解读KOEI曹操传代码 - 设计与修改 - 轩辕春秋文化论坛 20周年


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#1

发表于 2007-1-20 14:12 资料个人空间短消息看全部作者

解读KOEI曹操传代码

目录
一.       攻击篇
1.1    攻击响应函数
1.2    攻击处理函数
1.3    攻击伤害函数
1.4    伤害计算函数
1.5    攻击显示函数
            1.5.1 攻击前的转向,致命一击台词
            1.5.2 攻击过程的动作更替
            1.5.3 弓兵,弓骑兵动作置慢
1.6    攻击效果函数
1.7    反击处理函数
1.8    升级处理函数

(其他东西米时间整理,算了不发了。)
……………………………………………………..

另外加发一些以前的修改笔记,都是些功能性修改吧,有些笔记在旧本本里,只能微移动硬盘的内容发吧.

[ 本帖最后由岱瀛于 2007-12-30 22:02 编辑 ]

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#2

发表于 2007-1-20 14:15 资料个人空间短消息看全部作者

攻击篇

攻击响应函数

43DADA函数响应攻击点击
这个函数，是在战场上点了人物后，跳出那个四个按钮的对话框（如何处理这部分代码在资源篇讲）后，当我们点攻击就触发了。

43DADA其实就是攻击的消息响应处理函数。

要记住，这个函数的局部变量SS:[EBP-C],放了一个重要的入传参数，被属标点到的武将的内存索引地址值. （以后简称Ecx值）
                        SS:[EBP-8],放了被攻击武将的另外一个索引值，类型和EBP-C不同。       （以后简称栈值）
栈值和Ecx值的对应关系是：栈值* 0x24+ 004B2C50=Ecx值

标识武将的，除了以上两种，还有一种就是武将Data序号。

0043DADA  /$  55          PUSH EBP
0043DADB  |.  8BEC       MOV EBP,ESP
0043DADD  |.  83EC 0C    SUB ESP,0C
0043DAE0  |.  894D F4    MOV DWORD PTR SS:[EBP-C],ECX   ECX是被点到的武将信息的内存索引,[ECX]就记载着该武将的Data序号
0043DAE3  |.  C645 F8 FF MOV BYTE PTR SS:[EBP-8],0FF
0043DAE7  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
0043DAEA  |.  E8 281E0000 CALL  Ekd5.0043F917
(这个函数，把Data序号乘以0x48，加上4A1B68，就得到该武将Data信息在内存里的映射地址了。)
0043DAEF  |.  8845 FC    MOV BYTE PTR SS:[EBP-4],AL
0043DAF2  |.  68 FF000000 PUSH 0FF
0043DAF7  |.  6A 01       PUSH 1
0043DAF9  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
0043DAFC  |.  E8 BD1D0000 CALL  Ekd5.0043F8BE                                              这个函数取解攻击范围
0043DB01  |.  50          PUSH EAX                               ; |Arg2
0043DB02  |.  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]          ; |
0043DB05  |.  8A48 04    MOV CL,BYTE PTR DS:[EAX+4]             ; |
0043DB08  |.  51          PUSH ECX                               ; |Arg1
0043DB09  |.  B9 50424B00 MOV ECX, _Ekd.004B4250                ; |
0043DB0E  |.  E8 2A780100 CALL Ekd5.0045533D    ; \ Ekd.0045533D
这个函数又是一个消息监听处理，等待属标点到攻击对象或者点右键取消
0043DB13  |.  8845 F8    MOV BYTE PTR SS:[EBP-8],AL
0043DB16  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
0043DB19  |.  81E2 FF000000 AND EDX,0FF
0043DB1F  |.  81FA FF000000 CMP EDX,0FF
0043DB25  |.  0F84 F2000000 JE  Ekd5.0043DC1D                                     如果点了取消，则跳到最后结束
0043DB2B  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]
0043DB2E  |.  50          PUSH EAX                               ; /Arg2
0043DB2F  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DB32  |.  8A51 04    MOV DL,BYTE PTR DS:[ECX+4]             ; |
0043DB35  |.  52          PUSH EDX                               ; |Arg1
0043DB36  |.  E8 EE7CFFFF CALL Ekd5.00435829             ; \ Ekd.00435829
0043DB3B  |.  83C4 08    ADD ESP,8
0043DB3E  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]
0043DB41  |.  50          PUSH EAX                               ; /Arg2
0043DB42  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DB45  |.  8A51 04    MOV DL,BYTE PTR DS:[ECX+4]             ; |
0043DB48  |.  52          PUSH EDX                               ; |Arg1
0043DB49  |.  B9 F0274900 MOV ECX, Ekd.004927F0                ; |
0043DB4E  |.  E8 9E89FCFF CALL Ekd.004064F1                   ; \ Ekd.004064F1  进入攻击函数
0043DB53  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0043DB56  |.  81E1 FF000000 AND ECX,0FF
0043DB5C  |.  6BC9 24    IMUL ECX,ECX,24
0043DB5F  |.  81C1 502C4B00 ADD ECX, Ekd.004B2C50
0043DB65  |.  E8 26510300 CALL Ekd.00472C90                                              \返回武将ecx的当前体力就是被攻击的那个
0043DB6A  |.  85C0       TEST EAX,EAX                                                       \判断是否为0
0043DB6C  |.  0F85 97000000 JNZ Ekd.0043DC09                              \不是0跳到后面结束，是表示被攻击武将被打死，继续往下走
0043DB72  |.  6A 2E       PUSH 2E                               ; /Arg1 = 0000002E 2E，就是方天引导攻击的代号
0043DB74  |.  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]          ; |
0043DB77  |.  8B08       MOV ECX,DWORD PTR DS:[EAX]             ; |
0043DB79  |.  6BC9 48    IMUL ECX,ECX,48                         ; |
0043DB7C  |.  81C1 681B4A00 ADD ECX, _Ekd.004A1B68                ; |
0043DB82  |.  E8 829EFCFF CALL Ekd.00407A09                   ; \ _Ekd.00407A09    检查当前武将是否佩戴引导攻击效果的武器
0043DB87  |.  85C0       TEST EAX,EAX
0043DB89  |.  74 7E       JE SHORT  Ekd.0043DC09
0043DB8B  |.  68 FF000000 PUSH 0FF                               ; /Arg3 = 000000FF
0043DB90  |.  68 40060000 PUSH 640                               ; |Arg2 = 00000640
            0043DB95  |.  6A 04       PUSH 4                                  ; |/Arg3 = 00000004
            0043DB97  |.  6A 00       PUSH 0                                  ; ||Arg2 = 00000000
            0043DB99  |.  68 C0120000 PUSH 12C0                               ; ||Arg1 = 000012C0
            0043DB9E  |.  B9 38EB4A00 MOV ECX, _Ekd.004AEB38                ; ||
            0043DBA3  |.  E8 981E0400 CALL  Ekd.0047FA40                   ; |\ _Ekd.0047FA40
0043DBA8  |.  50          PUSH EAX                               ; |Arg1
0043DBA9  |.  E8 65210400 CALL  Ekd.0047FD13                   ; \ _Ekd.0047FD13
0043DBAE  |.  83C4 0C    ADD ESP,0C
0043DBB1  |.  6A 00       PUSH 0
0043DBB3  |.  6A 00       PUSH 0
0043DBB5  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
0043DBB8  |.  E8 011D0000 CALL  Ekd.0043F8BE                                                       函数取解攻击范围
0043DBBD  |.  50          PUSH EAX                               ; |Arg2
0043DBBE  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DBC1  |.  83C1 06    ADD ECX,6                               ; |
0043DBC4  |.  51          PUSH ECX                               ; |Arg1
0043DBC5  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DBC8  |.  E8 B989FFFF CALL  Ekd.00436586                   ; \ Ekd.00436586 这个是确定引导攻击的被攻击对象
0043DBCD  |.  8845 F8    MOV BYTE PTR SS:[EBP-8],AL
0043DBD0  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
0043DBD3  |.  81E2 FF000000 AND EDX,0FF
0043DBD9  |.  81FA FF000000 CMP EDX,0FF
0043DBDF  |.  74 28       JE SHORT  Ekd.0043DC09                 找不到可以引导攻击的对象，退到结束
0043DBE1  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]
0043DBE4  |.  50          PUSH EAX                               ; /Arg2
0043DBE5  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DBE8  |.  8A51 04    MOV DL,BYTE PTR DS:[ECX+4]             ; |
0043DBEB  |.  52          PUSH EDX                               ; |Arg1
0043DBEC  |.  E8 387CFFFF CALL  Ekd.00435829                   ; \ _Ekd.00435829
0043DBF1  |.  83C4 08    ADD ESP,8
0043DBF4  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]
0043DBF7  |.  50          PUSH EAX                               ; /Arg2
0043DBF8  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DBFB  |.  8A51 04    MOV DL,BYTE PTR DS:[ECX+4]             ; |
0043DBFE  |.  52          PUSH EDX                               ; |Arg1
0043DBFF  |.  B9 F0274900 MOV ECX, Ekd.004927F0                ; |
0043DC04  |.  E8 E888FCFF CALL  Ekd.004064F1                   ; \ _Ekd.004064F1 进入攻击函数
0043DC09  |>  6A 06       PUSH 6                                  ; /Arg1 = 00000006
0043DC0B  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DC0E  |.  E8 054B0000 CALL  Ekd.00442718                   ; \ _Ekd.00442718
0043DC13  |.  B9 50424B00 MOV ECX, _Ekd.004B4250
0043DC18  |.  E8 F65E0100 CALL  Ekd.00453B13
0043DC1D  |>  8BE5       MOV ESP,EBP
0043DC1F  |.  5D          POP EBP
0043DC20  \.  C3          RETN

//基本上，这个相应函数处理的就是确定攻击方和被攻击方，传入给下一个函数做进一步处理。本函数涉及到的比较重要的内容就是攻击范围的读取，而且也确定了一个特效，就是引导攻击。我们经常看到无限引导的说法，其实通过看这段代码可以很简单的知道，只需要把最后那段JMP回去也就实现了。

//这个函数，实现的功能是相对简单的，道理很明显，友军敌军的攻击并不需要来点攻击按钮，所以更复杂的逻辑是不可能做在这个相应函数里的。

[ 本帖最后由岱瀛于 2007-1-20 14:25 编辑 ]

[广告] 安装Alexa工具条，提高轩辕排名，支持轩辕发展！


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#3

发表于 2007-1-20 15:07 资料个人空间短消息看全部作者

攻击处理函数

前面已经很清楚的分析过，4064F1是个核心的攻击函数，那么他里面是什么样子的呢？
这个函数，传入的参数有两个，一个是被攻击武将的栈值，一个是攻击武将的Data序号，还有传入了一个内存地址004927F0
局部变量，[EBP-4]保存了内存地址004927F0

004064F1  /$  55          PUSH EBP
004064F2  |.  8BEC       MOV EBP,ESP
004064F4  |.  51          PUSH ECX
004064F5  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
004064F8  |.  8A45 0C    MOV AL,BYTE PTR SS:[EBP+C]
004064FB  |.  50          PUSH EAX                               ; /Arg2
004064FC  |.  8A4D 08    MOV CL,BYTE PTR SS:[EBP+8]             ; |
004064FF  |.  51          PUSH ECX                               ; |Arg1
00406500  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00406503  |.  E8 F4FCFFFF CALL Ekd5.004061FC                   ; \Ekd5.004061FC
00406508  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0040650B  |.  C682 08060000>MOV BYTE PTR DS:[EDX+608],0                       \\计数循环，首先令其计数器等于0
00406512  |.  EB 15       JMP SHORT Ekd5.00406529                                  \\开始循环
00406514  |>  8B45 FC    /MOV EAX,DWORD PTR SS:[EBP-4]
00406517  |.  8A88 08060000 |MOV CL,BYTE PTR DS:[EAX+608]
0040651D  |.  80C1 01    |ADD CL,1                                                             \\计数+1
00406520  |.  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
00406523  |.  888A 08060000 |MOV BYTE PTR DS:[EDX+608],CL
00406529  |>  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0040652C  |.  33C9       |XOR ECX,ECX
0040652E  |.  8A88 08060000 |MOV CL,BYTE PTR DS:[EAX+608]
00406534  |.  83F9 02    |CMP ECX,2
00406537  |.  7D 28       |JGE SHORT Ekd5.00406561                                  大于等于2就跳出，所以该循环最多两次
00406539  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
0040653C  |.  E8 C2F8FFFF |CALL Ekd5.00405E03                                              攻击伤害函数
00406541  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
00406544  |.  E8 FBF1FFFF |CALL Ekd5.00405744                                              攻击动作显示函数
00406549  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
0040654C  |.  E8 38F3FFFF |CALL Ekd5.00405889                                              攻击后附加属性处理函数
00406551  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
00406554  |.  E8 28FCFFFF |CALL Ekd5.00406181                                              判断是否连击函数
00406559  |.  85C0       |TEST EAX,EAX
0040655B  |.  75 02       |JNZ SHORT Ekd5.0040655F
0040655D  |.  EB 02       |JMP SHORT Ekd5.00406561
0040655F  |>^ EB B3       \JMP SHORT Ekd5.00406514
00406561  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00406564  |.  E8 03F7FFFF CALL Ekd5.00405C6C                                              经验值处理，升级显示函数
00406569  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0040656C  |.  E8 29FEFFFF CALL Ekd5.0040639A                                              反击处理函数
00406571  |.  8BE5       MOV ESP,EBP
00406573  |.  5D          POP EBP
00406574  \.  C2 0800    RETN 8

这个函数，调用了攻击全过程的所有函数，但是其本身逻辑却相对简单。从设计上讲，这应该是界面UI层和内部业务层之间的一个接口函数。
KOEI的代码，不单可靠性强，其实其设计的合理性更值得学习。

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#4

发表于 2007-1-20 16:29 资料个人空间短消息看全部作者

攻击伤害函数
----恐怖的405E03函数-----

[EBP-4]这个变量是做计数器的
[EBP-8]是放被攻击武将的Ecx值
传进来的就是Ecx放的内存地址量了.本函数里用局部变量[EBP-C]存放004927F0 这个全局地址
这个地方有个很重要处，就是004927F0+i*4+84等于攻击伤害值       （i的值在就是[EBP-4]）
[EBP-10] 和MP值相关
[EBP-14] 和HP 值相关
[EBP-18]物理攻击经验值
[EBP-1C]武器经验值

00405E03  /$  55          PUSH EBP
00405E04  |.  8BEC       MOV EBP,ESP
00405E06  |.  83EC 1C    SUB ESP,1C
00405E09  |.  894D F4    MOV DWORD PTR SS:[EBP-C],ECX
00405E0C  |.  6A 00       PUSH 0                                  ; /Arg3 = 00000000
00405E0E  |.  6A 74       PUSH 74                               ; |Arg2 = 00000074
00405E10  |.  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]          ; |
00405E13  |.  05 84000000 ADD EAX,84                            ; |
00405E18  |.  50          PUSH EAX                               ; |Arg1
00405E19  |.  E8 F59E0700 CALL Ekd5.0047FD13                   ; \Ekd5.0047FD13
00405E1E  |.  83C4 0C    ADD ESP,0C
00405E21  |.  6A 00       PUSH 0                                  ; /Arg3 = 00000000
00405E23  |.  6A 74       PUSH 74                               ; |Arg2 = 00000074
00405E25  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
00405E28  |.  81C1 54020000 ADD ECX,254                            ; |
00405E2E  |.  51          PUSH ECX                               ; |Arg1
00405E2F  |.  E8 DF9E0700 CALL Ekd5.0047FD13                   ; \Ekd5.0047FD13
00405E34  |.  83C4 0C    ADD ESP,0C
00405E37  |.  C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
00405E3B  |.  EB 09       JMP SHORT Ekd5.00405E46
00405E3D  |>  8A55 FC    /MOV DL,BYTE PTR SS:[EBP-4]
00405E40  |.  80C2 01    |ADD DL,1
00405E43  |.  8855 FC    |MOV BYTE PTR SS:[EBP-4],DL
00405E46  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00405E49  |.  25 FF000000 |AND EAX,0FF
00405E4E  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]
00405E51  |.  33D2       |XOR EDX,EDX
00405E53  |.  8A5401 10    |MOV DL,BYTE PTR DS:[ECX+EAX+10]
00405E57  |.  81FA FF000000 |CMP EDX,0FF
00405E5D  |.  0F84 1A030000 |JE Ekd5.0040617D                                                             //退出
00405E63  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
00405E66  |.  25 FF000000 |AND EAX,0FF
00405E6B  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]
00405E6E  |.  8B55 F4    |MOV EDX,DWORD PTR SS:[EBP-C]
00405E71  |.  8A4402 10    |MOV AL,BYTE PTR DS:[EDX+EAX+10]
00405E75  |.  8841 01    |MOV BYTE PTR DS:[ECX+1],AL
00405E78  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]
00405E7B  |.  33D2       |XOR EDX,EDX
00405E7D  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]
00405E80  |.  8BCA       |MOV ECX,EDX
00405E82  |.  6BC9 24    |IMUL ECX,ECX,24
00405E85  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405E8B  |.  E8 E0970500 |CALL Ekd5.0045F670                                              获取武将ecx的data编号
00405E90  |.  6BC0 48    |IMUL EAX,EAX,48
00405E93  |.  05 681B4A00 |ADD EAX,Ekd5.004A1B68
00405E98  |.  8945 F8    |MOV DWORD PTR SS:[EBP-8],EAX
00405E9B  |.  33C0       |XOR EAX,EAX
00405E9D  |.  3B05 042E4900 |CMP EAX,DWORD PTR DS:[492E04]
00405EA3  |.  1BC9       |SBB ECX,ECX
00405EA5  |.  F7D9       |NEG ECX
00405EA7  |.  51          |PUSH ECX                               ; /Arg3
00405EA8  |.  6A 01       |PUSH 1                               ; |Arg2 = 00000001
00405EAA  |.  8B55 F8    |MOV EDX,DWORD PTR SS:[EBP-8]          ; |
00405EAD  |.  52          |PUSH EDX                               ; |Arg1
00405EAE  |.  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]          ; |
00405EB1  |.  8B48 0C    |MOV ECX,DWORD PTR DS:[EAX+C]          ; |
00405EB4  |.  E8 925D0300 |CALL Ekd5.0043BC4B                   ; \Ekd5.0043BC4B                      攻击伤害计算
00405EB9  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
00405EBC  |.  81E1 FF000000 |AND ECX,0FF
00405EC2  |.  8B55 F4    |MOV EDX,DWORD PTR SS:[EBP-C]
00405EC5  |.  89848A 840000>|MOV DWORD PTR DS:[EDX+ECX*4+84],EAX
00405ECC  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
00405ECF  |.  25 FF000000 |AND EAX,0FF
00405ED4  |.  85C0       |TEST EAX,EAX
00405ED6  |.  0F85 97000000 |JNZ Ekd5.00405F73

00405EDC  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]
00405EDF  |.  33D2       |XOR EDX,EDX
00405EE1  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]
00405EE4  |.  8BCA       |MOV ECX,EDX
00405EE6  |.  6BC9 24    |IMUL ECX,ECX,24
00405EE9  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405EEF  |.  E8 9CCD0600 |CALL Ekd5.00472C90                                     返回武将ecx的当前体力
00405EF4  |.  85C0       |TEST EAX,EAX
00405EF6  |.  76 7B       |JBE SHORT Ekd5.00405F73
00405EF8  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]
00405EFB  |.  E8 69FEFFFF |CALL Ekd5.00405D69                                     获取致命一击概率
00405F00  |.  25 FF000000 |AND EAX,0FF
00405F05  |.  50          |PUSH EAX                               ; /Arg1
00405F06  |.  E8 279C0700 |CALL Ekd5.0047FB32                   ; \Ekd5.0047FB32             致命一击是否发生
00405F0B  |.  83C4 04    |ADD ESP,4
00405F0E  |.  85C0       |TEST EAX,EAX
00405F10  |.  74 61       |JE SHORT Ekd5.00405F73                                     没有发生则跳转
00405F12  |.  6A 39       |PUSH 39                               ; /Arg1 = 00000039             39是防御致命一击的效果代号
00405F14  |.  8B4D F8    |MOV ECX,DWORD PTR SS:[EBP-8]          ; |
00405F17  |.  E8 ED1A0000 |CALL Ekd5.00407A09                   ; \Ekd5.00407A09 检测武将ecx是否装备防致命一击的特殊道具
00405F1C  |.  85C0       |TEST EAX,EAX
00405F1E  |.  74 18       |JE SHORT Ekd5.00405F38                                     EAX为0，没有跳转
00405F20  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
00405F23  |.  25 FF000000 |AND EAX,0FF
00405F28  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]
00405F2B  |.  C78481 840000>|MOV DWORD PTR DS:[ECX+EAX*4+84],0 这段是致命一击遇见防致命一击的下场
00405F36  |.  EB 2E       |JMP SHORT Ekd5.00405F66
00405F38  |>  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
00405F3B  |.  81E2 FF000000 |AND EDX,0FF
00405F41  |.  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
00405F44  |.  8B8490 840000>|MOV EAX,DWORD PTR DS:[EAX+EDX*4+84]
00405F4B  |.  6BC0 03    |IMUL EAX,EAX,3
00405F4E  |.  99          |CDQ
00405F4F  |.  2BC2       |SUB EAX,EDX
00405F51  |.  D1F8       |SAR EAX,1
00405F53  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
00405F56  |.  81E1 FF000000 |AND ECX,0FF
00405F5C  |.  8B55 F4    |MOV EDX,DWORD PTR SS:[EBP-C]
00405F5F  |.  89848A 840000>|MOV DWORD PTR DS:[EDX+ECX*4+84],EAX
00405F66  |>  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
00405F69  |.  C780 04060000>|MOV DWORD PTR DS:[EAX+604],1
00405F73  |>  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]
00405F76  |.  33D2       |XOR EDX,EDX
00405F78  |.  8A91 08060000 |MOV DL,BYTE PTR DS:[ECX+608]
00405F7E  |.  85D2       |TEST EDX,EDX
00405F80  |.  7E 24       |JLE SHORT Ekd5.00405FA6                                              如果不是第二次攻击，则跳转，否则继续
00405F82  |.  6A 3A       |PUSH 3A                               ; /Arg1 = 0000003A 防御两次攻击效果代号
00405F84  |.  8B4D F8    |MOV ECX,DWORD PTR SS:[EBP-8]          ; |
00405F87  |.  E8 7D1A0000 |CALL Ekd5.00407A09                   ; \Ekd5.00407A09    判断被攻击武将是否装备防御两次攻击的道具
00405F8C  |.  85C0       |TEST EAX,EAX
00405F8E  |.  74 16       |JE SHORT Ekd5.00405FA6                                     没有装备该道具，跳转
00405F90  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
00405F93  |.  25 FF000000 |AND EAX,0FF
00405F98  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]
00405F9B  |.  C78481 840000>|MOV DWORD PTR DS:[ECX+EAX*4+84],0 装备了该道具，伤害值为0
00405FA6  |>  6A 3C       |PUSH 3C                               ; /Arg1 = 0000003C 防御MP效果代号
00405FA8  |.  8B4D F8    |MOV ECX,DWORD PTR SS:[EBP-8]          ; |
00405FAB  |.  E8 591A0000 |CALL Ekd5.00407A09                   ; \Ekd5.00407A09 判断被攻击武将是否装备防御MP的道具
00405FB0  |.  85C0       |TEST EAX,EAX
00405FB2  |.  0F84 AD000000 |JE Ekd5.00406065                                                       没有装备该道具，跳转
00405FB8  |.  8B55 F4    |MOV EDX,DWORD PTR SS:[EBP-C]
00405FBB  |.  33C0       |XOR EAX,EAX
00405FBD  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]
00405FC0  |.  8BC8       |MOV ECX,EAX
00405FC2  |.  6BC9 24    |IMUL ECX,ECX,24
00405FC5  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405FCB  |.  E8 70C80600 |CALL Ekd5.00472840                                              返回被攻击武将的当前MP值
00405FD0  |.  85C0       |TEST EAX,EAX
00405FD2  |.  0F86 8D000000 |JBE Ekd5.00406065                                                       MP小于等于0，无效
00405FD8  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]
00405FDB  |.  33D2       |XOR EDX,EDX
00405FDD  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]
00405FE0  |.  8BCA       |MOV ECX,EDX
00405FE2  |.  6BC9 24    |IMUL ECX,ECX,24
00405FE5  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405FEB  |.  E8 50C80600 |CALL Ekd5.00472840                                              返回被攻击武将的当前MP值
00405FF0  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
00405FF3  |.  81E1 FF000000 |AND ECX,0FF
00405FF9  |.  8B55 F4    |MOV EDX,DWORD PTR SS:[EBP-C]
00405FFC  |.  3B848A 840000>|CMP EAX,DWORD PTR DS:[EDX+ECX*4+84]
00406003  |.  73 1B       |JNB SHORT Ekd5.00406020                                  若MP不小于等于伤害值
00406005  |.  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
00406008  |.  33C9       |XOR ECX,ECX
0040600A  |.  8A48 01    |MOV CL,BYTE PTR DS:[EAX+1]
0040600D  |.  6BC9 24    |IMUL ECX,ECX,24
00406010  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00406016  |.  E8 25C80600 |CALL Ekd5.00472840                                              返回被攻击武将的当前MP值
0040601B  |.  8945 F0    |MOV DWORD PTR SS:[EBP-10],EAX
0040601E  |.  EB 16       |JMP SHORT Ekd5.00406036
00406020  |>  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
00406023  |.  81E2 FF000000 |AND EDX,0FF
00406029  |.  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
0040602C  |.  8B8C90 840000>|MOV ECX,DWORD PTR DS:[EAX+EDX*4+84]
00406033  |.  894D F0    |MOV DWORD PTR SS:[EBP-10],ECX                                     把伤害值取出来放到EBP-10变量
00406036  |>  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
00406039  |.  81E2 FF000000 |AND EDX,0FF
0040603F  |.  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
00406042  |.  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10]
00406045  |.  898C90 540200>|MOV DWORD PTR DS:[EAX+EDX*4+254],ECX
0040604C  |.  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
0040604F  |.  81E2 FF000000 |AND EDX,0FF
00406055  |.  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
00406058  |.  C78490 840000>|MOV DWORD PTR DS:[EAX+EDX*4+84],0
00406063  |.  EB 74       |JMP SHORT Ekd5.004060D9

00406065  |>  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]
00406068  |.  33D2       |XOR EDX,EDX
0040606A  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]
0040606D  |.  8BCA       |MOV ECX,EDX
0040606F  |.  6BC9 24    |IMUL ECX,ECX,24
00406072  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00406078  |.  E8 13CC0600 |CALL Ekd5.00472C90                                                       返回被攻击武将的当前体力
0040607D  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
00406080  |.  81E1 FF000000 |AND ECX,0FF
00406086  |.  8B55 F4    |MOV EDX,DWORD PTR SS:[EBP-C]
00406089  |.  3B848A 840000>|CMP EAX,DWORD PTR DS:[EDX+ECX*4+84]                      比较当前体力和伤害值
00406090  |.  73 1B       |JNB SHORT Ekd5.004060AD                                                       体力大于伤害则跳转
00406092  |.  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
00406095  |.  33C9       |XOR ECX,ECX
00406097  |.  8A48 01    |MOV CL,BYTE PTR DS:[EAX+1]
0040609A  |.  6BC9 24    |IMUL ECX,ECX,24
0040609D  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
004060A3  |.  E8 E8CB0600 |CALL Ekd5.00472C90                                                             获取当前体力
004060A8  |.  8945 EC    |MOV DWORD PTR SS:[EBP-14],EAX
004060AB  |.  EB 16       |JMP SHORT Ekd5.004060C3
004060AD  |>  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
004060B0  |.  81E2 FF000000 |AND EDX,0FF
004060B6  |.  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
004060B9  |.  8B8C90 840000>|MOV ECX,DWORD PTR DS:[EAX+EDX*4+84]
004060C0  |.  894D EC    |MOV DWORD PTR SS:[EBP-14],ECX
004060C3  |>  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
004060C6  |.  81E2 FF000000 |AND EDX,0FF
004060CC  |.  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
004060CF  |.  8B4D EC    |MOV ECX,DWORD PTR SS:[EBP-14]
004060D2  |.  898C90 840000>|MOV DWORD PTR DS:[EAX+EDX*4+84],ECX                      给伤害赋值
004060D9  |>  8A55 FC    |MOV DL,BYTE PTR SS:[EBP-4]
004060DC  |.  52          |PUSH EDX                               ; /Arg1
004060DD  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]          ; |
004060E0  |.  E8 B6D6FFFF |CALL Ekd5.0040379B                   ; \Ekd5.0040379B                      获取物理攻击所得经验
004060E5  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]
004060E8  |.  3B81 28040000 |CMP EAX,DWORD PTR DS:[ECX+428]
004060EE  |.  76 11       |JBE SHORT Ekd5.00406101
004060F0  |.  8A55 FC    |MOV DL,BYTE PTR SS:[EBP-4]
004060F3  |.  52          |PUSH EDX                               ; /Arg1
004060F4  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]          ; |
004060F7  |.  E8 9FD6FFFF |CALL Ekd5.0040379B                   ; \Ekd5.0040379B                      获取物理攻击所得经验
004060FC  |.  8945 E8    |MOV DWORD PTR SS:[EBP-18],EAX
004060FF  |.  EB 0C       |JMP SHORT Ekd5.0040610D
00406101  |>  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
00406104  |.  8B88 28040000 |MOV ECX,DWORD PTR DS:[EAX+428]
0040610A  |.  894D E8    |MOV DWORD PTR SS:[EBP-18],ECX
0040610D  |>  8B55 F4    |MOV EDX,DWORD PTR SS:[EBP-C]
00406110  |.  8B45 E8    |MOV EAX,DWORD PTR SS:[EBP-18]
00406113  |.  8982 28040000 |MOV DWORD PTR DS:[EDX+428],EAX
00406119  |.  8A4D FC    |MOV CL,BYTE PTR SS:[EBP-4]
0040611C  |.  51          |PUSH ECX                               ; /Arg1
0040611D  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]          ; |
00406120  |.  E8 58D8FFFF |CALL Ekd5.0040397D                   ; \Ekd5.0040397D                      获取物理攻击所得武器经验
00406125  |.  8B55 F4    |MOV EDX,DWORD PTR SS:[EBP-C]
00406128  |.  3B82 2C040000 |CMP EAX,DWORD PTR DS:[EDX+42C]
0040612E  |.  76 11       |JBE SHORT Ekd5.00406141
00406130  |.  8A45 FC    |MOV AL,BYTE PTR SS:[EBP-4]
00406133  |.  50          |PUSH EAX                               ; /Arg1
00406134  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]          ; |
00406137  |.  E8 41D8FFFF |CALL Ekd5.0040397D                   ; \Ekd5.0040397D                      获取物理攻击所得武器经验
0040613C  |.  8945 E4    |MOV DWORD PTR SS:[EBP-1C],EAX
0040613F  |.  EB 0C       |JMP SHORT Ekd5.0040614D
00406141  |>  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]
00406144  |.  8B91 2C040000 |MOV EDX,DWORD PTR DS:[ECX+42C]
0040614A  |.  8955 E4    |MOV DWORD PTR SS:[EBP-1C],EDX
0040614D  |>  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
00406150  |.  8B4D E4    |MOV ECX,DWORD PTR SS:[EBP-1C]
00406153  |.  8988 2C040000 |MOV DWORD PTR DS:[EAX+42C],ECX
00406159  |.  8A55 FC    |MOV DL,BYTE PTR SS:[EBP-4]
0040615C  |.  52          |PUSH EDX                               ; /Arg1
0040615D  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]          ; |
00406160  |.  E8 20D9FFFF |CALL Ekd5.00403A85                   ; \Ekd5.00403A85             获取物理攻击所得防具经验
00406165  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
00406168  |.  81E1 FF000000 |AND ECX,0FF
0040616E  |.  8B55 F4    |MOV EDX,DWORD PTR SS:[EBP-C]
00406171  |.  89848A 300400>|MOV DWORD PTR DS:[EDX+ECX*4+430],EAX
00406178  |.^ E9 C0FCFFFF \JMP Ekd5.00405E3D                                     跳回循环开始处
0040617D  |>  8BE5       MOV ESP,EBP
0040617F  |.  5D          POP EBP
00406180  \.  C3          RETN

这个函数，总体上就是通过伤害计算函数得到伤害值，再判断是否致命，是否连击和是否被防致命防连击。还有是否有用MP来防御伤害的。
最后就是攻击产生的经验和武器经验，防具经验的计算。

这个函数由于代码过长，我这次分析得还比较粗线条，下次有空再仔细分析下，看那么长的汇编代码会头晕的-_-.

[广告] 安装Alexa工具条，提高轩辕排名，支持轩辕发展！


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#5

发表于 2007-1-20 17:15 资料个人空间短消息看全部作者

伤害计算函数
0043BC4B

这个函数是计算伤害值的，不仅在攻击这里有调用到，总共四处地方调用该处：
405EB4       真正的打斗是这里调用
00405EA7  |.  51          |PUSH ECX
00405EA8  |.  6A 01       |PUSH 1
00405EAA  |.  8B55 F8    |MOV EDX,DWORD PTR SS:[EBP-8]
00405EAD  |.  52          |PUSH EDX
00405EAE  |.  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
00405EB1  |.  8B48 0C    |MOV ECX,DWORD PTR DS:[EAX+C]
00405EB4  |.  E8 925D0300 |CALL Ekd5.0043BC4B

438ABF          AI，电脑AI以本计算为依据
00438AB1  |.  6A 00       PUSH 0                                  ; /Arg3 = 00000000
00438AB3  |.  6A 00       PUSH 0                                  ; |Arg2 = 00000000
00438AB5  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]          ; |
00438AB8  |.  50          PUSH EAX                               ; |Arg1
00438AB9  |.  8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98]          ; |
00438ABF  |.  E8 87310000 CALL Ekd5.0043BC4B                      ; \Ekd5.0043BC4B

438EB8          这个未知
00438E9E  |.  6A 00       |PUSH 0
00438EA0  |.  6A 00       |PUSH 0
00438EA2  |.  8B45 F8    |MOV EAX,DWORD PTR SS:[EBP-8]
00438EA5  |.  50          |PUSH EAX
00438EA6  |.  8B4D 14    |MOV ECX,DWORD PTR SS:[EBP+14]
00438EA9  |.  81E1 FF000000 |AND ECX,0FF
00438EAF  |.  6BC9 24    |IMUL ECX,ECX,24
00438EB2  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00438EB8  |.  E8 8E2D0000 |CALL Ekd5.0043BC4B

4406AB                      鼠标移动过去，显示攻击伤害时要调用到的
00440691  |> \6A 00       PUSH 0
00440693  |.  6A 00       PUSH 0
00440695  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
00440698  |.  50          PUSH EAX
00440699  |.  8B4D 0C    MOV ECX,DWORD PTR SS:[EBP+C]
0044069C  |.  81E1 FF000000 AND ECX,0FF
004406A2  |.  6BC9 24    IMUL ECX,ECX,24
004406A5  |.  81C1 502C4B00 ADD ECX,Ekd5.004B2C50
004406AB  |.  E8 9BB5FFFF CALL Ekd5大白.0043BC4B

可以看出，本函数属于比较核心的函数。

几个传入参数（三个参数一个Ecx值）
获取攻击武将（ecx值）对被攻击武将（栈值）的物理攻击伤害，10栈为是否反击，0C栈为是否实际值，是则考虑是否命中和随机数

下面是该函数的局部变量
[EBP-4] 掌管着伤害值
[EBP-2C]  为攻击武将号
[EBP-C] 攻击武将的地形加成
[EBP-20]  攻击方武将的攻击力*地形加成的结果值
[EBP-30]  攻击武将的职业

[EBP-24] 为被攻击武将号
[EBP-1C]  被攻击战场武将编号
[EBP-18]  被攻击武将的地形加成
[EBP-14]  被攻击武将的职业
[EBP-10]  被攻击武将的防御力*地形加成的结果

[EBP-8] ???
[EBP-28]  存放一0~6的随机数
[EBP-3C] ???

0043BC4B  /$  55          PUSH EBP
0043BC4C  |.  8BEC       MOV EBP,ESP
0043BC4E  |.  83EC 3C    SUB ESP,3C
0043BC51  |.  894D D4    MOV DWORD PTR SS:[EBP-2C],ECX
0043BC54  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
0043BC57  |.  50          PUSH EAX
0043BC58  |.  E8 2002FDFF CALL Ekd5.0040BE7D                                           //获取被攻击武将的data编号
0043BC5D  |.  83C4 04    ADD ESP,4
0043BC60  |.  50          PUSH EAX
0043BC61  |.  E8 70280000 CALL Ekd5.0043E4D6                                                       //获取被攻击武将的战场编号
0043BC66  |.  83C4 04    ADD ESP,4
0043BC69  |.  8845 E4    MOV BYTE PTR SS:[EBP-1C],AL
0043BC6C  |.  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
0043BC6F  |.  81E1 FF000000 AND ECX,0FF
0043BC75  |.  81F9 FF000000 CMP ECX,0FF
0043BC7B  |.  75 07       JNZ SHORT Ekd5.0043BC84
0043BC7D  |.  33C0       XOR EAX,EAX
0043BC7F  |.  E9 0C030000 JMP Ekd5.0043BF90 退出

0043BC84  |>  8B55 E4    MOV EDX,DWORD PTR SS:[EBP-1C]
0043BC87  |.  81E2 FF000000 AND EDX,0FF
0043BC8D  |.  6BD2 24    IMUL EDX,EDX,24
0043BC90  |.  81C2 502C4B00 ADD EDX,Ekd5.004B2C50

0043BC96  |.  8955 DC    MOV DWORD PTR SS:[EBP-24],EDX
0043BC99  |.  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]
0043BC9C  |.  E8 AC3B0000 CALL Ekd5.0043F84D                                                 //获取攻击武将在当前地形的攻防加成
0043BCA1  |.  8845 F4    MOV BYTE PTR SS:[EBP-C],AL

0043BCA4  |.  8B4D DC    MOV ECX,DWORD PTR SS:[EBP-24]
0043BCA7  |.  E8 A13B0000 CALL Ekd5.0043F84D                                              //       获取被攻击武将在当前地形的攻防加成
0043BCAC  |.  8845 E8    MOV BYTE PTR SS:[EBP-18],AL

0043BCAF  |.  8B4D DC    MOV ECX,DWORD PTR SS:[EBP-24]
0043BCB2  |.  E8 B9F7FFFF CALL Ekd5.0043B470                                                 //       获取被攻击方的职业

0043BCB7  |.  8845 EC    MOV BYTE PTR SS:[EBP-14],AL
0043BCBA  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0043BCC1  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
0043BCC8  |.  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]
0043BCCB  |.  E8 2E380000 CALL Ekd5.0043F4FE                                                       //返回攻击武将的攻击力
0043BCD0  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
0043BCD3  |.  81E1 FF000000 AND ECX,0FF
0043BCD9  |.  0FAFC1       IMUL EAX,ECX             攻击力乘以地形加成
0043BCDC  |.  33D2       XOR EDX,EDX
0043BCDE  |.  B9 0A000000 MOV ECX,0A
0043BCE3  |.  F7F1       DIV ECX                      除以10  (地形加成在DATA里的值是整数的)
0043BCE5  |.  8945 E0    MOV DWORD PTR SS:[EBP-20],EAX

0043BCE8  |.  8B4D DC    MOV ECX,DWORD PTR SS:[EBP-24]
0043BCEB  |.  E8 A5380000 CALL Ekd5.0043F595                                              //返回被攻击武将的防御力
0043BCF0  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]
0043BCF3  |.  81E2 FF000000 AND EDX,0FF
0043BCF9  |.  0FAFC2       IMUL EAX,EDX
0043BCFC  |.  33D2       XOR EDX,EDX
0043BCFE  |.  B9 0A000000 MOV ECX,0A
0043BD03  |.  F7F1       DIV ECX
0043BD05  |.  8945 F0    MOV DWORD PTR SS:[EBP-10],EAX

0043BD08  |.  837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
0043BD0C  |.  74 1E       JE SHORT Ekd5.0043BD2C                                               如果等于0，跳转

0043BD0E  |.  68 FF000000 PUSH 0FF
0043BD13  |.  6A 01       PUSH 1                                                                               (为1，表示计算攻击命中率)
0043BD15  |.  8B55 DC    MOV EDX,DWORD PTR SS:[EBP-24]
0043BD18  |.  52          PUSH EDX
0043BD19  |.  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]
0043BD1C  |.  E8 8FF7FFFF CALL Ekd5.0043B4B0                                  与攻击命中率有关(08栈是被攻击武将，ecx是攻击武将)
0043BD21  |.  85C0       TEST EAX,EAX
0043BD23  |.  75 07       JNZ SHORT Ekd5.0043BD2C                            不为0，跳转(攻击没有被格档，攻击被格档则跳转)
0043BD25  |.  33C0       XOR EAX,EAX
0043BD27  |.  E9 64020000 JMP Ekd5.0043BF90                                               退出  没有命中率

0043BD2C  |>  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]
0043BD2F  |.  E8 BC260000 CALL Ekd5.0043E3F0                                     //获取攻击武将的等级
0043BD34  |.  25 FF000000 AND EAX,0FF
0043BD39  |.  83C0 19    ADD EAX,19
0043BD3C  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX

0043BD3F  |.  8B45 E0    MOV EAX,DWORD PTR SS:[EBP-20]
0043BD42  |.  3B45 F0    CMP EAX,DWORD PTR SS:[EBP-10]
0043BD45  |.  72 12       JB SHORT Ekd5.0043BD59   (如果攻击力小于防御力就跳转)

0043BD47  |.  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]
0043BD4A  |.  2B4D F0    SUB ECX,DWORD PTR SS:[EBP-10]
0043BD4D  |.  D1E9       SHR ECX,1
0043BD4F  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0043BD52  |.  03D1       ADD EDX,ECX
0043BD54  |.  8955 FC    MOV DWORD PTR SS:[EBP-4],EDX
0043BD57  |.  EB 25       JMP SHORT Ekd5.0043BD7E

0043BD59  |>  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
0043BD5C  |.  2B45 E0    SUB EAX,DWORD PTR SS:[EBP-20]
0043BD5F  |.  D1E8       SHR EAX,1

0043BD61  |.  50          PUSH EAX
0043BD62  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0043BD65  |.  51          PUSH ECX
0043BD66  |.  E8 333D0400 CALL Ekd5.0047FA9E       返回08栈减0C栈得到的值，负值归0

0043BD6B  |.  83C4 08    ADD ESP,8
0043BD6E  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
0043BD71  |.  837D FC 00 CMP DWORD PTR SS:[EBP-4],0
0043BD75  |.  75 07       JNZ SHORT Ekd5.0043BD7E
0043BD77  |.  C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
0043BD7E  |>  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]
0043BD81  |.  E8 EAF6FFFF CALL Ekd5.0043B470                                                    //获取攻击方的职业
0043BD86  |.  25 FF000000 AND EAX,0FF
0043BD8B  |.  8945 D0    MOV DWORD PTR SS:[EBP-30],EAX
0043BD8E  |.  8B55 D0    MOV EDX,DWORD PTR SS:[EBP-30]
0043BD91  |.  83EA 01    SUB EDX,1
0043BD94  |.  8955 D0    MOV DWORD PTR SS:[EBP-30],EDX
0043BD97  |.  837D D0 04 CMP DWORD PTR SS:[EBP-30],4
0043BD9B  |.  0F87 F7000000 JA Ekd5.0043BE98
0043BDA1  |.  8B45 D0    MOV EAX,DWORD PTR SS:[EBP-30]
0043BDA4  |.  FF2485 96BF43>JMP DWORD PTR DS:[EAX*4+43BF96]                               下面是个跳转表
                                             0043BF96 .  35BE4300    DD Ekd5大白.0043BE35          01步兵
                                             0043BF9A .  ABBD4300    DD Ekd5大白.0043BDAB       02弓兵
                                             0043BF9E .  98BE4300    DD Ekd5大白.0043BE98 3与大于4一样处理 03骑兵
                                             0043BFA2 .  ABBD4300    DD Ekd5大白.0043BDAB       04弓骑兵
                                             0043BFA6 . \ABBD4300    DD Ekd5大白.0043BDAB       05炮兵
弓兵，弓骑兵，炮兵都跳转到这里：
0043BDAB  |>  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043BDAE  |.  81E1 FF000000 AND ECX,0FF
0043BDB4 .  83F9 03    CMP ECX,3                                                    3,骑兵受到150%的远程伤害
0043BDB7  |.  74 1B       JE SHORT Ekd5.0043BDD4

0043BDB9  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
0043BDBC  |.  81E2 FF000000 AND EDX,0FF
0043BDC2 .  83FA 11    CMP EDX,11                                                       11，训虎受到150%的远程伤害
0043BDC5  |.  74 0D       JE SHORT Ekd5.0043BDD4

0043BDC7  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0043BDCA  |.  25 FF000000 AND EAX,0FF
0043BDCF  |.  83F8 10    CMP EAX,10                                                    10, 训雄受到150%的远程伤害
0043BDD2  |.  75 0B       JNZ SHORT Ekd5.0043BDDF

0043BDD4  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0043BDD7  |.  6BC9 03    IMUL ECX,ECX,3
0043BDDA  |.  D1E9       SHR ECX,1
0043BDDC  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX //伤害计算  先乘以3，再右移动一位(处以2)

0043BDDF  |>  6A 3D       PUSH 3D                                                       3D减轻远距损伤的特殊效果代号
               0043BDE1  |.  8B4D DC    MOV ECX,DWORD PTR SS:[EBP-24]
               0043BDE4  |.  E8 87380200 CALL Ekd5.0045F670       获取被攻击武将的data编号
0043BDE9  |.  8BC8       MOV ECX,EAX
0043BDEB  |.  6BC9 48    IMUL ECX,ECX,48
0043BDEE  |.  81C1 681B4A00 ADD ECX,Ekd5.004A1B68
0043BDF4  |.  E8 10BCFCFF CALL Ekd5.00407A09          检测被攻击武将是否装备减轻远距损伤的特殊道具
0043BDF9  |.  85C0       TEST EAX,EAX
0043BDFB  |.  74 36       JE SHORT Ekd5.0043BE33

0043BDFD  |.  6A 3D       PUSH 3D                                                             减轻远距损伤
               0043BDFF  |.  8B4D DC    MOV ECX,DWORD PTR SS:[EBP-24]
               0043BE02 .  E8 69380200 CALL Ekd5.0045F670                获取被攻击武将的data编号
0043BE07  |.  8BC8       MOV ECX,EAX
0043BE09  |.  6BC9 48    IMUL ECX,ECX,48
0043BE0C  |.  81C1 681B4A00 ADD ECX,Ekd5.004A1B68
0043BE12 .  E8 DBBCFCFF CALL Ekd5.00407AF2    ; \Ekd5. 获取被武将减轻远距损伤的特殊道具的特殊效果值
0043BE17  |.  25 FF000000 AND EAX,0FF
0043BE1C  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0043BE1F  |.  0FAFC2       IMUL EAX,EDX
0043BE22  |.  33D2       XOR EDX,EDX
0043BE24  |.  B9 64000000 MOV ECX,64
0043BE29  |.  F7F1       DIV ECX
0043BE2B  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0043BE2E  |.  2BD0       SUB EDX,EAX
0043BE30  |.  8955 FC    MOV DWORD PTR SS:[EBP-4],EDX
0043BE33  |>  EB 63       JMP SHORT Ekd5.0043BE98
步兵跳转到这里：
0043BE35  |>  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0043BE38  |.  25 FF000000 AND EAX,0FF
0043BE3D  |.  83F8 03    CMP EAX,3 3表示骑兵只受到步兵60%的伤害
0043BE40  |.  75 2F       JNZ SHORT Ekd5.0043BE71 不是骑兵则跳转

0043BE42  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0043BE45  |.  6BC0 03    IMUL EAX,EAX,3
0043BE48  |.  33D2       XOR EDX,EDX
0043BE4A  |.  B9 05000000 MOV ECX,5
0043BE4F  |.  F7F1       DIV ECX                      乘以3除以5----------------------------60%
0043BE51  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
0043BE54  |.  837D FC 00 CMP DWORD PTR SS:[EBP-4],0
0043BE58  |.  75 09       JNZ SHORT Ekd5.0043BE63
0043BE5A  |.  C745 CC 01000>MOV DWORD PTR SS:[EBP-34],1 如果等于0，则设置为---------------1%
0043BE61  |.  EB 06       JMP SHORT Ekd5.0043BE69
0043BE63  |>  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0043BE66  |.  8955 CC    MOV DWORD PTR SS:[EBP-34],EDX
0043BE69  |>  8B45 CC    MOV EAX,DWORD PTR SS:[EBP-34]
0043BE6C  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
0043BE6F  |.  EB 27       JMP SHORT Ekd5.0043BE98

0043BE71  |>  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043BE74  |.  81E1 FF000000 AND ECX,0FF
0043BE7A  |.  83F9 02    CMP ECX,2              02弓兵受到步兵150%的伤害
0043BE7D  |.  74 0E       JE SHORT Ekd5.0043BE8D              相等，是弓兵，跳转

0043BE7F  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
0043BE82  |.  81E2 FF000000 AND EDX,0FF
0043BE88  |.  83FA 05    CMP EDX,5                         05炮兵受到步兵150%的伤害
0043BE8B  |.  75 0B       JNZ SHORT Ekd5.0043BE98          不相等，不是炮兵，跳转

0043BE8D  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0043BE90  |.  6BC0 03    IMUL EAX,EAX,3
0043BE93  |.  D1E8       SHR EAX,1
0043BE95  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX

0043BE98  |>  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043BE9B  |.  81E1 FF000000 AND ECX,0FF
0043BEA1  |.  83F9 03    CMP ECX,3
0043BEA4  |.  75 4A       JNZ SHORT Ekd5.0043BEF0                       如果被攻击不是骑兵跳转

0043BEA6  |.  6A 2D       PUSH 2D             2D-骑马攻击
0043BEA8  |.  8B55 D4    MOV EDX,DWORD PTR SS:[EBP-2C]
0043BEAB  |.  8B0A       MOV ECX,DWORD PTR DS:[EDX]
0043BEAD  |.  6BC9 48    IMUL ECX,ECX,48
0043BEB0  |.  81C1 681B4A00 ADD ECX,Ekd5.004A1B68
0043BEB6  |.  E8 4EBBFCFF CALL Ekd5.00407A09             检测攻击武将是否装备骑马攻击的特殊道具
0043BEBB  |.  85C0       TEST EAX,EAX
0043BEBD  |.  74 31       JE SHORT Ekd5.0043BEF0

0043BEBF  |.  6A 2D       PUSH 2D             2D-骑马攻击
0043BEC1  |.  8B45 D4    MOV EAX,DWORD PTR SS:[EBP-2C]
0043BEC4  |.  8B08       MOV ECX,DWORD PTR DS:[EAX]
0043BEC6  |.  6BC9 48    IMUL ECX,ECX,48
0043BEC9  |.  81C1 681B4A00 ADD ECX,Ekd5.004A1B68
0043BECF  |.  E8 1EBCFCFF CALL Ekd5.00407AF2             获取攻击武将装备骑马攻击道具的特殊效果值
0043BED4  |.  25 FF000000 AND EAX,0FF
0043BED9  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]     把Data的效果值弄进来
0043BEDC  |.  0FAFC1       IMUL EAX,ECX                                                 乘以效果值
0043BEDF  |.  33D2       XOR EDX,EDX
0043BEE1  |.  B9 64000000 MOV ECX,64
0043BEE6  |.  F7F1       DIV ECX                                                             除以100
0043BEE8  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0043BEEB  |.  03D0       ADD EDX,EAX
0043BEED  |.  8955 FC    MOV DWORD PTR SS:[EBP-4],EDX          加上原来的

0043BEF0  |>  837D 10 00 CMP DWORD PTR SS:[EBP+10],0    判断第三个参数0还是1
0043BEF4  |.  74 29       JE SHORT Ekd5.0043BF1F    如果是0跳转 (反击就是75%就是1)

0043BEF6  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0043BEF9  |.  6BC0 03    IMUL EAX,EAX,3
0043BEFC  |.  C1E8 02    SHR EAX,2                   乘以3除以4
0043BEFF  |.  83F8 01    CMP EAX,1
0043BF02  |.  73 09       JNB SHORT Ekd5.0043BF0D       不小于等于1则转移
0043BF04  |.  C745 C8 01000>MOV DWORD PTR SS:[EBP-38],1 若小于1则设置为1 --------1%
0043BF0B  |.  EB 0C       JMP SHORT Ekd5.0043BF19
0043BF0D  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4] 又是乘以3除以4
0043BF10  |.  6BC9 03    IMUL ECX,ECX,3
0043BF13  |.  C1E9 02    SHR ECX,2
0043BF16  |.  894D C8    MOV DWORD PTR SS:[EBP-38],ECX
0043BF19  |>  8B55 C8    MOV EDX,DWORD PTR SS:[EBP-38]
0043BF1C  |.  8955 FC    MOV DWORD PTR SS:[EBP-4],EDX

0043BF1F  |>  837D 0C 00 CMP DWORD PTR SS:[EBP+C],0 判断第二个参数是0还是1(真正攻击伤害的时候是1)
0043BF23  |.  74 50       JE SHORT Ekd5.0043BF75

0043BF25  |.  6A 07       PUSH 7
0043BF27  |.  E8 E73B0400 CALL Ekd5.0047FB13  生成0到6的随机数
0043BF2C  |.  83C4 04    ADD ESP,4
0043BF2F  |.  8945 D8    MOV DWORD PTR SS:[EBP-28],EAX
0043BF32  |.  837D D8 02 CMP DWORD PTR SS:[EBP-28],2
0043BF36  |.  76 0F       JBE SHORT Ekd5.0043BF47                      若随机数小于等于2则跳转

0043BF38  |.  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]
0043BF3B  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0043BF3E  |.  8D5401 FE    LEA EDX,DWORD PTR DS:[ECX+EAX-2]
0043BF42  |.  8955 FC    MOV DWORD PTR SS:[EBP-4],EDX
0043BF45  |.  EB 2E       JMP SHORT Ekd5.0043BF75

0043BF47  |>  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]
0043BF4A  |.  50          PUSH EAX
0043BF4B  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0043BF4E  |.  51          PUSH ECX
0043BF4F  |.  E8 4A3B0400 CALL Ekd5.0047FA9E                         返回08栈减0C栈得到的值，负值归0
0043BF54  |.  83C4 08    ADD ESP,8

0043BF57  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX    ([EBP-4] = [EBP-4] – [EBP-28]  负值归0)
0043BF5A  |.  837D FC 00 CMP DWORD PTR SS:[EBP-4],0
0043BF5E  |.  75 09       JNZ SHORT Ekd5.0043BF69       不为0，转移

0043BF60  |.  C745 C4 01000>MOV DWORD PTR SS:[EBP-3C],1 为0，变量[EPP-3C] 标记1，重新标记为1
0043BF67  |.  EB 06       JMP SHORT Ekd5.0043BF6F

0043BF69  |>  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0043BF6C  |.  8955 C4    MOV DWORD PTR SS:[EBP-3C],EDX

0043BF6F  |>  8B45 C4    MOV EAX,DWORD PTR SS:[EBP-3C]
0043BF72  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX    变为1

0043BF75  |>  8B4D DC    MOV ECX,DWORD PTR SS:[EBP-24]
0043BF78 .  E8 136D0300 CALL Ekd5.00472C90 返回武将ecx的当前体力
0043BF7D  |.  3945 FC    CMP DWORD PTR SS:[EBP-4],EAX
0043BF80 .  76 0B       JBE SHORT Ekd5.0043BF8D EAX小于等于则转移(返回的是EBP-4变量的值)
0043BF82  |.  8B4D DC    MOV ECX,DWORD PTR SS:[EBP-24]
0043BF85 .  E8 066D0300 CALL Ekd5.00472C90  返回武将ecx的当前体力
0043BF8A  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX          //返回当前体力值
0043BF8D  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0043BF90  |>  8BE5       MOV ESP,EBP
0043BF92  |.  5D          POP EBP
0043BF93  \.  C2 0C00    RETN 0C

//本函数,其实就是针对攻击方和被攻击方的攻击力防御力计算伤害值,还调用了一个计算命中率的函数.
//由于伤害设计兵种相克,防御远程攻击和骑马攻击两种特殊属性的计算,所以也写在了这个函数里面
//AI的选择也是根据这个函数出的结果为依据的.

[ 本帖最后由岱瀛于 2007-1-21 13:18 编辑 ]

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#6

发表于 2007-1-21 14:53 资料个人空间短消息看全部作者

攻击动作函数
00405744
传入参数：
Ecx 是攻击武将的Ecx值
局部变量
[EBP-D8] 保存攻击武将的Ecx值

00405744  /$  55          PUSH EBP
00405745  |.  8BEC       MOV EBP,ESP
00405747  |.  81EC D8000000 SUB ESP,0D8
0040574D  |.  898D 28FFFFFF MOV DWORD PTR SS:[EBP-D8],ECX
00405753  |.  8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]
00405759  |.  8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
0040575F  |.  8A51 10    MOV DL,BYTE PTR DS:[ECX+10]
00405762  |.  8850 01    MOV BYTE PTR DS:[EAX+1],DL
00405765  |.  8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
0040576B  |.  E8 1FE4FFFF CALL Ekd5.00403B8F                      ;  里面加载ATK图了
00405770  |.  8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]
00405776  |.  33C9       XOR ECX,ECX
00405778  |.  8A48 01    MOV CL,BYTE PTR DS:[EAX+1]
0040577B  |.  6BC9 24    IMUL ECX,ECX,24
0040577E  |.  81C1 502C4B00 ADD ECX,Ekd5.004B2C50
00405784  |.  E8 978B0300 CALL Ekd5.0043E320             获取攻击武将的朝向（这个时候武将的朝向已经变了，而看到的不一样）
00405789  |.  8845 FC    MOV BYTE PTR SS:[EBP-4],AL
0040578C  |.  8B95 28FFFFFF MOV EDX,DWORD PTR SS:[EBP-D8]
00405792  |.  8A02       MOV AL,BYTE PTR DS:[EDX]
00405794  |.  50          PUSH EAX                               ; /Arg2
00405795  |.  8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]          ; |
0040579B  |.  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]             ; |
0040579E  |.  52          PUSH EDX                               ; |Arg1
0040579F  |.  E8 85000300 CALL Ekd5.00435829                      ; \Ekd5.00435829
004057A4  |.  83C4 08    ADD ESP,8
004057A7  |.  6A 00       PUSH 0                                  ; /Arg1 = 00000000
004057A9  |.  8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]          ; |
004057AF  |.  E8 D1E5FFFF CALL Ekd5.00403D85                      ; \Ekd5.00403D85             里面加载了SPC图
004057B4  |.  8A45 FC    MOV AL,BYTE PTR SS:[EBP-4]
004057B7  |.  50          PUSH EAX                               ; /Arg1
004057B8  |.  8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]          ; |
004057BE  |.  33D2       XOR EDX,EDX                            ; |
004057C0  |.  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]             ; |
004057C3  |.  8BCA       MOV ECX,EDX                            ; |
004057C5  |.  6BC9 24    IMUL ECX,ECX,24                         ; |
004057C8  |.  81C1 502C4B00 ADD ECX,Ekd5.004B2C50                   ; |
004057CE  |.  E8 9D0E0000 CALL Ekd5.00406670                      ; \Ekd5.00406670                      设置攻击武将朝向为08栈
004057D3  |.  68 FF000000 PUSH 0FF                               ; /Arg2 = 000000FF
004057D8  |.  8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]          ; |
004057DE  |.  8A48 01    MOV CL,BYTE PTR DS:[EAX+1]             ; |
004057E1  |.  51          PUSH ECX                               ; |Arg1
004057E2  |.  E8 42000300 CALL Ekd5.00435829                      ; \Ekd5.00435829
004057E7  |.  83C4 08    ADD ESP,8
004057EA  |.  8B95 28FFFFFF MOV EDX,DWORD PTR SS:[EBP-D8]
004057F0  |.  8B4A 0C    MOV ECX,DWORD PTR DS:[EDX+C]
004057F3  |.  E8 68DBFFFF CALL Ekd5.00403360             //纯粹看代码里是把Ecx压栈然后再+6返回，但是没分析为什么要这样做
004057F8  |.  66:8B00    MOV AX,WORD PTR DS:[EAX]
004057FB  |.  66:8945 F8 MOV WORD PTR SS:[EBP-8],AX
004057FF  |.  8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
00405805  |.  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]
00405808  |.  52          PUSH EDX                               ; /Arg3
00405809  |.  8A45 F9    MOV AL,BYTE PTR SS:[EBP-7]             ; |
0040580C  |.  50          PUSH EAX                               ; |Arg2
0040580D  |.  8A4D F8    MOV CL,BYTE PTR SS:[EBP-8]             ; |
00405810  |.  51          PUSH ECX                               ; |Arg1
00405811  |.  B9 50424B00 MOV ECX,Ekd5.004B4250                   ; |
00405816  |.  E8 08F90400 CALL Ekd5.00455123                      ; \Ekd5.00455123    重画武将形象，把朝向弄好。
0040581B  |.  8B95 28FFFFFF MOV EDX,DWORD PTR SS:[EBP-D8]
00405821  |.  83BA 04060000>CMP DWORD PTR DS:[EDX+604],0                               //判断是否发生致命一击
00405828  |.  74 50       JE SHORT Ekd5.0040587A
0040582A  |.  6A 19       PUSH 19                               ; /Arg1 = 00000019
0040582C  |.  E8 01A30700 CALL Ekd5.0047FB32                      ; \Ekd5.0047FB32 25%概率的事件是否发生
00405831  |.  83C4 04    ADD ESP,4
00405834  |.  85C0       TEST EAX,EAX
00405836  |.  74 42       JE SHORT Ekd5.0040587A                             //概率没有发生，结束, 发生则说出致命一击的台词
00405838  |.  8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]
0040583E  |.  8B48 04    MOV ECX,DWORD PTR DS:[EAX+4]
00405841  |.  51          PUSH ECX                               ; /Arg2
00405842  |.  8D95 2CFFFFFF LEA EDX,DWORD PTR SS:[EBP-D4]          ; |
00405848  |.  52          PUSH EDX                               ; |Arg1
00405849  |.  E8 E1670000 CALL Ekd5.0040C02F                      ; \Ekd5.0040C02F
0040584E  |.  83C4 08    ADD ESP,8
00405851  |.  8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]
00405857  |.  8B48 0C    MOV ECX,DWORD PTR DS:[EAX+C]
0040585A  |.  E8 6AA40300 CALL Ekd5.0043FCC9
0040585F  |.  8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
00405865  |.  8B51 04    MOV EDX,DWORD PTR DS:[ECX+4]
00405868  |.  52          PUSH EDX                               ; /Arg2
00405869  |.  8D85 2CFFFFFF LEA EAX,DWORD PTR SS:[EBP-D4]          ; |
0040586F  |.  50          PUSH EAX                               ; |Arg1
00405870  |.  B9 F05D4B00 MOV ECX,Ekd5.004B5DF0                   ; |
00405875  |.  E8 E33D0500 CALL Ekd5.0045965D                      ; \Ekd5.0045965D
0040587A  |>  8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
00405880  |.  E8 64ECFFFF CALL Ekd5.004044E9                                                       //画面显示函数
00405885  |.  8BE5       MOV ESP,EBP
00405887  |.  5D          POP EBP
00405888  \.  C3          RETN

//本函数，进行了一些画面处理，比如武将的转向和致命一击台词。然后调用了攻击过程全动作的函数，分析比较粗，调用到的几个函数还没有仔细分析，
//还有几个朝向问题，数字朝向有点奇怪。

[ 本帖最后由岱瀛于 2007-1-21 15:11 编辑 ]

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#7

发表于 2007-1-21 14:55 资料个人空间短消息看全部作者

攻击画面函数
004044E9函数
又是一个万恶的恐怖函数

建议先看我最后用C翻译的结果,对于反汇编过长的函数,我一般都是先从代码结构上，从总体上把握,直接自己翻译成C代码,然后再分段的研究,直接上千行万行的汇编看下去,人会崩溃的.不过翻译过程其实也不简单,我个人比较熟悉和喜欢C/C++,也简单了解过C和汇编转换的一般对应关系,所以就翻译成C了.象小笨那种喜欢pascal的,估计就自己翻成pascal容易看点.

004044E9  /$  55          PUSH EBP
004044EA  |.  8BEC       MOV EBP,ESP
004044EC  |.  B8 38100000 MOV EAX,1038
004044F1  |.  E8 6ACC0700 CALL Ekd5.00481160
004044F6  |.  56          PUSH ESI
004044F7  |.  898D CCEFFFFF MOV DWORD PTR SS:[EBP-1034],ECX
004044FD  |.  8B85 CCEFFFFF MOV EAX,DWORD PTR SS:[EBP-1034]
00404503  |.  8B48 0C    MOV ECX,DWORD PTR DS:[EAX+C]
00404506  |.  E8 55EEFFFF CALL Ekd5.00403360       //纯粹看代码里是把Ecx压栈然后再+6返回，但是没分析为什么要这样做
0040450B  |.  66:8B08    MOV CX,WORD PTR DS:[EAX]
0040450E  |.  66:898D E8EFF>MOV WORD PTR SS:[EBP-1018],CX
00404515  |.  8B95 CCEFFFFF MOV EDX,DWORD PTR SS:[EBP-1034]
0040451B  |.  33C0       XOR EAX,EAX
0040451D  |.  8A42 01    MOV AL,BYTE PTR DS:[EDX+1]
00404520  |.  8BC8       MOV ECX,EAX
00404522  |.  6BC9 24    IMUL ECX,ECX,24
00404525  |.  81C1 502C4B00 ADD ECX,Ekd5.004B2C50
0040452B  |.  E8 30EEFFFF CALL Ekd5.00403360             //纯粹看代码里是把Ecx压栈然后再+6返回，但是没分析为什么要这样做
00404530  |.  66:8B08    MOV CX,WORD PTR DS:[EAX]
00404533  |.  66:898D E0EFF>MOV WORD PTR SS:[EBP-1020],CX
0040453A  |.  8BB5 E8EFFFFF MOV ESI,DWORD PTR SS:[EBP-1018]
00404540  |.  81E6 FF000000 AND ESI,0FF
00404546  |.  B9 50424B00 MOV ECX,Ekd5.004B4250
0040454B  |.  E8 43D50400 CALL Ekd5.00451A93             //纯粹看代码，是把Ecx压栈后，取Ecx+4所指的内存地址的值返回
00404550  |.  99          CDQ
00404551  |.  B9 30000000 MOV ECX,30
00404556  |.  F7F9       IDIV ECX
00404558  |.  2BF0       SUB ESI,EAX
0040455A  |.  89B5 F4EFFFFF MOV DWORD PTR SS:[EBP-100C],ESI
00404560  |.  8BB5 E9EFFFFF MOV ESI,DWORD PTR SS:[EBP-1017]
00404566  |.  81E6 FF000000 AND ESI,0FF
0040456C  |.  B9 50424B00 MOV ECX,Ekd5.004B4250
00404571  |.  E8 2ED50400 CALL Ekd5.00451AA4          //纯粹看代码，是把Ecx压栈后，取Ecx+8所指的内存地址的值返回
00404576  |.  99          CDQ
00404577  |.  B9 30000000 MOV ECX,30
0040457C  |.  F7F9       IDIV ECX
0040457E  |.  2BF0       SUB ESI,EAX
00404580  |.  89B5 ECEFFFFF MOV DWORD PTR SS:[EBP-1014],ESI
00404586  |.  8BB5 E0EFFFFF MOV ESI,DWORD PTR SS:[EBP-1020]
0040458C  |.  81E6 FF000000 AND ESI,0FF
00404592  |.  B9 50424B00 MOV ECX,Ekd5.004B4250
00404597  |.  E8 F7D40400 CALL Ekd5.00451A93             //纯粹看代码，是把Ecx压栈后，取Ecx+4所指的内存地址的值返回
0040459C  |.  99          CDQ
0040459D  |.  B9 30000000 MOV ECX,30
004045A2  |.  F7F9       IDIV ECX
004045A4  |.  2BF0       SUB ESI,EAX
004045A6  |.  89B5 F8EFFFFF MOV DWORD PTR SS:[EBP-1008],ESI
004045AC  |.  8BB5 E1EFFFFF MOV ESI,DWORD PTR SS:[EBP-101F]
004045B2  |.  81E6 FF000000 AND ESI,0FF
004045B8  |.  B9 50424B00 MOV ECX,Ekd5.004B4250
004045BD  |.  E8 E2D40400 CALL Ekd5.00451AA4                //纯粹看代码，是把Ecx压栈后，取Ecx+8所指的内存地址的值返回
004045C2  |.  99          CDQ
004045C3  |.  B9 30000000 MOV ECX,30
004045C8  |.  F7F9       IDIV ECX
004045CA  |.  2BF0       SUB ESI,EAX
004045CC  |.  89B5 FCEFFFFF MOV DWORD PTR SS:[EBP-1004],ESI
004045D2  |.  8B95 F4EFFFFF MOV EDX,DWORD PTR SS:[EBP-100C]
004045D8  |.  6BD2 30    IMUL EDX,EDX,30
004045DB  |.  8995 DCEFFFFF MOV DWORD PTR SS:[EBP-1024],EDX
004045E1  |.  8B85 ECEFFFFF MOV EAX,DWORD PTR SS:[EBP-1014]
004045E7  |.  6BC0 30    IMUL EAX,EAX,30
004045EA  |.  83C0 38    ADD EAX,38
004045ED  |.  8985 D8EFFFFF MOV DWORD PTR SS:[EBP-1028],EAX
004045F3  |.  8B8D F8EFFFFF MOV ECX,DWORD PTR SS:[EBP-1008]
004045F9  |.  6BC9 30    IMUL ECX,ECX,30
004045FC  |.  898D D4EFFFFF MOV DWORD PTR SS:[EBP-102C],ECX
00404602  |.  8B95 FCEFFFFF MOV EDX,DWORD PTR SS:[EBP-1004]
00404608  |.  6BD2 30    IMUL EDX,EDX,30
0040460B  |.  83C2 38    ADD EDX,38
0040460E  |.  8995 D0EFFFFF MOV DWORD PTR SS:[EBP-1030],EDX
00404614  |.  C785 F0EFFFFF>MOV DWORD PTR SS:[EBP-1010],0
0040461E  |.  EB 0F       JMP SHORT Ekd5.0040462F

00404620  |>  8B85 F0EFFFFF /MOV EAX,DWORD PTR SS:[EBP-1010]
00404626  |.  83C0 01    |ADD EAX,1
00404629  |.  8985 F0EFFFFF |MOV DWORD PTR SS:[EBP-1010],EAX
0040462F  |>  83BD F0EFFFFF> CMP DWORD PTR SS:[EBP-1010],1B
循环了27次,中间有空,也就是攻击的过程不会一闪而过,曹操传里的图都是4针,要做八针的攻击效果图,就必须在这做文章了
00404636  |.  0F83 C1100000 |JNB Ekd5.004056FD  (if (变量>27) goto 结束 )
0040463C  |.  8B8D F0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1010]
00404642  |.  898D C8EFFFFF |MOV DWORD PTR SS:[EBP-1038],ECX
00404648  |.  83BD C8EFFFFF>|CMP DWORD PTR SS:[EBP-1038],19
0040464F  |.  0F87 92100000 |JA Ekd5.004056E7    (if (变量>25) goto 4056E7循环点)
00404655  |.  8B85 C8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1038]
0040465B  |.  33D2       |XOR EDX,EDX
0040465D  |.  8A90 2A574000 |MOV DL,BYTE PTR DS:[EAX+40572A]
                     0040572A .  00          DB 00                                  ; 分支 00405702 索引表
                     0040572B .  09          DB 09
                     0040572C .  01          DB 01
                     0040572D .  09          DB 09
                     0040572E .  09          DB 09
                     0040572F .  09          DB 09
                     00405730 .  09          DB 09
                     00405731 .  09          DB 09
                     00405732 .  02          DB 02
                     00405733 .  09          DB 09
                     00405734 .  09          DB 09
                     00405735 .  09          DB 09
                     00405736 .  03          DB 03
                     00405737 .  04          DB 04
                     00405738 .  05          DB 05
                     00405739 .  06          DB 06
                     0040573A .  09          DB 09
                     0040573B .  07          DB 07
                     0040573C .  09          DB 09
                     0040573D .  09          DB 09
                     0040573E .  09          DB 09
                     0040573F .  09          DB 09
                     00405740 .  09          DB 09
                     00405741 .  09          DB 09
                     00405742 .  09          DB 09
                     00405743 .  08          DB 08
00404663  |.  FF2495 025740>|JMP DWORD PTR DS:[EDX*4+405702]  跳转的计算
                     00405702 . \6A464000    DD Ekd5.0040466A                      ;  分支表被用于 00404663
                     00405706 .  08484000    DD Ekd5.00404808
                     0040570A .  31494000    DD Ekd5.00404931
                     0040570E .  BC4C4000    DD Ekd5.00404CBC
                     00405712 .  964D4000    DD Ekd5.00404D96
                     00405716 .  FA4F4000    DD Ekd5.00404FFA
                     0040571A .  2C524000    DD Ekd5.0040522C
                     0040571E .  5F534000    DD Ekd5.0040535F
                     00405722 .  4A554000    DD Ekd5.0040554A
                     00405726 .  E7564000    DD Ekd5.004056E7
0040466A  |>  E8 6C9F0100 |CALL Ekd5.0041E5DB
0040466F  |.  8B8D ECEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1014]
00404675  |.  51          |PUSH ECX                               ; /Arg2
00404676  |.  8B95 F4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-100C]       ; |
0040467C  |.  52          |PUSH EDX                               ; |Arg1
0040467D  |.  E8 77F0FFFF |CALL Ekd5.004036F9                   ; \Ekd5.004036F9
00404682  |.  83C4 08    |ADD ESP,8
00404685  |.  8B85 FCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1004]
0040468B  |.  50          |PUSH EAX                               ; /Arg2
0040468C  |.  8B8D F8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1008]       ; |
00404692  |.  51          |PUSH ECX                               ; |Arg1
00404693  |.  E8 61F0FFFF |CALL Ekd5.004036F9                   ; \Ekd5.004036F9
00404698  |.  83C4 08    |ADD ESP,8
0040469B  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
0040469D  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
0040469F  |.  68 00490000 |PUSH 4900                            ; |Arg1 = 00004900
004046A4  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
004046A9  |.  E8 92B30700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
004046AE  |.  50          |PUSH EAX                               ; /Arg5
004046AF  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
004046B1  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
004046B3  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
004046B9  |.  83EA 08    |SUB EDX,8                            ; |
004046BC  |.  52          |PUSH EDX                               ; |Arg2
004046BD  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
004046C3  |.  83E8 08    |SUB EAX,8                            ; |
004046C6  |.  50          |PUSH EAX                               ; |Arg1
004046C7  |.  E8 1AD30400 |CALL Ekd5.004519E6                   ; \Ekd5.004519E6
004046CC  |.  83C4 14    |ADD ESP,14
004046CF  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
004046D1  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
004046D3  |.  68 00590000 |PUSH 5900                            ; |Arg1 = 00005900
004046D8  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
004046DD  |.  E8 5EB30700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
004046E2  |.  50          |PUSH EAX                               ; /Arg5
004046E3  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
004046E5  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
004046E7  |.  8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030]       ; |
004046ED  |.  83E9 08    |SUB ECX,8                            ; |
004046F0  |.  51          |PUSH ECX                               ; |Arg2
004046F1  |.  8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C]       ; |
004046F7  |.  83EA 08    |SUB EDX,8                            ; |
004046FA  |.  52          |PUSH EDX                               ; |Arg1
004046FB  |.  E8 E6D20400 |CALL Ekd5.004519E6                   ; \Ekd5.004519E6
00404700  |.  83C4 14    |ADD ESP,14
00404703  |.  B9 083D4B00 |MOV ECX,Ekd5.004B3D08
00404708  |.  E8 23200000 |CALL Ekd5.00406730
0040470D  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
0040470F  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404711  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404713  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
00404718  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
0040471D  |.  E8 1EB30700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00404722  |.  50          |PUSH EAX                               ; |Arg5
00404723  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404725  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404727  |.  8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030]       ; |
0040472D  |.  83E8 08    |SUB EAX,8                            ; |
00404730  |.  50          |PUSH EAX                               ; |Arg2
00404731  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
00404737  |.  83E9 08    |SUB ECX,8                            ; |
0040473A  |.  51          |PUSH ECX                               ; |Arg1
0040473B  |.  E8 D3D10400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00404740  |.  83C4 18    |ADD ESP,18
00404743  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00404745  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404747  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404749  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
0040474E  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404753  |.  E8 E8B20700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00404758  |.  50          |PUSH EAX                               ; |Arg5
00404759  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
0040475B  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
0040475D  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
00404763  |.  83EA 08    |SUB EDX,8                            ; |
00404766  |.  52          |PUSH EDX                               ; |Arg2
00404767  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
0040476D  |.  83E8 08    |SUB EAX,8                            ; |
00404770  |.  50          |PUSH EAX                               ; |Arg1
00404771  |.  E8 9DD10400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00404776  |.  83C4 18    |ADD ESP,18
00404779  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
0040477F  |.  33D2       |XOR EDX,EDX
00404781  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]
00404784  |.  52          |PUSH EDX                               ; /Arg3
00404785  |.  8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030]       ; |
0040478B  |.  50          |PUSH EAX                               ; |Arg2
0040478C  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
00404792  |.  51          |PUSH ECX                               ; |Arg1
00404793  |.  E8 87A30300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
00404798  |.  83C4 0C    |ADD ESP,0C
0040479B  |.  6A 04       |PUSH 4
0040479D  |.  6A 00       |PUSH 0
0040479F  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
004047A5  |.  33C0       |XOR EAX,EAX
004047A7  |.  8A02       |MOV AL,BYTE PTR DS:[EDX]
004047A9  |.  8BF0       |MOV ESI,EAX
004047AB  |.  69F6 00630000 |IMUL ESI,ESI,6300
004047B1  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004047B7  |.  33D2       |XOR EDX,EDX
004047B9  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]
004047BB  |.  52          |PUSH EDX                               ; /Arg1
004047BC  |.  E8 549D0300 |CALL Ekd5.0043E515                   ; \Ekd5.0043E515
004047C1  |.  83C4 04    |ADD ESP,4
004047C4  |.  83C0 06    |ADD EAX,6                            ; |
004047C7  |.  69C0 00090000 |IMUL EAX,EAX,900                      ; |
004047CD  |.  03F0       |ADD ESI,EAX                            ; |
004047CF  |.  56          |PUSH ESI                               ; |Arg1
004047D0  |.  B9 80AB4A00 |MOV ECX,Ekd5.004AAB80                ; |
004047D5  |.  E8 66B20700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40

