轩辕春秋文化论坛 - Powered by Discuz! Board

标题: 《瓦崗》战场[交给]装备修改 [打印本页]

作者: 蛇夫座 时间: 2010-2-10 00:58 标题: 《瓦崗》战场[交给]装备修改

《瓦崗》战场[交给]装备修改：
增加一个对话框支持武器、护具、辅助交换，不要求另一方为空

在战场上交换一件辅助也十分麻烦，就算是最新的STAR 5.6版也不够体贴。
必备工具： LordPE    ==> 装配文件
               FixRes    ==> 转存资源区块数据
               Stud_PE ==> 修正资源目录
               ResHacker  ==> 编译资源

这可以算是二次开发了，由于技术有限只能做到这样，仅供参考。

[ 本帖最后由蛇夫座于 2010-2-10 01:14 编辑 ]

图片附件: _001.jpg (2010-2-10 00:58, 6.81 K) / 该附件被下载次数 158
http://xycq.org.cn/forum/attachment.php?aid=88231

图片附件: _002.jpg (2010-2-10 00:58, 17.47 K) / 该附件被下载次数 160
http://xycq.org.cn/forum/attachment.php?aid=88232

图片附件: _003.jpg (2010-2-10 00:58, 5.72 K) / 该附件被下载次数 142
http://xycq.org.cn/forum/attachment.php?aid=88233

附件: [测试引擎] WaGan.rar (2010-2-10 01:14, 222.38 K) / 该附件被下载次数 237
http://xycq.org.cn/forum/attachment.php?aid=88240

附件: [文章较长提供文本] 文本.rar (2010-2-10 01:14, 181.15 K) / 该附件被下载次数 286
http://xycq.org.cn/forum/attachment.php?aid=88241

作者: 蛇夫座 时间: 2010-2-10 01:00

第一部分修改：重新装配PE文件的资源区块
*. 由于重新编译资源会使资源区块增大，并使其它区块向后文件偏移

1. 先将WaGan.wa的后缀改为.exe，再将可执行文件拷贝一份到另一目录，改名为WaGan2.exe

2. 运行LordPE ==> [选项] ==> 按图_004先设置一下 ==> [PE编辑器] ==> 打开WaGan2.exe ==> [区段] ==> 右键 ==> [添加区段]
==> 在[NewSec]上右键 ==> [编辑区段] 按图_005设置一下 ==> [确定] ==> 退出LordPE
[attach]88234[/attach]
[attach]88235[/attach]

3. 运行FixRes ==> 点[Dump] ==> 按图_006设置一下 ==> [Dump Resource] ==> 删除WaGan2.exe文件
转存成功时左下角会提示：Resource was dumped successfully.
[attach]88236[/attach]

4. 运行LordPE ==> [PE编辑器] ==> 打开WaGan.exe（注意：是未增加区块的一个） ==> [区段] ==> 右键 ==> [从磁盘载入段]
==> 打开 rsrc.bin ==> 提示：区段载入成功：） ==> 在[.rsrc]上右键 ==> [编辑区段] ==> 将名称改为： .nodata
==> 将虚拟大小改为： 0EC00  ==> 点标志傍边的[ ..]按钮 ==> 按图_007设置一下
[attach]88237[/attach]

  （注意： .nodata这个区块现在可以自由使用了，如存放全局变量、全部数据清0、甚至可以将它从PE文件中删除）

==> 在[rsrc.bin]上右键 ==> [编辑区段] ==> 将名称改为： .rsrc ==> 点[ ..]按钮 ==> 按图_008设置一下
==> [确定] ==> 保存文件退出LordPE
[attach]88238[/attach]

5. 运行Stud_PE ==> 打开WaGan.exe ==> 按图_009修正资源目录 [IMAGE_DIR_ENTRY_RESOURCE] ==> [保存到文件] ==> 退出Stud_PE
==> 将WaGan.exe 的后缀改回.wa
[attach]88239[/attach]

*. 经过以上五步就可以用ResHacker 或者eXeScope 之类的工具编辑资源了
;---------------------------------------------------------------------------------------------------------------------------
第二部分修改：迁移PE文件的光标组资源目录，并增加一个新的对话框资源数据
*. 由于对话框目录后面直接跟着光标组第二层目录，如果不迁移就无法插入新的对话框

6. 用OD打开WaGan.wa，将光标组第二层目录数据迁移到005A9AB4H = 0059B000H + EAB4H处
*. 迁移大小70H(DEC: 112) 0059B2C8H - 0059B258H
   00 00 00 00 00 00 00 00 04 00 00 00 00 00 0C 00
   73 00 00 00 20 08 00 80 74 00 00 00 38 08 00 80
   75 00 00 00 50 08 00 80 76 00 00 00 68 08 00 80
   77 00 00 00 80 08 00 80 78 00 00 00 98 08 00 80
   79 00 00 00 B0 08 00 80 7A 00 00 00 C8 08 00 80
   7B 00 00 00 E0 08 00 80 7D 00 00 00 F8 08 00 80
   7E 00 00 00 10 09 00 80 7F 00 00 00 28 09 00 80

7. 修正根目录下光标组的offset为: 0EAB4H
   0059B03C 58 02  ==> B4 EA

8. 清除0059B258H位置原数据
   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

9. 增加以ID数字命名的对话框数量
   0059B156 1F 00  ==>  20 00

10. 增加(第二层) IMAGE_RESOURCE_DIRECTORY_ENTRY目录结构
   0059B258 00 00 00 00 00 00 00 00  ==>  90 01 00 00 68 02 00 80

11. 增加(第三层) IMAGE_RESOURCE_DIRECTORY 和IMAGE_RESOURCE_DATA_ENTRY 结构到0059B268H处:
   00 00 00 00 00 00 00 00 04 00 00 00 00 00 01 00
   04 08 00 00 80 02 00 00 24 9B 1A 00 2C 00 00 00
   E4 04 00 00 00 00 00 00

*. 0059B268  00 00 00 00 ; 第三层下对话框IMAGE_RESOURCE_DIRECTORY结构
               00 00 00 00
               04 00
               00 00
               00 00
               01 00
*. 0059B278  04 08 00 00
               80 02 00 00 ; 最高位不为0则低位指向IMAGE_RESOURCE_DATA_ENTRY结构
*. 0059B280  24 9B 1A 00 ; 资源数据RVA(内存定位时+装入基地址)  005A9B24H
               2C 00 00 00 ; 资源数据长度  2CH
               E4 04 00 00 ; 代码页一般为0
               00 00 00 00 ; 保留字段

12. 将下面这段资源数据拷至005A9B24H处：
   01 00 FF FF 00 00 00 00 00 00 02 00 40 00 20 40
   00 00 00 00 00 00 BB 00 5E 00 00 00 00 00 00 00
   09 00 00 00 00 01 8B 5B 53 4F 00 00

13. 用ResHacker打开WaGan.wa ==> [对话框] ==> [400] ==> CTRL+A ==> DELETE, 再粘贴以下资源脚本

400 DIALOGEX 0, 0, 334, 120
STYLE DS_MODALFRAME | DS_SETFOREGROUND | DS_CENTER | WS_POPUP
CAPTION ""
LANGUAGE LANG_CHINESE, 0x2
FONT 9, "宋体"
{
CONTROL "请选择对方一项装备", -1, BUTTON, BS_GROUPBOX | WS_CHILD | WS_VISIBLE, 1, 1, 331, 117
CONTROL "取消", 2, BUTTON, BS_DEFPUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_GROUP | WS_TABSTOP, 276, 101, 48, 11
CONTROL "", -1, STATIC, SS_BLACKFRAME | SS_SUNKEN | WS_CHILD | WS_VISIBLE, 30, 96, 276, 1
CONTROL "OK", 1990, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 152, 87, 14, 8
CONTROL "OK", 1991, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 232, 87, 14, 8
CONTROL "OK", 1992, BUTTON, BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 312, 85, 14, 8
CONTROL "NameA", 1139, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 25, 104, 40, 9
CONTROL "AttributeA", 1141, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 75, 104, 40, 9
CONTROL "Lv", -1, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 130, 104, 8, 8
CONTROL "99", 1017, STATIC, SS_RIGHT | WS_CHILD | WS_VISIBLE, 142, 104, 14, 9 , 0x00001000
CONTROL "", 1994, STATIC, SS_BITMAP | WS_CHILD | WS_VISIBLE, 6, 13, 80, 80
CONTROL "", 1995, STATIC, SS_WHITERECT | SS_SUNKEN | WS_CHILD | WS_VISIBLE, 162, 104, 51, 8
CONTROL "Wepon:", 1391, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 96, 25, 68, 8
CONTROL "", 1410, STATIC, SS_ICON | SS_SUNKEN | WS_CHILD | WS_VISIBLE, 96, 37, 23, 23
CONTROL "99", 1392, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 134, 39, 12, 8
CONTROL "Lv", 1418, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 120, 39, 8, 8
CONTROL "", 1422, STATIC, SS_WHITERECT | SS_SUNKEN | WS_CHILD | WS_VISIBLE, 132, 49, 33, 8
CONTROL "Exp", 1419, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 119, 49, 12, 8
CONTROL "Effect", 1401, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 97, 63, 68, 8
CONTROL "Additional Effect", 1416, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 97, 73, 68, 8
CONTROL "", 1424, STATIC, SS_ETCHEDFRAME | WS_CHILD | WS_VISIBLE | WS_GROUP, 91, 22, 77, 63
CONTROL "Armor:", 1394, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 176, 25, 68, 8
CONTROL "", 1411, STATIC, SS_ICON | SS_SUNKEN | WS_CHILD | WS_VISIBLE, 176, 37, 23, 23
CONTROL "99", 1395, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 214, 39, 12, 8
CONTROL "Lv", 1420, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 200, 39, 8, 8
CONTROL "", 1423, STATIC, SS_WHITERECT | SS_SUNKEN | WS_CHILD | WS_VISIBLE, 212, 49, 33, 8
CONTROL "Exp", 1421, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 199, 49, 12, 8
CONTROL "Effect", 1400, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 176, 63, 68, 8
CONTROL "Additional Effect", 1417, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 176, 73, 68, 8
CONTROL "", 1425, STATIC, SS_ETCHEDFRAME | WS_CHILD | WS_VISIBLE | WS_GROUP, 171, 22, 77, 63
CONTROL "Sub Item:", 1397, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 256, 35, 68, 8
CONTROL "", 1412, STATIC, SS_ICON | SS_SUNKEN | WS_CHILD | WS_VISIBLE, 256, 46, 23, 23
CONTROL "Effect", 1402, STATIC, SS_LEFT | WS_CHILD | WS_VISIBLE, 256, 71, 68, 8
CONTROL "", 1426, STATIC, SS_ETCHEDFRAME | WS_CHILD | WS_VISIBLE | WS_GROUP, 251, 31, 77, 52
}
==> 点[编译脚本 (C)] ==> 保存文件（注意：ResHacker编译时会自动调整数据的文件偏移）
==> [对话框] ==> [279] ==> 将"交给" 改为 "交换" ==> [编译脚本 (C)] ==> 保存文件 ==> 退出ResHacker

*. 好！对话框已经出来了不满意的话自己再改改。

======================
为方便可视化，编辑了一下本楼的突破链接  ---WHITESHP 2014.1.1 有疑问请联系我~

[ 本帖最后由 WHITESHIP 于 2014-1-1 11:02 编辑 ]

图片附件: _004.jpg (2010-2-10 01:00, 40.98 K) / 该附件被下载次数 152
http://xycq.org.cn/forum/attachment.php?aid=88234

图片附件: _005.jpg (2010-2-10 01:00, 11.04 K) / 该附件被下载次数 146
http://xycq.org.cn/forum/attachment.php?aid=88235

图片附件: _006.jpg (2010-2-10 01:00, 21.07 K) / 该附件被下载次数 153
http://xycq.org.cn/forum/attachment.php?aid=88236

图片附件: _007.jpg (2010-2-10 01:00, 30.2 K) / 该附件被下载次数 150
http://xycq.org.cn/forum/attachment.php?aid=88237

图片附件: _008.jpg (2010-2-10 01:00, 19.56 K) / 该附件被下载次数 146
http://xycq.org.cn/forum/attachment.php?aid=88238

图片附件: _009.jpg (2010-2-10 01:00, 41.26 K) / 该附件被下载次数 146
http://xycq.org.cn/forum/attachment.php?aid=88239

作者: 蛇夫座 时间: 2010-2-10 01:02

第三部分修改：
14. 增加提示字符串
00555900  C7 EB D1 A1 D4 F1 B2 CE D3 EB BD BB BB BB CE E4  请选择参与交换武
00555910  BD AB 00 00 B8 C3 CE E4 BD AB B2 BB CA F4 D3 DA  将..该武将不属于
00555920  CE D2 BE FC 00 00 D7 B0 B1 B8 C9 CF 25 73 00 00  我军..装备上%s..

