTR SS:[EBP-124]
00403BB9 |. 33C9 XOR ECX,ECX
00403BBB |. 8A08 MOV CL,BYTE PTR DS:[EAX]
00403BBD |. 51 PUSH ECX ; /Arg1
00403BBE |. 8B95 DCFEFFFF MOV EDX,DWORD PTR SS:[EBP-124] ; |
00403BC4 |. 8B4A 0C MOV ECX,DWORD PTR DS:[EDX+C] ; |
00403BC7 |. E8 7CC00300 CALL Ekd5.0043FC48 ; \Ekd5.0043FC48
00403BCC |. 8845 F0 MOV BYTE PTR SS:[EBP-10],AL
00403BCF |. 8B85 DCFEFFFF MOV EAX,DWORD PTR SS:[EBP-124]
00403BD5 |. 8B48 0C MOV ECX,DWORD PTR DS:[EAX+C]
00403BD8 |. E8 43A70300 CALL Ekd5.0043E320 获取武将ecx的朝向
00403BDD |. 25 FF000000 AND EAX,0FF
00403BE2 |. 8985 E0FEFFFF MOV DWORD PTR SS:[EBP-120],EAX
00403BE8 |. 6A 04 PUSH 4 ; /Arg3 = 00000004
00403BEA |. 6A 00 PUSH 0 ; |Arg2 = 00000000
00403BEC |. 6A 00 PUSH 0 ; |Arg1 = 00000000
00403BEE |. B9 C8E44A00 MOV ECX,Ekd5.004AE4C8 ; |
00403BF3 |. E8 48BE0700 CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00403BF8 |. 8985 E4FEFFFF MOV DWORD PTR SS:[EBP-11C],EAX
00403BFE |. 8D8D ECFEFFFF LEA ECX,DWORD PTR SS:[EBP-114]
00403C04 |. E8 A7F6FFFF CALL Ekd5.004032B0
00403C09 |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
00403C10 |. 68 C0BB4800 PUSH Ekd5.0048BBC0 ; /Arg1 = 0048BBC0 ASCII "UNIT_ATK.E5"
00403C15 |. 8D8D ECFEFFFF LEA ECX,DWORD PTR SS:[EBP-114] ; |
00403C1B |. E8 15BF0100 CALL Ekd5.0041FB35 ; \Ekd5.0041FB35
00403C20 |. 6A 04 PUSH 4 ; /Arg3 = 00000004
00403C22 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
00403C24 |. 68 00690000 PUSH 6900 ; |Arg1 = 00006900
00403C29 |. B9 C8E44A00 MOV ECX,Ekd5.004AE4C8 ; |
00403C2E |. E8 0DBE0700 CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00403C33 |. 50 PUSH EAX ; /Arg2
00403C34 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
00403C37 |. 81E1 FF000000 AND ECX,0FF ; |
00403C3D |. 51 PUSH ECX ; |Arg1
00403C3E |. 8D8D ECFEFFFF LEA ECX,DWORD PTR SS:[EBP-114] ; |
00403C44 |. E8 40C00100 CALL Ekd5.0041FC89 ; \Ekd5.0041FC89
00403C49 |. 8D8D ECFEFFFF LEA ECX,DWORD PTR SS:[EBP-114]
00403C4F |. E8 71560100 CALL Ekd5.004192C5
00403C54 |. 8B95 E0FEFFFF MOV EDX,DWORD PTR SS:[EBP-120]
00403C5A |. 8995 D8FEFFFF MOV DWORD PTR SS:[EBP-128],EDX
00403C60 |. 83BD D8FEFFFF>CMP DWORD PTR SS:[EBP-128],3
00403C67 |. 0F87 E8000000 JA Ekd5.00403D55
00403C6D |. 8B85 D8FEFFFF MOV EAX,DWORD PTR SS:[EBP-128]
00403C73 |. FF2485 753D40>JMP DWORD PTR DS:[EAX*4+403D75] ; Ekd5.00403C7A
->
00403C7A |> 6A 04 PUSH 4 ; /Arg3 = 00000004
00403C7C |. 6A 00 PUSH 0 ; |Arg2 = 00000000
00403C7E |. 68 00A90000 PUSH 0A900 ; |Arg1 = 0000A900
00403C83 |. B9 C8E44A00 MOV ECX,Ekd5.004AE4C8 ; |
00403C88 |. E8 B3BD0700 CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00403C8D |. 8985 E8FEFFFF MOV DWORD PTR SS:[EBP-118],EAX
00403C93 |. 68 00400000 PUSH 4000 ; /Arg3 = 00004000
00403C98 |. 8B8D E4FEFFFF MOV ECX,DWORD PTR SS:[EBP-11C] ; |
00403C9E |. 51 PUSH ECX ; |Arg2
00403C9F |. 8B95 E8FEFFFF MOV EDX,DWORD PTR SS:[EBP-118] ; |
00403CA5 |. 52 PUSH EDX ; |Arg1
00403CA6 |. E8 52C00700 CALL Ekd5.0047FCFD ; \Ekd5.0047FCFD
00403CAB |. 83C4 0C ADD ESP,0C
00403CAE |. E9 A2000000 JMP Ekd5.00403D55
->
00403CB3 |> 6A 04 PUSH 4 ; /Arg3 = 00000004
00403CB5 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
00403CB7 |. 68 00E90000 PUSH 0E900 ; |Arg1 = 0000E900
00403CBC |. B9 C8E44A00 MOV ECX,Ekd5.004AE4C8 ; |
00403CC1 |. E8 7ABD0700 CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00403CC6 |. 8985 E8FEFFFF MOV DWORD PTR SS:[EBP-118],EAX
00403CCC |. 8B85 E4FEFFFF MOV EAX,DWORD PTR SS:[EBP-11C]
00403CD2 |. 50 PUSH EAX ; /Arg4
00403CD3 |. 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-118] ; |
00403CD9 |. 51 PUSH ECX ; |Arg3
00403CDA |. 68 00010000 PUSH 100 ; |Arg2 = 00000100
00403CDF |. 6A 40 PUSH 40 ; |Arg1 = 00000040
00403CE1 |. E8 6DB10100 CALL Ekd5.0041EE53 ; \Ekd5.0041EE53
00403CE6 |. 83C4 10 ADD ESP,10
00403CE9 |. EB 6A JMP SHORT Ekd5.00403D55
->
00403CEB |> 6A 04 PUSH 4 ; /Arg3 = 00000004
00403CED |. 6A 00 PUSH 0 ; |Arg2 = 00000000
00403CEF |. 68 00E90000 PUSH 0E900 ; |Arg1 = 0000E900
00403CF4 |. B9 C8E44A00 MOV ECX,Ekd5.004AE4C8 ; |
00403CF9 |. E8 42BD0700 CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00403CFE |. 8985 E8FEFFFF MOV DWORD PTR SS:[EBP-118],EAX
00403D04 |. 68 00400000 PUSH 4000 ; /Arg3 = 00004000
00403D09 |. 8B95 E4FEFFFF MOV EDX,DWORD PTR SS:[EBP-11C] ; |
00403D0F |. 52 PUSH EDX ; |Arg2
00403D10 |. 8B85 E8FEFFFF MOV EAX,DWORD PTR SS:[EBP-118] ; |
00403D16 |. 50 PUSH EAX ; |Arg1
00403D17 |. E8 E1BF0700 CALL Ekd5.0047FCFD ; \Ekd5.0047FCFD
00403D1C |. 83C4 0C ADD ESP,0C
00403D1F |. EB 34 JMP SHORT Ekd5.00403D55
->
00403D21 |> 6A 04 PUSH 4 ; /Arg3 = 00000004
00403D23 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
00403D25 |. 68 00690000 PUSH 6900 ; |Arg1 = 00006900
00403D2A |. B9 C8E44A00 MOV ECX,Ekd5.004AE4C8 ; |
00403D2F |. E8 0CBD0700 CALL Ekd5.0047FA40 ; \Ekd5.0047FA40
00403D34 |. 8985 E8FEFFFF MOV DWORD PTR SS:[EBP-118],EAX
00403D3A |. 68 00400000 PUSH 4000 ; /Arg3 = 00004000
00403D3F |. 8B8D E4FEFFFF MOV ECX,DWORD PTR SS:[EBP-11C] ; |
00403D45 |. 51 PUSH ECX ; |Arg2
00403D46 |. 8B95 E8FEFFFF MOV EDX,DWORD PTR SS:[EBP-118] ; |
00403D4C |. 52 PUSH EDX ; |Arg1
00403D4D |. E8 ABBF0700 CALL Ekd5.0047FCFD ; \Ekd5.0047FCFD
00403D52 |. 83C4 0C ADD ESP,0C
00403D55 |> C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
00403D5C |. 8D8D ECFEFFFF LEA ECX,DWORD PTR SS:[EBP-114]
00403D62 |. E8 69F5FFFF CALL Ekd5.004032D0
00403D67 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
00403D6A |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
00403D71 |. 8BE5 MOV ESP,EBP
00403D73 |. 5D POP EBP
00403D74 \. C3 RETN
00403D75 . 7A3C4000 DD Ekd5.00403C7A ; 分支表 被用于 00403C73
00403D79 . B33C4000 DD Ekd5.00403CB3
00403D7D . 213D4000 DD Ekd5.00403D21
00403D81 . EB3C4000 DD Ekd5.00403CEB
作者:
岱瀛 时间: 2007-12-30 21:14 标题: 战场交给装备函数 (这个是我自己新写的非KOEI的功能函数)
-4 本方的战场信息Ecx
-8本方的辅助
-C 00497750
-10对方战场编号
-14对方的辅助信息
-18本方的武将的Data信息Ecx
-1C对方的武将
-20对方武将的Data序号
004D28C2 55 PUSH EBP
004D28C3 8BEC MOV EBP,ESP
004D28C5 83EC 20 SUB ESP,20
004D28C8 894D FC MOV DWORD PTR SS:[EBP-4],ECX
004D28CB E8 A0CDF8FF CALL WaGan.0045F670 ; 获取本方Data序号
004D28D0 6BC0 48 IMUL EAX,EAX,48
004D28D3 05 0000D600 ADD EAX,0D60000
004D28D8 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
004D28DB 6A 02 PUSH 2
004D28DD 8BC8 MOV ECX,EAX
004D28DF E8 0C3DF3FF CALL WaGan.004065F0 ; 获取本方辅助
004D28E4 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
004D28E7 25 FF000000 AND EAX,0FF
004D28EC 3D FF000000 CMP EAX,0FF
004D28F1 75 14 JNZ SHORT WaGan.004D2907
004D28F3 68 A0545500 PUSH WaGan.005554A0 ; 该武将辅助装备为空
004D28F8 6A 02 PUSH 2
004D28FA E8 9ACDF5FF CALL WaGan.0042F699
004D28FF 83C4 08 ADD ESP,8
004D2902 E9 7A010000 JMP WaGan.004D2A81 ; 退出
004D2907 C745 F4 5077490>MOV DWORD PTR SS:[EBP-C],WaGan.00497750 ; 开始监听
004D290E 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
004D2911 8AC8 MOV CL,AL
004D2913 51 PUSH ECX
004D2914 6A 04 PUSH 4
004D2916 B1 01 MOV CL,1
004D2918 51 PUSH ECX
004D2919 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004D291C 8A48 04 MOV CL,BYTE PTR DS:[EAX+4]
004D291F 51 PUSH ECX
004D2920 B9 50424B00 MOV ECX,WaGan.004B4250
004D2925 E8 132AF8FF CALL WaGan.0045533D
004D292A 8845 F0 MOV BYTE PTR SS:[EBP-10],AL
004D292D 25 FF000000 AND EAX,0FF
004D2932 3D FF000000 CMP EAX,0FF
004D2937 0F84 44010000 JE WaGan.004D2A81 ; 取消,退出
004D293D 6BC0 24 IMUL EAX,EAX,24
004D2940 05 502C4B00 ADD EAX,WaGan.004B2C50
004D2945 8BC8 MOV ECX,EAX
004D2947 E8 24CDF8FF CALL WaGan.0045F670
004D294C 6BC0 48 IMUL EAX,EAX,48
004D294F 05 0000D600 ADD EAX,0D60000
004D2954 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
004D2957 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004D295A 3BC8 CMP ECX,EAX
004D295C 75 05 JNZ SHORT WaGan.004D2963
004D295E 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004D2961 ^ EB A4 JMP SHORT WaGan.004D2907 ; 相同,返回监听
004D2963 6A 02 PUSH 2
004D2965 8BC8 MOV ECX,EAX
004D2967 E8 843CF3FF CALL WaGan.004065F0 ; 获取对方辅助
004D296C 8945 EC MOV DWORD PTR SS:[EBP-14],EAX
004D296F 25 FF000000 AND EAX,0FF
004D2974 3D FF000000 CMP EAX,0FF
004D2979 74 17 JE SHORT WaGan.004D2992
004D297B 68 F0545500 PUSH WaGan.005554F0
004D2980 6A 02 PUSH 2
004D2982 E8 12CDF5FF CALL WaGan.0042F699
004D2987 83C4 08 ADD ESP,8
004D298A 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004D298D ^ E9 75FFFFFF JMP WaGan.004D2907 ; 对方辅助不为空,返回监听
004D2992 8B5D F8 MOV EBX,DWORD PTR SS:[EBP-8]
004D2995 53 PUSH EBX
004D2996 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
004D2999 E8 694FF3FF CALL WaGan.00407907 ; 判断对方是否能装备
004D299E 85C0 TEST EAX,EAX
004D29A0 75 17 JNZ SHORT WaGan.004D29B9
004D29A2 68 D0545500 PUSH WaGan.005554D0
004D29A7 6A 02 PUSH 2
004D29A9 E8 EBCCF5FF CALL WaGan.0042F699
004D29AE 83C4 08 ADD ESP,8
004D29B1 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004D29B4 ^ E9 4EFFFFFF JMP WaGan.004D2907 ; 对方不能装备,返回监听
004D29B9 68 FF000000 PUSH 0FF
004D29BE 83EB 33 SUB EBX,33
004D29C1 53 PUSH EBX
004D29C2 6A 02 PUSH 2
004D29C4 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
004D29C7 E8 2054F3FF CALL WaGan.00407DEC
004D29CC 6A 02 PUSH 2
004D29CE 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004D29D1 E8 EE53F3FF CALL WaGan.00407DC4
004D29D6 68 FF000000 PUSH 0FF
004D29DB 68 FF000000 PUSH 0FF
004D29E0 6A 01 PUSH 1
004D29E2 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004D29E5 E8 86CCF8FF CALL WaGan.0045F670
004D29EA 25 FFFF0000 AND EAX,0FFFF
004D29EF 50 PUSH EAX
004D29F0 B9 F05D4B00 MOV ECX,WaGan.004B5DF0
004D29F5 E8 954DF8FF CALL WaGan.0045778F
004D29FA 6A 06 PUSH 6
004D29FC 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004D29FF E8 14FDF6FF CALL WaGan.00442718
004D2A04 33C9 XOR ECX,ECX
004D2A06 8A4D F0 MOV CL,BYTE PTR SS:[EBP-10]
004D2A09 6BC9 24 IMUL ECX,ECX,24
004D2A0C 81C1 502C4B00 ADD ECX,WaGan.004B2C50
004D2A12 E8 59CCF8FF CALL WaGan.0045F670
004D2A17 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX
004D2A1A 6A 00 PUSH 0
004D2A1C 6A 00 PUSH 0
004D2A1E 6A 08 PUSH 8
004D2A20 6A 20 PUSH 20
004D2A22 6A 08 PUSH 8
004D2A24 8B5D F8 MOV EBX,DWORD PTR SS:[EBP-8]
004D2A27 53 PUSH EBX
004D2A28 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004D2A2B E8 40CCF8FF CALL WaGan.0045F670
004D2A30 50 PUSH EAX
004D2A31 E8 30010000 CALL WaGan.004D2B66
004D2A36 6A 00 PUSH 0
004D2A38 6A 00 PUSH 0
004D2A3A 6A 00 PUSH 0
004D2A3C 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004D2A3F E8 2CCCF8FF CALL WaGan.0045F670
004D2A44 50 PUSH EAX
004D2A45 B9 F05D4B00 MOV ECX,WaGan.004B5DF0
004D2A4A E8 404DF8FF CALL WaGan.0045778F
004D2A4F 6A 01 PUSH 1
004D2A51 6A 0E PUSH 0E
004D2A53 6A 00 PUSH 0
004D2A55 6A 08 PUSH 8
004D2A57 6A 01 PUSH 1
004D2A59 8B5D F8 MOV EBX,DWORD PTR SS:[EBP-8]
004D2A5C 53 PUSH EBX
004D2A5D 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
004D2A60 50 PUSH EAX
004D2A61 E8 00010000 CALL WaGan.004D2B66
004D2A66 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004D2A69 6BC0 19 IMUL EAX,EAX,19
004D2A6C 05 40114A00 ADD EAX,WaGan.004A1140
004D2A71 50 PUSH EAX
004D2A72 68 C0545500 PUSH WaGan.005554C0
004D2A77 6A 02 PUSH 2
004D2A79 E8 1BCCF5FF CALL WaGan.0042F699
004D2A7E 83C4 0C ADD ESP,0C
004D2A81 8BE5 MOV ESP,EBP
004D2A83 5D POP EBP
004D2A84 C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:14 标题: 战场获得物品的动画和音效及前期参数处理分析
Ecx:45991B
+18: 1
+14 
ata序号
+10: 1表示要显示动作
+C:0--表示无经验
+8 :物品Data序号
0045991B /$ 55 PUSH EBP
0045991C |. 8BEC MOV EBP,ESP
0045991E |. 6A FF PUSH -1
00459920 |. 68 C4564800 PUSH WaGan.004856C4 ; SE 处理程序安装
00459925 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
0045992B |. 50 PUSH EAX
0045992C |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
00459933 |. 81EC 300A0000 SUB ESP,0A30
00459939 |. 898D C8F5FFFF MOV DWORD PTR SS:[EBP-A38],ECX
0045993F |. C785 ECFEFFFF>MOV DWORD PTR SS:[EBP-114],0FFFF
00459949 |. 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
0045994F |. E8 5C99FAFF CALL WaGan.004032B0
jmp 00459A8F
00459954 |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0045995B |. 837D 10 00 CMP DWORD PTR SS:[EBP+10],0 等于0表示无动作
0045995F |. 0F84 AF020000 JE WaGan.00459C14 跳转等于结束
00459965 |. 817D 14 00020>CMP DWORD PTR SS:[EBP+14],200
0045996C |. 0F83 B6000000 JNB WaGan.00459A28 Data人物大于512跳开
00459972 |. C685 E8FEFFFF>MOV BYTE PTR SS:[EBP-118],0
00459979 |. EB 0E JMP SHORT WaGan.00459989
0045997B |> 8A85 E8FEFFFF /MOV AL,BYTE PTR SS:[EBP-118]
00459981 |. 04 01 |ADD AL,1
00459983 |. 8885 E8FEFFFF |MOV BYTE PTR SS:[EBP-118],AL
00459989 |> 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-118]
0045998F |. 81E1 FF000000 |AND ECX,0FF
00459995 |. 83F9 73 |CMP ECX,73 比较前115个战场人物,非1战场人物的没有用
00459998 |. 0F8D 88000000 |JGE WaGan.00459A26
0045999E |. 8B8D E8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-118]
004599A4 |. 81E1 FF000000 |AND ECX,0FF
004599AA |. 6BC9 24 |IMUL ECX,ECX,24
004599AD |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004599B3 |. E8 B85C0000 |CALL WaGan.0045F670 获取武将ecx的data编号
004599B8 |. 3B45 14 |CMP EAX,DWORD PTR SS:[EBP+14]
004599BB |. 75 64 |JNZ SHORT WaGan.00459A21 不相等,下个循环
004599BD |. 8B8D E8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-118] -118是战场人物编号
004599C3 |. 81E1 FF000000 |AND ECX,0FF
004599C9 |. 6BC9 24 |IMUL ECX,ECX,24
004599CC |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004599D2 |. E8 B9F2FBFF |CALL WaGan.00418C90 取+C字节
004599D7 |. 25 FF000000 |AND EAX,0FF
004599DC |. 83F8 02 |CMP EAX,2
004599DF |. 75 40 |JNZ SHORT WaGan.00459A21 不等于2跳掉,等于2为出场,不等于为隐藏
004599E1 |. 8B8D E8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-118]
004599E7 |. 81E1 FF000000 |AND ECX,0FF
004599ED |. 6BC9 24 |IMUL ECX,ECX,24
004599F0 |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004599F6 |. E8 95920100 |CALL WaGan.00472C90 返回武将ecx的当前体力
004599FB |. 85C0 |TEST EAX,EAX
004599FD |. 76 22 |JBE SHORT WaGan.00459A21 小于0,则为已经撤退的,跳掉
004599FF |. 8B8D E8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-118]
00459A05 |. 81E1 FF000000 |AND ECX,0FF
00459A0B |. 6BC9 24 |IMUL ECX,ECX,24
00459A0E |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00459A14 |. E8 575C0000 |CALL WaGan.0045F670 获取武将ecx的data编号
00459A19 |. 8985 ECFEFFFF |MOV DWORD PTR SS:[EBP-114],EAX
00459A1F |. EB 05 |JMP SHORT WaGan.00459A26
00459A21 |>^ E9 55FFFFFF \JMP WaGan.0045997B
00459A26 |> EB 3F JMP SHORT WaGan.00459A67
00459A28 |> 817D 14 00040>CMP DWORD PTR SS:[EBP+14],400
00459A2F |. 72 36 JB SHORT WaGan.00459A67 Data小于1024
00459A31 |. 817D 14 03040>CMP DWORD PTR SS:[EBP+14],403
00459A38 |. 77 2D JA SHORT WaGan.00459A67
00459A3A |. 817D 14 03040>CMP DWORD PTR SS:[EBP+14],403
00459A41 |. 75 13 JNZ SHORT WaGan.00459A56
00459A43 |. 8B8D C8F5FFFF MOV ECX,DWORD PTR SS:[EBP-A38]
00459A49 |. E8 A2C6FFFF CALL WaGan.004560F0
00459A4E |. 8985 ECFEFFFF MOV DWORD PTR SS:[EBP-114],EAX
00459A54 |. EB 11 JMP SHORT WaGan.00459A67
00459A56 |> 8B8D C8F5FFFF MOV ECX,DWORD PTR SS:[EBP-A38]
00459A5C |. E8 CAC5FFFF CALL WaGan.0045602B
00459A61 |. 8985 ECFEFFFF MOV DWORD PTR SS:[EBP-114],EAX
00459A67 |> 81BD ECFEFFFF>CMP DWORD PTR SS:[EBP-114],0FFFF
00459A71 |. 0F84 9D010000 JE WaGan.00459C14 结束
00459A77 |. 6A 00 PUSH 0 ; /Arg4 = 00000000
00459A79 |. 6A 00 PUSH 0 ; |Arg3 = 00000000
00459A7B |. 6A 01 PUSH 1 ; |Arg2 = 00000001 举起武器
00459A7D |. 8B95 ECFEFFFF MOV EDX,DWORD PTR SS:[EBP-114] ; |
00459A83 |. 52 PUSH EDX ; |Arg1 人物Data
00459A84 |. 8B8D C8F5FFFF MOV ECX,DWORD PTR SS:[EBP-A38] ; |
00459A8A |. E8 00DDFFFF CALL WaGan.0045778F ; \WaGan.0045778F
00459A8F |. 8B8D ECFEFFFF MOV ECX,DWORD PTR SS:[EBP-114]
00459A95 |. 6BC9 48 IMUL ECX,ECX,48
00459A98 |. 81C1 0000D600 ADD ECX,0D60000
00459A9E |. E8 39E00100 CALL WaGan.00477ADC ; 获取战场形象编号
00459AA3 |. 8885 E8FEFFFF MOV BYTE PTR SS:[EBP-118],AL
00459AA9 |. 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-118]
00459AAF |. 81E1 FF000000 AND ECX,0FF
00459AB5 |. 6BC9 24 IMUL ECX,ECX,24
00459AB8 |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50
00459ABE |. E8 9D98FAFF CALL WaGan.00403360 对Ecx+6
00459AC3 |. 66:8B00 MOV AX,WORD PTR DS:[EAX] 取坐标(纵横)
00459AC6 |. 50 PUSH EAX ; /Arg1
00459AC7 |. E8 B25FFFFF CALL WaGan.0044FA7E ; \WaGan.0044FA7E
00459ACC |. 83C4 04 ADD ESP,4
00459ACF |. 8985 CCF5FFFF MOV DWORD PTR SS:[EBP-A34],EAX 120
00459AD5 |. 8995 D0F5FFFF MOV DWORD PTR SS:[EBP-A30],EDX F8
00459ADB |. 8B8D CCF5FFFF MOV ECX,DWORD PTR SS:[EBP-A34]
00459AE1 |. 898D E0FEFFFF MOV DWORD PTR SS:[EBP-120],ECX
00459AE7 |. 8B95 D0F5FFFF MOV EDX,DWORD PTR SS:[EBP-A30]
00459AED |. 8995 E4FEFFFF MOV DWORD PTR SS:[EBP-11C],EDX
00459AF3 |. 8D85 E0F5FFFF LEA EAX,DWORD PTR SS:[EBP-A20]
00459AF9 |. 50 PUSH EAX
00459AFA |. 6A 30 PUSH 30
00459AFC |. 6A 30 PUSH 30
00459AFE |. 8B8D E4FEFFFF MOV ECX,DWORD PTR SS:[EBP-11C]
00459B04 |. 51 PUSH ECX
00459B05 |. 8B95 E0FEFFFF MOV EDX,DWORD PTR SS:[EBP-120]
00459B0B |. 52 PUSH EDX
00459B0C |. E8 40470200 CALL WaGan.0047E251
00459B11 |. 83C4 14 ADD ESP,14
00459B14 |. 68 F0BB4800 PUSH WaGan.0048BBF0 ; /Arg1 = 0048BBF0 ASCII "Item.WA"
00459B19 |. 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110] ; |
00459B1F |. E8 1160FCFF CALL WaGan.0041FB35 ; \WaGan.0041FB35 打开Item.e5这个文件,句柄放-110
00459B24 |. 6A 04 PUSH 4 ; /Arg3 = 00000004
00459B26 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
00459B28 |. 68 00690000 PUSH 6900 ; |Arg1 = 00006900
00459B2D |. B9 C8E44A00 MOV ECX,WaGan.004AE4C8 ; |
00459B32 |. E8 095F0200 CALL WaGan.0047FA40 ; \WaGan.0047FA40 读文件信息,写在4ae4c8处
00459B37 |. 50 PUSH EAX ; /Arg2
00459B38 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; |
00459B3B |. 50 PUSH EAX ; |Arg1 物品Data号
00459B3C |. 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110] ; |
00459B42 |. E8 4261FCFF CALL WaGan.0041FC89 ; \WaGan.0041FC89 ???
00459B47 |. 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
00459B4D |. E8 73F7FBFF CALL WaGan.004192C5 关闭Item.e5这个文件文件
00459B52 |. 6A 01 PUSH 1 ; /Arg2 = 00000001
00459B54 |. 6A 0E PUSH 0E ; |Arg1 = 0000000E
00459B56 |. B9 B0694B00 MOV ECX,WaGan.004B69B0 ; |
00459B5B |. E8 1AAB0100 CALL WaGan.0047467A ; \WaGan.0047467A
00459B60 |. C785 DCF5FFFF>MOV DWORD PTR SS:[EBP-A24],0
画动画
00459B6A |. EB 0F JMP SHORT WaGan.00459B7B
00459B6C |> 8B8D DCF5FFFF /MOV ECX,DWORD PTR SS:[EBP-A24]
00459B72 |. 83C1 01 |ADD ECX,1
00459B75 |. 898D DCF5FFFF |MOV DWORD PTR SS:[EBP-A24],ECX
00459B7B |> 83BD DCF5FFFF> CMP DWORD PTR SS:[EBP-A24],8
00459B82 |. 73 7F |JNB SHORT WaGan.00459C03
00459B84 |. E8 524AFCFF |CALL WaGan.0041E5DB
00459B89 |. 6A 04 |PUSH 4 ; /Arg6 = 00000004
00459B8B |. 8D95 E0F5FFFF |LEA EDX,DWORD PTR SS:[EBP-A20] ; |
00459B91 |. 52 |PUSH EDX ; |Arg5
00459B92 |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
00459B94 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00459B96 |. 8B85 E4FEFFFF |MOV EAX,DWORD PTR SS:[EBP-11C] ; |
00459B9C |. 50 |PUSH EAX ; |Arg2
00459B9D |. 8B8D E0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-120] ; |
00459BA3 |. 51 |PUSH ECX ; |Arg1
00459BA4 |. E8 6A7DFFFF |CALL WaGan.00451913 ; \WaGan.00451913
00459BA9 |. 83C4 18 |ADD ESP,18
00459BAC |. 6A 04 |PUSH 4 ; /Arg6 = 00000004
00459BAE |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00459BB0 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00459BB2 |. 68 00690000 |PUSH 6900 ; ||Arg1 = 00006900
00459BB7 |. B9 C8E44A00 |MOV ECX,WaGan.004AE4C8 ; ||
00459BBC |. E8 7F5E0200 |CALL WaGan.0047FA40 ; |\WaGan.0047FA40
00459BC1 |. 50 |PUSH EAX ; |Arg5
00459BC2 |. 6A 20 |PUSH 20 ; |Arg4 = 00000020
00459BC4 |. 6A 20 |PUSH 20 ; |Arg3 = 00000020
00459BC6 |. 8B95 E4FEFFFF |MOV EDX,DWORD PTR SS:[EBP-11C] ; |
00459BCC |. 83C2 07 |ADD EDX,7 ; |
00459BCF |. 2B95 DCF5FFFF |SUB EDX,DWORD PTR SS:[EBP-A24] ; |
00459BD5 |. 52 |PUSH EDX ; |Arg2
00459BD6 |. 8B85 E0FEFFFF |MOV EAX,DWORD PTR SS:[EBP-120] ; |
00459BDC |. 83C0 08 |ADD EAX,8 ; |
00459BDF |. 50 |PUSH EAX ; |Arg1
00459BE0 |. E8 2E7DFFFF |CALL WaGan.00451913 ; \WaGan.00451913
00459BE5 |. 83C4 18 |ADD ESP,18
00459BE8 |. 6A 01 |PUSH 1 ; /Arg1 = 00000001
00459BEA |. B9 181B4B00 |MOV ECX,WaGan.004B1B18 ; |
00459BEF |. E8 4C97FAFF |CALL WaGan.00403340 ; \WaGan.00403340
00459BF4 |. E8 E728FDFF |CALL WaGan.0042C4E0
00459BF9 |. E8 F849FCFF |CALL WaGan.0041E5F6
00459BFE |.^ E9 69FFFFFF \JMP WaGan.00459B6C
一段动画的代码
[EBP-A24]:控制循环的变量
00459B60 |. C785 DCF5FFFF>MOV DWORD PTR SS:[EBP-A24],0
00459B6A |. EB 0F JMP SHORT WaGan.00459B7B
00459B6C |> 8B8D DCF5FFFF /MOV ECX,DWORD PTR SS:[EBP-A24]
00459B72 |. 83C1 01 |ADD ECX,1 递增
00459B75 |. 898D DCF5FFFF |MOV DWORD PTR SS:[EBP-A24],ECX
00459B7B |> 83BD DCF5FFFF> CMP DWORD PTR SS:[EBP-A24],8
00459B82 |. 73 7F |JNB SHORT WaGan.00459C03 不小于等于则转移,即大于8退出
00459B84 |. E8 524AFCFF |CALL WaGan.0041E5DB
00459B89 |. 6A 04 |PUSH 4 ; /Arg6 = 00000004
00459B8B |. 8D95 E0F5FFFF |LEA EDX,DWORD PTR SS:[EBP-A20] ; |
00459B91 |. 52 |PUSH EDX ; |Arg5
00459B92 |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
00459B94 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00459B96 |. 8B85 E4FEFFFF |MOV EAX,DWORD PTR SS:[EBP-11C] ; |
00459B9C |. 50 |PUSH EAX ; |Arg2
00459B9D |. 8B8D E0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-120] ; |
00459BA3 |. 51 |PUSH ECX ; |Arg1
00459BA4 |. E8 6A7DFFFF |CALL WaGan.00451913 ; \WaGan.00451913
00459BA9 |. 83C4 18 |ADD ESP,18
00459BAC |. 6A 04 |PUSH 4 ; /Arg6 = 00000004
00459BAE |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00459BB0 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00459BB2 |. 68 00690000 |PUSH 6900 ; ||Arg1 = 00006900
00459BB7 |. B9 C8E44A00 |MOV ECX,WaGan.004AE4C8 ; ||
00459BBC |. E8 7F5E0200 |CALL WaGan.0047FA40 ; |\WaGan.0047FA40
00459BC1 |. 50 |PUSH EAX ; |Arg5
00459BC2 |. 6A 20 |PUSH 20 ; |Arg4 = 00000020
00459BC4 |. 6A 20 |PUSH 20 ; |Arg3 = 00000020
00459BC6 |. 8B95 E4FEFFFF |MOV EDX,DWORD PTR SS:[EBP-11C] ; |
00459BCC |. 83C2 07 |ADD EDX,7 ; |
00459BCF |. 2B95 DCF5FFFF |SUB EDX,DWORD PTR SS:[EBP-A24] ; |
00459BD5 |. 52 |PUSH EDX ; |Arg2
00459BD6 |. 8B85 E0FEFFFF |MOV EAX,DWORD PTR SS:[EBP-120] ; |
00459BDC |. 83C0 08 |ADD EAX,8 ; |
00459BDF |. 50 |PUSH EAX ; |Arg1
00459BE0 |. E8 2E7DFFFF |CALL WaGan.00451913 ; \WaGan.00451913
00459BE5 |. 83C4 18 |ADD ESP,18
00459BE8 |. 6A 01 |PUSH 1 ; /Arg1 = 00000001
00459BEA |. B9 181B4B00 |MOV ECX,WaGan.004B1B18 ; |
00459BEF |. E8 4C97FAFF |CALL WaGan.00403340 ; \WaGan.00403340
00459BF4 |. E8 E728FDFF |CALL WaGan.0042C4E0
00459BF9 |. E8 F849FCFF |CALL WaGan.0041E5F6 绘图
00459BFE |.^ E9 69FFFFFF \JMP WaGan.00459B6C
00459C03 |> 6A 05 PUSH 5 ; /Arg1 = 00000005
00459C03 6A 05 PUSH 5
00459C05 B9 181B4B00 MOV ECX,WaGan.004B1B18
00459C0A |. E8 3197FAFF CALL WaGan.00403340 ; \WaGan.00403340
00459C0F |. E8 CC28FDFF CALL WaGan.0042C4E0
作者:
岱瀛 时间: 2007-12-30 21:15 标题: 战场地图文字显示(这个也是我自己新写的函数)
+8 文字地址
MOV ECX,4B3D08
004D6366 55 PUSH EBP
004D6367 8BEC MOV EBP,ESP
004D6369 83EC 40 SUB ESP,40
004D636C 894D C0 MOV DWORD PTR SS:[EBP-40],ECX
004D636F B9 50424B00 MOV ECX,WaGan.004B4250
004D6374 E8 CBFAF7FF CALL WaGan.00455E44
004D6379 99 CDQ
004D637A B9 30000000 MOV ECX,30
004D637F F7F9 IDIV ECX
004D6381 8845 E4 MOV BYTE PTR SS:[EBP-1C],AL
004D6384 B9 50424B00 MOV ECX,WaGan.004B4250
004D6389 E8 DDFAF7FF CALL WaGan.00455E6B
004D638E 99 CDQ
004D638F B9 30000000 MOV ECX,30
004D6394 F7F9 IDIV ECX
004D6396 8845 E0 MOV BYTE PTR SS:[EBP-20],AL
004D6399 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
004D639C 81E1 FF000000 AND ECX,0FF
004D63A2 6BC9 30 IMUL ECX,ECX,30
004D63A5 81F9 C0030000 CMP ECX,3C0
004D63AB 7C 10 JL SHORT WaGan.004D63BD
004D63AD C745 D8 4000000>MOV DWORD PTR SS:[EBP-28],40
004D63B4 C745 C4 0200000>MOV DWORD PTR SS:[EBP-3C],2
004D63BB EB 32 JMP SHORT WaGan.004D63EF
004D63BD 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
004D63C0 81E2 FF000000 AND EDX,0FF
004D63C6 6BD2 30 IMUL EDX,EDX,30
004D63C9 81FA D0020000 CMP EDX,2D0
004D63CF 7C 10 JL SHORT WaGan.004D63E1
004D63D1 C745 D8 4000000>MOV DWORD PTR SS:[EBP-28],40
004D63D8 C745 C4 0200000>MOV DWORD PTR SS:[EBP-3C],2
004D63DF EB 0E JMP SHORT WaGan.004D63EF
004D63E1 C745 D8 3000000>MOV DWORD PTR SS:[EBP-28],30
004D63E8 C745 C4 0100000>MOV DWORD PTR SS:[EBP-3C],1
004D63EF 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
004D63F2 50 PUSH EAX
004D63F3 8B0D 686A4B00 MOV ECX,DWORD PTR DS:[4B6A68]
004D63F9 51 PUSH ECX
004D63FA FF15 EC624800 CALL DWORD PTR DS:[<&USER32.GetClient>; USER32.GetClientRect
004D6400 E8 D681F4FF CALL WaGan.0041E5DB
004D6405 6A 01 PUSH 1
004D6407 FF75 08 PUSH DWORD PTR SS:[EBP+8] 文字
004D640A 33C9 XOR ECX,ECX
004D640C F7D9 NEG ECX
004D640E 1BC9 SBB ECX,ECX
004D6410 83E1 10 AND ECX,10
004D6413 83C1 2A ADD ECX,2A
004D6416 51 PUSH ECX
004D6417 6A 02 PUSH 2
004D6419 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28]
004D641C 52 PUSH EDX
004D641D 83EC 10 SUB ESP,10
004D6420 8BC4 MOV EAX,ESP
004D6422 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
004D6425 8908 MOV DWORD PTR DS:[EAX],ECX
004D6427 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
004D642A 8950 04 MOV DWORD PTR DS:[EAX+4],EDX
004D642D 8B4D 00 MOV ECX,DWORD PTR SS:[EBP]
004D6430 8948 08 MOV DWORD PTR DS:[EAX+8],ECX
004D6433 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
004D6436 8950 0C MOV DWORD PTR DS:[EAX+C],EDX
004D6439 E8 BA88F4FF CALL WaGan.0041ECF8
004D643E 83C4 24 ADD ESP,24
004D6441 6A 01 PUSH 1
004D6443 FF75 08 PUSH DWORD PTR SS:[EBP+8] 文字
004D6446 33D2 XOR EDX,EDX
004D6448 F7DA NEG EDX
004D644A 1BD2 SBB EDX,EDX
004D644C 83E2 11 AND EDX,11
004D644F 83C2 24 ADD EDX,24
004D6452 52 PUSH EDX
004D6453 6A 01 PUSH 1
004D6455 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
004D6458 50 PUSH EAX
004D6459 83EC 10 SUB ESP,10
004D645C 8BCC MOV ECX,ESP
004D645E 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
004D6461 8911 MOV DWORD PTR DS:[ECX],EDX
004D6463 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004D6466 8941 04 MOV DWORD PTR DS:[ECX+4],EAX
004D6469 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
004D646C 8951 08 MOV DWORD PTR DS:[ECX+8],EDX
004D646F 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004D6472 8941 0C MOV DWORD PTR DS:[ECX+C],EAX
004D6475 E8 7E88F4FF CALL WaGan.0041ECF8
004D647A 83C4 24 ADD ESP,24
004D647D 6A 00 PUSH 0
004D647F 6A 12 PUSH 12
004D6481 6A 04 PUSH 4
004D6483 E8 B16DFAFF CALL WaGan.0047D239
004D6488 83C4 0C ADD ESP,0C
004D648B 6A 00 PUSH 0
004D648D 6A 00 PUSH 0
004D648F 6A 01 PUSH 1
004D6491 FF75 08 PUSH DWORD PTR SS:[EBP+8] 文字
004D6494 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
004D6497 50 PUSH EAX
004D6498 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
004D649B 99 CDQ
004D649C 2BC2 SUB EAX,EDX
004D649E D1F8 SAR EAX,1
004D64A0 50 PUSH EAX
004D64A1 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
004D64A4 51 PUSH ECX
004D64A5 E8 0A85F4FF CALL WaGan.0041E9B4
004D64AA 83C4 1C ADD ESP,1C
004D64AD E8 4481F4FF CALL WaGan.0041E5F6
004D64B2 6A 14 PUSH 14
004D64B4 B9 181B4B00 MOV ECX,WaGan.004B1B18
004D64B9 E8 82CEF2FF CALL WaGan.00403340
004D64BE E8 1D60F5FF CALL WaGan.0042C4E0
004D64C3 8B4D C0 MOV ECX,DWORD PTR SS:[EBP-40]
004D64C6 E8 BF43F7FF CALL WaGan.0044A88A
004D64CB B9 50424B00 MOV ECX,WaGan.004B4250
004D64D0 E8 D6B8F7FF CALL WaGan.00451DAB
004D64D5 8BE5 MOV ESP,EBP
004D64D7 5D POP EBP
004D64D8 C2 0400 RETN 4
004D64DB 90 NOP
作者:
岱瀛 时间: 2007-12-30 21:16 标题: 移动的研究
004595C5 |. 52 PUSH EDX ; /Arg2
004595C6 |. 8A45 0C MOV AL,BYTE PTR SS:[EBP+C] ; |
004595C9 |. 50 PUSH EAX ; |Arg1
004595CA |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
004595CD |. E8 BA90FEFF CALL WaGan.0044268C ; \WaGan.0044268C
004595D2 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004595D5 |. E8 4217FEFF CALL WaGan.0043AD1C 移动的画图函数 ()
004595DA |. 8A4D E8 MOV CL,BYTE PTR SS:[EBP-18]
SS:[EBP-14] 武将战场内存地址
SS:[EBP-18]
0043AD1C /$ 55 PUSH EBP
0043AD1D |. 8BEC MOV EBP,ESP
0043AD1F |. 83EC 1C SUB ESP,1C
0043AD22 |. 894D EC MOV DWORD PTR SS:[EBP-14],ECX
0043AD25 |. C645 FC FF MOV BYTE PTR SS:[EBP-4],0FF
0043AD29 |. 68 80000000 PUSH 80 ; /Arg1 = 00000080
0043AD2E |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043AD31 |. E8 BAADFEFF CALL WaGan.00425AF0 ; \WaGan.00425AF0 (80)对Ecx+D的值和80进行比较
0043AD36 |. 85C0 TEST EAX,EAX
0043AD38 |. 74 09 JE SHORT WaGan.0043AD43
0043AD3A |. C745 E8 64000>MOV DWORD PTR SS:[EBP-18],64
0043AD41 |. EB 10 JMP SHORT WaGan.0043AD53
0043AD43 |> 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043AD46 |. E8 044A0000 CALL WaGan.0043F74F
0043AD4B |. 25 FF000000 AND EAX,0FF
0043AD50 |. 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
0043AD53 |> 8A45 E8 MOV AL,BYTE PTR SS:[EBP-18]
0043AD56 |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
0043AD59 |. 8D4D F4 LEA ECX,DWORD PTR SS:[EBP-C]
0043AD5C |. E8 AF490200 CALL WaGan.0045F710
0043AD61 |. C605 382C4B00>MOV BYTE PTR DS:[4B2C38],0FF
0043AD68 |. C705 1C2C4B00>MOV DWORD PTR DS:[4B2C1C],0
0043AD72 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043AD75 |. 8B11 MOV EDX,DWORD PTR DS:[ECX]
0043AD77 |. 52 PUSH EDX ; /Arg1
0043AD78 |. B9 F05D4B00 MOV ECX,WaGan.004B5DF0 ; |
0043AD7D |. E8 CE480200 CALL WaGan.0045F650 ; \WaGan.0045F650
0043AD82 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
0043AD85 |. 33C9 XOR ECX,ECX
0043AD87 |. 8A48 08 MOV CL,BYTE PTR DS:[EAX+8]
0043AD8A |. 81F9 FF000000 CMP ECX,0FF
0043AD90 |. 74 33 JE SHORT WaGan.0043ADC5
0043AD92 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
0043AD95 |. 33C0 XOR EAX,EAX
0043AD97 |. 8A42 08 MOV AL,BYTE PTR DS:[EDX+8]
0043AD9A |. 8BC8 MOV ECX,EAX
0043AD9C |. 6BC9 24 IMUL ECX,ECX,24
0043AD9F |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50
0043ADA5 |. E8 E6DEFDFF CALL WaGan.00418C90
0043ADAA |. 25 FF000000 AND EAX,0FF
0043ADAF |. 83F8 02 CMP EAX,2
0043ADB2 |. 74 11 JE SHORT WaGan.0043ADC5
0043ADB4 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043ADB7 |. C641 08 FF MOV BYTE PTR DS:[ECX+8],0FF
0043ADBB |. 6A 01 PUSH 1 ; /Arg1 = 00000001
0043ADBD |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043ADC0 |. E8 A4780000 CALL WaGan.00442669 ; \WaGan.00442669
0043ADC5 |> 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043ADC8 |. E8 C3DEFDFF CALL WaGan.00418C90
0043ADCD |. 25 FF000000 AND EAX,0FF
0043ADD2 |. 83F8 02 CMP EAX,2
0043ADD5 |. 0F85 2D060000 JNZ WaGan.0043B408
0043ADDB |. 6A 02 PUSH 2 ; /Arg1 = 00000002
0043ADDD |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043ADE0 |. E8 0BADFEFF CALL WaGan.00425AF0 ; \WaGan.00425AF0
0043ADE5 |. 85C0 TEST EAX,EAX
0043ADE7 |. 0F85 1B060000 JNZ WaGan.0043B408
0043ADED |. 6A 08 PUSH 8 ; /Arg1 = 00000008
0043ADEF |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043ADF2 |. E8 E9B8FCFF CALL WaGan.004066E0 ; \WaGan.004066E0
0043ADF7 |. 85C0 TEST EAX,EAX
0043ADF9 |. 0F85 09060000 JNZ WaGan.0043B408
0043ADFF |. 68 FF000000 PUSH 0FF ; /Arg1 = 000000FF
0043AE04 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043AE07 |. E8 7EF4FFFF CALL WaGan.0043A28A ; \WaGan.0043A28A
0043AE0C |. 33D2 XOR EDX,EDX
0043AE0E |. 8A15 242C4B00 MOV DL,BYTE PTR DS:[4B2C24]
0043AE14 |. 83E2 01 AND EDX,1
0043AE17 |. 85D2 TEST EDX,EDX
0043AE19 |. 0F84 91010000 JE WaGan.0043AFB0
0043AE1F |. 68 80000000 PUSH 80 ; /Arg1 = 00000080
0043AE24 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043AE27 |. E8 C4ACFEFF CALL WaGan.00425AF0 ; \WaGan.00425AF0
0043AE2C |. 85C0 TEST EAX,EAX
0043AE2E |. 0F85 7C010000 JNZ WaGan.0043AFB0
0043AE34 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
0043AE37 |. 33C9 XOR ECX,ECX
0043AE39 |. 8A48 04 MOV CL,BYTE PTR DS:[EAX+4]
0043AE3C |. 83F9 23 CMP ECX,23
0043AE3F |. 0F84 6B010000 JE WaGan.0043AFB0
0043AE45 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043AE48 |. E8 C3B8FCFF CALL WaGan.00406710
0043AE4D |. 85C0 TEST EAX,EAX
0043AE4F |. 74 15 JE SHORT WaGan.0043AE66
0043AE51 |. B9 502C4B00 MOV ECX,WaGan.004B2C50
0043AE56 |. E8 0585FCFF CALL WaGan.00403360
0043AE5B |. 50 PUSH EAX ; /Arg1
0043AE5C |. 8D4D F4 LEA ECX,DWORD PTR SS:[EBP-C] ; |
0043AE5F |. E8 3CB7FCFF CALL WaGan.004065A0 ; \WaGan.004065A0
0043AE64 |. EB 2D JMP SHORT WaGan.0043AE93
0043AE66 |> B9 3C314B00 MOV ECX,WaGan.004B313C
0043AE6B |. E8 20DEFDFF CALL WaGan.00418C90
0043AE70 |. 25 FF000000 AND EAX,0FF
0043AE75 |. 83F8 02 CMP EAX,2
0043AE78 |. 75 15 JNZ SHORT WaGan.0043AE8F
0043AE7A |. B9 3C314B00 MOV ECX,WaGan.004B313C
0043AE7F |. E8 DC84FCFF CALL WaGan.00403360
0043AE84 |. 50 PUSH EAX ; /Arg1
0043AE85 |. 8D4D F4 LEA ECX,DWORD PTR SS:[EBP-C] ; |
0043AE88 |. E8 13B7FCFF CALL WaGan.004065A0 ; \WaGan.004065A0
0043AE8D |. EB 04 JMP SHORT WaGan.0043AE93
0043AE8F |> C645 F4 FF MOV BYTE PTR SS:[EBP-C],0FF
0043AE93 |> 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
0043AE96 |. 81E2 FF000000 AND EDX,0FF
0043AE9C |. 81FA FF000000 CMP EDX,0FF
0043AEA2 |. 0F84 F7000000 JE WaGan.0043AF9F
0043AEA8 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
0043AEAB |. 8A48 04 MOV CL,BYTE PTR DS:[EAX+4]
0043AEAE |. 51 PUSH ECX ; /Arg3
0043AEAF |. 6A 0A PUSH 0A ; |Arg2 = 0000000A
0043AEB1 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C] ; |
0043AEB4 |. 52 PUSH EDX ; |Arg1
0043AEB5 |. E8 BED2FFFF CALL WaGan.00438178 ; \WaGan.00438178
0043AEBA |. 83C4 0C ADD ESP,0C
0043AEBD |. 6A 01 PUSH 1 ; /Arg6 = 00000001
0043AEBF |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
0043AEC2 |. 8A48 07 MOV CL,BYTE PTR DS:[EAX+7] ; |
0043AEC5 |. 51 PUSH ECX ; |Arg5
0043AEC6 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
0043AEC9 |. 8A42 06 MOV AL,BYTE PTR DS:[EDX+6] ; |
0043AECC |. 50 PUSH EAX ; |Arg4
0043AECD |. 6A 02 PUSH 2 ; |Arg3 = 00000002
0043AECF |. 68 FF000000 PUSH 0FF ; |Arg2 = 000000FF
0043AED4 |. 8D4D F4 LEA ECX,DWORD PTR SS:[EBP-C] ; |
0043AED7 |. 51 PUSH ECX ; |Arg1
0043AED8 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043AEDB |. E8 28D4FFFF CALL WaGan.00438308 ; \WaGan.00438308
0043AEE0 |. 25 FF000000 AND EAX,0FF
0043AEE5 |. 83F8 01 CMP EAX,1
0043AEE8 |. 74 79 JE SHORT WaGan.0043AF63
0043AEEA |. 6A 00 PUSH 0 ; /Arg6 = 00000000
0043AEEC |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
0043AEEF |. 8A42 07 MOV AL,BYTE PTR DS:[EDX+7] ; |
0043AEF2 |. 50 PUSH EAX ; |Arg5
0043AEF3 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043AEF6 |. 8A51 06 MOV DL,BYTE PTR DS:[ECX+6] ; |
0043AEF9 |. 52 PUSH EDX ; |Arg4
0043AEFA |. 6A 02 PUSH 2 ; |Arg3 = 00000002
0043AEFC |. 68 FF000000 PUSH 0FF ; |Arg2 = 000000FF
0043AF01 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C] ; |
0043AF04 |. 50 PUSH EAX ; |Arg1
0043AF05 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043AF08 |. E8 FBD3FFFF CALL WaGan.00438308 ; \WaGan.00438308
0043AF0D |. 25 FF000000 AND EAX,0FF
0043AF12 |. 3D FF000000 CMP EAX,0FF
0043AF17 |. 74 3C JE SHORT WaGan.0043AF55
0043AF19 |. 6A 01 PUSH 1 ; /Arg4 = 00000001
0043AF1B |. 8A4D F8 MOV CL,BYTE PTR SS:[EBP-8] ; |
0043AF1E |. 51 PUSH ECX ; |Arg3
0043AF1F |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
0043AF22 |. 83C2 06 ADD EDX,6 ; |
0043AF25 |. 52 PUSH EDX ; |Arg2
0043AF26 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C] ; |
0043AF29 |. 50 PUSH EAX ; |Arg1
0043AF2A |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043AF2D |. E8 FCCEFFFF CALL WaGan.00437E2E ; \WaGan.00437E2E
0043AF32 |. 6A 01 PUSH 1 ; /Arg6 = 00000001
0043AF34 |. 68 FF000000 PUSH 0FF ; |Arg5 = 000000FF
0043AF39 |. 68 FF000000 PUSH 0FF ; |Arg4 = 000000FF
0043AF3E |. 6A 04 PUSH 4 ; |Arg3 = 00000004
0043AF40 |. 8A4D F8 MOV CL,BYTE PTR SS:[EBP-8] ; |
0043AF43 |. 51 PUSH ECX ; |Arg2
0043AF44 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
0043AF47 |. 83C2 06 ADD EDX,6 ; |
0043AF4A |. 52 PUSH EDX ; |Arg1
0043AF4B |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043AF4E |. E8 B5D3FFFF CALL WaGan.00438308 ; \WaGan.00438308
0043AF53 |. EB 0C JMP SHORT WaGan.0043AF61
0043AF55 |> 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8]
0043AF58 |. 50 PUSH EAX ; /Arg1
0043AF59 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043AF5C |. E8 68F8FFFF CALL WaGan.0043A7C9 ; \WaGan.0043A7C9
0043AF61 |> EB 3A JMP SHORT WaGan.0043AF9D
0043AF63 |> 6A 01 PUSH 1 ; /Arg4 = 00000001
0043AF65 |. 8A4D F8 MOV CL,BYTE PTR SS:[EBP-8] ; |
0043AF68 |. 51 PUSH ECX ; |Arg3
0043AF69 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
0043AF6C |. 83C2 06 ADD EDX,6 ; |
0043AF6F |. 52 PUSH EDX ; |Arg2
0043AF70 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C] ; |
0043AF73 |. 50 PUSH EAX ; |Arg1
0043AF74 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043AF77 |. E8 B2CEFFFF CALL WaGan.00437E2E ; \WaGan.00437E2E
0043AF7C |. 6A 01 PUSH 1 ; /Arg6 = 00000001
0043AF7E |. 68 FF000000 PUSH 0FF ; |Arg5 = 000000FF
0043AF83 |. 68 FF000000 PUSH 0FF ; |Arg4 = 000000FF
0043AF88 |. 6A 04 PUSH 4 ; |Arg3 = 00000004
0043AF8A |. 8A4D F8 MOV CL,BYTE PTR SS:[EBP-8] ; |
0043AF8D |. 51 PUSH ECX ; |Arg2
0043AF8E |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
0043AF91 |. 83C2 06 ADD EDX,6 ; |
0043AF94 |. 52 PUSH EDX ; |Arg1
0043AF95 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043AF98 |. E8 6BD3FFFF CALL WaGan.00438308 ; \WaGan.00438308
0043AF9D |> EB 0C JMP SHORT WaGan.0043AFAB
0043AF9F |> 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8]
0043AFA2 |. 50 PUSH EAX ; /Arg1
0043AFA3 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043AFA6 |. E8 1EF8FFFF CALL WaGan.0043A7C9 ; \WaGan.0043A7C9
0043AFAB |> E9 A7030000 JMP WaGan.0043B357
0043AFB0 |> 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043AFB3 |. E8 18ABFEFF CALL WaGan.00425AD0
0043AFB8 |. 25 FF000000 AND EAX,0FF
0043AFBD |. 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
0043AFC0 |. 837D E4 04 CMP DWORD PTR SS:[EBP-1C],4
0043AFC4 |. 0F87 8D030000 JA WaGan.0043B357
0043AFCA |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
0043AFCD |. FF248D 0CB443>JMP DWORD PTR DS:[ECX*4+43B40C]
0043B40C . D4AF4300 DD WaGan.0043AFD4
0043B410 . 19B34300 DD WaGan.0043B319
0043B414 . 27B34300 DD WaGan.0043B327
0043B418 . AEB24300 DD WaGan.0043B2AE
0043B41C . D4AF4300 DD WaGan.0043AFD4
0043AFD4 |> 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
0043AFD7 |. 33C0 XOR EAX,EAX
0043AFD9 |. 8A42 08 MOV AL,BYTE PTR DS:[EDX+8]
0043AFDC |. 3D FF000000 CMP EAX,0FF
0043AFE1 |. 0F84 8B000000 JE WaGan.0043B072
0043AFE7 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043AFEA |. 33D2 XOR EDX,EDX
0043AFEC |. 8A51 08 MOV DL,BYTE PTR DS:[ECX+8]
0043AFEF |. 8BCA MOV ECX,EDX
0043AFF1 |. 6BC9 24 IMUL ECX,ECX,24
0043AFF4 |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50
0043AFFA |. E8 6183FCFF CALL WaGan.00403360
0043AFFF |. 50 PUSH EAX ; /Arg1
0043B000 |. 8D4D F4 LEA ECX,DWORD PTR SS:[EBP-C] ; |
0043B003 |. E8 98B5FCFF CALL WaGan.004065A0 ; \WaGan.004065A0
0043B008 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
0043B00B |. 33C9 XOR ECX,ECX
0043B00D |. 8A48 08 MOV CL,BYTE PTR DS:[EAX+8]
0043B010 |. 6BC9 24 IMUL ECX,ECX,24
0043B013 |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50
0043B019 |. E8 B2AAFEFF CALL WaGan.00425AD0
0043B01E |. 25 FF000000 AND EAX,0FF
0043B023 |. 85C0 TEST EAX,EAX
0043B025 |. 74 22 JE SHORT WaGan.0043B049
0043B027 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
0043B02A |. 33C0 XOR EAX,EAX
0043B02C |. 8A42 08 MOV AL,BYTE PTR DS:[EDX+8]
0043B02F |. 8BC8 MOV ECX,EAX
0043B031 |. 6BC9 24 IMUL ECX,ECX,24
0043B034 |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50
0043B03A |. E8 91AAFEFF CALL WaGan.00425AD0
0043B03F |. 25 FF000000 AND EAX,0FF
0043B044 |. 83F8 04 CMP EAX,4
0043B047 |. 75 27 JNZ SHORT WaGan.0043B070
0043B049 |> 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
0043B04C |. 51 PUSH ECX ; /Arg1
0043B04D |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
0043B050 |. 33C0 XOR EAX,EAX ; |
0043B052 |. 8A42 08 MOV AL,BYTE PTR DS:[EDX+8] ; |
0043B055 |. 8BC8 MOV ECX,EAX ; |
0043B057 |. 6BC9 24 IMUL ECX,ECX,24 ; |
0043B05A |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50 ; |
0043B060 |. E8 2B040000 CALL WaGan.0043B490 ; \WaGan.0043B490
0043B065 |. 50 PUSH EAX ; /Arg1
0043B066 |. B9 382C4B00 MOV ECX,WaGan.004B2C38 ; |
0043B06B |. E8 30B5FCFF CALL WaGan.004065A0 ; \WaGan.004065A0
0043B070 |> EB 0F JMP SHORT WaGan.0043B081
0043B072 |> 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043B075 |. 83C1 09 ADD ECX,9
0043B078 |. 51 PUSH ECX ; /Arg1
0043B079 |. 8D4D F4 LEA ECX,DWORD PTR SS:[EBP-C] ; |
0043B07C |. E8 1FB5FCFF CALL WaGan.004065A0 ; \WaGan.004065A0
0043B081 |> 68 80000000 PUSH 80 ; /Arg1 = 00000080
0043B086 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B089 |. E8 62AAFEFF CALL WaGan.00425AF0 ; \WaGan.00425AF0
0043B08E |. 85C0 TEST EAX,EAX
0043B090 |. 0F85 7D010000 JNZ WaGan.0043B213
0043B096 |. 6A 01 PUSH 1 ; /Arg6 = 00000001
0043B098 |. 68 FF000000 PUSH 0FF ; |Arg5 = 000000FF
0043B09D |. 68 FF000000 PUSH 0FF ; |Arg4 = 000000FF
0043B0A2 |. 6A 08 PUSH 8 ; |Arg3 = 00000008
0043B0A4 |. 8A55 F8 MOV DL,BYTE PTR SS:[EBP-8] ; |
0043B0A7 |. 52 PUSH EDX ; |Arg2
0043B0A8 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
0043B0AB |. 83C0 06 ADD EAX,6 ; |
0043B0AE |. 50 PUSH EAX ; |Arg1
0043B0AF |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B0B2 |. E8 51D2FFFF CALL WaGan.00438308 ; \WaGan.00438308
0043B0B7 |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
0043B0BA |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043B0BD |. 33D2 XOR EDX,EDX
0043B0BF |. 8A51 08 MOV DL,BYTE PTR DS:[ECX+8]
0043B0C2 |. 81FA FF000000 CMP EDX,0FF
0043B0C8 |. 74 4F JE SHORT WaGan.0043B119
0043B0CA |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0043B0CD |. 25 FF000000 AND EAX,0FF
0043B0D2 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043B0D5 |. 33D2 XOR EDX,EDX
0043B0D7 |. 8A51 08 MOV DL,BYTE PTR DS:[ECX+8]
0043B0DA |. 3BC2 CMP EAX,EDX
0043B0DC |. 75 3B JNZ SHORT WaGan.0043B119
0043B0DE |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
0043B0E1 |. 8A48 04 MOV CL,BYTE PTR DS:[EAX+4]
0043B0E4 |. 51 PUSH ECX ; /Arg3
0043B0E5 |. 6A 14 PUSH 14 ; |Arg2 = 00000014
0043B0E7 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C] ; |
0043B0EA |. 52 PUSH EDX ; |Arg1
0043B0EB |. E8 88D0FFFF CALL WaGan.00438178 ; \WaGan.00438178
0043B0F0 |. 83C4 0C ADD ESP,0C
0043B0F3 |. 6A 01 PUSH 1 ; /Arg6 = 00000001
0043B0F5 |. 68 FF000000 PUSH 0FF ; |Arg5 = 000000FF
0043B0FA |. 68 FF000000 PUSH 0FF ; |Arg4 = 000000FF
0043B0FF |. 6A 04 PUSH 4 ; |Arg3 = 00000004
0043B101 |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8] ; |
0043B104 |. 50 PUSH EAX ; |Arg2
0043B105 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B108 |. 83C1 06 ADD ECX,6 ; |
0043B10B |. 51 PUSH ECX ; |Arg1
0043B10C |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B10F |. E8 F4D1FFFF CALL WaGan.00438308 ; \WaGan.00438308
0043B114 |. E9 F5000000 JMP WaGan.0043B20E
0043B119 |> 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
0043B11C |. 8A42 04 MOV AL,BYTE PTR DS:[EDX+4]
0043B11F |. 50 PUSH EAX ; /Arg3
0043B120 |. 6A 0A PUSH 0A ; |Arg2 = 0000000A
0043B122 |. 8D4D F4 LEA ECX,DWORD PTR SS:[EBP-C] ; |
0043B125 |. 51 PUSH ECX ; |Arg1
0043B126 |. E8 4DD0FFFF CALL WaGan.00438178 ; \WaGan.00438178
0043B12B |. 83C4 0C ADD ESP,0C
0043B12E |. 6A 01 PUSH 1 ; /Arg6 = 00000001
0043B130 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
0043B133 |. 8A42 07 MOV AL,BYTE PTR DS:[EDX+7] ; |
0043B136 |. 50 PUSH EAX ; |Arg5
0043B137 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B13A |. 8A51 06 MOV DL,BYTE PTR DS:[ECX+6] ; |
0043B13D |. 52 PUSH EDX ; |Arg4
0043B13E |. 6A 02 PUSH 2 ; |Arg3 = 00000002
0043B140 |. 68 FF000000 PUSH 0FF ; |Arg2 = 000000FF
0043B145 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C] ; |
0043B148 |. 50 PUSH EAX ; |Arg1
0043B149 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B14C |. E8 B7D1FFFF CALL WaGan.00438308 ; \WaGan.00438308
0043B151 |. 25 FF000000 AND EAX,0FF
0043B156 |. 83F8 01 CMP EAX,1
0043B159 |. 74 79 JE SHORT WaGan.0043B1D4
0043B15B |. 6A 00 PUSH 0 ; /Arg6 = 00000000
0043B15D |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B160 |. 8A51 07 MOV DL,BYTE PTR DS:[ECX+7] ; |
0043B163 |. 52 PUSH EDX ; |Arg5
0043B164 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
0043B167 |. 8A48 06 MOV CL,BYTE PTR DS:[EAX+6] ; |
0043B16A |. 51 PUSH ECX ; |Arg4
0043B16B |. 6A 02 PUSH 2 ; |Arg3 = 00000002
0043B16D |. 68 FF000000 PUSH 0FF ; |Arg2 = 000000FF
0043B172 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C] ; |
0043B175 |. 52 PUSH EDX ; |Arg1
0043B176 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B179 |. E8 8AD1FFFF CALL WaGan.00438308 ; \WaGan.00438308
0043B17E |. 25 FF000000 AND EAX,0FF
0043B183 |. 3D FF000000 CMP EAX,0FF
0043B188 |. 74 3C JE SHORT WaGan.0043B1C6
0043B18A |. 6A 01 PUSH 1 ; /Arg4 = 00000001
0043B18C |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8] ; |
0043B18F |. 50 PUSH EAX ; |Arg3
0043B190 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B193 |. 83C1 06 ADD ECX,6 ; |
0043B196 |. 51 PUSH ECX ; |Arg2
0043B197 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C] ; |
0043B19A |. 52 PUSH EDX ; |Arg1
0043B19B |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B19E |. E8 8BCCFFFF CALL WaGan.00437E2E ; \WaGan.00437E2E
0043B1A3 |. 6A 01 PUSH 1 ; /Arg6 = 00000001
0043B1A5 |. 68 FF000000 PUSH 0FF ; |Arg5 = 000000FF
0043B1AA |. 68 FF000000 PUSH 0FF ; |Arg4 = 000000FF
0043B1AF |. 6A 04 PUSH 4 ; |Arg3 = 00000004
0043B1B1 |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8] ; |
0043B1B4 |. 50 PUSH EAX ; |Arg2
0043B1B5 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B1B8 |. 83C1 06 ADD ECX,6 ; |
0043B1BB |. 51 PUSH ECX ; |Arg1
0043B1BC |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B1BF |. E8 44D1FFFF CALL WaGan.00438308 ; \WaGan.00438308
0043B1C4 |. EB 0C JMP SHORT WaGan.0043B1D2
0043B1C6 |> 8A55 F8 MOV DL,BYTE PTR SS:[EBP-8]
0043B1C9 |. 52 PUSH EDX ; /Arg1
0043B1CA |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B1CD |. E8 F7F5FFFF CALL WaGan.0043A7C9 ; \WaGan.0043A7C9
0043B1D2 |> EB 3A JMP SHORT WaGan.0043B20E
0043B1D4 |> 6A 01 PUSH 1 ; /Arg4 = 00000001
0043B1D6 |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8] ; |
0043B1D9 |. 50 PUSH EAX ; |Arg3
0043B1DA |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B1DD |. 83C1 06 ADD ECX,6 ; |
0043B1E0 |. 51 PUSH ECX ; |Arg2
0043B1E1 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C] ; |
0043B1E4 |. 52 PUSH EDX ; |Arg1
0043B1E5 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B1E8 |. E8 41CCFFFF CALL WaGan.00437E2E ; \WaGan.00437E2E
0043B1ED |. 6A 01 PUSH 1 ; /Arg6 = 00000001
0043B1EF |. 68 FF000000 PUSH 0FF ; |Arg5 = 000000FF
0043B1F4 |. 68 FF000000 PUSH 0FF ; |Arg4 = 000000FF
0043B1F9 |. 6A 04 PUSH 4 ; |Arg3 = 00000004
0043B1FB |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8] ; |
0043B1FE |. 50 PUSH EAX ; |Arg2
0043B1FF |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B202 |. 83C1 06 ADD ECX,6 ; |
0043B205 |. 51 PUSH ECX ; |Arg1
0043B206 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B209 |. E8 FAD0FFFF CALL WaGan.00438308 ; \WaGan.00438308
0043B20E |> E9 96000000 JMP WaGan.0043B2A9
0043B213 |> 6A 01 PUSH 1 ; /Arg6 = 00000001
0043B215 |. 8A55 F5 MOV DL,BYTE PTR SS:[EBP-B] ; |
0043B218 |. 52 PUSH EDX ; |Arg5
0043B219 |. 8A45 F4 MOV AL,BYTE PTR SS:[EBP-C] ; |
0043B21C |. 50 PUSH EAX ; |Arg4
0043B21D |. 6A 02 PUSH 2 ; |Arg3 = 00000002
0043B21F |. 68 FF000000 PUSH 0FF ; |Arg2 = 000000FF
0043B224 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B227 |. 83C1 06 ADD ECX,6 ; |
0043B22A |. 51 PUSH ECX ; |Arg1
0043B22B |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B22E |. E8 D5D0FFFF CALL WaGan.00438308 ; \WaGan.00438308
0043B233 |. 25 FF000000 AND EAX,0FF
0043B238 |. 83F8 01 CMP EAX,1
0043B23B |. 74 5E JE SHORT WaGan.0043B29B
0043B23D |. 6A 00 PUSH 0 ; /Arg6 = 00000000
0043B23F |. 8A55 F5 MOV DL,BYTE PTR SS:[EBP-B] ; |
0043B242 |. 52 PUSH EDX ; |Arg5
0043B243 |. 8A45 F4 MOV AL,BYTE PTR SS:[EBP-C] ; |
0043B246 |. 50 PUSH EAX ; |Arg4
0043B247 |. 6A 02 PUSH 2 ; |Arg3 = 00000002
0043B249 |. 68 FF000000 PUSH 0FF ; |Arg2 = 000000FF
0043B24E |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B251 |. 83C1 06 ADD ECX,6 ; |
0043B254 |. 51 PUSH ECX ; |Arg1
0043B255 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B258 |. E8 ABD0FFFF CALL WaGan.00438308 ; \WaGan.00438308
0043B25D |. 25 FF000000 AND EAX,0FF
0043B262 |. 85C0 TEST EAX,EAX
0043B264 |. 74 10 JE SHORT WaGan.0043B276
0043B266 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0043B269 |. 52 PUSH EDX ; /Arg1
0043B26A |. B9 202C4B00 MOV ECX,WaGan.004B2C20 ; |
0043B26F |. E8 2CB3FCFF CALL WaGan.004065A0 ; \WaGan.004065A0
0043B274 |. EB 23 JMP SHORT WaGan.0043B299
0043B276 |> 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
0043B279 |. 83C0 06 ADD EAX,6
0043B27C |. 50 PUSH EAX ; /Arg1
0043B27D |. B9 202C4B00 MOV ECX,WaGan.004B2C20 ; |
0043B282 |. E8 19B3FCFF CALL WaGan.004065A0 ; \WaGan.004065A0
0043B287 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043B28A |. 83C1 06 ADD ECX,6
0043B28D |. 51 PUSH ECX ; /Arg1
0043B28E |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B291 |. 83C1 09 ADD ECX,9 ; |
0043B294 |. E8 07B3FCFF CALL WaGan.004065A0 ; \WaGan.004065A0
0043B299 |> EB 0E JMP SHORT WaGan.0043B2A9
0043B29B |> 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0043B29E |. 52 PUSH EDX ; /Arg1
0043B29F |. B9 202C4B00 MOV ECX,WaGan.004B2C20 ; |
0043B2A4 |. E8 F7B2FCFF CALL WaGan.004065A0 ; \WaGan.004065A0
0043B2A9 |> E9 A9000000 JMP WaGan.0043B357
0043B2AE |> 6A 01 PUSH 1 ; /Arg6 = 00000001
0043B2B0 |. 68 FF000000 PUSH 0FF ; |Arg5 = 000000FF
0043B2B5 |. 68 FF000000 PUSH 0FF ; |Arg4 = 000000FF
0043B2BA |. 6A 08 PUSH 8 ; |Arg3 = 00000008
0043B2BC |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8] ; |
0043B2BF |. 50 PUSH EAX ; |Arg2
0043B2C0 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B2C3 |. 83C1 06 ADD ECX,6 ; |
0043B2C6 |. 51 PUSH ECX ; |Arg1
0043B2C7 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B2CA |. E8 39D0FFFF CALL WaGan.00438308 ; \WaGan.00438308
0043B2CF |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
0043B2D2 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0043B2D5 |. 81E2 FF000000 AND EDX,0FF
0043B2DB |. 81FA FF000000 CMP EDX,0FF
0043B2E1 |. 74 23 JE SHORT WaGan.0043B306
0043B2E3 |. 6A 01 PUSH 1 ; /Arg6 = 00000001
0043B2E5 |. 68 FF000000 PUSH 0FF ; |Arg5 = 000000FF
0043B2EA |. 68 FF000000 PUSH 0FF ; |Arg4 = 000000FF
0043B2EF |. 6A 04 PUSH 4 ; |Arg3 = 00000004
0043B2F1 |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8] ; |
0043B2F4 |. 50 PUSH EAX ; |Arg2
0043B2F5 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B2F8 |. 83C1 06 ADD ECX,6 ; |
0043B2FB |. 51 PUSH ECX ; |Arg1
0043B2FC |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B2FF |. E8 04D0FFFF CALL WaGan.00438308 ; \WaGan.00438308
0043B304 |. EB 11 JMP SHORT WaGan.0043B317
0043B306 |> 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
0043B309 |. 83C2 06 ADD EDX,6
0043B30C |. 52 PUSH EDX ; /Arg1
0043B30D |. B9 202C4B00 MOV ECX,WaGan.004B2C20 ; |
0043B312 |. E8 89B2FCFF CALL WaGan.004065A0 ; \WaGan.004065A0
0043B317 |> EB 3E JMP SHORT WaGan.0043B357
0043B319 |> 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8]
0043B31C |. 50 PUSH EAX ; /Arg1
0043B31D |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B320 |. E8 A4F4FFFF CALL WaGan.0043A7C9 ; \WaGan.0043A7C9
0043B325 |. EB 30 JMP SHORT WaGan.0043B357
0043B327 |> 6A 01 PUSH 1 ; /Arg6 = 00000001
0043B329 |. 68 FF000000 PUSH 0FF ; |Arg5 = 000000FF
0043B32E |. 68 FF000000 PUSH 0FF ; |Arg4 = 000000FF
0043B333 |. 6A 04 PUSH 4 ; |Arg3 = 00000004
0043B335 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
0043B337 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B33A |. 83C1 06 ADD ECX,6 ; |
0043B33D |. 51 PUSH ECX ; |Arg1
0043B33E |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B341 |. E8 C2CFFFFF CALL WaGan.00438308 ; \WaGan.00438308
0043B346 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
0043B349 |. 83C2 06 ADD EDX,6
0043B34C |. 52 PUSH EDX ; /Arg1
0043B34D |. B9 202C4B00 MOV ECX,WaGan.004B2C20 ; |
0043B352 |. E8 49B2FCFF CALL WaGan.004065A0 ; \WaGan.004065A0
0043B357 |> 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043B35A |. E8 F7F5FFFF CALL WaGan.0043A956 调用到走路的函数
0043B35F |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043B362 |. E8 EB4E0000 CALL WaGan.00440252
0043B367 |. 68 80000000 PUSH 80 ; /Arg1 = 00000080
0043B36C |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B36F |. E8 7CA7FEFF CALL WaGan.00425AF0 ; \WaGan.00425AF0
0043B374 |. 85C0 TEST EAX,EAX
0043B376 |. 75 67 JNZ SHORT WaGan.0043B3DF
0043B378 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043B37B |. E8 50A7FEFF CALL WaGan.00425AD0
0043B380 |. 25 FF000000 AND EAX,0FF
0043B385 |. 83F8 04 CMP EAX,4
0043B388 |. 74 55 JE SHORT WaGan.0043B3DF
0043B38A |. 33C0 XOR EAX,EAX
0043B38C |. A0 442C4B00 MOV AL,BYTE PTR DS:[4B2C44]
0043B391 |. 3D FF000000 CMP EAX,0FF
0043B396 |. 75 0A JNZ SHORT WaGan.0043B3A2
0043B398 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043B39B |. E8 5BF7FFFF CALL WaGan.0043AAFB
0043B3A0 |. EB 3D JMP SHORT WaGan.0043B3DF
0043B3A2 |> 8A0D 442C4B00 MOV CL,BYTE PTR DS:[4B2C44]
0043B3A8 |. 51 PUSH ECX ; /Arg3
0043B3A9 |. 8A15 282C4B00 MOV DL,BYTE PTR DS:[4B2C28] ; |
0043B3AF |. 52 PUSH EDX ; |Arg2
0043B3B0 |. 6A 02 PUSH 2 ; |Arg1 = 00000002
0043B3B2 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B3B5 |. E8 CE600000 CALL WaGan.00441488 ; \WaGan.00441488
0043B3BA |. A0 442C4B00 MOV AL,BYTE PTR DS:[4B2C44]
0043B3BF |. 50 PUSH EAX ; /Arg1
0043B3C0 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B3C3 |. E8 D1280000 CALL WaGan.0043DC99 ; \WaGan.0043DC99
0043B3C8 |. 33C9 XOR ECX,ECX
0043B3CA |. 8A0D 442C4B00 MOV CL,BYTE PTR DS:[4B2C44]
0043B3D0 |. 83F9 39 CMP ECX,39
0043B3D3 |. 75 0A JNZ SHORT WaGan.0043B3DF
0043B3D5 |. C705 0C424B00>MOV DWORD PTR DS:[4B420C],1
0043B3DF |> 68 80000000 PUSH 80 ; /Arg1 = 00000080
0043B3E4 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B3E7 |. E8 04A7FEFF CALL WaGan.00425AF0 ; \WaGan.00425AF0
0043B3EC |. 85C0 TEST EAX,EAX
0043B3EE |. 75 18 JNZ SHORT WaGan.0043B408
0043B3F0 |. 6A 04 PUSH 4 ; /Arg1 = 00000004
0043B3F2 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B3F5 |. E8 F6A6FEFF CALL WaGan.00425AF0 ; \WaGan.00425AF0
0043B3FA |. 85C0 TEST EAX,EAX
0043B3FC |. 74 0A JE SHORT WaGan.0043B408
0043B3FE |. 6A 02 PUSH 2 ; /Arg1 = 00000002
0043B400 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043B403 |. E8 10730000 CALL WaGan.00442718 ; \WaGan.00442718
0043B408 |> 8BE5 MOV ESP,EBP
0043B40A |. 5D POP EBP
0043B40B \. C3 RETN
43A956函数
移动的循环
0043A956 /$ 55 PUSH EBP
0043A957 |. 8BEC MOV EBP,ESP
0043A959 |. 83EC 18 SUB ESP,18
0043A95C |. 894D E8 MOV DWORD PTR SS:[EBP-18],ECX 移动武将战场内地址
0043A95F |. 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]
0043A962 |. E8 A94D0200 CALL WaGan.0045F710
0043A967 |. C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
0043A96B |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
0043A96E |. E8 1DE3FDFF CALL WaGan.00418C90 判断下武将是否可见
0043A973 |. 25 FF000000 AND EAX,0FF
0043A978 |. 83F8 02 CMP EAX,2
0043A97B |. 75 26 JNZ SHORT WaGan.0043A9A3 不可见,直接Over掉
0043A97D |. 33C0 XOR EAX,EAX
0043A97F |. A0 202C4B00 MOV AL,BYTE PTR DS:[4B2C20] 4B2C20存放最终移动目标地址 (横坐标)
0043A984 |. 3D FF000000 CMP EAX,0FF
0043A989 |. 74 18 JE SHORT WaGan.0043A9A3
0043A98B |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
0043A98E |. 83C1 06 ADD ECX,6
0043A991 |. 51 PUSH ECX ; /Arg2 移动武将战场坐标地址
0043A992 |. 68 202C4B00 PUSH WaGan.004B2C20 ; |Arg1 = 004B2C20 最终移动目标地址
0043A997 |. E8 840A0000 CALL WaGan.0043B420 ; \WaGan.0043B420 比较两坐标是否相等,相等返回1,不等返回0
0043A99C |. 83C4 08 ADD ESP,8
0043A99F |. 85C0 TEST EAX,EAX
0043A9A1 |. 74 05 JE SHORT WaGan.0043A9A8
0043A9A3 |> E9 4F010000 JMP WaGan.0043AAF7
0043A9A8 |> 6A 00 PUSH 0 ; /Arg4 = 00000000
0043A9AA |. 68 FF000000 PUSH 0FF ; |Arg3 = 000000FF
0043A9AF |. 68 202C4B00 PUSH WaGan.004B2C20 ; |Arg2 = 004B2C20
0043A9B4 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18] ; |
0043A9B7 |. 83C2 06 ADD EDX,6 ; |
0043A9BA |. 52 PUSH EDX ; |Arg1
0043A9BB |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
0043A9BE |. E8 6BD4FFFF CALL WaGan.00437E2E ; \WaGan.00437E2E 求出移动路径(是一个朝向的队列)
0043A9C3 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX 在这里变化
0043A9C6 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0043A9C9 |. 33C9 XOR ECX,ECX
0043A9CB |. 8A08 MOV CL,BYTE PTR DS:[EAX]
0043A9CD |. 81F9 FF000000 CMP ECX,0FF
0043A9D3 |. 75 05 JNZ SHORT WaGan.0043A9DA
0043A9D5 |. E9 1D010000 JMP WaGan.0043AAF7
0043A9DA |> 68 80000000 PUSH 80 ; /Arg1 = 00000080
0043A9DF |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
0043A9E2 |. E8 09B1FEFF CALL WaGan.00425AF0 ; \WaGan.00425AF0
0043A9E7 |. 85C0 TEST EAX,EAX
0043A9E9 |. 74 1A JE SHORT WaGan.0043AA05
0043A9EB |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
0043A9EE |. 8A42 07 MOV AL,BYTE PTR DS:[EDX+7]
0043A9F1 |. 50 PUSH EAX ; /Arg2 纵坐标
0043A9F2 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
0043A9F5 |. 8A51 06 MOV DL,BYTE PTR DS:[ECX+6] ; |
0043A9F8 |. 52 PUSH EDX ; |Arg1 横坐标
0043A9F9 |. B9 50424B00 MOV ECX,WaGan.004B4250 ; |
0043A9FE |. E8 3CA60100 CALL WaGan.0045503F ; \WaGan.0045503F
0043AA03 |. EB 14 JMP SHORT WaGan.0043AA19
0043AA05 |> 68 FF000000 PUSH 0FF ; /Arg3 = 000000FF
0043AA0A |. 68 FF000000 PUSH 0FF ; |Arg2 = 000000FF
0043AA0F |. 6A 00 PUSH 0 ; |Arg1 = 00000000
0043AA11 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
0043AA14 |. E8 6F6A0000 CALL WaGan.00441488 ; \WaGan.00441488
0043AA19 |> 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
0043AA1C |. E8 C3800000 CALL WaGan.00442AE4
0043AA21 |. C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0043AA28 |. /EB 09 JMP SHORT WaGan.0043AA33
0043AA2A |> |8B45 F4 /MOV EAX,DWORD PTR SS:[EBP-C]
0043AA2D |. |83C0 01 |ADD EAX,1
0043AA30 |. |8945 F4 |MOV DWORD PTR SS:[EBP-C],EAX
0043AA33 |> \8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] 移动者的战场内存地址
0043AA36 |. 83C1 06 |ADD ECX,6
0043AA39 |. 51 |PUSH ECX ; /Arg2 移动者的坐标地址
0043AA3A |. 68 202C4B00 |PUSH WaGan.004B2C20 ; |Arg1 = 004B2C20 移动目的地的坐标地址
0043AA3F |. E8 DC090000 |CALL WaGan.0043B420 ; \WaGan.0043B420 比较两地址是否相同,是则是到达目的地,返回1
0043AA44 |. 83C4 08 |ADD ESP,8
0043AA47 |. 85C0 |TEST EAX,EAX
0043AA49 |. 75 7F |JNZ SHORT WaGan.0043AACA
0043AA4B |. 8B55 F0 |MOV EDX,DWORD PTR SS:[EBP-10]
0043AA4E |. 0355 F4 |ADD EDX,DWORD PTR SS:[EBP-C]
0043AA51 |. 8A02 |MOV AL,BYTE PTR DS:[EDX] 得出路径的下一步行动朝向
0043AA53 |. 8845 F8 |MOV BYTE PTR SS:[EBP-8],AL
0043AA56 |. 8A4D F8 |MOV CL,BYTE PTR SS:[EBP-8]
0043AA59 |. 51 |PUSH ECX ; /Arg2 朝向
0043AA5A |. 8B55 E8 |MOV EDX,DWORD PTR SS:[EBP-18] ; |
0043AA5D |. 83C2 06 |ADD EDX,6 ; | 当前坐标
0043AA60 |. 52 |PUSH EDX ; |Arg1
0043AA61 |. E8 8FAFFFFF |CALL WaGan.004359F5 ; \WaGan.004359F5 得出下一移动坐标
0043AA66 |. 83C4 08 |ADD ESP,8
0043AA69 |. 50 |PUSH EAX ; /Arg1
0043AA6A |. 8D4D EC |LEA ECX,DWORD PTR SS:[EBP-14] ; |
0043AA6D |. E8 2EBBFCFF |CALL WaGan.004065A0 ; \WaGan.004065A0
0043AA72 |. 8B45 EC |MOV EAX,DWORD PTR SS:[EBP-14]
0043AA75 |. 25 FF000000 |AND EAX,0FF
0043AA7A |. 3D FF000000 |CMP EAX,0FF
0043AA7F |. 75 02 |JNZ SHORT WaGan.0043AA83
0043AA81 |.^ EB A7 |JMP SHORT WaGan.0043AA2A
0043AA83 |> 8A4D F8 |MOV CL,BYTE PTR SS:[EBP-8]
0043AA86 |. 51 |PUSH ECX ; /Arg1
0043AA87 |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18] ; |
0043AA8A |. E8 8C750000 |CALL WaGan.0044201B ; \WaGan.0044201B 移动
0043AA8F |. 8D55 EC |LEA EDX,DWORD PTR SS:[EBP-14]
0043AA92 |. 52 |PUSH EDX ; /Arg1
0043AA93 |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18] ; |
0043AA96 |. 83C1 06 |ADD ECX,6 ; |
0043AA99 |. E8 02BBFCFF |CALL WaGan.004065A0 ; \WaGan.004065A0 设置移动者的坐标
0043AA9E |. 68 80000000 |PUSH 80 ; /Arg1 = 00000080
0043AAA3 |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18] ; |
0043AAA6 |. E8 45B0FEFF |CALL WaGan.00425AF0 ; \WaGan.00425AF0
0043AAAB |. 85C0 |TEST EAX,EAX
0043AAAD |. 75 16 |JNZ SHORT WaGan.0043AAC5
0043AAAF |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
0043AAB2 |. 25 FF000000 |AND EAX,0FF
0043AAB7 |. 83F8 64 |CMP EAX,64
0043AABA |. 7C 09 |JL SHORT WaGan.0043AAC5
0043AABC |. 8A4D FC |MOV CL,BYTE PTR SS:[EBP-4]
0043AABF |. 80C1 01 |ADD CL,1
0043AAC2 |. 884D FC |MOV BYTE PTR SS:[EBP-4],CL
0043AAC5 |>^ E9 60FFFFFF \JMP WaGan.0043AA2A
0043AACA |> \68 80000000 PUSH 80 ; /Arg1 = 00000080
0043AACF |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
0043AAD2 |. E8 19B0FEFF CALL WaGan.00425AF0 ; \WaGan.00425AF0
0043AAD7 |. 85C0 TEST EAX,EAX
0043AAD9 |. 75 0A JNZ SHORT WaGan.0043AAE5
0043AADB |. 6A 04 PUSH 4 ; /Arg1 = 00000004
0043AADD |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
0043AAE0 |. E8 337C0000 CALL WaGan.00442718 ; \WaGan.00442718
0043AAE5 |> 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
0043AAE8 |. E8 CE7F0000 CALL WaGan.00442ABB
0043AAED |. B9 083D4B00 MOV ECX,WaGan.004B3D08
0043AAF2 |. E8 93FD0000 CALL WaGan.0044A88A
0043AAF7 |> 8BE5 MOV ESP,EBP
0043AAF9 |. 5D POP EBP
0043AAFA \. C3 RETN
求移动路径的函数
+C 移动者的坐标地址
+8 移动目的地的坐标地址
SS:[EBP-50] 移动者的战场内存地址
SS:[EBP-8] 记录是否是剧本移动 是为1,非为0
SS:[EBP-14] 记录移动者是否是敌人
00437E2E /$ 55 PUSH EBP
00437E2F |. 8BEC MOV EBP,ESP
00437E31 |. 83EC 50 SUB ESP,50
00437E34 |. 894D B0 MOV DWORD PTR SS:[EBP-50],ECX
00437E37 |. 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
00437E3A |. E8 D1780200 CALL WaGan.0045F710
00437E3F |. 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
00437E42 |. E8 C9780200 CALL WaGan.0045F710
00437E47 |. C745 E0 01000>MOV DWORD PTR SS:[EBP-20],1
00437E4E |. 68 80000000 PUSH 80 ; /Arg1 = 00000080 (80是剧本移动,00是手工控制移动)
00437E53 |. 8B4D B0 MOV ECX,DWORD PTR SS:[EBP-50] ; |
00437E56 |. E8 95DCFEFF CALL WaGan.00425AF0 ; \WaGan.00425AF0 (80)对Ecx+D的值和80进行比较,相同返回1
00437E5B |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
00437E5E |. 8B4D B0 MOV ECX,DWORD PTR SS:[EBP-50]
00437E61 |. E8 AAE8FCFF CALL WaGan.00406710 判断武将ecx是否大于23,返回1表示是非敌军,返回0表示敌人
00437E66 |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX
00437E69 |. 6A 04 PUSH 4 ; /Arg3 = 00000004
00437E6B |. 6A 00 PUSH 0 ; |Arg2 = 00000000
00437E6D |. 6A 00 PUSH 0 ; |Arg1 = 00000000
00437E6F |. B9 38EB4A00 MOV ECX,WaGan.004AEB38 ; |
00437E74 |. E8 C77B0400 CALL WaGan.0047FA40 ; \WaGan.0047FA40
00437E79 |. 05 00190000 ADD EAX,1900
00437E7E |. 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
00437E81 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00437E84 |. 50 PUSH EAX ; /Arg1
00437E85 |. E8 FAD9FFFF CALL WaGan.00435884 ; \WaGan.00435884 获取目标位置上人的战场编号
00437E8A |. 83C4 04 ADD ESP,4
00437E8D |. 8845 F0 MOV BYTE PTR SS:[EBP-10],AL
00437E90 |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
00437E93 |. 51 PUSH ECX ; /Arg1
00437E94 |. 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24] ; |
00437E97 |. E8 04E7FCFF CALL WaGan.004065A0 ; \WaGan.004065A0
00437E9C |. 8A55 10 MOV DL,BYTE PTR SS:[EBP+10]
00437E9F |. 8855 E8 MOV BYTE PTR SS:[EBP-18],DL
00437EA2 |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
00437EA9 |. EB 09 JMP SHORT WaGan.00437EB4
00437EAB |> 8B45 FC /MOV EAX,DWORD PTR SS:[EBP-4]
00437EAE |. 83C0 01 |ADD EAX,1
00437EB1 |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
00437EB4 |> 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00437EB7 |. 51 |PUSH ECX ; /Arg2
00437EB8 |. 8D55 DC |LEA EDX,DWORD PTR SS:[EBP-24] ; |
00437EBB |. 52 |PUSH EDX ; |Arg1
00437EBC |. E8 5F350000 |CALL WaGan.0043B420 ; \WaGan.0043B420
00437EC1 |. 83C4 08 |ADD ESP,8
00437EC4 |. 85C0 |TEST EAX,EAX
00437EC6 |. 0F85 A7010000 |JNZ WaGan.00438073
00437ECC |. 837D E0 00 |CMP DWORD PTR SS:[EBP-20],0
00437ED0 |. 0F84 9D010000 |JE WaGan.00438073
00437ED6 |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
00437ED8 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
00437EDA |. 6A 00 |PUSH 0 ; |Arg1 = 00000000
00437EDC |. B9 38EB4A00 |MOV ECX,WaGan.004AEB38 ; |
00437EE1 |. E8 5A7B0400 |CALL WaGan.0047FA40 ; \WaGan.0047FA40
00437EE6 |. 8B4D DC |MOV ECX,DWORD PTR SS:[EBP-24]
00437EE9 |. 81E1 FF000000 |AND ECX,0FF
00437EEF |. 8D9408 C01200>|LEA EDX,DWORD PTR DS:[EAX+ECX+12C0]
00437EF6 |. 8B45 DD |MOV EAX,DWORD PTR SS:[EBP-23]
00437EF9 |. 25 FF000000 |AND EAX,0FF
00437EFE |. 33C9 |XOR ECX,ECX
00437F00 |. 8A0D 2C424B00 |MOV CL,BYTE PTR DS:[4B422C]
00437F06 |. 0FAFC1 |IMUL EAX,ECX
00437F09 |. 8A1402 |MOV DL,BYTE PTR DS:[EDX+EAX]
00437F0C |. 8855 CC |MOV BYTE PTR SS:[EBP-34],DL
00437F0F |. C645 D4 FF |MOV BYTE PTR SS:[EBP-2C],0FF
00437F13 |. 8A45 CC |MOV AL,BYTE PTR SS:[EBP-34]
00437F16 |. 8845 C0 |MOV BYTE PTR SS:[EBP-40],AL
00437F19 |. C645 C4 00 |MOV BYTE PTR SS:[EBP-3C],0
00437F1D |. EB 09 |JMP SHORT WaGan.00437F28
00437F1F |> 8A4D C4 |/MOV CL,BYTE PTR SS:[EBP-3C]
00437F22 |. 80C1 01 ||ADD CL,1
00437F25 |. 884D C4 ||MOV BYTE PTR SS:[EBP-3C],CL
00437F28 |> 8B55 C4 | MOV EDX,DWORD PTR SS:[EBP-3C]
00437F2B |. 81E2 FF000000 ||AND EDX,0FF
00437F31 |. 83FA 04 ||CMP EDX,4
00437F34 |. 0F8D EF000000 ||JGE WaGan.00438029
00437F3A |. 8A45 C4 ||MOV AL,BYTE PTR SS:[EBP-3C]
00437F3D |. 50 ||PUSH EAX ; /Arg2
00437F3E |. 8D4D DC ||LEA ECX,DWORD PTR SS:[EBP-24] ; |
00437F41 |. 51 ||PUSH ECX ; |Arg1 = 0022FDBC
00437F42 |. E8 AEDAFFFF ||CALL WaGan.004359F5 ; \WaGan.004359F5
00437F47 |. 83C4 08 ||ADD ESP,8
00437F4A |. 50 ||PUSH EAX ; /Arg1
00437F4B |. 8D4D D8 ||LEA ECX,DWORD PTR SS:[EBP-28] ; |
00437F4E |. E8 4DE6FCFF ||CALL WaGan.004065A0 ; \WaGan.004065A0
00437F53 |. 8B55 D8 ||MOV EDX,DWORD PTR SS:[EBP-28]
00437F56 |. 81E2 FF000000 ||AND EDX,0FF
00437F5C |. 81FA FF000000 ||CMP EDX,0FF
00437F62 |. 74 2A ||JE SHORT WaGan.00437F8E
00437F64 |. 8D45 D8 ||LEA EAX,DWORD PTR SS:[EBP-28]
00437F67 |. 50 ||PUSH EAX ; /Arg1
00437F68 |. 8B4D B0 ||MOV ECX,DWORD PTR SS:[EBP-50] ; |
00437F6B |. E8 E9FDFFFF ||CALL WaGan.00437D59 ; \WaGan.00437D59
00437F70 |. 85C0 ||TEST EAX,EAX
00437F72 |. 74 1C ||JE SHORT WaGan.00437F90
00437F74 |. 8B4D 08 ||MOV ECX,DWORD PTR SS:[EBP+8]
00437F77 |. 51 ||PUSH ECX ; /Arg2
00437F78 |. 8D55 D8 ||LEA EDX,DWORD PTR SS:[EBP-28] ; |
00437F7B |. 52 ||PUSH EDX ; |Arg1
00437F7C |. E8 9F340000 ||CALL WaGan.0043B420 ; \WaGan.0043B420
00437F81 |. 83C4 08 ||ADD ESP,8
00437F84 |. 85C0 ||TEST EAX,EAX
00437F86 |. 75 08 ||JNZ SHORT WaGan.00437F90
00437F88 |. 837D F8 00 ||CMP DWORD PTR SS:[EBP-8],0
00437F8C |. 75 02 ||JNZ SHORT WaGan.00437F90
00437F8E |>^ EB 8F ||JMP SHORT WaGan.00437F1F
00437F90 |> 6A 04 ||PUSH 4 ; /Arg3 = 00000004
00437F92 |. 6A 00 ||PUSH 0 ; |Arg2 = 00000000
00437F94 |. 6A 00 ||PUSH 0 ; |Arg1 = 00000000
00437F96 |. B9 38EB4A00 ||MOV ECX,WaGan.004AEB38 ; |
00437F9B |. E8 A07A0400 ||CALL WaGan.0047FA40 ; \WaGan.0047FA40
00437FA0 |. 8B4D D8 ||MOV ECX,DWORD PTR SS:[EBP-28]
00437FA3 |. 81E1 FF000000 ||AND ECX,0FF
00437FA9 |. 8D9408 C01200>||LEA EDX,DWORD PTR DS:[EAX+ECX+12C0]
00437FB0 |. 8B45 D9 ||MOV EAX,DWORD PTR SS:[EBP-27]
00437FB3 |. 25 FF000000 ||AND EAX,0FF
00437FB8 |. 33C9 ||XOR ECX,ECX
00437FBA |. 8A0D 2C424B00 ||MOV CL,BYTE PTR DS:[4B422C]
00437FC0 |. 0FAFC1 ||IMUL EAX,ECX
00437FC3 |. 8A1402 ||MOV DL,BYTE PTR DS:[EDX+EAX]
00437FC6 |. 8855 C8 ||MOV BYTE PTR SS:[EBP-38],DL
00437FC9 |. 8B45 CC ||MOV EAX,DWORD PTR SS:[EBP-34]
00437FCC |. 25 FF000000 ||AND EAX,0FF
00437FD1 |. 8B4D C8 ||MOV ECX,DWORD PTR SS:[EBP-38]
00437FD4 |. 81E1 FF000000 ||AND ECX,0FF
00437FDA |. 3BC1 ||CMP EAX,ECX
00437FDC |. 7E 46 ||JLE SHORT WaGan.00438024
00437FDE |. 8D55 D8 ||LEA EDX,DWORD PTR SS:[EBP-28]
00437FE1 |. 52 ||PUSH EDX ; /Arg1
00437FE2 |. E8 AAD9FFFF ||CALL WaGan.00435991 ; \WaGan.00435991
00437FE7 |. 83C4 04 ||ADD ESP,4
00437FEA |. 8845 B8 ||MOV BYTE PTR SS:[EBP-48],AL
00437FED |. 8A45 B8 ||MOV AL,BYTE PTR SS:[EBP-48]
00437FF0 |. 50 ||PUSH EAX ; /Arg1
00437FF1 |. 8B4D B0 ||MOV ECX,DWORD PTR SS:[EBP-50] ; |
00437FF4 |. E8 D6770000 ||CALL WaGan.0043F7CF ; \WaGan.0043F7CF
00437FF9 |. 8845 BC ||MOV BYTE PTR SS:[EBP-44],AL
00437FFC |. 8B4D E8 ||MOV ECX,DWORD PTR SS:[EBP-18]
00437FFF |. 81E1 FF000000 ||AND ECX,0FF
00438005 |. 8B55 BC ||MOV EDX,DWORD PTR SS:[EBP-44]
00438008 |. 81E2 FF000000 ||AND EDX,0FF
0043800E |. 3BCA ||CMP ECX,EDX
00438010 |. 7C 12 ||JL SHORT WaGan.00438024
00438012 |. 8A45 C8 ||MOV AL,BYTE PTR SS:[EBP-38]
00438015 |. 8845 CC ||MOV BYTE PTR SS:[EBP-34],AL
00438018 |. 8A4D C4 ||MOV CL,BYTE PTR SS:[EBP-3C]
0043801B |. 884D D4 ||MOV BYTE PTR SS:[EBP-2C],CL
0043801E |. 8A55 BC ||MOV DL,BYTE PTR SS:[EBP-44]
00438021 |. 8855 D0 ||MOV BYTE PTR SS:[EBP-30],DL
00438024 |>^ E9 F6FEFFFF |\JMP WaGan.00437F1F
00438029 |> 8B45 D4 |MOV EAX,DWORD PTR SS:[EBP-2C]
0043802C |. 25 FF000000 |AND EAX,0FF
00438031 |. 3D FF000000 |CMP EAX,0FF
00438036 |. 74 2F |JE SHORT WaGan.00438067
00438038 |. 8A4D D4 |MOV CL,BYTE PTR SS:[EBP-2C]
0043803B |. 51 |PUSH ECX ; /Arg2
0043803C |. 8D55 DC |LEA EDX,DWORD PTR SS:[EBP-24] ; |
0043803F |. 52 |PUSH EDX ; |Arg1
00438040 |. E8 B0D9FFFF |CALL WaGan.004359F5 ; \WaGan.004359F5
00438045 |. 83C4 08 |ADD ESP,8
00438048 |. 50 |PUSH EAX ; /Arg1
00438049 |. 8D4D DC |LEA ECX,DWORD PTR SS:[EBP-24] ; |
0043804C |. E8 4FE5FCFF |CALL WaGan.004065A0 ; \WaGan.004065A0
00438051 |. 8A45 E8 |MOV AL,BYTE PTR SS:[EBP-18]
00438054 |. 2A45 D0 |SUB AL,BYTE PTR SS:[EBP-30]
00438057 |. 8845 E8 |MOV BYTE PTR SS:[EBP-18],AL
0043805A |. 8B4D E4 |MOV ECX,DWORD PTR SS:[EBP-1C]
0043805D |. 034D FC |ADD ECX,DWORD PTR SS:[EBP-4]
00438060 |. 8A55 D4 |MOV DL,BYTE PTR SS:[EBP-2C]
00438063 |. 8811 |MOV BYTE PTR DS:[ECX],DL
00438065 |. EB 07 |JMP SHORT WaGan.0043806E
00438067 |> C745 E0 00000>|MOV DWORD PTR SS:[EBP-20],0
0043806E |>^ E9 38FEFFFF \JMP WaGan.00437EAB
00438073 |> 837D E0 00 CMP DWORD PTR SS:[EBP-20],0
00438077 |. 75 51 JNZ SHORT WaGan.004380CA
00438079 |. 8B45 14 MOV EAX,DWORD PTR SS:[EBP+14]
0043807C |. 25 FF000000 AND EAX,0FF
00438081 |. 83F8 01 CMP EAX,1
00438084 |. 75 44 JNZ SHORT WaGan.004380CA
00438086 |. 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
00438089 |. 51 PUSH ECX ; /Arg1
0043808A |. E8 F5D7FFFF CALL WaGan.00435884 ; \WaGan.00435884
0043808F |. 83C4 04 ADD ESP,4
00438092 |. 25 FF000000 AND EAX,0FF
00438097 |. 3D FF000000 CMP EAX,0FF
0043809C |. 74 17 JE SHORT WaGan.004380B5
0043809E |. 8B55 B0 MOV EDX,DWORD PTR SS:[EBP-50]
004380A1 |. 8A42 04 MOV AL,BYTE PTR DS:[EDX+4]
004380A4 |. 50 PUSH EAX ; /Arg3
004380A5 |. 6A 14 PUSH 14 ; |Arg2 = 00000014
004380A7 |. 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24] ; |
004380AA |. 51 PUSH ECX ; |Arg1
004380AB |. E8 C8000000 CALL WaGan.00438178 ; \WaGan.00438178
004380B0 |. 83C4 0C ADD ESP,0C
004380B3 |. EB 15 JMP SHORT WaGan.004380CA
004380B5 |> 8B55 B0 MOV EDX,DWORD PTR SS:[EBP-50]
004380B8 |. 8A42 04 MOV AL,BYTE PTR DS:[EDX+4]
004380BB |. 50 PUSH EAX ; /Arg3
004380BC |. 6A 0A PUSH 0A ; |Arg2 = 0000000A
004380BE |. 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24] ; |
004380C1 |. 51 PUSH ECX ; |Arg1
004380C2 |. E8 B1000000 CALL WaGan.00438178 ; \WaGan.00438178
004380C7 |. 83C4 0C ADD ESP,0C
004380CA |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
004380CD |. 83EA 01 SUB EDX,1
004380D0 |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
004380D3 |. 837D FC 00 CMP DWORD PTR SS:[EBP-4],0
004380D7 |. 0F8C 8C000000 JL WaGan.00438169
004380DD |. C645 B4 00 MOV BYTE PTR SS:[EBP-4C],0
004380E1 |. EB 11 JMP SHORT WaGan.004380F4
004380E3 |> 8A45 B4 /MOV AL,BYTE PTR SS:[EBP-4C]
004380E6 |. 04 01 |ADD AL,1
004380E8 |. 8845 B4 |MOV BYTE PTR SS:[EBP-4C],AL
004380EB |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
004380EE |. 83E9 01 |SUB ECX,1
004380F1 |. 894D FC |MOV DWORD PTR SS:[EBP-4],ECX
004380F4 |> 837D FC 00 CMP DWORD PTR SS:[EBP-4],0
004380F8 |. 7C 6D |JL SHORT WaGan.00438167
004380FA |. 8B55 B4 |MOV EDX,DWORD PTR SS:[EBP-4C]
004380FD |. 81E2 FF000000 |AND EDX,0FF
00438103 |. 3B55 FC |CMP EDX,DWORD PTR SS:[EBP-4]
00438106 |. 7F 5F |JG SHORT WaGan.00438167
00438108 |. 8B45 B4 |MOV EAX,DWORD PTR SS:[EBP-4C]
0043810B |. 25 FF000000 |AND EAX,0FF
00438110 |. 8B4D E4 |MOV ECX,DWORD PTR SS:[EBP-1C]
00438113 |. 8A1401 |MOV DL,BYTE PTR DS:[ECX+EAX]
00438116 |. 8855 F4 |MOV BYTE PTR SS:[EBP-C],DL
00438119 |. 8B45 E4 |MOV EAX,DWORD PTR SS:[EBP-1C]
0043811C |. 0345 FC |ADD EAX,DWORD PTR SS:[EBP-4]
0043811F |. 33C9 |XOR ECX,ECX
00438121 |. 8A08 |MOV CL,BYTE PTR DS:[EAX]
00438123 |. 8BC1 |MOV EAX,ECX
00438125 |. 83C0 02 |ADD EAX,2
00438128 |. 99 |CDQ
00438129 |. 33C2 |XOR EAX,EDX
0043812B |. 2BC2 |SUB EAX,EDX
0043812D |. 83E0 03 |AND EAX,3
00438130 |. 33C2 |XOR EAX,EDX
00438132 |. 2BC2 |SUB EAX,EDX
00438134 |. 8B55 B4 |MOV EDX,DWORD PTR SS:[EBP-4C]
00438137 |. 81E2 FF000000 |AND EDX,0FF
0043813D |. 8B4D E4 |MOV ECX,DWORD PTR SS:[EBP-1C]
00438140 |. 880411 |MOV BYTE PTR DS:[ECX+EDX],AL
00438143 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
00438146 |. 25 FF000000 |AND EAX,0FF
0043814B |. 83C0 02 |ADD EAX,2
0043814E |. 99 |CDQ
0043814F |. 33C2 |XOR EAX,EDX
00438151 |. 2BC2 |SUB EAX,EDX
00438153 |. 83E0 03 |AND EAX,3
00438156 |. 33C2 |XOR EAX,EDX
00438158 |. 2BC2 |SUB EAX,EDX
0043815A |. 8B55 E4 |MOV EDX,DWORD PTR SS:[EBP-1C]
0043815D |. 0355 FC |ADD EDX,DWORD PTR SS:[EBP-4]
00438160 |. 8802 |MOV BYTE PTR DS:[EDX],AL
00438162 |.^ E9 7CFFFFFF \JMP WaGan.004380E3
00438167 |> EB 06 JMP SHORT WaGan.0043816F
00438169 |> 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
0043816C |. C600 FF MOV BYTE PTR DS:[EAX],0FF
0043816F |> 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
00438172 |. 8BE5 MOV ESP,EBP
00438174 |. 5D POP EBP
00438175 \. C2 1000 RETN 10
作者:
岱瀛 时间: 2007-12-30 21:16 标题: 许子将教学
0041590D /$ 55 PUSH EBP
0041590E |. 8BEC MOV EBP,ESP
00415910 |. E8 44DA0100 CALL koei.00433359
00415915 |. B8 01000000 MOV EAX,1
0041591A |. 5D POP EBP
0041591B \. C3 RETN
433359
00433359 /$ 55 PUSH EBP
0043335A |. 8BEC MOV EBP,ESP
0043335C |. E8 231C0000 CALL Ekd5.00434F84
00433361 |. E8 9E000000 CALL Ekd5.00433404
00433366 |. 85C0 TEST EAX,EAX
00433368 |. 74 34 JE SHORT Ekd5.0043339E
0043336A |. E8 CD010000 CALL Ekd5.0043353C ; 开始说明函数
0043336F |. E8 5E000000 CALL Ekd5.004333D2
00433374 |. 85C0 TEST EAX,EAX
00433376 |. 74 21 JE SHORT Ekd5.00433399
00433378 |. E8 77040000 CALL Ekd5.004337F4 ; 友军和敌军说明
0043337D |. E8 50000000 CALL Ekd5.004333D2
00433382 |. 85C0 TEST EAX,EAX
00433384 |. 74 13 JE SHORT Ekd5.00433399
00433386 |. E8 3D080000 CALL Ekd5.00433BC8 ; 部队操作说明
0043338B |. E8 42000000 CALL Ekd5.004333D2
00433390 |. 85C0 TEST EAX,EAX
00433392 |. 74 05 JE SHORT Ekd5.00433399
00433394 |. E8 060E0000 CALL Ekd5.0043419F ; 地形说明
00433399 |> E8 74010000 CALL Ekd5.00433512
0043339E |> 33C0 XOR EAX,EAX
004333A0 |. A0 102C4B00 MOV AL,BYTE PTR DS:[4B2C10]
004333A5 |. 85C0 TEST EAX,EAX
004333A7 |. 74 05 JE SHORT Ekd5.004333AE
004333A9 |. E8 51140000 CALL Ekd5.004347FF ; 升一级
004333AE |> 833D 082C4B00>CMP DWORD PTR DS:[4B2C08],0
004333B5 |. 74 05 JE SHORT Ekd5.004333BC
004333B7 |. E8 77190000 CALL Ekd5.00434D33 ; 宝物图鉴
004333BC |> 68 9D000000 PUSH 9D ; /Arg2 = 0000009D
004333C1 |. 68 70C94800 PUSH Ekd5.0048C970 ; |Arg1 = 0048C970
004333C6 |. B9 F05D4B00 MOV ECX,Ekd5.004B5DF0 ; |
004333CB |. E8 8D620200 CALL Ekd5.0045965D ; \结束
004333D0 |. 5D POP EBP
004333D1 \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:17 标题: 新人加入等级.doc
0040C14F /$ 55 PUSH EBP
0040C150 |. 8BEC MOV EBP,ESP
0040C152 |. 83EC 7C SUB ESP,7C
0040C155 |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0040C15C |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
0040C163 |. C745 8C 00000>MOV DWORD PTR SS:[EBP-74],0
0040C16A |. EB 09 JMP SHORT 复件_Ekd.0040C175
0040C16C |> 8B45 8C /MOV EAX,DWORD PTR SS:[EBP-74]
0040C16F |. 83C0 01 |ADD EAX,1
0040C172 |. 8945 8C |MOV DWORD PTR SS:[EBP-74],EAX
0040C175 |> 837D 8C 1A CMP DWORD PTR SS:[EBP-74],1A 我方最多26人
0040C179 |. 73 38 |JNB SHORT 复件_Ekd.0040C1B3
0040C17B |. 8B4D 8C |MOV ECX,DWORD PTR SS:[EBP-74]
0040C17E |. 51 |PUSH ECX ; /Arg1
0040C17F |. E8 0CE00000 |CALL 复件_Ekd.0041A190 ; \复件_Ekd.0041A190
0040C184 |. 83C4 04 |ADD ESP,4
0040C187 |. 85C0 |TEST EAX,EAX
0040C189 |. 74 26 |JE SHORT 复件_Ekd.0040C1B1
0040C18B |. 8B4D 8C |MOV ECX,DWORD PTR SS:[EBP-74]
0040C18E |. 6BC9 48 |IMUL ECX,ECX,48
0040C191 |. 81C1 681B4A00 |ADD ECX,复件_Ekd.004A1B68
0040C197 |. E8 34A4FFFF |CALL 复件_Ekd.004065D0
0040C19C |. 25 FF000000 |AND EAX,0FF
0040C1A1 |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
0040C1A4 |. 894495 90 |MOV DWORD PTR SS:[EBP+EDX*4-70],EAX
0040C1A8 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
0040C1AB |. 83C0 01 |ADD EAX,1
0040C1AE |. 8945 F8 |MOV DWORD PTR SS:[EBP-8],EAX
0040C1B1 |>^ EB B9 \JMP SHORT 复件_Ekd.0040C16C
0040C1B3 |> C745 8C 00000>MOV DWORD PTR SS:[EBP-74],0
0040C1BA |. EB 09 JMP SHORT 复件_Ekd.0040C1C5
0040C1BC |> 8B4D 8C /MOV ECX,DWORD PTR SS:[EBP-74]
0040C1BF |. 83C1 01 |ADD ECX,1
0040C1C2 |. 894D 8C |MOV DWORD PTR SS:[EBP-74],ECX
0040C1C5 |> 8B55 8C MOV EDX,DWORD PTR SS:[EBP-74]
0040C1C8 |. 3B55 F8 |CMP EDX,DWORD PTR SS:[EBP-8]
0040C1CB |. 73 53 |JNB SHORT 复件_Ekd.0040C220
0040C1CD |. C745 88 00000>|MOV DWORD PTR SS:[EBP-78],0
0040C1D4 |. EB 09 |JMP SHORT 复件_Ekd.0040C1DF
0040C1D6 |> 8B45 88 |/MOV EAX,DWORD PTR SS:[EBP-78]
0040C1D9 |. 83C0 01 ||ADD EAX,1
0040C1DC |. 8945 88 ||MOV DWORD PTR SS:[EBP-78],EAX
0040C1DF |> 8B4D F8 | MOV ECX,DWORD PTR SS:[EBP-8]
0040C1E2 |. 83E9 01 ||SUB ECX,1
0040C1E5 |. 394D 88 ||CMP DWORD PTR SS:[EBP-78],ECX
0040C1E8 |. 73 34 ||JNB SHORT 复件_Ekd.0040C21E
0040C1EA |. 8B55 88 ||MOV EDX,DWORD PTR SS:[EBP-78]
0040C1ED |. 8B45 88 ||MOV EAX,DWORD PTR SS:[EBP-78]
0040C1F0 |. 8B4C95 90 ||MOV ECX,DWORD PTR SS:[EBP+EDX*4-70]
0040C1F4 |. 3B4C85 94 ||CMP ECX,DWORD PTR SS:[EBP+EAX*4-6C]
0040C1F8 |. 73 22 ||JNB SHORT 复件_Ekd.0040C21C
0040C1FA |. 8B55 88 ||MOV EDX,DWORD PTR SS:[EBP-78]
0040C1FD |. 8B4495 90 ||MOV EAX,DWORD PTR SS:[EBP+EDX*4-70]
0040C201 |. 8945 FC ||MOV DWORD PTR SS:[EBP-4],EAX
0040C204 |. 8B4D 88 ||MOV ECX,DWORD PTR SS:[EBP-78]
0040C207 |. 8B55 88 ||MOV EDX,DWORD PTR SS:[EBP-78]
0040C20A |. 8B4495 94 ||MOV EAX,DWORD PTR SS:[EBP+EDX*4-6C]
0040C20E |. 89448D 90 ||MOV DWORD PTR SS:[EBP+ECX*4-70],EAX
0040C212 |. 8B4D 88 ||MOV ECX,DWORD PTR SS:[EBP-78]
0040C215 |. 8B55 FC ||MOV EDX,DWORD PTR SS:[EBP-4]
0040C218 |. 89548D 94 ||MOV DWORD PTR SS:[EBP+ECX*4-6C],EDX
0040C21C |>^ EB B8 |\JMP SHORT 复件_Ekd.0040C1D6
0040C21E |>^ EB 9C \JMP SHORT 复件_Ekd.0040C1BC
0040C220 |> C745 8C 00000>MOV DWORD PTR SS:[EBP-74],0
0040C227 |. EB 09 JMP SHORT 复件_Ekd.0040C232
0040C229 |> 8B45 8C /MOV EAX,DWORD PTR SS:[EBP-74]
0040C22C |. 83C0 01 |ADD EAX,1
0040C22F |. 8945 8C |MOV DWORD PTR SS:[EBP-74],EAX
0040C232 |> 8B4D 8C MOV ECX,DWORD PTR SS:[EBP-74]
0040C235 |. 3B4D F8 |CMP ECX,DWORD PTR SS:[EBP-8]
0040C238 |. 73 15 |JNB SHORT 复件_Ekd.0040C24F
0040C23A |. 837D 8C 0F |CMP DWORD PTR SS:[EBP-74],0F
0040C23E |. 73 0F |JNB SHORT 复件_Ekd.0040C24F
0040C240 |. 8B55 8C |MOV EDX,DWORD PTR SS:[EBP-74]
0040C243 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
0040C246 |. 034495 90 |ADD EAX,DWORD PTR SS:[EBP+EDX*4-70]
0040C24A |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
0040C24D |.^ EB DA \JMP SHORT 复件_Ekd.0040C229
0040C24F |> 837D 8C 00 CMP DWORD PTR SS:[EBP-74],0
0040C253 |. 74 29 JE SHORT 复件_Ekd.0040C27E
0040C255 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0040C258 |. 33D2 XOR EDX,EDX
0040C25A |. F775 8C DIV DWORD PTR SS:[EBP-74]
0040C25D |. 83F8 01 CMP EAX,1
0040C260 |. 76 0D JBE SHORT 复件_Ekd.0040C26F
0040C262 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0040C265 |. 33D2 XOR EDX,EDX
0040C267 |. F775 8C DIV DWORD PTR SS:[EBP-74]
0040C26A |. 8945 84 MOV DWORD PTR SS:[EBP-7C],EAX
0040C26D |. EB 07 JMP SHORT 复件_Ekd.0040C276
0040C26F |> C745 84 01000>MOV DWORD PTR SS:[EBP-7C],1
0040C276 |> 8B4D 84 MOV ECX,DWORD PTR SS:[EBP-7C]
0040C279 |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0040C27C |. EB 07 JMP SHORT 复件_Ekd.0040C285
0040C27E |> C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
0040C285 |> 8A45 FC MOV AL,BYTE PTR SS:[EBP-4]
0040C288 |. 8BE5 MOV ESP,EBP
0040C28A |. 5D POP EBP
0040C28B \. C3 RETN
[EBP-4]累加和
[EBP-8]存放有多少个我军
[EBP-74]计数器
[EBP-78]计数器
[EBP+EDX*4-70]等级数组
0040C14F /$ 55 PUSH EBP
0040C150 |. 8BEC MOV EBP,ESP
0040C152 |. 83EC 7C SUB ESP,7C
0040C155 |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0040C15C |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
0040C163 |. 90 NOP
计算我军人数
0040C164 |. 33C0 XOR EAX,EAX
0040C166 |. 8945 8C MOV DWORD PTR SS:[EBP-74],EAX
0040C169 |. EB 07 JMP SHORT Ekd5.0040C172
0040C16B |> 8B45 8C /MOV EAX,DWORD PTR SS:[EBP-74]
0040C16E |. 40 |INC EAX
0040C16F |. 8945 8C |MOV DWORD PTR SS:[EBP-74],EAX
0040C172 |> 817D 8C AD000> CMP DWORD PTR SS:[EBP-74],0AD 前174人
0040C179 |. 73 38 |JNB SHORT Ekd5.0040C1B3
0040C17B |. 8B4D 8C |MOV ECX,DWORD PTR SS:[EBP-74]
0040C17E |. 51 |PUSH ECX ; /Arg1
0040C17F |. E8 0CE00000 |CALL Ekd5.0041A190; \Ekd5.0041A190 判断是否属于我军
0040C184 |. 83C4 04 |ADD ESP,4
0040C187 |. 85C0 |TEST EAX,EAX
0040C189 |. 74 26 |JE SHORT Ekd5.0040C1B1 如果不是,下一个
0040C18B |. 8B4D 8C |MOV ECX,DWORD PTR SS:[EBP-74]
0040C18E |. 6BC9 48 |IMUL ECX,ECX,48
0040C191 |. 81C1 0000D600 |ADD ECX,0D60000
0040C197 |. E8 34A4FFFF |CALL Ekd5.004065D0 获取武将ecx的等级
0040C19C |. 25 FF000000 |AND EAX,0FF
0040C1A1 |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
0040C1A4 |. 894495 90 |MOV DWORD PTR SS:[EBP+EDX*4-70],EAX
0040C1A8 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
0040C1AB |. 83C0 01 |ADD EAX,1
0040C1AE |. 8945 F8 |MOV DWORD PTR SS:[EBP-8],EAX
0040C1B1 |>^ EB B8 \JMP SHORT Ekd5.0040C16B
存储我军人物等级数组
0040C1B3 |> C745 8C 00000>MOV DWORD PTR SS:[EBP-74],0
0040C1BA |. EB 09 JMP SHORT Ekd5.0040C1C5
0040C1BC |> 8B4D 8C /MOV ECX,DWORD PTR SS:[EBP-74]
0040C1BF |. 83C1 01 |ADD ECX,1
0040C1C2 |. 894D 8C |MOV DWORD PTR SS:[EBP-74],ECX
0040C1C5 |> 8B55 8C MOV EDX,DWORD PTR SS:[EBP-74]
0040C1C8 |. 3B55 F8 |CMP EDX,DWORD PTR SS:[EBP-8]
0040C1CB |. 73 53 |JNB SHORT Ekd5.0040C220
0040C1CD |. C745 88 00000>|MOV DWORD PTR SS:[EBP-78],0
0040C1D4 |. EB 09 |JMP SHORT Ekd5.0040C1DF
交换排序
0040C1D6 |> 8B45 88 |/MOV EAX,DWORD PTR SS:[EBP-78]
0040C1D9 |. 83C0 01 ||ADD EAX,1
0040C1DC |. 8945 88 ||MOV DWORD PTR SS:[EBP-78],EAX
0040C1DF |> 8B4D F8 | MOV ECX,DWORD PTR SS:[EBP-8]
0040C1E2 |. 83E9 01 ||SUB ECX,1
0040C1E5 |. 394D 88 ||CMP DWORD PTR SS:[EBP-78],ECX
0040C1E8 |. 73 34 ||JNB SHORT Ekd5.0040C21E
0040C1EA |. 8B55 88 ||MOV EDX,DWORD PTR SS:[EBP-78]
0040C1ED |. 8B45 88 ||MOV EAX,DWORD PTR SS:[EBP-78]
0040C1F0 |. 8B4C95 90 ||MOV ECX,DWORD PTR SS:[EBP+EDX*4-70]
0040C1F4 |. 3B4C85 94 ||CMP ECX,DWORD PTR SS:[EBP+EAX*4-6C] (70>6c跳)
0040C1F8 |. 73 22 ||JNB SHORT Ekd5.0040C21C 交换
0040C1FA |. 8B55 88 ||MOV EDX,DWORD PTR SS:[EBP-78]
0040C1FD |. 8B4495 90 ||MOV EAX,DWORD PTR SS:[EBP+EDX*4-70]
0040C201 |. 8945 84 ||MOV DWORD PTR SS:[EBP-7C],EAX
0040C204 |. 8B4D 88 ||MOV ECX,DWORD PTR SS:[EBP-78]
0040C207 |. 8B55 88 ||MOV EDX,DWORD PTR SS:[EBP-78]
0040C20A |. 8B4495 94 ||MOV EAX,DWORD PTR SS:[EBP+EDX*4-6C]
0040C20E |. 89448D 90 ||MOV DWORD PTR SS:[EBP+ECX*4-70],EAX
0040C212 |. 8B4D 88 ||MOV ECX,DWORD PTR SS:[EBP-78]
0040C215 |. 8B55 84 ||MOV EDX,DWORD PTR SS:[EBP-7C]
0040C218 |. 89548D 94 ||MOV DWORD PTR SS:[EBP+ECX*4-6C],EDX
0040C21C |>^ EB B8 |\JMP SHORT Ekd5.0040C1D6
0040C21E |>^ EB 9C \JMP SHORT Ekd5.0040C1BC
取前16人等级和,如果不满则取全部
0040C220 |> C745 8C 00000>MOV DWORD PTR SS:[EBP-74],0
0040C227 |. EB 09 JMP SHORT Ekd5.0040C232
0040C229 |> 8B45 8C /MOV EAX,DWORD PTR SS:[EBP-74]
0040C22C |. 83C0 01 |ADD EAX,1
0040C22F |. 8945 8C |MOV DWORD PTR SS:[EBP-74],EAX