004047DA  |.  50          |PUSH EAX                               ; /Arg6
004047DB  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
004047E1  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]             ; |
004047E3  |.  51          |PUSH ECX                               ; |Arg5
004047E4  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
004047E6  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
004047E8  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
004047EE  |.  52          |PUSH EDX                               ; |Arg2
004047EF  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
004047F5  |.  50          |PUSH EAX                               ; |Arg1
004047F6  |.  E8 81CB0400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
004047FB  |.  83C4 18    |ADD ESP,18
004047FE  |.  E8 F39D0100 |CALL Ekd5.0041E5F6
00404803  |.  E9 DF0E0000 |JMP Ekd5.004056E7
00404808  |>  E8 CE9D0100 |CALL Ekd5.0041E5DB                               第一个攻击动作
0040480D  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
0040480F  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404811  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404813  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
00404818  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
0040481D  |.  E8 1EB20700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40

00404822  |.  50          |PUSH EAX                               ; |Arg5
00404823  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404825  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404827  |.  8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030]       ; |
0040482D  |.  83E9 08    |SUB ECX,8                            ; |
00404830  |.  51          |PUSH ECX                               ; |Arg2
00404831  |.  8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C]       ; |
00404837  |.  83EA 08    |SUB EDX,8                            ; |
0040483A  |.  52          |PUSH EDX                               ; |Arg1
0040483B  |.  E8 D3D00400 |CALL Ekd5.00451913                   ; \Ekd5.00451913

00404840  |.  83C4 18    |ADD ESP,18
00404843  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00404845  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404847  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404849  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
0040484E  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404853  |.  E8 E8B10700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40

00404858  |.  50          |PUSH EAX                               ; |Arg5
00404859  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
0040485B  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
0040485D  |.  8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028]       ; |
00404863  |.  83E8 08    |SUB EAX,8                            ; |
00404866  |.  50          |PUSH EAX                               ; |Arg2
00404867  |.  8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024]       ; |
0040486D  |.  83E9 08    |SUB ECX,8                            ; |
00404870  |.  51          |PUSH ECX                               ; |Arg1
00404871  |.  E8 9DD00400 |CALL Ekd5.00451913                   ; \Ekd5.00451913

00404876  |.  83C4 18    |ADD ESP,18
00404879  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
0040487F  |.  33C0       |XOR EAX,EAX
00404881  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]
00404884  |.  50          |PUSH EAX                               ; /Arg3
00404885  |.  8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030]       ; |
0040488B  |.  51          |PUSH ECX                               ; |Arg2
0040488C  |.  8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C]       ; |
00404892  |.  52          |PUSH EDX                               ; |Arg1
00404893  |.  E8 87A20300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
00404898  |.  83C4 0C    |ADD ESP,0C

0040489B  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
0040489D  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
0040489F  |.  6A 00       |PUSH 0                               ; |Arg1 = 00000000
004048A1  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
004048A6  |.  E8 95B10700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
004048AB  |.  50          |PUSH EAX                               ; /Arg6
004048AC  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
004048B2  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]             ; |
004048B4  |.  51          |PUSH ECX                               ; |Arg5
004048B5  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
004048B7  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
004048B9  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
004048BF  |.  83EA 08    |SUB EDX,8                            ; |
004048C2  |.  52          |PUSH EDX                               ; |Arg2
004048C3  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
004048C9  |.  83E8 08    |SUB EAX,8                            ; |
004048CC  |.  50          |PUSH EAX                               ; |Arg1
004048CD  |.  E8 AACA0400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
004048D2  |.  83C4 18    |ADD ESP,18
004048D5  |.  E8 1C9D0100 |CALL Ekd5.0041E5F6                                     第一个攻击动作
004048DA  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004048E0  |.  8B49 0C    |MOV ECX,DWORD PTR DS:[ECX+C]
004048E3  |.  E8 3EB70300 |CALL Ekd5.00440026
004048E8  |.  85C0       |TEST EAX,EAX
004048EA  |.  74 10       |JE SHORT Ekd5.004048FC
004048EC  |.  6A 01       |PUSH 1                               ; /Arg2 = 00000001
004048EE  |.  6A 22       |PUSH 22                               ; |Arg1 = 00000022
004048F0  |.  B9 B0694B00 |MOV ECX,Ekd5.004B69B0                ; |
004048F5  |.  E8 80FD0600 |CALL Ekd5.0047467A                   ; \Ekd5.0047467A
004048FA  |.  EB 30       |JMP SHORT Ekd5.0040492C
004048FC  |>  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00404902  |.  8B4A 0C    |MOV ECX,DWORD PTR DS:[EDX+C]
00404905  |.  E8 FFB60300 |CALL Ekd5.00440009
0040490A  |.  85C0       |TEST EAX,EAX
0040490C  |.  74 10       |JE SHORT Ekd5.0040491E
0040490E  |.  6A 01       |PUSH 1                               ; /Arg2 = 00000001
00404910  |.  6A 25       |PUSH 25                               ; |Arg1 = 00000025
00404912  |.  B9 B0694B00 |MOV ECX,Ekd5.004B69B0                ; |
00404917  |.  E8 5EFD0600 |CALL Ekd5.0047467A                   ; \Ekd5.0047467A
0040491C  |.  EB 0E       |JMP SHORT Ekd5.0040492C
0040491E  |>  6A 01       |PUSH 1                               ; /Arg2 = 00000001
00404920  |.  6A 20       |PUSH 20                               ; |Arg1 = 00000020
00404922  |.  B9 B0694B00 |MOV ECX,Ekd5.004B69B0                ; |
00404927  |.  E8 4EFD0600 |CALL Ekd5.0047467A                   ; \Ekd5.0047467A

0040492C  |>  E9 B60D0000 |JMP Ekd5.004056E7                                                 返回最后

00404931  |>  E8 A59C0100 |CALL Ekd5.0041E5DB
00404936  |.  B9 083D4B00 |MOV ECX,Ekd5.004B3D08
0040493B  |.  E8 F01D0000 |CALL Ekd5.00406730
00404940  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00404942  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404944  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404946  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
0040494B  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404950  |.  E8 EBB00700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00404955  |.  50          |PUSH EAX                               ; |Arg5
00404956  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404958  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
0040495A  |.  8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030]       ; |
00404960  |.  83E8 08    |SUB EAX,8                            ; |
00404963  |.  50          |PUSH EAX                               ; |Arg2
00404964  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
0040496A  |.  83E9 08    |SUB ECX,8                            ; |
0040496D  |.  51          |PUSH ECX                               ; |Arg1
0040496E  |.  E8 A0CF0400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00404973  |.  83C4 18    |ADD ESP,18
00404976  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00404978  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
0040497A  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
0040497C  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
00404981  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404986  |.  E8 B5B00700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
0040498B  |.  50          |PUSH EAX                               ; |Arg5
0040498C  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
0040498E  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404990  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
00404996  |.  83EA 08    |SUB EDX,8                            ; |
00404999  |.  52          |PUSH EDX                               ; |Arg2
0040499A  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
004049A0  |.  83E8 08    |SUB EAX,8                            ; |
004049A3  |.  50          |PUSH EAX                               ; |Arg1
004049A4  |.  E8 6ACF0400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
004049A9  |.  83C4 18    |ADD ESP,18
004049AC  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004049B2  |.  33D2       |XOR EDX,EDX
004049B4  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]
004049B7  |.  52          |PUSH EDX                               ; /Arg3
004049B8  |.  8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030]       ; |
004049BE  |.  50          |PUSH EAX                               ; |Arg2
004049BF  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
004049C5  |.  51          |PUSH ECX                               ; |Arg1
004049C6  |.  E8 54A10300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
004049CB  |.  83C4 0C    |ADD ESP,0C
004049CE  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
004049D4  |.  8B4A 0C    |MOV ECX,DWORD PTR DS:[EDX+C]
004049D7  |.  E8 2DB60300 |CALL Ekd5.00440009
004049DC  |.  85C0       |TEST EAX,EAX
004049DE  |.  0F84 78010000 |JE Ekd5.00404B5C

004049E4  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
004049EA  |.  83B8 04060000>|CMP DWORD PTR DS:[EAX+604],0
004049F1  |.  0F84 0D010000 |JE Ekd5.00404B04

004049F7  |.  68 00100000 |PUSH 1000                            ; /Arg3 = 00001000
004049FC  |.  8D8D 00F0FFFF |LEA ECX,DWORD PTR SS:[EBP-1000]       ; |
00404A02  |.  51          |PUSH ECX                               ; |Arg2
00404A03  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404A05  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404A07  |.  68 00100000 |PUSH 1000                            ; ||Arg1 = 00001000
00404A0C  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404A11  |.  E8 2AB00700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40

00404A16  |.  50          |PUSH EAX                               ; |Arg1
00404A17  |.  E8 E1B20700 |CALL Ekd5.0047FCFD                   ; \Ekd5.0047FCFD

00404A1C  |.  83C4 0C    |ADD ESP,0C
00404A1F  |.  8D95 00F0FFFF |LEA EDX,DWORD PTR SS:[EBP-1000]
00404A25  |.  52          |PUSH EDX                               ; /Arg6
00404A26  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
00404A2C  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]             ; |
00404A2E  |.  51          |PUSH ECX                               ; |Arg5
00404A2F  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404A31  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404A33  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
00404A39  |.  83EA 08    |SUB EDX,8                            ; |
00404A3C  |.  52          |PUSH EDX                               ; |Arg2
00404A3D  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
00404A43  |.  83E8 08    |SUB EAX,8                            ; |
00404A46  |.  50          |PUSH EAX                               ; |Arg1
00404A47  |.  E8 30C90400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404A4C  |.  83C4 18    |ADD ESP,18
00404A4F  |.  E8 A29B0100 |CALL Ekd5.0041E5F6
00404A54  |.  6A 01       |PUSH 1                               ; /Arg2 = 00000001
00404A56  |.  6A 21       |PUSH 21                               ; |Arg1 = 00000021
00404A58  |.  B9 B0694B00 |MOV ECX,Ekd5.004B69B0                ; |
00404A5D  |.  E8 18FC0600 |CALL Ekd5.0047467A                   ; \Ekd5.0047467A
00404A62  |.  C685 E4EFFFFF>|MOV BYTE PTR SS:[EBP-101C],0
00404A69  |.  EB 0F       |JMP SHORT Ekd5.00404A7A
00404A6B  |>  8A8D E4EFFFFF |/MOV CL,BYTE PTR SS:[EBP-101C]
00404A71  |.  80C1 01    ||ADD CL,1
00404A74  |.  888D E4EFFFFF ||MOV BYTE PTR SS:[EBP-101C],CL
00404A7A  |>  8B95 E4EFFFFF | MOV EDX,DWORD PTR SS:[EBP-101C]
00404A80  |.  81E2 FF000000 ||AND EDX,0FF
00404A86  |.  83FA 06    ||CMP EDX,6
00404A89  |.  7D 77       ||JGE SHORT Ekd5.00404B02
00404A8B  |.  6A 01       ||PUSH 1                               ; /Arg1 = 00000001
00404A8D  |.  B9 181B4B00 ||MOV ECX,Ekd5.004B1B18                ; |
00404A92  |.  E8 A9E8FFFF ||CALL Ekd5.00403340                   ; \Ekd5.00403340
00404A97  |.  E8 447A0200 ||CALL Ekd5.0042C4E0
00404A9C  |.  E8 3A9B0100 ||CALL Ekd5.0041E5DB
00404AA1  |.  8B85 E4EFFFFF ||MOV EAX,DWORD PTR SS:[EBP-101C]
00404AA7  |.  25 FF000000 ||AND EAX,0FF
00404AAC  |.  99          ||CDQ
00404AAD  |.  2BC2       ||SUB EAX,EDX
00404AAF  |.  D1F8       ||SAR EAX,1
00404AB1  |.  83C0 01    ||ADD EAX,1
00404AB4  |.  50          ||PUSH EAX                            ; /Arg4
00404AB5  |.  6A 40       ||PUSH 40                               ; |Arg3 = 00000040
00404AB7  |.  6A 40       ||PUSH 40                               ; |Arg2 = 00000040
00404AB9  |.  8D85 00F0FFFF ||LEA EAX,DWORD PTR SS:[EBP-1000]       ; |
00404ABF  |.  50          ||PUSH EAX                            ; |Arg1
00404AC0  |.  E8 FBB80200 ||CALL Ekd5.004303C0                   ; \Ekd5.004303C0
00404AC5  |.  83C4 10    ||ADD ESP,10
00404AC8  |.  8D8D 00F0FFFF ||LEA ECX,DWORD PTR SS:[EBP-1000]

00404ACE  |.  51          ||PUSH ECX                            ; /Arg6
00404ACF  |.  8B95 CCEFFFFF ||MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
00404AD5  |.  8A02       ||MOV AL,BYTE PTR DS:[EDX]             ; |
00404AD7  |.  50          ||PUSH EAX                            ; |Arg5
00404AD8  |.  6A 40       ||PUSH 40                               ; |Arg4 = 00000040
00404ADA  |.  6A 40       ||PUSH 40                               ; |Arg3 = 00000040
00404ADC  |.  8B8D D8EFFFFF ||MOV ECX,DWORD PTR SS:[EBP-1028]       ; |
00404AE2  |.  83E9 08    ||SUB ECX,8                            ; |
00404AE5  |.  51          ||PUSH ECX                            ; |Arg2
00404AE6  |.  8B95 DCEFFFFF ||MOV EDX,DWORD PTR SS:[EBP-1024]       ; |
00404AEC  |.  83EA 08    ||SUB EDX,8                            ; |
00404AEF  |.  52          ||PUSH EDX                            ; |Arg1
00404AF0  |.  E8 87C80400 ||CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404AF5  |.  83C4 18    ||ADD ESP,18
00404AF8  |.  E8 F99A0100 ||CALL Ekd5.0041E5F6

00404AFD  |.^ E9 69FFFFFF |\JMP Ekd5.00404A6B
00404B02  |>  EB 3D       |JMP SHORT Ekd5.00404B41

00404B04  |>  6A 04       |PUSH 4                               ; /Arg3 = 00000004
00404B06  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
00404B08  |.  68 00100000 |PUSH 1000                            ; |Arg1 = 00001000
00404B0D  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
00404B12  |.  E8 29AF0700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40

00404B17  |.  50          |PUSH EAX                               ; /Arg6
00404B18  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
00404B1E  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]             ; |
00404B20  |.  51          |PUSH ECX                               ; |Arg5
00404B21  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404B23  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404B25  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
00404B2B  |.  83EA 08    |SUB EDX,8                            ; |
00404B2E  |.  52          |PUSH EDX                               ; |Arg2
00404B2F  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
00404B35  |.  83E8 08    |SUB EAX,8                            ; |
00404B38  |.  50          |PUSH EAX                               ; |Arg1
00404B39  |.  E8 3EC80400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404B3E  |.  83C4 18    |ADD ESP,18
00404B41  |>  E8 B09A0100 |CALL Ekd5.0041E5F6

00404B46  |.  6A 08       |PUSH 8                               ; /Arg1 = 00000008
00404B48  |.  B9 181B4B00 |MOV ECX,Ekd5.004B1B18                ; |
00404B4D  |.  E8 EEE7FFFF |CALL Ekd5.00403340                   ; \Ekd5.00403340
00404B52  |.  E8 89790200 |CALL Ekd5.0042C4E0
00404B57  |.  E9 5B010000 |JMP Ekd5.00404CB7

00404B5C  |>  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
00404B62  |.  83B9 04060000>|CMP DWORD PTR DS:[ECX+604],0
00404B69  |.  0F84 09010000 |JE Ekd5.00404C78
00404B6F  |.  68 00100000 |PUSH 1000                            ; /Arg3 = 00001000
00404B74  |.  8D95 00F0FFFF |LEA EDX,DWORD PTR SS:[EBP-1000]       ; |
00404B7A  |.  52          |PUSH EDX                               ; |Arg2
00404B7B  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404B7D  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404B7F  |.  6A 00       |PUSH 0                               ; ||Arg1 = 00000000
00404B81  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404B86  |.  E8 B5AE0700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00404B8B  |.  50          |PUSH EAX                               ; |Arg1
00404B8C  |.  E8 6CB10700 |CALL Ekd5.0047FCFD                   ; \Ekd5.0047FCFD
00404B91  |.  83C4 0C    |ADD ESP,0C
00404B94  |.  8D85 00F0FFFF |LEA EAX,DWORD PTR SS:[EBP-1000]
00404B9A  |.  50          |PUSH EAX                               ; /Arg6
00404B9B  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00404BA1  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]             ; |
00404BA3  |.  52          |PUSH EDX                               ; |Arg5
00404BA4  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404BA6  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404BA8  |.  8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028]       ; |
00404BAE  |.  83E8 08    |SUB EAX,8                            ; |
00404BB1  |.  50          |PUSH EAX                               ; |Arg2
00404BB2  |.  8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024]       ; |
00404BB8  |.  83E9 08    |SUB ECX,8                            ; |
00404BBB  |.  51          |PUSH ECX                               ; |Arg1
00404BBC  |.  E8 BBC70400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404BC1  |.  83C4 18    |ADD ESP,18
00404BC4  |.  E8 2D9A0100 |CALL Ekd5.0041E5F6
00404BC9  |.  6A 01       |PUSH 1                               ; /Arg2 = 00000001
00404BCB  |.  6A 21       |PUSH 21                               ; |Arg1 = 00000021
00404BCD  |.  B9 B0694B00 |MOV ECX,Ekd5.004B69B0                ; |
00404BD2  |.  E8 A3FA0600 |CALL Ekd5.0047467A                   ; \Ekd5.0047467A
00404BD7  |.  C685 E4EFFFFF>|MOV BYTE PTR SS:[EBP-101C],0
00404BDE  |.  EB 0F       |JMP SHORT Ekd5.00404BEF
00404BE0  |>  8A95 E4EFFFFF |/MOV DL,BYTE PTR SS:[EBP-101C]
00404BE6  |.  80C2 01    ||ADD DL,1
00404BE9  |.  8895 E4EFFFFF ||MOV BYTE PTR SS:[EBP-101C],DL
00404BEF  |>  8B85 E4EFFFFF | MOV EAX,DWORD PTR SS:[EBP-101C]
00404BF5  |.  25 FF000000 ||AND EAX,0FF
00404BFA  |.  83F8 06    ||CMP EAX,6
00404BFD  |.  7D 77       ||JGE SHORT Ekd5.00404C76
00404BFF  |.  6A 01       ||PUSH 1                               ; /Arg1 = 00000001
00404C01  |.  B9 181B4B00 ||MOV ECX,Ekd5.004B1B18                ; |
00404C06  |.  E8 35E7FFFF ||CALL Ekd5.00403340                   ; \Ekd5.00403340
00404C0B  |.  E8 D0780200 ||CALL Ekd5.0042C4E0
00404C10  |.  E8 C6990100 ||CALL Ekd5.0041E5DB
00404C15  |.  8B85 E4EFFFFF ||MOV EAX,DWORD PTR SS:[EBP-101C]
00404C1B  |.  25 FF000000 ||AND EAX,0FF
00404C20  |.  99          ||CDQ
00404C21  |.  2BC2       ||SUB EAX,EDX
00404C23  |.  D1F8       ||SAR EAX,1
00404C25  |.  83C0 01    ||ADD EAX,1
00404C28  |.  50          ||PUSH EAX                            ; /Arg4
00404C29  |.  6A 40       ||PUSH 40                               ; |Arg3 = 00000040
00404C2B  |.  6A 40       ||PUSH 40                               ; |Arg2 = 00000040
00404C2D  |.  8D8D 00F0FFFF ||LEA ECX,DWORD PTR SS:[EBP-1000]       ; |
00404C33  |.  51          ||PUSH ECX                            ; |Arg1
00404C34  |.  E8 87B70200 ||CALL Ekd5.004303C0                   ; \Ekd5.004303C0
00404C39  |.  83C4 10    ||ADD ESP,10
00404C3C  |.  8D95 00F0FFFF ||LEA EDX,DWORD PTR SS:[EBP-1000]

00404C42  |.  52          ||PUSH EDX                            ; /Arg6
00404C43  |.  8B85 CCEFFFFF ||MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
00404C49  |.  8A08       ||MOV CL,BYTE PTR DS:[EAX]             ; |
00404C4B  |.  51          ||PUSH ECX                            ; |Arg5
00404C4C  |.  6A 40       ||PUSH 40                               ; |Arg4 = 00000040
00404C4E  |.  6A 40       ||PUSH 40                               ; |Arg3 = 00000040
00404C50  |.  8B95 D8EFFFFF ||MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
00404C56  |.  83EA 08    ||SUB EDX,8                            ; |
00404C59  |.  52          ||PUSH EDX                            ; |Arg2
00404C5A  |.  8B85 DCEFFFFF ||MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
00404C60  |.  83E8 08    ||SUB EAX,8                            ; |
00404C63  |.  50          ||PUSH EAX                            ; |Arg1
00404C64  |.  E8 13C70400 ||CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404C69  |.  83C4 18    ||ADD ESP,18

00404C6C  |.  E8 85990100 ||CALL Ekd5.0041E5F6
00404C71  |.^ E9 6AFFFFFF |\JMP Ekd5.00404BE0
00404C76  |>  EB 3A       |JMP SHORT Ekd5.00404CB2

00404C78  |>  6A 04       |PUSH 4                               ; /Arg3 = 00000004
00404C7A  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
00404C7C  |.  6A 00       |PUSH 0                               ; |Arg1 = 00000000
00404C7E  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
00404C83  |.  E8 B8AD0700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40

00404C88  |.  50          |PUSH EAX                               ; /Arg6
00404C89  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00404C8F  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]             ; |
00404C91  |.  52          |PUSH EDX                               ; |Arg5
00404C92  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404C94  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404C96  |.  8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028]       ; |
00404C9C  |.  83E8 08    |SUB EAX,8                            ; |
00404C9F  |.  50          |PUSH EAX                               ; |Arg2
00404CA0  |.  8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024]       ; |
00404CA6  |.  83E9 08    |SUB ECX,8                            ; |
00404CA9  |.  51          |PUSH ECX                               ; |Arg1
00404CAA  |.  E8 CDC60400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404CAF  |.  83C4 18    |ADD ESP,18
00404CB2  |>  E8 3F990100 |CALL Ekd5.0041E5F6                                              被攻击者第一个动作
00404CB7  |>  E9 2B0A0000 |JMP Ekd5.004056E7

00404CBC  |>  E8 1A990100 |CALL Ekd5.0041E5DB                                     //第二个攻击动作
00404CC1  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00404CC3  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404CC5  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404CC7  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
00404CCC  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404CD1  |.  E8 6AAD0700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00404CD6  |.  50          |PUSH EAX                               ; |Arg5
00404CD7  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404CD9  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404CDB  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
00404CE1  |.  83EA 08    |SUB EDX,8                            ; |
00404CE4  |.  52          |PUSH EDX                               ; |Arg2
00404CE5  |.  8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C]       ; |
00404CEB  |.  83E8 08    |SUB EAX,8                            ; |
00404CEE  |.  50          |PUSH EAX                               ; |Arg1
00404CEF  |.  E8 1FCC0400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00404CF4  |.  83C4 18    |ADD ESP,18
00404CF7  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00404CF9  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404CFB  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404CFD  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
00404D02  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404D07  |.  E8 34AD0700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00404D0C  |.  50          |PUSH EAX                               ; |Arg5
00404D0D  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404D0F  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404D11  |.  8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028]       ; |
00404D17  |.  83E9 08    |SUB ECX,8                            ; |
00404D1A  |.  51          |PUSH ECX                               ; |Arg2
00404D1B  |.  8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024]       ; |
00404D21  |.  83EA 08    |SUB EDX,8                            ; |
00404D24  |.  52          |PUSH EDX                               ; |Arg1
00404D25  |.  E8 E9CB0400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00404D2A  |.  83C4 18    |ADD ESP,18
00404D2D  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00404D33  |.  33C9       |XOR ECX,ECX
00404D35  |.  8A48 01    |MOV CL,BYTE PTR DS:[EAX+1]
00404D38  |.  51          |PUSH ECX                               ; /Arg3
00404D39  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
00404D3F  |.  52          |PUSH EDX                               ; |Arg2
00404D40  |.  8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C]       ; |
00404D46  |.  50          |PUSH EAX                               ; |Arg1
00404D47  |.  E8 D39D0300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
00404D4C  |.  83C4 0C    |ADD ESP,0C

00404D4F  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
00404D51  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
00404D53  |.  68 00100000 |PUSH 1000                            ; |Arg1 = 00001000
00404D58  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
00404D5D  |.  E8 DEAC0700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40

00404D62  |.  50          |PUSH EAX                               ; /Arg6
00404D63  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00404D69  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]             ; |
00404D6B  |.  52          |PUSH EDX                               ; |Arg5
00404D6C  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404D6E  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404D70  |.  8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028]       ; |
00404D76  |.  83E8 08    |SUB EAX,8                            ; |
00404D79  |.  50          |PUSH EAX                               ; |Arg2
00404D7A  |.  8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024]       ; |
00404D80  |.  83E9 08    |SUB ECX,8                            ; |
00404D83  |.  51          |PUSH ECX                               ; |Arg1
00404D84  |.  E8 F3C50400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404D89  |.  83C4 18    |ADD ESP,18
00404D8C  |.  E8 65980100 |CALL Ekd5.0041E5F6                                              第二个攻击动作
00404D91  |.  E9 51090000 |JMP Ekd5.004056E7

00404D96  |>  E8 40980100 |CALL Ekd5.0041E5DB
00404D9B  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00404D9D  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404D9F  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404DA1  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
00404DA6  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404DAB  |.  E8 90AC0700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00404DB0  |.  50          |PUSH EAX                               ; |Arg5
00404DB1  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404DB3  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404DB5  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
00404DBB  |.  83EA 08    |SUB EDX,8                            ; |
00404DBE  |.  52          |PUSH EDX                               ; |Arg2
00404DBF  |.  8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C]       ; |
00404DC5  |.  83E8 08    |SUB EAX,8                            ; |
00404DC8  |.  50          |PUSH EAX                               ; |Arg1
00404DC9  |.  E8 45CB0400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00404DCE  |.  83C4 18    |ADD ESP,18
00404DD1  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00404DD3  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404DD5  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404DD7  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
00404DDC  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404DE1  |.  E8 5AAC0700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00404DE6  |.  50          |PUSH EAX                               ; |Arg5
00404DE7  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404DE9  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404DEB  |.  8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028]       ; |
00404DF1  |.  83E9 08    |SUB ECX,8                            ; |
00404DF4  |.  51          |PUSH ECX                               ; |Arg2
00404DF5  |.  8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024]       ; |
00404DFB  |.  83EA 08    |SUB EDX,8                            ; |
00404DFE  |.  52          |PUSH EDX                               ; |Arg1
00404DFF  |.  E8 0FCB0400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00404E04  |.  83C4 18    |ADD ESP,18
00404E07  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00404E0D  |.  33C9       |XOR ECX,ECX
00404E0F  |.  8A48 01    |MOV CL,BYTE PTR DS:[EAX+1]
00404E12  |.  6BC9 24    |IMUL ECX,ECX,24
00404E15  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00404E1B  |.  E8 70DE0600 |CALL Ekd5.00472C90
00404E20  |.  85C0       |TEST EAX,EAX
00404E22  |.  75 35       |JNZ SHORT Ekd5.00404E59
00404E24  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00404E2A  |.  33C0       |XOR EAX,EAX
00404E2C  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]
00404E2F  |.  50          |PUSH EAX                               ; /Arg3
00404E30  |.  8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030]       ; |
00404E36  |.  51          |PUSH ECX                               ; |Arg2
00404E37  |.  8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C]       ; |
00404E3D  |.  52          |PUSH EDX                               ; |Arg1
00404E3E  |.  E8 DC9C0300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
00404E43  |.  83C4 0C    |ADD ESP,0C
00404E46  |.  6A 01       |PUSH 1                               ; /Arg2 = 00000001
00404E48  |.  6A 07       |PUSH 7                               ; |Arg1 = 00000007
00404E4A  |.  B9 B0694B00 |MOV ECX,Ekd5.004B69B0                ; |
00404E4F  |.  E8 26F80600 |CALL Ekd5.0047467A                   ; \Ekd5.0047467A
00404E54  |.  E9 5A010000 |JMP Ekd5.00404FB3
00404E59  |>  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00404E5F  |.  83B8 84000000>|CMP DWORD PTR DS:[EAX+84],0
00404E66  |.  0F85 A5000000 |JNZ Ekd5.00404F11
00404E6C  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
00404E72  |.  83B9 54020000>|CMP DWORD PTR DS:[ECX+254],0
00404E79  |.  0F85 92000000 |JNZ Ekd5.00404F11
00404E7F  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
00404E81  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
00404E83  |.  68 00400000 |PUSH 4000                            ; |Arg1 = 00004000
00404E88  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
00404E8D  |.  E8 AEAB0700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
00404E92  |.  50          |PUSH EAX                               ; /Arg6
00404E93  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
00404E99  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]             ; |
00404E9C  |.  50          |PUSH EAX                               ; |Arg5
00404E9D  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
00404E9F  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00404EA1  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00404EA7  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
00404EAD  |.  0391 10060000 |ADD EDX,DWORD PTR DS:[ECX+610]       ; |
00404EB3  |.  52          |PUSH EDX                               ; |Arg2
00404EB4  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
00404EBA  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
00404EC0  |.  0388 0C060000 |ADD ECX,DWORD PTR DS:[EAX+60C]       ; |
00404EC6  |.  51          |PUSH ECX                               ; |Arg1
00404EC7  |.  E8 B0C40400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404ECC  |.  83C4 18    |ADD ESP,18
00404ECF  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00404ED5  |.  8A02       |MOV AL,BYTE PTR DS:[EDX]
00404ED7  |.  50          |PUSH EAX                               ; /Arg2
00404ED8  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00404EDE  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]             ; |
00404EE1  |.  52          |PUSH EDX                               ; |Arg1
00404EE2  |.  E8 42090300 |CALL Ekd5.00435829                   ; \Ekd5.00435829
00404EE7  |.  83C4 08    |ADD ESP,8
00404EEA  |.  6A 01       |PUSH 1                               ; /Arg2 = 00000001
00404EEC  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
00404EF2  |.  33C9       |XOR ECX,ECX                            ; |
00404EF4  |.  83B8 04060000>|CMP DWORD PTR DS:[EAX+604],0          ; |
00404EFB  |.  0F95C1       |SETNE CL                               ; |
00404EFE  |.  83C1 1E    |ADD ECX,1E                            ; |
00404F01  |.  51          |PUSH ECX                               ; |Arg1
00404F02  |.  B9 B0694B00 |MOV ECX,Ekd5.004B69B0                ; |
00404F07  |.  E8 6EF70600 |CALL Ekd5.0047467A                   ; \Ekd5.0047467A
00404F0C  |.  E9 A2000000 |JMP Ekd5.00404FB3
00404F11  |>  68 00090000 |PUSH 900                               ; /Arg3 = 00000900
00404F16  |.  8D95 00F0FFFF |LEA EDX,DWORD PTR SS:[EBP-1000]       ; |
00404F1C  |.  52          |PUSH EDX                               ; |Arg2
00404F1D  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404F1F  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404F21  |.  68 00400000 |PUSH 4000                            ; ||Arg1 = 00004000
00404F26  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404F2B  |.  E8 10AB0700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00404F30  |.  50          |PUSH EAX                               ; |Arg1
00404F31  |.  E8 C7AD0700 |CALL Ekd5.0047FCFD                   ; \Ekd5.0047FCFD
00404F36  |.  83C4 0C    |ADD ESP,0C
00404F39  |.  6A 0C       |PUSH 0C                               ; /Arg4 = 0000000C
00404F3B  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00404F3D  |.  6A 30       |PUSH 30                               ; |Arg2 = 00000030
00404F3F  |.  8D85 00F0FFFF |LEA EAX,DWORD PTR SS:[EBP-1000]       ; |
00404F45  |.  50          |PUSH EAX                               ; |Arg1
00404F46  |.  E8 75B40200 |CALL Ekd5.004303C0                   ; \Ekd5.004303C0
00404F4B  |.  83C4 10    |ADD ESP,10
00404F4E  |.  8D8D 00F0FFFF |LEA ECX,DWORD PTR SS:[EBP-1000]
00404F54  |.  51          |PUSH ECX                               ; /Arg6
00404F55  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
00404F5B  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]             ; |
00404F5E  |.  50          |PUSH EAX                               ; |Arg5
00404F5F  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
00404F61  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00404F63  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00404F69  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
00404F6F  |.  0391 10060000 |ADD EDX,DWORD PTR DS:[ECX+610]       ; |
00404F75  |.  52          |PUSH EDX                               ; |Arg2
00404F76  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
00404F7C  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
00404F82  |.  0388 0C060000 |ADD ECX,DWORD PTR DS:[EAX+60C]       ; |
00404F88  |.  51          |PUSH ECX                               ; |Arg1
00404F89  |.  E8 EEC30400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404F8E  |.  83C4 18    |ADD ESP,18
00404F91  |.  6A 01       |PUSH 1                               ; /Arg2 = 00000001
00404F93  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
00404F99  |.  33C0       |XOR EAX,EAX                            ; |
00404F9B  |.  83BA 04060000>|CMP DWORD PTR DS:[EDX+604],0          ; |
00404FA2  |.  0F95C0       |SETNE AL                               ; |
00404FA5  |.  83C0 23    |ADD EAX,23                            ; |
00404FA8  |.  50          |PUSH EAX                               ; |Arg1
00404FA9  |.  B9 B0694B00 |MOV ECX,Ekd5.004B69B0                ; |
00404FAE  |.  E8 C7F60600 |CALL Ekd5.0047467A                   ; \Ekd5.0047467A

00404FB3  |>  6A 04       |PUSH 4                               ; /Arg3 = 00000004
00404FB5  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
00404FB7  |.  68 00200000 |PUSH 2000                            ; |Arg1 = 00002000
00404FBC  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
00404FC1  |.  E8 7AAA0700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40

00404FC6  |.  50          |PUSH EAX                               ; /Arg6
00404FC7  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00404FCD  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]             ; |
00404FCF  |.  52          |PUSH EDX                               ; |Arg5
00404FD0  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404FD2  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404FD4  |.  8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028]       ; |
00404FDA  |.  83E8 08    |SUB EAX,8                            ; |
00404FDD  |.  50          |PUSH EAX                               ; |Arg2
00404FDE  |.  8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024]       ; |
00404FE4  |.  83E9 08    |SUB ECX,8                            ; |
00404FE7  |.  51          |PUSH ECX                               ; |Arg1
00404FE8  |.  E8 8FC30400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404FED  |.  83C4 18    |ADD ESP,18
00404FF0  |.  E8 01960100 |CALL Ekd5.0041E5F6                                        第三个攻击动作被攻击者动作也有（被攻击者图发光）
00404FF5  |.  E9 ED060000 |JMP Ekd5.004056E7

00404FFA  |>  E8 DC950100 |CALL Ekd5.0041E5DB
00404FFF  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00405001  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00405003  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00405005  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
0040500A  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
0040500F  |.  E8 2CAA0700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00405014  |.  50          |PUSH EAX                               ; |Arg5
00405015  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00405017  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00405019  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
0040501F  |.  83EA 08    |SUB EDX,8                            ; |
00405022  |.  52          |PUSH EDX                               ; |Arg2
00405023  |.  8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C]       ; |
00405029  |.  83E8 08    |SUB EAX,8                            ; |
0040502C  |.  50          |PUSH EAX                               ; |Arg1
0040502D  |.  E8 E1C80400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00405032  |.  83C4 18    |ADD ESP,18
00405035  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00405037  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00405039  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
0040503B  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
00405040  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00405045  |.  E8 F6A90700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
0040504A  |.  50          |PUSH EAX                               ; |Arg5
0040504B  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
0040504D  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
0040504F  |.  8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028]       ; |
00405055  |.  83E9 08    |SUB ECX,8                            ; |
00405058  |.  51          |PUSH ECX                               ; |Arg2
00405059  |.  8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024]       ; |
0040505F  |.  83EA 08    |SUB EDX,8                            ; |
00405062  |.  52          |PUSH EDX                               ; |Arg1
00405063  |.  E8 ABC80400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00405068  |.  83C4 18    |ADD ESP,18
0040506B  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00405071  |.  33C9       |XOR ECX,ECX
00405073  |.  8A48 01    |MOV CL,BYTE PTR DS:[EAX+1]
00405076  |.  6BC9 24    |IMUL ECX,ECX,24
00405079  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
0040507F  |.  E8 0CDC0600 |CALL Ekd5.00472C90
00405084  |.  85C0       |TEST EAX,EAX
00405086  |.  75 27       |JNZ SHORT Ekd5.004050AF
00405088  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
0040508E  |.  33C0       |XOR EAX,EAX
00405090  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]
00405093  |.  50          |PUSH EAX                               ; /Arg3
00405094  |.  8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030]       ; |
0040509A  |.  51          |PUSH ECX                               ; |Arg2
0040509B  |.  8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C]       ; |
004050A1  |.  52          |PUSH EDX                               ; |Arg1
004050A2  |.  E8 789A0300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
004050A7  |.  83C4 0C    |ADD ESP,0C
004050AA  |.  E9 36010000 |JMP Ekd5.004051E5
004050AF  |>  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
004050B5  |.  83B8 84000000>|CMP DWORD PTR DS:[EAX+84],0
004050BC  |.  75 7F       |JNZ SHORT Ekd5.0040513D
004050BE  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004050C4  |.  83B9 54020000>|CMP DWORD PTR DS:[ECX+254],0
004050CB  |.  75 70       |JNZ SHORT Ekd5.0040513D
004050CD  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
004050CF  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
004050D1  |.  68 00400000 |PUSH 4000                            ; |Arg1 = 00004000
004050D6  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
004050DB  |.  E8 60A90700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
004050E0  |.  50          |PUSH EAX                               ; /Arg6
004050E1  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
004050E7  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]             ; |
004050EA  |.  50          |PUSH EAX                               ; |Arg5
004050EB  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
004050ED  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
004050EF  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
004050F5  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
004050FB  |.  0391 10060000 |ADD EDX,DWORD PTR DS:[ECX+610]       ; |
00405101  |.  52          |PUSH EDX                               ; |Arg2
00405102  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
00405108  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
0040510E  |.  0388 0C060000 |ADD ECX,DWORD PTR DS:[EAX+60C]       ; |
00405114  |.  51          |PUSH ECX                               ; |Arg1
00405115  |.  E8 62C20400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
0040511A  |.  83C4 18    |ADD ESP,18
0040511D  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00405123  |.  8A02       |MOV AL,BYTE PTR DS:[EDX]
00405125  |.  50          |PUSH EAX                               ; /Arg2
00405126  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
0040512C  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]             ; |
0040512F  |.  52          |PUSH EDX                               ; |Arg1
00405130  |.  E8 F4060300 |CALL Ekd5.00435829                   ; \Ekd5.00435829
00405135  |.  83C4 08    |ADD ESP,8
00405138  |.  E9 A8000000 |JMP Ekd5.004051E5
0040513D  |>  68 00090000 |PUSH 900                               ; /Arg3 = 00000900
00405142  |.  8D85 00F0FFFF |LEA EAX,DWORD PTR SS:[EBP-1000]       ; |
00405148  |.  50          |PUSH EAX                               ; |Arg2
00405149  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
0040514B  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
0040514D  |.  68 00400000 |PUSH 4000                            ; ||Arg1 = 00004000
00405152  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00405157  |.  E8 E4A80700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
0040515C  |.  50          |PUSH EAX                               ; |Arg1
0040515D  |.  E8 9BAB0700 |CALL Ekd5.0047FCFD                   ; \Ekd5.0047FCFD
00405162  |.  83C4 0C    |ADD ESP,0C
00405165  |.  6A 0C       |PUSH 0C                               ; /Arg4 = 0000000C
00405167  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00405169  |.  6A 30       |PUSH 30                               ; |Arg2 = 00000030
0040516B  |.  8D8D 00F0FFFF |LEA ECX,DWORD PTR SS:[EBP-1000]       ; |
00405171  |.  51          |PUSH ECX                               ; |Arg1
00405172  |.  E8 49B20200 |CALL Ekd5.004303C0                   ; \Ekd5.004303C0
00405177  |.  83C4 10    |ADD ESP,10
0040517A  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00405180  |.  83BA 04060000>|CMP DWORD PTR DS:[EDX+604],0
00405187  |.  74 19       |JE SHORT Ekd5.004051A2
00405189  |.  6A 04       |PUSH 4                               ; /Arg6 = 00000004
0040518B  |.  6A 0F       |PUSH 0F                               ; |Arg5 = 0000000F
0040518D  |.  6A 0F       |PUSH 0F                               ; |Arg4 = 0000000F
0040518F  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00405191  |.  6A 30       |PUSH 30                               ; |Arg2 = 00000030
00405193  |.  8D85 00F0FFFF |LEA EAX,DWORD PTR SS:[EBP-1000]       ; |
00405199  |.  50          |PUSH EAX                               ; |Arg1
0040519A  |.  E8 9FB30200 |CALL Ekd5.0043053E                   ; \Ekd5.0043053E
0040519F  |.  83C4 18    |ADD ESP,18
004051A2  |>  8D8D 00F0FFFF |LEA ECX,DWORD PTR SS:[EBP-1000]

004051A8  |.  51          |PUSH ECX                               ; /Arg6
004051A9  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
004051AF  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]             ; |
004051B2  |.  50          |PUSH EAX                               ; |Arg5
004051B3  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
004051B5  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
004051B7  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
004051BD  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
004051C3  |.  0391 10060000 |ADD EDX,DWORD PTR DS:[ECX+610]       ; |
004051C9  |.  52          |PUSH EDX                               ; |Arg2
004051CA  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
004051D0  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
004051D6  |.  0388 0C060000 |ADD ECX,DWORD PTR DS:[EAX+60C]       ; |
004051DC  |.  51          |PUSH ECX                               ; |Arg1
004051DD  |.  E8 9AC10400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
004051E2  |.  83C4 18    |ADD ESP,18
004051E5  |>  6A 04       |PUSH 4                               ; /Arg3 = 00000004
004051E7  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
004051E9  |.  68 00300000 |PUSH 3000                            ; |Arg1 = 00003000
004051EE  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
004051F3  |.  E8 48A80700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
004051F8  |.  50          |PUSH EAX                               ; /Arg6
004051F9  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
004051FF  |.  8A02       |MOV AL,BYTE PTR DS:[EDX]             ; |
00405201  |.  50          |PUSH EAX                               ; |Arg5
00405202  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00405204  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00405206  |.  8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028]       ; |
0040520C  |.  83E9 08    |SUB ECX,8                            ; |
0040520F  |.  51          |PUSH ECX                               ; |Arg2
00405210  |.  8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024]       ; |
00405216  |.  83EA 08    |SUB EDX,8                            ; |
00405219  |.  52          |PUSH EDX                               ; |Arg1
0040521A  |.  E8 5DC10400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
0040521F  |.  83C4 18    |ADD ESP,18
00405222  |.  E8 CF930100 |CALL Ekd5.0041E5F6                                              第四个攻击动作
00405227  |.  E9 BB040000 |JMP Ekd5.004056E7

0040522C  |>  E8 AA930100 |CALL Ekd5.0041E5DB
00405231  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00405233  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00405235  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00405237  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
0040523C  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00405241  |.  E8 FAA70700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00405246  |.  50          |PUSH EAX                               ; |Arg5
00405247  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00405249  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
0040524B  |.  8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030]       ; |
00405251  |.  83E8 08    |SUB EAX,8                            ; |
00405254  |.  50          |PUSH EAX                               ; |Arg2
00405255  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
0040525B  |.  83E9 08    |SUB ECX,8                            ; |
0040525E  |.  51          |PUSH ECX                               ; |Arg1
0040525F  |.  E8 AFC60400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00405264  |.  83C4 18    |ADD ESP,18
00405267  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00405269  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
0040526B  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
0040526D  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
00405272  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00405277  |.  E8 C4A70700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
0040527C  |.  50          |PUSH EAX                               ; |Arg5
0040527D  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
0040527F  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00405281  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
00405287  |.  83EA 08    |SUB EDX,8                            ; |
0040528A  |.  52          |PUSH EDX                               ; |Arg2
0040528B  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
00405291  |.  83E8 08    |SUB EAX,8                            ; |
00405294  |.  50          |PUSH EAX                               ; |Arg1
00405295  |.  E8 79C60400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
0040529A  |.  83C4 18    |ADD ESP,18
0040529D  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004052A3  |.  33D2       |XOR EDX,EDX
004052A5  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]
004052A8  |.  8BCA       |MOV ECX,EDX
004052AA  |.  6BC9 24    |IMUL ECX,ECX,24
004052AD  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
004052B3  |.  E8 D8D90600 |CALL Ekd5.00472C90
004052B8  |.  85C0       |TEST EAX,EAX
004052BA  |.  75 24       |JNZ SHORT Ekd5.004052E0
004052BC  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
004052C2  |.  33C9       |XOR ECX,ECX
004052C4  |.  8A48 01    |MOV CL,BYTE PTR DS:[EAX+1]
004052C7  |.  51          |PUSH ECX                               ; /Arg3
004052C8  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
004052CE  |.  52          |PUSH EDX                               ; |Arg2
004052CF  |.  8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C]       ; |
004052D5  |.  50          |PUSH EAX                               ; |Arg1
004052D6  |.  E8 44980300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
004052DB  |.  83C4 0C    |ADD ESP,0C
004052DE  |.  EB 38       |JMP SHORT Ekd5.00405318

004052E0  |>  6A 04       |PUSH 4                               ; /Arg3 = 00000004
004052E2  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
004052E4  |.  68 00400000 |PUSH 4000                            ; |Arg1 = 00004000
004052E9  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
004052EE  |.  E8 4DA70700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
004052F3  |.  50          |PUSH EAX                               ; /Arg6
004052F4  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
004052FA  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]             ; |
004052FD  |.  52          |PUSH EDX                               ; |Arg5
004052FE  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
00405300  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00405302  |.  8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030]       ; |
00405308  |.  50          |PUSH EAX                               ; |Arg2
00405309  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
0040530F  |.  51          |PUSH ECX                               ; |Arg1
00405310  |.  E8 67C00400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00405315  |.  83C4 18    |ADD ESP,18
00405318  |>  6A 04       |PUSH 4                               ; /Arg3 = 00000004
0040531A  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
0040531C  |.  68 00300000 |PUSH 3000                            ; |Arg1 = 00003000
00405321  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
00405326  |.  E8 15A70700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
0040532B  |.  50          |PUSH EAX                               ; /Arg6
0040532C  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
00405332  |.  8A02       |MOV AL,BYTE PTR DS:[EDX]             ; |
00405334  |.  50          |PUSH EAX                               ; |Arg5
00405335  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00405337  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00405339  |.  8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028]       ; |
0040533F  |.  83E9 08    |SUB ECX,8                            ; |
00405342  |.  51          |PUSH ECX                               ; |Arg2
00405343  |.  8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024]       ; |
00405349  |.  83EA 08    |SUB EDX,8                            ; |
0040534C  |.  52          |PUSH EDX                               ; |Arg1
0040534D  |.  E8 2AC00400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00405352  |.  83C4 18    |ADD ESP,18
00405355  |.  E8 9C920100 |CALL Ekd5.0041E5F6                                              被攻击者动作  （发光没了）
0040535A  |.  E9 88030000 |JMP Ekd5.004056E7

0040535F  |>  E8 77920100 |CALL Ekd5.0041E5DB
00405364  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00405366  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00405368  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
0040536A  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
0040536F  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00405374  |.  E8 C7A60700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00405379  |.  50          |PUSH EAX                               ; |Arg5
0040537A  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
0040537C  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
0040537E  |.  8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030]       ; |
00405384  |.  83E8 08    |SUB EAX,8                            ; |
00405387  |.  50          |PUSH EAX                               ; |Arg2
00405388  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
0040538E  |.  83E9 08    |SUB ECX,8                            ; |
00405391  |.  51          |PUSH ECX                               ; |Arg1
00405392  |.  E8 7CC50400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00405397  |.  83C4 18    |ADD ESP,18
0040539A  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
0040539C  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
0040539E  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
004053A0  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
004053A5  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
004053AA  |.  E8 91A60700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
004053AF  |.  50          |PUSH EAX                               ; |Arg5
004053B0  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
004053B2  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
004053B4  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
004053BA  |.  83EA 08    |SUB EDX,8                            ; |
004053BD  |.  52          |PUSH EDX                               ; |Arg2
004053BE  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
004053C4  |.  83E8 08    |SUB EAX,8                            ; |
004053C7  |.  50          |PUSH EAX                               ; |Arg1
004053C8  |.  E8 46C50400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
004053CD  |.  83C4 18    |ADD ESP,18
004053D0  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004053D6  |.  33D2       |XOR EDX,EDX
004053D8  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]
004053DB  |.  8BCA       |MOV ECX,EDX
004053DD  |.  6BC9 24    |IMUL ECX,ECX,24
004053E0  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
004053E6  |.  E8 A5D80600 |CALL Ekd5.00472C90
004053EB  |.  85C0       |TEST EAX,EAX
004053ED  |.  75 64       |JNZ SHORT Ekd5.00405453
004053EF  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
004053F5  |.  33C9       |XOR ECX,ECX
004053F7  |.  8A48 01    |MOV CL,BYTE PTR DS:[EAX+1]
004053FA  |.  51          |PUSH ECX                               ; /Arg3
004053FB  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
00405401  |.  52          |PUSH EDX                               ; |Arg2
00405402  |.  8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C]       ; |
00405408  |.  50          |PUSH EAX                               ; |Arg1
00405409  |.  E8 11970300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
0040540E  |.  83C4 0C    |ADD ESP,0C
00405411  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
00405413  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
00405415  |.  68 00300000 |PUSH 3000                            ; |Arg1 = 00003000
0040541A  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
0040541F  |.  E8 1CA60700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
00405424  |.  50          |PUSH EAX                               ; /Arg6
00405425  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
0040542B  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]             ; |
0040542D  |.  52          |PUSH EDX                               ; |Arg5
0040542E  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00405430  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00405432  |.  8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028]       ; |
00405438  |.  83E8 08    |SUB EAX,8                            ; |
0040543B  |.  50          |PUSH EAX                               ; |Arg2
0040543C  |.  8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024]       ; |
00405442  |.  83E9 08    |SUB ECX,8                            ; |
00405445  |.  51          |PUSH ECX                               ; |Arg1
00405446  |.  E8 31BF0400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
0040544B  |.  83C4 18    |ADD ESP,18
0040544E  |.  E9 DB000000 |JMP Ekd5.0040552E
00405453  |>  6A 04       |PUSH 4                               ; /Arg3 = 00000004
00405455  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
00405457  |.  68 00400000 |PUSH 4000                            ; |Arg1 = 00004000
0040545C  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
00405461  |.  E8 DAA50700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
00405466  |.  50          |PUSH EAX                               ; /Arg6
00405467  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
0040546D  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]             ; |
00405470  |.  50          |PUSH EAX                               ; |Arg5
00405471  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
00405473  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00405475  |.  8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030]       ; |
0040547B  |.  51          |PUSH ECX                               ; |Arg2
0040547C  |.  8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C]       ; |
00405482  |.  52          |PUSH EDX                               ; |Arg1
00405483  |.  E8 F4BE0400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00405488  |.  83C4 18    |ADD ESP,18
0040548B  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
0040548D  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
0040548F  |.  68 00300000 |PUSH 3000                            ; |Arg1 = 00003000
00405494  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
00405499  |.  E8 A2A50700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
0040549E  |.  50          |PUSH EAX                               ; /Arg6
0040549F  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
004054A5  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]             ; |
004054A7  |.  51          |PUSH ECX                               ; |Arg5
004054A8  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
004054AA  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
004054AC  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
004054B2  |.  83EA 08    |SUB EDX,8                            ; |
004054B5  |.  52          |PUSH EDX                               ; |Arg2
004054B6  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
004054BC  |.  83E8 08    |SUB EAX,8                            ; |
004054BF  |.  50          |PUSH EAX                               ; |Arg1
004054C0  |.  E8 B7BE0400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
004054C5  |.  83C4 18    |ADD ESP,18
004054C8  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004054CE  |.  83B9 84000000>|CMP DWORD PTR DS:[ECX+84],0
004054D5  |.  74 25       |JE SHORT Ekd5.004054FC
004054D7  |.  6A 18       |PUSH 18                               ; /Arg4 = 00000018
004054D9  |.  6A 12       |PUSH 12                               ; |Arg3 = 00000012
004054DB  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
004054E1  |.  8B82 84000000 |MOV EAX,DWORD PTR DS:[EDX+84]          ; |
004054E7  |.  50          |PUSH EAX                               ; |Arg2
004054E8  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
004054EE  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]             ; |
004054F1  |.  52          |PUSH EDX                               ; |Arg1
004054F2  |.  E8 FAA50400 |CALL Ekd5.0044FAF1                   ; \Ekd5.0044FAF1
004054F7  |.  83C4 10    |ADD ESP,10
004054FA  |.  EB 32       |JMP SHORT Ekd5.0040552E
004054FC  |>  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00405502  |.  83B8 54020000>|CMP DWORD PTR DS:[EAX+254],0
00405509  |.  74 23       |JE SHORT Ekd5.0040552E
0040550B  |.  6A 18       |PUSH 18                               ; /Arg4 = 00000018
0040550D  |.  6A 45       |PUSH 45                               ; |Arg3 = 00000045
0040550F  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00405515  |.  8B91 54020000 |MOV EDX,DWORD PTR DS:[ECX+254]       ; |
0040551B  |.  52          |PUSH EDX                               ; |Arg2
0040551C  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
00405522  |.  8A48 01    |MOV CL,BYTE PTR DS:[EAX+1]             ; |
00405525  |.  51          |PUSH ECX                               ; |Arg1
00405526  |.  E8 C6A50400 |CALL Ekd5.0044FAF1                   ; \Ekd5.0044FAF1
0040552B  |.  83C4 10    |ADD ESP,10
0040552E  |>  E8 C3900100 |CALL Ekd5.0041E5F6                                     显示伤害点数
00405533  |.  8B95 F0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1010]
00405539  |.  52          |PUSH EDX                               ; /Arg1
0040553A  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00405540  |.  E8 41ECFFFF |CALL Ekd5.00404186                   ; \Ekd5.00404186
00405545  |.  E9 9D010000 |JMP Ekd5.004056E7

0040554A  |>  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00405550  |.  8B88 84000000 |MOV ECX,DWORD PTR DS:[EAX+84]
00405556  |.  51          |PUSH ECX
00405557  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
0040555D  |.  33C0       |XOR EAX,EAX
0040555F  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]
00405562  |.  8BC8       |MOV ECX,EAX
00405564  |.  6BC9 24    |IMUL ECX,ECX,24
00405567  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
0040556D  |.  E8 1ED70600 |CALL Ekd5.00472C90
00405572  |.  50          |PUSH EAX                               ; |Arg1
00405573  |.  E8 26A50700 |CALL Ekd5.0047FA9E                   ; \Ekd5.0047FA9E
00405578  |.  83C4 08    |ADD ESP,8
0040557B  |.  8BF0       |MOV ESI,EAX
0040557D  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
00405583  |.  33D2       |XOR EDX,EDX
00405585  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]
00405588  |.  8BCA       |MOV ECX,EDX
0040558A  |.  6BC9 24    |IMUL ECX,ECX,24
0040558D  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405593  |.  E8 D8A00500 |CALL Ekd5.0045F670
00405598  |.  8BC8       |MOV ECX,EAX
0040559A  |.  6BC9 48    |IMUL ECX,ECX,48
0040559D  |.  81C1 0000D600 |ADD ECX,0D60000
004055A3  |.  E8 731C0000 |CALL Ekd5.0040721B
004055A8  |.  33D2       |XOR EDX,EDX
004055AA  |.  B9 05000000 |MOV ECX,5
004055AF  |.  F7F1       |DIV ECX
004055B1  |.  3BF0       |CMP ESI,EAX
004055B3  |.  73 1D       |JNB SHORT Ekd5.004055D2
004055B5  |.  6A 20       |PUSH 20                               ; /Arg1 = 00000020
004055B7  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
004055BD  |.  33C0       |XOR EAX,EAX                            ; |
004055BF  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]             ; |
004055C2  |.  8BC8       |MOV ECX,EAX                            ; |
004055C4  |.  6BC9 24    |IMUL ECX,ECX,24                      ; |
004055C7  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50                ; |
004055CD  |.  E8 46D10300 |CALL Ekd5.00442718                   ; \Ekd5.00442718
004055D2  |>  E8 04900100 |CALL Ekd5.0041E5DB
004055D7  |.  8B8D FCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1004]
004055DD  |.  51          |PUSH ECX                               ; /Arg2
004055DE  |.  8B95 F8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1008]       ; |
004055E4  |.  52          |PUSH EDX                               ; |Arg1
004055E5  |.  E8 0FE1FFFF |CALL Ekd5.004036F9                   ; \Ekd5.004036F9
004055EA  |.  83C4 08    |ADD ESP,8
004055ED  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
004055EF  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
004055F1  |.  68 00590000 |PUSH 5900                            ; |Arg1 = 00005900
004055F6  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
004055FB  |.  E8 40A40700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
00405600  |.  50          |PUSH EAX                               ; /Arg5
00405601  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00405603  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00405605  |.  8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030]       ; |
0040560B  |.  83E8 08    |SUB EAX,8                            ; |
0040560E  |.  50          |PUSH EAX                               ; |Arg2
0040560F  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
00405615  |.  83E9 08    |SUB ECX,8                            ; |
00405618  |.  51          |PUSH ECX                               ; |Arg1
00405619  |.  E8 C8C30400 |CALL Ekd5.004519E6                   ; \Ekd5.004519E6
0040561E  |.  83C4 14    |ADD ESP,14

00405621  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00405623  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00405625  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00405627  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
0040562C  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00405631  |.  E8 0AA40700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40

00405636  |.  50          |PUSH EAX                               ; |Arg5
00405637  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00405639  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
0040563B  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
00405641  |.  83EA 08    |SUB EDX,8                            ; |
00405644  |.  52          |PUSH EDX                               ; |Arg2
00405645  |.  8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C]       ; |
0040564B  |.  83E8 08    |SUB EAX,8                            ; |
0040564E  |.  50          |PUSH EAX                               ; |Arg1
0040564F  |.  E8 BFC20400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00405654  |.  83C4 18    |ADD ESP,18

00405657  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00405659  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
0040565B  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
0040565D  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
00405662  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00405667  |.  E8 D4A30700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40

0040566C  |.  50          |PUSH EAX                               ; |Arg5
0040566D  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
0040566F  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00405671  |.  8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028]       ; |
00405677  |.  83E9 08    |SUB ECX,8                            ; |
0040567A  |.  51          |PUSH ECX                               ; |Arg2
0040567B  |.  8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024]       ; |
00405681  |.  83EA 08    |SUB EDX,8                            ; |
00405684  |.  52          |PUSH EDX                               ; |Arg1
00405685  |.  E8 89C20400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
0040568A  |.  83C4 18    |ADD ESP,18

0040568D  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00405693  |.  33C9       |XOR ECX,ECX
00405695  |.  8A48 01    |MOV CL,BYTE PTR DS:[EAX+1]
00405698  |.  51          |PUSH ECX                               ; /Arg3
00405699  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
0040569F  |.  52          |PUSH EDX                               ; |Arg2
004056A0  |.  8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C]       ; |
004056A6  |.  50          |PUSH EAX                               ; |Arg1
004056A7  |.  E8 73940300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
004056AC  |.  83C4 0C    |ADD ESP,0C

004056AF  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004056B5  |.  33D2       |XOR EDX,EDX
004056B7  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]
004056B9  |.  52          |PUSH EDX                               ; /Arg3
004056BA  |.  8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028]       ; |
004056C0  |.  50          |PUSH EAX                               ; |Arg2
004056C1  |.  8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024]       ; |
004056C7  |.  51          |PUSH ECX                               ; |Arg1
004056C8  |.  E8 52940300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
004056CD  |.  83C4 0C    |ADD ESP,0C
004056D0  |.  E8 218F0100 |CALL Ekd5.0041E5F6                                              回复正常  （攻击者和被攻击）
004056D5  |.  8B95 F0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1010]
004056DB  |.  52          |PUSH EDX                               ; /Arg1
004056DC  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
004056E2  |.  E8 9FEAFFFF |CALL Ekd5.00404186                   ; \Ekd5.00404186
004056E7  |>  6A 01       |PUSH 1                               ; /Arg1 = 00000001 多数返回点
004056E9  |.  B9 181B4B00 |MOV ECX,Ekd5.004B1B18                ; |
004056EE  |.  E8 4DDCFFFF |CALL Ekd5.00403340                   ; \Ekd5.00403340
004056F3  |.  E8 E86D0200 |CALL Ekd5.0042C4E0
004056F8  |.^ E9 23EFFFFF \JMP Ekd5.00404620

004056FD  |>  5E          POP ESI
004056FE  |.  8BE5       MOV ESP,EBP
00405700  |.  5D          POP EBP
00405701  \.  C3          RETN

以上这个函数实在是太长了，而核心处也就是攻击动作的那个部分。四针图的出现顺序和被攻击图的迭代更替，由于曾经分析过想改成八针图，所以这段代码也分析过，下面看看用类C分析的结果吧，看上面这段反汇编实在太累了。

void攻击画面函数 ()
{
      dispose
      for (int i=0;i<=27;i++)
      {
            j=i;
            if (j<=25)
            {
                     switch(a)
                     {
                              case :       0  //0040466A
                           （调整了攻击和被攻击者的对应方向，如果方向本身没有问题，则被攻击者会按原方向换一个MOV图,
                              之前分析的上一层函数是攻击武将的朝向）
                              Call 004036F9([EBP-1014],[EBp-100C])
                              Call 004036F9([EBP-1004],[EBp-1008])
                              Call 0047FA40(4900,0,4)
                              Call 004519E6(([EBP-1024]-8),[EBP-1028]-8,40,40,0047FA40的返回值）
                              Call 0047FA40(5900,0,4)
                              Call 004519E6([EBP-102C]-8,[EBP-1030]-8,40,40,0047FA40的返回值）
                              CALL Ekd5.00406730
                              Call 47FA40(5900,0,4)
                              Call 451913([EBP-102C]-8,[EBP-1030]-8,40,40,0047FA40的返回值,0)
                              Call 47FA40(5900,0,4)
                              Call 451913([EBP-1024]-8,[EBP-1028]-8,40,40,0047FA40的返回值,0)
                              CALL Ekd5.0043EB1F ([EBP-102C],[EBP-1030],EDX)
                              CALL Ekd5.0043E515

                              CALL Ekd5.0047FA40
                              CALL Ekd5.0045137C
                              CALL Ekd5.0041E5F6
                              break;

                           case :       1 //00404808
                              攻击者第一个动作
                              //Call 0041E5DB

                              //Call 0047FA40(5900,0,4)
                              //Call 00451913
                              ([EBP-102C]-8,[EBP-1030]-8,40,40,EAX(0047FA40的返回值),0)
                              (有两个参数是40，40代表图片的宽和高)

                              //Call 0047FA40(4900,0,4)
                              //Call 00451913
                              ([EBP-1024]-8,[EBP-1028]-8,40,40,EAX(0047FA40的返回值),0)

                              //Call 0043EB1F
                              ([EBP-102C],[EBP-1030],EAX)

                              //Call 0047FA40  (0,0,4)
                              //Call 0045137C ([EBP-1024],[EBP-1028],40,40,ECX,(0047FA40的返回值)
                              //Call 0041E5F6  画图

                              if(CALL 004400A2)-----------------------------------//004400E1)
                              {
                                    Call 0047467A(0x22,1) 正常的步兵攻击
                              }
                              else
                              {
                                    if(call 004400A2)
                                    {
                                             Call 0047467A(0x25,1)    弓兵，弓骑兵类的攻击
                                    }
                                    else
                                    {
                                             Call 0047467A(0x20,1)    暴击
                                    }
                              }

                              break;

                              case :       2 //00404931
                              被攻击者有动作
                              （换了一个MOV图）
                              //Call 0041E5DB
                                    //Call 00406730
                              //Call 0047FA40
                              //Call 00451913
                              //Call 0047FA40
                              //Call 00451913
                              //Call 0043EB1F
                                    //Call 00440009
                              //
                              break;

                              case :       3 //00404cbc
                              攻击者第二个攻击动作
                              //Call 0041E5DB

                              //Call 0047FA40(5900,0,4)
                              //Call 00451913
                              ([EBP-102C]-8,[EBP-1030]-8,40,40,EAX(0047FA40的返回值),0)

                              //Call 0047FA40(4900,0,4)
                              //Call 00451913
                              ([EBP-1024]-8,[EBP-1028]-8,40,40,EAX(0047FA40的返回值),0)


                              //Call 0043EB1F
                              ([EBP-102C],[EBP-1030],EDX)

                              //Call 0047FA40(1000,0,4)
                              /*00404D63  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
                                 00404D69  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]             ; |
                                 00404D6B  |.  52          |PUSH EDX                               ; |Arg5
                              */
                              //Call 0045137C([EBP-1024],[EBP-1028],40,40,EDX,(0047FA40的返回值)
                              //Call 0041E5F6  画图
                              break;

                           case :       4 //00404d96
                              攻击者第三个攻击动作
                              被攻击者被攻击且发光动作（或者是格档）
                              //Call 0041E5DB
                              //Call 0047FA40
                              //Call 00451913(40*40)
                              //Call 0047FA40
                              //Call 00451913
                              if(Call 00472C90  当前ecx武将体力)
                              {
                                    if(变量1!=0||变量2!=0)
                                    {
                                             CALL 0047FA40(4000,0,4)
                                             Call 0047FCFD
                                             Call 004303C0
                                             CALL 0045137C(30*30)
                                             CALL 0047467A
                                    }
                                    else
                                    {
                                             Call 0047FA40(4000,0,4)
                                             Call 0045137C
                                             Call 00435829
                                             Call 0047467A
                                    }

                              }
                              else
                              {
                                    CALL Ekd5.0043EB1F
                                    CALL Ekd5.0047467A
                              }
                              CALL 0047FA40(2000,0,4)
                              Call 0045137C(40*40)
                              Call 0041E5F6 //画图
                              break;

                              case :       5 //00404FFA
                              攻击者第四个攻击动作
                              //Call 0041E5DB
                              //Call 0047FA40
                              //Call 00451913
                              //Call 0047FA40
                              //Call 00451913
                              if(Call 00472C90)
                              {
                                    if (变量1!=0||变量2!=0)
                                    {
                                             //Call 0047FA40 (4000,0,4)
                                             //Call 0047FCFD
                                             //Call 004303C0
                                             if (变量3==0)
                                             {
                                                      //Call 0045137C (图的大小是30*30)
                                             }
                                             else
                                             {
                                                      //Call 0043053E
                                             }
                                    }
                                    else
                                    {
                                             //Call 0047FA40  (4000,0,4)
                                             //Call 0045137C  (图的大小是30*30)
                                             //Call 00435829
                                    }
                              }
                              else
                              {
                                    //Call 0043EB1F
                              }
                              //Call 0047FA40  (3000,0,4)
                              //Call 0045137C
                              //Call 0041E5F6

                              break;

                           case :       6 //0040522C
                              被攻击者不发光(或者格档后回复正常)
                              break;

                              case :       7 //0040535F
                              显示伤害点数
                              break;

                              case :       8 //0040554A
                              回复正常（攻击者和被攻击者都回复正常）
                              break;

                              default:
                     }

            }
            //调用了两个函数
            //A(1);
            //B();
      }
      return;
}

在第一个攻击动作的时候，我们看到还调用了另外一个对我们修改比较有意义的函数，004400A2  ，我们知道，弓兵，弓骑兵的攻击有变慢的一下，道理就在这。

[ 本帖最后由岱瀛于 2007-1-21 15:33 编辑 ]

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#8

发表于 2007-1-21 14:56 资料个人空间短消息看全部作者

攻击判断函数：

这个函数终于比较简单了

攻击时候，这个是判断是否是弓兵弓骑兵，倒置攻击动作变慢的函数
004400A2  /$  55          PUSH EBP
004400A3  |.  8BEC       MOV EBP,ESP
004400A5  |.  83EC 10    SUB ESP,10
004400A8  |.  894D F4    MOV DWORD PTR SS:[EBP-C],ECX
004400AB  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
004400AE  |.  E8 BDB3FFFF CALL Ekd5.0043B470             //获取攻击武将职业代号
004400B3  |.  8845 F8    MOV BYTE PTR SS:[EBP-8],AL
004400B6  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]
004400B9  |.  8845 F0    MOV BYTE PTR SS:[EBP-10],AL
004400BC  |.  807D F0 02 CMP BYTE PTR SS:[EBP-10],2
004400C0  |.  74 08       JE SHORT Ekd5.004400CA //等于2，表示原曹操传弓兵，给值1返回
004400C2  |.  807D F0 04 CMP BYTE PTR SS:[EBP-10],4
004400C6  |.  74 02       JE SHORT Ekd5.004400CA  //等于4,表示原曹操传弓骑兵,给值1返回
004400C8  |.  EB 09       JMP SHORT Ekd5.004400D3
004400CA  |>  C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1 返回1
004400D1  |.  EB 07       JMP SHORT Ekd5.004400DA
004400D3  |>  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0 返回0
004400DA  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004400DD  |.  8BE5       MOV ESP,EBP
004400DF  |.  5D          POP EBP
004400E0  \.  C3          RETN

[ 本帖最后由岱瀛于 2007-1-21 15:36 编辑 ]