15. 自定义[交给]按钮响应函数

004D2844 E8 B7800000    call 004DA900
004DA900 55             push ebp                            ; [交换]按钮响应函数
004DA901 8BEC          mov    ebp, esp
004DA903 83C4 B8       add    esp, -48
004DA906 57             push edi                            ; 保护寄存器
004DA907 56             push esi
004DA908 8D7D C0       lea    edi, dword ptr [ebp-40]
004DA90B BE 00E04B00    mov    esi, 004BE000                   ; 原资源区块首地址指针
004DA910 8975 B8       mov    dword ptr [ebp-48], esi
004DA913 B9 10000000    mov    ecx, 10
004DA918 AD             lods dword ptr [esi]
004DA919 AB             stos dword ptr es:[edi]             ; 循环将16*4字节的全局变量拷至堆栈
004DA91A  ^ E2 FC          loopd short 004DA918
004DA91C 8B45 08       mov    eax, dword ptr [ebp+8]          ; 武将A战场信息指针
004DA91F 8946 D0       mov    dword ptr [esi-30], eax
004DA922 5E             pop    esi
004DA923 5F             pop    edi
004DA924 8945 BC       mov    dword ptr [ebp-44], eax
004DA927 8B45 BC       mov    eax, dword ptr [ebp-44]       ; 武将A战场信息指针
004DA92A 33C9          xor    ecx, ecx
004DA92C B1 FF          mov    cl, 0FF
004DA92E 51             push ecx                            ; 自定义参数值0FFH
004DA92F 6A 04          push 4                               ; 检索范围内我军或敌军
004DA931 6A 01          push 1                               ; 步兵攻击范围
004DA933 8A48 04       mov    cl, byte ptr [eax+4]
004DA936 51             push ecx                            ; 武将A战场编号
004DA937 B9 50424B00    mov    ecx, 004B4250
004DA93C E8 FCA9F7FF    call 0045533D                      ; 监听函数，显示攻击范围并等待玩家选择
004DA941 3C FF          cmp    al, 0FF                         ; 检测玩家是否按下鼠标右键
004DA943 0F84 DF000000 je    004DAA28
004DA949 8B4D BC       mov    ecx, dword ptr [ebp-44]
004DA94C 8A49 04       mov    cl, byte ptr [ecx+4]          ; 武将A战场编号
004DA94F 38C8          cmp    al, cl                         ; 检测玩家选择是否自身当前武将A
004DA951  ^ 74 D4          je    short 004DA927                ; 跳转至重新选择
004DA953 0FB6C0       movzx eax, al
004DA956 6BC0 24       imul eax, eax, 24
004DA959 05 502C4B00    add    eax, 004B2C50                   ; 武将B战场信息指针
004DA95E 8A48 05       mov    cl, byte ptr [eax+5]
004DA961 84C9          test cl, cl                         ; 检测武将B是否属于我军
004DA963 74 11          je    short 004DA976
004DA965 68 14595500    push 00555914                      ; "该武将不属于我军"
004DA96A 6A 02          push 2
004DA96C E8 284DF5FF    call 0042F699                      ; 格式化字符串并显示提示信息
004DA971 83C4 08       add    esp, 8
004DA974  ^ EB B1          jmp    short 004DA927
004DA976 57             push edi
004DA977 8B7D B8       mov    edi, dword ptr [ebp-48]       ; 原资源区块首地址指针
004DA97A 8947 1C       mov    dword ptr [edi+1C], eax       ; 武将B战场信息指针
004DA97D 8B00          mov    eax, dword ptr [eax]
004DA97F 8947 24       mov    dword ptr [edi+24], eax       ; 武将B_DATA编号
004DA982 6BC0 48       imul eax, eax, 48
004DA985 05 0000D600    add    eax, 0D60000
004DA98A 8947 20       mov    dword ptr [edi+20], eax       ; 武将B_SAV映射指针
004DA98D 8B45 BC       mov    eax, dword ptr [ebp-44]
004DA990 8B00          mov    eax, dword ptr [eax]
004DA992 8947 18       mov    dword ptr [edi+18], eax       ; 武将A_DATA编号
004DA995 6BC0 48       imul eax, eax, 48
004DA998 05 0000D600    add    eax, 0D60000
004DA99D 8947 14       mov    dword ptr [edi+14], eax       ; 武将A_SAV映射指针
004DA9A0 83C7 28       add    edi, 28                         ; EDI=004BE028H
004DA9A3 BA 786A4B00    mov    edx, 004B6A78
004DA9A8 B9 02000000    mov    ecx, 2
004DA9AD 83C2 04       add    edx, 4
004DA9B0 8B02          mov    eax, dword ptr [edx]
004DA9B2 AB             stos dword ptr es:[edi]             ; 保护全局句柄(护具ICON)
004DA9B3  ^ E2 F8          loopd short 004DA9AD
004DA9B5 81C2 58020000 add    edx, 258
004DA9BB B1 02          mov    cl, 2
004DA9BD 83C2 04       add    edx, 4
004DA9C0 8B02          mov    eax, dword ptr [edx]
004DA9C2 AB             stos dword ptr es:[edi]             ; 保护全局句柄(武器ICON)
004DA9C3  ^ E2 F8          loopd short 004DA9BD
004DA9C5 81C2 10080000 add    edx, 810
004DA9CB B1 02          mov    cl, 2
004DA9CD 83C2 04       add    edx, 4
004DA9D0 8B02          mov    eax, dword ptr [edx]
004DA9D2 AB             stos dword ptr es:[edi]             ; 保护全局句柄(辅助ICON)
004DA9D3  ^ E2 F8          loopd short 004DA9CD
004DA9D5 33C0          xor    eax, eax
004DA9D7 48             dec    eax
004DA9D8 8947 C0       mov    dword ptr [edi-40], eax       ; 设置[交换]对话框启动标志
004DA9DB 5F             pop    edi
004DA9DC E8 7F000000    call 004DAA60                      ; 双方武将转向设置函数
004DA9E1 E8 8A030000    call 004DAD70                      ; 模态对话框创建函数
004DA9E6 57             push edi
004DA9E7 56             push esi
004DA9E8 BF 786A4B00    mov    edi, 004B6A78
004DA9ED 83C7 04       add    edi, 4
004DA9F0 8B75 B8       mov    esi, dword ptr [ebp-48]       ; 原资源区块首地址指针
004DA9F3 83C6 28       add    esi, 28
004DA9F6 B9 02000000    mov    ecx, 2
004DA9FB AD             lods dword ptr [esi]
004DA9FC AB             stos dword ptr es:[edi]             ; 还原全局句柄
004DA9FD  ^ E2 FC          loopd short 004DA9FB
004DA9FF 81C7 58020000 add    edi, 258
004DAA05 B1 02          mov    cl, 2
004DAA07 AD             lods dword ptr [esi]
004DAA08 AB             stos dword ptr es:[edi]
004DAA09  ^ E2 FC          loopd short 004DAA07
004DAA0B 81C7 10080000 add    edi, 810
004DAA11 B1 02          mov    cl, 2
004DAA13 AD             lods dword ptr [esi]
004DAA14 AB             stos dword ptr es:[edi]
004DAA15  ^ E2 FC          loopd short 004DAA13
004DAA17 8D75 C0       lea    esi, dword ptr [ebp-40]
004DAA1A 8B7D B8       mov    edi, dword ptr [ebp-48]
004DAA1D B9 10000000    mov    ecx, 10
004DAA22 AD             lods dword ptr [esi]
004DAA23 AB             stos dword ptr es:[edi]             ; 从堆栈中还原原资源区块数据
004DAA24  ^ E2 FC          loopd short 004DAA22
004DAA26 5E             pop    esi
004DAA27 5F             pop    edi
004DAA28 C9             leave
004DAA29 C2 0400       retn 4

      二进制数据：
      55 8B EC 83 C4 B8 57 56 8D 7D C0 BE 00 E0 4B 00
      89 75 B8 B9 10 00 00 00 AD AB E2 FC 8B 45 08 89
      46 D0 5E 5F 89 45 BC 8B 45 BC 33 C9 B1 FF 51 6A
      04 6A 01 8A 48 04 51 B9 50 42 4B 00 E8 FC A9 F7
      FF 3C FF 0F 84 DF 00 00 00 8B 4D BC 8A 49 04 38
      C8 74 D4 0F B6 C0 6B C0 24 05 50 2C 4B 00 8A 48
      05 84 C9 74 11 68 14 59 55 00 6A 02 E8 28 4D F5
      FF 83 C4 08 EB B1 57 8B 7D B8 89 47 1C 8B 00 89
      47 24 6B C0 48 05 00 00 D6 00 89 47 20 8B 45 BC
      8B 00 89 47 18 6B C0 48 05 00 00 D6 00 89 47 14
      83 C7 28 BA 78 6A 4B 00 B9 02 00 00 00 83 C2 04
      8B 02 AB E2 F8 81 C2 58 02 00 00 B1 02 83 C2 04
      8B 02 AB E2 F8 81 C2 10 08 00 00 B1 02 83 C2 04
      8B 02 AB E2 F8 33 C0 48 89 47 C0 5F E8 7F 00 00
      00 E8 8A 03 00 00 57 56 BF 78 6A 4B 00 83 C7 04
      8B 75 B8 83 C6 28 B9 02 00 00 00 AD AB E2 FC 81
      C7 58 02 00 00 B1 02 AD AB E2 FC 81 C7 10 08 00
      00 B1 02 AD AB E2 FC 8D 75 C0 8B 7D B8 B9 10 00
      00 00 AD AB E2 FC 5E 5F C9 C2 04 00

16. 监听时显示"请选择参与交换武将"
004412C6 - E9 75970900 jmp    004DAA40
004412CB    90          nop
004412CC    90          nop
004412CD    90          nop
004412CE    90          nop

004DAA40 807D 1C FF    cmp    byte ptr [ebp+1C], 0FF          ; [交换]按钮响应函数内自定义参数值0FFH
004DAA44 74 09          je    short 004DAA4F
004DAA46 0FB655 FC    movzx edx, byte ptr [ebp-4]
004DAA4A  - E9 8068F6FF    jmp    004412CF
004DAA4F 68 00595500    push 00555900                      ; "请选择参与交换武将"
004DAA54  - E9 7E68F6FF    jmp    004412D7

作者: 蛇夫座 时间: 2010-2-10 01:03

17. 转向设置函数
004DAA60 60             pushad                                  ; 转向设置函数
004DAA61 BF 00E04B00    mov    edi, 004BE000                   ; 原资源区块首地址指针
004DAA66 8B77 10       mov    esi, dword ptr [edi+10]       ; 武将A战场信息指针
004DAA69 0FB646 06    movzx eax, byte ptr [esi+6]          ; 武将A战场横坐标
004DAA6D 0FB65E 07    movzx ebx, byte ptr [esi+7]          ; 武将A战场纵坐标
004DAA71 8B77 1C       mov    esi, dword ptr [edi+1C]       ; 武将B战场信息指针
004DAA74 0FB64E 0F    movzx ecx, byte ptr [esi+F]          ; 武将B朝向
004DAA78 41             inc    ecx
004DAA79 F7D9          neg    ecx                            ; 补码
004DAA7B 894F 04       mov    dword ptr [edi+4], ecx          ; 假设失败
004DAA7E 0FB64E 06    movzx ecx, byte ptr [esi+6]          ; 武将B战场横坐标
004DAA82 0FB656 07    movzx edx, byte ptr [esi+7]          ; 武将B战场纵坐标
004DAA86 38D3          cmp    bl, dl                         ; 武将A在武将B上方、左上、右上时
004DAA88 73 0B          jnb    short 004DAA95
004DAA8A B0 02          mov    al, 2                         ; 武将A向下
004DAA8C B1 00          mov    cl, 0                         ; 武将B向上
004DAA8E 32DB          xor    bl, bl                         ; 标志值清0
004DAA90 E9 F6010000    jmp    004DAC8B
004DAA95 38D3          cmp    bl, dl                         ; 武将A在武将B下方、左下、右下时
004DAA97 76 0B          jbe    short 004DAAA4
004DAA99 B0 00          mov    al, 0                         ; 武将A向上
004DAA9B B1 02          mov    cl, 2                         ; 武将B向下
004DAA9D 32DB          xor    bl, bl                         ; 标志值清0
004DAA9F E9 E7010000    jmp    004DAC8B
004DAAA4 38C8          cmp    al, cl                         ; 武将A在武将B左侧时
004DAAA6 0F83 EE000000 jnb    004DAB9A
004DAAAC 8B77 10       mov    esi, dword ptr [edi+10]       ; 武将A战场信息指针
004DAAAF 8A46 0F       mov    al, byte ptr [esi+F]          ; 武将A朝向
004DAAB2 8B77 1C       mov    esi, dword ptr [edi+1C]       ; 武将B战场信息指针
004DAAB5 8A4E 0F       mov    cl, byte ptr [esi+F]          ; 武将B朝向
004DAAB8 0AC0          or    al, al                         ; al == 0 && cl == 0
004DAABA 75 0B          jnz    short 004DAAC7
004DAABC 0AC9          or    cl, cl
004DAABE 75 07          jnz    short 004DAAC7
004DAAC0 B3 01          mov    bl, 1
004DAAC2 E9 CA000000    jmp    004DAB91
004DAAC7 0AC0          or    al, al                         ; al == 0 && cl == 1
004DAAC9 75 0C          jnz    short 004DAAD7
004DAACB 80F9 01       cmp    cl, 1
004DAACE 75 07          jnz    short 004DAAD7
004DAAD0 B3 02          mov    bl, 2
004DAAD2 E9 BA000000    jmp    004DAB91
004DAAD7 0AC0          or    al, al                         ; al == 0 && cl == 2
004DAAD9 75 0C          jnz    short 004DAAE7
004DAADB 80F9 02       cmp    cl, 2
004DAADE 75 07          jnz    short 004DAAE7
004DAAE0 B3 03          mov    bl, 3
004DAAE2 E9 AA000000    jmp    004DAB91
004DAAE7 0AC0          or    al, al                         ; al == 0 && cl == 3
004DAAE9 75 0C          jnz    short 004DAAF7
004DAAEB 80F9 03       cmp    cl, 3
004DAAEE 75 07          jnz    short 004DAAF7
004DAAF0 B3 04          mov    bl, 4
004DAAF2 E9 9A000000    jmp    004DAB91
004DAAF7 3C 01          cmp    al, 1                         ; al == 1 && cl == 0
004DAAF9 75 0B          jnz    short 004DAB06
004DAAFB 0AC9          or    cl, cl
004DAAFD 75 07          jnz    short 004DAB06
004DAAFF B3 05          mov    bl, 5
004DAB01 E9 8B000000    jmp    004DAB91
004DAB06 3C 01          cmp    al, 1                         ; al == 1 && cl == 1
004DAB08 75 09          jnz    short 004DAB13
004DAB0A 80F9 01       cmp    cl, 1
004DAB0D 75 04          jnz    short 004DAB13
004DAB0F B3 06          mov    bl, 6
004DAB11 EB 7E          jmp    short 004DAB91
004DAB13 3C 01          cmp    al, 1                         ; al == 1 && cl == 2
004DAB15 75 09          jnz    short 004DAB20
004DAB17 80F9 02       cmp    cl, 2
004DAB1A 75 04          jnz    short 004DAB20
004DAB1C B3 07          mov    bl, 7
004DAB1E EB 71          jmp    short 004DAB91
004DAB20 3C 01          cmp    al, 1                         ; al == 1 && cl == 3
004DAB22 75 09          jnz    short 004DAB2D
004DAB24 80F9 03       cmp    cl, 3
004DAB27 75 04          jnz    short 004DAB2D
004DAB29 32DB          xor    bl, bl
004DAB2B EB 64          jmp    short 004DAB91
004DAB2D 3C 02          cmp    al, 2                         ; al == 2 && cl == 0
004DAB2F 75 08          jnz    short 004DAB39
004DAB31 0AC9          or    cl, cl
004DAB33 75 04          jnz    short 004DAB39
004DAB35 B3 09          mov    bl, 9
004DAB37 EB 58          jmp    short 004DAB91
004DAB39 3C 02          cmp    al, 2                         ; al == 2 && cl == 1
004DAB3B 75 09          jnz    short 004DAB46
004DAB3D 80F9 01       cmp    cl, 1
004DAB40 75 04          jnz    short 004DAB46
004DAB42 B3 0A          mov    bl, 0A
004DAB44 EB 4B          jmp    short 004DAB91
004DAB46 3C 02          cmp    al, 2                         ; al == 2 && cl == 2
004DAB48 75 09          jnz    short 004DAB53
004DAB4A 80F9 02       cmp    cl, 2
004DAB4D 75 04          jnz    short 004DAB53
004DAB4F B3 0B          mov    bl, 0B
004DAB51 EB 3E          jmp    short 004DAB91
004DAB53 3C 02          cmp    al, 2                         ; al == 2 && cl == 3
004DAB55 75 09          jnz    short 004DAB60
004DAB57 80F9 03       cmp    cl, 3
004DAB5A 75 04          jnz    short 004DAB60
004DAB5C B3 0C          mov    bl, 0C
004DAB5E EB 31          jmp    short 004DAB91
004DAB60 3C 03          cmp    al, 3                         ; al == 3 && cl == 0
004DAB62 75 08          jnz    short 004DAB6C
004DAB64 0AC9          or    cl, cl
004DAB66 75 04          jnz    short 004DAB6C
004DAB68 B3 0D          mov    bl, 0D
004DAB6A EB 25          jmp    short 004DAB91
004DAB6C 3C 03          cmp    al, 3                         ; al == 3 && cl == 1
004DAB6E 75 09          jnz    short 004DAB79
004DAB70 80F9 01       cmp    cl, 1
004DAB73 75 04          jnz    short 004DAB79
004DAB75 B3 0E          mov    bl, 0E
004DAB77 EB 18          jmp    short 004DAB91
004DAB79 3C 03          cmp    al, 3                         ; al == 3 && cl == 2
004DAB7B 75 09          jnz    short 004DAB86
004DAB7D 80F9 02       cmp    cl, 2
004DAB80 75 04          jnz    short 004DAB86
004DAB82 B3 0F          mov    bl, 0F
004DAB84 EB 0B          jmp    short 004DAB91
004DAB86 3C 03          cmp    al, 3                         ; al == 3 && cl == 3
004DAB88 75 07          jnz    short 004DAB91
004DAB8A 80F9 03       cmp    cl, 3
004DAB8D 75 02          jnz    short 004DAB91
004DAB8F B3 10          mov    bl, 10
004DAB91 B0 01          mov    al, 1                         ; 武将A向右
004DAB93 B1 03          mov    cl, 3                         ; 武将B向左
004DAB95 E9 F1000000    jmp    004DAC8B
004DAB9A 38C8          cmp    al, cl                         ; 武将A在武将B右侧时
004DAB9C 0F86 E9000000 jbe    004DAC8B
004DABA2 8B77 10       mov    esi, dword ptr [edi+10]
004DABA5 8A46 0F       mov    al, byte ptr [esi+F]          ; 武将A朝向
004DABA8 8B77 1C       mov    esi, dword ptr [edi+1C]
004DABAB 8A4E 0F       mov    cl, byte ptr [esi+F]          ; 武将B朝向
004DABAE 0AC0          or    al, al                         ; al == 0 && cl == 0
004DABB0 75 0B          jnz    short 004DABBD
004DABB2 0AC9          or    cl, cl
004DABB4 75 07          jnz    short 004DABBD
004DABB6 B3 11          mov    bl, 11
004DABB8 E9 CA000000    jmp    004DAC87
004DABBD 0AC0          or    al, al                         ; al == 0 && cl == 1
004DABBF 75 0C          jnz    short 004DABCD
004DABC1 80F9 01       cmp    cl, 1
004DABC4 75 07          jnz    short 004DABCD
004DABC6 B3 12          mov    bl, 12
004DABC8 E9 BA000000    jmp    004DAC87
004DABCD 0AC0          or    al, al                         ; al == 0 && cl == 2
004DABCF 75 0C          jnz    short 004DABDD
004DABD1 80F9 02       cmp    cl, 2
004DABD4 75 07          jnz    short 004DABDD
004DABD6 B3 13          mov    bl, 13
004DABD8 E9 AA000000    jmp    004DAC87
004DABDD 0AC0          or    al, al                         ; al == 0 && cl == 3
004DABDF 75 0C          jnz    short 004DABED
004DABE1 80F9 03       cmp    cl, 3
004DABE4 75 07          jnz    short 004DABED
004DABE6 B3 14          mov    bl, 14
004DABE8 E9 9A000000    jmp    004DAC87
004DABED 3C 01          cmp    al, 1                         ; al == 1 && cl == 0
004DABEF 75 0B          jnz    short 004DABFC
004DABF1 0AC9          or    cl, cl
004DABF3 75 07          jnz    short 004DABFC
004DABF5 B3 15          mov    bl, 15
004DABF7 E9 8B000000    jmp    004DAC87
004DABFC 3C 01          cmp    al, 1                         ; al == 1 && cl == 1
004DABFE 75 09          jnz    short 004DAC09
004DAC00 80F9 01       cmp    cl, 1
004DAC03 75 04          jnz    short 004DAC09
004DAC05 B3 16          mov    bl, 16
004DAC07 EB 7E          jmp    short 004DAC87
004DAC09 3C 01          cmp    al, 1                         ; al == 1 && cl == 2
004DAC0B 75 09          jnz    short 004DAC16
004DAC0D 80F9 02       cmp    cl, 2
004DAC10 75 04          jnz    short 004DAC16
004DAC12 B3 17          mov    bl, 17
004DAC14 EB 71          jmp    short 004DAC87
004DAC16 3C 01          cmp    al, 1                         ; al == 1 && cl == 3
004DAC18 75 09          jnz    short 004DAC23
004DAC1A 80F9 03       cmp    cl, 3
004DAC1D 75 04          jnz    short 004DAC23
004DAC1F B3 18          mov    bl, 18
004DAC21 EB 64          jmp    short 004DAC87
004DAC23 3C 02          cmp    al, 2                         ; al == 2 && cl == 0
004DAC25 75 08          jnz    short 004DAC2F
004DAC27 0AC9          or    cl, cl
004DAC29 75 04          jnz    short 004DAC2F
004DAC2B B3 19          mov    bl, 19
004DAC2D EB 58          jmp    short 004DAC87
004DAC2F 3C 02          cmp    al, 2                         ; al == 2 && cl == 1
004DAC31 75 09          jnz    short 004DAC3C
004DAC33 80F9 01       cmp    cl, 1
004DAC36 75 04          jnz    short 004DAC3C
004DAC38 B3 1A          mov    bl, 1A
004DAC3A EB 4B          jmp    short 004DAC87
004DAC3C 3C 02          cmp    al, 2                         ; al == 2 && cl == 2
004DAC3E 75 09          jnz    short 004DAC49
004DAC40 80F9 02       cmp    cl, 2
004DAC43 75 04          jnz    short 004DAC49
004DAC45 B3 1B          mov    bl, 1B
004DAC47 EB 3E          jmp    short 004DAC87
004DAC49 3C 02          cmp    al, 2                         ; al == 2 && cl == 3
004DAC4B 75 09          jnz    short 004DAC56
004DAC4D 80F9 03       cmp    cl, 3
004DAC50 75 04          jnz    short 004DAC56
004DAC52 B3 1C          mov    bl, 1C
004DAC54 EB 31          jmp    short 004DAC87
004DAC56 3C 03          cmp    al, 3                         ; al == 3 && cl == 0
004DAC58 75 08          jnz    short 004DAC62
004DAC5A 0AC9          or    cl, cl
004DAC5C 75 04          jnz    short 004DAC62
004DAC5E B3 1D          mov    bl, 1D
004DAC60 EB 25          jmp    short 004DAC87
004DAC62 3C 03          cmp    al, 3                         ; al == 3 && cl == 1
004DAC64 75 09          jnz    short 004DAC6F
004DAC66 80F9 01       cmp    cl, 1
004DAC69 75 04          jnz    short 004DAC6F
004DAC6B 32DB          xor    bl, bl
004DAC6D EB 18          jmp    short 004DAC87
004DAC6F 3C 03          cmp    al, 3                         ; al == 3 && cl == 2
004DAC71 75 09          jnz    short 004DAC7C
004DAC73 80F9 02       cmp    cl, 2
004DAC76 75 04          jnz    short 004DAC7C
004DAC78 B3 1F          mov    bl, 1F
004DAC7A EB 0B          jmp    short 004DAC87
004DAC7C 3C 03          cmp    al, 3                         ; al == 3 && cl == 3
004DAC7E 75 07          jnz    short 004DAC87
004DAC80 80F9 03       cmp    cl, 3
004DAC83 75 02          jnz    short 004DAC87
004DAC85 B3 20          mov    bl, 20
004DAC87 B0 03          mov    al, 3                         ; 武将A向左
004DAC89 B1 01          mov    cl, 1                         ; 武将B向右
004DAC8B 8B77 1C       mov    esi, dword ptr [edi+1C]       ; 武将B战场信息指针
004DAC8E 884E 0F       mov    byte ptr [esi+F], cl          ; 更新武将B战场朝向
004DAC91 8B4F 10       mov    ecx, dword ptr [edi+10]       ; 武将A战场信息指针
004DAC94 8841 0F       mov    byte ptr [ecx+F], al          ; 更新武将A战场朝向
004DAC97 56             push esi
004DAC98 51             push ecx
004DAC99 53             push ebx
004DAC9A E8 11000000    call 004DACB0                      ; 转向处理函数
004DAC9F 61             popad
004DACA0 C3             retn