0040C232 |> 8B4D 8C MOV ECX,DWORD PTR SS:[EBP-74]
0040C235 |. 3B4D F8 |CMP ECX,DWORD PTR SS:[EBP-8]
0040C238 |. 73 15 |JNB SHORT Ekd5.0040C24F
0040C23A |. 837D 8C 0F |CMP DWORD PTR SS:[EBP-74],0F
0040C23E |. 73 0F |JNB SHORT Ekd5.0040C24F
0040C240 |. 8B55 8C |MOV EDX,DWORD PTR SS:[EBP-74]
0040C243 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
0040C246 |. 034495 90 |ADD EAX,DWORD PTR SS:[EBP+EDX*4-70]
0040C24A |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
0040C24D |.^ EB DA \JMP SHORT Ekd5.0040C229
0040C24F |> 837D 8C 00 CMP DWORD PTR SS:[EBP-74],0
0040C253 |. 74 29 JE SHORT Ekd5.0040C27E 防止除0
0040C255 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0040C258 |. 33D2 XOR EDX,EDX
0040C25A |. F775 8C DIV DWORD PTR SS:[EBP-74] 除以人数
0040C25D |. 83F8 01 CMP EAX,1
0040C260 |. 76 0D JBE SHORT Ekd5.0040C26F 若小于等于则转
0040C262 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0040C265 |. 33D2 XOR EDX,EDX
0040C267 |. F775 8C DIV DWORD PTR SS:[EBP-74]
0040C26A |. 8945 84 MOV DWORD PTR SS:[EBP-7C],EAX
0040C26D |. EB 07 JMP SHORT Ekd5.0040C276
0040C26F |> C745 84 01000>MOV DWORD PTR SS:[EBP-7C],1
0040C276 |> 8B4D 84 MOV ECX,DWORD PTR SS:[EBP-7C]
0040C279 |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0040C27C |. EB 07 JMP SHORT Ekd5.0040C285
0040C27E |> C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
0040C285 |> 8A45 FC MOV AL,BYTE PTR SS:[EBP-4]
0040C288 |. 8BE5 MOV ESP,EBP
0040C28A |. 5D POP EBP
0040C28B \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:17 标题: 消息处理
0047EF5F /$ 55 PUSH EBP
0047EF60 |. 8BEC MOV EBP,ESP
0047EF62 |. 83EC 40 SUB ESP,40
0047EF65 |. 53 PUSH EBX
0047EF66 |. 56 PUSH ESI
0047EF67 |. 8B75 0C MOV ESI,DWORD PTR SS:[EBP+C]
0047EF6A |. 57 PUSH EDI
0047EF6B |. 8B7D 10 MOV EDI,DWORD PTR SS:[EBP+10]
0047EF6E |. 83FE 05 CMP ESI,5 ; Switch (cases 2..311)
0047EF71 |. 77 6F JA SHORT 复件_Ekd.0047EFE2
0047EF73 |. 83FE 05 CMP ESI,5
0047EF76 |. 74 20 JE SHORT 复件_Ekd.0047EF98
0047EF78 |. 8BC6 MOV EAX,ESI
0047EF7A |. 48 DEC EAX
0047EF7B |. 48 DEC EAX
0047EF7C |. 0F85 6A020000 JNZ 复件_Ekd.0047F1EC
0047EF82 |. E8 80E1FFFF CALL 复件_Ekd.0047D107 ; Case 2 (WM_DESTROY) of switch 0047EF6E
0047EF87 |. FF35 B4934B00 PUSH DWORD PTR DS:[4B93B4] ; /ExitCode = 0
0047EF8D |. FF15 C0634800 CALL DWORD PTR DS:[<&USER32.PostQuitMess>; \PostQuitMessage
0047EF93 |. E9 71020000 JMP 复件_Ekd.0047F209
0047EF98 |> 6A 01 PUSH 1 ; Case 5 (WM_SIZE) of switch 0047EF6E
0047EF9A |. 58 POP EAX
0047EF9B |. 3BF8 CMP EDI,EAX
0047EF9D |. 75 0A JNZ SHORT 复件_Ekd.0047EFA9
0047EF9F |. A3 2CC04B00 MOV DWORD PTR DS:[4BC02C],EAX
0047EFA4 |. E9 43020000 JMP 复件_Ekd.0047F1EC
0047EFA9 |> 85FF TEST EDI,EDI
0047EFAB |. 0F85 3B020000 JNZ 复件_Ekd.0047F1EC
0047EFB1 |. 393D 2CC04B00 CMP DWORD PTR DS:[4BC02C],EDI
0047EFB7 |. 0F84 2F020000 JE 复件_Ekd.0047F1EC
0047EFBD |. FF35 089E4B00 PUSH DWORD PTR DS:[4B9E08]
0047EFC3 |. 213D 2CC04B00 AND DWORD PTR DS:[4BC02C],EDI
0047EFC9 |. FF35 20A24B00 PUSH DWORD PTR DS:[4BA220]
0047EFCF |. FF35 B8754B00 PUSH DWORD PTR DS:[4B75B8]
0047EFD5 |. E8 A8FCFFFF CALL 复件_Ekd.0047EC82
0047EFDA |. 83C4 0C ADD ESP,0C
0047EFDD |. E9 0A020000 JMP 复件_Ekd.0047F1EC
0047EFE2 |> 83FE 0F CMP ESI,0F
0047EFE5 |. 0F87 AE000000 JA 复件_Ekd.0047F099
0047EFEB |. 74 3C JE SHORT 复件_Ekd.0047F029
0047EFED |. 8BC6 MOV EAX,ESI
0047EFEF |. 83E8 06 SUB EAX,6
0047EFF2 |. 74 19 JE SHORT 复件_Ekd.0047F00D
0047EFF4 |. 48 DEC EAX
0047EFF5 |. 0F85 F1010000 JNZ 复件_Ekd.0047F1EC
0047EFFB |. 6A 01 PUSH 1 ; /Erase = TRUE; Case 7 (WM_SETFOCUS) of switch 0047EF6E
0047EFFD |. 6A 00 PUSH 0 ; |pRect = NULL
0047EFFF |. FF75 08 PUSH DWORD PTR SS:[EBP+8] ; |hWnd
0047F002 |. FF15 A4624800 CALL DWORD PTR DS:[<&USER32.InvalidateRe>; \InvalidateRect
0047F008 |. E9 FC010000 JMP 复件_Ekd.0047F209
0047F00D |> A1 10C04B00 MOV EAX,DWORD PTR DS:[4BC010] ; Case 6 (WM_ACTIVATE) of switch 0047EF6E
0047F012 |. 85C0 TEST EAX,EAX
0047F014 |. 0F84 D2010000 JE 复件_Ekd.0047F1EC
0047F01A |. 33C9 XOR ECX,ECX
0047F01C |. 85FF TEST EDI,EDI
0047F01E |. 0F95C1 SETNE CL
0047F021 |. 51 PUSH ECX
0047F022 |. FFD0 CALL EAX
0047F024 |. E9 CD000000 JMP 复件_Ekd.0047F0F6
0047F029 |> 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8] ; Case F (WM_PAINT) of switch 0047EF6E
0047F02C |. 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
0047F02F |. 50 PUSH EAX ; /pPaintstruct
0047F030 |. 53 PUSH EBX ; |hWnd
0047F031 |. FF15 40634800 CALL DWORD PTR DS:[<&USER32.BeginPaint>] ; \BeginPaint
0047F037 |. 8BF0 MOV ESI,EAX
0047F039 |. A1 DC8B4B00 MOV EAX,DWORD PTR DS:[4B8BDC]
0047F03E |. 33FF XOR EDI,EDI
0047F040 |. 3BC7 CMP EAX,EDI
0047F042 |. 74 10 JE SHORT 复件_Ekd.0047F054
0047F044 |. 57 PUSH EDI ; /ForceBackground => FALSE
0047F045 |. 50 PUSH EAX ; |hPalette => EA0816ED
0047F046 |. 56 PUSH ESI ; |hDC
0047F047 |. FF15 50604800 CALL DWORD PTR DS:[<&GDI32.SelectPalette>; \SelectPalette
0047F04D |. 56 PUSH ESI ; /hDC
0047F04E |. FF15 4C604800 CALL DWORD PTR DS:[<&GDI32.RealizePalett>; \RealizePalette
0047F054 |> A1 28C04B00 MOV EAX,DWORD PTR DS:[4BC028]
0047F059 |. 33C9 XOR ECX,ECX
0047F05B |. 3BC7 CMP EAX,EDI
0047F05D |. 7E 11 JLE SHORT 复件_Ekd.0047F070
0047F05F |. BA 80BE4B00 MOV EDX,复件_Ekd.004BBE80
0047F064 |> 391A /CMP DWORD PTR DS:[EDX],EBX
0047F066 |. 74 08 |JE SHORT 复件_Ekd.0047F070
0047F068 |. 41 |INC ECX
0047F069 |. 83C2 04 |ADD EDX,4
0047F06C |. 3BC8 |CMP ECX,EAX
0047F06E |.^ 7C F4 \JL SHORT 复件_Ekd.0047F064
0047F070 |> FF348D E09A4B>PUSH DWORD PTR DS:[ECX*4+4B9AE0]
0047F077 |. FF348D 20924B>PUSH DWORD PTR DS:[ECX*4+4B9220]
0047F07E |. 57 PUSH EDI
0047F07F |. 57 PUSH EDI
0047F080 |. 51 PUSH ECX
0047F081 |. E8 E0D8FFFF CALL 复件_Ekd.0047C966
0047F086 |. 83C4 14 ADD ESP,14
0047F089 |. 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
0047F08C |. 50 PUSH EAX ; /pPaintstruct
0047F08D |. 53 PUSH EBX ; |hWnd
0047F08E |. FF15 44634800 CALL DWORD PTR DS:[<&USER32.EndPaint>] ; \EndPaint
0047F094 |. E9 70010000 JMP 复件_Ekd.0047F209
0047F099 |> 83FE 14 CMP ESI,14
0047F09C |. 77 32 JA SHORT 复件_Ekd.0047F0D0
0047F09E |. 0F84 65010000 JE 复件_Ekd.0047F209
0047F0A4 |. 83FE 10 CMP ESI,10
0047F0A7 |. 0F85 3F010000 JNZ 复件_Ekd.0047F1EC
0047F0AD |. A1 14C04B00 MOV EAX,DWORD PTR DS:[4BC014] ; Case 10 (WM_CLOSE) of switch 0047EF6E
0047F0B2 |. 85C0 TEST EAX,EAX
0047F0B4 |. 0F84 4F010000 JE 复件_Ekd.0047F209
0047F0BA |. 8325 14C04B00>AND DWORD PTR DS:[4BC014],0
0047F0C1 |. 8BF0 MOV ESI,EAX
0047F0C3 |. FFD6 CALL ESI
0047F0C5 |. 8935 14C04B00 MOV DWORD PTR DS:[4BC014],ESI
0047F0CB |. E9 39010000 JMP 复件_Ekd.0047F209
0047F0D0 |> BB 00010000 MOV EBX,100
0047F0D5 |. 3BF3 CMP ESI,EBX
0047F0D7 |. 77 33 JA SHORT 复件_Ekd.0047F10C
0047F0D9 |. 74 21 JE SHORT 复件_Ekd.0047F0FC
0047F0DB |. 83FE 7E CMP ESI,7E
0047F0DE |. 0F85 08010000 JNZ 复件_Ekd.0047F1EC
0047F0E4 |. FF35 D89A4B00 PUSH DWORD PTR DS:[4B9AD8] ; Case 7E (WM_DISPLAYCHANGE) of switch 0047EF6E
0047F0EA |. FF35 D88B4B00 PUSH DWORD PTR DS:[4B8BD8]
0047F0F0 |. E8 5FD6FFFF CALL 复件_Ekd.0047C754
0047F0F5 |. 59 POP ECX
0047F0F6 |> 59 POP ECX
0047F0F7 |. E9 F0000000 JMP 复件_Ekd.0047F1EC
0047F0FC |> FF75 14 PUSH DWORD PTR SS:[EBP+14] ; Case 100 (WM_KEYDOWN) of switch 0047EF6E
0047F0FF |. FF75 10 PUSH DWORD PTR SS:[EBP+10]
0047F102 |. E8 44010000 CALL 复件_Ekd.0047F24B
0047F107 |. E9 FB000000 JMP 复件_Ekd.0047F207
0047F10C |> 8BC6 MOV EAX,ESI
0047F10E |. 2D 02010000 SUB EAX,102
0047F113 |. 0F84 E3000000 JE 复件_Ekd.0047F1FC
0047F119 |. 2D FF000000 SUB EAX,0FF
0047F11E |. 0F84 C1000000 JE 复件_Ekd.0047F1E5
0047F124 |. 48 DEC EAX
0047F125 |. 0F84 B1000000 JE 复件_Ekd.0047F1DC
0047F12B |. 48 DEC EAX
0047F12C |. 48 DEC EAX
0047F12D |. 0F84 A0000000 JE 复件_Ekd.0047F1D3
0047F133 |. 48 DEC EAX
0047F134 |. 0F84 90000000 JE 复件_Ekd.0047F1CA
0047F13A |. 2D 0A010000 SUB EAX,10A
0047F13F |. 74 11 JE SHORT 复件_Ekd.0047F152
0047F141 |. 48 DEC EAX
0047F142 |. 48 DEC EAX
0047F143 |. 0F85 A3000000 JNZ 复件_Ekd.0047F1EC
0047F149 |. 3B7D 08 CMP EDI,DWORD PTR SS:[EBP+8] ; Case 311 (WM_PALETTECHANGED) of switch 0047EF6E
0047F14C |. 0F84 9A000000 JE 复件_Ekd.0047F1EC
0047F152 |> 33F6 XOR ESI,ESI ; Case 30F (WM_QUERYNEWPALETTE) of switch 0047EF6E
0047F154 |. 3935 B07D4B00 CMP DWORD PTR DS:[4B7DB0],ESI
0047F15A |. 74 28 JE SHORT 复件_Ekd.0047F184
0047F15C |. 3935 28C04B00 CMP DWORD PTR DS:[4BC028],ESI
0047F162 |. 7E 20 JLE SHORT 复件_Ekd.0047F184
0047F164 |. BF 48994B00 MOV EDI,复件_Ekd.004B9948
0047F169 |> 68 48954B00 /PUSH 复件_Ekd.004B9548
0047F16E |. 53 |PUSH EBX
0047F16F |. 6A 00 |PUSH 0
0047F171 |. FF37 |PUSH DWORD PTR DS:[EDI]
0047F173 |. E8 8A020000 |CALL 复件_Ekd.0047F402
0047F178 |. 46 |INC ESI
0047F179 |. 83C7 04 |ADD EDI,4
0047F17C |. 3B35 28C04B00 |CMP ESI,DWORD PTR DS:[4BC028]
0047F182 |.^ 7C E5 \JL SHORT 复件_Ekd.0047F169
0047F184 |> FF75 08 PUSH DWORD PTR SS:[EBP+8] ; /hWnd
0047F187 |. FF15 98624800 CALL DWORD PTR DS:[<&USER32.GetDC>] ; \GetDC
0047F18D |. 8BF0 MOV ESI,EAX
0047F18F |. A1 DC8B4B00 MOV EAX,DWORD PTR DS:[4B8BDC]
0047F194 |. 85C0 TEST EAX,EAX
0047F196 |. 74 0A JE SHORT 复件_Ekd.0047F1A2
0047F198 |. 6A 00 PUSH 0 ; /ForceBackground = FALSE
0047F19A |. 50 PUSH EAX ; |hPalette => EA0816ED
0047F19B |. 56 PUSH ESI ; |hDC
0047F19C |. FF15 50604800 CALL DWORD PTR DS:[<&GDI32.SelectPalette>; \SelectPalette
0047F1A2 |> 56 PUSH ESI ; /hDC
0047F1A3 |. FF15 4C604800 CALL DWORD PTR DS:[<&GDI32.RealizePalett>; \RealizePalette
0047F1A9 |. 56 PUSH ESI ; /hDC
0047F1AA |. 8BF8 MOV EDI,EAX ; |
0047F1AC |. FF75 08 PUSH DWORD PTR SS:[EBP+8] ; |hWnd
0047F1AF |. FF15 9C624800 CALL DWORD PTR DS:[<&USER32.ReleaseDC>] ; \ReleaseDC
0047F1B5 |. 85FF TEST EDI,EDI
0047F1B7 |. 74 0D JE SHORT 复件_Ekd.0047F1C6
0047F1B9 |. 6A 01 PUSH 1 ; /Erase = TRUE
0047F1BB |. 6A 00 PUSH 0 ; |pRect = NULL
0047F1BD |. FF75 08 PUSH DWORD PTR SS:[EBP+8] ; |hWnd
0047F1C0 |. FF15 A4624800 CALL DWORD PTR DS:[<&USER32.InvalidateRe>; \InvalidateRect
0047F1C6 |> 8BC7 MOV EAX,EDI
0047F1C8 |. EB 41 JMP SHORT 复件_Ekd.0047F20B
0047F1CA |> 8325 B8A34B00>AND DWORD PTR DS:[4BA3B8],FFFFFFFD ; Case 205 (WM_RBUTTONUP) of switch 0047EF6E
0047F1D1 |. EB 19 JMP SHORT 复件_Ekd.0047F1EC
0047F1D3 |> 830D B8A34B00>OR DWORD PTR DS:[4BA3B8],2 ; Case 204 (WM_RBUTTONDOWN) of switch 0047EF6E
0047F1DA |. EB 10 JMP SHORT 复件_Ekd.0047F1EC
0047F1DC |> 8325 B8A34B00>AND DWORD PTR DS:[4BA3B8],FFFFFFFE ; Case 202 (WM_LBUTTONUP) of switch 0047EF6E
0047F1E3 |. EB 07 JMP SHORT 复件_Ekd.0047F1EC
0047F1E5 |> 830D B8A34B00>OR DWORD PTR DS:[4BA3B8],1 ; Case 201 (WM_LBUTTONDOWN) of switch 0047EF6E
0047F1EC |> FF75 14 PUSH DWORD PTR SS:[EBP+14] ; /lParam; Default case of switch 0047EF6E
0047F1EF |. 57 PUSH EDI ; |wParam
0047F1F0 |. 56 PUSH ESI ; |Message
0047F1F1 |. FF75 08 PUSH DWORD PTR SS:[EBP+8] ; |hWnd
0047F1F4 |. FF15 78634800 CALL DWORD PTR DS:[<&USER32.DefWindowPro>; \DefWindowProcA
0047F1FA |. EB 0F JMP SHORT 复件_Ekd.0047F20B
0047F1FC |> FF75 14 PUSH DWORD PTR SS:[EBP+14] ; Case 102 (WM_CHAR) of switch 0047EF6E
0047F1FF |. FF75 10 PUSH DWORD PTR SS:[EBP+10]
0047F202 |. E8 09000000 CALL 复件_Ekd.0047F210
0047F207 |> 59 POP ECX
0047F208 |. 59 POP ECX
0047F209 |> 33C0 XOR EAX,EAX ; Case 14 (WM_ERASEBKGND) of switch 0047EF6E
0047F20B |> 5F POP EDI
0047F20C |. 5E POP ESI
0047F20D |. 5B POP EBX
0047F20E |. C9 LEAVE
0047F20F \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:18 标题: 先手攻击(自己新写的函数)
参数就是epb-8,ebp-c
被攻击方的数据
攻击方的内存地址
-4被攻击方的数据
-8攻击方的内存地址
-c 被攻击方的内存地址
-10 攻击方的Data编号
-14 被攻击方的Data编号
004D0000 55 PUSH EBP
004D0001 8BEC MOV EBP,ESP
004D0003 83EC 14 SUB ESP,14
004D0006 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
004D0009 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
004D000C 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
004D000F 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004D0012 25 FF000000 AND EAX,0FF
004D0017 6BC0 24 IMUL EAX,EAX,24
004D001A 05 502C4B00 ADD EAX,Ekd5.004B2C50
004D001F 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
004D0022 8BC8 MOV ECX,EAX
004D0024 E8 47B4F6FF CALL Ekd5.0043B470 ; 判断被攻击方的职业
004D0029 3C 01 CMP AL,1
004D002B 75 69 JNZ SHORT Ekd5.004D0096 ; 兵种不对跳转
004D002D 6A 08 PUSH 8
004D002F 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
004D0032 E8 A966F3FF CALL Ekd5.004066E0 ; 判断被攻击方的状态
004D0037 85C0 TEST EAX,EAX
004D0039 74 02 JE SHORT Ekd5.004D003D
004D003B EB 59 JMP SHORT Ekd5.004D0096 ; 混乱中
004D003D 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
004D0040 E8 2BF6F8FF CALL Ekd5.0045F670
004D0045 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX ; 攻击方的Data编号
004D0048 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
004D004B E8 20F6F8FF CALL Ekd5.0045F670
004D0050 8945 EC MOV DWORD PTR SS:[EBP-14],EAX ; 被攻击方的Data编号
004D0053 6A 01 PUSH 1
004D0055 FF75 F0 PUSH DWORD PTR SS:[EBP-10]
004D0058 FF75 EC PUSH DWORD PTR SS:[EBP-14]
004D005B B9 F05D4B00 MOV ECX,Ekd5.004B5DF0
004D0060 E8 65AFF8FF CALL Ekd5.0045AFCA ; 判断是否相邻
004D0065 85C0 TEST EAX,EAX
004D0067 74 2D JE SHORT Ekd5.004D0096
004D0069 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
004D006C E8 AFE2F6FF CALL Ekd5.0043E320 ; 获取攻击方的朝向
004D0071 25 FF000000 AND EAX,0FF
004D0076 83C0 02 ADD EAX,2
004D0079 83F8 04 CMP EAX,4
004D007C 7C 03 JL SHORT Ekd5.004D0081
004D007E 83E8 04 SUB EAX,4
004D0081 05 002D4B00 ADD EAX,Ekd5.004B2D00
004D0086 50 PUSH EAX
004D0087 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
004D008A E8 E165F3FF CALL Ekd5.00406670 ; 设置被攻击方的朝向,使其对准攻击方
004D008F B8 01000000 MOV EAX,1
004D0094 EB 02 JMP SHORT Ekd5.004D0098
004D0096 33C0 XOR EAX,EAX
004D0098 8BE5 MOV ESP,EBP
004D009A 5D POP EBP
004D009B C3 RETN
004D009F 83C4 08 ADD ESP,8 ; 我方攻击跳转过来的
004D00A2 FF75 F8 PUSH DWORD PTR SS:[EBP-8]
004D00A5 FF75 F4 PUSH DWORD PTR SS:[EBP-C]
004D00A8 E8 53FFFFFF CALL Ekd5.004D0000
004D00AD 83C4 08 ADD ESP,8
004D00B0 85C0 TEST EAX,EAX ; 判断返回
004D00B2 74 1A JE SHORT Ekd5.004D00CE
004D00B4 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8] ; 先手攻击
004D00B7 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
004D00BA 8A51 04 MOV DL,BYTE PTR DS:[ECX+4]
004D00BD 52 PUSH EDX
004D00BE 50 PUSH EAX
004D00BF B9 F0274900 MOV ECX,Ekd5.004927F0
004D00C4 E8 2864F3FF CALL Ekd5.004064F1
004D00C9 - E9 85DAF6FF JMP Ekd5.0043DB53
004D00CE 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 正常攻击
004D00D1 - E9 6BDAF6FF JMP Ekd5.0043DB41
作者:
岱瀛 时间: 2007-12-30 21:20 标题: 关于吸血攻击
00405C6C $ 55 PUSH EBP
00405C6D . 8BEC MOV EBP,ESP
00405C6F . 83EC 10 SUB ESP,10
00405C72 . 894D FC MOV DWORD PTR SS:[EBP-4],ECX
00405C75 . 33C9 XOR ECX,ECX
00405C77 . 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
00405C7A . 6A 2C PUSH 2C ; /Arg1 = 0000002C
00405C7C . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
00405C7F . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8] ; |
00405C82 . E8 821D0000 CALL Ekd5.00407A09 ; \Ekd5.00407A09
00405C87 . 85C0 TEST EAX,EAX
00405C89 . 0F84 58B30100 JE Ekd5.00420FE7
00405C8F . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00405C92 . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
00405C95 . E8 81150000 CALL Ekd5.0040721B
00405C9A . 50 PUSH EAX
00405C9B . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00405C9E . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
00405CA1 . 51 PUSH ECX ; /Arg1
00405CA2 . E8 D6610000 CALL Ekd5.0040BE7D ; \Ekd5.0040BE7D
00405CA7 . 83C4 04 ADD ESP,4
00405CAA . 50 PUSH EAX ; /Arg1
00405CAB . E8 26880300 CALL Ekd5.0043E4D6 ; \Ekd5.0043E4D6
00405CB0 . 83C4 04 ADD ESP,4
00405CB3 . 33C9 XOR ECX,ECX
00405CB5 . 8AC8 MOV CL,AL
00405CB7 . 6BC9 24 IMUL ECX,ECX,24
00405CBA . 81C1 502C4B00 ADD ECX,Ekd5.004B2C50
00405CC0 . 894D F0 MOV DWORD PTR SS:[EBP-10],ECX
00405CC3 . E8 C8CF0600 CALL Ekd5.00472C90
00405CC8 . 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX ; |
00405CCB . 50 PUSH EAX ; |Arg2
00405CCC . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
00405CCF . 8B0D B2BF4A00 MOV ECX,DWORD PTR DS:[4ABFB2] ; |
00405CD5 . 51 PUSH ECX ; |Arg1 => 00000000
00405CD6 . E8 AE9D0700 CALL Ekd5.0047FA89 ; \Ekd5.0047FA89
00405CDB . 83C4 0C ADD ESP,0C
00405CDE . 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
00405CE1 . E9 FEB20100 JMP Ekd5.00420FE4
00420FE4 > \2945 F8 SUB DWORD PTR SS:[EBP-8],EAX
00420FE7 > 6A 01 PUSH 1 ; /Arg8 = 00000001
00420FE9 . 6A 00 PUSH 0 ; |Arg7 = 00000000
00420FEB . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
00420FEE . 8B88 2C040000 MOV ECX,DWORD PTR DS:[EAX+42C] ; |
00420FF4 . 51 PUSH ECX ; |Arg6
00420FF5 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
00420FF8 . 8B82 28040000 MOV EAX,DWORD PTR DS:[EDX+428] ; |
00420FFE . 50 PUSH EAX ; |Arg5
00420FFF . 6A 00 PUSH 0 ; |Arg4 = 00000000
00421001 . 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; |
00421004 . 52 PUSH EDX ; |Arg3
00421005 . 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
00421008 . 8A51 01 MOV DL,BYTE PTR DS:[ECX+1] ; |
0042100B . 52 PUSH EDX ; |Arg2
0042100C . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
0042100F . 8A08 MOV CL,BYTE PTR DS:[EAX] ; |
00421011 . 51 PUSH ECX ; |Arg1
00421012 . E8 6DF90200 CALL Ekd5.00450984 ; \Ekd5.00450984
00421017 . 83C4 20 ADD ESP,20
0042101A . 837D F8 00 CMP DWORD PTR SS:[EBP-8],0
0042101E . 74 0C JE SHORT Ekd5.0042102C
00421020 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00421023 . 50 PUSH EAX ; /Arg1
00421024 . 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
00421027 . E8 A1E60100 CALL Ekd5.0043F6CD ; \Ekd5.0043F6CD
0042102C > 6A 01 PUSH 1
0042102E . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00421031 . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
00421034 . E8 1756FEFF CALL Ekd5.00406650
00421039 . 25 FF000000 AND EAX,0FF
0042103E . 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00421041 . 0381 28040000 ADD EAX,DWORD PTR DS:[ECX+428]
00421047 . 50 PUSH EAX
00421048 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0042104B . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
0042104E . E8 FD78FEFF CALL Ekd5.00408950
00421053 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00421056 . 8B88 2C040000 MOV ECX,DWORD PTR DS:[EAX+42C]
0042105C . 51 PUSH ECX
0042105D . 6A 00 PUSH 0
0042105F . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00421062 . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
00421065 . E8 6C72FEFF CALL Ekd5.004082D6
0042106A . 33C9 XOR ECX,ECX
0042106C . 890D B2BF4A00 MOV DWORD PTR DS:[4ABFB2],ECX
00421072 . 8BE5 MOV ESP,EBP
00421074 . 5D POP EBP
00421075 . C3 RETN
轩辕传的exe
00405C6C $ 55 PUSH EBP
00405C6D . 8BEC MOV EBP,ESP
00405C6F . 83EC 10 SUB ESP,10
00405C72 . 894D FC MOV DWORD PTR SS:[EBP-4],ECX
00405C75 . 33C9 XOR ECX,ECX
00405C77 . 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
00405C7A . 6A 2C PUSH 2C ; /Arg1 = 0000002C
00405C7C . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
00405C7F . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8] ; |
00405C82 . E8 821D0000 CALL Ekd5.00407A09 ; \Ekd5.00407A09
00405C87 . 85C0 TEST EAX,EAX
00405C89 . 0F84 58B30100 JE Ekd5.00420FE7 如果是2C跳
00405C8F . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00405C92 . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
00405C95 . E8 81150000 CALL Ekd5.0040721B
00405C9A . 50 PUSH EAX
00405C9B . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00405C9E . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
00405CA1 . 51 PUSH ECX ; /Arg1
00405CA2 . E8 D6610000 CALL Ekd5.0040BE7D ; \Ekd5.0040BE7D
00405CA7 . 83C4 04 ADD ESP,4
00405CAA . 50 PUSH EAX ; /Arg1
00405CAB . E8 26880300 CALL Ekd5.0043E4D6 ; \Ekd5.0043E4D6
00405CB0 . 83C4 04 ADD ESP,4
00405CB3 . 33C9 XOR ECX,ECX
00405CB5 . 8AC8 MOV CL,AL
00405CB7 . 6BC9 24 IMUL ECX,ECX,24
00405CBA . 81C1 502C4B00 ADD ECX,Ekd5.004B2C50
00405CC0 . 894D F0 MOV DWORD PTR SS:[EBP-10],ECX
00405CC3 . E8 C8CF0600 CALL Ekd5.00472C90 //返回当前体力
00405CC8 . 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX ; |
00405CCB . 50 PUSH EAX ; |Arg2
00405CCC . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
00405CCF . 8B0D B2BF4A00 MOV ECX,DWORD PTR DS:[4ABFB2] ; |
00405CD5 . 51 PUSH ECX ; |Arg1 => 00000000
00405CD6 . E8 AE9D0700 CALL Ekd5.0047FA89 ; \Ekd5.0047FA89 返回08栈0C栈之和与10栈的较小值于eax
00405CDB . 83C4 0C ADD ESP,0C
00405CDE . 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
00405CE1 . E9 FEB20100 JMP Ekd5.00420FE4
------------------------------跳到的地方
00420FE4 > \2945 F8 SUB DWORD PTR SS:[EBP-8],EAX
00420FE7 > 6A 01 PUSH 1 ; /Arg8 = 00000001
00420FE9 . 6A 00 PUSH 0 ; |Arg7 = 00000000
00420FEB . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
00420FEE . 8B88 2C040000 MOV ECX,DWORD PTR DS:[EAX+42C] ; |
00420FF4 . 51 PUSH ECX ; |Arg6
00420FF5 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
00420FF8 . 8B82 28040000 MOV EAX,DWORD PTR DS:[EDX+428] ; |
00420FFE . 50 PUSH EAX ; |Arg5
00420FFF . 6A 00 PUSH 0 ; |Arg4 = 00000000
00421001 . 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; |
00421004 . 52 PUSH EDX ; |Arg3
00421005 . 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
00421008 . 8A51 01 MOV DL,BYTE PTR DS:[ECX+1] ; |
0042100B . 52 PUSH EDX ; |Arg2
0042100C . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
0042100F . 8A08 MOV CL,BYTE PTR DS:[EAX] ; |
00421011 . 51 PUSH ECX ; |Arg1
00421012 . E8 6DF90200 CALL Ekd5.00450984 ; \Ekd5.00450984
00421017 . 83C4 20 ADD ESP,20
0042101A . 837D F8 00 CMP DWORD PTR SS:[EBP-8],0
0042101E . 74 0C JE SHORT Ekd5.0042102C
00421020 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00421023 . 50 PUSH EAX ; /Arg1
00421024 . 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
00421027 . E8 A1E60100 CALL Ekd5.0043F6CD ; \Ekd5.0043F6CD
0042102C > 6A 01 PUSH 1
0042102E . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00421031 . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
00421034 . E8 1756FEFF CALL Ekd5.00406650 获取武将ecx的经验
00421039 . 25 FF000000 AND EAX,0FF
0042103E . 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00421041 . 0381 28040000 ADD EAX,DWORD PTR DS:[ECX+428]
00421047 . 50 PUSH EAX
00421048 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0042104B . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
0042104E . E8 FD78FEFF CALL Ekd5.00408950
00421053 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00421056 . 8B88 2C040000 MOV ECX,DWORD PTR DS:[EAX+42C]
0042105C . 51 PUSH ECX
0042105D . 6A 00 PUSH 0
0042105F . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00421062 . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
00421065 . E8 6C72FEFF CALL Ekd5.004082D6
0042106A . 33C9 XOR ECX,ECX
0042106C . 890D B2BF4A00 MOV DWORD PTR DS:[4ABFB2],ECX
00421072 . 8BE5 MOV ESP,EBP
00421074 . 5D POP EBP
00421075 . C3 RETN
00405C6C $ 55 PUSH EBP
00405C6D . 8BEC MOV EBP,ESP
00405C6F . 83EC 10 SUB ESP,10
00405C72 . 894D FC MOV DWORD PTR SS:[EBP-4],ECX
00405C75 . 6A 01 PUSH 1
00405C77 . 6A 00 PUSH 0
00405C79 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00405C7C . 8B88 2C040000 MOV ECX,DWORD PTR DS:[EAX+42C]
00405C82 . 51 PUSH ECX
00405C83 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00405C86 . 8B82 28040000 MOV EAX,DWORD PTR DS:[EDX+428]
00405C8C . 50 PUSH EAX
00405C8D . 6A 00 PUSH 0
00405C8F . 33C9 XOR ECX,ECX
00405C91 . 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
00405C94 . 6A 43 PUSH 43 ; /Arg1 = 00000043
00405C96 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
00405C99 . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8] ; |
00405C9C . E8 681D0000 CALL EKD500407A09 ; \EKD500407A09
00405CA1 . 85C0 TEST EAX,EAX
00405CA3 . 0F84 E0A30300 JE EKD500440089 //相等,证明是吸血攻击,跳转
00405CA9 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00405CAC . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
00405CAF . E8 67150000 CALL EKD50040721B
00405CB4 . 50 PUSH EAX
00405CB5 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00405CB8 . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
00405CBB . 51 PUSH ECX ; /Arg1
00405CBC . E8 BC610000 CALL EKD50040BE7D ; \EKD50040BE7D
00405CC1 . 83C4 04 ADD ESP,4
00405CC4 . 50 PUSH EAX ; /Arg1
00405CC5 . E8 0C880300 CALL EKD50043E4D6 ; \EKD50043E4D6
00405CCA . 83C4 04 ADD ESP,4
00405CCD . 33C9 XOR ECX,ECX
00405CCF . 8AC8 MOV CL,AL
00405CD1 . 6BC9 24 IMUL ECX,ECX,24
00405CD4 . 81C1 502C4B00 ADD ECX,EKD5004B2C50
00405CDA . 894D F0 MOV DWORD PTR SS:[EBP-10],ECX
00405CDD . E9 86A30300 JMP EKD500440068
00405CE2 > E8 89820100 CALL EKD50041DF70
00405CE7 . 3C 5C CMP AL,5C
00405CE9 . 75 04 JNZ SHORT EKD500405CEF
00405CEB . B0 64 MOV AL,64
00405CED . EB 76 JMP SHORT EKD500405D65
00405CEF > 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
00405CF2 . 8B49 0C MOV ECX,DWORD PTR DS:[ECX+C]
00405CF5 . E8 37990300 CALL EKD50043F631
00405CFA . 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
00405CFD . 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
00405D00 . 33D2 XOR EDX,EDX
00405D02 . 8A51 01 MOV DL,BYTE PTR DS:[ECX+1]
00405D05 . 8BCA MOV ECX,EDX
00405D07 . 6BC9 24 IMUL ECX,ECX,24
00405D0A . 81C1 502C4B00 ADD ECX,EKD5004B2C50
00405D10 . E8 1C990300 CALL EKD50043F631
00405D15 . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00405D18 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00405D1B . 6BC0 03 IMUL EAX,EAX,3
00405D1E . 3945 F8 CMP DWORD PTR SS:[EBP-8],EAX
00405D21 . 72 04 JB SHORT EKD500405D27
00405D23 . B0 64 MOV AL,64
00405D25 . EB 3E JMP SHORT EKD500405D65
00405D27 > 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00405D2A . D1E1 SHL ECX,1
00405D2C . 394D F8 CMP DWORD PTR SS:[EBP-8],ECX
00405D2F . 72 17 JB SHORT EKD500405D48
00405D31 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00405D34 . D1E2 SHL EDX,1
00405D36 . 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
00405D39 . 2BC2 SUB EAX,EDX
00405D3B . 6BC0 50 IMUL EAX,EAX,50
00405D3E . 33D2 XOR EDX,EDX
00405D40 . F775 FC DIV DWORD PTR SS:[EBP-4]
00405D43 . 83C0 14 ADD EAX,14
00405D46 . EB 1D JMP SHORT EKD500405D65
00405D48 > 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
00405D4B . 3B45 FC CMP EAX,DWORD PTR SS:[EBP-4]
00405D4E . 72 13 JB SHORT EKD500405D63
00405D50 . 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
00405D53 . 2B45 FC SUB EAX,DWORD PTR SS:[EBP-4]
00405D56 . 6BC0 12 IMUL EAX,EAX,12
00405D59 . 33D2 XOR EDX,EDX
00405D5B . F775 FC DIV DWORD PTR SS:[EBP-4]
00405D5E . 83C0 02 ADD EAX,2
00405D61 . EB 02 JMP SHORT EKD500405D65
00405D63 > B0 01 MOV AL,1
00405D65 > 8BE5 MOV ESP,EBP
00405D67 . 5D POP EBP
00405D68 . C3 RETN
00440089 > \8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; |
0044008C . 52 PUSH EDX ; |Arg3
0044008D . 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
00440090 . 8A51 01 MOV DL,BYTE PTR DS:[ECX+1] ; |
00440093 . 52 PUSH EDX ; |Arg2
00440094 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
00440097 . 8A08 MOV CL,BYTE PTR DS:[EAX] ; |
00440099 . 51 PUSH ECX ; |Arg1
0044009A . E8 E5080100 CALL EKD500450984 ; \EKD500450984
0044009F . 83C4 20 ADD ESP,20
004400A2 . 837D F8 00 CMP DWORD PTR SS:[EBP-8],0
004400A6 . 74 0C JE SHORT EKD5004400B4
004400A8 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004400AB . 50 PUSH EAX ; /Arg1
004400AC . 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
004400AF . E8 19F6FFFF CALL EKD50043F6CD ; \EKD50043F6CD
004400B4 > 6A 01 PUSH 1
004400B6 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
004400B9 . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
004400BC . E8 8F65FCFF CALL EKD500406650
004400C1 . 25 FF000000 AND EAX,0FF ; |
004400C6 . 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
004400C9 . 0381 28040000 ADD EAX,DWORD PTR DS:[ECX+428] ; |
004400CF . 50 PUSH EAX ; |Arg1
004400D0 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
004400D3 . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8] ; |
004400D6 . E8 7588FCFF CALL EKD500408950 ; \EKD500408950
004400DB . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004400DE . 8B88 2C040000 MOV ECX,DWORD PTR DS:[EAX+42C]
004400E4 . 51 PUSH ECX ; /Arg2
004400E5 . 6A 00 PUSH 0 ; |Arg1 = 00000000
004400E7 . 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
004400EA . 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8] ; |
004400ED . E8 E481FCFF CALL EKD5004082D6 ; \EKD5004082D6
004400F2 . 33C9 XOR ECX,ECX
004400F4 . 890D B2BF4A00 MOV DWORD PTR DS:[4ABFB2],ECX
004400FA . 8BE5 MOV ESP,EBP
004400FC . 5D POP EBP
004400FD . C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:20 标题: 无限引导
43DADA函数
0043DADA /$ 55 PUSH EBP
0043DADB |. 8BEC MOV EBP,ESP
0043DADD |. 83EC 0C SUB ESP,0C
0043DAE0 |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
0043DAE3 |. C645 F8 FF MOV BYTE PTR SS:[EBP-8],0FF
0043DAE7 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0043DAEA |. E8 281E0000 CALL Ekd5.0043F917
0043DAEF |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
0043DAF2 |. 68 FF000000 PUSH 0FF
0043DAF7 |. 6A 01 PUSH 1
0043DAF9 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0043DAFC |. E8 BD1D0000 CALL Ekd5.0043F8BE
0043DB01 |. 50 PUSH EAX ; |Arg2
0043DB02 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; |
0043DB05 |. 8A48 04 MOV CL,BYTE PTR DS:[EAX+4] ; |
0043DB08 |. 51 PUSH ECX ; |Arg1
0043DB09 |. B9 50424B00 MOV ECX,Ekd5.004B4250 ; |
0043DB0E |. E8 2A780100 CALL Ekd5.0045533D ; \Ekd5.0045533D //攻击范围
0043DB13 |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
0043DB16 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
0043DB19 |. 81E2 FF000000 AND EDX,0FF
0043DB1F |. 81FA FF000000 CMP EDX,0FF
0043DB25 |. 0F84 F2000000 JE Ekd5.0043DC1D
0043DB2B |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8]
0043DB2E |. 50 PUSH EAX ; /Arg2
0043DB2F |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DB32 |. 8A51 04 MOV DL,BYTE PTR DS:[ECX+4] ; |
0043DB35 |. 52 PUSH EDX ; |Arg1
0043DB36 |. E8 EE7CFFFF CALL Ekd5.00435829 ; \Ekd5.00435829
0043DB3B |. 83C4 08 ADD ESP,8
0043DB3E |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8]
0043DB41 |. 50 PUSH EAX ; /Arg2
0043DB42 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DB45 |. 8A51 04 MOV DL,BYTE PTR DS:[ECX+4] ; |
0043DB48 |. 52 PUSH EDX ; |Arg1
0043DB49 |. B9 F0274900 MOV ECX,Ekd5.004927F0 ; |
0043DB4E |. E8 9E89FCFF CALL Ekd5.004064F1 ; \Ekd5.004064F1 进行攻击(包括攻击动作和数值变化)
0043DB53 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0043DB56 |. 81E1 FF000000 AND ECX,0FF
0043DB5C |. 6BC9 24 IMUL ECX,ECX,24
0043DB5F |. 81C1 502C4B00 ADD ECX,Ekd5.004B2C50
0043DB65 |. E8 26510300 CALL Ekd5.00472C90 返回武将ecx的当前体力
0043DB6A |. 85C0 TEST EAX,EAX
0043DB6C |. 0F85 97000000 JNZ Ekd5.0043DC09 若EAX的值不会0(人没死),则跳转,不会引导
0043DB72 |. 6A 2E PUSH 2E ; /Arg1 = 0000002E 判断是不是2E引导攻击
0043DB74 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; |
0043DB77 |. 8B08 MOV ECX,DWORD PTR DS:[EAX] ; |
0043DB79 |. 6BC9 48 IMUL ECX,ECX,48 ; |
0043DB7C |. 81C1 681B4A00 ADD ECX,Ekd5.004A1B68 ; |
0043DB82 |. E8 829EFCFF CALL Ekd5.00407A09 ; \Ekd5.00407A09检测武将ecx是否装备特殊效果为08栈的特殊道具
0043DB87 |. 85C0 TEST EAX,EAX
0043DB89 |. 74 7E JE SHORT Ekd5.0043DC09 若EAX的值不会0(不相等),则跳转,不会引导
0043DB8B |. 68 FF000000 PUSH 0FF ; /Arg3 = 000000FF
0043DB90 |. 68 40060000 PUSH 640 ; |Arg2 = 00000640
0043DB95 |. 6A 04 PUSH 4 ; |/Arg3 = 00000004
0043DB97 |. 6A 00 PUSH 0 ; ||Arg2 = 00000000
0043DB99 |. 68 C0120000 PUSH 12C0 ; ||Arg1 = 000012C0
0043DB9E |. B9 38EB4A00 MOV ECX,Ekd5.004AEB38 ; ||
0043DBA3 |. E8 981E0400 CALL Ekd5.0047FA40 ; |\Ekd5.0047FA40
0043DBA8 |. 50 PUSH EAX ; |Arg1
0043DBA9 |. E8 65210400 CALL Ekd5.0047FD13 ; \Ekd5.0047FD13
0043DBAE |. 83C4 0C ADD ESP,0C
0043DBB1 |. 6A 00 PUSH 0
0043DBB3 |. 6A 00 PUSH 0
0043DBB5 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0043DBB8 |. E8 011D0000 CALL Ekd5.0043F8BE
0043DBBD |. 50 PUSH EAX ; |Arg2
0043DBBE |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DBC1 |. 83C1 06 ADD ECX,6 ; |
0043DBC4 |. 51 PUSH ECX ; |Arg1
0043DBC5 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DBC8 |. E8 B989FFFF CALL Ekd5.00436586 ; \Ekd5.00436586
0043DBCD |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
0043DBD0 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
0043DBD3 |. 81E2 FF000000 AND EDX,0FF
0043DBD9 |. 81FA FF000000 CMP EDX,0FF
0043DBDF |. 74 28 JE SHORT Ekd5.0043DC09 //判断EDX,如果不等于0FF则跳转
0043DBE1 |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8]
0043DBE4 |. 50 PUSH EAX ; /Arg2
0043DBE5 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DBE8 |. 8A51 04 MOV DL,BYTE PTR DS:[ECX+4] ; |
0043DBEB |. 52 PUSH EDX ; |Arg1
0043DBEC |. E8 387CFFFF CALL Ekd5.00435829 ; \Ekd5.00435829
0043DBF1 |. 83C4 08 ADD ESP,8
0043DBF4 |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8]
0043DBF7 |. 50 PUSH EAX -----JMP 0043DB41
0043DBF8 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DBFB |. 8A51 04 MOV DL,BYTE PTR DS:[ECX+4] ; |
0043DBFE |. 52 PUSH EDX ; |Arg1
0043DBFF |. B9 F0274900 MOV ECX,Ekd5.004927F0 ; |
0043DC04 |. E8 E888FCFF CALL Ekd5.004064F1 ; \Ekd5.004064F1
0043DC09 |> 6A 06 PUSH 6 ; /Arg1 = 00000006
0043DC0B |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DC0E |. E8 054B0000 CALL Ekd5.00442718 ; \Ekd5.00442718
0043DC13 |. B9 50424B00 MOV ECX,Ekd5.004B4250
0043DC18 |. E8 F65E0100 CALL Ekd5.00453B13
0043DC1D |> 8BE5 MOV ESP,EBP
0043DC1F |. 5D POP EBP
0043DC20 \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:21 标题: 有关文件操作的函数
开始写存档的地方
0041B1FC |. 85C0 TEST EAX,EAX
0041B1FE |. 75 24 JNZ SHORT WaGan.0041B224
0041B200 |. C785 D0FEFFFF>MOV DWORD PTR SS:[EBP-130],0
0041B20A |. C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0041B211 |. 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
0041B214 |. E8 30DDFFFF CALL WaGan.00418F49
0041B219 |. 8B85 D0FEFFFF MOV EAX,DWORD PTR SS:[EBP-130]
0041B21F |. E9 EA020000 JMP WaGan.0041B50E
0041B224 |> 6A 0E PUSH 0E ; /Arg1 = 0000000E
0041B226 |. E8 F0050100 CALL WaGan.0042B81B ; \WaGan.0042B81B
0041B22B |. 83C4 04 ADD ESP,4
0041B22E |. A1 606F4900 MOV EAX,DWORD PTR DS:[496F60]
0041B233 |. C600 05 MOV BYTE PTR DS:[EAX],5
0041B236 |. B9 0000D600 MOV ECX,0D60000
0041B23B |. E8 90B3FEFF CALL WaGan.004065D0
0041B240 |. 8B0D 606F4900 MOV ECX,DWORD PTR DS:[496F60]
0041B246 |. 8841 01 MOV BYTE PTR DS:[ECX+1],AL
0041B249 |. B9 3CC64A00 MOV ECX,WaGan.004AC63C
0041B24E |. E8 5D06FFFF CALL WaGan.0040B8B0
0041B253 |. 8B15 606F4900 MOV EDX,DWORD PTR DS:[496F60]
0041B259 |. 8842 02 MOV BYTE PTR DS:[EDX+2],AL
0041B25C |. B9 70074B00 MOV ECX,WaGan.004B0770
0041B261 |. E8 2920FFFF CALL WaGan.0040D28F
0041B266 |. 8B0D 606F4900 MOV ECX,DWORD PTR DS:[496F60]
0041B26C |. 8841 03 MOV BYTE PTR DS:[ECX+3],AL
0041B26F |. 8B15 606F4900 MOV EDX,DWORD PTR DS:[496F60]
0041B275 |. 33C0 XOR EAX,EAX
创建或打开文件 (传进来的参数有,08栈,放文件名的地址,ecx放需要返回得到句柄的内存地址)
004190BB /$ 55 PUSH EBP
004190BC |. 8BEC MOV EBP,ESP
004190BE |. 51 PUSH ECX
004190BF |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
004190C2 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004190C5 |. 8338 00 CMP DWORD PTR DS:[EAX],0
004190C8 |. 75 2D JNZ SHORT WaGan.004190F7
004190CA |. 6A 00 PUSH 0 ; /hTemplateFile = NULL
004190CC |. 68 80000000 PUSH 80 ; |Attributes = NORMAL
004190D1 |. 6A 04 PUSH 4 ; |Mode = OPEN_ALWAYS
004190D3 |. 6A 00 PUSH 0 ; |pSecurity = NULL
004190D5 |. 6A 01 PUSH 1 ; |ShareMode = FILE_SHARE_READ
004190D7 |. 68 000000C0 PUSH C0000000 ; |Access = GENERIC_READ|GENERIC_WRITE
004190DC |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
004190DF |. 51 PUSH ECX ; |FileName
004190E0 |. FF15 18614800 CALL DWORD PTR DS:[<&KERNEL32.CreateFile>; \CreateFileA
004190E6 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] 把
004190E9 |. 8902 MOV DWORD PTR DS:[EDX],EAX 句柄放到传进来的地址中
004190EB |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004190EE |. 8338 FF CMP DWORD PTR DS:[EAX],-1
004190F1 |. 75 04 JNZ SHORT WaGan.004190F7
004190F3 |. 33C0 XOR EAX,EAX
004190F5 |. EB 05 JMP SHORT WaGan.004190FC
004190F7 |> B8 01000000 MOV EAX,1
004190FC |> 8BE5 MOV ESP,EBP
004190FE |. 5D POP EBP
004190FF \. C2 0400 RETN 4
读文件(传进来的参数有ecx句柄地址,08栈buffer地址,0C栈读文件字节数)
00419102 /$ 55 PUSH EBP
00419103 |. 8BEC MOV EBP,ESP
00419105 |. 83EC 10 SUB ESP,10
00419108 |. 894D F0 MOV DWORD PTR SS:[EBP-10],ECX 句柄地址
0041910B |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0041910E |. 8338 00 CMP DWORD PTR DS:[EAX],0
00419111 |. 74 47 JE SHORT WaGan.0041915A 句柄不能为空
00419113 |. C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041911A |. EB 09 JMP SHORT WaGan.00419125
0041911C |> 8B4D F4 /MOV ECX,DWORD PTR SS:[EBP-C]
0041911F |. 83C1 01 |ADD ECX,1
00419122 |. 894D F4 |MOV DWORD PTR SS:[EBP-C],ECX
00419125 |> 6A 00 PUSH 0 ; /pOverlapped = NULL
00419127 |. 8D55 FC |LEA EDX,DWORD PTR SS:[EBP-4] ; |
0041912A |. 52 |PUSH EDX ; |pBytesRead
0041912B |. 8B45 0C |MOV EAX,DWORD PTR SS:[EBP+C] ; |
0041912E |. 50 |PUSH EAX ; |BytesToRead
0041912F |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8] ; |
00419132 |. 51 |PUSH ECX ; |Buffer
00419133 |. 8B55 F0 |MOV EDX,DWORD PTR SS:[EBP-10] ; |
00419136 |. 8B02 |MOV EAX,DWORD PTR DS:[EDX] ; |
00419138 |. 50 |PUSH EAX ; |hFile 文件句柄,通过CreateFile得来
00419139 |. FF15 14614800 |CALL DWORD PTR DS:[<&KERNEL32.ReadFile>>; \ReadFile
0041913F |. 8945 F8 |MOV DWORD PTR SS:[EBP-8],EAX
00419142 |. 837D F8 00 |CMP DWORD PTR SS:[EBP-8],0
00419146 |. 75 0C |JNZ SHORT WaGan.00419154
00419148 |. 837D F4 05 |CMP DWORD PTR SS:[EBP-C],5 连续尝试读5次
0041914C |. 7E 04 |JLE SHORT WaGan.00419152
0041914E |. 33C0 |XOR EAX,EAX
00419150 |. EB 0F |JMP SHORT WaGan.00419161 读失败
00419152 |> EB 02 |JMP SHORT WaGan.00419156
00419154 |> EB 02 |JMP SHORT WaGan.00419158
00419156 |>^ EB C4 \JMP SHORT WaGan.0041911C
00419158 |> EB 04 JMP SHORT WaGan.0041915E
0041915A |> 33C0 XOR EAX,EAX
0041915C |. EB 03 JMP SHORT WaGan.00419161
0041915E |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 读成功,布尔返回值返回
00419161 |> 8BE5 MOV ESP,EBP
00419163 |. 5D POP EBP
00419164 \. C2 0800 RETN 8
419194 [0C--0] 419231 4192AA
设置文件指针( ecx句柄地址,08栈移动字节数,0C栈 flag—how to move)
FILE_BEGIN The starting point is zero or the beginning of the file.
FILE_CURRENT The starting point is the current value of the file pointer.
FILE_END The starting point is the current end-of-file position.
004191AF /$ 55 PUSH EBP
004191B0 |. 8BEC MOV EBP,ESP
004191B2 |. 83EC 0C SUB ESP,0C
004191B5 |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
004191B8 |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
004191BF |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
004191C2 |. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
004191C5 |. 837D F4 00 CMP DWORD PTR SS:[EBP-C],0
004191C9 |. 74 0E JE SHORT WaGan.004191D9
004191CB |. 837D F4 01 CMP DWORD PTR SS:[EBP-C],1
004191CF |. 74 11 JE SHORT WaGan.004191E2
004191D1 |. 837D F4 02 CMP DWORD PTR SS:[EBP-C],2
004191D5 |. 74 14 JE SHORT WaGan.004191EB
004191D7 |. EB 1B JMP SHORT WaGan.004191F4
004191D9 |> C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
004191E0 |. EB 19 JMP SHORT WaGan.004191FB
004191E2 |> C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
004191E9 |. EB 10 JMP SHORT WaGan.004191FB
004191EB |> C745 FC 02000>MOV DWORD PTR SS:[EBP-4],2
004191F2 |. EB 07 JMP SHORT WaGan.004191FB
004191F4 |> C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
004191FB |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
004191FE |. 8339 00 CMP DWORD PTR DS:[ECX],0
00419201 |. 74 16 JE SHORT WaGan.00419219
00419203 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00419206 |. 52 PUSH EDX ; /Origin how to move
00419207 |. 6A 00 PUSH 0 ; |pOffsetHi = NULL
00419209 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; |
0041920C |. 50 PUSH EAX ; |OffsetLo 移动的字节数
0041920D |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
00419210 |. 8B11 MOV EDX,DWORD PTR DS:[ECX] ; |
00419212 |. 52 PUSH EDX ; |hFile 句饼
00419213 |. FF15 04614800 CALL DWORD PTR DS:[<&KERNEL32.SetFilePoi>; \SetFilePointer
00419219 |> 8BE5 MOV ESP,EBP
0041921B |. 5D POP EBP
0041921C \. C2 0800 RETN 8
写文件 (ecx文件句柄,08栈缓冲区地址,+C要写多少字节)
0041923C /$ 55 PUSH EBP
0041923D |. 8BEC MOV EBP,ESP
0041923F |. 83EC 0C SUB ESP,0C
00419242 |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
00419245 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00419248 |. 8338 00 CMP DWORD PTR DS:[EAX],0
0041924B |. 74 27 JE SHORT WaGan.00419274
0041924D |. 6A 00 PUSH 0 ; /pOverlapped = NULL
0041924F |. 8D4D FC LEA ECX,DWORD PTR SS:[EBP-4] ; |
00419252 |. 51 PUSH ECX ; |pBytesWritten
00419253 |. 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C] ; |
00419256 |. 52 PUSH EDX ; |nBytesToWrite
00419257 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; |
0041925A |. 50 PUSH EAX ; |Buffer
0041925B |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
0041925E |. 8B11 MOV EDX,DWORD PTR DS:[ECX] ; |
00419260 |. 52 PUSH EDX ; |hFile
00419261 |. FF15 0C614800 CALL DWORD PTR DS:[<&KERNEL32.WriteFile>>; \WriteFile
00419267 |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
0041926A |. 837D F8 00 CMP DWORD PTR SS:[EBP-8],0
0041926E |. 75 04 JNZ SHORT WaGan.00419274
00419270 |. 33C0 XOR EAX,EAX
00419272 |. EB 03 JMP SHORT WaGan.00419277
00419274 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00419277 |> 8BE5 MOV ESP,EBP
00419279 |. 5D POP EBP
0041927A \. C2 0800 RETN 8
关闭文件剧柄 (Ecx放文件句柄)
004192C5 /$ 55 PUSH EBP
004192C6 |. 8BEC MOV EBP,ESP
004192C8 |. 51 PUSH ECX
004192C9 |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
004192CC |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004192CF |. 8338 00 CMP DWORD PTR DS:[EAX],0
004192D2 |. 74 24 JE SHORT WaGan.004192F8
004192D4 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004192D7 |. 8B11 MOV EDX,DWORD PTR DS:[ECX]
004192D9 |. 52 PUSH EDX ; /hObject
004192DA |. FF15 08614800 CALL DWORD PTR DS:[<&KERNEL32.CloseHandl>; \CloseHandle
004192E0 |. 85C0 TEST EAX,EAX
004192E2 |. 74 10 JE SHORT WaGan.004192F4
004192E4 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004192E7 |. C700 00000000 MOV DWORD PTR DS:[EAX],0
004192ED |. B8 01000000 MOV EAX,1
004192F2 |. EB 09 JMP SHORT WaGan.004192FD
004192F4 |> 33C0 XOR EAX,EAX
004192F6 |. EB 05 JMP SHORT WaGan.004192FD
004192F8 |> B8 01000000 MOV EAX,1
004192FD |> 8BE5 MOV ESP,EBP
004192FF |. 5D POP EBP
00419300 \. C3 RETN
删除文件
00419301 /. 55 PUSH EBP
00419302 |. 8BEC MOV EBP,ESP
00419304 |. 51 PUSH ECX
00419305 |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
00419308 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041930B |. E8 B5FFFFFF CALL WaGan.004192C5
00419310 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00419313 |. 50 PUSH EAX ; /FileName
00419314 |. FF15 F8604800 CALL DWORD PTR DS:[<&KERNEL32.DeleteFile>; \DeleteFileA
0041931A |. 8BE5 MOV ESP,EBP
0041931C |. 5D POP EBP
0041931D \. C2 0400 RETN 4
获取文件大小
004193A5 /$ 55 PUSH EBP
004193A6 |. 8BEC MOV EBP,ESP
004193A8 |. 83EC 08 SUB ESP,8
004193AB |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
004193AE |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
004193B5 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004193B8 |. 8338 00 CMP DWORD PTR DS:[EAX],0
004193BB |. 74 1E JE SHORT WaGan.004193DB
004193BD |. 6A 00 PUSH 0 ; /pFileSizeHigh = NULL
004193BF |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
004193C2 |. 8B11 MOV EDX,DWORD PTR DS:[ECX] ; |
004193C4 |. 52 PUSH EDX ; |hFile
004193C5 |. FF15 EC604800 CALL DWORD PTR DS:[<&KERNEL32.GetFileSiz>; \GetFileSize
004193CB |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004193CE |. 837D FC FF CMP DWORD PTR SS:[EBP-4],-1
004193D2 |. 75 07 JNZ SHORT WaGan.004193DB
004193D4 |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
004193DB |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004193DE |. 8BE5 MOV ESP,EBP
004193E0 |. 5D POP EBP
004193E1 \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:22 标题: 说岳6D指令
38--用了14个word型变量
00410CFC /. 55 PUSH EBP
00410CFD |. 8BEC MOV EBP,ESP
00410CFF |. 83EC 38 SUB ESP,38
00410D02 |. 33D2 XOR EDX,EDX
00410D04 |> 8955 D4 /MOV DWORD PTR SS:[EBP-2C],EDX
00410D07 |. 8A92 DB0E4100 |MOV DL,BYTE PTR DS:[EDX+410EDB] // 取参数前缀
00410D0D |. 81E2 FF000000 |AND EDX,0FF
00410D13 |. 8955 D0 |MOV DWORD PTR SS:[EBP-30],EDX
00410D16 |. 52 |PUSH EDX ; /Arg1 参数前缀
00410D17 |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8] ; |
00410D1A |. E8 D8760000 |CALL EKD53.004183F7 ; \EKD53.004183F7 这一段是解析剧本参数
00410D1F |. 8B55 D0 |MOV EDX,DWORD PTR SS:[EBP-30]
00410D22 |. 83FA 04 |CMP EDX,4 //读到第四次就跳掉
00410D25 |. 74 1B |JE SHORT EKD53.00410D42
00410D27 |. 8B55 D4 |MOV EDX,DWORD PTR SS:[EBP-2C]
00410D2A |. 66:894495 E0 |MOV WORD PTR SS:[EBP+EDX*4-20],AX
00410D2F |. 25 FFFF0000 |AND EAX,0FFFF
00410D34 |. 3D 00800000 |CMP EAX,8000
00410D39 |. 75 1F |JNZ SHORT EKD53.00410D5A //结果不相等的话,OK, 否则会退出
00410D3B |. B8 05000000 |MOV EAX,5
00410D40 |. EB 13 |JMP SHORT EKD53.00410D55
00410D42 |> 8B55 D4 |MOV EDX,DWORD PTR SS:[EBP-2C]
00410D45 |. 894495 E0 |MOV DWORD PTR SS:[EBP+EDX*4-20],EAX
00410D49 |. 3D 00000080 |CMP EAX,80000000
00410D4E |. 75 0A |JNZ SHORT EKD53.00410D5A //结果不相等的话,OK, 否则会退出
00410D50 |. B8 05000000 |MOV EAX,5
00410D55 |> E9 7D010000 |JMP EKD53.00410ED7
00410D5A |> 83FA 07 |CMP EDX,7
00410D5D |. 7D 03 |JGE SHORT EKD53.00410D62
00410D5F |. 42 |INC EDX
00410D60 |.^ EB A2 \JMP SHORT EKD53.00410D04
00410D62 |> 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
00410D65 |. 25 FFFF0000 AND EAX,0FFFF
00410D6A |. 3D FFFF0000 CMP EAX,0FFFF
00410D6F |. 75 06 JNZ SHORT EKD53.00410D77
00410D71 |. 66:C745 E0 00>MOV WORD PTR SS:[EBP-20],0
00410D77 |> E8 A6ABFFFF CALL EKD53.0040B922
00410D7C |. 85C0 TEST EAX,EAX
00410D7E |. 0F84 51010000 JE EKD53.00410ED5 判断返回结果,为0的话退出
00410D84 |. C745 DC FFFF0>MOV DWORD PTR SS:[EBP-24],0FFFF
00410D8B |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20]
00410D8E |. 81E1 FFFF0000 AND ECX,0FFFF
00410D94 |. 83F9 01 CMP ECX,1
00410D97 |. 75 4A JNZ SHORT EKD53.00410DE3
00410D99 |. 837D E8 0F CMP DWORD PTR SS:[EBP-18],0F
00410D9D |. 73 44 JNB SHORT EKD53.00410DE3
00410D9F |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
00410DA2 |. 6BC9 24 IMUL ECX,ECX,24
00410DA5 |. 81C1 502C4B00 ADD ECX,EKD53.004B2C50
00410DAB |. E8 E07E0000 CALL EKD53.00418C90
00410DB0 |. 25 FF000000 AND EAX,0FF
00410DB5 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00410DB8 |. 81E2 FFFF0000 AND EDX,0FFFF
00410DBE |. 83FA 01 CMP EDX,1
00410DC1 |. 76 02 JBE SHORT EKD53.00410DC5
00410DC3 |. 33D2 XOR EDX,EDX
00410DC5 |> 83C2 02 ADD EDX,2
00410DC8 |. 3BC2 CMP EAX,EDX
00410DCA |. 75 15 JNZ SHORT EKD53.00410DE1
00410DCC |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
00410DCF |. 52 PUSH EDX ; /Arg1
00410DD0 |. B9 902F4900 MOV ECX,EKD53.00492F90 ; |
00410DD5 |. E8 F67F0000 CALL EKD53.00418DD0 ; \EKD53.00418DD0
00410DDA |. 8BC8 MOV ECX,EAX
00410DDC |. 8B11 MOV EDX,DWORD PTR DS:[ECX]
00410DDE |. 8955 DC MOV DWORD PTR SS:[EBP-24],EDX
00410DE1 |> EB 18 JMP SHORT EKD53.00410DFB
00410DE3 |> 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
00410DE6 |. 25 FFFF0000 AND EAX,0FFFF
00410DEB |. 85C0 TEST EAX,EAX
00410DED |. 75 0C JNZ SHORT EKD53.00410DFB
00410DEF |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
00410DF2 |. 81E1 FFFF0000 AND ECX,0FFFF
00410DF8 |. 894D DC MOV DWORD PTR SS:[EBP-24],ECX
00410DFB |> 817D DC 00040>CMP DWORD PTR SS:[EBP-24],400
00410E02 |. 0F83 CD000000 JNB EKD53.00410ED5
00410E08 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
00410E0B |. 81E1 FFFF0000 AND ECX,0FFFF
00410E11 |. 81F9 00040000 CMP ECX,400
00410E17 |> 0F83 B8000000 /JNB EKD53.00410ED5
00410E1D |. 6BC9 48 |IMUL ECX,ECX,48
00410E20 |. 81C1 0000D600 |ADD ECX,0D60000
00410E26 |. E8 B16C0600 |CALL EKD53.00477ADC
00410E2B |. 25 FF000000 |AND EAX,0FF
00410E30 |. 3D FF000000 |CMP EAX,0FF
00410E35 |.^ 74 E0 \JE SHORT EKD53.00410E17
00410E37 |. 8BC8 MOV ECX,EAX
00410E39 |. 6BC9 24 IMUL ECX,ECX,24
00410E3C |. 81C1 502C4B00 ADD ECX,EKD53.004B2C50
00410E42 |. 8A41 06 MOV AL,BYTE PTR DS:[ECX+6]
00410E45 |. 25 FF000000 AND EAX,0FF
00410E4A |. 8945 CC MOV DWORD PTR SS:[EBP-34],EAX
00410E4D |. 8A41 07 MOV AL,BYTE PTR DS:[ECX+7]
00410E50 |. 25 FF000000 AND EAX,0FF
00410E55 |. 8945 C8 MOV DWORD PTR SS:[EBP-38],EAX
00410E58 |. 837D F0 28 CMP DWORD PTR SS:[EBP-10],28
00410E5C |. 77 08 JA SHORT EKD53.00410E66
00410E5E |. 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34]
00410E61 |. 0145 F0 ADD DWORD PTR SS:[EBP-10],EAX
00410E64 |. EB 13 JMP SHORT EKD53.00410E79
00410E66 |> 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
00410E69 |. 83E8 28 SUB EAX,28
00410E6C |. 50 PUSH EAX
00410E6D |. 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34]
00410E70 |. 50 PUSH EAX
00410E71 |. E8 28EC0600 CALL EKD53.0047FA9E
00410E76 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
00410E79 |> 837D F4 28 CMP DWORD PTR SS:[EBP-C],28
00410E7D |. 77 08 JA SHORT EKD53.00410E87
00410E7F |. 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38]
00410E82 |. 0145 F4 ADD DWORD PTR SS:[EBP-C],EAX
00410E85 |. EB 13 JMP SHORT EKD53.00410E9A
00410E87 |> 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00410E8A |. 83E8 28 SUB EAX,28
00410E8D |. 50 PUSH EAX
00410E8E |. 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38]
00410E91 |. 50 PUSH EAX
00410E92 |. E8 07EC0600 CALL EKD53.0047FA9E
00410E97 |. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
00410E9A |> 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
00410E9D |. 81E2 FFFF0000 AND EDX,0FFFF
00410EA3 |. 52 PUSH EDX ; /Arg4
00410EA4 |. 8A45 F4 MOV AL,BYTE PTR SS:[EBP-C] ; |
00410EA7 |. 50 PUSH EAX ; |Arg3
00410EA8 |. 8A4D F0 MOV CL,BYTE PTR SS:[EBP-10] ; |
00410EAB |. 51 PUSH ECX ; |Arg2
00410EAC |. 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24] ; |
00410EAF |. 52 PUSH EDX ; |Arg1
00410EB0 |. B9 F05D4B00 MOV ECX,EKD53.004B5DF0 ; |
00410EB5 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
00410EB8 |. 25 FFFF0000 AND EAX,0FFFF ; |
00410EBD |. 83F8 01 CMP EAX,1 ; |
00410EC0 |. 74 07 JE SHORT EKD53.00410EC9 ; |
00410EC2 |. E8 C0850400 CALL EKD53.00459487 ; \EKD53.00459487
00410EC7 |. EB 05 JMP SHORT EKD53.00410ECE
00410EC9 |> E8 D3820400 CALL EKD53.004591A1 ; \EKD53.004591A1
00410ECE |> B8 01000000 MOV EAX,1
00410ED3 |. EB 02 JMP SHORT EKD53.00410ED7
00410ED5 |> 33C0 XOR EAX,EAX
00410ED7 |> 8BE5 MOV ESP,EBP
00410ED9 |. 5D POP EBP
00410EDA \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:22 标题: 鼠标移动过去显示武将信息的函数
0044EE8A |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0044EE8D |. E8 47F2FFFF CALL WaGan.0044E0D9 进入我军阶段,友军阶段,敌军阶段 (不含剧本的)
0044E0D9 $ 55 PUSH EBP
0044E0DA . 8BEC MOV EBP,ESP
0044E0DC . 83EC 38 SUB ESP,38
0044E0DF . 894D C8 MOV DWORD PTR SS:[EBP-38],ECX
0044E0E2 . C645 EC FF MOV BYTE PTR SS:[EBP-14],0FF
0044E0E6 . C645 DC FF MOV BYTE PTR SS:[EBP-24],0FF
0044E0EA . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
0044E0ED . E8 1E160100 CALL WaGan.0045F710
0044E0F2 . C745 F4 01000>MOV DWORD PTR SS:[EBP-C],1
0044E0F9 . C745 E4 00000>MOV DWORD PTR SS:[EBP-1C],0
0044E100 . 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38]
0044E103 . 33C9 XOR ECX,ECX
0044E105 . 8A48 01 MOV CL,BYTE PTR DS:[EAX+1]
0044E108 . 85C9 TEST ECX,ECX
0044E10A . 74 05 JE SHORT WaGan.0044E111
0044E10C . E9 F1050000 JMP WaGan.0044E702
0044E111 > C745 F0 00000>MOV DWORD PTR SS:[EBP-10],0
0044E118 . EB 09 JMP SHORT WaGan.0044E123
0044E11A > 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
0044E11D . 83C2 01 ADD EDX,1
0044E120 . 8955 F0 MOV DWORD PTR SS:[EBP-10],EDX
0044E123 > 837D F0 23 CMP DWORD PTR SS:[EBP-10],23 友军和敌军的界限
0044E127 . 73 65 JNB SHORT WaGan.0044E18E
0044E129 . 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38] 我军或者优军
0044E12C . 33C9 XOR ECX,ECX
0044E12E . 8A48 01 MOV CL,BYTE PTR DS:[EAX+1]
0044E131 . 85C9 TEST ECX,ECX
0044E133 . 75 59 JNZ SHORT WaGan.0044E18E
0044E135 . 68 80000000 PUSH 80 ; /Arg1 = 00000080
0044E13A . 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
0044E13D . 6BC9 24 IMUL ECX,ECX,24 ; |
0044E140 . 81C1 502C4B00 ADD ECX,WaGan.004B2C50 ; |
0044E146 . E8 A579FDFF CALL WaGan.00425AF0 ; \WaGan.00425AF0 判断Ecx武将行动是否结束
0044E14B . 85C0 TEST EAX,EAX
0044E14D . 75 3D JNZ SHORT WaGan.0044E18C
0044E14F . 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
0044E152 . 6BC9 24 IMUL ECX,ECX,24
0044E155 . 81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E15B . E8 7079FDFF CALL WaGan.00425AD0 判断是否能被玩家直接控制
0044E160 . 25 FF000000 AND EAX,0FF
0044E165 . 83F8 07 CMP EAX,7 等于7,玩家控制
0044E168 . 75 22 JNZ SHORT WaGan.0044E18C
0044E16A . 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
0044E16D . 6BC9 24 IMUL ECX,ECX,24
0044E170 . 81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E176 . E8 15ABFCFF CALL WaGan.00418C90 取战场内存+C位置的值
0044E17B . 25 FF000000 AND EAX,0FF
0044E180 . 83F8 02 CMP EAX,2
0044E183 . 75 07 JNZ SHORT WaGan.0044E18C
0044E185 . C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0044E18C >^ EB 8C JMP SHORT WaGan.0044E11A 往上跳,转下一个战场人物
0044E18E > \6A 01 PUSH 1 ; /Arg2 = 00000001 敌人
0044E190 . 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4] ; |
0044E193 . 52 PUSH EDX ; |Arg1
0044E194 . 8B4D C8 MOV ECX,DWORD PTR SS:[EBP-38] ; |
0044E197 . E8 EFE1FFFF CALL WaGan.0044C38B ; \WaGan.0044C38B
0044E19C . 8A45 FD MOV AL,BYTE PTR SS:[EBP-3]
0044E19F . 50 PUSH EAX ; /Arg2
0044E1A0 . 8A4D FC MOV CL,BYTE PTR SS:[EBP-4] ; |
0044E1A3 . 51 PUSH ECX ; |Arg1
0044E1A4 . B9 50424B00 MOV ECX,WaGan.004B4250 ; |
0044E1A9 . E8 916E0000 CALL WaGan.0045503F ; \WaGan.0045503F
0044E1AE . 8B55 C8 MOV EDX,DWORD PTR SS:[EBP-38]
0044E1B1 . C642 05 00 MOV BYTE PTR DS:[EDX+5],0
0044E1B5 . 6A 01 PUSH 1 ; /Arg1 = 00000001
0044E1B7 . E8 00780200 CALL WaGan.004759BC ; \WaGan.004759BC
0044E1BC . 83C4 04 ADD ESP,4
0044E1BF . 6A 00 PUSH 0 ; /Arg1 = 00000000
0044E1C1 . E8 55D6FDFF CALL WaGan.0042B81B ; \WaGan.0042B81B
0044E1C6 . 83C4 04 ADD ESP,4
0044E1C9 > 837D F4 00 CMP DWORD PTR SS:[EBP-C],0
0044E1CD .- FF25 14D04C00 JMP DWORD PTR DS:[<&AutoDLL.ASave>] ; AutoDLL.ASave
0044E1D3 . E8 EC080300 CALL WaGan.0047EAC4
0044E1D8 . C745 F0 00000>MOV DWORD PTR SS:[EBP-10],0
0044E1DF . EB 09 JMP SHORT WaGan.0044E1EA
0044E1E1 > /8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0044E1E4 . |83C0 01 ADD EAX,1
0044E1E7 . |8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
0044E1EA > |837D F4 00 CMP DWORD PTR SS:[EBP-C],0
0044E1EE . |0F85 F5040000 JNZ WaGan.0044E6E9
0044E1F4 . |E8 CB080300 CALL WaGan.0047EAC4
0044E1F9 . |B9 50424B00 MOV ECX,WaGan.004B4250
0044E1FE . |E8 A55C0000 CALL WaGan.00453EA8
0044E203 . |B9 50424B00 MOV ECX,WaGan.004B4250
0044E208 . |E8 FC640000 CALL WaGan.00454709
0044E20D . |8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
0044E210 . |B9 181B4B00 MOV ECX,WaGan.004B1B18
0044E215 . |E8 D615FEFF CALL WaGan.0042F7F0
0044E21A . |85C0 TEST EAX,EAX
0044E21C . |74 2E JE SHORT WaGan.0044E24C
0044E21E . |837D E8 00 CMP DWORD PTR SS:[EBP-18],0
0044E222 . |75 28 JNZ SHORT WaGan.0044E24C
0044E224 . |8B4D C8 MOV ECX,DWORD PTR SS:[EBP-38]
0044E227 . |33D2 XOR EDX,EDX
0044E229 . |8A51 01 MOV DL,BYTE PTR DS:[ECX+1]
0044E22C . |85D2 TEST EDX,EDX
0044E22E . |75 1C JNZ SHORT WaGan.0044E24C
0044E230 . |6A 04 PUSH 4 ; /Arg1 = 00000004
0044E232 . |E8 94E2FDFF CALL WaGan.0042C4CB ; \WaGan.0042C4CB
0044E237 . |83C4 04 ADD ESP,4
0044E23A . |8B4D C8 MOV ECX,DWORD PTR SS:[EBP-38]
0044E23D . |E8 EE84FBFF CALL WaGan.00406730
0044E242 . |B9 50424B00 MOV ECX,WaGan.004B4250
0044E247 . |E8 C7580000 CALL WaGan.00453B13
0044E24C > |B9 50424B00 MOV ECX,WaGan.004B4250
0044E251 . |E8 AD5D0000 CALL WaGan.00454003
0044E256 . |50 PUSH EAX ; /Arg1
0044E257 . |8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20] ; |
0044E25A . |E8 4183FBFF CALL WaGan.004065A0 ; \WaGan.004065A0
0044E25F . |8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
0044E262 . |50 PUSH EAX ; /Arg1
0044E263 . |E8 1C76FEFF CALL WaGan.00435884 ; \WaGan.00435884
0044E268 . |83C4 04 ADD ESP,4
0044E26B . |8845 D8 MOV BYTE PTR SS:[EBP-28],AL
0044E26E . |8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
0044E271 . |81E1 FF000000 AND ECX,0FF
0044E277 . |81F9 FF000000 CMP ECX,0FF
0044E27D . |0F84 C1000000 JE WaGan.0044E344
鼠标移过去就触发
0044E283 . 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
0044E286 . 81E2 FF000000 AND EDX,0FF
0044E28C . 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
0044E28F . 25 FF000000 AND EAX,0FF
0044E294 . 3BD0 CMP EDX,EAX
0044E296 . 0F84 A8000000 JE WaGan.0044E344
0044E29C . B9 50424B00 MOV ECX,WaGan.004B4250
0044E2A1 . E8 F15B0000 CALL WaGan.00453E97
0044E2A6 . 85C0 TEST EAX,EAX
0044E2A8 . 74 0E JE SHORT WaGan.0044E2B8
0044E2AA . B9 50424B00 MOV ECX,WaGan.004B4250
0044E2AF . E8 7E5B0000 CALL WaGan.00453E32
0044E2B4 . C645 EC FF MOV BYTE PTR SS:[EBP-14],0FF
0044E2B8 > 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
0044E2BB . 81E1 FF000000 AND ECX,0FF
0044E2C1 . 81F9 FF000000 CMP ECX,0FF
0044E2C7 . 74 7B JE SHORT WaGan.0044E344
0044E2C9 . 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
0044E2CC . 81E1 FF000000 AND ECX,0FF
0044E2D2 . 6BC9 24 IMUL ECX,ECX,24
0044E2D5 . 81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E2DB . E8 B0A9FCFF CALL WaGan.00418C90
0044E2E0 . 25 FF000000 AND EAX,0FF
0044E2E5 . 83F8 02 CMP EAX,2
0044E2E8 . 75 5A JNZ SHORT WaGan.0044E344
0044E2EA . 33D2 XOR EDX,EDX
0044E2EC . 8A15 34424B00 MOV DL,BYTE PTR DS:[4B4234]
0044E2F2 . 85D2 TEST EDX,EDX
0044E2F4 . 75 4E JNZ SHORT WaGan.0044E344
0044E2F6 . 8A45 D8 MOV AL,BYTE PTR SS:[EBP-28]
0044E2F9 . 8845 EC MOV BYTE PTR SS:[EBP-14],AL
0044E2FC . 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
0044E2FF . 81E1 FF000000 AND ECX,0FF
0044E305 . 6BC9 24 IMUL ECX,ECX,24
0044E308 . 81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E30E . E8 8B21FFFF CALL WaGan.0044049E
0044E313 . 8B0D 08754B00 MOV ECX,DWORD PTR DS:[4B7508]
0044E319 . 51 PUSH ECX ; /hWnd => 00090A5E ('武将情报',class='#32770',parent=001209CA)
0044E31A . FF15 C8624800 CALL DWORD PTR DS:[<&USER32.IsWindowVisi>; \IsWindowVisible
0044E320 . 85C0 TEST EAX,EAX
0044E322 . 74 20 JE SHORT WaGan.0044E344
0044E322 . /74 20 JE SHORT WaGan.0044E344
0044E324 . |8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
0044E327 . |81E1 FF000000 AND ECX,0FF
0044E32D . |6BC9 24 IMUL ECX,ECX,24
0044E330 . |81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E336 . |E8 35130100 CALL WaGan.0045F670 获取武将ecx的data编号
0044E33B . |50 PUSH EAX ; /Arg1
0044E33C . |E8 54B40200 CALL WaGan.00479795 ; \WaGan.00479795
0044E341 . |83C4 04 ADD ESP,4
0044E344 > \8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28]
0044E347 . 81E2 FF000000 AND EDX,0FF
0044E34D . 81FA FF000000 CMP EDX,0FF
0044E353 . 75 54 JNZ SHORT WaGan.0044E3A9
0044E355 . 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38]
0044E358 . 83B8 00050000>CMP DWORD PTR DS:[EAX+500],0
0044E35F . 74 1F JE SHORT WaGan.0044E380
0044E361 . 8B4D E1 MOV ECX,DWORD PTR SS:[EBP-1F]
0044E364 . 81E1 FF000000 AND ECX,0FF
0044E36A . 81F9 FF000000 CMP ECX,0FF
0044E370 . 75 0E JNZ SHORT WaGan.0044E380
0044E372 . FF15 60624800 CALL DWORD PTR DS:[<&USER32.GetActiveWin>; [GetActiveWindow
0044E378 . 3905 686A4B00 CMP DWORD PTR DS:[4B6A68],EAX
0044E37E . 74 29 JE SHORT WaGan.0044E3A9
0044E380 > C645 EC FF MOV BYTE PTR SS:[EBP-14],0FF
0044E384 . B9 50424B00 MOV ECX,WaGan.004B4250
0044E389 . E8 095B0000 CALL WaGan.00453E97
0044E38E . 85C0 TEST EAX,EAX
0044E390 . 74 17 JE SHORT WaGan.0044E3A9
0044E392 . B9 50424B00 MOV ECX,WaGan.004B4250
0044E397 . E8 965A0000 CALL WaGan.00453E32
0044E39C . 8B55 C8 MOV EDX,DWORD PTR SS:[EBP-38]
0044E39F . C782 00050000>MOV DWORD PTR DS:[EDX+500],0
0044E3A9 > E8 16070300 CALL WaGan.0047EAC4
0044E3AE . E8 B8E1FDFF CALL WaGan.0042C56B
0044E3B3 . 83F8 01 CMP EAX,1
0044E3B6 . 0F85 FC000000 JNZ WaGan.0044E4B8
0044E3BC . 33C0 XOR EAX,EAX
0044E3BE . A0 34424B00 MOV AL,BYTE PTR DS:[4B4234]
0044E3C3 . 85C0 TEST EAX,EAX
0044E3C5 . 0F85 ED000000 JNZ WaGan.0044E4B8
0044E3CB . 6A 00 PUSH 0 ; /Arg1 = 00000000
0044E3CD . E8 14BAFFFF CALL WaGan.00449DE6 ; \WaGan.00449DE6
0044E3D2 . 83C4 04 ADD ESP,4
0044E3D5 . 6A 01 PUSH 1 ; /Arg2 = 00000001
0044E3D7 . 6A 00 PUSH 0 ; |Arg1 = 00000000
0044E3D9 . B9 B0694B00 MOV ECX,WaGan.004B69B0 ; |
0044E3DE . E8 97620200 CALL WaGan.0047467A ; \WaGan.0047467A
0044E3E3 . 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0044E3E6 . 81E1 FF000000 AND ECX,0FF
0044E3EC . 81F9 FF000000 CMP ECX,0FF
0044E3F2 . 0F84 89000000 JE WaGan.0044E481
0044E3F8 . 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
0044E3FB . 81E2 FF000000 AND EDX,0FF
0044E401 . 83FA 73 CMP EDX,73
0044E404 . 7D 7B JGE SHORT WaGan.0044E481
0044E406 . 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0044E409 . 81E1 FF000000 AND ECX,0FF
0044E40F . 6BC9 24 IMUL ECX,ECX,24
0044E412 . 81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E418 . E8 C6F9FEFF CALL WaGan.0043DDE3
0044E41D . 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
0044E420 . 6A 00 PUSH 0 ; /lParam = 0
0044E422 . 6A 00 PUSH 0 ; |wParam = 0
0044E424 . 68 02020000 PUSH 202 ; |Message = WM_LBUTTONUP
0044E429 . A1 686A4B00 MOV EAX,DWORD PTR DS:[4B6A68] ; |
0044E42E . 50 PUSH EAX ; |hWnd => NULL
0044E42F . FF15 F4624800 CALL DWORD PTR DS:[<&USER32.SendMessageA>; \SendMessageA
0044E435 . 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0044E438 . 81E1 FF000000 AND ECX,0FF
0044E43E . 6BC9 24 IMUL ECX,ECX,24
0044E441 . 81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E447 . E8 24120100 CALL WaGan.0045F670
0044E44C . 50 PUSH EAX ; /Arg1
0044E44D . B9 F05D4B00 MOV ECX,WaGan.004B5DF0 ; |
0044E452 . E8 F9110100 CALL WaGan.0045F650 ; \WaGan.0045F650
0044E457 . 8A4D EC MOV CL,BYTE PTR SS:[EBP-14]
0044E45A . 51 PUSH ECX ; /Arg1
0044E45B . B9 F05D4B00 MOV ECX,WaGan.004B5DF0 ; |
0044E460 . E8 99D10000 CALL WaGan.0045B5FE ; \WaGan.0045B5FE
0044E465 . C645 EC FF MOV BYTE PTR SS:[EBP-14],0FF
0044E469 . 6A 00 PUSH 0 ; /lParam = 0
0044E46B . 6A 00 PUSH 0 ; |wParam = 0
0044E46D . 68 02020000 PUSH 202 ; |Message = WM_LBUTTONUP
0044E472 . 8B15 686A4B00 MOV EDX,DWORD PTR DS:[4B6A68] ; |
0044E478 . 52 PUSH EDX ; |hWnd => NULL
0044E479 . FF15 F4624800 CALL DWORD PTR DS:[<&USER32.SendMessageA>; \SendMessageA
0044E47F . EB 2D JMP SHORT WaGan.0044E4AE
0044E481 > 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
0044E484 . 25 FF000000 AND EAX,0FF
0044E489 . 3D FF000000 CMP EAX,0FF
0044E48E . 75 1E JNZ SHORT WaGan.0044E4AE
0044E490 . 6A 01 PUSH 1 ; /Arg2 = 00000001
0044E492 . 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20] ; |
0044E495 . 51 PUSH ECX ; |Arg1
0044E496 . B9 50424B00 MOV ECX,WaGan.004B4250 ; |
0044E49B . E8 CD720000 CALL WaGan.0045576D ; \WaGan.0045576D
0044E4A0 . 6A 01 PUSH 1 ; /Arg2 = 00000001
0044E4A2 . 6A 01 PUSH 1 ; |Arg1 = 00000001
0044E4A4 . B9 B0694B00 MOV ECX,WaGan.004B69B0 ; |
0044E4A9 . E8 CC610200 CALL WaGan.0047467A ; \WaGan.0047467A
0044E4AE > 6A 01 PUSH 1 ; /Arg1 = 00000001
0044E4B0 . E8 31B9FFFF CALL WaGan.00449DE6 ; \WaGan.00449DE6
0044E4B5 . 83C4 04 ADD ESP,4
0044E4B8 > B9 083D4B00 MOV ECX,WaGan.004B3D08
0044E4BD . E8 DE140000 CALL WaGan.0044F9A0
0044E4C2 . 25 FF000000 AND EAX,0FF
0044E4C7 . 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
0044E4CA . 837D F8 07 CMP DWORD PTR SS:[EBP-8],7
0044E4CE . 75 2C JNZ SHORT WaGan.0044E4FC
0044E4D0 . 6A 00 PUSH 0 ; /Arg1 = 00000000
0044E4D2 . 8B4D C8 MOV ECX,DWORD PTR SS:[EBP-38] ; |
0044E4D5 . E8 46D9FBFF CALL WaGan.0040BE20 ; \WaGan.0040BE20
0044E4DA . E8 27020000 CALL WaGan.0044E706
0044E4DF . 85C0 TEST EAX,EAX
0044E4E1 . 74 0C JE SHORT WaGan.0044E4EF
0044E4E3 . 6A 06 PUSH 6 ; /Arg1 = 00000006
0044E4E5 . B9 083D4B00 MOV ECX,WaGan.004B3D08 ; |
0044E4EA . E8 31D9FBFF CALL WaGan.0040BE20 ; \WaGan.0040BE20
0044E4EF > 8B55 C8 MOV EDX,DWORD PTR SS:[EBP-38]
0044E4F2 . C782 00050000>MOV DWORD PTR DS:[EDX+500],1
0044E4FC > E8 6AE0FDFF CALL WaGan.0042C56B
0044E501 . 83F8 02 CMP EAX,2
0044E504 . 75 59 JNZ SHORT WaGan.0044E55F
0044E506 . 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
0044E509 . 50 PUSH EAX ; /Arg1
0044E50A . E8 7573FEFF CALL WaGan.00435884 ; \WaGan.00435884
0044E50F . 83C4 04 ADD ESP,4
0044E512 . 8845 D4 MOV BYTE PTR SS:[EBP-2C],AL
0044E515 . 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
0044E518 . 81E1 FF000000 AND ECX,0FF
0044E51E . 81F9 FF000000 CMP ECX,0FF
0044E524 . 74 2F JE SHORT WaGan.0044E555
0044E526 . 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
0044E529 . 81E1 FF000000 AND ECX,0FF
0044E52F . 6BC9 24 IMUL ECX,ECX,24
0044E532 . 81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E538 . E8 33110100 CALL WaGan.0045F670
0044E53D . 50 PUSH EAX ; /Arg1
0044E53E . E8 52B20200 CALL WaGan.00479795 ; \WaGan.00479795
0044E543 . 83C4 04 ADD ESP,4
0044E546 . 8B15 08754B00 MOV EDX,DWORD PTR DS:[4B7508]
0044E54C . 52 PUSH EDX ; /hWnd => NULL
0044E54D . FF15 CC624800 CALL DWORD PTR DS:[<&USER32.SetActiveWin>; \SetActiveWindow
0044E553 . EB 0A JMP SHORT WaGan.0044E55F
0044E555 > 6A 06 PUSH 6 ; /Arg1 = 00000006
0044E557 . 8B4D C8 MOV ECX,DWORD PTR SS:[EBP-38] ; |
0044E55A . E8 C1D8FBFF CALL WaGan.0040BE20 ; \WaGan.0040BE20
0044E55F > 8B4D C8 MOV ECX,DWORD PTR SS:[EBP-38]
0044E562 . E8 39140000 CALL WaGan.0044F9A0
0044E567 . 25 FF000000 AND EAX,0FF
0044E56C . 83F8 06 CMP EAX,6
0044E56F . 75 57 JNZ SHORT WaGan.0044E5C8
0044E571 . 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
0044E574 . 25 FF000000 AND EAX,0FF
0044E579 . 3D FF000000 CMP EAX,0FF
0044E57E . 74 0E JE SHORT WaGan.0044E58E
0044E580 . B9 50424B00 MOV ECX,WaGan.004B4250
0044E585 . E8 A8580000 CALL WaGan.00453E32
0044E58A . C645 EC FF MOV BYTE PTR SS:[EBP-14],0FF
0044E58E > 6A 00 PUSH 0 ; /Arg1 = 00000000
0044E590 . E8 51B8FFFF CALL WaGan.00449DE6 ; \WaGan.00449DE6
0044E595 . 83C4 04 ADD ESP,4
0044E598 . B9 50424B00 MOV ECX,WaGan.004B4250
0044E59D . E8 7A600000 CALL WaGan.0045461C
0044E5A2 . 68 20E14800 PUSH WaGan.0048E120 ; /Arg2 = 0048E120
0044E5A7 . 6A 01 PUSH 1 ; |Arg1 = 00000001
0044E5A9 . E8 EB10FEFF CALL WaGan.0042F699 ; \WaGan.0042F699
0044E5AE . 83C4 08 ADD ESP,8
0044E5B1 . 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
0044E5B4 . 6A 00 PUSH 0 ; /Arg1 = 00000000
0044E5B6 . 8B4D C8 MOV ECX,DWORD PTR SS:[EBP-38] ; |
0044E5B9 . E8 62D8FBFF CALL WaGan.0040BE20 ; \WaGan.0040BE20
0044E5BE . 6A 01 PUSH 1 ; /Arg1 = 00000001
0044E5C0 . E8 21B8FFFF CALL WaGan.00449DE6 ; \WaGan.00449DE6
0044E5C5 . 83C4 04 ADD ESP,4
0044E5C8 > 8B4D C8 MOV ECX,DWORD PTR SS:[EBP-38]
0044E5CB . E8 D0130000 CALL WaGan.0044F9A0
0044E5D0 . 25 FF000000 AND EAX,0FF
0044E5D5 . 83F8 05 CMP EAX,5
0044E5D8 . 75 05 JNZ SHORT WaGan.0044E5DF
0044E5DA . E9 23010000 JMP WaGan.0044E702
0044E5DF > 837D E4 00 CMP DWORD PTR SS:[EBP-1C],0
0044E5E3 . 0F84 FB000000 JE WaGan.0044E6E4
0044E5E9 . 6A 00 PUSH 0 ; /Arg1 = 00000000
0044E5EB . E8 F6B7FFFF CALL WaGan.00449DE6 ; \WaGan.00449DE6
0044E5F0 . 83C4 04 ADD ESP,4
0044E5F3 . 8B4D C8 MOV ECX,DWORD PTR SS:[EBP-38]
0044E5F6 . E8 08E6FFFF CALL WaGan.0044CC03
0044E5FB . 8B4D C8 MOV ECX,DWORD PTR SS:[EBP-38]
0044E5FE . 33D2 XOR EDX,EDX
0044E600 . 8A51 01 MOV DL,BYTE PTR DS:[ECX+1]
0044E603 . 85D2 TEST EDX,EDX
0044E605 . 75 08 JNZ SHORT WaGan.0044E60F
0044E607 . 8B4D C8 MOV ECX,DWORD PTR SS:[EBP-38]
0044E60A . E8 F2DFFFFF CALL WaGan.0044C601
0044E60F > 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38]
0044E612 . 33C9 XOR ECX,ECX
0044E614 . 8A48 01 MOV CL,BYTE PTR DS:[EAX+1]
0044E617 . 85C9 TEST ECX,ECX
0044E619 . 74 05 JE SHORT WaGan.0044E620
0044E61B . E9 E2000000 JMP WaGan.0044E702
0044E620 > C645 D0 00 MOV BYTE PTR SS:[EBP-30],0
0044E624 . C745 CC 00000>MOV DWORD PTR SS:[EBP-34],0
0044E62B . EB 09 JMP SHORT WaGan.0044E636
0044E62D > 8B55 CC MOV EDX,DWORD PTR SS:[EBP-34]
0044E630 . 83C2 01 ADD EDX,1
0044E633 . 8955 CC MOV DWORD PTR SS:[EBP-34],EDX
0044E636 > 837D CC 23 CMP DWORD PTR SS:[EBP-34],23
0044E63A . 73 6E JNB SHORT WaGan.0044E6AA
0044E63C . 6A 02 PUSH 2 ; /Arg1 = 00000002
0044E63E . 8B4D CC MOV ECX,DWORD PTR SS:[EBP-34] ; |
0044E641 . 6BC9 24 IMUL ECX,ECX,24 ; |
0044E644 . 81C1 502C4B00 ADD ECX,WaGan.004B2C50 ; |
0044E64A . E8 A174FDFF CALL WaGan.00425AF0 ; \WaGan.00425AF0
0044E64F . 85C0 TEST EAX,EAX
0044E651 . 75 55 JNZ SHORT WaGan.0044E6A8
0044E653 . 6A 08 PUSH 8 ; /Arg1 = 00000008
0044E655 . 8B4D CC MOV ECX,DWORD PTR SS:[EBP-34] ; |
0044E658 . 6BC9 24 IMUL ECX,ECX,24 ; |
0044E65B . 81C1 502C4B00 ADD ECX,WaGan.004B2C50 ; |
0044E661 . E8 7A80FBFF CALL WaGan.004066E0 ; \WaGan.004066E0
0044E666 . 85C0 TEST EAX,EAX
0044E668 . 75 3E JNZ SHORT WaGan.0044E6A8
0044E66A . 8B4D CC MOV ECX,DWORD PTR SS:[EBP-34]
0044E66D . 6BC9 24 IMUL ECX,ECX,24
0044E670 . 81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E676 . E8 15A6FCFF CALL WaGan.00418C90
0044E67B . 25 FF000000 AND EAX,0FF
0044E680 . 83F8 02 CMP EAX,2
0044E683 . 75 23 JNZ SHORT WaGan.0044E6A8
0044E685 . 8B4D CC MOV ECX,DWORD PTR SS:[EBP-34]
0044E688 . 6BC9 24 IMUL ECX,ECX,24
0044E68B . 81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E691 . E8 3A74FDFF CALL WaGan.00425AD0
0044E696 . 25 FF000000 AND EAX,0FF
0044E69B . 83F8 07 CMP EAX,7
0044E69E . 75 08 JNZ SHORT WaGan.0044E6A8
0044E6A0 . 8A45 D0 MOV AL,BYTE PTR SS:[EBP-30]
0044E6A3 . 04 01 ADD AL,1
0044E6A5 . 8845 D0 MOV BYTE PTR SS:[EBP-30],AL
0044E6A8 >^ EB 83 JMP SHORT WaGan.0044E62D
0044E6AA > 8B4D D0 MOV ECX,DWORD PTR SS:[EBP-30]
0044E6AD . 81E1 FF000000 AND ECX,0FF
0044E6B3 . 85C9 TEST ECX,ECX
0044E6B5 . 75 1C JNZ SHORT WaGan.0044E6D3
0044E6B7 . B9 50424B00 MOV ECX,WaGan.004B4250
0044E6BC . E8 5B5F0000 CALL WaGan.0045461C
0044E6C1 . 68 20E14800 PUSH WaGan.0048E120 ; /Arg2 = 0048E120
0044E6C6 . 6A 01 PUSH 1 ; |Arg1 = 00000001
0044E6C8 . E8 CC0FFEFF CALL WaGan.0042F699 ; \WaGan.0042F699
0044E6CD . 83C4 08 ADD ESP,8
0044E6D0 . 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
0044E6D3 > C745 E4 00000>MOV DWORD PTR SS:[EBP-1C],0
0044E6DA . 6A 01 PUSH 1 ; /Arg1 = 00000001
0044E6DC . E8 05B7FFFF CALL WaGan.00449DE6 ; \WaGan.00449DE6
0044E6E1 . 83C4 04 ADD ESP,4
0044E6E4 >^ E9 F8FAFFFF JMP WaGan.0044E1E1
0044E6E9 >^ E9 DBFAFFFF JMP WaGan.0044E1C9
0044E6EE . B9 50424B00 MOV ECX,WaGan.004B4250
0044E6F3 . E8 245F0000 CALL WaGan.0045461C
0044E6F8 . B9 50424B00 MOV ECX,WaGan.004B4250
0044E6FD . E8 17700000 CALL WaGan.00455719
0044E702 > 8BE5 MOV ESP,EBP
0044E704 . 5D POP EBP
0044E705 . C3 RETN
鼠标移动过去显示武将信息的函数
总共四种情况:攻击,策略,道具和普通移动
:[EBP-18] 存放着攻击伤害值数
[EBP-4] 存放命中率
004404BD /$ 55 PUSH EBP
004404BE |. 8BEC MOV EBP,ESP
004404C0 |. 83EC 30 SUB ESP,30
004404C3 |. 56 PUSH ESI
004404C4 |. 894D D8 MOV DWORD PTR SS:[EBP-28],ECX
004404C7 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
004404CA |. 8B08 MOV ECX,DWORD PTR DS:[EAX] Data序号
004404CC |. 6BC9 48 IMUL ECX,ECX,48
004404CF |. 81C1 0000D600 ADD ECX,0D60000
004404D5 |. 894D F0 MOV DWORD PTR SS:[EBP-10],ECX
004404D8 |. 8A55 0C MOV DL,BYTE PTR SS:[EBP+C]
004404DB |. 52 PUSH EDX ; /Arg5
004404DC |. 6A 02 PUSH 2 ; |Arg4 = 00000002
004404DE |. 6A 04 PUSH 4 ; |Arg3 = 00000004
004404E0 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ; |
004404E3 |. 66:8B48 06 MOV CX,WORD PTR DS:[EAX+6] ; |
004404E7 |. 51 PUSH ECX ; |Arg2
004404E8 |. 8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C] ; |
004404EB |. 52 PUSH EDX ; |Arg1
004404EC |. E8 5AF70000 CALL WaGan.0044FC4B ; \WaGan.0044FC4B
004404F1 |. 83C4 14 ADD ESP,14
004404F4 |. 8A45 E4 MOV AL,BYTE PTR SS:[EBP-1C]
004404F7 |. 8845 F4 MOV BYTE PTR SS:[EBP-C],AL
004404FA |. 8A4D E5 MOV CL,BYTE PTR SS:[EBP-1B]
004404FD |. 884D F8 MOV BYTE PTR SS:[EBP-8],CL
00440500 |. E8 D6E0FDFF CALL WaGan.0041E5DB
00440505 |. 6A 02 PUSH 2 ; /Arg4 = 00000002
00440507 |. 6A 04 PUSH 4 ; |Arg3 = 00000004
00440509 |. 8A55 F8 MOV DL,BYTE PTR SS:[EBP-8] ; |
0044050C |. 52 PUSH EDX ; |Arg2
0044050D |. 8A45 F4 MOV AL,BYTE PTR SS:[EBP-C] ; |
00440510 |. 50 PUSH EAX ; |Arg1
00440511 |. B9 50424B00 MOV ECX,WaGan.004B4250 ; |
00440516 |. E8 FC360100 CALL WaGan.00453C17 ; \WaGan.00453C17
0044051B |. 6A 1F PUSH 1F ; /Arg3 = 0000001F
0044051D |. 6A 12 PUSH 12 ; |Arg2 = 00000012
0044051F |. 6A 00 PUSH 0 ; |Arg1 = 00000000
00440521 |. E8 CBCC0300 CALL WaGan.0047D1F1 ; \WaGan.0047D1F1
00440526 |. 83C4 0C ADD ESP,0C
00440529 |. 8B75 F4 MOV ESI,DWORD PTR SS:[EBP-C]
0044052C |. 81E6 FF000000 AND ESI,0FF
00440532 |. 6BF6 30 IMUL ESI,ESI,30
00440535 |. B9 50424B00 MOV ECX,WaGan.004B4250
0044053A |. E8 10150100 CALL WaGan.00451A4F
0044053F |. 03C6 ADD EAX,ESI
00440541 |. 99 CDQ
00440542 |. 83E2 07 AND EDX,7
00440545 |. 03C2 ADD EAX,EDX
00440547 |. C1F8 03 SAR EAX,3
0044054A |. 83C0 01 ADD EAX,1
0044054D |. 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX
00440550 |. 8B75 F8 MOV ESI,DWORD PTR SS:[EBP-8]
00440553 |. 81E6 FF000000 AND ESI,0FF
00440559 |. 6BF6 30 IMUL ESI,ESI,30
0044055C |. B9 50424B00 MOV ECX,WaGan.004B4250
00440561 |. E8 FA140100 CALL WaGan.00451A60
00440566 |. 03F0 ADD ESI,EAX
00440568 |. 8975 EC MOV DWORD PTR SS:[EBP-14],ESI
0044056B |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0044056E |. 83C1 04 ADD ECX,4
00440571 |. 894D EC MOV DWORD PTR SS:[EBP-14],ECX
00440574 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
00440577 |. 52 PUSH EDX ; /Arg2
00440578 |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; |
0044057B |. 50 PUSH EAX ; |Arg1
0044057C |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
00440581 |. E8 51E6FCFF CALL WaGan.0040EBD7 ; \WaGan.0040EBD7
00440586 |. 6A 01 PUSH 1 ; /Arg1 = 00000001
00440588 |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28] ; |
0044058B |. E8 1AFEFFFF CALL WaGan.004403AA ; \WaGan.004403AA
00440590 |. 6A 04 PUSH 4 ; /Arg1 = 00000004
00440592 |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
00440597 |. E8 9AE7FCFF CALL WaGan.0040ED36 ; \WaGan.0040ED36
0044059C |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0044059E |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
004405A3 |. E8 62E7FCFF CALL WaGan.0040ED0A ; \WaGan.0040ED0A
004405A8 |. 6A 12 PUSH 12 ; /Arg1 = 00000012
004405AA |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
004405AF |. E8 D0E6FCFF CALL WaGan.0040EC84 ; \WaGan.0040EC84
004405B4 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
004405B6 |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
004405BB |. E8 FCE6FCFF CALL WaGan.0040ECBC ; \WaGan.0040ECBC
004405C0 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
004405C3 |. 51 PUSH ECX ; /Arg2
004405C4 |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; |
004405C7 |. 83C2 09 ADD EDX,9 ; |
004405CA |. 52 PUSH EDX ; |Arg1
004405CB |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
004405D0 |. E8 02E6FCFF CALL WaGan.0040EBD7 ; \WaGan.0040EBD7
004405D5 |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
004405D8 |. E8 93D9FDFF CALL WaGan.0041DF70
004405DD |. 25 FF000000 AND EAX,0FF
004405E2 |. 8B0485 A8BE48>MOV EAX,DWORD PTR DS:[EAX*4+48BEA8]
004405E9 |. 50 PUSH EAX ; /Arg3
004405EA |. 68 54E04800 PUSH WaGan.0048E054 ; |Arg2 = 0048E054 ASCII "%s" 名字
004405EF |. 68 382F4900 PUSH WaGan.00492F38 ; |Arg1 = 00492F38
004405F4 |. E8 A7F4FCFF CALL WaGan.0040FAA0 ; \WaGan.0040FAA0 显示信息
004405F9 |. 83C4 0C ADD ESP,0C
004405FC |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
004405FF |. E8 CC5FFCFF CALL WaGan.004065D0
00440604 |. 25 FF000000 AND EAX,0FF
00440609 |. 50 PUSH EAX ; /Arg3
0044060A |. 68 58E04800 PUSH WaGan.0048E058 ; |Arg2 = 0048E058 ASCII " Lv%2u"
0044060F |. 68 382F4900 PUSH WaGan.00492F38 ; |Arg1 = 00492F38
00440614 |. E8 87F4FCFF CALL WaGan.0040FAA0 ; \WaGan.0040FAA0 显示信息
00440619 |. 83C4 0C ADD ESP,0C
0044061C |. C745 E8 00000>MOV DWORD PTR SS:[EBP-18],0
00440623 |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0044062A |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0044062D |. 81E1 FF000000 AND ECX,0FF
00440633 |. 85C9 TEST ECX,ECX
00440635 |. 75 32 JNZ SHORT WaGan.00440669
00440637 |. 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28]
0044063A |. 8B42 10 MOV EAX,DWORD PTR DS:[EDX+10]
0044063D |. 50 PUSH EAX ; /Arg5
0044063E |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
00440641 |. 51 PUSH ECX ; |Arg4
00440642 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
00440645 |. 83C2 14 ADD EDX,14 ; |
00440648 |. 8955 EC MOV DWORD PTR SS:[EBP-14],EDX ; |
0044064B |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
0044064E |. 50 PUSH EAX ; |Arg3
0044064F |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] ; |
00440652 |. 8D14CD 280000>LEA EDX,DWORD PTR DS:[ECX*8+28] ; |
00440659 |. 52 PUSH EDX ; |Arg2
0044065A |. 6A 00 PUSH 0 ; |Arg1 = 00000000
0044065C |. E8 3E0B0100 CALL WaGan.0045119F ; \WaGan.0045119F
00440661 |. 83C4 14 ADD ESP,14
00440664 |. E9 15030000 JMP WaGan.0044097E 4D5408 瓦岗改的
00440669 |> 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0044066C |. 25 FF000000 AND EAX,0FF
00440671 |. 8945 D4 MOV DWORD PTR SS:[EBP-2C],EAX
00440674 |. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
00440677 |. 83E9 01 SUB ECX,1
0044067A |. 894D D4 MOV DWORD PTR SS:[EBP-2C],ECX
0044067D |. 837D D4 03 CMP DWORD PTR SS:[EBP-2C],3
00440681 |. 0F87 F7020000 JA WaGan.0044097E
00440687 |. 8B55 D4 MOV EDX,DWORD PTR SS:[EBP-2C]
0044068A |. FF2495 790E44>JMP DWORD PTR DS:[EDX*4+440E79]
00440E79 . 91064400 DD WaGan.00440691 攻击
00440E7D . 15074400 DD WaGan.00440715 攻击策略
00440E81 . F0074400 DD WaGan.004407F0
00440E85 . A6084400 DD WaGan.004408A6
00440691 |> 6A 00 PUSH 0
00440693 |. 6A 00 PUSH 0
00440695 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
00440698 |. 50 PUSH EAX
00440699 |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C] 战场形象编号
0044069C |. 81E1 FF000000 AND ECX,0FF
004406A2 |. 6BC9 24 IMUL ECX,ECX,24
004406A5 |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50
004406AB |. E8 9BB5FFFF CALL WaGan.0043BC4B
获取武将ecx对武将08栈的物理攻击伤害,10栈为是否反击,0C栈为是否实际值,是则考虑是否命中和随机数
004406B0 |. 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
004406B3 |. 8A4D 10 MOV CL,BYTE PTR SS:[EBP+10]
004406B6 |. 51 PUSH ECX
004406B7 |. 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C]
004406BA |. 81E2 FF000000 AND EDX,0FF
004406C0 |. 6BD2 24 IMUL EDX,EDX,24
004406C3 |. 81C2 502C4B00 ADD EDX,WaGan.004B2C50
004406C9 |. 52 PUSH EDX
004406CA |. 6A 01 PUSH 1
004406CC |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
004406CF |. E8 39AEFFFF CALL WaGan.0043B50D 获取攻击命中率,考虑爆发力和有关命中率的道具效果,包括镜铠
004406D4 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004406D7 |. 6A 01 PUSH 1 ; /Arg7 = 00000001
004406D9 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ; |
004406DC |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10] ; |
004406DF |. 2B4D E8 SUB ECX,DWORD PTR SS:[EBP-18] ; |
004406E2 |. 51 PUSH ECX ; |Arg6 一个数减去攻击伤害的值,剩余值
004406E3 |. 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28] ; |
004406E6 |. 8B42 10 MOV EAX,DWORD PTR DS:[EDX+10] ; |
004406E9 |. 50 PUSH EAX ; |Arg5
004406EA |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
004406ED |. 51 PUSH ECX ; |Arg4
004406EE |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
004406F1 |. 83C2 14 ADD EDX,14 ; |
004406F4 |. 8955 EC MOV DWORD PTR SS:[EBP-14],EDX ; |
004406F7 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
004406FA |. 50 PUSH EAX ; |Arg3
004406FB |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] ; |
004406FE |. 8D14CD 280000>LEA EDX,DWORD PTR DS:[ECX*8+28] ; |
00440705 |. 52 PUSH EDX ; |Arg2
00440706 |. 6A 00 PUSH 0 ; |Arg1 = 00000000
00440708 |. E8 C8070100 CALL WaGan.00450ED5 ; \WaGan.00450ED5
0044070D |. 83C4 1C ADD ESP,1C
00440710 |. E9 69020000 JMP WaGan.0044097E
00440715 |> 8A45 10 MOV AL,BYTE PTR SS:[EBP+10]
00440718 |. 50 PUSH EAX ; /Arg1
00440719 |. E8 8E940000 CALL WaGan.00449BAC ; \WaGan.00449BAC
0044071E |. 83C4 04 ADD ESP,4
00440721 |. 85C0 TEST EAX,EAX
00440723 |. 74 75 JE SHORT WaGan.0044079A
00440725 |. 6A 01 PUSH 1
00440727 |. 8A4D 10 MOV CL,BYTE PTR SS:[EBP+10]
0044072A |. 51 PUSH ECX
0044072B |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
0044072E |. 52 PUSH EDX
0044072F |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
00440732 |. E8 79BBFDFF CALL WaGan.0041C2B0
00440737 |. 25 FF000000 AND EAX,0FF ; |
0044073C |. 6BC0 24 IMUL EAX,EAX,24 ; |
0044073F |. 05 502C4B00 ADD EAX,WaGan.004B2C50 ; |
00440744 |. 50 PUSH EAX ; |Arg1
00440745 |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C] ; |
00440748 |. 81E1 FF000000 AND ECX,0FF ; |
0044074E |. 6BC9 24 IMUL ECX,ECX,24 ; |
00440751 |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50 ; |
00440757 |. E8 4EB8FFFF CALL WaGan.0043BFAA ; \WaGan.0043BFAA
0044075C |. 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
0044075F |. 6A 02 PUSH 2 ; /Arg7 = 00000002
00440761 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ; |
00440764 |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10] ; |
00440767 |. 2B4D E8 SUB ECX,DWORD PTR SS:[EBP-18] ; |
0044076A |. 51 PUSH ECX ; |Arg6
0044076B |. 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28] ; |
0044076E |. 8B42 10 MOV EAX,DWORD PTR DS:[EDX+10] ; |
00440771 |. 50 PUSH EAX ; |Arg5
00440772 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
00440775 |. 51 PUSH ECX ; |Arg4
00440776 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
00440779 |. 83C2 14 ADD EDX,14 ; |
0044077C |. 8955 EC MOV DWORD PTR SS:[EBP-14],EDX ; |
0044077F |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
00440782 |. 50 PUSH EAX ; |Arg3
00440783 |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] ; |
00440786 |. 8D14CD 280000>LEA EDX,DWORD PTR DS:[ECX*8+28] ; |
0044078D |. 52 PUSH EDX ; |Arg2
0044078E |. 6A 00 PUSH 0 ; |Arg1 = 00000000
00440790 |. E8 40070100 CALL WaGan.00450ED5 ; \WaGan.00450ED5
00440795 |. 83C4 1C ADD ESP,1C
00440798 |. EB 2D JMP SHORT WaGan.004407C7
0044079A |> 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
0044079D |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10]
004407A0 |. 51 PUSH ECX ; /Arg5
004407A1 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] ; |
004407A4 |. 52 PUSH EDX ; |Arg4
004407A5 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
004407A8 |. 83C0 14 ADD EAX,14 ; |
004407AB |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX ; |
004407AE |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
004407B1 |. 51 PUSH ECX ; |Arg3
004407B2 |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; |
004407B5 |. 8D04D5 280000>LEA EAX,DWORD PTR DS:[EDX*8+28] ; |
004407BC |. 50 PUSH EAX ; |Arg2
004407BD |. 6A 00 PUSH 0 ; |Arg1 = 00000000
004407BF |. E8 DB090100 CALL WaGan.0045119F ; \WaGan.0045119F
004407C4 |. 83C4 14 ADD ESP,14
004407C7 |> 8A4D 10 MOV CL,BYTE PTR SS:[EBP+10]
004407CA |. 51 PUSH ECX ; /Arg3
004407CB |. 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C] ; |
004407CE |. 81E2 FF000000 AND EDX,0FF ; |
004407D4 |. 6BD2 24 IMUL EDX,EDX,24 ; |
004407D7 |. 81C2 502C4B00 ADD EDX,WaGan.004B2C50 ; |
004407DD |. 52 PUSH EDX ; |Arg2
004407DE |. 6A 01 PUSH 1 ; |Arg1 = 00000001
004407E0 |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28] ; |
004407E3 |. E8 57AFFFFF CALL WaGan.0043B73F ; \WaGan.0043B73F
004407E8 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004407EB |. E9 8E010000 JMP WaGan.0044097E
004407F0 |> 8A45 10 MOV AL,BYTE PTR SS:[EBP+10]
004407F3 |. 50 PUSH EAX ; /Arg1
004407F4 |. E8 5C940000 CALL WaGan.00449C55 ; \WaGan.00449C55
004407F9 |. 83C4 04 ADD ESP,4
004407FC |. 85C0 TEST EAX,EAX
004407FE |. 74 50 JE SHORT WaGan.00440850
00440800 |. 6A 01 PUSH 1 ; /Arg3 = 00000001