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#9

发表于 2007-1-21 20:58 资料个人空间短消息看全部作者

攻击效果函数

局部变量：
*([EBP-C]的值+8)就是攻击武将的Ecx值

00405889  /$  55                   PUSH EBP
0040588A  |.  8BEC                MOV EBP,ESP
0040588C  |.  83EC 0C             SUB ESP,0C
0040588F  |.  894D F4             MOV DWORD PTR SS:[EBP-C],ECX
00405892  |.  8B45 F4             MOV EAX,DWORD PTR SS:[EBP-C]
00405895  |.  33C9                XOR ECX,ECX
00405897  |.  8A88 24040000       MOV CL,BYTE PTR DS:[EAX+424]
0040589D  |.  F7D9                NEG ECX
0040589F  |.  1BC9                SBB ECX,ECX
004058A1  |.  41                   INC ECX
004058A2  |.  894D FC             MOV DWORD PTR SS:[EBP-4],ECX
004058A5  |.  C645 F8 00          MOV BYTE PTR SS:[EBP-8],0
004058A9  |.  EB 09                JMP SHORT Ekd5.004058B4
004058AB  |>  8A55 F8             /MOV DL,BYTE PTR SS:[EBP-8]
004058AE  |.  80C2 01             |ADD DL,1
004058B1  |.  8855 F8             |MOV BYTE PTR SS:[EBP-8],DL
004058B4  |>  8B45 F8             MOV EAX,DWORD PTR SS:[EBP-8]
004058B7  |.  25 FF000000          |AND EAX,0FF
004058BC  |.  8B4D F4             |MOV ECX,DWORD PTR SS:[EBP-C]
004058BF  |.  33D2                |XOR EDX,EDX
004058C1  |.  8A5401 10          |MOV DL,BYTE PTR DS:[ECX+EAX+10]
004058C5  |.  81FA FF000000       |CMP EDX,0FF
004058CB  |.  0F84 97030000       |JE Ekd5.00405C68                                              //退出
004058D1  |.  8B45 F8             |MOV EAX,DWORD PTR SS:[EBP-8]
004058D4  |.  25 FF000000          |AND EAX,0FF
004058D9  |.  8B4D F4             |MOV ECX,DWORD PTR SS:[EBP-C]
004058DC  |.  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]
004058DF  |.  8A4402 10          |MOV AL,BYTE PTR DS:[EDX+EAX+10]
004058E3  |.  8841 01             |MOV BYTE PTR DS:[ECX+1],AL
004058E6  |.  8B4D F8             |MOV ECX,DWORD PTR SS:[EBP-8]
004058E9  |.  81E1 FF000000       |AND ECX,0FF
004058EF  |.  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]
004058F2  |.  83BC8A 84000000 00 |CMP DWORD PTR DS:[EDX+ECX*4+84],0
004058FA  |.  75 19                |JNZ SHORT Ekd5.00405915
004058FC  |.  8B45 F8             |MOV EAX,DWORD PTR SS:[EBP-8]
004058FF  |.  25 FF000000          |AND EAX,0FF
00405904  |.  8B4D F4             |MOV ECX,DWORD PTR SS:[EBP-C]
00405907  |.  83BC81 54020000 00 |CMP DWORD PTR DS:[ECX+EAX*4+254],0
0040590F  |.  0F84 55010000       |JE Ekd5.00405A6A
00405915  |>  6A 23                |PUSH 23                               ; /Arg1 = 00000023             23-混乱攻击
00405917  |.  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]          ; |
0040591A  |.  8B4A 08             |MOV ECX,DWORD PTR DS:[EDX+8]          ; |
0040591D  |.  E8 E7200000          |CALL Ekd5.00407A09                   ; \Ekd5.00407A09    判断攻击武将是否装备混乱攻击的道具
00405922  |.  85C0                |TEST EAX,EAX
00405924  |.  74 18                |JE SHORT Ekd5.0040593E
00405926  |.  6A 08                |PUSH 8                               ; /Arg1 = 00000008                      异常代码8，表示混乱
00405928  |.  8B45 F4             |MOV EAX,DWORD PTR SS:[EBP-C]          ; |
0040592B  |.  33C9                |XOR ECX,ECX                            ; |
0040592D  |.  8A48 01             |MOV CL,BYTE PTR DS:[EAX+1]             ; |
00405930  |.  6BC9 24             |IMUL ECX,ECX,24                      ; |
00405933  |.  81C1 502C4B00       |ADD ECX,Ekd5.004B2C50                ; |
00405939  |.  E8 820D0000          |CALL Ekd5.004066C0                   ; \Ekd5.004066C0             将被攻击武将设置为混乱状态
0040593E  |>  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]
00405941  |.  8B4A 08             |MOV ECX,DWORD PTR DS:[EDX+8]
00405944  |.  E8 C70C0000          |CALL Ekd5.00406610                                     获取攻击武将的兵种
00405949  |.  25 FF000000          |AND EAX,0FF
0040594E  |.  83F8 32             |CMP EAX,32                                                               判断是否为第51号兵种，原土偶
00405951  |.  75 26                |JNZ SHORT Ekd5.00405979
00405953  |.  6A 3C                |PUSH 3C                               ; /Arg1 = 0000003C
00405955  |.  E8 D8A10700          |CALL Ekd5.0047FB32                   ; \Ekd5.0047FB32             判断60%的概率事件是否发生
0040595A  |.  83C4 04             |ADD ESP,4
0040595D  |.  85C0                |TEST EAX,EAX
0040595F  |.  74 18                |JE SHORT Ekd5.00405979
00405961  |.  6A 08                |PUSH 8                               ; /Arg1 = 00000008             异常代码8，表示混乱
00405963  |.  8B45 F4             |MOV EAX,DWORD PTR SS:[EBP-C]          ; |
00405966  |.  33C9                |XOR ECX,ECX                            ; |
00405968  |.  8A48 01             |MOV CL,BYTE PTR DS:[EAX+1]             ; |
0040596B  |.  6BC9 24             |IMUL ECX,ECX,24                      ; |
0040596E  |.  81C1 502C4B00       |ADD ECX,Ekd5.004B2C50                ; |
00405974  |.  E8 470D0000          |CALL Ekd5.004066C0                   ; \Ekd5.004066C0             将被攻击武将设置为混乱状态
00405979  |>  6A 24                |PUSH 24                               ; /Arg1 = 00000024 24-中毒攻击
0040597B  |.  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]          ; |
0040597E  |.  8B4A 08             |MOV ECX,DWORD PTR DS:[EDX+8]          ; |
00405981  |.  E8 83200000          |CALL Ekd5.00407A09                   ; \Ekd5.00407A09       检测攻击武将是否装备中毒攻击道具
00405986  |.  85C0                |TEST EAX,EAX
00405988  |.  74 18                |JE SHORT Ekd5.004059A2
0040598A  |.  6A 10                |PUSH 10                               ; /Arg1 = 00000010             10中毒状态
0040598C  |.  8B45 F4             |MOV EAX,DWORD PTR SS:[EBP-C]          ; |
0040598F  |.  33C9                |XOR ECX,ECX                            ; |
00405991  |.  8A48 01             |MOV CL,BYTE PTR DS:[EAX+1]             ; |
00405994  |.  6BC9 24             |IMUL ECX,ECX,24                      ; |
00405997  |.  81C1 502C4B00       |ADD ECX,Ekd5.004B2C50                ; |
0040599D  |.  E8 1E0D0000          |CALL Ekd5.004066C0                   ; \Ekd5.004066C0    将被攻击武将设置为中毒状态
004059A2  |>  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]
004059A5  |.  8B4A 08             |MOV ECX,DWORD PTR DS:[EDX+8]
004059A8  |.  E8 630C0000          |CALL Ekd5.00406610                                     获取攻击武将的兵种
004059AD  |.  25 FF000000          |AND EAX,0FF
004059B2  |.  83F8 31             |CMP EAX,31                                                               判断是否是第50号兵种，原木人
004059B5  |.  75 26                |JNZ SHORT Ekd5.004059DD
004059B7  |.  6A 3C                |PUSH 3C                               ; /Arg1 = 0000003C
004059B9  |.  E8 74A10700          |CALL Ekd5.0047FB32                   ; \Ekd5.0047FB32    60%的几率是否发生
004059BE  |.  83C4 04             |ADD ESP,4
004059C1  |.  85C0                |TEST EAX,EAX
004059C3  |.  74 18                |JE SHORT Ekd5.004059DD
004059C5  |.  6A 10                |PUSH 10                               ; /Arg1 = 00000010 10中毒状态
004059C7  |.  8B45 F4             |MOV EAX,DWORD PTR SS:[EBP-C]          ; |
004059CA  |.  33C9                |XOR ECX,ECX                            ; |
004059CC  |.  8A48 01             |MOV CL,BYTE PTR DS:[EAX+1]             ; |
004059CF  |.  6BC9 24             |IMUL ECX,ECX,24                      ; |
004059D2  |.  81C1 502C4B00       |ADD ECX,Ekd5.004B2C50                ; |
004059D8  |.  E8 E30C0000          |CALL Ekd5.004066C0                   ; \Ekd5.004066C0    将被攻击武将设置为中毒状态
004059DD  |>  6A 25                |PUSH 25                               ; /Arg1 = 00000025   25-麻痹攻击
004059DF  |.  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]          ; |
004059E2  |.  8B4A 08             |MOV ECX,DWORD PTR DS:[EDX+8]          ; |
004059E5  |.  E8 1F200000          |CALL Ekd5.00407A09                   ; \Ekd5.00407A09    判断攻击武将是否装备麻痹攻击道具
004059EA  |.  85C0                |TEST EAX,EAX
004059EC  |.  74 18                |JE SHORT Ekd5.00405A06
004059EE  |.  6A 02                |PUSH 2                               ; /Arg1 = 00000002       2麻痹状态
004059F0  |.  8B45 F4             |MOV EAX,DWORD PTR SS:[EBP-C]          ; |
004059F3  |.  33C9                |XOR ECX,ECX                            ; |
004059F5  |.  8A48 01             |MOV CL,BYTE PTR DS:[EAX+1]             ; |
004059F8  |.  6BC9 24             |IMUL ECX,ECX,24                      ; |
004059FB  |.  81C1 502C4B00       |ADD ECX,Ekd5.004B2C50                ; |
00405A01  |.  E8 BA0C0000          |CALL Ekd5.004066C0                   ; \Ekd5.004066C0 将被攻击武将设置为麻痹状态
00405A06  |>  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]
00405A09  |.  8B4A 08             |MOV ECX,DWORD PTR DS:[EDX+8]
00405A0C  |.  E8 FF0B0000          |CALL Ekd5.00406610                                              获取武将ecx的兵种
00405A11  |.  25 FF000000          |AND EAX,0FF
00405A16  |.  83F8 2A             |CMP EAX,2A                                                             判断是否等于第43兵种，驯熊师
00405A19  |.  75 26                |JNZ SHORT Ekd5.00405A41
00405A1B  |.  6A 3C                |PUSH 3C                               ; /Arg1 = 0000003C
00405A1D  |.  E8 10A10700          |CALL Ekd5.0047FB32                   ; \Ekd5.0047FB32             判断60%的概率事件是否发生
00405A22  |.  83C4 04             |ADD ESP,4
00405A25  |.  85C0                |TEST EAX,EAX
00405A27  |.  74 18                |JE SHORT Ekd5.00405A41
00405A29  |.  6A 02                |PUSH 2                               ; /Arg1 = 00000002 2麻痹状态
00405A2B  |.  8B45 F4             |MOV EAX,DWORD PTR SS:[EBP-C]          ; |
00405A2E  |.  33C9                |XOR ECX,ECX                            ; |
00405A30  |.  8A48 01             |MOV CL,BYTE PTR DS:[EAX+1]             ; |
00405A33  |.  6BC9 24             |IMUL ECX,ECX,24                      ; |
00405A36  |.  81C1 502C4B00       |ADD ECX,Ekd5.004B2C50                ; |
00405A3C  |.  E8 7F0C0000          |CALL Ekd5.004066C0                   ; \Ekd5.004066C0 将被攻击武将设置为麻痹状态
00405A41  |>  6A 26                |PUSH 26                               ; /Arg1 = 00000026   26禁咒攻击
00405A43  |.  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]          ; |
00405A46  |.  8B4A 08             |MOV ECX,DWORD PTR DS:[EDX+8]          ; |
00405A49  |.  E8 BB1F0000          |CALL Ekd5.00407A09                   ; \Ekd5.00407A09 判断攻击武将是否装备禁咒攻击道具
00405A4E  |.  85C0                |TEST EAX,EAX
00405A50  |.  74 18                |JE SHORT Ekd5.00405A6A
00405A52  |.  6A 04                |PUSH 4                               ; /Arg1 = 00000004       4禁咒状态
00405A54  |.  8B45 F4             |MOV EAX,DWORD PTR SS:[EBP-C]          ; |
00405A57  |.  33C9                |XOR ECX,ECX                            ; |
00405A59  |.  8A48 01             |MOV CL,BYTE PTR DS:[EAX+1]             ; |
00405A5C  |.  6BC9 24             |IMUL ECX,ECX,24                      ; |
00405A5F  |.  81C1 502C4B00       |ADD ECX,Ekd5.004B2C50                ; |
00405A65  |.  E8 560C0000          |CALL Ekd5.004066C0                   ; \Ekd5.004066C0 将被攻击武将设置为禁咒状态
00405A6A  |>  8B55 FC             |MOV EDX,DWORD PTR SS:[EBP-4]
00405A6D  |.  52                   |PUSH EDX                               ; /Arg8
00405A6E  |.  8B45 F8             |MOV EAX,DWORD PTR SS:[EBP-8]          ; |
00405A71  |.  25 FF000000          |AND EAX,0FF                            ; |
00405A76  |.  8B4D F4             |MOV ECX,DWORD PTR SS:[EBP-C]          ; |
00405A79  |.  8B9481 30040000    |MOV EDX,DWORD PTR DS:[ECX+EAX*4+430] ; |
00405A80  |.  52                   |PUSH EDX                               ; |Arg7
00405A81  |.  6A 00                |PUSH 0                               ; |Arg6 = 00000000
00405A83  |.  6A 00                |PUSH 0                               ; |Arg5 = 00000000
00405A85  |.  8B45 F8             |MOV EAX,DWORD PTR SS:[EBP-8]          ; |
00405A88  |.  25 FF000000          |AND EAX,0FF                            ; |
00405A8D  |.  8B4D F4             |MOV ECX,DWORD PTR SS:[EBP-C]          ; |
00405A90  |.  8B9481 54020000    |MOV EDX,DWORD PTR DS:[ECX+EAX*4+254] ; |
00405A97  |.  52                   |PUSH EDX                               ; |Arg4
00405A98  |.  8B45 F8             |MOV EAX,DWORD PTR SS:[EBP-8]          ; |
00405A9B  |.  25 FF000000          |AND EAX,0FF                            ; |
00405AA0  |.  8B4D F4             |MOV ECX,DWORD PTR SS:[EBP-C]          ; |
00405AA3  |.  8B9481 84000000    |MOV EDX,DWORD PTR DS:[ECX+EAX*4+84]    ; |
00405AAA  |.  52                   |PUSH EDX                               ; |Arg3
00405AAB  |.  8B45 F4             |MOV EAX,DWORD PTR SS:[EBP-C]          ; |
00405AAE  |.  8A08                |MOV CL,BYTE PTR DS:[EAX]             ; |
00405AB0  |.  51                   |PUSH ECX                               ; |Arg2
00405AB1  |.  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]          ; |
00405AB4  |.  8A42 01             |MOV AL,BYTE PTR DS:[EDX+1]             ; |
00405AB7  |.  50                   |PUSH EAX                               ; |Arg1
00405AB8  |.  E8 C7AE0400          |CALL Ekd5.00450984                   ; \Ekd5.00450984
00405ABD  |.  83C4 20             |ADD ESP,20
00405AC0  |.  8B4D F4             |MOV ECX,DWORD PTR SS:[EBP-C]
00405AC3  |.  33D2                |XOR EDX,EDX
00405AC5  |.  8A51 01             |MOV DL,BYTE PTR DS:[ECX+1]
00405AC8  |.  8BCA                |MOV ECX,EDX
00405ACA  |.  6BC9 24             |IMUL ECX,ECX,24
00405ACD  |.  81C1 502C4B00       |ADD ECX,Ekd5.004B2C50
00405AD3  |.  E8 B8D10600          |CALL Ekd5.00472C90                                     返回被攻击武将的当前体力
00405AD8  |.  8B4D F8             |MOV ECX,DWORD PTR SS:[EBP-8]
00405ADB  |.  81E1 FF000000       |AND ECX,0FF
00405AE1  |.  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]
00405AE4  |.  2B848A 84000000    |SUB EAX,DWORD PTR DS:[EDX+ECX*4+84]
00405AEB  |.  50                   |PUSH EAX                               ; /Arg1
00405AEC  |.  8B45 F4             |MOV EAX,DWORD PTR SS:[EBP-C]          ; |
00405AEF  |.  33C9                |XOR ECX,ECX                            ; |
00405AF1  |.  8A48 01             |MOV CL,BYTE PTR DS:[EAX+1]             ; |
00405AF4  |.  6BC9 24             |IMUL ECX,ECX,24                      ; |
00405AF7  |.  81C1 502C4B00       |ADD ECX,Ekd5.004B2C50                ; |
00405AFD  |.  E8 CB9B0300          |CALL Ekd5.0043F6CD                   ; \Ekd5.0043F6CD
00405B02  |.  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]
00405B05  |.  33C0                |XOR EAX,EAX
00405B07  |.  8A42 01             |MOV AL,BYTE PTR DS:[EDX+1]
00405B0A  |.  8BC8                |MOV ECX,EAX
00405B0C  |.  6BC9 24             |IMUL ECX,ECX,24
00405B0F  |.  81C1 502C4B00       |ADD ECX,Ekd5.004B2C50
00405B15  |.  E8 26CD0600          |CALL Ekd5.00472840                                     返回被攻击武将的当前MP值
00405B1A  |.  8B4D F8             |MOV ECX,DWORD PTR SS:[EBP-8]
00405B1D  |.  81E1 FF000000       |AND ECX,0FF
00405B23  |.  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]
00405B26  |.  2B848A 54020000    |SUB EAX,DWORD PTR DS:[EDX+ECX*4+254]
00405B2D  |.  50                   |PUSH EAX                               ; /Arg1
00405B2E  |.  8B45 F4             |MOV EAX,DWORD PTR SS:[EBP-C]          ; |
00405B31  |.  33C9                |XOR ECX,ECX                            ; |
00405B33  |.  8A48 01             |MOV CL,BYTE PTR DS:[EAX+1]             ; |
00405B36  |.  6BC9 24             |IMUL ECX,ECX,24                      ; |
00405B39  |.  81C1 502C4B00       |ADD ECX,Ekd5.004B2C50                ; |
00405B3F  |.  E8 CA9B0300          |CALL Ekd5.0043F70E                   ; \Ekd5.0043F70E
00405B44  |.  8B55 F8             |MOV EDX,DWORD PTR SS:[EBP-8]
00405B47  |.  81E2 FF000000       |AND EDX,0FF
00405B4D  |.  8B45 F4             |MOV EAX,DWORD PTR SS:[EBP-C]
00405B50  |.  8B8C90 30040000    |MOV ECX,DWORD PTR DS:[EAX+EDX*4+430]
00405B57  |.  51                   |PUSH ECX
00405B58  |.  6A 01                |PUSH 1
00405B5A  |.  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]
00405B5D  |.  33C0                |XOR EAX,EAX
00405B5F  |.  8A42 01             |MOV AL,BYTE PTR DS:[EDX+1]
00405B62  |.  8BC8                |MOV ECX,EAX
00405B64  |.  6BC9 24             |IMUL ECX,ECX,24
00405B67  |.  81C1 502C4B00       |ADD ECX,Ekd5.004B2C50
00405B6D  |.  E8 FE9A0500          |CALL Ekd5.0045F670
00405B72  |.  8BC8                |MOV ECX,EAX                            ; |
00405B74  |.  6BC9 48             |IMUL ECX,ECX,48                      ; |
00405B77  |.  81C1 681B4A00       |ADD ECX,Ekd5.004A1B68                ; |
00405B7D  |.  E8 54270000          |CALL Ekd5.004082D6                   ; \Ekd5.004082D6
00405B82  |.  8B4D F8             |MOV ECX,DWORD PTR SS:[EBP-8]
00405B85  |.  81E1 FF000000       |AND ECX,0FF
00405B8B  |.  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]
00405B8E  |.  83BC8A 84000000 00 |CMP DWORD PTR DS:[EDX+ECX*4+84],0
00405B96  |.  0F8E AD000000       |JLE Ekd5.00405C49
00405B9C  |.  8B45 F4             |MOV EAX,DWORD PTR SS:[EBP-C]
00405B9F  |.  33C9                |XOR ECX,ECX
00405BA1  |.  8A48 01             |MOV CL,BYTE PTR DS:[EAX+1]
00405BA4  |.  6BC9 24             |IMUL ECX,ECX,24
00405BA7  |.  81C1 502C4B00       |ADD ECX,Ekd5.004B2C50
00405BAD  |.  E8 DED00600          |CALL Ekd5.00472C90                      返回武将ecx的当前体力
00405BB2  |.  85C0                |TEST EAX,EAX
00405BB4  |.  0F86 8F000000       |JBE Ekd5.00405C49
00405BBA  |.  6A 3E                |PUSH 3E                                                             3E-自动使用豆
00405BBC  |.  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]
00405BBF  |.  33C0                |XOR EAX,EAX
00405BC1  |.  8A42 01             |MOV AL,BYTE PTR DS:[EDX+1]
00405BC4  |.  8BC8                |MOV ECX,EAX
00405BC6  |.  6BC9 24             |IMUL ECX,ECX,24
00405BC9  |.  81C1 502C4B00       |ADD ECX,Ekd5.004B2C50
00405BCF  |.  E8 9C9A0500          |CALL Ekd5.0045F670                                                       获取被攻击武将的data编号
00405BD4  |.  8BC8                |MOV ECX,EAX                            ; |
00405BD6  |.  6BC9 48             |IMUL ECX,ECX,48                      ; |
00405BD9  |.  81C1 681B4A00       |ADD ECX,Ekd5.004A1B68                ; |
00405BDF  |.  E8 251E0000          |CALL Ekd5.00407A09                   ; \Ekd5.00407A09             判断被攻击武将是否装备豆袋
00405BE4  |.  85C0                |TEST EAX,EAX
00405BE6  |.  74 61                |JE SHORT Ekd5.00405C49
00405BE8  |.  8B4D F4             |MOV ECX,DWORD PTR SS:[EBP-C]
00405BEB  |.  33D2                |XOR EDX,EDX
00405BED  |.  8A51 01             |MOV DL,BYTE PTR DS:[ECX+1]
00405BF0  |.  8BCA                |MOV ECX,EDX
00405BF2  |.  6BC9 24             |IMUL ECX,ECX,24
00405BF5  |.  81C1 502C4B00       |ADD ECX,Ekd5.004B2C50
00405BFB  |.  E8 54A30300          |CALL Ekd5.0043FF54                                              获取被攻击武将属于哪一方
00405C00  |.  85C0                |TEST EAX,EAX
00405C02  |.  74 2E                |JE SHORT Ekd5.00405C32                                     非我方跳转，不判断仓库豆的数量
00405C04  |.  6A 57                |PUSH 57                               ; /Arg1 = 00000057             这个就是恢复用豆的序号
00405C06  |.  B9 70074B00          |MOV ECX,Ekd5.004B0770                ; |
00405C0B  |.  E8 2E7F0000          |CALL Ekd5.0040DB3E                   ; \Ekd5.0040DB3E 判断我方仓库是否有豆
00405C10  |.  25 FF000000          |AND EAX,0FF
00405C15  |.  85C0                |TEST EAX,EAX
00405C17  |.  7E 17                |JLE SHORT Ekd5.00405C30                                     小于等于0，没有豆，跳转
00405C19  |.  6A 00                |PUSH 0                               ; /Arg4 = 00000000
00405C1B  |.  6A 00                |PUSH 0                               ; |Arg3 = 00000000
00405C1D  |.  8B45 F4             |MOV EAX,DWORD PTR SS:[EBP-C]          ; |
00405C20  |.  8A48 01             |MOV CL,BYTE PTR DS:[EAX+1]             ; |
00405C23  |.  51                   |PUSH ECX                               ; |Arg2
00405C24  |.  6A 57                |PUSH 57                               ; |Arg1 = 00000057       这个就是恢复用豆的序号
00405C26  |.  B9 50774900          |MOV ECX,Ekd5.00497750                ; |
00405C2B  |.  E8 13800100          |CALL Ekd5.0041DC43                   ; \Ekd5.0041DC43          使用豆
00405C30  |>  EB 17                |JMP SHORT Ekd5.00405C49
00405C32  |>  6A 01                |PUSH 1                               ; /Arg4 = 00000001
00405C34  |.  6A 00                |PUSH 0                               ; |Arg3 = 00000000
00405C36  |.  8B55 F4             |MOV EDX,DWORD PTR SS:[EBP-C]          ; |
00405C39  |.  8A42 01             |MOV AL,BYTE PTR DS:[EDX+1]             ; |
00405C3C  |.  50                   |PUSH EAX                               ; |Arg2
00405C3D  |.  6A 57                |PUSH 57                               ; |Arg1 = 00000057             这个就是恢复用豆的序号
00405C3F  |.  B9 50774900          |MOV ECX,Ekd5.00497750                ; |
00405C44  |.  E8 FA7F0100          |CALL Ekd5.0041DC43                   ; \Ekd5.0041DC43                         使用豆

00405C49  |>  6A 20                |PUSH 20                               ; /Arg1 = 00000020
00405C4B  |.  8B4D F4             |MOV ECX,DWORD PTR SS:[EBP-C]          ; |
00405C4E  |.  33D2                |XOR EDX,EDX                            ; |
00405C50  |.  8A51 01             |MOV DL,BYTE PTR DS:[ECX+1]             ; |
00405C53  |.  8BCA                |MOV ECX,EDX                            ; |
00405C55  |.  6BC9 24             |IMUL ECX,ECX,24                      ; |
00405C58  |.  81C1 502C4B00       |ADD ECX,Ekd5.004B2C50                ; |
00405C5E  |.  E8 2D0A0000          |CALL Ekd5.00406690                   ; \Ekd5.00406690 恢复被攻击武将的行动
00405C63  |.^ E9 43FCFFFF          \JMP Ekd5.004058AB
00405C68  |>  8BE5                MOV ESP,EBP
00405C6A  |.  5D                   POP EBP
00405C6B  \.  C3                   RETN

//这个函数看起来相对简单，但是涉及到很多种特殊效果，为修改者必读的函数

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#10

发表于 2007-12-30 21:08 资料个人空间短消息看全部作者

兵种特殊每回合能力

0043C7DF  |.  8B4D F8          MOV ECX,DWORD PTR SS:[EBP-8]
0043C7E2  |.  E8 A9C4FDFF       CALL WaGan.00418C90
0043C7E7  |.  25 FF000000       AND EAX,0FF
0043C7EC  |.  83F8 02          CMP EAX,2
0043C7EF  |.  74 05             JE SHORT WaGan.0043C7F6
0043C7F1  |.  E9 7B010000       JMP WaGan.0043C971
0043C7F6  |>  8B4D F8          MOV ECX,DWORD PTR SS:[EBP-8]
0043C7F9  |.  E8 3218FEFF       CALL WaGan.0041E030
0043C7FE  |.  25 FF000000       AND EAX,0FF
0043C803  |.  85C0             TEST EAX,EAX
0043C805  |.  90                NOP
0043C806  |.  90                NOP
0043C807  |.  8B4D F8          MOV ECX,DWORD PTR SS:[EBP-8]
0043C80A  |.  E8 F9080000       CALL WaGan.0043D108 判断兵种是否合适内带转圈
0043C80F  |.  85C0             TEST EAX,EAX
0043C811  |.  74 1E             JE SHORT WaGan.0043C831
0043C813  |.  6A 01             PUSH 1                                  ; /Arg4 = 00000001
0043C815  |.  68 9E000000       PUSH 9E                               ; |Arg3 = 0000009E
0043C81A  |.  6A 04             PUSH 4                                  ; |Arg2 = 00000004 使用的魔法种类
0043C81C  |.  8B45 F8          MOV EAX,DWORD PTR SS:[EBP-8]          ; |
0043C81F  |.  8B08             MOV ECX,DWORD PTR DS:[EAX]             ; |
0043C821  |.  51                PUSH ECX                               ; |Arg1
0043C822  |.  B9 F05D4B00       MOV ECX,WaGan.004B5DF0                ; |
0043C827  |.  E8 30E20100       CALL WaGan.0045AA5C                   ; \WaGan.0045AA5C
0043C82C  |.  E9 40010000       JMP WaGan.0043C971
0043C831  |>  6A 01             PUSH 1                                  ; /Arg1 = 00000001
0043C833  |.  8B4D F8          MOV ECX,DWORD PTR SS:[EBP-8]          ; |

43D108函数：

0043D225  |.  83F8 10          |CMP EAX,10 判断兵种
0043D228  |.  0F85 D2020000    |JNZ WaGan.0043D500
0043D22E  |.  8B4D F0          |MOV ECX,DWORD PTR SS:[EBP-10]
0043D231  |.  E8 DA94FCFF       |CALL WaGan.00406710
0043D236  |.  8BF0             |MOV ESI,EAX
0043D238  |.  8B8D B0FEFFFF    |MOV ECX,DWORD PTR SS:[EBP-150]
0043D23E  |.  E8 CD94FCFF       |CALL WaGan.00406710
0043D243  |.  3BF0             |CMP ESI,EAX
0043D245  |.  0F85 B5020000    |JNZ WaGan.0043D500
0043D24B  |.  8B4D F0          |MOV ECX,DWORD PTR SS:[EBP-10]
0043D24E  |.  E8 3DBAFDFF       |CALL WaGan.00418C90
0043D253  |.  25 FF000000       |AND EAX,0FF
0043D258  |.  83F8 02          |CMP EAX,2
0043D25B  |.  0F85 9F020000    |JNZ WaGan.0043D500
0043D261  |.  68 D0BB4800       |PUSH WaGan.0048BBD0                   ; /Arg1 = 0048BBD0 ASCII "SSWA"
0043D266  |.  8D8D ECFEFFFF    |LEA ECX,DWORD PTR SS:[EBP-114]       ; |
0043D26C  |.  E8 C428FEFF       |CALL WaGan.0041FB35                   ; \WaGan.0041FB35
0043D271  |.  6A 04             |PUSH 4                               ; /Arg3 = 00000004
0043D273  |.  6A 00             |PUSH 0                               ; |Arg2 = 00000000
0043D275  |.  68 00690000       |PUSH 6900                            ; |Arg1 = 00006900
0043D27A  |.  B9 C8E44A00       |MOV ECX,WaGan.004AE4C8                ; |
0043D27F  |.  E8 BC270400       |CALL WaGan.0047FA40                   ; \WaGan.0047FA40
0043D284  |.  50                |PUSH EAX
0043D285  |.  8B4D F0          |MOV ECX,DWORD PTR SS:[EBP-10]
0043D288  |.  E8 23F0FDFF       |CALL WaGan.0041C2B0
0043D28D  |.  25 FF000000       |AND EAX,0FF                            ; |
0043D292  |.  50                |PUSH EAX                               ; |/Arg1
0043D293  |.  8B4D F0          |MOV ECX,DWORD PTR SS:[EBP-10]          ; ||
0043D296  |.  E8 AD290000       |CALL WaGan.0043FC48                   ; |\WaGan.0043FC48
0043D29B  |.  25 FF000000       |AND EAX,0FF                            ; |
0043D2A0  |.  50                |PUSH EAX                               ; |Arg1
0043D2A1  |.  8D8D ECFEFFFF    |LEA ECX,DWORD PTR SS:[EBP-114]       ; |
0043D2A7  |.  E8 DD29FEFF       |CALL WaGan.0041FC89                   ; \WaGan.0041FC89
0043D2AC  |.  8D8D ECFEFFFF    |LEA ECX,DWORD PTR SS:[EBP-114]
0043D2B2  |.  E8 0EC0FDFF       |CALL WaGan.004192C5
0043D2B7  |.  6A 04             |PUSH 4                               ; /Arg3 = 00000004
0043D2B9  |.  6A 00             |PUSH 0                               ; |Arg2 = 00000000
0043D2BB  |.  6A 00             |PUSH 0                               ; |Arg1 = 00000000
0043D2BD  |.  B9 C8E44A00       |MOV ECX,WaGan.004AE4C8                ; |
0043D2C2  |.  E8 79270400       |CALL WaGan.0047FA40                   ; \WaGan.0047FA40
0043D2C7  |.  8985 D0FEFFFF    |MOV DWORD PTR SS:[EBP-130],EAX
0043D2CD  |.  6A 04             |PUSH 4                               ; /Arg3 = 00000004
0043D2CF  |.  6A 00             |PUSH 0                               ; |Arg2 = 00000000
0043D2D1  |.  68 00690000       |PUSH 6900                            ; |Arg1 = 00006900
0043D2D6  |.  B9 C8E44A00       |MOV ECX,WaGan.004AE4C8                ; |
0043D2DB  |.  E8 60270400       |CALL WaGan.0047FA40                   ; \WaGan.0047FA40
0043D2E0  |.  8985 E4FEFFFF    |MOV DWORD PTR SS:[EBP-11C],EAX
0043D2E6  |.  68 00090000       |PUSH 900                               ; /Arg3 = 00000900
0043D2EB  |.  8B95 D0FEFFFF    |MOV EDX,DWORD PTR SS:[EBP-130]       ; |
0043D2F1  |.  52                |PUSH EDX                               ; |Arg2
0043D2F2  |.  8B85 E4FEFFFF    |MOV EAX,DWORD PTR SS:[EBP-11C]       ; |
0043D2F8  |.  50                |PUSH EAX                               ; |Arg1
0043D2F9  |.  E8 FF290400       |CALL WaGan.0047FCFD                   ; \WaGan.0047FCFD
0043D2FE  |.  83C4 0C          |ADD ESP,0C
0043D301  |.  6A 04             |PUSH 4                               ; /Arg3 = 00000004
0043D303  |.  6A 00             |PUSH 0                               ; |Arg2 = 00000000
0043D305  |.  68 00100000       |PUSH 1000                            ; |Arg1 = 00001000
0043D30A  |.  B9 C8E44A00       |MOV ECX,WaGan.004AE4C8                ; |
0043D30F  |.  E8 2C270400       |CALL WaGan.0047FA40                   ; \WaGan.0047FA40
0043D314  |.  8985 D0FEFFFF    |MOV DWORD PTR SS:[EBP-130],EAX
0043D31A  |.  6A 04             |PUSH 4                               ; /Arg3 = 00000004
0043D31C  |.  6A 00             |PUSH 0                               ; |Arg2 = 00000000
0043D31E  |.  68 007B0000       |PUSH 7B00                            ; |Arg1 = 00007B00
0043D323  |.  B9 C8E44A00       |MOV ECX,WaGan.004AE4C8                ; |
0043D328  |.  E8 13270400       |CALL WaGan.0047FA40                   ; \WaGan.0047FA40
0043D32D  |.  8985 E4FEFFFF    |MOV DWORD PTR SS:[EBP-11C],EAX
0043D333  |.  68 00090000       |PUSH 900                               ; /Arg3 = 00000900
0043D338  |.  8B8D D0FEFFFF    |MOV ECX,DWORD PTR SS:[EBP-130]       ; |
0043D33E  |.  51                |PUSH ECX                               ; |Arg2
0043D33F  |.  8B95 E4FEFFFF    |MOV EDX,DWORD PTR SS:[EBP-11C]       ; |
0043D345  |.  52                |PUSH EDX                               ; |Arg1
0043D346  |.  E8 B2290400       |CALL WaGan.0047FCFD                   ; \WaGan.0047FCFD
0043D34B  |.  83C4 0C          |ADD ESP,0C
0043D34E  |.  6A 04             |PUSH 4                               ; /Arg3 = 00000004
0043D350  |.  6A 00             |PUSH 0                               ; |Arg2 = 00000000
0043D352  |.  68 00200000       |PUSH 2000                            ; |Arg1 = 00002000
0043D357  |.  B9 C8E44A00       |MOV ECX,WaGan.004AE4C8                ; |
0043D35C  |.  E8 DF260400       |CALL WaGan.0047FA40                   ; \WaGan.0047FA40
0043D361  |.  8985 D0FEFFFF    |MOV DWORD PTR SS:[EBP-130],EAX
0043D367  |.  6A 04             |PUSH 4                               ; /Arg3 = 00000004
0043D369  |.  6A 00             |PUSH 0                               ; |Arg2 = 00000000
0043D36B  |.  68 00720000       |PUSH 7200                            ; |Arg1 = 00007200
0043D370  |.  B9 C8E44A00       |MOV ECX,WaGan.004AE4C8                ; |
0043D375  |.  E8 C6260400       |CALL WaGan.0047FA40                   ; \WaGan.0047FA40
0043D37A  |.  8985 E4FEFFFF    |MOV DWORD PTR SS:[EBP-11C],EAX
0043D380  |.  68 00090000       |PUSH 900                               ; /Arg3 = 00000900
0043D385  |.  8B85 D0FEFFFF    |MOV EAX,DWORD PTR SS:[EBP-130]       ; |
0043D38B  |.  50                |PUSH EAX                               ; |Arg2
0043D38C  |.  8B8D E4FEFFFF    |MOV ECX,DWORD PTR SS:[EBP-11C]       ; |
0043D392  |.  51                |PUSH ECX                               ; |Arg1
0043D393  |.  E8 65290400       |CALL WaGan.0047FCFD                   ; \WaGan.0047FCFD
0043D398  |.  83C4 0C          |ADD ESP,0C
0043D39B  |.  6A 04             |PUSH 4                               ; /Arg3 = 00000004
0043D39D  |.  6A 00             |PUSH 0                               ; |Arg2 = 00000000
0043D39F  |.  68 00300000       |PUSH 3000                            ; |Arg1 = 00003000
0043D3A4  |.  B9 C8E44A00       |MOV ECX,WaGan.004AE4C8                ; |
0043D3A9  |.  E8 92260400       |CALL WaGan.0047FA40                   ; \WaGan.0047FA40
0043D3AE  |.  8985 D0FEFFFF    |MOV DWORD PTR SS:[EBP-130],EAX
0043D3B4  |.  6A 04             |PUSH 4                               ; /Arg3 = 00000004
0043D3B6  |.  6A 00             |PUSH 0                               ; |Arg2 = 00000000
0043D3B8  |.  68 007B0000       |PUSH 7B00                            ; |Arg1 = 00007B00
0043D3BD  |.  B9 C8E44A00       |MOV ECX,WaGan.004AE4C8                ; |
0043D3C2  |.  E8 79260400       |CALL WaGan.0047FA40                   ; \WaGan.0047FA40
0043D3C7  |.  8985 E4FEFFFF    |MOV DWORD PTR SS:[EBP-11C],EAX
0043D3CD  |.  8B95 D0FEFFFF    |MOV EDX,DWORD PTR SS:[EBP-130]
0043D3D3  |.  52                |PUSH EDX                               ; /Arg4
0043D3D4  |.  8B85 E4FEFFFF    |MOV EAX,DWORD PTR SS:[EBP-11C]       ; |
0043D3DA  |.  50                |PUSH EAX                               ; |Arg3
0043D3DB  |.  6A 30             |PUSH 30                               ; |Arg2 = 00000030
0043D3DD  |.  6A 30             |PUSH 30                               ; |Arg1 = 00000030
0043D3DF  |.  E8 6F1AFEFF       |CALL WaGan.0041EE53                   ; \WaGan.0041EE53
0043D3E4  |.  83C4 10          |ADD ESP,10
0043D3E7  |.  8A8D E9FEFFFF    |MOV CL,BYTE PTR SS:[EBP-117]
0043D3ED  |.  51                |PUSH ECX                               ; /Arg2
0043D3EE  |.  8A95 E8FEFFFF    |MOV DL,BYTE PTR SS:[EBP-118]          ; |
0043D3F4  |.  52                |PUSH EDX                               ; |Arg1
0043D3F5  |.  B9 50424B00       |MOV ECX,WaGan.004B4250                ; |
0043D3FA  |.  E8 407C0100       |CALL WaGan.0045503F                   ; \WaGan.0045503F
0043D3FF  |.  66:8B85 E8FEFFFF |MOV AX,WORD PTR SS:[EBP-118]
0043D406  |.  50                |PUSH EAX                               ; /Arg1
0043D407  |.  E8 72260100       |CALL WaGan.0044FA7E                   ; \WaGan.0044FA7E
0043D40C  |.  83C4 04          |ADD ESP,4
0043D40F  |.  8985 B8FEFFFF    |MOV DWORD PTR SS:[EBP-148],EAX
0043D415  |.  8995 BCFEFFFF    |MOV DWORD PTR SS:[EBP-144],EDX
0043D41B  |.  8B8D B8FEFFFF    |MOV ECX,DWORD PTR SS:[EBP-148]
0043D421  |.  898D C0FEFFFF    |MOV DWORD PTR SS:[EBP-140],ECX
0043D427  |.  8B95 BCFEFFFF    |MOV EDX,DWORD PTR SS:[EBP-144]
0043D42D  |.  8995 C4FEFFFF    |MOV DWORD PTR SS:[EBP-13C],EDX
0043D433  |.  66:8B85 E8FEFFFF |MOV AX,WORD PTR SS:[EBP-118]
0043D43A  |.  50                |PUSH EAX                               ; /Arg2
0043D43B  |.  8D8D C8FEFFFF    |LEA ECX,DWORD PTR SS:[EBP-138]       ; |
0043D441  |.  51                |PUSH ECX                               ; |Arg1
0043D442  |.  E8 D8250100       |CALL WaGan.0044FA1F                   ; \WaGan.0044FA1F
0043D447  |.  83C4 08          |ADD ESP,8
0043D44A  |.  C785 D4FEFFFF 0000>|MOV DWORD PTR SS:[EBP-12C],0 转圈的代码
0043D454  |.  EB 0F             |JMP SHORT WaGan.0043D465
0043D456  |>  8B95 D4FEFFFF    |/MOV EDX,DWORD PTR SS:[EBP-12C]
0043D45C  |.  83C2 01          ||ADD EDX,1
0043D45F  |.  8995 D4FEFFFF    ||MOV DWORD PTR SS:[EBP-12C],EDX
0043D465  |>  83BD D4FEFFFF 04 | CMP DWORD PTR SS:[EBP-12C],4
0043D46C  |.  0F87 84000000    ||JA WaGan.0043D4F6
0043D472  |.  E8 6411FEFF       ||CALL WaGan.0041E5DB
0043D477  |.  8B85 C9FEFFFF    ||MOV EAX,DWORD PTR SS:[EBP-137]
0043D47D  |.  25 FF000000       ||AND EAX,0FF
0043D482  |.  50                ||PUSH EAX                            ; /Arg2
0043D483  |.  8B8D C8FEFFFF    ||MOV ECX,DWORD PTR SS:[EBP-138]       ; |
0043D489  |.  81E1 FF000000    ||AND ECX,0FF                         ; |
0043D48F  |.  51                ||PUSH ECX                            ; |Arg1
0043D490  |.  E8 6462FCFF       ||CALL WaGan.004036F9                   ; \WaGan.004036F9
0043D495  |.  83C4 08          ||ADD ESP,8
0043D498  |.  6A 04             ||PUSH 4                               ; /Arg3 = 00000004
0043D49A  |.  6A 00             ||PUSH 0                               ; |Arg2 = 00000000
0043D49C  |.  8B85 D4FEFFFF    ||MOV EAX,DWORD PTR SS:[EBP-12C]       ; |
0043D4A2  |.  33D2             ||XOR EDX,EDX                         ; |
0043D4A4  |.  B9 04000000       ||MOV ECX,4                            ; |
0043D4A9  |.  F7F1             ||DIV ECX                               ; |
0043D4AB  |.  C1E2 0C          ||SHL EDX,0C                            ; |
0043D4AE  |.  52                ||PUSH EDX                            ; |Arg1
0043D4AF  |.  B9 C8E44A00       ||MOV ECX,WaGan.004AE4C8                ; |
0043D4B4  |.  E8 87250400       ||CALL WaGan.0047FA40                   ; \WaGan.0047FA40
0043D4B9  |.  50                ||PUSH EAX                            ; /Arg6
0043D4BA  |.  8A95 DCFEFFFF    ||MOV DL,BYTE PTR SS:[EBP-124]          ; |
0043D4C0  |.  52                ||PUSH EDX                            ; |Arg5
0043D4C1  |.  6A 30             ||PUSH 30                               ; |Arg4 = 00000030
0043D4C3  |.  6A 30             ||PUSH 30                               ; |Arg3 = 00000030
0043D4C5  |.  8B85 C4FEFFFF    ||MOV EAX,DWORD PTR SS:[EBP-13C]       ; |
0043D4CB  |.  50                ||PUSH EAX                            ; |Arg2
0043D4CC  |.  8B8D C0FEFFFF    ||MOV ECX,DWORD PTR SS:[EBP-140]       ; |
0043D4D2  |.  51                ||PUSH ECX                            ; |Arg1
0043D4D3  |.  E8 A43E0100       ||CALL WaGan.0045137C                   ; \WaGan.0045137C
0043D4D8  |.  83C4 18          ||ADD ESP,18
0043D4DB  |.  E8 1611FEFF       ||CALL WaGan.0041E5F6
0043D4E0  |.  6A 02             ||PUSH 2                               ; /Arg1 = 00000002
0043D4E2  |.  B9 181B4B00       ||MOV ECX,WaGan.004B1B18                ; |
0043D4E7  |.  E8 545EFCFF       ||CALL WaGan.00403340                   ; \WaGan.00403340
0043D4EC  |.  E8 EFEFFEFF       ||CALL WaGan.0042C4E0
0043D4F1  |.^ E9 60FFFFFF       |\JMP WaGan.0043D456
0043D4F6  |>  C785 E0FEFFFF 0100>|MOV DWORD PTR SS:[EBP-120],1
0043D500  |>^ E9 7AFCFFFF       \JMP WaGan.0043D17F
0043D505  |>  8B95 E0FEFFFF    MOV EDX,DWORD PTR SS:[EBP-120]
0043D50B  |.  8995 B4FEFFFF    MOV DWORD PTR SS:[EBP-14C],EDX
0043D511  |.  C745 FC FFFFFFFF MOV DWORD PTR SS:[EBP-4],-1

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#11

发表于 2007-12-30 21:09 资料个人空间短消息看全部作者

兵种转圈的全部代码

0043D44A  |.  C785 D4FEFFFF 0000>|MOV DWORD PTR SS:[EBP-12C],0
0043D454  |.  EB 0F             |JMP SHORT WaGan.0043D465
0043D456  |>  8B95 D4FEFFFF    |/MOV EDX,DWORD PTR SS:[EBP-12C]
0043D45C  |.  83C2 01          ||ADD EDX,1
0043D45F  |.  8995 D4FEFFFF    ||MOV DWORD PTR SS:[EBP-12C],EDX
0043D465  |>  83BD D4FEFFFF 04 | CMP DWORD PTR SS:[EBP-12C],4
0043D46C  |.  0F87 84000000    ||JA WaGan.0043D4F6
0043D472  |.  E8 6411FEFF       ||CALL WaGan.0041E5DB
0043D477  |.  8B85 C9FEFFFF    ||MOV EAX,DWORD PTR SS:[EBP-137]
0043D47D  |.  25 FF000000       ||AND EAX,0FF
0043D482  |.  50                ||PUSH EAX                            ; /Arg2
0043D483  |.  8B8D C8FEFFFF    ||MOV ECX,DWORD PTR SS:[EBP-138]       ; |
0043D489  |.  81E1 FF000000    ||AND ECX,0FF                         ; |
0043D48F  |.  51                ||PUSH ECX                            ; |Arg1
0043D490  |.  E8 6462FCFF       ||CALL WaGan.004036F9                   ; \WaGan.004036F9
0043D495  |.  83C4 08          ||ADD ESP,8
0043D498  |.  6A 04             ||PUSH 4                               ; /Arg3 = 00000004
0043D49A  |.  6A 00             ||PUSH 0                               ; |Arg2 = 00000000
0043D49C  |.  8B85 D4FEFFFF    ||MOV EAX,DWORD PTR SS:[EBP-12C]       ; |
0043D4A2  |.  33D2             ||XOR EDX,EDX                         ; |
0043D4A4  |.  B9 04000000       ||MOV ECX,4                            ; |
0043D4A9  |.  F7F1             ||DIV ECX                               ; |
0043D4AB  |.  C1E2 0C          ||SHL EDX,0C                            ; |
0043D4AE  |.  52                ||PUSH EDX                            ; |Arg1
0043D4AF  |.  B9 C8E44A00       ||MOV ECX,WaGan.004AE4C8                ; |
0043D4B4  |.  E8 87250400       ||CALL WaGan.0047FA40                   ; \WaGan.0047FA40
0043D4B9  |.  50                ||PUSH EAX                            ; /Arg6
0043D4BA  |.  8A95 DCFEFFFF    ||MOV DL,BYTE PTR SS:[EBP-124]          ; |
0043D4C0  |.  52                ||PUSH EDX                            ; |Arg5
0043D4C1  |.  6A 30             ||PUSH 30                               ; |Arg4 = 00000030
0043D4C3  |.  6A 30             ||PUSH 30                               ; |Arg3 = 00000030
0043D4C5  |.  8B85 C4FEFFFF    ||MOV EAX,DWORD PTR SS:[EBP-13C]       ; |
0043D4CB  |.  50                ||PUSH EAX                            ; |Arg2
0043D4CC  |.  8B8D C0FEFFFF    ||MOV ECX,DWORD PTR SS:[EBP-140]       ; |
0043D4D2  |.  51                ||PUSH ECX                            ; |Arg1
0043D4D3  |.  E8 A43E0100       ||CALL WaGan.0045137C                   ; \WaGan.0045137C
0043D4D8  |.  83C4 18          ||ADD ESP,18
0043D4DB  |.  E8 1611FEFF       ||CALL WaGan.0041E5F6
0043D4E0  |.  6A 02             ||PUSH 2                               ; /Arg1 = 00000002
0043D4E2  |.  B9 181B4B00       ||MOV ECX,WaGan.004B1B18                ; |
0043D4E7  |.  E8 545EFCFF       ||CALL WaGan.00403340                   ; \WaGan.00403340
0043D4EC  |.  E8 EFEFFEFF       ||CALL WaGan.0042C4E0
0043D4F1  |.^ E9 60FFFFFF       |\JMP WaGan.0043D456

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#12

发表于 2007-12-30 21:10 资料个人空间短消息看全部作者

战场里的对话

0042D05B  |.  E8 F1110500 CALL WaGan.0047E251
0042D060  |.  83C4 14    ADD ESP,14
0042D063  |.  6A 00       PUSH 0                                           ; /Arg5 = 00000000
0042D065  |.  6A 60       PUSH 60                                           ; |Arg4 = 00000060
0042D067  |.  68 B0010000 PUSH 1B0                                           ; |Arg3 = 000001B0
0042D06C  |.  8B8D ACFEFFFF MOV ECX,DWORD PTR SS:[EBP-154]                   ; |
0042D072  |.  51          PUSH ECX                                           ; |Arg2
0042D073  |.  8B95 B0FEFFFF MOV EDX,DWORD PTR SS:[EBP-150]                   ; |
0042D079  |.  52          PUSH EDX                                           ; |Arg1
0042D07A  |.  B9 30694B00 MOV ECX,WaGan.004B6930                            ; |
0042D07F    E8 37650400 CALL WaGan.004735BB 与底色有关的
0042D084  |.  6A 00       PUSH 0                                           ; /Arg3 = 00000000
0042D086  |.  6A 1F       PUSH 1F                                           ; |Arg2 = 0000001F
0042D088  |.  6A 04       PUSH 4                                           ; |Arg1 = 00000004
0042D08A  |.  E8 62010500 CALL WaGan.0047D1F1                               ; \WaGan.0047D1F1
0042D08F  |.  83C4 0C    ADD ESP,0C
0042D092  |.  83BD A8FEFFFF>CMP DWORD PTR SS:[EBP-158],0
0042D099  |.  0F84 04010000 JE WaGan.0042D1A3
0042D09F  |.  8B85 E4FEFFFF MOV EAX,DWORD PTR SS:[EBP-11C]
0042D0A5  |.  25 FF000000 AND EAX,0FF
0042D0AA  |.  8985 90FDFFFF MOV DWORD PTR SS:[EBP-270],EAX
0042D0B0  |.  83BD 90FDFFFF>CMP DWORD PTR SS:[EBP-270],3
0042D0B7  |.  0F87 C5000000 JA WaGan.0042D182
0042D0BD  |.  8B8D 90FDFFFF MOV ECX,DWORD PTR SS:[EBP-270]

0042D0CA  |> \68 00010000 PUSH 100                      ; /Arg3 = 00000100
0042D0CF  |.  8D95 F8FEFFFF LEA EDX,DWORD PTR SS:[EBP-108]  ; |
0042D0D5  |.  52          PUSH EDX                      ; |Arg2
0042D0D6  |.  6A 04       PUSH 4                         ; |/Arg3 = 00000004
0042D0D8  |.  6A 00       PUSH 0                         ; ||Arg2 = 00000000
0042D0DA  |.  68 C0970100 PUSH 197C0                   ; ||Arg1 = 000197C0
0042D0DF  |.  B9 50EB4A00 MOV ECX,WaGan.004AEB50       ; ||
0042D0E4  |.  E8 57290500 CALL WaGan.0047FA40          ; |\WaGan.0047FA40
0042D0E9  |.  50          PUSH EAX                      ; |Arg1
0042D0EA  |.  E8 0E2C0500 CALL WaGan.0047FCFD          ; \WaGan.0047FCFD
0042D0EF  |.  83C4 0C    ADD ESP,0C
0042D0F2  |.  6A 10       PUSH 10                      ; /Arg3 = 00000010
0042D0F4  |.  6A 10       PUSH 10                      ; |Arg2 = 00000010
0042D0F6  |.  8D85 F8FEFFFF LEA EAX,DWORD PTR SS:[EBP-108]  ; |
0042D0FC  |.  50          PUSH EAX                      ; |Arg1
0042D0FD  |.  E8 5A1CFFFF CALL WaGan.0041ED5C          ; \WaGan.0041ED5C
0042D102  |.  83C4 0C    ADD ESP,0C
0042D105  |.  EB 7B       JMP SHORT WaGan.0042D182

0042D182  |> \8D8D F8FEFFFF LEA ECX,DWORD PTR SS:[EBP-108]
0042D188  |.  51          PUSH ECX
0042D189  |.  6A 10       PUSH 10
0042D18B  |.  6A 10       PUSH 10
0042D18D  |.  8B95 A4FEFFFF MOV EDX,DWORD PTR SS:[EBP-15C] 纵坐标
0042D193  |.  52          PUSH EDX
0042D194  |.  8B85 BCFEFFFF MOV EAX,DWORD PTR SS:[EBP-144] 横坐标
0042D19A  |.  50          PUSH EAX
0042D19B  |.  E8 FB0E0500 CALL WaGan.0047E09B 这个是头顶的那个显示
0042D1A0  |.  83C4 14    ADD ESP,14

0042D1A3  |>  8B8D D0FEFFFF MOV ECX,DWORD PTR SS:[EBP-130]
0042D1A9  |.  E8 F9A3FDFF CALL WaGan.004075A7
0042D1AE  |.  50          PUSH EAX                      ; /Arg3  个就是头相的代号
0042D1AF  |.  8B8D ACFEFFFF MOV ECX,DWORD PTR SS:[EBP-154]  ; | 头相纵坐标
0042D1B5  |.  83C1 08    ADD ECX,8                      ; |
0042D1B8  |.  51          PUSH ECX                      ; |Arg2
0042D1B9  |.  8B15 18C84800 MOV EDX,DWORD PTR DS:[48C818] ; |
0042D1BF  |.  F7DA       NEG EDX                      ; |
0042D1C1  |.  1BD2       SBB EDX,EDX                   ; |
0042D1C3  |.  81E2 A0FEFFFF AND EDX,FFFFFEA0             ; |
0042D1C9  |.  81C2 68010000 ADD EDX,168                   ; |
0042D1CF  |.  8B85 B0FEFFFF MOV EAX,DWORD PTR SS:[EBP-150]  ; |  头相横坐标
0042D1D5  |.  03C2       ADD EAX,EDX                   ; |
0042D1D7  |.  50          PUSH EAX                      ; |Arg1
0042D1D8  |.  E8 0417FFFF CALL WaGan.0041E8E1          ; \WaGan.0041E8E1    这个在加载头象
0042D1DD  |.  83C4 0C    ADD ESP,0C

0042D1E0  |.  6A 3A       PUSH 3A                      ; /Arg1 = 0000003A 蓝色
0042D1E2  |.  B9 382F4900 MOV ECX,WaGan.00492F38       ; |
0042D1E7  |.  E8 981AFEFF CALL WaGan.0040EC84          ; \WaGan.0040EC84  名字的颜色显示
0042D1EC  |.  8B8D ACFEFFFF MOV ECX,DWORD PTR SS:[EBP-154]  名字纵坐标+6
0042D1F2  |.  83C1 06    ADD ECX,6 //0B
0042D1F5  |.  51          PUSH ECX                      ; /Arg2
0042D1F6  |.  8B15 18C84800 MOV EDX,DWORD PTR DS:[48C818] ; |
0042D1FC  |.  F7DA       NEG EDX                      ; |
0042D1FE  |.  1BD2       SBB EDX,EDX                   ; |
0042D200  |.  83E2 50    AND EDX,50                   ; |
0042D203  |.  83C2 10    ADD EDX,10                   ; | //48
0042D206  |.  8B85 B0FEFFFF MOV EAX,DWORD PTR SS:[EBP-150]  ; | 名字横坐标
0042D20C  |.  03C2       ADD EAX,EDX                   ; |
0042D20E  |.  99          CDQ                            ; |
0042D20F  |.  83E2 07    AND EDX,7                      ; |
0042D212  |.  03C2       ADD EAX,EDX                   ; |
0042D214  |.  C1F8 03    SAR EAX,3                      ; |
0042D217  |.  50          PUSH EAX                      ; |Arg1
0042D218  |.  B9 382F4900 MOV ECX,WaGan.00492F38       ; |
0042D21D  |.  E8 B519FEFF CALL WaGan.0040EBD7          ; \WaGan.0040EBD7

0042D222  |.  8B8D D0FEFFFF MOV ECX,DWORD PTR SS:[EBP-130]
0042D228  |.  E8 2AA5FDFF CALL WaGan.00407757

0042D22D  |.  50          PUSH EAX                      ; /Arg3
0042D22E  |.  68 28C84800 PUSH WaGan.0048C828          ; |Arg2 = 0048C828 ASCII "%s"
0042D233  |.  68 382F4900 PUSH WaGan.00492F38          ; |Arg1 = 00492F38
0042D238  |.  E8 6328FEFF CALL WaGan.0040FAA0          ; \WaGan.0040FAA0
0042D23D  |.  83C4 0C    ADD ESP,0C
0042D240  |.  6A 12       PUSH 12                      ; /Arg6 = 00000012
0042D242  |.  6A 00       PUSH 0                         ; |Arg5 = 00000000
0042D244  |.  6A 40       PUSH 40                      ; |Arg4 = 00000040 高度
0042D246  |.  68 20010000 PUSH 120                      ; |Arg3 = 00000120
0042D24B  |.  8B85 ACFEFFFF MOV EAX,DWORD PTR SS:[EBP-154]  ; |对话框白色部分的中间处的纵坐标
0042D251  |.  83C0 1A    ADD EAX,1A                   ; |    //09
0042D254  |.  50          PUSH EAX                      ; |Arg2
0042D255  |.  8B0D 18C84800 MOV ECX,DWORD PTR DS:[48C818] ; |
0042D25B  |.  F7D9       NEG ECX                      ; |
0042D25D  |.  1BC9       SBB ECX,ECX                   ; |
0042D25F  |.  83E1 50    AND ECX,50                   ; |
0042D262  |.  83C1 20    ADD ECX,20                   ; |
0042D265  |.  8B95 B0FEFFFF MOV EDX,DWORD PTR SS:[EBP-150]  ; | 横坐标
0042D26B  |.  03D1       ADD EDX,ECX                   ; |
0042D26D  |.  52          PUSH EDX                      ; |Arg1
0042D26E  |.  E8 3014FFFF CALL WaGan.0041E6A3          ; \WaGan.0041E6A3
0042D273  |.  83C4 18    ADD ESP,18
0042D276  |.  6A 00       PUSH 0                         ; /Arg3 = 00000000
0042D278  |.  6A 1F       PUSH 1F                      ; |Arg2 = 0000001F
0042D27A  |.  6A 04       PUSH 4                         ; |Arg1 = 00000004
0042D27C  |.  E8 70FF0400 CALL WaGan.0047D1F1          ; \WaGan.0047D1F1
0042D281  |.  83C4 0C    ADD ESP,0C
0042D284  |.  6A 04       PUSH 4                         ; /Arg3 = 00000004
0042D286  |.  6A 00       PUSH 0                         ; |Arg2 = 00000000
0042D288  |.  A1 18C84800 MOV EAX,DWORD PTR DS:[48C818] ; |
0042D28D  |.  F7D8       NEG EAX                      ; |
0042D28F  |.  1BC0       SBB EAX,EAX                   ; |
0042D291  |.  24 00       AND AL,0                      ; |
0042D293  |.  05 C0990100 ADD EAX,199C0                ; |
0042D298  |.  50          PUSH EAX                      ; |Arg1
0042D299  |.  B9 50EB4A00 MOV ECX,WaGan.004AEB50       ; |
0042D29E  |.  E8 9D270500 CALL WaGan.0047FA40          ; \WaGan.0047FA40
0042D2A3  |.  50          PUSH EAX
0042D2A4  |.  6A 10       PUSH 10
0042D2A6  |.  6A 10       PUSH 10
0042D2A8  |.  8B8D ACFEFFFF MOV ECX,DWORD PTR SS:[EBP-154] 尖角的纵坐标
0042D2AE  |.  83C1 3C    ADD ECX,3C
0042D2B1  |.  51          PUSH ECX

0042D2B2  |.  8B15 18C84800 MOV EDX,DWORD PTR DS:[48C818]
0042D2B8  |.  F7DA       NEG EDX
0042D2BA  |.  1BD2       SBB EDX,EDX
0042D2BC  |.  80E2 00    AND DL,0
0042D2BF  |.  81C2 50010000 ADD EDX,150
0042D2C5  |.  8B85 B0FEFFFF MOV EAX,DWORD PTR SS:[EBP-150] 尖角的横坐标
0042D2CB  |.  03C2       ADD EAX,EDX
0042D2CD  |.  50          PUSH EAX
0042D2CE  |.  E8 C80D0500 CALL WaGan.0047E09B
0042D2D3  |.  83C4 14    ADD ESP,14
0042D2D6  |.  6A 04       PUSH 4                         ; /Arg3 = 00000004
0042D2D8  |.  6A 00       PUSH 0                         ; |Arg2 = 00000000
0042D2DA  |.  68 C09A0100 PUSH 19AC0                   ; |Arg1 = 00019AC0
0042D2DF  |.  B9 50EB4A00 MOV ECX,WaGan.004AEB50       ; |
0042D2E4  |.  E8 57270500 CALL WaGan.0047FA40          ; \WaGan.0047FA40
0042D2E9  |.  50          PUSH EAX
0042D2EA  |.  6A 40       PUSH 40
0042D2EC  |.  6A 10       PUSH 10
0042D2EE  |.  8B8D ACFEFFFF MOV ECX,DWORD PTR SS:[EBP-154] 对话框里左边的白色部分纵坐标
0042D2F4  |.  83C1 1A    ADD ECX,1A
0042D2F7  |.  51          PUSH ECX
0042D2F8  |.  8B15 18C84800 MOV EDX,DWORD PTR DS:[48C818]
0042D2FE  |.  F7DA       NEG EDX
0042D300  |.  1BD2       SBB EDX,EDX
0042D302  |.  83E2 50    AND EDX,50
0042D305  |.  83C2 10    ADD EDX,10
0042D308  |.  8B85 B0FEFFFF MOV EAX,DWORD PTR SS:[EBP-150] 横坐标
0042D30E  |.  03C2       ADD EAX,EDX
0042D310  |.  50          PUSH EAX
0042D311  |.  E8 850D0500 CALL WaGan.0047E09B
0042D316  |.  83C4 14    ADD ESP,14
0042D319  |.  6A 04       PUSH 4                         ; /Arg3 = 00000004
0042D31B  |.  6A 00       PUSH 0                         ; |Arg2 = 00000000
0042D31D  |.  68 C09E0100 PUSH 19EC0                   ; |Arg1 = 00019EC0
0042D322  |.  B9 50EB4A00 MOV ECX,WaGan.004AEB50       ; |
0042D327  |.  E8 14270500 CALL WaGan.0047FA40          ; \WaGan.0047FA40
0042D32C  |.  50          PUSH EAX
0042D32D  |.  6A 40       PUSH 40
0042D32F  |.  6A 10       PUSH 10
0042D331  |.  8B8D ACFEFFFF MOV ECX,DWORD PTR SS:[EBP-154] 对话框右半边部分纵作标
0042D337  |.  83C1 1A    ADD ECX,1A
0042D33A  |.  51          PUSH ECX
0042D33B  |.  8B15 18C84800 MOV EDX,DWORD PTR DS:[48C818]
0042D341  |.  F7DA       NEG EDX
0042D343  |.  1BD2       SBB EDX,EDX
0042D345  |.  83E2 50    AND EDX,50
0042D348  |.  81C2 40010000 ADD EDX,140
0042D34E  |.  8B85 B0FEFFFF MOV EAX,DWORD PTR SS:[EBP-150]  横坐标
0042D354  |.  03C2       ADD EAX,EDX
0042D356  |.  50          PUSH EAX
0042D357  |.  E8 3F0D0500 CALL WaGan.0047E09B
0042D35C  |.  83C4 14    ADD ESP,14
0042D35F  |.  E8 9212FFFF CALL WaGan.0041E5F6 画图
0042D364  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]

0042D2D6    68 D8902E00 PUSH 2E90D8 气泡尖朝左，适合人脸朝左。  2E9318，气泡尖朝右，适合脸朝右
0042D2DB    6A 18       PUSH 18
0042D2DD    6A 18       PUSH 18
0042D2DF    8B85 ACFEFFFF MOV EAX,DWORD PTR SS:[EBP-154] 纵坐标
0042D2E5    83C0 5E    ADD EAX,5E
0042D2E8    90          NOP
0042D2E9    90          NOP
0042D2EA    50          PUSH EAX
0042D2EB    8B85 B0FEFFFF MOV EAX,DWORD PTR SS:[EBP-150] 横坐标
0042D2F1    05 D5000000 ADD EAX,0D5
0042D2F6    50          PUSH EAX
0042D2F7    E8 9F0D0500 CALL WaGan.0047E09B

0042D063 .  6A 00       PUSH 0
0042D065    68 20010000 PUSH 120
0042D06A    68 60020000 PUSH 260
0042D06F .  8B8D ACFEFFFF MOV ECX,DWORD PTR SS:[EBP-154]
0042D075    81E9 80000000 SUB ECX,80
0042D07B    51          PUSH ECX
0042D07C    8B8D B0FEFFFF MOV ECX,DWORD PTR SS:[EBP-150]
0042D082    81E9 80000000 SUB ECX,80
0042D088    51          PUSH ECX
0042D089    B9 30694B00 MOV ECX,WaGan.004B6930
0042D08E    90          NOP
0042D08F    90          NOP
0042D090    90          NOP
0042D091    90          NOP
0042D092    83BD A8FEFFFF>CMP DWORD PTR SS:[EBP-158],0       ;  0表示人物未在战场上  EBP-158
0042D099 .  0F84 04010000 JE WaGan.0042D1A3

42D107  战场说话...
0042D364 .  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
0042D367 .  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
0042D36A .  C785 F4FEFFFF>MOV DWORD PTR SS:[EBP-10C],1
0042D374 .  B9 70074B00 MOV ECX,WaGan.004B0770
0042D379 .  E8 B2EFFEFF CALL WaGan.0041C330
0042D37E .  8885 D8FEFFFF MOV BYTE PTR SS:[EBP-128],AL
0042D384 .  8B95 D8FEFFFF MOV EDX,DWORD PTR SS:[EBP-128]
0042D38A .  81E2 FF000000 AND EDX,0FF
0042D390 .  F7DA       NEG EDX
0042D392 .  1BD2       SBB EDX,EDX
0042D394 .  F7DA       NEG EDX
0042D396 .  8995 C8FEFFFF MOV DWORD PTR SS:[EBP-138],EDX
0042D39C .  B9 70074B00 MOV ECX,WaGan.004B0770
0042D3A1 .  E8 6AD5FFFF CALL WaGan.0042A910
0042D3A6 .  25 00080000 AND EAX,800
0042D3AB .  85C0       TEST EAX,EAX
0042D3AD .  74 07       JE SHORT WaGan.0042D3B6
0042D3AF .  C685 D8FEFFFF>MOV BYTE PTR SS:[EBP-128],3
0042D3B6 >  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0042D3B9 .  33C9       XOR ECX,ECX
0042D3BB .  8A08       MOV CL,BYTE PTR DS:[EAX]
0042D3BD .  85C9       TEST ECX,ECX
0042D3BF .  0F84 87010000 JE WaGan.0042D54C
0042D3C5 .  C785 E8FEFFFF>MOV DWORD PTR SS:[EBP-118],1E
0042D3CF .  83BD F4FEFFFF>CMP DWORD PTR SS:[EBP-10C],0
0042D3D6 .  75 3F       JNZ SHORT WaGan.0042D417
0042D3D8 .  E8 FE11FFFF CALL WaGan.0041E5DB
0042D3DD .  6A 12       PUSH 12                               ; /Arg6 = 00000012
0042D3DF .  6A 00       PUSH 0                                  ; |Arg5 = 00000000
0042D3E1 .  6A 40       PUSH 40                               ; |Arg4 = 00000040
0042D3E3 .  68 20010000 PUSH 120                               ; |Arg3 = 00000120
0042D3E8 .  8B95 ACFEFFFF MOV EDX,DWORD PTR SS:[EBP-154]          ; |
0042D3EE .  83C2 1A    ADD EDX,1A                            ; |
0042D3F1 .  52          PUSH EDX                               ; |Arg2
0042D3F2 .  A1 18C84800 MOV EAX,DWORD PTR DS:[48C818]          ; |
0042D3F7 .  F7D8       NEG EAX                               ; |
0042D3F9 .  1BC0       SBB EAX,EAX                            ; |
0042D3FB .  83E0 50    AND EAX,50                            ; |
0042D3FE .  83C0 20    ADD EAX,20                            ; |
0042D401 .  8B8D B0FEFFFF MOV ECX,DWORD PTR SS:[EBP-150]          ; |
0042D407 .  03C8       ADD ECX,EAX                            ; |
0042D409 .  51          PUSH ECX                               ; |Arg1
0042D40A .  E8 9412FFFF CALL WaGan.0041E6A3                   ; \WaGan.0041E6A3
0042D40F .  83C4 18    ADD ESP,18
0042D412 .  E8 DF11FFFF CALL WaGan.0041E5F6
0042D417 >  6A 00       PUSH 0                                  ; /lParam = 0
0042D419 .  6A 00       PUSH 0                                  ; |wParam = 0
0042D41B .  68 02020000 PUSH 202                               ; |Message = WM_LBUTTONUP
0042D420 .  8B15 686A4B00 MOV EDX,DWORD PTR DS:[4B6A68]          ; |
0042D426 .  52          PUSH EDX                               ; |hWnd => 7064A
0042D427 .  FF15 F4624800 CALL DWORD PTR DS:[<&USER32.SendMessageA>; \SendMessageA
0042D42D .  6A 1F       PUSH 1F                               ; /Arg1 = 0000001F
0042D42F .  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
0042D434 .  E8 4B18FEFF CALL WaGan.0040EC84                   ; \WaGan.0040EC84
0042D439 .  C685 F0FEFFFF>MOV BYTE PTR SS:[EBP-110],0
0042D440 .  EB 0E       JMP SHORT WaGan.0042D450
0042D442 >  8A85 F0FEFFFF MOV AL,BYTE PTR SS:[EBP-110]
0042D448 .  04 01       ADD AL,1
0042D44A .  8885 F0FEFFFF MOV BYTE PTR SS:[EBP-110],AL
0042D450 >  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0042D453 .  33D2       XOR EDX,EDX
0042D455 .  8A11       MOV DL,BYTE PTR DS:[ECX]
0042D457 .  85D2       TEST EDX,EDX
0042D459 .  74 71       JE SHORT WaGan.0042D4CC
0042D45B .  8B85 F0FEFFFF MOV EAX,DWORD PTR SS:[EBP-110]
0042D461 .  25 FF000000 AND EAX,0FF
0042D466 .  3B85 DCFEFFFF CMP EAX,DWORD PTR SS:[EBP-124]
0042D46C .  7D 5E       JGE SHORT WaGan.0042D4CC
0042D46E .  8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138]
0042D474 .  51          PUSH ECX                               ; /Arg4
0042D475 .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]          ; |
0042D478 .  52          PUSH EDX                               ; |Arg3
0042D479 .  8B85 ACFEFFFF MOV EAX,DWORD PTR SS:[EBP-154]          ; |
0042D47F .  0385 E8FEFFFF ADD EAX,DWORD PTR SS:[EBP-118]          ; |
0042D485 .  50          PUSH EAX                               ; |Arg2 = 00000256
0042D486 .  8B0D 18C84800 MOV ECX,DWORD PTR DS:[48C818]          ; |
0042D48C .  F7D9       NEG ECX                               ; |
0042D48E .  1BC9       SBB ECX,ECX                            ; |
0042D490 .  83E1 50    AND ECX,50                            ; |
0042D493 .  83C1 18    ADD ECX,18                            ; |
0042D496 .  8B85 B0FEFFFF MOV EAX,DWORD PTR SS:[EBP-150]          ; |
0042D49C .  03C1       ADD EAX,ECX                            ; |
0042D49E .  99          CDQ                                     ; |
0042D49F .  83E2 07    AND EDX,7                               ; |
0042D4A2 .  03C2       ADD EAX,EDX                            ; |
0042D4A4 .  C1F8 03    SAR EAX,3                               ; |
0042D4A7 .  50          PUSH EAX                               ; |Arg1
0042D4A8 .  E8 03F4FFFF CALL WaGan.0042C8B0                   ; \WaGan.0042C8B0
0042D4AD .  83C4 10    ADD ESP,10

0042D4B0 .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0042D4B3 .  03D0       ADD EDX,EAX
0042D4B5 .  8955 FC    MOV DWORD PTR SS:[EBP-4],EDX
0042D4B8 .  8B85 E8FEFFFF MOV EAX,DWORD PTR SS:[EBP-118]
0042D4BE .  83C0 14    ADD EAX,14
0042D4C1 .  8985 E8FEFFFF MOV DWORD PTR SS:[EBP-118],EAX
0042D4C7 .^ E9 76FFFFFF JMP WaGan.0042D442

0042D4CC >  B9 B07F4900 MOV ECX,WaGan.00497FB0
0042D4AD .  83C4 10          ADD ESP,10
0042D4B0 .  8B55 FC          MOV EDX,DWORD PTR SS:[EBP-4]
0042D4B3 .  03D0             ADD EDX,EAX
0042D4B5 .  8955 FC          MOV DWORD PTR SS:[EBP-4],EDX
0042D4B8 .  8B85 E8FEFFFF    MOV EAX,DWORD PTR SS:[EBP-118]
0042D4BE .  83C0 14          ADD EAX,14
0042D4C1 .  8985 E8FEFFFF    MOV DWORD PTR SS:[EBP-118],EAX
0042D4C7 .^ E9 76FFFFFF       JMP WaGan.0042D442
0042D4CC >  B9 B07F4900       MOV ECX,WaGan.00497FB0
0042D4D1 .  E8 908BFFFF       CALL WaGan.00426066
0042D4D6 .  6A 00             PUSH 0                                  ; /lParam = 0
0042D4D8 .  6A 00             PUSH 0                                  ; |wParam = 0
0042D4DA .  68 02020000       PUSH 202                               ; |Message = WM_LBUTTONUP
0042D4DF .  8B0D 686A4B00    MOV ECX,DWORD PTR DS:[4B6A68]          ; |
0042D4E5 .  51                PUSH ECX                               ; |hWnd => 2F02E0
0042D4E6 .  FF15 F4624800    CALL DWORD PTR DS:[<&USER32.SendMessageA>; \SendMessageA
0042D4EC .  8B95 D8FEFFFF    MOV EDX,DWORD PTR SS:[EBP-128]
0042D4F2 .  81E2 FF000000    AND EDX,0FF
0042D4F8 .  8995 8CFDFFFF    MOV DWORD PTR SS:[EBP-274],EDX
0042D4FE .  83BD 8CFDFFFF 03 CMP DWORD PTR SS:[EBP-274],3
0042D505 .  77 36             JA SHORT WaGan.0042D53D
0042D507 .  8B85 8CFDFFFF    MOV EAX,DWORD PTR SS:[EBP-274]
0042D50D .  FF2485 E1D54200 JMP DWORD PTR DS:[EAX*4+42D5E1]
0042D514 >  6A 0F             PUSH 0F                               ; /Arg1 = 0000000F
0042D516 .  E8 2BF1FFFF       CALL WaGan.0042C646                   ; \WaGan.0042C646
0042D51B .  83C4 04          ADD ESP,4
0042D51E .  EB 1D             JMP SHORT WaGan.0042D53D
0042D520 >  6A 0A             PUSH 0A                               ; /Arg1 = 0000000A
0042D522 .  E8 1FF1FFFF       CALL WaGan.0042C646                   ; \WaGan.0042C646
0042D527 .  83C4 04          ADD ESP,4
0042D52A .  EB 11             JMP SHORT WaGan.0042D53D
0042D52C >  6A 14             PUSH 14                               ; /Arg1 = 00000014
0042D52E .  E8 13F1FFFF       CALL WaGan.0042C646                   ; \WaGan.0042C646
0042D533 .  83C4 04          ADD ESP,4
0042D536 .  EB 05             JMP SHORT WaGan.0042D53D
0042D538 >  E8 F6F1FFFF       CALL WaGan.0042C733
0042D53D >  C785 F4FEFFFF 0000>MOV DWORD PTR SS:[EBP-10C],0
0042D547 .^ E9 6AFEFFFF       JMP WaGan.0042D3B6
0042D54C >  B9 B07F4900       MOV ECX,WaGan.00497FB0
0042D551 .  E8 108BFFFF       CALL WaGan.00426066
0042D556 .  B9 30694B00       MOV ECX,WaGan.004B6930
0042D55B .  E8 C3600400       CALL WaGan.00473623
0042D560 .  83BD A8FEFFFF 00 CMP DWORD PTR SS:[EBP-158],0
0042D567 .  74 21             JE SHORT WaGan.0042D58A
0042D569 .  8D8D A4FDFFFF    LEA ECX,DWORD PTR SS:[EBP-25C]
0042D56F .  51                PUSH ECX
0042D570 .  6A 10             PUSH 10
0042D572 .  6A 10             PUSH 10
0042D574 .  8B95 A4FEFFFF    MOV EDX,DWORD PTR SS:[EBP-15C]
0042D57A .  52                PUSH EDX
0042D57B .  8B85 BCFEFFFF    MOV EAX,DWORD PTR SS:[EBP-144]
0042D581 .  50                PUSH EAX
0042D582 .  E8 140B0500       CALL WaGan.0047E09B
0042D587 .  83C4 14          ADD ESP,14
0042D58A >  8B8D B8FEFFFF    MOV ECX,DWORD PTR SS:[EBP-148]
0042D590 .  81E1 FF000000    AND ECX,0FF
0042D596 .  81F9 FF000000    CMP ECX,0FF
0042D59C .  74 1D             JE SHORT WaGan.0042D5BB
0042D59E .  8B95 B8FEFFFF    MOV EDX,DWORD PTR SS:[EBP-148]
0042D5A4 .  81E2 FF000000    AND EDX,0FF
0042D5AA .  83FA 01          CMP EDX,1
0042D5AD .  74 0C             JE SHORT WaGan.0042D5BB
0042D5AF .  C785 88FDFFFF 0000>MOV DWORD PTR SS:[EBP-278],0
0042D5B9 .  EB 0A             JMP SHORT WaGan.0042D5C5
0042D5BB >  C785 88FDFFFF 0100>MOV DWORD PTR SS:[EBP-278],1
0042D5C5 >  8B85 88FDFFFF    MOV EAX,DWORD PTR SS:[EBP-278]
0042D5CB .  5E                POP ESI