      二进制数据：
      60 BF 00 E0 4B 00 8B 77 10 0F B6 46 06 0F B6 5E
      07 8B 77 1C 0F B6 4E 0F 41 F7 D9 89 4F 04 0F B6
      4E 06 0F B6 56 07 38 D3 73 0B B0 02 B1 00 32 DB
      E9 F6 01 00 00 38 D3 76 0B B0 00 B1 02 32 DB E9
      E7 01 00 00 38 C8 0F 83 EE 00 00 00 8B 77 10 8A
      46 0F 8B 77 1C 8A 4E 0F 0A C0 75 0B 0A C9 75 07
      B3 01 E9 CA 00 00 00 0A C0 75 0C 80 F9 01 75 07
      B3 02 E9 BA 00 00 00 0A C0 75 0C 80 F9 02 75 07
      B3 03 E9 AA 00 00 00 0A C0 75 0C 80 F9 03 75 07
      B3 04 E9 9A 00 00 00 3C 01 75 0B 0A C9 75 07 B3
      05 E9 8B 00 00 00 3C 01 75 09 80 F9 01 75 04 B3
      06 EB 7E 3C 01 75 09 80 F9 02 75 04 B3 07 EB 71
      3C 01 75 09 80 F9 03 75 04 32 DB EB 64 3C 02 75
      08 0A C9 75 04 B3 09 EB 58 3C 02 75 09 80 F9 01
      75 04 B3 0A EB 4B 3C 02 75 09 80 F9 02 75 04 B3
      0B EB 3E 3C 02 75 09 80 F9 03 75 04 B3 0C EB 31
      3C 03 75 08 0A C9 75 04 B3 0D EB 25 3C 03 75 09
      80 F9 01 75 04 B3 0E EB 18 3C 03 75 09 80 F9 02
      75 04 B3 0F EB 0B 3C 03 75 07 80 F9 03 75 02 B3
      10 B0 01 B1 03 E9 F1 00 00 00 38 C8 0F 86 E9 00
      00 00 8B 77 10 8A 46 0F 8B 77 1C 8A 4E 0F 0A C0
      75 0B 0A C9 75 07 B3 11 E9 CA 00 00 00 0A C0 75
      0C 80 F9 01 75 07 B3 12 E9 BA 00 00 00 0A C0 75
      0C 80 F9 02 75 07 B3 13 E9 AA 00 00 00 0A C0 75
      0C 80 F9 03 75 07 B3 14 E9 9A 00 00 00 3C 01 75
      0B 0A C9 75 07 B3 15 E9 8B 00 00 00 3C 01 75 09
      80 F9 01 75 04 B3 16 EB 7E 3C 01 75 09 80 F9 02
      75 04 B3 17 EB 71 3C 01 75 09 80 F9 03 75 04 B3
      18 EB 64 3C 02 75 08 0A C9 75 04 B3 19 EB 58 3C
      02 75 09 80 F9 01 75 04 B3 1A EB 4B 3C 02 75 09
      80 F9 02 75 04 B3 1B EB 3E 3C 02 75 09 80 F9 03
      75 04 B3 1C EB 31 3C 03 75 08 0A C9 75 04 B3 1D
      EB 25 3C 03 75 09 80 F9 01 75 04 32 DB EB 18 3C
      03 75 09 80 F9 02 75 04 B3 1F EB 0B 3C 03 75 07
      80 F9 03 75 02 B3 20 B0 03 B1 01 8B 77 1C 88 4E
      0F 8B 4F 10 88 41 0F 56 51 53 E8 11 00 00 00 61
      C3 90

18. 武将转向处理
004DACB0 55             push ebp                            ; 转向处理函数
004DACB1 8BEC          mov    ebp, esp
004DACB3 83C4 FC       add    esp, -4
004DACB6 EB 46          jmp    short 004DACFE
004DACB8 90             nop                                     ; 下面的数据控制武将的战场形象是否需要变反
004DACB9 90             nop  ; 0：直接刷新，1：转向不保存，2：变反不保存，3：不变反保存，4：变反保存，取决于形象的朝向
004DACBA 0000          add    byte ptr [eax], al
004DACBC 0203          add    al, byte ptr [ebx]
004DACBE 0203          add    al, byte ptr [ebx]
004DACC0 0203          add    al, byte ptr [ebx]
004DACC2 0200          add    al, byte ptr [eax]
004DACC4 0003          add    byte ptr [ebx], al
004DACC6 0003          add    byte ptr [ebx], al
004DACC8 0003          add    byte ptr [ebx], al
004DACCA 0000          add    byte ptr [eax], al
004DACCC 0203          add    al, byte ptr [ebx]
004DACCE 0203          add    al, byte ptr [ebx]
004DACD0 0203          add    al, byte ptr [ebx]
004DACD2 0200          add    al, byte ptr [eax]
004DACD4 0203          add    al, byte ptr [ebx]
004DACD6 0203          add    al, byte ptr [ebx]
004DACD8 0203          add    al, byte ptr [ebx]
004DACDA 0200          add    al, byte ptr [eax]
004DACDC 0102          add    dword ptr [edx], eax
004DACDE 0100          add    dword ptr [eax], eax
004DACE0 0102          add    dword ptr [edx], eax
004DACE2 010401       add    dword ptr [ecx+eax], eax
004DACE5 0001          add    byte ptr [ecx], al
004DACE7 0001          add    byte ptr [ecx], al
004DACE9 0201          add    al, byte ptr [ecx]
004DACEB 04 01          add    al, 1
004DACED 04 01          add    al, 1
004DACEF 0001          add    byte ptr [ecx], al
004DACF1 0001          add    byte ptr [ecx], al
004DACF3 04 00          add    al, 0
004DACF5 04 00          add    al, 0
004DACF7 0000          add    byte ptr [eax], al
004DACF9 0200          add    al, byte ptr [eax]
004DACFB 04 90          add    al, 90
004DACFD 90             nop
004DACFE 8B45 08       mov    eax, dword ptr [ebp+8]          ; 转向标志值
004DAD01 B9 BAAC4D00    mov    ecx, 004DACBA                   ; 指向控制数据入口
004DAD06 0FB70441       movzx eax, word ptr [ecx+eax*2]       ; 取两字节
004DAD0A 0FB6C8       movzx ecx, al                         ; 武将A转向控制逻辑
004DAD0D C1E8 08       shr    eax, 8
004DAD10 8945 FC       mov    dword ptr [ebp-4], eax          ; 武将B转向控制逻辑
004DAD13 83F9 00       cmp    ecx, 0
004DAD16 76 0A          jbe    short 004DAD22                ; 检测武将A是否需要转向
004DAD18 49             dec    ecx                            ; 武将A形象需要变反
004DAD19 51             push ecx
004DAD1A 8B4D 0C       mov    ecx, dword ptr [ebp+C]          ; 武将A战场信息指针
004DAD1D E8 1250F6FF    call 0043FD34                      ; 装载数据？？
004DAD22 8B4D 0C       mov    ecx, dword ptr [ebp+C]          ; 武将A战场信息指针
004DAD25 E8 9F4FF6FF    call 0043FCC9                      ; 刷新
004DAD2A 8B45 FC       mov    eax, dword ptr [ebp-4]          ; 武将B转向控制逻辑
004DAD2D 83F8 02       cmp    eax, 2                         ; 检测是否需要变反
004DAD30 76 10          jbe    short 004DAD42
004DAD32 83E8 03       sub    eax, 3
004DAD35 B9 00E04B00    mov    ecx, 004BE000                   ; 原资源区块首地址指针
004DAD3A 66:8941 06    mov    word ptr [ecx+6], ax          ; 保存变反控制逻辑
004DAD3E EB 08          jmp    short 004DAD48
004DAD40 EB 0F          jmp    short 004DAD51
004DAD42 83F8 00       cmp    eax, 0
004DAD45 76 0A          jbe    short 004DAD51
004DAD47 48             dec    eax
004DAD48 50             push eax                            ; 变反控制逻辑
004DAD49 8B4D 10       mov    ecx, dword ptr [ebp+10]       ; 武将B战场信息指针
004DAD4C E8 E34FF6FF    call 0043FD34
004DAD51 8B4D 10       mov    ecx, dword ptr [ebp+10]       ; 武将B战场信息指针
004DAD54 E8 704FF6FF    call 0043FCC9                      ; 刷新
004DAD59 C9             leave
004DAD5A C2 0C00       retn 0C
004DAD5D 90             nop

      二进制数据：
      55 8B EC 83 C4 FC EB 46 90 90 00 00 02 03 02 03
      02 03 02 00 00 03 00 03 00 03 00 00 02 03 02 03
      02 03 02 00 02 03 02 03 02 03 02 00 01 02 01 00
      01 02 01 04 01 00 01 00 01 02 01 04 01 04 01 00
      01 00 01 04 00 04 00 00 00 02 00 04 90 90 8B 45
      08 B9 BA AC 4D 00 0F B7 04 41 0F B6 C8 C1 E8 08
      89 45 FC 83 F9 00 76 0A 49 51 8B 4D 0C E8 12 50
      F6 FF 8B 4D 0C E8 9F 4F F6 FF 8B 45 FC 83 F8 02
      76 10 83 E8 03 B9 00 E0 4B 00 66 89 41 06 EB 08
      EB 0F 83 F8 00 76 0A 48 50 8B 4D 10 E8 E3 4F F6
      FF 8B 4D 10 E8 70 4F F6 FF C9 C2 0C 00 90