00440802 |. 8A4D 0C MOV CL,BYTE PTR SS:[EBP+C] ; |
00440805 |. 51 PUSH ECX ; |Arg2
00440806 |. 8A55 10 MOV DL,BYTE PTR SS:[EBP+10] ; |
00440809 |. 52 PUSH EDX ; |Arg1
0044080A |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28] ; |
0044080D |. E8 36BDFFFF CALL WaGan.0043C548 ; \WaGan.0043C548
00440812 |. 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
00440815 |. 6A 03 PUSH 3 ; /Arg7 = 00000003
00440817 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ; |
0044081A |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10] ; | 获取当前HPCur值
0044081D |. 034D E8 ADD ECX,DWORD PTR SS:[EBP-18] ; |
00440820 |. 51 PUSH ECX ; |Arg6
00440821 |. 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28] ; |
00440824 |. 8B42 10 MOV EAX,DWORD PTR DS:[EDX+10] ; |
00440827 |. 50 PUSH EAX ; |Arg5
00440828 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
0044082B |. 51 PUSH ECX ; |Arg4
0044082C |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
0044082F |. 83C2 14 ADD EDX,14 ; |
00440832 |. 8955 EC MOV DWORD PTR SS:[EBP-14],EDX ; |
00440835 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
00440838 |. 50 PUSH EAX ; |Arg3
00440839 |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] ; |
0044083C |. 8D14CD 280000>LEA EDX,DWORD PTR DS:[ECX*8+28] ; |
00440843 |. 52 PUSH EDX ; |Arg2
00440844 |. 6A 00 PUSH 0 ; |Arg1 = 00000000
00440846 |. E8 8A060100 CALL WaGan.00450ED5 ; \WaGan.00450ED5
0044084B |. 83C4 1C ADD ESP,1C
0044084E |. EB 2D JMP SHORT WaGan.0044087D
00440850 |> 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
00440853 |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10]
00440856 |. 51 PUSH ECX ; /Arg5
00440857 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] ; |
0044085A |. 52 PUSH EDX ; |Arg4
0044085B |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
0044085E |. 83C0 14 ADD EAX,14 ; |
00440861 |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX ; |
00440864 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
00440867 |. 51 PUSH ECX ; |Arg3
00440868 |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; |
0044086B |. 8D04D5 280000>LEA EAX,DWORD PTR DS:[EDX*8+28] ; |
00440872 |. 50 PUSH EAX ; |Arg2
00440873 |. 6A 00 PUSH 0 ; |Arg1 = 00000000
00440875 |. E8 25090100 CALL WaGan.0045119F ; \WaGan.0045119F
0044087A |. 83C4 14 ADD ESP,14
0044087D |> 8A4D 10 MOV CL,BYTE PTR SS:[EBP+10]
00440880 |. 51 PUSH ECX ; /Arg3
00440881 |. 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C] ; |
00440884 |. 81E2 FF000000 AND EDX,0FF ; |
0044088A |. 6BD2 24 IMUL EDX,EDX,24 ; |
0044088D |. 81C2 502C4B00 ADD EDX,WaGan.004B2C50 ; |
00440893 |. 52 PUSH EDX ; |Arg2
00440894 |. 6A 01 PUSH 1 ; |Arg1 = 00000001
00440896 |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28] ; |
00440899 |. E8 A1AEFFFF CALL WaGan.0043B73F ; \WaGan.0043B73F
0044089E |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004408A1 |. E9 D8000000 JMP WaGan.0044097E
004408A6 |> 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+10]
004408A9 |. 81E1 FF000000 AND ECX,0FF
004408AF |. 6BC9 19 IMUL ECX,ECX,19
004408B2 |. 81C1 40114A00 ADD ECX,WaGan.004A1140
004408B8 |. E8 838CFCFF CALL WaGan.00409540
004408BD |. 25 FF000000 AND EAX,0FF
004408C2 |. 83F8 3F CMP EAX,3F
004408C5 |. 75 4C JNZ SHORT WaGan.00440913
004408C7 |. 6A 01 PUSH 1 ; /Arg2 = 00000001
004408C9 |. 8A45 10 MOV AL,BYTE PTR SS:[EBP+10] ; |
004408CC |. 50 PUSH EAX ; |Arg1
004408CD |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28] ; |
004408D0 |. E8 59BBFFFF CALL WaGan.0043C42E ; \WaGan.0043C42E
004408D5 |. 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
004408D8 |. 6A 04 PUSH 4 ; /Arg7 = 00000004
004408DA |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28] ; |
004408DD |. 8B51 10 MOV EDX,DWORD PTR DS:[ECX+10] ; |
004408E0 |. 0355 E8 ADD EDX,DWORD PTR SS:[EBP-18] ; |
004408E3 |. 52 PUSH EDX ; |Arg6
004408E4 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ; |
004408E7 |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10] ; |
004408EA |. 51 PUSH ECX ; |Arg5
004408EB |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] ; |
004408EE |. 52 PUSH EDX ; |Arg4
004408EF |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
004408F2 |. 83C0 14 ADD EAX,14 ; |
004408F5 |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX ; |
004408F8 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
004408FB |. 51 PUSH ECX ; |Arg3
004408FC |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; |
004408FF |. 8D04D5 280000>LEA EAX,DWORD PTR DS:[EDX*8+28] ; |
00440906 |. 50 PUSH EAX ; |Arg2
00440907 |. 6A 00 PUSH 0 ; |Arg1 = 00000000
00440909 |. E8 C7050100 CALL WaGan.00450ED5 ; \WaGan.00450ED5
0044090E |. 83C4 1C ADD ESP,1C
00440911 |. EB 4C JMP SHORT WaGan.0044095F
00440913 |> 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+10]
00440916 |. 81E1 FF000000 AND ECX,0FF
0044091C |. 6BC9 19 IMUL ECX,ECX,19
0044091F |. 81C1 40114A00 ADD ECX,WaGan.004A1140
00440925 |. E8 46D4FDFF CALL WaGan.0041DD70
0044092A |. 25 FF000000 AND EAX,0FF
0044092F |. 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
00440932 |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
00440935 |. 8B51 10 MOV EDX,DWORD PTR DS:[ECX+10]
00440938 |. 52 PUSH EDX ; /Arg5
00440939 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; |
0044093C |. 50 PUSH EAX ; |Arg4
0044093D |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
00440940 |. 83C1 14 ADD ECX,14 ; |
00440943 |. 894D EC MOV DWORD PTR SS:[EBP-14],ECX ; |
00440946 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
00440949 |. 52 PUSH EDX ; |Arg3
0044094A |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; |
0044094D |. 8D0CC5 280000>LEA ECX,DWORD PTR DS:[EAX*8+28] ; |
00440954 |. 51 PUSH ECX ; |Arg2
00440955 |. 6A 00 PUSH 0 ; |Arg1 = 00000000
00440957 |. E8 43080100 CALL WaGan.0045119F ; \WaGan.0045119F
0044095C |. 83C4 14 ADD ESP,14
0044095F |> 6A 01 PUSH 1
00440961 |. 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28]
00440964 |. 8A42 04 MOV AL,BYTE PTR DS:[EDX+4]
00440967 |. 50 PUSH EAX
00440968 |. 8A4D 10 MOV CL,BYTE PTR SS:[EBP+10]
0044096B |. 51 PUSH ECX
0044096C |. E8 78BBFDFF CALL WaGan.0041C4E9
00440971 |. 83C4 0C ADD ESP,0C
00440974 |. F7D8 NEG EAX
00440976 |. 1BC0 SBB EAX,EAX
00440978 |. 83E0 64 AND EAX,64
0044097B |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0044097E |> 6A 04 PUSH 4 ; /Arg6 = 00000004
00440980 |. 6A 04 PUSH 4 ; |/Arg3 = 00000004
00440982 |. 6A 00 PUSH 0 ; ||Arg2 = 00000000
00440984 |. 68 80010000 PUSH 180 ; ||Arg1 = 00000180
00440989 |. B9 50EB4A00 MOV ECX,WaGan.004AEB50 ; ||
0044098E |. E8 ADF00300 CALL WaGan.0047FA40 ; |\WaGan.0047FA40
00440993 |. 50 PUSH EAX ; |Arg5
00440994 |. 6A 18 PUSH 18 ; |Arg4 = 00000018
00440996 |. 6A 18 PUSH 18 ; |Arg3 = 00000018
00440998 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
0044099B |. 52 PUSH EDX ; |Arg2
0044099C |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; |
0044099F |. 8D0CC5 080000>LEA ECX,DWORD PTR DS:[EAX*8+8] ; |
004409A6 |. 51 PUSH ECX ; |Arg1
004409A7 |. E8 670F0100 CALL WaGan.00451913 ; \WaGan.00451913
004409AC |. 83C4 18 ADD ESP,18
004409AF |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
004409B2 |. 81E2 FF000000 AND EDX,0FF
004409B8 |. 85D2 TEST EDX,EDX
004409BA |. 74 0D JE SHORT WaGan.004409C9
004409BC |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
004409BF |. 25 FF000000 AND EAX,0FF
004409C4 |. 83F8 01 CMP EAX,1
004409C7 |. 75 32 JNZ SHORT WaGan.004409FB
004409C9 |> 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
004409CC |. 8B51 14 MOV EDX,DWORD PTR DS:[ECX+14] 当前MPCur值
004409CF |. 52 PUSH EDX ; /Arg5
004409D0 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; |
004409D3 |. 50 PUSH EAX ; |Arg4
004409D4 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
004409D7 |. 83C1 18 ADD ECX,18 ; |
004409DA |. 894D EC MOV DWORD PTR SS:[EBP-14],ECX ; |
004409DD |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
004409E0 |. 52 PUSH EDX ; |Arg3
004409E1 |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; |
004409E4 |. 8D0CC5 280000>LEA ECX,DWORD PTR DS:[EAX*8+28] ; |
004409EB |. 51 PUSH ECX ; |Arg2
004409EC |. 6A 01 PUSH 1 ; |Arg1 = 00000001
004409EE |. E8 AC070100 CALL WaGan.0045119F ; \WaGan.0045119F
004409F3 |. 83C4 14 ADD ESP,14
004409F6 |. E9 08020000 JMP WaGan.00440C03
004409FB |> 8A55 08 MOV DL,BYTE PTR SS:[EBP+8]
004409FE |. 8855 D0 MOV BYTE PTR SS:[EBP-30],DL
00440A01 |. 807D D0 02 CMP BYTE PTR SS:[EBP-30],2
00440A05 |. 74 19 JE SHORT WaGan.00440A20
00440A07 |. 807D D0 03 CMP BYTE PTR SS:[EBP-30],3
00440A0B |. 0F84 C6000000 JE WaGan.00440AD7
00440A11 |. 807D D0 04 CMP BYTE PTR SS:[EBP-30],4
00440A15 |. 0F84 4E010000 JE WaGan.00440B69
00440A1B |. E9 E3010000 JMP WaGan.00440C03
00440A20 |> 8A45 10 MOV AL,BYTE PTR SS:[EBP+10]
00440A23 |. 50 PUSH EAX ; /Arg1
00440A24 |. E8 0D920000 CALL WaGan.00449C36 ; \WaGan.00449C36
00440A29 |. 83C4 04 ADD ESP,4
00440A2C |. 85C0 TEST EAX,EAX
00440A2E |. 74 75 JE SHORT WaGan.00440AA5
00440A30 |. 6A 01 PUSH 1
00440A32 |. 8A4D 10 MOV CL,BYTE PTR SS:[EBP+10]
00440A35 |. 51 PUSH ECX
00440A36 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
00440A39 |. 52 PUSH EDX
00440A3A |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
00440A3D |. E8 6EB8FDFF CALL WaGan.0041C2B0
00440A42 |. 25 FF000000 AND EAX,0FF ; |
00440A47 |. 6BC0 24 IMUL EAX,EAX,24 ; |
00440A4A |. 05 502C4B00 ADD EAX,WaGan.004B2C50 ; |
00440A4F |. 50 PUSH EAX ; |Arg1
00440A50 |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C] ; |
00440A53 |. 81E1 FF000000 AND ECX,0FF ; |
00440A59 |. 6BC9 24 IMUL ECX,ECX,24 ; |
00440A5C |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50 ; |
00440A62 |. E8 43B5FFFF CALL WaGan.0043BFAA ; \WaGan.0043BFAA
00440A67 |. 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
00440A6A |. 6A 02 PUSH 2 ; /Arg7 = 00000002
00440A6C |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ; |
00440A6F |. 8B48 14 MOV ECX,DWORD PTR DS:[EAX+14] ; |
00440A72 |. 2B4D E8 SUB ECX,DWORD PTR SS:[EBP-18] ; |
00440A75 |. 51 PUSH ECX ; |Arg6
00440A76 |. 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28] ; |
00440A79 |. 8B42 14 MOV EAX,DWORD PTR DS:[EDX+14] ; |
00440A7C |. 50 PUSH EAX ; |Arg5
00440A7D |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
00440A80 |. 51 PUSH ECX ; |Arg4
00440A81 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
00440A84 |. 83C2 18 ADD EDX,18 ; |
00440A87 |. 8955 EC MOV DWORD PTR SS:[EBP-14],EDX ; |
00440A8A |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
00440A8D |. 50 PUSH EAX ; |Arg3
00440A8E |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] ; |
00440A91 |. 8D14CD 280000>LEA EDX,DWORD PTR DS:[ECX*8+28] ; |
00440A98 |. 52 PUSH EDX ; |Arg2
00440A99 |. 6A 01 PUSH 1 ; |Arg1 = 00000001
00440A9B |. E8 35040100 CALL WaGan.00450ED5 ; \WaGan.00450ED5
00440AA0 |. 83C4 1C ADD ESP,1C
00440AA3 |. EB 2D JMP SHORT WaGan.00440AD2
00440AA5 |> 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
00440AA8 |. 8B48 14 MOV ECX,DWORD PTR DS:[EAX+14]
00440AAB |. 51 PUSH ECX ; /Arg5
00440AAC |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] ; |
00440AAF |. 52 PUSH EDX ; |Arg4
00440AB0 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
00440AB3 |. 83C0 18 ADD EAX,18 ; |
00440AB6 |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX ; |
00440AB9 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
00440ABC |. 51 PUSH ECX ; |Arg3
00440ABD |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; |
00440AC0 |. 8D04D5 280000>LEA EAX,DWORD PTR DS:[EDX*8+28] ; |
00440AC7 |. 50 PUSH EAX ; |Arg2
00440AC8 |. 6A 01 PUSH 1 ; |Arg1 = 00000001
00440ACA |. E8 D0060100 CALL WaGan.0045119F ; \WaGan.0045119F
00440ACF |. 83C4 14 ADD ESP,14
00440AD2 |> E9 2C010000 JMP WaGan.00440C03
00440AD7 |> 8A4D 10 MOV CL,BYTE PTR SS:[EBP+10]
00440ADA |. 51 PUSH ECX ; /Arg1
00440ADB |. E8 9A910000 CALL WaGan.00449C7A ; \WaGan.00449C7A
00440AE0 |. 83C4 04 ADD ESP,4
00440AE3 |. 85C0 TEST EAX,EAX
00440AE5 |. 74 50 JE SHORT WaGan.00440B37
00440AE7 |. 6A 01 PUSH 1 ; /Arg3 = 00000001
00440AE9 |. 8A55 0C MOV DL,BYTE PTR SS:[EBP+C] ; |
00440AEC |. 52 PUSH EDX ; |Arg2
00440AED |. 8A45 10 MOV AL,BYTE PTR SS:[EBP+10] ; |
00440AF0 |. 50 PUSH EAX ; |Arg1
00440AF1 |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28] ; |
00440AF4 |. E8 4FBAFFFF CALL WaGan.0043C548 ; \WaGan.0043C548
00440AF9 |. 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
00440AFC |. 6A 03 PUSH 3 ; /Arg7 = 00000003
00440AFE |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28] ; |
00440B01 |. 8B51 14 MOV EDX,DWORD PTR DS:[ECX+14] ; |
00440B04 |. 0355 E8 ADD EDX,DWORD PTR SS:[EBP-18] ; |
00440B07 |. 52 PUSH EDX ; |Arg6
00440B08 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ; |
00440B0B |. 8B48 14 MOV ECX,DWORD PTR DS:[EAX+14] ; |
00440B0E |. 51 PUSH ECX ; |Arg5
00440B0F |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] ; |
00440B12 |. 52 PUSH EDX ; |Arg4
00440B13 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
00440B16 |. 83C0 18 ADD EAX,18 ; |
00440B19 |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX ; |
00440B1C |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
00440B1F |. 51 PUSH ECX ; |Arg3
00440B20 |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; |
00440B23 |. 8D04D5 280000>LEA EAX,DWORD PTR DS:[EDX*8+28] ; |
00440B2A |. 50 PUSH EAX ; |Arg2
00440B2B |. 6A 01 PUSH 1 ; |Arg1 = 00000001
00440B2D |. E8 A3030100 CALL WaGan.00450ED5 ; \WaGan.00450ED5
00440B32 |. 83C4 1C ADD ESP,1C
00440B35 |. EB 2D JMP SHORT WaGan.00440B64
00440B37 |> 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
00440B3A |. 8B51 14 MOV EDX,DWORD PTR DS:[ECX+14]
00440B3D |. 52 PUSH EDX ; /Arg5
00440B3E |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; |
00440B41 |. 50 PUSH EAX ; |Arg4
00440B42 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
00440B45 |. 83C1 18 ADD ECX,18 ; |
00440B48 |. 894D EC MOV DWORD PTR SS:[EBP-14],ECX ; |
00440B4B |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
00440B4E |. 52 PUSH EDX ; |Arg3
00440B4F |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; |
00440B52 |. 8D0CC5 280000>LEA ECX,DWORD PTR DS:[EAX*8+28] ; |
00440B59 |. 51 PUSH ECX ; |Arg2
00440B5A |. 6A 01 PUSH 1 ; |Arg1 = 00000001
00440B5C |. E8 3E060100 CALL WaGan.0045119F ; \WaGan.0045119F
00440B61 |. 83C4 14 ADD ESP,14
00440B64 |> E9 9A000000 JMP WaGan.00440C03
00440B69 |> 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+10]
00440B6C |. 81E1 FF000000 AND ECX,0FF
00440B72 |. 6BC9 19 IMUL ECX,ECX,19
00440B75 |. 81C1 40114A00 ADD ECX,WaGan.004A1140
00440B7B |. E8 C089FCFF CALL WaGan.00409540
00440B80 |. 25 FF000000 AND EAX,0FF
00440B85 |. 83F8 40 CMP EAX,40
00440B88 |. 75 4C JNZ SHORT WaGan.00440BD6
00440B8A |. 6A 01 PUSH 1 ; /Arg2 = 00000001
00440B8C |. 8A55 10 MOV DL,BYTE PTR SS:[EBP+10] ; |
00440B8F |. 52 PUSH EDX ; |Arg1
00440B90 |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28] ; |
00440B93 |. E8 96B8FFFF CALL WaGan.0043C42E ; \WaGan.0043C42E
00440B98 |. 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
00440B9B |. 6A 04 PUSH 4 ; /Arg7 = 00000004
00440B9D |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ; |
00440BA0 |. 8B48 14 MOV ECX,DWORD PTR DS:[EAX+14] ; |
00440BA3 |. 034D E8 ADD ECX,DWORD PTR SS:[EBP-18] ; |
00440BA6 |. 51 PUSH ECX ; |Arg6
00440BA7 |. 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28] ; |
00440BAA |. 8B42 14 MOV EAX,DWORD PTR DS:[EDX+14] ; |
00440BAD |. 50 PUSH EAX ; |Arg5
00440BAE |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
00440BB1 |. 51 PUSH ECX ; |Arg4
00440BB2 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14] ; |
00440BB5 |. 83C2 18 ADD EDX,18 ; |
00440BB8 |. 8955 EC MOV DWORD PTR SS:[EBP-14],EDX ; |
00440BBB |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
00440BBE |. 50 PUSH EAX ; |Arg3
00440BBF |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] ; |
00440BC2 |. 8D14CD 280000>LEA EDX,DWORD PTR DS:[ECX*8+28] ; |
00440BC9 |. 52 PUSH EDX ; |Arg2
00440BCA |. 6A 01 PUSH 1 ; |Arg1 = 00000001
00440BCC |. E8 04030100 CALL WaGan.00450ED5 ; \WaGan.00450ED5
00440BD1 |. 83C4 1C ADD ESP,1C
00440BD4 |. EB 2D JMP SHORT WaGan.00440C03
00440BD6 |> 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
00440BD9 |. 8B48 14 MOV ECX,DWORD PTR DS:[EAX+14]
00440BDC |. 51 PUSH ECX ; /Arg5
00440BDD |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] ; |
00440BE0 |. 52 PUSH EDX ; |Arg4
00440BE1 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
00440BE4 |. 83C0 18 ADD EAX,18 ; |
00440BE7 |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX ; |
00440BEA |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
00440BED |. 51 PUSH ECX ; |Arg3
00440BEE |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; |
00440BF1 |. 8D04D5 280000>LEA EAX,DWORD PTR DS:[EDX*8+28] ; |
00440BF8 |. 50 PUSH EAX ; |Arg2
00440BF9 |. 6A 01 PUSH 1 ; |Arg1 = 00000001
00440BFB |. E8 9F050100 CALL WaGan.0045119F ; \WaGan.0045119F
00440C00 |. 83C4 14 ADD ESP,14
00440C03 |> 6A 04 PUSH 4 ; /Arg6 = 00000004
00440C05 |. 6A 04 PUSH 4 ; |/Arg3 = 00000004
00440C07 |. 6A 00 PUSH 0 ; ||Arg2 = 00000000
00440C09 |. 68 C0030000 PUSH 3C0 ; ||Arg1 = 000003C0
00440C0E |. B9 50EB4A00 MOV ECX,WaGan.004AEB50 ; ||
00440C13 |. E8 28EE0300 CALL WaGan.0047FA40 ; |\WaGan.0047FA40
00440C18 |. 50 PUSH EAX ; |Arg5
00440C19 |. 6A 18 PUSH 18 ; |Arg4 = 00000018
00440C1B |. 6A 18 PUSH 18 ; |Arg3 = 00000018
00440C1D |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
00440C20 |. 51 PUSH ECX ; |Arg2
00440C21 |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; |
00440C24 |. 8D04D5 080000>LEA EAX,DWORD PTR DS:[EDX*8+8] ; |
00440C2B |. 50 PUSH EAX ; |Arg1
00440C2C |. E8 E20C0100 CALL WaGan.00451913 ; \WaGan.00451913
00440C31 |. 83C4 18 ADD ESP,18
00440C34 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
00440C36 |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
00440C3B |. E8 CAE0FCFF CALL WaGan.0040ED0A ; \WaGan.0040ED0A
00440C40 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
00440C43 |. 83C1 1B ADD ECX,1B
00440C46 |. 894D EC MOV DWORD PTR SS:[EBP-14],ECX
00440C49 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
00440C4C |. 52 PUSH EDX ; /Arg2
00440C4D |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20] ; |
00440C50 |. 50 PUSH EAX ; |Arg1
00440C51 |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
00440C56 |. E8 7CDFFCFF CALL WaGan.0040EBD7 ; \WaGan.0040EBD7
00440C5B |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00440C5E |. 81E1 FF000000 AND ECX,0FF
00440C64 |. 85C9 TEST ECX,ECX
00440C66 |. 0F85 C9010000 JNZ WaGan.00440E35
00440C6C |. 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28]
00440C6F |. 83C2 06 ADD EDX,6
00440C72 |. 52 PUSH EDX ; /Arg1
00440C73 |. E8 194DFFFF CALL WaGan.00435991 ; \WaGan.00435991 获取坐标位置的地形
00440C78 |. 83C4 04 ADD ESP,4
00440C7B |. 8845 DC MOV BYTE PTR SS:[EBP-24],AL
00440C7E |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
00440C81 |. 50 PUSH EAX ; /Arg2
00440C82 |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] ; |
00440C85 |. 83C1 01 ADD ECX,1 ; |
00440C88 |. 894D E0 MOV DWORD PTR SS:[EBP-20],ECX ; |
00440C8B |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; |
00440C8E |. 52 PUSH EDX ; |Arg1
00440C8F |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
00440C94 |. E8 3EDFFCFF CALL WaGan.0040EBD7 ; \WaGan.0040EBD7
00440C99 |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
00440C9C |. E8 B3F2FFFF CALL WaGan.0043FF54
00440CA1 |. 85C0 TEST EAX,EAX
00440CA3 |. 0F84 AD000000 JE WaGan.00440D56
00440CA9 |. 6A 12 PUSH 12 ; /Arg1 = 00000012
00440CAB |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
00440CB0 |. E8 CFDFFCFF CALL WaGan.0040EC84 ; \WaGan.0040EC84
00440CB5 |. 68 60E04800 PUSH WaGan.0048E060 ; /Arg2 = 0048E060 ASCII "Exp"
00440CBA |. 68 382F4900 PUSH WaGan.00492F38 ; |Arg1 = 00492F38
00440CBF |. E8 DCEDFCFF CALL WaGan.0040FAA0 ; \WaGan.0040FAA0
00440CC4 |. 83C4 08 ADD ESP,8
00440CC7 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
00440CCA |. 50 PUSH EAX ; /Arg2
00440CCB |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] ; |
00440CCE |. 83C1 05 ADD ECX,5 ; |
00440CD1 |. 894D E0 MOV DWORD PTR SS:[EBP-20],ECX ; |
00440CD4 |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; |
00440CD7 |. 52 PUSH EDX ; |Arg1
00440CD8 |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
00440CDD |. E8 F5DEFCFF CALL WaGan.0040EBD7 ; \WaGan.0040EBD7
00440CE2 |. 6A 12 PUSH 12 ; /Arg1 = 00000012
00440CE4 |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
00440CE9 |. E8 96DFFCFF CALL WaGan.0040EC84 ; \WaGan.0040EC84
00440CEE |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
00440CF1 |. E8 5A59FCFF CALL WaGan.00406650
00440CF6 |. 25 FF000000 AND EAX,0FF
00440CFB |. 3D FF000000 CMP EAX,0FF
00440D00 |. 75 14 JNZ SHORT WaGan.00440D16
00440D02 |. 68 64E04800 PUSH WaGan.0048E064 ; /Arg2 = 0048E064 ASCII "MAX"
00440D07 |. 68 382F4900 PUSH WaGan.00492F38 ; |Arg1 = 00492F38
00440D0C |. E8 8FEDFCFF CALL WaGan.0040FAA0 ; \WaGan.0040FAA0
00440D11 |. 83C4 08 ADD ESP,8
00440D14 |. EB 20 JMP SHORT WaGan.00440D36
00440D16 |> 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
00440D19 |. E8 3259FCFF CALL WaGan.00406650
00440D1E |. 25 FF000000 AND EAX,0FF
00440D23 |. 50 PUSH EAX ; /Arg3
00440D24 |. 68 68E04800 PUSH WaGan.0048E068 ; |Arg2 = 0048E068 ASCII "%3u"
00440D29 |. 68 382F4900 PUSH WaGan.00492F38 ; |Arg1 = 00492F38
00440D2E |. E8 6DEDFCFF CALL WaGan.0040FAA0 ; \WaGan.0040FAA0
00440D33 |. 83C4 0C ADD ESP,0C
00440D36 |> 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
00440D39 |. 50 PUSH EAX ; /Arg2
00440D3A |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] ; |
00440D3D |. 83C1 05 ADD ECX,5 ; |
00440D40 |. 894D E0 MOV DWORD PTR SS:[EBP-20],ECX ; |
00440D43 |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; |
00440D46 |. 52 PUSH EDX ; |Arg1
00440D47 |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
00440D4C |. E8 86DEFCFF CALL WaGan.0040EBD7 ; \WaGan.0040EBD7
00440D51 |. E9 80000000 JMP WaGan.00440DD6
00440D56 |> 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
00440D59 |. E8 B259FCFF CALL WaGan.00406710
00440D5E |. 85C0 TEST EAX,EAX
00440D60 |. 74 3B JE SHORT WaGan.00440D9D
00440D62 |. 6A 24 PUSH 24 ; /Arg1 = 00000024
00440D64 |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
00440D69 |. E8 16DFFCFF CALL WaGan.0040EC84 ; \WaGan.0040EC84
00440D6E |. 68 6CE04800 PUSH WaGan.0048E06C ; /Arg2 = 0048E06C
00440D73 |. 68 382F4900 PUSH WaGan.00492F38 ; |Arg1 = 00492F38
00440D78 |. E8 23EDFCFF CALL WaGan.0040FAA0 ; \WaGan.0040FAA0
00440D7D |. 83C4 08 ADD ESP,8
00440D80 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
00440D83 |. 50 PUSH EAX ; /Arg2
00440D84 |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] ; |
00440D87 |. 83C1 0A ADD ECX,0A ; |
00440D8A |. 894D E0 MOV DWORD PTR SS:[EBP-20],ECX ; |
00440D8D |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; |
00440D90 |. 52 PUSH EDX ; |Arg1
00440D91 |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
00440D96 |. E8 3CDEFCFF CALL WaGan.0040EBD7 ; \WaGan.0040EBD7
00440D9B |. EB 39 JMP SHORT WaGan.00440DD6
00440D9D |> 6A 35 PUSH 35 ; /Arg1 = 00000035
00440D9F |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
00440DA4 |. E8 DBDEFCFF CALL WaGan.0040EC84 ; \WaGan.0040EC84
00440DA9 |. 68 74E04800 PUSH WaGan.0048E074 ; /Arg2 = 0048E074
00440DAE |. 68 382F4900 PUSH WaGan.00492F38 ; |Arg1 = 00492F38
00440DB3 |. E8 E8ECFCFF CALL WaGan.0040FAA0 ; \WaGan.0040FAA0
00440DB8 |. 83C4 08 ADD ESP,8
00440DBB |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
00440DBE |. 50 PUSH EAX ; /Arg2
00440DBF |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] ; |
00440DC2 |. 83C1 0A ADD ECX,0A ; |
00440DC5 |. 894D E0 MOV DWORD PTR SS:[EBP-20],ECX ; |
00440DC8 |. 8B55 E0 MOV EDX,DWORD PTR SS:[EBP-20] ; |
00440DCB |. 52 PUSH EDX ; |Arg1
00440DCC |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
00440DD1 |. E8 01DEFCFF CALL WaGan.0040EBD7 ; \WaGan.0040EBD7
00440DD6 |> 6A 53 PUSH 53 ; /Arg1 = 00000053
00440DD8 |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
00440DDD |. E8 A2DEFCFF CALL WaGan.0040EC84 ; \WaGan.0040EC84
00440DE2 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
00440DE5 |. 25 FF000000 AND EAX,0FF
00440DEA |. 8B0C85 B0BD48>MOV ECX,DWORD PTR DS:[EAX*4+48BDB0]
00440DF1 |. 51 PUSH ECX ; /Arg3
00440DF2 |. 68 7CE04800 PUSH WaGan.0048E07C ; |Arg2 = 0048E07C ASCII "%s"
00440DF7 |. 68 382F4900 PUSH WaGan.00492F38 ; |Arg1 = 00492F38
00440DFC |. E8 9FECFCFF CALL WaGan.0040FAA0 ; \WaGan.0040FAA0
00440E01 |. 83C4 0C ADD ESP,0C
00440E04 |. 6A 12 PUSH 12 ; /Arg1 = 00000012
00440E06 |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
00440E0B |. E8 74DEFCFF CALL WaGan.0040EC84 ; \WaGan.0040EC84
00440E10 |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28]
00440E13 |. E8 35EAFFFF CALL WaGan.0043F84D
00440E18 |. 25 FF000000 AND EAX,0FF
00440E1D |. 6BC0 0A IMUL EAX,EAX,0A
00440E20 |. 50 PUSH EAX ; /Arg3
00440E21 |. 68 80E04800 PUSH WaGan.0048E080 ; |Arg2 = 0048E080 ASCII "%4u%%"
00440E26 |. 68 382F4900 PUSH WaGan.00492F38 ; |Arg1 = 00492F38
00440E2B |. E8 70ECFCFF CALL WaGan.0040FAA0 ; \WaGan.0040FAA0
00440E30 |. 83C4 0C ADD ESP,0C
00440E33 |. EB 20 JMP SHORT WaGan.00440E55
00440E35 |> 8A55 10 MOV DL,BYTE PTR SS:[EBP+10]
00440E38 |. 52 PUSH EDX ; /Arg6
00440E39 |. 8A45 08 MOV AL,BYTE PTR SS:[EBP+8] ; |
00440E3C |. 50 PUSH EAX ; |Arg5
00440E3D |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
00440E40 |. 51 PUSH ECX ; |Arg4
00440E41 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18] ; |
00440E44 |. 52 PUSH EDX ; |Arg3
00440E45 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
00440E48 |. 50 PUSH EAX ; |Arg2
00440E49 |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] ; |
00440E4C |. 51 PUSH ECX ; |Arg1
00440E4D |. E8 37000000 CALL WaGan.00440E89 ; \WaGan.00440E89
00440E52 |. 83C4 18 ADD ESP,18
00440E55 |> 6A 00 PUSH 0 ; /Arg1 = 00000000
00440E57 |. B9 382F4900 MOV ECX,WaGan.00492F38 ; |
00440E5C |. E8 A9DEFCFF CALL WaGan.0040ED0A ; \WaGan.0040ED0A
00440E61 |. 6A 01 PUSH 1 ; /Arg1 = 00000001
00440E63 |. B9 50424B00 MOV ECX,WaGan.004B4250 ; |
00440E68 |. E8 14300100 CALL WaGan.00453E81 ; \WaGan.00453E81
00440E6D |. E8 84D7FDFF CALL WaGan.0041E5F6 ; 画图
00440E72 |. 5E POP ESI
00440E73 |. 8BE5 MOV ESP,EBP
00440E75 |. 5D POP EBP
00440E76 \. C2 0C00 RETN 0C
作者:
岱瀛 时间: 2007-12-30 21:23 标题: 升级
004073B8 /$ 55 PUSH EBP
004073B9 |. 8BEC MOV EBP,ESP
004073BB |. 83EC 18 SUB ESP,18
004073BE |. 894D E8 MOV DWORD PTR SS:[EBP-18],ECX
004073C1 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004073C4 |. E8 37210000 CALL WaGan.00409500
004073C9 |. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
004073CC |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
004073CF |. 25 FF000000 AND EAX,0FF
004073D4 |. B9 FF000000 MOV ECX,0FF
004073D9 |. 2BC8 SUB ECX,EAX
004073DB |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
004073DE |. 33C0 XOR EAX,EAX
004073E0 |. 8A42 2C MOV AL,BYTE PTR DS:[EDX+2C]
004073E3 |. 3BC8 CMP ECX,EAX
004073E5 |. 73 12 JNB SHORT WaGan.004073F9
004073E7 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004073EA |. 33D2 XOR EDX,EDX
004073EC |. 8A51 2C MOV DL,BYTE PTR DS:[ECX+2C]
004073EF |. B8 FF000000 MOV EAX,0FF
004073F4 |. 2BC2 SUB EAX,EDX
004073F6 |. 8845 08 MOV BYTE PTR SS:[EBP+8],AL
004073F9 |> C645 F0 00 MOV BYTE PTR SS:[EBP-10],0
004073FD |. EB 09 JMP SHORT WaGan.00407408
004073FF |> 8A4D F0 /MOV CL,BYTE PTR SS:[EBP-10]
00407402 |. 80C1 01 |ADD CL,1
00407405 |. 884D F0 |MOV BYTE PTR SS:[EBP-10],CL
00407408 |> 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
0040740B |. 81E2 FF000000 |AND EDX,0FF
00407411 |. 83FA 07 |CMP EDX,7
00407414 |. 0F8D 94000000 |JGE WaGan.004074AE
0040741A |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
0040741D |. 25 FF000000 |AND EAX,0FF
00407422 |. 50 |PUSH EAX ; /Arg1
00407423 |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18] ; |
00407426 |. 33D2 |XOR EDX,EDX ; |
00407428 |. 8A51 2B |MOV DL,BYTE PTR DS:[ECX+2B] ; |
0040742B |. 8BCA |MOV ECX,EDX ; |
0040742D |. 6BC9 1B |IMUL ECX,ECX,1B ; |
00407430 |. 81C1 A0BF4A00 |ADD ECX,WaGan.004ABFA0 ; |
00407436 |. E8 65210000 |CALL WaGan.004095A0 ; \WaGan.004095A0
0040743B |. 25 FF000000 |AND EAX,0FF
00407440 |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
00407443 |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
00407446 |. 25 FF000000 |AND EAX,0FF
0040744B |. 83F8 04 |CMP EAX,4
0040744E |. 7F 21 |JG SHORT WaGan.00407471
00407450 |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
00407453 |. 81E1 FF000000 |AND ECX,0FF
00407459 |. 51 |PUSH ECX
0040745A |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18]
0040745D |. E8 9AFEFFFF |CALL WaGan.004072FC 从人物属性出来结果
00407462 |. 25 FF000000 |AND EAX,0FF
00407467 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
0040746A |. 03D0 |ADD EDX,EAX
0040746C |. D1EA |SHR EDX,1
0040746E |. 8955 FC |MOV DWORD PTR SS:[EBP-4],EDX
00407471 |> 837D FC 00 |CMP DWORD PTR SS:[EBP-4],0
00407475 |. 74 32 |JE SHORT WaGan.004074A9
00407477 |. C745 EC 00000>|MOV DWORD PTR SS:[EBP-14],0
0040747E |. EB 09 |JMP SHORT WaGan.00407489
00407480 |> 8B45 EC |/MOV EAX,DWORD PTR SS:[EBP-14]
00407483 |. 83C0 01 ||ADD EAX,1
00407486 |. 8945 EC ||MOV DWORD PTR SS:[EBP-14],EAX
00407489 |> 8B4D 08 | MOV ECX,DWORD PTR SS:[EBP+8]
0040748C |. 81E1 FF000000 ||AND ECX,0FF
00407492 |. 394D EC ||CMP DWORD PTR SS:[EBP-14],ECX
00407495 |. 7D 12 ||JGE SHORT WaGan.004074A9
00407497 |. 8B55 FC ||MOV EDX,DWORD PTR SS:[EBP-4]
0040749A |. 52 ||PUSH EDX ; /Arg2
0040749B |. 8A45 F0 ||MOV AL,BYTE PTR SS:[EBP-10] ; |
0040749E |. 50 ||PUSH EAX ; |Arg1
0040749F |. 8B4D E8 ||MOV ECX,DWORD PTR SS:[EBP-18] ; |
004074A2 |. E8 70F9FFFF ||CALL WaGan.00406E17 ; \WaGan.00406E17
004074A7 |.^ EB D7 |\JMP SHORT WaGan.00407480
004074A9 |>^ E9 51FFFFFF \JMP WaGan.004073FF
004074AE |> 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004074B1 |. 8A51 2C MOV DL,BYTE PTR DS:[ECX+2C]
004074B4 |. 0255 08 ADD DL,BYTE PTR SS:[EBP+8]
004074B7 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004074BA |. 8850 2C MOV BYTE PTR DS:[EAX+2C],DL
004074BD |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004074C0 |. 33D2 XOR EDX,EDX
004074C2 |. 8A51 2C MOV DL,BYTE PTR DS:[ECX+2C]
004074C5 |. 83FA FF CMP EDX,-1
004074C8 |. 72 07 JB SHORT WaGan.004074D1
004074CA |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004074CD |. C640 2D FF MOV BYTE PTR DS:[EAX+2D],0FF
004074D1 |> 837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
004074D5 |. 0F84 C0000000 JE WaGan.0040759B
004074DB |. E8 42440000 CALL WaGan.0040B922
004074E0 |. 85C0 TEST EAX,EAX
004074E2 |. 74 14 JE SHORT WaGan.004074F8
004074E4 |. 6A 00 PUSH 0 ; /Arg4 = 00000000
004074E6 |. 6A 00 PUSH 0 ; |Arg3 = 00000000
004074E8 |. 6A 0B PUSH 0B ; |Arg2 = 0000000B
004074EA |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
004074ED |. 51 PUSH ECX ; |Arg1
004074EE |. B9 F05D4B00 MOV ECX,WaGan.004B5DF0 ; |
004074F3 |. E8 97020500 CALL WaGan.0045778F ; \WaGan.0045778F
004074F8 |> 6A 01 PUSH 1 ; /Arg2 = 00000001
004074FA |. 6A 0B PUSH 0B ; |Arg1 = 0000000B
004074FC |. B9 B0694B00 MOV ECX,WaGan.004B69B0 ; |
00407501 |. E8 74D10600 CALL WaGan.0047467A ; \WaGan.0047467A
00407506 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
00407509 |. 33C0 XOR EAX,EAX
0040750B |. 8A42 2C MOV AL,BYTE PTR DS:[EDX+2C]
0040750E |. 50 PUSH EAX ; /Arg4
0040750F |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
00407512 |. 83C1 08 ADD ECX,8 ; |
00407515 |. 51 PUSH ECX ; |Arg3
00407516 |. 68 50B14800 PUSH WaGan.0048B150 ; |Arg2 = 0048B150
0040751B |. 6A 02 PUSH 2 ; |Arg1 = 00000002
0040751D |. E8 77810200 CALL WaGan.0042F699 ; \WaGan.0042F699
00407522 |. 83C4 10 ADD ESP,10
00407525 |. C645 F8 00 MOV BYTE PTR SS:[EBP-8],0
00407529 |. EB 09 JMP SHORT WaGan.00407534
0040752B |> 8A55 F8 /MOV DL,BYTE PTR SS:[EBP-8]
0040752E |. 80C2 01 |ADD DL,1
00407531 |. 8855 F8 |MOV BYTE PTR SS:[EBP-8],DL
00407534 |> 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
00407537 |. 25 FF000000 |AND EAX,0FF
0040753C |. 83F8 44 |CMP EAX,44
0040753F |. 7D 5A |JGE SHORT WaGan.0040759B
00407541 |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18]
00407544 |. 33D2 |XOR EDX,EDX
00407546 |. 8A51 2B |MOV DL,BYTE PTR DS:[ECX+2B]
00407549 |. 52 |PUSH EDX ; /Arg1
0040754A |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8] ; |
0040754D |. 81E1 FF000000 |AND ECX,0FF ; |
00407553 |. 6BC9 46 |IMUL ECX,ECX,46 ; |
00407556 |. 81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0 ; |
0040755C |. E8 1F200000 |CALL WaGan.00409580 ; \WaGan.00409580
00407561 |. 25 FF000000 |AND EAX,0FF
00407566 |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18]
00407569 |. 33D2 |XOR EDX,EDX
0040756B |. 8A51 2C |MOV DL,BYTE PTR DS:[ECX+2C]
0040756E |. 3BC2 |CMP EAX,EDX
00407570 |. 75 27 |JNZ SHORT WaGan.00407599
00407572 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
00407575 |. 81E1 FF000000 |AND ECX,0FF
0040757B |. 6BC9 46 |IMUL ECX,ECX,46
0040757E |. 81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0
00407584 |. E8 87810500 |CALL WaGan.0045F710
00407589 |. 50 |PUSH EAX ; /Arg3
0040758A |. 68 60B14800 |PUSH WaGan.0048B160 ; |Arg2 = 0048B160
0040758F |. 6A 02 |PUSH 2 ; |Arg1 = 00000002
00407591 |. E8 03810200 |CALL WaGan.0042F699 ; \WaGan.0042F699
00407596 |. 83C4 0C |ADD ESP,0C
00407599 |>^ EB 90 \JMP SHORT WaGan.0040752B
0040759B |> 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
0040759E |. 8A40 2C MOV AL,BYTE PTR DS:[EAX+2C]
004075A1 |. 8BE5 MOV ESP,EBP
004075A3 |. 5D POP EBP
004075A4 \. C2 0800 RETN 8
修改为:
00407430 |. 81C1 A0BF4A00 |ADD ECX,WaGan.004ABFA0 ; |
00407436 |. E8 65210000 |CALL WaGan.004095A0 ; \WaGan.004095A0 从内存中取出结果
0040743B |. E8 CC160400 |CALL WaGan.00448B0C 随机计算函数
00407440 |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
00407443 |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
00407446 |. 25 FF000000 |AND EAX,0FF
0040744B |. 83F8 04 |CMP EAX,4
0040744E |. 7F 21 |JG SHORT WaGan.00407471
00407450 |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
00407453 |. 81E1 FF000000 |AND ECX,0FF
00407459 |. 51 |PUSH ECX ; /Arg1
0040745A |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18] ; |
0040745D |. E8 9AFEFFFF |CALL WaGan.004072FC ; \WaGan.004072FC
人物成长:
00448B0C /$ 55 PUSH EBP
00448B0D |. 8BEC MOV EBP,ESP
call 43FF54 查看属于哪一方
cmp eax,dksafjasdf
je 12321312
00448B0F |. 25 FF000000 AND EAX,0FF
00448B14 |. 33C9 XOR ECX,ECX
00448B16 |. 8BC8 MOV ECX,EAX
00448B18 |. 6A 32 PUSH 32
00448B1A |. E8 13700300 CALL WaGan.0047FB32
00448B1F |. 85C0 TEST EAX,EAX
00448B21 |. 74 03 JE SHORT WaGan.00448B26
00448B23 |. 83C1 01 ADD ECX,1
00448B26 |> 6A 32 PUSH 32
00448B28 |. E8 05700300 CALL WaGan.0047FB32
00448B2D |. 85C0 TEST EAX,EAX
00448B2F |. 74 03 JE SHORT WaGan.00448B34
00448B31 |. 83E9 01 SUB ECX,1
00448B34 |> 8BC1 MOV EAX,ECX
00448B36 |. 8BE5 MOV ESP,EBP
00448B38 |. 5D POP EBP
00448B39 \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:26 标题: 判断文官武将的代码
0043FFED /$ 55 PUSH EBP
0043FFEE |. 8BEC MOV EBP,ESP
0043FFF0 |. 83EC 10 SUB ESP,10
0043FFF3 |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
0043FFF6 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0043FFF9 |. E8 72B4FFFF CALL Ekd5.0043B470 获取武将ecx的职业
0043FFFE |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
00440001 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
00440004 |. 25 FF000000 AND EAX,0FF
00440009 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
0044000C |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
0044000F |. 83E9 08 SUB ECX,8 职业-8
00440012 |. 894D F0 MOV DWORD PTR SS:[EBP-10],ECX
00440015 |. 837D F0 0C CMP DWORD PTR SS:[EBP-10],0C 大于0C 跳转 (仙人后面的跳转,策士前面的都跳转) 注意前面 -08出现负值也大于0C
00440019 |. 77 1B JA SHORT Ekd5.00440036
0044001B |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0044001E |. 33D2 XOR EDX,EDX
00440020 |. 8A90 50004400 MOV DL,BYTE PTR DS:[EAX+440050]
00440026 |. FF2495 440044>JMP DWORD PTR DS:[EDX*4+440044]
0044002D |> C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
00440034 |. EB 07 JMP SHORT Ekd5.0044003D
00440036 |> C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0044003D |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00440040 |. 8BE5 MOV ESP,EBP
00440042 |. 5D POP EBP
00440043 \. C3 RETN
00440044 . 2D004400 DD Ekd5.0044002D ; 分支表 被用于 00440026
00440048 . 2D004400 DD Ekd5.0044002D
0044004C . 36004400 DD Ekd5.00440036
00440050 . 00 DB 00 ; 分支 00440044 索引表
00440051 . 00 DB 00
00440052 . 00 DB 00
00440053 . 00 DB 00
00440054 . 02 DB 02
00440055 . 02 DB 02
00440056 . 02 DB 02
00440057 . 02 DB 02
00440058 . 02 DB 02
00440059 . 02 DB 02 武力
0044005A . 01 DB 01
0044005B . 01 DB 01
0044005C . 01 DB 01
作者:
岱瀛 时间: 2007-12-30 21:26 标题: 平均等级计算方法
局部变量:
内存48B350存放了出场人物的序号
局部变量里有一个数字数组:
EBP-10 到 EBP-1 (-10,-0F,-0E,-0D,-0C,-0B,-0A.-09.-08.-07,--06,-05,-04,-03,-02,)每个一个字节,放着出场人物的等级
-14 出场人物等级和
-18 循环计数器
-1C 我方出场人物个数
-20 循环计数器
-24 用于交换操作的临时变量
-28 我方出场人物个数友移动两位(0~3,4种可能值)
-2C Ecx值
0041885A /$ 55 PUSH EBP
0041885B |. 8BEC MOV EBP,ESP
0041885D |. 83EC 2C SUB ESP,2C
00418860 |. 894D D4 MOV DWORD PTR SS:[EBP-2C],ECX
00418863 |. C745 EC 00000>MOV DWORD PTR SS:[EBP-14],0
0041886A |. C645 E4 00 MOV BYTE PTR SS:[EBP-1C],0
0041886E |> 8B45 E4 /MOV EAX,DWORD PTR SS:[EBP-1C]
00418871 |. 25 FF000000 |AND EAX,0FF
00418876 |. 813C85 50B348>|CMP DWORD PTR DS:[EAX*4+48B350],0FFFF
00418881 |. 74 0B |JE SHORT WaGan.0041888E
00418883 |. 8A4D E4 |MOV CL,BYTE PTR SS:[EBP-1C]
00418886 |. 80C1 01 |ADD CL,1
00418889 |. 884D E4 |MOV BYTE PTR SS:[EBP-1C],CL
0041888C |.^ EB E0 \JMP SHORT WaGan.0041886E 统计我方出场人物个数
0041888E |> 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
00418891 |. 25 FF000000 AND EAX,0FF
00418896 |. 99 CDQ
00418897 |. 83E2 03 AND EDX,3
0041889A |. 03C2 ADD EAX,EDX
0041889C |. C1F8 02 SAR EAX,2
0041889F |. 8845 D8 MOV BYTE PTR SS:[EBP-28],AL
004188A2 |. C645 E0 00 MOV BYTE PTR SS:[EBP-20],0
004188A6 |. EB 09 JMP SHORT WaGan.004188B1
004188A8 |> 8A55 E0 /MOV DL,BYTE PTR SS:[EBP-20]
004188AB |. 80C2 01 |ADD DL,1
004188AE |. 8855 E0 |MOV BYTE PTR SS:[EBP-20],DL
004188B1 |> 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
004188B4 |. 25 FF000000 |AND EAX,0FF
004188B9 |. 8B4D E4 |MOV ECX,DWORD PTR SS:[EBP-1C]
004188BC |. 81E1 FF000000 |AND ECX,0FF
004188C2 |. 3BC1 |CMP EAX,ECX
004188C4 |. 7D 2D |JGE SHORT WaGan.004188F3
004188C6 |. 8B55 E0 |MOV EDX,DWORD PTR SS:[EBP-20]
004188C9 |. 81E2 FF000000 |AND EDX,0FF
004188CF |. 8B0C95 50B348>|MOV ECX,DWORD PTR DS:[EDX*4+48B350]
004188D6 |. 6BC9 48 |IMUL ECX,ECX,48 data序号*0x48
004188D9 |. 81C1 0000D600 |ADD ECX,0D60000
004188DF |. E8 ECDCFEFF |CALL WaGan.004065D0 获取武将ecx的等级
004188E4 |. 8B4D E0 |MOV ECX,DWORD PTR SS:[EBP-20]
004188E7 |. 81E1 FF000000 |AND ECX,0FF
004188ED |. 88440D F0 |MOV BYTE PTR SS:[EBP+ECX-10],AL 等级存放进数组
004188F1 |.^ EB B5 \JMP SHORT WaGan.004188A8
004188F3 |> C645 E8 00 MOV BYTE PTR SS:[EBP-18],0
004188F7 |. EB 09 JMP SHORT WaGan.00418902
004188F9 |> 8A55 E8 /MOV DL,BYTE PTR SS:[EBP-18]
004188FC |. 80C2 01 |ADD DL,1
004188FF |. 8855 E8 |MOV BYTE PTR SS:[EBP-18],DL
00418902 |> 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
00418905 |. 25 FF000000 |AND EAX,0FF
0041890A |. 8B4D E4 |MOV ECX,DWORD PTR SS:[EBP-1C]
0041890D |. 81E1 FF000000 |AND ECX,0FF
00418913 |. 3BC1 |CMP EAX,ECX
00418915 |. 0F8D 88000000 |JGE WaGan.004189A3
0041891B |. C645 E0 00 |MOV BYTE PTR SS:[EBP-20],0
0041891F |. EB 09 |JMP SHORT WaGan.0041892A
00418921 |> 8A55 E0 |/MOV DL,BYTE PTR SS:[EBP-20]
00418924 |. 80C2 01 ||ADD DL,1
00418927 |. 8855 E0 ||MOV BYTE PTR SS:[EBP-20],DL
0041892A |> 8B45 E0 | MOV EAX,DWORD PTR SS:[EBP-20]
0041892D |. 25 FF000000 ||AND EAX,0FF
00418932 |. 8B4D E4 ||MOV ECX,DWORD PTR SS:[EBP-1C]
00418935 |. 81E1 FF000000 ||AND ECX,0FF
0041893B |. 83E9 01 ||SUB ECX,1
0041893E |. 3BC1 ||CMP EAX,ECX
00418940 |. 7D 5C ||JGE SHORT WaGan.0041899E
00418942 |. 8B55 E0 ||MOV EDX,DWORD PTR SS:[EBP-20]
00418945 |. 81E2 FF000000 ||AND EDX,0FF
0041894B |. 33C0 ||XOR EAX,EAX
0041894D |. 8A4415 F0 ||MOV AL,BYTE PTR SS:[EBP+EDX-10] 从数组里取出等级
00418951 |. 8B4D E0 ||MOV ECX,DWORD PTR SS:[EBP-20]
00418954 |. 81E1 FF000000 ||AND ECX,0FF
0041895A |. 33D2 ||XOR EDX,EDX
0041895C |. 8A540D F1 ||MOV DL,BYTE PTR SS:[EBP+ECX-F]
00418960 |. 3BC2 ||CMP EAX,EDX 把数组里的第I项和第I-1项比较,若大于就跳转
00418962 |. 7D 38 ||JGE SHORT WaGan.0041899C
00418964 |. 8B45 E0 ||MOV EAX,DWORD PTR SS:[EBP-20] i-1大于I,交换。
00418967 |. 25 FF000000 ||AND EAX,0FF
0041896C |. 8A4C05 F0 ||MOV CL,BYTE PTR SS:[EBP+EAX-10]
00418970 |. 884D DC ||MOV BYTE PTR SS:[EBP-24],CL
00418973 |. 8B55 E0 ||MOV EDX,DWORD PTR SS:[EBP-20]
00418976 |. 81E2 FF000000 ||AND EDX,0FF
0041897C |. 8B45 E0 ||MOV EAX,DWORD PTR SS:[EBP-20]
0041897F |. 25 FF000000 ||AND EAX,0FF
00418984 |. 8A4C15 F1 ||MOV CL,BYTE PTR SS:[EBP+EDX-F]
00418988 |. 884C05 F0 ||MOV BYTE PTR SS:[EBP+EAX-10],CL
0041898C |. 8B55 E0 ||MOV EDX,DWORD PTR SS:[EBP-20]
0041898F |. 81E2 FF000000 ||AND EDX,0FF
00418995 |. 8A45 DC ||MOV AL,BYTE PTR SS:[EBP-24]
00418998 |. 884415 F1 ||MOV BYTE PTR SS:[EBP+EDX-F],AL
0041899C |>^ EB 83 |\JMP SHORT WaGan.00418921
0041899E |>^ E9 56FFFFFF \JMP WaGan.004188F9
004189A3 |> 8A4D D8 MOV CL,BYTE PTR SS:[EBP-28]
004189A6 |. 884D E0 MOV BYTE PTR SS:[EBP-20],CL
004189A9 |. EB 09 JMP SHORT WaGan.004189B4
004189AB |> 8A55 E0 /MOV DL,BYTE PTR SS:[EBP-20]
004189AE |. 80C2 01 |ADD DL,1
004189B1 |. 8855 E0 |MOV BYTE PTR SS:[EBP-20],DL
004189B4 |> 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
004189B7 |. 25 FF000000 |AND EAX,0FF
004189BC |. 8B4D E4 |MOV ECX,DWORD PTR SS:[EBP-1C]
004189BF |. 81E1 FF000000 |AND ECX,0FF
004189C5 |. 8B55 D8 |MOV EDX,DWORD PTR SS:[EBP-28]
004189C8 |. 81E2 FF000000 |AND EDX,0FF
004189CE |. 2BCA |SUB ECX,EDX 人数减去-人数/4的值,
004189D0 |. 3BC1 |CMP EAX,ECX
004189D2 |. 7D 18 |JGE SHORT WaGan.004189EC
004189D4 |. 8B45 E0 |MOV EAX,DWORD PTR SS:[EBP-20]
004189D7 |. 25 FF000000 |AND EAX,0FF
004189DC |. 33C9 |XOR ECX,ECX
004189DE |. 8A4C05 F0 |MOV CL,BYTE PTR SS:[EBP+EAX-10]
004189E2 |. 8B55 EC |MOV EDX,DWORD PTR SS:[EBP-14]
004189E5 |. 03D1 |ADD EDX,ECX
004189E7 |. 8955 EC |MOV DWORD PTR SS:[EBP-14],EDX 累加等级和
004189EA |.^ EB BF \JMP SHORT WaGan.004189AB
004189EC |> 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
004189EF |. 81E1 FF000000 AND ECX,0FF
004189F5 |. 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28]
004189F8 |. 81E2 FF000000 AND EDX,0FF
004189FE |. D1E2 SHL EDX,1
00418A00 |. 2BCA SUB ECX,EDX
00418A02 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
00418A05 |. 33D2 XOR EDX,EDX
00418A07 |. F7F1 DIV ECX
00418A09 |. 8BE5 MOV ESP,EBP
00418A0B |. 5D POP EBP
00418A0C \. C3 RETN
曹操传
int average(Battle *bat)
{
int sum=0;
int i=0,j=0;
int totalNum=0;
int temp=0;
int level[15];
Battle *battle=bat;
int num=0;
//统计上场人数
while((battle+totalNum)->man!=-1)
{
totalNum++;
}
num= totalNum/4;
//将上场人物的等级全部存放进数组level
for(i=0;i<totalNum;i++)
{
level[15-i] = (battle+i)->level;
}
//进行选择排序
for (i=0;i<totalNum;i++)
{
for(j=0;i<totalNum-1;j++)
{
if (level[j]<level[j+1])
{
temp = level[j];
level[j]=level[j+1];
level[j+1]=temp;
}
}
}
//求和
for (i=num;i<totalNum-num;i++)
{
sum+=level[15-i];
}
//返回平均值
return sum/(totalNum - 2*num);
}
作者:
岱瀛 时间: 2007-12-30 21:27 标题: 每回合敌人阶段我军阶段地图文字显示分析
+10 1 / 0
+C 0 表示需要显示回合数 1 表示不需要显示回合数
+8 2 回合数
ECX= 4b3d08
-24 临时变量,控制循环
[EBP-10] 放着ClientRect
0044AC28 /$ 55 PUSH EBP
0044AC29 |. 8BEC MOV EBP,ESP
0044AC2B |. 83EC 40 SUB ESP,40
0044AC2E |. 894D C0 MOV DWORD PTR SS:[EBP-40],ECX
0044AC31 |. B9 50424B00 MOV ECX,WaGan.004B4250
0044AC36 |. E8 09B20000 CALL WaGan.00455E44 求 ECX+14 位置的值
0044AC3B |. 99 CDQ
0044AC3C |. B9 30000000 MOV ECX,30
0044AC41 |. F7F9 IDIV ECX
0044AC43 |. 8845 E4 MOV BYTE PTR SS:[EBP-1C],AL
0044AC46 |. B9 50424B00 MOV ECX,WaGan.004B4250
0044AC4B |. E8 1BB20000 CALL WaGan.00455E6B 求 ECX+18 位置的值
0044AC50 |. 99 CDQ
0044AC51 |. B9 30000000 MOV ECX,30
0044AC56 |. F7F9 IDIV ECX
0044AC58 |. 8845 E0 MOV BYTE PTR SS:[EBP-20],AL
0044AC5B |. C745 E8 54E14>MOV DWORD PTR SS:[EBP-18],WaGan.0048E154 我军阶段
0044AC62 |. C745 EC 60E14>MOV DWORD PTR SS:[EBP-14],WaGan.0048E160 敌军阶段
0044AC69 |. 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C]
0044AC6C |. F7DA NEG EDX
0044AC6E |. 1BD2 SBB EDX,EDX
0044AC70 |. 83E2 12 AND EDX,12
0044AC73 |. 83C2 2D ADD EDX,2D
0044AC76 |. 52 PUSH EDX ; /Arg1
0044AC77 |. B9 50424B00 MOV ECX,WaGan.004B4250 ; |
0044AC7C |. E8 69700000 CALL WaGan.00451CEA ; \WaGan.00451CEA
0044AC81 |. 837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
0044AC85 |. 74 46 JE SHORT WaGan.0044ACCD
0044AC87 |. 8A45 E4 MOV AL,BYTE PTR SS:[EBP-1C]
0044AC8A |. 8845 DC MOV BYTE PTR SS:[EBP-24],AL
0044AC8D |. EB 09 JMP SHORT WaGan.0044AC98
0044AC8F |> 8A4D DC /MOV CL,BYTE PTR SS:[EBP-24] 从右到左
0044AC92 |. 80E9 01 |SUB CL,1
0044AC95 |. 884D DC |MOV BYTE PTR SS:[EBP-24],CL
0044AC98 |> 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24]
0044AC9B |. 81E2 FF000000 |AND EDX,0FF
0044ACA1 |. 85D2 |TEST EDX,EDX
0044ACA3 |. 7E 26 |JLE SHORT WaGan.0044ACCB
0044ACA5 |. E8 1A3E0300 |CALL WaGan.0047EAC4
0044ACAA |. 8A45 E0 |MOV AL,BYTE PTR SS:[EBP-20]
0044ACAD |. 50 |PUSH EAX ; /Arg4
0044ACAE |. 6A 01 |PUSH 1 ; |Arg3 = 00000001
0044ACB0 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0044ACB2 |. 8B4D DC |MOV ECX,DWORD PTR SS:[EBP-24] ; |
0044ACB5 |. 81E1 FF000000 |AND ECX,0FF ; |
0044ACBB |. 83E9 01 |SUB ECX,1 ; |
0044ACBE |. 51 |PUSH ECX ; |Arg1
0044ACBF |. B9 50424B00 |MOV ECX,WaGan.004B4250 ; |
0044ACC4 |. E8 7F8E0000 |CALL WaGan.00453B48 ; \WaGan.00453B48
0044ACC9 |.^ EB C4 \JMP SHORT WaGan.0044AC8F
0044ACCB |> EB 41 JMP SHORT WaGan.0044AD0E
0044ACCD |> C645 DC 00 MOV BYTE PTR SS:[EBP-24],0
0044ACD1 |. EB 09 JMP SHORT WaGan.0044ACDC
0044ACD3 |> 8A55 DC /MOV DL,BYTE PTR SS:[EBP-24] 从左到右
0044ACD6 |. 80C2 01 |ADD DL,1
0044ACD9 |. 8855 DC |MOV BYTE PTR SS:[EBP-24],DL
0044ACDC |> 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
0044ACDF |. 25 FF000000 |AND EAX,0FF
0044ACE4 |. 8B4D E4 |MOV ECX,DWORD PTR SS:[EBP-1C]
0044ACE7 |. 81E1 FF000000 |AND ECX,0FF
0044ACED |. 3BC1 |CMP EAX,ECX
0044ACEF |. 7D 1D |JGE SHORT WaGan.0044AD0E
0044ACF1 |. E8 CE3D0300 |CALL WaGan.0047EAC4
0044ACF6 |. 8A55 E0 |MOV DL,BYTE PTR SS:[EBP-20]
0044ACF9 |. 52 |PUSH EDX ; /Arg4
0044ACFA |. 6A 01 |PUSH 1 ; |Arg3 = 00000001
0044ACFC |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0044ACFE |. 8A45 DC |MOV AL,BYTE PTR SS:[EBP-24] ; |
0044AD01 |. 50 |PUSH EAX ; |Arg1
0044AD02 |. B9 50424B00 |MOV ECX,WaGan.004B4250 ; |
0044AD07 |. E8 3C8E0000 |CALL WaGan.00453B48 ; \WaGan.00453B48
0044AD0C |.^ EB C5 \JMP SHORT WaGan.0044ACD3
0044AD0E |> 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
0044AD11 |. 81E1 FF000000 AND ECX,0FF
0044AD17 |. 6BC9 30 IMUL ECX,ECX,30
0044AD1A |. 81F9 C0030000 CMP ECX,3C0 960
0044AD20 |. 7C 10 JL SHORT WaGan.0044AD32
0044AD22 |. C745 D8 40000>MOV DWORD PTR SS:[EBP-28],40
0044AD29 |. C745 C4 02000>MOV DWORD PTR SS:[EBP-3C],2
0044AD30 |. EB 32 JMP SHORT WaGan.0044AD64
0044AD32 |> 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
0044AD35 |. 81E2 FF000000 AND EDX,0FF
0044AD3B |. 6BD2 30 IMUL EDX,EDX,30
0044AD3E |. 81FA D0020000 CMP EDX,2D0 720
0044AD44 |. 7C 10 JL SHORT WaGan.0044AD56
0044AD46 |. C745 D8 40000>MOV DWORD PTR SS:[EBP-28],40
0044AD4D |. C745 C4 02000>MOV DWORD PTR SS:[EBP-3C],2
0044AD54 |. EB 0E JMP SHORT WaGan.0044AD64
0044AD56 |> C745 D8 30000>MOV DWORD PTR SS:[EBP-28],30
0044AD5D |. C745 C4 01000>MOV DWORD PTR SS:[EBP-3C],1
0044AD64 |> 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
0044AD67 |. 50 PUSH EAX ; /pRect
0044AD68 |. 8B0D 686A4B00 MOV ECX,DWORD PTR DS:[4B6A68] ; |
0044AD6E |. 51 PUSH ECX ; |hWnd => 001403A2 ('瓦岗山异闻录',class='{60CD5C01-B3F3-4e4a-B0E9-6D71...')
0044AD6F |. FF15 EC624800 CALL DWORD PTR DS:[<&USER32.GetClientRect>] ; \GetClientRect
0044AD75 |. E8 6138FDFF CALL WaGan.0041E5DB
0044AD7A |. 6A 01 PUSH 1
0044AD7C |. 33D2 XOR EDX,EDX
0044AD7E |. 837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
0044AD82 |. 0F95C2 SETNE DL
0044AD85 |. 8B4495 E8 MOV EAX,DWORD PTR SS:[EBP+EDX*4-18] --》文字
0044AD89 |. 50 PUSH EAX
0044AD8A |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
0044AD8D |. F7D9 NEG ECX
0044AD8F |. 1BC9 SBB ECX,ECX
0044AD91 |. 83E1 10 AND ECX,10
0044AD94 |. 83C1 2A ADD ECX,2A
0044AD97 |. 51 PUSH ECX
0044AD98 |. 6A 02 PUSH 2
0044AD9A |. 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28]
0044AD9D |. 52 PUSH EDX
0044AD9E |. 83EC 10 SUB ESP,10
0044ADA1 |. 8BC4 MOV EAX,ESP ; |
0044ADA3 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
0044ADA6 |. 8908 MOV DWORD PTR DS:[EAX],ECX ; |
0044ADA8 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C] ; |
0044ADAB |. 8950 04 MOV DWORD PTR DS:[EAX+4],EDX ; |
0044ADAE |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0044ADB1 |. 8948 08 MOV DWORD PTR DS:[EAX+8],ECX ; |
0044ADB4 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
0044ADB7 |. 8950 0C MOV DWORD PTR DS:[EAX+C],EDX ; |
0044ADBA |. E8 393FFDFF CALL WaGan.0041ECF8 ; \WaGan.0041ECF8
0044ADBF |. 83C4 24 ADD ESP,24
0044ADC2 |. 6A 01 PUSH 1
0044ADC4 |. 33C0 XOR EAX,EAX
0044ADC6 |. 837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
0044ADCA |. 0F95C0 SETNE AL
0044ADCD |. 8B4C85 E8 MOV ECX,DWORD PTR SS:[EBP+EAX*4-18] 文字
0044ADD1 |. 51 PUSH ECX
0044ADD2 |. 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C]
0044ADD5 |. F7DA NEG EDX
0044ADD7 |. 1BD2 SBB EDX,EDX
0044ADD9 |. 83E2 11 AND EDX,11
0044ADDC |. 83C2 24 ADD EDX,24
0044ADDF |. 52 PUSH EDX
0044ADE0 |. 6A 01 PUSH 1
0044ADE2 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
0044ADE5 |. 50 PUSH EAX
0044ADE6 |. 83EC 10 SUB ESP,10
0044ADE9 |. 8BCC MOV ECX,ESP ; |
0044ADEB |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] ; |
0044ADEE |. 8911 MOV DWORD PTR DS:[ECX],EDX ; |
0044ADF0 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; |
0044ADF3 |. 8941 04 MOV DWORD PTR DS:[ECX+4],EAX ; |
0044ADF6 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; |
0044ADF9 |. 8951 08 MOV DWORD PTR DS:[ECX+8],EDX ; |
0044ADFC |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
0044ADFF |. 8941 0C MOV DWORD PTR DS:[ECX+C],EAX ; |
0044AE02 |. E8 F13EFDFF CALL WaGan.0041ECF8 ; \WaGan.0041ECF8
0044AE07 |. 83C4 24 ADD ESP,24
0044AE0A |. 6A 00 PUSH 0 ; /Arg3 = 00000000
0044AE0C |. 6A 12 PUSH 12 ; |Arg2 = 00000012
0044AE0E |. 6A 04 PUSH 4 ; |Arg1 = 00000004
0044AE10 |. E8 24240300 CALL WaGan.0047D239 ; \WaGan.0047D239
0044AE15 |. 83C4 0C ADD ESP,0C
0044AE18 |. 6A 00 PUSH 0 ; /Arg7 = 00000000
0044AE1A |. 6A 00 PUSH 0 ; |Arg6 = 00000000
0044AE1C |. 6A 01 PUSH 1 ; |Arg5 = 00000001
0044AE1E |. 33C9 XOR ECX,ECX ; |
0044AE20 |. 837D 0C 00 CMP DWORD PTR SS:[EBP+C],0 ; |
0044AE24 |. 0F95C1 SETNE CL ; |
0044AE27 |. 8B548D E8 MOV EDX,DWORD PTR SS:[EBP+ECX*4-18] ; | 文字内容
0044AE2B |. 52 PUSH EDX ; |Arg4
0044AE2C |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ; |
0044AE2F |. 50 PUSH EAX ; |Arg3
0044AE30 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ; |
0044AE33 |. 99 CDQ ; |
0044AE34 |. 2BC2 SUB EAX,EDX ; |
0044AE36 |. D1F8 SAR EAX,1 ; |
0044AE38 |. 50 PUSH EAX ; |Arg2
0044AE39 |. 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10] ; |
0044AE3C |. 51 PUSH ECX ; |Arg1
0044AE3D |. E8 723BFDFF CALL WaGan.0041E9B4 ; \WaGan.0041E9B4
0044AE42 |. 83C4 1C ADD ESP,1C
0044AE45 |. E8 AC37FDFF CALL WaGan.0041E5F6 文字显示
0044AE4A |. 837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
0044AE4E |. 0F85 01010000 JNZ WaGan.0044AF55 不需要显示回合数的跳转
0044AE54 |. 6A 0A PUSH 0A ; /Arg1 = 0000000A
0044AE56 |. B9 181B4B00 MOV ECX,WaGan.004B1B18 ; |
0044AE5B |. E8 E084FBFF CALL WaGan.00403340 ; \WaGan.00403340
0044AE60 |. E8 7B16FEFF CALL WaGan.0042C4E0
0044AE65 |. 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28]
0044AE68 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0044AE6B |. 8D4C50 10 LEA ECX,DWORD PTR DS:[EAX+EDX*2+10]
0044AE6F |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
0044AE72 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0044AE75 |. 81E2 FF000000 AND EDX,0FF
0044AE7B |. 8B45 C0 MOV EAX,DWORD PTR SS:[EBP-40]
0044AE7E |. 33C9 XOR ECX,ECX
0044AE80 |. 8A48 03 MOV CL,BYTE PTR DS:[EAX+3]
0044AE83 |. 3BD1 CMP EDX,ECX
0044AE85 |. 7C 14 JL SHORT WaGan.0044AE9B
0044AE87 |. 68 6CE14800 PUSH WaGan.0048E16C ; /Format = "最终回合"
0044AE8C |. 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38] ; |
0044AE8F |. 52 PUSH EDX ; |s
0044AE90 |. FF15 C0624800 CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
0044AE96 |. 83C4 08 ADD ESP,8
0044AE99 |. EB 1B JMP SHORT WaGan.0044AEB6
0044AE9B |> 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0044AE9E |. 25 FF000000 AND EAX,0FF
0044AEA3 |. 50 PUSH EAX ; /<%2u>
0044AEA4 |. 68 78E14800 PUSH WaGan.0048E178 ; |Format = "第%2u回合"
0044AEA9 |. 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38] ; |
0044AEAC |. 51 PUSH ECX ; |s
0044AEAD |. FF15 C0624800 CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
0044AEB3 |. 83C4 0C ADD ESP,0C
0044AEB6 |> E8 2037FDFF CALL WaGan.0041E5DB
0044AEBB |. 6A 01 PUSH 1
0044AEBD |. 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
0044AEC0 |. 52 PUSH EDX
0044AEC1 |. 6A 1F PUSH 1F
0044AEC3 |. 6A 02 PUSH 2
0044AEC5 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
0044AEC8 |. 50 PUSH EAX
0044AEC9 |. 83EC 10 SUB ESP,10
0044AECC |. 8BCC MOV ECX,ESP ; |
0044AECE |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] ; |
0044AED1 |. 8911 MOV DWORD PTR DS:[ECX],EDX ; |
0044AED3 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; |
0044AED6 |. 8941 04 MOV DWORD PTR DS:[ECX+4],EAX ; |
0044AED9 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; |
0044AEDC |. 8951 08 MOV DWORD PTR DS:[ECX+8],EDX ; |
0044AEDF |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
0044AEE2 |. 8941 0C MOV DWORD PTR DS:[ECX+C],EAX ; |
0044AEE5 |. E8 0E3EFDFF CALL WaGan.0041ECF8 ; \WaGan.0041ECF8
0044AEEA |. 83C4 24 ADD ESP,24
0044AEED |. 6A 01 PUSH 1
0044AEEF |. 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
0044AEF2 |. 51 PUSH ECX
0044AEF3 |. 6A 18 PUSH 18
0044AEF5 |. 6A 01 PUSH 1
0044AEF7 |. 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28]
0044AEFA |. 52 PUSH EDX
0044AEFB |. 83EC 10 SUB ESP,10
0044AEFE |. 8BC4 MOV EAX,ESP ; |
0044AF00 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
0044AF03 |. 8908 MOV DWORD PTR DS:[EAX],ECX ; |
0044AF05 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C] ; |
0044AF08 |. 8950 04 MOV DWORD PTR DS:[EAX+4],EDX ; |
0044AF0B |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0044AF0E |. 8948 08 MOV DWORD PTR DS:[EAX+8],ECX ; |
0044AF11 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
0044AF14 |. 8950 0C MOV DWORD PTR DS:[EAX+C],EDX ; |
0044AF17 |. E8 DC3DFDFF CALL WaGan.0041ECF8 ; \WaGan.0041ECF8
0044AF1C |. 83C4 24 ADD ESP,24
0044AF1F |. 6A 00 PUSH 0 ; /Arg3 = 00000000
0044AF21 |. 6A 12 PUSH 12 ; |Arg2 = 00000012
0044AF23 |. 6A 04 PUSH 4 ; |Arg1 = 00000004
0044AF25 |. E8 0F230300 CALL WaGan.0047D239 ; \WaGan.0047D239
0044AF2A |. 83C4 0C ADD ESP,0C
0044AF2D |. 6A 00 PUSH 0 ; /Arg7 = 00000000
0044AF2F |. 6A 00 PUSH 0 ; |Arg6 = 00000000
0044AF31 |. 6A 01 PUSH 1 ; |Arg5 = 00000001
0044AF33 |. 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38] ; |
0044AF36 |. 50 PUSH EAX ; |Arg4
0044AF37 |. 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-28] ; |
0044AF3A |. 51 PUSH ECX ; |Arg3
0044AF3B |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ; |
0044AF3E |. 99 CDQ ; |
0044AF3F |. 2BC2 SUB EAX,EDX ; |
0044AF41 |. D1F8 SAR EAX,1 ; |
0044AF43 |. 50 PUSH EAX ; |Arg2
0044AF44 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10] ; |
0044AF47 |. 52 PUSH EDX ; |Arg1
0044AF48 |. E8 673AFDFF CALL WaGan.0041E9B4 ; \WaGan.0041E9B4
0044AF4D |. 83C4 1C ADD ESP,1C
0044AF50 |. E8 A136FDFF CALL WaGan.0041E5F6
0044AF55 |> 6A 14 PUSH 14 ; /Arg1 = 00000014
0044AF57 |. B9 181B4B00 MOV ECX,WaGan.004B1B18 ; |
0044AF5C |. E8 DF83FBFF CALL WaGan.00403340 ; \WaGan.00403340
0044AF61 |. E8 7A15FEFF CALL WaGan.0042C4E0
0044AF66 |. 837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0044AF6A |. 75 37 JNZ SHORT WaGan.0044AFA3
0044AF6C |. C645 DC 00 MOV BYTE PTR SS:[EBP-24],0
0044AF70 |. EB 08 JMP SHORT WaGan.0044AF7A
0044AF72 |> 8A45 DC /MOV AL,BYTE PTR SS:[EBP-24]
0044AF75 |. 04 01 |ADD AL,1
0044AF77 |. 8845 DC |MOV BYTE PTR SS:[EBP-24],AL
0044AF7A |> 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24]
0044AF7D |. 81E1 FF000000 |AND ECX,0FF
0044AF83 |. 83F9 73 |CMP ECX,73
0044AF86 |. 7D 1B |JGE SHORT WaGan.0044AFA3
0044AF88 |. 6A 06 |PUSH 6 ; /Arg1 = 00000006
0044AF8A |. 8B4D DC |MOV ECX,DWORD PTR SS:[EBP-24] ; |
0044AF8D |. 81E1 FF000000 |AND ECX,0FF ; |
0044AF93 |. 6BC9 24 |IMUL ECX,ECX,24 ; |
0044AF96 |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50 ; |
0044AF9C |. E8 EFB6FBFF |CALL WaGan.00406690 ; \WaGan.00406690 恢复武将ecx行动
0044AFA1 |.^ EB CF \JMP SHORT WaGan.0044AF72
0044AFA3 |> 8B4D C0 MOV ECX,DWORD PTR SS:[EBP-40]
0044AFA6 |. E8 DFF8FFFF CALL WaGan.0044A88A
0044AFAB |. B9 50424B00 MOV ECX,WaGan.004B4250
0044AFB0 |. E8 F66D0000 CALL WaGan.00451DAB
文字显示完后的黑屏回退
0044AFB5 |. 837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
0044AFB9 |. 74 44 JE SHORT WaGan.0044AFFF
0044AFBB |. 8A55 E4 MOV DL,BYTE PTR SS:[EBP-1C]
0044AFBE |. 8855 DC MOV BYTE PTR SS:[EBP-24],DL
0044AFC1 |. EB 08 JMP SHORT WaGan.0044AFCB
0044AFC3 |> 8A45 DC /MOV AL,BYTE PTR SS:[EBP-24]
0044AFC6 |. 2C 01 |SUB AL,1
0044AFC8 |. 8845 DC |MOV BYTE PTR SS:[EBP-24],AL
0044AFCB |> 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24]
0044AFCE |. 81E1 FF000000 |AND ECX,0FF
0044AFD4 |. 85C9 |TEST ECX,ECX
0044AFD6 |. 7E 25 |JLE SHORT WaGan.0044AFFD
0044AFD8 |. E8 E73A0300 |CALL WaGan.0047EAC4
0044AFDD |. 8A55 E0 |MOV DL,BYTE PTR SS:[EBP-20]
0044AFE0 |. 52 |PUSH EDX ; /Arg4
0044AFE1 |. 6A 01 |PUSH 1 ; |Arg3 = 00000001
0044AFE3 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0044AFE5 |. 8B45 DC |MOV EAX,DWORD PTR SS:[EBP-24] ; |
0044AFE8 |. 25 FF000000 |AND EAX,0FF ; |
0044AFED |. 83E8 01 |SUB EAX,1 ; |
0044AFF0 |. 50 |PUSH EAX ; |Arg1
0044AFF1 |. B9 50424B00 |MOV ECX,WaGan.004B4250 ; |
0044AFF6 |. E8 4D8B0000 |CALL WaGan.00453B48 ; \WaGan.00453B48
0044AFFB |.^ EB C6 \JMP SHORT WaGan.0044AFC3
0044AFFD |> EB 41 JMP SHORT WaGan.0044B040
0044AFFF |> C645 DC 00 MOV BYTE PTR SS:[EBP-24],0
0044B003 |. EB 09 JMP SHORT WaGan.0044B00E
0044B005 |> 8A4D DC /MOV CL,BYTE PTR SS:[EBP-24]
0044B008 |. 80C1 01 |ADD CL,1
0044B00B |. 884D DC |MOV BYTE PTR SS:[EBP-24],CL
0044B00E |> 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24]
0044B011 |. 81E2 FF000000 |AND EDX,0FF
0044B017 |. 8B45 E4 |MOV EAX,DWORD PTR SS:[EBP-1C]
0044B01A |. 25 FF000000 |AND EAX,0FF
0044B01F |. 3BD0 |CMP EDX,EAX
0044B021 |. 7D 1D |JGE SHORT WaGan.0044B040
0044B023 |. E8 9C3A0300 |CALL WaGan.0047EAC4
0044B028 |. 8A4D E0 |MOV CL,BYTE PTR SS:[EBP-20]
0044B02B |. 51 |PUSH ECX ; /Arg4
0044B02C |. 6A 01 |PUSH 1 ; |Arg3 = 00000001
0044B02E |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0044B030 |. 8A55 DC |MOV DL,BYTE PTR SS:[EBP-24] ; |
0044B033 |. 52 |PUSH EDX ; |Arg1
0044B034 |. B9 50424B00 |MOV ECX,WaGan.004B4250 ; |
0044B039 |. E8 0A8B0000 |CALL WaGan.00453B48 ; \WaGan.00453B48
0044B03E |.^ EB C5 \JMP SHORT WaGan.0044B005
0044B040 |> 8BE5 MOV ESP,EBP
0044B042 |. 5D POP EBP
0044B043 \. C2 0C00 RETN 0C
作者:
岱瀛 时间: 2007-12-30 21:28 标题: 绝招的修改办法(也是新添加的功能原来sousou没有)
修改关键:
第一是:菜单始化的定义 对话框初始化代码 , 图标显示代码
第二是:绑定消息对应宏 消息绑定代码
第三是:消息响应代码 消息响应代码
0045BCC8 . 9FBC4500 DD WaGan.0045BC9F 3—50A就是绝招 这个就定义为5吧
0043E17B |. 837D D0 03 |CMP DWORD PTR SS:[EBP-30],3 增加一个消息响应了。
0043E17F |. 77 32 |JA SHORT WaGan.0043E1B3 跳转到要相应的地方
鼠标单击产生的响应函数
0043DDE3 /$ 55 PUSH EBP
0043DDE4 |. 8BEC MOV EBP,ESP
0043DDE6 |. 83EC 34 SUB ESP,34
0043DDE9 |. 53 PUSH EBX
0043DDEA |. 894D D4 MOV DWORD PTR SS:[EBP-2C],ECX
0043DDED |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
0043DDF0 |. 66:8B48 06 MOV CX,WORD PTR DS:[EAX+6]
0043DDF4 |. 66:894D F8 MOV WORD PTR SS:[EBP-8],CX
0043DDF8 |. 8B55 D4 MOV EDX,DWORD PTR SS:[EBP-2C]
0043DDFB |. 33C0 XOR EAX,EAX
0043DDFD |. 8A42 0F MOV AL,BYTE PTR DS:[EDX+F]
0043DE00 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0043DE03 |. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
0043DE06 |. E8 6501FEFF CALL WaGan.0041DF70
0043DE0B |. 8845 EC MOV BYTE PTR SS:[EBP-14],AL
0043DE0E |. C745 E8 00000>MOV DWORD PTR SS:[EBP-18],0
0043DE15 |. C645 F4 00 MOV BYTE PTR SS:[EBP-C],0
0043DE19 |. C645 E4 00 MOV BYTE PTR SS:[EBP-1C],0
0043DE1D |. B9 50424B00 MOV ECX,WaGan.004B4250
0043DE22 |. E8 0B600100 CALL WaGan.00453E32
0043DE27 |. 8B0D 08754B00 MOV ECX,DWORD PTR DS:[4B7508]
0043DE2D |. 51 PUSH ECX ; /hWnd => NULL
0043DE2E |. FF15 C8624800 CALL DWORD PTR DS:[<&USER32.IsWindowVisible>] ; \IsWindowVisible
0043DE34 |. 85C0 TEST EAX,EAX
0043DE36 |. 74 11 JE SHORT WaGan.0043DE49
0043DE38 |. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
0043DE3B |. E8 30180200 CALL WaGan.0045F670
0043DE40 |. 50 PUSH EAX ; /Arg1
0043DE41 |. E8 4FB90300 CALL WaGan.00479795 ; \WaGan.00479795
0043DE46 |. 83C4 04 ADD ESP,4
0043DE49 |> 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
0043DE4C |. E8 E7F6FFFF CALL WaGan.0043D538
0043DE51 |. 85C0 TEST EAX,EAX
0043DE53 |. 75 07 JNZ SHORT WaGan.0043DE5C
0043DE55 |. 33C0 XOR EAX,EAX
0043DE57 |. E9 02040000 JMP WaGan.0043E25E
0043DE5C |> 8B55 D4 MOV EDX,DWORD PTR SS:[EBP-2C]
0043DE5F |. 8B02 MOV EAX,DWORD PTR DS:[EDX]
0043DE61 |. 50 PUSH EAX ; /Arg1
0043DE62 |. B9 F05D4B00 MOV ECX,WaGan.004B5DF0 ; |
0043DE67 |. E8 E4170200 CALL WaGan.0045F650 ; \WaGan.0045F650
0043DE6C |. B9 083D4B00 MOV ECX,WaGan.004B3D08
0043DE71 |. E8 14CA0000 CALL WaGan.0044A88A
0043DE76 |. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
0043DE79 |. 8A51 07 MOV DL,BYTE PTR DS:[ECX+7]
0043DE7C |. 52 PUSH EDX ; /Arg2
0043DE7D |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C] ; |
0043DE80 |. 8A48 06 MOV CL,BYTE PTR DS:[EAX+6] ; |
0043DE83 |. 51 PUSH ECX ; |Arg1
0043DE84 |. B9 985E4B00 MOV ECX,WaGan.004B5E98 ; |
0043DE89 |. E8 12DD0100 CALL WaGan.0045BBA0 ; \WaGan.0045BBA0
0043DE8E |. 6A 00 PUSH 0
0043DE90 |. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
0043DE93 |. E8 261A0000 CALL WaGan.0043F8BE
0043DE98 |. 50 PUSH EAX ; |Arg2
0043DE99 |. 8B55 D4 MOV EDX,DWORD PTR SS:[EBP-2C] ; |
0043DE9C |. 8A42 04 MOV AL,BYTE PTR DS:[EDX+4] ; |
0043DE9F |. 50 PUSH EAX ; |Arg1
0043DEA0 |. E8 CE030000 CALL WaGan.0043E273 ; \WaGan.0043E273
0043DEA5 |. 83C4 0C ADD ESP,0C
0043DEA8 |. 25 FF000000 AND EAX,0FF
0043DEAD |. 85C0 TEST EAX,EAX
0043DEAF |. 74 0C JE SHORT WaGan.0043DEBD
0043DEB1 |. 6A 01 PUSH 1 ; /Arg1 = 00000001
0043DEB3 |. B9 985E4B00 MOV ECX,WaGan.004B5E98 ; |
0043DEB8 |. E8 83050000 CALL WaGan.0043E440 ; \WaGan.0043E440
0043DEBD |> 6A 33 PUSH 33 ; /Arg1 = 00000033
0043DEBF |. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C] ; |
0043DEC2 |. 8B09 MOV ECX,DWORD PTR DS:[ECX] ; |
0043DEC4 |. 6BC9 48 IMUL ECX,ECX,48 ; |
0043DEC7 |. 81C1 0000D600 ADD ECX,0D60000 ; |
0043DECD |. E8 379BFCFF CALL WaGan.00407A09 ; \WaGan.00407A09
0043DED2 |. 85C0 TEST EAX,EAX
0043DED4 |. 0F84 61010000 JE WaGan.0043E03B
0043DEDA |. 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
0043DEDD |. E8 2E180200 CALL WaGan.0045F710
0043DEE2 |. C645 D8 00 MOV BYTE PTR SS:[EBP-28],0
0043DEE6 |. EB 09 JMP SHORT WaGan.0043DEF1
0043DEE8 |> 8A55 D8 /MOV DL,BYTE PTR SS:[EBP-28]
0043DEEB |. 80C2 01 |ADD DL,1
0043DEEE |. 8855 D8 |MOV BYTE PTR SS:[EBP-28],DL
0043DEF1 |> 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
0043DEF4 |. 25 FF000000 |AND EAX,0FF
0043DEF9 |. 83F8 04 |CMP EAX,4
0043DEFC |. 0F8D 39010000 |JGE WaGan.0043E03B
0043DF02 |. 837D E8 00 |CMP DWORD PTR SS:[EBP-18],0
0043DF06 |. 0F85 2F010000 |JNZ WaGan.0043E03B
0043DF0C |. 8A4D D8 |MOV CL,BYTE PTR SS:[EBP-28]
0043DF0F |. 51 |PUSH ECX ; /Arg2
0043DF10 |. 8B55 D4 |MOV EDX,DWORD PTR SS:[EBP-2C] ; |
0043DF13 |. 83C2 06 |ADD EDX,6 ; |
0043DF16 |. 52 |PUSH EDX ; |Arg1
0043DF17 |. E8 D97AFFFF |CALL WaGan.004359F5 ; \WaGan.004359F5
0043DF1C |. 83C4 08 |ADD ESP,8
0043DF1F |. 50 |PUSH EAX ; /Arg1
0043DF20 |. 8D4D E0 |LEA ECX,DWORD PTR SS:[EBP-20] ; |
0043DF23 |. E8 7886FCFF |CALL WaGan.004065A0 ; \WaGan.004065A0
0043DF28 |. 8B45 E0 |MOV EAX,DWORD PTR SS:[EBP-20]
0043DF2B |. 25 FF000000 |AND EAX,0FF
0043DF30 |. 3D FF000000 |CMP EAX,0FF
0043DF35 |. 0F84 FB000000 |JE WaGan.0043E036
0043DF3B |. 8D4D E0 |LEA ECX,DWORD PTR SS:[EBP-20]
0043DF3E |. 51 |PUSH ECX ; /Arg1
0043DF3F |. E8 4079FFFF |CALL WaGan.00435884 ; \WaGan.00435884
0043DF44 |. 83C4 04 |ADD ESP,4
0043DF47 |. 8845 DC |MOV BYTE PTR SS:[EBP-24],AL
0043DF4A |. 8B55 DC |MOV EDX,DWORD PTR SS:[EBP-24]
0043DF4D |. 81E2 FF000000 |AND EDX,0FF
0043DF53 |. 81FA FF000000 |CMP EDX,0FF
0043DF59 |. 0F84 D7000000 |JE WaGan.0043E036
0043DF5F |. C645 F0 00 |MOV BYTE PTR SS:[EBP-10],0
0043DF63 |. EB 08 |JMP SHORT WaGan.0043DF6D
0043DF65 |> 8A45 F0 |/MOV AL,BYTE PTR SS:[EBP-10]
0043DF68 |. 04 01 ||ADD AL,1
0043DF6A |. 8845 F0 ||MOV BYTE PTR SS:[EBP-10],AL
0043DF6D |> 8B4D F0 | MOV ECX,DWORD PTR SS:[EBP-10]
0043DF70 |. 81E1 FF000000 ||AND ECX,0FF
0043DF76 |. 83F9 44 ||CMP ECX,44
0043DF79 |. 0F8D B7000000 ||JGE WaGan.0043E036
0043DF7F |. 8B4D DC ||MOV ECX,DWORD PTR SS:[EBP-24]
0043DF82 |. 81E1 FF000000 ||AND ECX,0FF
0043DF88 |. 6BC9 24 ||IMUL ECX,ECX,24
0043DF8B |. 81C1 502C4B00 ||ADD ECX,WaGan.004B2C50
0043DF91 |. E8 DAFFFDFF ||CALL WaGan.0041DF70
0043DF96 |. 25 FF000000 ||AND EAX,0FF
0043DF9B |. 50 ||PUSH EAX ; /Arg1
0043DF9C |. 8B4D F0 ||MOV ECX,DWORD PTR SS:[EBP-10] ; |
0043DF9F |. 81E1 FF000000 ||AND ECX,0FF ; |
0043DFA5 |. 6BC9 46 ||IMUL ECX,ECX,46 ; |
0043DFA8 |. 81C1 C0F44A00 ||ADD ECX,WaGan.004AF4C0 ; |
0043DFAE |. E8 CDB5FCFF ||CALL WaGan.00409580 ; \WaGan.00409580
0043DFB3 |. 25 FF000000 ||AND EAX,0FF
0043DFB8 |. 85C0 ||TEST EAX,EAX
0043DFBA |. 74 75 ||JE SHORT WaGan.0043E031
0043DFBC |. 8B4D DC ||MOV ECX,DWORD PTR SS:[EBP-24]
0043DFBF |. 81E1 FF000000 ||AND ECX,0FF
0043DFC5 |. 6BC9 24 ||IMUL ECX,ECX,24
0043DFC8 |. 81C1 502C4B00 ||ADD ECX,WaGan.004B2C50
0043DFCE |. E8 9DFFFDFF ||CALL WaGan.0041DF70
0043DFD3 |. 25 FF000000 ||AND EAX,0FF
0043DFD8 |. 50 ||PUSH EAX ; /Arg1
0043DFD9 |. 8B4D F0 ||MOV ECX,DWORD PTR SS:[EBP-10] ; |
0043DFDC |. 81E1 FF000000 ||AND ECX,0FF ; |
0043DFE2 |. 6BC9 46 ||IMUL ECX,ECX,46 ; |
0043DFE5 |. 81C1 C0F44A00 ||ADD ECX,WaGan.004AF4C0 ; |
0043DFEB |. E8 90B5FCFF ||CALL WaGan.00409580 ; \WaGan.00409580
0043DFF0 |. 8AD8 ||MOV BL,AL
0043DFF2 |. 81E3 FF000000 ||AND EBX,0FF
0043DFF8 |. 8B4D DC ||MOV ECX,DWORD PTR SS:[EBP-24]
0043DFFB |. 81E1 FF000000 ||AND ECX,0FF
0043E001 |. 6BC9 24 ||IMUL ECX,ECX,24
0043E004 |. 81C1 502C4B00 ||ADD ECX,WaGan.004B2C50
0043E00A |. E8 61160200 ||CALL WaGan.0045F670
0043E00F |. 8BC8 ||MOV ECX,EAX
0043E011 |. 6BC9 48 ||IMUL ECX,ECX,48
0043E014 |. 81C1 0000D600 ||ADD ECX,0D60000
0043E01A |. E8 B185FCFF ||CALL WaGan.004065D0
0043E01F |. 25 FF000000 ||AND EAX,0FF
0043E024 |. 3BD8 ||CMP EBX,EAX
0043E026 |. 7F 09 ||JG SHORT WaGan.0043E031
0043E028 |. C745 E8 01000>||MOV DWORD PTR SS:[EBP-18],1
0043E02F |. EB 05 ||JMP SHORT WaGan.0043E036
0043E031 |>^ E9 2FFFFFFF |\JMP WaGan.0043DF65
0043E036 |>^ E9 ADFEFFFF \JMP WaGan.0043DEE8
0043E03B |> C645 F0 00 MOV BYTE PTR SS:[EBP-10],0
0043E03F |. EB 09 JMP SHORT WaGan.0043E04A
0043E041 |> 8A55 F0 /MOV DL,BYTE PTR SS:[EBP-10]
0043E044 |. 80C2 01 |ADD DL,1
0043E047 |. 8855 F0 |MOV BYTE PTR SS:[EBP-10],DL
0043E04A |> 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0043E04D |. 25 FF000000 |AND EAX,0FF
0043E052 |. 83F8 44 |CMP EAX,44
0043E055 |. 0F8D 83000000 |JGE WaGan.0043E0DE
0043E05B |. 837D E8 00 |CMP DWORD PTR SS:[EBP-18],0
0043E05F |. 75 7D |JNZ SHORT WaGan.0043E0DE
0043E061 |. 8B4D EC |MOV ECX,DWORD PTR SS:[EBP-14]
0043E064 |. 81E1 FF000000 |AND ECX,0FF
0043E06A |. 51 |PUSH ECX ; /Arg1
0043E06B |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10] ; |
0043E06E |. 81E1 FF000000 |AND ECX,0FF ; |
0043E074 |. 6BC9 46 |IMUL ECX,ECX,46 ; |
0043E077 |. 81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0 ; |
0043E07D |. E8 FEB4FCFF |CALL WaGan.00409580 ; \WaGan.00409580
0043E082 |. 25 FF000000 |AND EAX,0FF
0043E087 |. 85C0 |TEST EAX,EAX
0043E089 |. 74 4E |JE SHORT WaGan.0043E0D9
0043E08B |. 8B55 EC |MOV EDX,DWORD PTR SS:[EBP-14]
0043E08E |. 81E2 FF000000 |AND EDX,0FF
0043E094 |. 52 |PUSH EDX ; /Arg1
0043E095 |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10] ; |
0043E098 |. 81E1 FF000000 |AND ECX,0FF ; |
0043E09E |. 6BC9 46 |IMUL ECX,ECX,46 ; |
0043E0A1 |. 81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0 ; |
0043E0A7 |. E8 D4B4FCFF |CALL WaGan.00409580 ; \WaGan.00409580
0043E0AC |. 8AD8 |MOV BL,AL
0043E0AE |. 81E3 FF000000 |AND EBX,0FF
0043E0B4 |. 8B45 D4 |MOV EAX,DWORD PTR SS:[EBP-2C]
0043E0B7 |. 8B08 |MOV ECX,DWORD PTR DS:[EAX]
0043E0B9 |. 6BC9 48 |IMUL ECX,ECX,48
0043E0BC |. 81C1 0000D600 |ADD ECX,0D60000
0043E0C2 |. E8 0985FCFF |CALL WaGan.004065D0
0043E0C7 |. 25 FF000000 |AND EAX,0FF
0043E0CC |. 3BD8 |CMP EBX,EAX
0043E0CE |. 7F 09 |JG SHORT WaGan.0043E0D9
0043E0D0 |. C745 E8 01000>|MOV DWORD PTR SS:[EBP-18],1
0043E0D7 |. EB 05 |JMP SHORT WaGan.0043E0DE
0043E0D9 |>^ E9 63FFFFFF \JMP WaGan.0043E041
0043E0DE |> 837D E8 00 CMP DWORD PTR SS:[EBP-18],0
0043E0E2 |. 74 0C JE SHORT WaGan.0043E0F0
0043E0E4 |. 6A 01 PUSH 1 ; /Arg1 = 00000001
0043E0E6 |. B9 985E4B00 MOV ECX,WaGan.004B5E98 ; |
0043E0EB |. E8 2070FFFF CALL WaGan.00435110 ; \WaGan.00435110
0043E0F0 |> B9 70074B00 MOV ECX,WaGan.004B0770
0043E0F5 |. E8 F4F8FCFF CALL WaGan.0040D9EE
0043E0FA |. 85C0 TEST EAX,EAX
0043E0FC |. 74 0C JE SHORT WaGan.0043E10A
0043E0FE |. 6A 01 PUSH 1 ; /Arg1 = 00000001
0043E100 |. B9 985E4B00 MOV ECX,WaGan.004B5E98 ; |
0043E105 |. E8 56030000 CALL WaGan.0043E460 ; \WaGan.0043E460
0043E10A |> 6A 01 PUSH 1 ; /Arg1 = 00000001
0043E10C |. B9 985E4B00 MOV ECX,WaGan.004B5E98 ; |
0043E111 |. E8 1A70FFFF CALL WaGan.00435130 ; \WaGan.00435130
0043E116 |> 6A 02 /PUSH 2 ; /Arg1 = 00000002
0043E118 |. 8B4D D4 |MOV ECX,DWORD PTR SS:[EBP-2C] ; |
0043E11B |. E8 D079FEFF |CALL WaGan.00425AF0 ; \WaGan.00425AF0
0043E120 |. 85C0 |TEST EAX,EAX
0043E122 |. 0F85 90000000 |JNZ WaGan.0043E1B8
0043E128 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
0043E12B |. 81E1 FF000000 |AND ECX,0FF
0043E131 |. 81F9 FF000000 |CMP ECX,0FF
0043E137 |. 74 7F |JE SHORT WaGan.0043E1B8
0043E139 |. E8 5C050200 |CALL WaGan.0045E69A 这个地方去读了4B5eBC的值出来了。
0043E13E |. 8845 F4 |MOV BYTE PTR SS:[EBP-C],AL
0043E141 |. 6A 00 |PUSH 0 ; /lParam = 0
0043E143 |. 6A 00 |PUSH 0 ; |wParam = 0
0043E145 |. 68 02020000 |PUSH 202 ; |Message = WM_LBUTTONUP
0043E14A |. 8B15 686A4B00 |MOV EDX,DWORD PTR DS:[4B6A68] ; |
0043E150 |. 52 |PUSH EDX ; |hWnd => NULL
0043E151 |. FF15 F4624800 |CALL DWORD PTR DS:[<&USER32.SendMessageA>] ; \SendMessageA
0043E157 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
0043E15A |. 25 FF000000 |AND EAX,0FF
0043E15F |. 3D FF000000 |CMP EAX,0FF
0043E164 |. 74 4D |JE SHORT WaGan.0043E1B3
0043E166 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
0043E169 |. 81E1 FF000000 |AND ECX,0FF
0043E16F |. 894D D0 |MOV DWORD PTR SS:[EBP-30],ECX
0043E172 |. 8B55 D0 |MOV EDX,DWORD PTR SS:[EBP-30]
0043E175 |. 83EA 01 |SUB EDX,1
0043E178 |. 8955 D0 |MOV DWORD PTR SS:[EBP-30],EDX
0043E17B |. 837D D0 03 |CMP DWORD PTR SS:[EBP-30],3 增加一个消息响应了。
0043E17F |. 77 32 |JA SHORT WaGan.0043E1B3 跳转到要相应的地方
0043E181 |. 8B45 D0 |MOV EAX,DWORD PTR SS:[EBP-30]
0043E184 |. FF2485 63E243>|JMP DWORD PTR DS:[EAX*4+43E263] ; 判断
0043E18B |> 8B4D D4 |MOV ECX,DWORD PTR SS:[EBP-2C]
0043E18E |. E8 47F9FFFF |CALL WaGan.0043DADA ; 攻击
0043E193 |. EB 1E |JMP SHORT WaGan.0043E1B3
0043E195 |> 8B4D D4 |MOV ECX,DWORD PTR SS:[EBP-2C]
0043E198 |. E8 84FAFFFF |CALL WaGan.0043DC21 ; 策略
0043E19D |. EB 14 |JMP SHORT WaGan.0043E1B3
0043E19F |> 8B4D D4 |MOV ECX,DWORD PTR SS:[EBP-2C]
0043E1A2 |. E8 35FBFFFF |CALL WaGan.0043DCDC ; 道具
0043E1A7 |. EB 0A |JMP SHORT WaGan.0043E1B3
0043E1A9 |> 6A 06 |PUSH 6 ; /Arg1 = 00000006
0043E1AB |. 8B4D D4 |MOV ECX,DWORD PTR SS:[EBP-2C] ; |
0043E1AE |. E8 65450000 |CALL WaGan.00442718 ; \WaGan.00442718--待命
0043E1B3 |>^ E9 5EFFFFFF \JMP WaGan.0043E116
0043E1B8 |> 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0043E1BB |. 81E1 FF000000 AND ECX,0FF
0043E1C1 |. 81F9 FF000000 CMP ECX,0FF
0043E1C7 |. 75 53 JNZ SHORT WaGan.0043E21C
0043E1C9 |. 6A 04 PUSH 4 ; /Arg1 = 00000004
0043E1CB |. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C] ; |
0043E1CE |. E8 BD84FCFF CALL WaGan.00406690 ; \WaGan.00406690
0043E1D3 |. 6A 00 PUSH 0 ; /Arg3 = 00000000
0043E1D5 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
0043E1D7 |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8] ; |
0043E1DA |. 52 PUSH EDX ; |Arg1
0043E1DB |. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C] ; |
0043E1DE |. E8 DD6EFFFF CALL WaGan.004350C0 ; \WaGan.004350C0
0043E1E3 |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
0043E1E6 |. 8A4D FC MOV CL,BYTE PTR SS:[EBP-4]
0043E1E9 |. 8848 0F MOV BYTE PTR DS:[EAX+F],CL
0043E1EC |. 8B55 D4 MOV EDX,DWORD PTR SS:[EBP-2C]
0043E1EF |. 33C0 XOR EAX,EAX
0043E1F1 |. 8A42 0F MOV AL,BYTE PTR DS:[EDX+F]
0043E1F4 |. 83F8 01 CMP EAX,1
0043E1F7 |. 75 0C JNZ SHORT WaGan.0043E205
0043E1F9 |. 6A 01 PUSH 1 ; /Arg1 = 00000001
0043E1FB |. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C] ; |
0043E1FE |. E8 311B0000 CALL WaGan.0043FD34 ; \WaGan.0043FD34
0043E203 |. EB 17 JMP SHORT WaGan.0043E21C
0043E205 |> 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
0043E208 |. 33D2 XOR EDX,EDX
0043E20A |. 8A51 0F MOV DL,BYTE PTR DS:[ECX+F]
0043E20D |. 83FA 03 CMP EDX,3
0043E210 |. 75 0A JNZ SHORT WaGan.0043E21C
0043E212 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0043E214 |. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C] ; |
0043E217 |. E8 181B0000 CALL WaGan.0043FD34 ; \WaGan.0043FD34
0043E21C |> 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
0043E21F |. E8 A51A0000 CALL WaGan.0043FCC9
0043E224 |. B9 083D4B00 MOV ECX,WaGan.004B3D08
0043E229 |. E8 5CC60000 CALL WaGan.0044A88A
0043E22E |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0043E231 |. 25 FF000000 AND EAX,0FF
0043E236 |. 3D FF000000 CMP EAX,0FF
0043E23B |. 74 17 JE SHORT WaGan.0043E254
0043E23D |. 6A 02 PUSH 2 ; /Arg1 = 00000002
0043E23F |. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C] ; |
0043E242 |. E8 A978FEFF CALL WaGan.00425AF0 ; \WaGan.00425AF0
0043E247 |. 85C0 TEST EAX,EAX
0043E249 |. 74 09 JE SHORT WaGan.0043E254
0043E24B |. C745 CC 01000>MOV DWORD PTR SS:[EBP-34],1
0043E252 |. EB 07 JMP SHORT WaGan.0043E25B
0043E254 |> C745 CC 00000>MOV DWORD PTR SS:[EBP-34],0
0043E25B |> 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34]
0043E25E |> 5B POP EBX
0043E25F |. 8BE5 MOV ESP,EBP
0043E261 |. 5D POP EBP
0043E262 \. C3 RETN
0043E263 . 8BE14300 DD WaGan.0043E18B ; 分支表 被用于 0043E184
0043E267 . 95E14300 DD WaGan.0043E195
0043E26B . 9FE14300 DD WaGan.0043E19F
0043E26F . A9E14300 DD WaGan.0043E1A9
0045BC05 /$ 55 PUSH EBP
0045BC06 |. 8BEC MOV EBP,ESP
0045BC08 |. 51 PUSH ECX
0045BC09 |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0045BC0C |. A1 686A4B00 MOV EAX,DWORD PTR DS:[4B6A68] 存放句柄的地址
0045BC11 |. 50 PUSH EAX ; /Arg2 => 00000000
0045BC12 |. 68 17010000 PUSH 117 ; |Arg1 = 00000117
0045BC17 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0045BC1A |. E8 79140100 CALL WaGan.0046D098 ; \WaGan.0046D098
0045BC1F |. 8BE5 MOV ESP,EBP
0045BC21 |. 5D POP EBP
0045BC22 \. C3 RETN
0046D098 /$ 55 PUSH EBP
0046D099 |. 8BEC MOV EBP,ESP
0046D09B |. 51 PUSH ECX
0046D09C |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0046D09F |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0046D0A2 |. 50 PUSH EAX ; /lParam
0046D0A3 |. 68 F8D04600 PUSH WaGan.0046D0F8 ; |DlgProc = WaGan.0046D0F8
0046D0A8 |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C] ; |
0046D0AB |. 51 PUSH ECX ; |hOwner
0046D0AC |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8] ; |
0046D0AF |. 81E2 FFFF0000 AND EDX,0FFFF ; |
0046D0B5 |. 52 PUSH EDX ; |pTemplate
0046D0B6 |. A1 606A4B00 MOV EAX,DWORD PTR DS:[4B6A60] ; |
0046D0BB |. 50 PUSH EAX ; |hInst => NULL
0046D0BC |. FF15 A0624800 CALL DWORD PTR DS:[<&USER32.DialogBoxPar>; \DialogBoxParamA
0046D0C2 |. 8BE5 MOV ESP,EBP
0046D0C4 |. 5D POP EBP
0046D0C5 \. C2 0800 RETN 8
//OnCreate函数
0045BADB /$ 55 PUSH EBP
0045BADC |. 8BEC MOV EBP,ESP
0045BADE |. 51 PUSH ECX
0045BADF |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0045BAE2 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0045BAE5 |. 50 PUSH EAX ; /Arg1
0045BAE6 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0045BAE9 |. 83C1 24 ADD ECX,24 ; |
0045BAEC |. E8 5F3B0000 CALL WaGan.0045F650 ; \WaGan.0045F650
0045BAF1 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0045BAF4 |. 83C1 24 ADD ECX,24
0045BAF7 |. E8 BFFEFFFF CALL WaGan.0045B9BB
0045BAFC |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0045BAFF |. C741 40 01000>MOV DWORD PTR DS:[ECX+40],1
0045BB06 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0045BB09 |. 8B42 34 MOV EAX,DWORD PTR DS:[EDX+34]
0045BB0C |. 50 PUSH EAX
0045BB0D |. 68 07050000 PUSH 507 攻击
0045BB12 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0045BB15 |. 83C1 24 ADD ECX,24
0045BB18 |. E8 533B0000 CALL WaGan.0045F670
0045BB1D |. 50 PUSH EAX ; ||hWnd
0045BB1E |. FF15 DC624800 CALL DWORD PTR DS:[<&USER32.GetDlgIte>; |\GetDlgItem CALL DWORD PTR DS:[4862DC]
0045BB24 |. 50 PUSH EAX ; |hWnd
0045BB25 |. FF15 E8624800 CALL DWORD PTR DS:[<&USER32.EnableWin>; \EnableWindow CALL DWORD PTR DS:[4862E8]
0045BB2B |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0045BB2E |. 8B51 38 MOV EDX,DWORD PTR DS:[ECX+38]
0045BB31 |. 52 PUSH EDX
0045BB32 |. 68 08050000 PUSH 508 策略
0045BB37 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0045BB3A |. 83C1 24 ADD ECX,24
0045BB3D |. E8 2E3B0000 CALL WaGan.0045F670
0045BB42 |. 50 PUSH EAX ; ||hWnd
0045BB43 |. FF15 DC624800 CALL DWORD PTR DS:[<&USER32.GetDlgIte>; |\GetDlgItem
0045BB49 |. 50 PUSH EAX ; |hWnd
0045BB4A |. FF15 E8624800 CALL DWORD PTR DS:[<&USER32.EnableWin>; \EnableWindow
0045BB50 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0045BB53 |. 8B48 3C MOV ECX,DWORD PTR DS:[EAX+3C]
0045BB56 |. 51 PUSH ECX
0045BB57 |. 68 09050000 PUSH 509 道具
0045BB5C |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0045BB5F |. 83C1 24 ADD ECX,24
0045BB62 |. E8 093B0000 CALL WaGan.0045F670
0045BB67 |. 50 PUSH EAX ; ||hWnd
0045BB68 |. FF15 DC624800 CALL DWORD PTR DS:[<&USER32.GetDlgIte>; |\GetDlgItem
0045BB6E |. 50 PUSH EAX ; |hWnd
0045BB6F |. FF15 E8624800 CALL DWORD PTR DS:[<&USER32.EnableWin>; \EnableWindow
0045BB75 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0045BB78 |. 8B42 40 MOV EAX,DWORD PTR DS:[EDX+40]
0045BB7B |. 50 PUSH EAX
0045BB7C |. 68 0B050000 PUSH 50B 待命
0045BB81 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0045BB84 |. 83C1 24 ADD ECX,24
0045BB87 |. E8 E43A0000 CALL WaGan.0045F670
0045BB8C |. 50 PUSH EAX ; ||hWnd
0045BB8D |. FF15 DC624800 CALL DWORD PTR DS:[<&USER32.GetDlgIte>; |\GetDlgItem
0045BB93 |. 50 PUSH EAX ; |hWnd
0045BB94 |. FF15 E8624800 CALL DWORD PTR DS:[<&USER32.EnableWin>; \EnableWindow
0045BB9A |. 8BE5 MOV ESP,EBP
0045BB9C |. 5D POP EBP
0045BB9D \. C2 0400 RETN 4
//加载DLL,CmdIction
0040B338 /$ 55 PUSH EBP
0040B339 |. 8BEC MOV EBP,ESP
0040B33B |. 83EC 08 SUB ESP,8
0040B33E |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
0040B341 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0040B344 |. 50 PUSH EAX ; /Arg1
0040B345 |. E8 8ADB0000 CALL WaGan.00418ED4 ; \WaGan.00418ED4
0040B34A |. 83C4 04 ADD ESP,4
0040B34D |. 50 PUSH EAX ; /FileName
0040B34E |. FF15 24614800 CALL DWORD PTR DS:[<&KERNEL32.LoadLibraryA>] ; \LoadLibraryA
0040B354 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0040B357 |. 6A 64 PUSH 64 ; /Arg5 = 00000064
0040B359 |. 8B4D 14 MOV ECX,DWORD PTR SS:[EBP+14] ; |
0040B35C |. 51 PUSH ECX ; |Arg4
0040B35D |. 8B55 10 MOV EDX,DWORD PTR SS:[EBP+10] ; |
0040B360 |. 52 PUSH EDX ; |Arg3
0040B361 |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C] ; |
0040B364 |. 50 PUSH EAX ; |Arg2 = 00000004 这个数字,绝定了是加载四个进来
0040B365 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0040B368 |. 51 PUSH ECX ; |Arg1
0040B369 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0040B36C |. E8 2DFEFFFF CALL WaGan.0040B19E ; \WaGan.0040B19E
0040B371 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
0040B374 |. 8902 MOV DWORD PTR DS:[EDX],EAX
0040B376 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0040B379 |. 50 PUSH EAX ; /hLibModule
0040B37A |. FF15 1C614800 CALL DWORD PTR DS:[<&KERNEL32.FreeLibrary>] ; \FreeLibrary
0040B380 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0040B383 |. 8B01 MOV EAX,DWORD PTR DS:[ECX]
0040B385 |. 8BE5 MOV ESP,EBP
0040B387 |. 5D POP EBP
0040B388 \. C2 1400 RETN 14
//加载DLL图的地方
0040B283 |> /8B45 E0 /MOV EAX,DWORD PTR SS:[EBP-20]
0040B286 |. |83C0 01 |ADD EAX,1
0040B289 |. |8945 E0 |MOV DWORD PTR SS:[EBP-20],EAX
0040B28C |> |8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20]
0040B28F |. |3B4D 0C |CMP ECX,DWORD PTR SS:[EBP+C]这里比较跳出了。
0040B292 |. |7D 7A |JGE SHORT WaGan.0040B30E
0040B294 |. |837D 14 01 |CMP DWORD PTR SS:[EBP+14],1
0040B298 |. |7F 0F |JG SHORT WaGan.0040B2A9
0040B29A |. |8B55 E0 |MOV EDX,DWORD PTR SS:[EBP-20]
0040B29D |. |8B45 14 |MOV EAX,DWORD PTR SS:[EBP+14]
0040B2A0 |. |8D4C50 64 |LEA ECX,DWORD PTR DS:[EAX+EDX*2+64]
0040B2A4 |. |894D B8 |MOV DWORD PTR SS:[EBP-48],ECX
0040B2A7 |. |EB 09 |JMP SHORT WaGan.0040B2B2
0040B2A9 |> |8B55 E0 |MOV EDX,DWORD PTR SS:[EBP-20]
0040B2AC |. |83C2 64 |ADD EDX,64
0040B2AF |. |8955 B8 |MOV DWORD PTR SS:[EBP-48],EDX
0040B2B2 |> |8B45 B8 |MOV EAX,DWORD PTR SS:[EBP-48]
0040B2B5 |. |50 |PUSH EAX ; /Arg2 = 00000065 这个参数就是100,101,102,103
0040B2B6 |. |8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8] ; |
0040B2B9 |. |51 |PUSH ECX ; |Arg1
0040B2BA |. |8D4D C4 |LEA ECX,DWORD PTR SS:[EBP-3C] ; |
0040B2BD |. |E8 5BE4FFFF |CALL WaGan.0040971D ; \WaGan.0040971D
0040B2C2 |. |837D 10 00 |CMP DWORD PTR SS:[EBP+10],0
0040B2C6 |. |74 22 |JE SHORT WaGan.0040B2EA
0040B2C8 |. |6A 00 |PUSH 0 ; /Arg1 = 00000000
0040B2CA |. |8D4D C4 |LEA ECX,DWORD PTR SS:[EBP-3C] ; |
0040B2CD |. |E8 B8F2FFFF |CALL WaGan.0040A58A ; \WaGan.0040A58A
0040B2D2 |. |50 |PUSH EAX
0040B2D3 |. |8D4D C4 |LEA ECX,DWORD PTR SS:[EBP-3C]
0040B2D6 |. |E8 41F2FFFF |CALL WaGan.0040A51C
0040B2DB |. |50 |PUSH EAX ; |hImageBmp
0040B2DC |. |8B55 BC |MOV EDX,DWORD PTR SS:[EBP-44] ; |
0040B2DF |. |8B02 |MOV EAX,DWORD PTR DS:[EDX] ; |
0040B2E1 |. |50 |PUSH EAX ; |hIml
0040B2E2 |. |FF15 10604800 |CALL DWORD PTR DS:[<&COMCTL32.ImageList_Add>] ; \ImageList_Add
0040B2E8 |. |EB 17 |JMP SHORT WaGan.0040B301
0040B2EA |> |6A 00 |PUSH 0
0040B2EC |. |8D4D C4 |LEA ECX,DWORD PTR SS:[EBP-3C]
0040B2EF |. |E8 28F2FFFF |CALL WaGan.0040A51C
0040B2F4 |. |50 |PUSH EAX ; |hImageBmp
0040B2F5 |. |8B4D BC |MOV ECX,DWORD PTR SS:[EBP-44] ; |
0040B2F8 |. |8B11 |MOV EDX,DWORD PTR DS:[ECX] ; |