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#13

发表于 2007-12-30 21:11 资料个人空间短消息看全部作者

在战场里的对话改掉对话框加上小气泡的研究

0042CB6D $  55                PUSH EBP
0042CB6E .  8BEC             MOV EBP,ESP
0042CB70 .  81EC 78020000    SUB ESP,278
0042CB76 .  53                PUSH EBX
0042CB77 .  56                PUSH ESI
0042CB78 .  C685 B8FEFFFF FF MOV BYTE PTR SS:[EBP-148],0FF
0042CB7F .  817D 0C 00040000 CMP DWORD PTR SS:[EBP+C],400
0042CB86 .  73 14             JNB SHORT WaGan.0042CB9C
0042CB88 .  8B45 0C          MOV EAX,DWORD PTR SS:[EBP+C]
0042CB8B .  50                PUSH EAX                               ; /Arg1
0042CB8C .  E8 CFF2FDFF       CALL WaGan.0040BE60                   ; \WaGan.0040BE60
0042CB91 .  83C4 04          ADD ESP,4
0042CB94 .  8985 94FDFFFF    MOV DWORD PTR SS:[EBP-26C],EAX
0042CB9A .  EB 0A             JMP SHORT WaGan.0042CBA6
0042CB9C >  C785 94FDFFFF 0000>MOV DWORD PTR SS:[EBP-26C],0
0042CBA6 >  8B8D 94FDFFFF    MOV ECX,DWORD PTR SS:[EBP-26C]
0042CBAC .  898D D0FEFFFF    MOV DWORD PTR SS:[EBP-130],ECX
0042CBB2 .  B9 50424B00       MOV ECX,WaGan.004B4250
0042CBB7 .  E8 88920200       CALL WaGan.00455E44
0042CBBC .  99                CDQ
0042CBBD .  B9 30000000       MOV ECX,30
0042CBC2 .  F7F9             IDIV ECX
0042CBC4 .  8885 D4FEFFFF    MOV BYTE PTR SS:[EBP-12C],AL
0042CBCA .  B9 50424B00       MOV ECX,WaGan.004B4250
0042CBCF .  E8 97920200       CALL WaGan.00455E6B
0042CBD4 .  99                CDQ
0042CBD5 .  B9 30000000       MOV ECX,30
0042CBDA .  F7F9             IDIV ECX
0042CBDC .  8885 C0FEFFFF    MOV BYTE PTR SS:[EBP-140],AL
0042CBE2 .  8B85 D4FEFFFF    MOV EAX,DWORD PTR SS:[EBP-12C]
0042CBE8 .  25 FF000000       AND EAX,0FF
0042CBED .  99                CDQ
0042CBEE .  2BC2             SUB EAX,EDX
0042CBF0 .  D1F8             SAR EAX,1
0042CBF2 .  8885 B4FEFFFF    MOV BYTE PTR SS:[EBP-14C],AL
0042CBF8 .  8B85 C0FEFFFF    MOV EAX,DWORD PTR SS:[EBP-140]
0042CBFE .  25 FF000000       AND EAX,0FF
0042CC03 .  99                CDQ
0042CC04 .  2BC2             SUB EAX,EDX
0042CC06 .  D1F8             SAR EAX,1
0042CC08 .  8885 C4FEFFFF    MOV BYTE PTR SS:[EBP-13C],AL
0042CC0E .  8B95 B4FEFFFF    MOV EDX,DWORD PTR SS:[EBP-14C]
0042CC14 .  81E2 FF000000    AND EDX,0FF
0042CC1A .  6BD2 30          IMUL EDX,EDX,30
0042CC1D .  8995 ECFEFFFF    MOV DWORD PTR SS:[EBP-114],EDX
0042CC23 .  8B85 C4FEFFFF    MOV EAX,DWORD PTR SS:[EBP-13C]
0042CC29 .  25 FF000000       AND EAX,0FF
0042CC2E .  6BC0 30          IMUL EAX,EAX,30
0042CC31 .  8985 E0FEFFFF    MOV DWORD PTR SS:[EBP-120],EAX
0042CC37 .  C785 A8FEFFFF 0000>MOV DWORD PTR SS:[EBP-158],0
0042CC41 .  8B4D 0C          MOV ECX,DWORD PTR SS:[EBP+C]
0042CC44 .  6BC9 48          IMUL ECX,ECX,48
0042CC47 .  81C1 0000D600    ADD ECX,0D60000
0042CC4D .  E8 8AAE0400       CALL WaGan.00477ADC
0042CC52 .  8845 F8          MOV BYTE PTR SS:[EBP-8],AL
0042CC55 .  8B4D F8          MOV ECX,DWORD PTR SS:[EBP-8]
0042CC58 .  81E1 FF000000    AND ECX,0FF
0042CC5E .  81F9 FF000000    CMP ECX,0FF
0042CC64 .  0F84 DE020000    JE WaGan.0042CF48
0042CC6A .  8B4D F8          MOV ECX,DWORD PTR SS:[EBP-8]
0042CC6D .  81E1 FF000000    AND ECX,0FF
0042CC73 .  6BC9 24          IMUL ECX,ECX,24
0042CC76 .  81C1 502C4B00    ADD ECX,WaGan.004B2C50
0042CC7C .  E8 0FC0FEFF       CALL WaGan.00418C90
0042CC81 .  25 FF000000       AND EAX,0FF
0042CC86 .  83F8 02          CMP EAX,2
0042CC89 .  0F85 B9020000    JNZ WaGan.0042CF48
0042CC8F .  C785 A8FEFFFF 0100>MOV DWORD PTR SS:[EBP-158],1
0042CC99 .  8B4D F8          MOV ECX,DWORD PTR SS:[EBP-8]
0042CC9C .  81E1 FF000000    AND ECX,0FF
0042CCA2 .  6BC9 24          IMUL ECX,ECX,24
0042CCA5 .  81C1 502C4B00    ADD ECX,WaGan.004B2C50
0042CCAB .  E8 B066FDFF       CALL WaGan.00403360
0042CCB0 .  66:8B10          MOV DX,WORD PTR DS:[EAX]
0042CCB3 .  66:8995 98FDFFFF MOV WORD PTR SS:[EBP-268],DX
0042CCBA .  8B9D 98FDFFFF    MOV EBX,DWORD PTR SS:[EBP-268]
0042CCC0 .  81E3 FF000000    AND EBX,0FF
0042CCC6 .  B9 50424B00       MOV ECX,WaGan.004B4250
0042CCCB .  E8 C34D0200       CALL WaGan.00451A93
0042CCD0 .  99                CDQ
0042CCD1 .  B9 30000000       MOV ECX,30
0042CCD6 .  F7F9             IDIV ECX
0042CCD8 .  2BD8             SUB EBX,EAX
0042CCDA .  889D 9CFDFFFF    MOV BYTE PTR SS:[EBP-264],BL
0042CCE0 .  8B9D 99FDFFFF    MOV EBX,DWORD PTR SS:[EBP-267]
0042CCE6 .  81E3 FF000000    AND EBX,0FF
0042CCEC .  B9 50424B00       MOV ECX,WaGan.004B4250
0042CCF1 .  E8 AE4D0200       CALL WaGan.00451AA4
0042CCF6 .  99                CDQ
0042CCF7 .  B9 30000000       MOV ECX,30
0042CCFC .  F7F9             IDIV ECX
0042CCFE .  2BD8             SUB EBX,EAX
0042CD00 .  889D A0FDFFFF    MOV BYTE PTR SS:[EBP-260],BL
0042CD06 .  8B95 9CFDFFFF    MOV EDX,DWORD PTR SS:[EBP-264]
0042CD0C .  81E2 FF000000    AND EDX,0FF
0042CD12 .  83FA 02          CMP EDX,2
0042CD15 .  7C 22             JL SHORT WaGan.0042CD39
0042CD17 .  8B85 9CFDFFFF    MOV EAX,DWORD PTR SS:[EBP-264]
0042CD1D .  25 FF000000       AND EAX,0FF
0042CD22 .  8B8D D4FEFFFF    MOV ECX,DWORD PTR SS:[EBP-12C]
0042CD28 .  81E1 FF000000    AND ECX,0FF
0042CD2E .  83E9 02          SUB ECX,2
0042CD31 .  3BC1             CMP EAX,ECX
0042CD33 .  0F8C E9000000    JL WaGan.0042CE22
0042CD39 >  8B95 9CFDFFFF    MOV EDX,DWORD PTR SS:[EBP-264]
0042CD3F .  81E2 FF000000    AND EDX,0FF
0042CD45 .  83FA 02          CMP EDX,2
0042CD48 .  7D 32             JGE SHORT WaGan.0042CD7C
0042CD4A .  8B85 9CFDFFFF    MOV EAX,DWORD PTR SS:[EBP-264]
0042CD50 .  25 FF000000       AND EAX,0FF
0042CD55 .  83C0 01          ADD EAX,1
0042CD58 .  6BC0 30          IMUL EAX,EAX,30
0042CD5B .  83C0 10          ADD EAX,10
0042CD5E .  8985 B0FEFFFF    MOV DWORD PTR SS:[EBP-150],EAX
0042CD64 .  8B8D B0FEFFFF    MOV ECX,DWORD PTR SS:[EBP-150]
0042CD6A .  83E9 10          SUB ECX,10
0042CD6D .  898D BCFEFFFF    MOV DWORD PTR SS:[EBP-144],ECX
0042CD73 .  C685 E4FEFFFF 03 MOV BYTE PTR SS:[EBP-11C],3
0042CD7A .  EB 39             JMP SHORT WaGan.0042CDB5
0042CD7C >  8B95 9CFDFFFF    MOV EDX,DWORD PTR SS:[EBP-264]
0042CD82 .  81E2 FF000000    AND EDX,0FF
0042CD88 .  6BD2 30          IMUL EDX,EDX,30
0042CD8B .  81EA C0010000    SUB EDX,1C0
0042CD91 .  8995 B0FEFFFF    MOV DWORD PTR SS:[EBP-150],EDX
0042CD97 .  8B85 9CFDFFFF    MOV EAX,DWORD PTR SS:[EBP-264]
0042CD9D .  25 FF000000       AND EAX,0FF
0042CDA2 .  6BC0 30          IMUL EAX,EAX,30
0042CDA5 .  83E8 10          SUB EAX,10
0042CDA8 .  8985 BCFEFFFF    MOV DWORD PTR SS:[EBP-144],EAX
0042CDAE .  C685 E4FEFFFF 01 MOV BYTE PTR SS:[EBP-11C],1
0042CDB5 >  8B8D A0FDFFFF    MOV ECX,DWORD PTR SS:[EBP-260]
0042CDBB .  81E1 FF000000    AND ECX,0FF
0042CDC1 .  8B95 C4FEFFFF    MOV EDX,DWORD PTR SS:[EBP-13C]
0042CDC7 .  81E2 FF000000    AND EDX,0FF
0042CDCD .  3BCA             CMP ECX,EDX
0042CDCF .  7D 19             JGE SHORT WaGan.0042CDEA
0042CDD1 .  8B85 A0FDFFFF    MOV EAX,DWORD PTR SS:[EBP-260]
0042CDD7 .  25 FF000000       AND EAX,0FF
0042CDDC .  6BC0 30          IMUL EAX,EAX,30
0042CDDF .  83C0 08          ADD EAX,8
0042CDE2 .  8985 ACFEFFFF    MOV DWORD PTR SS:[EBP-154],EAX
0042CDE8 .  EB 1B             JMP SHORT WaGan.0042CE05
0042CDEA >  8B8D A0FDFFFF    MOV ECX,DWORD PTR SS:[EBP-260]
0042CDF0 .  81E1 FF000000    AND ECX,0FF
0042CDF6 .  83C1 01          ADD ECX,1
0042CDF9 .  6BC9 30          IMUL ECX,ECX,30
0042CDFC .  83E9 68          SUB ECX,68
0042CDFF .  898D ACFEFFFF    MOV DWORD PTR SS:[EBP-154],ECX
0042CE05 >  8B95 A0FDFFFF    MOV EDX,DWORD PTR SS:[EBP-260]
0042CE0B .  81E2 FF000000    AND EDX,0FF
0042CE11 .  6BD2 30          IMUL EDX,EDX,30
0042CE14 .  83C2 10          ADD EDX,10
0042CE17 .  8995 A4FEFFFF    MOV DWORD PTR SS:[EBP-15C],EDX
0042CE1D .  E9 24010000       JMP WaGan.0042CF46
0042CE22 >  8B85 9CFDFFFF    MOV EAX,DWORD PTR SS:[EBP-264]
0042CE28 .  25 FF000000       AND EAX,0FF
0042CE2D .  6BC0 30          IMUL EAX,EAX,30
0042CE30 .  3D C8000000       CMP EAX,0C8
0042CE35 .  7D 1D             JGE SHORT WaGan.0042CE54
0042CE37 .  8B8D 9CFDFFFF    MOV ECX,DWORD PTR SS:[EBP-264]
0042CE3D .  81E1 FF000000    AND ECX,0FF
0042CE43 .  83E9 01          SUB ECX,1
0042CE46 .  6BC9 30          IMUL ECX,ECX,30
0042CE49 .  83C1 08          ADD ECX,8
0042CE4C .  898D B0FEFFFF    MOV DWORD PTR SS:[EBP-150],ECX
0042CE52 .  EB 5F             JMP SHORT WaGan.0042CEB3
0042CE54 >  8BB5 9CFDFFFF    MOV ESI,DWORD PTR SS:[EBP-264]
0042CE5A .  81E6 FF000000    AND ESI,0FF
0042CE60 .  83C6 01          ADD ESI,1
0042CE63 .  6BF6 30          IMUL ESI,ESI,30
0042CE66 .  81C6 C8000000    ADD ESI,0C8
0042CE6C .  B9 50424B00       MOV ECX,WaGan.004B4250
0042CE71 .  E8 CE8F0200       CALL WaGan.00455E44
0042CE76 .  3BF0             CMP ESI,EAX
0042CE78 .  7C 20             JL SHORT WaGan.0042CE9A
0042CE7A .  8B95 D4FEFFFF    MOV EDX,DWORD PTR SS:[EBP-12C]
0042CE80 .  81E2 FF000000    AND EDX,0FF
0042CE86 .  83EA 01          SUB EDX,1
0042CE89 .  6BD2 30          IMUL EDX,EDX,30
0042CE8C .  81EA B8010000    SUB EDX,1B8
0042CE92 .  8995 B0FEFFFF    MOV DWORD PTR SS:[EBP-150],EDX
0042CE98 .  EB 19             JMP SHORT WaGan.0042CEB3
0042CE9A >  8B85 9CFDFFFF    MOV EAX,DWORD PTR SS:[EBP-264]
0042CEA0 .  25 FF000000       AND EAX,0FF
0042CEA5 .  6BC0 30          IMUL EAX,EAX,30
0042CEA8 .  2D B8000000       SUB EAX,0B8
0042CEAD .  8985 B0FEFFFF    MOV DWORD PTR SS:[EBP-150],EAX
0042CEB3 >  8B8D 9CFDFFFF    MOV ECX,DWORD PTR SS:[EBP-264]
0042CEB9 .  81E1 FF000000    AND ECX,0FF
0042CEBF .  6BC9 30          IMUL ECX,ECX,30
0042CEC2 .  83C1 10          ADD ECX,10
0042CEC5 .  898D BCFEFFFF    MOV DWORD PTR SS:[EBP-144],ECX
0042CECB .  8B95 A0FDFFFF    MOV EDX,DWORD PTR SS:[EBP-260]
0042CED1 .  81E2 FF000000    AND EDX,0FF
0042CED7 .  8B85 C4FEFFFF    MOV EAX,DWORD PTR SS:[EBP-13C]
0042CEDD .  25 FF000000       AND EAX,0FF
0042CEE2 .  3BD0             CMP EDX,EAX
0042CEE4 .  7D 33             JGE SHORT WaGan.0042CF19
0042CEE6 .  8B8D A0FDFFFF    MOV ECX,DWORD PTR SS:[EBP-260]
0042CEEC .  81E1 FF000000    AND ECX,0FF
0042CEF2 .  83C1 01          ADD ECX,1
0042CEF5 .  6BC9 30          IMUL ECX,ECX,30
0042CEF8 .  83C1 10          ADD ECX,10
0042CEFB .  898D ACFEFFFF    MOV DWORD PTR SS:[EBP-154],ECX
0042CF01 .  8B95 ACFEFFFF    MOV EDX,DWORD PTR SS:[EBP-154]
0042CF07 .  83EA 10          SUB EDX,10
0042CF0A .  8995 A4FEFFFF    MOV DWORD PTR SS:[EBP-15C],EDX
0042CF10 .  C685 E4FEFFFF 00 MOV BYTE PTR SS:[EBP-11C],0
0042CF17 .  EB 2D             JMP SHORT WaGan.0042CF46

0042CF19 >  8B85 A0FDFFFF    MOV EAX,DWORD PTR SS:[EBP-260]
0042CF1F .  25 FF000000       AND EAX,0FF
0042CF24 .  6BC0 30          IMUL EAX,EAX,30
0042CF27 .  83E8 70          SUB EAX,70
0042CF2A .  8985 ACFEFFFF    MOV DWORD PTR SS:[EBP-154],EAX
0042CF30 .  8B8D ACFEFFFF    MOV ECX,DWORD PTR SS:[EBP-154]
0042CF36 .  83C1 60          ADD ECX,60
0042CF39 .  898D A4FEFFFF    MOV DWORD PTR SS:[EBP-15C],ECX
0042CF3F .  C685 E4FEFFFF 02 MOV BYTE PTR SS:[EBP-11C],2
0042CF46 >  EB 21             JMP SHORT WaGan.0042CF69

0042CF48 >  8B95 ECFEFFFF    MOV EDX,DWORD PTR SS:[EBP-114]
0042CF4E .  81EA D8000000    SUB EDX,0D8
0042CF54 .  8995 B0FEFFFF    MOV DWORD PTR SS:[EBP-150],EDX
0042CF5A .  8B85 E0FEFFFF    MOV EAX,DWORD PTR SS:[EBP-120]
0042CF60 .  83E8 30          SUB EAX,30
0042CF63 .  8985 ACFEFFFF    MOV DWORD PTR SS:[EBP-154],EAX
0042CF69 >  B9 50424B00       MOV ECX,WaGan.004B4250
0042CF6E .  E8 DC4A0200       CALL WaGan.00451A4F
0042CF73 .  8B8D B0FEFFFF    MOV ECX,DWORD PTR SS:[EBP-150]
0042CF79 .  03C8             ADD ECX,EAX
0042CF7B .  898D B0FEFFFF    MOV DWORD PTR SS:[EBP-150],ECX
0042CF81 .  B9 50424B00       MOV ECX,WaGan.004B4250
0042CF86 .  E8 D54A0200       CALL WaGan.00451A60
0042CF8B .  8B95 ACFEFFFF    MOV EDX,DWORD PTR SS:[EBP-154]
0042CF91 .  03D0             ADD EDX,EAX
0042CF93 .  8995 ACFEFFFF    MOV DWORD PTR SS:[EBP-154],EDX
0042CF99 .  B9 50424B00       MOV ECX,WaGan.004B4250
0042CF9E .  E8 AC4A0200       CALL WaGan.00451A4F
0042CFA3 .  8B8D BCFEFFFF    MOV ECX,DWORD PTR SS:[EBP-144]
0042CFA9 .  03C8             ADD ECX,EAX
0042CFAB .  898D BCFEFFFF    MOV DWORD PTR SS:[EBP-144],ECX
0042CFB1 .  B9 50424B00       MOV ECX,WaGan.004B4250
0042CFB6 .  E8 A54A0200       CALL WaGan.00451A60
0042CFBB .  8B95 A4FEFFFF    MOV EDX,DWORD PTR SS:[EBP-15C]
0042CFC1 .  03D0             ADD EDX,EAX
0042CFC3 .  8995 A4FEFFFF    MOV DWORD PTR SS:[EBP-15C],EDX
0042CFC9 .  8B45 10          MOV EAX,DWORD PTR SS:[EBP+10]
0042CFCC .  83E0 10          AND EAX,10
0042CFCF .  F7D8             NEG EAX
0042CFD1 .  1BC0             SBB EAX,EAX
0042CFD3 .  F7D8             NEG EAX
0042CFD5 .  8985 CCFEFFFF    MOV DWORD PTR SS:[EBP-134],EAX
0042CFDB .  C785 DCFEFFFF 0300>MOV DWORD PTR SS:[EBP-124],3
0042CFE5 .  E8 6DF5FFFF       CALL WaGan.0042C557
0042CFEA .  E8 EC15FFFF       CALL WaGan.0041E5DB
0042CFEF .  6A 04             PUSH 4                                  ; /Arg1 = 00000004
0042CFF1 .  B9 382F4900       MOV ECX,WaGan.00492F38                ; |
0042CFF6 .  E8 3B1DFEFF       CALL WaGan.0040ED36                   ; \WaGan.0040ED36
0042CFFB .  6A 00             PUSH 0                                  ; /Arg1 = 00000000
0042CFFD .  B9 382F4900       MOV ECX,WaGan.00492F38                ; |
0042D002 .  E8 B51CFEFF       CALL WaGan.0040ECBC                   ; \WaGan.0040ECBC
0042D007 .  8B0D 201B4B00    MOV ECX,DWORD PTR DS:[4B1B20]
0042D00D .  3B8D D0FEFFFF    CMP ECX,DWORD PTR SS:[EBP-130]
0042D013 .  74 1D             JE SHORT WaGan.0042D032
0042D015 .  33D2             XOR EDX,EDX
0042D017 .  833D 18C84800 00 CMP DWORD PTR DS:[48C818],0
0042D01E .  0F94C2          SETE DL
0042D021 .  8915 18C84800    MOV DWORD PTR DS:[48C818],EDX
0042D027 .  8B85 D0FEFFFF    MOV EAX,DWORD PTR SS:[EBP-130]
0042D02D .  A3 201B4B00       MOV DWORD PTR DS:[4B1B20],EAX
0042D032 >  837D 0C 00       CMP DWORD PTR SS:[EBP+C],0
0042D036 .  75 0A             JNZ SHORT WaGan.0042D042
0042D038 .  C705 18C84800 0100>MOV DWORD PTR DS:[48C818],1
0042D042 >  8D8D A4FDFFFF    LEA ECX,DWORD PTR SS:[EBP-25C]
0042D048 .  51                PUSH ECX
0042D049 .  6A 10             PUSH 10
0042D04B .  6A 10             PUSH 10
0042D04D .  8B95 A4FEFFFF    MOV EDX,DWORD PTR SS:[EBP-15C]
0042D053 .  52                PUSH EDX
0042D054 .  8B85 BCFEFFFF    MOV EAX,DWORD PTR SS:[EBP-144]
0042D05A .  50                PUSH EAX
0042D05B .  E8 F1110500       CALL WaGan.0047E251
0042D060 .  83C4 14          ADD ESP,14
0042D063 .  6A 00             PUSH 0
0042D065 .  68 00010000       PUSH 100
0042D06A .  68 00020000       PUSH 200
0042D06F .  8B8D ACFEFFFF    MOV ECX,DWORD PTR SS:[EBP-154]
0042D075 .  83E9 10          SUB ECX,10
0042D078 .  51                PUSH ECX
0042D079 .  8B95 B0FEFFFF    MOV EDX,DWORD PTR SS:[EBP-150]
0042D07F .  52                PUSH EDX
0042D080 .  B9 30694B00       MOV ECX,WaGan.004B6930
0042D085 .  E8 54710A00       CALL WaGan.004D41DE
0042D08A .  90                NOP
0042D08B .  90                NOP
0042D08C .  90                NOP
0042D08D .  90                NOP
0042D08E .  90                NOP
0042D08F .  90                NOP
0042D090 .  90                NOP
0042D091 .  90                NOP
0042D092 .  83BD A8FEFFFF 00 CMP DWORD PTR SS:[EBP-158],0          ;  0表示人物未在战场上
0042D099 .  0F84 04010000    JE WaGan.0042D1A3
0042D09F .  8B85 E4FEFFFF    MOV EAX,DWORD PTR SS:[EBP-11C]
0042D0A5 .  25 FF000000       AND EAX,0FF
0042D0AA .  8985 90FDFFFF    MOV DWORD PTR SS:[EBP-270],EAX
0042D0B0 .  83BD 90FDFFFF 03 CMP DWORD PTR SS:[EBP-270],3
0042D0B7 .  0F87 C5000000    JA WaGan.0042D182
0042D0BD .  8B8D 90FDFFFF    MOV ECX,DWORD PTR SS:[EBP-270]
0042D0C3 .  FF248D D1D54200 JMP DWORD PTR DS:[ECX*4+42D5D1]
0042D0CA >  68 00010000       PUSH 100                               ; /Arg3 = 00000100
0042D0CF .  8D95 F8FEFFFF    LEA EDX,DWORD PTR SS:[EBP-108]          ; |
0042D0D5 .  52                PUSH EDX                               ; |Arg2
0042D0D6 .  6A 04             PUSH 4                                  ; |/Arg3 = 00000004
0042D0D8 .  6A 00             PUSH 0                                  ; ||Arg2 = 00000000
0042D0DA .  68 C0970100       PUSH 197C0                            ; ||Arg1 = 000197C0
0042D0DF .  B9 50EB4A00       MOV ECX,WaGan.004AEB50                ; ||
0042D0E4 .  E8 57290500       CALL WaGan.0047FA40                   ; |\WaGan.0047FA40
0042D0E9 .  50                PUSH EAX                               ; |Arg1
0042D0EA .  E8 0E2C0500       CALL WaGan.0047FCFD                   ; \WaGan.0047FCFD
0042D0EF .  83C4 0C          ADD ESP,0C
0042D0F2 .  6A 10             PUSH 10                               ; /Arg3 = 00000010
0042D0F4 .  6A 10             PUSH 10                               ; |Arg2 = 00000010
0042D0F6 .  8D85 F8FEFFFF    LEA EAX,DWORD PTR SS:[EBP-108]          ; |
0042D0FC .  50                PUSH EAX                               ; |Arg1
0042D0FD .  E8 5A1CFFFF       CALL WaGan.0041ED5C                   ; \WaGan.0041ED5C
0042D102 .  83C4 0C          ADD ESP,0C
0042D105 .  EB 7B             JMP SHORT WaGan.0042D182
0042D107 >  68 00010000       PUSH 100                               ; /Arg3 = 00000100
0042D10C .  8D8D F8FEFFFF    LEA ECX,DWORD PTR SS:[EBP-108]          ; |
0042D112 .  51                PUSH ECX                               ; |Arg2
0042D113 .  6A 04             PUSH 4                                  ; |/Arg3 = 00000004
0042D115 .  6A 00             PUSH 0                                  ; ||Arg2 = 00000000
0042D117 .  68 C0970100       PUSH 197C0                            ; ||Arg1 = 000197C0
0042D11C .  B9 50EB4A00       MOV ECX,WaGan.004AEB50                ; ||
0042D121 .  E8 1A290500       CALL WaGan.0047FA40                   ; |\WaGan.0047FA40
0042D126 .  50                PUSH EAX                               ; |Arg1
0042D127 .  E8 D12B0500       CALL WaGan.0047FCFD                   ; \WaGan.0047FCFD
0042D12C .  83C4 0C          ADD ESP,0C
0042D12F .  EB 51             JMP SHORT WaGan.0042D182
0042D131 >  68 00010000       PUSH 100                               ; /Arg3 = 00000100
0042D136 .  8D95 F8FEFFFF    LEA EDX,DWORD PTR SS:[EBP-108]          ; |
0042D13C .  52                PUSH EDX                               ; |Arg2
0042D13D .  6A 04             PUSH 4                                  ; |/Arg3 = 00000004
0042D13F .  6A 00             PUSH 0                                  ; ||Arg2 = 00000000
0042D141 .  68 C0960100       PUSH 196C0                            ; ||Arg1 = 000196C0
0042D146 .  B9 50EB4A00       MOV ECX,WaGan.004AEB50                ; ||
0042D14B .  E8 F0280500       CALL WaGan.0047FA40                   ; |\WaGan.0047FA40
0042D150 .  50                PUSH EAX                               ; |Arg1
0042D151 .  E8 A72B0500       CALL WaGan.0047FCFD                   ; \WaGan.0047FCFD
0042D156 .  83C4 0C          ADD ESP,0C
0042D159 .  EB 27             JMP SHORT WaGan.0042D182
0042D15B >  8D85 F8FEFFFF    LEA EAX,DWORD PTR SS:[EBP-108]
0042D161 .  50                PUSH EAX                               ; /Arg4
0042D162 .  6A 04             PUSH 4                                  ; |/Arg3 = 00000004
0042D164 .  6A 00             PUSH 0                                  ; ||Arg2 = 00000000
0042D166 .  68 C0960100       PUSH 196C0                            ; ||Arg1 = 000196C0
0042D16B .  B9 50EB4A00       MOV ECX,WaGan.004AEB50                ; ||
0042D170 .  E8 CB280500       CALL WaGan.0047FA40                   ; |\WaGan.0047FA40
0042D175 .  50                PUSH EAX                               ; |Arg3
0042D176 .  6A 10             PUSH 10                               ; |Arg2 = 00000010
0042D178 .  6A 10             PUSH 10                               ; |Arg1 = 00000010
0042D17A .  E8 D41CFFFF       CALL WaGan.0041EE53                   ; \WaGan.0041EE53
0042D17F .  83C4 10          ADD ESP,10
0042D182 >  C605 06F34C00 01 MOV BYTE PTR DS:[4CF306],1
0042D189 .  68 ECF24C00       PUSH WaGan.004CF2EC
0042D18E .  FF35 F4F24C00    PUSH DWORD PTR DS:[4CF2F4]             ;  Mark.00C20000
0042D194 .  6A 05             PUSH 5
0042D196 .  E8 A96F0A00       CALL WaGan.004D4144
0042D19B .  90                NOP

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#14

发表于 2007-12-30 21:12 资料个人空间短消息看全部作者

作用对象确认函数

因为作用对象确认函数（共14处，1处攻击，6处道具，剩余的7处应该是策略）
423165,423f03的时候参数是02
四个参数
一个Ecx值
（43DB0E）攻击的时候：四个参数是：0FF，01，攻击范围，武将ECX; Ecx==004B4250
(六个地方：)
道具的时候：四个参数是：？？,04,？？？？？，武将 ECX; Ecx==004B4250
(4237B4小补给，423165灼热,)
策略的时候：四个参数是：？？,03,？？？？？，武将 ECX Ecx==004B4250
参数：
+14：
+10：01是攻击，02是攻击性策略（对敌），03是恢复性策略（对我），04是道具（对我）
+C: 攻击范围
+8： Ecx, CL是战场形象编号
局部变量：
6个
-4    1表示是使用道具或者恢复性策略,0表示攻击性
-8    1表示循环中，选择确定上则变成0，退出消息循环
-C
-10
-14 0FF
-18 放的是4B250
0045533D  /$  55          PUSH EBP
0045533E  |.  8BEC       MOV EBP,ESP
00455340  |.  83EC 18    SUB ESP,18
00455343  |.  56          PUSH ESI
00455344  |.  894D E8    MOV DWORD PTR SS:[EBP-18],ECX
00455347  |.  C745 F8 01000>MOV DWORD PTR SS:[EBP-8],1
0045534E  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
00455355  |.  C645 EC FF MOV BYTE PTR SS:[EBP-14],0FF
00455359  |.  8D4D F4    LEA ECX,DWORD PTR SS:[EBP-C]
0045535C  |.  E8 AFA30000 CALL 复件_Ekd.0045F710
00455361  |.  8D4D F0    LEA ECX,DWORD PTR SS:[EBP-10]
00455364  |.  E8 A7A30000 CALL 复件_Ekd.0045F710
00455369  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
0045536C  |.  81E1 FF000000 AND ECX,0FF
00455372  |.  6BC9 24    IMUL ECX,ECX,24
00455375  |.  81C1 502C4B00 ADD ECX,复件_Ekd.004B2C50
0045537B  |.  E8 5007FDFF CALL 复件_Ekd.00425AD0
00455380  |.  25 FF000000 AND EAX,0FF
00455385  |.  83F8 07    CMP EAX,7
00455388  |.  74 18       JE SHORT 复件_Ekd.004553A2
0045538A  |.  33C0       XOR EAX,EAX
0045538C  |.  A0 30424B00 MOV AL,BYTE PTR DS:[4B4230]
00455391  |.  83E0 04    AND EAX,4
00455394  |.  85C0       TEST EAX,EAX
00455396  |.  75 0A       JNZ SHORT 复件_Ekd.004553A2
00455398  |.  A0 282C4B00 MOV AL,BYTE PTR DS:[4B2C28]
0045539D  |.  E9 70030000 JMP 复件_Ekd.00455712 退出，

004553A2  |>  8B4D 10    MOV ECX,DWORD PTR SS:[EBP+10]
004553A5  |.  81E1 FF000000 AND ECX,0FF
004553AB  |.  83F9 03    CMP ECX,3 判断是否是使用恢复性策略
004553AE  |.  74 0E       JE SHORT 复件_Ekd.004553BE
004553B0  |.  8B55 10    MOV EDX,DWORD PTR SS:[EBP+10]
004553B3  |.  81E2 FF000000 AND EDX,0FF
004553B9  |.  83FA 04    CMP EDX,4 判断是否是使用道具
004553BC  |.  75 07       JNZ SHORT 复件_Ekd.004553C5

004553BE  |>  C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
004553C5  |>  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
004553C8  |.  81E1 FF000000 AND ECX,0FF
004553CE  |.  6BC9 24    IMUL ECX,ECX,24
004553D1  |.  81C1 502C4B00 ADD ECX,复件_Ekd.004B2C50 这个是武将的Ecx值
004553D7  |.  E8 84DFFAFF CALL 复件_Ekd.00403360 武将Ecx值+6
004553DC  |.  50          PUSH EAX                      ; /Arg1
004553DD  |.  8D4D F0    LEA ECX,DWORD PTR SS:[EBP-10] ; |
004553E0  |.  E8 BB11FBFF CALL 复件_Ekd.004065A0       ; \复件_Ekd.004065A0  对EBP-10赋值，ECX武将在战场上的坐标位置
004553E5  |.  68 FF000000 PUSH 0FF                      ; /Arg3 = 000000FF
004553EA  |.  68 40060000 PUSH 640                      ; |Arg2 = 00000640
004553EF  |.  6A 04       PUSH 4                         ; |/Arg3 = 00000004
004553F1  |.  6A 00       PUSH 0                         ; ||Arg2 = 00000000
004553F3  |.  68 C0120000 PUSH 12C0                      ; ||Arg1 = 000012C0
004553F8  |.  B9 38EB4A00 MOV ECX,复件_Ekd.004AEB38       ; ||
004553FD  |.  E8 3EA60200 CALL 复件_Ekd.0047FA40          ; |\复件_Ekd.0047FA40 取了一个鸟值
00455402  |.  50          PUSH EAX                      ; |Arg1
00455403  |.  E8 0BA90200 CALL 复件_Ekd.0047FD13          ; \复件_Ekd.0047FD13
00455408  |.  83C4 0C    ADD ESP,0C

0045540B  |.  6A 00       PUSH 0                         ; /Arg4 = 00000000
0045540D  |.  33C0       XOR EAX,EAX                   ; |
0045540F  |.  837D FC 00 CMP DWORD PTR SS:[EBP-4],0    ; |
00455413  |.  0F95C0       SETNE AL                      ; |
00455416  |.  50          PUSH EAX                      ; |Arg3 攻击性还是辅助性
00455417  |.  8A4D 0C    MOV CL,BYTE PTR SS:[EBP+C]    ; |
0045541A  |.  51          PUSH ECX                      ; |Arg2  攻击范围
0045541B  |.  8D55 F0    LEA EDX,DWORD PTR SS:[EBP-10] ; |
0045541E  |.  52          PUSH EDX                      ; |Arg1  武将左标位置
0045541F  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]    ; |
00455422  |.  81E1 FF000000 AND ECX,0FF                   ; |
00455428  |.  6BC9 24    IMUL ECX,ECX,24                ; |
0045542B  |.  81C1 502C4B00 ADD ECX,复件_Ekd.004B2C50       ; |
00455431  |.  E8 5011FEFF CALL 复件_Ekd.00436586          ; \复件_Ekd.00436586
00455436  |.  8845 EC    MOV BYTE PTR SS:[EBP-14],AL 计算范围内适合的部队

00455439  |.  8B45 0C    MOV EAX,DWORD PTR SS:[EBP+C] 攻击范围
0045543C  |.  25 FF000000 AND EAX,0FF
00455441  |.  3D FF000000 CMP EAX,0FF
00455446  |.  74 17       JE SHORT 复件_Ekd.0045545F 如果是0FF，不计算，直接显示
00455448  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0045544B  |.  51          PUSH ECX                      ; /Arg3 攻击性或者辅助性
0045544C  |.  8A55 0C    MOV DL,BYTE PTR SS:[EBP+C]    ; |
0045544F  |.  52          PUSH EDX                      ; |Arg2 攻击范围
00455450  |.  66:8B45 F0 MOV AX,WORD PTR SS:[EBP-10]    ; |
00455454  |.  50          PUSH EAX                      ; |Arg1
00455455  |.  B9 50424B00 MOV ECX,复件_Ekd.004B4250       ; |
0045545A  |.  E8 7DE5FFFF CALL 复件_Ekd.004539DC          ; \复件_Ekd.004539DC

0045545F  |>  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
00455462  |.  E8 ACE6FFFF CALL 复件_Ekd.00453B13 显示攻击范围
00455467  |.  8A4D 08    MOV CL,BYTE PTR SS:[EBP+8]
0045546A  |.  880D D85D4B00 MOV BYTE PTR DS:[4B5DD8],CL
00455470  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14] //攻击范围内是否有合适的部队
00455473  |.  81E2 FF000000 AND EDX,0FF
00455479  |.  81FA FF000000 CMP EDX,0FF
0045547F  |.  75 2D       JNZ SHORT 复件_Ekd.004554AE 不等于FF，表示范围内有适合的部队
00455481  |.  837D FC 00 CMP DWORD PTR SS:[EBP-4],0       攻击性
00455485  |.  74 11       JE SHORT 复件_Ekd.00455498
00455487  |.  68 FCE24800 PUSH 复件_Ekd.0048E2FC          ; /Arg2 = 0048E2FC 范围内没有我军部队
0045548C  |.  6A 02       PUSH 2                         ; |Arg1 = 00000002
0045548E  |.  E8 06A2FDFF CALL 复件_Ekd.0042F699          ; \复件_Ekd.0042F699  显示信息
00455493  |.  83C4 08    ADD ESP,8
00455496  |.  EB 0F       JMP SHORT 复件_Ekd.004554A7

00455498  |>  68 14E34800 PUSH 复件_Ekd.0048E314          ; /Arg2 = 0048E314    范围内没有敌军部队
0045549D  |.  6A 02       PUSH 2                         ; |Arg1 = 00000002
0045549F  |.  E8 F5A1FDFF CALL 复件_Ekd.0042F699          ; \复件_Ekd.0042F699 显示信息
004554A4  |.  83C4 08    ADD ESP,8
004554A7  |>  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0 //退出循环
004554AE  |>  8B45 10    MOV EAX,DWORD PTR SS:[EBP+10]
004554B1  |.  25 FF000000 AND EAX,0FF
004554B6  |.  83F8 01    CMP EAX,1 等于1是攻击进入的
004554B9  |.  75 1F       JNZ SHORT 复件_Ekd.004554DA
004554BB  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
004554BE  |.  81E1 FF000000 AND ECX,0FF
004554C4  |.  6BC9 24    IMUL ECX,ECX,24
004554C7  |.  81C1 502C4B00 ADD ECX,复件_Ekd.004B2C50
004554CD  |.  E8 45A4FEFF CALL 复件_Ekd.0043F917
004554D2  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
004554D5  |.  8841 61    MOV BYTE PTR DS:[ECX+61],AL
004554D8  |.  EB 38       JMP SHORT 复件_Ekd.00455512  攻击进入消息循环监听

004554DA  |>  8B55 10    MOV EDX,DWORD PTR SS:[EBP+10]
004554DD  |.  81E2 FF000000 AND EDX,0FF
004554E3  |.  83FA 02    CMP EDX,2
004554E6  |.  74 0D       JE SHORT 复件_Ekd.004554F5  等于2

004554E8  |.  8B45 10    MOV EAX,DWORD PTR SS:[EBP+10]
004554EB  |.  25 FF000000 AND EAX,0FF
004554F0  |.  83F8 03    CMP EAX,3
004554F3  |.  75 1D       JNZ SHORT 复件_Ekd.00455512 进入消息循环监听  （不等于2，又不等于3则进入）

004554F5  |>  8B4D 14    MOV ECX,DWORD PTR SS:[EBP+14]
004554F8  |.  81E1 FF000000 AND ECX,0FF
004554FE  |.  6BC9 46    IMUL ECX,ECX,46
00455501  |.  81C1 C0F44A00 ADD ECX,复件_Ekd.004AF4C0
00455507  |.  E8 4406FDFF CALL 复件_Ekd.00425B50
0045550C  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
0045550F  |.  8841 61    MOV BYTE PTR DS:[ECX+61],AL

00455512  |>  837D F8 00 /CMP DWORD PTR SS:[EBP-8],0
00455516  |.  0F84 8B010000 |JE 复件_Ekd.004556A7
0045551C  |.  8A55 14    |MOV DL,BYTE PTR SS:[EBP+14]
0045551F  |.  52          |PUSH EDX                      ; /Arg2
00455520  |.  8A45 10    |MOV AL,BYTE PTR SS:[EBP+10]    ; |
00455523  |.  50          |PUSH EAX                      ; |Arg1
00455524  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18] ; |
00455527  |.  E8 7DECFFFF |CALL 复件_Ekd.004541A9          ; \复件_Ekd.004541A9 鼠标监听
0045552C  |.  50          |PUSH EAX                      ; /Arg1
0045552D  |.  8D4D F4    |LEA ECX,DWORD PTR SS:[EBP-C] ; |
00455530  |.  E8 6B10FBFF |CALL 复件_Ekd.004065A0          ; \复件_Ekd.004065A0
00455535  |.  E8 8A950200 |CALL 复件_Ekd.0047EAC4
0045553A  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]
0045553D  |.  81E1 FF000000 |AND ECX,0FF
00455543  |.  81F9 FF000000 |CMP ECX,0FF
00455549  |.  75 10       |JNZ SHORT 复件_Ekd.0045555B
0045554B  |.  C745 F8 00000>|MOV DWORD PTR SS:[EBP-8],0 退出循环，标为false
00455552  |.  C645 EC FF |MOV BYTE PTR SS:[EBP-14],0FF
00455556  |.  E9 4C010000 |JMP 复件_Ekd.004556A7 点了取消退出
0045555B  |>  6A 04       |PUSH 4                         ; /Arg3 = 00000004
0045555D  |.  6A 00       |PUSH 0                         ; |Arg2 = 00000000
0045555F  |.  8B55 F4    |MOV EDX,DWORD PTR SS:[EBP-C] ; |
00455562  |.  81E2 FF000000 |AND EDX,0FF                   ; |
00455568  |.  8B45 F5    |MOV EAX,DWORD PTR SS:[EBP-B] ; |
0045556B  |.  25 FF000000 |AND EAX,0FF                   ; |
00455570  |.  33C9       |XOR ECX,ECX                   ; |
00455572  |.  8A0D 2C424B00 |MOV CL,BYTE PTR DS:[4B422C]    ; |
00455578  |.  0FAFC1       |IMUL EAX,ECX                   ; |
0045557B  |.  8D9402 C01200>|LEA EDX,DWORD PTR DS:[EDX+EAX+1>; |
00455582  |.  52          |PUSH EDX                      ; |Arg1
00455583  |.  B9 38EB4A00 |MOV ECX,复件_Ekd.004AEB38       ; |
00455588  |.  E8 B3A40200 |CALL 复件_Ekd.0047FA40          ; \复件_Ekd.0047FA40
0045558D  |.  33C9       |XOR ECX,ECX
0045558F  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]
00455591  |.  81F9 FF000000 |CMP ECX,0FF
00455597  |.  0F84 E8000000 |JE 复件_Ekd.00455685 不在范围内
0045559D  |.  8D55 F4    |LEA EDX,DWORD PTR SS:[EBP-C]
004555A0  |.  52          |PUSH EDX                      ; /Arg1
004555A1  |.  E8 DE02FEFF |CALL 复件_Ekd.00435884          ; \复件_Ekd.00435884
004555A6  |.  83C4 04    |ADD ESP,4
004555A9  |.  8845 EC    |MOV BYTE PTR SS:[EBP-14],AL
004555AC  |.  8B45 EC    |MOV EAX,DWORD PTR SS:[EBP-14]
004555AF  |.  25 FF000000 |AND EAX,0FF
004555B4  |.  3D FF000000 |CMP EAX,0FF
004555B9  |.  0F84 C4000000 |JE 复件_Ekd.00455683
004555BF  |.  837D FC 00 |CMP DWORD PTR SS:[EBP-4],0
004555C3  |.  74 60       |JE SHORT 复件_Ekd.00455625 攻击性的判断
004555C5  |.  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]
004555C8  |.  81E1 FF000000 |AND ECX,0FF
004555CE  |.  6BC9 24    |IMUL ECX,ECX,24
004555D1  |.  81C1 502C4B00 |ADD ECX,复件_Ekd.004B2C50
004555D7  |.  E8 3411FBFF |CALL 复件_Ekd.00406710
004555DC  |.  8BF0       |MOV ESI,EAX
004555DE  |.  8B4D EC    |MOV ECX,DWORD PTR SS:[EBP-14]
004555E1  |.  81E1 FF000000 |AND ECX,0FF
004555E7  |.  6BC9 24    |IMUL ECX,ECX,24
004555EA  |.  81C1 502C4B00 |ADD ECX,复件_Ekd.004B2C50
004555F0  |.  E8 1B11FBFF |CALL 复件_Ekd.00406710
004555F5  |.  3BF0       |CMP ESI,EAX
004555F7  |.  74 23       |JE SHORT 复件_Ekd.0045561C
004555F9  |.  6A 01       |PUSH 1                         ; /Arg2 = 00000001
004555FB  |.  6A 02       |PUSH 2                         ; |Arg1 = 00000002
004555FD  |.  B9 B0694B00 |MOV ECX,复件_Ekd.004B69B0       ; |
00455602  |.  E8 73F00100 |CALL 复件_Ekd.0047467A          ; \复件_Ekd.0047467A
00455607  |.  68 2CE34800 |PUSH 复件_Ekd.0048E32C          ; /Arg2 = 0048E32C 这是敌军部队
0045560C  |.  6A 02       |PUSH 2                         ; |Arg1 = 00000002
0045560E  |.  E8 86A0FDFF |CALL 复件_Ekd.0042F699          ; \复件_Ekd.0042F699    显示提示信息
00455613  |.  83C4 08    |ADD ESP,8
00455616  |.  C645 EC FF |MOV BYTE PTR SS:[EBP-14],0FF
0045561A  |.  EB 07       |JMP SHORT 复件_Ekd.00455623
0045561C  |>  C745 F8 00000>|MOV DWORD PTR SS:[EBP-8],0 退出循环，标为false
00455623  |>  EB 5E       |JMP SHORT 复件_Ekd.00455683
00455625  |>  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]
00455628  |.  81E1 FF000000 |AND ECX,0FF
0045562E  |.  6BC9 24    |IMUL ECX,ECX,24
00455631  |.  81C1 502C4B00 |ADD ECX,复件_Ekd.004B2C50
00455637  |.  E8 D410FBFF |CALL 复件_Ekd.00406710
0045563C  |.  8BF0       |MOV ESI,EAX
0045563E  |.  8B4D EC    |MOV ECX,DWORD PTR SS:[EBP-14]
00455641  |.  81E1 FF000000 |AND ECX,0FF
00455647  |.  6BC9 24    |IMUL ECX,ECX,24
0045564A  |.  81C1 502C4B00 |ADD ECX,复件_Ekd.004B2C50
00455650  |.  E8 BB10FBFF |CALL 复件_Ekd.00406710
00455655  |.  3BF0       |CMP ESI,EAX
00455657  |.  75 23       |JNZ SHORT 复件_Ekd.0045567C
00455659  |.  6A 01       |PUSH 1                         ; /Arg2 = 00000001
0045565B  |.  6A 02       |PUSH 2                         ; |Arg1 = 00000002
0045565D  |.  B9 B0694B00 |MOV ECX,复件_Ekd.004B69B0       ; |
00455662  |.  E8 13F00100 |CALL 复件_Ekd.0047467A          ; \复件_Ekd.0047467A
00455667  |.  68 3CE34800 |PUSH 复件_Ekd.0048E33C          ; /Arg2 = 0048E33C 不能攻击我军部队
0045566C  |.  6A 02       |PUSH 2                         ; |Arg1 = 00000002
0045566E  |.  E8 26A0FDFF |CALL 复件_Ekd.0042F699          ; \复件_Ekd.0042F699 显示提示信息
00455673  |.  83C4 08    |ADD ESP,8
00455676  |.  C645 EC FF |MOV BYTE PTR SS:[EBP-14],0FF
0045567A  |.  EB 07       |JMP SHORT 复件_Ekd.00455683
0045567C  |>  C745 F8 00000>|MOV DWORD PTR SS:[EBP-8],0 退出循环，标为false
00455683  |>  EB 1D       |JMP SHORT 复件_Ekd.004556A2
00455685  |>  6A 01       |PUSH 1                         ; /Arg2 = 00000001
00455687  |.  6A 02       |PUSH 2                         ; |Arg1 = 00000002
00455689  |.  B9 B0694B00 |MOV ECX,复件_Ekd.004B69B0       ; |
0045568E  |.  E8 E7EF0100 |CALL 复件_Ekd.0047467A          ; \复件_Ekd.0047467A
00455693  |.  68 50E34800 |PUSH 复件_Ekd.0048E350          ; /Arg2 = 0048E350 不在范围内
00455698  |.  6A 02       |PUSH 2                         ; |Arg1 = 00000002
0045569A  |.  E8 FA9FFDFF |CALL 复件_Ekd.0042F699          ; \复件_Ekd.0042F699 显示提示信息
0045569F  |.  83C4 08    |ADD ESP,8
004556A2  |>^ E9 6BFEFFFF \JMP 复件_Ekd.00455512

004556A7  |>  6A 00       PUSH 0                         ; /Arg3 = 00000000
004556A9  |.  68 FF000000 PUSH 0FF                      ; |Arg2 = 000000FF
004556AE  |.  66:8B4D F0 MOV CX,WORD PTR SS:[EBP-10]    ; |
004556B2  |.  51          PUSH ECX                      ; |Arg1
004556B3  |.  B9 50424B00 MOV ECX,复件_Ekd.004B4250       ; |
004556B8  |.  E8 1FE3FFFF CALL 复件_Ekd.004539DC          ; \复件_Ekd.004539DC
004556BD  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
004556C0  |.  E8 57EFFFFF CALL 复件_Ekd.0045461C
004556C5  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
004556C8  |.  E8 46E4FFFF CALL 复件_Ekd.00453B13
004556CD  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
004556D0  |.  81E2 FF000000 AND EDX,0FF
004556D6  |.  81FA FF000000 CMP EDX,0FF
004556DC  |.  75 13       JNZ SHORT 复件_Ekd.004556F1
004556DE  |.  6A 01       PUSH 1                         ; /Arg2 = 00000001
004556E0  |.  6A 01       PUSH 1                         ; |Arg1 = 00000001
004556E2  |.  B9 B0694B00 MOV ECX,复件_Ekd.004B69B0       ; |
004556E7  |.  E8 8EEF0100 CALL 复件_Ekd.0047467A          ; \复件_Ekd.0047467A
004556EC  |.  E8 0F6FFDFF CALL 复件_Ekd.0042C600
004556F1  |>  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18]
004556F4  |.  C640 61 00 MOV BYTE PTR DS:[EAX+61],0
004556F8  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
004556FB  |.  C781 781B0000>MOV DWORD PTR DS:[ECX+1B78],0
00455705  |.  6A 00       PUSH 0                         ; /Arg1 = 00000000
00455707  |.  E8 0F61FDFF CALL 复件_Ekd.0042B81B          ; \复件_Ekd.0042B81B
0045570C  |.  83C4 04    ADD ESP,4
0045570F  |.  8A45 EC    MOV AL,BYTE PTR SS:[EBP-14]
00455712  |>  5E          POP ESI
00455713  |.  8BE5       MOV ESP,EBP
00455715  |.  5D          POP EBP
00455716  \.  C2 1000    RETN 10

监听循环
+C  如果是道具，则有道具序号
+8  04表示道具
ecx: 4b250

004541A9  /$  55          PUSH EBP
004541AA  |.  8BEC       MOV EBP,ESP
004541AC  |.  83EC 20    SUB ESP,20
004541AF  |.  56          PUSH ESI
004541B0  |.  894D E8    MOV DWORD PTR SS:[EBP-18],ECX 4b250
004541B3  |.  33C0       XOR EAX,EAX
004541B5  |.  A0 40424B00  MOV AL,BYTE PTR DS:[4B4240]
004541BA  |.  83E0 01    AND EAX,1
004541BD  |.  85C0       TEST EAX,EAX
004541BF  |.  75 26       JNZ SHORT WaGan1.004541E7
004541C1  |.  8A0D 40424B0>MOV CL,BYTE PTR DS:[4B4240]
004541C7  |.  80C9 01    OR CL,1
004541CA  |.  880D 40424B0>MOV BYTE PTR DS:[4B4240],CL
004541D0  |.  B9 44424B00  MOV ECX,WaGan1.004B4244
004541D5  |.  E8 36B50000  CALL WaGan1.0045F710
004541DA  |.  68 CE444500  PUSH WaGan1.004544CE
004541DF  |.  E8 1CCF0200  CALL WaGan1.00481100
004541E4  |.  83C4 04    ADD ESP,4
004541E7  |>  C645 FC FF MOV BYTE PTR SS:[EBP-4],0FF
004541EB  |.  C645 F0 FF MOV BYTE PTR SS:[EBP-10],0FF
004541EF  |.  C745 F4 0100>MOV DWORD PTR SS:[EBP-C],1
004541F6  |.  C745 F8 0000>MOV DWORD PTR SS:[EBP-8],0
004541FD  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
00454200  |.  E8 2DFCFFFF  CALL WaGan1.00453E32
00454205  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
00454208  |.  E8 9BFCFFFF  CALL WaGan1.00453EA8
0045420D  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
00454210  |.  E8 EEFDFFFF  CALL WaGan1.00454003
00454215  |.  50          PUSH EAX                      ; /Arg1
00454216  |.  B9 44424B00  MOV ECX,WaGan1.004B4244       ; |
0045421B  |.  E8 8023FBFF  CALL WaGan1.004065A0          ; \WaGan1.004065A0
00454220  |.  68 44424B00  PUSH WaGan1.004B4244          ; /Arg1 = 004B4244
00454225  |.  E8 5A16FEFF  CALL WaGan1.00435884          ; \WaGan1.00435884
0045422A  |.  83C4 04    ADD ESP,4
0045422D  |.  8845 F0    MOV BYTE PTR SS:[EBP-10],AL
00454230  |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]
00454233  |.  81E2 FF00000>AND EDX,0FF
00454239  |.  85D2       TEST EDX,EDX
0045423B  |.  75 08       JNZ SHORT WaGan1.00454245
0045423D  |.  8A45 F0    MOV AL,BYTE PTR SS:[EBP-10]
00454240  |.  8845 E7    MOV BYTE PTR SS:[EBP-19],AL
00454243  |.  EB 04       JMP SHORT WaGan1.00454249

00454245  |>  C645 E7 FF MOV BYTE PTR SS:[EBP-19],0FF
00454249  |>  8A4D E7    MOV CL,BYTE PTR SS:[EBP-19]
0045424C  |.  884D FC    MOV BYTE PTR SS:[EBP-4],CL
0045424F  |.  6A 00       PUSH 0                         ; /lParam = 0
00454251  |.  6A 00       PUSH 0                         ; |wParam = 0
00454253  |.  68 02020000  PUSH 202                      ; |Message = WM_LBUTTONUP
00454258  |.  8B15 686A4B0>MOV EDX,DWORD PTR DS:[4B6A68] ; |
0045425E  |.  52          PUSH EDX                      ; |hWnd => 5D032E
0045425F  |.  FF15 F462480>CALL DWORD PTR DS:[<&USER32.Send>; \SendMessageA
00454265  |>  E8 0183FDFF  /CALL WaGan1.0042C56B
0045426A  |.  83F8 01    |CMP EAX,1
0045426D  |.  75 29       |JNZ SHORT WaGan1.00454298
0045426F  |.  E8 F782FDFF  |CALL WaGan1.0042C56B
00454274  |.  83F8 01    |CMP EAX,1
00454277  |.  75 1F       |JNZ SHORT WaGan1.00454298
00454279  |.  33C0       |XOR EAX,EAX
0045427B  |.  A0 34424B00  |MOV AL,BYTE PTR DS:[4B4234]
00454280  |.  85C0       |TEST EAX,EAX
00454282  |.  75 14       |JNZ SHORT WaGan1.00454298
00454284  |.  33C9       |XOR ECX,ECX
00454286  |.  8A0D 44424B0>|MOV CL,BYTE PTR DS:[4B4244]
0045428C  |.  81F9 FF00000>|CMP ECX,0FF
00454292  |.  0F85 1502000>|JNZ WaGan1.004544AD
00454298  |>  E8 27A80200  |CALL WaGan1.0047EAC4
0045429D  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]
004542A0  |.  E8 03FCFFFF  |CALL WaGan1.00453EA8
004542A5  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]
004542A8  |.  E8 5C040000  |CALL WaGan1.00454709
004542AD  |.  85C0       |TEST EAX,EAX
004542AF  |.  75 2A       |JNZ SHORT WaGan1.004542DB
004542B1  |.  B9 181B4B00  |MOV ECX,WaGan1.004B1B18
004542B6  |.  E8 35B5FDFF  |CALL WaGan1.0042F7F0
004542BB  |.  85C0       |TEST EAX,EAX
004542BD  |.  74 1C       |JE SHORT WaGan1.004542DB
004542BF  |.  B9 083D4B00  |MOV ECX,WaGan1.004B3D08
004542C4  |.  E8 6724FBFF  |CALL WaGan1.00406730
004542C9  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]
004542CC  |.  E8 42F8FFFF  |CALL WaGan1.00453B13
004542D1  |.  6A 04       |PUSH 4                         ; /Arg1 = 00000004
004542D3  |.  E8 F381FDFF  |CALL WaGan1.0042C4CB          ; \WaGan1.0042C4CB
004542D8  |.  83C4 04    |ADD ESP,4
004542DB  |>  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]
004542DE  |.  E8 20FDFFFF  |CALL WaGan1.00454003
004542E3  |.  50          |PUSH EAX                      ; /Arg1
004542E4  |.  B9 44424B00  |MOV ECX,WaGan1.004B4244       ; |
004542E9  |.  E8 B222FBFF  |CALL WaGan1.004065A0          ; \WaGan1.004065A0
004542EE  |.  68 44424B00  |PUSH WaGan1.004B4244          ; /Arg1 = 004B4244
004542F3  |.  E8 8C15FEFF  |CALL WaGan1.00435884          ; \WaGan1.00435884
004542F8  |.  83C4 04    |ADD ESP,4
004542FB  |.  8845 F0    |MOV BYTE PTR SS:[EBP-10],AL
004542FE  |.  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
00454301  |.  81E2 FF00000>|AND EDX,0FF
00454307  |.  8B45 F0    |MOV EAX,DWORD PTR SS:[EBP-10]
0045430A  |.  25 FF000000  |AND EAX,0FF
0045430F  |.  3BD0       |CMP EDX,EAX
00454311  |.  0F84 7E01000>|JE WaGan1.00454495
00454317  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]
0045431A  |.  E8 13FBFFFF  |CALL WaGan1.00453E32
0045431F  |.  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10]
00454322  |.  81E1 FF00000>|AND ECX,0FF
00454328  |.  81F9 FF00000>|CMP ECX,0FF
0045432E  |.  0F84 5B01000>|JE WaGan1.0045448F
00454334  |.  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10]
00454337  |.  81E1 FF00000>|AND ECX,0FF
0045433D  |.  6BC9 24    |IMUL ECX,ECX,24
00454340  |.  81C1 502C4B0>|ADD ECX,WaGan1.004B2C50
00454346  |.  E8 4549FCFF  |CALL WaGan1.00418C90
0045434B  |.  25 FF000000  |AND EAX,0FF
00454350  |.  83F8 02    |CMP EAX,2
00454353  |.  0F85 3601000>|JNZ WaGan1.0045448F
00454359  |.  6A 04       |PUSH 4                         ; /Arg3 = 00000004
0045435B  |.  6A 00       |PUSH 0                         ; |Arg2 = 00000000
0045435D  |.  33D2       |XOR EDX,EDX                   ; |
0045435F  |.  8A15 44424B0>|MOV DL,BYTE PTR DS:[4B4244]    ; |
00454365  |.  33C0       |XOR EAX,EAX                   ; |
00454367  |.  A0 45424B00  |MOV AL,BYTE PTR DS:[4B4245]    ; |
0045436C  |.  33C9       |XOR ECX,ECX                   ; |
0045436E  |.  8A0D 2C424B0>|MOV CL,BYTE PTR DS:[4B422C]    ; |
00454374  |.  0FAFC1    |IMUL EAX,ECX                   ; |
00454377  |.  8D9402 C0120>|LEA EDX,DWORD PTR DS:[EDX+EAX+1>; |
0045437E  |.  52          |PUSH EDX                      ; |Arg1
0045437F  |.  B9 38EB4A00  |MOV ECX,WaGan1.004AEB38       ; |
00454384  |.  E8 B7B60200  |CALL WaGan1.0047FA40          ; \WaGan1.0047FA40
00454389  |.  33C9       |XOR ECX,ECX
0045438B  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]
0045438D  |.  81F9 FF00000>|CMP ECX,0FF
00454393  |.  0F84 AE00000>|JE WaGan1.00454447
00454399  |.  8B55 08    |MOV EDX,DWORD PTR SS:[EBP+8]
0045439C  |.  81E2 FF00000>|AND EDX,0FF
004543A2  |.  83FA 03    |CMP EDX,3
004543A5  |.  74 16       |JE SHORT WaGan1.004543BD
004543A7  |.  8B45 08    |MOV EAX,DWORD PTR SS:[EBP+8]
004543AA  |.  25 FF000000  |AND EAX,0FF
004543AF  |.  83F8 04    |CMP EAX,4             表示道具
004543B2  |.  74 09       |JE SHORT WaGan1.004543BD
004543B4  |.  C745 E0 0000>|MOV DWORD PTR SS:[EBP-20],0
004543BB  |.  EB 07       |JMP SHORT WaGan1.004543C4
004543BD  |>  C745 E0 0100>|MOV DWORD PTR SS:[EBP-20],1
004543C4  |>  8B4D E0    |MOV ECX,DWORD PTR SS:[EBP-20]
004543C7  |.  894D EC    |MOV DWORD PTR SS:[EBP-14],ECX
004543CA  |.  33D2       |XOR EDX,EDX
004543CC  |.  8A15 D85D4B0>|MOV DL,BYTE PTR DS:[4B5DD8]
004543D2  |.  8BCA       |MOV ECX,EDX
004543D4  |.  6BC9 24    |IMUL ECX,ECX,24
004543D7  |.  81C1 502C4B0>|ADD ECX,WaGan1.004B2C50
004543DD  |.  E8 2E23FBFF  |CALL WaGan1.00406710
004543E2  |.  8BF0       |MOV ESI,EAX
004543E4  |.  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10]
004543E7  |.  81E1 FF00000>|AND ECX,0FF
004543ED  |.  6BC9 24    |IMUL ECX,ECX,24
004543F0  |.  81C1 502C4B0>|ADD ECX,WaGan1.004B2C50
004543F6  |.  E8 1523FBFF  |CALL WaGan1.00406710
004543FB  |.  33C9       |XOR ECX,ECX
004543FD  |.  3BF0       |CMP ESI,EAX
004543FF  |.  0F94C1    |SETE CL
00454402  |.  394D EC    |CMP DWORD PTR SS:[EBP-14],ECX
00454405  |.  75 27       |JNZ SHORT WaGan1.0045442E
00454407  |.  8A55 0C    |MOV DL,BYTE PTR SS:[EBP+C]
0045440A  |.  52          |PUSH EDX                      ; /Arg3
0045440B  |.  A0 D85D4B00  |MOV AL,BYTE PTR DS:[4B5DD8]    ; |
00454410  |.  50          |PUSH EAX                      ; |Arg2
00454411  |.  8A4D 08    |MOV CL,BYTE PTR SS:[EBP+8]    ; |
00454414  |.  51          |PUSH ECX                      ; |Arg1
00454415  |.  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10] ; |
00454418  |.  81E1 FF00000>|AND ECX,0FF                   ; |
0045441E  |.  6BC9 24    |IMUL ECX,ECX,24                ; |
00454421  |.  81C1 502C4B0>|ADD ECX,WaGan1.004B2C50       ; |
00454427  |.  E8 91C0FEFF  |CALL WaGan1.004404BD          ; \WaGan1.004404BD
0045442C  |.  EB 17       |JMP SHORT WaGan1.00454445
0045442E  |>  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10]
00454431  |.  81E1 FF00000>|AND ECX,0FF
00454437  |.  6BC9 24    |IMUL ECX,ECX,24
0045443A  |.  81C1 502C4B0>|ADD ECX,WaGan1.004B2C50
00454440  |.  E8 59C0FEFF  |CALL WaGan1.0044049E
00454445  |>  EB 17       |JMP SHORT WaGan1.0045445E
00454447  |>  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10]
0045444A  |.  81E1 FF00000>|AND ECX,0FF
00454450  |.  6BC9 24    |IMUL ECX,ECX,24
00454453  |.  81C1 502C4B0>|ADD ECX,WaGan1.004B2C50
00454459  |.  E8 40C0FEFF  |CALL WaGan1.0044049E
0045445E  |>  8B15 08754B0>|MOV EDX,DWORD PTR DS:[4B7508]
00454464  |.  52          |PUSH EDX                      ; /hWnd => 000A0464 ('武将情报',class='#32770',parent=005D032E)
00454465  |.  FF15 C862480>|CALL DWORD PTR DS:[<&USER32.IsW>; \IsWindowVisible
0045446B  |.  85C0       |TEST EAX,EAX
0045446D  |.  74 20       |JE SHORT WaGan1.0045448F
0045446F  |.  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10]
00454472  |.  81E1 FF00000>|AND ECX,0FF
00454478  |.  6BC9 24    |IMUL ECX,ECX,24
0045447B  |.  81C1 502C4B0>|ADD ECX,WaGan1.004B2C50
00454481  |.  E8 EAB10000  |CALL WaGan1.0045F670
00454486  |.  50          |PUSH EAX                      ; /Arg1
00454487  |.  E8 09530200  |CALL WaGan1.00479795          ; \WaGan1.00479795
0045448C  |.  83C4 04    |ADD ESP,4
0045448F  |>  8A45 F0    |MOV AL,BYTE PTR SS:[EBP-10]
00454492  |.  8845 FC    |MOV BYTE PTR SS:[EBP-4],AL
00454495  |>  E8 D180FDFF  |CALL WaGan1.0042C56B
0045449A  |.  83F8 02    |CMP EAX,2
0045449D  |.  75 09       |JNZ SHORT WaGan1.004544A8
0045449F  |.  C745 F4 0000>|MOV DWORD PTR SS:[EBP-C],0
004544A6  |.  EB 05       |JMP SHORT WaGan1.004544AD
004544A8  |>^ E9 B8FDFFFF  \JMP WaGan1.00454265

004544AD  |>  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
004544B0  |.  E8 7DF9FFFF  CALL WaGan1.00453E32
004544B5  |.  837D F4 00 CMP DWORD PTR SS:[EBP-C],0
004544B9  |.  75 07       JNZ SHORT WaGan1.004544C2
004544BB  |.  C605 44424B0>MOV BYTE PTR DS:[4B4244],0FF
004544C2  |>  B8 44424B00  MOV EAX,WaGan1.004B4244
004544C7  |.  5E          POP ESI
004544C8  |.  8BE5       MOV ESP,EBP
004544CA  |.  5D          POP EBP
004544CB  \.  C2 0800    RETN 8

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#15

发表于 2007-12-30 21:13 资料个人空间短消息看全部作者

战斗画面研究

传入参数：
Ecx 是攻击武将的Ecx值
局部变量
[EBP-D8] 保存攻击武将的Ecx值

00405744  /$  55          PUSH EBP
00405745  |.  8BEC       MOV EBP,ESP
00405747  |.  81EC D8000000 SUB ESP,0D8
0040574D  |.  898D 28FFFFFF MOV DWORD PTR SS:[EBP-D8],ECX
00405753  |.  8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]
00405759  |.  8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
0040575F  |.  8A51 10    MOV DL,BYTE PTR DS:[ECX+10]
00405762  |.  8850 01    MOV BYTE PTR DS:[EAX+1],DL
00405765  |.  8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
0040576B  |.  E8 1FE4FFFF CALL Ekd5.00403B8F                      ;  里面加载ATK图了
00405770  |.  8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]
00405776  |.  33C9       XOR ECX,ECX
00405778  |.  8A48 01    MOV CL,BYTE PTR DS:[EAX+1]
0040577B  |.  6BC9 24    IMUL ECX,ECX,24
0040577E  |.  81C1 502C4B00 ADD ECX,Ekd5.004B2C50
00405784  |.  E8 978B0300 CALL Ekd5.0043E320 获取攻击武将的朝向（这个时候武将的朝向已经变了，而看到的不一样）
00405789  |.  8845 FC    MOV BYTE PTR SS:[EBP-4],AL
0040578C  |.  8B95 28FFFFFF MOV EDX,DWORD PTR SS:[EBP-D8]
00405792  |.  8A02       MOV AL,BYTE PTR DS:[EDX]
00405794  |.  50          PUSH EAX                               ; /Arg2
00405795  |.  8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]          ; |
0040579B  |.  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]             ; |
0040579E  |.  52          PUSH EDX                               ; |Arg1
0040579F  |.  E8 85000300 CALL Ekd5.00435829                      ; \Ekd5.00435829
004057A4  |.  83C4 08    ADD ESP,8
004057A7  |.  6A 00       PUSH 0                                  ; /Arg1 = 00000000
004057A9  |.  8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]          ; |
004057AF  |.  E8 D1E5FFFF CALL Ekd5.00403D85                      ; \Ekd5.00403D85 里面加载了SPC图
004057B4  |.  8A45 FC    MOV AL,BYTE PTR SS:[EBP-4]
004057B7  |.  50          PUSH EAX                               ; /Arg1
004057B8  |.  8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]          ; |
004057BE  |.  33D2       XOR EDX,EDX                            ; |
004057C0  |.  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]             ; |
004057C3  |.  8BCA       MOV ECX,EDX                            ; |
004057C5  |.  6BC9 24    IMUL ECX,ECX,24                         ; |
004057C8  |.  81C1 502C4B00 ADD ECX,Ekd5.004B2C50                   ; |
004057CE  |.  E8 9D0E0000 CALL Ekd5.00406670                      ; \Ekd5.00406670 设置攻击武将朝向为08栈
004057D3  |.  68 FF000000 PUSH 0FF                               ; /Arg2 = 000000FF
004057D8  |.  8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]          ; |
004057DE  |.  8A48 01    MOV CL,BYTE PTR DS:[EAX+1]             ; |
004057E1  |.  51          PUSH ECX                               ; |Arg1
004057E2  |.  E8 42000300 CALL Ekd5.00435829                      ; \Ekd5.00435829
004057E7  |.  83C4 08    ADD ESP,8
004057EA  |.  8B95 28FFFFFF MOV EDX,DWORD PTR SS:[EBP-D8]
004057F0  |.  8B4A 0C    MOV ECX,DWORD PTR DS:[EDX+C]
004057F3  |.  E8 68DBFFFF CALL Ekd5.00403360
004057F8  |.  66:8B00    MOV AX,WORD PTR DS:[EAX]
004057FB  |.  66:8945 F8 MOV WORD PTR SS:[EBP-8],AX
004057FF  |.  8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
00405805  |.  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]
00405808  |.  52          PUSH EDX                               ; /Arg3
00405809  |.  8A45 F9    MOV AL,BYTE PTR SS:[EBP-7]             ; |
0040580C  |.  50          PUSH EAX                               ; |Arg2
0040580D  |.  8A4D F8    MOV CL,BYTE PTR SS:[EBP-8]             ; |
00405810  |.  51          PUSH ECX                               ; |Arg1
00405811  |.  B9 50424B00 MOV ECX,Ekd5.004B4250                   ; |
00405816  |.  E8 08F90400 CALL Ekd5.00455123                      ; \Ekd5.00455123    重画武将形象，把朝向弄好。
0040581B  |.  8B95 28FFFFFF MOV EDX,DWORD PTR SS:[EBP-D8]
00405821  |.  83BA 04060000>CMP DWORD PTR DS:[EDX+604],0 //判断是否发生致命一击
00405828  |.  74 50       JE SHORT Ekd5.0040587A
0040582A  |.  6A 19       PUSH 19                               ; /Arg1 = 00000019
0040582C  |.  E8 01A30700 CALL Ekd5.0047FB32                      ; \Ekd5.0047FB32 25%概率的事件是否发生
00405831  |.  83C4 04    ADD ESP,4
00405834  |.  85C0       TEST EAX,EAX
00405836  |.  74 42       JE SHORT Ekd5.0040587A //概率没有发生，结束, 发生则说出致命一击的台词
00405838  |.  8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]
0040583E  |.  8B48 04    MOV ECX,DWORD PTR DS:[EAX+4]
00405841  |.  51          PUSH ECX                               ; /Arg2
00405842  |.  8D95 2CFFFFFF LEA EDX,DWORD PTR SS:[EBP-D4]          ; |
00405848  |.  52          PUSH EDX                               ; |Arg1
00405849  |.  E8 E1670000 CALL Ekd5.0040C02F                      ; \Ekd5.0040C02F
0040584E  |.  83C4 08    ADD ESP,8
00405851  |.  8B85 28FFFFFF MOV EAX,DWORD PTR SS:[EBP-D8]
00405857  |.  8B48 0C    MOV ECX,DWORD PTR DS:[EAX+C]
0040585A  |.  E8 6AA40300 CALL Ekd5.0043FCC9
0040585F  |.  8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
00405865  |.  8B51 04    MOV EDX,DWORD PTR DS:[ECX+4]
00405868  |.  52          PUSH EDX                               ; /Arg2
00405869  |.  8D85 2CFFFFFF LEA EAX,DWORD PTR SS:[EBP-D4]          ; |
0040586F  |.  50          PUSH EAX                               ; |Arg1
00405870  |.  B9 F05D4B00 MOV ECX,Ekd5.004B5DF0                   ; |
00405875  |.  E8 E33D0500 CALL Ekd5.0045965D                      ; \Ekd5.0045965D
0040587A  |>  8B8D 28FFFFFF MOV ECX,DWORD PTR SS:[EBP-D8]
00405880  |.  E8 64ECFFFF CALL Ekd5.004044E9 //画面显示函数
00405885  |.  8BE5       MOV ESP,EBP
00405887  |.  5D          POP EBP
00405888  \.  C3          RETN