作者: 蛇夫座 时间: 2010-2-10 01:05

19. 创建模态对话框
004DAD70 55             push ebp                            ; 模态对话框创建函数
004DAD71 8BEC          mov    ebp, esp
004DAD73 81C4 F4FEFFFF add    esp, -10C
004DAD79 8D8D F4FEFFFF lea    ecx, dword ptr [ebp-10C]
004DAD7F E8 BC35F6FF    call 0043E340                      ; 填充局部缓冲区
004DAD84 B8 00E04B00    mov    eax, 004BE000                   ; 原资源区块首地址
004DAD89 FF70 10       push dword ptr [eax+10]             ; 武将A战场信息指针
004DAD8C 8D8D F4FEFFFF lea    ecx, dword ptr [ebp-10C]
004DAD92 E8 797CF9FF    call 00472A10                      ; 填充局部缓冲区
004DAD97 8D8D F4FEFFFF lea    ecx, dword ptr [ebp-10C]
004DAD9D 51             push ecx                            ; lParam = 局部缓冲区指针
004DAD9E 68 F8D04600    push 0046D0F8                      ; DlgProc
004DADA3 B8 606A4B00    mov    eax, 004B6A60
004DADA8 FF70 08       push dword ptr [eax+8]             ; 主窗口句柄
004DADAB 68 90010000    push 190                            ; 对话框ID
004DADB0 FF30          push dword ptr [eax]                ; hInst
004DADB2 FF15 A0624800 call dword ptr [<&USER32.DialogBoxPar>; USER32.DialogBoxParamA
004DADB8 BA 00E04B00    mov    edx, 004BE000                   ; 原资源区块首地址
004DADBD 8B42 04       mov    eax, dword ptr [edx+4]          ; 交换内容&转向标志位
004DADC0 48             dec    eax
004DADC1 83F8 02       cmp    eax, 2                         ; 检测玩家是否取消交换
004DADC4 77 08          ja    short 004DADCE
004DADC6 50             push eax                            ; 交换内容标志值
004DADC7 E8 8D050000    call 004DB359                      ; 交换内容处理函数
004DADCC EB 3C          jmp    short 004DAE0A
004DADCE 8B42 04       mov    eax, dword ptr [edx+4]          ; 取转向标志位
004DADD1 8BC8          mov    ecx, eax
004DADD3 F7D9          neg    ecx
004DADD5 49             dec    ecx
004DADD6 83F9 04       cmp    ecx, 4                         ; 检测是否需要变反
004DADD9 72 23          jb    short 004DADFE
004DADDB 50             push eax                            ; 取转向标志位
004DADDC 0FBFC0       movsx eax, ax
004DADDF F7D8          neg    eax
004DADE1 48             dec    eax                            ; 取武将B原朝向
004DADE2 8B4A 1C       mov    ecx, dword ptr [edx+1C]       ; 取武将B战场信息指针
004DADE5 8841 0F       mov    byte ptr [ecx+F], al          ; 还原武将B朝向
004DADE8 58             pop    eax                            ; 转向标志位
004DADE9 C1E8 08       shr    eax, 8
004DADEC C1E8 08       shr    eax, 8                         ; 逻辑右移16位
004DADEF 0C 00          or    al, 0                         ; 刷新CPU零标志
004DADF1 0F94C0       sete al                            ; 若零标志置位则AL置1
004DADF4 51             push ecx                            ; 保护武将B战场信息指针
004DADF5 50             push eax                            ; 变反控制逻辑
004DADF6 E8 394FF6FF    call 0043FD34                      ; 装入形象数据？？
004DADFB 59             pop    ecx
004DADFC EB 07          jmp    short 004DAE05
004DADFE 8B42 1C       mov    eax, dword ptr [edx+1C]       ; 取武将B战场信息指针
004DAE01 8848 0F       mov    byte ptr [eax+F], cl          ; 还原武将B朝向
004DAE04 91             xchg eax, ecx
004DAE05 E8 BF4EF6FF    call 0043FCC9                      ; 刷新
004DAE0A C9             leave
004DAE0B C3             retn
004DAE0C C3             retn

      二进制数据：
      55 8B EC 81 C4 F4 FE FF FF 8D 8D F4 FE FF FF E8
      BC 35 F6 FF B8 00 E0 4B 00 FF 70 10 8D 8D F4 FE
      FF FF E8 79 7C F9 FF 8D 8D F4 FE FF FF 51 68 F8
      D0 46 00 B8 60 6A 4B 00 FF 70 08 68 90 01 00 00
      FF 30 FF 15 A0 62 48 00 BA 00 E0 4B 00 8B 42 04
      48 83 F8 02 77 08 50 E8 8D 05 00 00 EB 3C 8B 42
      04 8B C8 F7 D9 49 83 F9 04 72 23 50 0F BF C0 F7
      D8 48 8B 4A 1C 88 41 0F 58 C1 E8 08 C1 E8 08 0C
      00 0F 94 C0 51 50 E8 39 4F F6 FF 59 EB 07 8B 42
      1C 88 48 0F 91 E8 BF 4E F6 FF C9 C3 C3 90

20. 拦截对话框过程响应消息
0046D113 - E9 28DD0600 jmp    004DAE40
0046D118    90          nop
004DAE40 8B45 0C       mov    eax, dword ptr [ebp+C]          ; wMsg
004DAE43 8945 E4       mov    dword ptr [ebp-1C], eax
004DAE46 BA 00E04B00    mov    edx, 004BE000                   ; 原资源区块首地址
004DAE4B 8B0A          mov    ecx, dword ptr [edx]
004DAE4D 41             inc    ecx                            ; 检测[交换]对话框启动标志
004DAE4E 75 19          jnz    short 004DAE69                ; 非[交换]对话框，则交回默认窗口过程处理
004DAE50 3D 10010000    cmp    eax, 110                      ; WM_INITDIALOG
004DAE55 75 17          jnz    short 004DAE6E
004DAE57 6A 00          push 0
004DAE59 6A 00          push 0
004DAE5B 68 90050000    push 590                            ; 自定义消息：对话框正在创建
004DAE60 FF75 08       push dword ptr [ebp+8]             ; 对话框句柄
004DAE63 FF15 18634800 call dword ptr [<&USER32.PostMessageA>; USER32.PostMessageA
004DAE69  - E9 AB22F9FF    jmp    0046D119
004DAE6E 3D 38010000    cmp    eax, 138                      ; 控件创建消息
004DAE73 75 11          jnz    short 004DAE86
004DAE75 6A 00          push 0
004DAE77 6A 00          push 0
004DAE79 6A 0F          push 0F                            ; 发送 WM_PAINT消息到窗口过程
004DAE7B FF75 08       push dword ptr [ebp+8]
004DAE7E FF15 18634800 call dword ptr [<&USER32.PostMessageA>; USER32.PostMessageA
004DAE84  ^ EB E3          jmp    short 004DAE69
004DAE86 83F8 0F       cmp    eax, 0F                         ; WM_PAINT
004DAE89 75 07          jnz    short 004DAE92
004DAE8B E8 A0030000    call 004DB230                      ; 计算SS_WHITERECT 控件坐标函数
004DAE90  ^ EB D7          jmp    short 004DAE69
004DAE92 83F8 02       cmp    eax, 2
004DAE95 75 10          jnz    short 004DAEA7
004DAE97 B9 00E04B00    mov    ecx, 004BE000
004DAE9C FF71 0C       push dword ptr [ecx+C]             ; 武将头像内存位图句柄
004DAE9F FF15 48604800 call dword ptr [<&GDI32.DeleteObject>>; GDI32.DeleteObject
004DAEA5  ^ EB C2          jmp    short 004DAE69
004DAEA7 3D 90050000    cmp    eax, 590
004DAEAC 75 0D          jnz    short 004DAEBB
004DAEAE FF75 08       push dword ptr [ebp+8]             ; 对话框句柄
004DAEB1 8F42 08       pop    dword ptr [edx+8]
004DAEB4 E8 87000000    call 004DAF40                      ; 控件初始化函数
004DAEB9  ^ EB AE          jmp    short 004DAE69
004DAEBB 3D 11010000    cmp    eax, 111                      ; WM_COMMAND
004DAEC0  ^ 75 A7          jnz    short 004DAE69
004DAEC2 0FB74D 10    movzx ecx, word ptr [ebp+10]          ; wParam
004DAEC6 81F9 C6070000 cmp    ecx, 7C6                      ; [武器OK]按钮消息
004DAECC 75 07          jnz    short 004DAED5
004DAECE 6A 01          push 1
004DAED0 8F42 04       pop    dword ptr [edx+4]             ; 保存[交换]类型
004DAED3 EB 20          jmp    short 004DAEF5
004DAED5 81F9 C7070000 cmp    ecx, 7C7                      ; [护具OK]按钮消息
004DAEDB 75 07          jnz    short 004DAEE4
004DAEDD 6A 02          push 2
004DAEDF 8F42 04       pop    dword ptr [edx+4]
004DAEE2 EB 11          jmp    short 004DAEF5
004DAEE4 81F9 C8070000 cmp    ecx, 7C8                      ; [辅助OK]按钮消息
004DAEEA  - 0F85 2922F9FF jnz    0046D119
004DAEF0 6A 03          push 3
004DAEF2 8F42 04       pop    dword ptr [edx+4]
004DAEF5 6A 00          push 0
004DAEF7 6A 00          push 0
004DAEF9 6A 10          push 10                            ; WM_CLOSE
004DAEFB FF75 08       push dword ptr [ebp+8]
004DAEFE FF15 18634800 call dword ptr [<&USER32.PostMessageA>; USER32.PostMessageA
004DAF04  - E9 BC22F9FF    jmp    0046D1C5
004DAF09 90             nop

      二进制数据：
      8B 45 0C 89 45 E4 BA 00 E0 4B 00 8B 0A 41 75 19
      3D 10 01 00 00 75 17 6A 00 6A 00 68 90 05 00 00
      FF 75 08 FF 15 18 63 48 00 E9 AB 22 F9 FF 3D 38
      01 00 00 75 11 6A 00 6A 00 6A 0F FF 75 08 FF 15
      18 63 48 00 EB E3 83 F8 0F 75 07 E8 A0 03 00 00
      EB D7 83 F8 02 75 10 B9 00 E0 4B 00 FF 71 0C FF
      15 48 60 48 00 EB C2 3D 90 05 00 00 75 0D FF 75
      08 8F 42 08 E8 87 00 00 00 EB AE 3D 11 01 00 00
      75 A7 0F B7 4D 10 81 F9 C6 07 00 00 75 07 6A 01
      8F 42 04 EB 20 81 F9 C7 07 00 00 75 07 6A 02 8F
      42 04 EB 11 81 F9 C8 07 00 00 0F 85 29 22 F9 FF
      6A 03 8F 42 04 6A 00 6A 00 6A 10 FF 75 08 FF 15
      18 63 48 00 E9 BC 22 F9 FF 90

21. 控件初始化函数
004DAF40 55             push ebp                            ; 控件初始化函数
004DAF41 8BEC          mov    ebp, esp
004DAF43 83C4 F0       add    esp, -10
004DAF46 B8 00E04B00    mov    eax, 004BE000                   ; 原资源区块首地址
004DAF4B FF70 08       push dword ptr [eax+8]
004DAF4E 8F45 FC       pop    dword ptr [ebp-4]             ; 对话框窗口句柄
004DAF51 8945 F8       mov    dword ptr [ebp-8], eax
004DAF54 FF70 20       push dword ptr [eax+20]
004DAF57 8F45 F4       pop    dword ptr [ebp-C]             ; 武将B_SAV映射指针
004DAF5A 68 142E4900    push 00492E14                      ; ASCII "@?"
004DAF5F 8F45 F0       pop    dword ptr [ebp-10]
004DAF62 68 82050000    push 582                            ; 武器图标资源ID
004DAF67 FF75 FC       push dword ptr [ebp-4]
004DAF6A FF15 DC624800 call dword ptr [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
004DAF70 B9 D86C4B00    mov    ecx, 004B6CD8
004DAF75 51             push ecx
004DAF76 50             push eax                            ; 武器图标控件句柄
004DAF77 E8 8E78F8FF    call 0046280A                      ; 改变控件属性
004DAF7C 59             pop    ecx
004DAF7D 8B45 F0       mov    eax, dword ptr [ebp-10]       ; EAX = 492E14H
004DAF80 FF30          push dword ptr [eax]
004DAF82 E8 F683F8FF    call 0046337D
004DAF87 68 83050000    push 583                            ; 护具图标资源ID
004DAF8C FF75 FC       push dword ptr [ebp-4]
004DAF8F FF15 DC624800 call dword ptr [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
004DAF95 B9 786A4B00    mov    ecx, 004B6A78
004DAF9A 51             push ecx
004DAF9B 50             push eax
004DAF9C E8 6978F8FF    call 0046280A
004DAFA1 59             pop    ecx
004DAFA2 8B45 F0       mov    eax, dword ptr [ebp-10]       ; EAX = 492E14H
004DAFA5 FF30          push dword ptr [eax]
004DAFA7 E8 D183F8FF    call 0046337D
004DAFAC 68 84050000    push 584                            ; 辅助图标资源ID
004DAFB1 FF75 FC       push dword ptr [ebp-4]
004DAFB4 FF15 DC624800 call dword ptr [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
004DAFBA B9 F0744B00    mov    ecx, 004B74F0
004DAFBF 51             push ecx
004DAFC0 50             push eax
004DAFC1 E8 4478F8FF    call 0046280A
004DAFC6 59             pop    ecx
004DAFC7 8B45 F0       mov    eax, dword ptr [ebp-10]
004DAFCA FF30          push dword ptr [eax]
004DAFCC E8 AC83F8FF    call 0046337D
004DAFD1 8B4D F4       mov    ecx, dword ptr [ebp-C]          ; 武将B_SAV映射指针
004DAFD4 E8 CEC5F2FF    call 004075A7                      ; 获取武将真彩头像编号
004DAFD9 05 2D010000    add    eax, 12D                      ; 真彩头像起始序号301
004DAFDE 6A 40          push 40                            ; LR_DEFAULTSIZE
004DAFE0 6A 00          push 0                               ; CyDesired
004DAFE2 6A 00          push 0                               ; cxDesired
004DAFE4 6A 00          push 0                               ; IMAGE_BITMAP
004DAFE6 50             push eax                            ; 资源ID(武将真彩头像序号)
004DAFE7 FF35 00F14C00 push dword ptr [4CF100]             ; sge.dll实例句柄
004DAFED FF15 34D04C00 call dword ptr [4CD034]             ; USER32.LoadImageA
004DAFF3 8B4D F8       mov    ecx, dword ptr [ebp-8]
004DAFF6 8941 0C       mov    dword ptr [ecx+C], eax
004DAFF9 50             push eax                            ; 内存位图句柄
004DAFFA 6A 00          push 0                               ; IMAGE_BITMAP
004DAFFC 68 72010000    push 172                            ; STM_SETIMAGE
004DB001 68 CA070000    push 7CA                            ; 对话框中武将头像位图资源ID
004DB006 FF75 FC       push dword ptr [ebp-4]
004DB009 FF15 90634800 call dword ptr [<&USER32.SendDlgItemM>; USER32.SendDlgItemMessageA
004DB00F 8B4D F4       mov    ecx, dword ptr [ebp-C]          ; 武将B_SAV映射指针
004DB012 8D41 08       lea    eax, dword ptr [ecx+8]          ; 武将B_人物名称地址指针
004DB015 50             push eax
004DB016 68 73040000    push 473                            ; 武将名资源ID
004DB01B FF75 FC       push dword ptr [ebp-4]
004DB01E FF15 D8624800 call dword ptr [<&USER32.SetDlgItemTe>; USER32.SetDlgItemTextA
004DB024 8B4D F4       mov    ecx, dword ptr [ebp-C]
004DB027 0FB641 2B    movzx eax, byte ptr [ecx+2B]          ; 取武将B兵种代码
004DB02B 8B0485 A8BE4800 mov    eax, dword ptr [eax*4+48BEA8] ; 取部队名称
004DB032 50             push eax
004DB033 68 75040000    push 475                            ; 部队名资源ID
004DB038 FF75 FC       push dword ptr [ebp-4]
004DB03B FF15 D8624800 call dword ptr [<&USER32.SetDlgItemTe>; USER32.SetDlgItemTextA
004DB041 8B4D F4       mov    ecx, dword ptr [ebp-C]
004DB044 0FB641 2C    movzx eax, byte ptr [ecx+2C]          ; 取武将B人物等级
004DB048 6A 00          push 0
004DB04A 50             push eax
004DB04B 68 F9030000    push 3F9                            ; 等级值资源ID
004DB050 FF75 FC       push dword ptr [ebp-4]
004DB053 FF15 E4624800 call dword ptr [<&USER32.SetDlgItemIn>; USER32.SetDlgItemInt
004DB059 FF75 FC       push dword ptr [ebp-4]             ; 对话框窗口句柄
004DB05C 8B4D F4       mov    ecx, dword ptr [ebp-C]          ; 武将B_SAV映射指针
004DB05F E8 47BEF9FF    call 00476EAB                      ; 装备信息显示函数
004DB064 E8 27000000    call 004DB090                      ; 装备特性+特效值显示函数
004DB069 E8 92000000    call 004DB100                      ; [OK]按钮控制函数
004DB06E C9             leave
004DB06F C3             retn