0040B2FA |. |52 |PUSH EDX ; |hIml
0040B2FB |. |FF15 10604800 |CALL DWORD PTR DS:[<&COMCTL32.ImageList_Add>] ; \ImageList_Add
0040B301 |> |8D4D C4 |LEA ECX,DWORD PTR SS:[EBP-3C]
0040B304 |. |E8 A1E9FFFF |CALL WaGan.00409CAA
0040B309 |.^\E9 75FFFFFF \JMP WaGan.0040B283
0040B30E |> 8B45 BC MOV EAX,DWORD PTR SS:[EBP-44]
0040B311 |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
0040B313 |. 894D C0 MOV DWORD PTR SS:[EBP-40],ECX
0040B316 |. C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0040B31D |. 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
0040B320 |. E8 6B050000 CALL WaGan.0040B890
0040B325 |. 8B45 C0 MOV EAX,DWORD PTR SS:[EBP-40]
0040B328 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0040B32B |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
0040B332 |. 8BE5 MOV ESP,EBP
0040B334 |. 5D POP EBP
0040B335 \. C2 1400 RETN 14
//初始化对话框的代码
0046D2C5 |> \8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] //ECX=4B5E98 ; WaGan.004B5E98
0046D2C8 |. 8B11 MOV EDX,DWORD PTR DS:[ECX] //EDX=4867C8
0046D2CA |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0046D2CD |. FF52 08 CALL DWORD PTR DS:[EDX+8] //46E982,处理光标
0046D2D0 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0046D2D3 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
0046D2D5 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0046D2D8 |. FF52 0C CALL DWORD PTR DS:[EDX+C] //处理Item
0046D2DB |. E9 EA000000 JMP WaGan.0046D3CA
//对话框消息表
0045BC23 /. 55 PUSH EBP
0045BC24 |. 8BEC MOV EBP,ESP
0045BC26 |. 83EC 0C SUB ESP,0C
0045BC29 |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0045BC2C |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0045BC2F |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
0045BC32 |. 817D F8 11010>CMP DWORD PTR SS:[EBP-8],111
0045BC39 |. 74 02 JE SHORT WaGan.0045BC3D
0045BC3B |. EB 62 JMP SHORT WaGan.0045BC9F
0045BC3D |> 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
0045BC40 |. 81E1 FFFF0000 AND ECX,0FFFF
0045BC46 |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
0045BC49 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
0045BC4C |. 81EA 07050000 SUB EDX,507
0045BC52 |. 8955 F4 MOV DWORD PTR SS:[EBP-C],EDX
0045BC55 |. 837D F4 04 CMP DWORD PTR SS:[EBP-C],4
0045BC59 |. 77 44 JA SHORT WaGan.0045BC9F
0045BC5B |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0045BC5E |. FF2485 BCBC45>JMP DWORD PTR DS:[EAX*4+45BCBC] ; WaGan.0045BC9F
0045BCBC 65BC4500 DD WaGan.0045BC65 攻击
0045BCC0 . 74BC4500 DD WaGan.0045BC74 策略
0045BCC4 . 83BC4500 DD WaGan.0045BC83 道具
0045BCC8 . 9FBC4500 DD WaGan.0045BC9F 3—50A就是绝招 这个就定义为5吧
0045BCCC . 92BC4500 DD WaGan.0045BC92 待命
0045BC65 |> 6A 01 PUSH 1 ; /Arg1 = 00000001
0045BC67 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0045BC6A |. 83C1 24 ADD ECX,24 ; |
0045BC6D |. E8 42FEFFFF CALL WaGan.0045BAB4 ; \WaGan.0045BAB4
0045BC72 |. EB 2B JMP SHORT WaGan.0045BC9F
0045BC74 |> 6A 02 PUSH 2 ; /Arg1 = 00000002
0045BC76 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0045BC79 |. 83C1 24 ADD ECX,24 ; |
0045BC7C |. E8 33FEFFFF CALL WaGan.0045BAB4 ; \WaGan.0045BAB4
0045BC81 |. EB 1C JMP SHORT WaGan.0045BC9F
0045BC83 |> 6A 03 PUSH 3 ; /Arg1 = 00000003
0045BC85 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0045BC88 |. 83C1 24 ADD ECX,24 ; |
0045BC8B |. E8 24FEFFFF CALL WaGan.0045BAB4 ; \WaGan.0045BAB4
0045BC90 |. EB 0D JMP SHORT WaGan.0045BC9F
0045BC92 |> 6A 04 PUSH 4 ; /Arg1 = 00000004
0045BC94 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0045BC97 |. 83C1 24 ADD ECX,24 ; |
0045BC9A |. E8 15FEFFFF CALL WaGan.0045BAB4 ; \WaGan.0045BAB4
0045BC9F |> 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+10]
0045BCA2 |. 51 PUSH ECX
0045BCA3 |. 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C]
0045BCA6 |. 52 PUSH EDX
0045BCA7 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0045BCAA |. 50 PUSH EAX
0045BCAB |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0045BCAE |. 8B11 MOV EDX,DWORD PTR DS:[ECX]
0045BCB0 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0045BCB3 |. FF52 04 CALL DWORD PTR DS:[EDX+4]
0045BCB6 |. 8BE5 MOV ESP,EBP
0045BCB8 |. 5D POP EBP
0045BCB9 \. C2 0C00 RETN 0C
///对话框处理函数
0046D0F8 /. 55 PUSH EBP
0046D0F9 |. 8BEC MOV EBP,ESP
0046D0FB |. 6A FF PUSH -1
0046D0FD |. 68 33594800 PUSH WaGan.00485933 ; SE 处理程序安装
0046D102 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
0046D108 |. 50 PUSH EAX
0046D109 |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
0046D110 |. 83EC 14 SUB ESP,14
0046D113 |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
0046D116 |. 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
0046D119 |. 817D E4 10010>CMP DWORD PTR SS:[EBP-1C],110 初始化消息
0046D120 |. 74 02 JE SHORT WaGan.0046D124
0046D122 |. EB 69 JMP SHORT WaGan.0046D18D
0046D124 |> 833D E8684B00>CMP DWORD PTR DS:[4B68E8],0
0046D12B |. 75 44 JNZ SHORT WaGan.0046D171
0046D12D |. 6A 04 PUSH 4
0046D12F |. E8 AC3E0100 CALL WaGan.00480FE0
0046D134 |. 83C4 04 ADD ESP,4
0046D137 |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX
0046D13A |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0046D141 |. 837D EC 00 CMP DWORD PTR SS:[EBP-14],0
0046D145 |. 74 0D JE SHORT WaGan.0046D154
0046D147 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0046D14A |. E8 71E7F9FF CALL WaGan.0040B8C0
0046D14F |. 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX
0046D152 |. EB 07 JMP SHORT WaGan.0046D15B
0046D154 |> C745 E0 00000>MOV DWORD PTR SS:[EBP-20],0
0046D15B |> 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20]
0046D15E |. 894D E8 MOV DWORD PTR SS:[EBP-18],ECX
0046D161 |. C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0046D168 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
0046D16B |. 8915 E8684B00 MOV DWORD PTR DS:[4B68E8],EDX
0046D171 |> 8B45 14 MOV EAX,DWORD PTR SS:[EBP+14]
0046D174 |. 50 PUSH EAX ; /Arg2
0046D175 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
0046D178 |. 51 PUSH ECX ; |Arg1
0046D179 |. 8B0D E8684B00 MOV ECX,DWORD PTR DS:[4B68E8] ; |
0046D17F |. E8 C953FFFF CALL WaGan.0046254D ; \WaGan.0046254D
0046D184 |. 8B55 14 MOV EDX,DWORD PTR SS:[EBP+14]
0046D187 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0046D18A |. 8942 04 MOV DWORD PTR DS:[EDX+4],EAX
0046D18D |> 833D E8684B00>CMP DWORD PTR DS:[4B68E8],0
0046D194 |. 74 2D JE SHORT WaGan.0046D1C3
0046D196 |. 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
0046D199 |. 51 PUSH ECX ; /Arg2
0046D19A |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8] ; |
0046D19D |. 52 PUSH EDX ; |Arg1
0046D19E |. 8B0D E8684B00 MOV ECX,DWORD PTR DS:[4B68E8] ; |
0046D1A4 |. E8 A754FFFF CALL WaGan.00462650 ; \WaGan.00462650
0046D1A9 |. 85C0 TEST EAX,EAX
0046D1AB |. 74 16 JE SHORT WaGan.0046D1C3
0046D1AD |. 8B45 14 MOV EAX,DWORD PTR SS:[EBP+14]
0046D1B0 |. 50 PUSH EAX ; /Arg3
0046D1B1 |. 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+10] ; |
0046D1B4 |. 51 PUSH ECX ; |Arg2
0046D1B5 |. 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C] ; |
0046D1B8 |. 52 PUSH EDX ; |Arg1
0046D1B9 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
0046D1BC |. E8 6D000000 CALL WaGan.0046D22E ; \WaGan.0046D22E 处理消息的函数
0046D1C1 |. EB 02 JMP SHORT WaGan.0046D1C5
0046D1C3 |> 33C0 XOR EAX,EAX
0046D1C5 |> 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0046D1C8 |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
0046D1CF |. 8BE5 MOV ESP,EBP
0046D1D1 |. 5D POP EBP
0046D1D2 \. C2 1000 RETN 10
点策略的响应函数
0046EAFC /$ 55 PUSH EBP
0046EAFD |. 8BEC MOV EBP,ESP
0046EAFF |. 51 PUSH ECX
0046EB00 |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0046EB03 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0046EB06 |. 50 PUSH EAX ; /Arg2
0046EB07 |. 68 1A010000 PUSH 11A ; |Arg1 = 0000011A
0046EB0C |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0046EB0F |. E8 84E5FFFF CALL WaGan.0046D098 ; \WaGan.0046D098
0046EB14 |. 8BE5 MOV ESP,EBP
0046EB16 |. 5D POP EBP
0046EB17 \. C2 0400 RETN 4
点道具的响应处
0043DCDC /$ 55 PUSH EBP
0043DCDD |. 8BEC MOV EBP,ESP
0043DCDF |. 83EC 0C SUB ESP,0C
0043DCE2 |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
0043DCE5 |. C645 FC FF MOV BYTE PTR SS:[EBP-4],0FF
0043DCE9 |> 6A 02 /PUSH 2 ; /Arg1 = 00000002
0043DCEB |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DCEE |. E8 FD7DFEFF |CALL WaGan.00425AF0 ; \WaGan.00425AF0
0043DCF3 |. 85C0 |TEST EAX,EAX
0043DCF5 |. 75 30 |JNZ SHORT WaGan.0043DD27
0043DCF7 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
0043DCFA |. 50 |PUSH EAX ; /Arg1
0043DCFB |. E8 2B000000 |CALL WaGan.0043DD2B ; \WaGan.0043DD2B 消息响应函数
0043DD00 |. 83C4 04 |ADD ESP,4
0043DD03 |. 8845 F8 |MOV BYTE PTR SS:[EBP-8],AL
0043DD06 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
0043DD09 |. 81E1 FF000000 |AND ECX,0FF
0043DD0F |. 81F9 FF000000 |CMP ECX,0FF
0043DD15 |. 75 02 |JNZ SHORT WaGan.0043DD19
0043DD17 |. EB 0E |JMP SHORT WaGan.0043DD27
0043DD19 |> 8A55 F8 |MOV DL,BYTE PTR SS:[EBP-8]
0043DD1C |. 52 |PUSH EDX ; /Arg1
0043DD1D |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DD20 |. E8 83000000 |CALL WaGan.0043DDA8 ; \WaGan.0043DDA8
0043DD25 |.^ EB C2 \JMP SHORT WaGan.0043DCE9
0043DD27 |> 8BE5 MOV ESP,EBP
0043DD29 |. 5D POP EBP
0043DD2A \. C3 RETN
0043DD2B /$ 55 PUSH EBP
0043DD2C |. 8BEC MOV EBP,ESP
0043DD2E |. 6A FF PUSH -1
0043DD30 |. 68 E2534800 PUSH WaGan.004853E2 ; SE 处理程序安装
0043DD35 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
0043DD3B |. 50 PUSH EAX
0043DD3C |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
0043DD43 |. 81EC 04010000 SUB ESP,104
0043DD49 |. 8D8D F4FEFFFF LEA ECX,DWORD PTR SS:[EBP-10C]
0043DD4F |. E8 EC050000 CALL WaGan.0043E340
0043DD54 |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0043DD5B |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0043DD5E |. 50 PUSH EAX ; /Arg1
0043DD5F |. 8D8D F4FEFFFF LEA ECX,DWORD PTR SS:[EBP-10C] ; |
0043DD65 |. E8 A64C0300 CALL WaGan.00472A10 ; \WaGan.00472A10
0043DD6A |. 8B0D 686A4B00 MOV ECX,DWORD PTR DS:[4B6A68]
0043DD70 |. 51 PUSH ECX ; /Arg1 => 00000000
0043DD71 |. 8D8D F4FEFFFF LEA ECX,DWORD PTR SS:[EBP-10C] ; |
0043DD77 |. E8 2D0E0300 CALL WaGan.0046EBA9 ; \WaGan.0046EBA9
0043DD7C |. 8985 F0FEFFFF MOV DWORD PTR SS:[EBP-110],EAX
0043DD82 |. C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0043DD89 |. 8D8D F4FEFFFF LEA ECX,DWORD PTR SS:[EBP-10C]
0043DD8F |. E8 0C060000 CALL WaGan.0043E3A0
0043DD94 |. 8B85 F0FEFFFF MOV EAX,DWORD PTR SS:[EBP-110]
0043DD9A |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0043DD9D |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
0043DDA4 |. 8BE5 MOV ESP,EBP
0043DDA6 |. 5D POP EBP
0043DDA7 \. C3 RETN
0046EBA9 /$ 55 PUSH EBP
0046EBAA |. 8BEC MOV EBP,ESP
0046EBAC |. 51 PUSH ECX
0046EBAD |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0046EBB0 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0046EBB3 |. 50 PUSH EAX ; /Arg2
0046EBB4 |. 68 F2000000 PUSH 0F2 ; |Arg1 = 000000F2 对话框编号
0046EBB9 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0046EBBC |. E8 D7E4FFFF CALL WaGan.0046D098 ; \WaGan.0046D098
0046EBC1 |. 8BE5 MOV ESP,EBP
0046EBC3 |. 5D POP EBP
0046EBC4 \. C2 0400 RETN 4
0045BD05 /. 55 PUSH EBP
0045BD06 |. 8BEC MOV EBP,ESP
0045BD08 |. 83EC 14 SUB ESP,14
0045BD0B |. 894D F0 MOV DWORD PTR SS:[EBP-10],ECX
0045BD0E |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
0045BD11 |. 50 PUSH EAX ; /hWnd
0045BD12 |. FF15 94634800 CALL DWORD PTR DS:[<&USER32.GetDlgCtrlID>>; \GetDlgCtrlID
0045BD18 |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX
0045BD1B |. 817D EC 07050>CMP DWORD PTR SS:[EBP-14],507
0045BD22 |. 7F 11 JG SHORT WaGan.0045BD35
0045BD24 |. 817D EC 07050>CMP DWORD PTR SS:[EBP-14],507
0045BD2B |. 74 25 JE SHORT WaGan.0045BD52
0045BD2D |. 837D EC 02 CMP DWORD PTR SS:[EBP-14],2
0045BD31 |. 74 43 JE SHORT WaGan.0045BD76
0045BD33 |. EB 59 JMP SHORT WaGan.0045BD8E
0045BD35 |> 817D EC 08050>CMP DWORD PTR SS:[EBP-14],508
0045BD3C |. 74 1D JE SHORT WaGan.0045BD5B
0045BD3E |. 817D EC 09050>CMP DWORD PTR SS:[EBP-14],509
0045BD45 |. 74 1D JE SHORT WaGan.0045BD64
0045BD47 |. 817D EC 0B050>CMP DWORD PTR SS:[EBP-14],50B
0045BD4E |. 74 1D JE SHORT WaGan.0045BD6D
0045BD50 |. EB 3C JMP SHORT WaGan.0045BD8E
0045BD52 |> C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0045BD59 |. EB 33 JMP SHORT WaGan.0045BD8E
0045BD5B |> C745 F4 01000>MOV DWORD PTR SS:[EBP-C],1
0045BD62 |. EB 2A JMP SHORT WaGan.0045BD8E
0045BD64 |> C745 F4 02000>MOV DWORD PTR SS:[EBP-C],2
0045BD6B |. EB 21 JMP SHORT WaGan.0045BD8E
0045BD6D |> C745 F4 03000>MOV DWORD PTR SS:[EBP-C],3
0045BD74 |. EB 18 JMP SHORT WaGan.0045BD8E
0045BD76 |> 6A 00 PUSH 0 ; /Arg5 = 00000000
0045BD78 |. 6A 00 PUSH 0 ; |Arg4 = 00000000
0045BD7A |. 6A 01 PUSH 1 ; |Arg3 = 00000001
0045BD7C |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C] ; |
0045BD7F |. 51 PUSH ECX ; |Arg2
0045BD80 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8] ; |
0045BD83 |. 52 PUSH EDX ; |Arg1
0045BD84 |. E8 F85B0100 CALL WaGan.00471981 ; \WaGan.00471981
0045BD89 |. 83C4 14 ADD ESP,14
0045BD8C |. EB 2F JMP SHORT WaGan.0045BDBD
0045BD8E |> 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0045BD91 |. 50 PUSH EAX
0045BD92 |. B9 1C2E4900 MOV ECX,WaGan.00492E1C
0045BD97 |. E8 D4380000 CALL WaGan.0045F670
0045BD9C |. 50 PUSH EAX ; |Arg1
0045BD9D |. 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-8] ; |
0045BDA0 |. E8 99F9FAFF CALL WaGan.0040B73E ; \WaGan.0040B73E
0045BDA5 |. 6A 00 PUSH 0 ; /Arg5 = 00000000
0045BDA7 |. 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-8] ; |
0045BDAA |. 51 PUSH ECX ; |Arg4
0045BDAB |. 6A 01 PUSH 1 ; |Arg3 = 00000001
0045BDAD |. 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C] ; |
0045BDB0 |. 52 PUSH EDX ; |Arg2
0045BDB1 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; |
0045BDB4 |. 50 PUSH EAX ; |Arg1
0045BDB5 |. E8 C75B0100 CALL WaGan.00471981 ; \WaGan.00471981
0045BDBA |. 83C4 14 ADD ESP,14
0045BDBD |> 8BE5 MOV ESP,EBP
0045BDBF |. 5D POP EBP
0045BDC0 \. C2 0800 RETN 8
作者:
岱瀛 时间: 2007-12-30 21:28 标题: 剧本指令调用解析
内存: 492F90处
492F90+C处,是当前剧本指令指针 (一个一个读) 0x492F9C 改这个值就对了。
492F90+20处,是当前剧本指针 (C00650)
如何改:剧本传入的字节数+[492FB0]就对了
004D002 55 PUSH EBP
004D002F 8BEC MOV EBP,ESP
004D1013 6A 02 PUSH 前缀
004D1015 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
004D1018 E8 DA73F4FF CALL WaGan.004183F7
CMP EAX,80000000
JNZ SHORT A:
Jmp 结束处
A: add eax,dword ptr ds:[ 492F9C]
MOV DWORD PTR DS:[492F9C],EAX
004D0031 A1 B02F4900 MOV EAX,DWORD PTR DS:[492FB0]
004D0036 83C0 37 ADD EAX,37
004D0039 A3 9C2F4900 MOV DWORD PTR DS:[492F9C],EAX
004D003E B8 01000000 MOV EAX,1
004D0043 8BE5 MOV ESP,EBP
004D0045 5D POP EBP
004D0046 C3 RETN
0040BBA8 /$ 55 PUSH EBP
0040BBA9 |. 8BEC MOV EBP,ESP
0040BBAB |> A1 9CBF4A00 /MOV EAX,DWORD PTR DS:[4ABF9C]
0040BBB0 |. 83E0 6E |AND EAX,6E
0040BBB3 |. 85C0 |TEST EAX,EAX
0040BBB5 |. 75 17 |JNZ SHORT WaGan.0040BBCE
0040BBB7 |. 833D 9CBF4A00>|CMP DWORD PTR DS:[4ABF9C],2
0040BBBE |. 74 0C |JE SHORT WaGan.0040BBCC
0040BBC0 |. 6A 00 |PUSH 0 ; /Arg1 = 00000000
0040BBC2 |. B9 902F4900 |MOV ECX,WaGan.00492F90 ; |
0040BBC7 |. E8 F5C40000 |CALL WaGan.004180C1 ; \WaGan.004180C1
0040BBCC |>^ EB DD \JMP SHORT WaGan.0040BBAB
0040BBCE |> 5D POP EBP
0040BBCF \. C3 RETN
004105A8 /$ 55 PUSH EBP
004105A9 |. 8BEC MOV EBP,ESP
004105AB |. 83EC 2C SUB ESP,2C
004105AE |. 894D E4 MOV DWORD PTR SS:[EBP-1C],ECX
004105B1 |. C745 F8 01000>MOV DWORD PTR SS:[EBP-8],1
004105B8 |. C745 EC 00000>MOV DWORD PTR SS:[EBP-14],0
004105BF |. C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
004105C6 |. C745 FC 03000>MOV DWORD PTR SS:[EBP-4],3
004105CD |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
004105D0 |. 8B48 14 MOV ECX,DWORD PTR DS:[EAX+14]
004105D3 |. 3B4D 08 CMP ECX,DWORD PTR SS:[EBP+8]
004105D6 |. 7E 0C JLE SHORT WaGan.004105E4
004105D8 |. C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
004105DF |. E9 1F020000 JMP WaGan.00410803
004105E4 |> 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
004105E7 |. C742 14 FFFFF>MOV DWORD PTR DS:[EDX+14],-1
004105EE |> 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
004105F1 |. 8378 34 00 CMP DWORD PTR DS:[EAX+34],0
004105F5 |. 74 0C JE SHORT WaGan.00410603
004105F7 |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
004105FA |. E8 E3F6FFFF CALL WaGan.0040FCE2
004105FF |. 66:8945 E8 MOV WORD PTR SS:[EBP-18],AX
00410603 |> 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
00410606 |. 8B11 MOV EDX,DWORD PTR DS:[ECX]
00410608 |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
0041060B |. FF52 10 CALL DWORD PTR DS:[EDX+10]
0041060E |. 66:8945 F0 MOV WORD PTR SS:[EBP-10],AX
00410612 |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
00410615 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
00410617 |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
0041061A |. FF52 08 CALL DWORD PTR DS:[EDX+8]
0041061D |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00410620 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00410623 |. 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX
00410626 |. 837D E0 09 CMP DWORD PTR SS:[EBP-20],9
0041062A |. 0F87 29010000 JA WaGan.00410759 大于9的返回值 基本上等于是有问题的了
00410630 |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20]
00410633 |. FF248D 0E0841>JMP DWORD PTR DS:[ECX*4+41080E]
0041080E . 3A064100 DD WaGan.0041063A 00 条件不成立eax
00410812 . 3F064100 DD WaGan.0041063F 01 条件成立
00410816 . 44064100 DD WaGan.00410644 02
0041081A . 62064100 DD WaGan.00410662 03 00指令
0041081E . 67064100 DD WaGan.00410667 04 01指令
00410822 . 3C074100 DD WaGan.0041073C 05 重新来
00410826 . 59074100 DD WaGan.00410759 06 else
0041082A . 33074100 DD WaGan.00410733 07
0041082E . 46074100 DD WaGan.00410746 08
00410832 . 50074100 DD WaGan.00410750 09
0041063A |> E9 24010000 JMP WaGan.00410763
0041063F |> E9 1F010000 JMP WaGan.00410763
00410644 |> 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
00410647 |. 66:8B45 F0 MOV AX,WORD PTR SS:[EBP-10]
0041064B |. 66:8942 10 MOV WORD PTR DS:[EDX+10],AX
0041064F |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
00410652 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
00410655 |. 8951 14 MOV DWORD PTR DS:[ECX+14],EDX
00410658 |. B8 02000000 MOV EAX,2
0041065D |. E9 A6010000 JMP WaGan.00410808 结束
03的返回处,结束指令
00410662 |> E9 FC000000 JMP WaGan.00410763
00410667 |> 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
0041066A |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
0041066C |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
0041066F |. FF52 08 CALL DWORD PTR DS:[EDX+8]
00410672 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00410675 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00410678 |. 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
0041067B |. 837D DC 00 CMP DWORD PTR SS:[EBP-24],0
0041067F |. 74 0E JE SHORT WaGan.0041068F
00410681 |. 837D DC 01 CMP DWORD PTR SS:[EBP-24],1
00410685 |. 74 11 JE SHORT WaGan.00410698
00410687 |. 837D DC 05 CMP DWORD PTR SS:[EBP-24],5
0041068B |. 74 14 JE SHORT WaGan.004106A1
0041068D |. EB 1C JMP SHORT WaGan.004106AB
0041068F |> C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00410696 |. EB 13 JMP SHORT WaGan.004106AB
00410698 |> C745 F8 01000>MOV DWORD PTR SS:[EBP-8],1
0041069F |. EB 0A JMP SHORT WaGan.004106AB
004106A1 |> B8 01000000 MOV EAX,1
004106A6 |. E9 5D010000 JMP WaGan.00410808 结束重读
004106AB |> 837D FC 06 CMP DWORD PTR SS:[EBP-4],6
004106AF |. 75 06 JNZ SHORT WaGan.004106B7
004106B1 |. 837D F8 00 CMP DWORD PTR SS:[EBP-8],0
004106B5 |. 74 0F JE SHORT WaGan.004106C6
004106B7 |> 837D FC 01 CMP DWORD PTR SS:[EBP-4],1
004106BB |. 74 09 JE SHORT WaGan.004106C6
004106BD |. C745 D8 00000>MOV DWORD PTR SS:[EBP-28],0
004106C4 |. EB 07 JMP SHORT WaGan.004106CD
004106C6 |> C745 D8 01000>MOV DWORD PTR SS:[EBP-28],1
004106CD |> 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
004106D0 |. 83C1 01 ADD ECX,1
004106D3 |. 51 PUSH ECX ; /Arg2
004106D4 |. 8B55 D8 MOV EDX,DWORD PTR SS:[EBP-28] ; |
004106D7 |. 52 PUSH EDX ; |Arg1
004106D8 |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C] ; |
004106DB |. E8 6E010000 CALL WaGan.0041084E ; \WaGan.0041084E
004106E0 |. 8945 D4 MOV DWORD PTR SS:[EBP-2C],EAX
004106E3 |. 837D D4 05 CMP DWORD PTR SS:[EBP-2C],5
004106E7 |. 77 3E JA SHORT WaGan.00410727
004106E9 |. 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
004106EC |. FF2485 360841>JMP DWORD PTR DS:[EAX*4+410836]
004106F3 |> EB 3C JMP SHORT WaGan.00410731
004106F5 |> B8 01000000 MOV EAX,1
004106FA |. E9 09010000 JMP WaGan.00410808
004106FF |> B8 02000000 MOV EAX,2
00410704 |. E9 FF000000 JMP WaGan.00410808
00410709 |> B8 03000000 MOV EAX,3
0041070E |. E9 F5000000 JMP WaGan.00410808
00410713 |> B8 04000000 MOV EAX,4
00410718 |. E9 EB000000 JMP WaGan.00410808
0041071D |> B8 05000000 MOV EAX,5
00410722 |. E9 E1000000 JMP WaGan.00410808
00410727 |> B8 01000000 MOV EAX,1
0041072C |. E9 D7000000 JMP WaGan.00410808
00410731 |> EB 30 JMP SHORT WaGan.00410763
00410733 |> C745 EC 01000>MOV DWORD PTR SS:[EBP-14],1
0041073A |. EB 27 JMP SHORT WaGan.00410763
0041073C |> B8 01000000 MOV EAX,1
00410741 |. E9 C2000000 JMP WaGan.00410808 出错,重新来过
00410746 |> B8 05000000 MOV EAX,5
0041074B |. E9 B8000000 JMP WaGan.00410808 08返回的处理
00410750 |> C745 F4 01000>MOV DWORD PTR SS:[EBP-C],1
00410757 |. EB 0A JMP SHORT WaGan.00410763 09的返回处理
00410759 |> B8 01000000 MOV EAX,1 else的处理
0041075E |. E9 A5000000 JMP WaGan.00410808
测试指令
00410763 |> 837D FC 03 CMP DWORD PTR SS:[EBP-4],3
00410767 |.^ 0F85 81FEFFFF JNZ WaGan.004105EE
0041076D |. 837D EC 00 CMP DWORD PTR SS:[EBP-14],0
00410771 |. 75 13 JNZ SHORT WaGan.00410786
00410773 |. 837D 08 00 CMP DWORD PTR SS:[EBP+8],0
00410777 |. 75 4E JNZ SHORT WaGan.004107C7
00410779 |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
0041077C |. E8 0F020000 CALL WaGan.00410990
00410781 |. 83F8 01 CMP EAX,1
00410784 |. 75 41 JNZ SHORT WaGan.004107C7
00410786 |> 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
00410789 |. 8B51 04 MOV EDX,DWORD PTR DS:[ECX+4]
0041078C |. 83C2 01 ADD EDX,1
0041078F |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
00410792 |. 8950 04 MOV DWORD PTR DS:[EAX+4],EDX
00410795 |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
00410798 |. C741 08 00000>MOV DWORD PTR DS:[ECX+8],0
0041079F |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
004107A2 |. E8 E0F4FFFF CALL WaGan.0040FC87
004107A7 |. 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
004107AA |. 3942 04 CMP DWORD PTR DS:[EDX+4],EAX
004107AD |. 7C 11 JL SHORT WaGan.004107C0
004107AF |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
004107B2 |. C740 28 00000>MOV DWORD PTR DS:[EAX+28],0
004107B9 |. B8 04000000 MOV EAX,4
004107BE |. EB 48 JMP SHORT WaGan.00410808
004107C0 |> B8 03000000 MOV EAX,3
004107C5 |. EB 41 JMP SHORT WaGan.00410808
004107C7 |> 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
004107CA |. E8 B8F4FFFF CALL WaGan.0040FC87
004107CF |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
004107D2 |. 3941 04 CMP DWORD PTR DS:[ECX+4],EAX
004107D5 |. 7C 11 JL SHORT WaGan.004107E8
004107D7 |. 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
004107DA |. C742 28 00000>MOV DWORD PTR DS:[EDX+28],0
004107E1 |. B8 04000000 MOV EAX,4
004107E6 |. EB 20 JMP SHORT WaGan.00410808
004107E8 |> 837D F4 00 CMP DWORD PTR SS:[EBP-C],0
004107EC |. 74 11 JE SHORT WaGan.004107FF
004107EE |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
004107F1 |. C740 28 00000>MOV DWORD PTR DS:[EAX+28],0
004107F8 |. B8 04000000 MOV EAX,4
004107FD |. EB 09 JMP SHORT WaGan.00410808
004107FF |> 33C0 XOR EAX,EAX
00410801 |. EB 05 JMP SHORT WaGan.00410808
00410803 |>^ E9 A3FEFFFF JMP WaGan.004106AB
00410808 |> 8BE5 MOV ESP,EBP
0041080A |. 5D POP EBP
0041080B \. C2 0400 RETN 4
00410836 . F3064100 DD WaGan.004106F3 ; 分支表 被用于 004106EC
0041083A . F5064100 DD WaGan.004106F5
0041083E . FF064100 DD WaGan.004106FF
00410842 . 09074100 DD WaGan.00410709
00410846 . 13074100 DD WaGan.00410713
0041084A . 1D074100 DD WaGan.0041071D
004100A1 /$ 55 PUSH EBP
004100A2 |. 8BEC MOV EBP,ESP
004100A4 |. 6A FF PUSH -1
004100A6 |. 68 C9504800 PUSH WaGan.004850C9 ; SE 处理程序安装
004100AB |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
004100B1 |. 50 PUSH EAX
004100B2 |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
004100B9 |. 83EC 34 SUB ESP,34
004100BC |. 894D C0 MOV DWORD PTR SS:[EBP-40],ECX
004100BF |. 8B45 C0 MOV EAX,DWORD PTR SS:[EBP-40]
004100C2 |. 33C9 XOR ECX,ECX
004100C4 |. 66:8B48 10 MOV CX,WORD PTR DS:[EAX+10]
004100C8 |. 81F9 FFFF0000 CMP ECX,0FFFF
004100CE |. 74 29 JE SHORT WaGan.004100F9
004100D0 |. 8B55 C0 MOV EDX,DWORD PTR SS:[EBP-40]
004100D3 |. 8B02 MOV EAX,DWORD PTR DS:[EDX]
004100D5 |. 8B4D C0 MOV ECX,DWORD PTR SS:[EBP-40]
004100D8 |. FF50 0C CALL DWORD PTR DS:[EAX+C]
004100DB |. 85C0 TEST EAX,EAX
004100DD |. 74 07 JE SHORT WaGan.004100E6
004100DF |. 33C0 XOR EAX,EAX
004100E1 |. E9 48010000 JMP WaGan.0041022E
004100E6 |> 8B4D C0 MOV ECX,DWORD PTR SS:[EBP-40]
004100E9 |. 66:C741 10 FF>MOV WORD PTR DS:[ECX+10],0FFFF
004100EF |. B8 01000000 MOV EAX,1
004100F4 |. E9 35010000 JMP WaGan.0041022E
004100F9 |> 8B4D C0 MOV ECX,DWORD PTR SS:[EBP-40]
004100FC |. E8 4F080000 CALL WaGan.00410950
00410101 |. 85C0 TEST EAX,EAX
00410103 |. 75 07 JNZ SHORT WaGan.0041010C
00410105 |. 33C0 XOR EAX,EAX
00410107 |. E9 22010000 JMP WaGan.0041022E
0041010C |> 8B4D C0 MOV ECX,DWORD PTR SS:[EBP-40]
0041010F |. E8 5C080000 CALL WaGan.00410970
00410114 |. 85C0 TEST EAX,EAX
00410116 |. 74 07 JE SHORT WaGan.0041011F
00410118 |. 33C0 XOR EAX,EAX
0041011A |. E9 0F010000 JMP WaGan.0041022E
0041011F |> 8B4D C0 MOV ECX,DWORD PTR SS:[EBP-40]
00410122 |. E8 51FAFFFF CALL WaGan.0040FB78
00410127 |. 8B4D C0 MOV ECX,DWORD PTR SS:[EBP-40]
0041012A |. E8 B3FBFFFF CALL WaGan.0040FCE2
0041012F |. 25 FFFF0000 AND EAX,0FFFF
00410134 |. 8B55 C0 MOV EDX,DWORD PTR SS:[EBP-40]
00410137 |. 8942 24 MOV DWORD PTR DS:[EDX+24],EAX
0041013A |. 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
0041013D |. E8 CE070000 CALL WaGan.00410910
00410142 |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
00410149 |. C745 DC 00000>MOV DWORD PTR SS:[EBP-24],0
00410150 |. EB 09 JMP SHORT WaGan.0041015B
00410152 |> 8B45 DC /MOV EAX,DWORD PTR SS:[EBP-24]
00410155 |. 83C0 01 |ADD EAX,1
00410158 |. 8945 DC |MOV DWORD PTR SS:[EBP-24],EAX
0041015B |> 8B4D C0 MOV ECX,DWORD PTR SS:[EBP-40]
0041015E |. 8B55 DC |MOV EDX,DWORD PTR SS:[EBP-24]
00410161 |. 3B51 24 |CMP EDX,DWORD PTR DS:[ECX+24]
00410164 |. 7D 7C |JGE SHORT WaGan.004101E2
00410166 |. 8B45 DC |MOV EAX,DWORD PTR SS:[EBP-24]
00410169 |. 50 |PUSH EAX ; /Arg1
0041016A |. 8B4D C0 |MOV ECX,DWORD PTR SS:[EBP-40] ; |
0041016D |. E8 37FAFFFF |CALL WaGan.0040FBA9 ; \WaGan.0040FBA9
00410172 |. 8B4D C0 |MOV ECX,DWORD PTR SS:[EBP-40]
00410175 |. 8379 34 00 |CMP DWORD PTR DS:[ECX+34],0
00410179 |. 74 0C |JE SHORT WaGan.00410187
0041017B |. 8B4D C0 |MOV ECX,DWORD PTR SS:[EBP-40]
0041017E |. E8 5FFBFFFF |CALL WaGan.0040FCE2
00410183 |. 66:8945 D8 |MOV WORD PTR SS:[EBP-28],AX
00410187 |> 8B4D C0 |MOV ECX,DWORD PTR SS:[EBP-40]
0041018A |. E8 53FBFFFF |CALL WaGan.0040FCE2
0041018F |. 66:8945 D0 |MOV WORD PTR SS:[EBP-30],AX
00410193 |. C745 D4 01000>|MOV DWORD PTR SS:[EBP-2C],1
0041019A |> 8B55 C0 |/MOV EDX,DWORD PTR SS:[EBP-40]
0041019D |. 8B02 ||MOV EAX,DWORD PTR DS:[EDX]
0041019F |. 8B4D C0 ||MOV ECX,DWORD PTR SS:[EBP-40]
004101A2 |. FF50 08 ||CALL DWORD PTR DS:[EAX+8] 这里调用解析剧本指令
004101A5 |. 8945 CC ||MOV DWORD PTR SS:[EBP-34],EAX
004101A8 |. 837D CC 01 ||CMP DWORD PTR SS:[EBP-34],1 返回1
004101AC |. 74 06 ||JE SHORT WaGan.004101B4
004101AE |. 837D CC 00 ||CMP DWORD PTR SS:[EBP-34],0 返回0
004101B2 |. 75 11 ||JNZ SHORT WaGan.004101C5
004101B4 |> 33C9 ||XOR ECX,ECX 0或者1都到这里
004101B6 |. 837D CC 01 ||CMP DWORD PTR SS:[EBP-34],1
004101BA |. 0F94C1 ||SETE CL
004101BD |. 8B55 D4 ||MOV EDX,DWORD PTR SS:[EBP-2C]
004101C0 |. 23D1 ||AND EDX,ECX
004101C2 |. 8955 D4 ||MOV DWORD PTR SS:[EBP-2C],EDX
004101C5 |> 837D CC 03 ||CMP DWORD PTR SS:[EBP-34],3
004101C9 |.^ 75 CF |\JNZ SHORT WaGan.0041019A 这里是非3的处理
004101CB |. 837D D4 00 |CMP DWORD PTR SS:[EBP-2C],0
004101CF |. 74 0C |JE SHORT WaGan.004101DD
004101D1 |. 8D45 E0 |LEA EAX,DWORD PTR SS:[EBP-20]
004101D4 |. 50 |PUSH EAX ; /Arg1
004101D5 |. 8B4D C0 |MOV ECX,DWORD PTR SS:[EBP-40] ; |
004101D8 |. E8 89FAFFFF |CALL WaGan.0040FC66 ; \WaGan.0040FC66
004101DD |>^ E9 70FFFFFF \JMP WaGan.00410152
004101E2 |> 837D E0 00 CMP DWORD PTR SS:[EBP-20],0
004101E6 |. 7C 2D JL SHORT WaGan.00410215
004101E8 |. 837D E4 00 CMP DWORD PTR SS:[EBP-1C],0
004101EC |. 7C 27 JL SHORT WaGan.00410215
004101EE |. 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
004101F1 |. 51 PUSH ECX ; /Arg1
004101F2 |. 8B4D C0 MOV ECX,DWORD PTR SS:[EBP-40] ; |
004101F5 |. E8 20FAFFFF CALL WaGan.0040FC1A ; \WaGan.0040FC1A
004101FA |. C745 C8 01000>MOV DWORD PTR SS:[EBP-38],1
00410201 |. C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
00410208 |. 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
0041020B |. E8 00B30100 CALL WaGan.0042B510
00410210 |. 8B45 C8 MOV EAX,DWORD PTR SS:[EBP-38]
00410213 |. EB 19 JMP SHORT WaGan.0041022E
00410215 |> C745 C4 00000>MOV DWORD PTR SS:[EBP-3C],0
0041021C |. C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
00410223 |. 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
00410226 |. E8 E5B20100 CALL WaGan.0042B510
0041022B |. 8B45 C4 MOV EAX,DWORD PTR SS:[EBP-3C]
0041022E |> 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
00410231 |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
00410238 |. 8BE5 MOV ESP,EBP
0041023A |. 5D POP EBP
0041023B \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:29 标题: 剧本参数解析函数
参数:
Ecx:
08栈:
局部变量:
-4
-8
-C
-10
-14
-18
004183F7 /$ 55 PUSH EBP
004183F8 |. 8BEC MOV EBP,ESP
004183FA |. 83EC 18 SUB ESP,18
004183FD |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
00418400 |. 837D 08 01 CMP DWORD PTR SS:[EBP+8],1
00418404 |. 75 12 JNZ SHORT WaGan.00418418
00418406 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
00418409 |. E8 D478FFFF CALL WaGan.0040FCE2
0041840E |. 25 FFFF0000 AND EAX,0FFFF
00418413 |. E9 94000000 JMP WaGan.004184AC 结束
00418418 |> C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0041841F |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
00418422 |. E8 BB78FFFF CALL WaGan.0040FCE2 这个是读剧本内容
00418427 |. 25 FFFF0000 AND EAX,0FFFF
0041842C |. 3B45 08 CMP EAX,DWORD PTR SS:[EBP+8]
0041842F |. 74 07 JE SHORT WaGan.00418438
00418431 |. C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1 有错误
00418438 |> 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0041843B |. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
0041843E |. 837D F4 04 CMP DWORD PTR SS:[EBP-C],4 数字,四字节
00418442 |. 74 08 JE SHORT WaGan.0041844C
00418444 |. 837D F4 05 CMP DWORD PTR SS:[EBP-C],5 字符传
00418448 |. 74 21 JE SHORT WaGan.0041846B
0041844A |. EB 3E JMP SHORT WaGan.0041848A
数字参数四字节处理
0041844C |> 837D FC 00 CMP DWORD PTR SS:[EBP-4],0
00418450 |. 74 09 JE SHORT WaGan.0041845B
00418452 |. C745 F0 00000>MOV DWORD PTR SS:[EBP-10],80000000
00418459 |. EB 0B JMP SHORT WaGan.00418466
0041845B |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0041845E |. E8 B778FFFF CALL WaGan.0040FD1A
00418463 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
00418466 |> 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
00418469 |. EB 41 JMP SHORT WaGan.004184AC
字符串处理
0041846B |> 837D FC 00 CMP DWORD PTR SS:[EBP-4],0
0041846F |. 74 09 JE SHORT WaGan.0041847A
00418471 |. C745 EC 00000>MOV DWORD PTR SS:[EBP-14],80000000
00418478 |. EB 0B JMP SHORT WaGan.00418485
0041847A |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0041847D |. E8 C878FFFF CALL WaGan.0040FD4A
00418482 |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX
00418485 |> 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
00418488 |. EB 22 JMP SHORT WaGan.004184AC
普通参数处理
0041848A |> 837D FC 00 CMP DWORD PTR SS:[EBP-4],0
0041848E |. 74 08 JE SHORT WaGan.00418498
00418490 |. 66:C745 E8 00>MOV WORD PTR SS:[EBP-18],8000
00418496 |. EB 0C JMP SHORT WaGan.004184A4
00418498 |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0041849B |. E8 4278FFFF CALL WaGan.0040FCE2
004184A0 |. 66:8945 E8 MOV WORD PTR SS:[EBP-18],AX
004184A4 |> 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004184A7 |. 25 FFFF0000 AND EAX,0FFFF
004184AC |> 8BE5 MOV ESP,EBP
004184AE |. 5D POP EBP
004184AF \. C2 0400 RETN 4
作者:
岱瀛 时间: 2007-12-30 21:29 标题: 各个特效代码位置
00405915 |> \6A 23 |PUSH 23 ; /Arg1 = 00000023
00405917 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C] ; |
0040591A |. 8B4A 08 |MOV ECX,DWORD PTR DS:[EDX+8] ; |
0040591D |. E8 E7200000 |CALL 雪芸.00407A09 ; \是否混乱攻击
00405979 |> \6A 24 |PUSH 24 ; /Arg1 = 00000024
0040597B |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C] ; |
0040597E |. 8B4A 08 |MOV ECX,DWORD PTR DS:[EDX+8] ; |
00405981 |. E8 83200000 |CALL 雪芸.00407A09 ; \是否中毒攻击
004059DD |> \6A 25 |PUSH 25 ; /Arg1 = 00000025
004059DF |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C] ; |
004059E2 |. 8B4A 08 |MOV ECX,DWORD PTR DS:[EDX+8] ; |
004059E5 |. E8 1F200000 |CALL 雪芸.00407A09 ; \是否麻痹攻击
00405A41 |> \6A 26 |PUSH 26 ; /Arg1 = 00000026
00405A43 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C] ; |
00405A46 |. 8B4A 08 |MOV ECX,DWORD PTR DS:[EDX+8] ; |
00405A49 |. E8 BB1F0000 |CALL 雪芸.00407A09 ; \禁止咒攻击
00405BBA |. 6A 3E |PUSH 3E
00405BBC |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00405BBF |. 33C0 |XOR EAX,EAX
00405BC1 |. 8A42 01 |MOV AL,BYTE PTR DS:[EDX+1]
00405BC4 |. 8BC8 |MOV ECX,EAX
00405BC6 |. 6BC9 24 |IMUL ECX,ECX,24
00405BC9 |. 81C1 502C4B00 |ADD ECX,雪芸.004B2C50
00405BCF |. E8 9C9A0500 |CALL 雪芸.0045F670
00405BD4 |. 8BC8 |MOV ECX,EAX ; |
00405BD6 |. 6BC9 48 |IMUL ECX,ECX,48 ; |
00405BD9 |. 81C1 681B4A00 |ADD ECX,雪芸.004A1B68 ; |
00405BDF |. E8 251E0000 |CALL 雪芸.00407A09 ; \自动使用豆
00405D9B |. 6A 29 PUSH 29 ; /Arg1 = 00000029
00405D9D |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; |
00405DA0 |. 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8] ; |
00405DA3 |. E8 611C0000 CALL 雪芸.00407A09 ; \致命一击
00405F12 |. 6A 39 |PUSH 39 ; /Arg1 = 00000039
00405F14 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8] ; |
00405F17 |. E8 ED1A0000 |CALL 雪芸.00407A09 ; \防致命一击
00405F82 |. 6A 3A |PUSH 3A ; /Arg1 = 0000003A
00405F84 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8] ; |
00405F87 |. E8 7D1A0000 |CALL 雪芸.00407A09 ; \防两次攻击
00405FA6 |> \6A 3C |PUSH 3C ; /Arg1 = 0000003C
00405FA8 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8] ; |
00405FAB |. E8 591A0000 |CALL 雪芸.00407A09 ; \防御MP
004063D6 |. 6A 28 PUSH 28
004063D8 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004063DB |. E8 90920500 CALL 雪芸.0045F670
004063E0 |. 8BC8 MOV ECX,EAX ; |
004063E2 |. 6BC9 48 IMUL ECX,ECX,48 ; |
004063E5 |. 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
004063EB |. E8 19160000 CALL 雪芸.00407A09 ; \反击后反击
00406462 |> \6A 2C PUSH 2C ; /Arg1 = 0000002C
00406464 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
00406467 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8] ; |
0040646A |. E8 9A150000 CALL 雪芸.00407A09 ; \无反击攻击
00407850 |> \6A 2B PUSH 2B ; /Arg1 = 0000002B
00407852 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
00407855 |. E8 AF010000 CALL 雪芸.00407A09 ; \传透攻击
0041FF87 |> \6A 32 PUSH 32 ; /Arg1 = 00000032
0041FF89 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0041FF8C |. E8 787AFEFF CALL 雪芸.00407A09 ; \可以禁咒
004200A2 |> \6A 32 PUSH 32 ; /Arg1 = 00000032
004200A4 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
004200A7 |. E8 5D79FEFF CALL 雪芸.00407A09 ; \可以禁咒
004201BC |> \6A 32 PUSH 32 ; /Arg1 = 00000032
004201BE |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
004201C1 |. E8 4378FEFF CALL 雪芸.00407A09 ; \可以禁咒
004202D7 |> \6A 32 PUSH 32 ; /Arg1 = 00000032
004202D9 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
004202DC |. E8 2877FEFF CALL 雪芸.00407A09 ; \可以禁咒
00422C8B |. 6A 3E |PUSH 3E
00422C8D |. 8B4D D4 |MOV ECX,DWORD PTR SS:[EBP-2C]
00422C90 |. 33D2 |XOR EDX,EDX
00422C92 |. 8A51 0C |MOV DL,BYTE PTR DS:[ECX+C]
00422C95 |. 8BCA |MOV ECX,EDX
00422C97 |. 6BC9 24 |IMUL ECX,ECX,24
00422C9A |. 81C1 502C4B00 |ADD ECX,雪芸.004B2C50
00422CA0 |. E8 CBC90300 |CALL 雪芸.0045F670
00422CA5 |. 8BC8 |MOV ECX,EAX ; |
00422CA7 |. 6BC9 48 |IMUL ECX,ECX,48 ; |
00422CAA |. 81C1 681B4A00 |ADD ECX,雪芸.004A1B68 ; |
00422CB0 |. E8 544DFEFF |CALL 雪芸.00407A09 ; \豆袋
00422F46 |. 6A 31 PUSH 31 ; /Arg1 = 00000031
00422F48 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; |
00422F4B |. 8B48 04 MOV ECX,DWORD PTR DS:[EAX+4] ; |
00422F4E |. E8 B64AFEFF CALL 雪芸.00407A09 ; \节约MP
00437D6B |. 6A 21 PUSH 21
00437D6D |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
00437D70 |. E8 FB780200 CALL 雪芸.0045F670
00437D75 |. 8BC8 MOV ECX,EAX ; |
00437D77 |. 6BC9 48 IMUL ECX,ECX,48 ; |
00437D7A |. 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
00437D80 |. E8 84FCFCFF CALL 雪芸.00407A09 ; \突击移动
00439F72 |. 6A 3C PUSH 3C ; /Arg1 = 0000003C
00439F74 |. 8B8D 74FFFFFF MOV ECX,DWORD PTR SS:[EBP-8C] ; |
00439F7A |. E8 8ADAFCFF CALL 雪芸.00407A09 ; \防御MP
0043AC63 |. 6A 2E PUSH 2E ; /Arg1 = 0000002E
0043AC65 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; |
0043AC68 |. 8B08 MOV ECX,DWORD PTR DS:[EAX] ; |
0043AC6A |. 6BC9 48 IMUL ECX,ECX,48 ; |
0043AC6D |. 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
0043AC73 |. E8 91CDFCFF CALL 雪芸.00407A09 ; \引导攻击
0043B5C3 |. 6A 38 PUSH 38 ; /Arg1 = 00000038
0043B5C5 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
0043B5C8 |. E8 3CC4FCFF CALL 雪芸.00407A09 ; \防远程攻击
0043B6AC |> \6A 27 PUSH 27 ; /Arg1 = 00000027
0043B6AE |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20] ; |
0043B6B1 |. E8 53C3FCFF CALL 雪芸.00407A09 ; \辅助攻击命中
0043B6DB |> \6A 35 PUSH 35 ; /Arg1 = 00000035
0043B6DD |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
0043B6E0 |. E8 24C3FCFF CALL 雪芸.00407A09 ; \辅助攻击防御
0043B708 |> \6A 37 PUSH 37 ; /Arg1 = 00000037
0043B70A |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
0043B70D |. E8 F7C2FCFF CALL 雪芸.00407A09 ; \辅助全防御
0043B92B |> \6A 34 PUSH 34 ; /Arg1 = 00000034
0043B92D |. 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24] ; |
0043B930 |. E8 D4C0FCFF CALL 雪芸.00407A09 ; \辅助策略命中
0043B95A |> \6A 36 PUSH 36 ; /Arg1 = 00000036
0043B95C |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C] ; |
0043B95F |. E8 A5C0FCFF CALL 雪芸.00407A09 ; \辅助策略防御
0043B987 |> \6A 37 PUSH 37 ; /Arg1 = 00000037
0043B989 |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C] ; |
0043B98C |. E8 78C0FCFF CALL 雪芸.00407A09 ; \辅助全防御
0043BDDF |> \6A 3D PUSH 3D
0043BDE1 |. 8B4D DC MOV ECX,DWORD PTR SS:[EBP-24]
0043BDE4 |. E8 87380200 CALL 雪芸.0045F670
0043BDE9 |. 8BC8 MOV ECX,EAX ; |
0043BDEB |. 6BC9 48 IMUL ECX,ECX,48 ; |
0043BDEE |. 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
0043BDF4 |. E8 10BCFCFF CALL 雪芸.00407A09 ; \减轻远距伤害
0043BEA6 |. 6A 2D PUSH 2D ; /Arg1 = 0000002D
0043BEA8 |. 8B55 D4 MOV EDX,DWORD PTR SS:[EBP-2C] ; |
0043BEAB |. 8B0A MOV ECX,DWORD PTR DS:[EDX] ; |
0043BEAD |. 6BC9 48 IMUL ECX,ECX,48 ; |
0043BEB0 |. 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
0043BEB6 |. E8 4EBBFCFF CALL 雪芸.00407A09 ; \骑马攻击
0043C1E2 |. 6A 2F PUSH 2F ; /Arg1 = 0000002F
0043C1E4 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
0043C1E7 |. 8B09 MOV ECX,DWORD PTR DS:[ECX] ; |
0043C1E9 |. 6BC9 48 IMUL ECX,ECX,48 ; |
0043C1EC |. 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
0043C1F2 |. E8 12B8FCFF CALL 雪芸.00407A09 ; \辅助火系策略
0043C24D |. 6A 30 PUSH 30 ; /Arg1 = 00000030
0043C24F |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; |
0043C252 |. 8B08 MOV ECX,DWORD PTR DS:[EAX] ; |
0043C254 |. 6BC9 48 IMUL ECX,ECX,48 ; |
0043C257 |. 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
0043C25D |. E8 A7B7FCFF CALL 雪芸.00407A09 ; \辅助风类策略
0043C297 |> \6A 3B PUSH 3B ; /Arg1 = 0000003B
0043C299 |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C] ; |
0043C29C |. E8 68B7FCFF CALL 雪芸.00407A09 ; \防御策略损伤
0043C745 |. 6A 14 PUSH 14
0043C747 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0043C74A |. E8 212F0200 CALL 雪芸.0045F670
0043C74F |. 8BC8 MOV ECX,EAX ; |
0043C751 |. 6BC9 48 IMUL ECX,ECX,48 ; |
0043C754 |. 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
0043C75A |. E8 AAB2FCFF CALL 雪芸.00407A09 ; \辅助防御力
0043CE7C |> \6A 12 PUSH 12 ; /Arg1 = 00000012
0043CE7E |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C] ; |
0043CE81 |. E8 83ABFCFF CALL 雪芸.00407A09 ; \每回合回复HP
0043CEE0 |> \6A 13 PUSH 13 ; /Arg1 = 00000013
0043CEE2 |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C] ; |
0043CEE5 |. E8 1FABFCFF CALL 雪芸.00407A09 ; \每回合回复MP
0043CF36 |. 6A 15 PUSH 15 ; /Arg1 = 00000015
0043CF38 |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C] ; |
0043CF3B |. E8 C9AAFCFF CALL 雪芸.00407A09 ; \每回合获得经验
0043CF75 |> \6A 16 PUSH 16 ; /Arg1 = 00000016
0043CF77 |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C] ; |
0043CF7A |. E8 8AAAFCFF CALL 雪芸.00407A09 ; \每回合获的武器经验值
0043CFB4 |> \6A 17 PUSH 17 ; /Arg1 = 00000017
0043CFB6 |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C] ; |
0043CFB9 |. E8 4BAAFCFF CALL 雪芸.00407A09 ; \每回合获的防具经验值
0043DB72 . 6A 2E PUSH 2E ; /Arg1 = 0000002E
0043DB74 . 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; |
0043DB77 . 8B08 MOV ECX,DWORD PTR DS:[EAX] ; |
0043DB79 . 6BC9 48 IMUL ECX,ECX,48 ; |
0043DB7C . 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
0043DB82 . E8 829EFCFF CALL 雪芸.00407A09 ; \引导攻击
0043DEBD |> \6A 33 PUSH 33 ; /Arg1 = 00000033
0043DEBF |. 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C] ; |
0043DEC2 |. 8B09 MOV ECX,DWORD PTR DS:[ECX] ; |
0043DEC4 |. 6BC9 48 IMUL ECX,ECX,48 ; |
0043DEC7 |. 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
0043DECD |. E8 379BFCFF CALL 雪芸.00407A09 ; \策略模仿
0043F818 |. 6A 22 PUSH 22 ; /Arg1 = 00000022
0043F81A |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C] ; |
0043F81D |. 8B0A MOV ECX,DWORD PTR DS:[EDX] ; |
0043F81F |. 6BC9 48 IMUL ECX,ECX,48 ; |
0043F822 |. 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
0043F828 |. E8 DC81FCFF CALL 雪芸.00407A09 ; \恶路移动
0043F8C5 |. 6A 2A PUSH 2A ; /Arg1 = 0000002A
0043F8C7 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
0043F8CA |. 8B08 MOV ECX,DWORD PTR DS:[EAX] ; |
0043F8CC |. 6BC9 48 IMUL ECX,ECX,48 ; |
0043F8CF |. 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
0043F8D5 |. E8 2F81FCFF CALL 雪芸.00407A09 ; \远距攻击
00465B26 |> \6A 33 PUSH 33
00465B28 |. 8B8D 98FEFFFF MOV ECX,DWORD PTR SS:[EBP-168]
00465B2E |. 8B49 50 MOV ECX,DWORD PTR DS:[ECX+50]
00465B31 |. E8 3A9BFFFF CALL 雪芸.0045F670
00465B36 |. 8BC8 MOV ECX,EAX ; |
00465B38 |. 6BC9 48 IMUL ECX,ECX,48 ; |
00465B3B |. 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
00465B41 |. E8 C31EFAFF CALL 雪芸.00407A09 ; \策略模仿
00466473 |. 6A 31 PUSH 31
00466475 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
00466478 |. 8B49 50 MOV ECX,DWORD PTR DS:[ECX+50]
0046647B |. E8 F091FFFF CALL 雪芸.0045F670
00466480 |. 8BC8 MOV ECX,EAX ; |
00466482 |. 6BC9 48 IMUL ECX,ECX,48 ; |
00466485 |. 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
0046648B |. E8 7915FAFF CALL 雪芸.00407A09 ; 节约MP
18-辅助攻击力 19-辅助精神力 1A-辅助防御力 1B-辅助爆发力 1C-辅助士气 1D-辅助HP 1E-辅助MP 1F-辅助获得Exp 20-辅助移动力
41-治疗混乱 42-治疗中毒 43-治疗麻痹 44-治疗禁咒 45-恢复状态 46-武力上升 47-智力上升 48-统率力上升 49-敏捷上升 4A-运气上升 4B-等级上升 4C-兵种上升
0040681A /$ 55 PUSH EBP
0040681B |. 8BEC MOV EBP,ESP
0040681D |. 51 PUSH ECX
0040681E |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00406821 |. 6BC9 19 IMUL ECX,ECX,19
00406824 |. 81C1 40114A00 ADD ECX,雪芸.004A1140
0040682A |. E8 112D0000 CALL 雪芸.00409540 获取道具ecx的类型,辅助则为特殊效果
0040682F |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
00406832 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00406835 |. 25 FF000000 AND EAX,0FF
0040683A |. 83F8 09 CMP EAX,9
0040683D |. 7E 0E JLE SHORT 雪芸.0040684D 小于等于转移
0040683F |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00406842 |. 81E1 FF000000 AND ECX,0FF
00406848 |. 83F9 18 CMP ECX,18 辅助攻击力
0040684B |. 75 07 JNZ SHORT 雪芸.00406854 不是则转移
0040684D |> 32C0 XOR AL,AL
0040684F |. E9 AE000000 JMP 雪芸.00406902
00406854 |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00406857 |. 81E2 FF000000 AND EDX,0FF
0040685D |. 83FA 0E CMP EDX,0E
00406860 |. 7C 0D JL SHORT 雪芸.0040686F 小于0e转移
00406862 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00406865 |. 25 FF000000 AND EAX,0FF
0040686A |. 83F8 19 CMP EAX,19 辅助精神力
0040686D |. 75 07 JNZ SHORT 雪芸.00406876
0040686F |> B0 02 MOV AL,2
00406871 |. E9 8C000000 JMP 雪芸.00406902
00406876 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00406879 |. 81E1 FF000000 AND ECX,0FF
0040687F |. 83F9 12 CMP ECX,12
00406882 |. 7C 0E JL SHORT 雪芸.00406892
00406884 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00406887 |. 81E2 FF000000 AND EDX,0FF
0040688D |. 83FA 1A CMP EDX,1A 辅助防御力
00406890 |. 75 04 JNZ SHORT 雪芸.00406896
00406892 |> B0 01 MOV AL,1
00406894 |. EB 6C JMP SHORT 雪芸.00406902
00406896 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00406899 |. 25 FF000000 AND EAX,0FF
0040689E |. 83F8 1B CMP EAX,1B 辅助爆发力
004068A1 |. 75 04 JNZ SHORT 雪芸.004068A7
004068A3 |. B0 03 MOV AL,3
004068A5 |. EB 5B JMP SHORT 雪芸.00406902
004068A7 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004068AA |. 81E1 FF000000 AND ECX,0FF
004068B0 |. 83F9 1C CMP ECX,1C 辅助士气
004068B3 |. 75 04 JNZ SHORT 雪芸.004068B9
004068B5 |. B0 04 MOV AL,4
004068B7 |. EB 49 JMP SHORT 雪芸.00406902
004068B9 |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
004068BC |. 81E2 FF000000 AND EDX,0FF
004068C2 |. 83FA 1D CMP EDX,1D 辅助HP
004068C5 |. 75 04 JNZ SHORT 雪芸.004068CB
004068C7 |. B0 05 MOV AL,5
004068C9 |. EB 37 JMP SHORT 雪芸.00406902
004068CB |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004068CE |. 25 FF000000 AND EAX,0FF
004068D3 |. 83F8 1E CMP EAX,1E 辅助MP
004068D6 |. 75 04 JNZ SHORT 雪芸.004068DC
004068D8 |. B0 06 MOV AL,6
004068DA |. EB 26 JMP SHORT 雪芸.00406902
004068DC |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004068DF |. 81E1 FF000000 AND ECX,0FF
004068E5 |. 83F9 20 CMP ECX,20
004068E8 |. 75 04 JNZ SHORT 雪芸.004068EE 辅助移动力
004068EA |. B0 07 MOV AL,7
004068EC |. EB 14 JMP SHORT 雪芸.00406902
004068EE |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
004068F1 |. 81E2 FF000000 AND EDX,0FF
004068F7 |. 83FA 1F CMP EDX,1F 辅助获得Exp
004068FA |. 75 04 JNZ SHORT 雪芸.00406900
004068FC |. B0 08 MOV AL,8
004068FE |. EB 02 JMP SHORT 雪芸.00406902
00406900 |> 0C FF OR AL,0FF
00406902 |> 8BE5 MOV ESP,EBP
00406904 |. 5D POP EBP
00406905 \. C3 RETN
004075A7 /$ 55 PUSH EBP
004075A8 |. 8BEC MOV EBP,ESP
004075AA |. 83EC 18 SUB ESP,18
004075AD |. 894D F0 MOV DWORD PTR SS:[EBP-10],ECX
004075B0 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
004075B3 |. E8 481F0000 CALL 雪芸.00409500
004075B8 |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
004075BB |. B9 70074B00 MOV ECX,雪芸.004B0770
004075C0 |. E8 7B1F0000 CALL 雪芸.00409540
004075C5 |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
004075C8 |. 837D F8 00 CMP DWORD PTR SS:[EBP-8],0
004075CC |. 0F85 A3000000 JNZ 雪芸.00407675
004075D2 |. B9 70074B00 MOV ECX,雪芸.004B0770
004075D7 |. E8 841F0000 CALL 雪芸.00409560
004075DC |. 25 FF000000 AND EAX,0FF
004075E1 |. 83F8 02 CMP EAX,2
004075E4 |. 7D 45 JGE SHORT 雪芸.0040762B
004075E6 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004075E9 |. 25 FF000000 AND EAX,0FF
004075EE |. 24 0F AND AL,0F
004075F0 |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX
004075F3 |. 837D EC 01 CMP DWORD PTR SS:[EBP-14],1
004075F7 |. 74 0E JE SHORT 雪芸.00407607
004075F9 |. 837D EC 02 CMP DWORD PTR SS:[EBP-14],2
004075FD |. 74 11 JE SHORT 雪芸.00407610
004075FF |. 837D EC 03 CMP DWORD PTR SS:[EBP-14],3
00407603 |. 74 14 JE SHORT 雪芸.00407619
00407605 |. EB 1B JMP SHORT 雪芸.00407622
00407607 |> C745 F4 01000>MOV DWORD PTR SS:[EBP-C],1
0040760E |. EB 19 JMP SHORT 雪芸.00407629
00407610 |> C745 F4 02000>MOV DWORD PTR SS:[EBP-C],2
00407617 |. EB 10 JMP SHORT 雪芸.00407629
00407619 |> C745 F4 03000>MOV DWORD PTR SS:[EBP-C],3
00407620 |. EB 07 JMP SHORT 雪芸.00407629
00407622 |> C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
00407629 |> EB 45 JMP SHORT 雪芸.00407670
0040762B |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0040762E |. 81E1 FF000000 AND ECX,0FF
00407634 |. 80E1 0F AND CL,0F
00407637 |. 894D E8 MOV DWORD PTR SS:[EBP-18],ECX
0040763A |. 837D E8 01 CMP DWORD PTR SS:[EBP-18],1
0040763E |. 74 0E JE SHORT 雪芸.0040764E
00407640 |. 837D E8 02 CMP DWORD PTR SS:[EBP-18],2
00407644 |. 74 11 JE SHORT 雪芸.00407657
00407646 |. 837D E8 03 CMP DWORD PTR SS:[EBP-18],3
0040764A |. 74 14 JE SHORT 雪芸.00407660
0040764C |. EB 1B JMP SHORT 雪芸.00407669
0040764E |> C745 F4 05000>MOV DWORD PTR SS:[EBP-C],5
00407655 |. EB 19 JMP SHORT 雪芸.00407670
00407657 |> C745 F4 06000>MOV DWORD PTR SS:[EBP-C],6
0040765E |. EB 10 JMP SHORT 雪芸.00407670
00407660 |> C745 F4 07000>MOV DWORD PTR SS:[EBP-C],7
00407667 |. EB 07 JMP SHORT 雪芸.00407670
00407669 |> C745 F4 04000>MOV DWORD PTR SS:[EBP-C],4
00407670 |> E9 DB000000 JMP 雪芸.00407750
00407675 |> 837D F8 01 CMP DWORD PTR SS:[EBP-8],1
00407679 |. 75 45 JNZ SHORT 雪芸.004076C0
0040767B |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0040767E |. 81E2 FF000000 AND EDX,0FF
00407684 |. 80E2 0F AND DL,0F
00407687 |. 83FA 04 CMP EDX,4
0040768A |. 75 09 JNZ SHORT 雪芸.00407695
0040768C |. C745 F4 E0000>MOV DWORD PTR SS:[EBP-C],0E0
00407693 |. EB 26 JMP SHORT 雪芸.004076BB
00407695 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00407698 |. 25 FF000000 AND EAX,0FF
0040769D |. 25 80000000 AND EAX,80
004076A2 |. 85C0 TEST EAX,EAX
004076A4 |. 75 09 JNZ SHORT 雪芸.004076AF
004076A6 |. C745 F4 DF000>MOV DWORD PTR SS:[EBP-C],0DF
004076AD |. EB 0C JMP SHORT 雪芸.004076BB
004076AF |> 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
004076B2 |. 8B51 04 MOV EDX,DWORD PTR DS:[ECX+4]
004076B5 |. 83C2 07 ADD EDX,7
004076B8 |. 8955 F4 MOV DWORD PTR SS:[EBP-C],EDX
004076BB |> E9 90000000 JMP 雪芸.00407750
004076C0 |> 837D F8 23 CMP DWORD PTR SS:[EBP-8],23
004076C4 |. 75 26 JNZ SHORT 雪芸.004076EC
004076C6 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004076C9 |. 25 FF000000 AND EAX,0FF
004076CE |. 83E0 10 AND EAX,10
004076D1 |. 85C0 TEST EAX,EAX
004076D3 |. 74 09 JE SHORT 雪芸.004076DE
004076D5 |. C745 F4 D6000>MOV DWORD PTR SS:[EBP-C],0D6
004076DC |. EB 0C JMP SHORT 雪芸.004076EA
004076DE |> 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
004076E1 |. 8B51 04 MOV EDX,DWORD PTR DS:[ECX+4]
004076E4 |. 83C2 07 ADD EDX,7
004076E7 |. 8955 F4 MOV DWORD PTR SS:[EBP-C],EDX
004076EA |> EB 64 JMP SHORT 雪芸.00407750
004076EC |> 837D F8 08 CMP DWORD PTR SS:[EBP-8],8
004076F0 |. 75 26 JNZ SHORT 雪芸.00407718
004076F2 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004076F5 |. 25 FF000000 AND EAX,0FF
004076FA |. 83E0 20 AND EAX,20
004076FD |. 85C0 TEST EAX,EAX
004076FF |. 74 09 JE SHORT 雪芸.0040770A
00407701 |. C745 F4 E2000>MOV DWORD PTR SS:[EBP-C],0E2
00407708 |. EB 0C JMP SHORT 雪芸.00407716
0040770A |> 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
0040770D |. 8B51 04 MOV EDX,DWORD PTR DS:[ECX+4]
00407710 |. 83C2 07 ADD EDX,7
00407713 |. 8955 F4 MOV DWORD PTR SS:[EBP-C],EDX
00407716 |> EB 38 JMP SHORT 雪芸.00407750
00407718 |> 837D F8 04 CMP DWORD PTR SS:[EBP-8],4
0040771C |. 75 26 JNZ SHORT 雪芸.00407744
0040771E |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00407721 |. 25 FF000000 AND EAX,0FF
00407726 |. 83E0 40 AND EAX,40
00407729 |. 85C0 TEST EAX,EAX
0040772B |. 74 09 JE SHORT 雪芸.00407736
0040772D |. C745 F4 E3000>MOV DWORD PTR SS:[EBP-C],0E3
00407734 |. EB 0C JMP SHORT 雪芸.00407742
00407736 |> 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
00407739 |. 8B51 04 MOV EDX,DWORD PTR DS:[ECX+4]
0040773C |. 83C2 07 ADD EDX,7
0040773F |. 8955 F4 MOV DWORD PTR SS:[EBP-C],EDX
00407742 |> EB 0C JMP SHORT 雪芸.00407750
00407744 |> 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
00407747 |. 8B48 04 MOV ECX,DWORD PTR DS:[EAX+4]
0040774A |. 83C1 07 ADD ECX,7
0040774D |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
00407750 |> 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00407753 |. 8BE5 MOV ESP,EBP
00407755 |. 5D POP EBP
00407756 \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:31 标题: 反击函数
0040639A /$ 55 PUSH EBP
0040639B |. 8BEC MOV EBP,ESP
0040639D |. 83EC 10 SUB ESP,10
004063A0 |. 56 PUSH ESI
004063A1 |. 894D F0 MOV DWORD PTR SS:[EBP-10],ECX
004063A4 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004063A7 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
004063AA |. 8A51 10 MOV DL,BYTE PTR DS:[ECX+10]
004063AD |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
004063B0 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004063B3 |. 33C9 XOR ECX,ECX
004063B5 |. 8A48 01 MOV CL,BYTE PTR DS:[EAX+1]
004063B8 |. 6BC9 24 IMUL ECX,ECX,24
004063BB |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50
004063C1 |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
004063C4 |. 833D 042E4900>CMP DWORD PTR DS:[492E04],1
004063CB |. 77 27 JA SHORT WaGan.004063F4
004063CD |. 833D 042E4900>CMP DWORD PTR DS:[492E04],0
004063D4 |. 76 2D JBE SHORT WaGan.00406403
004063D6 |. 6A 28 PUSH 28 无反攻击
004063D8 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004063DB |. E8 90920500 CALL WaGan.0045F670
004063E0 |. 8BC8 MOV ECX,EAX ; |
004063E2 |. 6BC9 48 IMUL ECX,ECX,48 ; |
004063E5 |. 81C1 0000D600 ADD ECX,0D60000 ; |
004063EB |. E8 19160000 CALL WaGan.00407A09 ; \WaGan.00407A09 判断是否攻击者带无反攻击
004063F0 |. 85C0 TEST EAX,EAX
004063F2 |. 75 0F JNZ SHORT WaGan.00406403
004063F4 |> C705 042E4900>MOV DWORD PTR DS:[492E04],0
004063FE |. E9 E9000000 JMP WaGan.004064EC
00406403 |> C745 F8 01000>MOV DWORD PTR SS:[EBP-8],1
0040640A |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0040640D |. E8 4ECFFFFF CALL WaGan.00403360 获取武将ecx的坐标位置(纵横)
00406412 |. 50 PUSH EAX ; /Arg1
00406413 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
00406416 |. 81C1 25040000 ADD ECX,425 ; |
0040641C |. E8 7F010000 CALL WaGan.004065A0 ; \WaGan.004065A0
00406421 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00406424 |. E8 95940300 CALL WaGan.0043F8BE 获取武将ecx的攻击范围(宝物覆盖兵种)
00406429 |. 8845 F4 MOV BYTE PTR SS:[EBP-C],AL
0040642C |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
0040642F |. 8A02 MOV AL,BYTE PTR DS:[EDX]
00406431 |. A2 282C4B00 MOV BYTE PTR DS:[4B2C28],AL
00406436 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00406439 |. E8 52C80600 CALL WaGan.00472C90 返回武将ecx的当前体力
0040643E |. 85C0 TEST EAX,EAX
00406440 |. 75 09 JNZ SHORT WaGan.0040644B
00406442 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00406449 |. EB 64 JMP SHORT WaGan.004064AF
0040644B |> 6A 08 PUSH 8 ; /Arg1 = 00000008
0040644D |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
00406450 |. E8 8B020000 CALL WaGan.004066E0 ; \WaGan.004066E0 判断是否混乱
00406455 |. 85C0 TEST EAX,EAX
00406457 |. 74 09 JE SHORT WaGan.00406462
00406459 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00406460 |. EB 4D JMP SHORT WaGan.004064AF
00406462 |> 6A 2C PUSH 2C ; /Arg1 = 0000002C
00406464 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
00406467 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8] ; |
0040646A |. E8 9A150000 CALL WaGan.00407A09 ; \WaGan.00407A09
0040646F |. 85C0 TEST EAX,EAX
00406471 |. 74 09 JE SHORT WaGan.0040647C
00406473 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
0040647A |. EB 33 JMP SHORT WaGan.004064AF
0040647C |> 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
0040647F |. 33C0 XOR EAX,EAX
00406481 |. 8A02 MOV AL,BYTE PTR DS:[EDX]
00406483 |. 8BF0 MOV ESI,EAX
00406485 |. 6A 00 PUSH 0 ; /Arg4 = 00000000
00406487 |. 6A 00 PUSH 0 ; |Arg3 = 00000000
00406489 |. 8A4D F4 MOV CL,BYTE PTR SS:[EBP-C] ; |
0040648C |. 51 PUSH ECX ; |Arg2
0040648D |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] ; |
00406490 |. 81C2 25040000 ADD EDX,425 ; |
00406496 |. 52 PUSH EDX ; |Arg1
00406497 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0040649A |. E8 E7000300 CALL WaGan.00436586 ; \WaGan.00436586
0040649F |. 25 FF000000 AND EAX,0FF
004064A4 |. 3BF0 CMP ESI,EAX
004064A6 |. 74 07 JE SHORT WaGan.004064AF
004064A8 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
004064AF |> 837D F8 00 CMP DWORD PTR SS:[EBP-8],0
004064B3 |. 74 37 JE SHORT WaGan.004064EC
004064B5 |. A1 042E4900 MOV EAX,DWORD PTR DS:[492E04]
004064BA |. 83C0 01 ADD EAX,1
004064BD |. A3 042E4900 MOV DWORD PTR DS:[492E04],EAX
004064C2 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
004064C5 |. 8A11 MOV DL,BYTE PTR DS:[ECX]
004064C7 |. 52 PUSH EDX ; /Arg2
004064C8 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; |
004064CB |. 8A48 01 MOV CL,BYTE PTR DS:[EAX+1] ; |
004064CE |. 51 PUSH ECX ; |Arg1
004064CF |. E8 55F30200 CALL WaGan.00435829 ; \WaGan.00435829
004064D4 |. 83C4 08 ADD ESP,8
004064D7 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
004064DA |. 8A02 MOV AL,BYTE PTR DS:[EDX]
004064DC |. 50 PUSH EAX ; /Arg2
004064DD |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
004064E0 |. 8A51 01 MOV DL,BYTE PTR DS:[ECX+1] ; |
004064E3 |. 52 PUSH EDX ; |Arg1
004064E4 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
004064E7 |. E8 05000000 CALL WaGan.004064F1 ; \WaGan.004064F1
004064EC |> 5E POP ESI
004064ED |. 8BE5 MOV ESP,EBP
004064EF |. 5D POP EBP
004064F0 \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:31 标题: 反击代码
0040639A /$ 55 PUSH EBP
0040639B |. 8BEC MOV EBP,ESP
0040639D |. 83EC 10 SUB ESP,10
004063A0 |. 56 PUSH ESI
004063A1 |. 894D F0 MOV DWORD PTR SS:[EBP-10],ECX
004063A4 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004063A7 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
004063AA |. 8A51 10 MOV DL,BYTE PTR DS:[ECX+10]
004063AD |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
004063B0 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004063B3 |. 33C9 XOR ECX,ECX ; 雪芸.004927F0
004063B5 |. 8A48 01 MOV CL,BYTE PTR DS:[EAX+1]
004063B8 |. 6BC9 24 IMUL ECX,ECX,24
004063BB |. 81C1 502C4B00 ADD ECX,雪芸.004B2C50
004063C1 |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
004063C4 |. 833D 042E4900>CMP DWORD PTR DS:[492E04],1
004063CB |. 77 27 JA SHORT 雪芸.004063F4
004063CD |. 833D 042E4900>CMP DWORD PTR DS:[492E04],0
004063D4 |. 76 2D JBE SHORT 雪芸.00406403 //如果不是反击后反击判断,则不用28判断
004063D6 |. 6A 28 PUSH 28
004063D8 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004063DB |. E8 90920500 CALL 雪芸.0045F670
004063E0 |. 8BC8 MOV ECX,EAX ; |
004063E2 |. 6BC9 48 IMUL ECX,ECX,48 ; |
004063E5 |. 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
004063EB |. E8 19160000 CALL 雪芸.00407A09 ; \雪芸.00407A09
004063F0 |. 85C0 TEST EAX,EAX
004063F2 |. 75 0F JNZ SHORT 雪芸.00406403
004063F4 |> C705 042E4900>MOV DWORD PTR DS:[492E04],0
004063FE |. E9 E9000000 JMP 雪芸.004064EC //不是反击后反击退出
00406403 |> C745 F8 01000>MOV DWORD PTR SS:[EBP-8],1
0040640A |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0040640D |. E8 4ECFFFFF CALL 雪芸.00403360
00406412 |. 50 PUSH EAX ; /Arg1
00406413 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
00406416 |. 81C1 25040000 ADD ECX,425 ; |
0040641C |. E8 7F010000 CALL 雪芸.004065A0 ; \雪芸.004065A0
00406421 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00406424 |. E8 95940300 CALL 雪芸.0043F8BE
00406429 |. 8845 F4 MOV BYTE PTR SS:[EBP-C],AL
0040642C |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
0040642F |. 8A02 MOV AL,BYTE PTR DS:[EDX]
00406431 |. A2 282C4B00 MOV BYTE PTR DS:[4B2C28],AL
00406436 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00406439 |. E8 52C80600 CALL 雪芸.00472C90 //返回当前ecx武将体力
0040643E |. 85C0 TEST EAX,EAX
00406440 |. 75 09 JNZ SHORT 雪芸.0040644B
00406442 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00406449 |. EB 64 JMP SHORT 雪芸.004064AF
0040644B |> 6A 08 PUSH 8 ; /Arg1 = 00000008
0040644D |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
00406450 |. E8 8B020000 CALL 雪芸.004066E0 ; \雪芸.004066E0
00406455 |. 85C0 TEST EAX,EAX
00406457 |. 74 09 JE SHORT 雪芸.00406462
00406459 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00406460 |. EB 4D JMP SHORT 雪芸.004064AF
00406462 |> 6A 2C PUSH 2C ; /Arg1 = 0000002C
00406464 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
00406467 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8] ; |
0040646A |. E8 9A150000 CALL 雪芸.00407A09 ; \雪芸.00407A09 判断是不是无反击攻击
0040646F |. 85C0 TEST EAX,EAX
00406471 |. 74 09 JE SHORT 雪芸.0040647C //不是的话,跳过,继续
00406473 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
0040647A |. EB 33 JMP SHORT 雪芸.004064AF //是无反击攻击,直接退出
0040647C |> 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
0040647F |. 33C0 XOR EAX,EAX
00406481 |. 8A02 MOV AL,BYTE PTR DS:[EDX]
00406483 |. 8BF0 MOV ESI,EAX
00406485 |. 6A 00 PUSH 0 ; /Arg4 = 00000000
00406487 |. 6A 00 PUSH 0 ; |Arg3 = 00000000
00406489 |. 8A4D F4 MOV CL,BYTE PTR SS:[EBP-C] ; |
0040648C |. 51 PUSH ECX ; |Arg2
0040648D |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] ; |
00406490 |. 81C2 25040000 ADD EDX,425 ; |
00406496 |. 52 PUSH EDX ; |Arg1
00406497 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0040649A |. E8 E7000300 CALL 雪芸.00436586 ; \雪芸.00436586
0040649F |. 25 FF000000 AND EAX,0FF
004064A4 |. 3BF0 CMP ESI,EAX
004064A6 |. 74 07 JE SHORT 雪芸.004064AF //如果攻击范围内有东西,
004064A8 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0 //继续/退出
004064AF |> 837D F8 00 CMP DWORD PTR SS:[EBP-8],0
004064B3 |. 74 37 JE SHORT 雪芸.004064EC //没有攻击退出
004064B5 |. A1 042E4900 MOV EAX,DWORD PTR DS:[492E04]
004064BA |. 83C0 01 ADD EAX,1
004064BD |. A3 042E4900 MOV DWORD PTR DS:[492E04],EAX
004064C2 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
004064C5 |. 8A11 MOV DL,BYTE PTR DS:[ECX]
004064C7 |. 52 PUSH EDX ; /Arg2
004064C8 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; |
004064CB |. 8A48 01 MOV CL,BYTE PTR DS:[EAX+1] ; |
004064CE |. 51 PUSH ECX ; |Arg1
004064CF |. E8 55F30200 CALL 雪芸.00435829 ; \雪芸.00435829
004064D4 |. 83C4 08 ADD ESP,8
004064D7 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
004064DA |. 8A02 MOV AL,BYTE PTR DS:[EDX]
004064DC |. 50 PUSH EAX ; /Arg2
004064DD |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
004064E0 |. 8A51 01 MOV DL,BYTE PTR DS:[ECX+1] ; |
004064E3 |. 52 PUSH EDX ; |Arg1
004064E4 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
004064E7 |. E8 05000000 CALL 雪芸.004064F1 ; \雪芸.004064F1 ///进行攻击
004064EC |> 5E POP ESI
004064ED |. 8BE5 MOV ESP,EBP
004064EF |. 5D POP EBP
004064F0 \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:32 标题: 各处对话框的调用
0041AD5C |. 52 PUSH EDX ; /<%s>
0041AD5D |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; |
0041AD60 |. 83C0 01 ADD EAX,1 ; |
0041AD63 |. 50 PUSH EAX ; |<%2d>
0041AD64 |. 68 90B54800 PUSH 雪芸.0048B590 ; |Format = "进度No.%2d: %s,可以读取吗?"
0041AD69 |. 8D8D E4FEFFFF LEA ECX,DWORD PTR SS:[EBP-11C] ; |
0041AD6F |. 51 PUSH ECX ; |s
0041AD70 |. FF15 C0624800 CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
0041B1BF |. 50 PUSH EAX ; /<%s>
0041B1C0 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
0041B1C3 |. 83C1 01 ADD ECX,1 ; |
0041B1C6 |. 51 PUSH ECX ; |<%2d>
0041B1C7 |. 68 CCB54800 PUSH 雪芸.0048B5CC ; |Format = "进度No.%2d: %s,可以保存吗?"
0041B1CC |. 8D95 E4FEFFFF LEA EDX,DWORD PTR SS:[EBP-11C] ; |
0041B1D2 |. 52 PUSH EDX ; |s
0041B1D3 |. FF15 C0624800 CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
///弹出环境设定的对话框窗口
0041BF43 /$ 55 PUSH EBP
0041BF44 |. 8BEC MOV EBP,ESP
0041BF46 |. 6A 00 PUSH 0 ; /lParam = NULL
0041BF48 |. 68 DDBA4100 PUSH 雪芸.0041BADD ; |DlgProc = 雪芸.0041BADD
0041BF4D |. A1 686A4B00 MOV EAX,DWORD PTR DS:[4B6A68] ; |
0041BF52 |. 50 PUSH EAX ; |hOwner => NULL
0041BF53 |. 68 00B64800 PUSH 雪芸.0048B600 ; |pTemplate = "KANKYOU"
0041BF58 |. 8B0D 606A4B00 MOV ECX,DWORD PTR DS:[4B6A60] ; |
0041BF5E |. 51 PUSH ECX ; |hInst => NULL
0041BF5F |. FF15 A0624800 CALL DWORD PTR DS:[<&USER32.DialogBoxPar>; \DialogBoxParamA
0041BF65 |. 5D POP EBP
0041BF66 \. C3 RETN
///最开始开始游戏那几个选择项的对话框窗口
0041BFB6 |> /6A 00 /PUSH 0 ; /lParam = NULL
0041BFB8 |. |68 69C04100 |PUSH 雪芸.0041C069 ; |DlgProc = 雪芸.0041C069
0041BFBD |. |A1 686A4B00 |MOV EAX,DWORD PTR DS:[4B6A68] ; |
0041BFC2 |. |50 |PUSH EAX ; |hOwner => NULL
0041BFC3 |. |68 C1000000 |PUSH 0C1 ; |pTemplate = C1
0041BFC8 |. |8B0D 606A4B00 |MOV ECX,DWORD PTR DS:[4B6A60] ; |
0041BFCE |. |51 |PUSH ECX ; |hInst => NULL
0041BFCF |. |FF15 A0624800 |CALL DWORD PTR DS:[<&USER32.DialogBoxPa>; \DialogBoxParamA
//选择哪个按钮的地方然后结束窗口的地方
0041C1B1 |> \6A 01 PUSH 1 ; /Result = 1
0041C1B3 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; |
0041C1B6 |. 50 PUSH EAX ; |hWnd
0041C1B7 |. FF15 D4624800 CALL DWORD PTR DS:[<&USER32.EndDialog>] ; \EndDialog
//主窗体
0047EB33 |. /75 25 |JNZ SHORT 雪芸.0047EB5A
0047EB35 |. |8325 B8A34B00>|AND DWORD PTR DS:[4BA3B8],FFFFFFFD ; Case 205 (WM_RBUTTONUP) of switch 0047EB24
0047EB3C |. |EB 19 |JMP SHORT 雪芸.0047EB57
0047EB3E |> |830D B8A34B00>|OR DWORD PTR DS:[4BA3B8],2 ; Case 204 (WM_RBUTTONDOWN) of switch 0047EB24
0047EB45 |. |EB 10 |JMP SHORT 雪芸.0047EB57
0047EB47 |> |8325 B8A34B00>|AND DWORD PTR DS:[4BA3B8],FFFFFFFE ; Case 202 (WM_LBUTTONUP) of switch 0047EB24
0047EB4E |. |EB 07 |JMP SHORT 雪芸.0047EB57
0047EB50 |> |830D B8A34B00>|OR DWORD PTR DS:[4BA3B8],1 ; Case 201 (WM_LBUTTONDOWN) of switch 0047EB24
0047EB57 |> |897D E4 |MOV DWORD PTR SS:[EBP-1C],EDI
0047EB5A |> \8D45 E0 |LEA EAX,DWORD PTR SS:[EBP-20] ; Default case of switch 0047EB24
0047EB5D |. 50 |PUSH EAX ; /pMsg
0047EB5E |. FF15 10634800 |CALL DWORD PTR DS:[<&USER32.TranslateMe>; \TranslateMessage
0047EB64 |. 8D45 E0 |LEA EAX,DWORD PTR SS:[EBP-20]
0047EB67 |. 50 |PUSH EAX ; /pMsg
0047EB68 |. FF15 14634800 |CALL DWORD PTR DS:[<&USER32.DispatchMes>; \DispatchMessageA
//武将个人情况
0045E79C |. 6A 00 PUSH 0 ; /lParam = NULL
0045E79E |. 68 7DE84500 PUSH 雪芸.0045E87D ; |DlgProc = 雪芸.0045E87D
0045E7A3 |. A1 686A4B00 MOV EAX,DWORD PTR DS:[4B6A68] ; |
0045E7A8 |. 50 PUSH EAX ; |hOwner => NULL
0045E7A9 |. 68 EC000000 PUSH 0EC ; |pTemplate = EC
0045E7AE |. 8B0D 606A4B00 MOV ECX,DWORD PTR DS:[4B6A60] ; |
0045E7B4 |. 51 PUSH ECX ; |hInst => NULL
0045E7B5 |. FF15 A0624800 CALL DWORD PTR DS:[<&USER32.DialogBoxPar>; \DialogBoxParamA
//道具一览
004680C5 |. 52 PUSH EDX ; /lParam
004680C6 |. 68 0BD04600 PUSH 雪芸.0046D00B ; |DlgProc = 雪芸.0046D00B
004680CB |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
004680CE |. 8B48 54 MOV ECX,DWORD PTR DS:[EAX+54] ; |
004680D1 |. 51 PUSH ECX ; |hOwner
004680D2 |. 68 45010000 PUSH 145 ; |pTemplate = 145
004680D7 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8] ; |
004680DA |. 52 PUSH EDX ; |hInst
004680DB |. FF15 A0624800 CALL DWORD PTR DS:[<&USER32.DialogBoxPar>; \DialogBoxParamA
//出兵
0045E79C |. 6A 00 PUSH 0 ; /lParam = NULL
0045E79E |. 68 7DE84500 PUSH WaGan.0045E87D ; |DlgProc = WaGan.0045E87D
0045E7A3 |. A1 686A4B00 MOV EAX,DWORD PTR DS:[4B6A68] ; |
0045E7A8 |. 50 PUSH EAX ; |hOwner => NULL
0045E7A9 |. 68 EC000000 PUSH 0EC ; |pTemplate = EC
0045E7AE |. 8B0D 606A4B00 MOV ECX,DWORD PTR DS:[4B6A60] ; |
0045E7B4 |. 51 PUSH ECX ; |hInst => NULL
0045E7B5 |. FF15 A0624800 CALL DWORD PTR DS:[<&USER32.DialogBoxPar>; \DialogBoxParamA
//买进
0046A9E0 |. 52 PUSH EDX ; /lParam
0046A9E1 |. 68 1CCE4600 PUSH 雪芸.0046CE1C ; |DlgProc = 雪芸.0046CE1C
0046A9E6 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
0046A9E9 |. 8B48 04 MOV ECX,DWORD PTR DS:[EAX+4] ; |
0046A9EC |. 51 PUSH ECX ; |hOwner
0046A9ED |. 68 47010000 PUSH 147 ; |pTemplate = 147
0046A9F2 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8] ; |
0046A9F5 |. 52 PUSH EDX ; |hInst
0046A9F6 |. FF15 A0624800 CALL DWORD PTR DS:[<&USER32.DialogBoxPar>; \DialogBoxParamA
//卖出
0046B7AC |. 52 PUSH EDX ; /lParam
0046B7AD |. 68 A9CE4600 PUSH 雪芸.0046CEA9 ; |DlgProc = 雪芸.0046CEA9
0046B7B2 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
0046B7B5 |. 8B48 04 MOV ECX,DWORD PTR DS:[EAX+4] ; |
0046B7B8 |. 51 PUSH ECX ; |hOwner
0046B7B9 |. 68 49010000 PUSH 149 ; |pTemplate = 149
0046B7BE |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8] ; |
0046B7C1 |. 52 PUSH EDX ; |hInst
0046B7C2 |. FF15 A0624800 CALL DWORD PTR DS:[<&USER32.DialogBoxPar>; \DialogBoxParamA
//装备
0046C043 |. 52 PUSH EDX ; /lParam
0046C044 |. 68 36CF4600 PUSH 雪芸.0046CF36 ; |DlgProc = 雪芸.0046CF36
0046C049 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
0046C04C |. 8B48 04 MOV ECX,DWORD PTR DS:[EAX+4] ; |
0046C04F |. 51 PUSH ECX ; |hOwner
0046C050 |. 68 48010000 PUSH 148 ; |pTemplate = 148
0046C055 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8] ; |
0046C058 |. 52 PUSH EDX ; |hInst
0046C059 |. FF15 A0624800 CALL DWORD PTR DS:[<&USER32.DialogBoxPar>; \DialogBoxParamA
//
0046D0A2 |. 50 PUSH EAX ; /lParam
0046D0A3 |. 68 F8D04600 PUSH 雪芸.0046D0F8 ; |DlgProc = 雪芸.0046D0F8
0046D0A8 |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C] ; |
0046D0AB |. 51 PUSH ECX ; |hOwner
0046D0AC |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8] ; |
0046D0AF |. 81E2 FFFF0000 AND EDX,0FFFF ; |
0046D0B5 |. 52 PUSH EDX ; |pTemplate
0046D0B6 |. A1 606A4B00 MOV EAX,DWORD PTR DS:[4B6A60] ; |
0046D0BB |. 50 PUSH EAX ; |hInst => NULL
0046D0BC |. FF15 A0624800 CALL DWORD PTR DS:[<&USER32.DialogBoxPar>; \DialogBoxParamA
0046D0D2 |. 50 PUSH EAX ; /lParam
0046D0D3 |. 68 F8D04600 PUSH 雪芸.0046D0F8 ; |pDlgProc = 雪芸.0046D0F8
0046D0D8 |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C] ; |
0046D0DB |. 51 PUSH ECX ; |hOwner
0046D0DC |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8] ; |
0046D0DF |. 81E2 FFFF0000 AND EDX,0FFFF ; |
0046D0E5 |. 52 PUSH EDX ; |pTemplate
0046D0E6 |. A1 606A4B00 MOV EAX,DWORD PTR DS:[4B6A60] ; |
0046D0EB |. 50 PUSH EAX ; |hInst => NULL
0046D0EC |. FF15 B0624800 CALL DWORD PTR DS:[<&USER32.CreateDialog>; \CreateDialogParamA
//部队情报一览
00479F72 |. 52 PUSH EDX ; /lParam
00479F73 |. 68 9CAE4700 PUSH 雪芸.0047AE9C ; |DlgProc = 雪芸.0047AE9C
00479F78 |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C] ; |
00479F7B |. 50 PUSH EAX ; |hOwner
00479F7C |. 68 BA000000 PUSH 0BA ; |pTemplate = BA
00479F81 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
00479F84 |. 51 PUSH ECX ; |hInst
00479F85 |. FF15 A0624800 CALL DWORD PTR DS:[<&USER32.DialogBoxPar>; \DialogBoxParamA
41A391处,为游戏中调用读档的功能
0041A389 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0041A38B |. 8D8D 74FDFFFF LEA ECX,DWORD PTR SS:[EBP-28C] ; |
0041A391 |. E8 464C0500 CALL 雪芸.0046EFDC ; \雪芸.0046EFDC
41A4B0处,为战斗中调用存档的功能
0041A4A8 |. 6A 01 PUSH 1 ; /Arg1 = 00000001
0041A4AA |. 8D8D 74FDFFFF LEA ECX,DWORD PTR SS:[EBP-28C] ; |
0041A4B0 |. E8 274B0500 CALL 雪芸.0046EFDC ; \雪芸.0046EFDC
//调用存档读档的对话框
0046EFDC /$ 55 PUSH EBP
0046EFDD |. 8BEC MOV EBP,ESP
0046EFDF |. 51 PUSH ECX
0046EFE0 |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0046EFE3 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0046EFE6 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0046EFE9 |. 8988 78020000 MOV DWORD PTR DS:[EAX+278],ECX
0046EFEF |. 837D 08 00 CMP DWORD PTR SS:[EBP+8],0
0046EFF3 |. 74 0A JE SHORT 雪芸.0046EFFF 是读档,跳转到读档处
0046EFF5 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0046EFF8 |. C742 44 0D000>MOV DWORD PTR DS:[EDX+44],100000D
0046EFFF |> 837D 08 00 CMP DWORD PTR SS:[EBP+8],0
0046F003 |. 74 15 JE SHORT 雪芸.0046F01A
0046F005 |. A1 686A4B00 MOV EAX,DWORD PTR DS:[4B6A68]
0046F00A |. 50 PUSH EAX ; /Arg2 => 00410A4C
0046F00B |. 68 52010000 PUSH 152 ; |Arg1 = 00000152 存档
0046F010 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0046F013 |. E8 80E0FFFF CALL 雪芸.0046D098 ; \雪芸.0046D098
0046F018 |. EB 14 JMP SHORT 雪芸.0046F02E
0046F01A |> 8B0D 686A4B00 MOV ECX,DWORD PTR DS:[4B6A68] ; 雪芸.00410A4C
0046F020 |. 51 PUSH ECX ; /Arg2 => 00410A4C
0046F021 |. 68 51010000 PUSH 151 ; |Arg1 = 00000151 读档
0046F026 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0046F029 |. E8 6AE0FFFF CALL 雪芸.0046D098 ; \雪芸.0046D098
0046F02E |> 8BE5 MOV ESP,EBP
0046F030 |. 5D POP EBP
0046F031 \. C2 0400 RETN 4
作者:
岱瀛 时间: 2007-12-30 21:33 标题: 动画效果函数
参数1:人物Data序号 +8
参数2:物品Data序号 +C
参数3:速度 +10
参数4:最高位置 +14
参数5: 开始位置 +18
参数6:音乐第几首 +1C
参数7: 是否有音乐 +20 0表示没有
004D2B66 55 PUSH EBP
004D2B67 8BEC MOV EBP,ESP
004D2B69 6A FF PUSH -1
004D2B6B 68 C4564800 PUSH WaGan.004856C4 ; 入口地址
004D2B70 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
004D2B76 50 PUSH EAX
004D2B77 64:8925 0000000>MOV DWORD PTR FS:[0],ESP
004D2B7E 81EC 300A0000 SUB ESP,0A30
004D2B84 898D C8F5FFFF MOV DWORD PTR SS:[EBP-A38],ECX
004D2B8A 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
004D2B8D 8985 ECFEFFFF MOV DWORD PTR SS:[EBP-114],EAX
004D2B93 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
004D2B99 E8 1207F3FF CALL WaGan.004032B0
004D2B9E 8B8D ECFEFFFF MOV ECX,DWORD PTR SS:[EBP-114]
004D2BA4 6BC9 48 IMUL ECX,ECX,48
004D2BA7 81C1 0000D600 ADD ECX,0D60000
004D2BAD E8 2A4FFAFF CALL WaGan.00477ADC
004D2BB2 8885 E8FEFFFF MOV BYTE PTR SS:[EBP-118],AL
004D2BB8 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-118]
004D2BBE 81E1 FF000000 AND ECX,0FF
004D2BC4 6BC9 24 IMUL ECX,ECX,24
004D2BC7 81C1 502C4B00 ADD ECX,WaGan.004B2C50
004D2BCD E8 8E07F3FF CALL WaGan.00403360
004D2BD2 66:8B00 MOV AX,WORD PTR DS:[EAX]
004D2BD5 50 PUSH EAX
004D2BD6 E8 A3CEF7FF CALL WaGan.0044FA7E
004D2BDB 83C4 04 ADD ESP,4
004D2BDE 8985 CCF5FFFF MOV DWORD PTR SS:[EBP-A34],EAX
004D2BE4 8995 D0F5FFFF MOV DWORD PTR SS:[EBP-A30],EDX
004D2BEA 8B8D CCF5FFFF MOV ECX,DWORD PTR SS:[EBP-A34]
004D2BF0 898D E0FEFFFF MOV DWORD PTR SS:[EBP-120],ECX
004D2BF6 8B95 D0F5FFFF MOV EDX,DWORD PTR SS:[EBP-A30]
004D2BFC 8995 E4FEFFFF MOV DWORD PTR SS:[EBP-11C],EDX
004D2C02 8D85 E0F5FFFF LEA EAX,DWORD PTR SS:[EBP-A20]
004D2C08 50 PUSH EAX
004D2C09 6A 30 PUSH 30
004D2C0B 6A 30 PUSH 30
004D2C0D 8B8D E4FEFFFF MOV ECX,DWORD PTR SS:[EBP-11C]
004D2C13 51 PUSH ECX
004D2C14 8B95 E0FEFFFF MOV EDX,DWORD PTR SS:[EBP-120]
004D2C1A 52 PUSH EDX
004D2C1B E8 31B6FAFF CALL WaGan.0047E251
004D2C20 83C4 14 ADD ESP,14
004D2C23 68 F0BB4800 PUSH WaGan.0048BBF0 ; ASCII "YOYO.WA"
004D2C28 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
004D2C2E E8 02CFF4FF CALL WaGan.0041FB35
004D2C33 6A 04 PUSH 4
004D2C35 6A 00 PUSH 0
004D2C37 68 00690000 PUSH 6900
004D2C3C B9 C8E44A00 MOV ECX,WaGan.004AE4C8
004D2C41 E8 FACDFAFF CALL WaGan.0047FA40 ; ebp-4
004D2C46 50 PUSH EAX
004D2C47 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
004D2C4A 50 PUSH EAX
004D2C4B 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
004D2C51 E8 33D0F4FF CALL WaGan.0041FC89
004D2C56 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
004D2C5C E8 6466F4FF CALL WaGan.004192C5
004D2C61 8B45 20 MOV EAX,DWORD PTR SS:[EBP+20]
004D2C64 85C0 TEST EAX,EAX
004D2C66 74 10 JE SHORT WaGan.004D2C78
004D2C68 6A 01 PUSH 1
004D2C6A 8B45 1C MOV EAX,DWORD PTR SS:[EBP+1C]
004D2C6D 50 PUSH EAX
004D2C6E B9 B0694B00 MOV ECX,WaGan.004B69B0
004D2C73 E8 021AFAFF CALL WaGan.0047467A
004D2C78 8B45 18 MOV EAX,DWORD PTR SS:[EBP+18]
004D2C7B 8985 DCF5FFFF MOV DWORD PTR SS:[EBP-A24],EAX
004D2C81 EB 0F JMP SHORT WaGan.004D2C92
004D2C83 8B8D DCF5FFFF MOV ECX,DWORD PTR SS:[EBP-A24]
004D2C89 034D 10 ADD ECX,DWORD PTR SS:[EBP+10]
004D2C8C 898D DCF5FFFF MOV DWORD PTR SS:[EBP-A24],ECX
004D2C92 8B5D 14 MOV EBX,DWORD PTR SS:[EBP+14]
004D2C95 399D DCF5FFFF CMP DWORD PTR SS:[EBP-A24],EBX
004D2C9B 90 NOP
004D2C9C 73 7F JNB SHORT WaGan.004D2D1D
004D2C9E E8 38B9F4FF CALL WaGan.0041E5DB
004D2CA3 6A 04 PUSH 4
004D2CA5 8D95 E0F5FFFF LEA EDX,DWORD PTR SS:[EBP-A20]
004D2CAB 52 PUSH EDX
004D2CAC 6A 30 PUSH 30
004D2CAE 6A 30 PUSH 30
004D2CB0 8B85 E4FEFFFF MOV EAX,DWORD PTR SS:[EBP-11C]
004D2CB6 50 PUSH EAX
004D2CB7 8B8D E0FEFFFF MOV ECX,DWORD PTR SS:[EBP-120]
004D2CBD 51 PUSH ECX
004D2CBE E8 50ECF7FF CALL WaGan.00451913
004D2CC3 83C4 18 ADD ESP,18
004D2CC6 6A 04 PUSH 4
004D2CC8 6A 04 PUSH 4
004D2CCA 6A 00 PUSH 0
004D2CCC 68 00690000 PUSH 6900
004D2CD1 B9 C8E44A00 MOV ECX,WaGan.004AE4C8
004D2CD6 E8 65CDFAFF CALL WaGan.0047FA40
004D2CDB 50 PUSH EAX
004D2CDC 6A 20 PUSH 20
004D2CDE 6A 20 PUSH 20
004D2CE0 8B95 E4FEFFFF MOV EDX,DWORD PTR SS:[EBP-11C]
004D2CE6 83C2 07 ADD EDX,7
004D2CE9 2B95 DCF5FFFF SUB EDX,DWORD PTR SS:[EBP-A24]
004D2CEF 52 PUSH EDX
004D2CF0 8B85 E0FEFFFF MOV EAX,DWORD PTR SS:[EBP-120]
004D2CF6 83C0 08 ADD EAX,8
004D2CF9 50 PUSH EAX
004D2CFA E8 14ECF7FF CALL WaGan.00451913
004D2CFF 83C4 18 ADD ESP,18
004D2D02 6A 01 PUSH 1
004D2D04 B9 181B4B00 MOV ECX,WaGan.004B1B18
004D2D09 E8 3206F3FF CALL WaGan.00403340
004D2D0E E8 CD97F5FF CALL WaGan.0042C4E0
004D2D13 E8 DEB8F4FF CALL WaGan.0041E5F6
004D2D18 ^ E9 66FFFFFF JMP WaGan.004D2C83
004D2D1D 6A 05 PUSH 5
004D2D1F B9 181B4B00 MOV ECX,WaGan.004B1B18
004D2D24 E8 1706F3FF CALL WaGan.00403340
004D2D29 E8 B297F5FF CALL WaGan.0042C4E0
004D2D2E 8BE5 MOV ESP,EBP
004D2D30 5D POP EBP
004D2D31 C2 1C00 RETN 1C
作者:
岱瀛 时间: 2007-12-30 21:33 标题: 动画
Ecx:45991B
+18: 1
+14 ata序号
+10: 1表示要显示动作
+C:0--表示无经验
+8 :物品Data序号
0045991B /$ 55 PUSH EBP
0045991C |. 8BEC MOV EBP,ESP
0045991E |. 6A FF PUSH -1
00459920 |. 68 C4564800 PUSH WaGan.004856C4 ; SE 处理程序安装
00459925 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
0045992B |. 50 PUSH EAX
0045992C |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
00459933 |. 81EC 300A0000 SUB ESP,0A30
00459939 |. 898D C8F5FFFF MOV DWORD PTR SS:[EBP-A38],ECX
0045993F |. C785 ECFEFFFF>MOV DWORD PTR SS:[EBP-114],0FFFF
00459949 |. 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
0045994F |. E8 5C99FAFF CALL WaGan.004032B0
00459954 |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0045995B |. 837D 10 00 CMP DWORD PTR SS:[EBP+10],0 等于0表示无动作
0045995F |. 0F84 AF020000 JE WaGan.00459C14 跳转等于结束
00459965 |. 817D 14 00020>CMP DWORD PTR SS:[EBP+14],200
0045996C |. 0F83 B6000000 JNB WaGan.00459A28 Data人物大于512跳开
00459972 |. C685 E8FEFFFF>MOV BYTE PTR SS:[EBP-118],0
00459979 |. EB 0E JMP SHORT WaGan.00459989
0045997B |> 8A85 E8FEFFFF /MOV AL,BYTE PTR SS:[EBP-118]
00459981 |. 04 01 |ADD AL,1
00459983 |. 8885 E8FEFFFF |MOV BYTE PTR SS:[EBP-118],AL
00459989 |> 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-118]
0045998F |. 81E1 FF000000 |AND ECX,0FF
00459995 |. 83F9 73 |CMP ECX,73 比较前115个战场人物,非1战场人物的没有用
00459998 |. 0F8D 88000000 |JGE WaGan.00459A26
0045999E |. 8B8D E8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-118]
004599A4 |. 81E1 FF000000 |AND ECX,0FF
004599AA |. 6BC9 24 |IMUL ECX,ECX,24
004599AD |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004599B3 |. E8 B85C0000 |CALL WaGan.0045F670 获取武将ecx的data编号
004599B8 |. 3B45 14 |CMP EAX,DWORD PTR SS:[EBP+14]
004599BB |. 75 64 |JNZ SHORT WaGan.00459A21 不相等,下个循环
004599BD |. 8B8D E8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-118] -118是战场人物编号
004599C3 |. 81E1 FF000000 |AND ECX,0FF
004599C9 |. 6BC9 24 |IMUL ECX,ECX,24
004599CC |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004599D2 |. E8 B9F2FBFF |CALL WaGan.00418C90 取+C字节
004599D7 |. 25 FF000000 |AND EAX,0FF
004599DC |. 83F8 02 |CMP EAX,2
004599DF |. 75 40 |JNZ SHORT WaGan.00459A21 不等于2跳掉,等于2为出场,不等于为隐藏
004599E1 |. 8B8D E8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-118]
004599E7 |. 81E1 FF000000 |AND ECX,0FF
004599ED |. 6BC9 24 |IMUL ECX,ECX,24
004599F0 |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004599F6 |. E8 95920100 |CALL WaGan.00472C90 返回武将ecx的当前体力
004599FB |. 85C0 |TEST EAX,EAX
004599FD |. 76 22 |JBE SHORT WaGan.00459A21
004599FF |. 8B8D E8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-118]
00459A05 |. 81E1 FF000000 |AND ECX,0FF
00459A0B |. 6BC9 24 |IMUL ECX,ECX,24
00459A0E |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00459A14 |. E8 575C0000 |CALL WaGan.0045F670
00459A19 |. 8985 ECFEFFFF |MOV DWORD PTR SS:[EBP-114],EAX
00459A1F |. EB 05 |JMP SHORT WaGan.00459A26
00459A21 |>^ E9 55FFFFFF \JMP WaGan.0045997B
00459A26 |> EB 3F JMP SHORT WaGan.00459A67
00459A28 |> 817D 14 00040>CMP DWORD PTR SS:[EBP+14],400
00459A2F |. 72 36 JB SHORT WaGan.00459A67 Data小于1024
00459A31 |. 817D 14 03040>CMP DWORD PTR SS:[EBP+14],403
00459A38 |. 77 2D JA SHORT WaGan.00459A67
00459A3A |. 817D 14 03040>CMP DWORD PTR SS:[EBP+14],403
00459A41 |. 75 13 JNZ SHORT WaGan.00459A56
00459A43 |. 8B8D C8F5FFFF MOV ECX,DWORD PTR SS:[EBP-A38]
00459A49 |. E8 A2C6FFFF CALL WaGan.004560F0
00459A4E |. 8985 ECFEFFFF MOV DWORD PTR SS:[EBP-114],EAX
00459A54 |. EB 11 JMP SHORT WaGan.00459A67
00459A56 |> 8B8D C8F5FFFF MOV ECX,DWORD PTR SS:[EBP-A38]
00459A5C |. E8 CAC5FFFF CALL WaGan.0045602B
00459A61 |. 8985 ECFEFFFF MOV DWORD PTR SS:[EBP-114],EAX
00459A67 |> 81BD ECFEFFFF>CMP DWORD PTR SS:[EBP-114],0FFFF
00459A71 |. 0F84 9D010000 JE WaGan.00459C14 结束
00459A77 |. 6A 00 PUSH 0 ; /Arg4 = 00000000
00459A79 |. 6A 00 PUSH 0 ; |Arg3 = 00000000
00459A7B |. 6A 01 PUSH 1 ; |Arg2 = 00000001 举起武器
00459A7D |. 8B95 ECFEFFFF MOV EDX,DWORD PTR SS:[EBP-114] ; |
00459A83 |. 52 PUSH EDX ; |Arg1 人物Data
00459A84 |. 8B8D C8F5FFFF MOV ECX,DWORD PTR SS:[EBP-A38] ; |
00459A8A |. E8 00DDFFFF CALL WaGan.0045778F ; \WaGan.0045778F
00459A8F |. 8B8D ECFEFFFF MOV ECX,DWORD PTR SS:[EBP-114]
00459A95 |. 6BC9 48 IMUL ECX,ECX,48
00459A98 |. 81C1 0000D600 ADD ECX,0D60000
00459A9E |. E8 39E00100 CALL WaGan.00477ADC ; 获取战场形象编号
00459AA3 |. 8885 E8FEFFFF MOV BYTE PTR SS:[EBP-118],AL
00459AA9 |. 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-118]
00459AAF |. 81E1 FF000000 AND ECX,0FF
00459AB5 |. 6BC9 24 IMUL ECX,ECX,24
00459AB8 |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50
00459ABE |. E8 9D98FAFF CALL WaGan.00403360 对Ecx+6
00459AC3 |. 66:8B00 MOV AX,WORD PTR DS:[EAX] 取坐标(纵横)
00459AC6 |. 50 PUSH EAX ; /Arg1
00459AC7 |. E8 B25FFFFF CALL WaGan.0044FA7E ; \WaGan.0044FA7E
00459ACC |. 83C4 04 ADD ESP,4
00459ACF |. 8985 CCF5FFFF MOV DWORD PTR SS:[EBP-A34],EAX 120
00459AD5 |. 8995 D0F5FFFF MOV DWORD PTR SS:[EBP-A30],EDX F8
00459ADB |. 8B8D CCF5FFFF MOV ECX,DWORD PTR SS:[EBP-A34]
00459AE1 |. 898D E0FEFFFF MOV DWORD PTR SS:[EBP-120],ECX
00459AE7 |. 8B95 D0F5FFFF MOV EDX,DWORD PTR SS:[EBP-A30]
00459AED |. 8995 E4FEFFFF MOV DWORD PTR SS:[EBP-11C],EDX
00459AF3 |. 8D85 E0F5FFFF LEA EAX,DWORD PTR SS:[EBP-A20]
00459AF9 |. 50 PUSH EAX
00459AFA |. 6A 30 PUSH 30
00459AFC |. 6A 30 PUSH 30
00459AFE |. 8B8D E4FEFFFF MOV ECX,DWORD PTR SS:[EBP-11C]
00459B04 |. 51 PUSH ECX
00459B05 |. 8B95 E0FEFFFF MOV EDX,DWORD PTR SS:[EBP-120]
00459B0B |. 52 PUSH EDX
00459B0C |. E8 40470200 CALL WaGan.0047E251
00459B11 |. 83C4 14 ADD ESP,14
00459B14 |. 68 F0BB4800 PUSH WaGan.0048BBF0 ; /Arg1 = 0048BBF0 ASCII "Item.WA"
00459B19 |. 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110] ; |
00459B1F |. E8 1160FCFF CALL WaGan.0041FB35 ; \WaGan.0041FB35 打开Item.e5这个文件,句柄放-110
00459B24 |. 6A 04 PUSH 4 ; /Arg3 = 00000004
00459B26 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
00459B28 |. 68 00690000 PUSH 6900 ; |Arg1 = 00006900
00459B2D |. B9 C8E44A00 MOV ECX,WaGan.004AE4C8 ; |
00459B32 |. E8 095F0200 CALL WaGan.0047FA40 ; \WaGan.0047FA40
00459B37 |. 50 PUSH EAX ; /Arg2
00459B38 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; |
00459B3B |. 50 PUSH EAX ; |Arg1 物品Data号
00459B3C |. 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110] ; |
00459B42 |. E8 4261FCFF CALL WaGan.0041FC89 ; \WaGan.0041FC89 ???