004044E9  /$  55          PUSH EBP
004044EA  |.  8BEC       MOV EBP,ESP
004044EC  |.  B8 38100000 MOV EAX,1038             (另外两处的调用200c 2040)
004044F1  |.  E8 6ACC0700 CALL Ekd5.00481160

004044F6  |.  56          PUSH ESI
004044F7  |.  898D CCEFFFFF MOV DWORD PTR SS:[EBP-1034],ECX
004044FD  |.  8B85 CCEFFFFF MOV EAX,DWORD PTR SS:[EBP-1034]
00404503  |.  8B48 0C    MOV ECX,DWORD PTR DS:[EAX+C]
00404506  |.  E8 55EEFFFF CALL Ekd5.00403360

0040450B  |.  66:8B08    MOV CX,WORD PTR DS:[EAX]
0040450E  |.  66:898D E8EFF>MOV WORD PTR SS:[EBP-1018],CX
00404515  |.  8B95 CCEFFFFF MOV EDX,DWORD PTR SS:[EBP-1034]

0040451B  |.  33C0       XOR EAX,EAX
0040451D  |.  8A42 01    MOV AL,BYTE PTR DS:[EDX+1]
00404520  |.  8BC8       MOV ECX,EAX
00404522  |.  6BC9 24    IMUL ECX,ECX,24
00404525  |.  81C1 502C4B00 ADD ECX,Ekd5.004B2C50
0040452B  |.  E8 30EEFFFF CALL Ekd5.00403360

00404530  |.  66:8B08    MOV CX,WORD PTR DS:[EAX]
00404533  |.  66:898D E0EFF>MOV WORD PTR SS:[EBP-1020],CX
0040453A  |.  8BB5 E8EFFFFF MOV ESI,DWORD PTR SS:[EBP-1018]
00404540  |.  81E6 FF000000 AND ESI,0FF
00404546  |.  B9 50424B00 MOV ECX,Ekd5.004B4250
0040454B  |.  E8 43D50400 CALL Ekd5.00451A93
00404550  |.  99          CDQ
00404551  |.  B9 30000000 MOV ECX,30
00404556  |.  F7F9       IDIV ECX
00404558  |.  2BF0       SUB ESI,EAX
0040455A  |.  89B5 F4EFFFFF MOV DWORD PTR SS:[EBP-100C],ESI
00404560  |.  8BB5 E9EFFFFF MOV ESI,DWORD PTR SS:[EBP-1017]
00404566  |.  81E6 FF000000 AND ESI,0FF
0040456C  |.  B9 50424B00 MOV ECX,Ekd5.004B4250
00404571  |.  E8 2ED50400 CALL Ekd5.00451AA4
00404576  |.  99          CDQ
00404577  |.  B9 30000000 MOV ECX,30
0040457C  |.  F7F9       IDIV ECX
0040457E  |.  2BF0       SUB ESI,EAX
00404580  |.  89B5 ECEFFFFF MOV DWORD PTR SS:[EBP-1014],ESI
00404586  |.  8BB5 E0EFFFFF MOV ESI,DWORD PTR SS:[EBP-1020]
0040458C  |.  81E6 FF000000 AND ESI,0FF
00404592  |.  B9 50424B00 MOV ECX,Ekd5.004B4250
00404597  |.  E8 F7D40400 CALL Ekd5.00451A93
0040459C  |.  99          CDQ
0040459D  |.  B9 30000000 MOV ECX,30
004045A2  |.  F7F9       IDIV ECX
004045A4  |.  2BF0       SUB ESI,EAX
004045A6  |.  89B5 F8EFFFFF MOV DWORD PTR SS:[EBP-1008],ESI
004045AC  |.  8BB5 E1EFFFFF MOV ESI,DWORD PTR SS:[EBP-101F]
004045B2  |.  81E6 FF000000 AND ESI,0FF
004045B8  |.  B9 50424B00 MOV ECX,Ekd5.004B4250
004045BD  |.  E8 E2D40400 CALL Ekd5.00451AA4
004045C2  |.  99          CDQ
004045C3  |.  B9 30000000 MOV ECX,30
004045C8  |.  F7F9       IDIV ECX
004045CA  |.  2BF0       SUB ESI,EAX
004045CC  |.  89B5 FCEFFFFF MOV DWORD PTR SS:[EBP-1004],ESI
004045D2  |.  8B95 F4EFFFFF MOV EDX,DWORD PTR SS:[EBP-100C]
004045D8  |.  6BD2 30    IMUL EDX,EDX,30
004045DB  |.  8995 DCEFFFFF MOV DWORD PTR SS:[EBP-1024],EDX
004045E1  |.  8B85 ECEFFFFF MOV EAX,DWORD PTR SS:[EBP-1014]
004045E7  |.  6BC0 30    IMUL EAX,EAX,30
004045EA  |.  83C0 38    ADD EAX,38
004045ED  |.  8985 D8EFFFFF MOV DWORD PTR SS:[EBP-1028],EAX
004045F3  |.  8B8D F8EFFFFF MOV ECX,DWORD PTR SS:[EBP-1008]
004045F9  |.  6BC9 30    IMUL ECX,ECX,30
004045FC  |.  898D D4EFFFFF MOV DWORD PTR SS:[EBP-102C],ECX
00404602  |.  8B95 FCEFFFFF MOV EDX,DWORD PTR SS:[EBP-1004]
00404608  |.  6BD2 30    IMUL EDX,EDX,30
0040460B  |.  83C2 38    ADD EDX,38
0040460E  |.  8995 D0EFFFFF MOV DWORD PTR SS:[EBP-1030],EDX
00404614  |.  C785 F0EFFFFF>MOV DWORD PTR SS:[EBP-1010],0

0040461E  |.  EB 0F       JMP SHORT Ekd5.0040462F

00404620  |>  8B85 F0EFFFFF /MOV EAX,DWORD PTR SS:[EBP-1010]
00404626  |.  83C0 01    |ADD EAX,1
00404629  |.  8985 F0EFFFFF |MOV DWORD PTR SS:[EBP-1010],EAX
0040462F  |>  83BD F0EFFFFF> CMP DWORD PTR SS:[EBP-1010],1B
00404636  |.  0F83 C1100000 |JNB Ekd5.004056FD  (if (变量>27) goto 结束 )
0040463C  |.  8B8D F0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1010]
00404642  |.  898D C8EFFFFF |MOV DWORD PTR SS:[EBP-1038],ECX
00404648  |.  83BD C8EFFFFF>|CMP DWORD PTR SS:[EBP-1038],19
0040464F  |.  0F87 92100000 |JA Ekd5.004056E7 (if (变量>25) goto 4056E7循环点)
00404655  |.  8B85 C8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1038]
0040465B  |.  33D2       |XOR EDX,EDX
0040465D  |.  8A90 2A574000 |MOV DL,BYTE PTR DS:[EAX+40572A]
0040572A .  00          DB 00                                  ;  分支 00405702 索引表
0040572B .  09          DB 09
0040572C .  01          DB 01
0040572D .  09          DB 09
0040572E .  09          DB 09             //02
0040572F .  09          DB 09
00405730 .  09          DB 09 //03
00405731 .  09          DB 09
00405732 .  02          DB 02 //01
00405733 .  09          DB 09
00405734 .  09          DB 09 //03
00405735 .  09          DB 09
00405736 .  03          DB 03 //04
00405737 .  04          DB 04 //05
00405738 .  05          DB 05 //05
00405739 .  06          DB 06 //06
0040573A .  09          DB 09
0040573B .  07          DB 07
0040573C .  09          DB 09
0040573D .  09          DB 09
0040573E .  09          DB 09
0040573F .  09          DB 09
00405740 .  09          DB 09
00405741 .  09          DB 09
00405742 .  09          DB 09
00405743 .  08          DB 08
00404663  |.  FF2495 025740>|JMP DWORD PTR DS:[EDX*4+405702]  跳转的计算
00405702 . \6A464000    DD Ekd5.0040466A                      ;  分支表被用于 00404663
00405706 .  08484000    DD Ekd5.00404808
0040570A .  31494000    DD Ekd5.00404931
0040570E .  BC4C4000    DD Ekd5.00404CBC
00405712 .  964D4000    DD Ekd5.00404D96
00405716 .  FA4F4000    DD Ekd5.00404FFA
0040571A .  2C524000    DD Ekd5.0040522C
0040571E .  5F534000    DD Ekd5.0040535F
00405722 .  4A554000    DD Ekd5.0040554A
00405726 .  E7564000    DD Ekd5.004056E7

0040466A  |>  E8 6C9F0100 |CALL Ekd5.0041E5DB
0040466F  |.  8B8D ECEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1014]
00404675  |.  51          |PUSH ECX                               ; /Arg2
00404676  |.  8B95 F4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-100C]       ; |
0040467C  |.  52          |PUSH EDX                               ; |Arg1
0040467D  |.  E8 77F0FFFF |CALL Ekd5.004036F9                   ; \Ekd5.004036F9
00404682  |.  83C4 08    |ADD ESP,8

00404685  |.  8B85 FCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1004]
0040468B  |.  50          |PUSH EAX                               ; /Arg2
0040468C  |.  8B8D F8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1008]       ; |
00404692  |.  51          |PUSH ECX                               ; |Arg1
00404693  |.  E8 61F0FFFF |CALL Ekd5.004036F9                   ; \Ekd5.004036F9
00404698  |.  83C4 08    |ADD ESP,8

0040469B  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
0040469D  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
0040469F  |.  68 00490000 |PUSH 4900                            ; |Arg1 = 00004900
004046A4  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
004046A9  |.  E8 92B30700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40

004046AE  |.  50          |PUSH EAX                               ; /Arg5
004046AF  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
004046B1  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
004046B3  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
004046B9  |.  83EA 08    |SUB EDX,8                            ; |
004046BC  |.  52          |PUSH EDX                               ; |Arg2
004046BD  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
004046C3  |.  83E8 08    |SUB EAX,8                            ; |
004046C6  |.  50          |PUSH EAX                               ; |Arg1
004046C7  |.  E8 1AD30400 |CALL Ekd5.004519E6                   ; \Ekd5.004519E6
004046CC  |.  83C4 14    |ADD ESP,14

004046CF  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
004046D1  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
004046D3  |.  68 00590000 |PUSH 5900                            ; |Arg1 = 00005900
004046D8  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
004046DD  |.  E8 5EB30700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40

004046E2  |.  50          |PUSH EAX                               ; /Arg5
004046E3  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
004046E5  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
004046E7  |.  8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030]       ; |
004046ED  |.  83E9 08    |SUB ECX,8                            ; |
004046F0  |.  51          |PUSH ECX                               ; |Arg2
004046F1  |.  8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C]       ; |
004046F7  |.  83EA 08    |SUB EDX,8                            ; |
004046FA  |.  52          |PUSH EDX                               ; |Arg1
004046FB  |.  E8 E6D20400 |CALL Ekd5.004519E6                   ; \Ekd5.004519E6
00404700  |.  83C4 14    |ADD ESP,14

00404703  |.  B9 083D4B00 |MOV ECX,Ekd5.004B3D08
00404708  |.  E8 23200000 |CALL Ekd5.00406730

0040470D  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
0040470F  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404711  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404713  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
00404718  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
0040471D  |.  E8 1EB30700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40

00404722  |.  50          |PUSH EAX                               ; |Arg5
00404723  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404725  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404727  |.  8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030]       ; |
0040472D  |.  83E8 08    |SUB EAX,8                            ; |
00404730  |.  50          |PUSH EAX                               ; |Arg2
00404731  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
00404737  |.  83E9 08    |SUB ECX,8                            ; |
0040473A  |.  51          |PUSH ECX                               ; |Arg1
0040473B  |.  E8 D3D10400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00404740  |.  83C4 18    |ADD ESP,18

00404743  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00404745  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404747  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404749  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
0040474E  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404753  |.  E8 E8B20700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40

00404758  |.  50          |PUSH EAX                               ; |Arg5
00404759  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
0040475B  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
0040475D  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
00404763  |.  83EA 08    |SUB EDX,8                            ; |
00404766  |.  52          |PUSH EDX                               ; |Arg2
00404767  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
0040476D  |.  83E8 08    |SUB EAX,8                            ; |
00404770  |.  50          |PUSH EAX                               ; |Arg1
00404771  |.  E8 9DD10400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00404776  |.  83C4 18    |ADD ESP,18

00404779  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
0040477F  |.  33D2       |XOR EDX,EDX
00404781  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]
00404784  |.  52          |PUSH EDX                               ; /Arg3
00404785  |.  8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030]       ; |
0040478B  |.  50          |PUSH EAX                               ; |Arg2
0040478C  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
00404792  |.  51          |PUSH ECX                               ; |Arg1
00404793  |.  E8 87A30300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
00404798  |.  83C4 0C    |ADD ESP,0C

0040479B  |.  6A 04       |PUSH 4
0040479D  |.  6A 00       |PUSH 0
0040479F  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
004047A5  |.  33C0       |XOR EAX,EAX
004047A7  |.  8A02       |MOV AL,BYTE PTR DS:[EDX]
004047A9  |.  8BF0       |MOV ESI,EAX
004047AB  |.  69F6 00630000 |IMUL ESI,ESI,6300
004047B1  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004047B7  |.  33D2       |XOR EDX,EDX
004047B9  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]
004047BB  |.  52          |PUSH EDX                               ; /Arg1
004047BC  |.  E8 549D0300 |CALL Ekd5.0043E515                   ; \Ekd5.0043E515

004047C1  |.  83C4 04    |ADD ESP,4
004047C4  |.  83C0 06    |ADD EAX,6                            ; |
004047C7  |.  69C0 00090000 |IMUL EAX,EAX,900                      ; |
004047CD  |.  03F0       |ADD ESI,EAX                            ; |
004047CF  |.  56          |PUSH ESI                               ; |Arg1
004047D0  |.  B9 80AB4A00 |MOV ECX,Ekd5.004AAB80                ; |
004047D5  |.  E8 66B20700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40

004047DA  |.  50          |PUSH EAX                               ; /Arg6
004047DB  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
004047E1  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]             ; |
004047E3  |.  51          |PUSH ECX                               ; |Arg5
004047E4  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
004047E6  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
004047E8  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
004047EE  |.  52          |PUSH EDX                               ; |Arg2
004047EF  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
004047F5  |.  50          |PUSH EAX                               ; |Arg1
004047F6  |.  E8 81CB0400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
004047FB  |.  83C4 18    |ADD ESP,18
004047FE  |.  E8 F39D0100 |CALL Ekd5.0041E5F6
00404803  |.  E9 DF0E0000 |JMP Ekd5.004056E7

00404808  |>  E8 CE9D0100 |CALL Ekd5.0041E5DB 第一个攻击动作
0040480D  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
0040480F  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404811  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404813  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
00404818  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
0040481D  |.  E8 1EB20700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40

00404822  |.  50          |PUSH EAX                               ; |Arg5
00404823  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404825  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404827  |.  8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030]       ; |
0040482D  |.  83E9 08    |SUB ECX,8                            ; |
00404830  |.  51          |PUSH ECX                               ; |Arg2
00404831  |.  8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C]       ; |
00404837  |.  83EA 08    |SUB EDX,8                            ; |
0040483A  |.  52          |PUSH EDX                               ; |Arg1
0040483B  |.  E8 D3D00400 |CALL Ekd5.00451913                   ; \Ekd5.00451913

00404840  |.  83C4 18    |ADD ESP,18
00404843  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00404845  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404847  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404849  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
0040484E  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404853  |.  E8 E8B10700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40

00404858  |.  50          |PUSH EAX                               ; |Arg5
00404859  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
0040485B  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
0040485D  |.  8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028]       ; |
00404863  |.  83E8 08    |SUB EAX,8                            ; |
00404866  |.  50          |PUSH EAX                               ; |Arg2
00404867  |.  8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024]       ; |
0040486D  |.  83E9 08    |SUB ECX,8                            ; |
00404870  |.  51          |PUSH ECX                               ; |Arg1
00404871  |.  E8 9DD00400 |CALL Ekd5.00451913                   ; \Ekd5.00451913

00404876  |.  83C4 18    |ADD ESP,18
00404879  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
0040487F  |.  33C0       |XOR EAX,EAX
00404881  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]
00404884  |.  50          |PUSH EAX                               ; /Arg3
00404885  |.  8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030]       ; |
0040488B  |.  51          |PUSH ECX                               ; |Arg2
0040488C  |.  8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C]       ; |
00404892  |.  52          |PUSH EDX                               ; |Arg1
00404893  |.  E8 87A20300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
00404898  |.  83C4 0C    |ADD ESP,0C

0040489B  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
0040489D  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
0040489F  |.  6A 00       |PUSH 0                               ; |Arg1 = 00000000
004048A1  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
004048A6  |.  E8 95B10700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
004048AB  |.  50          |PUSH EAX                               ; /Arg6
004048AC  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
004048B2  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]             ; |
004048B4  |.  51          |PUSH ECX                               ; |Arg5
004048B5  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
004048B7  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
004048B9  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
004048BF  |.  83EA 08    |SUB EDX,8                            ; |
004048C2  |.  52          |PUSH EDX                               ; |Arg2
004048C3  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
004048C9  |.  83E8 08    |SUB EAX,8                            ; |
004048CC  |.  50          |PUSH EAX                               ; |Arg1
004048CD  |.  E8 AACA0400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
004048D2  |.  83C4 18    |ADD ESP,18
004048D5  |.  E8 1C9D0100 |CALL Ekd5.0041E5F6 第一个攻击动作
004048DA  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004048E0  |.  8B49 0C    |MOV ECX,DWORD PTR DS:[ECX+C]
004048E3  |.  E8 3EB70300 |CALL Ekd5.00440026
004048E8  |.  85C0       |TEST EAX,EAX
004048EA  |.  74 10       |JE SHORT Ekd5.004048FC
004048EC  |.  6A 01       |PUSH 1                               ; /Arg2 = 00000001
004048EE  |.  6A 22       |PUSH 22                               ; |Arg1 = 00000022
004048F0  |.  B9 B0694B00 |MOV ECX,Ekd5.004B69B0                ; |
004048F5  |.  E8 80FD0600 |CALL Ekd5.0047467A                   ; \Ekd5.0047467A
004048FA  |.  EB 30       |JMP SHORT Ekd5.0040492C
004048FC  |>  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00404902  |.  8B4A 0C    |MOV ECX,DWORD PTR DS:[EDX+C]
00404905  |.  E8 FFB60300 |CALL Ekd5.00440009
0040490A  |.  85C0       |TEST EAX,EAX
0040490C  |.  74 10       |JE SHORT Ekd5.0040491E
0040490E  |.  6A 01       |PUSH 1                               ; /Arg2 = 00000001
00404910  |.  6A 25       |PUSH 25                               ; |Arg1 = 00000025
00404912  |.  B9 B0694B00 |MOV ECX,Ekd5.004B69B0                ; |
00404917  |.  E8 5EFD0600 |CALL Ekd5.0047467A                   ; \Ekd5.0047467A
0040491C  |.  EB 0E       |JMP SHORT Ekd5.0040492C
0040491E  |>  6A 01       |PUSH 1                               ; /Arg2 = 00000001
00404920  |.  6A 20       |PUSH 20                               ; |Arg1 = 00000020
00404922  |.  B9 B0694B00 |MOV ECX,Ekd5.004B69B0                ; |
00404927  |.  E8 4EFD0600 |CALL Ekd5.0047467A                   ; \Ekd5.0047467A

0040492C  |>  E9 B60D0000 |JMP Ekd5.004056E7    返回最后

00404931  |>  E8 A59C0100 |CALL Ekd5.0041E5DB
00404936  |.  B9 083D4B00 |MOV ECX,Ekd5.004B3D08
0040493B  |.  E8 F01D0000 |CALL Ekd5.00406730
00404940  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00404942  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404944  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404946  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
0040494B  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404950  |.  E8 EBB00700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00404955  |.  50          |PUSH EAX                               ; |Arg5
00404956  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404958  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
0040495A  |.  8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030]       ; |
00404960  |.  83E8 08    |SUB EAX,8                            ; |
00404963  |.  50          |PUSH EAX                               ; |Arg2
00404964  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
0040496A  |.  83E9 08    |SUB ECX,8                            ; |
0040496D  |.  51          |PUSH ECX                               ; |Arg1
0040496E  |.  E8 A0CF0400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00404973  |.  83C4 18    |ADD ESP,18
00404976  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00404978  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
0040497A  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
0040497C  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
00404981  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404986  |.  E8 B5B00700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
0040498B  |.  50          |PUSH EAX                               ; |Arg5
0040498C  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
0040498E  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404990  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
00404996  |.  83EA 08    |SUB EDX,8                            ; |
00404999  |.  52          |PUSH EDX                               ; |Arg2
0040499A  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
004049A0  |.  83E8 08    |SUB EAX,8                            ; |
004049A3  |.  50          |PUSH EAX                               ; |Arg1
004049A4  |.  E8 6ACF0400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
004049A9  |.  83C4 18    |ADD ESP,18
004049AC  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004049B2  |.  33D2       |XOR EDX,EDX
004049B4  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]
004049B7  |.  52          |PUSH EDX                               ; /Arg3
004049B8  |.  8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030]       ; |
004049BE  |.  50          |PUSH EAX                               ; |Arg2
004049BF  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
004049C5  |.  51          |PUSH ECX                               ; |Arg1
004049C6  |.  E8 54A10300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
004049CB  |.  83C4 0C    |ADD ESP,0C
004049CE  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
004049D4  |.  8B4A 0C    |MOV ECX,DWORD PTR DS:[EDX+C]
004049D7  |.  E8 2DB60300 |CALL Ekd5.00440009
004049DC  |.  85C0       |TEST EAX,EAX
004049DE  |.  0F84 78010000 |JE Ekd5.00404B5C

004049E4  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
004049EA  |.  83B8 04060000>|CMP DWORD PTR DS:[EAX+604],0
004049F1  |.  0F84 0D010000 |JE Ekd5.00404B04

004049F7  |.  68 00100000 |PUSH 1000                            ; /Arg3 = 00001000
004049FC  |.  8D8D 00F0FFFF |LEA ECX,DWORD PTR SS:[EBP-1000]       ; |
00404A02  |.  51          |PUSH ECX                               ; |Arg2
00404A03  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404A05  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404A07  |.  68 00100000 |PUSH 1000                            ; ||Arg1 = 00001000
00404A0C  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404A11  |.  E8 2AB00700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40

00404A16  |.  50          |PUSH EAX                               ; |Arg1
00404A17  |.  E8 E1B20700 |CALL Ekd5.0047FCFD                   ; \Ekd5.0047FCFD

00404A1C  |.  83C4 0C    |ADD ESP,0C
00404A1F  |.  8D95 00F0FFFF |LEA EDX,DWORD PTR SS:[EBP-1000]
00404A25  |.  52          |PUSH EDX                               ; /Arg6
00404A26  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
00404A2C  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]             ; |
00404A2E  |.  51          |PUSH ECX                               ; |Arg5
00404A2F  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404A31  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404A33  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
00404A39  |.  83EA 08    |SUB EDX,8                            ; |
00404A3C  |.  52          |PUSH EDX                               ; |Arg2
00404A3D  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
00404A43  |.  83E8 08    |SUB EAX,8                            ; |
00404A46  |.  50          |PUSH EAX                               ; |Arg1
00404A47  |.  E8 30C90400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404A4C  |.  83C4 18    |ADD ESP,18
00404A4F  |.  E8 A29B0100 |CALL Ekd5.0041E5F6
00404A54  |.  6A 01       |PUSH 1                               ; /Arg2 = 00000001
00404A56  |.  6A 21       |PUSH 21                               ; |Arg1 = 00000021
00404A58  |.  B9 B0694B00 |MOV ECX,Ekd5.004B69B0                ; |
00404A5D  |.  E8 18FC0600 |CALL Ekd5.0047467A                   ; \Ekd5.0047467A
00404A62  |.  C685 E4EFFFFF>|MOV BYTE PTR SS:[EBP-101C],0
00404A69  |.  EB 0F       |JMP SHORT Ekd5.00404A7A
00404A6B  |>  8A8D E4EFFFFF |/MOV CL,BYTE PTR SS:[EBP-101C]
00404A71  |.  80C1 01    ||ADD CL,1
00404A74  |.  888D E4EFFFFF ||MOV BYTE PTR SS:[EBP-101C],CL
00404A7A  |>  8B95 E4EFFFFF | MOV EDX,DWORD PTR SS:[EBP-101C]
00404A80  |.  81E2 FF000000 ||AND EDX,0FF
00404A86  |.  83FA 06    ||CMP EDX,6
00404A89  |.  7D 77       ||JGE SHORT Ekd5.00404B02
00404A8B  |.  6A 01       ||PUSH 1                               ; /Arg1 = 00000001
00404A8D  |.  B9 181B4B00 ||MOV ECX,Ekd5.004B1B18                ; |
00404A92  |.  E8 A9E8FFFF ||CALL Ekd5.00403340                   ; \Ekd5.00403340
00404A97  |.  E8 447A0200 ||CALL Ekd5.0042C4E0
00404A9C  |.  E8 3A9B0100 ||CALL Ekd5.0041E5DB
00404AA1  |.  8B85 E4EFFFFF ||MOV EAX,DWORD PTR SS:[EBP-101C]
00404AA7  |.  25 FF000000 ||AND EAX,0FF
00404AAC  |.  99          ||CDQ
00404AAD  |.  2BC2       ||SUB EAX,EDX
00404AAF  |.  D1F8       ||SAR EAX,1
00404AB1  |.  83C0 01    ||ADD EAX,1
00404AB4  |.  50          ||PUSH EAX                            ; /Arg4
00404AB5  |.  6A 40       ||PUSH 40                               ; |Arg3 = 00000040
00404AB7  |.  6A 40       ||PUSH 40                               ; |Arg2 = 00000040
00404AB9  |.  8D85 00F0FFFF ||LEA EAX,DWORD PTR SS:[EBP-1000]       ; |
00404ABF  |.  50          ||PUSH EAX                            ; |Arg1
00404AC0  |.  E8 FBB80200 ||CALL Ekd5.004303C0                   ; \Ekd5.004303C0
00404AC5  |.  83C4 10    ||ADD ESP,10
00404AC8  |.  8D8D 00F0FFFF ||LEA ECX,DWORD PTR SS:[EBP-1000]

00404ACE  |.  51          ||PUSH ECX                            ; /Arg6
00404ACF  |.  8B95 CCEFFFFF ||MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
00404AD5  |.  8A02       ||MOV AL,BYTE PTR DS:[EDX]             ; |
00404AD7  |.  50          ||PUSH EAX                            ; |Arg5
00404AD8  |.  6A 40       ||PUSH 40                               ; |Arg4 = 00000040
00404ADA  |.  6A 40       ||PUSH 40                               ; |Arg3 = 00000040
00404ADC  |.  8B8D D8EFFFFF ||MOV ECX,DWORD PTR SS:[EBP-1028]       ; |
00404AE2  |.  83E9 08    ||SUB ECX,8                            ; |
00404AE5  |.  51          ||PUSH ECX                            ; |Arg2
00404AE6  |.  8B95 DCEFFFFF ||MOV EDX,DWORD PTR SS:[EBP-1024]       ; |
00404AEC  |.  83EA 08    ||SUB EDX,8                            ; |
00404AEF  |.  52          ||PUSH EDX                            ; |Arg1
00404AF0  |.  E8 87C80400 ||CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404AF5  |.  83C4 18    ||ADD ESP,18
00404AF8  |.  E8 F99A0100 ||CALL Ekd5.0041E5F6

00404AFD  |.^ E9 69FFFFFF |\JMP Ekd5.00404A6B
00404B02  |>  EB 3D       |JMP SHORT Ekd5.00404B41

00404B04  |>  6A 04       |PUSH 4                               ; /Arg3 = 00000004
00404B06  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
00404B08  |.  68 00100000 |PUSH 1000                            ; |Arg1 = 00001000
00404B0D  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
00404B12  |.  E8 29AF0700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40

00404B17  |.  50          |PUSH EAX                               ; /Arg6
00404B18  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
00404B1E  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]             ; |
00404B20  |.  51          |PUSH ECX                               ; |Arg5
00404B21  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404B23  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404B25  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
00404B2B  |.  83EA 08    |SUB EDX,8                            ; |
00404B2E  |.  52          |PUSH EDX                               ; |Arg2
00404B2F  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
00404B35  |.  83E8 08    |SUB EAX,8                            ; |
00404B38  |.  50          |PUSH EAX                               ; |Arg1
00404B39  |.  E8 3EC80400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404B3E  |.  83C4 18    |ADD ESP,18
00404B41  |>  E8 B09A0100 |CALL Ekd5.0041E5F6

00404B46  |.  6A 08       |PUSH 8                               ; /Arg1 = 00000008
00404B48  |.  B9 181B4B00 |MOV ECX,Ekd5.004B1B18                ; |
00404B4D  |.  E8 EEE7FFFF |CALL Ekd5.00403340                   ; \Ekd5.00403340
00404B52  |.  E8 89790200 |CALL Ekd5.0042C4E0
00404B57  |.  E9 5B010000 |JMP Ekd5.00404CB7

00404B5C  |>  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
00404B62  |.  83B9 04060000>|CMP DWORD PTR DS:[ECX+604],0
00404B69  |.  0F84 09010000 |JE Ekd5.00404C78
00404B6F  |.  68 00100000 |PUSH 1000                            ; /Arg3 = 00001000
00404B74  |.  8D95 00F0FFFF |LEA EDX,DWORD PTR SS:[EBP-1000]       ; |
00404B7A  |.  52          |PUSH EDX                               ; |Arg2
00404B7B  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404B7D  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404B7F  |.  6A 00       |PUSH 0                               ; ||Arg1 = 00000000
00404B81  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404B86  |.  E8 B5AE0700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00404B8B  |.  50          |PUSH EAX                               ; |Arg1
00404B8C  |.  E8 6CB10700 |CALL Ekd5.0047FCFD                   ; \Ekd5.0047FCFD
00404B91  |.  83C4 0C    |ADD ESP,0C
00404B94  |.  8D85 00F0FFFF |LEA EAX,DWORD PTR SS:[EBP-1000]
00404B9A  |.  50          |PUSH EAX                               ; /Arg6
00404B9B  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00404BA1  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]             ; |
00404BA3  |.  52          |PUSH EDX                               ; |Arg5
00404BA4  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404BA6  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404BA8  |.  8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028]       ; |
00404BAE  |.  83E8 08    |SUB EAX,8                            ; |
00404BB1  |.  50          |PUSH EAX                               ; |Arg2
00404BB2  |.  8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024]       ; |
00404BB8  |.  83E9 08    |SUB ECX,8                            ; |
00404BBB  |.  51          |PUSH ECX                               ; |Arg1
00404BBC  |.  E8 BBC70400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404BC1  |.  83C4 18    |ADD ESP,18
00404BC4  |.  E8 2D9A0100 |CALL Ekd5.0041E5F6
00404BC9  |.  6A 01       |PUSH 1                               ; /Arg2 = 00000001
00404BCB  |.  6A 21       |PUSH 21                               ; |Arg1 = 00000021
00404BCD  |.  B9 B0694B00 |MOV ECX,Ekd5.004B69B0                ; |
00404BD2  |.  E8 A3FA0600 |CALL Ekd5.0047467A                   ; \Ekd5.0047467A
00404BD7  |.  C685 E4EFFFFF>|MOV BYTE PTR SS:[EBP-101C],0
00404BDE  |.  EB 0F       |JMP SHORT Ekd5.00404BEF
00404BE0  |>  8A95 E4EFFFFF |/MOV DL,BYTE PTR SS:[EBP-101C]
00404BE6  |.  80C2 01    ||ADD DL,1
00404BE9  |.  8895 E4EFFFFF ||MOV BYTE PTR SS:[EBP-101C],DL
00404BEF  |>  8B85 E4EFFFFF | MOV EAX,DWORD PTR SS:[EBP-101C]
00404BF5  |.  25 FF000000 ||AND EAX,0FF
00404BFA  |.  83F8 06    ||CMP EAX,6
00404BFD  |.  7D 77       ||JGE SHORT Ekd5.00404C76
00404BFF  |.  6A 01       ||PUSH 1                               ; /Arg1 = 00000001
00404C01  |.  B9 181B4B00 ||MOV ECX,Ekd5.004B1B18                ; |
00404C06  |.  E8 35E7FFFF ||CALL Ekd5.00403340                   ; \Ekd5.00403340
00404C0B  |.  E8 D0780200 ||CALL Ekd5.0042C4E0
00404C10  |.  E8 C6990100 ||CALL Ekd5.0041E5DB
00404C15  |.  8B85 E4EFFFFF ||MOV EAX,DWORD PTR SS:[EBP-101C]
00404C1B  |.  25 FF000000 ||AND EAX,0FF
00404C20  |.  99          ||CDQ
00404C21  |.  2BC2       ||SUB EAX,EDX
00404C23  |.  D1F8       ||SAR EAX,1
00404C25  |.  83C0 01    ||ADD EAX,1
00404C28  |.  50          ||PUSH EAX                            ; /Arg4
00404C29  |.  6A 40       ||PUSH 40                               ; |Arg3 = 00000040
00404C2B  |.  6A 40       ||PUSH 40                               ; |Arg2 = 00000040
00404C2D  |.  8D8D 00F0FFFF ||LEA ECX,DWORD PTR SS:[EBP-1000]       ; |
00404C33  |.  51          ||PUSH ECX                            ; |Arg1
00404C34  |.  E8 87B70200 ||CALL Ekd5.004303C0                   ; \Ekd5.004303C0
00404C39  |.  83C4 10    ||ADD ESP,10
00404C3C  |.  8D95 00F0FFFF ||LEA EDX,DWORD PTR SS:[EBP-1000]

00404C42  |.  52          ||PUSH EDX                            ; /Arg6
00404C43  |.  8B85 CCEFFFFF ||MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
00404C49  |.  8A08       ||MOV CL,BYTE PTR DS:[EAX]             ; |
00404C4B  |.  51          ||PUSH ECX                            ; |Arg5
00404C4C  |.  6A 40       ||PUSH 40                               ; |Arg4 = 00000040
00404C4E  |.  6A 40       ||PUSH 40                               ; |Arg3 = 00000040
00404C50  |.  8B95 D8EFFFFF ||MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
00404C56  |.  83EA 08    ||SUB EDX,8                            ; |
00404C59  |.  52          ||PUSH EDX                            ; |Arg2
00404C5A  |.  8B85 DCEFFFFF ||MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
00404C60  |.  83E8 08    ||SUB EAX,8                            ; |
00404C63  |.  50          ||PUSH EAX                            ; |Arg1
00404C64  |.  E8 13C70400 ||CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404C69  |.  83C4 18    ||ADD ESP,18

00404C6C  |.  E8 85990100 ||CALL Ekd5.0041E5F6
00404C71  |.^ E9 6AFFFFFF |\JMP Ekd5.00404BE0
00404C76  |>  EB 3A       |JMP SHORT Ekd5.00404CB2

00404C78  |>  6A 04       |PUSH 4                               ; /Arg3 = 00000004
00404C7A  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
00404C7C  |.  6A 00       |PUSH 0                               ; |Arg1 = 00000000
00404C7E  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
00404C83  |.  E8 B8AD0700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40

00404C88  |.  50          |PUSH EAX                               ; /Arg6
00404C89  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00404C8F  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]             ; |
00404C91  |.  52          |PUSH EDX                               ; |Arg5
00404C92  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404C94  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404C96  |.  8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028]       ; |
00404C9C  |.  83E8 08    |SUB EAX,8                            ; |
00404C9F  |.  50          |PUSH EAX                               ; |Arg2
00404CA0  |.  8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024]       ; |
00404CA6  |.  83E9 08    |SUB ECX,8                            ; |
00404CA9  |.  51          |PUSH ECX                               ; |Arg1
00404CAA  |.  E8 CDC60400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404CAF  |.  83C4 18    |ADD ESP,18
00404CB2  |>  E8 3F990100 |CALL Ekd5.0041E5F6 被攻击者第一个动作
00404CB7  |>  E9 2B0A0000 |JMP Ekd5.004056E7

00404CBC  |>  E8 1A990100 |CALL Ekd5.0041E5DB //第二个攻击动作
00404CC1  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00404CC3  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404CC5  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404CC7  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
00404CCC  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404CD1  |.  E8 6AAD0700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00404CD6  |.  50          |PUSH EAX                               ; |Arg5
00404CD7  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404CD9  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404CDB  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
00404CE1  |.  83EA 08    |SUB EDX,8                            ; |
00404CE4  |.  52          |PUSH EDX                               ; |Arg2
00404CE5  |.  8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C]       ; |
00404CEB  |.  83E8 08    |SUB EAX,8                            ; |
00404CEE  |.  50          |PUSH EAX                               ; |Arg1
00404CEF  |.  E8 1FCC0400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00404CF4  |.  83C4 18    |ADD ESP,18
00404CF7  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00404CF9  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404CFB  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404CFD  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
00404D02  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404D07  |.  E8 34AD0700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00404D0C  |.  50          |PUSH EAX                               ; |Arg5
00404D0D  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404D0F  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404D11  |.  8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028]       ; |
00404D17  |.  83E9 08    |SUB ECX,8                            ; |
00404D1A  |.  51          |PUSH ECX                               ; |Arg2
00404D1B  |.  8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024]       ; |
00404D21  |.  83EA 08    |SUB EDX,8                            ; |
00404D24  |.  52          |PUSH EDX                               ; |Arg1
00404D25  |.  E8 E9CB0400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00404D2A  |.  83C4 18    |ADD ESP,18
00404D2D  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00404D33  |.  33C9       |XOR ECX,ECX
00404D35  |.  8A48 01    |MOV CL,BYTE PTR DS:[EAX+1]
00404D38  |.  51          |PUSH ECX                               ; /Arg3
00404D39  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
00404D3F  |.  52          |PUSH EDX                               ; |Arg2
00404D40  |.  8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C]       ; |
00404D46  |.  50          |PUSH EAX                               ; |Arg1
00404D47  |.  E8 D39D0300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
00404D4C  |.  83C4 0C    |ADD ESP,0C

00404D4F  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
00404D51  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
00404D53  |.  68 00100000 |PUSH 1000                            ; |Arg1 = 00001000
00404D58  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
00404D5D  |.  E8 DEAC0700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40

00404D62  |.  50          |PUSH EAX                               ; /Arg6
00404D63  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00404D69  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]             ; |
00404D6B  |.  52          |PUSH EDX                               ; |Arg5
00404D6C  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404D6E  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404D70  |.  8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028]       ; |
00404D76  |.  83E8 08    |SUB EAX,8                            ; |
00404D79  |.  50          |PUSH EAX                               ; |Arg2
00404D7A  |.  8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024]       ; |
00404D80  |.  83E9 08    |SUB ECX,8                            ; |
00404D83  |.  51          |PUSH ECX                               ; |Arg1
00404D84  |.  E8 F3C50400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404D89  |.  83C4 18    |ADD ESP,18
00404D8C  |.  E8 65980100 |CALL Ekd5.0041E5F6 第二个攻击动作
00404D91  |.  E9 51090000 |JMP Ekd5.004056E7

00404D96  |>  E8 40980100 |CALL Ekd5.0041E5DB
00404D9B  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00404D9D  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404D9F  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404DA1  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
00404DA6  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404DAB  |.  E8 90AC0700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00404DB0  |.  50          |PUSH EAX                               ; |Arg5
00404DB1  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404DB3  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404DB5  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
00404DBB  |.  83EA 08    |SUB EDX,8                            ; |
00404DBE  |.  52          |PUSH EDX                               ; |Arg2
00404DBF  |.  8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C]       ; |
00404DC5  |.  83E8 08    |SUB EAX,8                            ; |
00404DC8  |.  50          |PUSH EAX                               ; |Arg1
00404DC9  |.  E8 45CB0400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00404DCE  |.  83C4 18    |ADD ESP,18
00404DD1  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00404DD3  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404DD5  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404DD7  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
00404DDC  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404DE1  |.  E8 5AAC0700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00404DE6  |.  50          |PUSH EAX                               ; |Arg5
00404DE7  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404DE9  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404DEB  |.  8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028]       ; |
00404DF1  |.  83E9 08    |SUB ECX,8                            ; |
00404DF4  |.  51          |PUSH ECX                               ; |Arg2
00404DF5  |.  8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024]       ; |
00404DFB  |.  83EA 08    |SUB EDX,8                            ; |
00404DFE  |.  52          |PUSH EDX                               ; |Arg1
00404DFF  |.  E8 0FCB0400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00404E04  |.  83C4 18    |ADD ESP,18
00404E07  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00404E0D  |.  33C9       |XOR ECX,ECX
00404E0F  |.  8A48 01    |MOV CL,BYTE PTR DS:[EAX+1]
00404E12  |.  6BC9 24    |IMUL ECX,ECX,24
00404E15  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00404E1B  |.  E8 70DE0600 |CALL Ekd5.00472C90
00404E20  |.  85C0       |TEST EAX,EAX
00404E22  |.  75 35       |JNZ SHORT Ekd5.00404E59
00404E24  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00404E2A  |.  33C0       |XOR EAX,EAX
00404E2C  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]
00404E2F  |.  50          |PUSH EAX                               ; /Arg3
00404E30  |.  8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030]       ; |
00404E36  |.  51          |PUSH ECX                               ; |Arg2
00404E37  |.  8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C]       ; |
00404E3D  |.  52          |PUSH EDX                               ; |Arg1
00404E3E  |.  E8 DC9C0300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
00404E43  |.  83C4 0C    |ADD ESP,0C
00404E46  |.  6A 01       |PUSH 1                               ; /Arg2 = 00000001
00404E48  |.  6A 07       |PUSH 7                               ; |Arg1 = 00000007
00404E4A  |.  B9 B0694B00 |MOV ECX,Ekd5.004B69B0                ; |
00404E4F  |.  E8 26F80600 |CALL Ekd5.0047467A                   ; \Ekd5.0047467A
00404E54  |.  E9 5A010000 |JMP Ekd5.00404FB3
00404E59  |>  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00404E5F  |.  83B8 84000000>|CMP DWORD PTR DS:[EAX+84],0
00404E66  |.  0F85 A5000000 |JNZ Ekd5.00404F11
00404E6C  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
00404E72  |.  83B9 54020000>|CMP DWORD PTR DS:[ECX+254],0
00404E79  |.  0F85 92000000 |JNZ Ekd5.00404F11
00404E7F  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
00404E81  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
00404E83  |.  68 00400000 |PUSH 4000                            ; |Arg1 = 00004000
00404E88  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
00404E8D  |.  E8 AEAB0700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
00404E92  |.  50          |PUSH EAX                               ; /Arg6
00404E93  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
00404E99  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]             ; |
00404E9C  |.  50          |PUSH EAX                               ; |Arg5
00404E9D  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
00404E9F  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00404EA1  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00404EA7  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
00404EAD  |.  0391 10060000 |ADD EDX,DWORD PTR DS:[ECX+610]       ; |
00404EB3  |.  52          |PUSH EDX                               ; |Arg2
00404EB4  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
00404EBA  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
00404EC0  |.  0388 0C060000 |ADD ECX,DWORD PTR DS:[EAX+60C]       ; |
00404EC6  |.  51          |PUSH ECX                               ; |Arg1
00404EC7  |.  E8 B0C40400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404ECC  |.  83C4 18    |ADD ESP,18
00404ECF  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00404ED5  |.  8A02       |MOV AL,BYTE PTR DS:[EDX]
00404ED7  |.  50          |PUSH EAX                               ; /Arg2
00404ED8  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00404EDE  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]             ; |
00404EE1  |.  52          |PUSH EDX                               ; |Arg1
00404EE2  |.  E8 42090300 |CALL Ekd5.00435829                   ; \Ekd5.00435829
00404EE7  |.  83C4 08    |ADD ESP,8
00404EEA  |.  6A 01       |PUSH 1                               ; /Arg2 = 00000001
00404EEC  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
00404EF2  |.  33C9       |XOR ECX,ECX                            ; |
00404EF4  |.  83B8 04060000>|CMP DWORD PTR DS:[EAX+604],0          ; |
00404EFB  |.  0F95C1       |SETNE CL                               ; |
00404EFE  |.  83C1 1E    |ADD ECX,1E                            ; |
00404F01  |.  51          |PUSH ECX                               ; |Arg1
00404F02  |.  B9 B0694B00 |MOV ECX,Ekd5.004B69B0                ; |
00404F07  |.  E8 6EF70600 |CALL Ekd5.0047467A                   ; \Ekd5.0047467A
00404F0C  |.  E9 A2000000 |JMP Ekd5.00404FB3
00404F11  |>  68 00090000 |PUSH 900                               ; /Arg3 = 00000900
00404F16  |.  8D95 00F0FFFF |LEA EDX,DWORD PTR SS:[EBP-1000]       ; |
00404F1C  |.  52          |PUSH EDX                               ; |Arg2
00404F1D  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00404F1F  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00404F21  |.  68 00400000 |PUSH 4000                            ; ||Arg1 = 00004000
00404F26  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00404F2B  |.  E8 10AB0700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00404F30  |.  50          |PUSH EAX                               ; |Arg1
00404F31  |.  E8 C7AD0700 |CALL Ekd5.0047FCFD                   ; \Ekd5.0047FCFD
00404F36  |.  83C4 0C    |ADD ESP,0C
00404F39  |.  6A 0C       |PUSH 0C                               ; /Arg4 = 0000000C
00404F3B  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00404F3D  |.  6A 30       |PUSH 30                               ; |Arg2 = 00000030
00404F3F  |.  8D85 00F0FFFF |LEA EAX,DWORD PTR SS:[EBP-1000]       ; |
00404F45  |.  50          |PUSH EAX                               ; |Arg1
00404F46  |.  E8 75B40200 |CALL Ekd5.004303C0                   ; \Ekd5.004303C0
00404F4B  |.  83C4 10    |ADD ESP,10
00404F4E  |.  8D8D 00F0FFFF |LEA ECX,DWORD PTR SS:[EBP-1000]
00404F54  |.  51          |PUSH ECX                               ; /Arg6
00404F55  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
00404F5B  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]             ; |
00404F5E  |.  50          |PUSH EAX                               ; |Arg5
00404F5F  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
00404F61  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00404F63  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00404F69  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
00404F6F  |.  0391 10060000 |ADD EDX,DWORD PTR DS:[ECX+610]       ; |
00404F75  |.  52          |PUSH EDX                               ; |Arg2
00404F76  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
00404F7C  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
00404F82  |.  0388 0C060000 |ADD ECX,DWORD PTR DS:[EAX+60C]       ; |
00404F88  |.  51          |PUSH ECX                               ; |Arg1
00404F89  |.  E8 EEC30400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404F8E  |.  83C4 18    |ADD ESP,18
00404F91  |.  6A 01       |PUSH 1                               ; /Arg2 = 00000001
00404F93  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
00404F99  |.  33C0       |XOR EAX,EAX                            ; |
00404F9B  |.  83BA 04060000>|CMP DWORD PTR DS:[EDX+604],0          ; |
00404FA2  |.  0F95C0       |SETNE AL                               ; |
00404FA5  |.  83C0 23    |ADD EAX,23                            ; |
00404FA8  |.  50          |PUSH EAX                               ; |Arg1
00404FA9  |.  B9 B0694B00 |MOV ECX,Ekd5.004B69B0                ; |
00404FAE  |.  E8 C7F60600 |CALL Ekd5.0047467A                   ; \Ekd5.0047467A

00404FB3  |>  6A 04       |PUSH 4                               ; /Arg3 = 00000004
00404FB5  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
00404FB7  |.  68 00200000 |PUSH 2000                            ; |Arg1 = 00002000
00404FBC  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
00404FC1  |.  E8 7AAA0700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40

00404FC6  |.  50          |PUSH EAX                               ; /Arg6
00404FC7  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00404FCD  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]             ; |
00404FCF  |.  52          |PUSH EDX                               ; |Arg5
00404FD0  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00404FD2  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00404FD4  |.  8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028]       ; |
00404FDA  |.  83E8 08    |SUB EAX,8                            ; |
00404FDD  |.  50          |PUSH EAX                               ; |Arg2
00404FDE  |.  8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024]       ; |
00404FE4  |.  83E9 08    |SUB ECX,8                            ; |
00404FE7  |.  51          |PUSH ECX                               ; |Arg1
00404FE8  |.  E8 8FC30400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00404FED  |.  83C4 18    |ADD ESP,18
00404FF0  |.  E8 01960100 |CALL Ekd5.0041E5F6    第三个攻击动作被攻击者动作也有（被攻击者图发光）
00404FF5  |.  E9 ED060000 |JMP Ekd5.004056E7

00404FFA  |>  E8 DC950100 |CALL Ekd5.0041E5DB
00404FFF  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00405001  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00405003  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00405005  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
0040500A  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
0040500F  |.  E8 2CAA0700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00405014  |.  50          |PUSH EAX                               ; |Arg5
00405015  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00405017  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00405019  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
0040501F  |.  83EA 08    |SUB EDX,8                            ; |
00405022  |.  52          |PUSH EDX                               ; |Arg2
00405023  |.  8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C]       ; |
00405029  |.  83E8 08    |SUB EAX,8                            ; |
0040502C  |.  50          |PUSH EAX                               ; |Arg1
0040502D  |.  E8 E1C80400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00405032  |.  83C4 18    |ADD ESP,18
00405035  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00405037  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00405039  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
0040503B  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
00405040  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00405045  |.  E8 F6A90700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
0040504A  |.  50          |PUSH EAX                               ; |Arg5
0040504B  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
0040504D  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
0040504F  |.  8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028]       ; |
00405055  |.  83E9 08    |SUB ECX,8                            ; |
00405058  |.  51          |PUSH ECX                               ; |Arg2
00405059  |.  8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024]       ; |
0040505F  |.  83EA 08    |SUB EDX,8                            ; |
00405062  |.  52          |PUSH EDX                               ; |Arg1
00405063  |.  E8 ABC80400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00405068  |.  83C4 18    |ADD ESP,18
0040506B  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00405071  |.  33C9       |XOR ECX,ECX
00405073  |.  8A48 01    |MOV CL,BYTE PTR DS:[EAX+1]
00405076  |.  6BC9 24    |IMUL ECX,ECX,24
00405079  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
0040507F  |.  E8 0CDC0600 |CALL Ekd5.00472C90
00405084  |.  85C0       |TEST EAX,EAX
00405086  |.  75 27       |JNZ SHORT Ekd5.004050AF
00405088  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
0040508E  |.  33C0       |XOR EAX,EAX
00405090  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]
00405093  |.  50          |PUSH EAX                               ; /Arg3
00405094  |.  8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030]       ; |
0040509A  |.  51          |PUSH ECX                               ; |Arg2
0040509B  |.  8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C]       ; |
004050A1  |.  52          |PUSH EDX                               ; |Arg1
004050A2  |.  E8 789A0300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
004050A7  |.  83C4 0C    |ADD ESP,0C
004050AA  |.  E9 36010000 |JMP Ekd5.004051E5
004050AF  |>  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
004050B5  |.  83B8 84000000>|CMP DWORD PTR DS:[EAX+84],0
004050BC  |.  75 7F       |JNZ SHORT Ekd5.0040513D
004050BE  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004050C4  |.  83B9 54020000>|CMP DWORD PTR DS:[ECX+254],0
004050CB  |.  75 70       |JNZ SHORT Ekd5.0040513D
004050CD  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
004050CF  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
004050D1  |.  68 00400000 |PUSH 4000                            ; |Arg1 = 00004000
004050D6  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
004050DB  |.  E8 60A90700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
004050E0  |.  50          |PUSH EAX                               ; /Arg6
004050E1  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
004050E7  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]             ; |
004050EA  |.  50          |PUSH EAX                               ; |Arg5
004050EB  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
004050ED  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
004050EF  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
004050F5  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
004050FB  |.  0391 10060000 |ADD EDX,DWORD PTR DS:[ECX+610]       ; |
00405101  |.  52          |PUSH EDX                               ; |Arg2
00405102  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
00405108  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
0040510E  |.  0388 0C060000 |ADD ECX,DWORD PTR DS:[EAX+60C]       ; |
00405114  |.  51          |PUSH ECX                               ; |Arg1
00405115  |.  E8 62C20400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
0040511A  |.  83C4 18    |ADD ESP,18
0040511D  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00405123  |.  8A02       |MOV AL,BYTE PTR DS:[EDX]
00405125  |.  50          |PUSH EAX                               ; /Arg2
00405126  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
0040512C  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]             ; |
0040512F  |.  52          |PUSH EDX                               ; |Arg1
00405130  |.  E8 F4060300 |CALL Ekd5.00435829                   ; \Ekd5.00435829
00405135  |.  83C4 08    |ADD ESP,8
00405138  |.  E9 A8000000 |JMP Ekd5.004051E5
0040513D  |>  68 00090000 |PUSH 900                               ; /Arg3 = 00000900
00405142  |.  8D85 00F0FFFF |LEA EAX,DWORD PTR SS:[EBP-1000]       ; |
00405148  |.  50          |PUSH EAX                               ; |Arg2
00405149  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
0040514B  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
0040514D  |.  68 00400000 |PUSH 4000                            ; ||Arg1 = 00004000
00405152  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00405157  |.  E8 E4A80700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
0040515C  |.  50          |PUSH EAX                               ; |Arg1
0040515D  |.  E8 9BAB0700 |CALL Ekd5.0047FCFD                   ; \Ekd5.0047FCFD
00405162  |.  83C4 0C    |ADD ESP,0C
00405165  |.  6A 0C       |PUSH 0C                               ; /Arg4 = 0000000C
00405167  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00405169  |.  6A 30       |PUSH 30                               ; |Arg2 = 00000030
0040516B  |.  8D8D 00F0FFFF |LEA ECX,DWORD PTR SS:[EBP-1000]       ; |
00405171  |.  51          |PUSH ECX                               ; |Arg1
00405172  |.  E8 49B20200 |CALL Ekd5.004303C0                   ; \Ekd5.004303C0
00405177  |.  83C4 10    |ADD ESP,10
0040517A  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
00405180  |.  83BA 04060000>|CMP DWORD PTR DS:[EDX+604],0
00405187  |.  74 19       |JE SHORT Ekd5.004051A2
00405189  |.  6A 04       |PUSH 4                               ; /Arg6 = 00000004
0040518B  |.  6A 0F       |PUSH 0F                               ; |Arg5 = 0000000F
0040518D  |.  6A 0F       |PUSH 0F                               ; |Arg4 = 0000000F
0040518F  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00405191  |.  6A 30       |PUSH 30                               ; |Arg2 = 00000030
00405193  |.  8D85 00F0FFFF |LEA EAX,DWORD PTR SS:[EBP-1000]       ; |
00405199  |.  50          |PUSH EAX                               ; |Arg1
0040519A  |.  E8 9FB30200 |CALL Ekd5.0043053E                   ; \Ekd5.0043053E
0040519F  |.  83C4 18    |ADD ESP,18
004051A2  |>  8D8D 00F0FFFF |LEA ECX,DWORD PTR SS:[EBP-1000]

004051A8  |.  51          |PUSH ECX                               ; /Arg6
004051A9  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
004051AF  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]             ; |
004051B2  |.  50          |PUSH EAX                               ; |Arg5
004051B3  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
004051B5  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
004051B7  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
004051BD  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
004051C3  |.  0391 10060000 |ADD EDX,DWORD PTR DS:[ECX+610]       ; |
004051C9  |.  52          |PUSH EDX                               ; |Arg2
004051CA  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
004051D0  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
004051D6  |.  0388 0C060000 |ADD ECX,DWORD PTR DS:[EAX+60C]       ; |
004051DC  |.  51          |PUSH ECX                               ; |Arg1
004051DD  |.  E8 9AC10400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
004051E2  |.  83C4 18    |ADD ESP,18
004051E5  |>  6A 04       |PUSH 4                               ; /Arg3 = 00000004
004051E7  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
004051E9  |.  68 00300000 |PUSH 3000                            ; |Arg1 = 00003000
004051EE  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
004051F3  |.  E8 48A80700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
004051F8  |.  50          |PUSH EAX                               ; /Arg6
004051F9  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
004051FF  |.  8A02       |MOV AL,BYTE PTR DS:[EDX]             ; |
00405201  |.  50          |PUSH EAX                               ; |Arg5
00405202  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00405204  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00405206  |.  8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028]       ; |
0040520C  |.  83E9 08    |SUB ECX,8                            ; |
0040520F  |.  51          |PUSH ECX                               ; |Arg2
00405210  |.  8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024]       ; |
00405216  |.  83EA 08    |SUB EDX,8                            ; |
00405219  |.  52          |PUSH EDX                               ; |Arg1
0040521A  |.  E8 5DC10400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
0040521F  |.  83C4 18    |ADD ESP,18
00405222  |.  E8 CF930100 |CALL Ekd5.0041E5F6 第四个攻击动作
00405227  |.  E9 BB040000 |JMP Ekd5.004056E7

0040522C  |>  E8 AA930100 |CALL Ekd5.0041E5DB
00405231  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00405233  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00405235  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00405237  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
0040523C  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00405241  |.  E8 FAA70700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00405246  |.  50          |PUSH EAX                               ; |Arg5
00405247  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00405249  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
0040524B  |.  8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030]       ; |
00405251  |.  83E8 08    |SUB EAX,8                            ; |
00405254  |.  50          |PUSH EAX                               ; |Arg2
00405255  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
0040525B  |.  83E9 08    |SUB ECX,8                            ; |
0040525E  |.  51          |PUSH ECX                               ; |Arg1
0040525F  |.  E8 AFC60400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00405264  |.  83C4 18    |ADD ESP,18
00405267  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00405269  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
0040526B  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
0040526D  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
00405272  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00405277  |.  E8 C4A70700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
0040527C  |.  50          |PUSH EAX                               ; |Arg5
0040527D  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
0040527F  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00405281  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
00405287  |.  83EA 08    |SUB EDX,8                            ; |
0040528A  |.  52          |PUSH EDX                               ; |Arg2
0040528B  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
00405291  |.  83E8 08    |SUB EAX,8                            ; |
00405294  |.  50          |PUSH EAX                               ; |Arg1
00405295  |.  E8 79C60400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
0040529A  |.  83C4 18    |ADD ESP,18
0040529D  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004052A3  |.  33D2       |XOR EDX,EDX
004052A5  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]
004052A8  |.  8BCA       |MOV ECX,EDX
004052AA  |.  6BC9 24    |IMUL ECX,ECX,24
004052AD  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
004052B3  |.  E8 D8D90600 |CALL Ekd5.00472C90
004052B8  |.  85C0       |TEST EAX,EAX
004052BA  |.  75 24       |JNZ SHORT Ekd5.004052E0
004052BC  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
004052C2  |.  33C9       |XOR ECX,ECX
004052C4  |.  8A48 01    |MOV CL,BYTE PTR DS:[EAX+1]
004052C7  |.  51          |PUSH ECX                               ; /Arg3
004052C8  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
004052CE  |.  52          |PUSH EDX                               ; |Arg2
004052CF  |.  8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C]       ; |
004052D5  |.  50          |PUSH EAX                               ; |Arg1
004052D6  |.  E8 44980300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
004052DB  |.  83C4 0C    |ADD ESP,0C
004052DE  |.  EB 38       |JMP SHORT Ekd5.00405318

004052E0  |>  6A 04       |PUSH 4                               ; /Arg3 = 00000004
004052E2  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
004052E4  |.  68 00400000 |PUSH 4000                            ; |Arg1 = 00004000
004052E9  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
004052EE  |.  E8 4DA70700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
004052F3  |.  50          |PUSH EAX                               ; /Arg6
004052F4  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
004052FA  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]             ; |
004052FD  |.  52          |PUSH EDX                               ; |Arg5
004052FE  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
00405300  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00405302  |.  8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030]       ; |
00405308  |.  50          |PUSH EAX                               ; |Arg2
00405309  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
0040530F  |.  51          |PUSH ECX                               ; |Arg1
00405310  |.  E8 67C00400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00405315  |.  83C4 18    |ADD ESP,18
00405318  |>  6A 04       |PUSH 4                               ; /Arg3 = 00000004
0040531A  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
0040531C  |.  68 00300000 |PUSH 3000                            ; |Arg1 = 00003000
00405321  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
00405326  |.  E8 15A70700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
0040532B  |.  50          |PUSH EAX                               ; /Arg6
0040532C  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
00405332  |.  8A02       |MOV AL,BYTE PTR DS:[EDX]             ; |
00405334  |.  50          |PUSH EAX                               ; |Arg5
00405335  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00405337  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00405339  |.  8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028]       ; |
0040533F  |.  83E9 08    |SUB ECX,8                            ; |
00405342  |.  51          |PUSH ECX                               ; |Arg2
00405343  |.  8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024]       ; |
00405349  |.  83EA 08    |SUB EDX,8                            ; |
0040534C  |.  52          |PUSH EDX                               ; |Arg1
0040534D  |.  E8 2AC00400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00405352  |.  83C4 18    |ADD ESP,18
00405355  |.  E8 9C920100 |CALL Ekd5.0041E5F6 被攻击者动作  （发光没了）
0040535A  |.  E9 88030000 |JMP Ekd5.004056E7

0040535F  |>  E8 77920100 |CALL Ekd5.0041E5DB
00405364  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00405366  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00405368  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
0040536A  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
0040536F  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00405374  |.  E8 C7A60700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
00405379  |.  50          |PUSH EAX                               ; |Arg5
0040537A  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
0040537C  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
0040537E  |.  8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030]       ; |
00405384  |.  83E8 08    |SUB EAX,8                            ; |
00405387  |.  50          |PUSH EAX                               ; |Arg2
00405388  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
0040538E  |.  83E9 08    |SUB ECX,8                            ; |
00405391  |.  51          |PUSH ECX                               ; |Arg1
00405392  |.  E8 7CC50400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00405397  |.  83C4 18    |ADD ESP,18
0040539A  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
0040539C  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
0040539E  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
004053A0  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
004053A5  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
004053AA  |.  E8 91A60700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40
004053AF  |.  50          |PUSH EAX                               ; |Arg5
004053B0  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
004053B2  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
004053B4  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
004053BA  |.  83EA 08    |SUB EDX,8                            ; |
004053BD  |.  52          |PUSH EDX                               ; |Arg2
004053BE  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
004053C4  |.  83E8 08    |SUB EAX,8                            ; |
004053C7  |.  50          |PUSH EAX                               ; |Arg1
004053C8  |.  E8 46C50400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
004053CD  |.  83C4 18    |ADD ESP,18
004053D0  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004053D6  |.  33D2       |XOR EDX,EDX
004053D8  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]
004053DB  |.  8BCA       |MOV ECX,EDX
004053DD  |.  6BC9 24    |IMUL ECX,ECX,24
004053E0  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
004053E6  |.  E8 A5D80600 |CALL Ekd5.00472C90
004053EB  |.  85C0       |TEST EAX,EAX
004053ED  |.  75 64       |JNZ SHORT Ekd5.00405453
004053EF  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
004053F5  |.  33C9       |XOR ECX,ECX
004053F7  |.  8A48 01    |MOV CL,BYTE PTR DS:[EAX+1]
004053FA  |.  51          |PUSH ECX                               ; /Arg3
004053FB  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
00405401  |.  52          |PUSH EDX                               ; |Arg2
00405402  |.  8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C]       ; |
00405408  |.  50          |PUSH EAX                               ; |Arg1
00405409  |.  E8 11970300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
0040540E  |.  83C4 0C    |ADD ESP,0C
00405411  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
00405413  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
00405415  |.  68 00300000 |PUSH 3000                            ; |Arg1 = 00003000
0040541A  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
0040541F  |.  E8 1CA60700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
00405424  |.  50          |PUSH EAX                               ; /Arg6
00405425  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
0040542B  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]             ; |
0040542D  |.  52          |PUSH EDX                               ; |Arg5
0040542E  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00405430  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00405432  |.  8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028]       ; |
00405438  |.  83E8 08    |SUB EAX,8                            ; |
0040543B  |.  50          |PUSH EAX                               ; |Arg2
0040543C  |.  8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024]       ; |
00405442  |.  83E9 08    |SUB ECX,8                            ; |
00405445  |.  51          |PUSH ECX                               ; |Arg1
00405446  |.  E8 31BF0400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
0040544B  |.  83C4 18    |ADD ESP,18
0040544E  |.  E9 DB000000 |JMP Ekd5.0040552E
00405453  |>  6A 04       |PUSH 4                               ; /Arg3 = 00000004
00405455  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
00405457  |.  68 00400000 |PUSH 4000                            ; |Arg1 = 00004000
0040545C  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
00405461  |.  E8 DAA50700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
00405466  |.  50          |PUSH EAX                               ; /Arg6
00405467  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
0040546D  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]             ; |
00405470  |.  50          |PUSH EAX                               ; |Arg5
00405471  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
00405473  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00405475  |.  8B8D D0EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1030]       ; |
0040547B  |.  51          |PUSH ECX                               ; |Arg2
0040547C  |.  8B95 D4EFFFFF |MOV EDX,DWORD PTR SS:[EBP-102C]       ; |
00405482  |.  52          |PUSH EDX                               ; |Arg1
00405483  |.  E8 F4BE0400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
00405488  |.  83C4 18    |ADD ESP,18
0040548B  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
0040548D  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
0040548F  |.  68 00300000 |PUSH 3000                            ; |Arg1 = 00003000
00405494  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
00405499  |.  E8 A2A50700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
0040549E  |.  50          |PUSH EAX                               ; /Arg6
0040549F  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
004054A5  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]             ; |
004054A7  |.  51          |PUSH ECX                               ; |Arg5
004054A8  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
004054AA  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
004054AC  |.  8B95 D8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1028]       ; |
004054B2  |.  83EA 08    |SUB EDX,8                            ; |
004054B5  |.  52          |PUSH EDX                               ; |Arg2
004054B6  |.  8B85 DCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1024]       ; |
004054BC  |.  83E8 08    |SUB EAX,8                            ; |
004054BF  |.  50          |PUSH EAX                               ; |Arg1
004054C0  |.  E8 B7BE0400 |CALL Ekd5.0045137C                   ; \Ekd5.0045137C
004054C5  |.  83C4 18    |ADD ESP,18
004054C8  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004054CE  |.  83B9 84000000>|CMP DWORD PTR DS:[ECX+84],0
004054D5  |.  74 25       |JE SHORT Ekd5.004054FC
004054D7  |.  6A 18       |PUSH 18                               ; /Arg4 = 00000018
004054D9  |.  6A 12       |PUSH 12                               ; |Arg3 = 00000012
004054DB  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
004054E1  |.  8B82 84000000 |MOV EAX,DWORD PTR DS:[EDX+84]          ; |
004054E7  |.  50          |PUSH EAX                               ; |Arg2
004054E8  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
004054EE  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]             ; |
004054F1  |.  52          |PUSH EDX                               ; |Arg1
004054F2  |.  E8 FAA50400 |CALL Ekd5.0044FAF1                   ; \Ekd5.0044FAF1
004054F7  |.  83C4 10    |ADD ESP,10
004054FA  |.  EB 32       |JMP SHORT Ekd5.0040552E
004054FC  |>  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00405502  |.  83B8 54020000>|CMP DWORD PTR DS:[EAX+254],0
00405509  |.  74 23       |JE SHORT Ekd5.0040552E
0040550B  |.  6A 18       |PUSH 18                               ; /Arg4 = 00000018
0040550D  |.  6A 45       |PUSH 45                               ; |Arg3 = 00000045
0040550F  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00405515  |.  8B91 54020000 |MOV EDX,DWORD PTR DS:[ECX+254]       ; |
0040551B  |.  52          |PUSH EDX                               ; |Arg2
0040551C  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]       ; |
00405522  |.  8A48 01    |MOV CL,BYTE PTR DS:[EAX+1]             ; |
00405525  |.  51          |PUSH ECX                               ; |Arg1
00405526  |.  E8 C6A50400 |CALL Ekd5.0044FAF1                   ; \Ekd5.0044FAF1
0040552B  |.  83C4 10    |ADD ESP,10
0040552E  |>  E8 C3900100 |CALL Ekd5.0041E5F6 显示伤害点数
00405533  |.  8B95 F0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1010]
00405539  |.  52          |PUSH EDX                               ; /Arg1
0040553A  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
00405540  |.  E8 41ECFFFF |CALL Ekd5.00404186                   ; \Ekd5.00404186
00405545  |.  E9 9D010000 |JMP Ekd5.004056E7

0040554A  |>  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00405550  |.  8B88 84000000 |MOV ECX,DWORD PTR DS:[EAX+84]
00405556  |.  51          |PUSH ECX
00405557  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]
0040555D  |.  33C0       |XOR EAX,EAX
0040555F  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]
00405562  |.  8BC8       |MOV ECX,EAX
00405564  |.  6BC9 24    |IMUL ECX,ECX,24
00405567  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
0040556D  |.  E8 1ED70600 |CALL Ekd5.00472C90
00405572  |.  50          |PUSH EAX                               ; |Arg1
00405573  |.  E8 26A50700 |CALL Ekd5.0047FA9E                   ; \Ekd5.0047FA9E
00405578  |.  83C4 08    |ADD ESP,8
0040557B  |.  8BF0       |MOV ESI,EAX
0040557D  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
00405583  |.  33D2       |XOR EDX,EDX
00405585  |.  8A51 01    |MOV DL,BYTE PTR DS:[ECX+1]
00405588  |.  8BCA       |MOV ECX,EDX
0040558A  |.  6BC9 24    |IMUL ECX,ECX,24
0040558D  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50
00405593  |.  E8 D8A00500 |CALL Ekd5.0045F670
00405598  |.  8BC8       |MOV ECX,EAX
0040559A  |.  6BC9 48    |IMUL ECX,ECX,48
0040559D  |.  81C1 0000D600 |ADD ECX,0D60000
004055A3  |.  E8 731C0000 |CALL Ekd5.0040721B
004055A8  |.  33D2       |XOR EDX,EDX
004055AA  |.  B9 05000000 |MOV ECX,5
004055AF  |.  F7F1       |DIV ECX
004055B1  |.  3BF0       |CMP ESI,EAX
004055B3  |.  73 1D       |JNB SHORT Ekd5.004055D2
004055B5  |.  6A 20       |PUSH 20                               ; /Arg1 = 00000020
004055B7  |.  8B95 CCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1034]       ; |
004055BD  |.  33C0       |XOR EAX,EAX                            ; |
004055BF  |.  8A42 01    |MOV AL,BYTE PTR DS:[EDX+1]             ; |
004055C2  |.  8BC8       |MOV ECX,EAX                            ; |
004055C4  |.  6BC9 24    |IMUL ECX,ECX,24                      ; |
004055C7  |.  81C1 502C4B00 |ADD ECX,Ekd5.004B2C50                ; |
004055CD  |.  E8 46D10300 |CALL Ekd5.00442718                   ; \Ekd5.00442718
004055D2  |>  E8 04900100 |CALL Ekd5.0041E5DB
004055D7  |.  8B8D FCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1004]
004055DD  |.  51          |PUSH ECX                               ; /Arg2
004055DE  |.  8B95 F8EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1008]       ; |
004055E4  |.  52          |PUSH EDX                               ; |Arg1
004055E5  |.  E8 0FE1FFFF |CALL Ekd5.004036F9                   ; \Ekd5.004036F9
004055EA  |.  83C4 08    |ADD ESP,8
004055ED  |.  6A 04       |PUSH 4                               ; /Arg3 = 00000004
004055EF  |.  6A 00       |PUSH 0                               ; |Arg2 = 00000000
004055F1  |.  68 00590000 |PUSH 5900                            ; |Arg1 = 00005900
004055F6  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; |
004055FB  |.  E8 40A40700 |CALL Ekd5.0047FA40                   ; \Ekd5.0047FA40
00405600  |.  50          |PUSH EAX                               ; /Arg5
00405601  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00405603  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00405605  |.  8B85 D0EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1030]       ; |
0040560B  |.  83E8 08    |SUB EAX,8                            ; |
0040560E  |.  50          |PUSH EAX                               ; |Arg2
0040560F  |.  8B8D D4EFFFFF |MOV ECX,DWORD PTR SS:[EBP-102C]       ; |
00405615  |.  83E9 08    |SUB ECX,8                            ; |
00405618  |.  51          |PUSH ECX                               ; |Arg1
00405619  |.  E8 C8C30400 |CALL Ekd5.004519E6                   ; \Ekd5.004519E6
0040561E  |.  83C4 14    |ADD ESP,14

00405621  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00405623  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00405625  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00405627  |.  68 00590000 |PUSH 5900                            ; ||Arg1 = 00005900
0040562C  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00405631  |.  E8 0AA40700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40

00405636  |.  50          |PUSH EAX                               ; |Arg5
00405637  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
00405639  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
0040563B  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
00405641  |.  83EA 08    |SUB EDX,8                            ; |
00405644  |.  52          |PUSH EDX                               ; |Arg2
00405645  |.  8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C]       ; |
0040564B  |.  83E8 08    |SUB EAX,8                            ; |
0040564E  |.  50          |PUSH EAX                               ; |Arg1
0040564F  |.  E8 BFC20400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
00405654  |.  83C4 18    |ADD ESP,18

00405657  |.  6A 00       |PUSH 0                               ; /Arg6 = 00000000
00405659  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
0040565B  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
0040565D  |.  68 00490000 |PUSH 4900                            ; ||Arg1 = 00004900
00405662  |.  B9 C8E44A00 |MOV ECX,Ekd5.004AE4C8                ; ||
00405667  |.  E8 D4A30700 |CALL Ekd5.0047FA40                   ; |\Ekd5.0047FA40

0040566C  |.  50          |PUSH EAX                               ; |Arg5
0040566D  |.  6A 40       |PUSH 40                               ; |Arg4 = 00000040
0040566F  |.  6A 40       |PUSH 40                               ; |Arg3 = 00000040
00405671  |.  8B8D D8EFFFFF |MOV ECX,DWORD PTR SS:[EBP-1028]       ; |
00405677  |.  83E9 08    |SUB ECX,8                            ; |
0040567A  |.  51          |PUSH ECX                               ; |Arg2
0040567B  |.  8B95 DCEFFFFF |MOV EDX,DWORD PTR SS:[EBP-1024]       ; |
00405681  |.  83EA 08    |SUB EDX,8                            ; |
00405684  |.  52          |PUSH EDX                               ; |Arg1
00405685  |.  E8 89C20400 |CALL Ekd5.00451913                   ; \Ekd5.00451913
0040568A  |.  83C4 18    |ADD ESP,18

0040568D  |.  8B85 CCEFFFFF |MOV EAX,DWORD PTR SS:[EBP-1034]
00405693  |.  33C9       |XOR ECX,ECX
00405695  |.  8A48 01    |MOV CL,BYTE PTR DS:[EAX+1]
00405698  |.  51          |PUSH ECX                               ; /Arg3
00405699  |.  8B95 D0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1030]       ; |
0040569F  |.  52          |PUSH EDX                               ; |Arg2
004056A0  |.  8B85 D4EFFFFF |MOV EAX,DWORD PTR SS:[EBP-102C]       ; |
004056A6  |.  50          |PUSH EAX                               ; |Arg1
004056A7  |.  E8 73940300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
004056AC  |.  83C4 0C    |ADD ESP,0C