      二进制数据：
      55 8B EC 83 C4 F0 B8 00 E0 4B 00 FF 70 08 8F 45
      FC 89 45 F8 FF 70 20 8F 45 F4 68 14 2E 49 00 8F
      45 F0 68 82 05 00 00 FF 75 FC FF 15 DC 62 48 00
      B9 D8 6C 4B 00 51 50 E8 8E 78 F8 FF 59 8B 45 F0
      FF 30 E8 F6 83 F8 FF 68 83 05 00 00 FF 75 FC FF
      15 DC 62 48 00 B9 78 6A 4B 00 51 50 E8 69 78 F8
      FF 59 8B 45 F0 FF 30 E8 D1 83 F8 FF 68 84 05 00
      00 FF 75 FC FF 15 DC 62 48 00 B9 F0 74 4B 00 51
      50 E8 44 78 F8 FF 59 8B 45 F0 FF 30 E8 AC 83 F8
      FF 8B 4D F4 E8 CE C5 F2 FF 05 2D 01 00 00 6A 40
      6A 00 6A 00 6A 00 50 FF 35 00 F1 4C 00 FF 15 34
      D0 4C 00 8B 4D F8 89 41 0C 50 6A 00 68 72 01 00
      00 68 CA 07 00 00 FF 75 FC FF 15 90 63 48 00 8B
      4D F4 8D 41 08 50 68 73 04 00 00 FF 75 FC FF 15
      D8 62 48 00 8B 4D F4 0F B6 41 2B 8B 04 85 A8 BE
      48 00 50 68 75 04 00 00 FF 75 FC FF 15 D8 62 48
      00 8B 4D F4 0F B6 41 2C 6A 00 50 68 F9 03 00 00
      FF 75 FC FF 15 E4 62 48 00 FF 75 FC 8B 4D F4 E8
      47 BE F9 FF E8 27 00 00 00 E8 92 00 00 00 C9 C3

作者: 蛇夫座 时间: 2010-2-10 01:07

22. 装备特性 + 特效值显示函数
004DB090 55             push ebp                            ; 装备特性+特效值显示函数
004DB091 8BEC          mov    ebp, esp
004DB093 83C4 D8       add    esp, -28
004DB096 B8 00E04B00    mov    eax, 004BE000                   ; 原资源区块首地址
004DB09B FF70 08       push dword ptr [eax+8]
004DB09E 8F45 DC       pop    dword ptr [ebp-24]             ; 对话框窗口句柄
004DB0A1 FF70 20       push dword ptr [eax+20]
004DB0A4 8F45 D8       pop    dword ptr [ebp-28]             ; 武将B_SAV映射指针
004DB0A7 8B4D D8       mov    ecx, dword ptr [ebp-28]
004DB0AA 0FB641 2E    movzx eax, byte ptr [ecx+2E]          ; 取武将B装备的武器代码
004DB0AE 50             push eax
004DB0AF 8D45 E0       lea    eax, dword ptr [ebp-20]
004DB0B2 50             push eax                            ; 足够存放装备特性+特效值的缓冲区指针
004DB0B3 E8 BC70F8FF    call 00462174                      ; 根据0C栈装备代码格式化08栈所指的缓冲区
004DB0B8 83C4 08       add    esp, 8
004DB0BB 8D45 E0       lea    eax, dword ptr [ebp-20]
004DB0BE 50             push eax                            ; 装备特性+特效值字符串指针
004DB0BF 68 88050000    push 588                            ; 武器特性资源ID
004DB0C4 FF75 DC       push dword ptr [ebp-24]
004DB0C7 FF15 D8624800 call dword ptr [<&USER32.SetDlgItemTe>; USER32.SetDlgItemTextA
004DB0CD 8B4D D8       mov    ecx, dword ptr [ebp-28]
004DB0D0 0FB641 31    movzx eax, byte ptr [ecx+31]          ; 取武将B装备的护具代码
004DB0D4 50             push eax
004DB0D5 8D45 E0       lea    eax, dword ptr [ebp-20]
004DB0D8 50             push eax                            ; 足够存放装备特性+特效值的缓冲区指针
004DB0D9 E8 9670F8FF    call 00462174                      ; 根据0C栈装备代码格式化08栈所指的缓冲区
004DB0DE 83C4 08       add    esp, 8
004DB0E1 8D45 E0       lea    eax, dword ptr [ebp-20]
004DB0E4 50             push eax                            ; 装备特性+特效值字符串指针
004DB0E5 68 89050000    push 589                            ; 护具特性资源ID
004DB0EA FF75 DC       push dword ptr [ebp-24]
004DB0ED FF15 D8624800 call dword ptr [<&USER32.SetDlgItemTe>; USER32.SetDlgItemTextA
004DB0F3 C9             leave
004DB0F4 C3             retn

      二进制数据：
      55 8B EC 83 C4 D8 B8 00 E0 4B 00 FF 70 08 8F 45
      DC FF 70 20 8F 45 D8 8B 4D D8 0F B6 41 2E 50 8D
      45 E0 50 E8 BC 70 F8 FF 83 C4 08 8D 45 E0 50 68
      88 05 00 00 FF 75 DC FF 15 D8 62 48 00 8B 4D D8
      0F B6 41 31 50 8D 45 E0 50 E8 96 70 F8 FF 83 C4
      08 8D 45 E0 50 68 89 05 00 00 FF 75 DC FF 15 D8
      62 48 00 C9 C3 90

23. 根据武将兵种是否禁用 [OK] 按钮
004DB100 55             push ebp                            ; [OK]按钮控制函数
004DB101 8BEC          mov    ebp, esp
004DB103 83C4 EC       add    esp, -14
004DB106 B8 00E04B00    mov    eax, 004BE000                   ; 原资源区块首地址
004DB10B 8945 F0       mov    dword ptr [ebp-10], eax
004DB10E 8B48 08       mov    ecx, dword ptr [eax+8]
004DB111 894D FC       mov    dword ptr [ebp-4], ecx          ; 对话框窗口句柄
004DB114 8B50 20       mov    edx, dword ptr [eax+20]
004DB117 8955 F4       mov    dword ptr [ebp-C], edx          ; 武将B_SAV映射指针
004DB11A 8B48 14       mov    ecx, dword ptr [eax+14]
004DB11D 894D F8       mov    dword ptr [ebp-8], ecx          ; 武将A_SAV映射指针
004DB120 0FB642 2E    movzx eax, byte ptr [edx+2E]
004DB124 8945 EC       mov    dword ptr [ebp-14], eax       ; 武将B装备的武器代码
004DB127 50             push eax
004DB128 E8 DAC7F2FF    call 00407907                      ; 检测武将A能否装备武将B的武器
004DB12D 85C0          test eax, eax                      ; 返回0表示不可装备
004DB12F 74 1D          je    short 004DB14E
004DB131 8B55 F8       mov    edx, dword ptr [ebp-8]          ; 武将A_SAV映射指针
004DB134 0FB642 2E    movzx eax, byte ptr [edx+2E]          ; 取武将A装备的武器代码
004DB138 3C FF          cmp    al, 0FF                         ; 检测是否为空
004DB13A 75 05          jnz    short 004DB141
004DB13C 3A45 EC       cmp    al, byte ptr [ebp-14]          ; 检测武将B武器装备是否也为空
004DB13F 74 0D          je    short 004DB14E
004DB141 50             push eax                            ; 武将A装备的武器代码
004DB142 8B4D F4       mov    ecx, dword ptr [ebp-C]          ; 武将B_SAV映射指针
004DB145 E8 BDC7F2FF    call 00407907                      ; 检测武将B能否装备武将A的武器
004DB14A 85C0          test eax, eax
004DB14C 75 17          jnz    short 004DB165
004DB14E 68 C6070000    push 7C6                            ; [武器OK]按钮资源ID
004DB153 FF75 FC       push dword ptr [ebp-4]
004DB156 FF15 DC624800 call dword ptr [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
004DB15C 6A 00          push 0                               ; 禁用
004DB15E 50             push eax
004DB15F FF15 E8624800 call dword ptr [<&USER32.EnableWindow>; USER32.EnableWindow
004DB165 8B55 F4       mov    edx, dword ptr [ebp-C]          ; 武将B_SAV映射指针
004DB168 0FB642 31    movzx eax, byte ptr [edx+31]
004DB16C 8945 EC       mov    dword ptr [ebp-14], eax       ; 取武将B装备的护具代码
004DB16F 50             push eax
004DB170 8B4D F8       mov    ecx, dword ptr [ebp-8]          ; 武将A_SAV映射指针
004DB173 E8 8FC7F2FF    call 00407907                      ; 检测武将A能否装备武将B的护具
004DB178 85C0          test eax, eax
004DB17A 74 1D          je    short 004DB199
004DB17C 8B55 F8       mov    edx, dword ptr [ebp-8]
004DB17F 0FB642 31    movzx eax, byte ptr [edx+31]          ; 取武将A装备的护具代码
004DB183 3C FF          cmp    al, 0FF                         ; 检测是否为空
004DB185 75 05          jnz    short 004DB18C
004DB187 3A45 EC       cmp    al, byte ptr [ebp-14]          ; 检测武将B护具装备是否也为空
004DB18A 74 0D          je    short 004DB199
004DB18C 50             push eax                            ; 武将A装备的护具代码
004DB18D 8B4D F4       mov    ecx, dword ptr [ebp-C]          ; 武将B_SAV映射指针
004DB190 E8 72C7F2FF    call 00407907                      ; 检测武将B能否装备武将A的护具
004DB195 85C0          test eax, eax
004DB197 75 17          jnz    short 004DB1B0
004DB199 68 C7070000    push 7C7                            ; [护具OK]按钮资源ID
004DB19E FF75 FC       push dword ptr [ebp-4]
004DB1A1 FF15 DC624800 call dword ptr [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
004DB1A7 6A 00          push 0                               ; 禁用
004DB1A9 50             push eax
004DB1AA FF15 E8624800 call dword ptr [<&USER32.EnableWindow>; USER32.EnableWindow
004DB1B0 8B55 F4       mov    edx, dword ptr [ebp-C]          ; 武将B_SAV映射指针
004DB1B3 0FB642 34    movzx eax, byte ptr [edx+34]          ; 取武将B装备的辅助代码
004DB1B7 8945 EC       mov    dword ptr [ebp-14], eax
004DB1BA 90             nop
004DB1BB 8B4D F8       mov    ecx, dword ptr [ebp-8]          ; 武将A_SAV映射指针
004DB1BE 50             push eax
004DB1BF E8 43C7F2FF    call 00407907                      ; 检测武将A能否装备武将B的辅助
004DB1C4 85C0          test eax, eax
004DB1C6 74 1D          je    short 004DB1E5
004DB1C8 8B55 F8       mov    edx, dword ptr [ebp-8]
004DB1CB 0FB642 34    movzx eax, byte ptr [edx+34]          ; 取武将A装备的辅助代码
004DB1CF 3C FF          cmp    al, 0FF                         ; 检测是否为空
004DB1D1 75 05          jnz    short 004DB1D8
004DB1D3 3A45 EC       cmp    al, byte ptr [ebp-14]          ; 检测武将B辅助装备是否也为空
004DB1D6 74 0D          je    short 004DB1E5
004DB1D8 50             push eax
004DB1D9 8B4D F4       mov    ecx, dword ptr [ebp-C]          ; 武将B_SAV映射指针
004DB1DC E8 26C7F2FF    call 00407907                      ; 检测武将B能否装备武将A的辅助
004DB1E1 85C0          test eax, eax
004DB1E3 75 17          jnz    short 004DB1FC
004DB1E5 68 C8070000    push 7C8                            ; [辅助OK]按钮资源ID
004DB1EA FF75 FC       push dword ptr [ebp-4]
004DB1ED FF15 DC624800 call dword ptr [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
004DB1F3 6A 00          push 0                               ; 禁用
004DB1F5 50             push eax
004DB1F6 FF15 E8624800 call dword ptr [<&USER32.EnableWindow>; USER32.EnableWindow
004DB1FC 6A 00          push 0
004DB1FE FF15 AC614800 call dword ptr [<&KERNEL32.GetModuleH>; kernel32.GetModuleHandleA
004DB204 6A 7F          push 7F                            ; 手指光标资源ID
004DB206 50             push eax                            ; 主模块句柄
004DB207 FF15 B0634800 call dword ptr [<&USER32.LoadCursorA>>; USER32.LoadCursorA
004DB20D 50             push eax
004DB20E 6A 02          push 2                               ; [取消]按钮ID
004DB210 FF75 FC       push dword ptr [ebp-4]
004DB213 FF15 DC624800 call dword ptr [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
004DB219 6A F4          push -0C                            ; GCL_HCURSOR
004DB21B 50             push eax
004DB21C FF15 B8624800 call dword ptr [<&USER32.SetClassLong>; USER32.SetClassLongA
004DB222 C9             leave
004DB223 C3             retn

      二进制数据：
      55 8B EC 83 C4 EC B8 00 E0 4B 00 89 45 F0 8B 48
      08 89 4D FC 8B 50 20 89 55 F4 8B 48 14 89 4D F8
      0F B6 42 2E 89 45 EC 50 E8 DA C7 F2 FF 85 C0 74
      1D 8B 55 F8 0F B6 42 2E 3C FF 75 05 3A 45 EC 74
      0D 50 8B 4D F4 E8 BD C7 F2 FF 85 C0 75 17 68 C6
      07 00 00 FF 75 FC FF 15 DC 62 48 00 6A 00 50 FF
      15 E8 62 48 00 8B 55 F4 0F B6 42 31 89 45 EC 50
      8B 4D F8 E8 8F C7 F2 FF 85 C0 74 1D 8B 55 F8 0F
      B6 42 31 3C FF 75 05 3A 45 EC 74 0D 50 8B 4D F4
      E8 72 C7 F2 FF 85 C0 75 17 68 C7 07 00 00 FF 75
      FC FF 15 DC 62 48 00 6A 00 50 FF 15 E8 62 48 00
      8B 55 F4 0F B6 42 34 89 45 EC 90 8B 4D F8 50 E8
      43 C7 F2 FF 85 C0 74 1D 8B 55 F8 0F B6 42 34 3C
      FF 75 05 3A 45 EC 74 0D 50 8B 4D F4 E8 26 C7 F2
      FF 85 C0 75 17 68 C8 07 00 00 FF 75 FC FF 15 DC
      62 48 00 6A 00 50 FF 15 E8 62 48 00 6A 00 FF 15
      AC 61 48 00 6A 7F 50 FF 15 B0 63 48 00 50 6A 02
      FF 75 FC FF 15 DC 62 48 00 6A F4 50 FF 15 B8 62
      48 00 C9 C3