00459B47 |. 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
00459B4D |. E8 73F7FBFF CALL WaGan.004192C5 关闭Item.e5这个文件文件
00459B52 |. 6A 01 PUSH 1 ; /Arg2 = 00000001
00459B54 |. 6A 0E PUSH 0E ; |Arg1 = 0000000E
00459B56 |. B9 B0694B00 MOV ECX,WaGan.004B69B0 ; |
00459B5B |. E8 1AAB0100 CALL WaGan.0047467A ; \WaGan.0047467A
00459B60 |. C785 DCF5FFFF>MOV DWORD PTR SS:[EBP-A24],0
画动画
00459B6A |. EB 0F JMP SHORT WaGan.00459B7B
00459B6C |> 8B8D DCF5FFFF /MOV ECX,DWORD PTR SS:[EBP-A24]
00459B72 |. 83C1 01 |ADD ECX,1
00459B75 |. 898D DCF5FFFF |MOV DWORD PTR SS:[EBP-A24],ECX
00459B7B |> 83BD DCF5FFFF> CMP DWORD PTR SS:[EBP-A24],8
00459B82 |. 73 7F |JNB SHORT WaGan.00459C03
00459B84 |. E8 524AFCFF |CALL WaGan.0041E5DB
00459B89 |. 6A 04 |PUSH 4 ; /Arg6 = 00000004
00459B8B |. 8D95 E0F5FFFF |LEA EDX,DWORD PTR SS:[EBP-A20] ; |
00459B91 |. 52 |PUSH EDX ; |Arg5
00459B92 |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
00459B94 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00459B96 |. 8B85 E4FEFFFF |MOV EAX,DWORD PTR SS:[EBP-11C] ; |
00459B9C |. 50 |PUSH EAX ; |Arg2
00459B9D |. 8B8D E0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-120] ; |
00459BA3 |. 51 |PUSH ECX ; |Arg1
00459BA4 |. E8 6A7DFFFF |CALL WaGan.00451913 ; \WaGan.00451913
00459BA9 |. 83C4 18 |ADD ESP,18
00459BAC |. 6A 04 |PUSH 4 ; /Arg6 = 00000004
00459BAE |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00459BB0 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00459BB2 |. 68 00690000 |PUSH 6900 ; ||Arg1 = 00006900
00459BB7 |. B9 C8E44A00 |MOV ECX,WaGan.004AE4C8 ; ||
00459BBC |. E8 7F5E0200 |CALL WaGan.0047FA40 ; |\WaGan.0047FA40
00459BC1 |. 50 |PUSH EAX ; |Arg5
00459BC2 |. 6A 20 |PUSH 20 ; |Arg4 = 00000020
00459BC4 |. 6A 20 |PUSH 20 ; |Arg3 = 00000020
00459BC6 |. 8B95 E4FEFFFF |MOV EDX,DWORD PTR SS:[EBP-11C] ; |
00459BCC |. 83C2 07 |ADD EDX,7 ; |
00459BCF |. 2B95 DCF5FFFF |SUB EDX,DWORD PTR SS:[EBP-A24] ; |
00459BD5 |. 52 |PUSH EDX ; |Arg2
00459BD6 |. 8B85 E0FEFFFF |MOV EAX,DWORD PTR SS:[EBP-120] ; |
00459BDC |. 83C0 08 |ADD EAX,8 ; |
00459BDF |. 50 |PUSH EAX ; |Arg1
00459BE0 |. E8 2E7DFFFF |CALL WaGan.00451913 ; \WaGan.00451913
00459BE5 |. 83C4 18 |ADD ESP,18
00459BE8 |. 6A 01 |PUSH 1 ; /Arg1 = 00000001
00459BEA |. B9 181B4B00 |MOV ECX,WaGan.004B1B18 ; |
00459BEF |. E8 4C97FAFF |CALL WaGan.00403340 ; \WaGan.00403340
00459BF4 |. E8 E728FDFF |CALL WaGan.0042C4E0
00459BF9 |. E8 F849FCFF |CALL WaGan.0041E5F6
00459BFE |.^ E9 69FFFFFF \JMP WaGan.00459B6C
一段动画的代码
[EBP-A24]:控制循环的变量
00459B60 |. C785 DCF5FFFF>MOV DWORD PTR SS:[EBP-A24],0
00459B6A |. EB 0F JMP SHORT WaGan.00459B7B
00459B6C |> 8B8D DCF5FFFF /MOV ECX,DWORD PTR SS:[EBP-A24]
00459B72 |. 83C1 01 |ADD ECX,1 递增
00459B75 |. 898D DCF5FFFF |MOV DWORD PTR SS:[EBP-A24],ECX
00459B7B |> 83BD DCF5FFFF> CMP DWORD PTR SS:[EBP-A24],8
00459B82 |. 73 7F |JNB SHORT WaGan.00459C03 不小于等于则转移,即大于8退出
00459B84 |. E8 524AFCFF |CALL WaGan.0041E5DB
00459B89 |. 6A 04 |PUSH 4 ; /Arg6 = 00000004
00459B8B |. 8D95 E0F5FFFF |LEA EDX,DWORD PTR SS:[EBP-A20] ; |
00459B91 |. 52 |PUSH EDX ; |Arg5
00459B92 |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
00459B94 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
00459B96 |. 8B85 E4FEFFFF |MOV EAX,DWORD PTR SS:[EBP-11C] ; |
00459B9C |. 50 |PUSH EAX ; |Arg2
00459B9D |. 8B8D E0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-120] ; |
00459BA3 |. 51 |PUSH ECX ; |Arg1
00459BA4 |. E8 6A7DFFFF |CALL WaGan.00451913 ; \WaGan.00451913
00459BA9 |. 83C4 18 |ADD ESP,18
00459BAC |. 6A 04 |PUSH 4 ; /Arg6 = 00000004
00459BAE |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
00459BB0 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
00459BB2 |. 68 00690000 |PUSH 6900 ; ||Arg1 = 00006900
00459BB7 |. B9 C8E44A00 |MOV ECX,WaGan.004AE4C8 ; ||
00459BBC |. E8 7F5E0200 |CALL WaGan.0047FA40 ; |\WaGan.0047FA40
00459BC1 |. 50 |PUSH EAX ; |Arg5
00459BC2 |. 6A 20 |PUSH 20 ; |Arg4 = 00000020
00459BC4 |. 6A 20 |PUSH 20 ; |Arg3 = 00000020
00459BC6 |. 8B95 E4FEFFFF |MOV EDX,DWORD PTR SS:[EBP-11C] ; |
00459BCC |. 83C2 07 |ADD EDX,7 ; |
00459BCF |. 2B95 DCF5FFFF |SUB EDX,DWORD PTR SS:[EBP-A24] ; |
00459BD5 |. 52 |PUSH EDX ; |Arg2
00459BD6 |. 8B85 E0FEFFFF |MOV EAX,DWORD PTR SS:[EBP-120] ; |
00459BDC |. 83C0 08 |ADD EAX,8 ; |
00459BDF |. 50 |PUSH EAX ; |Arg1
00459BE0 |. E8 2E7DFFFF |CALL WaGan.00451913 ; \WaGan.00451913
00459BE5 |. 83C4 18 |ADD ESP,18
00459BE8 |. 6A 01 |PUSH 1 ; /Arg1 = 00000001
00459BEA |. B9 181B4B00 |MOV ECX,WaGan.004B1B18 ; |
00459BEF |. E8 4C97FAFF |CALL WaGan.00403340 ; \WaGan.00403340
00459BF4 |. E8 E728FDFF |CALL WaGan.0042C4E0
00459BF9 |. E8 F849FCFF |CALL WaGan.0041E5F6 绘图
00459BFE |.^ E9 69FFFFFF \JMP WaGan.00459B6C
00459C03 |> 6A 05 PUSH 5 ; /Arg1 = 00000005
00459C03 6A 05 PUSH 5
00459C05 B9 181B4B00 MOV ECX,WaGan.004B1B18
00459C0A |. E8 3197FAFF CALL WaGan.00403340 ; \WaGan.00403340
00459C0F |. E8 CC28FDFF CALL WaGan.0042C4E0
作者:
岱瀛 时间: 2007-12-30 21:34 标题: 道具的使用
消息的响应:
0043E19F |> \8B4D D4 |MOV ECX,DWORD PTR SS:[EBP-2C] ECX是被点击武将的Ecx值
0043E1A2 |. E8 35FBFFFF |CALL 复件_Ekd.0043DCDC 道具使用的处理代码
0043E1A7 |. EB 0A |JMP SHORT 复件_Ekd.0043E1B3 返回判断
0043E116 |> /6A 02 /PUSH 2 ; /Arg1 = 00000002
0043E118 |. |8B4D D4 |MOV ECX,DWORD PTR SS:[EBP-2C] ; |
0043E11B |. |E8 D079FEFF |CALL 复件_Ekd.00425AF0 ; \复件_Ekd.00425AF0
0043E120 |. |85C0 |TEST EAX,EAX
0043E122 |. |0F85 90000000 |JNZ 复件_Ekd.0043E1B8
道具使用的处理代码
三个局部变量:
-4 值0xFF,没有什么用
-8 存放道具Data序号
-C 存放点击武将的Ecx
0043DCDC /$ 55 PUSH EBP
0043DCDD |. 8BEC MOV EBP,ESP
0043DCDF |. 83EC 0C SUB ESP,0C
0043DCE2 |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
0043DCE5 |. C645 FC FF MOV BYTE PTR SS:[EBP-4],0FF
0043DCE9 |> 6A 02 /PUSH 2 ; /Arg1 = 00000002
0043DCEB |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DCEE |. E8 FD7DFEFF |CALL 复件_Ekd.00425AF0 ; \复件_Ekd.00425AF0 判断行动是否结束
0043DCF3 |. 85C0 |TEST EAX,EAX
0043DCF5 |. 75 30 |JNZ SHORT 复件_Ekd.0043DD27 行动结束
0043DCF7 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
0043DCFA |. 50 |PUSH EAX ; /Arg1
0043DCFB |. E8 2B000000 |CALL 复件_Ekd.0043DD2B ; \复件_Ekd.0043DD2B 加载道具框列表
0043DD00 |. 83C4 04 |ADD ESP,4
0043DD03 |. 8845 F8 |MOV BYTE PTR SS:[EBP-8],AL 物品代号
0043DD06 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
0043DD09 |. 81E1 FF000000 |AND ECX,0FF
0043DD0F |. 81F9 FF000000 |CMP ECX,0FF
0043DD15 |. 75 02 |JNZ SHORT 复件_Ekd.0043DD19
0043DD17 |. EB 0E |JMP SHORT 复件_Ekd.0043DD27
0043DD19 |> 8A55 F8 |MOV DL,BYTE PTR SS:[EBP-8]
0043DD1C |. 52 |PUSH EDX ; /Arg1
0043DD1D |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C] ; |
0043DD20 |. E8 83000000 |CALL 复件_Ekd.0043DDA8 ; \复件_Ekd.0043DDA8 道具使用
0043DD25 |.^ EB C2 \JMP SHORT 复件_Ekd.0043DCE9
0043DD27 |> 8BE5 MOV ESP,EBP
0043DD29 |. 5D POP EBP
0043DD2A \. C3 RETN
道具使用代码:
参数:
08栈,物品Data序号
Ecx点击的武将Ecx值
局部变量两个:
-4 存放使用道具成功与否的返回值,0表示失败,1成功
-8 存放点击的武将Ecx值
0043DDA8 /$ 55 PUSH EBP
0043DDA9 |. 8BEC MOV EBP,ESP
0043DDAB |. 83EC 08 SUB ESP,8
0043DDAE |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
0043DDB1 |. 6A 00 PUSH 0 ; /Arg4 = 00000000
0043DDB3 |. 6A 01 PUSH 1 ; |Arg3 = 00000001
0043DDB5 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; |
0043DDB8 |. 8A48 04 MOV CL,BYTE PTR DS:[EAX+4] ; |
0043DDBB |. 51 PUSH ECX ; |Arg2
0043DDBC |. 8A55 08 MOV DL,BYTE PTR SS:[EBP+8] ; |
0043DDBF |. 52 PUSH EDX ; |Arg1
0043DDC0 |. B9 50774900 MOV ECX,复件_Ekd.00497750 ; |
0043DDC5 |. E8 79FEFDFF CALL 复件_Ekd.0041DC43 ; \复件_Ekd.0041DC43 道具使用函数
0043DDCA |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0043DDCD |. 837D FC 00 CMP DWORD PTR SS:[EBP-4],0 0表示取消,1表示成功
0043DDD1 |. 74 0A JE SHORT 复件_Ekd.0043DDDD
0043DDD3 |. 6A 06 PUSH 6 ; /Arg1 = 00000006
0043DDD5 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0043DDD8 |. E8 3B490000 CALL 复件_Ekd.00442718 ; \复件_Ekd.00442718 设置武将为行动完毕
0043DDDD |> 8BE5 MOV ESP,EBP
0043DDDF |. 5D POP EBP
0043DDE0 \. C2 0400 RETN 4
道具使用函数:
参数5个:
Ecx:00497750
+8 === 道具Data序号
+C === 一个武将相关的Ecx值
+10 === 1
+14 ==0
局部变量两个:
-4 00497750
-8 存放道具的编号,合并了三种回复HP和两种回复MP的
0041DC43 /$ 55 PUSH EBP
0041DC44 |. 8BEC MOV EBP,ESP
0041DC46 |. 83EC 08 SUB ESP,8
0041DC49 |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0041DC4C |. 8A45 0C MOV AL,BYTE PTR SS:[EBP+C]
0041DC4F |. 50 PUSH EAX ; /Arg2
0041DC50 |. 8A4D 08 MOV CL,BYTE PTR SS:[EBP+8] ; |
0041DC53 |. 51 PUSH ECX ; |Arg1 道Data序号
0041DC54 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0041DC57 |. E8 60FFFFFF CALL 复件_Ekd.0041DBBC ; \复件_Ekd.0041DBBC 对道具编号做处理,分类
0041DC5C |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0041DC5F |. 33C0 XOR EAX,EAX
0041DC61 |. 8A42 01 MOV AL,BYTE PTR DS:[EDX+1]
0041DC64 |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
0041DC67 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0041DC6A |. 83E9 3F SUB ECX,3F 区分消耗物品和辅助物品
0041DC6D |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
0041DC70 |. 837D F8 0D CMP DWORD PTR SS:[EBP-8],0D这里分了14种,其实原曹操传是17个消耗道具,但是三种恢复HP和两种回复MP
0041DC74 |. 77 50 JA SHORT 复件_Ekd.0041DCC6
0041DC76 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0041DC79 |. 33D2 XOR EDX,EDX
0041DC7B |. 8A90 35DD4100 MOV DL,BYTE PTR DS:[EAX+41DD35]
0041DD35 . 00 DB 00 豆、米、桃回复HP 的道具;
0041DD36 . 01 DB 01 神秘水和杜康酒回复MP的道具
0041DD37 . 02 DB 02 止咳药、万能药等恢复状态类道具
0041DD38 . 02 DB 02
0041DD39 . 02 DB 02
0041DD3A . 02 DB 02
0041DD3B . 02 DB 02
0041DD3C . 03 DB 03 五果
0041DD3D . 03 DB 03
0041DD3E . 03 DB 03
0041DD3F . 03 DB 03
0041DD40 . 03 DB 03
0041DD41 . 04 DB 04 经验果
0041DD42 . 05 DB 05 印授
0041DC81 |. FF2495 19DD41>JMP DWORD PTR DS:[EDX*4+41DD19]
恢复HP道具
0041DC88 |> 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+10]
0041DC8B |. 51 PUSH ECX ; /Arg1
0041DC8C |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0041DC8F |. E8 4BF0FFFF CALL 复件_Ekd.0041CCDF ; \复件_Ekd.0041CCDF
0041DC94 |. EB 30 JMP SHORT 复件_Ekd.0041DCC6
恢复MP道具
0041DC96 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041DC99 |. E8 9FF1FFFF CALL 复件_Ekd.0041CE3D
0041DC9E |. EB 26 JMP SHORT 复件_Ekd.0041DCC6
恢复状态
0041DCA0 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041DCA3 |. E8 B9F2FFFF CALL 复件_Ekd.0041CF61
0041DCA8 |. EB 1C JMP SHORT 复件_Ekd.0041DCC6
五果等加强状态
0041DCAA |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041DCAD |. E8 CEF3FFFF CALL 复件_Ekd.0041D080
0041DCB2 |. EB 12 JMP SHORT 复件_Ekd.0041DCC6
经验果加等级
0041DCB4 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041DCB7 |. E8 1DF7FFFF CALL 复件_Ekd.0041D3D9
0041DCBC |. EB 08 JMP SHORT 复件_Ekd.0041DCC6
印授兵种转职
0041DCBE |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041DCC1 |. E8 15F8FFFF CALL 复件_Ekd.0041D4DB
最后的处理
0041DCC6 |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0041DCC9 |. 837A 1C 00 CMP DWORD PTR DS:[EDX+1C],0
0041DCCD |. 74 3E JE SHORT 复件_Ekd.0041DD0D 退出,取消
0041DCCF |. 837D 14 00 CMP DWORD PTR SS:[EBP+14],0
0041DCD3 |. 75 10 JNZ SHORT 复件_Ekd.0041DCE5
0041DCD5 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0041DCD8 |. 8A08 MOV CL,BYTE PTR DS:[EAX]
0041DCDA |. 51 PUSH ECX ; /Arg1 物品Data序号,比如武力果是98
0041DCDB |. B9 70074B00 MOV ECX,复件_Ekd.004B0770 ; |
0041DCE0 |. E8 70FCFEFF CALL 复件_Ekd.0040D955 ; \复件_Ekd.0040D955 对仓库的操作
0041DCE5 |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0041DCE8 |. 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
0041DCEB |. E8 80190400 CALL 复件_Ekd.0045F670 获取武将ecx的data编号,被使用道具的武将
0041DCF0 |. 50 PUSH EAX ; /Arg1
0041DCF1 |. E8 0BBD0500 CALL 复件_Ekd.00479A01 ; \复件_Ekd.00479A01
0041DCF6 |. 83C4 04 ADD ESP,4
0041DCF9 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0041DCFC |. 8B48 04 MOV ECX,DWORD PTR DS:[EAX+4]
0041DCFF |. E8 6C190400 CALL 复件_Ekd.0045F670 获取武将ecx的data编号,使用道具的武将
0041DD04 |. 50 PUSH EAX ; /Arg1
0041DD05 |. E8 F7BC0500 CALL 复件_Ekd.00479A01 ; \复件_Ekd.00479A01
0041DD0A |. 83C4 04 ADD ESP,4
0041DD0D |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041DD10 |. 8B41 1C MOV EAX,DWORD PTR DS:[ECX+1C]
0041DD13 |. 8BE5 MOV ESP,EBP
0041DD15 |. 5D POP EBP
0041DD16 \. C2 1000 RETN 10
0041D080 五果使用函数
[EBP-18]存放点到武将的Ecx,后面存放被点武将的Ecx
[EBP-4] FF
[EBP-8]
[EBP-C]存放的是人物能力的五围中的一围
[EBP-10]存放果子的效果,曹操传中是1
[EBP-14]存放人物部队攻防五围中的一围
0041D080 /$ 55 PUSH EBP
0041D081 |. 8BEC MOV EBP,ESP
0041D083 |. 83EC 20 SUB ESP,20
0041D086 |. 894D E8 MOV DWORD PTR SS:[EBP-18],ECX
0041D089 |. C645 EC 00 MOV BYTE PTR SS:[EBP-14],0
0041D08D |. C645 F4 00 MOV BYTE PTR SS:[EBP-C],0
0041D091 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
0041D094 |. 8B48 14 MOV ECX,DWORD PTR DS:[EAX+14]
0041D097 |. E8 D40C0000 CALL 复件_Ekd.0041DD70 获取道具ecx的1级值,辅助则为特殊效果值
0041D09C |. 25 FF000000 AND EAX,0FF
0041D0A1 |. 99 CDQ
0041D0A2 |. 2BC2 SUB EAX,EDX
0041D0A4 |. D1F8 SAR EAX,1
0041D0A6 |. 8845 F0 MOV BYTE PTR SS:[EBP-10],AL
0041D0A9 |. C645 FC FF MOV BYTE PTR SS:[EBP-4],0FF
0041D0AD |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
0041D0B0 |. 8A11 MOV DL,BYTE PTR DS:[ECX]
0041D0B2 |. 52 PUSH EDX ; /Arg4
0041D0B3 |. 6A 04 PUSH 4 ; |Arg3 = 00000004
0041D0B5 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D0B8 |. 8A48 18 MOV CL,BYTE PTR DS:[EAX+18] ; |
0041D0BB |. 51 PUSH ECX ; |Arg2
0041D0BC |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18] ; |
0041D0BF |. 8A42 02 MOV AL,BYTE PTR DS:[EDX+2] ; |
0041D0C2 |. 50 PUSH EAX ; |Arg1
0041D0C3 |. B9 50424B00 MOV ECX,复件_Ekd.004B4250 ; |
0041D0C8 |. E8 70820300 CALL 复件_Ekd.0045533D ; \复件_Ekd.0045533D
这个函数又是一个消息监听处理,等待属标点到攻击对象或者点右键取消
(call 453b13是显示攻击范围,call 4541A9是监听)
0041D0CD |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
0041D0D0 |. 8841 03 MOV BYTE PTR DS:[ECX+3],AL
0041D0D3 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
0041D0D6 |. 33C0 XOR EAX,EAX
0041D0D8 |. 8A42 03 MOV AL,BYTE PTR DS:[EDX+3]
0041D0DB |. 3D FF000000 CMP EAX,0FF Eax是战场编号
0041D0E0 |. 75 05 JNZ SHORT 复件_Ekd.0041D0E7
0041D0E2 |. E9 C6020000 JMP 复件_Ekd.0041D3AD
0041D0E7 |> 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
0041D0EA |. 33D2 XOR EDX,EDX
0041D0EC |. 8A51 03 MOV DL,BYTE PTR DS:[ECX+3]
0041D0EF |. 6BD2 24 IMUL EDX,EDX,24
0041D0F2 |. 81C2 502C4B00 ADD EDX,复件_Ekd.004B2C50
0041D0F8 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
0041D0FB |. 8950 08 MOV DWORD PTR DS:[EAX+8],EDX
0041D0FE |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
0041D101 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8] Ecx是点击到的武将的Ecx值
0041D104 |. E8 67250400 CALL 复件_Ekd.0045F670 获取武将ecx的data编号
0041D109 |. 6BC0 48 IMUL EAX,EAX,48
0041D10C |. 05 681B4A00 ADD EAX,复件_Ekd.004A1B68
0041D111 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
0041D114 |. 8942 10 MOV DWORD PTR DS:[EDX+10],EAX
0041D117 |. 6A 00 PUSH 0 ; /Arg3 = 00000000
0041D119 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D11C |. 8A48 03 MOV CL,BYTE PTR DS:[EAX+3] ; |
0041D11F |. 51 PUSH ECX ; |Arg2
0041D120 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18] ; |
0041D123 |. 8A02 MOV AL,BYTE PTR DS:[EDX] ; |
0041D125 |. 50 PUSH EAX ; |Arg1
0041D126 |. E8 BEF3FFFF CALL 复件_Ekd.0041C4E9 ; \复件_Ekd.0041C4E9
0041D12B |. 83C4 0C ADD ESP,0C
0041D12E |. 85C0 TEST EAX,EAX
0041D130 |. 75 05 JNZ SHORT 复件_Ekd.0041D137
0041D132 |. E9 76020000 JMP 复件_Ekd.0041D3AD
0041D137 |> 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
0041D13A |. 33D2 XOR EDX,EDX
0041D13C |. 8A51 01 MOV DL,BYTE PTR DS:[ECX+1]
0041D13F |. 8955 E4 MOV DWORD PTR SS:[EBP-1C],EDX
0041D142 |. 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
0041D145 |. 83E8 46 SUB EAX,46
0041D148 |. 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
0041D14B |. 837D E4 04 CMP DWORD PTR SS:[EBP-1C],4
0041D14F |. 0F87 08010000 JA 复件_Ekd.0041D25D
0041D155 |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
0041D158 |. FF248D B1D341>JMP DWORD PTR DS:[ECX*4+41D3B1]
0041D3B1 . 5FD14100 DD 复件_Ekd.0041D15F ; 武力果
0041D3B5 . 94D14100 DD 复件_Ekd.0041D194 智力果
0041D3B9 . C9D14100 DD 复件_Ekd.0041D1C9 统御果
0041D3BD . FBD14100 DD 复件_Ekd.0041D1FB 敏捷果
0041D3C1 . 2DD24100 DD 复件_Ekd.0041D22D 好运果
0041D15F |> 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
0041D162 |. 8B4A 10 MOV ECX,DWORD PTR DS:[EDX+10]
0041D165 |. E8 060C0000 CALL 复件_Ekd.0041DD70 获取武将ecx的攻击力,不含装备加成效果 (ECX+11)攻击力
0041D16A |. 8845 EC MOV BYTE PTR SS:[EBP-14],AL
0041D16D |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0041D16F |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D172 |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D175 |. E8 B60C0000 CALL 复件_Ekd.0041DE30 ; \复件_Ekd.0041DE30 获取ecx武将的武力
0041D17A |. 8845 F4 MOV BYTE PTR SS:[EBP-C],AL
0041D17D |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
0041D180 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8]
0041D183 |. E8 080E0000 CALL 复件_Ekd.0041DF90 获取武将ecx的攻击力状态
0041D188 |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
0041D18B |. C645 FC 22 MOV BYTE PTR SS:[EBP-4],22
0041D18F |. E9 C9000000 JMP 复件_Ekd.0041D25D
0041D194 |> 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
0041D197 |. 8B4A 10 MOV ECX,DWORD PTR DS:[EDX+10]
0041D19A |. E8 510C0000 CALL 复件_Ekd.0041DDF0 获取武将ecx的精神力,不含装备加成效果 (ecx+15)精神力
0041D19F |. 8845 EC MOV BYTE PTR SS:[EBP-14],AL
0041D1A2 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0041D1A4 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D1A7 |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D1AA |. E8 010D0000 CALL 复件_Ekd.0041DEB0 ; \复件_Ekd.0041DEB0 获取ecx武将的智力
0041D1AF |. 8845 F4 MOV BYTE PTR SS:[EBP-C],AL
0041D1B2 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
0041D1B5 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8]
0041D1B8 |. E8 130E0000 CALL 复件_Ekd.0041DFD0 获取武将ecx的精神力状态
0041D1BD |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
0041D1C0 |. C645 FC 22 MOV BYTE PTR SS:[EBP-4],22
0041D1C4 |. E9 94000000 JMP 复件_Ekd.0041D25D
0041D1C9 |> 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
0041D1CC |. 8B4A 10 MOV ECX,DWORD PTR DS:[EDX+10]
0041D1CF |. E8 DC0B0000 CALL 复件_Ekd.0041DDB0 获取武将ecx的防御力, 不含装备加成效果 (ecx+13防御力)
0041D1D4 |. 8845 EC MOV BYTE PTR SS:[EBP-14],AL
0041D1D7 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0041D1D9 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D1DC |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D1DF |. E8 8C0C0000 CALL 复件_Ekd.0041DE70 ; \复件_Ekd.0041DE70 获取ecx的统御力
0041D1E4 |. 8845 F4 MOV BYTE PTR SS:[EBP-C],AL
0041D1E7 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
0041D1EA |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8]
0041D1ED |. E8 BE0D0000 CALL 复件_Ekd.0041DFB0 获取武将ecx的防御力状态
0041D1F2 |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
0041D1F5 |. C645 FC 23 MOV BYTE PTR SS:[EBP-4],23
0041D1F9 |. EB 62 JMP SHORT 复件_Ekd.0041D25D
0041D1FB |> 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
0041D1FE |. 8B4A 10 MOV ECX,DWORD PTR DS:[EDX+10]
0041D201 |. E8 8A0D0000 CALL 复件_Ekd.0041DF90 获取武将ecx的爆发力, 不含装备加成效果 (ecx+17爆发力)
0041D206 |. 8845 EC MOV BYTE PTR SS:[EBP-14],AL
0041D209 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0041D20B |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D20E |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D211 |. E8 1A0D0000 CALL 复件_Ekd.0041DF30 ; \复件_Ekd.0041DF30 获取ecx武将的敏捷
0041D216 |. 8845 F4 MOV BYTE PTR SS:[EBP-C],AL
0041D219 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
0041D21C |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8]
0041D21F |. E8 CC0D0000 CALL 复件_Ekd.0041DFF0 获取武将ecx的爆发力的状态
0041D224 |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
0041D227 |. C645 FC 24 MOV BYTE PTR SS:[EBP-4],24
0041D22B |. EB 30 JMP SHORT 复件_Ekd.0041D25D
0041D22D |> 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
0041D230 |. 8B4A 10 MOV ECX,DWORD PTR DS:[EDX+10]
0041D233 |. E8 780D0000 CALL 复件_Ekd.0041DFB0 获取武将ecx的士气, 不含装备加成效果 (ecx+19士气)
0041D238 |. 8845 EC MOV BYTE PTR SS:[EBP-14],AL
0041D23B |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0041D23D |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D240 |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D243 |. E8 A80C0000 CALL 复件_Ekd.0041DEF0 ; \复件_Ekd.0041DEF0 获取ecx武将的运气
0041D248 |. 8845 F4 MOV BYTE PTR SS:[EBP-C],AL
0041D24B |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
0041D24E |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8]
0041D251 |. E8 BA0D0000 CALL 复件_Ekd.0041E010 获取武将ecx的士气的状态
0041D256 |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
0041D259 |. C645 FC 25 MOV BYTE PTR SS:[EBP-4],25
0041D25D |> 68 FF000000 PUSH 0FF ; /Arg3 = 000000FF
0041D262 |. 8A55 F0 MOV DL,BYTE PTR SS:[EBP-10] ; |
0041D265 |. 52 PUSH EDX ; |Arg2
0041D266 |. 8A45 EC MOV AL,BYTE PTR SS:[EBP-14] ; |
0041D269 |. 50 PUSH EAX ; |Arg1
0041D26A |. E8 46280600 CALL 复件_Ekd.0047FAB5 ; \复件_Ekd.0047FAB5 求吃果后的作用,[EBP-14]+[EBP-10],如果大于FF则为FF
0041D26F |. 83C4 0C ADD ESP,0C
0041D272 |. 8845 EC MOV BYTE PTR SS:[EBP-14],AL
0041D275 |. 6A 32 PUSH 32 ; /Arg3 = 00000032
0041D277 |. 8A4D F0 MOV CL,BYTE PTR SS:[EBP-10] ; |
0041D27A |. 51 PUSH ECX ; |Arg2
0041D27B |. 8A55 F4 MOV DL,BYTE PTR SS:[EBP-C] ; |
0041D27E |. 52 PUSH EDX ; |Arg1
0041D27F |. E8 31280600 CALL 复件_Ekd.0047FAB5 ; \复件_Ekd.0047FAB5求吃果后的作用,[EBP-C]+[EBP-10],如果大于100则为100
0041D284 |. 83C4 0C ADD ESP,0C
0041D287 |. 8845 F4 MOV BYTE PTR SS:[EBP-C],AL
0041D28A |. 8A45 FC MOV AL,BYTE PTR SS:[EBP-4]
0041D28D |. 50 PUSH EAX ; /Arg1
0041D28E |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
0041D291 |. E8 CCF4FFFF CALL 复件_Ekd.0041C762 ; \复件_Ekd.0041C762 画图
0041D296 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; 复件_Ekd.00497750
0041D299 |. 33D2 XOR EDX,EDX
0041D29B |. 8A51 01 MOV DL,BYTE PTR DS:[ECX+1]
0041D29E |. 8955 E0 MOV DWORD PTR SS:[EBP-20],EDX
0041D2A1 |. 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
0041D2A4 |. 83E8 46 SUB EAX,46
0041D2A7 |. 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX
0041D2AA |. 837D E0 04 CMP DWORD PTR SS:[EBP-20],4
0041D2AE |. 0F87 F9000000 JA 复件_Ekd.0041D3AD
0041D2B4 |. 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-20]
0041D2B7 |. FF248D C5D341>JMP DWORD PTR DS:[ECX*4+41D3C5]
0041D3C5 . BED24100 DD 复件_Ekd.0041D2BE ; 分支表 被用于 0041D2B7
0041D3C9 . F0D24100 DD 复件_Ekd.0041D2F0
0041D3CD . 22D34100 DD 复件_Ekd.0041D322
0041D3D1 . 51D34100 DD 复件_Ekd.0041D351
0041D3D5 . 80D34100 DD 复件_Ekd.0041D380
0041D2BE |> 8A55 EC MOV DL,BYTE PTR SS:[EBP-14]
0041D2C1 |. 52 PUSH EDX ; /Arg1
0041D2C2 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D2C5 |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D2C8 |. E8 C30A0000 CALL 复件_Ekd.0041DD90 ; \复件_Ekd.0041DD90 设置ecx武将攻击力
0041D2CD |. 8A4D F4 MOV CL,BYTE PTR SS:[EBP-C]
0041D2D0 |. 51 PUSH ECX ; /Arg1
0041D2D1 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18] ; |
0041D2D4 |. 8B4A 10 MOV ECX,DWORD PTR DS:[EDX+10] ; |
0041D2D7 |. E8 740B0000 CALL 复件_Ekd.0041DE50 ; \复件_Ekd.0041DE50 设置ecx武将武力
0041D2DC |. 6A 01 PUSH 1 ; /Arg2 = 00000001
0041D2DE |. 6A 00 PUSH 0 ; |Arg1 = 00000000
0041D2E0 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D2E3 |. 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8] ; |
0041D2E6 |. E8 A3260200 CALL 复件_Ekd.0043F98E ; \复件_Ekd.0043F98E 上升降武将ecx的攻击力状态。
0041D2EB |. E9 BD000000 JMP 复件_Ekd.0041D3AD
0041D2F0 |> 8A4D EC MOV CL,BYTE PTR SS:[EBP-14]
0041D2F3 |. 51 PUSH ECX ; /Arg1
0041D2F4 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18] ; |
0041D2F7 |. 8B4A 10 MOV ECX,DWORD PTR DS:[EDX+10] ; |
0041D2FA |. E8 110B0000 CALL 复件_Ekd.0041DE10 ; \复件_Ekd.0041DE10 设置ecx武将精神力
0041D2FF |. 8A45 F4 MOV AL,BYTE PTR SS:[EBP-C]
0041D302 |. 50 PUSH EAX ; /Arg1
0041D303 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
0041D306 |. 8B49 10 MOV ECX,DWORD PTR DS:[ECX+10] ; |
0041D309 |. E8 C20B0000 CALL 复件_Ekd.0041DED0 ; \复件_Ekd.0041DED0 设置ecx武将智力
0041D30E |. 6A 01 PUSH 1 ; /Arg2 = 00000001
0041D310 |. 6A 02 PUSH 2 ; |Arg1 = 00000002
0041D312 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18] ; |
0041D315 |. 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8] ; |
0041D318 |. E8 71260200 CALL 复件_Ekd.0043F98E ; \复件_Ekd.0043F98E上升降武将ecx的精神力状态
0041D31D |. E9 8B000000 JMP 复件_Ekd.0041D3AD
0041D322 |> 8A45 EC MOV AL,BYTE PTR SS:[EBP-14]
0041D325 |. 50 PUSH EAX ; /Arg1
0041D326 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
0041D329 |. 8B49 10 MOV ECX,DWORD PTR DS:[ECX+10] ; |
0041D32C |. E8 9F0A0000 CALL 复件_Ekd.0041DDD0 ; \复件_Ekd.0041DDD0 设置ecx武将防御力
0041D331 |. 8A55 F4 MOV DL,BYTE PTR SS:[EBP-C]
0041D334 |. 52 PUSH EDX ; /Arg1
0041D335 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D338 |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D33B |. E8 500B0000 CALL 复件_Ekd.0041DE90 ; \复件_Ekd.0041DE90 设置ecx武将统御力
0041D340 |. 6A 01 PUSH 1 ; /Arg2 = 00000001
0041D342 |. 6A 01 PUSH 1 ; |Arg1 = 00000001
0041D344 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
0041D347 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8] ; |
0041D34A |. E8 3F260200 CALL 复件_Ekd.0043F98E ; \复件_Ekd.0043F98E 上升降武将ecx的统御力状态
0041D34F |. EB 5C JMP SHORT 复件_Ekd.0041D3AD
0041D351 |> 8A55 EC MOV DL,BYTE PTR SS:[EBP-14]
0041D354 |. 52 PUSH EDX ; /Arg1
0041D355 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D358 |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D35B |. E8 F0E40300 CALL 复件_Ekd.0045B850 ; \复件_Ekd.0045B850 设置ecx武将爆发力
0041D360 |. 8A4D F4 MOV CL,BYTE PTR SS:[EBP-C]
0041D363 |. 51 PUSH ECX ; /Arg1
0041D364 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18] ; |
0041D367 |. 8B4A 10 MOV ECX,DWORD PTR DS:[EDX+10] ; |
0041D36A |. E8 E10B0000 CALL 复件_Ekd.0041DF50 ; \复件_Ekd.0041DF50 设置ecx武将敏捷
0041D36F |. 6A 01 PUSH 1 ; /Arg2 = 00000001
0041D371 |. 6A 03 PUSH 3 ; |Arg1 = 00000003
0041D373 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D376 |. 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8] ; |
0041D379 |. E8 10260200 CALL 复件_Ekd.0043F98E ; \复件_Ekd.0043F98E 上升降武将ecx的爆发力状态
0041D37E |. EB 2D JMP SHORT 复件_Ekd.0041D3AD
0041D380 |> 8A4D EC MOV CL,BYTE PTR SS:[EBP-14]
0041D383 |. 51 PUSH ECX ; /Arg1
0041D384 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18] ; |
0041D387 |. 8B4A 10 MOV ECX,DWORD PTR DS:[EDX+10] ; |
0041D38A |. E8 E1E40300 CALL 复件_Ekd.0045B870 ; \复件_Ekd.0045B870 设置ecx武将士气
0041D38F |. 8A45 F4 MOV AL,BYTE PTR SS:[EBP-C]
0041D392 |. 50 PUSH EAX ; /Arg1
0041D393 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
0041D396 |. 8B49 10 MOV ECX,DWORD PTR DS:[ECX+10] ; |
0041D399 |. E8 720B0000 CALL 复件_Ekd.0041DF10 ; \复件_Ekd.0041DF10 设置ecx武将运气
0041D39E |. 6A 01 PUSH 1 ; /Arg2 = 00000001
0041D3A0 |. 6A 04 PUSH 4 ; |Arg1 = 00000004
0041D3A2 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18] ; |
0041D3A5 |. 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8] ; |
0041D3A8 |. E8 E1250200 CALL 复件_Ekd.0043F98E ; \复件_Ekd.0043F98E 上升降武将ecx的士气状态
0041D3AD |> 8BE5 MOV ESP,EBP
0041D3AF |. 5D POP EBP
0041D3B0 \. C3 RETN
恢复HP道具
Ecx: 00497750
EBP+8 等于1
两个局部变量:
EBP-4 存放道具回复的HP数
EBP-8 存放497750
0041CCDF /$ 55 PUSH EBP
0041CCE0 |. 8BEC MOV EBP,ESP
0041CCE2 |. 83EC 08 SUB ESP,8
0041CCE5 |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
0041CCE8 |. 837D 08 00 CMP DWORD PTR SS:[EBP+8],0
0041CCEC |. 74 6C JE SHORT 复件_Ekd.0041CD5A
0041CCEE |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0041CCF1 |. 8A08 MOV CL,BYTE PTR DS:[EAX]
0041CCF3 |. 51 PUSH ECX ; /Arg4
0041CCF4 |. 6A 04 PUSH 4 ; |Arg3 = 00000004
0041CCF6 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; |
0041CCF9 |. 8A42 18 MOV AL,BYTE PTR DS:[EDX+18] ; |
0041CCFC |. 50 PUSH EAX ; |Arg2
0041CCFD |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0041CD00 |. 8A51 02 MOV DL,BYTE PTR DS:[ECX+2] ; |
0041CD03 |. 52 PUSH EDX ; |Arg1
0041CD04 |. B9 50424B00 MOV ECX,复件_Ekd.004B4250 ; |
0041CD09 |. E8 2F860300 CALL 复件_Ekd.0045533D ; \复件_Ekd.0045533D
这个函数又是一个消息监听处理,等待属标点到攻击对象或者点右键取消
(call 453b13是显示攻击范围,call 4541A9是监听)
0041CD0E |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0041CD11 |. 8841 03 MOV BYTE PTR DS:[ECX+3],AL
0041CD14 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
0041CD17 |. 33C0 XOR EAX,EAX
0041CD19 |. 8A42 03 MOV AL,BYTE PTR DS:[EDX+3]
0041CD1C |. 3D FF000000 CMP EAX,0FF EAX是战场编号
0041CD21 |. 75 05 JNZ SHORT 复件_Ekd.0041CD28
0041CD23 |. E9 0F010000 JMP 复件_Ekd.0041CE37 结束
0041CD28 |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0041CD2B |. 33D2 XOR EDX,EDX
0041CD2D |. 8A51 03 MOV DL,BYTE PTR DS:[ECX+3]
0041CD30 |. 6BD2 24 IMUL EDX,EDX,24
0041CD33 |. 81C2 502C4B00 ADD EDX,复件_Ekd.004B2C50
0041CD39 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0041CD3C |. 8950 08 MOV DWORD PTR DS:[EAX+8],EDX
0041CD3F |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0041CD42 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8]
0041CD45 |. E8 26290400 CALL 复件_Ekd.0045F670 获取武将ecx的data编号
0041CD4A |. 6BC0 48 IMUL EAX,EAX,48
0041CD4D |. 05 681B4A00 ADD EAX,复件_Ekd.004A1B68
0041CD52 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
0041CD55 |. 8942 10 MOV DWORD PTR DS:[EDX+10],EAX
0041CD58 |. EB 24 JMP SHORT 复件_Ekd.0041CD7E
0041CD5A |> 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0041CD5D |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0041CD60 |. 8A51 02 MOV DL,BYTE PTR DS:[ECX+2]
0041CD63 |. 8850 03 MOV BYTE PTR DS:[EAX+3],DL
0041CD66 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0041CD69 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0041CD6C |. 8B51 04 MOV EDX,DWORD PTR DS:[ECX+4]
0041CD6F |. 8950 08 MOV DWORD PTR DS:[EAX+8],EDX
0041CD72 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0041CD75 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0041CD78 |. 8B51 0C MOV EDX,DWORD PTR DS:[ECX+C]
0041CD7B |. 8950 10 MOV DWORD PTR DS:[EAX+10],EDX
0041CD7E |> 6A 00 PUSH 0 ; /Arg3 = 00000000
0041CD80 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; |
0041CD83 |. 8A48 03 MOV CL,BYTE PTR DS:[EAX+3] ; |
0041CD86 |. 51 PUSH ECX ; |Arg2
0041CD87 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; |
0041CD8A |. 8A02 MOV AL,BYTE PTR DS:[EDX] ; |
0041CD8C |. 50 PUSH EAX ; |Arg1
0041CD8D |. E8 57F7FFFF CALL 复件_Ekd.0041C4E9 ; \复件_Ekd.0041C4E9 判断道具是否合法,非法返回0
0041CD92 |. 83C4 0C ADD ESP,0C
0041CD95 |. 85C0 TEST EAX,EAX
0041CD97 |. 75 05 JNZ SHORT 复件_Ekd.0041CD9E
0041CD99 |. E9 99000000 JMP 复件_Ekd.0041CE37
0041CD9E |> 6A 00 PUSH 0 ; /Arg2 = 00000000
0041CDA0 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0041CDA3 |. 8A11 MOV DL,BYTE PTR DS:[ECX] ; |
0041CDA5 |. 52 PUSH EDX ; |Arg1
0041CDA6 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; |
0041CDA9 |. 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8] ; |
0041CDAC |. E8 7DF60100 CALL 复件_Ekd.0043C42E ; \复件_Ekd.0043C42E 获取恢复道具的实际效果值,超过最大HP的会去掉
0041CDB1 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0041CDB4 |. 68 FF000000 PUSH 0FF ; /Arg1 = 000000FF
0041CDB9 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0041CDBC |. E8 A1F9FFFF CALL 复件_Ekd.0041C762 ; \复件_Ekd.0041C762 使用道具的画图函数
0041CDC1 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0041CDC4 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8]
0041CDC7 |. E8 9465FEFF CALL 复件_Ekd.00403360
0041CDCC |. 50 PUSH EAX ; /Arg1
0041CDCD |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0041CDD0 |. 83C1 19 ADD ECX,19 ; |
0041CDD3 |. E8 C897FEFF CALL 复件_Ekd.004065A0 ; \复件_Ekd.004065A0
0041CDD8 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
0041CDDB |. 8A42 02 MOV AL,BYTE PTR DS:[EDX+2]
0041CDDE |. 50 PUSH EAX ; /Arg3
0041CDDF |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0041CDE2 |. 8A51 1A MOV DL,BYTE PTR DS:[ECX+1A] ; |
0041CDE5 |. 52 PUSH EDX ; |Arg2
0041CDE6 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; |
0041CDE9 |. 8A48 19 MOV CL,BYTE PTR DS:[EAX+19] ; |
0041CDEC |. 51 PUSH ECX ; |Arg1
0041CDED |. B9 50424B00 MOV ECX,复件_Ekd.004B4250 ; |
0041CDF2 |. E8 2C830300 CALL 复件_Ekd.00455123 ; \复件_Ekd.00455123 使用道具者的Mov图回复正常
0041CDF7 |. 6A 01 PUSH 1 ; /Arg8 = 00000001
0041CDF9 |. 6A 00 PUSH 0 ; |Arg7 = 00000000
0041CDFB |. 6A 00 PUSH 0 ; |Arg6 = 00000000
0041CDFD |. 6A 00 PUSH 0 ; |Arg5 = 00000000
0041CDFF |. 6A 00 PUSH 0 ; |Arg4 = 00000000
0041CE01 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
0041CE04 |. F7DA NEG EDX ; | 对恢复效果值取反
0041CE06 |. 52 PUSH EDX ; |Arg3
0041CE07 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; |
0041CE0A |. 8A48 02 MOV CL,BYTE PTR DS:[EAX+2] ; |
0041CE0D |. 51 PUSH ECX ; |Arg2
0041CE0E |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; |
0041CE11 |. 8A42 03 MOV AL,BYTE PTR DS:[EDX+3] ; |
0041CE14 |. 50 PUSH EAX ; |Arg1
0041CE15 |. E8 6A3B0300 CALL 复件_Ekd.00450984 ; \复件_Ekd.00450984 显示+HP的图
0041CE1A |. 83C4 20 ADD ESP,20
0041CE1D |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0041CE20 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8]
0041CE23 |. E8 685E0500 CALL 复件_Ekd.00472C90 获取ecx武将当前HP值
0041CE28 |. 0345 FC ADD EAX,DWORD PTR SS:[EBP-4]
0041CE2B |. 50 PUSH EAX ; /Arg1
0041CE2C |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; |
0041CE2F |. 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8] ; |
0041CE32 |. E8 96280200 CALL 复件_Ekd.0043F6CD ; \复件_Ekd.0043F6CD 设置ecx武将的HP值,如果大于加上装备后的最大值,按最大值算
0041CE37 |> 8BE5 MOV ESP,EBP
0041CE39 |. 5D POP EBP
0041CE3A \. C2 0400 RETN 4
使用回复MP道具
0041CE3D /$ 55 PUSH EBP
0041CE3E |. 8BEC MOV EBP,ESP
0041CE40 |. 83EC 08 SUB ESP,8
0041CE43 |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
0041CE46 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0041CE49 |. 8A08 MOV CL,BYTE PTR DS:[EAX]
0041CE4B |. 51 PUSH ECX ; /Arg4
0041CE4C |. 6A 04 PUSH 4 ; |Arg3 = 00000004
0041CE4E |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; |
0041CE51 |. 8A42 18 MOV AL,BYTE PTR DS:[EDX+18] ; |
0041CE54 |. 50 PUSH EAX ; |Arg2
0041CE55 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0041CE58 |. 8A51 02 MOV DL,BYTE PTR DS:[ECX+2] ; |
0041CE5B |. 52 PUSH EDX ; |Arg1
0041CE5C |. B9 50424B00 MOV ECX,复件_Ekd.004B4250 ; |
0041CE61 |. E8 D7840300 CALL 复件_Ekd.0045533D ; \复件_Ekd.0045533D
这个函数又是一个消息监听处理,等待属标点到攻击对象或者点右键取消
(call 453b13是显示攻击范围,call 4541A9是监听)
0041CE66 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0041CE69 |. 8841 03 MOV BYTE PTR DS:[ECX+3],AL
0041CE6C |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
0041CE6F |. 33C0 XOR EAX,EAX
0041CE71 |. 8A42 03 MOV AL,BYTE PTR DS:[EDX+3]
0041CE74 |. 3D FF000000 CMP EAX,0FF
0041CE79 |. 75 05 JNZ SHORT 复件_Ekd.0041CE80
0041CE7B |. E9 DD000000 JMP 复件_Ekd.0041CF5D
0041CE80 |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0041CE83 |. 33D2 XOR EDX,EDX
0041CE85 |. 8A51 03 MOV DL,BYTE PTR DS:[ECX+3]
0041CE88 |. 6BD2 24 IMUL EDX,EDX,24
0041CE8B |. 81C2 502C4B00 ADD EDX,复件_Ekd.004B2C50
0041CE91 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0041CE94 |. 8950 08 MOV DWORD PTR DS:[EAX+8],EDX
0041CE97 |. 6A 00 PUSH 0 ; /Arg3 = 00000000
0041CE99 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0041CE9C |. 8A51 03 MOV DL,BYTE PTR DS:[ECX+3] ; |
0041CE9F |. 52 PUSH EDX ; |Arg2
0041CEA0 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; |
0041CEA3 |. 8A08 MOV CL,BYTE PTR DS:[EAX] ; |
0041CEA5 |. 51 PUSH ECX ; |Arg1
0041CEA6 |. E8 3EF6FFFF CALL 复件_Ekd.0041C4E9 ; \复件_Ekd.0041C4E9
0041CEAB |. 83C4 0C ADD ESP,0C
0041CEAE |. 85C0 TEST EAX,EAX
0041CEB0 |. 75 05 JNZ SHORT 复件_Ekd.0041CEB7
0041CEB2 |. E9 A6000000 JMP 复件_Ekd.0041CF5D
0041CEB7 |> 6A 00 PUSH 0 ; /Arg2 = 00000000
0041CEB9 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; |
0041CEBC |. 8A02 MOV AL,BYTE PTR DS:[EDX] ; |
0041CEBE |. 50 PUSH EAX ; |Arg1
0041CEBF |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0041CEC2 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8] ; |
0041CEC5 |. E8 64F50100 CALL 复件_Ekd.0043C42E ; \复件_Ekd.0043C42E
0041CECA |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
0041CECD |. 68 FF000000 PUSH 0FF ; /Arg1 = 000000FF
0041CED2 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0041CED5 |. E8 88F8FFFF CALL 复件_Ekd.0041C762 ; \复件_Ekd.0041C762
0041CEDA |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
0041CEDD |. 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
0041CEE0 |. E8 7B64FEFF CALL 复件_Ekd.00403360
0041CEE5 |. 50 PUSH EAX ; /Arg1
0041CEE6 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0041CEE9 |. 83C1 19 ADD ECX,19 ; |
0041CEEC |. E8 AF96FEFF CALL 复件_Ekd.004065A0 ; \复件_Ekd.004065A0
0041CEF1 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0041CEF4 |. 8A48 02 MOV CL,BYTE PTR DS:[EAX+2]
0041CEF7 |. 51 PUSH ECX ; /Arg3
0041CEF8 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; |
0041CEFB |. 8A42 1A MOV AL,BYTE PTR DS:[EDX+1A] ; |
0041CEFE |. 50 PUSH EAX ; |Arg2
0041CEFF |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0041CF02 |. 8A51 19 MOV DL,BYTE PTR DS:[ECX+19] ; |
0041CF05 |. 52 PUSH EDX ; |Arg1
0041CF06 |. B9 50424B00 MOV ECX,复件_Ekd.004B4250 ; |
0041CF0B |. E8 13820300 CALL 复件_Ekd.00455123 ; \复件_Ekd.00455123
0041CF10 |. 6A 01 PUSH 1 ; /Arg8 = 00000001
0041CF12 |. 6A 00 PUSH 0 ; |Arg7 = 00000000
0041CF14 |. 6A 00 PUSH 0 ; |Arg6 = 00000000
0041CF16 |. 6A 00 PUSH 0 ; |Arg5 = 00000000
0041CF18 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
0041CF1B |. 25 FF000000 AND EAX,0FF ; |
0041CF20 |. F7D8 NEG EAX ; |
0041CF22 |. 50 PUSH EAX ; |Arg4
0041CF23 |. 6A 00 PUSH 0 ; |Arg3 = 00000000
0041CF25 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0041CF28 |. 8A51 02 MOV DL,BYTE PTR DS:[ECX+2] ; |
0041CF2B |. 52 PUSH EDX ; |Arg2
0041CF2C |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; |
0041CF2F |. 8A48 03 MOV CL,BYTE PTR DS:[EAX+3] ; |
0041CF32 |. 51 PUSH ECX ; |Arg1
0041CF33 |. E8 4C3A0300 CALL 复件_Ekd.00450984 ; \复件_Ekd.00450984
0041CF38 |. 83C4 20 ADD ESP,20
0041CF3B |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
0041CF3E |. 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
0041CF41 |. E8 FA580500 CALL 复件_Ekd.00472840
0041CF46 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041CF49 |. 81E1 FF000000 AND ECX,0FF
0041CF4F |. 03C1 ADD EAX,ECX
0041CF51 |. 50 PUSH EAX ; /Arg1
0041CF52 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; |
0041CF55 |. 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8] ; |
0041CF58 |. E8 B1270200 CALL 复件_Ekd.0043F70E ; \复件_Ekd.0043F70E
0041CF5D |> 8BE5 MOV ESP,EBP
0041CF5F |. 5D POP EBP
0041CF60 \. C3 RETN
使用印授函数
0041D4DB /$ 55 PUSH EBP
0041D4DC |. 8BEC MOV EBP,ESP
0041D4DE |. 6A FF PUSH -1
0041D4E0 |. 68 52524800 PUSH 复件_Ekd.00485252 ; SE 处理程序安装
0041D4E5 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
0041D4EB |. 50 PUSH EAX
0041D4EC |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
0041D4F3 |. 81EC 2C010000 SUB ESP,12C
0041D4F9 |. 53 PUSH EBX
0041D4FA |. 898D C8FEFFFF MOV DWORD PTR SS:[EBP-138],ECX
0041D500 |. 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
0041D506 |. E8 A55DFEFF CALL 复件_Ekd.004032B0
0041D50B |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0041D512 |. 8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138]
0041D518 |. 8A08 MOV CL,BYTE PTR DS:[EAX]
0041D51A |. 51 PUSH ECX ; /Arg4
0041D51B |. 6A 04 PUSH 4 ; |Arg3 = 00000004
0041D51D |. 8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138] ; |
0041D523 |. 8A42 18 MOV AL,BYTE PTR DS:[EDX+18] ; |
0041D526 |. 50 PUSH EAX ; |Arg2
0041D527 |. 8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138] ; |
0041D52D |. 8A51 02 MOV DL,BYTE PTR DS:[ECX+2] ; |
0041D530 |. 52 PUSH EDX ; |Arg1
0041D531 |. B9 50424B00 MOV ECX,复件_Ekd.004B4250 ; |
0041D536 |. E8 027E0300 CALL 复件_Ekd.0045533D ; \复件_Ekd.0045533D
这个函数又是一个消息监听处理,等待属标点到攻击对象或者点右键取消
(call 453b13是显示攻击范围,call 4541A9是监听)
0041D53B |. 8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138]
0041D541 |. 8841 03 MOV BYTE PTR DS:[ECX+3],AL
0041D544 |. 8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138]
0041D54A |. 33C0 XOR EAX,EAX
0041D54C |. 8A42 03 MOV AL,BYTE PTR DS:[EDX+3]
0041D54F |. 3D FF000000 CMP EAX,0FF
0041D554 |. 75 17 JNZ SHORT 复件_Ekd.0041D56D
0041D556 |. C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0041D55D |. 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
0041D563 |. E8 685DFEFF CALL 复件_Ekd.004032D0
0041D568 |. E9 40060000 JMP 复件_Ekd.0041DBAD
0041D56D |> 8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138]
0041D573 |. 33D2 XOR EDX,EDX
0041D575 |. 8A51 03 MOV DL,BYTE PTR DS:[ECX+3]
0041D578 |. 6BD2 24 IMUL EDX,EDX,24
0041D57B |. 81C2 502C4B00 ADD EDX,复件_Ekd.004B2C50
0041D581 |. 8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138]
0041D587 |. 8950 08 MOV DWORD PTR DS:[EAX+8],EDX
0041D58A |. 8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138]
0041D590 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8]
0041D593 |. E8 D8200400 CALL 复件_Ekd.0045F670 获取武将ecx的data编号
0041D598 |. 6BC0 48 IMUL EAX,EAX,48
0041D59B |. 05 681B4A00 ADD EAX,复件_Ekd.004A1B68
0041D5A0 |. 8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138]
0041D5A6 |. 8942 10 MOV DWORD PTR DS:[EDX+10],EAX
0041D5A9 |. 6A 00 PUSH 0 ; /Arg3 = 00000000
0041D5AB |. 8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138] ; |
0041D5B1 |. 8A48 03 MOV CL,BYTE PTR DS:[EAX+3] ; |
0041D5B4 |. 51 PUSH ECX ; |Arg2
0041D5B5 |. 8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138] ; |
0041D5BB |. 8A02 MOV AL,BYTE PTR DS:[EDX] ; |
0041D5BD |. 50 PUSH EAX ; |Arg1
0041D5BE |. E8 26EFFFFF CALL 复件_Ekd.0041C4E9 ; \复件_Ekd.0041C4E9
0041D5C3 |. 83C4 0C ADD ESP,0C
0041D5C6 |. 85C0 TEST EAX,EAX
0041D5C8 |. 75 17 JNZ SHORT 复件_Ekd.0041D5E1
0041D5CA |. C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0041D5D1 |. 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
0041D5D7 |. E8 F45CFEFF CALL 复件_Ekd.004032D0
0041D5DC |. E9 CC050000 JMP 复件_Ekd.0041DBAD
0041D5E1 |> 68 FF000000 PUSH 0FF ; /Arg1 = 000000FF
0041D5E6 |. 8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138] ; |
0041D5EC |. E8 71F1FFFF CALL 复件_Ekd.0041C762 ; \复件_Ekd.0041C762 使用道具的画图函数
0041D5F1 |. 8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138]
0041D5F7 |. 8B49 10 MOV ECX,DWORD PTR DS:[ECX+10]
0041D5FA |. E8 1190FEFF CALL 复件_Ekd.00406610 获取武将ecx的兵种
0041D5FF |. 8885 E8FEFFFF MOV BYTE PTR SS:[EBP-118],AL
0041D605 |. 6A 05 PUSH 5 ; /Arg1 = 00000005
0041D607 |. 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-118] ; |
0041D60D |. 81E1 FF000000 AND ECX,0FF ; |
0041D613 |. 6BC9 1B IMUL ECX,ECX,1B ; |
0041D616 |. 81C1 A0BF4A00 ADD ECX,复件_Ekd.004ABFA0 ; |
0041D61C |. E8 7FBFFEFF CALL 复件_Ekd.004095A0 ; \复件_Ekd.004095A0
0041D621 |. 25 FF000000 AND EAX,0FF
0041D626 |. D1E0 SHL EAX,1
0041D628 |. 8885 ECFEFFFF MOV BYTE PTR SS:[EBP-114],AL
0041D62E |. 6A 06 PUSH 6 ; /Arg1 = 00000006
0041D630 |. 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-118] ; |
0041D636 |. 81E1 FF000000 AND ECX,0FF ; |
0041D63C |. 6BC9 1B IMUL ECX,ECX,1B ; |
0041D63F |. 81C1 A0BF4A00 ADD ECX,复件_Ekd.004ABFA0 ; |
0041D645 |. E8 56BFFEFF CALL 复件_Ekd.004095A0 ; \复件_Ekd.004095A0
0041D64A |. 25 FF000000 AND EAX,0FF
0041D64F |. D1E0 SHL EAX,1
0041D651 |. 8885 E4FEFFFF MOV BYTE PTR SS:[EBP-11C],AL
0041D657 |. 8B95 ECFEFFFF MOV EDX,DWORD PTR SS:[EBP-114]
0041D65D |. 81E2 FF000000 AND EDX,0FF
0041D663 |. 52 PUSH EDX ; /Arg2
0041D664 |. 6A 05 PUSH 5 ; |Arg1 = 00000005
0041D666 |. 8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138] ; |
0041D66C |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D66F |. E8 A397FEFF CALL 复件_Ekd.00406E17 ; \复件_Ekd.00406E17
0041D674 |. 8B8D E4FEFFFF MOV ECX,DWORD PTR SS:[EBP-11C]
0041D67A |. 81E1 FF000000 AND ECX,0FF
0041D680 |. 51 PUSH ECX ; /Arg2
0041D681 |. 6A 06 PUSH 6 ; |Arg1 = 00000006
0041D683 |. 8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138] ; |
0041D689 |. 8B4A 10 MOV ECX,DWORD PTR DS:[EDX+10] ; |
0041D68C |. E8 8697FEFF CALL 复件_Ekd.00406E17 ; \复件_Ekd.00406E17
0041D691 |. 8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138]
0041D697 |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10]
0041D69A |. E8 7C9BFEFF CALL 复件_Ekd.0040721B
0041D69F |. 50 PUSH EAX ; /Arg1
0041D6A0 |. 8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138] ; |
0041D6A6 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8] ; |
0041D6A9 |. E8 1F200200 CALL 复件_Ekd.0043F6CD ; \复件_Ekd.0043F6CD
0041D6AE |. 8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138]
0041D6B4 |. 8B4A 10 MOV ECX,DWORD PTR DS:[EDX+10]
0041D6B7 |. E8 8E9BFEFF CALL 复件_Ekd.0040724A
0041D6BC |. 50 PUSH EAX ; /Arg1
0041D6BD |. 8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138] ; |
0041D6C3 |. 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8] ; |
0041D6C6 |. E8 43200200 CALL 复件_Ekd.0043F70E ; \复件_Ekd.0043F70E
0041D6CB |. 6A 00 PUSH 0
0041D6CD |. 6A 00 PUSH 0
0041D6CF |. 6A 0B PUSH 0B
0041D6D1 |. 8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138]
0041D6D7 |. 8B49 10 MOV ECX,DWORD PTR DS:[ECX+10]
0041D6DA |. E8 21BEFEFF CALL 复件_Ekd.00409500
0041D6DF |. 50 PUSH EAX ; |Arg1
0041D6E0 |. B9 F05D4B00 MOV ECX,复件_Ekd.004B5DF0 ; |
0041D6E5 |. E8 A5A00300 CALL 复件_Ekd.0045778F ; \复件_Ekd.0045778F
0041D6EA |. 68 D0BB4800 PUSH 复件_Ekd.0048BBD0 ; /Arg1 = 0048BBD0 ASCII "UNIT_SPC.E5"
0041D6EF |. 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110] ; |
0041D6F5 |. E8 3B240000 CALL 复件_Ekd.0041FB35 ; \复件_Ekd.0041FB35
0041D6FA |. 6A 04 PUSH 4 ; /Arg3 = 00000004
0041D6FC |. 6A 00 PUSH 0 ; |Arg2 = 00000000
0041D6FE |. 68 00690000 PUSH 6900 ; |Arg1 = 00006900
0041D703 |. B9 C8E44A00 MOV ECX,复件_Ekd.004AE4C8 ; |
0041D708 |. E8 33230600 CALL 复件_Ekd.0047FA40 ; \复件_Ekd.0047FA40
0041D70D |. 50 PUSH EAX ; /Arg2
0041D70E |. 8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138] ; |
0041D714 |. 33C0 XOR EAX,EAX ; |
0041D716 |. 8A42 03 MOV AL,BYTE PTR DS:[EDX+3] ; |
0041D719 |. 50 PUSH EAX ; |/Arg1
0041D71A |. 8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138] ; ||
0041D720 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8] ; ||
0041D723 |. E8 20250200 CALL 复件_Ekd.0043FC48 ; |\复件_Ekd.0043FC48
0041D728 |. 25 FF000000 AND EAX,0FF ; |
0041D72D |. 50 PUSH EAX ; |Arg1
0041D72E |. 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110] ; |
0041D734 |. E8 50250000 CALL 复件_Ekd.0041FC89 ; \复件_Ekd.0041FC89
0041D739 |. 68 00090000 PUSH 900 ; /Arg3 = 00000900
0041D73E |. 6A 04 PUSH 4 ; |/Arg3 = 00000004
0041D740 |. 6A 00 PUSH 0 ; ||Arg2 = 00000000
0041D742 |. 6A 00 PUSH 0 ; ||Arg1 = 00000000
0041D744 |. B9 C8E44A00 MOV ECX,复件_Ekd.004AE4C8 ; ||
0041D749 |. E8 F2220600 CALL 复件_Ekd.0047FA40 ; |\复件_Ekd.0047FA40
0041D74E |. 50 PUSH EAX ; |Arg2
0041D74F |. 6A 04 PUSH 4 ; |/Arg3 = 00000004
0041D751 |. 6A 00 PUSH 0 ; ||Arg2 = 00000000
0041D753 |. 68 008D0000 PUSH 8D00 ; ||Arg1 = 00008D00
0041D758 |. B9 C8E44A00 MOV ECX,复件_Ekd.004AE4C8 ; ||
0041D75D |. E8 DE220600 CALL 复件_Ekd.0047FA40 ; |\复件_Ekd.0047FA40
0041D762 |. 50 PUSH EAX ; |Arg1
0041D763 |. E8 95250600 CALL 复件_Ekd.0047FCFD ; \复件_Ekd.0047FCFD
0041D768 |. 83C4 0C ADD ESP,0C
0041D76B |. 8B95 E8FEFFFF MOV EDX,DWORD PTR SS:[EBP-118]
0041D771 |. 81E2 FF000000 AND EDX,0FF
0041D777 |. 83C2 01 ADD EDX,1
0041D77A |. 52 PUSH EDX ; /Arg1
0041D77B |. 8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138] ; |
0041D781 |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D784 |. E8 6708FFFF CALL 复件_Ekd.0040DFF0 ; \复件_Ekd.0040DFF0
0041D789 |. 6A 04 PUSH 4 ; /Arg3 = 00000004
0041D78B |. 6A 00 PUSH 0 ; |Arg2 = 00000000
0041D78D |. 68 00690000 PUSH 6900 ; |Arg1 = 00006900
0041D792 |. B9 C8E44A00 MOV ECX,复件_Ekd.004AE4C8 ; |
0041D797 |. E8 A4220600 CALL 复件_Ekd.0047FA40 ; \复件_Ekd.0047FA40
0041D79C |. 50 PUSH EAX ; /Arg2
0041D79D |. 8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138] ; |
0041D7A3 |. 33D2 XOR EDX,EDX ; |
0041D7A5 |. 8A51 03 MOV DL,BYTE PTR DS:[ECX+3] ; |
0041D7A8 |. 52 PUSH EDX ; |/Arg1
0041D7A9 |. 8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138] ; ||
0041D7AF |. 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8] ; ||
0041D7B2 |. E8 91240200 CALL 复件_Ekd.0043FC48 ; |\复件_Ekd.0043FC48
0041D7B7 |. 25 FF000000 AND EAX,0FF ; |
0041D7BC |. 50 PUSH EAX ; |Arg1
0041D7BD |. 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110] ; |
0041D7C3 |. E8 C1240000 CALL 复件_Ekd.0041FC89 ; \复件_Ekd.0041FC89
0041D7C8 |. 68 00090000 PUSH 900 ; /Arg3 = 00000900
0041D7CD |. 6A 04 PUSH 4 ; |/Arg3 = 00000004
0041D7CF |. 6A 00 PUSH 0 ; ||Arg2 = 00000000
0041D7D1 |. 68 00090000 PUSH 900 ; ||Arg1 = 00000900
0041D7D6 |. B9 C8E44A00 MOV ECX,复件_Ekd.004AE4C8 ; ||
0041D7DB |. E8 60220600 CALL 复件_Ekd.0047FA40 ; |\复件_Ekd.0047FA40
0041D7E0 |. 50 PUSH EAX ; |Arg2
0041D7E1 |. 6A 04 PUSH 4 ; |/Arg3 = 00000004
0041D7E3 |. 6A 00 PUSH 0 ; ||Arg2 = 00000000
0041D7E5 |. 68 008D0000 PUSH 8D00 ; ||Arg1 = 00008D00
0041D7EA |. B9 C8E44A00 MOV ECX,复件_Ekd.004AE4C8 ; ||
0041D7EF |. E8 4C220600 CALL 复件_Ekd.0047FA40 ; |\复件_Ekd.0047FA40
0041D7F4 |. 50 PUSH EAX ; |Arg1
0041D7F5 |. E8 03250600 CALL 复件_Ekd.0047FCFD ; \复件_Ekd.0047FCFD
0041D7FA |. 83C4 0C ADD ESP,0C
0041D7FD |. 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
0041D803 |. E8 BDBAFFFF CALL 复件_Ekd.004192C5
0041D808 |. 8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138]
0041D80E |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8]
0041D811 |. E8 4A5BFEFF CALL 复件_Ekd.00403360
0041D816 |. 66:8B10 MOV DX,WORD PTR DS:[EAX]
0041D819 |. 52 PUSH EDX ; /Arg1
0041D81A |. E8 5F220300 CALL 复件_Ekd.0044FA7E ; \复件_Ekd.0044FA7E
0041D81F |. 83C4 04 ADD ESP,4
0041D822 |. 8985 CCFEFFFF MOV DWORD PTR SS:[EBP-134],EAX
0041D828 |. 8995 D0FEFFFF MOV DWORD PTR SS:[EBP-130],EDX
0041D82E |. 8B85 CCFEFFFF MOV EAX,DWORD PTR SS:[EBP-134]
0041D834 |. 8985 D8FEFFFF MOV DWORD PTR SS:[EBP-128],EAX
0041D83A |. 8B8D D0FEFFFF MOV ECX,DWORD PTR SS:[EBP-130]
0041D840 |. 898D DCFEFFFF MOV DWORD PTR SS:[EBP-124],ECX
0041D846 |. 8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138]
0041D84C |. 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
0041D84F |. E8 0C5BFEFF CALL 复件_Ekd.00403360
0041D854 |. 66:8B00 MOV AX,WORD PTR DS:[EAX]
0041D857 |. 50 PUSH EAX ; /Arg2
0041D858 |. 8D8D D4FEFFFF LEA ECX,DWORD PTR SS:[EBP-12C] ; |
0041D85E |. 51 PUSH ECX ; |Arg1
0041D85F |. E8 BB210300 CALL 复件_Ekd.0044FA1F ; \复件_Ekd.0044FA1F
0041D864 |. 83C4 08 ADD ESP,8
0041D867 |. 6A 01 PUSH 1 ; /Arg2 = 00000001
0041D869 |. 6A 21 PUSH 21 ; |Arg1 = 00000021
0041D86B |. B9 B0694B00 MOV ECX,复件_Ekd.004B69B0 ; |
0041D870 |. E8 056E0500 CALL 复件_Ekd.0047467A ; \复件_Ekd.0047467A
0041D875 |. C785 E0FEFFFF>MOV DWORD PTR SS:[EBP-120],0
0041D87F |. EB 0F JMP SHORT 复件_Ekd.0041D890
0041D881 |> 8B95 E0FEFFFF /MOV EDX,DWORD PTR SS:[EBP-120]
0041D887 |. 83C2 01 |ADD EDX,1
0041D88A |. 8995 E0FEFFFF |MOV DWORD PTR SS:[EBP-120],EDX
0041D890 |> 83BD E0FEFFFF> CMP DWORD PTR SS:[EBP-120],10
0041D897 |. 0F83 9F000000 |JNB 复件_Ekd.0041D93C
0041D89D |. E8 390D0000 |CALL 复件_Ekd.0041E5DB
0041D8A2 |. 8B85 D5FEFFFF |MOV EAX,DWORD PTR SS:[EBP-12B]
0041D8A8 |. 25 FF000000 |AND EAX,0FF
0041D8AD |. 50 |PUSH EAX ; /Arg2
0041D8AE |. 8B8D D4FEFFFF |MOV ECX,DWORD PTR SS:[EBP-12C] ; |
0041D8B4 |. 81E1 FF000000 |AND ECX,0FF ; |
0041D8BA |. 51 |PUSH ECX ; |Arg1
0041D8BB |. E8 395EFEFF |CALL 复件_Ekd.004036F9 ; \复件_Ekd.004036F9
0041D8C0 |. 83C4 08 |ADD ESP,8
0041D8C3 |. 8B95 E0FEFFFF |MOV EDX,DWORD PTR SS:[EBP-120]
0041D8C9 |. D1EA |SHR EDX,1
0041D8CB |. 83C2 01 |ADD EDX,1
0041D8CE |. 52 |PUSH EDX ; /Arg4
0041D8CF |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
0041D8D1 |. 6A 30 |PUSH 30 ; |Arg2 = 00000030
0041D8D3 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
0041D8D5 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
0041D8D7 |. 6A 00 |PUSH 0 ; ||Arg1 = 00000000
0041D8D9 |. B9 C8E44A00 |MOV ECX,复件_Ekd.004AE4C8 ; ||
0041D8DE |. E8 5D210600 |CALL 复件_Ekd.0047FA40 ; |\复件_Ekd.0047FA40
0041D8E3 |. 50 |PUSH EAX ; |Arg1
0041D8E4 |. E8 D72A0100 |CALL 复件_Ekd.004303C0 ; \复件_Ekd.004303C0
0041D8E9 |. 83C4 10 |ADD ESP,10
0041D8EC |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0041D8EE |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0041D8F0 |. 6A 00 |PUSH 0 ; |Arg1 = 00000000
0041D8F2 |. B9 C8E44A00 |MOV ECX,复件_Ekd.004AE4C8 ; |
0041D8F7 |. E8 44210600 |CALL 复件_Ekd.0047FA40 ; \复件_Ekd.0047FA40
0041D8FC |. 50 |PUSH EAX ; /Arg6
0041D8FD |. 8B85 C8FEFFFF |MOV EAX,DWORD PTR SS:[EBP-138] ; |
0041D903 |. 8A48 03 |MOV CL,BYTE PTR DS:[EAX+3] ; |
0041D906 |. 51 |PUSH ECX ; |Arg5
0041D907 |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
0041D909 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
0041D90B |. 8B95 DCFEFFFF |MOV EDX,DWORD PTR SS:[EBP-124] ; |
0041D911 |. 52 |PUSH EDX ; |Arg2
0041D912 |. 8B85 D8FEFFFF |MOV EAX,DWORD PTR SS:[EBP-128] ; |
0041D918 |. 50 |PUSH EAX ; |Arg1
0041D919 |. E8 5E3A0300 |CALL 复件_Ekd.0045137C ; \复件_Ekd.0045137C
0041D91E |. 83C4 18 |ADD ESP,18
0041D921 |. E8 D00C0000 |CALL 复件_Ekd.0041E5F6
0041D926 |. 6A 01 |PUSH 1 ; /Arg1 = 00000001
0041D928 |. B9 181B4B00 |MOV ECX,复件_Ekd.004B1B18 ; |
0041D92D |. E8 0E5AFEFF |CALL 复件_Ekd.00403340 ; \复件_Ekd.00403340
0041D932 |. E8 A9EB0000 |CALL 复件_Ekd.0042C4E0
0041D937 |.^ E9 45FFFFFF \JMP 复件_Ekd.0041D881
0041D93C |> 6A 01 PUSH 1 ; /Arg2 = 00000001
0041D93E |. 6A 0C PUSH 0C ; |Arg1 = 0000000C
0041D940 |. B9 B0694B00 MOV ECX,复件_Ekd.004B69B0 ; |
0041D945 |. E8 306D0500 CALL 复件_Ekd.0047467A ; \复件_Ekd.0047467A
0041D94A |. C785 E0FEFFFF>MOV DWORD PTR SS:[EBP-120],0
0041D954 |. EB 0F JMP SHORT 复件_Ekd.0041D965
0041D956 |> 8B8D E0FEFFFF /MOV ECX,DWORD PTR SS:[EBP-120]
0041D95C |. 83C1 01 |ADD ECX,1
0041D95F |. 898D E0FEFFFF |MOV DWORD PTR SS:[EBP-120],ECX
0041D965 |> 83BD E0FEFFFF> CMP DWORD PTR SS:[EBP-120],10
0041D96C |. 0F83 D3000000 |JNB 复件_Ekd.0041DA45
0041D972 |. 68 00090000 |PUSH 900 ; /Arg3 = 00000900
0041D977 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
0041D979 |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
0041D97B |. 6A 00 |PUSH 0 ; ||Arg1 = 00000000
0041D97D |. B9 C8E44A00 |MOV ECX,复件_Ekd.004AE4C8 ; ||
0041D982 |. E8 B9200600 |CALL 复件_Ekd.0047FA40 ; |\复件_Ekd.0047FA40
0041D987 |. 50 |PUSH EAX ; |Arg2
0041D988 |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
0041D98A |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
0041D98C |. 68 00090000 |PUSH 900 ; ||Arg1 = 00000900
0041D991 |. B9 C8E44A00 |MOV ECX,复件_Ekd.004AE4C8 ; ||
0041D996 |. E8 A5200600 |CALL 复件_Ekd.0047FA40 ; |\复件_Ekd.0047FA40
0041D99B |. 50 |PUSH EAX ; |Arg1
0041D99C |. E8 5C230600 |CALL 复件_Ekd.0047FCFD ; \复件_Ekd.0047FCFD
0041D9A1 |. 83C4 0C |ADD ESP,0C
0041D9A4 |. E8 320C0000 |CALL 复件_Ekd.0041E5DB
0041D9A9 |. 8B95 D5FEFFFF |MOV EDX,DWORD PTR SS:[EBP-12B]
0041D9AF |. 81E2 FF000000 |AND EDX,0FF
0041D9B5 |. 52 |PUSH EDX ; /Arg2
0041D9B6 |. 8B85 D4FEFFFF |MOV EAX,DWORD PTR SS:[EBP-12C] ; |
0041D9BC |. 25 FF000000 |AND EAX,0FF ; |
0041D9C1 |. 50 |PUSH EAX ; |Arg1
0041D9C2 |. E8 325DFEFF |CALL 复件_Ekd.004036F9 ; \复件_Ekd.004036F9
0041D9C7 |. 83C4 08 |ADD ESP,8
0041D9CA |. B9 10000000 |MOV ECX,10
0041D9CF |. 2B8D E0FEFFFF |SUB ECX,DWORD PTR SS:[EBP-120]
0041D9D5 |. D1E9 |SHR ECX,1
0041D9D7 |. 51 |PUSH ECX ; /Arg4
0041D9D8 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
0041D9DA |. 6A 30 |PUSH 30 ; |Arg2 = 00000030
0041D9DC |. 6A 04 |PUSH 4 ; |/Arg3 = 00000004
0041D9DE |. 6A 00 |PUSH 0 ; ||Arg2 = 00000000
0041D9E0 |. 6A 00 |PUSH 0 ; ||Arg1 = 00000000
0041D9E2 |. B9 C8E44A00 |MOV ECX,复件_Ekd.004AE4C8 ; ||
0041D9E7 |. E8 54200600 |CALL 复件_Ekd.0047FA40 ; |\复件_Ekd.0047FA40
0041D9EC |. 50 |PUSH EAX ; |Arg1
0041D9ED |. E8 CE290100 |CALL 复件_Ekd.004303C0 ; \复件_Ekd.004303C0
0041D9F2 |. 83C4 10 |ADD ESP,10
0041D9F5 |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0041D9F7 |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0041D9F9 |. 6A 00 |PUSH 0 ; |Arg1 = 00000000
0041D9FB |. B9 C8E44A00 |MOV ECX,复件_Ekd.004AE4C8 ; |
0041DA00 |. E8 3B200600 |CALL 复件_Ekd.0047FA40 ; \复件_Ekd.0047FA40
0041DA05 |. 50 |PUSH EAX ; /Arg6
0041DA06 |. 8B95 C8FEFFFF |MOV EDX,DWORD PTR SS:[EBP-138] ; |
0041DA0C |. 8A42 03 |MOV AL,BYTE PTR DS:[EDX+3] ; |
0041DA0F |. 50 |PUSH EAX ; |Arg5
0041DA10 |. 6A 30 |PUSH 30 ; |Arg4 = 00000030
0041DA12 |. 6A 30 |PUSH 30 ; |Arg3 = 00000030
0041DA14 |. 8B8D DCFEFFFF |MOV ECX,DWORD PTR SS:[EBP-124] ; |
0041DA1A |. 51 |PUSH ECX ; |Arg2
0041DA1B |. 8B95 D8FEFFFF |MOV EDX,DWORD PTR SS:[EBP-128] ; |
0041DA21 |. 52 |PUSH EDX ; |Arg1
0041DA22 |. E8 55390300 |CALL 复件_Ekd.0045137C ; \复件_Ekd.0045137C
0041DA27 |. 83C4 18 |ADD ESP,18
0041DA2A |. E8 C70B0000 |CALL 复件_Ekd.0041E5F6
0041DA2F |. 6A 01 |PUSH 1 ; /Arg1 = 00000001
0041DA31 |. B9 181B4B00 |MOV ECX,复件_Ekd.004B1B18 ; |
0041DA36 |. E8 0559FEFF |CALL 复件_Ekd.00403340 ; \复件_Ekd.00403340
0041DA3B |. E8 A0EA0000 |CALL 复件_Ekd.0042C4E0
0041DA40 |.^ E9 11FFFFFF \JMP 复件_Ekd.0041D956
0041DA45 |> 8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138]
0041DA4B |. 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8]
0041DA4E |. E8 1D050000 CALL 复件_Ekd.0041DF70
0041DA53 |. 25 FF000000 AND EAX,0FF
0041DA58 |. 8B0C85 A8BE48>MOV ECX,DWORD PTR DS:[EAX*4+48BE>
0041DA5F |. 51 PUSH ECX
0041DA60 |. 8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138]
0041DA66 |. 8B4A 10 MOV ECX,DWORD PTR DS:[EDX+10]
0041DA69 |. E8 E99CFEFF CALL 复件_Ekd.00407757
0041DA6E |. 50 PUSH EAX ; |Arg3
0041DA6F |. 68 98B64800 PUSH 复件_Ekd.0048B698 ; |Arg2 = 0048B698
0041DA74 |. 6A 02 PUSH 2 ; |Arg1 = 00000002
0041DA76 |. E8 1E1C0100 CALL 复件_Ekd.0042F699 ; \复件_Ekd.0042F699
0041DA7B |. 83C4 10 ADD ESP,10
0041DA7E |. C785 E0FEFFFF>MOV DWORD PTR SS:[EBP-120],0
0041DA88 |. EB 0F JMP SHORT 复件_Ekd.0041DA99
0041DA8A |> 8B85 E0FEFFFF /MOV EAX,DWORD PTR SS:[EBP-120]
0041DA90 |. 83C0 01 |ADD EAX,1
0041DA93 |. 8985 E0FEFFFF |MOV DWORD PTR SS:[EBP-120],EAX
0041DA99 |> 83BD E0FEFFFF> CMP DWORD PTR SS:[EBP-120],44
0041DAA0 |. 0F83 D9000000 |JNB 复件_Ekd.0041DB7F
0041DAA6 |. 8B8D C8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-138]
0041DAAC |. 8B49 08 |MOV ECX,DWORD PTR DS:[ECX+8]
0041DAAF |. E8 BC040000 |CALL 复件_Ekd.0041DF70
0041DAB4 |. 25 FF000000 |AND EAX,0FF
0041DAB9 |. 83E8 01 |SUB EAX,1
0041DABC |. 50 |PUSH EAX ; /Arg1
0041DABD |. 8B8D E0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-120] ; |
0041DAC3 |. 6BC9 46 |IMUL ECX,ECX,46 ; |
0041DAC6 |. 81C1 C0F44A00 |ADD ECX,复件_Ekd.004AF4C0 ; |
0041DACC |. E8 AFBAFEFF |CALL 复件_Ekd.00409580 ; \复件_Ekd.00409580
0041DAD1 |. 25 FF000000 |AND EAX,0FF
0041DAD6 |. 85C0 |TEST EAX,EAX
0041DAD8 |. 0F85 9C000000 |JNZ 复件_Ekd.0041DB7A
0041DADE |. 8B95 C8FEFFFF |MOV EDX,DWORD PTR SS:[EBP-138]
0041DAE4 |. 8B4A 08 |MOV ECX,DWORD PTR DS:[EDX+8]
0041DAE7 |. E8 84040000 |CALL 复件_Ekd.0041DF70
0041DAEC |. 25 FF000000 |AND EAX,0FF
0041DAF1 |. 50 |PUSH EAX ; /Arg1
0041DAF2 |. 8B8D E0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-120] ; |
0041DAF8 |. 6BC9 46 |IMUL ECX,ECX,46 ; |
0041DAFB |. 81C1 C0F44A00 |ADD ECX,复件_Ekd.004AF4C0 ; |
0041DB01 |. E8 7ABAFEFF |CALL 复件_Ekd.00409580 ; \复件_Ekd.00409580
0041DB06 |. 25 FF000000 |AND EAX,0FF
0041DB0B |. 85C0 |TEST EAX,EAX
0041DB0D |. 74 6B |JE SHORT 复件_Ekd.0041DB7A
0041DB0F |. 8B85 C8FEFFFF |MOV EAX,DWORD PTR SS:[EBP-138]
0041DB15 |. 8B48 08 |MOV ECX,DWORD PTR DS:[EAX+8]
0041DB18 |. E8 53040000 |CALL 复件_Ekd.0041DF70
0041DB1D |. 25 FF000000 |AND EAX,0FF
0041DB22 |. 50 |PUSH EAX ; /Arg1
0041DB23 |. 8B8D E0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-120] ; |
0041DB29 |. 6BC9 46 |IMUL ECX,ECX,46 ; |
0041DB2C |. 81C1 C0F44A00 |ADD ECX,复件_Ekd.004AF4C0 ; |
0041DB32 |. E8 49BAFEFF |CALL 复件_Ekd.00409580 ; \复件_Ekd.00409580
0041DB37 |. 8AD8 |MOV BL,AL
0041DB39 |. 81E3 FF000000 |AND EBX,0FF
0041DB3F |. 8B8D C8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-138]
0041DB45 |. 8B49 10 |MOV ECX,DWORD PTR DS:[ECX+10]
0041DB48 |. E8 838AFEFF |CALL 复件_Ekd.004065D0
0041DB4D |. 25 FF000000 |AND EAX,0FF
0041DB52 |. 3BD8 |CMP EBX,EAX
0041DB54 |. 7F 24 |JG SHORT 复件_Ekd.0041DB7A
0041DB56 |. 8B8D E0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-120]
0041DB5C |. 6BC9 46 |IMUL ECX,ECX,46
0041DB5F |. 81C1 C0F44A00 |ADD ECX,复件_Ekd.004AF4C0
0041DB65 |. E8 A61B0400 |CALL 复件_Ekd.0045F710
0041DB6A |. 50 |PUSH EAX ; /Arg3
0041DB6B |. 68 ACB64800 |PUSH 复件_Ekd.0048B6AC ; |Arg2 = 0048B6AC
0041DB70 |. 6A 02 |PUSH 2 ; |Arg1 = 00000002
0041DB72 |. E8 221B0100 |CALL 复件_Ekd.0042F699 ; \复件_Ekd.0042F699
0041DB77 |. 83C4 0C |ADD ESP,0C
0041DB7A |>^ E9 0BFFFFFF \JMP 复件_Ekd.0041DA8A
0041DB7F |> 8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138]
0041DB85 |. 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
0041DB88 |. E8 9F220200 CALL 复件_Ekd.0043FE2C
0041DB8D |. 8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138]
0041DB93 |. 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8]
0041DB96 |. E8 2E210200 CALL 复件_Ekd.0043FCC9
0041DB9B |. C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0041DBA2 |. 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
0041DBA8 |. E8 2357FEFF CALL 复件_Ekd.004032D0
0041DBAD |> 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0041DBB0 |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
0041DBB7 |. 5B POP EBX
0041DBB8 |. 8BE5 MOV ESP,EBP
0041DBBA |. 5D POP EBP
0041DBBB \. C3 RETN
0041D3D9 /$ 55 PUSH EBP
0041D3DA |. 8BEC MOV EBP,ESP
0041D3DC |. 51 PUSH ECX
0041D3DD |. 53 PUSH EBX
0041D3DE |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0041D3E1 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0041D3E4 |. 8A08 MOV CL,BYTE PTR DS:[EAX]
0041D3E6 |. 51 PUSH ECX ; /Arg4
0041D3E7 |. 6A 04 PUSH 4 ; |Arg3 = 00000004
0041D3E9 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
0041D3EC |. 8A42 18 MOV AL,BYTE PTR DS:[EDX+18] ; |
0041D3EF |. 50 PUSH EAX ; |Arg2
0041D3F0 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0041D3F3 |. 8A51 02 MOV DL,BYTE PTR DS:[ECX+2] ; |
0041D3F6 |. 52 PUSH EDX ; |Arg1
0041D3F7 |. B9 50424B00 MOV ECX,复件_Ekd.004B4250 ; |
0041D3FC |. E8 3C7F0300 CALL 复件_Ekd.0045533D ; \复件_Ekd.0045533D 确定使用对象
0041D401 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041D404 |. 8841 03 MOV BYTE PTR DS:[ECX+3],AL 受用者的战场编号
0041D407 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0041D40A |. 33C0 XOR EAX,EAX
0041D40C |. 8A42 03 MOV AL,BYTE PTR DS:[EDX+3]
0041D40F |. 3D FF000000 CMP EAX,0FF
0041D414 |. 75 05 JNZ SHORT 复件_Ekd.0041D41B
0041D416 |. E9 BB000000 JMP 复件_Ekd.0041D4D6 点了取消,退出
0041D41B |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041D41E |. 33D2 XOR EDX,EDX
0041D420 |. 8A51 03 MOV DL,BYTE PTR DS:[ECX+3]
0041D423 |. 6BD2 24 IMUL EDX,EDX,24
0041D426 |. 81C2 502C4B00 ADD EDX,复件_Ekd.004B2C50
0041D42C |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0041D42F |. 8950 08 MOV DWORD PTR DS:[EAX+8],EDX
0041D432 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041D435 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8]
0041D438 |. E8 33220400 CALL 复件_Ekd.0045F670 获取武将ecx的data编号,就是受用武将
0041D43D |. 6BC0 48 IMUL EAX,EAX,48
0041D440 |. 05 681B4A00 ADD EAX,复件_Ekd.004A1B68
0041D445 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0041D448 |. 8942 10 MOV DWORD PTR DS:[EDX+10],EAX
0041D44B |. 6A 00 PUSH 0 ; /Arg3 = 00000000
0041D44D |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
0041D450 |. 8A48 03 MOV CL,BYTE PTR DS:[EAX+3] ; |
0041D453 |. 51 PUSH ECX ; |Arg2
0041D454 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
0041D457 |. 8A02 MOV AL,BYTE PTR DS:[EDX] ; |
0041D459 |. 50 PUSH EAX ; |Arg1
0041D45A |. E8 8AF0FFFF CALL 复件_Ekd.0041C4E9 ; \复件_Ekd.0041C4E9
0041D45F |. 83C4 0C ADD ESP,0C
0041D462 |. 85C0 TEST EAX,EAX
0041D464 |. 75 02 JNZ SHORT 复件_Ekd.0041D468
0041D466 |. EB 6E JMP SHORT 复件_Ekd.0041D4D6 退出
0041D468 |> 68 FF000000 PUSH 0FF ; /Arg1 = 000000FF
0041D46D |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0041D470 |. E8 EDF2FFFF CALL 复件_Ekd.0041C762 ; \复件_Ekd.0041C762 绘图
0041D475 |. 6A 01 PUSH 1
0041D477 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041D47A |. 8B49 10 MOV ECX,DWORD PTR DS:[ECX+10]
0041D47D |. E8 CE91FEFF CALL 复件_Ekd.00406650 获取武将ecx的经验
0041D482 |. 8AD8 MOV BL,AL
0041D484 |. 81E3 FF000000 AND EBX,0FF
0041D48A |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0041D48D |. 8B4A 14 MOV ECX,DWORD PTR DS:[EDX+14]
0041D490 |. E8 DB080000 CALL 复件_Ekd.0041DD70 获取ecx武将的攻击力,不含装备加成效果
0041D495 |. 25 FF000000 AND EAX,0FF ; |
0041D49A |. 03D8 ADD EBX,EAX ; |
0041D49C |. 53 PUSH EBX ; |Arg1
0041D49D |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
0041D4A0 |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D4A3 |. E8 A8B4FEFF CALL 复件_Ekd.00408950 ; \复件_Ekd.00408950 升级函数
0041D4A8 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041D4AB |. 8B49 10 MOV ECX,DWORD PTR DS:[ECX+10]
0041D4AE |. E8 689DFEFF CALL 复件_Ekd.0040721B 获取ecx武将带上装备后的HP
0041D4B3 |. 50 PUSH EAX ; /Arg1
0041D4B4 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
0041D4B7 |. 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8] ; |
0041D4BA |. E8 0E220200 CALL 复件_Ekd.0043F6CD ; \ 设置ecx武将的HP值,如果大于加上装备后的最大值,按最大值算
0041D4BF |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0041D4C2 |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10]
0041D4C5 |. E8 809DFEFF CALL 复件_Ekd.0040724A 获取ecx武将带上装备后的MP
0041D4CA |. 50 PUSH EAX ; /Arg1
0041D4CB |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0041D4CE |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8] ; |
0041D4D1 |. E8 38220200 CALL 复件_Ekd.0043F70E ; \复件_Ekd.0043F70E 设置ecx武将的MP值
0041D4D6 |> 5B POP EBX
0041D4D7 |. 8BE5 MOV ESP,EBP
0041D4D9 |. 5D POP EBP
0041D4DA \. C3 RETN
升级判断函数:
00408950 /$ 55 PUSH EBP
00408951 |. 8BEC MOV EBP,ESP
00408953 |. 83EC 08 SUB ESP,8
00408956 |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
00408959 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0040895C |. E8 9F0B0000 CALL WaGan.00409500 获取武将ecx的武将代码(曹操为0x1000),并只保留低12位
00408961 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00408964 |. 837D FC FF CMP DWORD PTR SS:[EBP-4],-1
00408968 |. 73 0D JNB SHORT WaGan.00408977
0040896A |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0040896D |. 33C9 XOR ECX,ECX
0040896F |. 8A48 2C MOV CL,BYTE PTR DS:[EAX+2C]
00408972 |. 83F9 63 CMP ECX,63
00408975 |. 72 02 JB SHORT WaGan.00408979 经验值不小于等于99,转入升级
00408977 |> EB 4C JMP SHORT WaGan.004089C5 退出
00408979 |> EB 09 JMP SHORT WaGan.00408984
0040897B |> 8B55 08 /MOV EDX,DWORD PTR SS:[EBP+8]
0040897E |. 83EA 64 |SUB EDX,64
00408981 |. 8955 08 |MOV DWORD PTR SS:[EBP+8],EDX
00408984 |> 837D 08 64 CMP DWORD PTR SS:[EBP+8],64
00408988 |. 72 10 |JB SHORT WaGan.0040899A 经验小于100就跳出
0040898A |. 8B45 0C |MOV EAX,DWORD PTR SS:[EBP+C]
0040898D |. 50 |PUSH EAX
0040898E |. 6A 01 |PUSH 1
00408990 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
00408993 |. E8 20EAFFFF |CALL WaGan.004073B8 升级处理函数
00408998 |.^ EB E1 \JMP SHORT WaGan.0040897B
0040899A |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0040899D |. 33D2 XOR EDX,EDX
0040899F |. 8A51 2C MOV DL,BYTE PTR DS:[ECX+2C]
004089A2 |. 83FA 3C CMP EDX,3C
004089A5 |. 72 09 JB SHORT WaGan.004089B0
004089A7 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004089AA |. C640 2D FF MOV BYTE PTR DS:[EAX+2D],0FF
004089AE |. EB 09 JMP SHORT WaGan.004089B9
004089B0 |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
004089B3 |. 8A55 08 MOV DL,BYTE PTR SS:[EBP+8]
004089B6 |. 8851 2D MOV BYTE PTR DS:[ECX+2D],DL
004089B9 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004089BC |. 50 PUSH EAX ; /Arg1
004089BD |. E8 3F100700 CALL WaGan.00479A01 ; \WaGan.00479A01 显示升级的那个武将框
004089C2 |. 83C4 04 ADD ESP,4
004089C5 |> 8BE5 MOV ESP,EBP
004089C7 |. 5D POP EBP
004089C8 \. C2 0800 RETN 8
吃恢复状态道具后面的代码:
0041CFFB |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041CFFE |. 33D2 XOR EDX,EDX
0041D000 |. 8A51 01 MOV DL,BYTE PTR DS:[ECX+1]
0041D003 |. 8955 F8 MOV DWORD PTR SS:[EBP-8],EDX
0041D006 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0041D009 |. 83E8 41 SUB EAX,41
0041D00C |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
0041D00F |. 837D F8 04 CMP DWORD PTR SS:[EBP-8],4
0041D013 |. 77 53 JA SHORT WaGan.0041D068
0041D015 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0041D018 |. FF248D 6CD0410>JMP DWORD PTR DS:[ECX*4+41D06C]
0041D06C . 1FD04100 DD WaGan.0041D01F 分支表 被用于 0041D018
0041D070 . 2ED04100 DD WaGan.0041D02E
0041D074 . 3DD04100 DD WaGan.0041D03D
0041D078 . 4CD04100 DD WaGan.0041D04C
0041D07C . 5BD04100 DD WaGan.0041D05B 万能药
0041D01F |> 6A 08 PUSH 8 ; /Arg1 = 00000008
0041D021 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
0041D024 |. 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8] ; |
0041D027 |. E8 74BDFFFF CALL WaGan.00418DA0 ; \WaGan.00418DA0 解混乱
0041D02C |. EB 3A JMP SHORT WaGan.0041D068
0041D02E |> 6A 10 PUSH 10 ; /Arg1 = 00000010
0041D030 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
0041D033 |. 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8] ; |
0041D036 |. E8 65BDFFFF CALL WaGan.00418DA0 ; \WaGan.00418DA0
0041D03B |. EB 2B JMP SHORT WaGan.0041D068 解中毒
0041D03D |> 6A 02 PUSH 2 ; /Arg1 = 00000002
0041D03F |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0041D042 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8] ; |
0041D045 |. E8 56BDFFFF CALL WaGan.00418DA0 ; \WaGan.00418DA0
0041D04A |. EB 1C JMP SHORT WaGan.0041D068 解麻痹
0041D04C |> 6A 04 PUSH 4 ; /Arg1 = 00000004
0041D04E |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
0041D051 |. 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8] ; |
0041D054 |. E8 47BDFFFF CALL WaGan.00418DA0 ; \WaGan.00418DA0 解
0041D059 |. EB 0D JMP SHORT WaGan.0041D068
0041D05B |> 6A 1E PUSH 1E ; /Arg1 = 0000001E
0041D05D |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
0041D060 |. 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8] ; |
0041D063 |. E8 38BDFFFF CALL WaGan.00418DA0 ; \WaGan.00418DA0
0041D068 |> 8BE5 MOV ESP,EBP
0041D06A |. 5D POP EBP
0041D06B \. C3 RETN
--道具有效性信息显示:
0041C4E9 /$ 55 PUSH EBP
0041C4EA |. 8BEC MOV EBP,ESP
0041C4EC |. 83EC 14 SUB ESP,14
0041C4EF |. 56 PUSH ESI
0041C4F0 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0041C4F3 |. 81E1 FF000000 AND ECX,0FF
0041C4F9 |. 6BC9 19 IMUL ECX,ECX,19
0041C4FC |. 81C1 40114A00 ADD ECX,WaGan.004A1140
0041C502 |. E8 39D0FEFF CALL WaGan.00409540
0041C507 |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
0041C50A |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
0041C50D |. 25 FF000000 AND EAX,0FF
0041C512 |. 6BC0 24 IMUL EAX,EAX,24
0041C515 |. 05 502C4B00 ADD EAX,WaGan.004B2C50
0041C51A |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0041C51D |. C745 F4 01000>MOV DWORD PTR SS:[EBP-C],1
0041C524 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0041C527 |. 81E1 FF000000 AND ECX,0FF
0041C52D |. 894D EC MOV DWORD PTR SS:[EBP-14],ECX
0041C530 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
0041C533 |. 83EA 3F SUB EDX,3F
0041C536 |. 8955 EC MOV DWORD PTR SS:[EBP-14],EDX
0041C539 837D EC 0D CMP DWORD PTR SS:[EBP-14],0D
0041C53D 0F87 DF010000 JA WaGan.0041C722
0041C543 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
0041C546 |. FF2485 2AC741>JMP DWORD PTR DS:[EAX*4+41C72A]
0041C54D |> E9 D0010000 JMP WaGan.0041C722
0041C552 |> 837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C556 |. 74 15 JE SHORT WaGan.0041C56D
0041C558 |. 6A 08 PUSH 8 ; /Arg1 = 00000008
0041C55A |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0041C55D |. E8 7EA1FEFF CALL WaGan.004066E0 ; \WaGan.004066E0
0041C562 |. 85C0 TEST EAX,EAX
0041C564 |. 75 07 JNZ SHORT WaGan.0041C56D
0041C566 |. C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C56D |> E9 B0010000 JMP WaGan.0041C722
0041C572 |> 837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C576 |. 74 15 JE SHORT WaGan.0041C58D
0041C578 |. 6A 10 PUSH 10 ; /Arg1 = 00000010
0041C57A |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0041C57D |. E8 5EA1FEFF CALL WaGan.004066E0 ; \WaGan.004066E0
0041C582 |. 85C0 TEST EAX,EAX
0041C584 |. 75 07 JNZ SHORT WaGan.0041C58D
0041C586 |. C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C58D |> E9 90010000 JMP WaGan.0041C722
0041C592 |> 837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C596 |. 74 15 JE SHORT WaGan.0041C5AD
0041C598 |. 6A 02 PUSH 2 ; /Arg1 = 00000002
0041C59A |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0041C59D |. E8 3EA1FEFF CALL WaGan.004066E0 ; \WaGan.004066E0
0041C5A2 |. 85C0 TEST EAX,EAX
0041C5A4 |. 75 07 JNZ SHORT WaGan.0041C5AD
0041C5A6 |. C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C5AD |> E9 70010000 JMP WaGan.0041C722
0041C5B2 |> 837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C5B6 |. 74 15 JE SHORT WaGan.0041C5CD
0041C5B8 |. 6A 04 PUSH 4 ; /Arg1 = 00000004
0041C5BA |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0041C5BD |. E8 1EA1FEFF CALL WaGan.004066E0 ; \WaGan.004066E0
0041C5C2 |. 85C0 TEST EAX,EAX
0041C5C4 |. 75 07 JNZ SHORT WaGan.0041C5CD
0041C5C6 |. C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C5CD |> E9 50010000 JMP WaGan.0041C722
0041C5D2 |> 837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C5D6 |. 74 18 JE SHORT WaGan.0041C5F0
0041C5D8 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041C5DB |. E8 501A0000 CALL WaGan.0041E030
0041C5E0 |. 25 FF000000 AND EAX,0FF
0041C5E5 |. 85C0 TEST EAX,EAX
0041C5E7 |. 75 07 JNZ SHORT WaGan.0041C5F0
0041C5E9 |. C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C5F0 |> E9 2D010000 JMP WaGan.0041C722
0041C5F5 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041C5F8 |. E8 73300400 CALL WaGan.0045F670
0041C5FD |. 8BC8 MOV ECX,EAX
0041C5FF |. 6BC9 48 IMUL ECX,ECX,48
0041C602 |. 81C1 0000D600 ADD ECX,0D60000
0041C608 |. E8 C39FFEFF CALL WaGan.004065D0
0041C60D |. 25 FF000000 AND EAX,0FF
0041C612 |. 83F8 63 CMP EAX,63
0041C615 |. 72 1C JB SHORT WaGan.0041C633
0041C617 |. 837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C61B |. 75 0F JNZ SHORT WaGan.0041C62C
0041C61D |. 68 3CB64800 PUSH WaGan.0048B63C ; /Arg2 = 0048B63C
0041C622 |. 6A 02 PUSH 2 ; |Arg1 = 00000002
0041C624 |. E8 70300100 CALL WaGan.0042F699 ; \WaGan.0042F699
0041C629 |. 83C4 08 ADD ESP,8
0041C62C |> C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C633 |> E9 EA000000 JMP WaGan.0041C722
0041C638 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041C63B |. E8 30300400 CALL WaGan.0045F670
0041C640 |. 8BC8 MOV ECX,EAX
0041C642 |. 6BC9 48 IMUL ECX,ECX,48
0041C645 |. 81C1 0000D600 ADD ECX,0D60000
0041C64B |. E8 C09FFEFF CALL WaGan.00406610
0041C650 |. 8845 F0 MOV BYTE PTR SS:[EBP-10],AL
0041C653 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
0041C656 |. 81E1 FF000000 AND ECX,0FF
0041C65C |. 83F9 26 CMP ECX,26
0041C65F |. 7E 21 JLE SHORT WaGan.0041C682
0041C661 |. 837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C665 |. 75 0F JNZ SHORT WaGan.0041C676
0041C667 |. 68 4CB64800 PUSH WaGan.0048B64C ; /Arg2 = 0048B64C
0041C66C |. 6A 02 PUSH 2 ; |Arg1 = 00000002
0041C66E |. E8 26300100 CALL WaGan.0042F699 ; \WaGan.0042F699
0041C673 |. 83C4 08 ADD ESP,8
0041C676 |> C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C67D |. E9 A0000000 JMP WaGan.0041C722
0041C682 |> 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0041C685 |. 25 FF000000 AND EAX,0FF
0041C68A |. 99 CDQ
0041C68B |. B9 03000000 MOV ECX,3
0041C690 |. F7F9 IDIV ECX
0041C692 |. 83FA 02 CMP EDX,2
0041C695 |. 75 1E JNZ SHORT WaGan.0041C6B5
0041C697 |. 837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C69B |. 75 0F JNZ SHORT WaGan.0041C6AC
0041C69D |. 68 68B64800 PUSH WaGan.0048B668 ; /Arg2 = 0048B668
0041C6A2 |. 6A 02 PUSH 2 ; |Arg1 = 00000002
0041C6A4 |. E8 F02F0100 CALL WaGan.0042F699 ; \WaGan.0042F699
0041C6A9 |. 83C4 08 ADD ESP,8
0041C6AC |> C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C6B3 |. EB 6D JMP SHORT WaGan.0041C722
0041C6B5 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041C6B8 |. E8 B32F0400 CALL WaGan.0045F670
0041C6BD |. 8BC8 MOV ECX,EAX
0041C6BF |. 6BC9 48 IMUL ECX,ECX,48
0041C6C2 |. 81C1 0000D600 ADD ECX,0D60000
0041C6C8 |. E8 039FFEFF CALL WaGan.004065D0
0041C6CD |. 8AC8 MOV CL,AL
0041C6CF |. 81E1 FF000000 AND ECX,0FF
0041C6D5 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0041C6D8 |. 25 FF000000 AND EAX,0FF
0041C6DD |. 99 CDQ
0041C6DE |. BE 03000000 MOV ESI,3
0041C6E3 |. F7FE IDIV ESI
0041C6E5 |. 83C2 01 ADD EDX,1
0041C6E8 |. 6BD2 14 IMUL EDX,EDX,14
0041C6EB |. 3BCA CMP ECX,EDX
0041C6ED |. 7D 33 JGE SHORT WaGan.0041C722
0041C6EF |. 837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C6F3 |. 75 26 JNZ SHORT WaGan.0041C71B
0041C6F5 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0041C6F8 |. 25 FF000000 AND EAX,0FF
0041C6FD |. 99 CDQ
0041C6FE |. B9 03000000 MOV ECX,3
0041C703 |. F7F9 IDIV ECX
0041C705 |. 83C2 01 ADD EDX,1
0041C708 |. 6BD2 14 IMUL EDX,EDX,14
0041C70B |. 52 PUSH EDX ; /Arg3
0041C70C |. 68 7CB64800 PUSH WaGan.0048B67C ; |Arg2 = 0048B67C
0041C711 |. 6A 02 PUSH 2 ; |Arg1 = 00000002
0041C713 |. E8 812F0100 CALL WaGan.0042F699 ; \WaGan.0042F699
0041C718 |. 83C4 0C ADD ESP,0C
0041C71B |> C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C722 |> 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0041C725 |. 5E POP ESI
0041C726 |. 8BE5 MOV ESP,EBP
0041C728 |. 5D POP EBP
0041C729 \. C3 RETN
0041C72A . 4DC54100 DD WaGan.0041C54D ; 分支表 被用于 0041C546
0041C72E . 22C74100 DD WaGan.0041C722
0041C732 . 52C54100 DD WaGan.0041C552
0041C736 . 72C54100 DD WaGan.0041C572
0041C73A . 92C54100 DD WaGan.0041C592
0041C73E . B2C54100 DD WaGan.0041C5B2
0041C742 . D2C54100 DD WaGan.0041C5D2
0041C746 . 22C74100 DD WaGan.0041C722
0041C74A . 22C74100 DD WaGan.0041C722
0041C74E . 22C74100 DD WaGan.0041C722
0041C752 . 22C74100 DD WaGan.0041C722
0041C756 . 22C74100 DD WaGan.0041C722
0041C75A . F5C54100 DD WaGan.0041C5F5
0041C75E . 38C64100 DD WaGan.0041C638
修改了双字节能力后的能力设置
作者:
岱瀛 时间: 2007-12-30 21:34 标题: 从Data读信息入内存(关于道具)
4A110开始是道具的内存所存放信息处。20(+14处是特征代码)
0041B6CF /$ 55 PUSH EBP
0041B6D0 |. 8BEC MOV EBP,ESP
0041B6D2 |. 83EC 08 SUB ESP,8
0041B6D5 |. A1 606F4900 MOV EAX,DWORD PTR DS:[496F60]
0041B6DA |. 50 PUSH EAX ; /Arg3 => 002615F0
0041B6DB |. 6A 01 PUSH 1 ; |Arg2 = 00000001
0041B6DD |. 68 60BB4800 PUSH WaGan.0048BB60 ; |Arg1 = 0048BB60 ASCII "DATA.E5"
0041B6E2 |. E8 37FEFFFF CALL WaGan.0041B51E ; \WaGan.0041B51E
0041B6E7 |. 83C4 0C ADD ESP,0C
0041B6EA |. 85C0 TEST EAX,EAX
0041B6EC |. 75 02 JNZ SHORT WaGan.0041B6F0
0041B6EE |. EB 3B JMP SHORT WaGan.0041B72B
0041B6F0 |> 8B0D 606F4900 MOV ECX,DWORD PTR DS:[496F60]
0041B6F6 |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0041B6F9 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
0041B700 |. EB 09 JMP SHORT WaGan.0041B70B
0041B702 |> 8B55 F8 /MOV EDX,DWORD PTR SS:[EBP-8]
0041B705 |. 83C2 01 |ADD EDX,1
0041B708 |. 8955 F8 |MOV DWORD PTR SS:[EBP-8],EDX
0041B70B |> 837D F8 68 CMP DWORD PTR SS:[EBP-8],68
0041B70F |. 73 1A |JNB SHORT WaGan.0041B72B
0041B711 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
0041B714 |. 50 |PUSH EAX ; /Arg1
0041B715 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8] ; |
0041B718 |. 6BC9 19 |IMUL ECX,ECX,19 ; |
0041B71B |. 81C1 40114A00 |ADD ECX,WaGan.004A1140 ; | 写入道具信息
0041B721 |. E8 110EFFFF |CALL WaGan.0040C537 ; \WaGan.0040C537
0041B726 |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
0041B729 |.^ EB D7 \JMP SHORT WaGan.0041B702
0041B72B |> 8BE5 MOV ESP,EBP
0041B72D |. 5D POP EBP
0041B72E \. C3 RETN
第一处:
00406794 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00406797 |. 6BC9 19 IMUL ECX,ECX,19
0040679A |. 81C1 40114A00 ADD ECX,WaGan.004A1140
004067A0 |. E8 7B2D0000 CALL WaGan.00409520 获取道具ecx的特殊效果
第二处
0040681A /$ 55 PUSH EBP
0040681B |. 8BEC MOV EBP,ESP
0040681D |. 51 PUSH ECX
0040681E |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00406821 |. 6BC9 19 IMUL ECX,ECX,19
00406824 |. 81C1 40114A00 ADD ECX,WaGan.004A1140
0040682A |. E8 112D0000 CALL WaGan.00409540 获取道具ecx的类型,辅助则为特殊效果
0040682F |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
第三处
0040792D |. 81E1 FF000000 AND ECX,0FF
00407933 |. 6BC9 19 IMUL ECX,ECX,19
00407936 |. 81C1 40114A00 ADD ECX,WaGan.004A1140
0040793C |. E8 A94D0000 CALL WaGan.0040C6EA 获取道具ecx的种类于al,武器0,防具1,宝物2,消耗品3
0040795B |. 6BC9 19 IMUL ECX,ECX,19
0040795E |. 81C1 40114A00 ADD ECX,WaGan.004A1140
00407964 |. E8 814D0000 CALL WaGan.0040C6EA
00407976 |. 81E1 FF000000 AND ECX,0FF
0040797C |. 6BC9 19 IMUL ECX,ECX,19
0040797F |. 81C1 40114A00 ADD ECX,WaGan.004A1140
00407985 |. E8 66640100 CALL WaGan.0041DDF0 获取道具ecx的1级值,辅助则为特殊效果值
第四处
004079CF |. 81C1 40114A00 ADD ECX,WaGan.004A1140
004079D5 |. E8 661B0000 CALL WaGan.00409540 获取道具ecx的类型,辅助则为特殊效果
004079DA |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
第五处
00407A4F |. 81E1 FF000000 |AND ECX,0FF
00407A55 |. 6BC9 19 |IMUL ECX,ECX,19
00407A58 |. 81C1 40114A00 |ADD ECX,WaGan.004A1140
00407A5E |. E8 0B4D0000 |CALL WaGan.0040C76E 获取道具ecx的武器类型是否为特殊
00407A70 |. 6BC9 19 |IMUL ECX,ECX,19
00407A73 |. 81C1 40114A00 |ADD ECX,WaGan.004A1140
00407A79 |. E8 A21A0000 |CALL WaGan.00409520 获取道具ecx的特殊效果
第七处
00407ABD |. 81E1 FF000000 AND ECX,0FF
00407AC3 |. 6BC9 19 IMUL ECX,ECX,19
00407AC6 |. 81C1 40114A00 ADD ECX,WaGan.004A1140
00407ACC |. E8 6F1A0000 CALL WaGan.00409540
00407AD1 |. 25 FF000000 AND EAX,0FF
第八处
00407B4D |. 81C1 40114A00 |ADD ECX,WaGan.004A1140
00407B53 |. E8 164C0000 |CALL WaGan.0040C76E 获取道具ecx的武器类型是否为特殊
00407B58 |. 85C0 |TEST EAX,EAX
00407B65 |. 6BC9 19 |IMUL ECX,ECX,19
00407B68 |. 81C1 40114A00 |ADD ECX,WaGan.004A1140
00407B6E |. E8 AD190000 |CALL WaGan.00409520 获取道具ecx的特殊效果
00407B8E |. 6BC9 19 |IMUL ECX,ECX,19
00407B91 |. 81C1 40114A00 |ADD ECX,WaGan.004A1140
00407B97 |. E8 14620100 |CALL WaGan.0041DDB0 获取道具ecx的特殊效果值
00407B9C |. 8845 F8 |MOV BYTE PTR SS:[EBP-8],AL
第十处
00407BC5 |. 81E1 FF000000 AND ECX,0FF
00407BCB |. 6BC9 19 IMUL ECX,ECX,19
00407BCE |. 81C1 40114A00 ADD ECX,WaGan.004A1140
00407BD4 |. E8 67190000 CALL WaGan.00409540 获取道具ecx的类型,辅助则为特殊效果
十一处
00407BF7 |. 81C1 40114A00 ADD ECX,WaGan.004A1140
00407BFD |. E8 6E610100 CALL WaGan.0041DD70
00407C02 |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
00407C05 |> 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8]
00407C97 |. 6BC9 19 |IMUL ECX,ECX,19 ; |
00407C9A |. 81C1 40114A00 |ADD ECX,WaGan.004A1140 ; |
00407CA0 |. E8 CF490000 |CALL WaGan.0040C674 ; \WaGan.0040C674
00407CB0 |. 81E1 FF000000 |AND ECX,0FF
00407CB6 |. 6BC9 19 |IMUL ECX,ECX,19
00407CB9 |. 81C1 40114A00 |ADD ECX,WaGan.004A1140
00407CBF |. E8 AA4A0000 |CALL WaGan.0040C76E
00407CC4 |. 85C0 |TEST EAX,EAX
00407CC6 |. 74 43 |JE SHORT WaGan.00407D0B
00407CEF |. 81E1 FF000000 |AND ECX,0FF
00407CF5 |. 6BC9 19 |IMUL ECX,ECX,19
00407CF8 |. 81C1 40114A00 |ADD ECX,WaGan.004A1140
00407CFE |. E8 AD600100 |CALL WaGan.0041DDB0
00407D5C |. 81C1 40114A00 ADD ECX,WaGan.004A1140
00407D62 |. E8 09600100 CALL WaGan.0041DD70
00407D67 |. 8A4D F4 MOV CL,BYTE PTR SS:[EBP-C]
00407E38 |. 6BC9 19 IMUL ECX,ECX,19
00407E3B |. 81C1 40114A00 ADD ECX,WaGan.004A1140
00407E41 |. E8 A4480000 CALL WaGan.0040C6EA
00407E46 |. 25 FF000000 AND EAX,0FF
00407E75 |. 6BC9 19 IMUL ECX,ECX,19
00407E78 |. 81C1 40114A00 ADD ECX,WaGan.004A1140
00407E7E |. E8 EB480000 CALL WaGan.0040C76E
00407E83 |. F7D8 NEG EAX
00407EA6 |. 81C1 40114A00 ADD ECX,WaGan.004A1140
00407EAC |. E8 BD480000 CALL WaGan.0040C76E
00407EB1 |. 85C0 TEST EAX,EAX
00407FBB |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
00407FBE |. 6BC9 19 IMUL ECX,ECX,19
00407FC1 |. 81C1 40114A00 ADD ECX,WaGan.004A1140
00407FC7 |. E8 34160000 CALL WaGan.00409600
00407FCC |. 85C0 TEST EAX,EAX
00408314 |. 81E1 FF000000 AND ECX,0FF
0040831A |. 6BC9 19 IMUL ECX,ECX,19
0040831D |. 81C1 40114A00 ADD ECX,WaGan.004A1140
00408323 |. E8 46440000 CALL WaGan.0040C76E
00408328 |. F7D8 NEG EAX
0040846E |. 6BC9 19 IMUL ECX,ECX,19
00408471 |. 81C1 40114A00 ADD ECX,WaGan.004A1140
00408477 |. 898D CCFEFFFF MOV DWORD PTR SS:[EBP-134],ECX
0040847D |. E8 A0340000 CALL WaGan.0040B922
0040BECB |. 81C1 40114A00 ADD ECX,WaGan.004A1140
0040BED1 |. E8 3A380500 CALL WaGan.0045F710
0040BED6 |> 5D POP EBP
0040DAB7 |. 81C1 40114A00 ADD ECX,WaGan.004A1140 ; |
0040DABD |. E8 E7ECFFFF CALL WaGan.0040C7A9 ; \WaGan.0040C7A9
0040DAC2 |. 50 PUSH EAX ; /Arg1
004144DA |. 81C1 40114A00 ADD ECX,WaGan.004A1140
004144E0 |. E8 6782FFFF CALL WaGan.0040C74C