004056AF  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]
004056B5  |.  33D2       |XOR EDX,EDX
004056B7  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]
004056B9  |.  52          |PUSH EDX                               ; /Arg3
004056BA  |.  8B85 D8EFFFFF |MOV EAX,DWORD PTR SS:[EBP-1028]       ; |
004056C0  |.  50          |PUSH EAX                               ; |Arg2
004056C1  |.  8B8D DCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1024]       ; |
004056C7  |.  51          |PUSH ECX                               ; |Arg1
004056C8  |.  E8 52940300 |CALL Ekd5.0043EB1F                   ; \Ekd5.0043EB1F
004056CD  |.  83C4 0C    |ADD ESP,0C
004056D0  |.  E8 218F0100 |CALL Ekd5.0041E5F6 回复正常  （攻击者和被攻击）
004056D5  |.  8B95 F0EFFFFF |MOV EDX,DWORD PTR SS:[EBP-1010]
004056DB  |.  52          |PUSH EDX                               ; /Arg1
004056DC  |.  8B8D CCEFFFFF |MOV ECX,DWORD PTR SS:[EBP-1034]       ; |
004056E2  |.  E8 9FEAFFFF |CALL Ekd5.00404186                   ; \Ekd5.00404186
004056E7  |>  6A 01       |PUSH 1                               ; /Arg1 = 00000001 多数返回点
004056E9  |.  B9 181B4B00 |MOV ECX,Ekd5.004B1B18                ; |
004056EE  |.  E8 4DDCFFFF |CALL Ekd5.00403340                   ; \Ekd5.00403340
004056F3  |.  E8 E86D0200 |CALL Ekd5.0042C4E0
004056F8  |.^ E9 23EFFFFF \JMP Ekd5.00404620

004056FD  |>  5E          POP ESI
004056FE  |.  8BE5       MOV ESP,EBP
00405700  |.  5D          POP EBP
00405701  \.  C3          RETN

00403B8F  /$  55          PUSH EBP
00403B90  |.  8BEC       MOV EBP,ESP
00403B92  |.  6A FF       PUSH -1
00403B94  |.  68 8C4F4800 PUSH Ekd5.00484F8C                      ;  SE 处理程序安装
00403B99  |.  64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
00403B9F  |.  50          PUSH EAX
00403BA0  |.  64:8925 00000>MOV DWORD PTR FS:[0],ESP
00403BA7  |.  81EC 1C010000 SUB ESP,11C
00403BAD  |.  898D DCFEFFFF MOV DWORD PTR SS:[EBP-124],ECX
00403BB3  |.  8B85 DCFEFFFF MOV EAX,DWORD PTR SS:[EBP-124]
00403BB9  |.  33C9       XOR ECX,ECX
00403BBB  |.  8A08       MOV CL,BYTE PTR DS:[EAX]
00403BBD  |.  51          PUSH ECX                               ; /Arg1
00403BBE  |.  8B95 DCFEFFFF MOV EDX,DWORD PTR SS:[EBP-124]          ; |
00403BC4  |.  8B4A 0C    MOV ECX,DWORD PTR DS:[EDX+C]          ; |
00403BC7  |.  E8 7CC00300 CALL Ekd5.0043FC48                      ; \Ekd5.0043FC48
00403BCC  |.  8845 F0    MOV BYTE PTR SS:[EBP-10],AL
00403BCF  |.  8B85 DCFEFFFF MOV EAX,DWORD PTR SS:[EBP-124]
00403BD5  |.  8B48 0C    MOV ECX,DWORD PTR DS:[EAX+C]
00403BD8  |.  E8 43A70300 CALL Ekd5.0043E320 获取武将ecx的朝向
00403BDD  |.  25 FF000000 AND EAX,0FF
00403BE2  |.  8985 E0FEFFFF MOV DWORD PTR SS:[EBP-120],EAX
00403BE8  |.  6A 04       PUSH 4                                  ; /Arg3 = 00000004
00403BEA  |.  6A 00       PUSH 0                                  ; |Arg2 = 00000000
00403BEC  |.  6A 00       PUSH 0                                  ; |Arg1 = 00000000
00403BEE  |.  B9 C8E44A00 MOV ECX,Ekd5.004AE4C8                   ; |
00403BF3  |.  E8 48BE0700 CALL Ekd5.0047FA40                      ; \Ekd5.0047FA40

00403BF8  |.  8985 E4FEFFFF MOV DWORD PTR SS:[EBP-11C],EAX
00403BFE  |.  8D8D ECFEFFFF LEA ECX,DWORD PTR SS:[EBP-114]
00403C04  |.  E8 A7F6FFFF CALL Ekd5.004032B0
00403C09  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
00403C10  |.  68 C0BB4800 PUSH Ekd5.0048BBC0                      ; /Arg1 = 0048BBC0 ASCII "UNIT_ATK.E5"
00403C15  |.  8D8D ECFEFFFF LEA ECX,DWORD PTR SS:[EBP-114]          ; |
00403C1B  |.  E8 15BF0100 CALL Ekd5.0041FB35                      ; \Ekd5.0041FB35

00403C20  |.  6A 04       PUSH 4                                  ; /Arg3 = 00000004
00403C22  |.  6A 00       PUSH 0                                  ; |Arg2 = 00000000
00403C24  |.  68 00690000 PUSH 6900                               ; |Arg1 = 00006900
00403C29  |.  B9 C8E44A00 MOV ECX,Ekd5.004AE4C8                   ; |
00403C2E  |.  E8 0DBE0700 CALL Ekd5.0047FA40                      ; \Ekd5.0047FA40
00403C33  |.  50          PUSH EAX                               ; /Arg2
00403C34  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
00403C37  |.  81E1 FF000000 AND ECX,0FF                            ; |
00403C3D  |.  51          PUSH ECX                               ; |Arg1
00403C3E  |.  8D8D ECFEFFFF LEA ECX,DWORD PTR SS:[EBP-114]          ; |
00403C44  |.  E8 40C00100 CALL Ekd5.0041FC89                      ; \Ekd5.0041FC89
00403C49  |.  8D8D ECFEFFFF LEA ECX,DWORD PTR SS:[EBP-114]
00403C4F  |.  E8 71560100 CALL Ekd5.004192C5
00403C54  |.  8B95 E0FEFFFF MOV EDX,DWORD PTR SS:[EBP-120]
00403C5A  |.  8995 D8FEFFFF MOV DWORD PTR SS:[EBP-128],EDX
00403C60  |.  83BD D8FEFFFF>CMP DWORD PTR SS:[EBP-128],3
00403C67  |.  0F87 E8000000 JA Ekd5.00403D55
00403C6D  |.  8B85 D8FEFFFF MOV EAX,DWORD PTR SS:[EBP-128]

00403C73  |.  FF2485 753D40>JMP DWORD PTR DS:[EAX*4+403D75]       ;  Ekd5.00403C7A
->
00403C7A  |>  6A 04       PUSH 4                                  ; /Arg3 = 00000004
00403C7C  |.  6A 00       PUSH 0                                  ; |Arg2 = 00000000
00403C7E  |.  68 00A90000 PUSH 0A900                            ; |Arg1 = 0000A900
00403C83  |.  B9 C8E44A00 MOV ECX,Ekd5.004AE4C8                   ; |
00403C88  |.  E8 B3BD0700 CALL Ekd5.0047FA40                      ; \Ekd5.0047FA40
00403C8D  |.  8985 E8FEFFFF MOV DWORD PTR SS:[EBP-118],EAX
00403C93  |.  68 00400000 PUSH 4000                               ; /Arg3 = 00004000
00403C98  |.  8B8D E4FEFFFF MOV ECX,DWORD PTR SS:[EBP-11C]          ; |
00403C9E  |.  51          PUSH ECX                               ; |Arg2
00403C9F  |.  8B95 E8FEFFFF MOV EDX,DWORD PTR SS:[EBP-118]          ; |
00403CA5  |.  52          PUSH EDX                               ; |Arg1
00403CA6  |.  E8 52C00700 CALL Ekd5.0047FCFD                      ; \Ekd5.0047FCFD
00403CAB  |.  83C4 0C    ADD ESP,0C
00403CAE  |.  E9 A2000000 JMP Ekd5.00403D55
->
00403CB3  |>  6A 04       PUSH 4                                  ; /Arg3 = 00000004
00403CB5  |.  6A 00       PUSH 0                                  ; |Arg2 = 00000000
00403CB7  |.  68 00E90000 PUSH 0E900                            ; |Arg1 = 0000E900
00403CBC  |.  B9 C8E44A00 MOV ECX,Ekd5.004AE4C8                   ; |
00403CC1  |.  E8 7ABD0700 CALL Ekd5.0047FA40                      ; \Ekd5.0047FA40
00403CC6  |.  8985 E8FEFFFF MOV DWORD PTR SS:[EBP-118],EAX
00403CCC  |.  8B85 E4FEFFFF MOV EAX,DWORD PTR SS:[EBP-11C]
00403CD2  |.  50          PUSH EAX                               ; /Arg4
00403CD3  |.  8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-118]          ; |
00403CD9  |.  51          PUSH ECX                               ; |Arg3
00403CDA  |.  68 00010000 PUSH 100                               ; |Arg2 = 00000100
00403CDF  |.  6A 40       PUSH 40                               ; |Arg1 = 00000040
00403CE1  |.  E8 6DB10100 CALL Ekd5.0041EE53                      ; \Ekd5.0041EE53
00403CE6  |.  83C4 10    ADD ESP,10
00403CE9  |.  EB 6A       JMP SHORT Ekd5.00403D55
->
00403CEB  |>  6A 04       PUSH 4                                  ; /Arg3 = 00000004
00403CED  |.  6A 00       PUSH 0                                  ; |Arg2 = 00000000
00403CEF  |.  68 00E90000 PUSH 0E900                            ; |Arg1 = 0000E900
00403CF4  |.  B9 C8E44A00 MOV ECX,Ekd5.004AE4C8                   ; |
00403CF9  |.  E8 42BD0700 CALL Ekd5.0047FA40                      ; \Ekd5.0047FA40
00403CFE  |.  8985 E8FEFFFF MOV DWORD PTR SS:[EBP-118],EAX
00403D04  |.  68 00400000 PUSH 4000                               ; /Arg3 = 00004000
00403D09  |.  8B95 E4FEFFFF MOV EDX,DWORD PTR SS:[EBP-11C]          ; |
00403D0F  |.  52          PUSH EDX                               ; |Arg2
00403D10  |.  8B85 E8FEFFFF MOV EAX,DWORD PTR SS:[EBP-118]          ; |
00403D16  |.  50          PUSH EAX                               ; |Arg1
00403D17  |.  E8 E1BF0700 CALL Ekd5.0047FCFD                      ; \Ekd5.0047FCFD
00403D1C  |.  83C4 0C    ADD ESP,0C
00403D1F  |.  EB 34       JMP SHORT Ekd5.00403D55
->
00403D21  |>  6A 04       PUSH 4                                  ; /Arg3 = 00000004
00403D23  |.  6A 00       PUSH 0                                  ; |Arg2 = 00000000
00403D25  |.  68 00690000 PUSH 6900                               ; |Arg1 = 00006900
00403D2A  |.  B9 C8E44A00 MOV ECX,Ekd5.004AE4C8                   ; |
00403D2F  |.  E8 0CBD0700 CALL Ekd5.0047FA40                      ; \Ekd5.0047FA40
00403D34  |.  8985 E8FEFFFF MOV DWORD PTR SS:[EBP-118],EAX
00403D3A  |.  68 00400000 PUSH 4000                               ; /Arg3 = 00004000
00403D3F  |.  8B8D E4FEFFFF MOV ECX,DWORD PTR SS:[EBP-11C]          ; |
00403D45  |.  51          PUSH ECX                               ; |Arg2
00403D46  |.  8B95 E8FEFFFF MOV EDX,DWORD PTR SS:[EBP-118]          ; |
00403D4C  |.  52          PUSH EDX                               ; |Arg1
00403D4D  |.  E8 ABBF0700 CALL Ekd5.0047FCFD                      ; \Ekd5.0047FCFD
00403D52  |.  83C4 0C    ADD ESP,0C

00403D55  |>  C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
00403D5C  |.  8D8D ECFEFFFF LEA ECX,DWORD PTR SS:[EBP-114]
00403D62  |.  E8 69F5FFFF CALL Ekd5.004032D0
00403D67  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
00403D6A  |.  64:890D 00000>MOV DWORD PTR FS:[0],ECX
00403D71  |.  8BE5       MOV ESP,EBP
00403D73  |.  5D          POP EBP
00403D74  \.  C3          RETN

00403D75 .  7A3C4000    DD Ekd5.00403C7A                      ;  分支表被用于 00403C73
00403D79 .  B33C4000    DD Ekd5.00403CB3
00403D7D .  213D4000    DD Ekd5.00403D21
00403D81 .  EB3C4000    DD Ekd5.00403CEB

[广告] 安装Alexa工具条，提高轩辕排名，支持轩辕发展！


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#16

发表于 2007-12-30 21:14 资料个人空间短消息看全部作者

战场交给装备函数 (这个是我自己新写的非KOEI的功能函数)

-4 本方的战场信息Ecx
-8本方的辅助
-C 00497750
-10对方战场编号
-14对方的辅助信息
-18本方的武将的Data信息Ecx
-1C对方的武将
-20对方武将的Data序号
004D28C2 55             PUSH EBP
004D28C3 8BEC          MOV EBP,ESP
004D28C5 83EC 20       SUB ESP,20
004D28C8 894D FC       MOV DWORD PTR SS:[EBP-4],ECX
004D28CB E8 A0CDF8FF    CALL WaGan.0045F670                   ; 获取本方Data序号
004D28D0 6BC0 48       IMUL EAX,EAX,48
004D28D3 05 0000D600    ADD EAX,0D60000
004D28D8 8945 E8       MOV DWORD PTR SS:[EBP-18],EAX
004D28DB 6A 02          PUSH 2
004D28DD 8BC8          MOV ECX,EAX
004D28DF E8 0C3DF3FF    CALL WaGan.004065F0                   ; 获取本方辅助
004D28E4 8945 F8       MOV DWORD PTR SS:[EBP-8],EAX
004D28E7 25 FF000000    AND EAX,0FF
004D28EC 3D FF000000    CMP EAX,0FF
004D28F1 75 14          JNZ SHORT WaGan.004D2907
004D28F3 68 A0545500    PUSH WaGan.005554A0                   ; 该武将辅助装备为空
004D28F8 6A 02          PUSH 2
004D28FA E8 9ACDF5FF    CALL WaGan.0042F699
004D28FF 83C4 08       ADD ESP,8
004D2902 E9 7A010000    JMP WaGan.004D2A81                      ; 退出
004D2907 C745 F4 5077490>MOV DWORD PTR SS:[EBP-C],WaGan.00497750  ; 开始监听
004D290E 8B4D F4       MOV ECX,DWORD PTR SS:[EBP-C]
004D2911 8AC8          MOV CL,AL
004D2913 51             PUSH ECX
004D2914 6A 04          PUSH 4
004D2916 B1 01          MOV CL,1
004D2918 51             PUSH ECX
004D2919 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
004D291C 8A48 04       MOV CL,BYTE PTR DS:[EAX+4]
004D291F 51             PUSH ECX
004D2920 B9 50424B00    MOV ECX,WaGan.004B4250
004D2925 E8 132AF8FF    CALL WaGan.0045533D
004D292A 8845 F0       MOV BYTE PTR SS:[EBP-10],AL
004D292D 25 FF000000    AND EAX,0FF
004D2932 3D FF000000    CMP EAX,0FF
004D2937 0F84 44010000 JE WaGan.004D2A81                      ; 取消，退出
004D293D 6BC0 24       IMUL EAX,EAX,24
004D2940 05 502C4B00    ADD EAX,WaGan.004B2C50
004D2945 8BC8          MOV ECX,EAX
004D2947 E8 24CDF8FF    CALL WaGan.0045F670
004D294C 6BC0 48       IMUL EAX,EAX,48
004D294F 05 0000D600    ADD EAX,0D60000
004D2954 8945 E4       MOV DWORD PTR SS:[EBP-1C],EAX
004D2957 8B4D E8       MOV ECX,DWORD PTR SS:[EBP-18]
004D295A 3BC8          CMP ECX,EAX
004D295C 75 05          JNZ SHORT WaGan.004D2963
004D295E 8B45 F8       MOV EAX,DWORD PTR SS:[EBP-8]
004D2961  ^ EB A4          JMP SHORT WaGan.004D2907                ; 相同，返回监听
004D2963 6A 02          PUSH 2
004D2965 8BC8          MOV ECX,EAX
004D2967 E8 843CF3FF    CALL WaGan.004065F0                   ; 获取对方辅助
004D296C 8945 EC       MOV DWORD PTR SS:[EBP-14],EAX
004D296F 25 FF000000    AND EAX,0FF
004D2974 3D FF000000    CMP EAX,0FF
004D2979 74 17          JE SHORT WaGan.004D2992
004D297B 68 F0545500    PUSH WaGan.005554F0
004D2980 6A 02          PUSH 2
004D2982 E8 12CDF5FF    CALL WaGan.0042F699
004D2987 83C4 08       ADD ESP,8
004D298A 8B45 F8       MOV EAX,DWORD PTR SS:[EBP-8]
004D298D  ^ E9 75FFFFFF    JMP WaGan.004D2907                      ; 对方辅助不为空，返回监听
004D2992 8B5D F8       MOV EBX,DWORD PTR SS:[EBP-8]
004D2995 53             PUSH EBX
004D2996 8B4D E4       MOV ECX,DWORD PTR SS:[EBP-1C]
004D2999 E8 694FF3FF    CALL WaGan.00407907                   ; 判断对方是否能装备
004D299E 85C0          TEST EAX,EAX
004D29A0 75 17          JNZ SHORT WaGan.004D29B9
004D29A2 68 D0545500    PUSH WaGan.005554D0
004D29A7 6A 02          PUSH 2
004D29A9 E8 EBCCF5FF    CALL WaGan.0042F699
004D29AE 83C4 08       ADD ESP,8
004D29B1 8B45 F8       MOV EAX,DWORD PTR SS:[EBP-8]
004D29B4  ^ E9 4EFFFFFF    JMP WaGan.004D2907                      ; 对方不能装备，返回监听
004D29B9 68 FF000000    PUSH 0FF
004D29BE 83EB 33       SUB EBX,33
004D29C1 53             PUSH EBX
004D29C2 6A 02          PUSH 2
004D29C4 8B4D E4       MOV ECX,DWORD PTR SS:[EBP-1C]
004D29C7 E8 2054F3FF    CALL WaGan.00407DEC
004D29CC 6A 02          PUSH 2
004D29CE 8B4D E8       MOV ECX,DWORD PTR SS:[EBP-18]
004D29D1 E8 EE53F3FF    CALL WaGan.00407DC4
004D29D6 68 FF000000    PUSH 0FF
004D29DB 68 FF000000    PUSH 0FF
004D29E0 6A 01          PUSH 1
004D29E2 8B4D FC       MOV ECX,DWORD PTR SS:[EBP-4]
004D29E5 E8 86CCF8FF    CALL WaGan.0045F670
004D29EA 25 FFFF0000    AND EAX,0FFFF
004D29EF 50             PUSH EAX
004D29F0 B9 F05D4B00    MOV ECX,WaGan.004B5DF0
004D29F5 E8 954DF8FF    CALL WaGan.0045778F
004D29FA 6A 06          PUSH 6
004D29FC 8B4D FC       MOV ECX,DWORD PTR SS:[EBP-4]
004D29FF E8 14FDF6FF    CALL WaGan.00442718
004D2A04 33C9          XOR ECX,ECX
004D2A06 8A4D F0       MOV CL,BYTE PTR SS:[EBP-10]
004D2A09 6BC9 24       IMUL ECX,ECX,24
004D2A0C 81C1 502C4B00 ADD ECX,WaGan.004B2C50
004D2A12 E8 59CCF8FF    CALL WaGan.0045F670
004D2A17 8945 E0       MOV DWORD PTR SS:[EBP-20],EAX
004D2A1A 6A 00          PUSH 0
004D2A1C 6A 00          PUSH 0
004D2A1E 6A 08          PUSH 8
004D2A20 6A 20          PUSH 20
004D2A22 6A 08          PUSH 8
004D2A24 8B5D F8       MOV EBX,DWORD PTR SS:[EBP-8]
004D2A27 53             PUSH EBX
004D2A28 8B4D FC       MOV ECX,DWORD PTR SS:[EBP-4]
004D2A2B E8 40CCF8FF    CALL WaGan.0045F670
004D2A30 50             PUSH EAX
004D2A31 E8 30010000    CALL WaGan.004D2B66
004D2A36 6A 00          PUSH 0
004D2A38 6A 00          PUSH 0
004D2A3A 6A 00          PUSH 0
004D2A3C 8B4D FC       MOV ECX,DWORD PTR SS:[EBP-4]
004D2A3F E8 2CCCF8FF    CALL WaGan.0045F670
004D2A44 50             PUSH EAX
004D2A45 B9 F05D4B00    MOV ECX,WaGan.004B5DF0
004D2A4A E8 404DF8FF    CALL WaGan.0045778F
004D2A4F 6A 01          PUSH 1
004D2A51 6A 0E          PUSH 0E
004D2A53 6A 00          PUSH 0
004D2A55 6A 08          PUSH 8
004D2A57 6A 01          PUSH 1
004D2A59 8B5D F8       MOV EBX,DWORD PTR SS:[EBP-8]
004D2A5C 53             PUSH EBX
004D2A5D 8B45 E0       MOV EAX,DWORD PTR SS:[EBP-20]
004D2A60 50             PUSH EAX
004D2A61 E8 00010000    CALL WaGan.004D2B66
004D2A66 8B45 F8       MOV EAX,DWORD PTR SS:[EBP-8]
004D2A69 6BC0 19       IMUL EAX,EAX,19
004D2A6C 05 40114A00    ADD EAX,WaGan.004A1140
004D2A71 50             PUSH EAX
004D2A72 68 C0545500    PUSH WaGan.005554C0
004D2A77 6A 02          PUSH 2
004D2A79 E8 1BCCF5FF    CALL WaGan.0042F699
004D2A7E 83C4 0C       ADD ESP,0C
004D2A81 8BE5          MOV ESP,EBP
004D2A83 5D             POP EBP
004D2A84 C3             RETN

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#17

发表于 2007-12-30 21:14 资料个人空间短消息看全部作者

战场获得物品的动画和音效及前期参数处理分析

Ecx:45991B
+18: 1
+14

ata序号
+10: 1表示要显示动作
+C:0--表示无经验
+8 :物品Data序号

0045991B  /$  55          PUSH EBP
0045991C  |.  8BEC       MOV EBP,ESP
0045991E  |.  6A FF       PUSH -1
00459920  |.  68 C4564800 PUSH WaGan.004856C4                   ;  SE 处理程序安装
00459925  |.  64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
0045992B  |.  50          PUSH EAX
0045992C  |.  64:8925 00000>MOV DWORD PTR FS:[0],ESP
00459933  |.  81EC 300A0000 SUB ESP,0A30

00459939  |.  898D C8F5FFFF MOV DWORD PTR SS:[EBP-A38],ECX
0045993F  |.  C785 ECFEFFFF>MOV DWORD PTR SS:[EBP-114],0FFFF
00459949  |.  8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
0045994F  |.  E8 5C99FAFF CALL WaGan.004032B0
jmp 00459A8F
00459954  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0045995B  |.  837D 10 00 CMP DWORD PTR SS:[EBP+10],0 等于0表示无动作
0045995F  |.  0F84 AF020000 JE WaGan.00459C14 跳转等于结束
00459965  |.  817D 14 00020>CMP DWORD PTR SS:[EBP+14],200
0045996C  |.  0F83 B6000000 JNB WaGan.00459A28 Data人物大于512跳开
00459972  |.  C685 E8FEFFFF>MOV BYTE PTR SS:[EBP-118],0
00459979  |.  EB 0E       JMP SHORT WaGan.00459989

0045997B  |>  8A85 E8FEFFFF /MOV AL,BYTE PTR SS:[EBP-118]
00459981  |.  04 01       |ADD AL,1
00459983  |.  8885 E8FEFFFF |MOV BYTE PTR SS:[EBP-118],AL
00459989  |>  8B8D E8FEFFFF  MOV ECX,DWORD PTR SS:[EBP-118]
0045998F  |.  81E1 FF000000 |AND ECX,0FF
00459995  |.  83F9 73    |CMP ECX,73 比较前115个战场人物,非1战场人物的没有用
00459998  |.  0F8D 88000000 |JGE WaGan.00459A26
0045999E  |.  8B8D E8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-118]
004599A4  |.  81E1 FF000000 |AND ECX,0FF
004599AA  |.  6BC9 24    |IMUL ECX,ECX,24
004599AD  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004599B3  |.  E8 B85C0000 |CALL WaGan.0045F670 获取武将ecx的data编号
004599B8  |.  3B45 14    |CMP EAX,DWORD PTR SS:[EBP+14]
004599BB  |.  75 64       |JNZ SHORT WaGan.00459A21             不相等，下个循环

004599BD  |.  8B8D E8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-118] -118是战场人物编号
004599C3  |.  81E1 FF000000 |AND ECX,0FF
004599C9  |.  6BC9 24    |IMUL ECX,ECX,24
004599CC  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004599D2  |.  E8 B9F2FBFF |CALL WaGan.00418C90 取+C字节
004599D7  |.  25 FF000000 |AND EAX,0FF
004599DC  |.  83F8 02    |CMP EAX,2
004599DF  |.  75 40       |JNZ SHORT WaGan.00459A21 不等于2跳掉,等于2为出场，不等于为隐藏
004599E1  |.  8B8D E8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-118]
004599E7  |.  81E1 FF000000 |AND ECX,0FF
004599ED  |.  6BC9 24    |IMUL ECX,ECX,24
004599F0  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004599F6  |.  E8 95920100 |CALL WaGan.00472C90 返回武将ecx的当前体力
004599FB  |.  85C0       |TEST EAX,EAX
004599FD  |.  76 22       |JBE SHORT WaGan.00459A21 小于0，则为已经撤退的，跳掉
004599FF  |.  8B8D E8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-118]
00459A05  |.  81E1 FF000000 |AND ECX,0FF
00459A0B  |.  6BC9 24    |IMUL ECX,ECX,24
00459A0E  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00459A14  |.  E8 575C0000 |CALL WaGan.0045F670 获取武将ecx的data编号
00459A19  |.  8985 ECFEFFFF |MOV DWORD PTR SS:[EBP-114],EAX
00459A1F  |.  EB 05       |JMP SHORT WaGan.00459A26
00459A21  |>^ E9 55FFFFFF \JMP WaGan.0045997B
00459A26  |>  EB 3F       JMP SHORT WaGan.00459A67

00459A28  |>  817D 14 00040>CMP DWORD PTR SS:[EBP+14],400
00459A2F  |.  72 36       JB SHORT WaGan.00459A67 Data小于1024
00459A31  |.  817D 14 03040>CMP DWORD PTR SS:[EBP+14],403
00459A38  |.  77 2D       JA SHORT WaGan.00459A67
00459A3A  |.  817D 14 03040>CMP DWORD PTR SS:[EBP+14],403
00459A41  |.  75 13       JNZ SHORT WaGan.00459A56
00459A43  |.  8B8D C8F5FFFF MOV ECX,DWORD PTR SS:[EBP-A38]
00459A49  |.  E8 A2C6FFFF CALL WaGan.004560F0
00459A4E  |.  8985 ECFEFFFF MOV DWORD PTR SS:[EBP-114],EAX
00459A54  |.  EB 11       JMP SHORT WaGan.00459A67
00459A56  |>  8B8D C8F5FFFF MOV ECX,DWORD PTR SS:[EBP-A38]
00459A5C  |.  E8 CAC5FFFF CALL WaGan.0045602B
00459A61  |.  8985 ECFEFFFF MOV DWORD PTR SS:[EBP-114],EAX

00459A67  |>  81BD ECFEFFFF>CMP DWORD PTR SS:[EBP-114],0FFFF
00459A71  |.  0F84 9D010000 JE WaGan.00459C14 结束

00459A77  |.  6A 00       PUSH 0                                  ; /Arg4 = 00000000
00459A79  |.  6A 00       PUSH 0                                  ; |Arg3 = 00000000
00459A7B  |.  6A 01       PUSH 1                                  ; |Arg2 = 00000001 举起武器
00459A7D  |.  8B95 ECFEFFFF MOV EDX,DWORD PTR SS:[EBP-114]          ; |
00459A83  |.  52          PUSH EDX                               ; |Arg1 人物Data
00459A84  |.  8B8D C8F5FFFF MOV ECX,DWORD PTR SS:[EBP-A38]          ; |
00459A8A  |.  E8 00DDFFFF CALL WaGan.0045778F                   ; \WaGan.0045778F

00459A8F  |.  8B8D ECFEFFFF MOV ECX,DWORD PTR SS:[EBP-114]
00459A95  |.  6BC9 48    IMUL ECX,ECX,48
00459A98  |.  81C1 0000D600 ADD ECX,0D60000
00459A9E  |.  E8 39E00100 CALL WaGan.00477ADC                   ;  获取战场形象编号
00459AA3  |.  8885 E8FEFFFF MOV BYTE PTR SS:[EBP-118],AL
00459AA9  |.  8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-118]
00459AAF  |.  81E1 FF000000 AND ECX,0FF
00459AB5  |.  6BC9 24    IMUL ECX,ECX,24
00459AB8  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50
00459ABE  |.  E8 9D98FAFF CALL WaGan.00403360 对Ecx+6

00459AC3  |.  66:8B00    MOV AX,WORD PTR DS:[EAX] 取坐标(纵横)
00459AC6  |.  50          PUSH EAX                               ; /Arg1
00459AC7  |.  E8 B25FFFFF CALL WaGan.0044FA7E                   ; \WaGan.0044FA7E
00459ACC  |.  83C4 04    ADD ESP,4
00459ACF  |.  8985 CCF5FFFF MOV DWORD PTR SS:[EBP-A34],EAX 120
00459AD5  |.  8995 D0F5FFFF MOV DWORD PTR SS:[EBP-A30],EDX F8

00459ADB  |.  8B8D CCF5FFFF MOV ECX,DWORD PTR SS:[EBP-A34]
00459AE1  |.  898D E0FEFFFF MOV DWORD PTR SS:[EBP-120],ECX

00459AE7  |.  8B95 D0F5FFFF MOV EDX,DWORD PTR SS:[EBP-A30]
00459AED  |.  8995 E4FEFFFF MOV DWORD PTR SS:[EBP-11C],EDX

00459AF3  |.  8D85 E0F5FFFF LEA EAX,DWORD PTR SS:[EBP-A20]
00459AF9  |.  50          PUSH EAX
00459AFA  |.  6A 30       PUSH 30
00459AFC  |.  6A 30       PUSH 30
00459AFE  |.  8B8D E4FEFFFF MOV ECX,DWORD PTR SS:[EBP-11C]
00459B04  |.  51          PUSH ECX
00459B05  |.  8B95 E0FEFFFF MOV EDX,DWORD PTR SS:[EBP-120]
00459B0B  |.  52          PUSH EDX
00459B0C  |.  E8 40470200 CALL WaGan.0047E251
00459B11  |.  83C4 14    ADD ESP,14
00459B14  |.  68 F0BB4800 PUSH WaGan.0048BBF0                   ; /Arg1 = 0048BBF0 ASCII "Item.WA"
00459B19  |.  8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]          ; |
00459B1F  |.  E8 1160FCFF CALL WaGan.0041FB35                   ; \WaGan.0041FB35 打开Item.e5这个文件，句柄放-110
00459B24  |.  6A 04       PUSH 4                                  ; /Arg3 = 00000004
00459B26  |.  6A 00       PUSH 0                                  ; |Arg2 = 00000000
00459B28  |.  68 00690000 PUSH 6900                               ; |Arg1 = 00006900
00459B2D  |.  B9 C8E44A00 MOV ECX,WaGan.004AE4C8                ; |
00459B32  |.  E8 095F0200 CALL WaGan.0047FA40                   ; \WaGan.0047FA40 读文件信息，写在4ae4c8处
00459B37  |.  50          PUSH EAX                               ; /Arg2
00459B38  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]          ; |
00459B3B  |.  50          PUSH EAX                               ; |Arg1 物品Data号
00459B3C  |.  8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]          ; |
00459B42  |.  E8 4261FCFF CALL WaGan.0041FC89                   ; \WaGan.0041FC89 ？？？
00459B47  |.  8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
00459B4D  |.  E8 73F7FBFF CALL WaGan.004192C5 关闭Item.e5这个文件文件

00459B52  |.  6A 01       PUSH 1                                  ; /Arg2 = 00000001
00459B54  |.  6A 0E       PUSH 0E                               ; |Arg1 = 0000000E
00459B56  |.  B9 B0694B00 MOV ECX,WaGan.004B69B0                ; |
00459B5B  |.  E8 1AAB0100 CALL WaGan.0047467A                   ; \WaGan.0047467A
00459B60  |.  C785 DCF5FFFF>MOV DWORD PTR SS:[EBP-A24],0
画动画
00459B6A  |.  EB 0F       JMP SHORT WaGan.00459B7B
00459B6C  |>  8B8D DCF5FFFF /MOV ECX,DWORD PTR SS:[EBP-A24]
00459B72  |.  83C1 01    |ADD ECX,1
00459B75  |.  898D DCF5FFFF |MOV DWORD PTR SS:[EBP-A24],ECX
00459B7B  |>  83BD DCF5FFFF> CMP DWORD PTR SS:[EBP-A24],8
00459B82  |.  73 7F       |JNB SHORT WaGan.00459C03
00459B84  |.  E8 524AFCFF |CALL WaGan.0041E5DB
00459B89  |.  6A 04       |PUSH 4                               ; /Arg6 = 00000004
00459B8B  |.  8D95 E0F5FFFF |LEA EDX,DWORD PTR SS:[EBP-A20]       ; |
00459B91  |.  52          |PUSH EDX                               ; |Arg5
00459B92  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
00459B94  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00459B96  |.  8B85 E4FEFFFF |MOV EAX,DWORD PTR SS:[EBP-11C]       ; |
00459B9C  |.  50          |PUSH EAX                               ; |Arg2
00459B9D  |.  8B8D E0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-120]       ; |
00459BA3  |.  51          |PUSH ECX                               ; |Arg1
00459BA4  |.  E8 6A7DFFFF |CALL WaGan.00451913                   ; \WaGan.00451913
00459BA9  |.  83C4 18    |ADD ESP,18
00459BAC  |.  6A 04       |PUSH 4                               ; /Arg6 = 00000004
00459BAE  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00459BB0  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00459BB2  |.  68 00690000 |PUSH 6900                            ; ||Arg1 = 00006900
00459BB7  |.  B9 C8E44A00 |MOV ECX,WaGan.004AE4C8                ; ||
00459BBC  |.  E8 7F5E0200 |CALL WaGan.0047FA40                   ; |\WaGan.0047FA40
00459BC1  |.  50          |PUSH EAX                               ; |Arg5
00459BC2  |.  6A 20       |PUSH 20                               ; |Arg4 = 00000020
00459BC4  |.  6A 20       |PUSH 20                               ; |Arg3 = 00000020
00459BC6  |.  8B95 E4FEFFFF |MOV EDX,DWORD PTR SS:[EBP-11C]       ; |
00459BCC  |.  83C2 07    |ADD EDX,7                            ; |
00459BCF  |.  2B95 DCF5FFFF |SUB EDX,DWORD PTR SS:[EBP-A24]       ; |
00459BD5  |.  52          |PUSH EDX                               ; |Arg2
00459BD6  |.  8B85 E0FEFFFF |MOV EAX,DWORD PTR SS:[EBP-120]       ; |
00459BDC  |.  83C0 08    |ADD EAX,8                            ; |
00459BDF  |.  50          |PUSH EAX                               ; |Arg1
00459BE0  |.  E8 2E7DFFFF |CALL WaGan.00451913                   ; \WaGan.00451913
00459BE5  |.  83C4 18    |ADD ESP,18
00459BE8  |.  6A 01       |PUSH 1                               ; /Arg1 = 00000001
00459BEA  |.  B9 181B4B00 |MOV ECX,WaGan.004B1B18                ; |
00459BEF  |.  E8 4C97FAFF |CALL WaGan.00403340                   ; \WaGan.00403340
00459BF4  |.  E8 E728FDFF |CALL WaGan.0042C4E0
00459BF9  |.  E8 F849FCFF |CALL WaGan.0041E5F6
00459BFE  |.^ E9 69FFFFFF \JMP WaGan.00459B6C

一段动画的代码
[EBP-A24]:控制循环的变量

00459B60  |.  C785 DCF5FFFF>MOV DWORD PTR SS:[EBP-A24],0
00459B6A  |.  EB 0F       JMP SHORT WaGan.00459B7B
00459B6C  |>  8B8D DCF5FFFF /MOV ECX,DWORD PTR SS:[EBP-A24]
00459B72  |.  83C1 01    |ADD ECX,1 递增
00459B75  |.  898D DCF5FFFF |MOV DWORD PTR SS:[EBP-A24],ECX
00459B7B  |>  83BD DCF5FFFF> CMP DWORD PTR SS:[EBP-A24],8
00459B82  |.  73 7F       |JNB SHORT WaGan.00459C03 不小于等于则转移，即大于8退出
00459B84  |.  E8 524AFCFF |CALL WaGan.0041E5DB
00459B89  |.  6A 04       |PUSH 4                               ; /Arg6 = 00000004
00459B8B  |.  8D95 E0F5FFFF |LEA EDX,DWORD PTR SS:[EBP-A20]       ; |
00459B91  |.  52          |PUSH EDX                               ; |Arg5
00459B92  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
00459B94  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00459B96  |.  8B85 E4FEFFFF |MOV EAX,DWORD PTR SS:[EBP-11C]       ; |
00459B9C  |.  50          |PUSH EAX                               ; |Arg2
00459B9D  |.  8B8D E0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-120]       ; |
00459BA3  |.  51          |PUSH ECX                               ; |Arg1
00459BA4  |.  E8 6A7DFFFF |CALL WaGan.00451913                   ; \WaGan.00451913
00459BA9  |.  83C4 18    |ADD ESP,18
00459BAC  |.  6A 04       |PUSH 4                               ; /Arg6 = 00000004
00459BAE  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00459BB0  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00459BB2  |.  68 00690000 |PUSH 6900                            ; ||Arg1 = 00006900
00459BB7  |.  B9 C8E44A00 |MOV ECX,WaGan.004AE4C8                ; ||
00459BBC  |.  E8 7F5E0200 |CALL WaGan.0047FA40                   ; |\WaGan.0047FA40
00459BC1  |.  50          |PUSH EAX                               ; |Arg5
00459BC2  |.  6A 20       |PUSH 20                               ; |Arg4 = 00000020
00459BC4  |.  6A 20       |PUSH 20                               ; |Arg3 = 00000020
00459BC6  |.  8B95 E4FEFFFF |MOV EDX,DWORD PTR SS:[EBP-11C]       ; |
00459BCC  |.  83C2 07    |ADD EDX,7                            ; |
00459BCF  |.  2B95 DCF5FFFF |SUB EDX,DWORD PTR SS:[EBP-A24]       ; |
00459BD5  |.  52          |PUSH EDX                               ; |Arg2
00459BD6  |.  8B85 E0FEFFFF |MOV EAX,DWORD PTR SS:[EBP-120]       ; |
00459BDC  |.  83C0 08    |ADD EAX,8                            ; |
00459BDF  |.  50          |PUSH EAX                               ; |Arg1
00459BE0  |.  E8 2E7DFFFF |CALL WaGan.00451913                   ; \WaGan.00451913
00459BE5  |.  83C4 18    |ADD ESP,18
00459BE8  |.  6A 01       |PUSH 1                               ; /Arg1 = 00000001
00459BEA  |.  B9 181B4B00 |MOV ECX,WaGan.004B1B18                ; |
00459BEF  |.  E8 4C97FAFF |CALL WaGan.00403340                   ; \WaGan.00403340
00459BF4  |.  E8 E728FDFF |CALL WaGan.0042C4E0
00459BF9  |.  E8 F849FCFF |CALL WaGan.0041E5F6 绘图
00459BFE  |.^ E9 69FFFFFF \JMP WaGan.00459B6C
00459C03  |>  6A 05       PUSH 5                                  ; /Arg1 = 00000005
00459C03    6A 05       PUSH 5
00459C05    B9 181B4B00 MOV ECX,WaGan.004B1B18
00459C0A  |.  E8 3197FAFF CALL WaGan.00403340                   ; \WaGan.00403340
00459C0F  |.  E8 CC28FDFF CALL WaGan.0042C4E0

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#18

发表于 2007-12-30 21:15 资料个人空间短消息看全部作者

战场地图文字显示(这个也是我自己新写的函数)

+8  文字地址
MOV ECX,4B3D08

004D6366 55             PUSH EBP
004D6367 8BEC          MOV EBP,ESP
004D6369 83EC 40       SUB ESP,40
004D636C 894D C0       MOV DWORD PTR SS:[EBP-40],ECX
004D636F B9 50424B00    MOV ECX,WaGan.004B4250
004D6374 E8 CBFAF7FF    CALL WaGan.00455E44
004D6379 99             CDQ
004D637A B9 30000000    MOV ECX,30
004D637F F7F9          IDIV ECX
004D6381 8845 E4       MOV BYTE PTR SS:[EBP-1C],AL
004D6384 B9 50424B00    MOV ECX,WaGan.004B4250
004D6389 E8 DDFAF7FF    CALL WaGan.00455E6B
004D638E 99             CDQ
004D638F B9 30000000    MOV ECX,30
004D6394 F7F9          IDIV ECX
004D6396 8845 E0       MOV BYTE PTR SS:[EBP-20],AL
004D6399 8B4D E4       MOV ECX,DWORD PTR SS:[EBP-1C]
004D639C 81E1 FF000000 AND ECX,0FF
004D63A2 6BC9 30       IMUL ECX,ECX,30
004D63A5 81F9 C0030000 CMP ECX,3C0
004D63AB 7C 10          JL SHORT WaGan.004D63BD
004D63AD C745 D8 4000000>MOV DWORD PTR SS:[EBP-28],40
004D63B4 C745 C4 0200000>MOV DWORD PTR SS:[EBP-3C],2
004D63BB EB 32          JMP SHORT WaGan.004D63EF
004D63BD 8B55 E4       MOV EDX,DWORD PTR SS:[EBP-1C]
004D63C0 81E2 FF000000 AND EDX,0FF
004D63C6 6BD2 30       IMUL EDX,EDX,30
004D63C9 81FA D0020000 CMP EDX,2D0
004D63CF 7C 10          JL SHORT WaGan.004D63E1
004D63D1 C745 D8 4000000>MOV DWORD PTR SS:[EBP-28],40
004D63D8 C745 C4 0200000>MOV DWORD PTR SS:[EBP-3C],2
004D63DF EB 0E          JMP SHORT WaGan.004D63EF
004D63E1 C745 D8 3000000>MOV DWORD PTR SS:[EBP-28],30
004D63E8 C745 C4 0100000>MOV DWORD PTR SS:[EBP-3C],1
004D63EF 8D45 F0       LEA EAX,DWORD PTR SS:[EBP-10]
004D63F2 50             PUSH EAX
004D63F3 8B0D 686A4B00 MOV ECX,DWORD PTR DS:[4B6A68]
004D63F9 51             PUSH ECX
004D63FA FF15 EC624800 CALL DWORD PTR DS:[<&USER32.GetClient>; USER32.GetClientRect
004D6400 E8 D681F4FF    CALL WaGan.0041E5DB
004D6405 6A 01          PUSH 1
004D6407 FF75 08       PUSH DWORD PTR SS:[EBP+8]       文字
004D640A 33C9          XOR ECX,ECX
004D640C F7D9          NEG ECX
004D640E 1BC9          SBB ECX,ECX
004D6410 83E1 10       AND ECX,10
004D6413 83C1 2A       ADD ECX,2A
004D6416 51             PUSH ECX
004D6417 6A 02          PUSH 2
004D6419 8B55 D8       MOV EDX,DWORD PTR SS:[EBP-28]
004D641C 52             PUSH EDX
004D641D 83EC 10       SUB ESP,10
004D6420 8BC4          MOV EAX,ESP
004D6422 8B4D F0       MOV ECX,DWORD PTR SS:[EBP-10]
004D6425 8908          MOV DWORD PTR DS:[EAX],ECX
004D6427 8B55 F4       MOV EDX,DWORD PTR SS:[EBP-C]
004D642A 8950 04       MOV DWORD PTR DS:[EAX+4],EDX
004D642D 8B4D 00       MOV ECX,DWORD PTR SS:[EBP]
004D6430 8948 08       MOV DWORD PTR DS:[EAX+8],ECX
004D6433 8B55 FC       MOV EDX,DWORD PTR SS:[EBP-4]
004D6436 8950 0C       MOV DWORD PTR DS:[EAX+C],EDX
004D6439 E8 BA88F4FF    CALL WaGan.0041ECF8
004D643E 83C4 24       ADD ESP,24
004D6441 6A 01          PUSH 1
004D6443 FF75 08          PUSH DWORD PTR SS:[EBP+8]       文字
004D6446 33D2          XOR EDX,EDX
004D6448 F7DA          NEG EDX
004D644A 1BD2          SBB EDX,EDX
004D644C 83E2 11       AND EDX,11
004D644F 83C2 24       ADD EDX,24
004D6452 52             PUSH EDX
004D6453 6A 01          PUSH 1
004D6455 8B45 D8       MOV EAX,DWORD PTR SS:[EBP-28]
004D6458 50             PUSH EAX
004D6459 83EC 10       SUB ESP,10
004D645C 8BCC          MOV ECX,ESP
004D645E 8B55 F0       MOV EDX,DWORD PTR SS:[EBP-10]
004D6461 8911          MOV DWORD PTR DS:[ECX],EDX
004D6463 8B45 F4       MOV EAX,DWORD PTR SS:[EBP-C]
004D6466 8941 04       MOV DWORD PTR DS:[ECX+4],EAX
004D6469 8B55 F8       MOV EDX,DWORD PTR SS:[EBP-8]
004D646C 8951 08       MOV DWORD PTR DS:[ECX+8],EDX
004D646F 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
004D6472 8941 0C       MOV DWORD PTR DS:[ECX+C],EAX
004D6475 E8 7E88F4FF    CALL WaGan.0041ECF8
004D647A 83C4 24       ADD ESP,24
004D647D 6A 00          PUSH 0
004D647F 6A 12          PUSH 12
004D6481 6A 04          PUSH 4
004D6483 E8 B16DFAFF    CALL WaGan.0047D239
004D6488 83C4 0C       ADD ESP,0C
004D648B 6A 00          PUSH 0
004D648D 6A 00          PUSH 0
004D648F 6A 01          PUSH 1
004D6491 FF75 08       PUSH DWORD PTR SS:[EBP+8]       文字
004D6494 8B45 D8       MOV EAX,DWORD PTR SS:[EBP-28]
004D6497 50             PUSH EAX
004D6498 8B45 D8       MOV EAX,DWORD PTR SS:[EBP-28]
004D649B 99             CDQ
004D649C 2BC2          SUB EAX,EDX
004D649E D1F8          SAR EAX,1
004D64A0 50             PUSH EAX
004D64A1 8D4D F0       LEA ECX,DWORD PTR SS:[EBP-10]
004D64A4 51             PUSH ECX
004D64A5 E8 0A85F4FF    CALL WaGan.0041E9B4
004D64AA 83C4 1C       ADD ESP,1C
004D64AD E8 4481F4FF    CALL WaGan.0041E5F6
004D64B2 6A 14          PUSH 14
004D64B4 B9 181B4B00    MOV ECX,WaGan.004B1B18
004D64B9 E8 82CEF2FF    CALL WaGan.00403340
004D64BE E8 1D60F5FF    CALL WaGan.0042C4E0
004D64C3 8B4D C0       MOV ECX,DWORD PTR SS:[EBP-40]
004D64C6 E8 BF43F7FF    CALL WaGan.0044A88A
004D64CB B9 50424B00    MOV ECX,WaGan.004B4250
004D64D0 E8 D6B8F7FF    CALL WaGan.00451DAB
004D64D5 8BE5          MOV ESP,EBP
004D64D7 5D             POP EBP
004D64D8 C2 0400       RETN 4
004D64DB 90             NOP

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#19

发表于 2007-12-30 21:16 资料个人空间短消息看全部作者

移动的研究

004595C5  |.  52          PUSH EDX                               ; /Arg2
004595C6  |.  8A45 0C    MOV AL,BYTE PTR SS:[EBP+C]             ; |
004595C9  |.  50          PUSH EAX                               ; |Arg1
004595CA  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]             ; |
004595CD  |.  E8 BA90FEFF CALL WaGan.0044268C                      ; \WaGan.0044268C
004595D2  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004595D5  |.  E8 4217FEFF CALL WaGan.0043AD1C             移动的画图函数  （）
004595DA  |.  8A4D E8    MOV CL,BYTE PTR SS:[EBP-18]

SS：[EBP-14]       武将战场内存地址
SS：[EBP-18]

0043AD1C  /$  55          PUSH EBP
0043AD1D  |.  8BEC       MOV EBP,ESP
0043AD1F  |.  83EC 1C    SUB ESP,1C
0043AD22  |.  894D EC    MOV DWORD PTR SS:[EBP-14],ECX
0043AD25  |.  C645 FC FF MOV BYTE PTR SS:[EBP-4],0FF
0043AD29  |.  68 80000000 PUSH 80                                  ; /Arg1 = 00000080
0043AD2E  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043AD31  |.  E8 BAADFEFF CALL WaGan.00425AF0                      ; \WaGan.00425AF0 （80）对Ecx+D的值和80进行比较
0043AD36  |.  85C0       TEST EAX,EAX
0043AD38  |.  74 09       JE SHORT WaGan.0043AD43
0043AD3A  |.  C745 E8 64000>MOV DWORD PTR SS:[EBP-18],64
0043AD41  |.  EB 10       JMP SHORT WaGan.0043AD53

0043AD43  |>  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043AD46  |.  E8 044A0000 CALL WaGan.0043F74F
0043AD4B  |.  25 FF000000 AND EAX,0FF
0043AD50  |.  8945 E8    MOV DWORD PTR SS:[EBP-18],EAX
0043AD53  |>  8A45 E8    MOV AL,BYTE PTR SS:[EBP-18]
0043AD56  |.  8845 F8    MOV BYTE PTR SS:[EBP-8],AL
0043AD59  |.  8D4D F4    LEA ECX,DWORD PTR SS:[EBP-C]
0043AD5C  |.  E8 AF490200 CALL WaGan.0045F710
0043AD61  |.  C605 382C4B00>MOV BYTE PTR DS:[4B2C38],0FF
0043AD68  |.  C705 1C2C4B00>MOV DWORD PTR DS:[4B2C1C],0
0043AD72  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043AD75  |.  8B11       MOV EDX,DWORD PTR DS:[ECX]
0043AD77  |.  52          PUSH EDX                               ; /Arg1
0043AD78  |.  B9 F05D4B00 MOV ECX,WaGan.004B5DF0                   ; |
0043AD7D  |.  E8 CE480200 CALL WaGan.0045F650                      ; \WaGan.0045F650
0043AD82  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0043AD85  |.  33C9       XOR ECX,ECX
0043AD87  |.  8A48 08    MOV CL,BYTE PTR DS:[EAX+8]
0043AD8A  |.  81F9 FF000000 CMP ECX,0FF
0043AD90  |.  74 33       JE SHORT WaGan.0043ADC5
0043AD92  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
0043AD95  |.  33C0       XOR EAX,EAX
0043AD97  |.  8A42 08    MOV AL,BYTE PTR DS:[EDX+8]
0043AD9A  |.  8BC8       MOV ECX,EAX
0043AD9C  |.  6BC9 24    IMUL ECX,ECX,24
0043AD9F  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50
0043ADA5  |.  E8 E6DEFDFF CALL WaGan.00418C90
0043ADAA  |.  25 FF000000 AND EAX,0FF
0043ADAF  |.  83F8 02    CMP EAX,2
0043ADB2  |.  74 11       JE SHORT WaGan.0043ADC5
0043ADB4  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043ADB7  |.  C641 08 FF MOV BYTE PTR DS:[ECX+8],0FF
0043ADBB  |.  6A 01       PUSH 1                                  ; /Arg1 = 00000001
0043ADBD  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043ADC0  |.  E8 A4780000 CALL WaGan.00442669                      ; \WaGan.00442669
0043ADC5  |>  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043ADC8  |.  E8 C3DEFDFF CALL WaGan.00418C90
0043ADCD  |.  25 FF000000 AND EAX,0FF
0043ADD2  |.  83F8 02    CMP EAX,2
0043ADD5  |.  0F85 2D060000 JNZ WaGan.0043B408
0043ADDB  |.  6A 02       PUSH 2                                  ; /Arg1 = 00000002
0043ADDD  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043ADE0  |.  E8 0BADFEFF CALL WaGan.00425AF0                      ; \WaGan.00425AF0
0043ADE5  |.  85C0       TEST EAX,EAX
0043ADE7  |.  0F85 1B060000 JNZ WaGan.0043B408
0043ADED  |.  6A 08       PUSH 8                                  ; /Arg1 = 00000008
0043ADEF  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043ADF2  |.  E8 E9B8FCFF CALL WaGan.004066E0                      ; \WaGan.004066E0
0043ADF7  |.  85C0       TEST EAX,EAX
0043ADF9  |.  0F85 09060000 JNZ WaGan.0043B408
0043ADFF  |.  68 FF000000 PUSH 0FF                               ; /Arg1 = 000000FF
0043AE04  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043AE07  |.  E8 7EF4FFFF CALL WaGan.0043A28A                      ; \WaGan.0043A28A
0043AE0C  |.  33D2       XOR EDX,EDX
0043AE0E  |.  8A15 242C4B00 MOV DL,BYTE PTR DS:[4B2C24]
0043AE14  |.  83E2 01    AND EDX,1
0043AE17  |.  85D2       TEST EDX,EDX
0043AE19  |.  0F84 91010000 JE WaGan.0043AFB0
0043AE1F  |.  68 80000000 PUSH 80                                  ; /Arg1 = 00000080
0043AE24  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043AE27  |.  E8 C4ACFEFF CALL WaGan.00425AF0                      ; \WaGan.00425AF0
0043AE2C  |.  85C0       TEST EAX,EAX
0043AE2E  |.  0F85 7C010000 JNZ WaGan.0043AFB0
0043AE34  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0043AE37  |.  33C9       XOR ECX,ECX
0043AE39  |.  8A48 04    MOV CL,BYTE PTR DS:[EAX+4]
0043AE3C  |.  83F9 23    CMP ECX,23
0043AE3F  |.  0F84 6B010000 JE WaGan.0043AFB0
0043AE45  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043AE48  |.  E8 C3B8FCFF CALL WaGan.00406710
0043AE4D  |.  85C0       TEST EAX,EAX
0043AE4F  |.  74 15       JE SHORT WaGan.0043AE66
0043AE51  |.  B9 502C4B00 MOV ECX,WaGan.004B2C50
0043AE56  |.  E8 0585FCFF CALL WaGan.00403360
0043AE5B  |.  50          PUSH EAX                               ; /Arg1
0043AE5C  |.  8D4D F4    LEA ECX,DWORD PTR SS:[EBP-C]             ; |
0043AE5F  |.  E8 3CB7FCFF CALL WaGan.004065A0                      ; \WaGan.004065A0
0043AE64  |.  EB 2D       JMP SHORT WaGan.0043AE93
0043AE66  |>  B9 3C314B00 MOV ECX,WaGan.004B313C
0043AE6B  |.  E8 20DEFDFF CALL WaGan.00418C90
0043AE70  |.  25 FF000000 AND EAX,0FF
0043AE75  |.  83F8 02    CMP EAX,2
0043AE78  |.  75 15       JNZ SHORT WaGan.0043AE8F
0043AE7A  |.  B9 3C314B00 MOV ECX,WaGan.004B313C
0043AE7F  |.  E8 DC84FCFF CALL WaGan.00403360
0043AE84  |.  50          PUSH EAX                               ; /Arg1
0043AE85  |.  8D4D F4    LEA ECX,DWORD PTR SS:[EBP-C]             ; |
0043AE88  |.  E8 13B7FCFF CALL WaGan.004065A0                      ; \WaGan.004065A0
0043AE8D  |.  EB 04       JMP SHORT WaGan.0043AE93
0043AE8F  |>  C645 F4 FF MOV BYTE PTR SS:[EBP-C],0FF
0043AE93  |>  8B55 F4    MOV EDX,DWORD PTR SS:[EBP-C]
0043AE96  |.  81E2 FF000000 AND EDX,0FF
0043AE9C  |.  81FA FF000000 CMP EDX,0FF
0043AEA2  |.  0F84 F7000000 JE WaGan.0043AF9F
0043AEA8  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0043AEAB  |.  8A48 04    MOV CL,BYTE PTR DS:[EAX+4]
0043AEAE  |.  51          PUSH ECX                               ; /Arg3
0043AEAF  |.  6A 0A       PUSH 0A                                  ; |Arg2 = 0000000A
0043AEB1  |.  8D55 F4    LEA EDX,DWORD PTR SS:[EBP-C]             ; |
0043AEB4  |.  52          PUSH EDX                               ; |Arg1
0043AEB5  |.  E8 BED2FFFF CALL WaGan.00438178                      ; \WaGan.00438178
0043AEBA  |.  83C4 0C    ADD ESP,0C
0043AEBD  |.  6A 01       PUSH 1                                  ; /Arg6 = 00000001
0043AEBF  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]          ; |
0043AEC2  |.  8A48 07    MOV CL,BYTE PTR DS:[EAX+7]             ; |
0043AEC5  |.  51          PUSH ECX                               ; |Arg5
0043AEC6  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
0043AEC9  |.  8A42 06    MOV AL,BYTE PTR DS:[EDX+6]             ; |
0043AECC  |.  50          PUSH EAX                               ; |Arg4
0043AECD  |.  6A 02       PUSH 2                                  ; |Arg3 = 00000002
0043AECF  |.  68 FF000000 PUSH 0FF                               ; |Arg2 = 000000FF
0043AED4  |.  8D4D F4    LEA ECX,DWORD PTR SS:[EBP-C]             ; |
0043AED7  |.  51          PUSH ECX                               ; |Arg1
0043AED8  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043AEDB  |.  E8 28D4FFFF CALL WaGan.00438308                      ; \WaGan.00438308
0043AEE0  |.  25 FF000000 AND EAX,0FF
0043AEE5  |.  83F8 01    CMP EAX,1
0043AEE8  |.  74 79       JE SHORT WaGan.0043AF63
0043AEEA  |.  6A 00       PUSH 0                                  ; /Arg6 = 00000000
0043AEEC  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
0043AEEF  |.  8A42 07    MOV AL,BYTE PTR DS:[EDX+7]             ; |
0043AEF2  |.  50          PUSH EAX                               ; |Arg5
0043AEF3  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043AEF6  |.  8A51 06    MOV DL,BYTE PTR DS:[ECX+6]             ; |
0043AEF9  |.  52          PUSH EDX                               ; |Arg4
0043AEFA  |.  6A 02       PUSH 2                                  ; |Arg3 = 00000002
0043AEFC  |.  68 FF000000 PUSH 0FF                               ; |Arg2 = 000000FF
0043AF01  |.  8D45 F4    LEA EAX,DWORD PTR SS:[EBP-C]             ; |
0043AF04  |.  50          PUSH EAX                               ; |Arg1
0043AF05  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043AF08  |.  E8 FBD3FFFF CALL WaGan.00438308                      ; \WaGan.00438308
0043AF0D  |.  25 FF000000 AND EAX,0FF
0043AF12  |.  3D FF000000 CMP EAX,0FF
0043AF17  |.  74 3C       JE SHORT WaGan.0043AF55
0043AF19  |.  6A 01       PUSH 1                                  ; /Arg4 = 00000001
0043AF1B  |.  8A4D F8    MOV CL,BYTE PTR SS:[EBP-8]             ; |
0043AF1E  |.  51          PUSH ECX                               ; |Arg3
0043AF1F  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
0043AF22  |.  83C2 06    ADD EDX,6                               ; |
0043AF25  |.  52          PUSH EDX                               ; |Arg2
0043AF26  |.  8D45 F4    LEA EAX,DWORD PTR SS:[EBP-C]             ; |
0043AF29  |.  50          PUSH EAX                               ; |Arg1
0043AF2A  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043AF2D  |.  E8 FCCEFFFF CALL WaGan.00437E2E                      ; \WaGan.00437E2E
0043AF32  |.  6A 01       PUSH 1                                  ; /Arg6 = 00000001
0043AF34  |.  68 FF000000 PUSH 0FF                               ; |Arg5 = 000000FF
0043AF39  |.  68 FF000000 PUSH 0FF                               ; |Arg4 = 000000FF
0043AF3E  |.  6A 04       PUSH 4                                  ; |Arg3 = 00000004
0043AF40  |.  8A4D F8    MOV CL,BYTE PTR SS:[EBP-8]             ; |
0043AF43  |.  51          PUSH ECX                               ; |Arg2
0043AF44  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
0043AF47  |.  83C2 06    ADD EDX,6                               ; |
0043AF4A  |.  52          PUSH EDX                               ; |Arg1
0043AF4B  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043AF4E  |.  E8 B5D3FFFF CALL WaGan.00438308                      ; \WaGan.00438308
0043AF53  |.  EB 0C       JMP SHORT WaGan.0043AF61
0043AF55  |>  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]
0043AF58  |.  50          PUSH EAX                               ; /Arg1
0043AF59  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043AF5C  |.  E8 68F8FFFF CALL WaGan.0043A7C9                      ; \WaGan.0043A7C9
0043AF61  |>  EB 3A       JMP SHORT WaGan.0043AF9D
0043AF63  |>  6A 01       PUSH 1                                  ; /Arg4 = 00000001
0043AF65  |.  8A4D F8    MOV CL,BYTE PTR SS:[EBP-8]             ; |
0043AF68  |.  51          PUSH ECX                               ; |Arg3
0043AF69  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
0043AF6C  |.  83C2 06    ADD EDX,6                               ; |
0043AF6F  |.  52          PUSH EDX                               ; |Arg2
0043AF70  |.  8D45 F4    LEA EAX,DWORD PTR SS:[EBP-C]             ; |
0043AF73  |.  50          PUSH EAX                               ; |Arg1
0043AF74  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043AF77  |.  E8 B2CEFFFF CALL WaGan.00437E2E                      ; \WaGan.00437E2E
0043AF7C  |.  6A 01       PUSH 1                                  ; /Arg6 = 00000001
0043AF7E  |.  68 FF000000 PUSH 0FF                               ; |Arg5 = 000000FF
0043AF83  |.  68 FF000000 PUSH 0FF                               ; |Arg4 = 000000FF
0043AF88  |.  6A 04       PUSH 4                                  ; |Arg3 = 00000004
0043AF8A  |.  8A4D F8    MOV CL,BYTE PTR SS:[EBP-8]             ; |
0043AF8D  |.  51          PUSH ECX                               ; |Arg2
0043AF8E  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
0043AF91  |.  83C2 06    ADD EDX,6                               ; |
0043AF94  |.  52          PUSH EDX                               ; |Arg1
0043AF95  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043AF98  |.  E8 6BD3FFFF CALL WaGan.00438308                      ; \WaGan.00438308
0043AF9D  |>  EB 0C       JMP SHORT WaGan.0043AFAB
0043AF9F  |>  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]
0043AFA2  |.  50          PUSH EAX                               ; /Arg1
0043AFA3  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043AFA6  |.  E8 1EF8FFFF CALL WaGan.0043A7C9                      ; \WaGan.0043A7C9
0043AFAB  |>  E9 A7030000 JMP WaGan.0043B357
0043AFB0  |>  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043AFB3  |.  E8 18ABFEFF CALL WaGan.00425AD0
0043AFB8  |.  25 FF000000 AND EAX,0FF
0043AFBD  |.  8945 E4    MOV DWORD PTR SS:[EBP-1C],EAX
0043AFC0  |.  837D E4 04 CMP DWORD PTR SS:[EBP-1C],4
0043AFC4  |.  0F87 8D030000 JA WaGan.0043B357
0043AFCA  |.  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
0043AFCD  |.  FF248D 0CB443>JMP DWORD PTR DS:[ECX*4+43B40C]
0043B40C .  D4AF4300    DD WaGan.0043AFD4
0043B410 .  19B34300    DD WaGan.0043B319
0043B414 .  27B34300    DD WaGan.0043B327
0043B418 .  AEB24300    DD WaGan.0043B2AE
0043B41C .  D4AF4300    DD WaGan.0043AFD4
0043AFD4  |>  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
0043AFD7  |.  33C0       XOR EAX,EAX
0043AFD9  |.  8A42 08    MOV AL,BYTE PTR DS:[EDX+8]
0043AFDC  |.  3D FF000000 CMP EAX,0FF
0043AFE1  |.  0F84 8B000000 JE WaGan.0043B072
0043AFE7  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043AFEA  |.  33D2       XOR EDX,EDX
0043AFEC  |.  8A51 08    MOV DL,BYTE PTR DS:[ECX+8]
0043AFEF  |.  8BCA       MOV ECX,EDX
0043AFF1  |.  6BC9 24    IMUL ECX,ECX,24
0043AFF4  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50
0043AFFA  |.  E8 6183FCFF CALL WaGan.00403360
0043AFFF  |.  50          PUSH EAX                               ; /Arg1
0043B000  |.  8D4D F4    LEA ECX,DWORD PTR SS:[EBP-C]             ; |
0043B003  |.  E8 98B5FCFF CALL WaGan.004065A0                      ; \WaGan.004065A0
0043B008  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0043B00B  |.  33C9       XOR ECX,ECX
0043B00D  |.  8A48 08    MOV CL,BYTE PTR DS:[EAX+8]
0043B010  |.  6BC9 24    IMUL ECX,ECX,24
0043B013  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50
0043B019  |.  E8 B2AAFEFF CALL WaGan.00425AD0
0043B01E  |.  25 FF000000 AND EAX,0FF
0043B023  |.  85C0       TEST EAX,EAX
0043B025  |.  74 22       JE SHORT WaGan.0043B049
0043B027  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
0043B02A  |.  33C0       XOR EAX,EAX
0043B02C  |.  8A42 08    MOV AL,BYTE PTR DS:[EDX+8]
0043B02F  |.  8BC8       MOV ECX,EAX
0043B031  |.  6BC9 24    IMUL ECX,ECX,24
0043B034  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50
0043B03A  |.  E8 91AAFEFF CALL WaGan.00425AD0
0043B03F  |.  25 FF000000 AND EAX,0FF
0043B044  |.  83F8 04    CMP EAX,4
0043B047  |.  75 27       JNZ SHORT WaGan.0043B070
0043B049  |>  8D4D F0    LEA ECX,DWORD PTR SS:[EBP-10]
0043B04C  |.  51          PUSH ECX                               ; /Arg1
0043B04D  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
0043B050  |.  33C0       XOR EAX,EAX                            ; |
0043B052  |.  8A42 08    MOV AL,BYTE PTR DS:[EDX+8]             ; |
0043B055  |.  8BC8       MOV ECX,EAX                            ; |
0043B057  |.  6BC9 24    IMUL ECX,ECX,24                         ; |
0043B05A  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50                   ; |
0043B060  |.  E8 2B040000 CALL WaGan.0043B490                      ; \WaGan.0043B490
0043B065  |.  50          PUSH EAX                               ; /Arg1
0043B066  |.  B9 382C4B00 MOV ECX,WaGan.004B2C38                   ; |
0043B06B  |.  E8 30B5FCFF CALL WaGan.004065A0                      ; \WaGan.004065A0
0043B070  |>  EB 0F       JMP SHORT WaGan.0043B081
0043B072  |>  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043B075  |.  83C1 09    ADD ECX,9
0043B078  |.  51          PUSH ECX                               ; /Arg1
0043B079  |.  8D4D F4    LEA ECX,DWORD PTR SS:[EBP-C]             ; |
0043B07C  |.  E8 1FB5FCFF CALL WaGan.004065A0                      ; \WaGan.004065A0
0043B081  |>  68 80000000 PUSH 80                                  ; /Arg1 = 00000080
0043B086  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B089  |.  E8 62AAFEFF CALL WaGan.00425AF0                      ; \WaGan.00425AF0
0043B08E  |.  85C0       TEST EAX,EAX
0043B090  |.  0F85 7D010000 JNZ WaGan.0043B213
0043B096  |.  6A 01       PUSH 1                                  ; /Arg6 = 00000001
0043B098  |.  68 FF000000 PUSH 0FF                               ; |Arg5 = 000000FF
0043B09D  |.  68 FF000000 PUSH 0FF                               ; |Arg4 = 000000FF
0043B0A2  |.  6A 08       PUSH 8                                  ; |Arg3 = 00000008
0043B0A4  |.  8A55 F8    MOV DL,BYTE PTR SS:[EBP-8]             ; |
0043B0A7  |.  52          PUSH EDX                               ; |Arg2
0043B0A8  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]          ; |
0043B0AB  |.  83C0 06    ADD EAX,6                               ; |
0043B0AE  |.  50          PUSH EAX                               ; |Arg1
0043B0AF  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B0B2  |.  E8 51D2FFFF CALL WaGan.00438308                      ; \WaGan.00438308
0043B0B7  |.  8845 FC    MOV BYTE PTR SS:[EBP-4],AL
0043B0BA  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043B0BD  |.  33D2       XOR EDX,EDX
0043B0BF  |.  8A51 08    MOV DL,BYTE PTR DS:[ECX+8]
0043B0C2  |.  81FA FF000000 CMP EDX,0FF
0043B0C8  |.  74 4F       JE SHORT WaGan.0043B119
0043B0CA  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0043B0CD  |.  25 FF000000 AND EAX,0FF
0043B0D2  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043B0D5  |.  33D2       XOR EDX,EDX
0043B0D7  |.  8A51 08    MOV DL,BYTE PTR DS:[ECX+8]
0043B0DA  |.  3BC2       CMP EAX,EDX
0043B0DC  |.  75 3B       JNZ SHORT WaGan.0043B119
0043B0DE  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0043B0E1  |.  8A48 04    MOV CL,BYTE PTR DS:[EAX+4]
0043B0E4  |.  51          PUSH ECX                               ; /Arg3
0043B0E5  |.  6A 14       PUSH 14                                  ; |Arg2 = 00000014
0043B0E7  |.  8D55 F4    LEA EDX,DWORD PTR SS:[EBP-C]             ; |
0043B0EA  |.  52          PUSH EDX                               ; |Arg1
0043B0EB  |.  E8 88D0FFFF CALL WaGan.00438178                      ; \WaGan.00438178
0043B0F0  |.  83C4 0C    ADD ESP,0C
0043B0F3  |.  6A 01       PUSH 1                                  ; /Arg6 = 00000001
0043B0F5  |.  68 FF000000 PUSH 0FF                               ; |Arg5 = 000000FF
0043B0FA  |.  68 FF000000 PUSH 0FF                               ; |Arg4 = 000000FF
0043B0FF  |.  6A 04       PUSH 4                                  ; |Arg3 = 00000004
0043B101  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]             ; |
0043B104  |.  50          PUSH EAX                               ; |Arg2
0043B105  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B108  |.  83C1 06    ADD ECX,6                               ; |
0043B10B  |.  51          PUSH ECX                               ; |Arg1
0043B10C  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B10F  |.  E8 F4D1FFFF CALL WaGan.00438308                      ; \WaGan.00438308
0043B114  |.  E9 F5000000 JMP WaGan.0043B20E
0043B119  |>  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
0043B11C  |.  8A42 04    MOV AL,BYTE PTR DS:[EDX+4]
0043B11F  |.  50          PUSH EAX                               ; /Arg3
0043B120  |.  6A 0A       PUSH 0A                                  ; |Arg2 = 0000000A
0043B122  |.  8D4D F4    LEA ECX,DWORD PTR SS:[EBP-C]             ; |
0043B125  |.  51          PUSH ECX                               ; |Arg1
0043B126  |.  E8 4DD0FFFF CALL WaGan.00438178                      ; \WaGan.00438178
0043B12B  |.  83C4 0C    ADD ESP,0C
0043B12E  |.  6A 01       PUSH 1                                  ; /Arg6 = 00000001
0043B130  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
0043B133  |.  8A42 07    MOV AL,BYTE PTR DS:[EDX+7]             ; |
0043B136  |.  50          PUSH EAX                               ; |Arg5
0043B137  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B13A  |.  8A51 06    MOV DL,BYTE PTR DS:[ECX+6]             ; |
0043B13D  |.  52          PUSH EDX                               ; |Arg4
0043B13E  |.  6A 02       PUSH 2                                  ; |Arg3 = 00000002
0043B140  |.  68 FF000000 PUSH 0FF                               ; |Arg2 = 000000FF
0043B145  |.  8D45 F4    LEA EAX,DWORD PTR SS:[EBP-C]             ; |
0043B148  |.  50          PUSH EAX                               ; |Arg1
0043B149  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B14C  |.  E8 B7D1FFFF CALL WaGan.00438308                      ; \WaGan.00438308
0043B151  |.  25 FF000000 AND EAX,0FF
0043B156  |.  83F8 01    CMP EAX,1
0043B159  |.  74 79       JE SHORT WaGan.0043B1D4
0043B15B  |.  6A 00       PUSH 0                                  ; /Arg6 = 00000000
0043B15D  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B160  |.  8A51 07    MOV DL,BYTE PTR DS:[ECX+7]             ; |
0043B163  |.  52          PUSH EDX                               ; |Arg5
0043B164  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]          ; |
0043B167  |.  8A48 06    MOV CL,BYTE PTR DS:[EAX+6]             ; |
0043B16A  |.  51          PUSH ECX                               ; |Arg4
0043B16B  |.  6A 02       PUSH 2                                  ; |Arg3 = 00000002
0043B16D  |.  68 FF000000 PUSH 0FF                               ; |Arg2 = 000000FF
0043B172  |.  8D55 F4    LEA EDX,DWORD PTR SS:[EBP-C]             ; |
0043B175  |.  52          PUSH EDX                               ; |Arg1
0043B176  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B179  |.  E8 8AD1FFFF CALL WaGan.00438308                      ; \WaGan.00438308
0043B17E  |.  25 FF000000 AND EAX,0FF
0043B183  |.  3D FF000000 CMP EAX,0FF
0043B188  |.  74 3C       JE SHORT WaGan.0043B1C6
0043B18A  |.  6A 01       PUSH 1                                  ; /Arg4 = 00000001
0043B18C  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]             ; |
0043B18F  |.  50          PUSH EAX                               ; |Arg3
0043B190  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B193  |.  83C1 06    ADD ECX,6                               ; |
0043B196  |.  51          PUSH ECX                               ; |Arg2
0043B197  |.  8D55 F4    LEA EDX,DWORD PTR SS:[EBP-C]             ; |
0043B19A  |.  52          PUSH EDX                               ; |Arg1
0043B19B  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B19E  |.  E8 8BCCFFFF CALL WaGan.00437E2E                      ; \WaGan.00437E2E
0043B1A3  |.  6A 01       PUSH 1                                  ; /Arg6 = 00000001
0043B1A5  |.  68 FF000000 PUSH 0FF                               ; |Arg5 = 000000FF
0043B1AA  |.  68 FF000000 PUSH 0FF                               ; |Arg4 = 000000FF
0043B1AF  |.  6A 04       PUSH 4                                  ; |Arg3 = 00000004
0043B1B1  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]             ; |
0043B1B4  |.  50          PUSH EAX                               ; |Arg2
0043B1B5  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B1B8  |.  83C1 06    ADD ECX,6                               ; |
0043B1BB  |.  51          PUSH ECX                               ; |Arg1
0043B1BC  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B1BF  |.  E8 44D1FFFF CALL WaGan.00438308                      ; \WaGan.00438308
0043B1C4  |.  EB 0C       JMP SHORT WaGan.0043B1D2
0043B1C6  |>  8A55 F8    MOV DL,BYTE PTR SS:[EBP-8]
0043B1C9  |.  52          PUSH EDX                               ; /Arg1
0043B1CA  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B1CD  |.  E8 F7F5FFFF CALL WaGan.0043A7C9                      ; \WaGan.0043A7C9
0043B1D2  |>  EB 3A       JMP SHORT WaGan.0043B20E
0043B1D4  |>  6A 01       PUSH 1                                  ; /Arg4 = 00000001
0043B1D6  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]             ; |
0043B1D9  |.  50          PUSH EAX                               ; |Arg3
0043B1DA  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B1DD  |.  83C1 06    ADD ECX,6                               ; |
0043B1E0  |.  51          PUSH ECX                               ; |Arg2
0043B1E1  |.  8D55 F4    LEA EDX,DWORD PTR SS:[EBP-C]             ; |
0043B1E4  |.  52          PUSH EDX                               ; |Arg1
0043B1E5  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B1E8  |.  E8 41CCFFFF CALL WaGan.00437E2E                      ; \WaGan.00437E2E
0043B1ED  |.  6A 01       PUSH 1                                  ; /Arg6 = 00000001
0043B1EF  |.  68 FF000000 PUSH 0FF                               ; |Arg5 = 000000FF
0043B1F4  |.  68 FF000000 PUSH 0FF                               ; |Arg4 = 000000FF
0043B1F9  |.  6A 04       PUSH 4                                  ; |Arg3 = 00000004
0043B1FB  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]             ; |
0043B1FE  |.  50          PUSH EAX                               ; |Arg2
0043B1FF  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B202  |.  83C1 06    ADD ECX,6                               ; |
0043B205  |.  51          PUSH ECX                               ; |Arg1
0043B206  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B209  |.  E8 FAD0FFFF CALL WaGan.00438308                      ; \WaGan.00438308
0043B20E  |>  E9 96000000 JMP WaGan.0043B2A9
0043B213  |>  6A 01       PUSH 1                                  ; /Arg6 = 00000001
0043B215  |.  8A55 F5    MOV DL,BYTE PTR SS:[EBP-B]             ; |
0043B218  |.  52          PUSH EDX                               ; |Arg5
0043B219  |.  8A45 F4    MOV AL,BYTE PTR SS:[EBP-C]             ; |
0043B21C  |.  50          PUSH EAX                               ; |Arg4
0043B21D  |.  6A 02       PUSH 2                                  ; |Arg3 = 00000002
0043B21F  |.  68 FF000000 PUSH 0FF                               ; |Arg2 = 000000FF
0043B224  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B227  |.  83C1 06    ADD ECX,6                               ; |
0043B22A  |.  51          PUSH ECX                               ; |Arg1
0043B22B  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B22E  |.  E8 D5D0FFFF CALL WaGan.00438308                      ; \WaGan.00438308
0043B233  |.  25 FF000000 AND EAX,0FF
0043B238  |.  83F8 01    CMP EAX,1
0043B23B  |.  74 5E       JE SHORT WaGan.0043B29B
0043B23D  |.  6A 00       PUSH 0                                  ; /Arg6 = 00000000
0043B23F  |.  8A55 F5    MOV DL,BYTE PTR SS:[EBP-B]             ; |
0043B242  |.  52          PUSH EDX                               ; |Arg5
0043B243  |.  8A45 F4    MOV AL,BYTE PTR SS:[EBP-C]             ; |
0043B246  |.  50          PUSH EAX                               ; |Arg4
0043B247  |.  6A 02       PUSH 2                                  ; |Arg3 = 00000002
0043B249  |.  68 FF000000 PUSH 0FF                               ; |Arg2 = 000000FF
0043B24E  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B251  |.  83C1 06    ADD ECX,6                               ; |
0043B254  |.  51          PUSH ECX                               ; |Arg1
0043B255  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B258  |.  E8 ABD0FFFF CALL WaGan.00438308                      ; \WaGan.00438308
0043B25D  |.  25 FF000000 AND EAX,0FF
0043B262  |.  85C0       TEST EAX,EAX
0043B264  |.  74 10       JE SHORT WaGan.0043B276
0043B266  |.  8D55 F4    LEA EDX,DWORD PTR SS:[EBP-C]
0043B269  |.  52          PUSH EDX                               ; /Arg1
0043B26A  |.  B9 202C4B00 MOV ECX,WaGan.004B2C20                   ; |
0043B26F  |.  E8 2CB3FCFF CALL WaGan.004065A0                      ; \WaGan.004065A0
0043B274  |.  EB 23       JMP SHORT WaGan.0043B299
0043B276  |>  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0043B279  |.  83C0 06    ADD EAX,6
0043B27C  |.  50          PUSH EAX                               ; /Arg1
0043B27D  |.  B9 202C4B00 MOV ECX,WaGan.004B2C20                   ; |
0043B282  |.  E8 19B3FCFF CALL WaGan.004065A0                      ; \WaGan.004065A0
0043B287  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043B28A  |.  83C1 06    ADD ECX,6
0043B28D  |.  51          PUSH ECX                               ; /Arg1
0043B28E  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B291  |.  83C1 09    ADD ECX,9                               ; |
0043B294  |.  E8 07B3FCFF CALL WaGan.004065A0                      ; \WaGan.004065A0
0043B299  |>  EB 0E       JMP SHORT WaGan.0043B2A9
0043B29B  |>  8D55 F4    LEA EDX,DWORD PTR SS:[EBP-C]
0043B29E  |.  52          PUSH EDX                               ; /Arg1
0043B29F  |.  B9 202C4B00 MOV ECX,WaGan.004B2C20                   ; |
0043B2A4  |.  E8 F7B2FCFF CALL WaGan.004065A0                      ; \WaGan.004065A0
0043B2A9  |>  E9 A9000000 JMP WaGan.0043B357
0043B2AE  |>  6A 01       PUSH 1                                  ; /Arg6 = 00000001
0043B2B0  |.  68 FF000000 PUSH 0FF                               ; |Arg5 = 000000FF
0043B2B5  |.  68 FF000000 PUSH 0FF                               ; |Arg4 = 000000FF
0043B2BA  |.  6A 08       PUSH 8                                  ; |Arg3 = 00000008
0043B2BC  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]             ; |
0043B2BF  |.  50          PUSH EAX                               ; |Arg2
0043B2C0  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B2C3  |.  83C1 06    ADD ECX,6                               ; |
0043B2C6  |.  51          PUSH ECX                               ; |Arg1
0043B2C7  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B2CA  |.  E8 39D0FFFF CALL WaGan.00438308                      ; \WaGan.00438308
0043B2CF  |.  8845 FC    MOV BYTE PTR SS:[EBP-4],AL
0043B2D2  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0043B2D5  |.  81E2 FF000000 AND EDX,0FF
0043B2DB  |.  81FA FF000000 CMP EDX,0FF
0043B2E1  |.  74 23       JE SHORT WaGan.0043B306
0043B2E3  |.  6A 01       PUSH 1                                  ; /Arg6 = 00000001
0043B2E5  |.  68 FF000000 PUSH 0FF                               ; |Arg5 = 000000FF
0043B2EA  |.  68 FF000000 PUSH 0FF                               ; |Arg4 = 000000FF
0043B2EF  |.  6A 04       PUSH 4                                  ; |Arg3 = 00000004
0043B2F1  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]             ; |
0043B2F4  |.  50          PUSH EAX                               ; |Arg2
0043B2F5  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B2F8  |.  83C1 06    ADD ECX,6                               ; |
0043B2FB  |.  51          PUSH ECX                               ; |Arg1
0043B2FC  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B2FF  |.  E8 04D0FFFF CALL WaGan.00438308                      ; \WaGan.00438308
0043B304  |.  EB 11       JMP SHORT WaGan.0043B317
0043B306  |>  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
0043B309  |.  83C2 06    ADD EDX,6
0043B30C  |.  52          PUSH EDX                               ; /Arg1
0043B30D  |.  B9 202C4B00 MOV ECX,WaGan.004B2C20                   ; |
0043B312  |.  E8 89B2FCFF CALL WaGan.004065A0                      ; \WaGan.004065A0
0043B317  |>  EB 3E       JMP SHORT WaGan.0043B357
0043B319  |>  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]
0043B31C  |.  50          PUSH EAX                               ; /Arg1
0043B31D  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B320  |.  E8 A4F4FFFF CALL WaGan.0043A7C9                      ; \WaGan.0043A7C9
0043B325  |.  EB 30       JMP SHORT WaGan.0043B357
0043B327  |>  6A 01       PUSH 1                                  ; /Arg6 = 00000001
0043B329  |.  68 FF000000 PUSH 0FF                               ; |Arg5 = 000000FF
0043B32E  |.  68 FF000000 PUSH 0FF                               ; |Arg4 = 000000FF
0043B333  |.  6A 04       PUSH 4                                  ; |Arg3 = 00000004
0043B335  |.  6A 00       PUSH 0                                  ; |Arg2 = 00000000
0043B337  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B33A  |.  83C1 06    ADD ECX,6                               ; |
0043B33D  |.  51          PUSH ECX                               ; |Arg1
0043B33E  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B341  |.  E8 C2CFFFFF CALL WaGan.00438308                      ; \WaGan.00438308
0043B346  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
0043B349  |.  83C2 06    ADD EDX,6
0043B34C  |.  52          PUSH EDX                               ; /Arg1
0043B34D  |.  B9 202C4B00 MOV ECX,WaGan.004B2C20                   ; |
0043B352  |.  E8 49B2FCFF CALL WaGan.004065A0                      ; \WaGan.004065A0
0043B357  |>  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043B35A  |.  E8 F7F5FFFF CALL WaGan.0043A956                   调用到走路的函数
0043B35F  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043B362  |.  E8 EB4E0000 CALL WaGan.00440252
0043B367  |.  68 80000000 PUSH 80                                  ; /Arg1 = 00000080
0043B36C  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B36F  |.  E8 7CA7FEFF CALL WaGan.00425AF0                      ; \WaGan.00425AF0
0043B374  |.  85C0       TEST EAX,EAX
0043B376  |.  75 67       JNZ SHORT WaGan.0043B3DF
0043B378  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043B37B  |.  E8 50A7FEFF CALL WaGan.00425AD0
0043B380  |.  25 FF000000 AND EAX,0FF
0043B385  |.  83F8 04    CMP EAX,4
0043B388  |.  74 55       JE SHORT WaGan.0043B3DF
0043B38A  |.  33C0       XOR EAX,EAX
0043B38C  |.  A0 442C4B00 MOV AL,BYTE PTR DS:[4B2C44]
0043B391  |.  3D FF000000 CMP EAX,0FF
0043B396  |.  75 0A       JNZ SHORT WaGan.0043B3A2
0043B398  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043B39B  |.  E8 5BF7FFFF CALL WaGan.0043AAFB
0043B3A0  |.  EB 3D       JMP SHORT WaGan.0043B3DF
0043B3A2  |>  8A0D 442C4B00 MOV CL,BYTE PTR DS:[4B2C44]
0043B3A8  |.  51          PUSH ECX                               ; /Arg3
0043B3A9  |.  8A15 282C4B00 MOV DL,BYTE PTR DS:[4B2C28]             ; |
0043B3AF  |.  52          PUSH EDX                               ; |Arg2
0043B3B0  |.  6A 02       PUSH 2                                  ; |Arg1 = 00000002
0043B3B2  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B3B5  |.  E8 CE600000 CALL WaGan.00441488                      ; \WaGan.00441488
0043B3BA  |.  A0 442C4B00 MOV AL,BYTE PTR DS:[4B2C44]
0043B3BF  |.  50          PUSH EAX                               ; /Arg1
0043B3C0  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B3C3  |.  E8 D1280000 CALL WaGan.0043DC99                      ; \WaGan.0043DC99
0043B3C8  |.  33C9       XOR ECX,ECX
0043B3CA  |.  8A0D 442C4B00 MOV CL,BYTE PTR DS:[4B2C44]
0043B3D0  |.  83F9 39    CMP ECX,39
0043B3D3  |.  75 0A       JNZ SHORT WaGan.0043B3DF
0043B3D5  |.  C705 0C424B00>MOV DWORD PTR DS:[4B420C],1
0043B3DF  |>  68 80000000 PUSH 80                                  ; /Arg1 = 00000080
0043B3E4  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B3E7  |.  E8 04A7FEFF CALL WaGan.00425AF0                      ; \WaGan.00425AF0
0043B3EC  |.  85C0       TEST EAX,EAX
0043B3EE  |.  75 18       JNZ SHORT WaGan.0043B408
0043B3F0  |.  6A 04       PUSH 4                                  ; /Arg1 = 00000004
0043B3F2  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B3F5  |.  E8 F6A6FEFF CALL WaGan.00425AF0                      ; \WaGan.00425AF0
0043B3FA  |.  85C0       TEST EAX,EAX
0043B3FC  |.  74 0A       JE SHORT WaGan.0043B408
0043B3FE  |.  6A 02       PUSH 2                                  ; /Arg1 = 00000002
0043B400  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043B403  |.  E8 10730000 CALL WaGan.00442718                      ; \WaGan.00442718
0043B408  |>  8BE5       MOV ESP,EBP
0043B40A  |.  5D          POP EBP
0043B40B  \.  C3          RETN