24. 经验值显示函数
004DB230 55             push ebp                            ; 计算SS_WHITERECT 控件坐标函数
004DB231 8BEC          mov    ebp, esp
004DB233 83EC 48       sub    esp, 48
004DB236 B9 00E04B00    mov    ecx, 004BE000                   ; 原资源区块首地址
004DB23B FF71 08       push dword ptr [ecx+8]
004DB23E 8F45 CC       pop    dword ptr [ebp-34]             ; 对话框窗口句柄
004DB241 FF71 20       push dword ptr [ecx+20]
004DB244 8F45 C8       pop    dword ptr [ebp-38]             ; 武将B_SAV映射指针
004DB247 B8 8E050000    mov    eax, 58E                      ; 武器经验槽资源ID
004DB24C 8945 B8       mov    dword ptr [ebp-48], eax
004DB24F 40             inc    eax
004DB250 8945 BC       mov    dword ptr [ebp-44], eax       ; 护具经验槽资源ID
004DB253 05 3C020000    add    eax, 23C
004DB258 8945 C0       mov    dword ptr [ebp-40], eax       ; 武将B人物经验槽资源ID
004DB25B 33C0          xor    eax, eax
004DB25D 8945 C4       mov    dword ptr [ebp-3C], eax       ; 循环计数器清0
004DB260 837D C4 02    cmp    dword ptr [ebp-3C], 2
004DB264 0F87 96000000 ja    004DB300
004DB26A 8D4D B8       lea    ecx, dword ptr [ebp-48]       ; 取最后一个局部变量地址
004DB26D 8B45 C4       mov    eax, dword ptr [ebp-3C]       ; 取循环计数值
004DB270 FF3481       push dword ptr [ecx+eax*4]          ; 压入当前处理的资源ID
004DB273 FF75 CC       push dword ptr [ebp-34]             ; 对话框窗口句柄
004DB276 FF15 DC624800 call dword ptr [<&USER32.GetDlgItem>] ; USER32.GetDlgItem
004DB27C 50             push eax                            ; 保护当前处理的控件句柄
004DB27D 8D4D F0       lea    ecx, dword ptr [ebp-10]
004DB280 51             push ecx                            ; lpRect
004DB281 50             push eax                            ; 要获取客户区大小的窗口句柄
004DB282 FF15 EC624800 call dword ptr [<&USER32.GetClientRec>; USER32.GetClientRect
004DB288 5A             pop    edx
004DB289 8D45 F0       lea    eax, dword ptr [ebp-10]
004DB28C 50             push eax                            ; lpPoint
004DB28D 52             push edx                            ; 当前处理的控件句柄
004DB28E FF15 20634800 call dword ptr [<&USER32.ClientToScre>; USER32.ClientToScreen
004DB294 8D45 F0       lea    eax, dword ptr [ebp-10]
004DB297 50             push eax                            ; lpPoint
004DB298 FF75 CC       push dword ptr [ebp-34]             ; 对话框窗口句柄
004DB29B FF15 64624800 call dword ptr [<&USER32.ScreenToClie>; USER32.ScreenToClient
004DB2A1 8B45 F0       mov    eax, dword ptr [ebp-10]       ; 经验槽控件位于主窗口中的Left位置
004DB2A4 0145 F8       add    dword ptr [ebp-8], eax          ; Right
004DB2A7 8B45 F4       mov    eax, dword ptr [ebp-C]          ; Top
004DB2AA 0145 FC       add    dword ptr [ebp-4], eax          ; Bottom
004DB2AD 8B4D C8       mov    ecx, dword ptr [ebp-38]       ; 武将B_SAV映射指针
004DB2B0 8B45 C4       mov    eax, dword ptr [ebp-3C]       ; 循环计数器值
004DB2B3 84C0          test al, al                         ; 检测当前处理的是那一类型
004DB2B5 74 08          je    short 004DB2BF
004DB2B7 48             dec    eax
004DB2B8 74 0B          je    short 004DB2C5
004DB2BA 48             dec    eax
004DB2BB 74 0E          je    short 004DB2CB
004DB2BD EB 41          jmp    short 004DB300
004DB2BF 0FB641 30    movzx eax, byte ptr [ecx+30]          ; 武将B_武器经验值
004DB2C3 EB 0A          jmp    short 004DB2CF
004DB2C5 0FB641 33    movzx eax, byte ptr [ecx+33]          ; 武将B_护具经验值
004DB2C9 EB 04          jmp    short 004DB2CF
004DB2CB 0FB641 2D    movzx eax, byte ptr [ecx+2D]          ; 武将B_人物经验值
004DB2CF 6A 26          push 26
004DB2D1 6A 64          push 64
004DB2D3 6A 64          push 64
004DB2D5 50             push eax
004DB2D6 8D4D D0       lea    ecx, dword ptr [ebp-30]
004DB2D9 E8 1561F8FF    call 004613F3                      ; 填写缓冲区
004DB2DE 6A 05          push 5
004DB2E0 6A 00          push 0
004DB2E2 8D55 F0       lea    edx, dword ptr [ebp-10]
004DB2E5 52             push edx                            ; lpRect
004DB2E6 FF75 CC       push dword ptr [ebp-34]             ; 对话框窗口句柄
004DB2E9 FF15 98624800 call dword ptr [<&USER32.GetDC>]    ; USER32.GetDC
004DB2EF 50             push eax
004DB2F0 8D4D D0       lea    ecx, dword ptr [ebp-30]       ; 已填充的缓冲指针
004DB2F3 E8 7761F8FF    call 0046146F                      ; 绘画经验槽函数
004DB2F8 FF45 C4       inc    dword ptr [ebp-3C]             ; 循环计数值加1
004DB2FB  ^ E9 60FFFFFF    jmp    004DB260
004DB300 C9             leave
004DB301 C3             retn

      二进制数据：
      55 8B EC 83 EC 48 B9 00 E0 4B 00 FF 71 08 8F 45
      CC FF 71 20 8F 45 C8 B8 8E 05 00 00 89 45 B8 40
      89 45 BC 05 3C 02 00 00 89 45 C0 33 C0 89 45 C4
      83 7D C4 02 0F 87 96 00 00 00 8D 4D B8 8B 45 C4
      FF 34 81 FF 75 CC FF 15 DC 62 48 00 50 8D 4D F0
      51 50 FF 15 EC 62 48 00 5A 8D 45 F0 50 52 FF 15
      20 63 48 00 8D 45 F0 50 FF 75 CC FF 15 64 62 48
      00 8B 45 F0 01 45 F8 8B 45 F4 01 45 FC 8B 4D C8
      8B 45 C4 84 C0 74 08 48 74 0B 48 74 0E EB 41 0F
      B6 41 30 EB 0A 0F B6 41 33 EB 04 0F B6 41 2D 6A
      26 6A 64 6A 64 50 8D 4D D0 E8 15 61 F8 FF 6A 05
      6A 00 8D 55 F0 52 FF 75 CC FF 15 98 62 48 00 50
      8D 4D D0 E8 77 61 F8 FF FF 45 C4 E9 60 FF FF FF
      C9 C3

25. 红色位图画刷填充长度修正
004618CC - E9 3F9A0700 jmp    004DB310
004618D1    90          nop

004DB310 834D D0 00    or    dword ptr [ebp-30], 0          ; 修改了lpRect的Top或Left字段，这个局部变量不会为0
004DB314 75 0B          jnz    short 004DB321
004DB316 8B55 D8       mov    edx, dword ptr [ebp-28]
004DB319 2B55 D0       sub    edx, dword ptr [ebp-30]
004DB31C  - E9 B165F8FF    jmp    004618D2
004DB321 8B8D 70FFFFFF mov    ecx, dword ptr [ebp-90]
004DB327 8B01          mov    eax, dword ptr [ecx]          ; 取要显示的经验值
004DB329 33D2          xor    edx, edx                      ; 符号位清0
004DB32B 6A 64          push 64                            ; 十进制100
004DB32D F73424       div    dword ptr [esp]                ; 取要显示的经验值/100
004DB330 8B4D 0C       mov    ecx, dword ptr [ebp+C]          ; lpRect指针
004DB333 8B41 08       mov    eax, dword ptr [ecx+8]
004DB336 2B01          sub    eax, dword ptr [ecx]          ; 获取窗户区宽度
004DB338 F7E2          mul    edx                            ; 窗户区宽度*(要显示的经验值/100)
004DB33A 33D2          xor    edx, edx
004DB33C F73424       div    dword ptr [esp]                ; 要显示的长度=窗户区宽度*(要显示的经验值/100)/100
004DB33F 5A             pop    edx
004DB340 50             push eax                            ; 要显示的长度
004DB341  - E9 8D65F8FF    jmp    004618D3

      二进制数据：
      83 4D D0 00 75 0B 8B 55 D8 2B 55 D0 E9 B1 65 F8
      FF 8B 8D 70 FF FF FF 8B 01 33 D2 6A 64 F7 34 24
      8B 4D 0C 8B 41 08 2B 01 F7 E2 33 D2 F7 34 24 5A
      50 E9 8D 65 F8 FF