004144E5 |. 85C0 TEST EAX,EAX
004144E7 |. 0F84 94000000 JE WaGan.00414581
00414504 |. 81C1 40114A00 ADD ECX,WaGan.004A1140
0041450A |. E8 5F82FFFF CALL WaGan.0040C76E
0041450F |. 85C0 TEST EAX,EAX
004145D8 |. 81C1 40114A00 ADD ECX,WaGan.004A1140
004145DE |. E8 0781FFFF CALL WaGan.0040C6EA
004145E3 |. 25 FF000000 AND EAX,0FF
004145E8 |. 83F8 03 CMP EAX,3
00414603 |. 6BC9 19 IMUL ECX,ECX,19
00414606 |. 81C1 40114A00 ADD ECX,WaGan.004A1140
0041460C |. E8 5D81FFFF CALL WaGan.0040C76E
00414641 |> \8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
00414644 |. 6BC9 19 IMUL ECX,ECX,19
00414647 |. 81C1 40114A00 ADD ECX,WaGan.004A1140
0041464D |. E8 9880FFFF CALL WaGan.0040C6EA
0041466E |. 81C1 40114A00 ADD ECX,WaGan.004A1140
00414674 |. E8 7180FFFF CALL WaGan.0040C6EA
00414679 |. 25 FF000000 AND EAX,0FF
004146A5 |> \8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
004146A8 |. 6BC9 19 IMUL ECX,ECX,19
004146AB |. 81C1 40114A00 ADD ECX,WaGan.004A1140
004146B1 |. E8 4A4FFFFF CALL WaGan.00409600
00416B75 |. 81C1 40114A00 |ADD ECX,WaGan.004A1140
00416B7B |. E8 CC5BFFFF |CALL WaGan.0040C74C
00416B80 |. 85C0 |TEST EAX,EAX
00416BA2 |. 8BC8 |MOV ECX,EAX
00416BA4 |. 6BC9 19 |IMUL ECX,ECX,19
00416BA7 |. 81C1 40114A00 |ADD ECX,WaGan.004A1140
00416BAD |. E8 BC5BFFFF |CALL WaGan.0040C76E
00416C63 |. 81C1 40114A00 |ADD ECX,WaGan.004A1140
00416C69 |. E8 9229FFFF |CALL WaGan.00409600
00416C6E |. 85C0 |TEST EAX,EAX
00416C70 |. 74 17 |JE SHORT WaGan.00416C89
0041B721 |. E8 110EFFFF |CALL WaGan.0040C537 ; \WaGan.0040C537
0041B726 |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
0041B729 |.^ EB D7 \JMP SHORT WaGan.0041B702
0041C4FC |. 81C1 40114A00 ADD ECX,WaGan.004A1140
0041C502 |. E8 39D0FEFF CALL WaGan.00409540
0041C507 |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
作者:
岱瀛 时间: 2007-12-30 21:35 标题: 处理反击
004063A4 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004063A7 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
004063AA |. 8A51 10 MOV DL,BYTE PTR DS:[ECX+10]
004063AD |. 8850 01 MOV BYTE PTR DS:[EAX+1],DL
004063B0 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004063B3 |. 33C9 XOR ECX,ECX
004063B5 |. 8A48 01 MOV CL,BYTE PTR DS:[EAX+1]
004063B8 |. 6BC9 24 IMUL ECX,ECX,24
004063BB |. 81C1 502C4B00 ADD ECX,Ekd5大白.004B2C50
004063C1 |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
004063C4 |. 833D 042E4900>CMP DWORD PTR DS:[492E04],1
004063CB |. 77 27 JA SHORT Ekd5大白.004063F4 退出没有攻击
004063CD |. 833D 042E4900>CMP DWORD PTR DS:[492E04],0
004063D4 |. 76 2D JBE SHORT Ekd5大白.00406403 正常反击不用28判断
004063D6 |. 6A 28 PUSH 28 反击后反击
004063D8 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004063DB |. E8 90920500 CALL Ekd5大白.0045F670 获取武将ecx的data编号
004063E0 |. 8BC8 MOV ECX,EAX ; |
004063E2 |. 6BC9 48 IMUL ECX,ECX,48 ; |
004063E5 |. 81C1 0000D600 ADD ECX,0D60000 ; |
004063EB |. E8 19160000 CALL Ekd5大白.00407A09 ; \Ekd5大白.00407A09 检测武将ecx是否装备特殊效果为08栈的特殊道具
004063F0 |. 85C0 TEST EAX,EAX
004063F2 |. 75 0F JNZ SHORT Ekd5大白.00406403 反击后再反击
004063F4 |> C705 042E4900>MOV DWORD PTR DS:[492E04],0
004063FE |. E9 E9000000 JMP Ekd5大白.004064EC 退出没有攻击
00406403 |> C745 F8 01000>MOV DWORD PTR SS:[EBP-8],1
0040640A |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0040640D |. E8 4ECFFFFF CALL Ekd5大白.00403360 //把ECX+6
00406412 |. 50 PUSH EAX ; /Arg1
00406413 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
00406416 |. 81C1 25040000 ADD ECX,425 ; |
0040641C |. E8 7F010000 CALL Ekd5大白.004065A0 ; \Ekd5大白.004065A0
00406421 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00406424 |. E8 95940300 CALL Ekd5大白.0043F8BE (获取反击武将兵种攻击范围)
00406429 |. 8845 F4 MOV BYTE PTR SS:[EBP-C],AL
0040642C |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
0040642F |. 8A02 MOV AL,BYTE PTR DS:[EDX]
00406431 |. A2 282C4B00 MOV BYTE PTR DS:[4B2C28],AL
00406436 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00406439 |. E8 52C80600 CALL Ekd5大白.00472C90 返回反击武将的当前体力
0040643E |. 85C0 TEST EAX,EAX
00406440 |. 75 09 JNZ SHORT Ekd5大白.0040644B
00406442 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00406449 |. EB 64 JMP SHORT Ekd5大白.004064AF 退出,反击武将HP等于0
0040644B |> 6A 08 PUSH 8 ; /Arg1 = 00000008
0040644D |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
00406450 |. E8 8B020000 CALL Ekd5大白.004066E0 ; \Ekd5大白.004066E0
00406455 |. 85C0 TEST EAX,EAX
00406457 |. 74 09 JE SHORT Ekd5大白.00406462
00406459 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00406460 |. EB 4D JMP SHORT Ekd5大白.004064AF 退出,反击武将当前处于混乱中
00406462 |> 6A 2C PUSH 2C ; /Arg1 = 0000002C
00406464 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
00406467 |. 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8] ; | 垃圾代码
0040646A |. E8 9A150000 CALL Ekd5大白.00407A09 ; \Ekd5大白.00407A09 被反击武将是否为无反击攻击
0040646F |. 85C0 TEST EAX,EAX
00406471 |. 74 09 JE SHORT Ekd5大白.0040647C
00406473 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
0040647A |. EB 33 JMP SHORT Ekd5大白.004064AF 退出,被反击武将是无反击攻击
0040647C |> 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] //被反击
0040647F |. 33C0 XOR EAX,EAX
00406481 |. 8A02 MOV AL,BYTE PTR DS:[EDX]
00406483 |. 8BF0 MOV ESI,EAX
00406485 |. 6A 00 PUSH 0 ; /Arg4 = 00000000
00406487 |. 6A 00 PUSH 0 ; |Arg3 = 00000000
00406489 |. 8A4D F4 MOV CL,BYTE PTR SS:[EBP-C] ; |
0040648C |. 51 PUSH ECX ; |Arg2
0040648D |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] ; |
00406490 |. 81C2 25040000 ADD EDX,425 ; |
00406496 |. 52 PUSH EDX ; |Arg1 这个是特殊内存地址的值
00406497 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0040649A |. E8 E7000300 CALL Ekd5大白.00436586 ; \Ekd5大白.00436586
0040649F |. 25 FF000000 AND EAX,0FF
004064A4 |. 3BF0 CMP ESI,EAX
004064A6 |. 74 07 JE SHORT Ekd5大白.004064AF
004064A8 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
004064AF |> 837D F8 00 CMP DWORD PTR SS:[EBP-8],0
004064B3 |. 74 37 JE SHORT Ekd5大白.004064EC 退出,无反击
004064B5 |. A1 042E4900 MOV EAX,DWORD PTR DS:[492E04]
004064BA |. 83C0 01 ADD EAX,1
004064BD |. A3 042E4900 MOV DWORD PTR DS:[492E04],EAX
004064C2 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
004064C5 |. 8A11 MOV DL,BYTE PTR DS:[ECX]
004064C7 |. 52 PUSH EDX ; /Arg2
004064C8 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; |
004064CB |. 8A48 01 MOV CL,BYTE PTR DS:[EAX+1] ; |
004064CE |. 51 PUSH ECX ; |Arg1
004064CF |. E8 55F30200 CALL Ekd5大白.00435829 ; \Ekd5大白.00435829
004064D4 |. 83C4 08 ADD ESP,8
004064D7 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
004064DA |. 8A02 MOV AL,BYTE PTR DS:[EDX]
004064DC |. 50 PUSH EAX ; /Arg2 反击者
004064DD |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
004064E0 |. 8A51 01 MOV DL,BYTE PTR DS:[ECX+1] ; |
004064E3 |. 52 PUSH EDX ; |Arg1 被反击者
004064E4 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
004064E7 |. E8 05000000 CALL Ekd5大白.004064F1 ; \Ekd5大白.004064F1 开始攻击进入攻击
004064EC |> 5E POP ESI
004064ED |. 8BE5 MOV ESP,EBP
004064EF |. 5D POP EBP
004064F0 \. C3 RETN
///////////////////////////////////////////////////////////////////////////////////攻击范围判断的
0043F8BE /$ 55 PUSH EBP
0043F8BF |. 8BEC MOV EBP,ESP
0043F8C1 |. 51 PUSH ECX
0043F8C2 |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0043F8C5 |. 6A 2A PUSH 2A ; /Arg1 = 0000002A
0043F8C7 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
0043F8CA |. 8B08 MOV ECX,DWORD PTR DS:[EAX] ; |
0043F8CC |. 6BC9 48 IMUL ECX,ECX,48 ; |
0043F8CF |. 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
0043F8D5 |. E8 2F81FCFF CALL 雪芸.00407A09 ; \雪芸.00407A09 判断是否带有远距离攻击的宝物
0043F8DA |. 85C0 TEST EAX,EAX
0043F8DC |. 74 17 JE SHORT 雪芸.0043F8F5
0043F8DE |. 6A 2A PUSH 2A ; /Arg1 = 0000002A
0043F8E0 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0043F8E3 |. 8B09 MOV ECX,DWORD PTR DS:[ECX] ; |
0043F8E5 |. 6BC9 48 IMUL ECX,ECX,48 ; |
0043F8E8 |. 81C1 681B4A00 ADD ECX,雪芸.004A1B68 ; |
0043F8EE |. E8 FF81FCFF CALL 雪芸.00407AF2 ; \雪芸.00407AF2 获取武将ecx装备特殊效果为08栈的特殊道具的特殊效果值
0043F8F3 |. EB 1E JMP SHORT 雪芸.0043F913 (这就是所谓的兵种覆盖宝物)
0043F8F5 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0043F8F8 |. E8 73E6FDFF CALL 雪芸.0041DF70 获取武将ecx的兵种
0043F8FD |. 8AC8 MOV CL,AL
0043F8FF |. 81E1 FF000000 AND ECX,0FF
0043F905 |. 6BC9 1B IMUL ECX,ECX,1B 乘以27(共27种职业)
0043F908 |. 81C1 A0BF4A00 ADD ECX,雪芸.004ABFA0
0043F90E |. E8 8D000100 CALL 雪芸.0044F9A0 ; 获取兵种的攻击范围
0043F913 |> 8BE5 MOV ESP,EBP
0043F915 |. 5D POP EBP
0043F916 \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:36 标题: 撤退台词
00441744 /$ 55 PUSH EBP
00441745 |. 8BEC MOV EBP,ESP
00441747 |. 83EC 08 SUB ESP,8
0044174A |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
0044174D |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
00441750 |. E8 3B75FDFF CALL WaGan.00418C90
00441755 |. 25 FF000000 AND EAX,0FF
0044175A |. 83F8 02 CMP EAX,2
0044175D |. 74 05 JE SHORT WaGan.00441764
0044175F |. E9 11020000 JMP WaGan.00441975
00441764 |> 837D 08 00 CMP DWORD PTR SS:[EBP+8],0
00441768 |. 74 32 JE SHORT WaGan.0044179C
0044176A |. 6A 00 PUSH 0 ; /Arg2 = 00000000
0044176C |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; |
0044176F |. 8A48 04 MOV CL,BYTE PTR DS:[EAX+4] ; |
00441772 |. 51 PUSH ECX ; |Arg1
00441773 |. B9 50424B00 MOV ECX,WaGan.004B4250 ; |
00441778 |. E8 93370100 CALL WaGan.00454F10 ; \WaGan.00454F10
0044177D |. 6A 01 PUSH 1 ; /Arg1 = 00000001
0044177F |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
00441782 |. E8 2F020000 CALL WaGan.004419B6 ; \WaGan.004419B6
00441787 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0044178A |. E8 55130000 CALL WaGan.00442AE4
0044178F |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
00441792 |. E8 32E5FFFF CALL WaGan.0043FCC9
00441797 |. E9 E0000000 JMP WaGan.0044187C
0044179C |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0044179F |. E8 8C170300 CALL WaGan.00472F30
004417A4 |. 85C0 TEST EAX,EAX
004417A6 |. 74 1A JE SHORT WaGan.004417C2
004417A8 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
004417AB |. E8 A4E7FFFF CALL WaGan.0043FF54
004417B0 |. 85C0 TEST EAX,EAX
004417B2 |. 74 0E JE SHORT WaGan.004417C2
004417B4 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
004417B7 |. 8B02 MOV EAX,DWORD PTR DS:[EDX]
004417B9 |. 50 PUSH EAX ; /Arg1
004417BA |. E8 BC010000 CALL WaGan.0044197B ; \WaGan.0044197B
004417BF |. 83C4 04 ADD ESP,4
004417C2 |> 837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
004417C6 |. 75 0C JNZ SHORT WaGan.004417D4
004417C8 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
004417CB |. E8 A0DE0100 CALL WaGan.0045F670
004417D0 |. 85C0 TEST EAX,EAX
004417D2 |. 75 24 JNZ SHORT WaGan.004417F8
004417D4 |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
004417D7 |. 8A51 07 MOV DL,BYTE PTR DS:[ECX+7]
004417DA |. 52 PUSH EDX ; /Arg2
004417DB |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; |
004417DE |. 8A48 06 MOV CL,BYTE PTR DS:[EAX+6] ; |
004417E1 |. 51 PUSH ECX ; |Arg1
004417E2 |. B9 50424B00 MOV ECX,WaGan.004B4250 ; |
004417E7 |. E8 53380100 CALL WaGan.0045503F ; \WaGan.0045503F
004417EC |. 6A 02 PUSH 2 ; /Arg1 = 00000002
004417EE |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
004417F1 |. E8 C0010000 CALL WaGan.004419B6 ; \WaGan.004419B6
004417F6 |. EB 2B JMP SHORT WaGan.00441823
004417F8 |> 6A 00 PUSH 0 ; /Arg2 = 00000000
004417FA |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; |
004417FD |. 8A42 04 MOV AL,BYTE PTR DS:[EDX+4] ; |
00441800 |. 50 PUSH EAX ; |Arg1
00441801 |. B9 50424B00 MOV ECX,WaGan.004B4250 ; |
00441806 |. E8 05370100 CALL WaGan.00454F10 ; \WaGan.00454F10
0044180B |. 6A 01 PUSH 1 ; /Arg2 = 00000001
0044180D |. 6A 10 PUSH 10 ; |Arg1 = 00000010
0044180F |. B9 B0694B00 MOV ECX,WaGan.004B69B0 ; |
00441814 |. E8 612E0300 CALL WaGan.0047467A ; \WaGan.0047467A
00441819 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0044181B |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0044181E |. E8 93010000 CALL WaGan.004419B6 ; \WaGan.004419B6
00441823 |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
00441826 |. E8 B9120000 CALL WaGan.00442AE4
0044182B |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0044182E |. E8 96E4FFFF CALL WaGan.0043FCC9
00441833 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
00441836 |. 8B11 MOV EDX,DWORD PTR DS:[ECX]
00441838 |. 52 PUSH EDX ; /Arg1
00441839 |. E8 5289FDFF CALL WaGan.0041A190 ; \WaGan.0041A190
0044183E |. 83C4 04 ADD ESP,4
00441841 |. 85C0 TEST EAX,EAX
00441843 |. 74 37 JE SHORT WaGan.0044187C
00441845 |. 68 FF000000 PUSH 0FF
0044184A |. 6A 01 PUSH 1
0044184C |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0044184F |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
00441851 |. 6BC9 48 IMUL ECX,ECX,48
00441854 |. 81C1 0000D600 ADD ECX,0D60000
0044185A |. E8 610FFFFF CALL WaGan.004327C0
0044185F |. 50 PUSH EAX ; |Arg1
00441860 |. E8 50E20300 CALL WaGan.0047FAB5 ; \WaGan.0047FAB5
00441865 |. 83C4 0C ADD ESP,0C
00441868 |. 50 PUSH EAX ; /Arg1
00441869 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0044186C |. 8B09 MOV ECX,DWORD PTR DS:[ECX] ; |
0044186E |. 6BC9 48 IMUL ECX,ECX,48 ; |
00441871 |. 81C1 0000D600 ADD ECX,0D60000 ; |
00441877 |. E8 84180000 CALL WaGan.00443100 ; \WaGan.00443100
0044187C |> 6A 03 PUSH 3 ; /Arg1 = 00000003
0044187E |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
00441881 |. E8 9A180000 CALL WaGan.00443120 ; \WaGan.00443120
00441886 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
00441889 |. C642 1E 00 MOV BYTE PTR DS:[EDX+1E],0
0044188D |. B9 083D4B00 MOV ECX,WaGan.004B3D08
00441892 |. E8 F38F0000 CALL WaGan.0044A88A
00441897 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0044189A |. E8 D1DD0100 CALL WaGan.0045F670
0044189F |. 50 PUSH EAX ; /Arg1
004418A0 |. E8 5C810300 CALL WaGan.00479A01 ; \WaGan.00479A01
004418A5 |. 83C4 04 ADD ESP,4
004418A8 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
004418AA |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
004418AD |. E8 82E4FFFF CALL WaGan.0043FD34 ; \WaGan.0043FD34
004418B2 |. C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
004418B6 |. EB 08 JMP SHORT WaGan.004418C0
004418B8 |> 8A45 FC /MOV AL,BYTE PTR SS:[EBP-4]
004418BB |. 04 01 |ADD AL,1
004418BD |. 8845 FC |MOV BYTE PTR SS:[EBP-4],AL
004418C0 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004418C3 |. 81E1 FF000000 |AND ECX,0FF
004418C9 |. 83F9 73 |CMP ECX,73
004418CC |. 0F8D A3000000 |JGE WaGan.00441975
004418D2 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
004418D5 |. 81E1 FF000000 |AND ECX,0FF
004418DB |. 6BC9 24 |IMUL ECX,ECX,24
004418DE |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004418E4 |. E8 27AAFDFF |CALL WaGan.0041C310
004418E9 |. 25 FF000000 |AND EAX,0FF
004418EE |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
004418F1 |. 33C9 |XOR ECX,ECX
004418F3 |. 8A4A 04 |MOV CL,BYTE PTR DS:[EDX+4]
004418F6 |. 3BC1 |CMP EAX,ECX
004418F8 |. 75 76 |JNZ SHORT WaGan.00441970
004418FA |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
004418FD |. 81E1 FF000000 |AND ECX,0FF
00441903 |. 6BC9 24 |IMUL ECX,ECX,24
00441906 |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
0044190C |. E8 BF41FEFF |CALL WaGan.00425AD0
00441911 |. 25 FF000000 |AND EAX,0FF
00441916 |. 85C0 |TEST EAX,EAX
00441918 |. 74 21 |JE SHORT WaGan.0044193B
0044191A |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
0044191D |. 81E1 FF000000 |AND ECX,0FF
00441923 |. 6BC9 24 |IMUL ECX,ECX,24
00441926 |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
0044192C |. E8 9F41FEFF |CALL WaGan.00425AD0
00441931 |. 25 FF000000 |AND EAX,0FF
00441936 |. 83F8 04 |CMP EAX,4
00441939 |. 75 35 |JNZ SHORT WaGan.00441970
0044193B |> 68 FF000000 |PUSH 0FF ; /Arg1 = 000000FF
00441940 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4] ; |
00441943 |. 81E1 FF000000 |AND ECX,0FF ; |
00441949 |. 6BC9 24 |IMUL ECX,ECX,24 ; |
0044194C |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50 ; |
00441952 |. E8 E9170000 |CALL WaGan.00443140 ; \WaGan.00443140
00441957 |. 6A 01 |PUSH 1 ; /Arg1 = 00000001
00441959 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4] ; |
0044195C |. 81E1 FF000000 |AND ECX,0FF ; |
00441962 |. 6BC9 24 |IMUL ECX,ECX,24 ; |
00441965 |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50 ; |
0044196B |. E8 F90C0000 |CALL WaGan.00442669 ; \WaGan.00442669
00441970 |>^ E9 43FFFFFF \JMP WaGan.004418B8
00441975 |> 8BE5 MOV ESP,EBP
00441977 |. 5D POP EBP
00441978 \. C2 0800 RETN 8
0044197B /$ 55 PUSH EBP
0044197C |. 8BEC MOV EBP,ESP
0044197E |. 81EC CC000000 SUB ESP,0CC
00441984 |. 837D 08 31 CMP DWORD PTR SS:[EBP+8],31 [EBP+8放着撤退台词编号]
00441988 |. 73 28 JNB SHORT WaGan.004419B2
0044198A |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0044198D |. 50 PUSH EAX ; /Arg2
0044198E |. 8D8D 34FFFFFF LEA ECX,DWORD PTR SS:[EBP-CC] ; |
00441994 |. 51 PUSH ECX ; |Arg1
00441995 |. E8 73A6FCFF CALL WaGan.0040C00D ; \WaGan.0040C00D
0044199A |. 83C4 08 ADD ESP,8
0044199D |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
004419A0 |. 52 PUSH EDX ; /Arg2
004419A1 |. 8D85 34FFFFFF LEA EAX,DWORD PTR SS:[EBP-CC] ; |
004419A7 |. 50 PUSH EAX ; |Arg1
004419A8 |. B9 F05D4B00 MOV ECX,WaGan.004B5DF0 ; |
004419AD |. E8 AB7C0100 CALL WaGan.0045965D ; \WaGan.0045965D
004419B2 |> 8BE5 MOV ESP,EBP
004419B4 |. 5D POP EBP
004419B5 \. C3 RETN
0040C00D /$ 55 PUSH EBP
0040C00E |. 8BEC MOV EBP,ESP
0040C010 |. 837D 0C 31 CMP DWORD PTR SS:[EBP+C],31 [EBP+C放着撤退台词编号]
0040C014 |. 72 02 JB SHORT WaGan.0040C018
0040C016 |. EB 15 JMP SHORT WaGan.0040C02D
0040C018 |> 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
0040C01B |. 05 8A020000 ADD EAX,28A
0040C020 |. 50 PUSH EAX ; /Arg2
0040C021 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
0040C024 |. 51 PUSH ECX ; |Arg1
0040C025 |. E8 2CFFFFFF CALL WaGan.0040BF56 ; \WaGan.0040BF56
0040C02A |. 83C4 08 ADD ESP,8
0040C02D |> 5D POP EBP
0040C02E \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:37 标题: 策略
00425627 /$ 55 PUSH EBP
00425628 |. 8BEC MOV EBP,ESP
0042562A |. 83EC 08 SUB ESP,8
0042562D |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
00425630 |. 8A45 0C MOV AL,BYTE PTR SS:[EBP+C]
00425633 |. 50 PUSH EAX ; /Arg2
00425634 |. 8A4D 08 MOV CL,BYTE PTR SS:[EBP+8] ; |
00425637 |. 51 PUSH ECX ; |Arg1
00425638 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0042563B |. E8 A1FBFFFF CALL 雪芸.004251E1 ; \雪芸.004251E1
00425640 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00425643 |. 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8]
00425646 |. E8 85040000 CALL 雪芸.00425AD0
0042564B |. 25 FF000000 AND EAX,0FF
00425650 |. 33C9 XOR ECX,ECX
00425652 |. 83F8 07 CMP EAX,7
00425655 |. 0F94C1 SETE CL
00425658 |. 51 PUSH ECX ; /Arg3
00425659 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; |
0042565C |. 8A42 01 MOV AL,BYTE PTR DS:[EDX+1] ; |
0042565F |. 50 PUSH EAX ; |Arg2
00425660 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
00425663 |. 8A11 MOV DL,BYTE PTR DS:[ECX] ; |
00425665 |. 52 PUSH EDX ; |Arg1
00425666 |. E8 5EA8FFFF CALL 雪芸.0041FEC9 ; \雪芸.0041FEC9
0042566B |. 83C4 0C ADD ESP,0C
0042566E |. 85C0 TEST EAX,EAX
00425670 |. 75 0E JNZ SHORT 雪芸.00425680
00425672 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00425675 |. 8B80 AC040000 MOV EAX,DWORD PTR DS:[EAX+4AC]
0042567B |. E9 3D030000 JMP 雪芸.004259BD
00425680 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00425683 |. 33D2 XOR EDX,EDX
00425685 |. 8A11 MOV DL,BYTE PTR DS:[ECX]
00425687 |. 33C0 XOR EAX,EAX
00425689 |. 8A82 C0664800 MOV AL,BYTE PTR DS:[EDX+4866C0]
0042568F |. 83F8 63 CMP EAX,63
00425692 |. 7E 37 JLE SHORT 雪芸.004256CB
00425694 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00425697 |. 33D2 XOR EDX,EDX
00425699 |. 8A11 MOV DL,BYTE PTR DS:[ECX]
0042569B |. 33C0 XOR EAX,EAX
0042569D |. 8A82 C0664800 MOV AL,BYTE PTR DS:[EDX+4866C0]
004256A3 |. 3D FF000000 CMP EAX,0FF
004256A8 |. 74 21 JE SHORT 雪芸.004256CB
004256AA |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004256AD |. 33D2 XOR EDX,EDX
004256AF |. 8A11 MOV DL,BYTE PTR DS:[ECX]
004256B1 |. 8A82 C0664800 MOV AL,BYTE PTR DS:[EDX+4866C0]
004256B7 |. 50 PUSH EAX ; /Arg1
004256B8 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
004256BB |. E8 3FC1FFFF CALL 雪芸.004217FF ; \雪芸.004217FF
004256C0 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004256C3 |. 8981 B0040000 MOV DWORD PTR DS:[ECX+4B0],EAX
004256C9 |. EB 0D JMP SHORT 雪芸.004256D8
004256CB |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
004256CE |. C782 B0040000>MOV DWORD PTR DS:[EDX+4B0],0
004256D8 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004256DB |. 33C9 XOR ECX,ECX
004256DD |. 8A08 MOV CL,BYTE PTR DS:[EAX]
004256DF |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
004256E2 |. 837D F8 43 CMP DWORD PTR SS:[EBP-8],43
004256E6 |. 0F87 A0020000 JA 雪芸.0042598C
004256EC |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
004256EF |. 33D2 XOR EDX,EDX
004256F1 |. 8A90 3F5A4200 MOV DL,BYTE PTR DS:[EAX+425A3F]
004256F7 |. FF2495 C35942>JMP DWORD PTR DS:[EDX*4+4259C3]
004256FE |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00425701 |. C681 54020000>MOV BYTE PTR DS:[ECX+254],40 损HP
00425708 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0042570B |. E8 2EDAFFFF CALL 雪芸.0042313E
00425710 |. E9 81020000 JMP 雪芸.00425996
00425715 |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00425718 |. C682 54020000>MOV BYTE PTR DS:[EDX+254],50
0042571F |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00425722 |. E8 17DAFFFF CALL 雪芸.0042313E
00425727 |. E9 6A020000 JMP 雪芸.00425996
0042572C |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 砂暴
0042572F |. C680 54020000>MOV BYTE PTR DS:[EAX+254],40
00425736 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00425739 |. E8 FCEAFFFF CALL 雪芸.0042423A
0042573E |. E9 53020000 JMP 雪芸.00425996
00425743 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00425746 |. C681 54020000>MOV BYTE PTR DS:[ECX+254],62
0042574D |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0042574F |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
00425752 |. E8 04DCFFFF CALL 雪芸.0042335B ; \雪芸.0042335B
00425757 |. E9 3A020000 JMP 雪芸.00425996
0042575C |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0042575F |. C682 54020000>MOV BYTE PTR DS:[EDX+254],64
00425766 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
00425768 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0042576B |. E8 EBDBFFFF CALL 雪芸.0042335B ; \雪芸.0042335B
00425770 |. E9 21020000 JMP 雪芸.00425996
00425775 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00425778 |. C680 54020000>MOV BYTE PTR DS:[EAX+254],60
0042577F |. 6A 00 PUSH 0 ; /Arg1 = 00000000
00425781 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
00425784 |. E8 D2DBFFFF CALL 雪芸.0042335B ; \雪芸.0042335B
00425789 |. E9 08020000 JMP 雪芸.00425996
0042578E |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00425791 |. C681 54020000>MOV BYTE PTR DS:[ECX+254],61
00425798 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0042579A |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0042579D |. E8 B9DBFFFF CALL 雪芸.0042335B ; \雪芸.0042335B
004257A2 |. E9 EF010000 JMP 雪芸.00425996
004257A7 |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
004257AA |. C682 54020000>MOV BYTE PTR DS:[EDX+254],70
004257B1 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
004257B3 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
004257B6 |. E8 8EDDFFFF CALL 雪芸.00423549 ; \雪芸.00423549
004257BB |. E9 D6010000 JMP 雪芸.00425996
004257C0 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004257C3 |. C680 54020000>MOV BYTE PTR DS:[EAX+254],71
004257CA |. 6A 00 PUSH 0 ; /Arg1 = 00000000
004257CC |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
004257CF |. E8 75DDFFFF CALL 雪芸.00423549 ; \雪芸.00423549
004257D4 |. E9 BD010000 JMP 雪芸.00425996
004257D9 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004257DC |. C681 54020000>MOV BYTE PTR DS:[ECX+254],72
004257E3 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
004257E5 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
004257E8 |. E8 5CDDFFFF CALL 雪芸.00423549 ; \雪芸.00423549
004257ED |. E9 A4010000 JMP 雪芸.00425996
004257F2 |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
004257F5 |. C682 54020000>MOV BYTE PTR DS:[EDX+254],74
004257FC |. 6A 00 PUSH 0 ; /Arg1 = 00000000
004257FE |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
00425801 |. E8 43DDFFFF CALL 雪芸.00423549 ; \雪芸.00423549
00425806 |. E9 8B010000 JMP 雪芸.00425996
0042580B |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0042580E |. C680 54020000>MOV BYTE PTR DS:[EAX+254],80
00425815 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00425818 |. E8 70DFFFFF CALL 雪芸.0042378D
0042581D |. E9 74010000 JMP 雪芸.00425996
00425822 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00425825 |. C681 54020000>MOV BYTE PTR DS:[ECX+254],90
0042582C |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0042582F |. E8 59DFFFFF CALL 雪芸.0042378D
00425834 |. E9 5D010000 JMP 雪芸.00425996
00425839 |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0042583C |. C682 54020000>MOV BYTE PTR DS:[EDX+254],0A8
00425843 |. 6A 01 PUSH 1 ; /Arg1 = 00000001
00425845 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
00425848 |. E8 0EDBFFFF CALL 雪芸.0042335B ; \雪芸.0042335B
0042584D |. E9 44010000 JMP 雪芸.00425996
00425852 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00425855 |. C680 54020000>MOV BYTE PTR DS:[EAX+254],0A2
0042585C |. 6A 01 PUSH 1 ; /Arg1 = 00000001
0042585E |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
00425861 |. E8 F5DAFFFF CALL 雪芸.0042335B ; \雪芸.0042335B
00425866 |. E9 2B010000 JMP 雪芸.00425996
0042586B |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0042586E |. C681 54020000>MOV BYTE PTR DS:[ECX+254],0A4
00425875 |. 6A 01 PUSH 1 ; /Arg1 = 00000001
00425877 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
0042587A |. E8 DCDAFFFF CALL 雪芸.0042335B ; \雪芸.0042335B
0042587F |. E9 12010000 JMP 雪芸.00425996
00425884 |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00425887 |. C682 54020000>MOV BYTE PTR DS:[EDX+254],0A0
0042588E |. 6A 01 PUSH 1 ; /Arg1 = 00000001
00425890 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
00425893 |. E8 C3DAFFFF CALL 雪芸.0042335B ; \雪芸.0042335B
00425898 |. E9 F9000000 JMP 雪芸.00425996
0042589D |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004258A0 |. C680 54020000>MOV BYTE PTR DS:[EAX+254],0A1
004258A7 |. 6A 01 PUSH 1 ; /Arg1 = 00000001
004258A9 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
004258AC |. E8 AADAFFFF CALL 雪芸.0042335B ; \雪芸.0042335B
004258B1 |. E9 E0000000 JMP 雪芸.00425996
004258B6 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004258B9 |. C681 54020000>MOV BYTE PTR DS:[ECX+254],0BF
004258C0 |. 6A 01 PUSH 1 ; /Arg1 = 00000001
004258C2 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
004258C5 |. E8 7FDCFFFF CALL 雪芸.00423549 ; \雪芸.00423549
004258CA |. E9 C7000000 JMP 雪芸.00425996
004258CF |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
004258D2 |. C682 54020000>MOV BYTE PTR DS:[EDX+254],0B8
004258D9 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004258DC |. E8 7FE0FFFF CALL 雪芸.00423960
004258E1 |. E9 B0000000 JMP 雪芸.00425996
004258E6 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004258E9 |. C680 54020000>MOV BYTE PTR DS:[EAX+254],0FF
004258F0 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004258F3 |. E8 E4E5FFFF CALL 雪芸.00423EDC
004258F8 |. E9 99000000 JMP 雪芸.00425996
004258FD |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00425900 |. C681 54020000>MOV BYTE PTR DS:[ECX+254],0C0
00425907 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0042590A |. E8 20E2FFFF CALL 雪芸.00423B2F
0042590F |. E9 82000000 JMP 雪芸.00425996
00425914 |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00425917 |. C682 54020000>MOV BYTE PTR DS:[EDX+254],0A0
0042591E |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00425921 |. E8 9AE3FFFF CALL 雪芸.00423CC0
00425926 |. EB 6E JMP SHORT 雪芸.00425996
00425928 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0042592B |. C680 54020000>MOV BYTE PTR DS:[EAX+254],0AF
00425932 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00425935 |. E8 86E3FFFF CALL 雪芸.00423CC0
0042593A |. EB 5A JMP SHORT 雪芸.00425996
0042593C |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0042593F |. C681 54020000>MOV BYTE PTR DS:[ECX+254],90
00425946 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00425949 |. E8 1EE4FFFF CALL 雪芸.00423D6C
0042594E |. EB 46 JMP SHORT 雪芸.00425996
00425950 |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00425953 |. C682 54020000>MOV BYTE PTR DS:[EDX+254],40
0042595A |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0042595D |. E8 3CF5FFFF CALL 雪芸.00424E9E
00425962 |. EB 32 JMP SHORT 雪芸.00425996
00425964 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00425967 |. C680 54020000>MOV BYTE PTR DS:[EAX+254],0FF
0042596E |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00425971 |. E8 9AEEFFFF CALL 雪芸.00424810
00425976 |. EB 1E JMP SHORT 雪芸.00425996
00425978 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0042597B |. C681 54020000>MOV BYTE PTR DS:[ECX+254],0BF
00425982 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00425985 |. E8 89EBFFFF CALL 雪芸.00424513
0042598A |. EB 0A JMP SHORT 雪芸.00425996
0042598C |> 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0042598F |. C682 54020000>MOV BYTE PTR DS:[EDX+254],0
00425996 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00425999 |. 83B8 B0040000>CMP DWORD PTR DS:[EAX+4B0],0
004259A0 |. 74 0A JE SHORT 雪芸.004259AC
004259A2 |. B9 88274900 MOV ECX,雪芸.00492788
004259A7 |. E8 EFCCFDFF CALL 雪芸.0040269B
004259AC |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004259AF |. E8 59D5FFFF CALL 雪芸.00422F0D
004259B4 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004259B7 |. 8B81 AC040000 MOV EAX,DWORD PTR DS:[ECX+4AC]
004259BD |> 8BE5 MOV ESP,EBP
004259BF |. 5D POP EBP
004259C0 \. C2 0800 RETN 8
004259C3 . FE564200 DD 雪芸.004256FE ; 分支表 被用于 004256F7
004259C7 . 2C574200 DD 雪芸.0042572C
004259CB . FE564200 DD 雪芸.004256FE
004259CF . 15574200 DD 雪芸.00425715
004259D3 . 43574200 DD 雪芸.00425743
004259D7 . 5C574200 DD 雪芸.0042575C
004259DB . 75574200 DD 雪芸.00425775
004259DF . 8E574200 DD 雪芸.0042578E
004259E3 . C0574200 DD 雪芸.004257C0
004259E7 . A7574200 DD 雪芸.004257A7
004259EB . D9574200 DD 雪芸.004257D9
004259EF . F2574200 DD 雪芸.004257F2
004259F3 . E6584200 DD 雪芸.004258E6
004259F7 . 0B584200 DD 雪芸.0042580B
004259FB . 22584200 DD 雪芸.00425822
004259FF . B6584200 DD 雪芸.004258B6
00425A03 . 39584200 DD 雪芸.00425839
00425A07 . 52584200 DD 雪芸.00425852
00425A0B . 6B584200 DD 雪芸.0042586B
00425A0F . 84584200 DD 雪芸.00425884
00425A13 . 9D584200 DD 雪芸.0042589D
00425A17 . CF584200 DD 雪芸.004258CF
00425A1B . FD584200 DD 雪芸.004258FD
00425A1F . 14594200 DD 雪芸.00425914
00425A23 . 3C594200 DD 雪芸.0042593C
00425A27 . 28594200 DD 雪芸.00425928
00425A2B . 50594200 DD 雪芸.00425950
00425A2F . FE564200 DD 雪芸.004256FE
00425A33 . 64594200 DD 雪芸.00425964
00425A37 . 78594200 DD 雪芸.00425978
00425A3B . 8C594200 DD 雪芸.0042598C
00425A3F . 00 DB 00 灼热 ; 分支 004259C3 索引表 //策略效果编号
00425A40 . 00 DB 00 烈火
00425A41 . 00 DB 00 火阵
00425A42 . 00 DB 00 火龙
00425A43 . 00 DB 00 暴炎
00425A44 . 00 DB 00 浊流
00425A45 . 00 DB 00 激流
00425A46 . 00 DB 00 水阵
00425A47 . 00 DB 00 水龙
00425A48 . 00 DB 00 海啸
00425A49 . 00 DB 00 旋风
00425A4A . 00 DB 00 龙卷
00425A4B . 00 DB 00 风阵
00425A4C . 00 DB 00 风龙 --〉004256FE 损HP
00425A4D . 01 DB 01 砂暴 --〉0042572C
00425A4E . 02 DB 02 落石
00425A4F . 02 DB 02 落岩
00425A50 . 02 DB 02 地阵
00425A51 . 02 DB 02 地龙
00425A52 . 02 DB 02 山崩
00425A53 . 02 DB 02 诱惑
00425A54 . 02 DB 02 晕眩 --〉004256FE 损HP
00425A55 . 03 DB 03 碟报 --〉00425715
00425A56 . 04 DB 04 钝兵 --〉00425743
00425A57 . 04 DB 04 钝队
00425A58 . 05 DB 05 虚脱 0042575C
00425A59 . 05 DB 05 厌战
00425A5A . 06 DB 06 压迫 00425775
00425A5B . 06 DB 06 威吓
00425A5C . 07 DB 07 咒骂
00425A5D . 07 DB 07 挑泼
00425A5E . 08 DB 08 流言
00425A5F . 08 DB 08 谎报
00425A60 . 09 DB 09 毒烟
00425A61 . 09 DB 09 毒雾
00425A62 . 0A DB 0A 困敌
00425A63 . 0A DB 0A 定军
00425A64 . 0B DB 0B 封咒
00425A65 . 0C DB 0C 八阵图
00425A66 . 0D DB 0D 小补给
00425A67 . 0D DB 0D 大补给
00425A68 . 0D DB 0D 援队
00425A69 . 0D DB 0D 援军
00425A6A . 0D DB 0D 输送
00425A6B . 0E DB 0E 建言
00425A6C . 0E DB 0E 献策
00425A6D . 0F DB 0F 觉醒
00425A6E . 0F DB 0F 大觉醒
00425A6F . 10 DB 10 强行
00425A70 . 11 DB 11 练兵
00425A71 . 11 DB 11 练队
00425A72 . 12 DB 12 昂扬
00425A73 . 12 DB 12 欢声
00425A74 . 13 DB 13 奋起
00425A75 . 13 DB 13 鼓舞
00425A76 . 14 DB 14 坚固
00425A77 . 14 DB 14 强阵
00425A78 . 15 DB 15 回归
00425A79 . 16 DB 16 豪雨
00425A7A . 16 DB 16 晴明
00425A7B . 16 DB 16 云天
00425A7C . 17 DB 17 气合
00425A7D . 18 DB 18 冥想
00425A7E . 19 DB 19 霸气
00425A7F . 1A DB 1A 青龙
00425A80 . 1B DB 1B 朱雀
00425A81 . 1C DB 1C 玄武
00425A82 . 1D DB 1D 白虎
------------------------------------------------------
跳转号 效果号 策略效果
00 40 损HP,包括朱雀
01 40 砂暴
03 50 谍报
04 62 降低敏捷
05 64 降低士气
06 60 降低能力
07 61 降低防御
08 71 混乱
09 70 中毒
0A 72 麻痹
0B 74 封咒
0C FF 八阵图
0D 80 加HP
0E 90 加MP
0F BF 恢复状态
10 A8 增加移动力
11 A2 增加敏捷
12 A4 增加士气
13 A0 增加能力
14 A1 增加防御
15 B8 再次行动
16 C0 气候变化
17 A0 气合
18 90 冥想
19 AF 霸气
1A 40 青龙
1C FF 玄武
1D BF 白虎
作者:
岱瀛 时间: 2007-12-30 21:37 标题: 菜单处理响应函数
00474C59 /$ 55 PUSH EBP
00474C5A |. 8BEC MOV EBP,ESP
00474C5C |. 6A FF PUSH -1
00474C5E |. 68 885B4800 PUSH 雪芸.00485B88 ; SE 处理程序安装
00474C63 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
00474C69 |. 50 PUSH EAX
00474C6A |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
00474C71 |. 81EC 180B0000 SUB ESP,0B18
00474C77 |. 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
00474C7A |. 8985 DCF4FFFF MOV DWORD PTR SS:[EBP-B24],EAX
00474C80 |. 83BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],65
00474C87 |. 77 1B JA SHORT 雪芸.00474CA4
00474C89 |. 83BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],65
00474C90 |. 0F84 8B000000 JE 雪芸.00474D21 存档
00474C96 |. 83BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],14
00474C9D |. 74 7B JE SHORT 雪芸.00474D1A
00474C9F |. E9 7F010000 JMP 雪芸.00474E23
00474CA4 |> 81BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],9C89
00474CAE |. 77 39 JA SHORT 雪芸.00474CE9 宝物图鉴,地形情报,道具一览,
00474CB0 |. 81BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],9C89
00474CBA |. 0F84 44010000 JE 雪芸.00474E04 版本情报
00474CC0 |. 8B8D DCF4FFFF MOV ECX,DWORD PTR SS:[EBP-B24]
00474CC6 |. 83E9 66 SUB ECX,66
00474CC9 |. 898D DCF4FFFF MOV DWORD PTR SS:[EBP-B24],ECX
00474CCF |. 83BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],8
00474CD6 |. 0F87 47010000 JA 雪芸.00474E23
00474CDC |. 8B95 DCF4FFFF MOV EDX,DWORD PTR SS:[EBP-B24]
00474CE2 |. FF2495 334E47>JMP DWORD PTR DS:[EDX*4+474E33]
00474CE9 |> 81BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],9CD3
00474CF3 |. 74 79 JE SHORT 雪芸.00474D6E
00474CF5 |. 81BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],9CD6
00474CFF |. 0F84 81000000 JE 雪芸.00474D86
00474D05 |. 81BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],9CD7 宝物图鉴
00474D0F |. 0F84 A2000000 JE 雪芸.00474DB7
00474D15 |. E9 09010000 JMP 雪芸.00474E23
00474D1A |> 33C0 XOR EAX,EAX
00474D1C |. E9 04010000 JMP 雪芸.00474E25
00474D21 |> E8 4057FAFF CALL 雪芸.0041A466
00474D26 |. E9 F8000000 JMP 雪芸.00474E23
00474D2B |> E8 C956FAFF CALL 雪芸.0041A3F9
00474D30 |. E9 EE000000 JMP 雪芸.00474E23
00474D35 |> 6A 00 PUSH 0 ; /lParam = 0
00474D37 |. 6A 00 PUSH 0 ; |wParam = 0
00474D39 |. 6A 10 PUSH 10 ; |Message = WM_CLOSE
00474D3B |. A1 686A4B00 MOV EAX,DWORD PTR DS:[4B6A68] ; |
00474D40 |. 50 PUSH EAX ; |hWnd => B0B9E
00474D41 |. FF15 18634800 CALL DWORD PTR DS:[<&USER32.PostMessageA>; \PostMessageA
00474D47 |. E9 D7000000 JMP 雪芸.00474E23
00474D4C |> 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00474D4F |. 51 PUSH ECX ; /Arg2
00474D50 |. 8B15 606A4B00 MOV EDX,DWORD PTR DS:[4B6A60] ; |雪芸.00400000
00474D56 |. 52 PUSH EDX ; |Arg1 => 00400000
00474D57 |. E8 2E620000 CALL 雪芸.0047AF8A ; \雪芸.0047AF8A
00474D5C |. 83C4 08 ADD ESP,8
00474D5F |. E9 BF000000 JMP 雪芸.00474E23
00474D64 |> E8 834FFDFF CALL 雪芸.00449CEC
00474D69 |. E9 B5000000 JMP 雪芸.00474E23
00474D6E |> 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00474D71 |. 50 PUSH EAX ; /Arg2
00474D72 |. 8B0D 606A4B00 MOV ECX,DWORD PTR DS:[4B6A60] ; |雪芸.00400000
00474D78 |. 51 PUSH ECX ; |Arg1 => 00400000
00474D79 |. E8 0E36FFFF CALL 雪芸.0046838C ; \雪芸.0046838C
00474D7E |. 83C4 08 ADD ESP,8
00474D81 |. E9 9D000000 JMP 雪芸.00474E23
00474D86 |> 8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-C4]
00474D8C |. E8 8F080000 CALL 雪芸.00475620
00474D91 |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
00474D98 |. 8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-C4]
00474D9E |. E8 D3A0FFFF CALL 雪芸.0046EE76
00474DA3 |. C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
00474DAA |. 8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-C4]
00474DB0 |. E8 EB080000 CALL 雪芸.004756A0
00474DB5 |. EB 6C JMP SHORT 雪芸.00474E23
00474DB7 |> 8D8D ECF4FFFF LEA ECX,DWORD PTR SS:[EBP-B14]
00474DBD |. E8 3E090000 CALL 雪芸.00475700
00474DC2 |. C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
00474DC9 |. 8D8D ECF4FFFF LEA ECX,DWORD PTR SS:[EBP-B14]
00474DCF |. E8 ACC2FFFF CALL 雪芸.00471080
00474DD4 |. C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
00474DDB |. 8D8D ECF4FFFF LEA ECX,DWORD PTR SS:[EBP-B14]
00474DE1 |. E8 4A090000 CALL 雪芸.00475730
00474DE6 |. EB 3B JMP SHORT 雪芸.00474E23
00474DE8 |> E8 5671FAFF CALL 雪芸.0041BF43
00474DED |. EB 34 JMP SHORT 雪芸.00474E23
00474DEF |> E8 A24FFDFF CALL 雪芸.00449D96
00474DF4 |. EB 2D JMP SHORT 雪芸.00474E23
00474DF6 |> E8 B34EFDFF CALL 雪芸.00449CAE
00474DFB |. EB 26 JMP SHORT 雪芸.00474E23
00474DFD |> E8 D04EFDFF CALL 雪芸.00449CD2
00474E02 |. EB 1F JMP SHORT 雪芸.00474E23
00474E04 |> 8D8D E0F4FFFF LEA ECX,DWORD PTR SS:[EBP-B20]
00474E0A |. E8 9195F9FF CALL 雪芸.0040E3A0
00474E0F |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
00474E12 |. 52 PUSH EDX ; /Arg2
00474E13 |. 68 5C010000 PUSH 15C ; |Arg1 = 0000015C
00474E18 |. 8D8D E0F4FFFF LEA ECX,DWORD PTR SS:[EBP-B20] ; |
00474E1E |. E8 7582FFFF CALL 雪芸.0046D098 ; \雪芸.0046D098
00474E23 |> 33C0 XOR EAX,EAX 退出
00474E25 |> 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
00474E28 |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
00474E2F |. 8BE5 MOV ESP,EBP
00474E31 |. 5D POP EBP
00474E32 \. C3 RETN
00474E33 . 2B4D4700 DD 雪芸.00474D2B 读档 ; 分支表 被用于 00474CE2
00474E37 . 234E4700 DD 雪芸.00474E23 退出
00474E3B . 354D4700 DD 雪芸.00474D35 结束游戏
00474E3F . 4C4D4700 DD 雪芸.00474D4C 武将情报一览
00474E43 . 644D4700 DD 雪芸.00474D64 胜利条件
00474E47 . E84D4700 DD 雪芸.00474DE8 环境设定
00474E4B . EF4D4700 DD 雪芸.00474DEF 战场缩略图
00474E4F . F64D4700 DD 雪芸.00474DF6 结束回合
00474E53 . FD4D4700 DD 雪芸.00474DFD 检索未执行部队
作者:
岱瀛 时间: 2007-12-30 21:37 标题: 背景显示
0040BC1A /$ 55 PUSH EBP
0040BC1B |. 8BEC MOV EBP,ESP
0040BC1D |. 837D 08 FF CMP DWORD PTR SS:[EBP+8],-1
0040BC21 |. 73 12 JNB SHORT WaGan.0040BC35
0040BC23 |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
0040BC26 |. 50 PUSH EAX ; /Arg2
0040BC27 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
0040BC2A |. 51 PUSH ECX ; |Arg1
0040BC2B |. B9 40C64A00 MOV ECX,WaGan.004AC640 ; | Mmap.e5的句柄地址
0040BC30 |. E8 54400100 CALL WaGan.0041FC89 ; \WaGan.0041FC89 里面是文件操作
0040BC35 |> 5D POP EBP
0040BC36 \. C3 RETN
00413DFB |. FF2485 AD3E41>JMP DWORD PTR DS:[EAX*4+413EAD]
===Eax=3, 战场地图
00413E02 |> 8A4D EC MOV CL,BYTE PTR SS:[EBP-14]
00413E05 |. 51 PUSH ECX ; /Arg2
00413E06 |. 8A55 FC MOV DL,BYTE PTR SS:[EBP-4] ; |
00413E09 |. 52 PUSH EDX ; |Arg1
00413E0A |. E8 C17DFFFF CALL WaGan.0040BBD0 ; \WaGan.0040BBD0
00413E0F |. 83C4 08 ADD ESP,8
00413E12 |. 8A45 EC MOV AL,BYTE PTR SS:[EBP-14]
00413E15 |. A2 083D4B00 MOV BYTE PTR DS:[4B3D08],AL
00413E1A |. EB 79 JMP SHORT WaGan.00413E95
=====Eax=2 内场景
00413E1C |> 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
00413E1F |. 81E1 FFFF0000 AND ECX,0FFFF
00413E25 |. 81F9 FFFF0000 CMP ECX,0FFFF
00413E2B |. 75 06 JNZ SHORT WaGan.00413E33
00413E2D |. 66:C745 F4 00>MOV WORD PTR SS:[EBP-C],0
00413E33 |> 8A55 F4 MOV DL,BYTE PTR SS:[EBP-C]
00413E36 |. 52 PUSH EDX ; /Arg2
00413E37 |. 8A45 FC MOV AL,BYTE PTR SS:[EBP-4] ; |
00413E3A |. 50 PUSH EAX ; |Arg1
00413E3B |. E8 907DFFFF CALL WaGan.0040BBD0 ; \WaGan.0040BBD0
00413E40 |. 83C4 08 ADD ESP,8
00413E43 |. EB 50 JMP SHORT WaGan.00413E95
=====Eax=0 外场景
00413E45 |> 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
00413E48 |. 81E1 FFFF0000 AND ECX,0FFFF
00413E4E |. 81F9 FFFF0000 CMP ECX,0FFFF
00413E54 |. 75 06 JNZ SHORT WaGan.00413E5C
00413E56 |. 66:C745 F0 00>MOV WORD PTR SS:[EBP-10],0
00413E5C |> 8A55 F0 MOV DL,BYTE PTR SS:[EBP-10]
00413E5F |. 52 PUSH EDX ; /Arg2
00413E60 |. 8A45 FC MOV AL,BYTE PTR SS:[EBP-4] ; |
00413E63 |. 50 PUSH EAX ; |Arg1
00413E64 |. E8 677DFFFF CALL WaGan.0040BBD0 ; \WaGan.0040BBD0
00413E69 |. 83C4 08 ADD ESP,8
00413E6C |. EB 27 JMP SHORT WaGan.00413E95
=====Eax=1 中国地图
00413E6E |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
00413E71 |. 81E1 FFFF0000 AND ECX,0FFFF
00413E77 |. 81F9 FFFF0000 CMP ECX,0FFFF
00413E7D |. 75 06 JNZ SHORT WaGan.00413E85
00413E7F |. 66:C745 F8 00>MOV WORD PTR SS:[EBP-8],0
00413E85 |> 8A55 F8 MOV DL,BYTE PTR SS:[EBP-8]
00413E88 |. 52 PUSH EDX ; /Arg2
00413E89 |. 8A45 FC MOV AL,BYTE PTR SS:[EBP-4] ; |
00413E8C |. 50 PUSH EAX ; |Arg1
00413E8D |. E8 3E7DFFFF CALL WaGan.0040BBD0 ; \WaGan.0040BBD0
00413E92 |. 83C4 08 ADD ESP,8
00413E95 |> 8B0D 9CBF4A00 MOV ECX,DWORD PTR DS:[4ABF9C]
00413E9B |. 83C9 02 OR ECX,2
00413E9E |. 890D 9CBF4A00 MOV DWORD PTR DS:[4ABF9C],ECX
00413EA4 |. B8 02000000 MOV EAX,2
00413EA9 |> 8BE5 MOV ESP,EBP
00413EAB |. 5D POP EBP
00413EAC \. C3 RETN
00413EAD . 453E4100 DD WaGan.00413E45 ; 分支表 被用于 00413DFB
00413EB1 . 6E3E4100 DD WaGan.00413E6E
00413EB5 . 1C3E4100 DD WaGan.00413E1C
00413EB9 . 023E4100 DD WaGan.00413E02
核心函数:
0040BBD0 /$ 55 PUSH EBP
0040BBD1 |. 8BEC MOV EBP,ESP
0040BBD3 |. 8A45 08 MOV AL,BYTE PTR SS:[EBP+8]
0040BBD6 |. 50 PUSH EAX ; /Arg1
0040BBD7 |. B9 3CC64A00 MOV ECX,WaGan.004AC63C ; |
0040BBDC |. E8 1F020000 CALL WaGan.0040BE00 ; \WaGan.0040BE00 将08栈的值,写入Ecx地址所指的地方
0040BBE1 |. E8 3CFDFFFF CALL WaGan.0040B922 读写入的值
0040BBE6 |. 85C0 TEST EAX,EAX
0040BBE8 |. 74 11 JE SHORT WaGan.0040BBFB
0040BBEA |. 68 FF000000 PUSH 0FF ; /Arg1 = 000000FF
0040BBEF |. B9 3CC64A00 MOV ECX,WaGan.004AC63C ; |
0040BBF4 |. E8 27020000 CALL WaGan.0040BE20 ; \WaGan.0040BE20将08栈的值,写入Ecx地址+1所指的地方
0040BBF9 |. EB 0E JMP SHORT WaGan.0040BC09
0040BBFB |> 8A4D 0C MOV CL,BYTE PTR SS:[EBP+C]
0040BBFE |. 51 PUSH ECX ; /Arg1 这个就是图象是第几张
0040BBFF |. B9 3CC64A00 MOV ECX,WaGan.004AC63C ; |
0040BC04 |. E8 17020000 CALL WaGan.0040BE20 ; \WaGan.0040BE20 将08栈的值,写入Ecx地址+1所指的地方
0040BC09 |> 8B15 9CBF4A00 MOV EDX,DWORD PTR DS:[4ABF9C]
0040BC0F |. 83CA 02 OR EDX,2
0040BC12 |. 8915 9CBF4A00 MOV DWORD PTR DS:[4ABF9C],EDX
0040BC18 |. 5D POP EBP
0040BC19 \. C3 RETN
绘图:
00413EBD /. 55 PUSH EBP
00413EBE |. 8BEC MOV EBP,ESP
00413EC0 |. E8 4E7AFFFF CALL WaGan.0040B913 取4AC63C地址的值 (是单字节AL,所以马上AND一下)
00413EC5 |. 25 FF000000 AND EAX,0FF
00413ECA |. 83F8 02 CMP EAX,2
00413ECD |. 75 07 JNZ SHORT WaGan.00413ED6
00413ECF |. E8 3D4C0100 CALL WaGan.00428B11
00413ED4 |. EB 05 JMP SHORT WaGan.00413EDB
00413ED6 |> E8 2AA50000 CALL WaGan.0041E405 //非内场景
00413EDB |> B8 01000000 MOV EAX,1
00413EE0 |. 5D POP EBP
00413EE1 \. C3 RETN
0040B913 /$ 55 PUSH EBP
0040B914 |. 8BEC MOV EBP,ESP
0040B916 |. B9 3CC64A00 MOV ECX,WaGan.004AC63C
0040B91B |. E8 90FFFFFF CALL WaGan.0040B8B0
0040B920 |. 5D POP EBP
0040B921 \. C3 RETN
0041E405 /$ 55 PUSH EBP
0041E406 |. 8BEC MOV EBP,ESP
0041E408 |. 81EC 14030000 SUB ESP,314
0041E40E |. C745 F4 70774>MOV DWORD PTR SS:[EBP-C],WaGan.00497770
0041E415 |. A1 686A4B00 MOV EAX,DWORD PTR DS:[4B6A68]
0041E41A |. 50 PUSH EAX ; /hWnd => NULL
0041E41B |. FF15 98624800 CALL DWORD PTR DS:[<&USER32.GetDC>] ; \GetDC
0041E421 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
0041E424 |. 6A 0C PUSH 0C ; /Index = BITSPIXEL
0041E426 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
0041E429 |. 51 PUSH ECX ; |hDC
0041E42A |. FF15 3C604800 CALL DWORD PTR DS:[<&GDI32.GetDeviceCaps>] ; \GetDeviceCaps
0041E430 |. 33D2 XOR EDX,EDX
0041E432 |. 83F8 08 CMP EAX,8
0041E435 |. 0F94C2 SETE DL
0041E438 |. 8955 F8 MOV DWORD PTR SS:[EBP-8],EDX
0041E43B |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0041E43E |. 50 PUSH EAX ; /hDC
0041E43F |. 8B0D 686A4B00 MOV ECX,DWORD PTR DS:[4B6A68] ; |
0041E445 |. 51 PUSH ECX ; |hWnd => NULL
0041E446 |. FF15 9C624800 CALL DWORD PTR DS:[<&USER32.ReleaseDC>] ; \ReleaseDC
0041E44C |. 6A 07 PUSH 7
0041E44E |. E8 77ED0500 CALL WaGan.0047D1CA
0041E453 |. 83C4 04 ADD ESP,4
0041E456 |. C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
0041E45A |. EB 09 JMP SHORT WaGan.0041E465
0041E45C |> 8A55 FC /MOV DL,BYTE PTR SS:[EBP-4]
0041E45F |. 80C2 01 |ADD DL,1
0041E462 |. 8855 FC |MOV BYTE PTR SS:[EBP-4],DL
0041E465 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0041E468 |. 25 FF000000 |AND EAX,0FF
0041E46D |. 83F8 0A |CMP EAX,0A //10个阶层的显示亮度
0041E470 |. 0F8D 17010000 |JGE WaGan.0041E58D
0041E476 |. E8 49060600 |CALL WaGan.0047EAC4 //发消息的
0041E47B |. C785 ECFCFFFF>|MOV DWORD PTR SS:[EBP-314],0A
0041E485 |. EB 0F |JMP SHORT WaGan.0041E496
0041E487 |> 8B8D ECFCFFFF |/MOV ECX,DWORD PTR SS:[EBP-314]
0041E48D |. 83C1 01 ||ADD ECX,1
0041E490 |. 898D ECFCFFFF ||MOV DWORD PTR SS:[EBP-314],ECX
0041E496 |> 81BD ECFCFFFF>| CMP DWORD PTR SS:[EBP-314],0F6
0041E4A0 |. 0F83 B5000000 ||JNB WaGan.0041E55B
0041E4A6 |. 8B95 ECFCFFFF ||MOV EDX,DWORD PTR SS:[EBP-314]
0041E4AC |. 6BD2 03 ||IMUL EDX,EDX,3
0041E4AF |. 8B45 F4 ||MOV EAX,DWORD PTR SS:[EBP-C]
0041E4B2 |. 33C9 ||XOR ECX,ECX
0041E4B4 |. 8A0C10 ||MOV CL,BYTE PTR DS:[EAX+EDX]
0041E4B7 |. 8BC1 ||MOV EAX,ECX
0041E4B9 |. 8B55 FC ||MOV EDX,DWORD PTR SS:[EBP-4]
0041E4BC |. 81E2 FF000000 ||AND EDX,0FF
0041E4C2 |. 0FAFC2 ||IMUL EAX,EDX
0041E4C5 |. 6BC0 0A ||IMUL EAX,EAX,0A
0041E4C8 |. 99 ||CDQ
0041E4C9 |. B9 64000000 ||MOV ECX,64
0041E4CE |. F7F9 ||IDIV ECX
0041E4D0 |. 8B95 ECFCFFFF ||MOV EDX,DWORD PTR SS:[EBP-314]
0041E4D6 |. 6BD2 03 ||IMUL EDX,EDX,3
0041E4D9 |. 888415 F0FCFF>||MOV BYTE PTR SS:[EBP+EDX-310],AL
0041E4E0 |. 8B85 ECFCFFFF ||MOV EAX,DWORD PTR SS:[EBP-314]
0041E4E6 |. 6BC0 03 ||IMUL EAX,EAX,3
0041E4E9 |. 8B4D F4 ||MOV ECX,DWORD PTR SS:[EBP-C]
0041E4EC |. 33D2 ||XOR EDX,EDX
0041E4EE |. 8A5401 01 ||MOV DL,BYTE PTR DS:[ECX+EAX+1]
0041E4F2 |. 8BC2 ||MOV EAX,EDX
0041E4F4 |. 8B4D FC ||MOV ECX,DWORD PTR SS:[EBP-4]
0041E4F7 |. 81E1 FF000000 ||AND ECX,0FF
0041E4FD |. 0FAFC1 ||IMUL EAX,ECX
0041E500 |. 6BC0 0A ||IMUL EAX,EAX,0A
0041E503 |. 99 ||CDQ
0041E504 |. B9 64000000 ||MOV ECX,64
0041E509 |. F7F9 ||IDIV ECX
0041E50B |. 8B95 ECFCFFFF ||MOV EDX,DWORD PTR SS:[EBP-314]
0041E511 |. 6BD2 03 ||IMUL EDX,EDX,3
0041E514 |. 888415 F1FCFF>||MOV BYTE PTR SS:[EBP+EDX-30F],AL
0041E51B |. 8B85 ECFCFFFF ||MOV EAX,DWORD PTR SS:[EBP-314]
0041E521 |. 6BC0 03 ||IMUL EAX,EAX,3
0041E524 |. 8B4D F4 ||MOV ECX,DWORD PTR SS:[EBP-C]
0041E527 |. 33D2 ||XOR EDX,EDX
0041E529 |. 8A5401 02 ||MOV DL,BYTE PTR DS:[ECX+EAX+2]
0041E52D |. 8BC2 ||MOV EAX,EDX
0041E52F |. 8B4D FC ||MOV ECX,DWORD PTR SS:[EBP-4]
0041E532 |. 81E1 FF000000 ||AND ECX,0FF
0041E538 |. 0FAFC1 ||IMUL EAX,ECX
0041E53B |. 6BC0 0A ||IMUL EAX,EAX,0A
0041E53E |. 99 ||CDQ
0041E53F |. B9 64000000 ||MOV ECX,64
0041E544 |. F7F9 ||IDIV ECX
0041E546 |. 8B95 ECFCFFFF ||MOV EDX,DWORD PTR SS:[EBP-314]
0041E54C |. 6BD2 03 ||IMUL EDX,EDX,3
0041E54F |. 888415 F2FCFF>||MOV BYTE PTR SS:[EBP+EDX-30E],AL
0041E556 |.^ E9 2CFFFFFF |\JMP WaGan.0041E487
0041E55B |> 8D85 0EFDFFFF |LEA EAX,DWORD PTR SS:[EBP-2F2]
0041E561 |. 50 |PUSH EAX
0041E562 |. 68 EC000000 |PUSH 0EC
0041E567 |. 6A 0A |PUSH 0A
0041E569 |. E8 F9020600 |CALL WaGan.0047E867 绘图
0041E56E |. 83C4 0C |ADD ESP,0C
0041E571 |. 837D F8 00 |CMP DWORD PTR SS:[EBP-8],0
0041E575 |. 74 11 |JE SHORT WaGan.0041E588
0041E577 |. 6A 01 |PUSH 1 ; /Arg1 = 00000001
0041E579 |. B9 181B4B00 |MOV ECX,WaGan.004B1B18 ; |
0041E57E |. E8 BD4DFEFF |CALL WaGan.00403340 ; \WaGan.00403340 //单挑开始的那个函数里也有这个画图的。
0041E583 |. E8 58DF0000 |CALL WaGan.0042C4E0 //单挑开始的那个函数里也有这个画图的
0041E588 |>^ E9 CFFEFFFF \JMP WaGan.0041E45C
0041E58D |> 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0041E590 |. 83C1 1E ADD ECX,1E
0041E593 |. 51 PUSH ECX
0041E594 |. 68 EC000000 PUSH 0EC
0041E599 |. 6A 0A PUSH 0A
0041E59B |. E8 C7020600 CALL WaGan.0047E867 绘图
0041E5A0 |. 83C4 0C ADD ESP,0C
0041E5A3 |. 6A 03 PUSH 3 ; /Arg1 = 00000003
0041E5A5 |. B9 181B4B00 MOV ECX,WaGan.004B1B18 ; |
0041E5AA |. E8 914DFEFF CALL WaGan.00403340 ; \WaGan.00403340
0041E5AF |. E8 2CDF0000 CALL WaGan.0042C4E0
0041E5B4 |. B9 986A4B00 MOV ECX,WaGan.004B6A98 ; ASCII "XvH"
0041E5B9 |. E8 87790500 CALL WaGan.00475F45
0041E5BE |. 8BE5 MOV ESP,EBP
0041E5C0 |. 5D POP EBP
0041E5C1 \. C3 RETN
0047E867 /$ 55 PUSH EBP
0047E868 |. 8BEC MOV EBP,ESP
0047E86A |. 51 PUSH ECX
0047E86B |. 51 PUSH ECX
0047E86C |. A1 44D04B00 MOV EAX,DWORD PTR DS:[4BD044]
0047E871 |. 53 PUSH EBX
0047E872 |. C1E0 02 SHL EAX,2
0047E875 |. 56 PUSH ESI
0047E876 |. 8B75 10 MOV ESI,DWORD PTR SS:[EBP+10]
0047E879 |. 83B8 B8884B00>CMP DWORD PTR DS:[EAX+4B88B8],>
0047E880 |. 57 PUSH EDI
0047E881 |. 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+8]
0047E884 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0047E887 |. 74 03 JE SHORT WaGan.0047E88C
0047E889 |. 83C7 10 ADD EDI,10
0047E88C |> 83FF 0A CMP EDI,0A
0047E88F |. 7D 12 JGE SHORT WaGan.0047E8A3
0047E891 |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
0047E894 |. 2BF7 SUB ESI,EDI
0047E896 |. 6A 0A PUSH 0A
0047E898 |. 83C6 0A ADD ESI,0A
0047E89B |. 8D4C39 F6 LEA ECX,DWORD PTR DS:[ECX+EDI->
0047E89F |. 5F POP EDI
0047E8A0 |. 894D 0C MOV DWORD PTR SS:[EBP+C],ECX
0047E8A3 |> 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
0047E8A6 |. 8D1439 LEA EDX,DWORD PTR DS:[ECX+EDI]
0047E8A9 |. B9 F6000000 MOV ECX,0F6
0047E8AE |. 3BD1 CMP EDX,ECX
0047E8B0 |. 7C 05 JL SHORT WaGan.0047E8B7
0047E8B2 |. 2BCF SUB ECX,EDI
0047E8B4 |. 894D 0C MOV DWORD PTR SS:[EBP+C],ECX
0047E8B7 |> 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
0047E8BA |. 897D 08 MOV DWORD PTR SS:[EBP+8],EDI
0047E8BD |. 03CF ADD ECX,EDI
0047E8BF |. 3BF9 CMP EDI,ECX
0047E8C1 |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
0047E8C4 |. 7D 69 JGE SHORT WaGan.0047E92F
0047E8C6 |. 8D0CBD 119E4B>LEA ECX,DWORD PTR DS:[EDI*4+4B>
0047E8CD |. 8D1CBD 4A954B>LEA EBX,DWORD PTR DS:[EDI*4+4B>
0047E8D4 |. 894D 10 MOV DWORD PTR SS:[EBP+10],ECX
0047E8D7 |> 8A16 /MOV DL,BYTE PTR DS:[ESI]
0047E8D9 |. 8B88 28A24B00 |MOV ECX,DWORD PTR DS:[EAX+4BA>
0047E8DF |. 8B45 08 |MOV EAX,DWORD PTR SS:[EBP+8]
0047E8E2 |. D2E2 |SHL DL,CL
0047E8E4 |. C1E0 02 |SHL EAX,2
0047E8E7 |. 46 |INC ESI
0047E8E8 |. 8890 48954B00 |MOV BYTE PTR DS:[EAX+4B9548],>
0047E8EE |. 8890 129E4B00 |MOV BYTE PTR DS:[EAX+4B9E12],>
0047E8F4 |. 8A16 |MOV DL,BYTE PTR DS:[ESI]
0047E8F6 |. D2E2 |SHL DL,CL
0047E8F8 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
0047E8FB |. 46 |INC ESI
0047E8FC |. 8B89 28A24B00 |MOV ECX,DWORD PTR DS:[ECX+4BA>
0047E902 |. 8813 |MOV BYTE PTR DS:[EBX],DL
0047E904 |. 8890 109E4B00 |MOV BYTE PTR DS:[EAX+4B9E10],>
0047E90A |. 8A16 |MOV DL,BYTE PTR DS:[ESI]
0047E90C |. 83C3 04 |ADD EBX,4
0047E90F |. D2E2 |SHL DL,CL
0047E911 |. 46 |INC ESI
0047E912 |. FF45 08 |INC DWORD PTR SS:[EBP+8]
0047E915 |. 8890 49954B00 |MOV BYTE PTR DS:[EAX+4B9549],>
0047E91B |. 8B45 10 |MOV EAX,DWORD PTR SS:[EBP+10]
0047E91E |. 8345 10 04 |ADD DWORD PTR SS:[EBP+10],4
0047E922 |. 8810 |MOV BYTE PTR DS:[EAX],DL
0047E924 |. 8B45 08 |MOV EAX,DWORD PTR SS:[EBP+8]
0047E927 |. 3B45 F8 |CMP EAX,DWORD PTR SS:[EBP-8]
0047E92A |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
0047E92D |.^ 7C A8 \JL SHORT WaGan.0047E8D7
0047E92F |> 33F6 XOR ESI,ESI
0047E931 |. 3935 B07D4B00 CMP DWORD PTR DS:[4B7DB0],ESI
0047E937 |. 74 35 JE SHORT WaGan.0047E96E
0047E939 |. 33DB XOR EBX,EBX
0047E93B |. 3935 28C04B00 CMP DWORD PTR DS:[4BC028],ESI
0047E941 |. 7E 50 JLE SHORT WaGan.0047E993
0047E943 |. C745 08 48994>MOV DWORD PTR SS:[EBP+8],WaGan>
0047E94A |> 8B45 08 /MOV EAX,DWORD PTR SS:[EBP+8]
0047E94D |. 68 48954B00 |PUSH WaGan.004B9548
0047E952 |. 68 00010000 |PUSH 100
0047E957 |. 56 |PUSH ESI
0047E958 |. FF30 |PUSH DWORD PTR DS:[EAX]
0047E95A |. E8 A30A0000 |CALL WaGan.0047F402
0047E95F |. 8345 08 04 |ADD DWORD PTR SS:[EBP+8],4
0047E963 |. 43 |INC EBX
0047E964 |. 3B1D 28C04B00 |CMP EBX,DWORD PTR DS:[4BC028]
0047E96A |.^ 7C DE \JL SHORT WaGan.0047E94A
0047E96C |. EB 25 JMP SHORT WaGan.0047E993
0047E96E |> 56 PUSH ESI ; /ForceBackground
0047E96F |. FF35 DC8B4B00 PUSH DWORD PTR DS:[4B8BDC] ; |hPalette = NULL
0047E975 |. FFB0 48994B00 PUSH DWORD PTR DS:[EAX+4B9948] ; |hDC
0047E97B |. FF15 50604800 CALL DWORD PTR DS:[<&GDI32.Sel>; \SelectPalette
0047E981 |. A1 44D04B00 MOV EAX,DWORD PTR DS:[4BD044]
0047E986 |. FF3485 48994B>PUSH DWORD PTR DS:[EAX*4+4B994>; /hDC
0047E98D |. FF15 4C604800 CALL DWORD PTR DS:[<&GDI32.Rea>; \RealizePalette
0047E993 |> 8D04BD 109E4B>LEA EAX,DWORD PTR DS:[EDI*4+4B>
0047E99A |. 50 PUSH EAX ; /pReplacement
0047E99B |. FF75 0C PUSH DWORD PTR SS:[EBP+C] ; |nEntries
0047E99E |. 57 PUSH EDI ; |StartIndex
0047E99F |. FF35 DC8B4B00 PUSH DWORD PTR DS:[4B8BDC] ; |hPalette = NULL
0047E9A5 |. FF15 B4604800 CALL DWORD PTR DS:[<&GDI32.Ani>; \AnimatePalette
0047E9AB |. 56 PUSH ESI ; /hWnd
0047E9AC |. FF15 98624800 CALL DWORD PTR DS:[<&USER32.Ge>; \GetDC
0047E9B2 |. 8BF8 MOV EDI,EAX
0047E9B4 |. 3BFE CMP EDI,ESI
0047E9B6 |. 74 34 JE SHORT WaGan.0047E9EC
0047E9B8 |. 6A 0C PUSH 0C ; /Index = BITSPIXEL
0047E9BA |. 57 PUSH EDI ; |hDC
0047E9BB |. FF15 3C604800 CALL DWORD PTR DS:[<&GDI32.Get>; \GetDeviceCaps
0047E9C1 |. 83F8 08 CMP EAX,8
0047E9C4 |. 7E 1E JLE SHORT WaGan.0047E9E4
0047E9C6 |. A1 44D04B00 MOV EAX,DWORD PTR DS:[4BD044]
0047E9CB |. FF3485 E09A4B>PUSH DWORD PTR DS:[EAX*4+4B9AE>
0047E9D2 |. FF3485 20924B>PUSH DWORD PTR DS:[EAX*4+4B922>
0047E9D9 |. 56 PUSH ESI
0047E9DA |. 56 PUSH ESI
0047E9DB |. 50 PUSH EAX
0047E9DC |. E8 85DFFFFF CALL WaGan.0047C966 画图
0047E9E1 |. 83C4 14 ADD ESP,14
0047E9E4 |> 57 PUSH EDI ; /hDC
0047E9E5 |. 56 PUSH ESI ; |hWnd
0047E9E6 |. FF15 9C624800 CALL DWORD PTR DS:[<&USER32.Re>; \ReleaseDC
0047E9EC |> 5F POP EDI
0047E9ED |. 5E POP ESI
0047E9EE |. 5B POP EBX
0047E9EF |. C9 LEAVE
0047E9F0 \. C3 RETN
0047E9DC 和 47EBE1处调用
0047C966 /$ 55 PUSH EBP
0047C967 |. 8BEC MOV EBP,ESP
0047C969 |. 81EC 20080000 SUB ESP,820
0047C96F |. 53 PUSH EBX
0047C970 |. 33DB XOR EBX,EBX
0047C972 |. 391D 2CC04B00 CMP DWORD PTR DS:[4BC02C],EBX
0047C978 |. 56 PUSH ESI
0047C979 |. 0F85 05010000 JNZ WaGan.0047CA84
0047C97F |. 395D 14 CMP DWORD PTR SS:[EBP+14],EBX
0047C982 |. 0F84 FC000000 JE WaGan.0047CA84
0047C988 |. 395D 18 CMP DWORD PTR SS:[EBP+18],EBX
0047C98B |. 0F84 F3000000 JE WaGan.0047CA84
0047C991 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0047C994 |. 8BF0 MOV ESI,EAX
0047C996 |. C1E6 02 SHL ESI,2
0047C999 |. 399E 48994B00 CMP DWORD PTR DS:[ESI+4B9948],EBX
0047C99F |. 0F84 DF000000 JE WaGan.0047CA84
0047C9A5 |. 391D B07D4B00 CMP DWORD PTR DS:[4B7DB0],EBX
0047C9AB |. 57 PUSH EDI
0047C9AC |. 75 6B JNZ SHORT WaGan.0047CA19
0047C9AE |. 8D85 00F8FFFF LEA EAX,DWORD PTR SS:[EBP-800]
0047C9B4 |. BF 00010000 MOV EDI,100
0047C9B9 |. 50 PUSH EAX ; /pPaletteentry
0047C9BA |. 57 PUSH EDI ; |nEntries => 100 (256.)
0047C9BB |. 53 PUSH EBX ; |StartIndex => 0
0047C9BC |. FF35 DC8B4B00 PUSH DWORD PTR DS:[4B8BDC] ; |hPalette = NULL
0047C9C2 |. FF15 A4604800 CALL DWORD PTR DS:[<&GDI32.GetPaletteEnt>; \GetPaletteEntries 获取调色版
0047C9C8 |. 33C0 XOR EAX,EAX
0047C9CA |> 8A8C05 02F8FF>/MOV CL,BYTE PTR SS:[EBP+EAX-7FE]
0047C9D1 |. 888C05 00FCFF>|MOV BYTE PTR SS:[EBP+EAX-400],CL
0047C9D8 |. 8A8C05 00F8FF>|MOV CL,BYTE PTR SS:[EBP+EAX-800]
0047C9DF |. 888C05 02FCFF>|MOV BYTE PTR SS:[EBP+EAX-3FE],CL
0047C9E6 |. 8A8C05 01F8FF>|MOV CL,BYTE PTR SS:[EBP+EAX-7FF]
0047C9ED |. 888C05 01FCFF>|MOV BYTE PTR SS:[EBP+EAX-3FF],CL
0047C9F4 |. 889C05 03FCFF>|MOV BYTE PTR SS:[EBP+EAX-3FD],BL
0047C9FB |. 83C0 04 |ADD EAX,4
0047C9FE |. 3D 00040000 |CMP EAX,400
0047CA03 |.^ 7C C5 \JL SHORT WaGan.0047C9CA
0047CA05 |. 8D85 00FCFFFF LEA EAX,DWORD PTR SS:[EBP-400]
0047CA0B |. 50 PUSH EAX
0047CA0C |. 57 PUSH EDI
0047CA0D |. 53 PUSH EBX
0047CA0E |. FFB6 48994B00 PUSH DWORD PTR DS:[ESI+4B9948]
0047CA14 |. E8 E9290000 CALL WaGan.0047F402
0047CA19 |> 8B86 20924B00 MOV EAX,DWORD PTR DS:[ESI+4B9220]
0047CA1F |. 3945 14 CMP DWORD PTR SS:[EBP+14],EAX
0047CA22 |. 7E 03 JLE SHORT WaGan.0047CA27
0047CA24 |. 8945 14 MOV DWORD PTR SS:[EBP+14],EAX
0047CA27 |> 8B86 E09A4B00 MOV EAX,DWORD PTR DS:[ESI+4B9AE0]
0047CA2D |. 3945 18 CMP DWORD PTR SS:[EBP+18],EAX
0047CA30 |. 7E 03 JLE SHORT WaGan.0047CA35
0047CA32 |. 8945 18 MOV DWORD PTR SS:[EBP+18],EAX
0047CA35 |> FFB6 80BE4B00 PUSH DWORD PTR DS:[ESI+4BBE80] ; /hWnd
0047CA3B |. FF15 98624800 CALL DWORD PTR DS:[<&USER32.GetDC>] ; \GetDC
0047CA41 |. 53 PUSH EBX ; /ForceBackground
0047CA42 |. 8BF8 MOV EDI,EAX ; |
0047CA44 |. FF35 DC8B4B00 PUSH DWORD PTR DS:[4B8BDC] ; |hPalette = NULL
0047CA4A |. 57 PUSH EDI ; |hDC
0047CA4B |. FF15 50604800 CALL DWORD PTR DS:[<&GDI32.SelectPalette>; \SelectPalette 选择
0047CA51 |. 57 PUSH EDI ; /hDC
0047CA52 |. FF15 4C604800 CALL DWORD PTR DS:[<&GDI32.RealizePalett>; \RealizePalette
0047CA58 |. FF75 10 PUSH DWORD PTR SS:[EBP+10] ; /Arg8
0047CA5B |. FF75 0C PUSH DWORD PTR SS:[EBP+C] ; |Arg7
0047CA5E |. FFB6 48994B00 PUSH DWORD PTR DS:[ESI+4B9948] ; |Arg6
0047CA64 |. FF75 18 PUSH DWORD PTR SS:[EBP+18] ; |Arg5
0047CA67 |. FF75 14 PUSH DWORD PTR SS:[EBP+14] ; |Arg4
0047CA6A |. FF75 10 PUSH DWORD PTR SS:[EBP+10] ; |Arg3
0047CA6D |. FF75 0C PUSH DWORD PTR SS:[EBP+C] ; |Arg2
0047CA70 |. 57 PUSH EDI ; |Arg1
0047CA71 |. E8 A5290000 CALL WaGan.0047F41B ; \WaGan.0047F41B
0047CA76 |. 57 PUSH EDI ; /hDC
0047CA77 |. FFB6 80BE4B00 PUSH DWORD PTR DS:[ESI+4BBE80] ; |hWnd
0047CA7D |. FF15 9C624800 CALL DWORD PTR DS:[<&USER32.ReleaseDC>] ; \ReleaseDC
0047CA83 |. 5F POP EDI
0047CA84 |> 5E POP ESI
0047CA85 |. 5B POP EBX
0047CA86 |. C9 LEAVE
0047CA87 \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:38 标题: S里处理接收鼠标消息事件函数
004541A9 /$ 55 PUSH EBP
004541AA |. 8BEC MOV EBP,ESP
004541AC |. 83EC 20 SUB ESP,20
004541AF |. 56 PUSH ESI
004541B0 |. 894D E8 MOV DWORD PTR SS:[EBP-18],ECX
004541B3 |. 33C0 XOR EAX,EAX
004541B5 |. A0 40424B00 MOV AL,BYTE PTR DS:[4B4240]
004541BA |. 83E0 01 AND EAX,1
004541BD |. 85C0 TEST EAX,EAX
004541BF |. 75 26 JNZ SHORT 雪芸.004541E7
004541C1 |. 8A0D 40424B00 MOV CL,BYTE PTR DS:[4B4240]
004541C7 |. 80C9 01 OR CL,1
004541CA |. 880D 40424B00 MOV BYTE PTR DS:[4B4240],CL
004541D0 |. B9 44424B00 MOV ECX,雪芸.004B4244
004541D5 |. E8 36B50000 CALL 雪芸.0045F710
004541DA |. 68 CE444500 PUSH 雪芸.004544CE
004541DF |. E8 1CCF0200 CALL 雪芸.00481100
004541E4 |. 83C4 04 ADD ESP,4
004541E7 |> C645 FC FF MOV BYTE PTR SS:[EBP-4],0FF
004541EB |. C645 F0 FF MOV BYTE PTR SS:[EBP-10],0FF
004541EF |. C745 F4 01000>MOV DWORD PTR SS:[EBP-C],1
004541F6 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
004541FD |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
00454200 |. E8 2DFCFFFF CALL 雪芸.00453E32
00454205 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
00454208 |. E8 9BFCFFFF CALL 雪芸.00453EA8
0045420D |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
00454210 |. E8 EEFDFFFF CALL 雪芸.00454003
00454215 |. 50 PUSH EAX ; /Arg1
00454216 |. B9 44424B00 MOV ECX,雪芸.004B4244 ; |
0045421B |. E8 8023FBFF CALL 雪芸.004065A0 ; \雪芸.004065A0
00454220 |. 68 44424B00 PUSH 雪芸.004B4244 ; /Arg1 = 004B4244
00454225 |. E8 5A16FEFF CALL 雪芸.00435884 ; \雪芸.00435884
0045422A |. 83C4 04 ADD ESP,4
0045422D |. 8845 F0 MOV BYTE PTR SS:[EBP-10],AL
00454230 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
00454233 |. 81E2 FF000000 AND EDX,0FF
00454239 |. 85D2 TEST EDX,EDX
0045423B |. 75 08 JNZ SHORT 雪芸.00454245
0045423D |. 8A45 F0 MOV AL,BYTE PTR SS:[EBP-10]
00454240 |. 8845 E7 MOV BYTE PTR SS:[EBP-19],AL
00454243 |. EB 04 JMP SHORT 雪芸.00454249
00454245 |> C645 E7 FF MOV BYTE PTR SS:[EBP-19],0FF
00454249 |> 8A4D E7 MOV CL,BYTE PTR SS:[EBP-19]
0045424C |. 884D FC MOV BYTE PTR SS:[EBP-4],CL
0045424F |. 6A 00 PUSH 0 ; /lParam = 0
00454251 |. 6A 00 PUSH 0 ; |wParam = 0
00454253 |. 68 02020000 PUSH 202 ; |Message = WM_LBUTTONUP
00454258 |. 8B15 686A4B00 MOV EDX,DWORD PTR DS:[4B6A68] ; |雪芸.004303E2
0045425E |. 52 PUSH EDX ; |hWnd => 4303E2
0045425F |. FF15 F4624800 CALL DWORD PTR DS:[<&USER32.SendMessageA>; \SendMessageA
00454265 |> E8 0183FDFF /CALL 雪芸.0042C56B
0045426A |. 83F8 01 |CMP EAX,1
0045426D |. 75 29 |JNZ SHORT 雪芸.00454298
0045426F |. E8 F782FDFF |CALL 雪芸.0042C56B
00454274 |. 83F8 01 |CMP EAX,1
00454277 |. 75 1F |JNZ SHORT 雪芸.00454298
00454279 |. 33C0 |XOR EAX,EAX
0045427B |. A0 34424B00 |MOV AL,BYTE PTR DS:[4B4234]
00454280 |. 85C0 |TEST EAX,EAX
00454282 |. 75 14 |JNZ SHORT 雪芸.00454298
00454284 |. 33C9 |XOR ECX,ECX
00454286 |. 8A0D 44424B00 |MOV CL,BYTE PTR DS:[4B4244]
0045428C |. 81F9 FF000000 |CMP ECX,0FF
00454292 |. 0F85 15020000 |JNZ 雪芸.004544AD
00454298 |> E8 27A80200 |CALL 雪芸.0047EAC4
0045429D |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18]
004542A0 |. E8 03FCFFFF |CALL 雪芸.00453EA8
004542A5 |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18]
004542A8 |. E8 5C040000 |CALL 雪芸.00454709
004542AD |. 85C0 |TEST EAX,EAX
004542AF |. 75 2A |JNZ SHORT 雪芸.004542DB
004542B1 |. B9 181B4B00 |MOV ECX,雪芸.004B1B18
004542B6 |. E8 35B5FDFF |CALL 雪芸.0042F7F0
004542BB |. 85C0 |TEST EAX,EAX
004542BD |. 74 1C |JE SHORT 雪芸.004542DB
004542BF |. B9 083D4B00 |MOV ECX,雪芸.004B3D08
004542C4 |. E8 6724FBFF |CALL 雪芸.00406730
004542C9 |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18]
004542CC |. E8 42F8FFFF |CALL 雪芸.00453B13
004542D1 |. 6A 04 |PUSH 4 ; /Arg1 = 00000004
004542D3 |. E8 F381FDFF |CALL 雪芸.0042C4CB ; \雪芸.0042C4CB
004542D8 |. 83C4 04 |ADD ESP,4
004542DB |> 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18]
004542DE |. E8 20FDFFFF |CALL 雪芸.00454003
004542E3 |. 50 |PUSH EAX ; /Arg1
004542E4 |. B9 44424B00 |MOV ECX,雪芸.004B4244 ; |
004542E9 |. E8 B222FBFF |CALL 雪芸.004065A0 ; \雪芸.004065A0
004542EE |. 68 44424B00 |PUSH 雪芸.004B4244 ; /Arg1 = 004B4244
004542F3 |. E8 8C15FEFF |CALL 雪芸.00435884 ; \雪芸.00435884
004542F8 |. 83C4 04 |ADD ESP,4
004542FB |. 8845 F0 |MOV BYTE PTR SS:[EBP-10],AL
004542FE |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00454301 |. 81E2 FF000000 |AND EDX,0FF
00454307 |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
0045430A |. 25 FF000000 |AND EAX,0FF
0045430F |. 3BD0 |CMP EDX,EAX
00454311 |. 0F84 7E010000 |JE 雪芸.00454495
00454317 |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18]
0045431A |. E8 13FBFFFF |CALL 雪芸.00453E32
0045431F |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
00454322 |. 81E1 FF000000 |AND ECX,0FF
00454328 |. 81F9 FF000000 |CMP ECX,0FF
0045432E |. 0F84 5B010000 |JE 雪芸.0045448F
00454334 |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
00454337 |. 81E1 FF000000 |AND ECX,0FF
0045433D |. 6BC9 24 |IMUL ECX,ECX,24
00454340 |. 81C1 502C4B00 |ADD ECX,雪芸.004B2C50
00454346 |. E8 4549FCFF |CALL 雪芸.00418C90
0045434B |. 25 FF000000 |AND EAX,0FF
00454350 |. 83F8 02 |CMP EAX,2
00454353 |. 0F85 36010000 |JNZ 雪芸.0045448F
00454359 |. 6A 04 |PUSH 4 ; /Arg3 = 00000004
0045435B |. 6A 00 |PUSH 0 ; |Arg2 = 00000000
0045435D |. 33D2 |XOR EDX,EDX ; |
0045435F |. 8A15 44424B00 |MOV DL,BYTE PTR DS:[4B4244] ; |
00454365 |. 33C0 |XOR EAX,EAX ; |
00454367 |. A0 45424B00 |MOV AL,BYTE PTR DS:[4B4245] ; |
0045436C |. 33C9 |XOR ECX,ECX ; |
0045436E |. 8A0D 2C424B00 |MOV CL,BYTE PTR DS:[4B422C] ; |
00454374 |. 0FAFC1 |IMUL EAX,ECX ; |
00454377 |. 8D9402 C01200>|LEA EDX,DWORD PTR DS:[EDX+EAX+12C0] ; |
0045437E |. 52 |PUSH EDX ; |Arg1
0045437F |. B9 38EB4A00 |MOV ECX,雪芸.004AEB38 ; |
00454384 |. E8 B7B60200 |CALL 雪芸.0047FA40 ; \雪芸.0047FA40
00454389 |. 33C9 |XOR ECX,ECX
0045438B |. 8A08 |MOV CL,BYTE PTR DS:[EAX]
0045438D |. 81F9 FF000000 |CMP ECX,0FF
00454393 |. 0F84 AE000000 |JE 雪芸.00454447
00454399 |. 8B55 08 |MOV EDX,DWORD PTR SS:[EBP+8]
0045439C |. 81E2 FF000000 |AND EDX,0FF
004543A2 |. 83FA 03 |CMP EDX,3
004543A5 |. 74 16 |JE SHORT 雪芸.004543BD
004543A7 |. 8B45 08 |MOV EAX,DWORD PTR SS:[EBP+8]
004543AA |. 25 FF000000 |AND EAX,0FF
004543AF |. 83F8 04 |CMP EAX,4
004543B2 |. 74 09 |JE SHORT 雪芸.004543BD
004543B4 |. C745 E0 00000>|MOV DWORD PTR SS:[EBP-20],0
004543BB |. EB 07 |JMP SHORT 雪芸.004543C4
004543BD |> C745 E0 01000>|MOV DWORD PTR SS:[EBP-20],1
004543C4 |> 8B4D E0 |MOV ECX,DWORD PTR SS:[EBP-20]
004543C7 |. 894D EC |MOV DWORD PTR SS:[EBP-14],ECX
004543CA |. 33D2 |XOR EDX,EDX
004543CC |. 8A15 D85D4B00 |MOV DL,BYTE PTR DS:[4B5DD8]
004543D2 |. 8BCA |MOV ECX,EDX
004543D4 |. 6BC9 24 |IMUL ECX,ECX,24
004543D7 |. 81C1 502C4B00 |ADD ECX,雪芸.004B2C50
004543DD |. E8 2E23FBFF |CALL 雪芸.00406710
004543E2 |. 8BF0 |MOV ESI,EAX
004543E4 |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
004543E7 |. 81E1 FF000000 |AND ECX,0FF
004543ED |. 6BC9 24 |IMUL ECX,ECX,24
004543F0 |. 81C1 502C4B00 |ADD ECX,雪芸.004B2C50
004543F6 |. E8 1523FBFF |CALL 雪芸.00406710
004543FB |. 33C9 |XOR ECX,ECX
004543FD |. 3BF0 |CMP ESI,EAX
004543FF |. 0F94C1 |SETE CL
00454402 |. 394D EC |CMP DWORD PTR SS:[EBP-14],ECX
00454405 |. 75 27 |JNZ SHORT 雪芸.0045442E
00454407 |. 8A55 0C |MOV DL,BYTE PTR SS:[EBP+C]
0045440A |. 52 |PUSH EDX ; /Arg3
0045440B |. A0 D85D4B00 |MOV AL,BYTE PTR DS:[4B5DD8] ; |
00454410 |. 50 |PUSH EAX ; |Arg2
00454411 |. 8A4D 08 |MOV CL,BYTE PTR SS:[EBP+8] ; |
00454414 |. 51 |PUSH ECX ; |Arg1
00454415 |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10] ; |
00454418 |. 81E1 FF000000 |AND ECX,0FF ; |
0045441E |. 6BC9 24 |IMUL ECX,ECX,24 ; |
00454421 |. 81C1 502C4B00 |ADD ECX,雪芸.004B2C50 ; |
00454427 |. E8 91C0FEFF |CALL 雪芸.004404BD ; \雪芸.004404BD
0045442C |. EB 17 |JMP SHORT 雪芸.00454445
0045442E |> 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
00454431 |. 81E1 FF000000 |AND ECX,0FF
00454437 |. 6BC9 24 |IMUL ECX,ECX,24
0045443A |. 81C1 502C4B00 |ADD ECX,雪芸.004B2C50
00454440 |. E8 59C0FEFF |CALL 雪芸.0044049E
00454445 |> EB 17 |JMP SHORT 雪芸.0045445E
00454447 |> 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
0045444A |. 81E1 FF000000 |AND ECX,0FF
00454450 |. 6BC9 24 |IMUL ECX,ECX,24
00454453 |. 81C1 502C4B00 |ADD ECX,雪芸.004B2C50
00454459 |. E8 40C0FEFF |CALL 雪芸.0044049E
0045445E |> 8B15 08754B00 |MOV EDX,DWORD PTR DS:[4B7508]
00454464 |. 52 |PUSH EDX ; /hWnd => 00080476 ('武将情报',class='#32770',parent=004303E2)
00454465 |. FF15 C8624800 |CALL DWORD PTR DS:[<&USER32.IsWindowVis>; \IsWindowVisible
0045446B |. 85C0 |TEST EAX,EAX
0045446D |. 74 20 |JE SHORT 雪芸.0045448F
0045446F |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
00454472 |. 81E1 FF000000 |AND ECX,0FF
00454478 |. 6BC9 24 |IMUL ECX,ECX,24
0045447B |. 81C1 502C4B00 |ADD ECX,雪芸.004B2C50
00454481 |. E8 EAB10000 |CALL 雪芸.0045F670
00454486 |. 50 |PUSH EAX ; /Arg1
00454487 |. E8 09530200 |CALL 雪芸.00479795 ; \雪芸.00479795
0045448C |. 83C4 04 |ADD ESP,4
0045448F |> 8A45 F0 |MOV AL,BYTE PTR SS:[EBP-10]
00454492 |. 8845 FC |MOV BYTE PTR SS:[EBP-4],AL
00454495 |> E8 D180FDFF |CALL 雪芸.0042C56B
0045449A |. 83F8 02 |CMP EAX,2
0045449D |. 75 09 |JNZ SHORT 雪芸.004544A8
0045449F |. C745 F4 00000>|MOV DWORD PTR SS:[EBP-C],0
004544A6 |. EB 05 |JMP SHORT 雪芸.004544AD
004544A8 |>^ E9 B8FDFFFF \JMP 雪芸.00454265
004544AD |> 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004544B0 |. E8 7DF9FFFF CALL 雪芸.00453E32
004544B5 |. 837D F4 00 CMP DWORD PTR SS:[EBP-C],0
004544B9 |. 75 07 JNZ SHORT 雪芸.004544C2
004544BB |. C605 44424B00>MOV BYTE PTR DS:[4B4244],0FF
004544C2 |> B8 44424B00 MOV EAX,雪芸.004B4244
004544C7 |. 5E POP ESI
004544C8 |. 8BE5 MOV ESP,EBP
004544CA |. 5D POP EBP
004544CB \. C2 0800 RETN 8
0047EAC4 /$ 55 PUSH EBP
0047EAC5 |. 8BEC MOV EBP,ESP
0047EAC7 |. 83EC 1C SUB ESP,1C
0047EACA |. 33C0 XOR EAX,EAX
0047EACC |. 6A 01 PUSH 1 ; /RemoveMsg = PM_REMOVE
0047EACE |. 50 PUSH EAX ; |MsgFilterMax => WM_NULL
0047EACF |. 50 PUSH EAX ; |MsgFilterMin => WM_NULL
0047EAD0 |. 50 PUSH EAX ; |hWnd => NULL
0047EAD1 |. 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C] ; |
0047EAD4 |. 50 PUSH EAX ; |pMsg
0047EAD5 |. FF15 AC624800 CALL DWORD PTR DS:[<&USER32.PeekMessageA>; \PeekMessageA
0047EADB |. 85C0 TEST EAX,EAX
0047EADD |. 74 14 JE SHORT 雪芸.0047EAF3
0047EADF |. 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
0047EAE2 |. 50 PUSH EAX ; /pMsg
0047EAE3 |. FF15 10634800 CALL DWORD PTR DS:[<&USER32.TranslateMes>; \TranslateMessage
0047EAE9 |. 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
0047EAEC |. 50 PUSH EAX ; /pMsg
0047EAED |. FF15 14634800 CALL DWORD PTR DS:[<&USER32.DispatchMess>; \DispatchMessageA
0047EAF3 |> C9 LEAVE
0047EAF4 \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:38 标题: R剧本Game Over
410b14004158AF42b5f0
004158AF /$ 55 PUSH EBP
004158B0 |. 8BEC MOV EBP,ESP
004158B2 |. 51 PUSH ECX
004158B3 |. 6A 12 PUSH 12 ; /Arg1 = 00000012
004158B5 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
004158B8 |. E8 3A2B0000 CALL Ekd5.004183F7 ; \Ekd5.004183F7
004158BD |. 66:8945 FC MOV WORD PTR SS:[EBP-4],AX
004158C1 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004158C4 |. 25 FFFF0000 AND EAX,0FFFF
004158C9 |. 3D 00800000 CMP EAX,8000
004158CE |. 75 07 JNZ SHORT Ekd5.004158D7
004158D0 |. B8 05000000 MOV EAX,5
004158D5 |. EB 32 JMP SHORT Ekd5.00415909
004158D7 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004158DA |. 81E1 FFFF0000 AND ECX,0FFFF
004158E0 |. 83F9 02 CMP ECX,2
004158E3 |. 7F 0E JG SHORT Ekd5.004158F3
004158E5 |. 6A 01 PUSH 1 ; /Arg2 = 00000001
004158E7 |. 8A55 FC MOV DL,BYTE PTR SS:[EBP-4] ; |
004158EA |. 52 PUSH EDX ; |Arg1
004158EB |. E8 C0480000 CALL Ekd5.0041A1B0 ; \Ekd5.0041A1B0
004158F0 |. 83C4 08 ADD ESP,8
004158F3 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004158F6 |. 25 FFFF0000 AND EAX,0FFFF
004158FB |. 50 PUSH EAX ; /Arg1
004158FC |. E8 C55E0100 CALL Ekd5.0042B7C6 ; \Ekd5.0042B7C6
00415901 |. 83C4 04 ADD ESP,4
00415904 |. B8 01000000 MOV EAX,1
00415909 |> 8BE5 MOV ESP,EBP
0041590B |. 5D POP EBP
0041590C \. C3 RETN
0042B7C6 /$ 55 PUSH EBP
0042B7C7 |. 8BEC MOV EBP,ESP
0042B7C9 |. E8 A2B00400 CALL Ekd5.00476870
0042B7CE |. E8 AFB00400 CALL Ekd5.00476882
0042B7D3 |. B9 B0694B00 MOV ECX,Ekd5.004B69B0
0042B7D8 |. E8 758E0400 CALL Ekd5.00474652
0042B7DD |. B9 B8694B00 MOV ECX,Ekd5.004B69B8
0042B7E2 |. E8 328E0400 CALL Ekd5.00474619
0042B7E7 |. E8 140E0000 CALL Ekd5.0042C600
0042B7EC |. E8 9E2EFFFF CALL Ekd5.0041E68F
0042B7F1 |. 6A 00 PUSH 0 ; /Arg5 = 00000000
0042B7F3 |. 6A 00 PUSH 0 ; |Arg4 = 00000000
0042B7F5 |. 6A 00 PUSH 0 ; |Arg3 = 00000000
0042B7F7 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
0042B7F9 |. 6A 02 PUSH 2 ; |Arg1 = 00000002
0042B7FB |. E8 6240FFFF CALL Ekd5.0041F862 ; \Ekd5.0041F862
0042B800 |. 83C4 14 ADD ESP,14
0042B803 |. 8A45 08 MOV AL,BYTE PTR SS:[EBP+8]
0042B806 |. 50 PUSH EAX ; /Arg1
0042B807 |. E8 845A0000 CALL Ekd5.00431290 ; \Ekd5.00431290
0042B80C |. 83C4 04 ADD ESP,4
0042B80F |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0042B811 |. E8 DAFDFFFF CALL Ekd5.0042B5F0 ; \Ekd5.0042B5F0
0042B816 |. 83C4 04 ADD ESP,4
0042B819 |. 5D POP EBP
0042B81A \. C3 RETN
0042B5F0 /$ 55 PUSH EBP
0042B5F1 |. 8BEC MOV EBP,ESP
0042B5F3 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0042B5F5 |. B9 986A4B00 MOV ECX,Ekd5.004B6A98 ; |
0042B5FA |. E8 68A80400 CALL Ekd5.00475E67 ; \Ekd5.00475E67
0042B5FF |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0042B601 |. B9 C06B4B00 MOV ECX,Ekd5.004B6BC0 ; |
0042B606 |. E8 6BAB0400 CALL Ekd5.00476176 ; \Ekd5.00476176
0042B60B |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0042B60D |. E8 AAA30400 CALL Ekd5.004759BC ; \Ekd5.004759BC
0042B612 |. 83C4 04 ADD ESP,4
0042B615 |. B9 386F4900 MOV ECX,Ekd5.00496F38
0042B61A |. E8 A1EAFEFF CALL Ekd5.0041A0C0
0042B61F |. E8 9E2FFFFF CALL Ekd5.0041E5C2
0042B624 |. E8 F902FEFF CALL Ekd5.0040B922
0042B629 |. 85C0 TEST EAX,EAX
0042B62B |. 74 05 JE SHORT Ekd5.0042B632
0042B62D |. E8 86AE0400 CALL Ekd5.004764B8
0042B632 |> B9 386F4900 MOV ECX,Ekd5.00496F38
0042B637 |. E8 A6E9FEFF CALL Ekd5.00419FE2
0042B63C |. E8 B6FE0400 CALL Ekd5.0047B4F7
0042B641 |. E8 B9510300 CALL Ekd5.004607FF
0042B646 |. B9 B8694B00 MOV ECX,Ekd5.004B69B8
0042B64B |. E8 C98F0400 CALL Ekd5.00474619
0042B650 |. B9 B8694B00 MOV ECX,Ekd5.004B69B8
0042B655 |. E8 E58D0400 CALL Ekd5.0047443F
0042B65A |. B9 B0694B00 MOV ECX,Ekd5.004B69B0
0042B65F |. E8 EE8F0400 CALL Ekd5.00474652
0042B664 |. A1 686A4B00 MOV EAX,DWORD PTR DS:[4B6A68]
0042B669 |. 50 PUSH EAX ; /Arg1 => 00000000
0042B66A |. E8 9E41FFFF CALL Ekd5.0041F80D ; \Ekd5.0041F80D
0042B66F |. 83C4 04 ADD ESP,4
0042B672 |. 837D 08 00 CMP DWORD PTR SS:[EBP+8],0
0042B676 |. 74 05 JE SHORT Ekd5.0042B67D
0042B678 |. E8 35000000 CALL Ekd5.0042B6B2
0042B67D |> E8 FBFEFFFF CALL Ekd5.0042B57D
0042B682 |. 68 E7030000 PUSH 3E7 ; /TimerID = 3E7 (999.)
0042B687 |. 8B0D 686A4B00 MOV ECX,DWORD PTR DS:[4B6A68] ; |
0042B68D |. 51 PUSH ECX ; |hWnd => NULL
0042B68E |. FF15 50624800 CALL DWORD PTR DS:[<&USER32.KillTimer>] ; \KillTimer
0042B694 |. E8 6E1A0500 CALL Ekd5.0047D107
0042B699 |. 8B15 686A4B00 MOV EDX,DWORD PTR DS:[4B6A68]
0042B69F |. 52 PUSH EDX ; /hWnd => NULL
0042B6A0 |. FF15 54624800 CALL DWORD PTR DS:[<&USER32.DestroyWindow>] ; \DestroyWindow
0042B6A6 |. 6A 00 PUSH 0
0042B6A8 |. E8 835F0500 CALL Ekd5.00481630
0042B6AD |. 83C4 04 ADD ESP,4
0042B6B0 |. 5D POP EBP
0042B6B1 \. C3 RETN
00481630 /$ 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
00481634 |. 6A 00 PUSH 0
00481636 |. 6A 00 PUSH 0
00481638 |. 50 PUSH EAX
00481639 |. E8 32000000 CALL Ekd5.00481670
0048163E |. 83C4 0C ADD ESP,0C
00481641 \. C3 RETN
00481670 /$ A1 94CC4B00 MOV EAX,DWORD PTR DS:[4BCC94]
00481675 |. 53 PUSH EBX
00481676 |. 55 PUSH EBP
00481677 |. 8B6C24 0C MOV EBP,DWORD PTR SS:[ESP+C]
0048167B |. 83F8 01 CMP EAX,1
0048167E |. 56 PUSH ESI
0048167F |. 75 0E JNZ SHORT Ekd5.0048168F
00481681 |. 55 PUSH EBP ; /ExitCode
00481682 |. FF15 B0614800 CALL DWORD PTR DS:[<&KERNEL32.GetCurrentProcess>] ; |[GetCurrentProcess
00481688 |. 50 PUSH EAX ; |hProcess
00481689 |. FF15 B4614800 CALL DWORD PTR DS:[<&KERNEL32.TerminateProcess>] ; \TerminateProcess
0048168F |> 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
00481693 |. 8B5C24 18 MOV EBX,DWORD PTR SS:[ESP+18]
00481697 |. 85C0 TEST EAX,EAX
00481699 |. C705 90CC4B00>MOV DWORD PTR DS:[4BCC90],1
004816A3 |. 881D 8CCC4B00 MOV BYTE PTR DS:[4BCC8C],BL
004816A9 |. 75 3E JNZ SHORT Ekd5.004816E9
004816AB |. 8B0D 90D84B00 MOV ECX,DWORD PTR DS:[4BD890]
004816B1 |. 85C9 TEST ECX,ECX
004816B3 |. 74 22 JE SHORT Ekd5.004816D7
004816B5 |. 8B35 8CD84B00 MOV ESI,DWORD PTR DS:[4BD88C]
004816BB |. 83EE 04 SUB ESI,4
004816BE |. 3BF1 CMP ESI,ECX
004816C0 |. 72 15 JB SHORT Ekd5.004816D7
004816C2 |> 8B06 /MOV EAX,DWORD PTR DS:[ESI]
004816C4 |. 85C0 |TEST EAX,EAX
004816C6 |. 74 08 |JE SHORT Ekd5.004816D0
004816C8 |. FFD0 |CALL EAX
004816CA |. 8B0D 90D84B00 |MOV ECX,DWORD PTR DS:[4BD890]
004816D0 |> 83EE 04 |SUB ESI,4
004816D3 |. 3BF1 |CMP ESI,ECX
004816D5 |.^ 73 EB \JNB SHORT Ekd5.004816C2
004816D7 |> 68 34B14800 PUSH Ekd5.0048B134
004816DC |. 68 30B14800 PUSH Ekd5.0048B130
004816E1 |. E8 3A000000 CALL Ekd5.00481720
004816E6 |. 83C4 08 ADD ESP,8
004816E9 |> 68 40B14800 PUSH Ekd5.0048B140
004816EE |. 68 38B14800 PUSH Ekd5.0048B138
004816F3 |. E8 28000000 CALL Ekd5.00481720
004816F8 |. 83C4 08 ADD ESP,8
004816FB |. 85DB TEST EBX,EBX
004816FD |. 75 11 JNZ SHORT Ekd5.00481710
004816FF |. 55 PUSH EBP ; /ExitCode
00481700 |. C705 94CC4B00>MOV DWORD PTR DS:[4BCC94],1 ; |
0048170A |. FF15 C0614800 CALL DWORD PTR DS:[<&KERNEL32.ExitProcess>] ; \ExitProcess
00481710 |> 5E POP ESI
00481711 |. 5D POP EBP
00481712 |. 5B POP EBX
00481713 \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:39 标题: AI
00438308 /$ 55 PUSH EBP
00438309 |. 8BEC MOV EBP,ESP
0043830B |. 83EC 68 SUB ESP,68
0043830E |. 53 PUSH EBX
0043830F |. 56 PUSH ESI
00438310 |. 894D 98 MOV DWORD PTR SS:[EBP-68],ECX
00438313 |. 6A 04 PUSH 4 ; /Arg3 = 00000004
00438315 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
00438317 |. 6A 00 PUSH 0 ; |Arg1 = 00000000
00438319 |. B9 38EB4A00 MOV ECX,WaGan.004AEB38 ; |
0043831E |. E8 1D770400 CALL WaGan.0047FA40 ; \WaGan.0047FA40
00438323 |. 05 C0120000 ADD EAX,12C0
00438328 |. 8945 B4 MOV DWORD PTR SS:[EBP-4C],EAX
0043832B |. 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
0043832E |. E8 DD730200 CALL WaGan.0045F710
00438333 |. 8D4D B8 LEA ECX,DWORD PTR SS:[EBP-48]
00438336 |. E8 D5730200 CALL WaGan.0045F710
0043833B |. 8A45 18 MOV AL,BYTE PTR SS:[EBP+18]
0043833E |. 50 PUSH EAX ; /Arg2
0043833F |. 8A4D 14 MOV CL,BYTE PTR SS:[EBP+14] ; |
00438342 |. 51 PUSH ECX ; |Arg1
00438343 |. 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14] ; |
00438346 |. E8 8509FEFF CALL WaGan.00418CD0 ; \WaGan.00418CD0
0043834B |. 8B4D 98 MOV ECX,DWORD PTR SS:[EBP-68]
0043834E |. E8 BDE3FCFF CALL WaGan.00406710
00438353 |. 8845 C0 MOV BYTE PTR SS:[EBP-40],AL
00438356 |. C645 BC FF MOV BYTE PTR SS:[EBP-44],0FF
0043835A |. C645 FC FF MOV BYTE PTR SS:[EBP-4],0FF
0043835E |. C645 F0 FF MOV BYTE PTR SS:[EBP-10],0FF
00438362 |. C745 E8 01000>MOV DWORD PTR SS:[EBP-18],1
00438369 |. 68 80000000 PUSH 80 ; /Arg1 = 00000080
0043836E |. 8B4D 98 MOV ECX,DWORD PTR SS:[EBP-68] ; |
00438371 |. E8 7AD7FEFF CALL WaGan.00425AF0 ; \WaGan.00425AF0
00438376 |. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
00438379 |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
0043837C |. 52 PUSH EDX ; /Arg2
0043837D |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; |
00438380 |. 50 PUSH EAX ; |Arg1
00438381 |. E8 9A300000 CALL WaGan.0043B420 ; \WaGan.0043B420
00438386 |. 83C4 08 ADD ESP,8
00438389 |. 85C0 TEST EAX,EAX
0043838B |. 74 07 JE SHORT WaGan.00438394
0043838D |. 0C FF OR AL,0FF
0043838F |. E9 C9050000 JMP WaGan.0043895D
00438394 |> 68 FF000000 PUSH 0FF ; /Arg3 = 000000FF
00438399 |. 33C9 XOR ECX,ECX ; |
0043839B |. 8A0D 2C424B00 MOV CL,BYTE PTR DS:[4B422C] ; | 最大横坐标
004383A1 |. 33D2 XOR EDX,EDX ; |
004383A3 |. 8A15 2D424B00 MOV DL,BYTE PTR DS:[4B422D] ; | 最大纵坐标
004383A9 |. 0FAFCA IMUL ECX,EDX ; |
004383AC |. 51 PUSH ECX ; |Arg2
004383AD |. 8B45 B4 MOV EAX,DWORD PTR SS:[EBP-4C] ; |
004383B0 |. 50 PUSH EAX ; |Arg1
004383B1 |. E8 5D790400 CALL WaGan.0047FD13 ; \WaGan.0047FD13
004383B6 |. 83C4 0C ADD ESP,0C
004383B9 |. 6A 04 PUSH 4 ; /Arg3 = 00000004
004383BB |. 6A 00 PUSH 0 ; |Arg2 = 00000000
004383BD |. 6A 00 PUSH 0 ; |Arg1 = 00000000
004383BF |. B9 38EB4A00 MOV ECX,WaGan.004AEB38 ; |
004383C4 |. E8 77760400 CALL WaGan.0047FA40 ; \WaGan.0047FA40
004383C9 |. C680 00190000>MOV BYTE PTR DS:[EAX+1900],0FF
004383D0 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
004383D3 |. 33D2 XOR EDX,EDX
004383D5 |. 8A11 MOV DL,BYTE PTR DS:[ECX]
004383D7 |. 8B45 B4 MOV EAX,DWORD PTR SS:[EBP-4C]
004383DA |. 03C2 ADD EAX,EDX
004383DC |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
004383DF |. 33D2 XOR EDX,EDX
004383E1 |. 8A51 01 MOV DL,BYTE PTR DS:[ECX+1]
004383E4 |. 33C9 XOR ECX,ECX
004383E6 |. 8A0D 2C424B00 MOV CL,BYTE PTR DS:[4B422C]
004383EC |. 0FAFD1 IMUL EDX,ECX
004383EF |. C60410 00 MOV BYTE PTR DS:[EAX+EDX],0
004383F3 |. 8B55 10 MOV EDX,DWORD PTR SS:[EBP+10]
004383F6 |. 81E2 FF000000 AND EDX,0FF
004383FC |. 83E2 04 AND EDX,4
004383FF |. 85D2 TEST EDX,EDX
00438401 |. 0F84 12010000 JE WaGan.00438519
00438407 |. C605 4C2C4B00>MOV BYTE PTR DS:[4B2C4C],0
0043840E |. C605 282C4B00>MOV BYTE PTR DS:[4B2C28],0FF
00438415 |. C605 202C4B00>MOV BYTE PTR DS:[4B2C20],0FF
0043841C |. C605 442C4B00>MOV BYTE PTR DS:[4B2C44],0FF
00438423 |. 8B45 98 MOV EAX,DWORD PTR SS:[EBP-68]
00438426 |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
00438428 |. 6BC9 48 IMUL ECX,ECX,48
0043842B |. 81C1 0000D600 ADD ECX,0D60000
00438431 |. 894D A8 MOV DWORD PTR SS:[EBP-58],ECX
00438434 |. C745 B0 ACC74>MOV DWORD PTR SS:[EBP-50],WaGan.004AC7AC
0043843B |. C645 AC 00 MOV BYTE PTR SS:[EBP-54],0
0043843F |. EB 09 JMP SHORT WaGan.0043844A
00438441 |> 8A55 AC /MOV DL,BYTE PTR SS:[EBP-54]
00438444 |. 80C2 01 |ADD DL,1
00438447 |. 8855 AC |MOV BYTE PTR SS:[EBP-54],DL
0043844A |> 8B45 AC MOV EAX,DWORD PTR SS:[EBP-54]
0043844D |. 25 FF000000 |AND EAX,0FF
00438452 |. 83F8 44 |CMP EAX,44
00438455 |. 0F8D A6000000 |JGE WaGan.00438501
0043845B |. 8B4D A8 |MOV ECX,DWORD PTR SS:[EBP-58]
0043845E |. E8 ADE1FCFF |CALL WaGan.00406610
00438463 |. 25 FF000000 |AND EAX,0FF
00438468 |. 50 |PUSH EAX ; /Arg1
00438469 |. 8B4D AC |MOV ECX,DWORD PTR SS:[EBP-54] ; |
0043846C |. 81E1 FF000000 |AND ECX,0FF ; |
00438472 |. 6BC9 46 |IMUL ECX,ECX,46 ; |
00438475 |. 81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0 ; |
0043847B |. E8 0011FDFF |CALL WaGan.00409580 ; \WaGan.00409580
00438480 |. 25 FF000000 |AND EAX,0FF
00438485 |. 85C0 |TEST EAX,EAX
00438487 |. 74 73 |JE SHORT WaGan.004384FC
00438489 |. 8B4D A8 |MOV ECX,DWORD PTR SS:[EBP-58]
0043848C |. E8 7FE1FCFF |CALL WaGan.00406610
00438491 |. 25 FF000000 |AND EAX,0FF
00438496 |. 50 |PUSH EAX ; /Arg1
00438497 |. 8B4D AC |MOV ECX,DWORD PTR SS:[EBP-54] ; |
0043849A |. 81E1 FF000000 |AND ECX,0FF ; |
004384A0 |. 6BC9 46 |IMUL ECX,ECX,46 ; |
004384A3 |. 81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0 ; |
004384A9 |. E8 D210FDFF |CALL WaGan.00409580 ; \WaGan.00409580
004384AE |. 8AD8 |MOV BL,AL
004384B0 |. 81E3 FF000000 |AND EBX,0FF
004384B6 |. 8B4D A8 |MOV ECX,DWORD PTR SS:[EBP-58]
004384B9 |. E8 12E1FCFF |CALL WaGan.004065D0
004384BE |. 25 FF000000 |AND EAX,0FF
004384C3 |. 3BD8 |CMP EBX,EAX
004384C5 |. 7F 35 |JG SHORT WaGan.004384FC
004384C7 |. 8B4D AC |MOV ECX,DWORD PTR SS:[EBP-54]
004384CA |. 81E1 FF000000 |AND ECX,0FF
004384D0 |. 6BC9 46 |IMUL ECX,ECX,46
004384D3 |. 81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0
004384D9 |. E8 F2D5FEFF |CALL WaGan.00425AD0
004384DE |. 25 FF000000 |AND EAX,0FF
004384E3 |. 8B4D 98 |MOV ECX,DWORD PTR SS:[EBP-68]
004384E6 |. 3941 14 |CMP DWORD PTR DS:[ECX+14],EAX
004384E9 |. 72 11 |JB SHORT WaGan.004384FC
004384EB |. 8B55 B0 |MOV EDX,DWORD PTR SS:[EBP-50]
004384EE |. 8A45 AC |MOV AL,BYTE PTR SS:[EBP-54]
004384F1 |. 8802 |MOV BYTE PTR DS:[EDX],AL
004384F3 |. 8B4D B0 |MOV ECX,DWORD PTR SS:[EBP-50]
004384F6 |. 83C1 01 |ADD ECX,1
004384F9 |. 894D B0 |MOV DWORD PTR SS:[EBP-50],ECX
004384FC |>^ E9 40FFFFFF \JMP WaGan.00438441
00438501 |> 8B55 B0 MOV EDX,DWORD PTR SS:[EBP-50]
00438504 |. C602 FF MOV BYTE PTR DS:[EDX],0FF
00438507 |. 837D F4 00 CMP DWORD PTR SS:[EBP-C],0
0043850B |. 75 0C JNZ SHORT WaGan.00438519
0043850D |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00438510 |. 50 PUSH EAX ; /Arg1
00438511 |. 8B4D 98 MOV ECX,DWORD PTR SS:[EBP-68] ; |
00438514 |. E8 10200000 CALL WaGan.0043A529 ; \WaGan.0043A529
00438519 |> 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0043851C |. 51 PUSH ECX ; /Arg1
0043851D |. E8 6FD4FFFF CALL WaGan.00435991 ; \WaGan.00435991
00438522 |. 83C4 04 ADD ESP,4
00438525 |. 8845 C8 MOV BYTE PTR SS:[EBP-38],AL
00438528 |. 8A55 C8 MOV DL,BYTE PTR SS:[EBP-38]
0043852B |. 52 PUSH EDX ; /Arg1
0043852C |. 8B4D 98 MOV ECX,DWORD PTR SS:[EBP-68] ; |
0043852F |. E8 9B720000 CALL WaGan.0043F7CF ; \WaGan.0043F7CF
00438534 |. 25 FF000000 AND EAX,0FF
00438539 |. 3D FF000000 CMP EAX,0FF
0043853E |. 75 07 JNZ SHORT WaGan.00438547
00438540 |. 0C FF OR AL,0FF
00438542 |. E9 16040000 JMP WaGan.0043895D
00438547 |> C645 E0 00 MOV BYTE PTR SS:[EBP-20],0
0043854B |. EB 06 JMP SHORT WaGan.00438553
0043854D |> 8A45 BC /MOV AL,BYTE PTR SS:[EBP-44]
00438550 |. 8845 E0 |MOV BYTE PTR SS:[EBP-20],AL
00438553 |> 837D E8 00 CMP DWORD PTR SS:[EBP-18],0
00438557 |. 0F84 FE030000 |JE WaGan.0043895B
0043855D |. 8B4D E0 |MOV ECX,DWORD PTR SS:[EBP-20]
00438560 |. 81E1 FF000000 |AND ECX,0FF