43A956函数
移动的循环
0043A956  /$  55          PUSH EBP
0043A957  |.  8BEC       MOV EBP,ESP
0043A959  |.  83EC 18    SUB ESP,18
0043A95C  |.  894D E8    MOV DWORD PTR SS:[EBP-18],ECX       移动武将战场内地址
0043A95F  |.  8D4D EC    LEA ECX,DWORD PTR SS:[EBP-14]
0043A962  |.  E8 A94D0200 CALL WaGan.0045F710
0043A967  |.  C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
0043A96B  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
0043A96E  |.  E8 1DE3FDFF CALL WaGan.00418C90                判断下武将是否可见
0043A973  |.  25 FF000000 AND EAX,0FF
0043A978  |.  83F8 02    CMP EAX,2
0043A97B  |.  75 26       JNZ SHORT WaGan.0043A9A3       不可见，直接Over掉
0043A97D  |.  33C0       XOR EAX,EAX
0043A97F  |.  A0 202C4B00 MOV AL,BYTE PTR DS:[4B2C20]       4B2C20存放最终移动目标地址 (横坐标)
0043A984  |.  3D FF000000 CMP EAX,0FF
0043A989  |.  74 18       JE SHORT WaGan.0043A9A3
0043A98B  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
0043A98E  |.  83C1 06    ADD ECX,6
0043A991  |.  51          PUSH ECX                               ; /Arg2          移动武将战场坐标地址
0043A992  |.  68 202C4B00 PUSH WaGan.004B2C20                      ; |Arg1 = 004B2C20  最终移动目标地址
0043A997  |.  E8 840A0000 CALL WaGan.0043B420                      ; \WaGan.0043B420 比较两坐标是否相等，相等返回1，不等返回0
0043A99C  |.  83C4 08    ADD ESP,8
0043A99F  |.  85C0       TEST EAX,EAX
0043A9A1  |.  74 05       JE SHORT WaGan.0043A9A8
0043A9A3  |>  E9 4F010000 JMP WaGan.0043AAF7
0043A9A8  |>  6A 00       PUSH 0                                  ; /Arg4 = 00000000
0043A9AA  |.  68 FF000000 PUSH 0FF                               ; |Arg3 = 000000FF
0043A9AF  |.  68 202C4B00 PUSH WaGan.004B2C20                      ; |Arg2 = 004B2C20
0043A9B4  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]          ; |
0043A9B7  |.  83C2 06    ADD EDX,6                               ; |
0043A9BA  |.  52          PUSH EDX                               ; |Arg1
0043A9BB  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]          ; |
0043A9BE  |.  E8 6BD4FFFF CALL WaGan.00437E2E                      ; \WaGan.00437E2E    求出移动路径(是一个朝向的队列)
0043A9C3  |.  8945 F0    MOV DWORD PTR SS:[EBP-10],EAX    在这里变化
0043A9C6  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
0043A9C9  |.  33C9       XOR ECX,ECX
0043A9CB  |.  8A08       MOV CL,BYTE PTR DS:[EAX]
0043A9CD  |.  81F9 FF000000 CMP ECX,0FF
0043A9D3  |.  75 05       JNZ SHORT WaGan.0043A9DA
0043A9D5  |.  E9 1D010000 JMP WaGan.0043AAF7
0043A9DA  |>  68 80000000 PUSH 80                                  ; /Arg1 = 00000080
0043A9DF  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]          ; |
0043A9E2  |.  E8 09B1FEFF CALL WaGan.00425AF0                      ; \WaGan.00425AF0
0043A9E7  |.  85C0       TEST EAX,EAX
0043A9E9  |.  74 1A       JE SHORT WaGan.0043AA05
0043A9EB  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]
0043A9EE  |.  8A42 07    MOV AL,BYTE PTR DS:[EDX+7]
0043A9F1  |.  50          PUSH EAX                               ; /Arg2  纵坐标
0043A9F2  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]          ; |
0043A9F5  |.  8A51 06    MOV DL,BYTE PTR DS:[ECX+6]             ; |
0043A9F8  |.  52          PUSH EDX                               ; |Arg1  横坐标
0043A9F9  |.  B9 50424B00 MOV ECX,WaGan.004B4250                   ; |
0043A9FE  |.  E8 3CA60100 CALL WaGan.0045503F                      ; \WaGan.0045503F
0043AA03  |.  EB 14       JMP SHORT WaGan.0043AA19
0043AA05  |>  68 FF000000 PUSH 0FF                               ; /Arg3 = 000000FF
0043AA0A  |.  68 FF000000 PUSH 0FF                               ; |Arg2 = 000000FF
0043AA0F  |.  6A 00       PUSH 0                                  ; |Arg1 = 00000000
0043AA11  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]          ; |
0043AA14  |.  E8 6F6A0000 CALL WaGan.00441488                      ; \WaGan.00441488
0043AA19  |>  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
0043AA1C  |.  E8 C3800000 CALL WaGan.00442AE4
0043AA21  |.  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0043AA28  |. /EB 09       JMP SHORT WaGan.0043AA33
0043AA2A  |> |8B45 F4    /MOV EAX,DWORD PTR SS:[EBP-C]
0043AA2D  |. |83C0 01    |ADD EAX,1
0043AA30  |. |8945 F4    |MOV DWORD PTR SS:[EBP-C],EAX
0043AA33  |> \8B4D E8       MOV ECX,DWORD PTR SS:[EBP-18]             移动者的战场内存地址
0043AA36  |.  83C1 06    |ADD ECX,6
0043AA39  |.  51          |PUSH ECX                            ; /Arg2             移动者的坐标地址
0043AA3A  |.  68 202C4B00 |PUSH WaGan.004B2C20                ; |Arg1 = 004B2C20 移动目的地的坐标地址
0043AA3F  |.  E8 DC090000 |CALL WaGan.0043B420                ; \WaGan.0043B420 比较两地址是否相同，是则是到达目的地，返回1
0043AA44  |.  83C4 08    |ADD ESP,8
0043AA47  |.  85C0       |TEST EAX,EAX
0043AA49  |.  75 7F       |JNZ SHORT WaGan.0043AACA
0043AA4B  |.  8B55 F0    |MOV EDX,DWORD PTR SS:[EBP-10]
0043AA4E  |.  0355 F4    |ADD EDX,DWORD PTR SS:[EBP-C]
0043AA51  |.  8A02       |MOV AL,BYTE PTR DS:[EDX]             得出路径的下一步行动朝向
0043AA53  |.  8845 F8    |MOV BYTE PTR SS:[EBP-8],AL

0043AA56  |.  8A4D F8    |MOV CL,BYTE PTR SS:[EBP-8]
0043AA59  |.  51          |PUSH ECX                               ; /Arg2  朝向
0043AA5A  |.  8B55 E8    |MOV EDX,DWORD PTR SS:[EBP-18]          ; |
0043AA5D  |.  83C2 06    |ADD EDX,6                               ; |    当前坐标
0043AA60  |.  52          |PUSH EDX                               ; |Arg1
0043AA61  |.  E8 8FAFFFFF |CALL WaGan.004359F5                   ; \WaGan.004359F5  得出下一移动坐标
0043AA66  |.  83C4 08    |ADD ESP,8
0043AA69  |.  50          |PUSH EAX                               ; /Arg1
0043AA6A  |.  8D4D EC    |LEA ECX,DWORD PTR SS:[EBP-14]          ; |
0043AA6D  |.  E8 2EBBFCFF |CALL WaGan.004065A0                   ; \WaGan.004065A0
0043AA72  |.  8B45 EC    |MOV EAX,DWORD PTR SS:[EBP-14]
0043AA75  |.  25 FF000000 |AND EAX,0FF
0043AA7A  |.  3D FF000000 |CMP EAX,0FF
0043AA7F  |.  75 02       |JNZ SHORT WaGan.0043AA83
0043AA81  |.^ EB A7       |JMP SHORT WaGan.0043AA2A
0043AA83  |>  8A4D F8    |MOV CL,BYTE PTR SS:[EBP-8]
0043AA86  |.  51          |PUSH ECX                               ; /Arg1
0043AA87  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]          ; |
0043AA8A  |.  E8 8C750000 |CALL WaGan.0044201B                   ; \WaGan.0044201B    移动
0043AA8F  |.  8D55 EC    |LEA EDX,DWORD PTR SS:[EBP-14]
0043AA92  |.  52          |PUSH EDX                               ; /Arg1
0043AA93  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]          ; |
0043AA96  |.  83C1 06    |ADD ECX,6                               ; |
0043AA99  |.  E8 02BBFCFF |CALL WaGan.004065A0                   ; \WaGan.004065A0    设置移动者的坐标
0043AA9E  |.  68 80000000 |PUSH 80                               ; /Arg1 = 00000080
0043AAA3  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]          ; |
0043AAA6  |.  E8 45B0FEFF |CALL WaGan.00425AF0                   ; \WaGan.00425AF0
0043AAAB  |.  85C0       |TEST EAX,EAX
0043AAAD  |.  75 16       |JNZ SHORT WaGan.0043AAC5
0043AAAF  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
0043AAB2  |.  25 FF000000 |AND EAX,0FF
0043AAB7  |.  83F8 64    |CMP EAX,64
0043AABA  |.  7C 09       |JL SHORT WaGan.0043AAC5
0043AABC  |.  8A4D FC    |MOV CL,BYTE PTR SS:[EBP-4]
0043AABF  |.  80C1 01    |ADD CL,1
0043AAC2  |.  884D FC    |MOV BYTE PTR SS:[EBP-4],CL
0043AAC5  |>^ E9 60FFFFFF \JMP WaGan.0043AA2A
0043AACA  |> \68 80000000 PUSH 80                                  ; /Arg1 = 00000080
0043AACF  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]          ; |
0043AAD2  |.  E8 19B0FEFF CALL WaGan.00425AF0                      ; \WaGan.00425AF0
0043AAD7  |.  85C0       TEST EAX,EAX
0043AAD9  |.  75 0A       JNZ SHORT WaGan.0043AAE5
0043AADB  |.  6A 04       PUSH 4                                  ; /Arg1 = 00000004
0043AADD  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]          ; |
0043AAE0  |.  E8 337C0000 CALL WaGan.00442718                      ; \WaGan.00442718
0043AAE5  |>  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
0043AAE8  |.  E8 CE7F0000 CALL WaGan.00442ABB
0043AAED  |.  B9 083D4B00 MOV ECX,WaGan.004B3D08
0043AAF2  |.  E8 93FD0000 CALL WaGan.0044A88A
0043AAF7  |>  8BE5       MOV ESP,EBP
0043AAF9  |.  5D          POP EBP
0043AAFA  \.  C3          RETN

求移动路径的函数
+C 移动者的坐标地址
+8  移动目的地的坐标地址
SS：[EBP-50] 移动者的战场内存地址
SS：[EBP-8] 记录是否是剧本移动是为1，非为0
SS：[EBP-14] 记录移动者是否是敌人
00437E2E  /$  55          PUSH EBP
00437E2F  |.  8BEC       MOV EBP,ESP
00437E31  |.  83EC 50    SUB ESP,50
00437E34  |.  894D B0    MOV DWORD PTR SS:[EBP-50],ECX
00437E37  |.  8D4D DC    LEA ECX,DWORD PTR SS:[EBP-24]
00437E3A  |.  E8 D1780200 CALL WaGan.0045F710
00437E3F  |.  8D4D D8    LEA ECX,DWORD PTR SS:[EBP-28]
00437E42  |.  E8 C9780200 CALL WaGan.0045F710

00437E47  |.  C745 E0 01000>MOV DWORD PTR SS:[EBP-20],1

00437E4E  |.  68 80000000 PUSH 80                                  ; /Arg1 = 00000080 (80是剧本移动，00是手工控制移动)
00437E53  |.  8B4D B0    MOV ECX,DWORD PTR SS:[EBP-50]          ; |
00437E56  |.  E8 95DCFEFF CALL WaGan.00425AF0                      ; \WaGan.00425AF0 （80）对Ecx+D的值和80进行比较,相同返回1
00437E5B  |.  8945 F8    MOV DWORD PTR SS:[EBP-8],EAX
00437E5E  |.  8B4D B0    MOV ECX,DWORD PTR SS:[EBP-50]
00437E61  |.  E8 AAE8FCFF CALL WaGan.00406710             判断武将ecx是否大于23，返回1表示是非敌军，返回0表示敌人
00437E66  |.  8945 EC    MOV DWORD PTR SS:[EBP-14],EAX
00437E69  |.  6A 04       PUSH 4                                  ; /Arg3 = 00000004
00437E6B  |.  6A 00       PUSH 0                                  ; |Arg2 = 00000000
00437E6D  |.  6A 00       PUSH 0                                  ; |Arg1 = 00000000
00437E6F  |.  B9 38EB4A00 MOV ECX,WaGan.004AEB38                   ; |
00437E74  |.  E8 C77B0400 CALL WaGan.0047FA40                      ; \WaGan.0047FA40
00437E79  |.  05 00190000 ADD EAX,1900
00437E7E  |.  8945 E4    MOV DWORD PTR SS:[EBP-1C],EAX

00437E81  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
00437E84  |.  50          PUSH EAX                               ; /Arg1
00437E85  |.  E8 FAD9FFFF CALL WaGan.00435884                      ; \WaGan.00435884  获取目标位置上人的战场编号
00437E8A  |.  83C4 04    ADD ESP,4

00437E8D  |.  8845 F0    MOV BYTE PTR SS:[EBP-10],AL

00437E90  |.  8B4D 0C    MOV ECX,DWORD PTR SS:[EBP+C]
00437E93  |.  51          PUSH ECX                               ; /Arg1
00437E94  |.  8D4D DC    LEA ECX,DWORD PTR SS:[EBP-24]          ; |
00437E97  |.  E8 04E7FCFF CALL WaGan.004065A0                      ; \WaGan.004065A0
00437E9C  |.  8A55 10    MOV DL,BYTE PTR SS:[EBP+10]
00437E9F  |.  8855 E8    MOV BYTE PTR SS:[EBP-18],DL
00437EA2  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
00437EA9  |.  EB 09       JMP SHORT WaGan.00437EB4
00437EAB  |>  8B45 FC    /MOV EAX,DWORD PTR SS:[EBP-4]
00437EAE  |.  83C0 01    |ADD EAX,1
00437EB1  |.  8945 FC    |MOV DWORD PTR SS:[EBP-4],EAX
00437EB4  |>  8B4D 08       MOV ECX,DWORD PTR SS:[EBP+8]
00437EB7  |.  51          |PUSH ECX                               ; /Arg2
00437EB8  |.  8D55 DC    |LEA EDX,DWORD PTR SS:[EBP-24]          ; |
00437EBB  |.  52          |PUSH EDX                               ; |Arg1
00437EBC  |.  E8 5F350000 |CALL WaGan.0043B420                   ; \WaGan.0043B420
00437EC1  |.  83C4 08    |ADD ESP,8
00437EC4  |.  85C0       |TEST EAX,EAX
00437EC6  |.  0F85 A7010000 |JNZ WaGan.00438073
00437ECC  |.  837D E0 00 |CMP DWORD PTR SS:[EBP-20],0
00437ED0  |.  0F84 9D010000 |JE WaGan.00438073
00437ED6  |.  6A 04       |PUSH 4                                  ; /Arg3 = 00000004
00437ED8  |.  6A 00       |PUSH 0                                  ; |Arg2 = 00000000
00437EDA  |.  6A 00       |PUSH 0                                  ; |Arg1 = 00000000
00437EDC  |.  B9 38EB4A00 |MOV ECX,WaGan.004AEB38                ; |
00437EE1  |.  E8 5A7B0400 |CALL WaGan.0047FA40                   ; \WaGan.0047FA40
00437EE6  |.  8B4D DC    |MOV ECX,DWORD PTR SS:[EBP-24]
00437EE9  |.  81E1 FF000000 |AND ECX,0FF
00437EEF  |.  8D9408 C01200>|LEA EDX,DWORD PTR DS:[EAX+ECX+12C0]
00437EF6  |.  8B45 DD    |MOV EAX,DWORD PTR SS:[EBP-23]
00437EF9  |.  25 FF000000 |AND EAX,0FF
00437EFE  |.  33C9       |XOR ECX,ECX
00437F00  |.  8A0D 2C424B00 |MOV CL,BYTE PTR DS:[4B422C]
00437F06  |.  0FAFC1       |IMUL EAX,ECX
00437F09  |.  8A1402       |MOV DL,BYTE PTR DS:[EDX+EAX]
00437F0C  |.  8855 CC    |MOV BYTE PTR SS:[EBP-34],DL
00437F0F  |.  C645 D4 FF |MOV BYTE PTR SS:[EBP-2C],0FF
00437F13  |.  8A45 CC    |MOV AL,BYTE PTR SS:[EBP-34]
00437F16  |.  8845 C0    |MOV BYTE PTR SS:[EBP-40],AL
00437F19  |.  C645 C4 00 |MOV BYTE PTR SS:[EBP-3C],0
00437F1D  |.  EB 09       |JMP SHORT WaGan.00437F28
00437F1F  |>  8A4D C4    |/MOV CL,BYTE PTR SS:[EBP-3C]
00437F22  |.  80C1 01    ||ADD CL,1
00437F25  |.  884D C4    ||MOV BYTE PTR SS:[EBP-3C],CL
00437F28  |>  8B55 C4    | MOV EDX,DWORD PTR SS:[EBP-3C]
00437F2B  |.  81E2 FF000000 ||AND EDX,0FF
00437F31  |.  83FA 04    ||CMP EDX,4
00437F34  |.  0F8D EF000000 ||JGE WaGan.00438029
00437F3A  |.  8A45 C4    ||MOV AL,BYTE PTR SS:[EBP-3C]
00437F3D  |.  50          ||PUSH EAX                               ; /Arg2
00437F3E  |.  8D4D DC    ||LEA ECX,DWORD PTR SS:[EBP-24]          ; |
00437F41  |.  51          ||PUSH ECX                               ; |Arg1 = 0022FDBC
00437F42  |.  E8 AEDAFFFF ||CALL WaGan.004359F5                   ; \WaGan.004359F5
00437F47  |.  83C4 08    ||ADD ESP,8
00437F4A  |.  50          ||PUSH EAX                               ; /Arg1
00437F4B  |.  8D4D D8    ||LEA ECX,DWORD PTR SS:[EBP-28]          ; |
00437F4E  |.  E8 4DE6FCFF ||CALL WaGan.004065A0                   ; \WaGan.004065A0
00437F53  |.  8B55 D8    ||MOV EDX,DWORD PTR SS:[EBP-28]
00437F56  |.  81E2 FF000000 ||AND EDX,0FF
00437F5C  |.  81FA FF000000 ||CMP EDX,0FF
00437F62  |.  74 2A       ||JE SHORT WaGan.00437F8E
00437F64  |.  8D45 D8    ||LEA EAX,DWORD PTR SS:[EBP-28]
00437F67  |.  50          ||PUSH EAX                               ; /Arg1
00437F68  |.  8B4D B0    ||MOV ECX,DWORD PTR SS:[EBP-50]          ; |
00437F6B  |.  E8 E9FDFFFF ||CALL WaGan.00437D59                   ; \WaGan.00437D59
00437F70  |.  85C0       ||TEST EAX,EAX
00437F72  |.  74 1C       ||JE SHORT WaGan.00437F90
00437F74  |.  8B4D 08    ||MOV ECX,DWORD PTR SS:[EBP+8]
00437F77  |.  51          ||PUSH ECX                               ; /Arg2
00437F78  |.  8D55 D8    ||LEA EDX,DWORD PTR SS:[EBP-28]          ; |
00437F7B  |.  52          ||PUSH EDX                               ; |Arg1
00437F7C  |.  E8 9F340000 ||CALL WaGan.0043B420                   ; \WaGan.0043B420
00437F81  |.  83C4 08    ||ADD ESP,8
00437F84  |.  85C0       ||TEST EAX,EAX
00437F86  |.  75 08       ||JNZ SHORT WaGan.00437F90
00437F88  |.  837D F8 00 ||CMP DWORD PTR SS:[EBP-8],0
00437F8C  |.  75 02       ||JNZ SHORT WaGan.00437F90
00437F8E  |>^ EB 8F       ||JMP SHORT WaGan.00437F1F
00437F90  |>  6A 04       ||PUSH 4                               ; /Arg3 = 00000004
00437F92  |.  6A 00       ||PUSH 0                               ; |Arg2 = 00000000
00437F94  |.  6A 00       ||PUSH 0                               ; |Arg1 = 00000000
00437F96  |.  B9 38EB4A00 ||MOV ECX,WaGan.004AEB38                ; |
00437F9B  |.  E8 A07A0400 ||CALL WaGan.0047FA40                   ; \WaGan.0047FA40
00437FA0  |.  8B4D D8    ||MOV ECX,DWORD PTR SS:[EBP-28]
00437FA3  |.  81E1 FF000000 ||AND ECX,0FF
00437FA9  |.  8D9408 C01200>||LEA EDX,DWORD PTR DS:[EAX+ECX+12C0]
00437FB0  |.  8B45 D9    ||MOV EAX,DWORD PTR SS:[EBP-27]
00437FB3  |.  25 FF000000 ||AND EAX,0FF
00437FB8  |.  33C9       ||XOR ECX,ECX
00437FBA  |.  8A0D 2C424B00 ||MOV CL,BYTE PTR DS:[4B422C]
00437FC0  |.  0FAFC1       ||IMUL EAX,ECX
00437FC3  |.  8A1402       ||MOV DL,BYTE PTR DS:[EDX+EAX]
00437FC6  |.  8855 C8    ||MOV BYTE PTR SS:[EBP-38],DL
00437FC9  |.  8B45 CC    ||MOV EAX,DWORD PTR SS:[EBP-34]
00437FCC  |.  25 FF000000 ||AND EAX,0FF
00437FD1  |.  8B4D C8    ||MOV ECX,DWORD PTR SS:[EBP-38]
00437FD4  |.  81E1 FF000000 ||AND ECX,0FF
00437FDA  |.  3BC1       ||CMP EAX,ECX
00437FDC  |.  7E 46       ||JLE SHORT WaGan.00438024
00437FDE  |.  8D55 D8    ||LEA EDX,DWORD PTR SS:[EBP-28]
00437FE1  |.  52          ||PUSH EDX                               ; /Arg1
00437FE2  |.  E8 AAD9FFFF ||CALL WaGan.00435991                   ; \WaGan.00435991
00437FE7  |.  83C4 04    ||ADD ESP,4
00437FEA  |.  8845 B8    ||MOV BYTE PTR SS:[EBP-48],AL
00437FED  |.  8A45 B8    ||MOV AL,BYTE PTR SS:[EBP-48]
00437FF0  |.  50          ||PUSH EAX                               ; /Arg1
00437FF1  |.  8B4D B0    ||MOV ECX,DWORD PTR SS:[EBP-50]          ; |
00437FF4  |.  E8 D6770000 ||CALL WaGan.0043F7CF                   ; \WaGan.0043F7CF
00437FF9  |.  8845 BC    ||MOV BYTE PTR SS:[EBP-44],AL
00437FFC  |.  8B4D E8    ||MOV ECX,DWORD PTR SS:[EBP-18]
00437FFF  |.  81E1 FF000000 ||AND ECX,0FF
00438005  |.  8B55 BC    ||MOV EDX,DWORD PTR SS:[EBP-44]
00438008  |.  81E2 FF000000 ||AND EDX,0FF
0043800E  |.  3BCA       ||CMP ECX,EDX
00438010  |.  7C 12       ||JL SHORT WaGan.00438024
00438012  |.  8A45 C8    ||MOV AL,BYTE PTR SS:[EBP-38]
00438015  |.  8845 CC    ||MOV BYTE PTR SS:[EBP-34],AL
00438018  |.  8A4D C4    ||MOV CL,BYTE PTR SS:[EBP-3C]
0043801B  |.  884D D4    ||MOV BYTE PTR SS:[EBP-2C],CL
0043801E  |.  8A55 BC    ||MOV DL,BYTE PTR SS:[EBP-44]
00438021  |.  8855 D0    ||MOV BYTE PTR SS:[EBP-30],DL
00438024  |>^ E9 F6FEFFFF |\JMP WaGan.00437F1F
00438029  |>  8B45 D4    |MOV EAX,DWORD PTR SS:[EBP-2C]
0043802C  |.  25 FF000000 |AND EAX,0FF
00438031  |.  3D FF000000 |CMP EAX,0FF
00438036  |.  74 2F       |JE SHORT WaGan.00438067
00438038  |.  8A4D D4    |MOV CL,BYTE PTR SS:[EBP-2C]
0043803B  |.  51          |PUSH ECX                               ; /Arg2
0043803C  |.  8D55 DC    |LEA EDX,DWORD PTR SS:[EBP-24]          ; |
0043803F  |.  52          |PUSH EDX                               ; |Arg1
00438040  |.  E8 B0D9FFFF |CALL WaGan.004359F5                   ; \WaGan.004359F5
00438045  |.  83C4 08    |ADD ESP,8
00438048  |.  50          |PUSH EAX                               ; /Arg1
00438049  |.  8D4D DC    |LEA ECX,DWORD PTR SS:[EBP-24]          ; |
0043804C  |.  E8 4FE5FCFF |CALL WaGan.004065A0                   ; \WaGan.004065A0
00438051  |.  8A45 E8    |MOV AL,BYTE PTR SS:[EBP-18]
00438054  |.  2A45 D0    |SUB AL,BYTE PTR SS:[EBP-30]
00438057  |.  8845 E8    |MOV BYTE PTR SS:[EBP-18],AL
0043805A  |.  8B4D E4    |MOV ECX,DWORD PTR SS:[EBP-1C]
0043805D  |.  034D FC    |ADD ECX,DWORD PTR SS:[EBP-4]
00438060  |.  8A55 D4    |MOV DL,BYTE PTR SS:[EBP-2C]
00438063  |.  8811       |MOV BYTE PTR DS:[ECX],DL
00438065  |.  EB 07       |JMP SHORT WaGan.0043806E
00438067  |>  C745 E0 00000>|MOV DWORD PTR SS:[EBP-20],0
0043806E  |>^ E9 38FEFFFF \JMP WaGan.00437EAB
00438073  |>  837D E0 00 CMP DWORD PTR SS:[EBP-20],0
00438077  |.  75 51       JNZ SHORT WaGan.004380CA
00438079  |.  8B45 14    MOV EAX,DWORD PTR SS:[EBP+14]
0043807C  |.  25 FF000000 AND EAX,0FF
00438081  |.  83F8 01    CMP EAX,1
00438084  |.  75 44       JNZ SHORT WaGan.004380CA
00438086  |.  8D4D DC    LEA ECX,DWORD PTR SS:[EBP-24]
00438089  |.  51          PUSH ECX                               ; /Arg1
0043808A  |.  E8 F5D7FFFF CALL WaGan.00435884                      ; \WaGan.00435884
0043808F  |.  83C4 04    ADD ESP,4
00438092  |.  25 FF000000 AND EAX,0FF
00438097  |.  3D FF000000 CMP EAX,0FF
0043809C  |.  74 17       JE SHORT WaGan.004380B5
0043809E  |.  8B55 B0    MOV EDX,DWORD PTR SS:[EBP-50]
004380A1  |.  8A42 04    MOV AL,BYTE PTR DS:[EDX+4]
004380A4  |.  50          PUSH EAX                               ; /Arg3
004380A5  |.  6A 14       PUSH 14                                  ; |Arg2 = 00000014
004380A7  |.  8D4D DC    LEA ECX,DWORD PTR SS:[EBP-24]          ; |
004380AA  |.  51          PUSH ECX                               ; |Arg1
004380AB  |.  E8 C8000000 CALL WaGan.00438178                      ; \WaGan.00438178
004380B0  |.  83C4 0C    ADD ESP,0C
004380B3  |.  EB 15       JMP SHORT WaGan.004380CA
004380B5  |>  8B55 B0    MOV EDX,DWORD PTR SS:[EBP-50]
004380B8  |.  8A42 04    MOV AL,BYTE PTR DS:[EDX+4]
004380BB  |.  50          PUSH EAX                               ; /Arg3
004380BC  |.  6A 0A       PUSH 0A                                  ; |Arg2 = 0000000A
004380BE  |.  8D4D DC    LEA ECX,DWORD PTR SS:[EBP-24]          ; |
004380C1  |.  51          PUSH ECX                               ; |Arg1
004380C2  |.  E8 B1000000 CALL WaGan.00438178                      ; \WaGan.00438178
004380C7  |.  83C4 0C    ADD ESP,0C
004380CA  |>  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
004380CD  |.  83EA 01    SUB EDX,1
004380D0  |.  8955 FC    MOV DWORD PTR SS:[EBP-4],EDX
004380D3  |.  837D FC 00 CMP DWORD PTR SS:[EBP-4],0
004380D7  |.  0F8C 8C000000 JL WaGan.00438169
004380DD  |.  C645 B4 00 MOV BYTE PTR SS:[EBP-4C],0
004380E1  |.  EB 11       JMP SHORT WaGan.004380F4
004380E3  |>  8A45 B4    /MOV AL,BYTE PTR SS:[EBP-4C]
004380E6  |.  04 01       |ADD AL,1
004380E8  |.  8845 B4    |MOV BYTE PTR SS:[EBP-4C],AL
004380EB  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
004380EE  |.  83E9 01    |SUB ECX,1
004380F1  |.  894D FC    |MOV DWORD PTR SS:[EBP-4],ECX
004380F4  |>  837D FC 00    CMP DWORD PTR SS:[EBP-4],0
004380F8  |.  7C 6D       |JL SHORT WaGan.00438167
004380FA  |.  8B55 B4    |MOV EDX,DWORD PTR SS:[EBP-4C]
004380FD  |.  81E2 FF000000 |AND EDX,0FF
00438103  |.  3B55 FC    |CMP EDX,DWORD PTR SS:[EBP-4]
00438106  |.  7F 5F       |JG SHORT WaGan.00438167
00438108  |.  8B45 B4    |MOV EAX,DWORD PTR SS:[EBP-4C]
0043810B  |.  25 FF000000 |AND EAX,0FF
00438110  |.  8B4D E4    |MOV ECX,DWORD PTR SS:[EBP-1C]
00438113  |.  8A1401       |MOV DL,BYTE PTR DS:[ECX+EAX]
00438116  |.  8855 F4    |MOV BYTE PTR SS:[EBP-C],DL
00438119  |.  8B45 E4    |MOV EAX,DWORD PTR SS:[EBP-1C]
0043811C  |.  0345 FC    |ADD EAX,DWORD PTR SS:[EBP-4]
0043811F  |.  33C9       |XOR ECX,ECX
00438121  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]
00438123  |.  8BC1       |MOV EAX,ECX
00438125  |.  83C0 02    |ADD EAX,2
00438128  |.  99          |CDQ
00438129  |.  33C2       |XOR EAX,EDX
0043812B  |.  2BC2       |SUB EAX,EDX
0043812D  |.  83E0 03    |AND EAX,3
00438130  |.  33C2       |XOR EAX,EDX
00438132  |.  2BC2       |SUB EAX,EDX
00438134  |.  8B55 B4    |MOV EDX,DWORD PTR SS:[EBP-4C]
00438137  |.  81E2 FF000000 |AND EDX,0FF
0043813D  |.  8B4D E4    |MOV ECX,DWORD PTR SS:[EBP-1C]
00438140  |.  880411       |MOV BYTE PTR DS:[ECX+EDX],AL
00438143  |.  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
00438146  |.  25 FF000000 |AND EAX,0FF
0043814B  |.  83C0 02    |ADD EAX,2
0043814E  |.  99          |CDQ
0043814F  |.  33C2       |XOR EAX,EDX
00438151  |.  2BC2       |SUB EAX,EDX
00438153  |.  83E0 03    |AND EAX,3
00438156  |.  33C2       |XOR EAX,EDX
00438158  |.  2BC2       |SUB EAX,EDX
0043815A  |.  8B55 E4    |MOV EDX,DWORD PTR SS:[EBP-1C]
0043815D  |.  0355 FC    |ADD EDX,DWORD PTR SS:[EBP-4]
00438160  |.  8802       |MOV BYTE PTR DS:[EDX],AL
00438162  |.^ E9 7CFFFFFF \JMP WaGan.004380E3
00438167  |>  EB 06       JMP SHORT WaGan.0043816F
00438169  |>  8B45 E4    MOV EAX,DWORD PTR SS:[EBP-1C]
0043816C  |.  C600 FF    MOV BYTE PTR DS:[EAX],0FF
0043816F  |>  8B45 E4    MOV EAX,DWORD PTR SS:[EBP-1C]
00438172  |.  8BE5       MOV ESP,EBP
00438174  |.  5D          POP EBP
00438175  \.  C2 1000    RETN 10

[广告] 安装Alexa工具条，提高轩辕排名，支持轩辕发展！


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#20

发表于 2007-12-30 21:16 资料个人空间短消息看全部作者

许子将教学

0041590D  /$  55          PUSH EBP
0041590E  |.  8BEC       MOV EBP,ESP
00415910  |.  E8 44DA0100 CALL koei.00433359
00415915  |.  B8 01000000 MOV EAX,1
0041591A  |.  5D          POP EBP
0041591B  \.  C3          RETN

433359
00433359  /$  55          PUSH EBP
0043335A  |.  8BEC       MOV EBP,ESP
0043335C  |.  E8 231C0000 CALL Ekd5.00434F84
00433361  |.  E8 9E000000 CALL Ekd5.00433404
00433366  |.  85C0       TEST EAX,EAX
00433368  |.  74 34       JE SHORT Ekd5.0043339E
0043336A  |.  E8 CD010000 CALL Ekd5.0043353C                                     ;  开始说明函数
0043336F  |.  E8 5E000000 CALL Ekd5.004333D2
00433374  |.  85C0       TEST EAX,EAX
00433376  |.  74 21       JE SHORT Ekd5.00433399
00433378  |.  E8 77040000 CALL Ekd5.004337F4                                     ;  友军和敌军说明
0043337D  |.  E8 50000000 CALL Ekd5.004333D2
00433382  |.  85C0       TEST EAX,EAX
00433384  |.  74 13       JE SHORT Ekd5.00433399
00433386  |.  E8 3D080000 CALL Ekd5.00433BC8                                     ;  部队操作说明
0043338B  |.  E8 42000000 CALL Ekd5.004333D2
00433390  |.  85C0       TEST EAX,EAX
00433392  |.  74 05       JE SHORT Ekd5.00433399
00433394  |.  E8 060E0000 CALL Ekd5.0043419F                                     ;  地形说明
00433399  |>  E8 74010000 CALL Ekd5.00433512
0043339E  |>  33C0       XOR EAX,EAX
004333A0  |.  A0 102C4B00 MOV AL,BYTE PTR DS:[4B2C10]
004333A5  |.  85C0       TEST EAX,EAX
004333A7  |.  74 05       JE SHORT Ekd5.004333AE
004333A9  |.  E8 51140000 CALL Ekd5.004347FF                                     ;  升一级
004333AE  |>  833D 082C4B00>CMP DWORD PTR DS:[4B2C08],0
004333B5  |.  74 05       JE SHORT Ekd5.004333BC
004333B7  |.  E8 77190000 CALL Ekd5.00434D33                                     ;  宝物图鉴
004333BC  |>  68 9D000000 PUSH 9D                                                 ; /Arg2 = 0000009D
004333C1  |.  68 70C94800 PUSH Ekd5.0048C970                                     ; |Arg1 = 0048C970
004333C6  |.  B9 F05D4B00 MOV ECX,Ekd5.004B5DF0                                  ; |
004333CB  |.  E8 8D620200 CALL Ekd5.0045965D                                     ; \结束
004333D0  |.  5D          POP EBP
004333D1  \.  C3          RETN

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#21

发表于 2007-12-30 21:17 资料个人空间短消息看全部作者

新人加入等级.doc

0040C14F  /$  55          PUSH EBP
0040C150  |.  8BEC       MOV EBP,ESP
0040C152  |.  83EC 7C    SUB ESP,7C
0040C155  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0040C15C  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
0040C163  |.  C745 8C 00000>MOV DWORD PTR SS:[EBP-74],0
0040C16A  |.  EB 09       JMP SHORT 复件_Ekd.0040C175
0040C16C  |>  8B45 8C    /MOV EAX,DWORD PTR SS:[EBP-74]
0040C16F  |.  83C0 01    |ADD EAX,1
0040C172  |.  8945 8C    |MOV DWORD PTR SS:[EBP-74],EAX
0040C175  |>  837D 8C 1A    CMP DWORD PTR SS:[EBP-74],1A 我方最多26人
0040C179  |.  73 38       |JNB SHORT 复件_Ekd.0040C1B3
0040C17B  |.  8B4D 8C    |MOV ECX,DWORD PTR SS:[EBP-74]
0040C17E  |.  51          |PUSH ECX                      ; /Arg1
0040C17F  |.  E8 0CE00000 |CALL 复件_Ekd.0041A190       ; \复件_Ekd.0041A190
0040C184  |.  83C4 04    |ADD ESP,4
0040C187  |.  85C0       |TEST EAX,EAX
0040C189  |.  74 26       |JE SHORT 复件_Ekd.0040C1B1
0040C18B  |.  8B4D 8C    |MOV ECX,DWORD PTR SS:[EBP-74]
0040C18E  |.  6BC9 48    |IMUL ECX,ECX,48
0040C191  |.  81C1 681B4A00 |ADD ECX,复件_Ekd.004A1B68
0040C197  |.  E8 34A4FFFF |CALL 复件_Ekd.004065D0
0040C19C  |.  25 FF000000 |AND EAX,0FF
0040C1A1  |.  8B55 F8    |MOV EDX,DWORD PTR SS:[EBP-8]
0040C1A4  |.  894495 90    |MOV DWORD PTR SS:[EBP+EDX*4-70],EAX
0040C1A8  |.  8B45 F8    |MOV EAX,DWORD PTR SS:[EBP-8]
0040C1AB  |.  83C0 01    |ADD EAX,1
0040C1AE  |.  8945 F8    |MOV DWORD PTR SS:[EBP-8],EAX
0040C1B1  |>^ EB B9       \JMP SHORT 复件_Ekd.0040C16C

0040C1B3  |>  C745 8C 00000>MOV DWORD PTR SS:[EBP-74],0
0040C1BA  |.  EB 09       JMP SHORT 复件_Ekd.0040C1C5
0040C1BC  |>  8B4D 8C    /MOV ECX,DWORD PTR SS:[EBP-74]
0040C1BF  |.  83C1 01    |ADD ECX,1
0040C1C2  |.  894D 8C    |MOV DWORD PTR SS:[EBP-74],ECX
0040C1C5  |>  8B55 8C       MOV EDX,DWORD PTR SS:[EBP-74]
0040C1C8  |.  3B55 F8    |CMP EDX,DWORD PTR SS:[EBP-8]
0040C1CB  |.  73 53       |JNB SHORT 复件_Ekd.0040C220
0040C1CD  |.  C745 88 00000>|MOV DWORD PTR SS:[EBP-78],0
0040C1D4  |.  EB 09       |JMP SHORT 复件_Ekd.0040C1DF
0040C1D6  |>  8B45 88    |/MOV EAX,DWORD PTR SS:[EBP-78]
0040C1D9  |.  83C0 01    ||ADD EAX,1
0040C1DC  |.  8945 88    ||MOV DWORD PTR SS:[EBP-78],EAX
0040C1DF  |>  8B4D F8    | MOV ECX,DWORD PTR SS:[EBP-8]
0040C1E2  |.  83E9 01    ||SUB ECX,1
0040C1E5  |.  394D 88    ||CMP DWORD PTR SS:[EBP-78],ECX
0040C1E8  |.  73 34       ||JNB SHORT 复件_Ekd.0040C21E
0040C1EA  |.  8B55 88    ||MOV EDX,DWORD PTR SS:[EBP-78]
0040C1ED  |.  8B45 88    ||MOV EAX,DWORD PTR SS:[EBP-78]
0040C1F0  |.  8B4C95 90    ||MOV ECX,DWORD PTR SS:[EBP+EDX*4-70]
0040C1F4  |.  3B4C85 94    ||CMP ECX,DWORD PTR SS:[EBP+EAX*4-6C]
0040C1F8  |.  73 22       ||JNB SHORT 复件_Ekd.0040C21C
0040C1FA  |.  8B55 88    ||MOV EDX,DWORD PTR SS:[EBP-78]
0040C1FD  |.  8B4495 90    ||MOV EAX,DWORD PTR SS:[EBP+EDX*4-70]
0040C201  |.  8945 FC    ||MOV DWORD PTR SS:[EBP-4],EAX
0040C204  |.  8B4D 88    ||MOV ECX,DWORD PTR SS:[EBP-78]
0040C207  |.  8B55 88    ||MOV EDX,DWORD PTR SS:[EBP-78]
0040C20A  |.  8B4495 94    ||MOV EAX,DWORD PTR SS:[EBP+EDX*4-6C]
0040C20E  |.  89448D 90    ||MOV DWORD PTR SS:[EBP+ECX*4-70],EAX
0040C212  |.  8B4D 88    ||MOV ECX,DWORD PTR SS:[EBP-78]
0040C215  |.  8B55 FC    ||MOV EDX,DWORD PTR SS:[EBP-4]
0040C218  |.  89548D 94    ||MOV DWORD PTR SS:[EBP+ECX*4-6C],EDX
0040C21C  |>^ EB B8       |\JMP SHORT 复件_Ekd.0040C1D6
0040C21E  |>^ EB 9C       \JMP SHORT 复件_Ekd.0040C1BC

0040C220  |>  C745 8C 00000>MOV DWORD PTR SS:[EBP-74],0
0040C227  |.  EB 09       JMP SHORT 复件_Ekd.0040C232
0040C229  |>  8B45 8C    /MOV EAX,DWORD PTR SS:[EBP-74]
0040C22C  |.  83C0 01    |ADD EAX,1
0040C22F  |.  8945 8C    |MOV DWORD PTR SS:[EBP-74],EAX
0040C232  |>  8B4D 8C       MOV ECX,DWORD PTR SS:[EBP-74]
0040C235  |.  3B4D F8    |CMP ECX,DWORD PTR SS:[EBP-8]
0040C238  |.  73 15       |JNB SHORT 复件_Ekd.0040C24F
0040C23A  |.  837D 8C 0F |CMP DWORD PTR SS:[EBP-74],0F
0040C23E  |.  73 0F       |JNB SHORT 复件_Ekd.0040C24F
0040C240  |.  8B55 8C    |MOV EDX,DWORD PTR SS:[EBP-74]
0040C243  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
0040C246  |.  034495 90    |ADD EAX,DWORD PTR SS:[EBP+EDX*4-70]
0040C24A  |.  8945 FC    |MOV DWORD PTR SS:[EBP-4],EAX
0040C24D  |.^ EB DA       \JMP SHORT 复件_Ekd.0040C229

0040C24F  |>  837D 8C 00 CMP DWORD PTR SS:[EBP-74],0
0040C253  |.  74 29       JE SHORT 复件_Ekd.0040C27E
0040C255  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0040C258  |.  33D2       XOR EDX,EDX
0040C25A  |.  F775 8C    DIV DWORD PTR SS:[EBP-74]
0040C25D  |.  83F8 01    CMP EAX,1
0040C260  |.  76 0D       JBE SHORT 复件_Ekd.0040C26F
0040C262  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0040C265  |.  33D2       XOR EDX,EDX
0040C267  |.  F775 8C    DIV DWORD PTR SS:[EBP-74]
0040C26A  |.  8945 84    MOV DWORD PTR SS:[EBP-7C],EAX
0040C26D  |.  EB 07       JMP SHORT 复件_Ekd.0040C276
0040C26F  |>  C745 84 01000>MOV DWORD PTR SS:[EBP-7C],1
0040C276  |>  8B4D 84    MOV ECX,DWORD PTR SS:[EBP-7C]
0040C279  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
0040C27C  |.  EB 07       JMP SHORT 复件_Ekd.0040C285
0040C27E  |>  C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
0040C285  |>  8A45 FC    MOV AL,BYTE PTR SS:[EBP-4]
0040C288  |.  8BE5       MOV ESP,EBP
0040C28A  |.  5D          POP EBP
0040C28B  \.  C3          RETN

[EBP-4]累加和
[EBP-8]存放有多少个我军
[EBP-74]计数器
[EBP-78]计数器
[EBP+EDX*4-70]等级数组

0040C14F  /$  55          PUSH EBP
0040C150  |.  8BEC       MOV EBP,ESP
0040C152  |.  83EC 7C    SUB ESP,7C
0040C155  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0040C15C  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
0040C163  |.  90          NOP

计算我军人数
0040C164  |.  33C0       XOR EAX,EAX
0040C166  |.  8945 8C    MOV DWORD PTR SS:[EBP-74],EAX
0040C169  |.  EB 07       JMP SHORT Ekd5.0040C172
0040C16B  |>  8B45 8C    /MOV EAX,DWORD PTR SS:[EBP-74]
0040C16E  |.  40          |INC EAX
0040C16F  |.  8945 8C    |MOV DWORD PTR SS:[EBP-74],EAX
0040C172  |>  817D 8C AD000> CMP DWORD PTR SS:[EBP-74],0AD  前174人
0040C179  |.  73 38       |JNB SHORT Ekd5.0040C1B3
0040C17B  |.  8B4D 8C    |MOV ECX,DWORD PTR SS:[EBP-74]
0040C17E  |.  51          |PUSH ECX                               ; /Arg1
0040C17F  |.  E8 0CE00000 |CALL Ekd5.0041A190; \Ekd5.0041A190 判断是否属于我军
0040C184  |.  83C4 04    |ADD ESP,4
0040C187  |.  85C0       |TEST EAX,EAX
0040C189  |.  74 26       |JE SHORT Ekd5.0040C1B1  如果不是,下一个
0040C18B  |.  8B4D 8C    |MOV ECX,DWORD PTR SS:[EBP-74]
0040C18E  |.  6BC9 48    |IMUL ECX,ECX,48
0040C191  |.  81C1 0000D600 |ADD ECX,0D60000
0040C197  |.  E8 34A4FFFF |CALL Ekd5.004065D0 获取武将ecx的等级
0040C19C  |.  25 FF000000 |AND EAX,0FF
0040C1A1  |.  8B55 F8    |MOV EDX,DWORD PTR SS:[EBP-8]
0040C1A4  |.  894495 90    |MOV DWORD PTR SS:[EBP+EDX*4-70],EAX
0040C1A8  |.  8B45 F8    |MOV EAX,DWORD PTR SS:[EBP-8]
0040C1AB  |.  83C0 01    |ADD EAX,1
0040C1AE  |.  8945 F8    |MOV DWORD PTR SS:[EBP-8],EAX
0040C1B1  |>^ EB B8       \JMP SHORT Ekd5.0040C16B

存储我军人物等级数组
0040C1B3  |>  C745 8C 00000>MOV DWORD PTR SS:[EBP-74],0
0040C1BA  |.  EB 09       JMP SHORT Ekd5.0040C1C5
0040C1BC  |>  8B4D 8C    /MOV ECX,DWORD PTR SS:[EBP-74]
0040C1BF  |.  83C1 01    |ADD ECX,1
0040C1C2  |.  894D 8C    |MOV DWORD PTR SS:[EBP-74],ECX
0040C1C5  |>  8B55 8C       MOV EDX,DWORD PTR SS:[EBP-74]
0040C1C8  |.  3B55 F8    |CMP EDX,DWORD PTR SS:[EBP-8]
0040C1CB  |.  73 53       |JNB SHORT Ekd5.0040C220
0040C1CD  |.  C745 88 00000>|MOV DWORD PTR SS:[EBP-78],0
0040C1D4  |.  EB 09       |JMP SHORT Ekd5.0040C1DF

交换排序
0040C1D6  |>  8B45 88    |/MOV EAX,DWORD PTR SS:[EBP-78]
0040C1D9  |.  83C0 01    ||ADD EAX,1
0040C1DC  |.  8945 88    ||MOV DWORD PTR SS:[EBP-78],EAX
0040C1DF  |>  8B4D F8    | MOV ECX,DWORD PTR SS:[EBP-8]
0040C1E2  |.  83E9 01    ||SUB ECX,1
0040C1E5  |.  394D 88    ||CMP DWORD PTR SS:[EBP-78],ECX
0040C1E8  |.  73 34       ||JNB SHORT Ekd5.0040C21E
0040C1EA  |.  8B55 88    ||MOV EDX,DWORD PTR SS:[EBP-78]
0040C1ED  |.  8B45 88    ||MOV EAX,DWORD PTR SS:[EBP-78]
0040C1F0  |.  8B4C95 90    ||MOV ECX,DWORD PTR SS:[EBP+EDX*4-70]
0040C1F4  |.  3B4C85 94    ||CMP ECX,DWORD PTR SS:[EBP+EAX*4-6C]  (70>6c跳)
0040C1F8  |.  73 22       ||JNB SHORT Ekd5.0040C21C    交换

0040C1FA  |.  8B55 88    ||MOV EDX,DWORD PTR SS:[EBP-78]
0040C1FD  |.  8B4495 90    ||MOV EAX,DWORD PTR SS:[EBP+EDX*4-70]
0040C201  |.  8945 84    ||MOV DWORD PTR SS:[EBP-7C],EAX
0040C204  |.  8B4D 88    ||MOV ECX,DWORD PTR SS:[EBP-78]
0040C207  |.  8B55 88    ||MOV EDX,DWORD PTR SS:[EBP-78]
0040C20A  |.  8B4495 94    ||MOV EAX,DWORD PTR SS:[EBP+EDX*4-6C]
0040C20E  |.  89448D 90    ||MOV DWORD PTR SS:[EBP+ECX*4-70],EAX
0040C212  |.  8B4D 88    ||MOV ECX,DWORD PTR SS:[EBP-78]
0040C215  |.  8B55 84    ||MOV EDX,DWORD PTR SS:[EBP-7C]
0040C218  |.  89548D 94    ||MOV DWORD PTR SS:[EBP+ECX*4-6C],EDX

0040C21C  |>^ EB B8       |\JMP SHORT Ekd5.0040C1D6

0040C21E  |>^ EB 9C       \JMP SHORT Ekd5.0040C1BC

取前16人等级和，如果不满则取全部
0040C220  |>  C745 8C 00000>MOV DWORD PTR SS:[EBP-74],0
0040C227  |.  EB 09       JMP SHORT Ekd5.0040C232
0040C229  |>  8B45 8C    /MOV EAX,DWORD PTR SS:[EBP-74]
0040C22C  |.  83C0 01    |ADD EAX,1
0040C22F  |.  8945 8C    |MOV DWORD PTR SS:[EBP-74],EAX
0040C232  |>  8B4D 8C       MOV ECX,DWORD PTR SS:[EBP-74]
0040C235  |.  3B4D F8    |CMP ECX,DWORD PTR SS:[EBP-8]
0040C238  |.  73 15       |JNB SHORT Ekd5.0040C24F
0040C23A  |.  837D 8C 0F |CMP DWORD PTR SS:[EBP-74],0F
0040C23E  |.  73 0F       |JNB SHORT Ekd5.0040C24F
0040C240  |.  8B55 8C    |MOV EDX,DWORD PTR SS:[EBP-74]
0040C243  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
0040C246  |.  034495 90    |ADD EAX,DWORD PTR SS:[EBP+EDX*4-70]
0040C24A  |.  8945 FC    |MOV DWORD PTR SS:[EBP-4],EAX
0040C24D  |.^ EB DA       \JMP SHORT Ekd5.0040C229

0040C24F  |>  837D 8C 00 CMP DWORD PTR SS:[EBP-74],0
0040C253  |.  74 29       JE SHORT Ekd5.0040C27E 防止除0
0040C255  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0040C258  |.  33D2       XOR EDX,EDX
0040C25A  |.  F775 8C    DIV DWORD PTR SS:[EBP-74] 除以人数
0040C25D  |.  83F8 01    CMP EAX,1
0040C260  |.  76 0D       JBE SHORT Ekd5.0040C26F 若小于等于则转

0040C262  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0040C265  |.  33D2       XOR EDX,EDX
0040C267  |.  F775 8C    DIV DWORD PTR SS:[EBP-74]
0040C26A  |.  8945 84    MOV DWORD PTR SS:[EBP-7C],EAX
0040C26D  |.  EB 07       JMP SHORT Ekd5.0040C276

0040C26F  |>  C745 84 01000>MOV DWORD PTR SS:[EBP-7C],1

0040C276  |>  8B4D 84    MOV ECX,DWORD PTR SS:[EBP-7C]
0040C279  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
0040C27C  |.  EB 07       JMP SHORT Ekd5.0040C285

0040C27E  |>  C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
0040C285  |>  8A45 FC    MOV AL,BYTE PTR SS:[EBP-4]
0040C288  |.  8BE5       MOV ESP,EBP
0040C28A  |.  5D          POP EBP
0040C28B  \.  C3          RETN

[广告] 安装Alexa工具条，提高轩辕排名，支持轩辕发展！


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#22

发表于 2007-12-30 21:17 资料个人空间短消息看全部作者

消息处理

0047EF5F  /$  55          PUSH EBP
0047EF60  |.  8BEC       MOV EBP,ESP
0047EF62  |.  83EC 40    SUB ESP,40
0047EF65  |.  53          PUSH EBX
0047EF66  |.  56          PUSH ESI
0047EF67  |.  8B75 0C    MOV ESI,DWORD PTR SS:[EBP+C]
0047EF6A  |.  57          PUSH EDI
0047EF6B  |.  8B7D 10    MOV EDI,DWORD PTR SS:[EBP+10]
0047EF6E  |.  83FE 05    CMP ESI,5                               ;  Switch (cases 2..311)
0047EF71  |.  77 6F       JA SHORT 复件_Ekd.0047EFE2
0047EF73  |.  83FE 05    CMP ESI,5
0047EF76  |.  74 20       JE SHORT 复件_Ekd.0047EF98
0047EF78  |.  8BC6       MOV EAX,ESI
0047EF7A  |.  48          DEC EAX
0047EF7B  |.  48          DEC EAX
0047EF7C  |.  0F85 6A020000 JNZ 复件_Ekd.0047F1EC
0047EF82  |.  E8 80E1FFFF CALL 复件_Ekd.0047D107                   ;  Case 2 (WM_DESTROY) of switch 0047EF6E
0047EF87  |.  FF35 B4934B00 PUSH DWORD PTR DS:[4B93B4]             ; /ExitCode = 0
0047EF8D  |.  FF15 C0634800 CALL DWORD PTR DS:[<&USER32.PostQuitMess>; \PostQuitMessage
0047EF93  |.  E9 71020000 JMP 复件_Ekd.0047F209
0047EF98  |>  6A 01       PUSH 1                                  ;  Case 5 (WM_SIZE) of switch 0047EF6E
0047EF9A  |.  58          POP EAX
0047EF9B  |.  3BF8       CMP EDI,EAX
0047EF9D  |.  75 0A       JNZ SHORT 复件_Ekd.0047EFA9
0047EF9F  |.  A3 2CC04B00 MOV DWORD PTR DS:[4BC02C],EAX
0047EFA4  |.  E9 43020000 JMP 复件_Ekd.0047F1EC
0047EFA9  |>  85FF       TEST EDI,EDI
0047EFAB  |.  0F85 3B020000 JNZ 复件_Ekd.0047F1EC
0047EFB1  |.  393D 2CC04B00 CMP DWORD PTR DS:[4BC02C],EDI
0047EFB7  |.  0F84 2F020000 JE 复件_Ekd.0047F1EC
0047EFBD  |.  FF35 089E4B00 PUSH DWORD PTR DS:[4B9E08]
0047EFC3  |.  213D 2CC04B00 AND DWORD PTR DS:[4BC02C],EDI
0047EFC9  |.  FF35 20A24B00 PUSH DWORD PTR DS:[4BA220]
0047EFCF  |.  FF35 B8754B00 PUSH DWORD PTR DS:[4B75B8]
0047EFD5  |.  E8 A8FCFFFF CALL 复件_Ekd.0047EC82
0047EFDA  |.  83C4 0C    ADD ESP,0C
0047EFDD  |.  E9 0A020000 JMP 复件_Ekd.0047F1EC
0047EFE2  |>  83FE 0F    CMP ESI,0F
0047EFE5  |.  0F87 AE000000 JA 复件_Ekd.0047F099
0047EFEB  |.  74 3C       JE SHORT 复件_Ekd.0047F029
0047EFED  |.  8BC6       MOV EAX,ESI
0047EFEF  |.  83E8 06    SUB EAX,6
0047EFF2  |.  74 19       JE SHORT 复件_Ekd.0047F00D
0047EFF4  |.  48          DEC EAX
0047EFF5  |.  0F85 F1010000 JNZ 复件_Ekd.0047F1EC
0047EFFB  |.  6A 01       PUSH 1                                  ; /Erase = TRUE; Case 7 (WM_SETFOCUS) of switch 0047EF6E
0047EFFD  |.  6A 00       PUSH 0                                  ; |pRect = NULL
0047EFFF  |.  FF75 08    PUSH DWORD PTR SS:[EBP+8]             ; |hWnd
0047F002  |.  FF15 A4624800 CALL DWORD PTR DS:[<&USER32.InvalidateRe>; \InvalidateRect
0047F008  |.  E9 FC010000 JMP 复件_Ekd.0047F209
0047F00D  |>  A1 10C04B00 MOV EAX,DWORD PTR DS:[4BC010]          ;  Case 6 (WM_ACTIVATE) of switch 0047EF6E
0047F012  |.  85C0       TEST EAX,EAX
0047F014  |.  0F84 D2010000 JE 复件_Ekd.0047F1EC
0047F01A  |.  33C9       XOR ECX,ECX
0047F01C  |.  85FF       TEST EDI,EDI
0047F01E  |.  0F95C1       SETNE CL
0047F021  |.  51          PUSH ECX
0047F022  |.  FFD0       CALL EAX
0047F024  |.  E9 CD000000 JMP 复件_Ekd.0047F0F6
0047F029  |>  8B5D 08    MOV EBX,DWORD PTR SS:[EBP+8]          ;  Case F (WM_PAINT) of switch 0047EF6E
0047F02C  |.  8D45 C0    LEA EAX,DWORD PTR SS:[EBP-40]
0047F02F  |.  50          PUSH EAX                               ; /pPaintstruct
0047F030  |.  53          PUSH EBX                               ; |hWnd
0047F031  |.  FF15 40634800 CALL DWORD PTR DS:[<&USER32.BeginPaint>] ; \BeginPaint
0047F037  |.  8BF0       MOV ESI,EAX
0047F039  |.  A1 DC8B4B00 MOV EAX,DWORD PTR DS:[4B8BDC]
0047F03E  |.  33FF       XOR EDI,EDI
0047F040  |.  3BC7       CMP EAX,EDI
0047F042  |.  74 10       JE SHORT 复件_Ekd.0047F054
0047F044  |.  57          PUSH EDI                               ; /ForceBackground => FALSE
0047F045  |.  50          PUSH EAX                               ; |hPalette => EA0816ED
0047F046  |.  56          PUSH ESI                               ; |hDC
0047F047  |.  FF15 50604800 CALL DWORD PTR DS:[<&GDI32.SelectPalette>; \SelectPalette
0047F04D  |.  56          PUSH ESI                               ; /hDC
0047F04E  |.  FF15 4C604800 CALL DWORD PTR DS:[<&GDI32.RealizePalett>; \RealizePalette
0047F054  |>  A1 28C04B00 MOV EAX,DWORD PTR DS:[4BC028]
0047F059  |.  33C9       XOR ECX,ECX
0047F05B  |.  3BC7       CMP EAX,EDI
0047F05D  |.  7E 11       JLE SHORT 复件_Ekd.0047F070
0047F05F  |.  BA 80BE4B00 MOV EDX,复件_Ekd.004BBE80
0047F064  |>  391A       /CMP DWORD PTR DS:[EDX],EBX
0047F066  |.  74 08       |JE SHORT 复件_Ekd.0047F070
0047F068  |.  41          |INC ECX
0047F069  |.  83C2 04    |ADD EDX,4
0047F06C  |.  3BC8       |CMP ECX,EAX
0047F06E  |.^ 7C F4       \JL SHORT 复件_Ekd.0047F064
0047F070  |>  FF348D E09A4B>PUSH DWORD PTR DS:[ECX*4+4B9AE0]
0047F077  |.  FF348D 20924B>PUSH DWORD PTR DS:[ECX*4+4B9220]
0047F07E  |.  57          PUSH EDI
0047F07F  |.  57          PUSH EDI
0047F080  |.  51          PUSH ECX
0047F081  |.  E8 E0D8FFFF CALL 复件_Ekd.0047C966
0047F086  |.  83C4 14    ADD ESP,14
0047F089  |.  8D45 C0    LEA EAX,DWORD PTR SS:[EBP-40]
0047F08C  |.  50          PUSH EAX                               ; /pPaintstruct
0047F08D  |.  53          PUSH EBX                               ; |hWnd
0047F08E  |.  FF15 44634800 CALL DWORD PTR DS:[<&USER32.EndPaint>] ; \EndPaint
0047F094  |.  E9 70010000 JMP 复件_Ekd.0047F209
0047F099  |>  83FE 14    CMP ESI,14
0047F09C  |.  77 32       JA SHORT 复件_Ekd.0047F0D0
0047F09E  |.  0F84 65010000 JE 复件_Ekd.0047F209
0047F0A4  |.  83FE 10    CMP ESI,10
0047F0A7  |.  0F85 3F010000 JNZ 复件_Ekd.0047F1EC
0047F0AD  |.  A1 14C04B00 MOV EAX,DWORD PTR DS:[4BC014]          ;  Case 10 (WM_CLOSE) of switch 0047EF6E
0047F0B2  |.  85C0       TEST EAX,EAX
0047F0B4  |.  0F84 4F010000 JE 复件_Ekd.0047F209
0047F0BA  |.  8325 14C04B00>AND DWORD PTR DS:[4BC014],0
0047F0C1  |.  8BF0       MOV ESI,EAX
0047F0C3  |.  FFD6       CALL ESI
0047F0C5  |.  8935 14C04B00 MOV DWORD PTR DS:[4BC014],ESI
0047F0CB  |.  E9 39010000 JMP 复件_Ekd.0047F209
0047F0D0  |>  BB 00010000 MOV EBX,100
0047F0D5  |.  3BF3       CMP ESI,EBX
0047F0D7  |.  77 33       JA SHORT 复件_Ekd.0047F10C
0047F0D9  |.  74 21       JE SHORT 复件_Ekd.0047F0FC
0047F0DB  |.  83FE 7E    CMP ESI,7E
0047F0DE  |.  0F85 08010000 JNZ 复件_Ekd.0047F1EC
0047F0E4  |.  FF35 D89A4B00 PUSH DWORD PTR DS:[4B9AD8]             ;  Case 7E (WM_DISPLAYCHANGE) of switch 0047EF6E
0047F0EA  |.  FF35 D88B4B00 PUSH DWORD PTR DS:[4B8BD8]
0047F0F0  |.  E8 5FD6FFFF CALL 复件_Ekd.0047C754
0047F0F5  |.  59          POP ECX
0047F0F6  |>  59          POP ECX
0047F0F7  |.  E9 F0000000 JMP 复件_Ekd.0047F1EC
0047F0FC  |>  FF75 14    PUSH DWORD PTR SS:[EBP+14]             ;  Case 100 (WM_KEYDOWN) of switch 0047EF6E
0047F0FF  |.  FF75 10    PUSH DWORD PTR SS:[EBP+10]
0047F102  |.  E8 44010000 CALL 复件_Ekd.0047F24B
0047F107  |.  E9 FB000000 JMP 复件_Ekd.0047F207
0047F10C  |>  8BC6       MOV EAX,ESI
0047F10E  |.  2D 02010000 SUB EAX,102
0047F113  |.  0F84 E3000000 JE 复件_Ekd.0047F1FC
0047F119  |.  2D FF000000 SUB EAX,0FF
0047F11E  |.  0F84 C1000000 JE 复件_Ekd.0047F1E5
0047F124  |.  48          DEC EAX
0047F125  |.  0F84 B1000000 JE 复件_Ekd.0047F1DC
0047F12B  |.  48          DEC EAX
0047F12C  |.  48          DEC EAX
0047F12D  |.  0F84 A0000000 JE 复件_Ekd.0047F1D3
0047F133  |.  48          DEC EAX
0047F134  |.  0F84 90000000 JE 复件_Ekd.0047F1CA
0047F13A  |.  2D 0A010000 SUB EAX,10A
0047F13F  |.  74 11       JE SHORT 复件_Ekd.0047F152
0047F141  |.  48          DEC EAX
0047F142  |.  48          DEC EAX
0047F143  |.  0F85 A3000000 JNZ 复件_Ekd.0047F1EC
0047F149  |.  3B7D 08    CMP EDI,DWORD PTR SS:[EBP+8]          ;  Case 311 (WM_PALETTECHANGED) of switch 0047EF6E
0047F14C  |.  0F84 9A000000 JE 复件_Ekd.0047F1EC
0047F152  |>  33F6       XOR ESI,ESI                            ;  Case 30F (WM_QUERYNEWPALETTE) of switch 0047EF6E
0047F154  |.  3935 B07D4B00 CMP DWORD PTR DS:[4B7DB0],ESI
0047F15A  |.  74 28       JE SHORT 复件_Ekd.0047F184
0047F15C  |.  3935 28C04B00 CMP DWORD PTR DS:[4BC028],ESI
0047F162  |.  7E 20       JLE SHORT 复件_Ekd.0047F184
0047F164  |.  BF 48994B00 MOV EDI,复件_Ekd.004B9948
0047F169  |>  68 48954B00 /PUSH 复件_Ekd.004B9548
0047F16E  |.  53          |PUSH EBX
0047F16F  |.  6A 00       |PUSH 0
0047F171  |.  FF37       |PUSH DWORD PTR DS:[EDI]
0047F173  |.  E8 8A020000 |CALL 复件_Ekd.0047F402
0047F178  |.  46          |INC ESI
0047F179  |.  83C7 04    |ADD EDI,4
0047F17C  |.  3B35 28C04B00 |CMP ESI,DWORD PTR DS:[4BC028]
0047F182  |.^ 7C E5       \JL SHORT 复件_Ekd.0047F169
0047F184  |>  FF75 08    PUSH DWORD PTR SS:[EBP+8]             ; /hWnd
0047F187  |.  FF15 98624800 CALL DWORD PTR DS:[<&USER32.GetDC>]    ; \GetDC
0047F18D  |.  8BF0       MOV ESI,EAX
0047F18F  |.  A1 DC8B4B00 MOV EAX,DWORD PTR DS:[4B8BDC]
0047F194  |.  85C0       TEST EAX,EAX
0047F196  |.  74 0A       JE SHORT 复件_Ekd.0047F1A2
0047F198  |.  6A 00       PUSH 0                                  ; /ForceBackground = FALSE
0047F19A  |.  50          PUSH EAX                               ; |hPalette => EA0816ED
0047F19B  |.  56          PUSH ESI                               ; |hDC
0047F19C  |.  FF15 50604800 CALL DWORD PTR DS:[<&GDI32.SelectPalette>; \SelectPalette
0047F1A2  |>  56          PUSH ESI                               ; /hDC
0047F1A3  |.  FF15 4C604800 CALL DWORD PTR DS:[<&GDI32.RealizePalett>; \RealizePalette
0047F1A9  |.  56          PUSH ESI                               ; /hDC
0047F1AA  |.  8BF8       MOV EDI,EAX                            ; |
0047F1AC  |.  FF75 08    PUSH DWORD PTR SS:[EBP+8]             ; |hWnd
0047F1AF  |.  FF15 9C624800 CALL DWORD PTR DS:[<&USER32.ReleaseDC>]  ; \ReleaseDC
0047F1B5  |.  85FF       TEST EDI,EDI
0047F1B7  |.  74 0D       JE SHORT 复件_Ekd.0047F1C6
0047F1B9  |.  6A 01       PUSH 1                                  ; /Erase = TRUE
0047F1BB  |.  6A 00       PUSH 0                                  ; |pRect = NULL
0047F1BD  |.  FF75 08    PUSH DWORD PTR SS:[EBP+8]             ; |hWnd
0047F1C0  |.  FF15 A4624800 CALL DWORD PTR DS:[<&USER32.InvalidateRe>; \InvalidateRect
0047F1C6  |>  8BC7       MOV EAX,EDI
0047F1C8  |.  EB 41       JMP SHORT 复件_Ekd.0047F20B
0047F1CA  |>  8325 B8A34B00>AND DWORD PTR DS:[4BA3B8],FFFFFFFD    ;  Case 205 (WM_RBUTTONUP) of switch 0047EF6E
0047F1D1  |.  EB 19       JMP SHORT 复件_Ekd.0047F1EC
0047F1D3  |>  830D B8A34B00>OR DWORD PTR DS:[4BA3B8],2             ;  Case 204 (WM_RBUTTONDOWN) of switch 0047EF6E
0047F1DA  |.  EB 10       JMP SHORT 复件_Ekd.0047F1EC
0047F1DC  |>  8325 B8A34B00>AND DWORD PTR DS:[4BA3B8],FFFFFFFE    ;  Case 202 (WM_LBUTTONUP) of switch 0047EF6E
0047F1E3  |.  EB 07       JMP SHORT 复件_Ekd.0047F1EC
0047F1E5  |>  830D B8A34B00>OR DWORD PTR DS:[4BA3B8],1             ;  Case 201 (WM_LBUTTONDOWN) of switch 0047EF6E
0047F1EC  |>  FF75 14    PUSH DWORD PTR SS:[EBP+14]             ; /lParam; Default case of switch 0047EF6E
0047F1EF  |.  57          PUSH EDI                               ; |wParam
0047F1F0  |.  56          PUSH ESI                               ; |Message
0047F1F1  |.  FF75 08    PUSH DWORD PTR SS:[EBP+8]             ; |hWnd
0047F1F4  |.  FF15 78634800 CALL DWORD PTR DS:[<&USER32.DefWindowPro>; \DefWindowProcA
0047F1FA  |.  EB 0F       JMP SHORT 复件_Ekd.0047F20B
0047F1FC  |>  FF75 14    PUSH DWORD PTR SS:[EBP+14]             ;  Case 102 (WM_CHAR) of switch 0047EF6E
0047F1FF  |.  FF75 10    PUSH DWORD PTR SS:[EBP+10]
0047F202  |.  E8 09000000 CALL 复件_Ekd.0047F210
0047F207  |>  59          POP ECX
0047F208  |.  59          POP ECX
0047F209  |>  33C0       XOR EAX,EAX                            ;  Case 14 (WM_ERASEBKGND) of switch 0047EF6E
0047F20B  |>  5F          POP EDI
0047F20C  |.  5E          POP ESI
0047F20D  |.  5B          POP EBX
0047F20E  |.  C9          LEAVE
0047F20F  \.  C3          RETN