作者: 蛇夫座 时间: 2010-2-10 01:08

26. 对话框返回后，[交换]内容处理
004DB359 55             push ebp                            ; [交换]内容处理函数
004DB35A 8BEC          mov    ebp, esp
004DB35C 83C4 CC       add    esp, -34
004DB35F B8 00E04B00    mov    eax, 004BE000                   ; 原资源区块首地址
004DB364 8B48 08       mov    ecx, dword ptr [eax+8]
004DB367 894D FC       mov    dword ptr [ebp-4], ecx          ; 对话框窗口句柄
004DB36A 8B48 18       mov    ecx, dword ptr [eax+18]
004DB36D 894D EC       mov    dword ptr [ebp-14], ecx       ; 武将A_DATA编号
004DB370 8B48 14       mov    ecx, dword ptr [eax+14]
004DB373 894D F0       mov    dword ptr [ebp-10], ecx       ; 武将A_SAV映射指针
004DB376 8B50 24       mov    edx, dword ptr [eax+24]
004DB379 8955 D8       mov    dword ptr [ebp-28], edx       ; 武将B_DATA编号
004DB37C 8B50 20       mov    edx, dword ptr [eax+20]
004DB37F 8955 DC       mov    dword ptr [ebp-24], edx       ; 武将B_SAV映射指针
004DB382 8B45 08       mov    eax, dword ptr [ebp+8]          ; 取命令ID
004DB385 85C0          test eax, eax
004DB387 74 0B          je    short 004DB394
004DB389 48             dec    eax
004DB38A 74 34          je    short 004DB3C0
004DB38C 48             dec    eax
004DB38D 74 5D          je    short 004DB3EC
004DB38F E9 5D020000    jmp    004DB5F1
004DB394 0FB641 2E    movzx eax, byte ptr [ecx+2E]
004DB398 8945 E8       mov    dword ptr [ebp-18], eax       ; 武将A所装备的武器代码
004DB39B 0FB641 2F    movzx eax, byte ptr [ecx+2F]
004DB39F 8945 E4       mov    dword ptr [ebp-1C], eax       ; 武将A所装备的武器等级
004DB3A2 0FB641 30    movzx eax, byte ptr [ecx+30]
004DB3A6 8945 E0       mov    dword ptr [ebp-20], eax       ; 武将A所装备的武器经验
004DB3A9 0FB642 2E    movzx eax, byte ptr [edx+2E]
004DB3AD 8945 D4       mov    dword ptr [ebp-2C], eax       ; 武将B所装备的武器代码
004DB3B0 0FB642 2F    movzx eax, byte ptr [edx+2F]
004DB3B4 8945 D0       mov    dword ptr [ebp-30], eax       ; 武将B所装备的武器等级
004DB3B7 0FB642 30    movzx eax, byte ptr [edx+30]
004DB3BB 8945 CC       mov    dword ptr [ebp-34], eax       ; 武将B所装备的武器经验
004DB3BE EB 56          jmp    short 004DB416
004DB3C0 0FB641 31    movzx eax, byte ptr [ecx+31]
004DB3C4 8945 E8       mov    dword ptr [ebp-18], eax       ; 武将A所装备的护具代码
004DB3C7 0FB641 32    movzx eax, byte ptr [ecx+32]
004DB3CB 8945 E4       mov    dword ptr [ebp-1C], eax       ; 武将A所装备的护具等级
004DB3CE 0FB641 33    movzx eax, byte ptr [ecx+33]
004DB3D2 8945 E0       mov    dword ptr [ebp-20], eax       ; 武将A所装备的护具经验
004DB3D5 0FB642 31    movzx eax, byte ptr [edx+31]
004DB3D9 8945 D4       mov    dword ptr [ebp-2C], eax
004DB3DC 0FB642 32    movzx eax, byte ptr [edx+32]
004DB3E0 8945 D0       mov    dword ptr [ebp-30], eax
004DB3E3 0FB642 33    movzx eax, byte ptr [edx+33]
004DB3E7 8945 CC       mov    dword ptr [ebp-34], eax
004DB3EA EB 2A          jmp    short 004DB416
004DB3EC 0FB641 34    movzx eax, byte ptr [ecx+34]          ; 武将A所装备的辅助代码
004DB3F0 8945 E8       mov    dword ptr [ebp-18], eax
004DB3F3 0FB641 35    movzx eax, byte ptr [ecx+35]
004DB3F7 8945 E4       mov    dword ptr [ebp-1C], eax       ; 固定为0FFH，对齐用
004DB3FA 0FB641 36    movzx eax, byte ptr [ecx+36]
004DB3FE 8945 E0       mov    dword ptr [ebp-20], eax       ; 固定为0FFH，对齐用
004DB401 0FB642 34    movzx eax, byte ptr [edx+34]
004DB405 8945 D4       mov    dword ptr [ebp-2C], eax
004DB408 0FB642 35    movzx eax, byte ptr [edx+35]
004DB40C 8945 D0       mov    dword ptr [ebp-30], eax
004DB40F 0FB642 36    movzx eax, byte ptr [edx+36]
004DB413 8945 CC       mov    dword ptr [ebp-34], eax
004DB416 FF75 CC       push dword ptr [ebp-34]             ; 装备经验
004DB419 FF75 D0       push dword ptr [ebp-30]             ; 装备等级
004DB41C FF75 D4       push dword ptr [ebp-2C]             ; 装备代码
004DB41F FF75 08       push dword ptr [ebp+8]             ; 装备位置
004DB422 8B4D F0       mov    ecx, dword ptr [ebp-10]       ; 武将A_SAV映射指针
004DB425 E8 4EC9F2FF    call 00407D78                      ; 更换ECX武将08栈位置装备
004DB42A FF75 E0       push dword ptr [ebp-20]             ; 装备经验
004DB42D FF75 E4       push dword ptr [ebp-1C]             ; 装备等级
004DB430 FF75 E8       push dword ptr [ebp-18]             ; 装备代码
004DB433 FF75 08       push dword ptr [ebp+8]             ; 装备位置
004DB436 8B4D DC       mov    ecx, dword ptr [ebp-24]       ; 武将B_SAV映射指针
004DB439 E8 3AC9F2FF    call 00407D78                ; 更换ECX武将08栈位置装备,0C栈道具代码,10栈等级,14栈经验
004DB43E 33C0          xor    eax, eax
004DB440 8BC8          mov    ecx, eax
004DB442 40             inc    eax
004DB443 807D E8 FF    cmp    byte ptr [ebp-18], 0FF          ; 检测武将A原装备代码是否为空
004DB447 75 05          jnz    short 004DB44E
004DB449 894D F8       mov    dword ptr [ebp-8], ecx          ; 标志位清0
004DB44C EB 03          jmp    short 004DB451
004DB44E 8945 F8       mov    dword ptr [ebp-8], eax          ; 标志位置位
004DB451 807D D4 FF    cmp    byte ptr [ebp-2C], 0FF          ; 检测武将B原装备代码是否为空
004DB455 75 05          jnz    short 004DB45C
004DB457 894D F4       mov    dword ptr [ebp-C], ecx          ; 标志位清0
004DB45A EB 03          jmp    short 004DB45F
004DB45C 8945 F4       mov    dword ptr [ebp-C], eax          ; 标志位置位
004DB45F 834D F8 00    or    dword ptr [ebp-8], 0          ; 若武将A原装备位置为空则不显示取物品动作
004DB463 74 62          je    short 004DB4C7
004DB465 68 FF000000    push 0FF
004DB46A 68 FF000000    push 0FF
004DB46F 6A 01          push 1                               ; 举手
004DB471 FF75 EC       push dword ptr [ebp-14]             ; 武将A_DATA编号
004DB474 B9 F05D4B00    mov    ecx, 004B5DF0
004DB479 E8 11C3F7FF    call 0045778F                      ; 显示武将动作
004DB47E 6A 00          push 0
004DB480 6A 00          push 0
004DB482 6A 08          push 8
004DB484 6A 20          push 20
004DB486 6A 08          push 8
004DB488 FF75 E8       push dword ptr [ebp-18]             ; 武将A原装备代码
004DB48B FF75 EC       push dword ptr [ebp-14]             ; 武将A_DATA编号
004DB48E E8 D376FFFF    call 004D2B66                      ; 显示武将取出物品动作
004DB493 68 FF000000    push 0FF
004DB498 68 FF000000    push 0FF
004DB49D 6A 00          push 0                               ; 正常
004DB49F FF75 EC       push dword ptr [ebp-14]             ; 武将A_DATA编号
004DB4A2 B9 F05D4B00    mov    ecx, 004B5DF0
004DB4A7 E8 E3C2F7FF    call 0045778F                      ; 显示武将动作
004DB4AC 8B45 E8       mov    eax, dword ptr [ebp-18]       ; 武将A原装备代码
004DB4AF 6BC0 19       imul eax, eax, 19
004DB4B2 05 40114A00    add    eax, 004A1140                   ; 道具DATA映射指针
004DB4B7 50             push eax
004DB4B8 68 C0545500    push 005554C0                      ; "交出%s"
004DB4BD 6A 02          push 2
004DB4BF E8 D541F5FF    call 0042F699                      ; 格式化字符串并显示提示信息
004DB4C4 83C4 0C       add    esp, 0C
004DB4C7 834D F4 00    or    dword ptr [ebp-C], 0          ; 若武将B原装备位置为空则不显示取物品动作
004DB4CB 74 47          je    short 004DB514
004DB4CD 68 FF000000    push 0FF
004DB4D2 68 FF000000    push 0FF
004DB4D7 6A 01          push 1                               ; 举手
004DB4D9 FF75 D8       push dword ptr [ebp-28]             ; 武将B_DATA编号
004DB4DC B9 F05D4B00    mov    ecx, 004B5DF0
004DB4E1 E8 A9C2F7FF    call 0045778F                      ; 显示武将动作
004DB4E6 6A 00          push 0
004DB4E8 6A 00          push 0
004DB4EA 6A 08          push 8
004DB4EC 6A 20          push 20
004DB4EE 6A 08          push 8
004DB4F0 FF75 D4       push dword ptr [ebp-2C]             ; 武将B原装备代码
004DB4F3 FF75 D8       push dword ptr [ebp-28]             ; 武将B_DATA编号
004DB4F6 E8 6B76FFFF    call 004D2B66
004DB4FB 68 FF000000    push 0FF
004DB500 68 FF000000    push 0FF
004DB505 6A 00          push 0
004DB507 FF75 D8       push dword ptr [ebp-28]
004DB50A B9 F05D4B00    mov    ecx, 004B5DF0
004DB50F E8 7BC2F7FF    call 0045778F
004DB514 834D F8 00    or    dword ptr [ebp-8], 0          ; 若武将A原装备位置为空则武将B不显示获得物品动作
004DB518 74 47          je    short 004DB561
004DB51A 68 FF000000    push 0FF
004DB51F 68 FF000000    push 0FF
004DB524 6A 01          push 1
004DB526 FF75 D8       push dword ptr [ebp-28]
004DB529 B9 F05D4B00    mov    ecx, 004B5DF0
004DB52E E8 5CC2F7FF    call 0045778F                      ; 显示武将举手动作
004DB533 6A 01          push 1
004DB535 6A 0E          push 0E
004DB537 6A 08          push 8
004DB539 6A 00          push 0
004DB53B 6A FF          push -1
004DB53D FF75 E8       push dword ptr [ebp-18]             ; 武将A原装备代码
004DB540 FF75 D8       push dword ptr [ebp-28]             ; 武将B_DATA编号
004DB543 E8 1E76FFFF    call 004D2B66                      ; 显示武将得到物品动作
004DB548 68 FF000000    push 0FF
004DB54D 68 FF000000    push 0FF
004DB552 6A 00          push 0
004DB554 FF75 D8       push dword ptr [ebp-28]
004DB557 B9 F05D4B00    mov    ecx, 004B5DF0
004DB55C E8 2EC2F7FF    call 0045778F
004DB561 834D F4 00    or    dword ptr [ebp-C], 0          ; 若武将B原装备位置为空则武将A不显示获得物品动作
004DB565 74 47          je    short 004DB5AE
004DB567 68 FF000000    push 0FF
004DB56C 68 FF000000    push 0FF
004DB571 6A 01          push 1
004DB573 FF75 EC       push dword ptr [ebp-14]             ; 武将A_DATA编号
004DB576 B9 F05D4B00    mov    ecx, 004B5DF0
004DB57B E8 0FC2F7FF    call 0045778F                      ; 显示武将举手动作
004DB580 6A 01          push 1
004DB582 6A 0E          push 0E
004DB584 6A 08          push 8
004DB586 6A 00          push 0
004DB588 6A FF          push -1
004DB58A FF75 D4       push dword ptr [ebp-2C]             ; 武将B原装备代码
004DB58D FF75 EC       push dword ptr [ebp-14]             ; 武将A_DATA编号
004DB590 E8 D175FFFF    call 004D2B66                      ; 显示武将得到物品动作
004DB595 68 FF000000    push 0FF
004DB59A 68 FF000000    push 0FF
004DB59F 6A 00          push 0
004DB5A1 FF75 EC       push dword ptr [ebp-14]
004DB5A4 B9 F05D4B00    mov    ecx, 004B5DF0
004DB5A9 E8 E1C1F7FF    call 0045778F
004DB5AE 6A 06          push 6
004DB5B0 B8 00E04B00    mov    eax, 004BE000
004DB5B5 8B48 10       mov    ecx, dword ptr [eax+10]       ; 武将A战场信息指针
004DB5B8 E8 5B71F6FF    call 00442718                      ; 更新武将是否已行动标记
004DB5BD 6A 00          push 0
004DB5BF 6A 00          push 0
004DB5C1 6A 00          push 0
004DB5C3 FF75 EC       push dword ptr [ebp-14]             ; 武将A_DATA编号
004DB5C6 B9 F05D4B00    mov    ecx, 004B5DF0
004DB5CB E8 BFC1F7FF    call 0045778F                      ; 显示武将转向动作并变暗
004DB5D0 834D F4 00    or    dword ptr [ebp-C], 0          ; 若武将B原装备位置为空则不显示获得物品信息
004DB5D4 74 1B          je    short 004DB5F1
004DB5D6 8B45 D4       mov    eax, dword ptr [ebp-2C]       ; 武将B原装备代码
004DB5D9 6BC0 19       imul eax, eax, 19
004DB5DC 05 40114A00    add    eax, 004A1140                   ; 道具DATA映射指针
004DB5E1 50             push eax
004DB5E2 68 26595500    push 00555926                      ; "装备上%s"
004DB5E7 6A 02          push 2
004DB5E9 E8 AB40F5FF    call 0042F699                      ; 格式化字符串并显示提示信息
004DB5EE 83C4 0C       add    esp, 0C
004DB5F1 C9             leave
004DB5F2 C2 0400       retn 4

      二进制数据：
      55 8B EC 83 C4 CC B8 00 E0 4B 00 8B 48 08 89 4D
      FC 8B 48 18 89 4D EC 8B 48 14 89 4D F0 8B 50 24
      89 55 D8 8B 50 20 89 55 DC 8B 45 08 85 C0 74 0B
      48 74 34 48 74 5D E9 5D 02 00 00 0F B6 41 2E 89
      45 E8 0F B6 41 2F 89 45 E4 0F B6 41 30 89 45 E0
      0F B6 42 2E 89 45 D4 0F B6 42 2F 89 45 D0 0F B6
      42 30 89 45 CC EB 56 0F B6 41 31 89 45 E8 0F B6
      41 32 89 45 E4 0F B6 41 33 89 45 E0 0F B6 42 31
      89 45 D4 0F B6 42 32 89 45 D0 0F B6 42 33 89 45
      CC EB 2A 0F B6 41 34 89 45 E8 0F B6 41 35 89 45
      E4 0F B6 41 36 89 45 E0 0F B6 42 34 89 45 D4 0F
      B6 42 35 89 45 D0 0F B6 42 36 89 45 CC FF 75 CC
      FF 75 D0 FF 75 D4 FF 75 08 8B 4D F0 E8 4E C9 F2
      FF FF 75 E0 FF 75 E4 FF 75 E8 FF 75 08 8B 4D DC
      E8 3A C9 F2 FF 33 C0 8B C8 40 80 7D E8 FF 75 05
      89 4D F8 EB 03 89 45 F8 80 7D D4 FF 75 05 89 4D
      F4 EB 03 89 45 F4 83 4D F8 00 74 62 68 FF 00 00
      00 68 FF 00 00 00 6A 01 FF 75 EC B9 F0 5D 4B 00
      E8 11 C3 F7 FF 6A 00 6A 00 6A 08 6A 20 6A 08 FF
      75 E8 FF 75 EC E8 D3 76 FF FF 68 FF 00 00 00 68
      FF 00 00 00 6A 00 FF 75 EC B9 F0 5D 4B 00 E8 E3
      C2 F7 FF 8B 45 E8 6B C0 19 05 40 11 4A 00 50 68
      C0 54 55 00 6A 02 E8 D5 41 F5 FF 83 C4 0C 83 4D
      F4 00 74 47 68 FF 00 00 00 68 FF 00 00 00 6A 01
      FF 75 D8 B9 F0 5D 4B 00 E8 A9 C2 F7 FF 6A 00 6A
      00 6A 08 6A 20 6A 08 FF 75 D4 FF 75 D8 E8 6B 76
      FF FF 68 FF 00 00 00 68 FF 00 00 00 6A 00 FF 75
      D8 B9 F0 5D 4B 00 E8 7B C2 F7 FF 83 4D F8 00 74
      47 68 FF 00 00 00 68 FF 00 00 00 6A 01 FF 75 D8
      B9 F0 5D 4B 00 E8 5C C2 F7 FF 6A 01 6A 0E 6A 08
      6A 00 6A FF FF 75 E8 FF 75 D8 E8 1E 76 FF FF 68
      FF 00 00 00 68 FF 00 00 00 6A 00 FF 75 D8 B9 F0
      5D 4B 00 E8 2E C2 F7 FF 83 4D F4 00 74 47 68 FF
      00 00 00 68 FF 00 00 00 6A 01 FF 75 EC B9 F0 5D
      4B 00 E8 0F C2 F7 FF 6A 01 6A 0E 6A 08 6A 00 6A
      FF FF 75 D4 FF 75 EC E8 D1 75 FF FF 68 FF 00 00
      00 68 FF 00 00 00 6A 00 FF 75 EC B9 F0 5D 4B 00
      E8 E1 C1 F7 FF 6A 06 B8 00 E0 4B 00 8B 48 10 E8
      5B 71 F6 FF 6A 00 6A 00 6A 00 FF 75 EC B9 F0 5D
      4B 00 E8 BF C1 F7 FF 83 4D F4 00 74 1B 8B 45 D4
      6B C0 19 05 40 11 4A 00 50 68 26 59 55 00 6A 02
      E8 AB 40 F5 FF 83 C4 0C C9 C2 04 00

作者: 蛇夫座 时间: 2010-2-10 01:10

先占一楼备用，谢谢！！

作者: 蛇夫座 时间: 2010-2-10 01:10

下面贴一点资源目录数据分析：
[根目录_第一层]
004BE000  00 00 00 00 ; 根目录IMAGE_RESOURCE_DIRECTORY结构
      00 00 00 00
      04 00
      00 00
      00 00
      08 00       ; 共有8个IMAGE_RESOURCE_DIRECTORY_ENTRY结构
004BE010  01 00 00 00 ; 用于第一层时表示资源类型----光标
      50 00 00 80 ; 最高位为1, 表示还有第二层目录, 地址=低位数据(offset)+块首地址
004BE018  02 00 00 00 ; 位图
      C0 00 00 80
004BE020  03 00 00 00 ; 图标
      10 01 00 80
004BE028  04 00 00 00 ; 菜单
      30 01 00 80
004BE030  05 00 00 00 ; 对话框
      48 01 00 80
004BE038  0C 00 00 00 ; 光标组
      58 02 00 80
004BE040  0E 00 00 00 ; 图标组
      C8 02 00 80
004BE048  10 00 00 00 ; 版本信息
      E0 02 00 80

[第二层] (主要分析对话框部分)
004BE148  00 00 00 00 ; 第二层下对话框IMAGE_RESOURCE_DIRECTORY结构
      00 00 00 00
      04 00
      00 00
      01 00       ; 以字符串命名的资源数量
      1F 00       ; 以ID数字命名的资源数量
004BE158  D0 0D 00 80 ; 1, 第二层IMAGE_RESOURCE_DIRECTORY_ENTRY结构, 其中最高位为1表示低位作为指针使用
                     ; 指针IMAGE_RESOURCE_DIR_STRING_U结构(该结构存放UNICODE字符串)
      20 05 00 80 ; 当最高位为1时, 低位数据指向下一层(第三层)数据地址
            |
            |-->    004BEDD0  07 00 4B 00 41 00 4E 00 4B 00 59 00 4F 00 55 00  .K.A.N.K.Y.O.U.
                     004BEDE0  00 00                                           ..
004BE160  A6 00 00 00 ; 2
      38 05 00 80
004BE168  A7 00 00 00 ; 3
      50 05 00 80
004BE170  B2 00 00 00 ; 4
      68 05 00 80
004BE178  B3 00 00 00 ; 5
      80 05 00 80
004BE180  BA 00 00 00 ; 6
      98 05 00 80
004BE188  C1 00 00 00 ; 7
      B0 05 00 80
004BE190  C8 00 00 00 ; 8
      C8 05 00 80
004BE198  CD 00 00 00 ; 9
      E0 05 00 80
004BE1A0  EC 00 00 00 ; 10
      F8 05 00 80
004BE1A8  F2 00 00 00 ; 11
      10 06 00 80
004BE1B0  17 01 00 00 ; 12
      28 06 00 80
004BE1B8  1A 01 00 00 ; 13
      40 06 00 80
004BE1C0  1C 01 00 00 ; 14
      58 06 00 80
004BE1C8  1D 01 00 00 ; 15
      70 06 00 80
004BE1D0  29 01 00 00 ; 16
      88 06 00 80
004BE1D8  40 01 00 00 ; 17
      A0 06 00 80
004BE1E0  45 01 00 00 ; 18
      B8 06 00 80
004BE1E8  47 01 00 00 ; 19
      D0 06 00 80
004BE1F0  48 01 00 00 ; 20
      E8 06 00 80
004BE1F8  49 01 00 00 ; 21
      00 07 00 80
004BE220  4D 01 00 00 ; 22
      18 07 00 80
004BE208  4E 01 00 00 ; 23
      30 07 00 80
004BE210  4F 01 00 00 ; 24
      48 07 00 80
004BE218  51 01 00 00 ; 25
      60 07 00 80
004BE220  52 01 00 00 ; 26
      78 07 00 80
004BE228  53 01 00 00 ; 27
      90 07 00 80
004BE230  54 01 00 00 ; 28
      A8 07 00 80
004BE238  59 01 00 00 ; 29
      C0 07 00 80
004BE240  5A 01 00 00 ; 30
      D8 07 00 80
004BE248  5B 01 00 00 ; 31
      F0 07 00 80
004BE250  5C 01 00 00 ; 32
      08 08 00 80