00438566 |. 8B55 0C |MOV EDX,DWORD PTR SS:[EBP+C]
00438569 |. 81E2 FF000000 |AND EDX,0FF
0043856F |. 3BCA |CMP ECX,EDX
00438571 |. 0F8D E4030000 |JGE WaGan.0043895B
00438577 |. C745 E8 00000>|MOV DWORD PTR SS:[EBP-18],0
0043857E |. C645 BC FF |MOV BYTE PTR SS:[EBP-44],0FF
00438582 |. C645 FC FF |MOV BYTE PTR SS:[EBP-4],0FF
00438586 |. C745 D0 00000>|MOV DWORD PTR SS:[EBP-30],0
0043858D |. EB 09 |JMP SHORT WaGan.00438598
0043858F |> 8B45 D0 |/MOV EAX,DWORD PTR SS:[EBP-30]
00438592 |. 83C0 01 ||ADD EAX,1
00438595 |. 8945 D0 ||MOV DWORD PTR SS:[EBP-30],EAX
00438598 |> 33C9 | XOR ECX,ECX
0043859A |. 8A0D 2D424B00 ||MOV CL,BYTE PTR DS:[4B422D]
004385A0 |. 394D D0 ||CMP DWORD PTR SS:[EBP-30],ECX
004385A3 |. 0F83 AD030000 ||JNB WaGan.00438956
004385A9 |. C745 DC 00000>||MOV DWORD PTR SS:[EBP-24],0
004385B0 |. EB 09 ||JMP SHORT WaGan.004385BB
004385B2 |> 8B55 DC ||/MOV EDX,DWORD PTR SS:[EBP-24]
004385B5 |. 83C2 01 |||ADD EDX,1
004385B8 |. 8955 DC |||MOV DWORD PTR SS:[EBP-24],EDX
004385BB |> 33C0 || XOR EAX,EAX
004385BD |. A0 2C424B00 |||MOV AL,BYTE PTR DS:[4B422C]
004385C2 |. 3945 DC |||CMP DWORD PTR SS:[EBP-24],EAX
004385C5 |. 0F83 45030000 |||JNB WaGan.00438910
004385CB |. 8B4D B4 |||MOV ECX,DWORD PTR SS:[EBP-4C]
004385CE |. 034D DC |||ADD ECX,DWORD PTR SS:[EBP-24]
004385D1 |. 33D2 |||XOR EDX,EDX
004385D3 |. 8A15 2C424B00 |||MOV DL,BYTE PTR DS:[4B422C]
004385D9 |. 8B45 D0 |||MOV EAX,DWORD PTR SS:[EBP-30]
004385DC |. 0FAFC2 |||IMUL EAX,EDX
004385DF |. 8A0C01 |||MOV CL,BYTE PTR DS:[ECX+EAX]
004385E2 |. 884D A4 |||MOV BYTE PTR SS:[EBP-5C],CL
004385E5 |. 8B55 A4 |||MOV EDX,DWORD PTR SS:[EBP-5C]
004385E8 |. 81E2 FF000000 |||AND EDX,0FF
004385EE |. 8B45 E0 |||MOV EAX,DWORD PTR SS:[EBP-20]
004385F1 |. 25 FF000000 |||AND EAX,0FF
004385F6 |. 3BD0 |||CMP EDX,EAX
004385F8 |. 7E 2C |||JLE SHORT WaGan.00438626
004385FA |. 8B4D A4 |||MOV ECX,DWORD PTR SS:[EBP-5C]
004385FD |. 81E1 FF000000 |||AND ECX,0FF
00438603 |. 81F9 FF000000 |||CMP ECX,0FF
00438609 |. 74 1B |||JE SHORT WaGan.00438626
0043860B |. 8B55 FC |||MOV EDX,DWORD PTR SS:[EBP-4]
0043860E |. 81E2 FF000000 |||AND EDX,0FF
00438614 |. 8B45 A4 |||MOV EAX,DWORD PTR SS:[EBP-5C]
00438617 |. 25 FF000000 |||AND EAX,0FF
0043861C |. 3BD0 |||CMP EDX,EAX
0043861E |. 7E 06 |||JLE SHORT WaGan.00438626
00438620 |. 8A4D A4 |||MOV CL,BYTE PTR SS:[EBP-5C]
00438623 |. 884D FC |||MOV BYTE PTR SS:[EBP-4],CL
00438626 |> 8B55 A4 |||MOV EDX,DWORD PTR SS:[EBP-5C]
00438629 |. 81E2 FF000000 |||AND EDX,0FF
0043862F |. 8B45 E0 |||MOV EAX,DWORD PTR SS:[EBP-20]
00438632 |. 25 FF000000 |||AND EAX,0FF
00438637 |. 3BD0 |||CMP EDX,EAX
00438639 |. 74 05 |||JE SHORT WaGan.00438640
0043863B |.^ E9 72FFFFFF |||JMP WaGan.004385B2
00438640 |> 8A4D DC |||MOV CL,BYTE PTR SS:[EBP-24]
00438643 |. 884D C4 |||MOV BYTE PTR SS:[EBP-3C],CL
00438646 |. 8A55 D0 |||MOV DL,BYTE PTR SS:[EBP-30]
00438649 |. 8855 C5 |||MOV BYTE PTR SS:[EBP-3B],DL
0043864C |. 8D45 C4 |||LEA EAX,DWORD PTR SS:[EBP-3C]
0043864F |. 50 |||PUSH EAX ; /Arg2
00438650 |. 8B4D 08 |||MOV ECX,DWORD PTR SS:[EBP+8] ; |
00438653 |. 51 |||PUSH ECX ; |Arg1
00438654 |. E8 C72D0000 |||CALL WaGan.0043B420 ; \WaGan.0043B420
00438659 |. 83C4 08 |||ADD ESP,8
0043865C |. 85C0 |||TEST EAX,EAX
0043865E |. 75 1B |||JNZ SHORT WaGan.0043867B
00438660 |. 837D 1C 00 |||CMP DWORD PTR SS:[EBP+1C],0
00438664 |. 74 15 |||JE SHORT WaGan.0043867B
00438666 |. 8D55 C4 |||LEA EDX,DWORD PTR SS:[EBP-3C]
00438669 |. 52 |||PUSH EDX ; /Arg1
0043866A |. 8B4D 98 |||MOV ECX,DWORD PTR SS:[EBP-68] ; |
0043866D |. E8 E7F6FFFF |||CALL WaGan.00437D59 ; \WaGan.00437D59
00438672 |. 85C0 |||TEST EAX,EAX
00438674 |. 74 05 |||JE SHORT WaGan.0043867B
00438676 |.^ E9 37FFFFFF |||JMP WaGan.004385B2
0043867B |> C745 CC 00000>|||MOV DWORD PTR SS:[EBP-34],0
00438682 |. EB 09 |||JMP SHORT WaGan.0043868D
00438684 |> 8B45 CC |||/MOV EAX,DWORD PTR SS:[EBP-34]
00438687 |. 83C0 01 ||||ADD EAX,1
0043868A |. 8945 CC ||||MOV DWORD PTR SS:[EBP-34],EAX
0043868D |> 837D CC 04 ||| CMP DWORD PTR SS:[EBP-34],4
00438691 |. 0F83 74020000 ||||JNB WaGan.0043890B
00438697 |. 8A4D CC ||||MOV CL,BYTE PTR SS:[EBP-34]
0043869A |. 51 ||||PUSH ECX ; /Arg2
0043869B |. 8D55 C4 ||||LEA EDX,DWORD PTR SS:[EBP-3C] ; |
0043869E |. 52 ||||PUSH EDX ; |Arg1
0043869F |. E8 51D3FFFF ||||CALL WaGan.004359F5 ; \WaGan.004359F5
004386A4 |. 83C4 08 ||||ADD ESP,8
004386A7 |. 50 ||||PUSH EAX ; /Arg1
004386A8 |. 8D4D B8 ||||LEA ECX,DWORD PTR SS:[EBP-48] ; |
004386AB |. E8 F0DEFCFF ||||CALL WaGan.004065A0 ; \WaGan.004065A0
004386B0 |. 8B45 B8 ||||MOV EAX,DWORD PTR SS:[EBP-48]
004386B3 |. 25 FF000000 ||||AND EAX,0FF
004386B8 |. 3D FF000000 ||||CMP EAX,0FF
004386BD |. 75 02 ||||JNZ SHORT WaGan.004386C1
004386BF |.^ EB C3 ||||JMP SHORT WaGan.00438684
004386C1 |> 8B4D B8 ||||MOV ECX,DWORD PTR SS:[EBP-48]
004386C4 |. 81E1 FF000000 ||||AND ECX,0FF
004386CA |. 8B55 B9 ||||MOV EDX,DWORD PTR SS:[EBP-47]
004386CD |. 81E2 FF000000 ||||AND EDX,0FF
004386D3 |. 33C0 ||||XOR EAX,EAX
004386D5 |. A0 2C424B00 ||||MOV AL,BYTE PTR DS:[4B422C]
004386DA |. 0FAFD0 ||||IMUL EDX,EAX
004386DD |. 03CA ||||ADD ECX,EDX
004386DF |. 894D E4 ||||MOV DWORD PTR SS:[EBP-1C],ECX
004386E2 |. 8B4D B4 ||||MOV ECX,DWORD PTR SS:[EBP-4C]
004386E5 |. 034D E4 ||||ADD ECX,DWORD PTR SS:[EBP-1C]
004386E8 |. 894D D4 ||||MOV DWORD PTR SS:[EBP-2C],ECX
004386EB |. 6A 04 ||||PUSH 4 ; /Arg3 = 00000004
004386ED |. 6A 00 ||||PUSH 0 ; |Arg2 = 00000000
004386EF |. 6A 00 ||||PUSH 0 ; |Arg1 = 00000000
004386F1 |. B9 38EB4A00 ||||MOV ECX,WaGan.004AEB38 ; |
004386F6 |. E8 45730400 ||||CALL WaGan.0047FA40 ; \WaGan.0047FA40
004386FB |. 8B55 E4 ||||MOV EDX,DWORD PTR SS:[EBP-1C]
004386FE |. 8D8410 800C00>||||LEA EAX,DWORD PTR DS:[EAX+EDX+C80]
00438705 |. 8945 D8 ||||MOV DWORD PTR SS:[EBP-28],EAX
00438708 |. 6A 04 ||||PUSH 4 ; /Arg3 = 00000004
0043870A |. 6A 00 ||||PUSH 0 ; |Arg2 = 00000000
0043870C |. 6A 00 ||||PUSH 0 ; |Arg1 = 00000000
0043870E |. B9 68AB4A00 ||||MOV ECX,WaGan.004AAB68 ; |
00438713 |. E8 28730400 ||||CALL WaGan.0047FA40 ; \WaGan.0047FA40
00438718 |. 8B4D E4 ||||MOV ECX,DWORD PTR SS:[EBP-1C]
0043871B |. 8D9408 400600>||||LEA EDX,DWORD PTR DS:[EAX+ECX+640]
00438722 |. 8955 F8 ||||MOV DWORD PTR SS:[EBP-8],EDX
00438725 |. 8B45 D4 ||||MOV EAX,DWORD PTR SS:[EBP-2C]
00438728 |. 33C9 ||||XOR ECX,ECX
0043872A |. 8A08 ||||MOV CL,BYTE PTR DS:[EAX]
0043872C |. 81F9 FF000000 ||||CMP ECX,0FF
00438732 |. 0F85 CE010000 ||||JNZ WaGan.00438906
00438738 |. 8D55 B8 ||||LEA EDX,DWORD PTR SS:[EBP-48]
0043873B |. 52 ||||PUSH EDX ; /Arg1
0043873C |. E8 50D2FFFF ||||CALL WaGan.00435991 ; \WaGan.00435991
00438741 |. 83C4 04 ||||ADD ESP,4
00438744 |. 8845 9C ||||MOV BYTE PTR SS:[EBP-64],AL
00438747 |. 8A45 9C ||||MOV AL,BYTE PTR SS:[EBP-64]
0043874A |. 50 ||||PUSH EAX ; /Arg1
0043874B |. 8B4D 98 ||||MOV ECX,DWORD PTR SS:[EBP-68] ; |
0043874E |. E8 7C700000 ||||CALL WaGan.0043F7CF ; \WaGan.0043F7CF
00438753 |. 8845 A0 ||||MOV BYTE PTR SS:[EBP-60],AL
00438756 |. 8B4D A0 ||||MOV ECX,DWORD PTR SS:[EBP-60]
00438759 |. 81E1 FF000000 ||||AND ECX,0FF
0043875F |. 81F9 FF000000 ||||CMP ECX,0FF
00438765 |. 74 5E ||||JE SHORT WaGan.004387C5
00438767 |. 8B55 A0 ||||MOV EDX,DWORD PTR SS:[EBP-60]
0043876A |. 81E2 FF000000 ||||AND EDX,0FF
00438770 |. 8B45 A4 ||||MOV EAX,DWORD PTR SS:[EBP-5C]
00438773 |. 25 FF000000 ||||AND EAX,0FF
00438778 |. 03D0 ||||ADD EDX,EAX
0043877A |. 8B4D 0C ||||MOV ECX,DWORD PTR SS:[EBP+C]
0043877D |. 81E1 FF000000 ||||AND ECX,0FF
00438783 |. 3BD1 ||||CMP EDX,ECX
00438785 |. 7F 3E ||||JG SHORT WaGan.004387C5
00438787 |. 8B55 D8 ||||MOV EDX,DWORD PTR SS:[EBP-28]
0043878A |. 33C0 ||||XOR EAX,EAX
0043878C |. 8A02 ||||MOV AL,BYTE PTR DS:[EDX]
0043878E |. 3D FF000000 ||||CMP EAX,0FF
00438793 |. 74 35 ||||JE SHORT WaGan.004387CA
00438795 |. 8B75 C0 ||||MOV ESI,DWORD PTR SS:[EBP-40]
00438798 |. 81E6 FF000000 ||||AND ESI,0FF
0043879E |. 8B4D D8 ||||MOV ECX,DWORD PTR SS:[EBP-28]
004387A1 |. 33D2 ||||XOR EDX,EDX
004387A3 |. 8A11 ||||MOV DL,BYTE PTR DS:[ECX]
004387A5 |. 8BCA ||||MOV ECX,EDX
004387A7 |. 6BC9 24 ||||IMUL ECX,ECX,24
004387AA |. 81C1 502C4B00 ||||ADD ECX,WaGan.004B2C50
004387B0 |. E8 5BDFFCFF ||||CALL WaGan.00406710
004387B5 |. 3BF0 ||||CMP ESI,EAX
004387B7 |. 74 11 ||||JE SHORT WaGan.004387CA
004387B9 |. 837D 1C 00 ||||CMP DWORD PTR SS:[EBP+1C],0
004387BD |. 75 06 ||||JNZ SHORT WaGan.004387C5
004387BF |. 837D F4 00 ||||CMP DWORD PTR SS:[EBP-C],0
004387C3 |. 75 05 ||||JNZ SHORT WaGan.004387CA
004387C5 |>^ E9 BAFEFFFF ||||JMP WaGan.00438684
004387CA |> 8B45 A4 ||||MOV EAX,DWORD PTR SS:[EBP-5C]
004387CD |. 25 FF000000 ||||AND EAX,0FF
004387D2 |. 8B4D A0 ||||MOV ECX,DWORD PTR SS:[EBP-60]
004387D5 |. 81E1 FF000000 ||||AND ECX,0FF
004387DB |. 03C1 ||||ADD EAX,ECX
004387DD |. 8B55 D4 ||||MOV EDX,DWORD PTR SS:[EBP-2C]
004387E0 |. 8802 ||||MOV BYTE PTR DS:[EDX],AL
004387E2 |. C745 E8 01000>||||MOV DWORD PTR SS:[EBP-18],1
004387E9 |. 8B45 BC ||||MOV EAX,DWORD PTR SS:[EBP-44]
004387EC |. 25 FF000000 ||||AND EAX,0FF
004387F1 |. 8B4D D4 ||||MOV ECX,DWORD PTR SS:[EBP-2C]
004387F4 |. 33D2 ||||XOR EDX,EDX
004387F6 |. 8A11 ||||MOV DL,BYTE PTR DS:[ECX]
004387F8 |. 3BC2 ||||CMP EAX,EDX
004387FA |. 7E 49 ||||JLE SHORT WaGan.00438845
004387FC |. 837D 1C 00 ||||CMP DWORD PTR SS:[EBP+1C],0
00438800 |. 74 3B ||||JE SHORT WaGan.0043883D
00438802 |. 837D F4 00 ||||CMP DWORD PTR SS:[EBP-C],0
00438806 |. 75 35 ||||JNZ SHORT WaGan.0043883D
00438808 |. 8D45 B8 ||||LEA EAX,DWORD PTR SS:[EBP-48]
0043880B |. 50 ||||PUSH EAX ; /Arg1
0043880C |. 8B4D 98 ||||MOV ECX,DWORD PTR SS:[EBP-68] ; |
0043880F |. E8 45F5FFFF ||||CALL WaGan.00437D59 ; \WaGan.00437D59
00438814 |. 85C0 ||||TEST EAX,EAX
00438816 |. 75 23 ||||JNZ SHORT WaGan.0043883B
00438818 |. 8B4D D4 ||||MOV ECX,DWORD PTR SS:[EBP-2C]
0043881B |. 8A11 ||||MOV DL,BYTE PTR DS:[ECX]
0043881D |. 8855 BC ||||MOV BYTE PTR SS:[EBP-44],DL
00438820 |. 8B45 BC ||||MOV EAX,DWORD PTR SS:[EBP-44]
00438823 |. 25 FF000000 ||||AND EAX,0FF
00438828 |. 8B4D FC ||||MOV ECX,DWORD PTR SS:[EBP-4]
0043882B |. 81E1 FF000000 ||||AND ECX,0FF
00438831 |. 3BC1 ||||CMP EAX,ECX
00438833 |. 7E 06 ||||JLE SHORT WaGan.0043883B
00438835 |. 8A55 FC ||||MOV DL,BYTE PTR SS:[EBP-4]
00438838 |. 8855 BC ||||MOV BYTE PTR SS:[EBP-44],DL
0043883B |> EB 08 ||||JMP SHORT WaGan.00438845
0043883D |> 8B45 D4 ||||MOV EAX,DWORD PTR SS:[EBP-2C]
00438840 |. 8A08 ||||MOV CL,BYTE PTR DS:[EAX]
00438842 |. 884D BC ||||MOV BYTE PTR SS:[EBP-44],CL
00438845 |> 8B55 10 ||||MOV EDX,DWORD PTR SS:[EBP+10]
00438848 |. 81E2 FF000000 ||||AND EDX,0FF
0043884E |. 83E2 08 ||||AND EDX,8
00438851 |. 85D2 ||||TEST EDX,EDX
00438853 |. 74 6D ||||JE SHORT WaGan.004388C2
00438855 |. 6A 04 ||||PUSH 4 ; /Arg3 = 00000004
00438857 |. 6A 00 ||||PUSH 0 ; |Arg2 = 00000000
00438859 |. 6A 00 ||||PUSH 0 ; |Arg1 = 00000000
0043885B |. B9 68AB4A00 ||||MOV ECX,WaGan.004AAB68 ; |
00438860 |. E8 DB710400 ||||CALL WaGan.0047FA40 ; \WaGan.0047FA40
00438865 |. 8B4D E4 ||||MOV ECX,DWORD PTR SS:[EBP-1C]
00438868 |. 33D2 ||||XOR EDX,EDX
0043886A |. 8A1408 ||||MOV DL,BYTE PTR DS:[EAX+ECX]
0043886D |. 81FA FF000000 ||||CMP EDX,0FF
00438873 |. 74 4D ||||JE SHORT WaGan.004388C2
00438875 |. 6A 04 ||||PUSH 4 ; /Arg3 = 00000004
00438877 |. 6A 00 ||||PUSH 0 ; |Arg2 = 00000000
00438879 |. 6A 00 ||||PUSH 0 ; |Arg1 = 00000000
0043887B |. B9 68AB4A00 ||||MOV ECX,WaGan.004AAB68 ; |
00438880 |. E8 BB710400 ||||CALL WaGan.0047FA40 ; \WaGan.0047FA40
00438885 |. 8B4D E4 ||||MOV ECX,DWORD PTR SS:[EBP-1C]
00438888 |. 33D2 ||||XOR EDX,EDX
0043888A |. 8A1408 ||||MOV DL,BYTE PTR DS:[EAX+ECX]
0043888D |. 8BCA ||||MOV ECX,EDX
0043888F |. 6BC9 24 ||||IMUL ECX,ECX,24
00438892 |. 81C1 502C4B00 ||||ADD ECX,WaGan.004B2C50
00438898 |. E8 F303FEFF ||||CALL WaGan.00418C90
0043889D |. 25 FF000000 ||||AND EAX,0FF
004388A2 |. 83F8 02 ||||CMP EAX,2
004388A5 |. 75 1B ||||JNZ SHORT WaGan.004388C2
004388A7 |. 6A 04 ||||PUSH 4 ; /Arg3 = 00000004
004388A9 |. 6A 00 ||||PUSH 0 ; |Arg2 = 00000000
004388AB |. 6A 00 ||||PUSH 0 ; |Arg1 = 00000000
004388AD |. B9 68AB4A00 ||||MOV ECX,WaGan.004AAB68 ; |
004388B2 |. E8 89710400 ||||CALL WaGan.0047FA40 ; \WaGan.0047FA40
004388B7 |. 8B4D E4 ||||MOV ECX,DWORD PTR SS:[EBP-1C]
004388BA |. 8A0408 ||||MOV AL,BYTE PTR DS:[EAX+ECX]
004388BD |. E9 9B000000 ||||JMP WaGan.0043895D
004388C2 |> 8B55 10 ||||MOV EDX,DWORD PTR SS:[EBP+10]
004388C5 |. 81E2 FF000000 ||||AND EDX,0FF
004388CB |. 83E2 02 ||||AND EDX,2
004388CE |. 85D2 ||||TEST EDX,EDX
004388D0 |. 74 18 ||||JE SHORT WaGan.004388EA
004388D2 |. 8D45 EC ||||LEA EAX,DWORD PTR SS:[EBP-14]
004388D5 |. 50 ||||PUSH EAX ; /Arg2
004388D6 |. 8D4D B8 ||||LEA ECX,DWORD PTR SS:[EBP-48] ; |
004388D9 |. 51 ||||PUSH ECX ; |Arg1
004388DA |. E8 412B0000 ||||CALL WaGan.0043B420 ; \WaGan.0043B420
004388DF |. 83C4 08 ||||ADD ESP,8
004388E2 |. 85C0 ||||TEST EAX,EAX
004388E4 |. 74 04 ||||JE SHORT WaGan.004388EA
004388E6 |. B0 01 ||||MOV AL,1
004388E8 |. EB 73 ||||JMP SHORT WaGan.0043895D
004388EA |> 8B55 10 ||||MOV EDX,DWORD PTR SS:[EBP+10]
004388ED |. 81E2 FF000000 ||||AND EDX,0FF
004388F3 |. 83E2 04 ||||AND EDX,4
004388F6 |. 85D2 ||||TEST EDX,EDX
004388F8 |. 74 0C ||||JE SHORT WaGan.00438906
004388FA |. 8D45 B8 ||||LEA EAX,DWORD PTR SS:[EBP-48]
004388FD |. 50 ||||PUSH EAX ; /Arg1
004388FE |. 8B4D 98 ||||MOV ECX,DWORD PTR SS:[EBP-68] ; |
00438901 |. E8 231C0000 ||||CALL WaGan.0043A529 ; \WaGan.0043A529
00438906 |>^ E9 79FDFFFF |||\JMP WaGan.00438684
0043890B |>^ E9 A2FCFFFF ||\JMP WaGan.004385B2
00438910 |> 837D E8 00 ||CMP DWORD PTR SS:[EBP-18],0
00438914 |. 75 20 ||JNZ SHORT WaGan.00438936
00438916 |. 8B4D FC ||MOV ECX,DWORD PTR SS:[EBP-4]
00438919 |. 81E1 FF000000 ||AND ECX,0FF
0043891F |. 81F9 FF000000 ||CMP ECX,0FF
00438925 |. 74 0D ||JE SHORT WaGan.00438934
00438927 |. 8A55 FC ||MOV DL,BYTE PTR SS:[EBP-4]
0043892A |. 8855 BC ||MOV BYTE PTR SS:[EBP-44],DL
0043892D |. C745 E8 01000>||MOV DWORD PTR SS:[EBP-18],1
00438934 |> EB 1B ||JMP SHORT WaGan.00438951
00438936 |> 8B45 BC ||MOV EAX,DWORD PTR SS:[EBP-44]
00438939 |. 25 FF000000 ||AND EAX,0FF
0043893E |. 8B4D FC ||MOV ECX,DWORD PTR SS:[EBP-4]
00438941 |. 81E1 FF000000 ||AND ECX,0FF
00438947 |. 3BC1 ||CMP EAX,ECX
00438949 |. 7E 06 ||JLE SHORT WaGan.00438951
0043894B |. 8A55 FC ||MOV DL,BYTE PTR SS:[EBP-4]
0043894E |. 8855 BC ||MOV BYTE PTR SS:[EBP-44],DL
00438951 |>^ E9 39FCFFFF |\JMP WaGan.0043858F
00438956 |>^ E9 F2FBFFFF \JMP WaGan.0043854D
0043895B |> 0C FF OR AL,0FF
0043895D |> 5E POP ESI
0043895E |. 5B POP EBX
0043895F |. 8BE5 MOV ESP,EBP
00438961 |. 5D POP EBP
00438962 \. C2 1800 RETN 18
EBP+8目标地址
EBP-C 估算值
EBP-14 AI武将战场内存地址
438901,438514两处调用
0043A529 /$ 55 PUSH EBP
0043A52A |. 8BEC MOV EBP,ESP
0043A52C |. 83EC 20 SUB ESP,20
0043A52F |. 894D EC MOV DWORD PTR SS:[EBP-14],ECX
0043A532 |. 6A 04 PUSH 4 ; /Arg3 = 00000004
0043A534 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
0043A536 |. 6A 00 PUSH 0 ; |Arg1 = 00000000
0043A538 |. B9 68AB4A00 MOV ECX,WaGan.004AAB68 ; |
0043A53D |. E8 FE540400 CALL WaGan.0047FA40 ; \WaGan.0047FA40 (hPic_GetMemPtr)
0043A542 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0043A545 |. 33D2 XOR EDX,EDX
0043A547 |. 8A11 MOV DL,BYTE PTR DS:[ECX]
0043A549 |. 8D8410 400600>LEA EAX,DWORD PTR DS:[EAX+EDX+640]
0043A550 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0043A553 |. 33D2 XOR EDX,EDX
0043A555 |. 8A51 01 MOV DL,BYTE PTR DS:[ECX+1]
0043A558 |. 33C9 XOR ECX,ECX
0043A55A |. 8A0D 2C424B00 MOV CL,BYTE PTR DS:[4B422C]
0043A560 |. 0FAFD1 IMUL EDX,ECX
0043A563 |. 03C2 ADD EAX,EDX
0043A565 |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
0043A568 |. C645 F4 00 MOV BYTE PTR SS:[EBP-C],0
0043A56C |. C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
0043A570 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0043A573 |. 52 PUSH EDX ; /Arg1
0043A574 |. E8 0BB3FFFF CALL WaGan.00435884 ; \WaGan.00435884
0043A579 |. 83C4 04 ADD ESP,4
0043A57C |. 25 FF000000 AND EAX,0FF
0043A581 |. 3D FF000000 CMP EAX,0FF
0043A586 |. 74 1B JE SHORT WaGan.0043A5A3
0043A588 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
0043A58B |. 83C0 06 ADD EAX,6 AI武将当前坐标
0043A58E |. 50 PUSH EAX ; /Arg2
0043A58F |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
0043A592 |. 51 PUSH ECX ; |Arg1
0043A593 |. E8 880E0000 CALL WaGan.0043B420 人物移动处理,比较两地址是否相同,是则是到达目的地,返回1
0043A598 |. 83C4 08 ADD ESP,8
0043A59B |. 85C0 TEST EAX,EAX
0043A59D |. 0F84 20020000 JE WaGan.0043A7C3 不能达到,结束
0043A5A3 |> 68 80000000 PUSH 80 ; /Arg1 = 00000080 剧本移动中
0043A5A8 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043A5AB |. E8 40B5FEFF CALL WaGan.00425AF0 判断Ecx武将行动是否结束 (08栈是80,04,02)
0043A5B0 |. 85C0 TEST EAX,EAX
0043A5B2 |. 0F85 73010000 JNZ WaGan.0043A72B
0043A5B8 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043A5BB |. E8 10B5FEFF CALL WaGan.00425AD0 返回武将的是否可控制标记
0043A5C0 |. 25 FF000000 AND EAX,0FF
0043A5C5 |. 83F8 04 CMP EAX,4
0043A5C8 |. 0F84 B8000000 JE WaGan.0043A686 跳转
0043A5CE |. 6A 04 PUSH 4 ; /Arg3 = 00000004
0043A5D0 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
0043A5D2 |. 6A 00 PUSH 0 ; |Arg1 = 00000000
0043A5D4 |. B9 68AB4A00 MOV ECX,WaGan.004AAB68 ; |
0043A5D9 |. E8 62540400 CALL WaGan.0047FA40 ; \WaGan.0047FA40
0043A5DE |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0043A5E1 |. 33C9 XOR ECX,ECX
0043A5E3 |. 8A0A MOV CL,BYTE PTR DS:[EDX]
0043A5E5 |. 03C1 ADD EAX,ECX
0043A5E7 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0043A5EA |. 33C9 XOR ECX,ECX
0043A5EC |. 8A4A 01 MOV CL,BYTE PTR DS:[EDX+1]
0043A5EF |. 33D2 XOR EDX,EDX
0043A5F1 |. 8A15 2C424B00 MOV DL,BYTE PTR DS:[4B422C]
0043A5F7 |. 0FAFCA IMUL ECX,EDX
0043A5FA |. 33D2 XOR EDX,EDX
0043A5FC |. 8A1408 MOV DL,BYTE PTR DS:[EAX+ECX]
0043A5FF |. 81FA FF000000 CMP EDX,0FF
0043A605 |. 75 17 JNZ SHORT WaGan.0043A61E
0043A607 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
0043A60A |. 83C0 06 ADD EAX,6
0043A60D |. 50 PUSH EAX ; /Arg2
0043A60E |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
0043A611 |. 51 PUSH ECX ; |Arg1
0043A612 |. E8 090E0000 CALL WaGan.0043B420 人物移动处理,比较两地址是否相同,是则是到达目的地,返回1
0043A617 |. 83C4 08 ADD ESP,8
0043A61A |. 85C0 TEST EAX,EAX
0043A61C |. 74 0F JE SHORT WaGan.0043A62D
0043A61E |> 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0043A621 |. 52 PUSH EDX ; /Arg1 坐标地址
0043A622 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043A625 |. E8 3BE3FFFF CALL WaGan.00438965 ; \WaGan.00438965 对这个位置进行估算
0043A62A |. 8845 F4 MOV BYTE PTR SS:[EBP-C],AL
0043A62D |> 6A 04 PUSH 4 ; /Arg1 = 00000004
0043A62F |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043A632 |. E8 A9C0FCFF CALL WaGan.004066E0 ; \WaGan.004066E0 判断武将是否禁咒
0043A637 |. 85C0 TEST EAX,EAX
0043A639 |. 75 0F JNZ SHORT WaGan.0043A64A 禁咒跳转
0043A63B |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0043A63E |. 50 PUSH EAX ; /Arg1
0043A63F |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043A642 |. E8 95EBFFFF CALL WaGan.004391DC ; \WaGan.004391DC
0043A647 |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
0043A64A |> 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0043A64D |. 81E1 FF000000 AND ECX,0FF
0043A653 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
0043A656 |. 81E2 FF000000 AND EDX,0FF
0043A65C |. 3BCA CMP ECX,EDX
0043A65E |. 7E 0D JLE SHORT WaGan.0043A66D
0043A660 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0043A663 |. 25 FF000000 AND EAX,0FF
0043A668 |. 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
0043A66B |. EB 0C JMP SHORT WaGan.0043A679
0043A66D |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0043A670 |. 81E1 FF000000 AND ECX,0FF
0043A676 |. 894D E8 MOV DWORD PTR SS:[EBP-18],ECX
0043A679 |> 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
0043A67C |. 8A02 MOV AL,BYTE PTR DS:[EDX]
0043A67E |. 0245 E8 ADD AL,BYTE PTR SS:[EBP-18]
0043A681 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0043A684 |. 8801 MOV BYTE PTR DS:[ECX],AL
0043A686 |> 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0043A689 |. 52 PUSH EDX ; /Arg1
0043A68A |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043A68D |. E8 2DFEFFFF CALL WaGan.0043A4BF ; \WaGan.0043A4BF
0043A692 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
0043A695 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0043A698 |. 33C9 XOR ECX,ECX
0043A69A |. 8A08 MOV CL,BYTE PTR DS:[EAX]
0043A69C |. BA FF000000 MOV EDX,0FF
0043A6A1 |. 2BD1 SUB EDX,ECX
0043A6A3 |. 3955 F0 CMP DWORD PTR SS:[EBP-10],EDX
0043A6A6 |. 7D 08 JGE SHORT WaGan.0043A6B0
0043A6A8 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0043A6AB |. 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
0043A6AE |. EB 11 JMP SHORT WaGan.0043A6C1
0043A6B0 |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0043A6B3 |. 33D2 XOR EDX,EDX
0043A6B5 |. 8A11 MOV DL,BYTE PTR DS:[ECX]
0043A6B7 |. B8 FF000000 MOV EAX,0FF
0043A6BC |. 2BC2 SUB EAX,EDX
0043A6BE |. 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
0043A6C1 |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0043A6C4 |. 8A11 MOV DL,BYTE PTR DS:[ECX]
0043A6C6 |. 0255 E4 ADD DL,BYTE PTR SS:[EBP-1C]
0043A6C9 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0043A6CC |. 8810 MOV BYTE PTR DS:[EAX],DL
0043A6CE |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043A6D1 |. 83C1 06 ADD ECX,6
0043A6D4 |. 51 PUSH ECX ; /Arg2
0043A6D5 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8] ; |
0043A6D8 |. 52 PUSH EDX ; |Arg1
0043A6D9 |. E8 420D0000 CALL WaGan.0043B420 人物移动处理,比较两地址是否相同,是则是到达目的地,返回1
0043A6DE |. 83C4 08 ADD ESP,8
0043A6E1 |. 85C0 TEST EAX,EAX
0043A6E3 |. 74 46 JE SHORT WaGan.0043A72B 不是在目标位置
0043A6E5 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0043A6E8 |. 25 FF000000 AND EAX,0FF
0043A6ED |. 85C0 TEST EAX,EAX
0043A6EF |. 75 3A JNZ SHORT WaGan.0043A72B
0043A6F1 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0043A6F4 |. 33D2 XOR EDX,EDX
0043A6F6 |. 8A11 MOV DL,BYTE PTR DS:[ECX]
0043A6F8 |. B8 FF000000 MOV EAX,0FF
0043A6FD |. 2BC2 SUB EAX,EDX
0043A6FF |. 83F8 01 CMP EAX,1
0043A702 |. 7E 09 JLE SHORT WaGan.0043A70D
0043A704 |. C745 E0 01000>MOV DWORD PTR SS:[EBP-20],1
0043A70B |. EB 11 JMP SHORT WaGan.0043A71E
0043A70D |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0043A710 |. 33D2 XOR EDX,EDX
0043A712 |. 8A11 MOV DL,BYTE PTR DS:[ECX]
0043A714 |. B8 FF000000 MOV EAX,0FF
0043A719 |. 2BC2 SUB EAX,EDX
0043A71B |. 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX
0043A71E |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0043A721 |. 8A11 MOV DL,BYTE PTR DS:[ECX]
0043A723 |. 0255 E0 ADD DL,BYTE PTR SS:[EBP-20]
0043A726 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0043A729 |. 8810 MOV BYTE PTR DS:[EAX],DL
0043A72B |> 33C9 XOR ECX,ECX
0043A72D |. 8A0D 382C4B00 MOV CL,BYTE PTR DS:[4B2C38]
0043A733 |. 81F9 FF000000 CMP ECX,0FF
0043A739 |. 74 1B JE SHORT WaGan.0043A756
0043A73B |. 68 382C4B00 PUSH WaGan.004B2C38 ; /Arg2 = 004B2C38
0043A740 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8] ; |
0043A743 |. 52 PUSH EDX ; |Arg1
0043A744 |. E8 D70C0000 CALL WaGan.0043B420 ; \WaGan.0043B420
0043A749 |. 83C4 08 ADD ESP,8
0043A74C |. 85C0 TEST EAX,EAX
0043A74E |. 74 06 JE SHORT WaGan.0043A756
0043A750 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0043A753 |. C600 00 MOV BYTE PTR DS:[EAX],0
0043A756 |> 33C9 XOR ECX,ECX
0043A758 |. 8A0D 4C2C4B00 MOV CL,BYTE PTR DS:[4B2C4C]
0043A75E |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
0043A761 |. 33C0 XOR EAX,EAX
0043A763 |. 8A02 MOV AL,BYTE PTR DS:[EDX]
0043A765 |. 3BC8 CMP ECX,EAX
0043A767 |. 7D 5A JGE SHORT WaGan.0043A7C3
0043A769 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0043A76C |. 81E1 FF000000 AND ECX,0FF
0043A772 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
0043A775 |. 81E2 FF000000 AND EDX,0FF
0043A77B |. 3BCA CMP ECX,EDX
0043A77D |. 7E 18 JLE SHORT WaGan.0043A797
0043A77F |. A0 402C4B00 MOV AL,BYTE PTR DS:[4B2C40]
0043A784 |. A2 442C4B00 MOV BYTE PTR DS:[4B2C44],AL
0043A789 |. 8A0D 2C2C4B00 MOV CL,BYTE PTR DS:[4B2C2C]
0043A78F |. 880D 282C4B00 MOV BYTE PTR DS:[4B2C28],CL
0043A795 |. EB 13 JMP SHORT WaGan.0043A7AA
0043A797 |> C605 442C4B00>MOV BYTE PTR DS:[4B2C44],0FF
0043A79E |. 8A15 302C4B00 MOV DL,BYTE PTR DS:[4B2C30]
0043A7A4 |. 8815 282C4B00 MOV BYTE PTR DS:[4B2C28],DL
0043A7AA |> 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0043A7AD |. 8A08 MOV CL,BYTE PTR DS:[EAX]
0043A7AF |. 880D 4C2C4B00 MOV BYTE PTR DS:[4B2C4C],CL
0043A7B5 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0043A7B8 |. 52 PUSH EDX ; /Arg1
0043A7B9 |. B9 202C4B00 MOV ECX,WaGan.004B2C20 ; |
0043A7BE |. E8 DDBDFCFF CALL WaGan.004065A0 ; \WaGan.004065A0
0043A7C3 |> 8BE5 MOV ESP,EBP
0043A7C5 |. 5D POP EBP
0043A7C6 \. C2 0400 RETN 4
EBP+8 AI武将的坐标位置
ECX AI武将的战场内存地址
EBP-8 AI武将的攻击范围
EBP-14 AI武将的战场内存地址
00438965 /$ 55 PUSH EBP
00438966 |. 8BEC MOV EBP,ESP
00438968 |. 83EC 14 SUB ESP,14
0043896B |. 894D EC MOV DWORD PTR SS:[EBP-14],ECX
0043896E |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
00438971 |. E8 486F0000 CALL WaGan.0043F8BE 获取武将的攻击范围
00438976 |. 8845 F8 MOV BYTE PTR SS:[EBP-8],AL
00438979 |. C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
0043897D |. C645 F4 00 MOV BYTE PTR SS:[EBP-C],0
00438981 |. C605 302C4B00>MOV BYTE PTR DS:[4B2C30],0FF
00438988 |. 6A 00 PUSH 0 ; /Arg4 = 00000000
0043898A |. 68 80000000 PUSH 80 ; |Arg3 = 00000080
0043898F |. 8A45 F8 MOV AL,BYTE PTR SS:[EBP-8] ; |
00438992 |. 50 PUSH EAX ; |Arg2 攻击范围
00438993 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
00438996 |. 51 PUSH ECX ; |Arg1
00438997 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
0043899A |. E8 E7DBFFFF CALL WaGan.00436586 ; \WaGan.00436586
0043899F |. 25 FF000000 AND EAX,0FF
004389A4 |. 3D FF000000 CMP EAX,0FF
004389A9 |. 74 6C JE SHORT WaGan.00438A17
004389AB |. C745 F0 48C74> MOV DWORD PTR SS:[EBP-10],4AC748
004389B2 |. EB 09 JMP SHORT WaGan.004389BD
004389B4 |> 8B55 F0 /MOV EDX,DWORD PTR SS:[EBP-10] AI针对全体相反部队的伤害做估算排序
004389B7 |. 83C2 01 |ADD EDX,1
004389BA |. 8955 F0 |MOV DWORD PTR SS:[EBP-10],EDX
004389BD |> 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004389C0 |. 33C9 |XOR ECX,ECX
004389C2 |. 8A08 |MOV CL,BYTE PTR DS:[EAX]
004389C4 |. 81F9 FF000000 |CMP ECX,0FF
004389CA |. 74 4B |JE SHORT WaGan.00438A17 退出循环
004389CC |. 8B55 F0 |MOV EDX,DWORD PTR SS:[EBP-10]
004389CF |. 33C0 |XOR EAX,EAX
004389D1 |. 8A02 |MOV AL,BYTE PTR DS:[EDX]
004389D3 |. 83F8 73 |CMP EAX,73
004389D6 |. 7D 3F |JGE SHORT WaGan.00438A17 大于115,退出循环
004389D8 |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8]
004389DB |. 66:8B11 |MOV DX,WORD PTR DS:[ECX]
004389DE |. 52 |PUSH EDX ; /Arg2
004389DF |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10] ; |
004389E2 |. 8A08 |MOV CL,BYTE PTR DS:[EAX] ; |
004389E4 |. 51 |PUSH ECX ; |Arg1 准备攻击人的战场形象编号
004389E5 |. 8B4D EC |MOV ECX,DWORD PTR SS:[EBP-14] ; |
004389E8 |. E8 33000000 |CALL WaGan.00438A20 ; \WaGan.00438A20 AI估算函数
004389ED |. 8845 FC |MOV BYTE PTR SS:[EBP-4],AL
004389F0 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
004389F3 |. 81E2 FF000000 |AND EDX,0FF
004389F9 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
004389FC |. 25 FF000000 |AND EAX,0FF
00438A01 |. 3BD0 |CMP EDX,EAX
00438A03 |. 7D 10 |JGE SHORT WaGan.00438A15
00438A05 |. 8A4D FC |MOV CL,BYTE PTR SS:[EBP-4]
00438A08 |. 884D F4 |MOV BYTE PTR SS:[EBP-C],CL
00438A0B |. 8B55 F0 |MOV EDX,DWORD PTR SS:[EBP-10]
00438A0E |. 8A02 |MOV AL,BYTE PTR DS:[EDX]
00438A10 |. A2 302C4B00 |MOV BYTE PTR DS:[4B2C30],AL
00438A15 |>^ EB 9D \JMP SHORT WaGan.004389B4
00438A17 |> 8A45 F4 MOV AL,BYTE PTR SS:[EBP-C] 最终的估算值
00438A1A |. 8BE5 MOV ESP,EBP
00438A1C |. 5D POP EBP
00438A1D \. C2 0400 RETN 4
传入参数:
EBP+C 坐标位置
EBP+8 AI准备攻击武将战场形象编号
ECX AI控制武将的战场内存地址
局部变量
EBP-98 保存ECX值,应该是AI武将的战场内存地址
EBP-94 AI准备攻击武将攻击范围
EBP-90 AI准备攻击武将坐标位置
EBP-4 AI武将的攻击效果
EBP-8 AI准备攻击人物Data序号
EBP-C 一个权值,初始为0,当估算能击退掉目标武将是,为0x50,
0x10是伤害估算*10《被攻击者的士气+全身道具效果值 或 当前武将体力 * 100 / 被攻击者的士气+全身道具效果值 <=40
0x0a 控制标记为1
0x02 控制标记不为1
EBP-10 AI准备攻击人物的Data内存地址
EBP-14 AI估算的伤害值
AI函数:
00438A20 /$ 55 PUSH EBP
00438A21 |. 8BEC MOV EBP,ESP
00438A23 |. 81EC 98000000 SUB ESP,98
00438A29 |. 56 PUSH ESI
00438A2A |. 898D 68FFFFFF MOV DWORD PTR SS:[EBP-98],ECX
00438A30 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00438A33 |. 81E1 FF000000 AND ECX,0FF
00438A39 |. 6BC9 24 IMUL ECX,ECX,24
00438A3C |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50
00438A42 |. E8 296C0200 CALL WaGan.0045F670 获取AI准备攻击武将ecx的data编号
00438A47 |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
00438A4A |. C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
00438A51 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00438A54 |. 25 FF000000 AND EAX,0FF
00438A59 |. 3D FF000000 CMP EAX,0FF
00438A5E |. 0F84 17010000 JE WaGan.00438B7B 战场形象编号等于FF,没有人,跳转
00438A64 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00438A67 |. 81E1 FF000000 AND ECX,0FF
00438A6D |. 83F9 73 CMP ECX,73
00438A70 |. 0F8D 05010000 JGE WaGan.00438B7B >=73,这个战场人物不存在,跳转
00438A76 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00438A79 |. 81E1 FF000000 AND ECX,0FF
00438A7F |. 6BC9 24 IMUL ECX,ECX,24
00438A82 |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50
00438A88 |. E8 83DCFCFF CALL WaGan.00406710 判断武将ecx(战场内存地址)的战场编号是否大于23,返回1表示是非敌军,返回0表示敌人
00438A8D |. 8BF0 MOV ESI,EAX
00438A8F |. 8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98]
00438A95 |. E8 76DCFCFF CALL WaGan.00406710判断武将ecx(战场内存地址)的战场编号是否大于23,返回1表示是非敌军,返回0表示敌人
00438A9A |. 3BF0 CMP ESI,EAX 比较攻击方和被攻击方是否属于同一方
00438A9C |. 0F84 D9000000 JE WaGan.00438B7B 属于同一方,跳转
00438AA2 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
00438AA5 |. 6BD2 48 IMUL EDX,EDX,48
00438AA8 |. 81C2 0000D600 ADD EDX,0D60000
00438AAE |. 8955 F0 MOV DWORD PTR SS:[EBP-10],EDX
00438AB1 |. 6A 00 PUSH 0
00438AB3 |. 6A 00 PUSH 0
00438AB5 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] AI准备攻击人物的Data内存地址
00438AB8 |. 50 PUSH EAX
00438AB9 |. 8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98] AI武将的战场内存地址
00438ABF |. E8 87310000 CALL WaGan.0043BC4B 估算伤害值
00438AC4 |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX
00438AC7 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00438ACA |. 81E1 FF000000 AND ECX,0FF
00438AD0 |. 6BC9 24 IMUL ECX,ECX,24
00438AD3 |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50
00438AD9 |. E8 B2A10300 CALL WaGan.00472C90 返回AI准备攻击武将ecx的当前体力
00438ADE |. 3945 EC CMP DWORD PTR SS:[EBP-14],EAX 准备攻击武将当前HPCur值和估算伤害的比较
00438AE1 |. 72 0C JB SHORT WaGan.00438AEF 估计伤害值小于当前武将HPCur,跳转
00438AE3 |. C745 F4 50000>MOV DWORD PTR SS:[EBP-C],50
00438AEA |. E9 8C000000 JMP WaGan.00438B7B 变量赋值为0x50,一个标记
00438AEF |> 8B75 EC MOV ESI,DWORD PTR SS:[EBP-14]
00438AF2 |. 6BF6 0A IMUL ESI,ESI,0A 把伤害值*10
00438AF5 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
00438AF8 |. E8 1EE7FCFF CALL WaGan.0040721B 这个返回值是被攻击人的士气+全身道具效果值和
00438AFD |. 8BC8 MOV ECX,EAX
00438AFF |. 8BC6 MOV EAX,ESI
00438B01 |. 33D2 XOR EDX,EDX
00438B03 |. F7F1 DIV ECX 伤害估算*10 / 被攻击人的士气+全身道具效果值和
00438B05 |. 83F8 01 CMP EAX,1 比较两个的大小
00438B08 |. 72 09 JB SHORT WaGan.00438B13
00438B0A |. C745 F4 10000>MOV DWORD PTR SS:[EBP-C],10
00438B11 |. EB 68 JMP SHORT WaGan.00438B7B
00438B13 |> 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00438B16 |. 81E1 FF000000 AND ECX,0FF
00438B1C |. 6BC9 24 IMUL ECX,ECX,24
00438B1F |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50
00438B25 |. E8 66A10300 CALL WaGan.00472C90 返回AI准备攻击武将ecx的当前体力
00438B2A |. 8BF0 MOV ESI,EAX
00438B2C |. 6BF6 64 IMUL ESI,ESI,64 把武将当前体力*0x64
00438B2F |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
00438B32 |. 6BC9 48 IMUL ECX,ECX,48
00438B35 |. 81C1 0000D600 ADD ECX,0D60000
00438B3B |. E8 DBE6FCFF CALL WaGan.0040721B 这个返回值是被攻击人的士气+全身道具效果值和
00438B40 |. 8BC8 MOV ECX,EAX
00438B42 |. 8BC6 MOV EAX,ESI
00438B44 |. 33D2 XOR EDX,EDX
00438B46 |. F7F1 DIV ECX 把武将当前体力*100 除以被攻击人的士气+全身道具效果值和
00438B48 |. 83F8 28 CMP EAX,28
00438B4B |. 77 09 JA SHORT WaGan.00438B56 大于40则跳转
00438B4D |. C745 F4 10000>MOV DWORD PTR SS:[EBP-C],10
00438B54 |. EB 25 JMP SHORT WaGan.00438B7B
00438B56 |> 8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98]
00438B5C |. E8 6FCFFEFF CALL WaGan.00425AD0 是否能被玩家直接控制,07表示可控
00438B61 |. 25 FF000000 AND EAX,0FF
00438B66 |. 83F8 01 CMP EAX,1
00438B69 |. 75 09 JNZ SHORT WaGan.00438B74
00438B6B |. C745 F4 0A000>MOV DWORD PTR SS:[EBP-C],0A
00438B72 |. EB 07 JMP SHORT WaGan.00438B7B
00438B74 |> C745 F4 02000>MOV DWORD PTR SS:[EBP-C],2
00438B7B |> 6A 08 PUSH 8 ; /Arg1 = 00000008
00438B7D |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
00438B80 |. 81E1 FF000000 AND ECX,0FF ; |
00438B86 |. 6BC9 24 IMUL ECX,ECX,24 ; |
00438B89 |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50 ; |
00438B8F |. E8 4CDBFCFF CALL WaGan.004066E0 ; \WaGan.004066E0 判断被攻击武将是否混乱
00438B94 |. 85C0 TEST EAX,EAX
00438B96 |. 74 09 JE SHORT WaGan.00438BA1
00438B98 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
00438B9B |. 83C2 08 ADD EDX,8 混乱的话,权值+8
00438B9E |. 8955 F4 MOV DWORD PTR SS:[EBP-C],EDX
00438BA1 |> 837D F4 00 CMP DWORD PTR SS:[EBP-C],0
00438BA5 |. 76 51 JBE SHORT WaGan.00438BF8 小于等于0,即实际位置上没有人
00438BA7 |. 817D F8 00040>CMP DWORD PTR SS:[EBP-8],400
00438BAE |. 73 48 JNB SHORT WaGan.00438BF8 被攻击武将Data大于0x400(1024),无人
00438BB0 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00438BB3 |. 81E1 FF000000 AND ECX,0FF
00438BB9 |. 6BC9 24 IMUL ECX,ECX,24
00438BBC |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50
00438BC2 |. E8 A96A0200 CALL WaGan.0045F670 获取武将ecx的data编号
00438BC7 |. 8BF0 MOV ESI,EAX
00438BC9 |. B9 902F4900 MOV ECX,WaGan.00492F90
00438BCE |. E8 5DDAFCFF CALL WaGan.00406630 判断是否是敌主将
00438BD3 |. 3BF0 CMP ESI,EAX
00438BD5 |. 74 0D JE SHORT WaGan.00438BE4 和被攻击的人相等
00438BD7 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00438BDA |. 25 FF000000 AND EAX,0FF
00438BDF |. 83F8 23 CMP EAX,23 比较是否等于23 (第一个敌军的战场编号)
00438BE2 |. 75 0B JNZ SHORT WaGan.00438BEF
00438BE4 |> 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
00438BE7 |. 83C1 08 ADD ECX,8 应该是表示主将,这个权值+8
00438BEA |. 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
00438BED |. EB 09 JMP SHORT WaGan.00438BF8
00438BEF |> 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
00438BF2 |. 83C2 04 ADD EDX,4
00438BF5 |. 8955 F4 MOV DWORD PTR SS:[EBP-C],EDX 非主将,权值+4
00438BF8 |> 837D F4 4B CMP DWORD PTR SS:[EBP-C],4B
00438BFC |. 73 16 JNB SHORT WaGan.00438C14 权值大于75的跳转
00438BFE |. 8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98]
00438C04 |. E8 E4730000 CALL WaGan.0043FFED 判断下当前AI武将是文官还是武将
00438C09 |. 85C0 TEST EAX,EAX
00438C0B |. 74 07 JE SHORT WaGan.00438C14 非文官跳转
00438C0D |. 33C0 XOR EAX,EAX
00438C0F |. E9 7B010000 JMP WaGan.00438D8F 结束
00438C14 |> 8B85 68FFFFFF MOV EAX,DWORD PTR SS:[EBP-98]
00438C1A |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
00438C1C |. 6BC9 48 IMUL ECX,ECX,48
00438C1F |. 81C1 0000D600 ADD ECX,0D60000
00438C25 |. E8 EEEBFCFF CALL WaGan.00407818
判断攻击人的攻击效果(重炮和霹雳车返回1,老虎返回4,其他的根据实际穿透值,普通的返回0)
00407818 /$ 55 PUSH EBP
00407819 |. 8BEC MOV EBP,ESP
0040781B |. 83EC 0C SUB ESP,0C
0040781E |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
00407821 |. C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
00407825 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
00407828 |. E8 E3EDFFFF CALL Ekd5英杰.00406610 获取兵种
0040782D |. 8845 F4 MOV BYTE PTR SS:[EBP-C],AL
00407830 |. 807D F4 10 CMP BYTE PTR SS:[EBP-C],10
00407834 |. 72 1A JB SHORT Ekd5英杰.00407850 重炮车以前
00407836 |. 807D F4 11 CMP BYTE PTR SS:[EBP-C],11
0040783A |. 76 08 JBE SHORT Ekd5英杰.00407844 重炮和霹雳车
0040783C |. 807D F4 2B CMP BYTE PTR SS:[EBP-C],2B
00407840 |. 74 08 JE SHORT Ekd5英杰.0040784A 等于老虎跳转
00407842 |. EB 0C JMP SHORT Ekd5英杰.00407850
00407844 |> C645 FC 01 MOV BYTE PTR SS:[EBP-4],1
00407848 |. EB 21 JMP SHORT Ekd5英杰.0040786B
0040784A |> C645 FC 04 MOV BYTE PTR SS:[EBP-4],4
0040784E |. EB 1B JMP SHORT Ekd5英杰.0040786B
00407850 |> 6A 2B PUSH 2B 传透攻击
00407852 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
00407855 |. E8 AF010000 CALL Ekd5英杰.00407A09
0040785A |. 85C0 TEST EAX,EAX
0040785C |. 74 0D JE SHORT Ekd5英杰.0040786B
0040785E |. 6A 2B PUSH 2B
00407860 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
00407863 |. E8 8A020000 CALL Ekd5英杰.00407AF2
01十字,02九宫,03大没羽箭,04蛇矛,05长蛇矛(穿六个),06大大没羽箭,其余为正常攻击 ; 00407868 |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
0040786B |> 8A45 FC MOV AL,BYTE PTR SS:[EBP-4]
0040786E |. 8BE5 MOV ESP,EBP
00407870 |. 5D POP EBP
00407871 \. C3 RETN
00438C2A |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
00438C2D |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00438C30 |. 81E1 FF000000 AND ECX,0FF
00438C36 |. 81F9 FF000000 CMP ECX,0FF
00438C3C |. 74 6C JE SHORT WaGan.00438CAA 攻击效果等于0FF
00438C3E |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00438C41 |. 81E2 FF000000 AND EDX,0FF
00438C47 |. 85D2 TEST EDX,EDX
00438C49 |. 74 5F JE SHORT WaGan.00438CAA 攻击效果等于0
00438C4B |. 8D85 78FFFFFF LEA EAX,DWORD PTR SS:[EBP-88]
00438C51 |. 8985 74FFFFFF MOV DWORD PTR SS:[EBP-8C],EAX
00438C57 |. 68 FF000000 PUSH 0FF ; /Arg6 = 000000FF
00438C5C |. 68 FF000000 PUSH 0FF ; |Arg5 = 000000FF
00438C61 |. 8D8D 78FFFFFF LEA ECX,DWORD PTR SS:[EBP-88] ; |
00438C67 |. 51 PUSH ECX ; |Arg4
00438C68 |. 8A55 FC MOV DL,BYTE PTR SS:[EBP-4] ; |
00438C6B |. 52 PUSH EDX ; |Arg3 攻击效果值
00438C6C |. 6A 01 PUSH 1 ; |Arg2 = 00000001
00438C6E |. 8A45 08 MOV AL,BYTE PTR SS:[EBP+8] ; |
00438C71 |. 50 PUSH EAX ; |Arg1 被攻击武将战场形象编号
00438C72 |. 8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98] ; |
00438C78 |. E8 30CEFFFF CALL WaGan.00435AAD ; \WaGan.00435AAD
(返回的是一串地址,里面存放着本次攻击每个人的战场形象编号串,以FF结束)
00435AAD /$ 55 PUSH EBP
00435AAE |. 8BEC MOV EBP,ESP
00435AB0 |. 83EC 08 SUB ESP,8
00435AB3 |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX AI武将的战场内存地址
00435AB6 |. 8B45 14 MOV EAX,DWORD PTR SS:[EBP+14] 一个内存地址值
00435AB9 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00435ABC |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C] 攻击效果值
00435ABF |. 81E1 FF000000 AND ECX,0FF
00435AC5 |. 85C9 TEST ECX,ECX
00435AC7 |. 75 19 JNZ SHORT WaGan.00435AE2 非0,有攻击效果跳转
00435AC9 |. 8B55 14 MOV EDX,DWORD PTR SS:[EBP+14] 一个内存地址值
00435ACC |. 8A45 08 MOV AL,BYTE PTR SS:[EBP+8] 被攻击武将战场形象编号
00435ACF |. 8802 MOV BYTE PTR DS:[EDX],AL
00435AD1 |. 8B4D 14 MOV ECX,DWORD PTR SS:[EBP+14]
00435AD4 |. 83C1 01 ADD ECX,1
00435AD7 |. 894D 14 MOV DWORD PTR SS:[EBP+14],ECX
00435ADA |. 8B55 14 MOV EDX,DWORD PTR SS:[EBP+14]
00435ADD |. C602 FF MOV BYTE PTR DS:[EDX],0FF
00435AE0 |. EB 53 JMP SHORT WaGan.00435B35
00435AE2 |> 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
00435AE5 |. 25 FF000000 AND EAX,0FF
00435AEA |. 83F8 01 CMP EAX,1
00435AED |. 75 23 JNZ SHORT WaGan.00435B12 不等于1跳转(非十字攻击)
00435AEF |. 8A4D 1C MOV CL,BYTE PTR SS:[EBP+1C]
00435AF2 |. 51 PUSH ECX ; /Arg6 =FF
00435AF3 |. 8A55 18 MOV DL,BYTE PTR SS:[EBP+18] ; |
00435AF6 |. 52 PUSH EDX ; |Arg5 =FF
00435AF7 |. 6A 00 PUSH 0 ; |Arg4 = 00000000
00435AF9 |. 8B45 14 MOV EAX,DWORD PTR SS:[EBP+14] ; |
00435AFC |. 50 PUSH EAX ; |Arg3 内存地址
00435AFD |. 8A4D 10 MOV CL,BYTE PTR SS:[EBP+10] ; |
00435B00 |. 51 PUSH ECX ; |Arg2 攻击效果
00435B01 |. 8A55 08 MOV DL,BYTE PTR SS:[EBP+8] ; |
00435B04 |. 52 PUSH EDX ; |Arg1 被攻击武将战场形象编号
00435B05 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
00435B08 |. E8 210A0000 CALL WaGan.0043652E ; \求非十字攻击的可攻击战场形象编号串
00435B0D |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00435B10 |. EB 23 JMP SHORT WaGan.00435B35
00435B12 |> 68 FF000000 PUSH 0FF ; /Arg6 = 000000FF
00435B17 |. 68 FF000000 PUSH 0FF ; |Arg5 = 000000FF
00435B1C |. 6A 01 PUSH 1 ; |Arg4 = 00000001
00435B1E |. 8B45 14 MOV EAX,DWORD PTR SS:[EBP+14] ; |
00435B21 |. 50 PUSH EAX ; |Arg3内存地址
00435B22 |. 8A4D 10 MOV CL,BYTE PTR SS:[EBP+10] ; |
00435B25 |. 51 PUSH ECX ; |Arg2 攻击效果
00435B26 |. 8A55 08 MOV DL,BYTE PTR SS:[EBP+8] ; |
00435B29 |. 52 PUSH EDX ; |Arg1被攻击武将战场形象编号
00435B2A |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
00435B2D |. E8 FC090000 CALL WaGan.0043652E ; \求十字攻击的可攻击战场形象编号串
00435B32 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00435B35 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00435B38 |. 8BE5 MOV ESP,EBP
00435B3A |. 5D POP EBP
00435B3B \. C2 1800 RETN 18
00438C7D |. 8985 74FFFFFF MOV DWORD PTR SS:[EBP-8C],EAX
00438C83 |. 68 FF000000 PUSH 0FF ; /Arg5 = 000000FF
00438C88 |. 8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98] ; |
00438C8E |. 8A51 04 MOV DL,BYTE PTR DS:[ECX+4] ; |
00438C91 |. 52 PUSH EDX ; |Arg4 AI武将的战场形象编号
00438C92 |. 6A 00 PUSH 0 ; |Arg3 = 00000000
00438C94 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; |
00438C97 |. 50 PUSH EAX ; |Arg2 评估权值
00438C98 |. 8B8D 74FFFFFF MOV ECX,DWORD PTR SS:[EBP-8C] ; |
00438C9E |. 51 PUSH ECX ; |Arg1 攻击波及效果的战场编号数组
00438C9F |. E8 F2000000 CALL WaGan.00438D96 ; \WaGan.00438D96
00438CA4 |. 83C4 14 ADD ESP,14
00438CA7 |. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX 最后返回估算值
00438CAA |> 837D F4 00 CMP DWORD PTR SS:[EBP-C],0
00438CAE |. 0F86 D8000000 JBE WaGan.00438D8C 攻击标记为0,结束。返回0
00438CB4 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00438CB7 |. 81E1 FF000000 AND ECX,0FF
00438CBD |. 6BC9 24 IMUL ECX,ECX,24
00438CC0 |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50
00438CC6 |. E8 95A6FCFF CALL WaGan.00403360 获取被攻击武将的坐标位置(纵横)
00438CCB |. 66:8B10 MOV DX,WORD PTR DS:[EAX]
00438CCE |. 66:8995 70FFF>MOV WORD PTR SS:[EBP-90],DX
00438CD5 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00438CD8 |. 81E1 FF000000 AND ECX,0FF
00438CDE |. 6BC9 24 IMUL ECX,ECX,24
00438CE1 |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50
00438CE7 |. E8 D26B0000 CALL WaGan.0043F8BE 获取被攻击武将的攻击范围(宝物覆盖兵种)
00438CEC |. 8885 6CFFFFFF MOV BYTE PTR SS:[EBP-94],AL
00438CF2 |. 6A 00 PUSH 0 ; /Arg3 = 00000000
00438CF4 |. 68 40060000 PUSH 640 ; |Arg2 = 00000640
00438CF9 |. 6A 04 PUSH 4 ; |/Arg3 = 00000004
00438CFB |. 6A 00 PUSH 0 ; ||Arg2 = 00000000
00438CFD |. 68 800C0000 PUSH 0C80 ; ||Arg1 = 00000C80
00438D02 |. B9 68AB4A00 MOV ECX,WaGan.004AAB68 ; ||
00438D07 |. E8 346D0400 CALL WaGan.0047FA40 ; |\WaGan.0047FA40
00438D0C |. 50 PUSH EAX ; |Arg1
00438D0D |. E8 01700400 CALL WaGan.0047FD13 ; \WaGan.0047FD13
00438D12 |. 83C4 0C ADD ESP,0C
00438D15 |. 6A 01 PUSH 1 ; /Arg4 = 00000001
00438D17 |. 68 80000000 PUSH 80 ; |Arg3 = 00000080
00438D1C |. 8A85 6CFFFFFF MOV AL,BYTE PTR SS:[EBP-94] ; |
00438D22 |. 50 PUSH EAX ; |Arg2 AI准备攻击武将攻击范围
00438D23 |. 8D8D 70FFFFFF LEA ECX,DWORD PTR SS:[EBP-90] ; |
00438D29 |. 51 PUSH ECX ; |Arg1 AI准备攻击武将坐标位置
00438D2A |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
00438D2D |. 81E1 FF000000 AND ECX,0FF ; |
00438D33 |. 6BC9 24 IMUL ECX,ECX,24 ; |
00438D36 |. 81C1 502C4B00 ADD ECX,WaGan.004B2C50 ; | 被攻击武将战场内存地址
00438D3C |. E8 45D8FFFF CALL WaGan.00436586 ; \WaGan.00436586
00438D41 |. 6A 04 PUSH 4 ; /Arg3 = 00000004
00438D43 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
00438D45 |. 68 800C0000 PUSH 0C80 ; |Arg1 = 00000C80
00438D4A |. B9 68AB4A00 MOV ECX,WaGan.004AAB68 ; |
00438D4F |. E8 EC6C0400 CALL WaGan.0047FA40 ; \WaGan.0047FA40 ? (求出地图信息的内存起始地址)
00438D54 |. 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C] 目标位置横坐标
00438D57 |. 81E2 FF000000 AND EDX,0FF
00438D5D |. 03C2 ADD EAX,EDX
00438D5F |. 8B4D 0D MOV ECX,DWORD PTR SS:[EBP+D] 目标位置纵坐标
00438D62 |. 81E1 FF000000 AND ECX,0FF
00438D68 |. 33D2 XOR EDX,EDX
00438D6A |. 8A15 2C424B00 MOV DL,BYTE PTR DS:[4B422C] 最大横坐标
00438D70 |. 0FAFCA IMUL ECX,EDX 纵坐标*最大横坐标
00438D73 |. 33D2 XOR EDX,EDX
00438D75 |. 8A1408 MOV DL,BYTE PTR DS:[EAX+ECX] 内存坐标起始地址+ 横坐标+纵坐标*最大横坐标
00438D78 |. 83FA 01 CMP EDX,1
00438D7B |. 75 0F JNZ SHORT WaGan.00438D8C 其中的值不等于1
00438D7D |. 837D F4 01 CMP DWORD PTR SS:[EBP-C],1
00438D81 |. 76 09 JBE SHORT WaGan.00438D8C 估算值小于等于1跳转
00438D83 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00438D86 |. 83E8 01 SUB EAX,1
00438D89 |. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
00438D8C |> 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00438D8F |> 5E POP ESI
00438D90 |. 8BE5 MOV ESP,EBP
00438D92 |. 5D POP EBP
00438D93 \. C2 0800 RETN 8
00438C83 |. 68 FF000000 PUSH 0FF ; /Arg5 = 000000FF
00438C88 |. 8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98] ; |
00438C8E |. 8A51 04 MOV DL,BYTE PTR DS:[ECX+4] ; |
00438C91 |. 52 PUSH EDX ; |Arg4 AI武将的战场形象编号 +14
00438C92 |. 6A 00 PUSH 0 ; |Arg3 = 00000000 +10
00438C94 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; |
00438C97 |. 50 PUSH EAX ; |Arg2 评估权值 +0C
00438C98 |. 8B8D 74FFFFFF MOV ECX,DWORD PTR SS:[EBP-8C] ; |
00438C9E |. 51 PUSH ECX ; |Arg1 攻击波及效果的战场编号数组 +08
00438C9F |. E8 F2000000 CALL WaGan.00438D96 ; \WaGan.00438D96
00438D96 /$ 55 PUSH EBP
00438D97 |. 8BEC MOV EBP,ESP
00438D99 |. 83EC 14 SUB ESP,14
00438D9C |. 56 PUSH ESI
00438D9D |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
00438DA4 |. C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
00438DAB |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00438DB2 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00438DB5 |. 33C9 XOR ECX,ECX
00438DB7 |. 8A08 MOV CL,BYTE PTR DS:[EAX]
00438DB9 |. 81F9 FF000000 CMP ECX,0FF
00438DBF |. 75 1D JNZ SHORT WaGan.00438DDE
00438DC1 |. 837D 0C 04 CMP DWORD PTR SS:[EBP+C],4 这个都是数组内容比较结束后的处理
00438DC5 |. 7E 0B JLE SHORT WaGan.00438DD2 评估值小于等于4
00438DC7 |. 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C]
00438DCA |. 83EA 04 SUB EDX,4
00438DCD |. 8955 0C MOV DWORD PTR SS:[EBP+C],EDX
00438DD0 |. EB 07 JMP SHORT WaGan.00438DD9
00438DD2 |> C745 0C 00000>MOV DWORD PTR SS:[EBP+C],0
00438DD9 |> E9 CF020000 JMP WaGan.004390AD
00438DDE |> 8B45 08 /MOV EAX,DWORD PTR SS:[EBP+8]
00438DE1 |. 33C9 |XOR ECX,ECX
00438DE3 |. 8A08 |MOV CL,BYTE PTR DS:[EAX]
00438DE5 |. 81F9 FF000000 |CMP ECX,0FF
00438DEB |. 0F84 BC020000 |JE WaGan.004390AD 结束循环
00438DF1 |. 8B55 10 |MOV EDX,DWORD PTR SS:[EBP+10]
00438DF4 |. 81E2 FF000000 |AND EDX,0FF
00438DFA |. 8955 F0 |MOV DWORD PTR SS:[EBP-10],EDX
00438DFD |. 837D F0 05 |CMP DWORD PTR SS:[EBP-10],5
00438E01 |. 0F87 98020000 |JA WaGan.0043909F 大于 5结束
00438E07 |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
00438E0A |. FF2485 D79043>|JMP DWORD PTR DS:[EAX*4+4390D7]
004390D7 . 118E4300 DD WaGan.00438E11
004390DB . 108F4300 DD WaGan.00438F10
004390DF . 868F4300 DD WaGan.00438F86
004390E3 . CF8F4300 DD WaGan.00438FCF
004390E7 . 18904300 DD WaGan.00439018
004390EB . 5C904300 DD WaGan.0043905C
00438E11 |> 8B4D 18 |MOV ECX,DWORD PTR SS:[EBP+18]
00438E14 |. 81E1 FF000000 |AND ECX,0FF
00438E1A |. 81F9 FF000000 |CMP ECX,0FF
00438E20 |. 74 5A |JE SHORT WaGan.00438E7C
00438E22 |. 8A55 18 |MOV DL,BYTE PTR SS:[EBP+18]
00438E25 |. 52 |PUSH EDX ; /Arg3
00438E26 |. 8B45 08 |MOV EAX,DWORD PTR SS:[EBP+8] ; |
00438E29 |. 8A08 |MOV CL,BYTE PTR DS:[EAX] ; |
00438E2B |. 51 |PUSH ECX ; |Arg2
00438E2C |. 8A55 14 |MOV DL,BYTE PTR SS:[EBP+14] ; |
00438E2F |. 52 |PUSH EDX ; |Arg1
00438E30 |. E8 BA020000 |CALL WaGan.004390EF ; \WaGan.004390EF
00438E35 |. 83C4 0C |ADD ESP,0C
00438E38 |. 85C0 |TEST EAX,EAX
00438E3A |. 74 3B |JE SHORT WaGan.00438E77
00438E3C |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00438E3F |. 83C0 03 |ADD EAX,3
00438E42 |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
00438E45 |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8]
00438E48 |. 33D2 |XOR EDX,EDX
00438E4A |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
00438E4C |. 8BF2 |MOV ESI,EDX
00438E4E |. 8B4D 14 |MOV ECX,DWORD PTR SS:[EBP+14]
00438E51 |. 81E1 FF000000 |AND ECX,0FF
00438E57 |. 6BC9 24 |IMUL ECX,ECX,24
00438E5A |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00438E60 |. E8 AB34FEFF |CALL WaGan.0041C310
00438E65 |. 25 FF000000 |AND EAX,0FF
00438E6A |. 3BF0 |CMP ESI,EAX
00438E6C |. 75 09 |JNZ SHORT WaGan.00438E77
00438E6E |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00438E71 |. 83C0 03 |ADD EAX,3
00438E74 |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
00438E77 |> E9 8F000000 |JMP WaGan.00438F0B
00438E7C |> 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8]
00438E7F |. 33D2 |XOR EDX,EDX
00438E81 |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
00438E83 |. 8BCA |MOV ECX,EDX
00438E85 |. 6BC9 24 |IMUL ECX,ECX,24
00438E88 |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00438E8E |. E8 DD670200 |CALL WaGan.0045F670 获取武将ecx的data编号
00438E93 |. 6BC0 48 |IMUL EAX,EAX,48
00438E96 |. 05 0000D600 |ADD EAX,0D60000
00438E9B |. 8945 F8 |MOV DWORD PTR SS:[EBP-8],EAX SS:[EBP-8]存DATA内存地址
00438E9E |. 6A 00 |PUSH 0 非实际
00438EA0 |. 6A 00 |PUSH 0 非反击
00438EA2 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
00438EA5 |. 50 |PUSH EAX 被攻击武将
00438EA6 |. 8B4D 14 |MOV ECX,DWORD PTR SS:[EBP+14]
00438EA9 |. 81E1 FF000000 |AND ECX,0FF
00438EAF |. 6BC9 24 |IMUL ECX,ECX,24
00438EB2 |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50 攻击武将
00438EB8 |. E8 8E2D0000 |CALL WaGan.0043BC4B 获取武将ecx对武将08栈的物理攻击伤害,
00438EBD |. 8945 F4 |MOV DWORD PTR SS:[EBP-C],EAX
00438EC0 |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8]
00438EC3 |. 33D2 |XOR EDX,EDX
00438EC5 |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
00438EC7 |. 8BCA |MOV ECX,EDX
00438EC9 |. 6BC9 24 |IMUL ECX,ECX,24
00438ECC |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00438ED2 |. E8 B99D0300 |CALL WaGan.00472C90 返回被攻击武将 的当前体力
00438ED7 |. 3945 F4 |CMP DWORD PTR SS:[EBP-C],EAX
00438EDA |. 72 0B |JB SHORT WaGan.00438EE7 小于则跳转,未小于表示可以砍死
00438EDC |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00438EDF |. 83C0 0A |ADD EAX,0A 权值 +10
00438EE2 |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
00438EE5 |. EB 24 |JMP SHORT WaGan.00438F0B
00438EE7 |> 8B75 F4 |MOV ESI,DWORD PTR SS:[EBP-C]
00438EEA |. 6BF6 0A |IMUL ESI,ESI,0A
00438EED |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
00438EF0 |. E8 26E3FCFF |CALL WaGan.0040721B 获取被攻击人的士气+全身道具效果值和
00438EF5 |. 8BC8 |MOV ECX,EAX
00438EF7 |. 8BC6 |MOV EAX,ESI
00438EF9 |. 33D2 |XOR EDX,EDX
00438EFB |. F7F1 |DIV ECX
00438EFD |. 83F8 01 |CMP EAX,1
00438F00 |. 72 09 |JB SHORT WaGan.00438F0B 估算*10 小于 被攻击人的士气+全身道具效果值和 则跳转
00438F02 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00438F05 |. 83C2 04 |ADD EDX,4 -4变量 +4
00438F08 |. 8955 FC |MOV DWORD PTR SS:[EBP-4],EDX
00438F0B |> E9 8F010000 |JMP WaGan.0043909F
00438F10 |> 8A45 18 |MOV AL,BYTE PTR SS:[EBP+18]
00438F13 |. 50 |PUSH EAX ; /Arg3
00438F14 |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8] ; |
00438F17 |. 8A11 |MOV DL,BYTE PTR DS:[ECX] ; |
00438F19 |. 52 |PUSH EDX ; |Arg2
00438F1A |. 8A45 14 |MOV AL,BYTE PTR SS:[EBP+14] ; |
00438F1D |. 50 |PUSH EAX ; |Arg1
00438F1E |. E8 CC010000 |CALL WaGan.004390EF ; \WaGan.004390EF
00438F23 |. 83C4 0C |ADD ESP,0C
00438F26 |. 85C0 |TEST EAX,EAX
00438F28 |. 74 57 |JE SHORT WaGan.00438F81
00438F2A |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8]
00438F2D |. 33D2 |XOR EDX,EDX
00438F2F |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
00438F31 |. 8BCA |MOV ECX,EDX
00438F33 |. 6BC9 24 |IMUL ECX,ECX,24
00438F36 |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00438F3C |. E8 4F9D0300 |CALL WaGan.00472C90
00438F41 |. 8BF0 |MOV ESI,EAX
00438F43 |. 6BF6 64 |IMUL ESI,ESI,64
00438F46 |. 8B45 08 |MOV EAX,DWORD PTR SS:[EBP+8]
00438F49 |. 33C9 |XOR ECX,ECX
00438F4B |. 8A08 |MOV CL,BYTE PTR DS:[EAX]
00438F4D |. 6BC9 24 |IMUL ECX,ECX,24
00438F50 |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00438F56 |. E8 15670200 |CALL WaGan.0045F670
00438F5B |. 8BC8 |MOV ECX,EAX
00438F5D |. 6BC9 48 |IMUL ECX,ECX,48
00438F60 |. 81C1 0000D600 |ADD ECX,0D60000
00438F66 |. E8 B0E2FCFF |CALL WaGan.0040721B
00438F6B |. 8BC8 |MOV ECX,EAX
00438F6D |. 8BC6 |MOV EAX,ESI
00438F6F |. 33D2 |XOR EDX,EDX
00438F71 |. F7F1 |DIV ECX
00438F73 |. 83F8 3C |CMP EAX,3C
00438F76 |. 73 09 |JNB SHORT WaGan.00438F81
00438F78 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00438F7B |. 83C2 05 |ADD EDX,5
00438F7E |. 8955 FC |MOV DWORD PTR SS:[EBP-4],EDX
00438F81 |> E9 19010000 |JMP WaGan.0043909F
00438F86 |> 8A45 18 |MOV AL,BYTE PTR SS:[EBP+18]
00438F89 |. 50 |PUSH EAX ; /Arg3
00438F8A |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8] ; |
00438F8D |. 8A11 |MOV DL,BYTE PTR DS:[ECX] ; |
00438F8F |. 52 |PUSH EDX ; |Arg2
00438F90 |. 8A45 14 |MOV AL,BYTE PTR SS:[EBP+14] ; |
00438F93 |. 50 |PUSH EAX ; |Arg1
00438F94 |. E8 56010000 |CALL WaGan.004390EF ; \WaGan.004390EF
00438F99 |. 83C4 0C |ADD ESP,0C
00438F9C |. 85C0 |TEST EAX,EAX
00438F9E |. 74 2A |JE SHORT WaGan.00438FCA
00438FA0 |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8]
00438FA3 |. 33D2 |XOR EDX,EDX
00438FA5 |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
00438FA7 |. 8BCA |MOV ECX,EDX
00438FA9 |. 6BC9 24 |IMUL ECX,ECX,24
00438FAC |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00438FB2 |. E8 D94FFEFF |CALL WaGan.0041DF90
00438FB7 |. 25 FF000000 |AND EAX,0FF
00438FBC |. 83F8 04 |CMP EAX,4
00438FBF |. 7D 09 |JGE SHORT WaGan.00438FCA
00438FC1 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00438FC4 |. 83C0 03 |ADD EAX,3
00438FC7 |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
00438FCA |> E9 D0000000 |JMP WaGan.0043909F
00438FCF |> 8A4D 18 |MOV CL,BYTE PTR SS:[EBP+18]
00438FD2 |. 51 |PUSH ECX ; /Arg3
00438FD3 |. 8B55 08 |MOV EDX,DWORD PTR SS:[EBP+8] ; |
00438FD6 |. 8A02 |MOV AL,BYTE PTR DS:[EDX] ; |
00438FD8 |. 50 |PUSH EAX ; |Arg2
00438FD9 |. 8A4D 14 |MOV CL,BYTE PTR SS:[EBP+14] ; |
00438FDC |. 51 |PUSH ECX ; |Arg1
00438FDD |. E8 0D010000 |CALL WaGan.004390EF ; \WaGan.004390EF
00438FE2 |. 83C4 0C |ADD ESP,0C
00438FE5 |. 85C0 |TEST EAX,EAX
00438FE7 |. 74 2A |JE SHORT WaGan.00439013
00438FE9 |. 8B55 08 |MOV EDX,DWORD PTR SS:[EBP+8]
00438FEC |. 33C0 |XOR EAX,EAX
00438FEE |. 8A02 |MOV AL,BYTE PTR DS:[EDX]
00438FF0 |. 8BC8 |MOV ECX,EAX
00438FF2 |. 6BC9 24 |IMUL ECX,ECX,24
00438FF5 |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00438FFB |. E8 B04FFEFF |CALL WaGan.0041DFB0
00439000 |. 25 FF000000 |AND EAX,0FF
00439005 |. 83F8 04 |CMP EAX,4
00439008 |. 7D 09 |JGE SHORT WaGan.00439013
0043900A |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
0043900D |. 83C1 03 |ADD ECX,3
00439010 |. 894D FC |MOV DWORD PTR SS:[EBP-4],ECX
00439013 |> E9 87000000 |JMP WaGan.0043909F
00439018 |> 8A55 18 |MOV DL,BYTE PTR SS:[EBP+18]
0043901B |. 52 |PUSH EDX ; /Arg3
0043901C |. 8B45 08 |MOV EAX,DWORD PTR SS:[EBP+8] ; |
0043901F |. 8A08 |MOV CL,BYTE PTR DS:[EAX] ; |
00439021 |. 51 |PUSH ECX ; |Arg2
00439022 |. 8A55 14 |MOV DL,BYTE PTR SS:[EBP+14] ; |
00439025 |. 52 |PUSH EDX ; |Arg1
00439026 |. E8 C4000000 |CALL WaGan.004390EF ; \WaGan.004390EF
0043902B |. 83C4 0C |ADD ESP,0C
0043902E |. 85C0 |TEST EAX,EAX
00439030 |. 74 28 |JE SHORT WaGan.0043905A
00439032 |. 8B45 08 |MOV EAX,DWORD PTR SS:[EBP+8]
00439035 |. 33C9 |XOR ECX,ECX
00439037 |. 8A08 |MOV CL,BYTE PTR DS:[EAX]
00439039 |. 6BC9 24 |IMUL ECX,ECX,24
0043903C |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00439042 |. E8 694FFEFF |CALL WaGan.0041DFB0
00439047 |. 25 FF000000 |AND EAX,0FF
0043904C |. 83F8 04 |CMP EAX,4
0043904F |. 7D 09 |JGE SHORT WaGan.0043905A
00439051 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00439054 |. 83C2 03 |ADD EDX,3
00439057 |. 8955 FC |MOV DWORD PTR SS:[EBP-4],EDX
0043905A |> EB 43 |JMP SHORT WaGan.0043909F
0043905C |> 8A45 18 |MOV AL,BYTE PTR SS:[EBP+18]
0043905F |. 50 |PUSH EAX ; /Arg3
00439060 |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8] ; |
00439063 |. 8A11 |MOV DL,BYTE PTR DS:[ECX] ; |
00439065 |. 52 |PUSH EDX ; |Arg2
00439066 |. 8A45 14 |MOV AL,BYTE PTR SS:[EBP+14] ; |
00439069 |. 50 |PUSH EAX ; |Arg1
0043906A |. E8 80000000 |CALL WaGan.004390EF ; \WaGan.004390EF
0043906F |. 83C4 0C |ADD ESP,0C
00439072 |. 85C0 |TEST EAX,EAX
00439074 |. 74 29 |JE SHORT WaGan.0043909F
00439076 |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8]
00439079 |. 33D2 |XOR EDX,EDX
0043907B |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
0043907D |. 8BCA |MOV ECX,EDX
0043907F |. 6BC9 24 |IMUL ECX,ECX,24
00439082 |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00439088 |. E8 A34FFEFF |CALL WaGan.0041E030
0043908D |. 25 FF000000 |AND EAX,0FF
00439092 |. 85C0 |TEST EAX,EAX
00439094 |. 74 09 |JE SHORT WaGan.0043909F
00439096 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00439099 |. 83C0 03 |ADD EAX,3
0043909C |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
0043909F |> 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8]
004390A2 |. 83C1 01 |ADD ECX,1
004390A5 |. 894D 08 |MOV DWORD PTR SS:[EBP+8],ECX
004390A8 |.^ E9 31FDFFFF \JMP WaGan.00438DDE 下一个循环
004390AD |> 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C] 原来估算值
004390B0 |. 0355 FC ADD EDX,DWORD PTR SS:[EBP-4] 加上循环内的估算值
004390B3 |. 85D2 TEST EDX,EDX
004390B5 |. 7E 0B JLE SHORT WaGan.004390C2 为0则跳转
004390B7 |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
004390BA |. 0345 FC ADD EAX,DWORD PTR SS:[EBP-4]
004390BD |. 8945 EC MOV DWORD PTR SS:[EBP-14],EAX
004390C0 |. EB 07 JMP SHORT WaGan.004390C9
004390C2 |> C745 EC 00000>MOV DWORD PTR SS:[EBP-14],0
004390C9 |> 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
004390CC |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
004390CF |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004390D2 |. 5E POP ESI
004390D3 |. 8BE5 MOV ESP,EBP
004390D5 |. 5D POP EBP
004390D6 \. C3 RETN
0040721B
0040721B /$ 55 PUSH EBP
0040721C |. 8BEC MOV EBP,ESP
0040721E |. 51 PUSH ECX
0040721F |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
00407222 |. 68 0F270000 PUSH 1F4 ; /Arg3 = 0000270F ==========500
00407227 |. 6A 05 PUSH 5 ; |/Arg1 = 00000005
00407229 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; ||
0040722C |. E8 DD090000 CALL WaGan.00407C0E ; |\WaGan.00407C0E
00407231 |. 25 FF000000 AND EAX,0FF ; |
00407236 |. 50 PUSH EAX ; |Arg2
00407237 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; |
0040723A |. 8B48 1C MOV ECX,DWORD PTR DS:[EAX+1C] ; | 这个是被攻击人的士气
0040723D |. 51 PUSH ECX ; |Arg1
0040723E |. E8 46880700 CALL WaGan.0047FA89 ; \WaGan.0047FA89
0047FA89 /$ 55 PUSH EBP
0047FA8A |. 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+C]
0047FA8E |. 8BEC MOV EBP,ESP
0047FA90 |. 034D 08 ADD ECX,DWORD PTR SS:[EBP+8]
0047FA93 |. 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
0047FA96 |. 3BC8 CMP ECX,EAX
0047FA98 |. 7F 02 JG SHORT WaGan.0047FA9C
0047FA9A |. 8BC1 MOV EAX,ECX
0047FA9C |> 5D POP EBP
0047FA9D \. C3 RETN
00407243 |. 83C4 0C ADD ESP,0C
00407246 |. 8BE5 MOV ESP,EBP
00407248 |. 5D POP EBP
00407249 \. C3 RETN
ECX AI准备攻击人物的Data内存地址
EBP+8 等于5
EBP-10 AI准备攻击人物的Data内存地址
EBP-8 计数器
EBP-C 计数器
00407C0E /$ 55 PUSH EBP
00407C0F |. 8BEC MOV EBP,ESP
00407C11 |. 83EC 10 SUB ESP,10
00407C14 |. 894D F0 MOV DWORD PTR SS:[EBP-10],ECX
00407C17 |. C645 F4 00 MOV BYTE PTR SS:[EBP-C],0
00407C1B |. C645 F8 00 MOV BYTE PTR SS:[EBP-8],0
00407C1F |. EB 08 JMP SHORT Ekd5英杰.00407C29
00407C21 |> 8A45 F8 /MOV AL,BYTE PTR SS:[EBP-8]
00407C24 |. 04 01 |ADD AL,1
00407C26 |. 8845 F8 |MOV BYTE PTR SS:[EBP-8],AL
00407C29 |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
00407C2C |. 81E1 FF000000 |AND ECX,0FF
00407C32 |. 83F9 01 |CMP ECX,1
00407C35 |. 0F8F D5000000 |JG Ekd5英杰.00407D10 大于1则跳转
00407C3B |. 8A55 F8 |MOV DL,BYTE PTR SS:[EBP-8]
00407C3E |. 52 |PUSH EDX ; /Arg1 (一次0,一次1)
00407C3F |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10] ; |
00407C42 |. E8 A9E9FFFF |CALL Ekd5英杰.004065F0 ; \Ekd5英杰.004065F0 获取武将ecx的道具代码(08栈值为012武器防具辅助)
00407C47 |. 8845 FC |MOV BYTE PTR SS:[EBP-4],AL
00407C4A |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00407C4D |. 25 FF000000 |AND EAX,0FF
00407C52 |. 3D FF000000 |CMP EAX,0FF
00407C57 |. 0F84 AE000000 |JE Ekd5英杰.00407D0B 无道具跳转
00407C5D |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00407C60 |. 81E1 FF000000 |AND ECX,0FF
00407C66 |. 51 |PUSH ECX ; /Arg1
00407C67 |. E8 AEEBFFFF |CALL Ekd5英杰.0040681A ; \获取道具主要加什么,攻击性武器为0,非攻击性武器为2,防具为1,
00407C6C |. 83C4 04 |ADD ESP,4
00407C6F |. 25 FF000000 |AND EAX,0FF
00407C74 |. 8B55 08 |MOV EDX,DWORD PTR SS:[EBP+8]
00407C77 |. 81E2 FF000000 |AND EDX,0FF
00407C7D |. 3BC2 |CMP EAX,EDX
00407C7F |. 75 2C |JNZ SHORT Ekd5英杰.00407CAD 不等于5跳转
00407C81 |. 8A45 F8 |MOV AL,BYTE PTR SS:[EBP-8]
00407C84 |. 50 |PUSH EAX ; /Arg1
00407C85 |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10] ; |
00407C88 |. E8 53190000 |CALL Ekd5英杰.004095E0 获取武将ecx的道具等级(08栈值为012武器防具辅助)
00407C8D |. 50 |PUSH EAX ; /Arg1
00407C8E |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4] ; |
00407C91 |. 81E1 FF000000 |AND ECX,0FF ; |
00407C97 |. 6BC9 19 |IMUL ECX,ECX,19 ; |
00407C9A |. 81C1 40114A00 |ADD ECX,Ekd5英杰.004A1140 ; |
00407CA0 |. E8 CF490000 |CALL Ekd5英杰.0040C674 获取武器护具ecx等级为08栈值时候的效果值
00407CA5 |. 8A4D F4 |MOV CL,BYTE PTR SS:[EBP-C]
00407CA8 |. 02C8 |ADD CL,AL
00407CAA |. 884D F4 |MOV BYTE PTR SS:[EBP-C],CL
00407CAD |> 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00407CB0 |. 81E1 FF000000 |AND ECX,0FF
00407CB6 |. 6BC9 19 |IMUL ECX,ECX,19
00407CB9 |. 81C1 40114A00 |ADD ECX,Ekd5英杰.004A1140
00407CBF |. E8 AA4A0000 |CALL Ekd5英杰.0040C76E 获取道具ecx的武器类型是否为特殊
00407CC4 |. 85C0 |TEST EAX,EAX
00407CC6 |. 74 43 |JE SHORT Ekd5英杰.00407D0B
00407CC8 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00407CCB |. 81E2 FF000000 |AND EDX,0FF
00407CD1 |. 52 |PUSH EDX ; /Arg1
00407CD2 |. E8 B7EAFFFF |CALL Ekd5英杰.0040678E 获取道具08栈的特殊效果加什么,0~8分别为攻防精暴士体法移经
00407CD7 |. 83C4 04 |ADD ESP,4
00407CDA |. 25 FF000000 |AND EAX,0FF
00407CDF |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8]
00407CE2 |. 81E1 FF000000 |AND ECX,0FF
00407CE8 |. 3BC1 |CMP EAX,ECX
00407CEA |. 75 1F |JNZ SHORT Ekd5英杰.00407D0B
00407CEC |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00407CEF |. 81E1 FF000000 |AND ECX,0FF
00407CF5 |. 6BC9 19 |IMUL ECX,ECX,19
00407CF8 |. 81C1 40114A00 |ADD ECX,Ekd5英杰.004A1140
00407CFE |. E8 AD600100 |CALL Ekd5英杰.0041DDB0 获取道具ecx的特殊效果值
00407D03 |. 8A55 F4 |MOV DL,BYTE PTR SS:[EBP-C]
00407D06 |. 02D0 |ADD DL,AL
00407D08 |. 8855 F4 |MOV BYTE PTR SS:[EBP-C],DL
00407D0B |>^ E9 11FFFFFF \JMP Ekd5英杰.00407C21
00407D10 |> 6A 02 PUSH 2 ; /Arg1 = 00000002 辅助
00407D12 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; |
00407D15 |. E8 D6E8FFFF CALL Ekd5英杰.004065F0 获取武将ecx的辅助道具代码
00407D1A |. 8845 FC MOV BYTE PTR SS:[EBP-4],AL
00407D1D |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00407D20 |. 25 FF000000 AND EAX,0FF
00407D25 |. 3D FF000000 CMP EAX,0FF
00407D2A |. 74 43 JE SHORT Ekd5英杰.00407D6F
00407D2C |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00407D2F |. 81E1 FF000000 AND ECX,0FF
00407D35 |. 51 PUSH ECX ; /Arg1
00407D36 |. E8 DFEAFFFF CALL Ekd5英杰.0040681A ; \获取道具主要加什么,攻击性武器为0,非攻击性武器为2,防具为1,
00407D3B |. 83C4 04 ADD ESP,4
00407D3E |. 25 FF000000 AND EAX,0FF
00407D43 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
00407D46 |. 81E2 FF000000 AND EDX,0FF
00407D4C |. 3BC2 CMP EAX,EDX
00407D4E |. 75 1F JNZ SHORT Ekd5英杰.00407D6F
00407D50 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00407D53 |. 81E1 FF000000 AND ECX,0FF
00407D59 |. 6BC9 19 IMUL ECX,ECX,19
00407D5C |. 81C1 40114A00 ADD ECX,Ekd5英杰.004A1140
00407D62 |. E8 09600100 CALL Ekd5英杰.0041DD70 获取道具ecx的 特殊效果值
00407D67 |. 8A4D F4 MOV CL,BYTE PTR SS:[EBP-C]
00407D6A |. 02C8 ADD CL,AL
00407D6C |. 884D F4 MOV BYTE PTR SS:[EBP-C],CL
00407D6F |> 8A45 F4 MOV AL,BYTE PTR SS:[EBP-C]
00407D72 |. 8BE5 MOV ESP,EBP
00407D74 |. 5D POP EBP
00407D75 \. C2 0400 RETN 4
作者:
岱瀛 时间: 2007-12-30 21:40 标题: 77指令(新引擎新写的)
004D03DE 55 PUSH EBP
004D03DF 8BEC MOV EBP,ESP
004D03E1 83EC 20 SUB ESP,20
004D03E4 6A 51 PUSH 51
004D03E6 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
004D03E9 E8 0980F4FF CALL WaGan.004183F7
004D03EE 25 FFFF0000 AND EAX,0FFFF
004D03F3 3D 00800000 CMP EAX,8000
004D03F8 75 05 JNZ SHORT WaGan.004D03FF
004D03FA E9 110E0000 JMP WaGan.004D1210 ; 失败退出
004D03FF 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004D0402 6A 04 PUSH 4
004D0404 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
004D0407 E8 EB7FF4FF CALL WaGan.004183F7
004D040C 3D 00000080 CMP EAX,80000000
004D0411 75 05 JNZ SHORT WaGan.004D0418
004D0413 E9 F80D0000 JMP WaGan.004D1210 ; 失败退出
004D0418 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
004D041B 6A 53 PUSH 53
004D041D 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
004D0420 E8 D27FF4FF CALL WaGan.004183F7
004D0425 25 FFFF0000 AND EAX,0FFFF
004D042A 3D 00800000 CMP EAX,8000
004D042F 75 05 JNZ SHORT WaGan.004D0436
004D0431 E9 DA0D0000 JMP WaGan.004D1210 ; 退出
004D0436 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
004D0439 6A 52 PUSH 52
004D043B 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
004D043E E8 B47FF4FF CALL WaGan.004183F7
004D0443 25 FFFF0000 AND EAX,0FFFF
004D0448 3D 00800000 CMP EAX,8000
004D044D 75 05 JNZ SHORT WaGan.004D0454
004D044F E9 BC0D0000 JMP WaGan.004D1210
004D0454 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
004D0457 6A 04 PUSH 4
004D0459 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
004D045C E8 967FF4FF CALL WaGan.004183F7
004D0461 3D 00000080 CMP EAX,80000000
004D0466 75 05 JNZ SHORT WaGan.004D046D
004D0468 E9 A30D0000 JMP WaGan.004D1210 ; 退出
004D046D 8945 EC MOV DWORD PTR SS:[EBP-14],EAX
004D0470 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004D0473 85C0 TEST EAX,EAX
004D0475 74 0F JE SHORT WaGan.004D0486
004D0477 83F8 01 CMP EAX,1
004D047A 74 27 JE SHORT WaGan.004D04A3
004D047C 83F8 02 CMP EAX,2
004D047F 74 3D JE SHORT WaGan.004D04BE
004D0481 E9 8A0D0000 JMP WaGan.004D1210 ; 退出
004D0486 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; *p
004D0489 3D 00080000 CMP EAX,800
004D048E 0F83 7C0D0000 JNB WaGan.004D1210 ; 越界
004D0494 6BC0 04 IMUL EAX,EAX,4
004D0497 05 00C05500 ADD EAX,WaGan.0055C000
004D049C 8B08 MOV ECX,DWORD PTR DS:[EAX]
004D049E 894D E8 MOV DWORD PTR SS:[EBP-18],ECX
004D04A1 EB 34 JMP SHORT WaGan.004D04D7
004D04A3 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; &p
004D04A6 3D 00080000 CMP EAX,800
004D04AB 0F83 5F0D0000 JNB WaGan.004D1210 ; 越界
004D04B1 6BC0 04 IMUL EAX,EAX,4
004D04B4 05 00C05500 ADD EAX,WaGan.0055C000
004D04B9 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
004D04BC EB 19 JMP SHORT WaGan.004D04D7
004D04BE 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; A
004D04C1 3D 00100000 CMP EAX,1000
004D04C6 0F83 440D0000 JNB WaGan.004D1210 ; 越界
004D04CC 6BC0 04 IMUL EAX,EAX,4
004D04CF 05 00B05500 ADD EAX,WaGan.0055B000
004D04D4 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
004D04D7 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004D04DA 85C0 TEST EAX,EAX
004D04DC 74 14 JE SHORT WaGan.004D04F2
004D04DE 83F8 01 CMP EAX,1
004D04E1 74 17 JE SHORT WaGan.004D04FA
004D04E3 83F8 02 CMP EAX,2
004D04E6 74 2F JE SHORT WaGan.004D0517
004D04E8 83F8 03 CMP EAX,3
004D04EB 74 45 JE SHORT WaGan.004D0532
004D04ED E9 1E0D0000 JMP WaGan.004D1210 ; 退出
004D04F2 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; 常数
004D04F5 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
004D04F8 EB 51 JMP SHORT WaGan.004D054B
004D04FA 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; *p
004D04FD 3D 00080000 CMP EAX,800
004D0502 0F83 080D0000 JNB WaGan.004D1210 ; 越界
004D0508 6BC0 04 IMUL EAX,EAX,4
004D050B 05 00C05500 ADD EAX,WaGan.0055C000
004D0510 8B08 MOV ECX,DWORD PTR DS:[EAX]
004D0512 894D E4 MOV DWORD PTR SS:[EBP-1C],ECX
004D0515 EB 34 JMP SHORT WaGan.004D054B
004D0517 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; &p
004D051A 3D 00080000 CMP EAX,800
004D051F 0F83 EB0C0000 JNB WaGan.004D1210 ; 越界
004D0525 6BC0 04 IMUL EAX,EAX,4
004D0528 05 00C05500 ADD EAX,WaGan.0055C000
004D052D 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
004D0530 EB 19 JMP SHORT WaGan.004D054B
004D0532 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; A
004D0535 3D 00100000 CMP EAX,1000
004D053A 0F83 D00C0000 JNB WaGan.004D1210 ; 越界
004D0540 6BC0 04 IMUL EAX,EAX,4
004D0543 05 00B05500 ADD EAX,WaGan.0055B000
004D0548 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
004D054B 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004D054E 85C0 TEST EAX,EAX ; +=
004D0550 74 1E JE SHORT WaGan.004D0570
004D0552 83F8 01 CMP EAX,1
004D0555 74 08 JE SHORT WaGan.004D055F ; -=
004D0557 83F8 02 CMP EAX,2
004D055A 74 1B JE SHORT WaGan.004D0577 ; =
004D055C 83F8 03 CMP EAX,3
004D055F 74 1E JE SHORT WaGan.004D057F ; *=
004D0561 83F8 04 CMP EAX,4
004D0564 74 1F JE SHORT WaGan.004D0585 ; /=
004D0566 83F8 05 CMP EAX,5
004D0569 74 20 JE SHORT WaGan.004D058B
004D056B E9 A00C0000 JMP WaGan.004D1210
004D0570 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004D0573 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
004D0576 03C1 ADD EAX,ECX
004D0578 90 NOP
作者:
岱瀛 时间: 2007-12-30 21:41 标题: 75指令 特殊形象指定 555A000开始放人物特造(新引擎新写的指令)
004D100D 55 PUSH EBP
004D100E 8BEC MOV EBP,ESP
004D1010 83EC 08 SUB ESP,8
004D1013 6A 02 PUSH 2
004D1015 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
004D1018 E8 DA73F4FF CALL WaGan.004183F7
004D101D 25 FFFF0000 AND EAX,0FFFF
004D1022 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004D1025 6A 50 PUSH 50
004D1027 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
004D102A E8 C873F4FF CALL WaGan.004183F7
004D102F 25 FFFF0000 AND EAX,0FFFF
004D1034 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
004D1037 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
004D103A 8982 00A05505 MOV DWORD PTR DS:[EDX+555A000],EAX
004D1040 B8 01000000 MOV EAX,1
004D1045 8BE5 MOV ESP,EBP
004D1047 5C POP EBP
004D1048 C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:41 标题: 73指令,为YYP写的
00411207 /. 55 PUSH EBP
00411208 |. 8BEC MOV EBP,ESP
0041120A |. 83EC 14 SUB ESP,14
0041120D |. 6A 02 PUSH 2 ; /Arg1 = 00000002
0041120F |. C745 F0 0000000>MOV DWORD PTR SS:[EBP-10],0 ; |
00411216 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
00411219 |. E8 D9710000 CALL EKD5修改.004183F7 ; \EKD5修改.004183F7
0041121E |. 25 FFFF0000 AND EAX,0FFFF
00411223 |. 3D 00800000 CMP EAX,8000
00411228 |. 75 05 JNZ SHORT EKD5修改.0041122F
0041122A |. E9 A7000000 JMP EKD5修改.004112D6
0041122F |> 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00411232 |. 6A 04 PUSH 4 ; /Arg1 = 00000004
00411234 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
00411237 |. E8 BB710000 CALL EKD5修改.004183F7 ; \EKD5修改.004183F7
0041123C |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
0041123F |. 3D 00000080 CMP EAX,80000000
00411244 |. 75 05 JNZ SHORT EKD5修改.0041124B
00411246 |. E9 8B000000 JMP EKD5修改.004112D6
0041124B |> 6A 24 PUSH 24 ; /Arg1 = 00000024
0041124D |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
00411250 |. E8 A2710000 CALL EKD5修改.004183F7 ; \EKD5修改.004183F7
00411255 |. 25 FFFF0000 AND EAX,0FFFF
0041125A |. 3D 00800000 CMP EAX,8000
0041125F |. 75 02 JNZ SHORT EKD5修改.00411263
00411261 |. EB 73 JMP SHORT EKD5修改.004112D6
00411263 |> 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
00411266 |. BA 09000000 MOV EDX,9
0041126B |> 83FA 0E /CMP EDX,0E
0041126E |. 73 34 |JNB SHORT EKD5修改.004112A4
00411270 |. 83C2 01 |ADD EDX,1
00411273 |. 8955 EC |MOV DWORD PTR SS:[EBP-14],EDX
00411276 |. 6A 26 |PUSH 26 ; /Arg1 = 00000026
00411278 |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8] ; |
0041127B |. E8 77710000 |CALL EKD5修改.004183F7 ; \EKD5修改.004183F7
00411280 |. 8B55 EC |MOV EDX,DWORD PTR SS:[EBP-14]
00411283 |. 85C0 |TEST EAX,EAX
00411285 |. 74 1B |JE SHORT EKD5修改.004112A2
00411287 |. 52 |PUSH EDX ; /Arg1
00411288 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4] ; |
0041128B |. 81E1 FFFF0000 |AND ECX,0FFFF ; |
00411291 |. 6BC9 48 |IMUL ECX,ECX,48 ; |
00411294 |. 81C1 0000D600 |ADD ECX,0D60000 ; |
0041129A |. E8 E85AFFFF |CALL EKD5修改.00406D87 ; \EKD5修改.00406D87
0041129F |. 0145 F0 |ADD DWORD PTR SS:[EBP-10],EAX
004112A2 |>^ EB C7 \JMP SHORT EKD5修改.0041126B
004112A4 |> 837D F4 00 CMP DWORD PTR SS:[EBP-C],0
004112A8 |. 74 08 JE SHORT EKD5修改.004112B2
004112AA |. 837D F4 01 CMP DWORD PTR SS:[EBP-C],1
004112AE |. 74 0D JE SHORT EKD5修改.004112BD
004112B0 |. EB 17 JMP SHORT EKD5修改.004112C9
004112B2 |> 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
004112B5 |. 3B55 F0 CMP EDX,DWORD PTR SS:[EBP-8]
004112B8 |. 1BC0 SBB EAX,EAX
004112BA |. 40 INC EAX
004112BB |. EB 1E JMP SHORT EKD5修改.004112DB
004112BD |> 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004112C0 |. 3B45 F8 CMP EAX,DWORD PTR SS:[EBP-8]
004112C3 |. 1BC0 SBB EAX,EAX
004112C5 |. F7D8 NEG EAX
004112C7 |. EB 12 JMP SHORT EKD5修改.004112DB
004112C9 |> 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
004112CC |. 33C0 XOR EAX,EAX
004112CE |. 3B4D F8 CMP ECX,DWORD PTR SS:[EBP-8]
004112D1 |. 0F94C0 SETE AL
004112D4 |. EB 05 JMP SHORT EKD5修改.004112DB
004112D6 |> B8 05000000 MOV EAX,5
004112DB 8BE5 MOV ESP,EBP
004112DD |. 5D POP EBP
004112DE \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:42 标题: 关于策略伤害
41fec9判断天气是否合适
表示是否伤血, 其实就是Eax是1还是2
00449BAC /$ 55 PUSH EBP
00449BAD |. 8BEC MOV EBP,ESP
00449BAF |. 51 PUSH ECX
00449BB0 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00449BB3 |. 25 FF000000 AND EAX,0FF
00449BB8 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00449BBB |. 837D FC 41 CMP DWORD PTR SS:[EBP-4],41
00449BBF |. 77 19 JA SHORT 雪芸.00449BDA
00449BC1 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00449BC4 |. 33C9 XOR ECX,ECX
00449BC6 |. 8A8A F49B4400 MOV CL,BYTE PTR DS:[EDX+449BF4]
00449BCC |. FF248D E09B44>JMP DWORD PTR DS:[ECX*4+449BE0]
00449BD3 |> B8 01000000 MOV EAX,1
00449BD8 |. EB 02 JMP SHORT 雪芸.00449BDC
00449BDA |> 33C0 XOR EAX,EAX
00449BDC |> 8BE5 MOV ESP,EBP
00449BDE |. 5D POP EBP
00449BDF \. C3 RETN
00449BE0 . D39B4400 DD 雪芸.00449BD3 ; 分支表 被用于 00449BCC
00449BE4 . D39B4400 DD 雪芸.00449BD3
00449BE8 . D39B4400 DD 雪芸.00449BD3
00449BEC . D39B4400 DD 雪芸.00449BD3
00449BF0 . DA9B4400 DD 雪芸.00449BDA
0042313E /$ 55 PUSH EBP
0042313F |. 8BEC MOV EBP,ESP
00423141 |. 83EC 10 SUB ESP,10
00423144 |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
00423147 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0042314A |. 8A08 MOV CL,BYTE PTR DS:[EAX]
0042314C |. 51 PUSH ECX ; /Arg4 //策略代号
0042314D |. 6A 02 PUSH 2 ; |Arg3 = 00000002
0042314F |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; |
00423152 |. 8A82 C9020000 MOV AL,BYTE PTR DS:[EDX+2C9] ; |
00423158 |. 50 PUSH EAX ; |Arg2
00423159 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0042315C |. 8A51 01 MOV DL,BYTE PTR DS:[ECX+1] ; |
0042315F |. 52 PUSH EDX ; |Arg1
00423160 |. B9 50424B00 MOV ECX,雪芸.004B4250 ; |
00423165 |. E8 D3210300 CALL 雪芸.0045533D ; \雪芸.0045533D 处理攻击范围
0042316A |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0042316D |. 8841 0C MOV BYTE PTR DS:[ECX+C],AL
00423170 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
00423173 |. 33C0 XOR EAX,EAX
00423175 |. 8A42 0C MOV AL,BYTE PTR DS:[EDX+C]
00423178 |. 3D FF000000 CMP EAX,0FF
0042317D |. 75 05 JNZ SHORT 雪芸.00423184
0042317F |. E9 D3010000 JMP 雪芸.00423357 //退出
00423184 |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
00423187 |. 8B91 A8040000 MOV EDX,DWORD PTR DS:[ECX+4A8]
0042318D |. 52 PUSH EDX ; /Arg4
0042318E |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; |
00423191 |. 8A48 0C MOV CL,BYTE PTR DS:[EAX+C] ; |
00423194 |. 51 PUSH ECX ; |Arg3
00423195 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; |
00423198 |. 8A42 01 MOV AL,BYTE PTR DS:[EDX+1] ; |
0042319B |. 50 PUSH EAX ; |Arg2
0042319C |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
0042319F |. 8A11 MOV DL,BYTE PTR DS:[ECX] ; |
004231A1 |. 52 PUSH EDX ; |Arg1
004231A2 |. E8 7BD2FFFF CALL 雪芸.00420422 ; \雪芸.00420422
004231A7 |. 83C4 10 ADD ESP,10
004231AA |. 85C0 TEST EAX,EAX
004231AC |. 75 05 JNZ SHORT 雪芸.004231B3
004231AE |. E9 A4010000 JMP 雪芸.00423357 //退出
004231B3 |> 6A 00 PUSH 0 ; /Arg1 = 00000000
004231B5 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
004231B8 |. E8 8C210000 CALL 雪芸.00425349 ; \雪芸.00425349
004231BD |. C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
004231C1 |. EB 08 JMP SHORT 雪芸.004231CB
004231C3 |> 8A45 FC /MOV AL,BYTE PTR SS:[EBP-4]
004231C6 |. 04 01 |ADD AL,1
004231C8 |. 8845 FC |MOV BYTE PTR SS:[EBP-4],AL
004231CB |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004231CE |. 81E1 FF000000 |AND ECX,0FF
004231D4 |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
004231D7 |. 33C0 |XOR EAX,EAX
004231D9 |. 8A440A 0D |MOV AL,BYTE PTR DS:[EDX+ECX+D]
004231DD |. 3D FF000000 |CMP EAX,0FF
004231E2 |. 0F84 52010000 |JE 雪芸.0042333A 转到策略伤害的地方
004231E8 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
004231EB |. 81E1 FF000000 |AND ECX,0FF
004231F1 |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
004231F4 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
004231F7 |. 8A4C08 0D |MOV CL,BYTE PTR DS:[EAX+ECX+D]
004231FB |. 884A 0C |MOV BYTE PTR DS:[EDX+C],CL
004231FE |. 6A 00 |PUSH 0
00423200 |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
00423203 |. 8A02 |MOV AL,BYTE PTR DS:[EDX]
00423205 |. 50 |PUSH EAX
00423206 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
00423209 |. 33D2 |XOR EDX,EDX
0042320B |. 8A51 0C |MOV DL,BYTE PTR DS:[ECX+C]
0042320E |. 8BCA |MOV ECX,EDX
00423210 |. 6BC9 24 |IMUL ECX,ECX,24
00423213 |. 81C1 502C4B00 |ADD ECX,雪芸.004B2C50
00423219 |. E8 52C40300 |CALL 雪芸.0045F670
0042321E |. 6BC0 48 |IMUL EAX,EAX,48 ; |
00423221 |. 05 681B4A00 |ADD EAX,雪芸.004A1B68 ; |
00423226 |. 50 |PUSH EAX ; |Arg2
00423227 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8] ; |
0042322A |. 33C9 |XOR ECX,ECX ; |
0042322C |. 8A48 0C |MOV CL,BYTE PTR DS:[EAX+C] ; |
0042322F |. 6BC9 24 |IMUL ECX,ECX,24 ; |
00423232 |. 81C1 502C4B00 |ADD ECX,雪芸.004B2C50 ; |
00423238 |. 51 |PUSH ECX ; |Arg1
00423239 |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8] ; |
0042323C |. 8B4A 08 |MOV ECX,DWORD PTR DS:[EDX+8] ; |
0042323F |. E8 668D0100 |CALL 雪芸.0043BFAA ; \雪芸.0043BFAA 调用伤害计算函数
00423244 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00423247 |. 81E1 FF000000 |AND ECX,0FF
0042324D |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
00423250 |. 89848A 840000>|MOV DWORD PTR DS:[EDX+ECX*4+84],EAX
00423257 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
0042325A |. 25 FF000000 |AND EAX,0FF
0042325F |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
00423262 |. 83BC81 840000>|CMP DWORD PTR DS:[ECX+EAX*4+84],0
0042326A |. 75 16 |JNZ SHORT 雪芸.00423282
0042326C |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
0042326F |. 81E2 FF000000 |AND EDX,0FF
00423275 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
00423278 |. C68410 550200>|MOV BYTE PTR DS:[EAX+EDX+255],0
00423280 |. EB 1C |JMP SHORT 雪芸.0042329E
00423282 |> 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00423285 |. 81E1 FF000000 |AND ECX,0FF
0042328B |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
0042328E |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
00423291 |. 8A80 54020000 |MOV AL,BYTE PTR DS:[EAX+254]
00423297 |. 88840A 550200>|MOV BYTE PTR DS:[EDX+ECX+255],AL
0042329E |> 8A4D FC |MOV CL,BYTE PTR SS:[EBP-4]
004232A1 |. 51 |PUSH ECX ; /Arg1
004232A2 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8] ; |
004232A5 |. E8 51DCFFFF |CALL 雪芸.00420EFB ; \雪芸.00420EFB
004232AA |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
004232AD |. 3B82 D0020000 |CMP EAX,DWORD PTR DS:[EDX+2D0]
004232B3 |. 76 11 |JBE SHORT 雪芸.004232C6
004232B5 |. 8A45 FC |MOV AL,BYTE PTR SS:[EBP-4]
004232B8 |. 50 |PUSH EAX ; /Arg1
004232B9 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8] ; |
004232BC |. E8 3ADCFFFF |CALL 雪芸.00420EFB ; \雪芸.00420EFB
004232C1 |. 8945 F4 |MOV DWORD PTR SS:[EBP-C],EAX
004232C4 |. EB 0C |JMP SHORT 雪芸.004232D2
004232C6 |> 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
004232C9 |. 8B91 D0020000 |MOV EDX,DWORD PTR DS:[ECX+2D0]
004232CF |. 8955 F4 |MOV DWORD PTR SS:[EBP-C],EDX
004232D2 |> 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
004232D5 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
004232D8 |. 8988 D0020000 |MOV DWORD PTR DS:[EAX+2D0],ECX
004232DE |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
004232E1 |. E8 A5DFFFFF |CALL 雪芸.0042128B
004232E6 |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
004232E9 |. 3B82 D4020000 |CMP EAX,DWORD PTR DS:[EDX+2D4]
004232EF |. 76 0D |JBE SHORT 雪芸.004232FE
004232F1 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
004232F4 |. E8 92DFFFFF |CALL 雪芸.0042128B
004232F9 |. 8945 F0 |MOV DWORD PTR SS:[EBP-10],EAX
004232FC |. EB 0C |JMP SHORT 雪芸.0042330A
004232FE |> 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
00423301 |. 8B88 D4020000 |MOV ECX,DWORD PTR DS:[EAX+2D4]
00423307 |. 894D F0 |MOV DWORD PTR SS:[EBP-10],ECX
0042330A |> 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8]
0042330D |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
00423310 |. 8982 D4020000 |MOV DWORD PTR DS:[EDX+2D4],EAX
00423316 |. 8A4D FC |MOV CL,BYTE PTR SS:[EBP-4]
00423319 |. 51 |PUSH ECX ; /Arg1
0042331A |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8] ; |
0042331D |. E8 81E0FFFF |CALL 雪芸.004213A3 ; \雪芸.004213A3
00423322 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00423325 |. 81E2 FF000000 |AND EDX,0FF
0042332B |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
0042332E |. 898491 D80200>|MOV DWORD PTR DS:[ECX+EDX*4+2D8],EAX
00423335 |.^ E9 89FEFFFF \JMP 雪芸.004231C3
0042333A |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0042333D |. E8 7DE1FFFF CALL 雪芸.004214BF //显示策略名称,显示策略动画
00423342 |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
00423345 |. E8 5EF1FFFF CALL 雪芸.004224A8 //显示伤害值
0042334A |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
0042334D |. C782 AC040000>MOV DWORD PTR DS:[EDX+4AC],1
00423357 |> 8BE5 MOV ESP,EBP
00423359 |. 5D POP EBP
0042335A \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:42 标题: 36指令
[EBP-4] 放武将序号
[EBP-8] 放着比较的数字
[EBP-C] 放着函数求出来的数字
[EBP-10] 放着比较代号
[EBP-14] 放着大小关系00 >= , 01 < , 02 =
004112E9 . 55 PUSH EBP
004112EA . 8BEC MOV EBP,ESP
004112EC . 83EC 1C SUB ESP,1C
004112EF . 6A 02 PUSH 2 ; /Arg1 = 00000002
004112F1 . 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
004112F4 . E8 FE700000 CALL EKD5.004183F7 ; \EKD5.004183F7
004112F9 . 66:8945 FC MOV WORD PTR SS:[EBP-4],AX
004112FD . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00411300 . 25 FFFF0000 AND EAX,0FFFF
00411305 . 3D 00800000 CMP EAX,8000
0041130A . 75 0A JNZ SHORT EKD5.00411316
0041130C . B8 05000000 MOV EAX,5
00411311 . E9 83010000 JMP EKD5.00411499
00411316 > 6A 23 PUSH 23 ; /Arg1 = 00000023
00411318 . 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
0041131B . E8 D7700000 CALL EKD5.004183F7 ; \EKD5.004183F7
00411320 . 66:8945 F0 MOV WORD PTR SS:[EBP-10],AX
00411324 . 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
00411327 . 81E1 FFFF0000 AND ECX,0FFFF
0041132D . 81F9 00800000 CMP ECX,8000
00411333 . 75 0A JNZ SHORT EKD5.0041133F
00411335 . B8 05000000 MOV EAX,5
0041133A . E9 5A010000 JMP EKD5.00411499
0041133F > 6A 04 PUSH 4 ; /Arg1 = 00000004
00411341 . 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
00411344 . E8 AE700000 CALL EKD5.004183F7 ; \EKD5.004183F7
00411349 . 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
0041134C . 817D F8 00000>CMP DWORD PTR SS:[EBP-8],80000000
00411353 . 75 0A JNZ SHORT EKD5.0041135F
00411355 . B8 05000000 MOV EAX,5
0041135A . E9 3A010000 JMP EKD5.00411499
0041135F > 6A 24 PUSH 24 ; /Arg1 = 00000024
00411361 . 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
00411364 . E8 8E700000 CALL EKD5.004183F7 ; \EKD5.004183F7
00411369 . 66:8945 EC MOV WORD PTR SS:[EBP-14],AX
0041136D . 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
00411370 . 81E2 FFFF0000 AND EDX,0FFFF
00411376 . 81FA 00800000 CMP EDX,8000
0041137C . 75 0A JNZ SHORT EKD5.00411388
0041137E . B8 05000000 MOV EAX,5
00411383 . E9 11010000 JMP EKD5.00411499
00411388 > E8 95A5FFFF CALL EKD5.0040B922 移动力有关 ???
0041138D . 85C0 TEST EAX,EAX
0041138F . 74 2E JE SHORT EKD5.004113BF
00411391 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00411394 . 25 FFFF0000 AND EAX,0FFFF
00411399 . 3D 00040000 CMP EAX,400
0041139E . 7C 1F JL SHORT EKD5.004113BF
004113A0 . 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004113A3 . 81E1 FFFF0000 AND ECX,0FFFF
004113A9 . 81F9 02040000 CMP ECX,402
004113AF . 7F 0E JG SHORT EKD5.004113BF
004113B1 . B9 F05D4B00 MOV ECX,EKD5.004B5DF0
004113B6 . E8 704C0400 CALL EKD5.0045602B
004113BB . 66:8945 FC MOV WORD PTR SS:[EBP-4],AX
004113BF > 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
004113C2 . 81E2 FFFF0000 AND EDX,0FFFF
004113C8 . 81FA FFFF0000 CMP EDX,0FFFF
004113CE . 74 0F JE SHORT EKD5.004113DF
004113D0 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004113D3 . 25 FFFF0000 AND EAX,0FFFF
004113D8 . 3D 00040000 CMP EAX,400
004113DD . 7E 07 JLE SHORT EKD5.004113E6
004113DF > 33C0 XOR EAX,EAX
004113E1 . E9 B3000000 JMP EKD5.00411499
004113E6 > 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
004113E9 . 81E1 FFFF0000 AND ECX,0FFFF
004113EF . 83F9 07 CMP ECX,7 测试HPCur
004113F2 . 74 25 JE SHORT EKD5.00411419
004113F4 . 83F9 08 CMP ECX,8 测试MPCur
004113F7 . 74 20 JE SHORT EKD5.00411419
004113F9 . 8A55 F0 MOV DL,BYTE PTR SS:[EBP-10]
004113FC . 52 PUSH EDX ; /Arg1
004113FD . 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; |
00411400 . 81E1 FFFF0000 AND ECX,0FFFF ; |
00411406 . 6BC9 48 IMUL ECX,ECX,48 ; |
00411409 . 81C1 0000D600 ADD ECX,0D60000 ; |
0041140F . E8 7359FFFF CALL EKD5.00406D87 ; \EKD5.00406D87 获取武将ecx的攻防精暴士体法,根据08栈值0~6
00411414 . 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
00411417 . EB 44 JMP SHORT EKD5.0041145D
00411419 > 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041141C . 81E1 FFFF0000 AND ECX,0FFFF
00411422 . 6BC9 48 IMUL ECX,ECX,48
00411425 . 81C1 0000D600 ADD ECX,0D60000
0041142B . E8 AC660600 CALL EKD5.00477ADC
00411430 . 8845 E8 MOV BYTE PTR SS:[EBP-18],AL
00411433 . 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
00411436 . 25 FF000000 AND EAX,0FF
0041143B . 3D FF000000 CMP EAX,0FF
00411440 . 74 17 JE SHORT EKD5.00411459
00411442 . 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
00411445 . 81E1 FF000000 AND ECX,0FF
0041144B . 6BC9 24 IMUL ECX,ECX,24
0041144E . 81C1 502C4B00 ADD ECX,EKD5.004B2C50
00411454 .^ E9 C856FFFF JMP EKD5.00406B21
00411459 > 33C0 XOR EAX,EAX
0041145B . EB 3C JMP SHORT EKD5.00411499
0041145D > 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
00411460 . 81E1 FFFF0000 AND ECX,0FFFF
00411466 . 894D E4 MOV DWORD PTR SS:[EBP-1C],ECX
00411469 . 837D E4 00 CMP DWORD PTR SS:[EBP-1C],0
0041146D . 74 08 JE SHORT EKD5.00411477
0041146F . 837D E4 01 CMP DWORD PTR SS:[EBP-1C],1
00411473 . 74 0D JE SHORT EKD5.00411482
00411475 . EB 17 JMP SHORT EKD5.0041148E
00411477 > 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
0041147A . 3B55 F8 CMP EDX,DWORD PTR SS:[EBP-8]
0041147D . 1BC0 SBB EAX,EAX
0041147F . 40 INC EAX
00411480 . EB 17 JMP SHORT EKD5.00411499
00411482 > 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00411485 . 3B45 F8 CMP EAX,DWORD PTR SS:[EBP-8]
00411488 . 1BC0 SBB EAX,EAX
0041148A . F7D8 NEG EAX
0041148C . EB 0B JMP SHORT EKD5.00411499
0041148E > 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
00411491 . 33C0 XOR EAX,EAX
00411493 . 3B4D F8 CMP ECX,DWORD PTR SS:[EBP-8]
00411496 . 0F94C0 SETE AL
00411499 > 8BE5 MOV ESP,EBP
0041149B . 5D POP EBP
0041149C . C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:43 标题: R中的对话
参数:透明色固定为0黑色
源Bitmpa对象 +1c
高 +18
宽 +14
Y坐标 +10
X坐标 +C
目标DC +8
-4 属于临时变量
-8是读到文本的地址
-C是计数变量
00413661 /. 55 PUSH EBP
00413662 |. 8BEC MOV EBP,ESP
00413664 |. 81EC 20040000 SUB ESP,420
0041366A |. 66:C785 ECFBF>MOV WORD PTR SS:[EBP-414],0FFFF
00413673 |. 6A 05 PUSH 5 ; /Arg1 = 00000005
00413675 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
00413678 |. E8 7A4D0000 CALL WaGan.004183F7 ; \WaGan.004183F7
0041367D |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
00413680 |. 817D F8 00000>CMP DWORD PTR SS:[EBP-8],80000000
00413687 |. 75 0A JNZ SHORT WaGan.00413693
00413689 |. B8 05000000 MOV EAX,5
0041368E |. E9 7A020000 JMP WaGan.0041390D 退出
00413693 |> 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
00413696 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00413699 |. C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
004136A0 |> C745 F4 00000>/MOV DWORD PTR SS:[EBP-C],0
004136A7 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
004136AA |. 33D2 |XOR EDX,EDX
004136AC |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
004136AE |. 83FA 26 |CMP EDX,26 26,就是&标记
004136B1 |. 0F85 9A010000 |JNZ WaGan.00413851
004136B7 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
004136BA |. 83C0 01 |ADD EAX,1 查看&后面跟的名字
004136BD |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
004136C0 |. E8 5D82FFFF |CALL WaGan.0040B922 一个判断
004136C5 |. 85C0 |TEST EAX,EAX
004136C7 |. 74 2B |JE SHORT WaGan.004136F4
004136C9 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
004136CC |. 33D2 |XOR EDX,EDX
004136CE |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
004136D0 |. 83FA 0A |CMP EDX,0A
004136D3 |. 75 1F |JNZ SHORT WaGan.004136F4
004136D5 |. B9 F05D4B00 |MOV ECX,WaGan.004B5DF0
004136DA |. E8 4C290400 |CALL WaGan.0045602B
004136DF |. 66:8985 ECFBF>|MOV WORD PTR SS:[EBP-414],AX
004136E6 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
004136E9 |. 83C0 01 |ADD EAX,1
004136EC |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
004136EF |. E9 5D010000 |JMP WaGan.00413851
004136F4 |> E8 2982FFFF |CALL WaGan.0040B922 一个判断
004136F9 |. 85C0 |TEST EAX,EAX
004136FB |. 0F84 EC000000 |JE WaGan.004137ED
00413701 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00413704 |. 33D2 |XOR EDX,EDX
00413706 |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
00413708 |. 83FA 30 |CMP EDX,30
0041370B |. 0F8C DC000000 |JL WaGan.004137ED
00413711 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00413714 |. 33C9 |XOR ECX,ECX
00413716 |. 8A08 |MOV CL,BYTE PTR DS:[EAX]
00413718 |. 83F9 39 |CMP ECX,39
0041371B |. 0F8F CC000000 |JG WaGan.004137ED
00413721 |. C785 E8FBFFFF>|MOV DWORD PTR SS:[EBP-418],0
0041372B |. EB 0F |JMP SHORT WaGan.0041373C
0041372D |> 8B95 E8FBFFFF |/MOV EDX,DWORD PTR SS:[EBP-418]
00413733 |. 83C2 01 ||ADD EDX,1
00413736 |. 8995 E8FBFFFF ||MOV DWORD PTR SS:[EBP-418],EDX
0041373C |> 83BD E8FBFFFF>| CMP DWORD PTR SS:[EBP-418],2
00413743 |. 73 37 ||JNB SHORT WaGan.0041377C
00413745 |. 8B45 FC ||MOV EAX,DWORD PTR SS:[EBP-4]
00413748 |. 33C9 ||XOR ECX,ECX
0041374A |. 8A08 ||MOV CL,BYTE PTR DS:[EAX]
0041374C |. 83F9 0A ||CMP ECX,0A
0041374F |. 74 2B ||JE SHORT WaGan.0041377C
00413751 |. 8B95 E8FBFFFF ||MOV EDX,DWORD PTR SS:[EBP-418]
00413757 |. 8B45 FC ||MOV EAX,DWORD PTR SS:[EBP-4]
0041375A |. 8A08 ||MOV CL,BYTE PTR DS:[EAX]
0041375C |. 888C15 E0FBFF>||MOV BYTE PTR SS:[EBP+EDX-420],CL
00413763 |. 8B95 E8FBFFFF ||MOV EDX,DWORD PTR SS:[EBP-418]
00413769 |. C68415 E1FBFF>||MOV BYTE PTR SS:[EBP+EDX-41F],0
00413771 |. 8B45 FC ||MOV EAX,DWORD PTR SS:[EBP-4]
00413774 |. 83C0 01 ||ADD EAX,1
00413777 |. 8945 FC ||MOV DWORD PTR SS:[EBP-4],EAX
0041377A |.^ EB B1 |\JMP SHORT WaGan.0041372D
0041377C |> 8D8D E0FBFFFF |LEA ECX,DWORD PTR SS:[EBP-420]
00413782 |. 51 |PUSH ECX ; /Arg1
00413783 |. E8 C4C30600 |CALL WaGan.0047FB4C ; \WaGan.0047FB4C
00413788 |. 83C4 04 |ADD ESP,4
0041378B |. 8885 E4FBFFFF |MOV BYTE PTR SS:[EBP-41C],AL
00413791 |. 8B8D E4FBFFFF |MOV ECX,DWORD PTR SS:[EBP-41C]
00413797 |. 81E1 FF000000 |AND ECX,0FF
0041379D |. 6BC9 24 |IMUL ECX,ECX,24
004137A0 |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004137A6 |. E8 E5540000 |CALL WaGan.00418C90
004137AB |. 25 FF000000 |AND EAX,0FF
004137B0 |. 83F8 02 |CMP EAX,2
004137B3 |. 75 23 |JNZ SHORT WaGan.004137D8
004137B5 |. 8B8D E4FBFFFF |MOV ECX,DWORD PTR SS:[EBP-41C]
004137BB |. 81E1 FF000000 |AND ECX,0FF
004137C1 |. 6BC9 24 |IMUL ECX,ECX,24
004137C4 |. 81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004137CA |. E8 A1BE0400 |CALL WaGan.0045F670
004137CF |. 66:8985 ECFBF>|MOV WORD PTR SS:[EBP-414],AX
004137D6 |. EB 0A |JMP SHORT WaGan.004137E2
004137D8 |> B8 01000000 |MOV EAX,1
004137DD |. E9 2B010000 |JMP WaGan.0041390D
004137E2 |> 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
004137E5 |. 83C2 01 |ADD EDX,1
004137E8 |. 8955 FC |MOV DWORD PTR SS:[EBP-4],EDX
004137EB |. EB 64 |JMP SHORT WaGan.00413851
下面这段是读文本内容,一个字节一个字节读入剧本变量数组[EBP-410]内,用EDX,-C变量计数,-4变量为文本指针,一直移动,最大不能超过0x400
004137ED |> 8B45 FC |/MOV EAX,DWORD PTR SS:[EBP-4]
004137F0 |. 33C9 ||XOR ECX,ECX
004137F2 |. 8A08 ||MOV CL,BYTE PTR DS:[EAX]
004137F4 |. 83F9 0A ||CMP ECX,0A 如果发现是换行就跳出
004137F7 |. 74 2E ||JE SHORT WaGan.00413827
004137F9 |. 8B55 F4 ||MOV EDX,DWORD PTR SS:[EBP-C]
004137FC |. 8B45 FC ||MOV EAX,DWORD PTR SS:[EBP-4]
004137FF |. 8A08 ||MOV CL,BYTE PTR DS:[EAX]
00413801 |. 888C15 F0FBFF>||MOV BYTE PTR SS:[EBP+EDX-410],CL
00413808 |. 8B55 F4 ||MOV EDX,DWORD PTR SS:[EBP-C]
0041380B |. 83C2 01 ||ADD EDX,1 计数+1
0041380E |. 8955 F4 ||MOV DWORD PTR SS:[EBP-C],EDX
00413811 |. 817D F4 00040>||CMP DWORD PTR SS:[EBP-C],400
00413818 |. 76 02 ||JBE SHORT WaGan.0041381C
0041381A |. EB 0B ||JMP SHORT WaGan.00413827
0041381C |> 8B45 FC ||MOV EAX,DWORD PTR SS:[EBP-4]
0041381F |. 83C0 01 ||ADD EAX,1 指针+1
00413822 |. 8945 FC ||MOV DWORD PTR SS:[EBP-4],EAX
00413825 |.^ EB C6 |\JMP SHORT WaGan.004137ED
00413827 |> 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
0041382A |. 83C1 01 |ADD ECX,1 读过换行符号
0041382D |. 894D FC |MOV DWORD PTR SS:[EBP-4],ECX
00413830 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00413833 |. C68415 F0FBFF>|MOV BYTE PTR SS:[EBP+EDX-410],0
0041383B |. 8D85 F0FBFFFF |LEA EAX,DWORD PTR SS:[EBP-410]
00413841 |. 50 |PUSH EAX ; /Arg1
00413842 |. E8 79B60000 |CALL WaGan.0041EEC0 ; \WaGan.0041EEC0
00413847 |. 83C4 04 |ADD ESP,4
0041384A |. 66:8985 ECFBF>|MOV WORD PTR SS:[EBP-414],AX
00413851 |> 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00413854 |. 51 |PUSH ECX ; /Arg2
00413855 |. 8D95 F0FBFFFF |LEA EDX,DWORD PTR SS:[EBP-410] ; |
0041385B |. 52 |PUSH EDX ; |Arg1
0041385C |. B9 902F4900 |MOV ECX,WaGan.00492F90 ; |
00413861 |. E8 3F410000 |CALL WaGan.004179A5 ; \WaGan.004179A5
00413866 |. E8 B780FFFF |CALL WaGan.0040B922
0041386B |. 85C0 |TEST EAX,EAX
0041386D |. 74 12 |JE SHORT WaGan.00413881
0041386F |. 8B85 ECFBFFFF |MOV EAX,DWORD PTR SS:[EBP-414]
00413875 |. 25 FFFF0000 |AND EAX,0FFFF
0041387A |. 3D FFFF0000 |CMP EAX,0FFFF
0041387F |. 75 20 |JNZ SHORT WaGan.004138A1
00413881 |> 6A 20 |PUSH 20 ; /Arg3 = 00000020
00413883 |. 8B8D ECFBFFFF |MOV ECX,DWORD PTR SS:[EBP-414] ; |
00413889 |. 81E1 FFFF0000 |AND ECX,0FFFF ; |
0041388F |. 51 |PUSH ECX ; |Arg2
00413890 |. 8D95 F0FBFFFF |LEA EDX,DWORD PTR SS:[EBP-410] ; |
00413896 |. 52 |PUSH EDX ; |Arg1
00413897 |. E8 559D0100 |CALL WaGan.0042D5F1 ; \WaGan.0042D5F1
0041389C |. 83C4 0C |ADD ESP,0C
0041389F |. EB 1D |JMP SHORT WaGan.004138BE
004138A1 |> 8B85 ECFBFFFF |MOV EAX,DWORD PTR SS:[EBP-414]
004138A7 |. 25 FFFF0000 |AND EAX,0FFFF
004138AC |. 50 |PUSH EAX ; /Arg2
004138AD |. 8D8D F0FBFFFF |LEA ECX,DWORD PTR SS:[EBP-410] ; |
004138B3 |. 51 |PUSH ECX ; |Arg1
004138B4 |. B9 F05D4B00 |MOV ECX,WaGan.004B5DF0 ; |
004138B9 |. E8 9F5D0400 |CALL WaGan.0045965D ; \WaGan.0045965D
004138BE |> 8B55 FC |/MOV EDX,DWORD PTR SS:[EBP-4]
004138C1 |. 33C0 ||XOR EAX,EAX
004138C3 |. 8A02 ||MOV AL,BYTE PTR DS:[EDX]
004138C5 |. 85C0 ||TEST EAX,EAX
004138C7 |. 74 2F ||JE SHORT WaGan.004138F8
004138C9 |. 8B4D FC ||MOV ECX,DWORD PTR SS:[EBP-4]
004138CC |. 33D2 ||XOR EDX,EDX
004138CE |. 8A11 ||MOV DL,BYTE PTR DS:[ECX]
004138D0 |. 83FA 0A ||CMP EDX,0A
004138D3 |. 75 18 ||JNZ SHORT WaGan.004138ED
004138D5 |. 8B45 FC ||MOV EAX,DWORD PTR SS:[EBP-4]
004138D8 |. 33C9 ||XOR ECX,ECX
004138DA |. 8A48 01 ||MOV CL,BYTE PTR DS:[EAX+1]
004138DD |. 83F9 26 ||CMP ECX,26
004138E0 |. 75 0B ||JNZ SHORT WaGan.004138ED
004138E2 |. 8B55 FC ||MOV EDX,DWORD PTR SS:[EBP-4]
004138E5 |. 83C2 01 ||ADD EDX,1
004138E8 |. 8955 FC ||MOV DWORD PTR SS:[EBP-4],EDX
004138EB |. EB 0B ||JMP SHORT WaGan.004138F8
004138ED |> 8B45 FC ||MOV EAX,DWORD PTR SS:[EBP-4]
004138F0 |. 83C0 01 ||ADD EAX,1
004138F3 |. 8945 FC ||MOV DWORD PTR SS:[EBP-4],EAX
004138F6 |.^ EB C6 |\JMP SHORT WaGan.004138BE
004138F8 |> 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
004138FB |. 33D2 |XOR EDX,EDX
004138FD |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
004138FF |. 83FA 26 |CMP EDX,26
00413902 |.^ 0F84 98FDFFFF \JE WaGan.004136A0
00413908 |. B8 01000000 MOV EAX,1
0041390D |> 8BE5 MOV ESP,EBP
0041390F |. 5D POP EBP
00413910 \. C3 RETN
出现头象代号的地方
0041E6E2 /$ 55 PUSH EBP
0041E6E3 |. 8BEC MOV EBP,ESP
0041E6E5 |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
0041E6E8 |. 50 PUSH EAX
0041E6E9 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0041E6EC |. 51 PUSH ECX 这个就是头相代号
0041E6ED |. B9 38C54A00 MOV ECX,WaGan.004AC538
0041E6F2 |. E8 92150000 CALL WaGan.0041FC89
0041E6F7 |. 5D POP EBP
0041E6F8 \. C3 RETN
控制大小的地方
0041E8C7 |. 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
0041E8CA |. 50 PUSH EAX
0041E8CB |. 6A 50 PUSH 50 高 78
0041E8CD |. 6A 40 PUSH 40 宽 78
0041E8CF |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
0041E8D2 |. 51 PUSH ECX
0041E8D3 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0041E8D6 |. 52 PUSH EDX
0041E8D7 |. E8 BFF70500 CALL WaGan.0047E09B
0041E8DC |. 83C4 14 ADD ESP,14
0041E8DF |. 5D POP EBP
0C栈Data序号
08栈对话内容
说话函数
0042D5F1
画图的地方
0047C8A8 |. 53 PUSH EBX
0047C8A9 |. 57 PUSH EDI
0047C8AA |. FF75 0C PUSH DWORD PTR SS:[EBP+C]
0047C8AD |. FF75 08 PUSH DWORD PTR SS:[EBP+8]
0047C8B0 |. FF35 44D04B00 PUSH DWORD PTR DS:[4BD044]
0047C8B6 |. E8 AB000000 CALL WaGan.0047C966
0047C8BB |. 83C4 14 ADD ESP,14
0C栈Data序号
08栈对话内容
说话函数
0042D5F1 /$ 55 PUSH EBP
0042D5F2 |. 8BEC MOV EBP,ESP
0042D5F4 |. 81EC 68090000 SUB ESP,968
0042D5FA |. E8 23E3FDFF CALL WaGan.0040B922
0042D5FF |. 85C0 TEST EAX,EAX
0042D601 |. 74 22 JE SHORT WaGan.0042D625
0042D603 |. 817D 0C 00040>CMP DWORD PTR SS:[EBP+C],400
0042D60A |. 73 19 JNB SHORT WaGan.0042D625
0042D60C |. 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
0042D60F |. 50 PUSH EAX
0042D610 |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
0042D613 |. 51 PUSH ECX
0042D614 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0042D617 |. 52 PUSH EDX
0042D618 |. E8 50F5FFFF CALL WaGan.0042CB6D
0042D61D |. 83C4 0C ADD ESP,0C
0042D620 |. E9 D9070000 JMP WaGan.0042DDFE
0042D625 |> C785 ACF6FFFF>MOV DWORD PTR SS:[EBP-954],0
0042D62F |. C685 BCF6FFFF>MOV BYTE PTR SS:[EBP-944],0FF
0042D636 |. C785 B0F6FFFF>MOV DWORD PTR SS:[EBP-950],0
0042D640 |. B9 50424B00 MOV ECX,WaGan.004B4250
0042D645 |. E8 21880200 CALL WaGan.00455E6B
0042D64A |. 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
0042D64D |. B9 50424B00 MOV ECX,WaGan.004B4250
0042D652 |. E8 ED870200 CALL WaGan.00455E44
0042D657 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0042D65A |. 817D 0C 00040>CMP DWORD PTR SS:[EBP+C],400
0042D661 |. 73 14 JNB SHORT WaGan.0042D677
0042D663 |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
0042D666 |. 50 PUSH EAX
0042D667 |. E8 F4E7FDFF CALL WaGan.0040BE60
0042D66C |. 83C4 04 ADD ESP,4
0042D66F |. 8985 A8F6FFFF MOV DWORD PTR SS:[EBP-958],EAX
0042D675 |. EB 0A JMP SHORT WaGan.0042D681
0042D677 |> C785 A8F6FFFF>MOV DWORD PTR SS:[EBP-958],0
0042D681 |> 8B8D A8F6FFFF MOV ECX,DWORD PTR SS:[EBP-958]
0042D687 |. 898D CCF6FFFF MOV DWORD PTR SS:[EBP-934],ECX
0042D68D |. 8B15 241B4B00 MOV EDX,DWORD PTR DS:[4B1B24]
0042D693 |. 3B95 CCF6FFFF CMP EDX,DWORD PTR SS:[EBP-934]
0042D699 |. 74 1D JE SHORT WaGan.0042D6B8
0042D69B |. 33C0 XOR EAX,EAX
0042D69D |. 833D 1CC84800>CMP DWORD PTR DS:[48C81C],0
0042D6A4 |. 0F94C0 SETE AL
0042D6A7 |. A3 1CC84800 MOV DWORD PTR DS:[48C81C],EAX
0042D6AC |. 8B8D CCF6FFFF MOV ECX,DWORD PTR SS:[EBP-934]
0042D6B2 |. 890D 241B4B00 MOV DWORD PTR DS:[4B1B24],ECX
0042D6B8 |> 837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
0042D6BC |. 75 0A JNZ SHORT WaGan.0042D6C8
0042D6BE |. C705 1CC84800>MOV DWORD PTR DS:[48C81C],1
0042D6C8 |> 817D 0C 00040>CMP DWORD PTR SS:[EBP+C],400
0042D6CF |. 1BD2 SBB EDX,EDX
0042D6D1 |. F7DA NEG EDX
0042D6D3 |. 8955 DC MOV DWORD PTR SS:[EBP-24],EDX
0042D6D6 |. 837D DC 00 CMP DWORD PTR SS:[EBP-24],0
0042D6DA |. 0F84 C1000000 JE WaGan.0042D7A1
0042D6E0 |. 833D 1CC84800>CMP DWORD PTR DS:[48C81C],0
0042D6E7 |. 74 0C JE SHORT WaGan.0042D6F5
0042D6E9 |. C785 A4F6FFFF>MOV DWORD PTR SS:[EBP-95C],10 能控制左边的横坐标
0042D6F3 |. EB 0E JMP SHORT WaGan.0042D703
0042D6F5 |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0042D6F8 |. 2D C0010000 SUB EAX,1C0 能控制右边的横坐标 -20E
0042D6FD |. 8985 A4F6FFFF MOV DWORD PTR SS:[EBP-95C],EAX
0042D703 |> 8B8D A4F6FFFF MOV ECX,DWORD PTR SS:[EBP-95C]
0042D709 |. 898D B8F6FFFF MOV DWORD PTR SS:[EBP-948],ECX
0042D70F |. 8B95 CCF6FFFF MOV EDX,DWORD PTR SS:[EBP-934]
0042D715 |. 52 PUSH EDX
0042D716 |. E8 DDB2FFFF CALL WaGan.004289F8
0042D71B |. 83C4 04 ADD ESP,4
0042D71E |. 85C0 TEST EAX,EAX
0042D720 |. 74 2B JE SHORT WaGan.0042D74D
0042D722 |. 8B85 CCF6FFFF MOV EAX,DWORD PTR SS:[EBP-934]
0042D728 |. 50 PUSH EAX
0042D729 |. E8 CAB2FFFF CALL WaGan.004289F8
0042D72E |. 83C4 04 ADD ESP,4
0042D731 |. 8B48 04 MOV ECX,DWORD PTR DS:[EAX+4]
0042D734 |. 894D EC MOV DWORD PTR SS:[EBP-14],ECX
0042D737 |. 8B95 CCF6FFFF MOV EDX,DWORD PTR SS:[EBP-934]
0042D73D |. 52 PUSH EDX
0042D73E |. E8 B5B2FFFF CALL WaGan.004289F8
0042D743 |. 83C4 04 ADD ESP,4
0042D746 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0042D748 |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
0042D74B |. EB 0E JMP SHORT WaGan.0042D75B
0042D74D |> C745 EC 00000>MOV DWORD PTR SS:[EBP-14],0
0042D754 |. C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
0042D75B |> 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
0042D75E |. 83E9 28 SUB ECX,28
0042D761 |. D1E9 SHR ECX,1
0042D763 |. 394D EC CMP DWORD PTR SS:[EBP-14],ECX
0042D766 |. 7E 0C JLE SHORT WaGan.0042D774
0042D768 |. C785 B4F6FFFF>MOV DWORD PTR SS:[EBP-94C],38
能控制上方的纵坐标 (去掉这里,改为允许出现头相)
0042D768 . C605 BAF24C00>MOV BYTE PTR DS:[4CF2BA],1
0042D76F . EB 03 JMP SHORT WaGan.0042D774
0042D772 |. EB 2B JMP SHORT WaGan.0042D79F
0042D774 |> B9 386F4900 MOV ECX,WaGan.00496F38
0042D779 |. E8 26C9FEFF CALL WaGan.0041A0A4
0042D77E |. 85C0 TEST EAX,EAX
0042D780 |. 75 11 JNZ SHORT WaGan.0042D793
0042D782 |. 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
0042D785 |. 81EA A2000000 SUB EDX,0A2 能控制下方的纵坐标
0042D78B |. 8995 B4F6FFFF MOV DWORD PTR SS:[EBP-94C],EDX
0042D791 |. EB 0C JMP SHORT WaGan.0042D79F
0042D793 |> 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
0042D796 |. 83E8 70 SUB EAX,70 能控制下方的纵坐标
0042D799 |. 8985 B4F6FFFF MOV DWORD PTR SS:[EBP-94C],EAX
0042D79F |> EB 22 JMP SHORT WaGan.0042D7C3
0042D7A1 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0042D7A4 |. D1E9 SHR ECX,1
0042D7A6 |. 81E9 A0000000 SUB ECX,0A0
0042D7AC |. 898D B8F6FFFF MOV DWORD PTR SS:[EBP-948],ECX
0042D7B2 |. 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
0042D7B5 |. 83EA 5A SUB EDX,5A
0042D7B8 |. D1EA SHR EDX,1
0042D7BA |. 83EA 10 SUB EDX,10
0042D7BD |. 8995 B4F6FFFF MOV DWORD PTR SS:[EBP-94C],EDX
0042D7C3 |> 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
0042D7C6 |. 25 C0000000 AND EAX,0C0
0042D7CB |. C1E8 06 SHR EAX,6
0042D7CE |. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
0042D7D1 |. 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+10]
0042D7D4 |. 83E1 10 AND ECX,10
0042D7D7 |. F7D9 NEG ECX
0042D7D9 |. 1BC9 SBB ECX,ECX
0042D7DB |. F7D9 NEG ECX
0042D7DD |. 898D C8F6FFFF MOV DWORD PTR SS:[EBP-938],ECX
0042D7E3 |. 8B55 DC MOV EDX,DWORD PTR SS:[EBP-24]
0042D7E6 |. F7DA NEG EDX
0042D7E8 |. 1BD2 SBB EDX,EDX
0042D7EA |. 83C2 04 ADD EDX,4
0042D7ED |. 8995 D4F6FFFF MOV DWORD PTR SS:[EBP-92C],EDX
0042D7F3 |. E8 5FEDFFFF CALL WaGan.0042C557
0042D7F8 |. E8 DE0DFFFF CALL WaGan.0041E5DB
0042D7FD |. 6A 04 PUSH 4
0042D7FF |. B9 382F4900 MOV ECX,WaGan.00492F38
0042D804 |. E8 2D15FEFF CALL WaGan.0040ED36
0042D809 |. 6A 00 PUSH 0
0042D80B |. B9 382F4900 MOV ECX,WaGan.00492F38
0042D810 |. E8 A714FEFF CALL WaGan.0040ECBC
0042D815 |. 837D DC 00 CMP DWORD PTR SS:[EBP-24],0
0042D819 |. 75 29 JNZ SHORT WaGan.0042D844 非0,则是有头相
0042D81B |. 6A 00 PUSH 0 这个应该是没有头象的信息框
0042D81D |. 68 90000000 PUSH 90
0042D822 |. 68 50010000 PUSH 150
0042D827 |. 8B85 B4F6FFFF MOV EAX,DWORD PTR SS:[EBP-94C]
0042D82D |. 50 PUSH EAX
0042D82E |. 8B8D B8F6FFFF MOV ECX,DWORD PTR SS:[EBP-948]
0042D834 |. 51 PUSH ECX
0042D835 |. B9 30694B00 MOV ECX,WaGan.004B6930
0042D83A |. E8 7C5D0400 CALL WaGan.004735BB
0042D83F |. E9 BD020000 JMP WaGan.0042DB01 调到画图处
0042D844 |> 8B95 CCF6FFFF MOV EDX,DWORD PTR SS:[EBP-934]
0042D84A |. 52 PUSH EDX
0042D84B |. E8 19B2FFFF CALL WaGan.00428A69
0042D850 |. 83C4 04 ADD ESP,4
0042D853 |. 8985 C0F6FFFF MOV DWORD PTR SS:[EBP-940],EAX
0042D859 |. 81BD C0F6FFFF>CMP DWORD PTR SS:[EBP-940],0FF
0042D863 |. 0F84 AB000000 JE WaGan.0042D914 人物没有在地图上,不设置气泡
0042D869 |. 6A 00 PUSH 0
0042D86B |. 6A 1F PUSH 1F
0042D86D |. 6A 04 PUSH 4
0042D86F |. E8 7DF90400 CALL WaGan.0047D1F1
0042D874 |. 83C4 0C ADD ESP,0C
0042D877 |. 83BD C0F6FFFF>CMP DWORD PTR SS:[EBP-940],3
0042D87E |. 75 0E JNZ SHORT WaGan.0042D88E
0042D880 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0042D883 |. 83E8 10 SUB EAX,10
0042D886 |. 8985 A0F6FFFF MOV DWORD PTR SS:[EBP-960],EAX
0042D88C |. EB 0C JMP SHORT WaGan.0042D89A
0042D88E |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
0042D891 |. 83C1 28 ADD ECX,28
0042D894 |. 898D A0F6FFFF MOV DWORD PTR SS:[EBP-960],ECX
0042D89A |> 8B95 A0F6FFFF MOV EDX,DWORD PTR SS:[EBP-960]
0042D8A0 |. 8995 B0F6FFFF MOV DWORD PTR SS:[EBP-950],EDX
0042D8A6 |. 8D85 DCF6FFFF LEA EAX,DWORD PTR SS:[EBP-924]
0042D8AC |. 50 PUSH EAX
0042D8AD |. 6A 18 PUSH 18
0042D8AF |. 6A 18 PUSH 18
0042D8B1 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0042D8B4 |. 83E9 10 SUB ECX,10
0042D8B7 |. 51 PUSH ECX
0042D8B8 |. 8B95 B0F6FFFF MOV EDX,DWORD PTR SS:[EBP-950]
0042D8BE |. 52 PUSH EDX
0042D8BF |. E8 8D090500 CALL WaGan.0047E251
0042D8C4 |. 83C4 14 ADD ESP,14
0042D8C7 |. 6A 04 PUSH 4
0042D8C9 |. 6A 00 PUSH 0
0042D8CB |. 68 40080000 PUSH 840
0042D8D0 |. B9 50EB4A00 MOV ECX,WaGan.004AEB50
0042D8D5 |. E8 66210500 CALL WaGan.0047FA40
0042D8DA |. 8B8D C0F6FFFF MOV ECX,DWORD PTR SS:[EBP-940]
0042D8E0 |. 83E9 01 SUB ECX,1
0042D8E3 |. F7D9 NEG ECX
0042D8E5 |. 1BC9 SBB ECX,ECX
0042D8E7 |. 81E1 40020000 AND ECX,240
0042D8ED |. 03C1 ADD EAX,ECX
0042D8EF |. 50 PUSH EAX
0042D8F0 |. 6A 18 PUSH 18 设置4b7c20
0042D8F2 |. 6A 18 PUSH 18 设置4b7a90
0042D8F4 |. 8B55 EC MOV EDX,DWORD PTR SS:[EBP-14]
0042D8F7 |. 83EA 10 SUB EDX,10
0042D8FA |. 52 PUSH EDX
0042D8FB |. 8B85 B0F6FFFF MOV EAX,DWORD PTR SS:[EBP-950]
0042D901 |. 50 PUSH EAX
0042D902 |. E8 94070500 CALL WaGan.0047E09B 设置头相气泡的
0042D907 |. 83C4 14 ADD ESP,14
0042D90A |. C785 ACF6FFFF>MOV DWORD PTR SS:[EBP-954],1
0042D914 |> 6A 00 PUSH 0
0042D916 |. 6A 60 PUSH 60 底色的高 -4 64
0042D918 |. 68 B0010000 PUSH 1B0 底色的宽 -4 1B4
0042D91D |. 8B8D B4F6FFFF MOV ECX,DWORD PTR SS:[EBP-94C]
0042D923 |. 51 PUSH ECX 底色的纵坐标 +1
0042D924 |. 8B95 B8F6FFFF MOV EDX,DWORD PTR SS:[EBP-948] 底色的横坐标 +1
0042D92A |. 52 PUSH EDX
0042D92B |. B9 30694B00 MOV ECX,WaGan.004B6930
0042D930 |. E8 865C0400 CALL WaGan.004735BB 底色和白色,头相无关
CALL 004D41DE改成Call重写的函数了,没有底的
0042D935 |. 6A 00 PUSH 0
0042D937 |. 6A 1F PUSH 1F
0042D939 |. 6A 04 PUSH 4 这个改成8,头相根本就不出现了
0042D93B |. E8 B1F80400 CALL WaGan.0047D1F1
0042D940 |. 83C4 0C ADD ESP,0C
0042D943 |. 8B8D CCF6FFFF MOV ECX,DWORD PTR SS:[EBP-934]
0042D949 |. E8 599CFDFF CALL WaGan.004075A7
0042D94E |. 50 PUSH EAX 这个就是头相的代号
0042D94F |. 8B85 B4F6FFFF MOV EAX,DWORD PTR SS:[EBP-94C]
0042D955 |. 83C0 08 ADD EAX,8 头相纵坐标+8
0042D958 |. 50 PUSH EAX
0042D959 |. 8B0D 1CC84800 MOV ECX,DWORD PTR DS:[48C81C]
0042D95F |. F7D9 NEG ECX
0042D961 |. 1BC9 SBB ECX,ECX
0042D963 |. 81E1 A0FEFFFF AND ECX,FFFFFEA0
0042D969 |. 81C1 68010000 ADD ECX,168
0042D96F |. 8B95 B8F6FFFF MOV EDX,DWORD PTR SS:[EBP-948]
0042D975 |. 03D1 ADD EDX,ECX
0042D977 |. 52 PUSH EDX 头相横坐标+168
0042D978 |. E8 640FFFFF CALL WaGan.0041E8E1 这个在加载头象
0042D97D |. 83C4 0C ADD ESP,0C
上面这段改成LoadImage了,并且调用也有改(00413897 |. E8 559D0100 |CALL WaGan.0042D5F1)
0042D959 E8 93FCFFFF CALL WaGan.0042D5F1
0042D95E C605 BAF24C00>MOV BYTE PTR DS:[4CF2BA],0
0042D965 ^ E9 325FFEFF JMP WaGan.0041389C
0042D980 |. 6A 3A PUSH 3A 蓝色
0042D982 |. B9 382F4900 MOV ECX,WaGan.00492F38
0042D987 |. E8 F812FEFF CALL WaGan.0040EC84 名字的颜色显示
0042D98C |. 8B85 B4F6FFFF MOV EAX,DWORD PTR SS:[EBP-94C]
0042D992 |. 83C0 06 ADD EAX,6 名字纵坐标+6 +0D
0042D995 |. 50 PUSH EAX
0042D996 |. 8B0D 1CC84800 MOV ECX,DWORD PTR DS:[48C81C]
0042D99C |. F7D9 NEG ECX
0042D99E |. 1BC9 SBB ECX,ECX
0042D9A0 |. 83E1 50 AND ECX,50
0042D9A3 |. 83C1 10 ADD ECX,10
0042D9A6 |. 8B85 B8F6FFFF MOV EAX,DWORD PTR SS:[EBP-948]
0042D9AC |. 03C1 ADD EAX,ECX 名字横坐标
0042D9AE |. 99 CDQ
0042D9AF |. 83E2 07 AND EDX,7
0042D9B2 |. 03C2 ADD EAX,EDX
0042D9B4 |. C1F8 03 SAR EAX,3
0042D9B7 |. 50 PUSH EAX
0042D9B8 |. B9 382F4900 MOV ECX,WaGan.00492F38
0042D9BD |. E8 1512FEFF CALL WaGan.0040EBD7
0042D9C2 |. 8B8D CCF6FFFF MOV ECX,DWORD PTR SS:[EBP-934]
0042D9C8 |. E8 8A9DFDFF CALL WaGan.00407757
0042D9CD |. 50 PUSH EAX
0042D9CE |. 68 2CC84800 PUSH WaGan.0048C82C
0042D9D3 |. 68 382F4900 PUSH WaGan.00492F38
0042D9D8 |. E8 C320FEFF CALL WaGan.0040FAA0
0042D9DD |. 83C4 0C ADD ESP,0C
0042D9E0 |. 6A 12 PUSH 12
0042D9E2 |. 6A 00 PUSH 0
0042D9E4 |. 6A 40 PUSH 40 高度
0042D9E6 |. 68 20010000 PUSH 120
0042D9EB |. 8B95 B4F6FFFF MOV EDX,DWORD PTR SS:[EBP-94C] 对话框白色部分的中间处的纵坐标
0042D9F1 |. 83C2 1A ADD EDX,1A
0042D9F4 |. 52 PUSH EDX
0042D9F5 |. A1 1CC84800 MOV EAX,DWORD PTR DS:[48C81C]
0042D9FA |. F7D8 NEG EAX
0042D9FC |. 1BC0 SBB EAX,EAX
0042D9FE |. 83E0 50 AND EAX,50
0042DA01 |. 83C0 20 ADD EAX,20
0042DA04 |. 8B8D B8F6FFFF MOV ECX,DWORD PTR SS:[EBP-948] 横坐标
0042DA0A |. 03C8 ADD ECX,EAX
0042DA0C |. 51 PUSH ECX
0042DA0D |. E8 910CFFFF CALL WaGan.0041E6A3
0042DA12 |. 83C4 18 ADD ESP,18
-------------------------------------------------------------------------------------------------------
0042DA15 |. 6A 00 PUSH 0
0042DA17 |. 6A 1F PUSH 1F
0042DA19 |. 6A 04 PUSH 4
0042DA1B |. E8 D1F70400 CALL WaGan.0047D1F1
0042DA20 |. 83C4 0C ADD ESP,0C
0042DA23 |. 6A 04 PUSH 4
0042DA25 |. 6A 00 PUSH 0
0042DA27 |. 8B15 1CC84800 MOV EDX,DWORD PTR DS:[48C81C]
0042DA2D |. F7DA NEG EDX
0042DA2F |. 1BD2 SBB EDX,EDX
0042DA31 |. 80E2 00 AND DL,0
0042DA34 |. 81C2 C0990100 ADD EDX,199C0
0042DA3A |. 52 PUSH EDX
0042DA3B |. B9 50EB4A00 MOV ECX,WaGan.004AEB50
0042DA40 |. E8 FB1F0500 CALL WaGan.0047FA40
0042DA45 |. 50 PUSH EAX
0042DA46 |. 6A 10 PUSH 10
0042DA48 |. 6A 10 PUSH 10
0042DA4A |. 8B85 B4F6FFFF MOV EAX,DWORD PTR SS:[EBP-94C] 尖角的纵坐标
0042DA50 |. 83C0 3C ADD EAX,3C
0042DA53 |. 50 PUSH EAX
0042DA54 |. 8B0D 1CC84800 MOV ECX,DWORD PTR DS:[48C81C]
0042DA5A |. F7D9 NEG ECX
0042DA5C |. 1BC9 SBB ECX,ECX
0042DA5E |. 80E1 00 AND CL,0
0042DA61 |. 81C1 50010000 ADD ECX,150
0042DA67 |. 8B95 B8F6FFFF MOV EDX,DWORD PTR SS:[EBP-948] 尖角的横坐标
0042DA6D |. 03D1 ADD EDX,ECX
0042DA6F |. 52 PUSH EDX
0042DA70 |. E8 26060500 CALL WaGan.0047E09B
0042DA75 |. 83C4 14 ADD ESP,14
0042DA78 |. 6A 04 PUSH 4
0042DA7A |. 6A 00 PUSH 0
0042DA7C |. 68 C09A0100 PUSH 19AC0
0042DA81 |. B9 50EB4A00 MOV ECX,WaGan.004AEB50
0042DA86 |. E8 B51F0500 CALL WaGan.0047FA40
开始调用Mark的了
0042DA8B |. 50 PUSH EAX
0042DA8C |. 6A 40 PUSH 40
0042DA8E |. 6A 10 PUSH 10
0042DA90 |. 8B85 B4F6FFFF MOV EAX,DWORD PTR SS:[EBP-94C] 对话框里左边的白色部分纵坐标
0042DA96 |. 83C0 1A ADD EAX,1A
0042DA99 |. 50 PUSH EAX
0042DA9A |. 8B0D 1CC84800 MOV ECX,DWORD PTR DS:[48C81C]
0042DAA0 |. F7D9 NEG ECX
0042DAA2 |. 1BC9 SBB ECX,ECX
0042DAA4 |. 83E1 50 AND ECX,50
0042DAA7 |. 83C1 10 ADD ECX,10
0042DAAA |. 8B95 B8F6FFFF MOV EDX,DWORD PTR SS:[EBP-948] 横坐标
0042DAB0 |. 03D1 ADD EDX,ECX
0042DAB2 |. 52 PUSH EDX
0042DAB3 |. E8 E3050500 CALL WaGan.0047E09B
0042DAB8 |. 83C4 14 ADD ESP,14
=======================================================================
0042DABB |. 6A 04 PUSH 4
0042DABD |. 6A 00 PUSH 0
0042DABF |. 68 C09E0100 PUSH 19EC0
0042DAC4 |. B9 50EB4A00 MOV ECX,WaGan.004AEB50
0042DAC9 |. E8 721F0500 CALL WaGan.0047FA40
=======================================================================
0042DACE |. 50 PUSH EAX
0042DACF |. 6A 40 PUSH 40
0042DAD1 |. 6A 10 PUSH 10
0042DAD3 |. 8B85 B4F6FFFF MOV EAX,DWORD PTR SS:[EBP-94C] 对话框右半边部分
0042DAD9 |. 83C0 1A ADD EAX,1A
0042DADC |. 50 PUSH EAX
0042DADD |. 8B0D 1CC84800 MOV ECX,DWORD PTR DS:[48C81C]
0042DAE3 |. F7D9 NEG ECX
0042DAE5 |. 1BC9 SBB ECX,ECX
0042DAE7 |. 83E1 50 AND ECX,50
0042DAEA |. 81C1 40010000 ADD ECX,140
0042DAF0 |. 8B95 B8F6FFFF MOV EDX,DWORD PTR SS:[EBP-948] 横坐标
0042DAF6 |. 03D1 ADD EDX,ECX
0042DAF8 |. 52 PUSH EDX
0042DAF9 |. E8 9D050500 CALL WaGan.0047E09B
0042DAFE |. 83C4 14 ADD ESP,14
0042DB01 |> E8 F00AFFFF CALL WaGan.0041E5F6 画图
0042DB06 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 文字部分
0042DB09 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
0042DB0C |. C745 E8 01000>MOV DWORD PTR SS:[EBP-18],1
0042DB13 |. B9 70074B00 MOV ECX,WaGan.004B0770
0042DB18 |. E8 13E8FEFF CALL WaGan.0041C330
0042DB1D |. 8885 D0F6FFFF MOV BYTE PTR SS:[EBP-930],AL
0042DB23 |. 8B8D D0F6FFFF MOV ECX,DWORD PTR SS:[EBP-930]
0042DB29 |. 81E1 FF000000 AND ECX,0FF
0042DB2F |. F7D9 NEG ECX
0042DB31 |. 1BC9 SBB ECX,ECX
0042DB33 |. F7D9 NEG ECX
0042DB35 |. 898D C4F6FFFF MOV DWORD PTR SS:[EBP-93C],ECX
0042DB3B |. B9 70074B00 MOV ECX,WaGan.004B0770
0042DB40 |. E8 CBCDFFFF CALL WaGan.0042A910
0042DB45 |. 25 00080000 AND EAX,800
0042DB4A |. 85C0 TEST EAX,EAX
0042DB4C |. 74 07 JE SHORT WaGan.0042DB55
0042DB4E |. C685 D0F6FFFF>MOV BYTE PTR SS:[EBP-930],3
0042DB55 |> 8B55 F0 /MOV EDX,DWORD PTR SS:[EBP-10]
0042DB58 |. 33C0 |XOR EAX,EAX
0042DB5A |. 8A02 |MOV AL,BYTE PTR DS:[EDX]
0042DB5C |. 85C0 |TEST EAX,EAX
0042DB5E |. 0F84 1D020000 |JE WaGan.0042DD81
0042DB64 |. 8B4D DC |MOV ECX,DWORD PTR SS:[EBP-24]
0042DB67 |. F7D9 |NEG ECX
0042DB69 |. 1BC9 |SBB ECX,ECX
0042DB6B |. 83E1 0A |AND ECX,0A
0042DB6E |. 83C1 14 |ADD ECX,14
0042DB71 |. 898D D8F6FFFF |MOV DWORD PTR SS:[EBP-928],ECX
0042DB77 |. 837D E8 00 |CMP DWORD PTR SS:[EBP-18],0
0042DB7B |. 75 6D |JNZ SHORT WaGan.0042DBEA
0042DB7D |. E8 590AFFFF |CALL WaGan.0041E5DB
0042DB82 |. 837D DC 00 |CMP DWORD PTR SS:[EBP-24],0
0042DB86 |. 74 37 |JE SHORT WaGan.0042DBBF
0042DB88 |. 6A 12 |PUSH 12
0042DB8A |. 6A 00 |PUSH 0
0042DB8C |. 6A 40 |PUSH 40
0042DB8E |. 68 20010000 |PUSH 120
0042DB93 |. 8B95 B4F6FFFF |MOV EDX,DWORD PTR SS:[EBP-94C]
0042DB99 |. 83C2 1A |ADD EDX,1A
0042DB9C |. 52 |PUSH EDX
0042DB9D |. A1 1CC84800 |MOV EAX,DWORD PTR DS:[48C81C]
0042DBA2 |. F7D8 |NEG EAX
0042DBA4 |. 1BC0 |SBB EAX,EAX
0042DBA6 |. 83E0 50 |AND EAX,50
0042DBA9 |. 83C0 20 |ADD EAX,20
0042DBAC |. 8B8D B8F6FFFF |MOV ECX,DWORD PTR SS:[EBP-948]
0042DBB2 |. 03C8 |ADD ECX,EAX
0042DBB4 |. 51 |PUSH ECX
0042DBB5 |. E8 E90AFFFF |CALL WaGan.0041E6A3
0042DBBA |. 83C4 18 |ADD ESP,18
0042DBBD |. EB 26 |JMP SHORT WaGan.0042DBE5
0042DBBF |> 6A 00 |PUSH 0
0042DBC1 |. 6A 00 |PUSH 0
0042DBC3 |. 68 90000000 |PUSH 90
0042DBC8 |. 68 50010000 |PUSH 150
0042DBCD |. 8B95 B4F6FFFF |MOV EDX,DWORD PTR SS:[EBP-94C]
0042DBD3 |. 52 |PUSH EDX
0042DBD4 |. 8B85 B8F6FFFF |MOV EAX,DWORD PTR SS:[EBP-948]
0042DBDA |. 50 |PUSH EAX
0042DBDB |. B9 30694B00 |MOV ECX,WaGan.004B6930
0042DBE0 |. E8 1D560400 |CALL WaGan.00473202
0042DBE5 |> E8 0C0AFFFF |CALL WaGan.0041E5F6 画图
0042DBEA |> 6A 00 |PUSH 0
0042DBEC |. 6A 00 |PUSH 0
0042DBEE |. 68 02020000 |PUSH 202
0042DBF3 |. 8B0D 686A4B00 |MOV ECX,DWORD PTR DS:[4B6A68]
0042DBF9 |. 51 |PUSH ECX
0042DBFA |. FF15 F4624800 |CALL DWORD PTR DS:[<&USER32.SendMessage>
0042DC00 |. 837D DC 00 |CMP DWORD PTR SS:[EBP-24],0
0042DC04 |. 74 0E |JE SHORT WaGan.0042DC14
0042DC06 |. 6A 1F |PUSH 1F
0042DC08 |. B9 382F4900 |MOV ECX,WaGan.00492F38
0042DC0D |. E8 7210FEFF |CALL WaGan.0040EC84 设置字体颜色
0042DC12 |. EB 0F |JMP SHORT WaGan.0042DC23
0042DC14 |> 68 AC000000 |PUSH 0AC
0042DC19 |. B9 382F4900 |MOV ECX,WaGan.00492F38
0042DC1E |. E8 6110FEFF |CALL WaGan.0040EC84 设置字体颜色
0042DC23 |> C645 E0 00 |MOV BYTE PTR SS:[EBP-20],0
0042DC27 |. EB 09 |JMP SHORT WaGan.0042DC32
0042DC29 |> 8A55 E0 |/MOV DL,BYTE PTR SS:[EBP-20]
0042DC2C |. 80C2 01 ||ADD DL,1
0042DC2F |. 8855 E0 ||MOV BYTE PTR SS:[EBP-20],DL
0042DC32 |> 8B45 F0 | MOV EAX,DWORD PTR SS:[EBP-10]
0042DC35 |. 33C9 ||XOR ECX,ECX
0042DC37 |. 8A08 ||MOV CL,BYTE PTR DS:[EAX]
0042DC39 |. 85C9 ||TEST ECX,ECX
0042DC3B |. 0F84 C4000000 ||JE WaGan.0042DD05
0042DC41 |. 8B55 E0 ||MOV EDX,DWORD PTR SS:[EBP-20]
0042DC44 |. 81E2 FF000000 ||AND EDX,0FF
0042DC4A |. 3B95 D4F6FFFF ||CMP EDX,DWORD PTR SS:[EBP-92C]
0042DC50 |. 0F8D AF000000 ||JGE WaGan.0042DD05
0042DC56 |. 837D DC 00 ||CMP DWORD PTR SS:[EBP-24],0
0042DC5A |. 74 5A ||JE SHORT WaGan.0042DCB6
0042DC5C |. 8B85 C4F6FFFF ||MOV EAX,DWORD PTR SS:[EBP-93C]
0042DC62 |. 50 ||PUSH EAX
0042DC63 |. 8B4D F0 ||MOV ECX,DWORD PTR SS:[EBP-10]
0042DC66 |. 51 ||PUSH ECX
0042DC67 |. 8B95 B4F6FFFF ||MOV EDX,DWORD PTR SS:[EBP-94C]
0042DC6D |. 0395 D8F6FFFF ||ADD EDX,DWORD PTR SS:[EBP-928]
0042DC73 |. 52 ||PUSH EDX
0042DC74 |. A1 1CC84800 ||MOV EAX,DWORD PTR DS:[48C81C]
0042DC79 |. F7D8 ||NEG EAX
0042DC7B |. 1BC0 ||SBB EAX,EAX
0042DC7D |. 83E0 50 ||AND EAX,50
0042DC80 |. 83C0 20 ||ADD EAX,20 对话的横坐标
0042DC83 |. 8B8D B8F6FFFF ||MOV ECX,DWORD PTR SS:[EBP-948]
0042DC89 |. 03C1 ||ADD EAX,ECX
0042DC8B |. 99 ||CDQ
0042DC8C |. 83E2 07 ||AND EDX,7
0042DC8F |. 03C2 ||ADD EAX,EDX
0042DC91 |. C1F8 03 ||SAR EAX,3
0042DC94 |. 50 ||PUSH EAX
0042DC95 |. E8 16ECFFFF ||CALL WaGan.0042C8B0 显示字体
0042DC9A |. 83C4 10 ||ADD ESP,10
0042DC9D |. 8B55 F0 ||MOV EDX,DWORD PTR SS:[EBP-10]
0042DCA0 |. 03D0 ||ADD EDX,EAX
0042DCA2 |. 8955 F0 ||MOV DWORD PTR SS:[EBP-10],EDX
0042DCA5 |. 8B85 D8F6FFFF ||MOV EAX,DWORD PTR SS:[EBP-928]
0042DCAB |. 83C0 14 ||ADD EAX,14
0042DCAE |. 8985 D8F6FFFF ||MOV DWORD PTR SS:[EBP-928],EAX
0042DCB4 |. EB 4A ||JMP SHORT WaGan.0042DD00
0042DCB6 |> 8B8D C4F6FFFF ||MOV ECX,DWORD PTR SS:[EBP-93C]
0042DCBC |. 51 ||PUSH ECX
0042DCBD |. 8B55 F0 ||MOV EDX,DWORD PTR SS:[EBP-10]
0042DCC0 |. 52 ||PUSH EDX
0042DCC1 |. 8B85 B4F6FFFF ||MOV EAX,DWORD PTR SS:[EBP-94C]
0042DCC7 |. 0385 D8F6FFFF ||ADD EAX,DWORD PTR SS:[EBP-928]
0042DCCD |. 50 ||PUSH EAX
0042DCCE |. 8B85 B8F6FFFF ||MOV EAX,DWORD PTR SS:[EBP-948]
0042DCD4 |. 83C0 18 ||ADD EAX,18
0042DCD7 |. 99 ||CDQ
0042DCD8 |. 83E2 07 ||AND EDX,7
0042DCDB |. 03C2 ||ADD EAX,EDX
0042DCDD |. C1F8 03 ||SAR EAX,3
0042DCE0 |. 50 ||PUSH EAX
0042DCE1 |. E8 CAEBFFFF ||CALL WaGan.0042C8B0
0042DCE6 |. 83C4 10 ||ADD ESP,10
0042DCE9 |. 8B4D F0 ||MOV ECX,DWORD PTR SS:[EBP-10]
0042DCEC |. 03C8 ||ADD ECX,EAX
0042DCEE |. 894D F0 ||MOV DWORD PTR SS:[EBP-10],ECX
0042DCF1 |. 8B95 D8F6FFFF ||MOV EDX,DWORD PTR SS:[EBP-928]
0042DCF7 |. 83C2 1E ||ADD EDX,1E
0042DCFA |. 8995 D8F6FFFF ||MOV DWORD PTR SS:[EBP-928],EDX
0042DD00 |>^ E9 24FFFFFF |\JMP WaGan.0042DC29
0042DD05 |> B9 B07F4900 |MOV ECX,WaGan.00497FB0
0042DD0A |. E8 5783FFFF |CALL WaGan.00426066
0042DD0F |. 6A 00 |PUSH 0
0042DD11 |. 6A 00 |PUSH 0
0042DD13 |. 68 02020000 |PUSH 202
0042DD18 |. A1 686A4B00 |MOV EAX,DWORD PTR DS:[4B6A68]
0042DD1D |. 50 |PUSH EAX
0042DD1E |. FF15 F4624800 |CALL DWORD PTR DS:[<&USER32.SendMessage>
0042DD24 |. 8B8D D0F6FFFF |MOV ECX,DWORD PTR SS:[EBP-930]
0042DD2A |. 81E1 FF000000 |AND ECX,0FF
0042DD30 |. 898D 9CF6FFFF |MOV DWORD PTR SS:[EBP-964],ECX
0042DD36 |. 83BD 9CF6FFFF>|CMP DWORD PTR SS:[EBP-964],3
0042DD3D |. 77 36 |JA SHORT WaGan.0042DD75
0042DD3F |. 8B95 9CF6FFFF |MOV EDX,DWORD PTR SS:[EBP-964]
0042DD45 |. FF2495 02DE42>|JMP DWORD PTR DS:[EDX*4+42DE02]
0042DD4C |> 6A 0F |PUSH 0F
0042DD4E |. E8 F3E8FFFF |CALL WaGan.0042C646
0042DD53 |. 83C4 04 |ADD ESP,4
0042DD56 |. EB 1D |JMP SHORT WaGan.0042DD75
0042DD58 |> 6A 0A |PUSH 0A
0042DD5A |. E8 E7E8FFFF |CALL WaGan.0042C646
0042DD5F |. 83C4 04 |ADD ESP,4
0042DD62 |. EB 11 |JMP SHORT WaGan.0042DD75
0042DD64 |> 6A 14 |PUSH 14
0042DD66 |. E8 DBE8FFFF |CALL WaGan.0042C646
0042DD6B |. 83C4 04 |ADD ESP,4
0042DD6E |. EB 05 |JMP SHORT WaGan.0042DD75
0042DD70 |> E8 BEE9FFFF |CALL WaGan.0042C733
0042DD75 |> C745 E8 00000>|MOV DWORD PTR SS:[EBP-18],0
0042DD7C |.^ E9 D4FDFFFF \JMP WaGan.0042DB55
0042DD81 |> B9 B07F4900 MOV ECX,WaGan.00497FB0
0042DD86 |. E8 DB82FFFF CALL WaGan.00426066
0042DD8B |. B9 30694B00 MOV ECX,WaGan.004B6930
0042DD90 |. E8 8E580400 CALL WaGan.00473623
0042DD95 |. 83BD ACF6FFFF>CMP DWORD PTR SS:[EBP-954],0
0042DD9C |. 74 21 JE SHORT WaGan.0042DDBF
0042DD9E |. 8D85 DCF6FFFF LEA EAX,DWORD PTR SS:[EBP-924]
0042DDA4 |. 50 PUSH EAX
0042DDA5 |. 6A 18 PUSH 18
0042DDA7 |. 6A 18 PUSH 18
0042DDA9 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0042DDAC |. 83E9 10 SUB ECX,10
0042DDAF |. 51 PUSH ECX
0042DDB0 |. 8B95 B0F6FFFF MOV EDX,DWORD PTR SS:[EBP-950]
0042DDB6 |. 52 PUSH EDX
0042DDB7 |. E8 DF020500 CALL WaGan.0047E09B
0042DDBC |. 83C4 14 ADD ESP,14
0042DDBF |> 8B85 BCF6FFFF MOV EAX,DWORD PTR SS:[EBP-944]
0042DDC5 |. 25 FF000000 AND EAX,0FF
0042DDCA |. 3D FF000000 CMP EAX,0FF
0042DDCF |. 74 1D JE SHORT WaGan.0042DDEE
0042DDD1 |. 8B8D BCF6FFFF MOV ECX,DWORD PTR SS:[EBP-944]
0042DDD7 |. 81E1 FF000000 AND ECX,0FF
0042DDDD |. 83F9 01 CMP ECX,1
0042DDE0 |. 74 0C JE SHORT WaGan.0042DDEE
0042DDE2 |. C785 98F6FFFF>MOV DWORD PTR SS:[EBP-968],0
0042DDEC |. EB 0A JMP SHORT WaGan.0042DDF8
0042DDEE |> C785 98F6FFFF>MOV DWORD PTR SS:[EBP-968],1
0042DDF8 |> 8B85 98F6FFFF MOV EAX,DWORD PTR SS:[EBP-968]
0042DDFE |> 8BE5 MOV ESP,EBP
0042DE00 |. 5D POP EBP
0042DE01 \. C3 RETN
0042DE02 . 4CDD4200 DD WaGan.0042DD4C
0042DE06 . 58DD4200 DD WaGan.0042DD58
0042DE0A . 64DD4200 DD WaGan.0042DD64
0042DE0E . 70DD4200 DD WaGan.0042DD70
004073B8 /$ 55 PUSH EBP
004073B9 |. 8BEC MOV EBP,ESP
004073BB |. 83EC 18 SUB ESP,18
004073BE |. 894D E8 MOV DWORD PTR SS:[EBP-18],ECX
004073C1 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004073C4 |. E8 37210000 CALL WaGan.00409500
004073C9 |. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
004073CC |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
004073CF |. 25 FF000000 AND EAX,0FF
004073D4 |. B9 FF000000 MOV ECX,0FF
004073D9 |. 2BC8 SUB ECX,EAX
004073DB |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
004073DE |. 33C0 XOR EAX,EAX
004073E0 |. 8A42 2C MOV AL,BYTE PTR DS:[EDX+2C]
004073E3 |. 3BC8 CMP ECX,EAX
004073E5 |. 73 12 JNB SHORT WaGan.004073F9
004073E7 |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004073EA |. 33D2 XOR EDX,EDX
004073EC |. 8A51 2C MOV DL,BYTE PTR DS:[ECX+2C]
004073EF |. B8 FF000000 MOV EAX,0FF
004073F4 |. 2BC2 SUB EAX,EDX
004073F6 |. 8845 08 MOV BYTE PTR SS:[EBP+8],AL
004073F9 |> C645 F0 00 MOV BYTE PTR SS:[EBP-10],0
004073FD |. EB 09 JMP SHORT WaGan.00407408
004073FF |> 8A4D F0 /MOV CL,BYTE PTR SS:[EBP-10]
00407402 |. 80C1 01 |ADD CL,1
00407405 |. 884D F0 |MOV BYTE PTR SS:[EBP-10],CL
00407408 |> 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
0040740B |. 81E2 FF000000 |AND EDX,0FF
00407411 |. 83FA 07 |CMP EDX,7
00407414 |. 0F8D 94000000 |JGE WaGan.004074AE
0040741A |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
0040741D |. 25 FF000000 |AND EAX,0FF
00407422 |. 50 |PUSH EAX ; /Arg1
00407423 |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18] ; |
00407426 |. 33D2 |XOR EDX,EDX ; |
00407428 |. 8A51 2B |MOV DL,BYTE PTR DS:[ECX+2B] ; |
0040742B |. 8BCA |MOV ECX,EDX ; |
0040742D |. 6BC9 1B |IMUL ECX,ECX,1B ; |
00407430 |. 81C1 A0BF4A00 |ADD ECX,WaGan.004ABFA0 ; |
00407436 |. E8 65210000 |CALL WaGan.004095A0 ; \WaGan.004095A0
0040743B |. 25 FF000000 |AND EAX,0FF
00407440 |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
00407443 |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10]
00407446 |. 25 FF000000 |AND EAX,0FF
0040744B |. 83F8 04 |CMP EAX,4
0040744E |. 7F 21 |JG SHORT WaGan.00407471
00407450 |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
00407453 |. 81E1 FF000000 |AND ECX,0FF
00407459 |. 51 |PUSH ECX
0040745A |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18]
0040745D |. E8 9AFEFFFF |CALL WaGan.004072FC
00407462 |. 25 FF000000 |AND EAX,0FF
00407467 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
0040746A |. 03D0 |ADD EDX,EAX
0040746C |. D1EA |SHR EDX,1
0040746E |. 8955 FC |MOV DWORD PTR SS:[EBP-4],EDX
00407471 |> 837D FC 00 |CMP DWORD PTR SS:[EBP-4],0
00407475 |. 74 32 |JE SHORT WaGan.004074A9
00407477 |. C745 EC 00000>|MOV DWORD PTR SS:[EBP-14],0
0040747E |. EB 09 |JMP SHORT WaGan.00407489
00407480 |> 8B45 EC |/MOV EAX,DWORD PTR SS:[EBP-14]
00407483 |. 83C0 01 ||ADD EAX,1
00407486 |. 8945 EC ||MOV DWORD PTR SS:[EBP-14],EAX
00407489 |> 8B4D 08 | MOV ECX,DWORD PTR SS:[EBP+8]
0040748C |. 81E1 FF000000 ||AND ECX,0FF
00407492 |. 394D EC ||CMP DWORD PTR SS:[EBP-14],ECX
00407495 |. 7D 12 ||JGE SHORT WaGan.004074A9
00407497 |. 8B55 FC ||MOV EDX,DWORD PTR SS:[EBP-4]
0040749A |. 52 ||PUSH EDX ; /Arg2
0040749B |. 8A45 F0 ||MOV AL,BYTE PTR SS:[EBP-10] ; |
0040749E |. 50 ||PUSH EAX ; |Arg1
0040749F |. 8B4D E8 ||MOV ECX,DWORD PTR SS:[EBP-18] ; |
004074A2 |. E8 70F9FFFF ||CALL WaGan.00406E17 ; \WaGan.00406E17
004074A7 |.^ EB D7 |\JMP SHORT WaGan.00407480
004074A9 |>^ E9 51FFFFFF \JMP WaGan.004073FF
004074AE |> 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004074B1 |. 8A51 2C MOV DL,BYTE PTR DS:[ECX+2C]
004074B4 |. 0255 08 ADD DL,BYTE PTR SS:[EBP+8]
004074B7 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004074BA |. 8850 2C MOV BYTE PTR DS:[EAX+2C],DL
004074BD |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
004074C0 |. 33D2 XOR EDX,EDX
004074C2 |. 8A51 2C MOV DL,BYTE PTR DS:[ECX+2C]
004074C5 |. 83FA FF CMP EDX,-1
004074C8 |. 72 07 JB SHORT WaGan.004074D1
004074CA |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
004074CD |. C640 2D FF MOV BYTE PTR DS:[EAX+2D],0FF
004074D1 |> 837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
004074D5 |. 0F84 C0000000 JE WaGan.0040759B
004074DB |. E8 42440000 CALL WaGan.0040B922
004074E0 |. 85C0 TEST EAX,EAX
004074E2 |. 74 14 JE SHORT WaGan.004074F8
004074E4 |. 6A 00 PUSH 0 ; /Arg4 = 00000000
004074E6 |. 6A 00 PUSH 0 ; |Arg3 = 00000000
004074E8 |. 6A 0B PUSH 0B ; |Arg2 = 0000000B
004074EA |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; |
004074ED |. 51 PUSH ECX ; |Arg1
004074EE |. B9 F05D4B00 MOV ECX,WaGan.004B5DF0 ; |
004074F3 |. E8 97020500 CALL WaGan.0045778F ; \WaGan.0045778F
004074F8 |> 6A 01 PUSH 1 ; /Arg2 = 00000001
004074FA |. 6A 0B PUSH 0B ; |Arg1 = 0000000B
004074FC |. B9 B0694B00 MOV ECX,WaGan.004B69B0 ; |
00407501 |. E8 74D10600 CALL WaGan.0047467A ; \WaGan.0047467A
00407506 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
00407509 |. 33C0 XOR EAX,EAX
0040750B |. 8A42 2C MOV AL,BYTE PTR DS:[EDX+2C]
0040750E |. 50 PUSH EAX ; /Arg4
0040750F |. 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18] ; |
00407512 |. 83C1 08 ADD ECX,8 ; |
00407515 |. 51 PUSH ECX ; |Arg3
00407516 |. 68 50B14800 PUSH WaGan.0048B150 ; |Arg2 = 0048B150
0040751B |. 6A 02 PUSH 2 ; |Arg1 = 00000002
0040751D |. E8 77810200 CALL WaGan.0042F699 ; \WaGan.0042F699
00407522 |. 83C4 10 ADD ESP,10
00407525 |. C645 F8 00 MOV BYTE PTR SS:[EBP-8],0
00407529 |. EB 09 JMP SHORT WaGan.00407534
0040752B |> 8A55 F8 /MOV DL,BYTE PTR SS:[EBP-8]
0040752E |. 80C2 01 |ADD DL,1
00407531 |. 8855 F8 |MOV BYTE PTR SS:[EBP-8],DL
00407534 |> 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
00407537 |. 25 FF000000 |AND EAX,0FF
0040753C |. 83F8 44 |CMP EAX,44
0040753F |. 7D 5A |JGE SHORT WaGan.0040759B
00407541 |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18]
00407544 |. 33D2 |XOR EDX,EDX
00407546 |. 8A51 2B |MOV DL,BYTE PTR DS:[ECX+2B]
00407549 |. 52 |PUSH EDX ; /Arg1
0040754A |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8] ; |
0040754D |. 81E1 FF000000 |AND ECX,0FF ; |
00407553 |. 6BC9 46 |IMUL ECX,ECX,46 ; |
00407556 |. 81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0 ; |
0040755C |. E8 1F200000 |CALL WaGan.00409580 ; \WaGan.00409580
00407561 |. 25 FF000000 |AND EAX,0FF
00407566 |. 8B4D E8 |MOV ECX,DWORD PTR SS:[EBP-18]
00407569 |. 33D2 |XOR EDX,EDX
0040756B |. 8A51 2C |MOV DL,BYTE PTR DS:[ECX+2C]
0040756E |. 3BC2 |CMP EAX,EDX
00407570 |. 75 27 |JNZ SHORT WaGan.00407599
00407572 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
00407575 |. 81E1 FF000000 |AND ECX,0FF
0040757B |. 6BC9 46 |IMUL ECX,ECX,46
0040757E |. 81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0
00407584 |. E8 87810500 |CALL WaGan.0045F710
00407589 |. 50 |PUSH EAX ; /Arg3
0040758A |. 68 60B14800 |PUSH WaGan.0048B160 ; |Arg2 = 0048B160
0040758F |. 6A 02 |PUSH 2 ; |Arg1 = 00000002
00407591 |. E8 03810200 |CALL WaGan.0042F699 ; \WaGan.0042F699
00407596 |. 83C4 0C |ADD ESP,0C
00407599 |>^ EB 90 \JMP SHORT WaGan.0040752B
0040759B |> 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18]
0040759E |. 8A40 2C MOV AL,BYTE PTR DS:[EAX+2C]
004075A1 |. 8BE5 MOV ESP,EBP
004075A3 |. 5D POP EBP
004075A4 \. C2 0800 RETN 8
作者:
岱瀛 时间: 2007-12-30 21:44 标题: 08指令研究
00426B35 /$ 55 PUSH EBP
00426B36 |. 8BEC MOV EBP,ESP
00426B38 |. 68 00040000 PUSH 400 ; /Flags = MF_BYPOSITION|MF_ENABLED|MF_STRING
00426B3D |. 6A 01 PUSH 1 ; |ItemID = 1
00426B3F |. A1 686A4B00 MOV EAX,DWORD PTR DS:[4B6A68] ; |
00426B44 |. 50 PUSH EAX ; |/hWnd => 00170296 ('Ekd5',class='Ekd5')
00426B45 |. FF15 58624800 CALL DWORD PTR DS:[<&USER32.GetMenu>] ; |\GetMenu
00426B4B |. 50 PUSH EAX ; |hMenu
00426B4C |. FF15 5C624800 CALL DWORD PTR DS:[<&USER32.GetMenuState>; \GetMenuState
00426B52 |. 83E0 01 AND EAX,1
00426B55 |. 85C0 TEST EAX,EAX
00426B57 |. 74 0A JE SHORT Ekd5.00426B63
00426B59 |. 837D 08 00 CMP DWORD PTR SS:[EBP+8],0
00426B5D |. 75 02 JNZ SHORT Ekd5.00426B61
00426B5F |. EB 40 JMP SHORT Ekd5.00426BA1
00426B61 |> EB 08 JMP SHORT Ekd5.00426B6B
00426B63 |> 837D 08 01 CMP DWORD PTR SS:[EBP+8],1
00426B67 |. 75 02 JNZ SHORT Ekd5.00426B6B
00426B69 |. EB 36 JMP SHORT Ekd5.00426BA1
00426B6B |> 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] //JMP 426b77
00426B6E |. 51 PUSH ECX ; /Arg1
00426B6F |. E8 48EE0400 CALL Ekd5.004759BC ; \Ekd5.004759BC 这个地方就是
00426B74 |. 83C4 04 ADD ESP,4
00426B77 |. B9 386F4900 MOV ECX,Ekd5.00496F38
00426B7C |. E8 2335FFFF CALL Ekd5.0041A0A4
00426B81 |. 85C0 TEST EAX,EAX
00426B83 |. 75 1C JNZ SHORT Ekd5.00426BA1
00426B85 |. 837D 08 00 CMP DWORD PTR SS:[EBP+8],0
00426B89 |. 74 0C JE SHORT Ekd5.00426B97
00426B8B |. B9 386F4900 MOV ECX,Ekd5.00496F38
00426B90 |. E8 5E35FFFF CALL Ekd5.0041A0F3
00426B95 |. EB 0A JMP SHORT Ekd5.00426BA1
00426B97 |> B9 386F4900 MOV ECX,Ekd5.00496F38
00426B9C |. E8 1F35FFFF CALL Ekd5.0041A0C0
00426BA1 |> 5D POP EBP
00426BA2 \. C3 RETN
0041431E /$ 55 PUSH EBP
0041431F |. 8BEC MOV EBP,ESP
00414321 |. 51 PUSH ECX
00414322 |. 6A 2E PUSH 2E ; /Arg1 = 0000002E
00414324 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
00414327 |. E8 CB400000 CALL Ekd5.004183F7 ; \Ekd5.004183F7
0041432C |. 66:8945 FC MOV WORD PTR SS:[EBP-4],AX
00414330 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00414333 |. 25 FFFF0000 AND EAX,0FFFF
00414338 |. 3D 00800000 CMP EAX,8000
0041433D |. 75 07 JNZ SHORT Ekd5.00414346
0041433F |. B8 05000000 MOV EAX,5
00414344 |. EB 17 JMP SHORT Ekd5.0041435D
00414346 |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00414349 |. 81E1 FFFF0000 AND ECX,0FFFF
0041434F |. 51 PUSH ECX ; /Arg1
00414350 |. E8 03850100 CALL Ekd5.0042C858 ; \Ekd5.0042C858
00414355 |. 83C4 04 ADD ESP,4
00414358 |. B8 01000000 MOV EAX,1
0041435D |> 8BE5 MOV ESP,EBP
0041435F |. 5D POP EBP
00414360 \. C3 RETN
0042C858 /$ 55 PUSH EBP
0042C859 |. 8BEC MOV EBP,ESP
0042C85B |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0042C85E |. 50 PUSH EAX ; /Arg1
0042C85F |. B9 70074B00 MOV ECX,Ekd5.004B0770 ; |
0042C864 |. E8 0E0AFEFF CALL Ekd5.0040D277 ; \Ekd5.0040D277
0042C869 |. B9 3CC64A00 MOV ECX,Ekd5.004AC63C
0042C86E |. E8 3DF0FDFF CALL Ekd5.0040B8B0
0042C873 |. 25 FF000000 AND EAX,0FF
0042C878 |. 83F8 02 CMP EAX,2
0042C87B |. 75 0C JNZ SHORT Ekd5.0042C889
0042C87D |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0042C880 |. 51 PUSH ECX ; /Arg1
0042C881 |. E8 18CFFFFF CALL Ekd5.0042979E ; \Ekd5.0042979E
0042C886 |. 83C4 04 ADD ESP,4
0042C889 |> 33C0 XOR EAX,EAX
0042C88B |. 5D POP EBP
0042C88C \. C3 RETN
0042979E /$ 55 PUSH EBP
0042979F |. 8BEC MOV EBP,ESP
004297A1 |. E8 FDD3FFFF CALL Ekd5.00426BA3
004297A6 |. 5D POP EBP
004297A7 \. C3 RETN
00426BA3 /$ 55 PUSH EBP
00426BA4 |. 8BEC MOV EBP,ESP
00426BA6 |. E8 E25C0000 CALL Ekd5.0042C88D
00426BAB |. 50 PUSH EAX ; /Arg1
00426BAC |. E8 84FFFFFF CALL Ekd5.00426B35 ; \Ekd5.00426B35
00426BB1 |. 83C4 04 ADD ESP,4
00426BB4 |. 5D POP EBP
00426BB5 \. C3 RETN
08指令410A9D
00410A9D |> \8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
00410AA0 |. 52 PUSH EDX ; /Arg1
00410AA1 |. E8 78380000 CALL Ekd5.0041431E ; \Ekd5.0041431E
00410AA6 |. 83C4 04 ADD ESP,4
00410AA9 |. E9 7D060000 JMP Ekd5.0041112B
作者:
岱瀛 时间: 2007-12-30 21:44 标题: 08 剧本指令修改
08 剧本指令,菜单选择,可以增加另外一个参数控制是否可选择存档按钮。
现在这个剧本指令有一个参数,选择false是不会出现存档按钮的选择,但是鼠标消息也受到影响,我追终了下,发现有个地方可以处理下。
0041431E /$ 55 PUSH EBP
0041431F |. 8BEC MOV EBP,ESP
00414321 |. 51 PUSH ECX
00414322 |. 6A 2E PUSH 2E ; /Arg1 = 0000002E
00414324 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; |
00414327 |. E8 CB400000 CALL 复件_(2).004183F7 ; \复件_(2).004183F7
0041432C |. 66:8945 FC MOV WORD PTR SS:[EBP-4],AX
00414330 6A 26 PUSH 26
00414332 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00414335 E8 BD400000 CALL 复件_(2).004183F7
0041433A 66:8945 F8 MOV WORD PTR SS:[EBP-8],AX
0041433E FF75 F8 PUSH DWORD PTR SS:[EBP-8]
00414341 FF75 FC PUSH DWORD PTR SS:[EBP-4]
00414344 E8 0F850100 CALL 复件_(2).0042C858
00414349 83C4 04 ADD ESP,4
0041434C B8 01000000 MOV EAX,1
00414351 8BE5 MOV ESP,EBP
00414353 5D POP EBP
00414354 C3 RETN
加了一个 26的参数。来判断是否处理.
0042C858 /$ 55 PUSH EBP
…………………………………………………………
0042C881 JMP 0041856A
0042C886 |. 83C4 04 ADD ESP,4
0042C889 |> 33C0 XOR EAX,EAX
0042C88B |. 5D POP EBP
0042C88C \. C3 RETN
(跳转到41856A,我找到的一个空闲空间, 原指令 CALL Ekd5.0042979E)
不过 0042979E这个函数只有这里调用到它,而它本身又没有什么用,建议去掉算了。
看看他的内容就知道了
0042979E /$ 55 PUSH EBP
0042979F |. 8BEC MOV EBP,ESP
004297A1 |. E8 FDD3FFFF CALL Ekd5.00426BA3
004297A6 |. 5D POP EBP
004297A7 \. C3 RETN
------直接Call 00426BA3就好了
0041856A 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
0041856D 85C0 TEST EAX,EAX
0041856F 0F84 14430100 JE 复件_(2).0042C889
00418575 E8 29E60000 CALL 复件_(2).00426BA3
0041857A E9 07430100 JMP 复件_(2).0042C886
判断第二个参数,根据他的值0还是1决定是否Call 00426BA3
作者:
岱瀛 时间: 2007-12-30 21:45 标题: 4a指令
00415D92 /. 55 PUSH EBP
00415D93 |. 8BEC MOV EBP,ESP
00415D95 |. 83EC 08 SUB ESP,8
00415D98 |. 6A 04 PUSH 4
00415D9A |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00415D9D |. E8 55260000 CALL WaGan1.004183F7
00415DA2 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00415DA5 |. 817D FC 00000>CMP DWORD PTR SS:[EBP-4],80000000
00415DAC |. 75 07 JNZ SHORT WaGan1.00415DB5
00415DAE |. B8 05000000 MOV EAX,5
00415DB3 |. EB 78 JMP SHORT WaGan1.00415E2D
00415DB5 |> 837D FC 00 CMP DWORD PTR SS:[EBP-4],0
00415DB9 |. 75 07 JNZ SHORT WaGan1.00415DC2
00415DBB |. C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
00415DC2 |> C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00415DC9 |. EB 09 JMP SHORT WaGan1.00415DD4
00415DCB |> 8B45 F8 /MOV EAX,DWORD PTR SS:[EBP-8]
00415DCE |. 83C0 01 |ADD EAX,1
00415DD1 |. 8945 F8 |MOV DWORD PTR SS:[EBP-8],EAX
00415DD4 |> 837D F8 06 CMP DWORD PTR SS:[EBP-8],6a
00415DD8 |. 73 16 |JNB SHORT WaGan1.00415DF0
00415DDA |. 6A 38 |PUSH 38
00415DDC |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8]
00415DDF |. E8 13260000 |CALL WaGan1.004183F7
00415DE4 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
00415DE7 |. 89048D F0094B>|MOV DWORD PTR DS:[ECX*4+4B09F0],EAX
00415DEE |.^ EB DB \JMP SHORT WaGan1.00415DCB
00415DF0 |> C745 F8 01000>MOV DWORD PTR SS:[EBP-8],1
00415DF7 |. EB 09 JMP SHORT WaGan1.00415E02
00415DF9 |> 8B55 F8 /MOV EDX,DWORD PTR SS:[EBP-8]
00415DFC |. 83C2 01 |ADD EDX,1
00415DFF |. 8955 F8 |MOV DWORD PTR SS:[EBP-8],EDX
00415E02 |> 837D F8 05 CMP DWORD PTR SS:[EBP-8],5
00415E06 |. 73 16 |JNB SHORT WaGan1.00415E1E
00415E08 |. 6A 39 |PUSH 39
00415E0A |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8]
00415E0D |. E8 E5250000 |CALL WaGan1.004183F7
00415E12 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
00415E15 |. 89048D 040A4B>|MOV DWORD PTR DS:[ECX*4+4B0A04],EAX
00415E1C |.^ EB DB \JMP SHORT WaGan1.00415DF9
00415E1E |> B9 902F4900 MOV ECX,WaGan1.00492F90
00415E23 |. E8 42270000 CALL WaGan1.0041856A
00415E28 |. B8 01000000 MOV EAX,1
00415E2D |> 8BE5 MOV ESP,EBP
00415E2F |. 5D POP EBP
00415E30 \. C3 RETN
00415E1E |> \B9 902F4900 MOV ECX,WaGan1.00492F90
00415E23 |. E8 42270000 CALL WaGan1.0041856A
00415E28 |. B8 01000000 MOV EAX,1
00415E2D |> 8BE5 MOV ESP,EBP
00415E2F |. 5D POP EBP
00415E30 \. C3 RETN
0041856A /$ 55 PUSH EBP
0041856B |. 8BEC MOV EBP,ESP
0041856D |. 83EC 20 SUB ESP,20
00418570 |. 894D E0 MOV DWORD PTR SS:[EBP-20],ECX
00418573 |. C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
00418577 |. C645 F4 00 MOV BYTE PTR SS:[EBP-C],0
0041857B |. EB 08 JMP SHORT WaGan1.00418585
0041857D |> 8A45 F4 /MOV AL,BYTE PTR SS:[EBP-C]
00418580 |. 04 01 |ADD AL,1
00418582 |. 8845 F4 |MOV BYTE PTR SS:[EBP-C],AL
00418585 |> 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
00418588 |. 81E1 FF000000 |AND ECX,0FF
0041858E |. 83F9 06 |CMP ECX,6
00418591 |. 7D 17 |JGE SHORT WaGan1.004185AA
00418593 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00418596 |. 81E2 FF000000 |AND EDX,0FF
0041859C |. 833C95 040A4B>|CMP DWORD PTR DS:[EDX*4+4B0A04],0
004185A4 |. 75 02 |JNZ SHORT WaGan1.004185A8
004185A6 |. EB 02 |JMP SHORT WaGan1.004185AA
004185A8 |>^ EB D3 \JMP SHORT WaGan1.0041857D
004185AA |> 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004185AD |. 25 FF000000 AND EAX,0FF
004185B2 |. 83F8 06 CMP EAX,6
004185B5 |. 75 1D JNZ SHORT WaGan1.004185D4
004185B7 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004185BA |. 81E1 FF000000 AND ECX,0FF
004185C0 |. C7048D E05E4B>MOV DWORD PTR DS:[ECX*4+4B5EE0],0D60000
004185CB |. 8A55 FC MOV DL,BYTE PTR SS:[EBP-4]
004185CE |. 80C2 01 ADD DL,1
004185D1 |. 8855 FC MOV BYTE PTR SS:[EBP-4],DL
004185D4 |> C645 F4 00 MOV BYTE PTR SS:[EBP-C],0
004185D8 |. EB 08 JMP SHORT WaGan1.004185E2
004185DA |> 8A45 F4 /MOV AL,BYTE PTR SS:[EBP-C]
004185DD |. 04 01 |ADD AL,1
004185DF |. 8845 F4 |MOV BYTE PTR SS:[EBP-C],AL
004185E2 |> 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
004185E5 |. 81E1 FF000000 |AND ECX,0FF
004185EB |. 83F9 06 |CMP ECX,6
004185EE |. 7D 7A |JGE SHORT WaGan1.0041866A
004185F0 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
004185F3 |. 81E2 FF000000 |AND EDX,0FF
004185F9 |. 833C95 F0094B>|CMP DWORD PTR DS:[EDX*4+4B09F0],0
00418601 |. 74 62 |JE SHORT WaGan1.00418665
00418603 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
00418606 |. 25 FF000000 |AND EAX,0FF
0041860B |. 813C85 F0094B>|CMP DWORD PTR DS:[EAX*4+4B09F0],0FFFF
00418616 |. 74 4D |JE SHORT WaGan1.00418665
00418618 |. 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
0041861B |. 81E1 FF000000 |AND ECX,0FF
00418621 |. 8B148D F0094B>|MOV EDX,DWORD PTR DS:[ECX*4+4B09F0]
00418628 |. 52 |PUSH EDX ; /Arg1
00418629 |. E8 621B0000 |CALL WaGan1.0041A190 ; \WaGan1.0041A190
0041862E |. 83C4 04 |ADD ESP,4
00418631 |. 85C0 |TEST EAX,EAX
00418633 |. 74 30 |JE SHORT WaGan1.00418665
00418635 |. 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
00418638 |. 25 FF000000 |AND EAX,0FF
0041863D |. 8B0C85 F0094B>|MOV ECX,DWORD PTR DS:[EAX*4+4B09F0]
00418644 |. 6BC9 48 |IMUL ECX,ECX,48
00418647 |. 81C1 0000D600 |ADD ECX,0D60000
0041864D |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00418650 |. 81E2 FF000000 |AND EDX,0FF
00418656 |. 890C95 E05E4B>|MOV DWORD PTR DS:[EDX*4+4B5EE0],ECX
0041865D |. 8A45 FC |MOV AL,BYTE PTR SS:[EBP-4]
00418660 |. 04 01 |ADD AL,1
00418662 |. 8845 FC |MOV BYTE PTR SS:[EBP-4],AL
00418665 |>^ E9 70FFFFFF \JMP WaGan1.004185DA
0041866A |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
0041866D |. 81E1 FF000000 AND ECX,0FF
00418673 |. C7048D E05E4B>MOV DWORD PTR DS:[ECX*4+4B5EE0],0
0041867E |. 33D2 XOR EDX,EDX
00418680 |. 8A15 EC094B00 MOV DL,BYTE PTR DS:[4B09EC]
00418686 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00418689 |. 25 FF000000 AND EAX,0FF
0041868E |. 3BD0 CMP EDX,EAX
00418690 |. 7D 09 JGE SHORT WaGan1.0041869B
00418692 |. 8A4D FC MOV CL,BYTE PTR SS:[EBP-4]
00418695 |. 880D EC094B00 MOV BYTE PTR DS:[4B09EC],CL
0041869B |> 33D2 XOR EDX,EDX
0041869D |. 8A15 EC094B00 MOV DL,BYTE PTR DS:[4B09EC]
004186A3 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004186A6 |. 25 FF000000 AND EAX,0FF
004186AB |. 3BD0 CMP EDX,EAX
004186AD |. 75 0C JNZ SHORT WaGan1.004186BB
004186AF |. C745 F8 E05E4>MOV DWORD PTR SS:[EBP-8],WaGan1.004B5EE0
004186B6 |. E9 30010000 JMP WaGan1.004187EB
004186BB |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
004186BE |. 81E1 FF000000 AND ECX,0FF
004186C4 |. 894D EC MOV DWORD PTR SS:[EBP-14],ECX
004186C7 |. C745 E8 00000>MOV DWORD PTR SS:[EBP-18],0
004186CE |. EB 09 JMP SHORT WaGan1.004186D9
004186D0 |> 8B55 E8 /MOV EDX,DWORD PTR SS:[EBP-18]
004186D3 |. 83C2 01 |ADD EDX,1
004186D6 |. 8955 E8 |MOV DWORD PTR SS:[EBP-18],EDX
004186D9 |> 817D E8 00040> CMP DWORD PTR SS:[EBP-18],400
004186E0 |. 0F83 E9000000 |JNB WaGan1.004187CF
004186E6 |. 8B45 E8 |MOV EAX,DWORD PTR SS:[EBP-18]
004186E9 |. 50 |PUSH EAX ; /Arg1
004186EA |. E8 A11A0000 |CALL WaGan1.0041A190 ; \WaGan1.0041A190
004186EF |. 83C4 04 |ADD ESP,4
004186F2 |. 85C0 |TEST EAX,EAX
004186F4 |. 0F84 BC000000 |JE WaGan1.004187B6
004186FA |. C645 E4 00 |MOV BYTE PTR SS:[EBP-1C],0
004186FE |. EB 09 |JMP SHORT WaGan1.00418709
00418700 |> 8A4D E4 |/MOV CL,BYTE PTR SS:[EBP-1C]
00418703 |. 80C1 01 ||ADD CL,1
00418706 |. 884D E4 ||MOV BYTE PTR SS:[EBP-1C],CL
00418709 |> 8B55 E4 | MOV EDX,DWORD PTR SS:[EBP-1C]
0041870C |. 81E2 FF000000 ||AND EDX,0FF
00418712 |. 833C95 E05E4B>||CMP DWORD PTR DS:[EDX*4+4B5EE0],0
0041871A |. 74 1D ||JE SHORT WaGan1.00418739
0041871C |. 8B45 E4 ||MOV EAX,DWORD PTR SS:[EBP-1C]
0041871F |. 25 FF000000 ||AND EAX,0FF
00418724 |. 8B0C85 E05E4B>||MOV ECX,DWORD PTR DS:[EAX*4+4B5EE0]
0041872B |. E8 D00DFFFF ||CALL WaGan1.00409500
00418730 |. 3B45 E8 ||CMP EAX,DWORD PTR SS:[EBP-18]
00418733 |. 75 02 ||JNZ SHORT WaGan1.00418737
00418735 |. EB 02 ||JMP SHORT WaGan1.00418739
00418737 |>^ EB C7 |\JMP SHORT WaGan1.00418700
00418739 |> 8B4D E4 |MOV ECX,DWORD PTR SS:[EBP-1C]
0041873C |. 81E1 FF000000 |AND ECX,0FF
00418742 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00418745 |. 81E2 FF000000 |AND EDX,0FF
0041874B |. 3BCA |CMP ECX,EDX
0041874D |. 75 67 |JNZ SHORT WaGan1.004187B6
0041874F |. C645 E4 00 |MOV BYTE PTR SS:[EBP-1C],0
00418753 |. EB 08 |JMP SHORT WaGan1.0041875D
00418755 |> 8A45 E4 |/MOV AL,BYTE PTR SS:[EBP-1C]
00418758 |. 04 01 ||ADD AL,1
0041875A |. 8845 E4 ||MOV BYTE PTR SS:[EBP-1C],AL
0041875D |> 8B4D E4 | MOV ECX,DWORD PTR SS:[EBP-1C]
00418760 |. 81E1 FF000000 ||AND ECX,0FF
00418766 |. 83F9 05 ||CMP ECX,5
00418769 |. 7D 19 ||JGE SHORT WaGan1.00418784
0041876B |. 8B55 E4 ||MOV EDX,DWORD PTR SS:[EBP-1C]
0041876E |. 81E2 FF000000 ||AND EDX,0FF
00418774 |. 8B0495 040A4B>||MOV EAX,DWORD PTR DS:[EDX*4+4B0A04]
0041877B |. 3B45 E8 ||CMP EAX,DWORD PTR SS:[EBP-18]
0041877E |. 75 02 ||JNZ SHORT WaGan1.00418782
00418780 |. EB 02 ||JMP SHORT WaGan1.00418784
00418782 |>^ EB D1 |\JMP SHORT WaGan1.00418755
00418784 |> 8B4D E4 |MOV ECX,DWORD PTR SS:[EBP-1C]
00418787 |. 81E1 FF000000 |AND ECX,0FF
0041878D |. 83F9 05 |CMP ECX,5
00418790 |. 75 24 |JNZ SHORT WaGan1.004187B6
00418792 |. 8B55 E8 |MOV EDX,DWORD PTR SS:[EBP-18]
00418795 |. 6BD2 48 |IMUL EDX,EDX,48
00418798 |. 81C2 0000D600 |ADD EDX,0D60000
0041879E |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
004187A1 |. 25 FF000000 |AND EAX,0FF
004187A6 |. 891485 E05E4B>|MOV DWORD PTR DS:[EAX*4+4B5EE0],EDX
004187AD |. 8A4D FC |MOV CL,BYTE PTR SS:[EBP-4]
004187B0 |. 80C1 01 |ADD CL,1
004187B3 |. 884D FC |MOV BYTE PTR SS:[EBP-4],CL
004187B6 |> 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
004187B9 |. 81E2 FF000000 |AND EDX,0FF
004187BF |. C70495 E05E4B>|MOV DWORD PTR DS:[EDX*4+4B5EE0],0
004187CA |.^ E9 01FFFFFF \JMP WaGan1.004186D0
004187CF |> 33C0 XOR EAX,EAX
004187D1 |. A0 EC094B00 MOV AL,BYTE PTR DS:[4B09EC]
004187D6 |. 50 PUSH EAX ; /Arg3
004187D7 |. 8B4D EC MOV ECX,DWORD PTR SS:[EBP-14] ; |
004187DA |. 51 PUSH ECX ; |Arg2
004187DB |. 68 E05E4B00 PUSH WaGan1.004B5EE0 ; |Arg1 = 004B5EE0
004187E0 |. E8 CE5E0400 CALL WaGan1.0045E6B3 ; \WaGan1.0045E6B3
004187E5 |. 83C4 0C ADD ESP,0C
004187E8 |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
004187EB |> C645 F0 00 MOV BYTE PTR SS:[EBP-10],0
004187EF |. EB 09 JMP SHORT WaGan1.004187FA
004187F1 |> 8A55 F0 /MOV DL,BYTE PTR SS:[EBP-10]
004187F4 |. 80C2 01 |ADD DL,1
004187F7 |. 8855 F0 |MOV BYTE PTR SS:[EBP-10],DL
004187FA |> 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
004187FD |. 25 FF000000 |AND EAX,0FF
00418802 |. 8B4D F8 |MOV ECX,DWORD PTR SS:[EBP-8]
00418805 |. 833C81 00 |CMP DWORD PTR DS:[ECX+EAX*4],0
00418809 |. 74 26 |JE SHORT WaGan1.00418831
0041880B |. 8B55 F0 |MOV EDX,DWORD PTR SS:[EBP-10]
0041880E |. 81E2 FF000000 |AND EDX,0FF
00418814 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8]
00418817 |. 8B0C90 |MOV ECX,DWORD PTR DS:[EAX+EDX*4]
0041881A |. E8 E10CFFFF |CALL WaGan1.00409500
0041881F |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
00418822 |. 81E1 FF000000 |AND ECX,0FF
00418828 |. 89048D 50B348>|MOV DWORD PTR DS:[ECX*4+48B350],EAX
0041882F |.^ EB C0 \JMP SHORT WaGan1.004187F1
00418831 |> 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
00418834 |. 81E2 FF000000 AND EDX,0FF
0041883A |. C70495 50B348>MOV DWORD PTR DS:[EDX*4+48B350],0FFFF
00418845 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
00418848 |. 25 FF000000 AND EAX,0FF
0041884D |. 33C9 XOR ECX,ECX
0041884F |. 85C0 TEST EAX,EAX
00418851 |. 0F9FC1 SETG CL
00418854 |. 8BC1 MOV EAX,ECX
00418856 |. 8BE5 MOV ESP,EBP
00418858 |. 5D POP EBP
00418859 \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:49 标题: 仓库
0046776A /. 55 PUSH EBP
0046776B |. 8BEC MOV EBP,ESP
0046776D |. 83EC 70 SUB ESP,70
00467770 |. 53 PUSH EBX
00467771 |. 56 PUSH ESI
00467772 |. 894D 98 MOV DWORD PTR SS:[EBP-68],ECX
00467775 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00467778 |. 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8]
0046777B |. 51 PUSH ECX ; /Arg1
0046777C |. 8B4D 98 MOV ECX,DWORD PTR SS:[EBP-68] ; |
0046777F |. E8 18C8FFFF CALL Ekd5.00463F9C ; \Ekd5.00463F9C
00467784 |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
00467787 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0046778A |. 83C2 1C ADD EDX,1C
0046778D |. 8B02 MOV EAX,DWORD PTR DS:[EDX]
0046778F |. 8945 C0 MOV DWORD PTR SS:[EBP-40],EAX
00467792 |. 8B4A 04 MOV ECX,DWORD PTR DS:[EDX+4]
00467795 |. 894D C4 MOV DWORD PTR SS:[EBP-3C],ECX
00467798 |. 8B42 08 MOV EAX,DWORD PTR DS:[EDX+8]
0046779B |. 8945 C8 MOV DWORD PTR SS:[EBP-38],EAX
0046779E |. 8B4A 0C MOV ECX,DWORD PTR DS:[EDX+C]
004677A1 |. 894D CC MOV DWORD PTR SS:[EBP-34],ECX
004677A4 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
004677A7 |. 52 PUSH EDX
004677A8 |. 8B45 98 MOV EAX,DWORD PTR SS:[EBP-68]
004677AB |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
004677AD |. 8B4D 98 MOV ECX,DWORD PTR SS:[EBP-68]
004677B0 |. FF52 18 CALL DWORD PTR DS:[EDX+18]
004677B3 |. C745 A0 01000>MOV DWORD PTR SS:[EBP-60],1
004677BA |. 6A 02 PUSH 2 ; /lParam = 2
004677BC |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; |
004677BF |. 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8] ; |
004677C2 |. 51 PUSH ECX ; |wParam
004677C3 |. 68 2C100000 PUSH 102C ; |Message = MSG(102C)
004677C8 |. 8B55 98 MOV EDX,DWORD PTR SS:[EBP-68] ; |
004677CB |. 8B42 10 MOV EAX,DWORD PTR DS:[EDX+10] ; |
004677CE |. 50 PUSH EAX ; |hWnd
004677CF |. FF15 F4624800 CALL DWORD PTR DS:[<&USER32.SendMessageA>; \SendMessageA
004677D5 |. 33C9 XOR ECX,ECX
004677D7 |. 83F8 02 CMP EAX,2
004677DA |. 0F94C1 SETE CL
004677DD |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
004677E0 |. C745 9C FFFFF>MOV DWORD PTR SS:[EBP-64],-1
004677E7 |. C745 F0 00000>MOV DWORD PTR SS:[EBP-10],0
004677EE |. EB 09 JMP SHORT Ekd5.004677F9
004677F0 |> 8B55 F0 /MOV EDX,DWORD PTR SS:[EBP-10]
004677F3 |. 83C2 01 |ADD EDX,1
004677F6 |. 8955 F0 |MOV DWORD PTR SS:[EBP-10],EDX
004677F9 |> 8B45 98 MOV EAX,DWORD PTR SS:[EBP-68]
004677FC |. 33C9 |XOR ECX,ECX
004677FE |. 8A48 14 |MOV CL,BYTE PTR DS:[EAX+14]
00467801 |. 394D F0 |CMP DWORD PTR SS:[EBP-10],ECX
00467804 |. 0F8D 11060000 |JGE Ekd5.00467E1B
0046780A |. 8D55 A0 |LEA EDX,DWORD PTR SS:[EBP-60]
0046780D |. 52 |PUSH EDX ; /lParam
0046780E |. 8B45 F0 |MOV EAX,DWORD PTR SS:[EBP-10] ; |
00467811 |. 50 |PUSH EAX ; |wParam
00467812 |. 68 19100000 |PUSH 1019 ; |Message = MSG(1019)
00467817 |. 8B4D 98 |MOV ECX,DWORD PTR SS:[EBP-68] ; |
0046781A |. 8B51 10 |MOV EDX,DWORD PTR DS:[ECX+10] ; |
0046781D |. 52 |PUSH EDX ; |hWnd
0046781E |. FF15 F4624800 |CALL DWORD PTR DS:[<&USER32.SendMessage>; \SendMessageA
00467824 |. C745 F4 24800>|MOV DWORD PTR SS:[EBP-C],8024
0046782B |. 8B45 A4 |MOV EAX,DWORD PTR SS:[EBP-5C]
0046782E |. 83E0 03 |AND EAX,3
00467831 |. 8945 94 |MOV DWORD PTR SS:[EBP-6C],EAX
00467834 |. 837D 94 00 |CMP DWORD PTR SS:[EBP-6C],0
00467838 |. 74 0E |JE SHORT Ekd5.00467848
0046783A |. 837D 94 01 |CMP DWORD PTR SS:[EBP-6C],1
0046783E |. 74 10 |JE SHORT Ekd5.00467850
00467840 |. 837D 94 02 |CMP DWORD PTR SS:[EBP-6C],2
00467844 |. 74 15 |JE SHORT Ekd5.0046785B
00467846 |. EB 1D |JMP SHORT Ekd5.00467865
00467848 |> 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
0046784B |. 894D F4 |MOV DWORD PTR SS:[EBP-C],ECX
0046784E |. EB 1B |JMP SHORT Ekd5.0046786B
00467850 |> 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C]
00467853 |. 83CA 02 |OR EDX,2
00467856 |. 8955 F4 |MOV DWORD PTR SS:[EBP-C],EDX
00467859 |. EB 10 |JMP SHORT Ekd5.0046786B
0046785B |> 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
0046785E |. 0C 01 |OR AL,1
00467860 |. 8945 F4 |MOV DWORD PTR SS:[EBP-C],EAX
00467863 |. EB 06 |JMP SHORT Ekd5.0046786B
00467865 |> 8B4D F4 |MOV ECX,DWORD PTR SS:[EBP-C]
00467868 |. 894D F4 |MOV DWORD PTR SS:[EBP-C],ECX
0046786B |> 6A 00 |PUSH 0 ; /lParam = 0
0046786D |. 8B55 F0 |MOV EDX,DWORD PTR SS:[EBP-10] ; |
00467870 |. 52 |PUSH EDX ; |wParam
00467871 |. 68 1D100000 |PUSH 101D ; |Message = MSG(101D)
00467876 |. 8B45 98 |MOV EAX,DWORD PTR SS:[EBP-68] ; |
00467879 |. 8B48 10 |MOV ECX,DWORD PTR DS:[EAX+10] ; |
0046787C |. 51 |PUSH ECX ; |hWnd
0046787D |. FF15 F4624800 |CALL DWORD PTR DS:[<&USER32.SendMessage>; \SendMessageA
00467883 |. 8B55 C0 |MOV EDX,DWORD PTR SS:[EBP-40]
00467886 |. 8D4402 FB |LEA EAX,DWORD PTR DS:[EDX+EAX-5]
0046788A |. 8945 C8 |MOV DWORD PTR SS:[EBP-38],EAX
0046788D |. 8B4D C0 |MOV ECX,DWORD PTR SS:[EBP-40]
00467890 |. 83C1 05 |ADD ECX,5
00467893 |. 894D C0 |MOV DWORD PTR SS:[EBP-40],ECX
00467896 |. 8B55 98 |MOV EDX,DWORD PTR SS:[EBP-68]
00467899 |. 8B42 18 |MOV EAX,DWORD PTR DS:[EDX+18]
0046789C |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10]
0046789F |. 8B1488 |MOV EDX,DWORD PTR DS:[EAX+ECX*4]
004678A2 |. 8955 90 |MOV DWORD PTR SS:[EBP-70],EDX
004678A5 |. 837D 90 0C |CMP DWORD PTR SS:[EBP-70],0C
004678A9 |. 0F87 28050000 |JA Ekd5.00467DD7
004678AF |. 8B45 90 |MOV EAX,DWORD PTR SS:[EBP-70]
004678B2 |. FF2485 237E46>|JMP DWORD PTR DS:[EAX*4+467E23]
004678B9 |> 8B4D C0 |MOV ECX,DWORD PTR SS:[EBP-40]
004678BC |. 83E9 05 |SUB ECX,5
004678BF |. 894D C0 |MOV DWORD PTR SS:[EBP-40],ECX
004678C2 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
004678C5 |. 33C0 |XOR EAX,EAX
004678C7 |. 8A02 |MOV AL,BYTE PTR DS:[EDX]
004678C9 |. 8BC8 |MOV ECX,EAX
004678CB |. 6BC9 19 |IMUL ECX,ECX,19
004678CE |. 81C1 C0F44A00 |ADD ECX,Ekd5.004AF4C0
004678D4 |. E8 377EFFFF |CALL Ekd5.0045F710
004678D9 |. 50 |PUSH EAX ; /<%s>
004678DA |. 68 CCE64800 |PUSH Ekd5.0048E6CC ; |Format = "%s"
004678DF |. 8D4D D0 |LEA ECX,DWORD PTR SS:[EBP-30] ; |
004678E2 |. 51 |PUSH ECX ; |s
004678E3 |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
004678E9 |. 83C4 0C |ADD ESP,0C
004678EC |. 6A 01 |PUSH 1
004678EE |. 8B55 CC |MOV EDX,DWORD PTR SS:[EBP-34]
004678F1 |. 8B45 C4 |MOV EAX,DWORD PTR SS:[EBP-3C]
004678F4 |. 8D4410 F0 |LEA EAX,DWORD PTR DS:[EAX+EDX-10]
004678F8 |. 99 |CDQ
004678F9 |. 2BC2 |SUB EAX,EDX
004678FB |. D1F8 |SAR EAX,1
004678FD |. 50 |PUSH EAX
004678FE |. 8B4D C0 |MOV ECX,DWORD PTR SS:[EBP-40]
00467901 |. 83C1 01 |ADD ECX,1
00467904 |. 51 |PUSH ECX
00467905 |. 8B55 08 |MOV EDX,DWORD PTR SS:[EBP+8]
00467908 |. 8B42 18 |MOV EAX,DWORD PTR DS:[EDX+18]
0046790B |. 50 |PUSH EAX
0046790C |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
0046790F |. 33D2 |XOR EDX,EDX
00467911 |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
00467913 |. 8BCA |MOV ECX,EDX
00467915 |. 6BC9 19 |IMUL ECX,ECX,19
00467918 |. 81C1 C0F44A00 |ADD ECX,Ekd5.004AF4C0
0046791E |. E8 4DB30000 |CALL Ekd5.00472C70
00467923 |. 25 FF000000 |AND EAX,0FF ; |
00467928 |. 50 |PUSH EAX ; |Index
00467929 |. 6A 00 |PUSH 0 ; |/lParam = 0
0046792B |. 6A 01 |PUSH 1 ; ||wParam = 1
0046792D |. 68 02100000 |PUSH 1002 ; ||Message = MSG(1002)
00467932 |. 8B45 98 |MOV EAX,DWORD PTR SS:[EBP-68] ; ||
00467935 |. 8B48 10 |MOV ECX,DWORD PTR DS:[EAX+10] ; ||
00467938 |. 51 |PUSH ECX ; ||hWnd
00467939 |. FF15 F4624800 |CALL DWORD PTR DS:[<&USER32.SendMessage>; |\SendMessageA
0046793F |. 50 |PUSH EAX ; |hIml
00467940 |. FF15 0C604800 |CALL DWORD PTR DS:[<&COMCTL32.ImageList>; \ImageList_Draw
00467946 |. 8B55 C0 |MOV EDX,DWORD PTR SS:[EBP-40]
00467949 |. 83C2 11 |ADD EDX,11
0046794C |. 8955 C0 |MOV DWORD PTR SS:[EBP-40],EDX
0046794F |. E9 83040000 |JMP Ekd5.00467DD7
00467954 |> 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00467957 |. 33C9 |XOR ECX,ECX
00467959 |. 8A08 |MOV CL,BYTE PTR DS:[EAX]
0046795B |. 6BC9 19 |IMUL ECX,ECX,19
0046795E |. 81C1 C0F44A00 |ADD ECX,Ekd5.004AF4C0
00467964 |. E8 814DFAFF |CALL Ekd5.0040C6EA
00467969 |. 25 FF000000 |AND EAX,0FF
0046796E |. 83F8 02 |CMP EAX,2
00467971 |. 75 14 |JNZ SHORT Ekd5.00467987
00467973 |. 68 D0E64800 |PUSH Ekd5.0048E6D0 ; /Format = "--"
00467978 |. 8D55 D0 |LEA EDX,DWORD PTR SS:[EBP-30] ; |
0046797B |. 52 |PUSH EDX ; |s
0046797C |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467982 |. 83C4 08 |ADD ESP,8
00467985 |. EB 1B |JMP SHORT Ekd5.004679A2
00467987 |> 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
0046798A |. 33C9 |XOR ECX,ECX
0046798C |. 8A48 02 |MOV CL,BYTE PTR DS:[EAX+2]
0046798F |. 51 |PUSH ECX ; /<%u>
00467990 |. 68 D4E64800 |PUSH Ekd5.0048E6D4 ; |Format = "%u"
00467995 |. 8D55 D0 |LEA EDX,DWORD PTR SS:[EBP-30] ; |
00467998 |. 52 |PUSH EDX ; |s
00467999 |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
0046799F |. 83C4 0C |ADD ESP,0C
004679A2 |> E9 30040000 |JMP Ekd5.00467DD7
004679A7 |> 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
004679AA |. 33C9 |XOR ECX,ECX
004679AC |. 8A08 |MOV CL,BYTE PTR DS:[EAX]
004679AE |. 6BC9 19 |IMUL ECX,ECX,19
004679B1 |. 81C1 C0F44A00 |ADD ECX,Ekd5.004AF4C0
004679B7 |. E8 2E4DFAFF |CALL Ekd5.0040C6EA
004679BC |. 25 FF000000 |AND EAX,0FF
004679C1 |. 83F8 02 |CMP EAX,2
004679C4 |. 75 14 |JNZ SHORT Ekd5.004679DA
004679C6 |. 68 D8E64800 |PUSH Ekd5.0048E6D8 ; /Format = "--"
004679CB |. 8D55 D0 |LEA EDX,DWORD PTR SS:[EBP-30] ; |
004679CE |. 52 |PUSH EDX ; |s
004679CF |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
004679D5 |. 83C4 08 |ADD ESP,8
004679D8 |. EB 3F |JMP SHORT Ekd5.00467A19
004679DA |> 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
004679DD |. 33C9 |XOR ECX,ECX
004679DF |. 8A48 03 |MOV CL,BYTE PTR DS:[EAX+3]
004679E2 |. 81F9 FF000000 |CMP ECX,0FF
004679E8 |. 75 14 |JNZ SHORT Ekd5.004679FE
004679EA |. 68 D46A4800 |PUSH Ekd5.00486AD4 ; /Format = "MAX"
004679EF |. 8D55 D0 |LEA EDX,DWORD PTR SS:[EBP-30] ; |
004679F2 |. 52 |PUSH EDX ; |s
004679F3 |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
004679F9 |. 83C4 08 |ADD ESP,8
004679FC |. EB 1B |JMP SHORT Ekd5.00467A19
004679FE |> 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00467A01 |. 33C9 |XOR ECX,ECX
00467A03 |. 8A48 03 |MOV CL,BYTE PTR DS:[EAX+3]
00467A06 |. 51 |PUSH ECX ; /<%u>
00467A07 |. 68 DCE64800 |PUSH Ekd5.0048E6DC ; |Format = "%u"
00467A0C |. 8D55 D0 |LEA EDX,DWORD PTR SS:[EBP-30] ; |
00467A0F |. 52 |PUSH EDX ; |s
00467A10 |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467A16 |. 83C4 0C |ADD ESP,0C
00467A19 |> E9 B9030000 |JMP Ekd5.00467DD7
00467A1E |> 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00467A21 |. 33C9 |XOR ECX,ECX
00467A23 |. 8A08 |MOV CL,BYTE PTR DS:[EAX]
00467A25 |. 6BC9 19 |IMUL ECX,ECX,19
00467A28 |. 81C1 C0F44A00 |ADD ECX,Ekd5.004AF4C0
00467A2E |. E8 074CFAFF |CALL Ekd5.0040C63A
00467A33 |. 25 FF000000 |AND EAX,0FF
00467A38 |. 8B1485 18BC48>|MOV EDX,DWORD PTR DS:[EAX*4+48BC18]
00467A3F |. 52 |PUSH EDX ; |Format
00467A40 |. 8D45 D0 |LEA EAX,DWORD PTR SS:[EBP-30] ; |
00467A43 |. 50 |PUSH EAX ; |s
00467A44 |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467A4A |. 83C4 08 |ADD ESP,8
00467A4D |. E9 85030000 |JMP Ekd5.00467DD7
00467A52 |> 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00467A55 |. 33D2 |XOR EDX,EDX
00467A57 |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
00467A59 |. 8BCA |MOV ECX,EDX
00467A5B |. 6BC9 19 |IMUL ECX,ECX,19
00467A5E |. 81C1 C0F44A00 |ADD ECX,Ekd5.004AF4C0
00467A64 |. E8 A94DFAFF |CALL Ekd5.0040C812
00467A69 |. 25 FF000000 |AND EAX,0FF
00467A6E |. 8B0485 C0BF48>|MOV EAX,DWORD PTR DS:[EAX*4+48BFC0]
00467A75 |. 50 |PUSH EAX ; |Format
00467A76 |. 8D4D D0 |LEA ECX,DWORD PTR SS:[EBP-30] ; |
00467A79 |. 51 |PUSH ECX ; |s
00467A7A |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467A80 |. 83C4 08 |ADD ESP,8
00467A83 |. E9 4F030000 |JMP Ekd5.00467DD7
00467A88 |> 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00467A8B |. 8A42 02 |MOV AL,BYTE PTR DS:[EDX+2]
00467A8E |. 50 |PUSH EAX ; /Arg3
00467A8F |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4] ; |
00467A92 |. 33D2 |XOR EDX,EDX ; |
00467A94 |. 8A11 |MOV DL,BYTE PTR DS:[ECX] ; |
00467A96 |. 52 |PUSH EDX ; |Arg2
00467A97 |. 8D45 D0 |LEA EAX,DWORD PTR SS:[EBP-30] ; |
00467A9A |. 50 |PUSH EAX ; |Arg1
00467A9B |. E8 5FA6FFFF |CALL Ekd5.004620FF ; \Ekd5.004620FF
00467AA0 |. 83C4 0C |ADD ESP,0C
00467AA3 |. E9 2F030000 |JMP Ekd5.00467DD7
00467AA8 |> 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8]
00467AAB |. 8B51 08 |MOV EDX,DWORD PTR DS:[ECX+8]
00467AAE |. 52 |PUSH EDX
00467AAF |. 8B45 98 |MOV EAX,DWORD PTR SS:[EBP-68]
00467AB2 |. 8B10 |MOV EDX,DWORD PTR DS:[EAX]
00467AB4 |. 8B4D 98 |MOV ECX,DWORD PTR SS:[EBP-68]
00467AB7 |. FF52 20 |CALL DWORD PTR DS:[EDX+20]
00467ABA |. 85C0 |TEST EAX,EAX
00467ABC |. 75 3A |JNZ SHORT Ekd5.00467AF8
00467ABE |. B9 70074B00 |MOV ECX,Ekd5.004B0770
00467AC3 |. E8 0867FAFF |CALL Ekd5.0040E1D0
00467AC8 |. 8BF0 |MOV ESI,EAX
00467ACA |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00467ACD |. 33C9 |XOR ECX,ECX
00467ACF |. 8A08 |MOV CL,BYTE PTR DS:[EAX]
00467AD1 |. 6BC9 19 |IMUL ECX,ECX,19
00467AD4 |. 81C1 C0F44A00 |ADD ECX,Ekd5.004AF4C0
00467ADA |. E8 9165FAFF |CALL Ekd5.0040E070
00467ADF |. 3BF0 |CMP ESI,EAX
00467AE1 |. 73 15 |JNB SHORT Ekd5.00467AF8
00467AE3 |. 68 80000000 |PUSH 80 ; /Color = <RED>
00467AE8 |. 8B55 08 |MOV EDX,DWORD PTR SS:[EBP+8] ; |
00467AEB |. 8B42 18 |MOV EAX,DWORD PTR DS:[EDX+18] ; |
00467AEE |. 50 |PUSH EAX ; |hDC
00467AEF |. FF15 84604800 |CALL DWORD PTR DS:[<&GDI32.SetTextColor>; \SetTextColor
00467AF5 |. 8945 9C |MOV DWORD PTR SS:[EBP-64],EAX
00467AF8 |> 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00467AFB |. 33D2 |XOR EDX,EDX
00467AFD |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
00467AFF |. 8BCA |MOV ECX,EDX
00467B01 |. 6BC9 19 |IMUL ECX,ECX,19
00467B04 |. 81C1 C0F44A00 |ADD ECX,Ekd5.004AF4C0
00467B0A |. E8 6165FAFF |CALL Ekd5.0040E070
00467B0F |. 50 |PUSH EAX ; /<%u>
00467B10 |. 68 E0E64800 |PUSH Ekd5.0048E6E0 ; |Format = "%u"
00467B15 |. 8D45 D0 |LEA EAX,DWORD PTR SS:[EBP-30] ; |
00467B18 |. 50 |PUSH EAX ; |s
00467B19 |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467B1F |. 83C4 0C |ADD ESP,0C
00467B22 |. E9 B0020000 |JMP Ekd5.00467DD7
00467B27 |> 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00467B2A |. 8A51 02 |MOV DL,BYTE PTR DS:[ECX+2]
00467B2D |. 52 |PUSH EDX ; /Arg1
00467B2E |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4] ; |
00467B31 |. 33C9 |XOR ECX,ECX ; |
00467B33 |. 8A08 |MOV CL,BYTE PTR DS:[EAX] ; |
00467B35 |. 6BC9 19 |IMUL ECX,ECX,19 ; |
00467B38 |. 81C1 C0F44A00 |ADD ECX,Ekd5.004AF4C0 ; |
00467B3E |. E8 664CFAFF |CALL Ekd5.0040C7A9 ; \Ekd5.0040C7A9
00467B43 |. 3D FFFF0000 |CMP EAX,0FFFF
00467B48 |. 75 44 |JNZ SHORT Ekd5.00467B8E
00467B4A |. 8B55 08 |MOV EDX,DWORD PTR SS:[EBP+8]
00467B4D |. 8B42 08 |MOV EAX,DWORD PTR DS:[EDX+8]
00467B50 |. 50 |PUSH EAX
00467B51 |. 8B4D 98 |MOV ECX,DWORD PTR SS:[EBP-68]
00467B54 |. 8B11 |MOV EDX,DWORD PTR DS:[ECX]
00467B56 |. 8B4D 98 |MOV ECX,DWORD PTR SS:[EBP-68]
00467B59 |. FF52 20 |CALL DWORD PTR DS:[EDX+20]
00467B5C |. 85C0 |TEST EAX,EAX
00467B5E |. 75 15 |JNZ SHORT Ekd5.00467B75
00467B60 |. 68 80000000 |PUSH 80 ; /Color = <RED>
00467B65 |. 8B45 08 |MOV EAX,DWORD PTR SS:[EBP+8] ; |
00467B68 |. 8B48 18 |MOV ECX,DWORD PTR DS:[EAX+18] ; |
00467B6B |. 51 |PUSH ECX ; |hDC
00467B6C |. FF15 84604800 |CALL DWORD PTR DS:[<&GDI32.SetTextColor>; \SetTextColor
00467B72 |. 8945 9C |MOV DWORD PTR SS:[EBP-64],EAX
00467B75 |> 68 E4E64800 |PUSH Ekd5.0048E6E4 ; /<%s> = "---"
00467B7A |. 68 E8E64800 |PUSH Ekd5.0048E6E8 ; |Format = "%s"
00467B7F |. 8D55 D0 |LEA EDX,DWORD PTR SS:[EBP-30] ; |
00467B82 |. 52 |PUSH EDX ; |s
00467B83 |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467B89 |. 83C4 0C |ADD ESP,0C
00467B8C |. EB 31 |JMP SHORT Ekd5.00467BBF
00467B8E |> 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00467B91 |. 8A48 02 |MOV CL,BYTE PTR DS:[EAX+2]
00467B94 |. 51 |PUSH ECX ; /Arg1
00467B95 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4] ; |
00467B98 |. 33C0 |XOR EAX,EAX ; |
00467B9A |. 8A02 |MOV AL,BYTE PTR DS:[EDX] ; |
00467B9C |. 8BC8 |MOV ECX,EAX ; |
00467B9E |. 6BC9 19 |IMUL ECX,ECX,19 ; |
00467BA1 |. 81C1 C0F44A00 |ADD ECX,Ekd5.004AF4C0 ; |
00467BA7 |. E8 FD4BFAFF |CALL Ekd5.0040C7A9 ; \Ekd5.0040C7A9
00467BAC |. 50 |PUSH EAX ; /<%u>
00467BAD |. 68 ECE64800 |PUSH Ekd5.0048E6EC ; |Format = "%u"
00467BB2 |. 8D4D D0 |LEA ECX,DWORD PTR SS:[EBP-30] ; |
00467BB5 |. 51 |PUSH ECX ; |s
00467BB6 |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467BBC |. 83C4 0C |ADD ESP,0C
00467BBF |> E9 13020000 |JMP Ekd5.00467DD7
00467BC4 |> 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00467BC7 |. 33C0 |XOR EAX,EAX
00467BC9 |. 8A02 |MOV AL,BYTE PTR DS:[EDX]
00467BCB |. 8BC8 |MOV ECX,EAX
00467BCD |. 6BC9 19 |IMUL ECX,ECX,19
00467BD0 |. 81C1 C0F44A00 |ADD ECX,Ekd5.004AF4C0
00467BD6 |. E8 4F4BFAFF |CALL Ekd5.0040C72A
00467BDB |. 85C0 |TEST EAX,EAX
00467BDD |. 74 2A |JE SHORT Ekd5.00467C09
00467BDF |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00467BE2 |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
00467BE4 |. 52 |PUSH EDX ; /Arg1
00467BE5 |. B9 70074B00 |MOV ECX,Ekd5.004B0770 ; |
00467BEA |. E8 4C5BFAFF |CALL Ekd5.0040D73B ; \Ekd5.0040D73B
00467BEF |. 25 FF000000 |AND EAX,0FF
00467BF4 |. 50 |PUSH EAX ; /<%u>
00467BF5 |. 68 F0E64800 |PUSH Ekd5.0048E6F0 ; |Format = "%u"
00467BFA |. 8D45 D0 |LEA EAX,DWORD PTR SS:[EBP-30] ; |
00467BFD |. 50 |PUSH EAX ; |s
00467BFE |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467C04 |. 83C4 0C |ADD ESP,0C
00467C07 |. EB 28 |JMP SHORT Ekd5.00467C31
00467C09 |> 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00467C0C |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
00467C0E |. 52 |PUSH EDX ; /Arg1
00467C0F |. B9 70074B00 |MOV ECX,Ekd5.004B0770 ; |
00467C14 |. E8 255FFAFF |CALL Ekd5.0040DB3E ; \Ekd5.0040DB3E
00467C19 |. 25 FF000000 |AND EAX,0FF
00467C1E |. 50 |PUSH EAX ; /<%u>
00467C1F |. 68 F4E64800 |PUSH Ekd5.0048E6F4 ; |Format = "%u"
00467C24 |. 8D45 D0 |LEA EAX,DWORD PTR SS:[EBP-30] ; |
00467C27 |. 50 |PUSH EAX ; |s
00467C28 |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467C2E |. 83C4 0C |ADD ESP,0C
00467C31 |> E9 A1010000 |JMP Ekd5.00467DD7
00467C36 |> 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00467C39 |. 33D2 |XOR EDX,EDX
00467C3B |. 8A11 |MOV DL,BYTE PTR DS:[ECX]
00467C3D |. 8BCA |MOV ECX,EDX
00467C3F |. 6BC9 19 |IMUL ECX,ECX,19
00467C42 |. 81C1 C0F44A00 |ADD ECX,Ekd5.004AF4C0
00467C48 |. E8 DD4AFAFF |CALL Ekd5.0040C72A
00467C4D |. 85C0 |TEST EAX,EAX
00467C4F |. 74 44 |JE SHORT Ekd5.00467C95
00467C51 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00467C54 |. 8A08 |MOV CL,BYTE PTR DS:[EAX]
00467C56 |. 51 |PUSH ECX ; /Arg1
00467C57 |. B9 70074B00 |MOV ECX,Ekd5.004B0770 ; |
00467C5C |. E8 DA5AFAFF |CALL Ekd5.0040D73B ; \Ekd5.0040D73B
00467C61 |. 8AD8 |MOV BL,AL
00467C63 |. 81E3 FF000000 |AND EBX,0FF
00467C69 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00467C6C |. 33C0 |XOR EAX,EAX
00467C6E |. 8A02 |MOV AL,BYTE PTR DS:[EDX]
00467C70 |. 50 |PUSH EAX ; /Arg1
00467C71 |. E8 00FAFFFF |CALL Ekd5.00467676 ; \Ekd5.00467676
00467C76 |. 83C4 04 |ADD ESP,4
00467C79 |. 25 FF000000 |AND EAX,0FF
00467C7E |. 03D8 |ADD EBX,EAX
00467C80 |. 53 |PUSH EBX ; /<%u>
00467C81 |. 68 F8E64800 |PUSH Ekd5.0048E6F8 ; |Format = "%u"
00467C86 |. 8D4D D0 |LEA ECX,DWORD PTR SS:[EBP-30] ; |
00467C89 |. 51 |PUSH ECX ; |s
00467C8A |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467C90 |. 83C4 0C |ADD ESP,0C
00467C93 |. EB 28 |JMP SHORT Ekd5.00467CBD
00467C95 |> 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00467C98 |. 8A02 |MOV AL,BYTE PTR DS:[EDX]
00467C9A |. 50 |PUSH EAX ; /Arg1
00467C9B |. B9 70074B00 |MOV ECX,Ekd5.004B0770 ; |
00467CA0 |. E8 995EFAFF |CALL Ekd5.0040DB3E ; \Ekd5.0040DB3E
00467CA5 |. 25 FF000000 |AND EAX,0FF
00467CAA |. 50 |PUSH EAX ; /<%u>
00467CAB |. 68 FCE64800 |PUSH Ekd5.0048E6FC ; |Format = "%u"
00467CB0 |. 8D4D D0 |LEA ECX,DWORD PTR SS:[EBP-30] ; |
00467CB3 |. 51 |PUSH ECX ; |s
00467CB4 |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467CBA |. 83C4 0C |ADD ESP,0C
00467CBD |> E9 15010000 |JMP Ekd5.00467DD7
00467CC2 |> 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00467CC5 |. 837A 04 00 |CMP DWORD PTR DS:[EDX+4],0
00467CC9 |. 74 14 |JE SHORT Ekd5.00467CDF
00467CCB |. 68 00E74800 |PUSH Ekd5.0048E700 ; /Format = "○"
00467CD0 |. 8D45 D0 |LEA EAX,DWORD PTR SS:[EBP-30] ; |
00467CD3 |. 50 |PUSH EAX ; |s
00467CD4 |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467CDA |. 83C4 08 |ADD ESP,8
00467CDD |. EB 3D |JMP SHORT Ekd5.00467D1C
00467CDF |> 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8]
00467CE2 |. 8B51 08 |MOV EDX,DWORD PTR DS:[ECX+8]
00467CE5 |. 52 |PUSH EDX
00467CE6 |. 8B45 98 |MOV EAX,DWORD PTR SS:[EBP-68]
00467CE9 |. 8B10 |MOV EDX,DWORD PTR DS:[EAX]
00467CEB |. 8B4D 98 |MOV ECX,DWORD PTR SS:[EBP-68]
00467CEE |. FF52 20 |CALL DWORD PTR DS:[EDX+20]
00467CF1 |. 85C0 |TEST EAX,EAX
00467CF3 |. 75 15 |JNZ SHORT Ekd5.00467D0A
00467CF5 |. 68 80000000 |PUSH 80 ; /Color = <RED>
00467CFA |. 8B45 08 |MOV EAX,DWORD PTR SS:[EBP+8] ; |
00467CFD |. 8B48 18 |MOV ECX,DWORD PTR DS:[EAX+18] ; |
00467D00 |. 51 |PUSH ECX ; |hDC
00467D01 |. FF15 84604800 |CALL DWORD PTR DS:[<&GDI32.SetTextColor>; \SetTextColor
00467D07 |. 8945 9C |MOV DWORD PTR SS:[EBP-64],EAX
00467D0A |> 68 04E74800 |PUSH Ekd5.0048E704 ; /Format = "×"
00467D0F |. 8D55 D0 |LEA EDX,DWORD PTR SS:[EBP-30] ; |
00467D12 |. 52 |PUSH EDX ; |s
00467D13 |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467D19 |. 83C4 08 |ADD ESP,8
00467D1C |> E9 B6000000 |JMP Ekd5.00467DD7
00467D21 |> 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00467D24 |. 8378 08 FF |CMP DWORD PTR DS:[EAX+8],-1
00467D28 |. 75 2F |JNZ SHORT Ekd5.00467D59
00467D2A |. 837D F8 00 |CMP DWORD PTR SS:[EBP-8],0
00467D2E |. 75 15 |JNZ SHORT Ekd5.00467D45
00467D30 |. 68 80000000 |PUSH 80 ; /Color = <RED>
00467D35 |. 8B4D 08 |MOV ECX,DWORD PTR SS:[EBP+8] ; |
00467D38 |. 8B51 18 |MOV EDX,DWORD PTR DS:[ECX+18] ; |
00467D3B |. 52 |PUSH EDX ; |hDC
00467D3C |. FF15 84604800 |CALL DWORD PTR DS:[<&GDI32.SetTextColor>; \SetTextColor
00467D42 |. 8945 9C |MOV DWORD PTR SS:[EBP-64],EAX
00467D45 |> 68 B86E4800 |PUSH Ekd5.00486EB8 ; /Format = "仓库"
00467D4A |. 8D45 D0 |LEA EAX,DWORD PTR SS:[EBP-30] ; |
00467D4D |. 50 |PUSH EAX ; |s
00467D4E |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467D54 |. 83C4 08 |ADD ESP,8
00467D57 |. EB 22 |JMP SHORT Ekd5.00467D7B
00467D59 |> 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00467D5C |. 8B49 08 |MOV ECX,DWORD PTR DS:[ECX+8]
00467D5F |. 6BC9 48 |IMUL ECX,ECX,48
00467D62 |. 81C1 0000D600 |ADD ECX,0D60000
00467D68 |. E8 EAF9F9FF |CALL Ekd5.00407757
00467D6D |. 50 |PUSH EAX ; |Format
00467D6E |. 8D55 D0 |LEA EDX,DWORD PTR SS:[EBP-30] ; |
00467D71 |. 52 |PUSH EDX ; |s
00467D72 |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467D78 |. 83C4 08 |ADD ESP,8
00467D7B |> EB 5A |JMP SHORT Ekd5.00467DD7
00467D7D |> 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00467D80 |. 33C9 |XOR ECX,ECX
00467D82 |. 8A08 |MOV CL,BYTE PTR DS:[EAX]
00467D84 |. 6BC9 19 |IMUL ECX,ECX,19
00467D87 |. 81C1 C0F44A00 |ADD ECX,Ekd5.004AF4C0
00467D8D |. E8 DC49FAFF |CALL Ekd5.0040C76E
00467D92 |. 85C0 |TEST EAX,EAX
00467D94 |. 74 2F |JE SHORT Ekd5.00467DC5
00467D96 |. 837D F8 00 |CMP DWORD PTR SS:[EBP-8],0
00467D9A |. 75 15 |JNZ SHORT Ekd5.00467DB1
00467D9C |. 68 80000000 |PUSH 80 ; /Color = <RED>
00467DA1 |. 8B55 08 |MOV EDX,DWORD PTR SS:[EBP+8] ; |
00467DA4 |. 8B42 18 |MOV EAX,DWORD PTR DS:[EDX+18] ; |
00467DA7 |. 50 |PUSH EAX ; |hDC
00467DA8 |. FF15 84604800 |CALL DWORD PTR DS:[<&GDI32.SetTextColor>; \SetTextColor
00467DAE |. 8945 9C |MOV DWORD PTR SS:[EBP-64],EAX
00467DB1 |> 68 C06E4800 |PUSH Ekd5.00486EC0 ; /Format = "有"
00467DB6 |. 8D4D D0 |LEA ECX,DWORD PTR SS:[EBP-30] ; |
00467DB9 |. 51 |PUSH ECX ; |s
00467DBA |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467DC0 |. 83C4 08 |ADD ESP,8
00467DC3 |. EB 12 |JMP SHORT Ekd5.00467DD7
00467DC5 |> 68 C46E4800 |PUSH Ekd5.00486EC4 ; /Format = "无"
00467DCA |. 8D55 D0 |LEA EDX,DWORD PTR SS:[EBP-30] ; |
00467DCD |. 52 |PUSH EDX ; |s
00467DCE |. FF15 C0624800 |CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
00467DD4 |. 83C4 08 |ADD ESP,8
00467DD7 |> 8B45 F4 |MOV EAX,DWORD PTR SS:[EBP-C]
00467DDA |. 50 |PUSH EAX ; /Arg4
00467DDB |. 8D4D C0 |LEA ECX,DWORD PTR SS:[EBP-40] ; |
00467DDE |. 51 |PUSH ECX ; |Arg3
00467DDF |. 8D55 D0 |LEA EDX,DWORD PTR SS:[EBP-30] ; |
00467DE2 |. 52 |PUSH EDX ; |Arg2
00467DE3 |. 8B45 08 |MOV EAX,DWORD PTR SS:[EBP+8] ; |
00467DE6 |. 50 |PUSH EAX ; |Arg1
00467DE7 |. 8B4D 98 |MOV ECX,DWORD PTR SS:[EBP-68] ; |
00467DEA |. E8 73CFFFFF |CALL Ekd5.00464D62 ; \Ekd5.00464D62
00467DEF |. 8B4D C8 |MOV ECX,DWORD PTR SS:[EBP-38]
00467DF2 |. 83C1 05 |ADD ECX,5
00467DF5 |. 894D C0 |MOV DWORD PTR SS:[EBP-40],ECX
00467DF8 |. 837D 9C FF |CMP DWORD PTR SS:[EBP-64],-1
00467DFC |. 74 18 |JE SHORT Ekd5.00467E16
00467DFE |. 8B55 9C |MOV EDX,DWORD PTR SS:[EBP-64]
00467E01 |. 52 |PUSH EDX ; /Color
00467E02 |. 8B45 08 |MOV EAX,DWORD PTR SS:[EBP+8] ; |
00467E05 |. 8B48 18 |MOV ECX,DWORD PTR DS:[EAX+18] ; |
00467E08 |. 51 |PUSH ECX ; |hDC
00467E09 |. FF15 84604800 |CALL DWORD PTR DS:[<&GDI32.SetTextColor>; \SetTextColor
00467E0F |. C745 9C FFFFF>|MOV DWORD PTR SS:[EBP-64],-1
00467E16 |>^ E9 D5F9FFFF \JMP Ekd5.004677F0
00467E1B |> 5E POP ESI
00467E1C |. 5B POP EBX
00467E1D |. 8BE5 MOV ESP,EBP
00467E1F |. 5D POP EBP
00467E20 \. C2 0400 RETN 4
00467E23 . B9784600 DD Ekd5.004678B9 ; 分支表 被用于 004678B2
00467E27 . 54794600 DD Ekd5.00467954
00467E2B . A7794600 DD Ekd5.004679A7
00467E2F . 1E7A4600 DD Ekd5.00467A1E
00467E33 . 527A4600 DD Ekd5.00467A52
00467E37 . 887A4600 DD Ekd5.00467A88
00467E3B . A87A4600 DD Ekd5.00467AA8
00467E3F . 367C4600 DD Ekd5.00467C36
00467E43 . C27C4600 DD Ekd5.00467CC2
00467E47 . 277B4600 DD Ekd5.00467B27
00467E4B . 7D7D4600 DD Ekd5.00467D7D
00467E4F . C47B4600 DD Ekd5.00467BC4
00467E53 . 217D4600 DD Ekd5.00467D21
作者:
岱瀛 时间: 2007-12-30 21:50 标题: 道具属性
总共有76种道具属性,每个道具可以有两个不同的属性.
三个道具加在一起,还是有很多的变化的.
总结了一下道具属性的编码,不知道会不会对其他作设计的同仁有参考价值.
0 普通剑 加攻击力
1 特殊剑 加攻击力
2 普通枪 加攻击力
3 特殊枪 加攻击力
4 普通弓 加攻击力
5 特殊弓 加攻击力
6 普通棍 加攻击力
7 特殊棍 加攻击力
8 普通投石机 加攻击力
9 特殊投石机 加攻击力
10 普通扇 加精神力 (0A)
11 特殊扇 加精神力 (0
12 普通宝剑 加精神力 (0C)
13 特殊宝剑 加精神力 (0D)
14 普通铠甲 加防御力
15 特殊铠甲 加防御力
16 普通衣服 加防御力
17 特殊衣服 加防御力
18 每回合恢复HP(百分数)
19 每回合恢复MP(百分数)
20 每回合恢复状态
21 每回合获得Exp(整数)
22 每回合获得武器Exp(整数)
23 每回合获得道具Exp(整数)
24 辅助攻击力(整数)
25 辅助精神力(整数)
26 辅助防御力(整数)
27 辅助爆发力(整数)
28 辅助运气(整数)
29 辅助HP增加(整数)
30 辅助MP增加(整数)
31 辅助获得Exp(十分数)
32 辅助移动力(整数)
33 突击移动
34 恶路移动
35 混乱攻击
36 中毒攻击
37 麻痹攻击
38 封杀策略
39 辅助攻击命中(百分数)
40 反击后反击
41 致命一击攻击
42 远距离攻击(没羽箭)
43 穿透效果
44 无反击攻击
45 骑马攻击(百分数)
46 引导攻击
47 辅助火类策略(百分数)
48 辅助风类策略(百分数)
49 节约MP(百分数)
50 召唤策略
51 策略模仿
52 辅助策略命中(百分数)
53 辅助攻击防御(百分数)
54 辅助策略防御(百分数)
55 辅助全防御
56 防御远程攻击
57 防止致命一击
58 防止二次攻击
59 减轻策略损伤(百分数)
60 mp辅助防御
61 减轻远距离损伤(百分数)
62 自动使用道具
63 消耗获取HP(整数)
64 消耗获取MP(整数)
65 消耗治疗混乱
66 消耗治疗中毒
67 消耗治疗麻痹
68 消耗治疗禁咒
69 消耗治疗一切异常
70 武力上升(整数)
71 智力上升(整数)
72 统帅上升(整数)
73 敏捷上升(整数)
74 士气上升(整数)
75 等级上升
76 兵种上升
从004A1140开始是武器等的本质属性的开始
004A1140-004A114F一共可以显示八个汉字 (16字节)
+10 结束符号
+11 武器类型
+12 价钱
+13 宝物图标
+14 特殊效果
+15 武器1级是多少值
+16 特殊效果值
+17 升一级加多少值
+18 是否特殊宝物(是就是1)
作者:
岱瀛 时间: 2007-12-30 21:51 标题: 读取确切存档的函数
0041A347 /$ 55 PUSH EBP
0041A348 |. 8BEC MOV EBP,ESP
0041A34A |. 6A FF PUSH -1
0041A34C |. 68 B2514800 PUSH Ekd5.004851B2 ; SE 处理程序安装
0041A351 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
0041A357 |. 50 PUSH EAX
0041A358 |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
0041A35F |. 81EC 88020000 SUB ESP,288
0041A365 |. B9 30694B00 MOV ECX,Ekd5.004B6930
0041A36A |. E8 21200000 CALL Ekd5.0041C390
0041A36F |. 85C0 TEST EAX,EAX
0041A371 |. 74 04 JE SHORT Ekd5.0041A377
0041A373 |. 33C0 XOR EAX,EAX
0041A375 |. EB 74 JMP SHORT Ekd5.0041A3EB
0041A377 |> 8D8D 74FDFFFF LEA ECX,DWORD PTR SS:[EBP-28C]
0041A37D |. E8 DE1E0000 CALL Ekd5.0041C260
0041A382 |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0041A389 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0041A38B |. 8D8D 74FDFFFF LEA ECX,DWORD PTR SS:[EBP-28C] ; |
0041A391 |. E8 464C0500 CALL Ekd5.0046EFDC ; \Ekd5.0046EFDC
0041A396 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX ; 读到第几个存档
0041A399 |. 837D F0 00 CMP DWORD PTR SS:[EBP-10],0 ; 保证在0到10之间
0041A39D |. 7C 06 JL SHORT Ekd5.0041A3A5
0041A39F |. 837D F0 0A CMP DWORD PTR SS:[EBP-10],0A
0041A3A3 |. 7C 24 JL SHORT Ekd5.0041A3C9
0041A3A5 |> C785 70FDFFFF>MOV DWORD PTR SS:[EBP-290],0
0041A3AF |. C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0041A3B6 |. 8D8D 74FDFFFF LEA ECX,DWORD PTR SS:[EBP-28C]
0041A3BC |. E8 CF1E0000 CALL Ekd5.0041C290
0041A3C1 |. 8B85 70FDFFFF MOV EAX,DWORD PTR SS:[EBP-290]
0041A3C7 |. EB 22 JMP SHORT Ekd5.0041A3EB
0041A3C9 |> C785 6CFDFFFF>MOV DWORD PTR SS:[EBP-294],1
0041A3D3 |. C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0041A3DA |. 8D8D 74FDFFFF LEA ECX,DWORD PTR SS:[EBP-28C]
0041A3E0 |. E8 AB1E0000 CALL Ekd5.0041C290
0041A3E5 |. 8B85 6CFDFFFF MOV EAX,DWORD PTR SS:[EBP-294]
0041A3EB |> 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
0041A3EE |. 64:890D 00000>MOV DWORD PTR FS:[0],ECX
0041A3F5 |. 8BE5 MOV ESP,EBP
0041A3F7 |. 5D POP EBP
0041A3F8 \. C3 RETN
作者:
岱瀛 时间: 2007-12-30 21:52 标题: 设置文件指针的函数
004191AF /$ 55 PUSH EBP
004191B0 |. 8BEC MOV EBP,ESP
004191B2 |. 83EC 0C SUB ESP,0C
004191B5 |. 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
004191B8 |. C745 FC 00000000 MOV DWORD PTR SS:[EBP-4],0
004191BF |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
004191C2 |. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
004191C5 |. 837D F4 00 CMP DWORD PTR SS:[EBP-C],0
004191C9 |. 74 0E JE SHORT Ekd5.004191D9
004191CB |. 837D F4 01 CMP DWORD PTR SS:[EBP-C],1
004191CF |. 74 11 JE SHORT Ekd5.004191E2
004191D1 |. 837D F4 02 CMP DWORD PTR SS:[EBP-C],2
004191D5 |. 74 14 JE SHORT Ekd5.004191EB
004191D7 |. EB 1B JMP SHORT Ekd5.004191F4
004191D9 |> C745 FC 00000000 MOV DWORD PTR SS:[EBP-4],0
004191E0 |. EB 19 JMP SHORT Ekd5.004191FB
004191E2 |> C745 FC 01000000 MOV DWORD PTR SS:[EBP-4],1
004191E9 |. EB 10 JMP SHORT Ekd5.004191FB
004191EB |> C745 FC 02000000 MOV DWORD PTR SS:[EBP-4],2
004191F2 |. EB 07 JMP SHORT Ekd5.004191FB
004191F4 |> C745 FC 00000000 MOV DWORD PTR SS:[EBP-4],0
004191FB |> 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
004191FE |. 8339 00 CMP DWORD PTR DS:[ECX],0
00419201 |. 74 16 JE SHORT Ekd5.00419219
00419203 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
00419206 |. 52 PUSH EDX ; /Origin
00419207 |. 6A 00 PUSH 0 ; |pOffsetHi = NULL
00419209 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; |
0041920C |. 50 PUSH EAX ; |OffsetLo
0041920D |. 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] ; |
00419210 |. 8B11 MOV EDX,DWORD PTR DS:[ECX] ; |
00419212 |. 52 PUSH EDX ; |hFile
00419213 |. FF15 04614800 CALL DWORD PTR DS:[<&KERNEL32.SetFilePo>; \SetFilePointer
00419219 |> 8BE5 MOV ESP,EBP
0041921B |. 5D POP EBP
0041921C \. C2 0800 RETN 8
作者:
岱瀛 时间: 2007-12-30 22:05 标题: 一些内存信息(这个对很多新功能的代码修改非常有用)
内存 :
48B350 gCharIndexInBattle_Self
4927F0 [ECX]攻击武将的战场编号
[ECX+1]是被攻击武将的战场编号
[ECX+4]是攻击武将的Data序号
[ECX+8]是攻击武将Data内存地址
[ECX+C]是攻击武将战场内存地址
[ECX+10]是被攻击武将的战场编号
4AAB68 与地图有关
4AC748 存放了一组战场形象编号的地址
4AEB38
4AF4C0-4AF4C9开始是法术名称,一共5个汉字.004AF4CA都是00 结束符
4AF4CB地址的00是施加于敌我的属性,00表示是对敌方(01对己方,没找到相关的实际意义,可以不用改)
4AF4CC的0d是攻击范围,从01到0f(同兵种的攻击范围)
4AF4CD是攻击效果范围00,从00到09
4AF4CE是消耗的mp值
4AF4CF的00是效果描述从00到1b(就是法术属性,不过是非本质的改变,这个对于芭蕉扇和五火神焰扇的解释及修改是有帮助的),法术的本质属性修改"在EKD5.exe中的00024d7f处,从00~1D是不同魔法的效果和对应位置"
4AF4D0的00是法术图标(从00到1e,可以根据前者的修改适当调整)
后面的地址004AF4D1-004AF505是代表从群雄到百姓按照兵种代码的顺序,学会该法术的等级,如果是00代表不能学会.
4B077C是金钱的地址
4B0783开始,每三位是一种武器或者防具或者辅助,一直到004B09DA为止,可以自己随便设置,代码见附1.
对于武器和防具第一位为代码,第二位为等级,第三位为该物品的经验值.对于辅助第一位为代码,第二位是ff,第三位是00.
4B0782是忠奸度
4B09F0~4B0924 是15个出场人物的位置
4B0924~4B0960 是15个强制不出场的位置
4B2C20 存放最终移动目标地址 (横坐标,后面那个是纵坐标)
4B422C 内应该是放了地图的最大横坐标
4B422D 内应该是放了地图的最大纵坐标
4b2c50开始 0x24字节一人
武将ecx值第一个是Data序号
+4的内容就是战场形象编号
+5是是否属于我方,00代表我军,01是友军,大于02是敌军
+6战场横坐标(左到右数)
+7战场纵坐标(上到下数)
+8 ????????
+9移动目标纵坐标(上到下数) ???????? 函数43b490
+A移动目标横坐标(上到下数)
+B
+C ???????? 函数418c90 (应该是控制武将是否可见且未撤退 01不可见,02可见,03撤退)
+D是否行动的判断, 0表示未行动,其他表示已行动
+E是否能被玩家直接控制,07表示可控 (只能控制友军是否可控)
+F表示人物朝向,数值是0(上),1(右),2(下),3(左)
+10表示hpcur
+14表示mpcur
+18表示人物攻击状态,03为正常状态,大于03为提升,小于03为衰弱.
+19 防
+1a 精
+1b 敏
+1c 士
+1d 移
+1e表示人物健康状态:00和01代表正常,02和03是麻痹,04和05是禁咒,06和07是麻痹加禁咒,08和09是混乱,0a和0b是麻痹加混乱,0c和0d是禁咒加混乱,0e和0f是混乱加麻痹加禁咒.10和11是中毒,12和13是麻痹加中毒,14和15是禁咒加中毒,16和17是麻痹加禁咒加中毒,18和19是混乱加中毒,1a和1b是麻痹加混乱加中毒,1c和1d是禁咒加混乱加中毒,1e和1f是禁咒加麻痹加混乱加中毒.
D6000开始:
Data编号*0x48,加上D60000就能得到对应的Data位置武将信息
00~01 表示武将代码 00 10 第二个是01 10
02~03 R剧本形象代号
04~05 武将头象地址
06~07
08~0F 武将姓名(8字节,4个中文)
10 保留给武将姓名的结束符
11~12 攻击力
13~14 防御力
15~16 精神力
17~18 爆发力
19~1a 士气
1b
1C~1F HP
20 MP
21 武
22 统
23 精
24 爆
25 士
26 致命一击台词类型
27 出阵场数
28
29 撤退场数
2a 是否我军 00是我军,FF不是我军
2b 兵种代码
2C 人物等级
2d 经验值
2e 武器
2f 等级
30 经验
31 防具
32 防具等级
33 防具经验
34 辅助
35 FF
36 FF
37~48 R剧本点击该人物是显示的名字
[ 本帖最后由 岱瀛 于 2007-12-30 22:06 编辑 ]
作者:
岱瀛 时间: 2007-12-30 22:30 标题: 武将出场设置函数(C代码形式的)
CharProp_Array 人物数据数组 (D60000)
bool __fastcall sub_41856A(int a1)
{
int v2; // [sp+0h] [bp-20h]@1
int numOfSelfInBf; // [sp+1Ch] [bp-4h]@1
int num;
int *v5; // [sp+18h] [bp-8h]@18
int v7; // [sp+8h] [bp-18h]@19
int v8; // [sp+4h] [bp-1Ch]@22
int v9; // [sp+10h] [bp-10h]@37
v2 = a1;
numOfSelfInBf = 0;
num = 0;
while (num < 5 && gCharMustNotInBf[num] ) num ++;
if (num == 5 )
{
dword_4B5EE0[numOfSelfInBf] = (int)CharProp_Array; //这就是当米有把0号人物放在强制不出场它就必定出场的原因所在
numOfSelfInBf ++;
}
num = 0;
while (num < 5 )
{
if ( gCharMustInBf[num] )
{
if ( gCharMustInBf[num] != 0xFFFF )
{
if ( mCharIsSelf(gCharMustInBf[num]) )
{
dword_4B5EE0[numOfSelfInBf] = (int)&CharProp_Array[72 * gCharMustInBf[num ++]];
numOfSelfInBf ++
}
}
}
num ++;
}
dword_4B5EE0[numOfSelfInBf] = 0;
if ( gMaxSelfCharInBf < numOfInBf) gMaxSelfCharInBf = numOfInBf;
if ( gMaxSelfCharInBf == numOfInBf)
{
v5 = dword_4B5EE0;
}
else
{
v7 = 0;
while ( (unsigned int)v7 < 0x200 )
{
if ( mCharIsSelf(v7) )
{
v8 = 0;
while ( dword_4B5EE0[v8] && CharProp_GetIndex(dword_4B5EE0[v8]) != v7 )
v8 + +;
if ( v8 == numOfSelfInBf)
{
v8 = 0;
while ( (signed int)(unsigned __int8)v8 < 5 && gCharMustNotInBf[(unsigned __int8)v8] != v7 )
v8 + +;
if ( v8 == 5 )
{
dword_4B5EE0[numOfSelfInBf] = (int)&CharProp_Array[72 * v7];
numOfSelfInBf ++;
}
}
}
dword_4B5EE0[numOfSelfInBf] = 0;
++v7;
}
v5 = dlgShow_SelChar(dword_4B5EE0, numOfInBf, gMaxSelfCharInBf); //这个就是在调用那个出兵选择的对话框了
}
v9 = 0;
while ( v5[v9] )
{
gCharIndexInBattle_Self[v9] = CharProp_GetIndex(v5[v9]);
v9++;
}
gCharIndexInBattle_Self[v9] = 0xFF;
return (signed int)(unsigned __int8)v9 > 0;
}
[ 本帖最后由 岱瀛 于 2007-12-30 22:32 编辑 ]
作者:
van 时间: 2008-1-3 09:26
原帖由 岱瀛 于 2007-12-30 22:30 发表
CharProp_Array 人物数据数组 (D60000)
bool __fastcall sub_41856A(int a1)
{
int v2; // @1
int numOfSelfInBf; // @1
int num;
int *v5; // @18
int v7; // @19
int v8 ...
赞人肉decompiler
作者:
shadow_knight 时间: 2008-1-10 18:40
太强了……
我有些很菜鸟的问题,想知道具体哪些代码地址是宝物的等级上限(9)和宝物的升级上限(200)的?以及具体的宝物修改使得特殊属性每升一级都有加成点的?我想把鳄皮甲改为升一级+10%策略防御的,金雀斧和紫金锤也希望可以随等级增加增大几率,可不知道如何改,冒昧的问下,不知道能否透露。谢谢~
作者:
火羽 时间: 2008-1-15 14:48
想给此贴这样一个评价:因岳飞传的诞生而发展了大量的注册会员,因岱瀛的强帖而诞生了越来越多的MOD!
作者:
xuzhigang58 时间: 2008-2-10 15:49
我是菜鸟 看得晕乎哦 这能用到改出场人数上吗 ?
作者:
舞の伯约♂魂 时间: 2008-3-5 18:08
岱大...我觉得现在有你在的话已经基本可以完全脱离曹操传原来的限制,不是制作自己的MOD,而是自己的游戏了...呵呵...强,顶
作者:
孤灯映雪 时间: 2008-4-9 17:37
头疼....菜鸟碰到大青虫
作者:
longxinghen 时间: 2008-4-16 21:15
楼主实在是太强悍了,小弟对你的佩服的五体投地
作者:
不独若 时间: 2008-7-11 11:14
强!不知道这是什么语言,学习中……
作者:
剑玉翡剑 时间: 2008-7-18 15:08
太深奥了,不是我辈中人能轻易看得懂的,佩服楼主
作者:
傻乐萼片 时间: 2008-7-19 06:20
岱大真是 exe终结者呀!不过岱大也真懒,给一些函数的调用原形呀,调用总比写函数好呀
.对于我们新手也有帮助呀.
作者:
Lykos小羽 时间: 2008-7-29 16:52
学习ing.. 努力 谢谢LZ的赐教
作者:
夕染血残 时间: 2008-11-3 23:07
............................................................................................................................................................................................................................
作者:
hacky1980 时间: 2008-11-18 15:12
很好、很强大
作者:
潇湘云 时间: 2008-12-1 19:49
我也特别,特别的佩服楼主。。
有你这种水平,完全可以去游戏公司做设计员了。。
对于这些函数,完全看不懂。。
不过还是谢谢楼主!
作者:
沧海渔火 时间: 2009-1-8 10:24
对未来MOD设计的几点建议:
1.先手攻击:二线杨宗英收到大家的追捧,是因为他的高敏和先手攻击。未来的设计能否根据人物综合数据的比较来决定二人之间是否存有先手攻击,同时攻击和目前这种攻击反击方式。比如三国里吕布,不是什么人想打就能打得到的,还有可能先手被吕布砍了,但也不能无条件的对所有人都保持先手攻击,至少关羽和他是同时攻击,略处下风;张飞加入后,成为攻反态势,刘备加入后,吕布敏捷明显下降,大部分人都可以攻击到。这样的吕布不用弓弩和计策几乎是搞不定的。这样的吕布方符合传说中的“人中吕布”的形象。
2.远程武器的掩护功能:玩《装甲元帅》印象较深的是炮火掩护功能,在未来的设计中能否增加弓弩和炮车的掩护功能呢?这样至少和评书描述的冷兵器时代战斗有点相似了。“双方弓弩射住阵脚,列阵排开。”
如果能做到上述两点,我想战棋类游戏将会发生一个革命性的变化,不知先生是否愿意承担这一历史使命乎?
[ 本帖最后由 沧海渔火 于 2009-1-8 10:25 编辑 ]
作者:
8718388 时间: 2009-2-15 18:00
han zheme luan
作者:
8718388 时间: 2009-2-15 18:00
貌似真的看不明白
作者:
59054695 时间: 2009-2-15 19:20
谢谢楼主,学到了不少东西...
作者:
zzzffff 时间: 2009-4-14 15:30
好好好好好好好好好好发发
作者:
破天银狼 时间: 2010-1-14 20:23
岱君,我辈新手者为您等带来的各种便利和福音深切感激
作者:
bifei 时间: 2010-2-18 13:52
学习,楼主高手,膜拜中
作者:
zhoumidws 时间: 2010-6-28 20:03
太厉害了...顶起...受教了..谢谢
作者:
513633522 时间: 2010-7-5 10:28
晕 什么时候更新的
作者:
sy8723733 时间: 2011-1-23 15:29
头昏 啊,数据太多了
作者:
fjshnan 时间: 2011-1-27 20:39
附上解释的代码看起来真爽。
作者:
灬棉崽灬 时间: 2011-7-8 13:59
好东西!
作者:
silence8129 时间: 2011-7-29 23:14
现在开始学习 算太晚么~
作者:
bingfenglanyun 时间: 2011-10-30 16:02 标题: 疑惑
这些代码用在制作过程中的什么地方啊,越看越迷惑,难度很大的样子
作者:
kaobanma 时间: 2012-2-27 17:38
比如命中率修改,伤害值公式修改有个例子就好了
作者:
bell123 时间: 2012-3-2 17:18
楼主分析的很好,高人啊,顶一下
作者:
yzy267 时间: 2013-6-7 13:54
很强大,小弟我水一个,假期开始学汇编,就因为对曹操传感兴趣。谢谢大大的贡献。
作者:
WHITESHIP 时间: 2013-6-11 01:05
啊,回复错了,求删!快快快@Maxwell
[ 本帖最后由 WHITESHIP 于 2013-6-11 01:07 编辑 ]
作者:
yanyiyun 时间: 2013-11-4 16:20
牛X强大的存在啊!
作者:
月无琊 时间: 2014-3-24 23:08
太挫败了,现在高三,六月之后打算着手开始学习MOD制作的。但电脑编程完全是小白啊,要努力多久
作者:
2010x11 时间: 2016-4-5 11:04
每次玩曹操传都觉得10级前是最好玩最有意思的,本人想求个能固定不升级的修改器
作者:
名士蒋子翼 时间: 2017-2-18 18:31
因为不回复就不准发帖
| 欢迎光临 轩辕春秋文化论坛 (http://xycq.org.cn/forum/) |
Powered by Discuz! 5.0.0 |