[第三层] (主要分析对话框以字符串命名部分)
004BE520  00 00 00 00 ; 第三层下对话框IMAGE_RESOURCE_DIRECTORY结构
      00 00 00 00
      04 00
      00 00
      00 00
      01 00
004BE530  04 08 00 00 ; 代码页简体中文
      E0 0A 00 00 ; 最高位不为0则低位指向IMAGE_RESOURCE_DATA_ENTRY结构
            |
            |-->    004BEAE0  1C 83 0C 00 ; 资源数据RVA(内存定位时+装入基地址)
                                 64 03 00 00 ; 资源数据长度
                                 E4 04 00 00 ; 代码一般为0
                                 00 00 00 00 ; 保留字段
;---------------------------------------------------------------------------------------------------------------------------
[版本信息]
004BE2E0  00 00 00 00 ; 第二层下版本信息IMAGE_RESOURCE_DIRECTORY结构
      00 00 00 00
      04 00
      00 00
      00 00
      01 00       ; 以ID数字命名的资源数量
004BE2F0  01 00 00 00 ; ID=1
      58 09 00 80 ; 当最高位为1时, 低位数据指针下一层(第三层)数据地址

004BE958  00 00 00 00 ; 第三层下版本信息IMAGE_RESOURCE_DIRECTORY结构
      00 00 00 00
      04 00
      00 00
      00 00
      01 00
004BE968  04 08 00 00 ; 代码页简体中文
      B0 0D 00 00 ; 最高位不为0则低位指向IMAGE_RESOURCE_DATA_ENTRY结构
            |
            |-->    004BEDB0  C4 C6 0C 00 ; 资源数据RVA(内存定位时+装入基地址)
                                 F0 03 00 00 ; 资源数据长度
                                 E4 04 00 00
                                 00 00 00 00
;---------------------------------------------------------------------------------------------------------------------------
[光标]
004BE050  00 00 00 00 ; 第二层下对话框IMAGE_RESOURCE_DIRECTORY结构
      00 00 00 00
      04 00
      00 00
      00 00       ; 以字符串命名的资源数量
      0C 00       ; 以ID数字命名的资源数量

004BE060  01 00 00 00 ; 最高位为0表示作为ID使用
      F8 02 00 80 ; 当最高位为1时, 低位数据指向下一层(第三层)数据地址
      02 00 00 00
      10 03 00 80
004BE070  03 00 00 00
      28 03 00 80
      04 00 00 00
      40 03 00 80
004BE080  05 00 00 00
      58 03 00 80
      06 00 00 00
      70 03 00 80
004BE090  07 00 00 00
      88 03 00 80
      08 00 00 00
      A0 03 00 80
004BE0A0  09 00 00 00
      B8 03 00 80
      0A 00 00 00
      D0 03 00 80
004BE0B0  0B 00 00 00
      E8 03 00 80
      0C 00 00 00
      00 04 00 80

004BE2F8  00 00 00 00 ; 第三层下光标IMAGE_RESOURCE_DIRECTORY结构
      00 00 00 00
      04 00
      00 00
      00 00
      01 00
004BE308  04 08 00 00 ; 代码页简体中文
      70 09 00 00 ; 最高位不为0则低位指向IMAGE_RESOURCE_DATA_ENTRY结构
            |
            |-->    004BE970  E0 ED 0B 00 ; 资源数据RVA(内存定位时+装入基地址)
                                 34 01 00 00 ; 资源数据长度
                                 E4 04 00 00
                                 00 00 00 00

作者: 蛇夫座 时间: 2010-2-10 01:11

原[交给]按钮响应函数分析：

004D2838 837D D0 05    cmp    dword ptr [ebp-30], 5          ; [交给]按钮ID
004D283C 74 02          je    short 004D2840
004D283E EB 0E          jmp    short 004D284E
004D2840 8B4D D4       mov    ecx, dword ptr [ebp-2C]       ; 武将战场信息指针
004D2843 51             push ecx
004D2844 E8 79000000    call 004D28C2
004D2849  - E9 65B9F6FF    jmp    0043E1B3

004D28C2 55             push ebp
004D28C3 8BEC          mov    ebp, esp
004D28C5 83EC 20       sub    esp, 20
004D28C8 894D FC       mov    dword ptr [ebp-4], ecx          ; 武将战场信息指针
004D28CB E8 A0CDF8FF    call 0045F670                      ; 获取ECX武将的DATA编号
004D28D0 6BC0 48       imul eax, eax, 48
004D28D3 05 0000D600    add    eax, 0D60000
004D28D8 8945 E8       mov    dword ptr [ebp-18], eax       ; 武将SAV映射指针
004D28DB 6A 02          push 2                               ; 辅助道具
004D28DD 8BC8          mov    ecx, eax                      ; 武将SAV映射指针
004D28DF E8 0C3DF3FF    call 004065F0                      ; 获取ECX武将的道具代码
004D28E4 8945 F8       mov    dword ptr [ebp-8], eax
004D28E7 25 FF000000    and    eax, 0FF
004D28EC 3D FF000000    cmp    eax, 0FF
004D28F1 75 14          jnz    short 004D2907
004D28F3 68 A0545500    push 005554A0                      ; "该武将辅助装备为空"
004D28F8 6A 02          push 2
004D28FA E8 9ACDF5FF    call 0042F699
004D28FF 83C4 08       add    esp, 8
004D2902 E9 7A010000    jmp    004D2A81
004D2907 C745 F4 50774900 mov    dword ptr [ebp-C], 00497750
004D290E 8B4D F4       mov    ecx, dword ptr [ebp-C]
004D2911 8AC8          mov    cl, al                         ; 辅助装备道具代码
004D2913 51             push ecx                            ; 用于选择武将时显示道具特效字符串
004D2914 6A 04          push 4                               ; 用于检测范围内有无敌军（4：我军或友军）
004D2916 B1 01          mov    cl, 1
004D2918 51             push ecx                            ; 攻击范围编号
004D2919 8B45 FC       mov    eax, dword ptr [ebp-4]          ; 武将战场信息指针
004D291C 8A48 04       mov    cl, byte ptr [eax+4]
004D291F 51             push ecx                            ; 武将战场编号
004D2920 B9 50424B00    mov    ecx, 004B4250
004D2925 E8 132AF8FF    call 0045533D                      ; 监听函数，产生攻击范围并等侍玩家选择敌人
004D292A 8845 F0       mov    byte ptr [ebp-10], al          ; 返回选择的武将战场编号
004D292D 25 FF000000    and    eax, 0FF
004D2932 3D FF000000    cmp    eax, 0FF
004D2937 0F84 44010000 je    004D2A81
004D293D 6BC0 24       imul eax, eax, 24
004D2940 05 502C4B00    add    eax, 004B2C50                   ; [交给]目标武将战场信息指针
004D2945 8BC8          mov    ecx, eax
004D2947 E8 24CDF8FF    call 0045F670                      ; 获取ECX武将的DATA编号
004D294C 6BC0 48       imul eax, eax, 48
004D294F 05 0000D600    add    eax, 0D60000                   ; [交给]目标武将SAV映射指针
004D2954 8945 E4       mov    dword ptr [ebp-1C], eax
004D2957 8B4D E8       mov    ecx, dword ptr [ebp-18]       ; 武将SAV映射指针
004D295A 3BC8          cmp    ecx, eax
004D295C 75 05          jnz    short 004D2963
004D295E 8B45 F8       mov    eax, dword ptr [ebp-8]
004D2961  ^ EB A4          jmp    short 004D2907                ; 跳转至重新选择[交给]目标武将
004D2963 6A 02          push 2
004D2965 8BC8          mov    ecx, eax                      ; [交给]目标武将SAV映射指针
004D2967 E8 843CF3FF    call 004065F0                      ; 获取ECX武将的道具代码
004D296C 8945 EC       mov    dword ptr [ebp-14], eax
004D296F 25 FF000000    and    eax, 0FF
004D2974 3D FF000000    cmp    eax, 0FF
004D2979 74 17          je    short 004D2992
004D297B 68 F0545500    push 005554F0                      ; "该武将辅助装备不为空"
004D2980 6A 02          push 2
004D2982 E8 12CDF5FF    call 0042F699                      ; 显示[提示信息]
004D2987 83C4 08       add    esp, 8
004D298A 8B45 F8       mov    eax, dword ptr [ebp-8]
004D298D  ^ E9 75FFFFFF    jmp    004D2907                      ; 跳转至重新选择[交给]目标武将
004D2992 8B5D F8       mov    ebx, dword ptr [ebp-8]
004D2995 53             push ebx
004D2996 8B4D E4       mov    ecx, dword ptr [ebp-1C]       ; [交给]目标武将SAV映射指针
004D2999 E8 694FF3FF    call 00407907                      ; 检测ECX武将是否能装备道具08栈
004D299E 85C0          test eax, eax
004D29A0 75 17          jnz    short 004D29B9
004D29A2 68 D0545500    push 005554D0                      ; "该武将不能装备该辅助"
004D29A7 6A 02          push 2
004D29A9 E8 EBCCF5FF    call 0042F699                      ; 显示[提示信息]
004D29AE 83C4 08       add    esp, 8
004D29B1 8B45 F8       mov    eax, dword ptr [ebp-8]
004D29B4  ^ E9 4EFFFFFF    jmp    004D2907                      ; 跳转至重新选择[交给]目标武将
004D29B9 68 FF000000    push 0FF
004D29BE 83EB 33       sub    ebx, 33
004D29C1 53             push ebx
004D29C2 6A 02          push 2
004D29C4 8B4D E4       mov    ecx, dword ptr [ebp-1C]       ; [交给]目标武将SAV映射指针
004D29C7 E8 2054F3FF    call 00407DEC ; 给ECX武将装备上等级为10栈的道具0C栈，装备位置为08栈(武器0，防具1，辅助2)
004D29CC 6A 02          push 2                               ; 装备类型
004D29CE 8B4D E8       mov    ecx, dword ptr [ebp-18]       ; 武将SAV映射指针
004D29D1 E8 EE53F3FF    call 00407DC4                      ; 清除ECX武将装备类型08栈的装备代码、等级、经验
004D29D6 68 FF000000    push 0FF
004D29DB 68 FF000000    push 0FF
004D29E0 6A 01          push 1
004D29E2 8B4D FC       mov    ecx, dword ptr [ebp-4]          ; 武将战场信息指针
004D29E5 E8 86CCF8FF    call 0045F670                      ; 获取ECX武将的DATA编号
004D29EA 25 FFFF0000    and    eax, 0FFFF
004D29EF 50             push eax
004D29F0 B9 F05D4B00    mov    ecx, 004B5DF0
004D29F5 E8 954DF8FF    call 0045778F                      ; 显示武将举手动作
004D29FA 6A 06          push 6
004D29FC 8B4D FC       mov    ecx, dword ptr [ebp-4]
004D29FF E8 14FDF6FF    call 00442718                      ; 更新武将是否已行动标记
004D2A04 33C9          xor    ecx, ecx
004D2A06 8A4D F0       mov    cl, byte ptr [ebp-10]          ; [交给]武将战场编号
004D2A09 6BC9 24       imul ecx, ecx, 24
004D2A0C 81C1 502C4B00 add    ecx, 004B2C50                   ; [交给]武将战场信息地址
004D2A12 E8 59CCF8FF    call 0045F670                      ; 获取ECX武将的DATA编号
004D2A17 8945 E0       mov    dword ptr [ebp-20], eax
004D2A1A 6A 00          push 0
004D2A1C 6A 00          push 0
004D2A1E 6A 08          push 8
004D2A20 6A 20          push 20
004D2A22 6A 08          push 8
004D2A24 8B5D F8       mov    ebx, dword ptr [ebp-8]          ; [交给]道具代码
004D2A27 53             push ebx
004D2A28 8B4D FC       mov    ecx, dword ptr [ebp-4]          ; 武将战场信息指针
004D2A2B E8 40CCF8FF    call 0045F670                      ; 获取ECX武将的DATA编号
004D2A30 50             push eax
004D2A31 E8 30010000    call 004D2B66                      ; 显示武将取出物品动作
004D2A36 6A 00          push 0
004D2A38 6A 00          push 0
004D2A3A 6A 00          push 0
004D2A3C 8B4D FC       mov    ecx, dword ptr [ebp-4]          ; 武将战场信息指针
004D2A3F E8 2CCCF8FF    call 0045F670                      ; 获取ECX武将的DATA编号
004D2A44 50             push eax
004D2A45 B9 F05D4B00    mov    ecx, 004B5DF0
004D2A4A E8 404DF8FF    call 0045778F                      ; 显示武将转向动作并变暗（表示已行动）
004D2A4F 6A 01          push 1
004D2A51 6A 0E          push 0E
004D2A53 6A 08          push 8
004D2A55 6A 00          push 0
004D2A57 6A FF          push -1
004D2A59 8B5D F8       mov    ebx, dword ptr [ebp-8]          ; [交给]道具代码
004D2A5C 53             push ebx
004D2A5D 8B45 E0       mov    eax, dword ptr [ebp-20]
004D2A60 50             push eax                            ; [交给]武将DATA编号
004D2A61 E8 00010000    call 004D2B66                      ; 显示武将得到物品动作
004D2A66 8B45 F8       mov    eax, dword ptr [ebp-8]
004D2A69 6BC0 19       imul eax, eax, 19
004D2A6C 05 40114A00    add    eax, 004A1140
004D2A71 50             push eax
004D2A72 68 C0545500    push 005554C0                      ; "交出%S"
004D2A77 6A 02          push 2
004D2A79 E8 1BCCF5FF    call 0042F699                      ; 显示[提示信息]
004D2A7E 83C4 0C       add    esp, 0C
004D2A81 8BE5          mov    esp, ebp
004D2A83 5D             pop    ebp
004D2A84 C2 0400       retn 4

作者: dagaidui 时间: 2010-2-10 06:53

看不懂的路过。。。
不知道你的提议大白会不会采用

作者: 漫漫悠忧 时间: 2010-2-10 09:40

坐板凳。技术贴要顶。修改后的框框很好看

作者: Axie89 时间: 2010-5-4 20:47

该不会只是针对瓦崗吧.?怎么我用在其他地方.不行的.?

作者: zsh0305 时间: 2010-5-5 03:19

。。。这不是火纹的想法么共用装备应该不会被接受吧

不过技术贴一定要顶~~~

作者: 冯励 时间: 2011-7-13 16:00 标题: 回复 #1 蛇夫座的帖子

能用来修改原版引擎么？

欢迎光临轩辕春秋文化论坛 (http://xycq.org.cn/forum/)