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#23

发表于 2007-12-30 21:18 资料个人空间短消息看全部作者

先手攻击(自己新写的函数)

参数就是epb-8,ebp-c
被攻击方的数据
攻击方的内存地址

-4被攻击方的数据
-8攻击方的内存地址
-c 被攻击方的内存地址
-10 攻击方的Data编号
-14 被攻击方的Data编号

004D0000 55             PUSH EBP
004D0001 8BEC          MOV EBP,ESP
004D0003 83EC 14       SUB ESP,14
004D0006 8B45 0C       MOV EAX,DWORD PTR SS:[EBP+C]
004D0009 8945 F8       MOV DWORD PTR SS:[EBP-8],EAX
004D000C 8B45 08       MOV EAX,DWORD PTR SS:[EBP+8]
004D000F 8945 FC       MOV DWORD PTR SS:[EBP-4],EAX
004D0012 25 FF000000    AND EAX,0FF
004D0017 6BC0 24       IMUL EAX,EAX,24
004D001A 05 502C4B00    ADD EAX,Ekd5.004B2C50
004D001F 8945 F4       MOV DWORD PTR SS:[EBP-C],EAX
004D0022 8BC8          MOV ECX,EAX
004D0024 E8 47B4F6FF    CALL Ekd5.0043B470                      ; 判断被攻击方的职业
004D0029 3C 01          CMP AL,1
004D002B 75 69          JNZ SHORT Ekd5.004D0096                ; 兵种不对跳转
004D002D 6A 08          PUSH 8
004D002F 8B4D F4       MOV ECX,DWORD PTR SS:[EBP-C]
004D0032 E8 A966F3FF    CALL Ekd5.004066E0                      ; 判断被攻击方的状态
004D0037 85C0          TEST EAX,EAX
004D0039 74 02          JE SHORT Ekd5.004D003D
004D003B EB 59          JMP SHORT Ekd5.004D0096                ; 混乱中
004D003D 8B4D F8       MOV ECX,DWORD PTR SS:[EBP-8]
004D0040 E8 2BF6F8FF    CALL Ekd5.0045F670
004D0045 8945 F0       MOV DWORD PTR SS:[EBP-10],EAX          ; 攻击方的Data编号
004D0048 8B4D F4       MOV ECX,DWORD PTR SS:[EBP-C]
004D004B E8 20F6F8FF    CALL Ekd5.0045F670
004D0050 8945 EC       MOV DWORD PTR SS:[EBP-14],EAX          ; 被攻击方的Data编号
004D0053 6A 01          PUSH 1
004D0055 FF75 F0       PUSH DWORD PTR SS:[EBP-10]
004D0058 FF75 EC       PUSH DWORD PTR SS:[EBP-14]
004D005B B9 F05D4B00    MOV ECX,Ekd5.004B5DF0
004D0060 E8 65AFF8FF    CALL Ekd5.0045AFCA                      ; 判断是否相邻
004D0065 85C0          TEST EAX,EAX
004D0067 74 2D          JE SHORT Ekd5.004D0096
004D0069 8B4D F8       MOV ECX,DWORD PTR SS:[EBP-8]
004D006C E8 AFE2F6FF    CALL Ekd5.0043E320                      ; 获取攻击方的朝向
004D0071 25 FF000000    AND EAX,0FF
004D0076 83C0 02       ADD EAX,2
004D0079 83F8 04       CMP EAX,4
004D007C 7C 03          JL SHORT Ekd5.004D0081
004D007E 83E8 04       SUB EAX,4
004D0081 05 002D4B00    ADD EAX,Ekd5.004B2D00
004D0086 50             PUSH EAX
004D0087 8B4D F4       MOV ECX,DWORD PTR SS:[EBP-C]
004D008A E8 E165F3FF    CALL Ekd5.00406670                      ; 设置被攻击方的朝向，使其对准攻击方
004D008F B8 01000000    MOV EAX,1
004D0094 EB 02          JMP SHORT Ekd5.004D0098
004D0096 33C0          XOR EAX,EAX
004D0098 8BE5          MOV ESP,EBP
004D009A 5D             POP EBP
004D009B C3             RETN

004D009F 83C4 08       ADD ESP,8                               ; 我方攻击跳转过来的
004D00A2 FF75 F8       PUSH DWORD PTR SS:[EBP-8]
004D00A5 FF75 F4       PUSH DWORD PTR SS:[EBP-C]
004D00A8 E8 53FFFFFF    CALL Ekd5.004D0000
004D00AD 83C4 08       ADD ESP,8
004D00B0 85C0          TEST EAX,EAX                            ; 判断返回
004D00B2 74 1A          JE SHORT Ekd5.004D00CE
004D00B4 8A45 F8       MOV AL,BYTE PTR SS:[EBP-8]             ; 先手攻击
004D00B7 8B4D F4       MOV ECX,DWORD PTR SS:[EBP-C]
004D00BA 8A51 04       MOV DL,BYTE PTR DS:[ECX+4]
004D00BD 52             PUSH EDX
004D00BE 50             PUSH EAX
004D00BF B9 F0274900    MOV ECX,Ekd5.004927F0
004D00C4 E8 2864F3FF    CALL Ekd5.004064F1
004D00C9  - E9 85DAF6FF    JMP Ekd5.0043DB53
004D00CE 8B45 F8       MOV EAX,DWORD PTR SS:[EBP-8]          ; 正常攻击
004D00D1  - E9 6BDAF6FF    JMP Ekd5.0043DB41

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#24

发表于 2007-12-30 21:20 资料个人空间短消息看全部作者

关于吸血攻击

00405C6C $  55          PUSH EBP
00405C6D .  8BEC       MOV EBP,ESP
00405C6F .  83EC 10    SUB ESP,10
00405C72 .  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
00405C75 .  33C9       XOR ECX,ECX
00405C77 .  894D F8    MOV DWORD PTR SS:[EBP-8],ECX
00405C7A .  6A 2C       PUSH 2C                               ; /Arg1 = 0000002C
00405C7C .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]          ; |
00405C7F .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]          ; |
00405C82 .  E8 821D0000 CALL Ekd5.00407A09                      ; \Ekd5.00407A09
00405C87 .  85C0       TEST EAX,EAX
00405C89 .  0F84 58B30100 JE Ekd5.00420FE7
00405C8F .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00405C92 .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
00405C95 .  E8 81150000 CALL Ekd5.0040721B
00405C9A .  50          PUSH EAX
00405C9B .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00405C9E .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
00405CA1 .  51          PUSH ECX                               ; /Arg1
00405CA2 .  E8 D6610000 CALL Ekd5.0040BE7D                      ; \Ekd5.0040BE7D
00405CA7 .  83C4 04    ADD ESP,4
00405CAA .  50          PUSH EAX                               ; /Arg1
00405CAB .  E8 26880300 CALL Ekd5.0043E4D6                      ; \Ekd5.0043E4D6
00405CB0 .  83C4 04    ADD ESP,4
00405CB3 .  33C9       XOR ECX,ECX
00405CB5 .  8AC8       MOV CL,AL
00405CB7 .  6BC9 24    IMUL ECX,ECX,24
00405CBA .  81C1 502C4B00 ADD ECX,Ekd5.004B2C50
00405CC0 .  894D F0    MOV DWORD PTR SS:[EBP-10],ECX
00405CC3 .  E8 C8CF0600 CALL Ekd5.00472C90
00405CC8 .  8945 F8    MOV DWORD PTR SS:[EBP-8],EAX          ; |
00405CCB .  50          PUSH EAX                               ; |Arg2
00405CCC .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]          ; |
00405CCF .  8B0D B2BF4A00 MOV ECX,DWORD PTR DS:[4ABFB2]          ; |
00405CD5 .  51          PUSH ECX                               ; |Arg1 => 00000000
00405CD6 .  E8 AE9D0700 CALL Ekd5.0047FA89                      ; \Ekd5.0047FA89
00405CDB .  83C4 0C    ADD ESP,0C
00405CDE .  8945 F4    MOV DWORD PTR SS:[EBP-C],EAX
00405CE1 .  E9 FEB20100 JMP Ekd5.00420FE4

00420FE4 > \2945 F8    SUB DWORD PTR SS:[EBP-8],EAX
00420FE7 >  6A 01       PUSH 1                                  ; /Arg8 = 00000001
00420FE9 .  6A 00       PUSH 0                                  ; |Arg7 = 00000000
00420FEB .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]          ; |
00420FEE .  8B88 2C040000 MOV ECX,DWORD PTR DS:[EAX+42C]          ; |
00420FF4 .  51          PUSH ECX                               ; |Arg6
00420FF5 .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]          ; |
00420FF8 .  8B82 28040000 MOV EAX,DWORD PTR DS:[EDX+428]          ; |
00420FFE .  50          PUSH EAX                               ; |Arg5
00420FFF .  6A 00       PUSH 0                                  ; |Arg4 = 00000000
00421001 .  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]          ; |
00421004 .  52          PUSH EDX                               ; |Arg3
00421005 .  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00421008 .  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]             ; |
0042100B .  52          PUSH EDX                               ; |Arg2
0042100C .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]          ; |
0042100F .  8A08       MOV CL,BYTE PTR DS:[EAX]                ; |
00421011 .  51          PUSH ECX                               ; |Arg1
00421012 .  E8 6DF90200 CALL Ekd5.00450984                      ; \Ekd5.00450984
00421017 .  83C4 20    ADD ESP,20
0042101A .  837D F8 00 CMP DWORD PTR SS:[EBP-8],0
0042101E .  74 0C       JE SHORT Ekd5.0042102C
00421020 .  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
00421023 .  50          PUSH EAX                               ; /Arg1
00421024 .  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
00421027 .  E8 A1E60100 CALL Ekd5.0043F6CD                      ; \Ekd5.0043F6CD
0042102C >  6A 01       PUSH 1
0042102E .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00421031 .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
00421034 .  E8 1756FEFF CALL Ekd5.00406650
00421039 .  25 FF000000 AND EAX,0FF
0042103E .  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00421041 .  0381 28040000 ADD EAX,DWORD PTR DS:[ECX+428]
00421047 .  50          PUSH EAX
00421048 .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0042104B .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
0042104E .  E8 FD78FEFF CALL Ekd5.00408950
00421053 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00421056 .  8B88 2C040000 MOV ECX,DWORD PTR DS:[EAX+42C]
0042105C .  51          PUSH ECX
0042105D .  6A 00       PUSH 0
0042105F .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00421062 .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
00421065 .  E8 6C72FEFF CALL Ekd5.004082D6
0042106A .  33C9       XOR ECX,ECX
0042106C .  890D B2BF4A00 MOV DWORD PTR DS:[4ABFB2],ECX
00421072 .  8BE5       MOV ESP,EBP
00421074 .  5D          POP EBP
00421075 .  C3          RETN

轩辕传的exe
00405C6C $  55          PUSH EBP
00405C6D .  8BEC       MOV EBP,ESP
00405C6F .  83EC 10    SUB ESP,10
00405C72 .  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
00405C75 .  33C9       XOR ECX,ECX
00405C77 .  894D F8    MOV DWORD PTR SS:[EBP-8],ECX
00405C7A .  6A 2C       PUSH 2C                               ; /Arg1 = 0000002C
00405C7C .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]          ; |
00405C7F .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]          ; |
00405C82 .  E8 821D0000 CALL Ekd5.00407A09                      ; \Ekd5.00407A09
00405C87 .  85C0       TEST EAX,EAX
00405C89 .  0F84 58B30100  JE Ekd5.00420FE7 如果是2C跳
00405C8F .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00405C92 .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
00405C95 .  E8 81150000 CALL Ekd5.0040721B

00405C9A .  50          PUSH EAX
00405C9B .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00405C9E .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]

00405CA1 .  51          PUSH ECX                               ; /Arg1
00405CA2 .  E8 D6610000 CALL Ekd5.0040BE7D                      ; \Ekd5.0040BE7D
00405CA7 .  83C4 04    ADD ESP,4

00405CAA .  50          PUSH EAX                               ; /Arg1
00405CAB .  E8 26880300 CALL Ekd5.0043E4D6                      ; \Ekd5.0043E4D6
00405CB0 .  83C4 04    ADD ESP,4

00405CB3 .  33C9       XOR ECX,ECX
00405CB5 .  8AC8       MOV CL,AL
00405CB7 .  6BC9 24    IMUL ECX,ECX,24
00405CBA .  81C1 502C4B00 ADD ECX,Ekd5.004B2C50
00405CC0 .  894D F0    MOV DWORD PTR SS:[EBP-10],ECX
00405CC3 .  E8 C8CF0600 CALL Ekd5.00472C90 //返回当前体力
00405CC8 .  8945 F8    MOV DWORD PTR SS:[EBP-8],EAX          ; |
00405CCB .  50          PUSH EAX                               ; |Arg2
00405CCC .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]          ; |
00405CCF .  8B0D B2BF4A00 MOV ECX,DWORD PTR DS:[4ABFB2]          ; |
00405CD5 .  51          PUSH ECX                               ; |Arg1 => 00000000
00405CD6 .  E8 AE9D0700 CALL Ekd5.0047FA89                      ; \Ekd5.0047FA89  返回08栈0C栈之和与10栈的较小值于eax
00405CDB .  83C4 0C    ADD ESP,0C

00405CDE .  8945 F4    MOV DWORD PTR SS:[EBP-C],EAX

00405CE1 .  E9 FEB20100 JMP Ekd5.00420FE4

------------------------------跳到的地方
00420FE4 > \2945 F8    SUB DWORD PTR SS:[EBP-8],EAX
00420FE7 >  6A 01       PUSH 1                                  ; /Arg8 = 00000001
00420FE9 .  6A 00       PUSH 0                                  ; |Arg7 = 00000000
00420FEB .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]          ; |
00420FEE .  8B88 2C040000 MOV ECX,DWORD PTR DS:[EAX+42C]          ; |
00420FF4 .  51          PUSH ECX                               ; |Arg6
00420FF5 .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]          ; |
00420FF8 .  8B82 28040000 MOV EAX,DWORD PTR DS:[EDX+428]          ; |
00420FFE .  50          PUSH EAX                               ; |Arg5
00420FFF .  6A 00       PUSH 0                                  ; |Arg4 = 00000000
00421001 .  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]          ; |
00421004 .  52          PUSH EDX                               ; |Arg3
00421005 .  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00421008 .  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]             ; |
0042100B .  52          PUSH EDX                               ; |Arg2
0042100C .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]          ; |
0042100F .  8A08       MOV CL,BYTE PTR DS:[EAX]                ; |
00421011 .  51          PUSH ECX                               ; |Arg1
00421012 .  E8 6DF90200 CALL Ekd5.00450984                      ; \Ekd5.00450984
00421017 .  83C4 20    ADD ESP,20
0042101A .  837D F8 00 CMP DWORD PTR SS:[EBP-8],0
0042101E .  74 0C       JE SHORT Ekd5.0042102C
00421020 .  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
00421023 .  50          PUSH EAX                               ; /Arg1
00421024 .  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
00421027 .  E8 A1E60100 CALL Ekd5.0043F6CD                      ; \Ekd5.0043F6CD

0042102C >  6A 01    PUSH 1
0042102E .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00421031 .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
00421034 .  E8 1756FEFF CALL Ekd5.00406650 获取武将ecx的经验
00421039 .  25 FF000000 AND EAX,0FF

0042103E .  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00421041 .  0381 28040000 ADD EAX,DWORD PTR DS:[ECX+428]
00421047 .  50          PUSH EAX
00421048 .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0042104B .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
0042104E .  E8 FD78FEFF CALL Ekd5.00408950

00421053 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00421056 .  8B88 2C040000 MOV ECX,DWORD PTR DS:[EAX+42C]
0042105C .  51          PUSH ECX
0042105D .  6A 00       PUSH 0
0042105F .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00421062 .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
00421065 .  E8 6C72FEFF CALL Ekd5.004082D6

0042106A .  33C9       XOR ECX,ECX
0042106C .  890D B2BF4A00 MOV DWORD PTR DS:[4ABFB2],ECX
00421072 .  8BE5       MOV ESP,EBP
00421074 .  5D          POP EBP
00421075 .  C3          RETN

00405C6C $  55          PUSH EBP
00405C6D .  8BEC       MOV EBP,ESP
00405C6F .  83EC 10    SUB ESP,10
00405C72 .  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
00405C75 .  6A 01       PUSH 1
00405C77 .  6A 00       PUSH 0
00405C79 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00405C7C .  8B88 2C040000 MOV ECX,DWORD PTR DS:[EAX+42C]
00405C82 .  51          PUSH ECX
00405C83 .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00405C86 .  8B82 28040000 MOV EAX,DWORD PTR DS:[EDX+428]
00405C8C .  50          PUSH EAX
00405C8D .  6A 00       PUSH 0
00405C8F .  33C9       XOR ECX,ECX
00405C91 .  894D F8    MOV DWORD PTR SS:[EBP-8],ECX
00405C94 .  6A 43       PUSH 43                                           ; /Arg1 = 00000043
00405C96 .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]                      ; |
00405C99 .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]                      ; |
00405C9C .  E8 681D0000 CALL EKD500407A09                                  ; \EKD500407A09
00405CA1 .  85C0       TEST EAX,EAX
00405CA3 .  0F84 E0A30300 JE EKD500440089 //相等，证明是吸血攻击，跳转
00405CA9 .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00405CAC .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
00405CAF .  E8 67150000 CALL EKD50040721B
00405CB4 .  50          PUSH EAX
00405CB5 .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00405CB8 .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
00405CBB .  51          PUSH ECX                                        ; /Arg1
00405CBC .  E8 BC610000 CALL EKD50040BE7D                                  ; \EKD50040BE7D
00405CC1 .  83C4 04    ADD ESP,4
00405CC4 .  50          PUSH EAX                                        ; /Arg1
00405CC5 .  E8 0C880300 CALL EKD50043E4D6                                  ; \EKD50043E4D6
00405CCA .  83C4 04    ADD ESP,4
00405CCD .  33C9       XOR ECX,ECX
00405CCF .  8AC8       MOV CL,AL
00405CD1 .  6BC9 24    IMUL ECX,ECX,24
00405CD4 .  81C1 502C4B00 ADD ECX,EKD5004B2C50
00405CDA .  894D F0    MOV DWORD PTR SS:[EBP-10],ECX
00405CDD .  E9 86A30300 JMP EKD500440068
00405CE2 >  E8 89820100 CALL EKD50041DF70
00405CE7 .  3C 5C       CMP AL,5C
00405CE9 .  75 04       JNZ SHORT EKD500405CEF
00405CEB .  B0 64       MOV AL,64
00405CED .  EB 76       JMP SHORT EKD500405D65
00405CEF >  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
00405CF2 .  8B49 0C    MOV ECX,DWORD PTR DS:[ECX+C]
00405CF5 .  E8 37990300 CALL EKD50043F631
00405CFA .  8945 F8    MOV DWORD PTR SS:[EBP-8],EAX
00405CFD .  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
00405D00 .  33D2       XOR EDX,EDX
00405D02 .  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]
00405D05 .  8BCA       MOV ECX,EDX
00405D07 .  6BC9 24    IMUL ECX,ECX,24
00405D0A .  81C1 502C4B00 ADD ECX,EKD5004B2C50
00405D10 .  E8 1C990300 CALL EKD50043F631
00405D15 .  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
00405D18 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00405D1B .  6BC0 03    IMUL EAX,EAX,3
00405D1E .  3945 F8    CMP DWORD PTR SS:[EBP-8],EAX
00405D21 .  72 04       JB SHORT EKD500405D27
00405D23 .  B0 64       MOV AL,64
00405D25 .  EB 3E       JMP SHORT EKD500405D65
00405D27 >  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00405D2A .  D1E1       SHL ECX,1
00405D2C .  394D F8    CMP DWORD PTR SS:[EBP-8],ECX
00405D2F .  72 17       JB SHORT EKD500405D48
00405D31 .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00405D34 .  D1E2       SHL EDX,1
00405D36 .  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
00405D39 .  2BC2       SUB EAX,EDX
00405D3B .  6BC0 50    IMUL EAX,EAX,50
00405D3E .  33D2       XOR EDX,EDX
00405D40 .  F775 FC    DIV DWORD PTR SS:[EBP-4]
00405D43 .  83C0 14    ADD EAX,14
00405D46 .  EB 1D       JMP SHORT EKD500405D65
00405D48 >  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
00405D4B .  3B45 FC    CMP EAX,DWORD PTR SS:[EBP-4]
00405D4E .  72 13       JB SHORT EKD500405D63
00405D50 .  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
00405D53 .  2B45 FC    SUB EAX,DWORD PTR SS:[EBP-4]
00405D56 .  6BC0 12    IMUL EAX,EAX,12
00405D59 .  33D2       XOR EDX,EDX
00405D5B .  F775 FC    DIV DWORD PTR SS:[EBP-4]
00405D5E .  83C0 02    ADD EAX,2
00405D61 .  EB 02       JMP SHORT EKD500405D65
00405D63 >  B0 01       MOV AL,1
00405D65 >  8BE5       MOV ESP,EBP
00405D67 .  5D          POP EBP
00405D68 .  C3          RETN

00440089 > \8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]          ; |
0044008C .  52          PUSH EDX                               ; |Arg3
0044008D .  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00440090 .  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]             ; |
00440093 .  52          PUSH EDX                               ; |Arg2
00440094 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]          ; |
00440097 .  8A08       MOV CL,BYTE PTR DS:[EAX]                ; |
00440099 .  51          PUSH ECX                               ; |Arg1
0044009A .  E8 E5080100 CALL EKD500450984                      ; \EKD500450984
0044009F .  83C4 20    ADD ESP,20
004400A2 .  837D F8 00 CMP DWORD PTR SS:[EBP-8],0
004400A6 .  74 0C       JE SHORT EKD5004400B4
004400A8 .  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
004400AB .  50          PUSH EAX                               ; /Arg1
004400AC .  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
004400AF .  E8 19F6FFFF CALL EKD50043F6CD                      ; \EKD50043F6CD
004400B4 >  6A 01       PUSH 1
004400B6 .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
004400B9 .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
004400BC .  E8 8F65FCFF CALL EKD500406650
004400C1 .  25 FF000000 AND EAX,0FF                            ; |
004400C6 .  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
004400C9 .  0381 28040000 ADD EAX,DWORD PTR DS:[ECX+428]          ; |
004400CF .  50          PUSH EAX                               ; |Arg1
004400D0 .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]          ; |
004400D3 .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]          ; |
004400D6 .  E8 7588FCFF CALL EKD500408950                      ; \EKD500408950
004400DB .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004400DE .  8B88 2C040000 MOV ECX,DWORD PTR DS:[EAX+42C]
004400E4 .  51          PUSH ECX                               ; /Arg2
004400E5 .  6A 00       PUSH 0                                  ; |Arg1 = 00000000
004400E7 .  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]          ; |
004400EA .  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]          ; |
004400ED .  E8 E481FCFF CALL EKD5004082D6                      ; \EKD5004082D6
004400F2 .  33C9       XOR ECX,ECX
004400F4 .  890D B2BF4A00 MOV DWORD PTR DS:[4ABFB2],ECX
004400FA .  8BE5       MOV ESP,EBP
004400FC .  5D          POP EBP
004400FD .  C3          RETN

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#25

发表于 2007-12-30 21:20 资料个人空间短消息看全部作者

无限引导

43DADA函数
0043DADA  /$  55          PUSH EBP
0043DADB  |.  8BEC       MOV EBP,ESP
0043DADD  |.  83EC 0C    SUB ESP,0C
0043DAE0  |.  894D F4    MOV DWORD PTR SS:[EBP-C],ECX
0043DAE3  |.  C645 F8 FF MOV BYTE PTR SS:[EBP-8],0FF
0043DAE7  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
0043DAEA  |.  E8 281E0000 CALL Ekd5.0043F917
0043DAEF  |.  8845 FC    MOV BYTE PTR SS:[EBP-4],AL
0043DAF2  |.  68 FF000000 PUSH 0FF
0043DAF7  |.  6A 01       PUSH 1
0043DAF9  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
0043DAFC  |.  E8 BD1D0000 CALL Ekd5.0043F8BE

0043DB01  |.  50          PUSH EAX                               ; |Arg2
0043DB02  |.  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]          ; |
0043DB05  |.  8A48 04    MOV CL,BYTE PTR DS:[EAX+4]             ; |
0043DB08  |.  51          PUSH ECX                               ; |Arg1
0043DB09  |.  B9 50424B00 MOV ECX,Ekd5.004B4250                   ; |
0043DB0E  |.  E8 2A780100 CALL Ekd5.0045533D                      ; \Ekd5.0045533D  //攻击范围
0043DB13  |.  8845 F8    MOV BYTE PTR SS:[EBP-8],AL
0043DB16  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
0043DB19  |.  81E2 FF000000 AND EDX,0FF
0043DB1F  |.  81FA FF000000 CMP EDX,0FF
0043DB25  |.  0F84 F2000000 JE Ekd5.0043DC1D
0043DB2B  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]
0043DB2E  |.  50          PUSH EAX                               ; /Arg2
0043DB2F  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DB32  |.  8A51 04    MOV DL,BYTE PTR DS:[ECX+4]             ; |
0043DB35  |.  52          PUSH EDX                               ; |Arg1
0043DB36  |.  E8 EE7CFFFF CALL Ekd5.00435829                      ; \Ekd5.00435829
0043DB3B  |.  83C4 08    ADD ESP,8
0043DB3E  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]

0043DB41  |.  50          PUSH EAX                               ; /Arg2
0043DB42  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DB45  |.  8A51 04    MOV DL,BYTE PTR DS:[ECX+4]             ; |
0043DB48  |.  52          PUSH EDX                               ; |Arg1
0043DB49  |.  B9 F0274900 MOV ECX,Ekd5.004927F0                   ; |
0043DB4E  |.  E8 9E89FCFF CALL Ekd5.004064F1                      ; \Ekd5.004064F1  进行攻击(包括攻击动作和数值变化)

0043DB53  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0043DB56  |.  81E1 FF000000 AND ECX,0FF
0043DB5C  |.  6BC9 24    IMUL ECX,ECX,24
0043DB5F  |.  81C1 502C4B00 ADD ECX,Ekd5.004B2C50
0043DB65  |.  E8 26510300 CALL Ekd5.00472C90 返回武将ecx的当前体力
0043DB6A  |.  85C0       TEST EAX,EAX
0043DB6C  |.  0F85 97000000 JNZ Ekd5.0043DC09                      若EAX的值不会0(人没死)，则跳转，不会引导

0043DB72  |.  6A 2E       PUSH 2E                               ; /Arg1 = 0000002E    判断是不是2E引导攻击
0043DB74  |.  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]          ; |
0043DB77  |.  8B08       MOV ECX,DWORD PTR DS:[EAX]             ; |
0043DB79  |.  6BC9 48    IMUL ECX,ECX,48                         ; |
0043DB7C  |.  81C1 681B4A00 ADD ECX,Ekd5.004A1B68                   ; |
0043DB82  |.  E8 829EFCFF CALL Ekd5.00407A09                      ; \Ekd5.00407A09检测武将ecx是否装备特殊效果为08栈的特殊道具
0043DB87  |.  85C0       TEST EAX,EAX
0043DB89  |.  74 7E       JE SHORT Ekd5.0043DC09 若EAX的值不会0(不相等)，则跳转，不会引导

0043DB8B  |.  68 FF000000 PUSH 0FF                               ; /Arg3 = 000000FF
0043DB90  |.  68 40060000 PUSH 640                               ; |Arg2 = 00000640
0043DB95  |.  6A 04       PUSH 4                                  ; |/Arg3 = 00000004
0043DB97  |.  6A 00       PUSH 0                                  ; ||Arg2 = 00000000
0043DB99  |.  68 C0120000 PUSH 12C0                               ; ||Arg1 = 000012C0
0043DB9E  |.  B9 38EB4A00 MOV ECX,Ekd5.004AEB38                   ; ||
0043DBA3  |.  E8 981E0400 CALL Ekd5.0047FA40                      ; |\Ekd5.0047FA40
0043DBA8  |.  50          PUSH EAX                               ; |Arg1
0043DBA9  |.  E8 65210400 CALL Ekd5.0047FD13                      ; \Ekd5.0047FD13
0043DBAE  |.  83C4 0C    ADD ESP,0C
0043DBB1  |.  6A 00       PUSH 0
0043DBB3  |.  6A 00       PUSH 0
0043DBB5  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
0043DBB8  |.  E8 011D0000 CALL Ekd5.0043F8BE
0043DBBD  |.  50          PUSH EAX                               ; |Arg2
0043DBBE  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DBC1  |.  83C1 06    ADD ECX,6                               ; |
0043DBC4  |.  51          PUSH ECX                               ; |Arg1
0043DBC5  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DBC8  |.  E8 B989FFFF CALL Ekd5.00436586                      ; \Ekd5.00436586
0043DBCD  |.  8845 F8    MOV BYTE PTR SS:[EBP-8],AL
0043DBD0  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
0043DBD3  |.  81E2 FF000000 AND EDX,0FF
0043DBD9  |.  81FA FF000000 CMP EDX,0FF
0043DBDF  |.  74 28       JE SHORT Ekd5.0043DC09 //判断EDX，如果不等于0FF则跳转

0043DBE1  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]
0043DBE4  |.  50          PUSH EAX                               ; /Arg2
0043DBE5  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DBE8  |.  8A51 04    MOV DL,BYTE PTR DS:[ECX+4]             ; |
0043DBEB  |.  52          PUSH EDX                               ; |Arg1
0043DBEC  |.  E8 387CFFFF CALL Ekd5.00435829                      ; \Ekd5.00435829
0043DBF1  |.  83C4 08    ADD ESP,8
0043DBF4  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]

0043DBF7  |.  50          PUSH EAX          -----JMP    0043DB41
0043DBF8  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DBFB  |.  8A51 04    MOV DL,BYTE PTR DS:[ECX+4]             ; |
0043DBFE  |.  52          PUSH EDX                               ; |Arg1
0043DBFF  |.  B9 F0274900 MOV ECX,Ekd5.004927F0                   ; |
0043DC04  |.  E8 E888FCFF CALL Ekd5.004064F1                      ; \Ekd5.004064F1

0043DC09  |>  6A 06       PUSH 6                                  ; /Arg1 = 00000006
0043DC0B  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DC0E  |.  E8 054B0000 CALL Ekd5.00442718                      ; \Ekd5.00442718
0043DC13  |.  B9 50424B00 MOV ECX,Ekd5.004B4250
0043DC18  |.  E8 F65E0100 CALL Ekd5.00453B13
0043DC1D  |>  8BE5       MOV ESP,EBP
0043DC1F  |.  5D          POP EBP
0043DC20  \.  C3          RETN

[广告] 安装Alexa工具条，提高轩辕排名，支持轩辕发展！


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#26

发表于 2007-12-30 21:21 资料个人空间短消息看全部作者

有关文件操作的函数

开始写存档的地方
0041B1FC  |.  85C0       TEST EAX,EAX
0041B1FE  |.  75 24       JNZ SHORT WaGan.0041B224
0041B200  |.  C785 D0FEFFFF>MOV DWORD PTR SS:[EBP-130],0
0041B20A  |.  C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0041B211  |.  8D4D F0    LEA ECX,DWORD PTR SS:[EBP-10]
0041B214  |.  E8 30DDFFFF CALL WaGan.00418F49
0041B219  |.  8B85 D0FEFFFF MOV EAX,DWORD PTR SS:[EBP-130]
0041B21F  |.  E9 EA020000 JMP WaGan.0041B50E
0041B224  |>  6A 0E       PUSH 0E                               ; /Arg1 = 0000000E
0041B226  |.  E8 F0050100 CALL WaGan.0042B81B                   ; \WaGan.0042B81B
0041B22B  |.  83C4 04    ADD ESP,4
0041B22E  |.  A1 606F4900 MOV EAX,DWORD PTR DS:[496F60]
0041B233  |.  C600 05    MOV BYTE PTR DS:[EAX],5
0041B236  |.  B9 0000D600 MOV ECX,0D60000
0041B23B  |.  E8 90B3FEFF CALL WaGan.004065D0
0041B240  |.  8B0D 606F4900 MOV ECX,DWORD PTR DS:[496F60]
0041B246  |.  8841 01    MOV BYTE PTR DS:[ECX+1],AL
0041B249  |.  B9 3CC64A00 MOV ECX,WaGan.004AC63C
0041B24E  |.  E8 5D06FFFF CALL WaGan.0040B8B0
0041B253  |.  8B15 606F4900 MOV EDX,DWORD PTR DS:[496F60]
0041B259  |.  8842 02    MOV BYTE PTR DS:[EDX+2],AL
0041B25C  |.  B9 70074B00 MOV ECX,WaGan.004B0770
0041B261  |.  E8 2920FFFF CALL WaGan.0040D28F
0041B266  |.  8B0D 606F4900 MOV ECX,DWORD PTR DS:[496F60]
0041B26C  |.  8841 03    MOV BYTE PTR DS:[ECX+3],AL
0041B26F  |.  8B15 606F4900 MOV EDX,DWORD PTR DS:[496F60]
0041B275  |.  33C0       XOR EAX,EAX

创建或打开文件  (传进来的参数有，08栈，放文件名的地址，ecx放需要返回得到句柄的内存地址)
004190BB  /$  55          PUSH EBP
004190BC  |.  8BEC       MOV EBP,ESP
004190BE  |.  51          PUSH ECX
004190BF  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
004190C2  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004190C5  |.  8338 00    CMP DWORD PTR DS:[EAX],0
004190C8  |.  75 2D       JNZ SHORT WaGan.004190F7
004190CA  |.  6A 00       PUSH 0                                  ; /hTemplateFile = NULL
004190CC  |.  68 80000000 PUSH 80                               ; |Attributes = NORMAL
004190D1  |.  6A 04       PUSH 4                                  ; |Mode = OPEN_ALWAYS
004190D3  |.  6A 00       PUSH 0                                  ; |pSecurity = NULL
004190D5  |.  6A 01       PUSH 1                                  ; |ShareMode = FILE_SHARE_READ
004190D7  |.  68 000000C0 PUSH C0000000                         ; |Access = GENERIC_READ|GENERIC_WRITE
004190DC  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]          ; |
004190DF  |.  51          PUSH ECX                               ; |FileName
004190E0  |.  FF15 18614800 CALL DWORD PTR DS:[<&KERNEL32.CreateFile>; \CreateFileA
004190E6  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]       把
004190E9  |.  8902       MOV DWORD PTR DS:[EDX],EAX       句柄放到传进来的地址中
004190EB  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004190EE  |.  8338 FF    CMP DWORD PTR DS:[EAX],-1
004190F1  |.  75 04       JNZ SHORT WaGan.004190F7
004190F3  |.  33C0       XOR EAX,EAX
004190F5  |.  EB 05       JMP SHORT WaGan.004190FC
004190F7  |>  B8 01000000 MOV EAX,1
004190FC  |>  8BE5       MOV ESP,EBP
004190FE  |.  5D          POP EBP
004190FF  \.  C2 0400    RETN 4

读文件(传进来的参数有ecx句柄地址，08栈buffer地址，0C栈读文件字节数)
00419102  /$  55          PUSH EBP
00419103  |.  8BEC       MOV EBP,ESP
00419105  |.  83EC 10    SUB ESP,10
00419108  |.  894D F0    MOV DWORD PTR SS:[EBP-10],ECX 句柄地址
0041910B  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
0041910E  |.  8338 00    CMP DWORD PTR DS:[EAX],0
00419111  |.  74 47       JE SHORT WaGan.0041915A             句柄不能为空
00419113  |.  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041911A  |.  EB 09       JMP SHORT WaGan.00419125
0041911C  |>  8B4D F4    /MOV ECX,DWORD PTR SS:[EBP-C]
0041911F  |.  83C1 01    |ADD ECX,1
00419122  |.  894D F4    |MOV DWORD PTR SS:[EBP-C],ECX
00419125  |>  6A 00       PUSH 0                               ; /pOverlapped = NULL
00419127  |.  8D55 FC    |LEA EDX,DWORD PTR SS:[EBP-4]          ; |
0041912A  |.  52          |PUSH EDX                               ; |pBytesRead
0041912B  |.  8B45 0C    |MOV EAX,DWORD PTR SS:[EBP+C]          ; |
0041912E  |.  50          |PUSH EAX                               ; |BytesToRead
0041912F  |.  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]          ; |
00419132  |.  51          |PUSH ECX                               ; |Buffer
00419133  |.  8B55 F0    |MOV EDX,DWORD PTR SS:[EBP-10]          ; |
00419136  |.  8B02       |MOV EAX,DWORD PTR DS:[EDX]             ; |
00419138  |.  50          |PUSH EAX                               ; |hFile 文件句柄，通过CreateFile得来
00419139  |.  FF15 14614800 |CALL DWORD PTR DS:[<&KERNEL32.ReadFile>>; \ReadFile
0041913F  |.  8945 F8    |MOV DWORD PTR SS:[EBP-8],EAX
00419142  |.  837D F8 00 |CMP DWORD PTR SS:[EBP-8],0
00419146  |.  75 0C       |JNZ SHORT WaGan.00419154
00419148  |.  837D F4 05 |CMP DWORD PTR SS:[EBP-C],5    连续尝试读5次
0041914C  |.  7E 04       |JLE SHORT WaGan.00419152
0041914E  |.  33C0       |XOR EAX,EAX
00419150  |.  EB 0F       |JMP SHORT WaGan.00419161       读失败
00419152  |>  EB 02       |JMP SHORT WaGan.00419156
00419154  |>  EB 02       |JMP SHORT WaGan.00419158
00419156  |>^ EB C4       \JMP SHORT WaGan.0041911C
00419158  |>  EB 04       JMP SHORT WaGan.0041915E
0041915A  |>  33C0       XOR EAX,EAX
0041915C  |.  EB 03       JMP SHORT WaGan.00419161
0041915E  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]  读成功，布尔返回值返回
00419161  |>  8BE5       MOV ESP,EBP
00419163  |.  5D          POP EBP
00419164  \.  C2 0800    RETN 8

419194 [0C--0]  419231    4192AA

设置文件指针( ecx句柄地址，08栈移动字节数，0C栈 flag—how to move)
FILE_BEGIN The starting point is zero or the beginning of the file.
FILE_CURRENT The starting point is the current value of the file pointer.
FILE_END The starting point is the current end-of-file position.
004191AF  /$  55          PUSH EBP
004191B0  |.  8BEC       MOV EBP,ESP
004191B2  |.  83EC 0C    SUB ESP,0C
004191B5  |.  894D F8    MOV DWORD PTR SS:[EBP-8],ECX
004191B8  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
004191BF  |.  8B45 0C    MOV EAX,DWORD PTR SS:[EBP+C]
004191C2  |.  8945 F4    MOV DWORD PTR SS:[EBP-C],EAX
004191C5  |.  837D F4 00 CMP DWORD PTR SS:[EBP-C],0
004191C9  |.  74 0E       JE SHORT WaGan.004191D9
004191CB  |.  837D F4 01 CMP DWORD PTR SS:[EBP-C],1
004191CF  |.  74 11       JE SHORT WaGan.004191E2
004191D1  |.  837D F4 02 CMP DWORD PTR SS:[EBP-C],2
004191D5  |.  74 14       JE SHORT WaGan.004191EB
004191D7  |.  EB 1B       JMP SHORT WaGan.004191F4
004191D9  |>  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
004191E0  |.  EB 19       JMP SHORT WaGan.004191FB
004191E2  |>  C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
004191E9  |.  EB 10       JMP SHORT WaGan.004191FB
004191EB  |>  C745 FC 02000>MOV DWORD PTR SS:[EBP-4],2
004191F2  |.  EB 07       JMP SHORT WaGan.004191FB
004191F4  |>  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
004191FB  |>  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
004191FE  |.  8339 00    CMP DWORD PTR DS:[ECX],0
00419201  |.  74 16       JE SHORT WaGan.00419219
00419203  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00419206  |.  52          PUSH EDX                               ; /Origin    how to move
00419207  |.  6A 00       PUSH 0                                  ; |pOffsetHi = NULL
00419209  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]          ; |
0041920C  |.  50          PUSH EAX                               ; |OffsetLo 移动的字节数
0041920D  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]          ; |
00419210  |.  8B11       MOV EDX,DWORD PTR DS:[ECX]             ; |
00419212  |.  52          PUSH EDX                               ; |hFile    句饼
00419213  |.  FF15 04614800 CALL DWORD PTR DS:[<&KERNEL32.SetFilePoi>; \SetFilePointer
00419219  |>  8BE5       MOV ESP,EBP
0041921B  |.  5D          POP EBP
0041921C  \.  C2 0800    RETN 8

写文件  (ecx文件句柄,08栈缓冲区地址，+C要写多少字节)
0041923C  /$  55          PUSH EBP
0041923D  |.  8BEC       MOV EBP,ESP
0041923F  |.  83EC 0C    SUB ESP,0C
00419242  |.  894D F4    MOV DWORD PTR SS:[EBP-C],ECX
00419245  |.  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
00419248  |.  8338 00    CMP DWORD PTR DS:[EAX],0
0041924B  |.  74 27       JE SHORT WaGan.00419274
0041924D  |.  6A 00       PUSH 0                                  ; /pOverlapped = NULL
0041924F  |.  8D4D FC    LEA ECX,DWORD PTR SS:[EBP-4]          ; |
00419252  |.  51          PUSH ECX                               ; |pBytesWritten
00419253  |.  8B55 0C    MOV EDX,DWORD PTR SS:[EBP+C]          ; |
00419256  |.  52          PUSH EDX                               ; |nBytesToWrite
00419257  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]          ; |
0041925A  |.  50          PUSH EAX                               ; |Buffer
0041925B  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0041925E  |.  8B11       MOV EDX,DWORD PTR DS:[ECX]             ; |
00419260  |.  52          PUSH EDX                               ; |hFile
00419261  |.  FF15 0C614800 CALL DWORD PTR DS:[<&KERNEL32.WriteFile>>; \WriteFile
00419267  |.  8945 F8    MOV DWORD PTR SS:[EBP-8],EAX
0041926A  |.  837D F8 00 CMP DWORD PTR SS:[EBP-8],0
0041926E  |.  75 04       JNZ SHORT WaGan.00419274
00419270  |.  33C0       XOR EAX,EAX
00419272  |.  EB 03       JMP SHORT WaGan.00419277
00419274  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00419277  |>  8BE5       MOV ESP,EBP
00419279  |.  5D          POP EBP
0041927A  \.  C2 0800    RETN 8
关闭文件剧柄  (Ecx放文件句柄)
004192C5  /$  55          PUSH EBP
004192C6  |.  8BEC       MOV EBP,ESP
004192C8  |.  51          PUSH ECX
004192C9  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
004192CC  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004192CF  |.  8338 00    CMP DWORD PTR DS:[EAX],0
004192D2  |.  74 24       JE SHORT WaGan.004192F8
004192D4  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004192D7  |.  8B11       MOV EDX,DWORD PTR DS:[ECX]
004192D9  |.  52          PUSH EDX                               ; /hObject
004192DA  |.  FF15 08614800 CALL DWORD PTR DS:[<&KERNEL32.CloseHandl>; \CloseHandle
004192E0  |.  85C0       TEST EAX,EAX
004192E2  |.  74 10       JE SHORT WaGan.004192F4
004192E4  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004192E7  |.  C700 00000000 MOV DWORD PTR DS:[EAX],0
004192ED  |.  B8 01000000 MOV EAX,1
004192F2  |.  EB 09       JMP SHORT WaGan.004192FD
004192F4  |>  33C0       XOR EAX,EAX
004192F6  |.  EB 05       JMP SHORT WaGan.004192FD
004192F8  |>  B8 01000000 MOV EAX,1
004192FD  |>  8BE5       MOV ESP,EBP
004192FF  |.  5D          POP EBP
00419300  \.  C3          RETN

删除文件
00419301  /.  55          PUSH EBP
00419302  |.  8BEC       MOV EBP,ESP
00419304  |.  51          PUSH ECX
00419305  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
00419308  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0041930B  |.  E8 B5FFFFFF CALL WaGan.004192C5
00419310  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
00419313  |.  50          PUSH EAX                               ; /FileName
00419314  |.  FF15 F8604800 CALL DWORD PTR DS:[<&KERNEL32.DeleteFile>; \DeleteFileA
0041931A  |.  8BE5       MOV ESP,EBP
0041931C  |.  5D          POP EBP
0041931D  \.  C2 0400    RETN 4
获取文件大小
004193A5  /$  55          PUSH EBP
004193A6  |.  8BEC       MOV EBP,ESP
004193A8  |.  83EC 08    SUB ESP,8
004193AB  |.  894D F8    MOV DWORD PTR SS:[EBP-8],ECX
004193AE  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
004193B5  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
004193B8  |.  8338 00    CMP DWORD PTR DS:[EAX],0
004193BB  |.  74 1E       JE SHORT WaGan.004193DB
004193BD  |.  6A 00       PUSH 0                                  ; /pFileSizeHigh = NULL
004193BF  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]          ; |
004193C2  |.  8B11       MOV EDX,DWORD PTR DS:[ECX]             ; |
004193C4  |.  52          PUSH EDX                               ; |hFile
004193C5  |.  FF15 EC604800 CALL DWORD PTR DS:[<&KERNEL32.GetFileSiz>; \GetFileSize
004193CB  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
004193CE  |.  837D FC FF CMP DWORD PTR SS:[EBP-4],-1
004193D2  |.  75 07       JNZ SHORT WaGan.004193DB
004193D4  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
004193DB  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004193DE  |.  8BE5       MOV ESP,EBP
004193E0  |.  5D          POP EBP
004193E1  \.  C3          RETN

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#27

发表于 2007-12-30 21:22 资料个人空间短消息看全部作者

说岳6D指令

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#28

发表于 2007-12-30 21:22 资料个人空间短消息看全部作者

鼠标移动过去显示武将信息的函数

0044EE8A  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0044EE8D  |.  E8 47F2FFFF CALL WaGan.0044E0D9 进入我军阶段，友军阶段，敌军阶段 (不含剧本的)

0044E0D9 $  55          PUSH EBP
0044E0DA .  8BEC       MOV EBP,ESP
0044E0DC .  83EC 38    SUB ESP,38
0044E0DF .  894D C8    MOV DWORD PTR SS:[EBP-38],ECX
0044E0E2 .  C645 EC FF MOV BYTE PTR SS:[EBP-14],0FF
0044E0E6 .  C645 DC FF MOV BYTE PTR SS:[EBP-24],0FF
0044E0EA .  8D4D E0    LEA ECX,DWORD PTR SS:[EBP-20]
0044E0ED .  E8 1E160100 CALL WaGan.0045F710
0044E0F2 .  C745 F4 01000>MOV DWORD PTR SS:[EBP-C],1
0044E0F9 .  C745 E4 00000>MOV DWORD PTR SS:[EBP-1C],0
0044E100 .  8B45 C8    MOV EAX,DWORD PTR SS:[EBP-38]
0044E103 .  33C9       XOR ECX,ECX
0044E105 .  8A48 01    MOV CL,BYTE PTR DS:[EAX+1]
0044E108 .  85C9       TEST ECX,ECX
0044E10A .  74 05       JE SHORT WaGan.0044E111
0044E10C .  E9 F1050000 JMP WaGan.0044E702
0044E111 >  C745 F0 00000>MOV DWORD PTR SS:[EBP-10],0
0044E118 .  EB 09       JMP SHORT WaGan.0044E123
0044E11A >  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]
0044E11D .  83C2 01    ADD EDX,1
0044E120 .  8955 F0    MOV DWORD PTR SS:[EBP-10],EDX
0044E123 >  837D F0 23 CMP DWORD PTR SS:[EBP-10],23 友军和敌军的界限
0044E127 .  73 65       JNB SHORT WaGan.0044E18E
0044E129 .  8B45 C8    MOV EAX,DWORD PTR SS:[EBP-38] 我军或者优军
0044E12C .  33C9       XOR ECX,ECX
0044E12E .  8A48 01    MOV CL,BYTE PTR DS:[EAX+1]
0044E131 .  85C9       TEST ECX,ECX
0044E133 .  75 59       JNZ SHORT WaGan.0044E18E
0044E135 .  68 80000000 PUSH 80                               ; /Arg1 = 00000080
0044E13A .  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
0044E13D .  6BC9 24    IMUL ECX,ECX,24                         ; |
0044E140 .  81C1 502C4B00 ADD ECX,WaGan.004B2C50                ; |
0044E146 .  E8 A579FDFF CALL WaGan.00425AF0                   ; \WaGan.00425AF0 判断Ecx武将行动是否结束
0044E14B .  85C0       TEST EAX,EAX
0044E14D .  75 3D       JNZ SHORT WaGan.0044E18C
0044E14F .  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
0044E152 .  6BC9 24    IMUL ECX,ECX,24
0044E155 .  81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E15B .  E8 7079FDFF CALL WaGan.00425AD0             判断是否能被玩家直接控制
0044E160 .  25 FF000000 AND EAX,0FF
0044E165 .  83F8 07    CMP EAX,7                            等于7，玩家控制
0044E168 .  75 22       JNZ SHORT WaGan.0044E18C
0044E16A .  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
0044E16D .  6BC9 24    IMUL ECX,ECX,24
0044E170 .  81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E176 .  E8 15ABFCFF CALL WaGan.00418C90                   取战场内存+C位置的值
0044E17B .  25 FF000000 AND EAX,0FF
0044E180 .  83F8 02    CMP EAX,2
0044E183 .  75 07       JNZ SHORT WaGan.0044E18C
0044E185 .  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0044E18C >^ EB 8C       JMP SHORT WaGan.0044E11A 往上跳，转下一个战场人物

0044E18E > \6A 01       PUSH 1                                  ; /Arg2 = 00000001    敌人
0044E190 .  8D55 FC    LEA EDX,DWORD PTR SS:[EBP-4]          ; |
0044E193 .  52          PUSH EDX                               ; |Arg1
0044E194 .  8B4D C8    MOV ECX,DWORD PTR SS:[EBP-38]          ; |
0044E197 .  E8 EFE1FFFF CALL WaGan.0044C38B                   ; \WaGan.0044C38B
0044E19C .  8A45 FD    MOV AL,BYTE PTR SS:[EBP-3]
0044E19F .  50          PUSH EAX                               ; /Arg2
0044E1A0 .  8A4D FC    MOV CL,BYTE PTR SS:[EBP-4]             ; |
0044E1A3 .  51          PUSH ECX                               ; |Arg1
0044E1A4 .  B9 50424B00 MOV ECX,WaGan.004B4250                ; |
0044E1A9 .  E8 916E0000 CALL WaGan.0045503F                   ; \WaGan.0045503F
0044E1AE .  8B55 C8    MOV EDX,DWORD PTR SS:[EBP-38]
0044E1B1 .  C642 05 00 MOV BYTE PTR DS:[EDX+5],0
0044E1B5 .  6A 01       PUSH 1                                  ; /Arg1 = 00000001
0044E1B7 .  E8 00780200 CALL WaGan.004759BC                   ; \WaGan.004759BC
0044E1BC .  83C4 04    ADD ESP,4
0044E1BF .  6A 00       PUSH 0                                  ; /Arg1 = 00000000
0044E1C1 .  E8 55D6FDFF CALL WaGan.0042B81B                   ; \WaGan.0042B81B
0044E1C6 .  83C4 04    ADD ESP,4
0044E1C9 >  837D F4 00 CMP DWORD PTR SS:[EBP-C],0
0044E1CD .- FF25 14D04C00 JMP DWORD PTR DS:[<&AutoDLL.ASave>]    ;  AutoDLL.ASave
0044E1D3 .  E8 EC080300 CALL WaGan.0047EAC4
0044E1D8 .  C745 F0 00000>MOV DWORD PTR SS:[EBP-10],0
0044E1DF .  EB 09       JMP SHORT WaGan.0044E1EA
0044E1E1 > /8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
0044E1E4 . |83C0 01    ADD EAX,1
0044E1E7 . |8945 F0    MOV DWORD PTR SS:[EBP-10],EAX
0044E1EA > |837D F4 00 CMP DWORD PTR SS:[EBP-C],0
0044E1EE . |0F85 F5040000 JNZ WaGan.0044E6E9
0044E1F4 . |E8 CB080300 CALL WaGan.0047EAC4
0044E1F9 . |B9 50424B00 MOV ECX,WaGan.004B4250
0044E1FE . |E8 A55C0000 CALL WaGan.00453EA8
0044E203 . |B9 50424B00 MOV ECX,WaGan.004B4250
0044E208 . |E8 FC640000 CALL WaGan.00454709
0044E20D . |8945 E8    MOV DWORD PTR SS:[EBP-18],EAX
0044E210 . |B9 181B4B00 MOV ECX,WaGan.004B1B18
0044E215 . |E8 D615FEFF CALL WaGan.0042F7F0
0044E21A . |85C0       TEST EAX,EAX
0044E21C . |74 2E       JE SHORT WaGan.0044E24C
0044E21E . |837D E8 00 CMP DWORD PTR SS:[EBP-18],0
0044E222 . |75 28       JNZ SHORT WaGan.0044E24C
0044E224 . |8B4D C8    MOV ECX,DWORD PTR SS:[EBP-38]
0044E227 . |33D2       XOR EDX,EDX
0044E229 . |8A51 01    MOV DL,BYTE PTR DS:[ECX+1]
0044E22C . |85D2       TEST EDX,EDX
0044E22E . |75 1C       JNZ SHORT WaGan.0044E24C
0044E230 . |6A 04       PUSH 4                                  ; /Arg1 = 00000004
0044E232 . |E8 94E2FDFF CALL WaGan.0042C4CB                   ; \WaGan.0042C4CB
0044E237 . |83C4 04    ADD ESP,4
0044E23A . |8B4D C8    MOV ECX,DWORD PTR SS:[EBP-38]
0044E23D . |E8 EE84FBFF CALL WaGan.00406730
0044E242 . |B9 50424B00 MOV ECX,WaGan.004B4250
0044E247 . |E8 C7580000 CALL WaGan.00453B13
0044E24C > |B9 50424B00 MOV ECX,WaGan.004B4250
0044E251 . |E8 AD5D0000 CALL WaGan.00454003
0044E256 . |50          PUSH EAX                               ; /Arg1
0044E257 . |8D4D E0    LEA ECX,DWORD PTR SS:[EBP-20]          ; |
0044E25A . |E8 4183FBFF CALL WaGan.004065A0                   ; \WaGan.004065A0
0044E25F . |8D45 E0    LEA EAX,DWORD PTR SS:[EBP-20]
0044E262 . |50          PUSH EAX                               ; /Arg1
0044E263 . |E8 1C76FEFF CALL WaGan.00435884                   ; \WaGan.00435884
0044E268 . |83C4 04    ADD ESP,4
0044E26B . |8845 D8    MOV BYTE PTR SS:[EBP-28],AL
0044E26E . |8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
0044E271 . |81E1 FF000000 AND ECX,0FF
0044E277 . |81F9 FF000000 CMP ECX,0FF
0044E27D . |0F84 C1000000 JE WaGan.0044E344
鼠标移过去就触发
0044E283 .  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
0044E286 .  81E2 FF000000 AND EDX,0FF
0044E28C .  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]
0044E28F .  25 FF000000 AND EAX,0FF
0044E294 .  3BD0       CMP EDX,EAX
0044E296 .  0F84 A8000000 JE WaGan.0044E344
0044E29C .  B9 50424B00 MOV ECX,WaGan.004B4250
0044E2A1 .  E8 F15B0000 CALL WaGan.00453E97
0044E2A6 .  85C0       TEST EAX,EAX
0044E2A8 .  74 0E       JE SHORT WaGan.0044E2B8
0044E2AA .  B9 50424B00 MOV ECX,WaGan.004B4250
0044E2AF .  E8 7E5B0000 CALL WaGan.00453E32
0044E2B4 .  C645 EC FF MOV BYTE PTR SS:[EBP-14],0FF
0044E2B8 >  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
0044E2BB .  81E1 FF000000 AND ECX,0FF
0044E2C1 .  81F9 FF000000 CMP ECX,0FF
0044E2C7 .  74 7B       JE SHORT WaGan.0044E344
0044E2C9 .  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
0044E2CC .  81E1 FF000000 AND ECX,0FF
0044E2D2 .  6BC9 24    IMUL ECX,ECX,24
0044E2D5 .  81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E2DB .  E8 B0A9FCFF CALL WaGan.00418C90
0044E2E0 .  25 FF000000 AND EAX,0FF
0044E2E5 .  83F8 02    CMP EAX,2
0044E2E8 .  75 5A       JNZ SHORT WaGan.0044E344
0044E2EA .  33D2       XOR EDX,EDX
0044E2EC .  8A15 34424B00 MOV DL,BYTE PTR DS:[4B4234]
0044E2F2 .  85D2       TEST EDX,EDX
0044E2F4 .  75 4E       JNZ SHORT WaGan.0044E344
0044E2F6 .  8A45 D8    MOV AL,BYTE PTR SS:[EBP-28]
0044E2F9 .  8845 EC    MOV BYTE PTR SS:[EBP-14],AL
0044E2FC .  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
0044E2FF .  81E1 FF000000 AND ECX,0FF
0044E305 .  6BC9 24    IMUL ECX,ECX,24
0044E308 .  81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E30E .  E8 8B21FFFF CALL WaGan.0044049E
0044E313 .  8B0D 08754B00 MOV ECX,DWORD PTR DS:[4B7508]
0044E319 .  51          PUSH ECX                               ; /hWnd => 00090A5E ('武将情报',class='#32770',parent=001209CA)
0044E31A .  FF15 C8624800 CALL DWORD PTR DS:[<&USER32.IsWindowVisi>; \IsWindowVisible
0044E320 .  85C0       TEST EAX,EAX
0044E322 .  74 20       JE SHORT WaGan.0044E344
0044E322 . /74 20       JE SHORT WaGan.0044E344
0044E324 . |8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
0044E327 . |81E1 FF000000 AND ECX,0FF
0044E32D . |6BC9 24    IMUL ECX,ECX,24
0044E330 . |81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E336 . |E8 35130100 CALL WaGan.0045F670                获取武将ecx的data编号
0044E33B . |50          PUSH EAX                               ; /Arg1
0044E33C . |E8 54B40200 CALL WaGan.00479795                   ; \WaGan.00479795
0044E341 . |83C4 04    ADD ESP,4
0044E344 > \8B55 D8    MOV EDX,DWORD PTR SS:[EBP-28]
0044E347 .  81E2 FF000000 AND EDX,0FF
0044E34D .  81FA FF000000 CMP EDX,0FF
0044E353 .  75 54       JNZ SHORT WaGan.0044E3A9
0044E355 .  8B45 C8    MOV EAX,DWORD PTR SS:[EBP-38]
0044E358 .  83B8 00050000>CMP DWORD PTR DS:[EAX+500],0
0044E35F .  74 1F       JE SHORT WaGan.0044E380
0044E361 .  8B4D E1    MOV ECX,DWORD PTR SS:[EBP-1F]
0044E364 .  81E1 FF000000 AND ECX,0FF
0044E36A .  81F9 FF000000 CMP ECX,0FF
0044E370 .  75 0E       JNZ SHORT WaGan.0044E380
0044E372 .  FF15 60624800 CALL DWORD PTR DS:[<&USER32.GetActiveWin>; [GetActiveWindow
0044E378 .  3905 686A4B00 CMP DWORD PTR DS:[4B6A68],EAX
0044E37E .  74 29       JE SHORT WaGan.0044E3A9
0044E380 >  C645 EC FF MOV BYTE PTR SS:[EBP-14],0FF
0044E384 .  B9 50424B00 MOV ECX,WaGan.004B4250
0044E389 .  E8 095B0000 CALL WaGan.00453E97
0044E38E .  85C0       TEST EAX,EAX
0044E390 .  74 17       JE SHORT WaGan.0044E3A9
0044E392 .  B9 50424B00 MOV ECX,WaGan.004B4250
0044E397 .  E8 965A0000 CALL WaGan.00453E32
0044E39C .  8B55 C8    MOV EDX,DWORD PTR SS:[EBP-38]
0044E39F .  C782 00050000>MOV DWORD PTR DS:[EDX+500],0
0044E3A9 >  E8 16070300 CALL WaGan.0047EAC4
0044E3AE .  E8 B8E1FDFF CALL WaGan.0042C56B
0044E3B3 .  83F8 01    CMP EAX,1
0044E3B6 .  0F85 FC000000 JNZ WaGan.0044E4B8
0044E3BC .  33C0       XOR EAX,EAX
0044E3BE .  A0 34424B00 MOV AL,BYTE PTR DS:[4B4234]
0044E3C3 .  85C0       TEST EAX,EAX
0044E3C5 .  0F85 ED000000 JNZ WaGan.0044E4B8
0044E3CB .  6A 00       PUSH 0                                  ; /Arg1 = 00000000
0044E3CD .  E8 14BAFFFF CALL WaGan.00449DE6                   ; \WaGan.00449DE6
0044E3D2 .  83C4 04    ADD ESP,4
0044E3D5 .  6A 01       PUSH 1                                  ; /Arg2 = 00000001
0044E3D7 .  6A 00       PUSH 0                                  ; |Arg1 = 00000000
0044E3D9 .  B9 B0694B00 MOV ECX,WaGan.004B69B0                ; |
0044E3DE .  E8 97620200 CALL WaGan.0047467A                   ; \WaGan.0047467A
0044E3E3 .  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0044E3E6 .  81E1 FF000000 AND ECX,0FF
0044E3EC .  81F9 FF000000 CMP ECX,0FF
0044E3F2 .  0F84 89000000 JE WaGan.0044E481
0044E3F8 .  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
0044E3FB .  81E2 FF000000 AND EDX,0FF
0044E401 .  83FA 73    CMP EDX,73
0044E404 .  7D 7B       JGE SHORT WaGan.0044E481
0044E406 .  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0044E409 .  81E1 FF000000 AND ECX,0FF
0044E40F .  6BC9 24    IMUL ECX,ECX,24
0044E412 .  81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E418 .  E8 C6F9FEFF CALL WaGan.0043DDE3
0044E41D .  8945 E4    MOV DWORD PTR SS:[EBP-1C],EAX
0044E420 .  6A 00       PUSH 0                                  ; /lParam = 0
0044E422 .  6A 00       PUSH 0                                  ; |wParam = 0
0044E424 .  68 02020000 PUSH 202                               ; |Message = WM_LBUTTONUP
0044E429 .  A1 686A4B00 MOV EAX,DWORD PTR DS:[4B6A68]          ; |
0044E42E .  50          PUSH EAX                               ; |hWnd => NULL
0044E42F .  FF15 F4624800 CALL DWORD PTR DS:[<&USER32.SendMessageA>; \SendMessageA
0044E435 .  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0044E438 .  81E1 FF000000 AND ECX,0FF
0044E43E .  6BC9 24    IMUL ECX,ECX,24
0044E441 .  81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E447 .  E8 24120100 CALL WaGan.0045F670
0044E44C .  50          PUSH EAX                               ; /Arg1
0044E44D .  B9 F05D4B00 MOV ECX,WaGan.004B5DF0                ; |
0044E452 .  E8 F9110100 CALL WaGan.0045F650                   ; \WaGan.0045F650
0044E457 .  8A4D EC    MOV CL,BYTE PTR SS:[EBP-14]
0044E45A .  51          PUSH ECX                               ; /Arg1
0044E45B .  B9 F05D4B00 MOV ECX,WaGan.004B5DF0                ; |
0044E460 .  E8 99D10000 CALL WaGan.0045B5FE                   ; \WaGan.0045B5FE
0044E465 .  C645 EC FF MOV BYTE PTR SS:[EBP-14],0FF
0044E469 .  6A 00       PUSH 0                                  ; /lParam = 0
0044E46B .  6A 00       PUSH 0                                  ; |wParam = 0
0044E46D .  68 02020000 PUSH 202                               ; |Message = WM_LBUTTONUP
0044E472 .  8B15 686A4B00 MOV EDX,DWORD PTR DS:[4B6A68]          ; |
0044E478 .  52          PUSH EDX                               ; |hWnd => NULL
0044E479 .  FF15 F4624800 CALL DWORD PTR DS:[<&USER32.SendMessageA>; \SendMessageA
0044E47F .  EB 2D       JMP SHORT WaGan.0044E4AE
0044E481 >  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0044E484 .  25 FF000000 AND EAX,0FF
0044E489 .  3D FF000000 CMP EAX,0FF
0044E48E .  75 1E       JNZ SHORT WaGan.0044E4AE
0044E490 .  6A 01       PUSH 1                                  ; /Arg2 = 00000001
0044E492 .  8D4D E0    LEA ECX,DWORD PTR SS:[EBP-20]          ; |
0044E495 .  51          PUSH ECX                               ; |Arg1
0044E496 .  B9 50424B00 MOV ECX,WaGan.004B4250                ; |
0044E49B .  E8 CD720000 CALL WaGan.0045576D                   ; \WaGan.0045576D
0044E4A0 .  6A 01       PUSH 1                                  ; /Arg2 = 00000001
0044E4A2 .  6A 01       PUSH 1                                  ; |Arg1 = 00000001
0044E4A4 .  B9 B0694B00 MOV ECX,WaGan.004B69B0                ; |
0044E4A9 .  E8 CC610200 CALL WaGan.0047467A                   ; \WaGan.0047467A
0044E4AE >  6A 01       PUSH 1                                  ; /Arg1 = 00000001
0044E4B0 .  E8 31B9FFFF CALL WaGan.00449DE6                   ; \WaGan.00449DE6
0044E4B5 .  83C4 04    ADD ESP,4
0044E4B8 >  B9 083D4B00 MOV ECX,WaGan.004B3D08
0044E4BD .  E8 DE140000 CALL WaGan.0044F9A0
0044E4C2 .  25 FF000000 AND EAX,0FF
0044E4C7 .  8945 F8    MOV DWORD PTR SS:[EBP-8],EAX
0044E4CA .  837D F8 07 CMP DWORD PTR SS:[EBP-8],7
0044E4CE .  75 2C       JNZ SHORT WaGan.0044E4FC
0044E4D0 .  6A 00       PUSH 0                                  ; /Arg1 = 00000000
0044E4D2 .  8B4D C8    MOV ECX,DWORD PTR SS:[EBP-38]          ; |
0044E4D5 .  E8 46D9FBFF CALL WaGan.0040BE20                   ; \WaGan.0040BE20
0044E4DA .  E8 27020000 CALL WaGan.0044E706
0044E4DF .  85C0       TEST EAX,EAX
0044E4E1 .  74 0C       JE SHORT WaGan.0044E4EF
0044E4E3 .  6A 06       PUSH 6                                  ; /Arg1 = 00000006
0044E4E5 .  B9 083D4B00 MOV ECX,WaGan.004B3D08                ; |
0044E4EA .  E8 31D9FBFF CALL WaGan.0040BE20                   ; \WaGan.0040BE20
0044E4EF >  8B55 C8    MOV EDX,DWORD PTR SS:[EBP-38]
0044E4F2 .  C782 00050000>MOV DWORD PTR DS:[EDX+500],1
0044E4FC >  E8 6AE0FDFF CALL WaGan.0042C56B
0044E501 .  83F8 02    CMP EAX,2
0044E504 .  75 59       JNZ SHORT WaGan.0044E55F
0044E506 .  8D45 E0    LEA EAX,DWORD PTR SS:[EBP-20]
0044E509 .  50          PUSH EAX                               ; /Arg1
0044E50A .  E8 7573FEFF CALL WaGan.00435884                   ; \WaGan.00435884
0044E50F .  83C4 04    ADD ESP,4
0044E512 .  8845 D4    MOV BYTE PTR SS:[EBP-2C],AL
0044E515 .  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]
0044E518 .  81E1 FF000000 AND ECX,0FF
0044E51E .  81F9 FF000000 CMP ECX,0FF
0044E524 .  74 2F       JE SHORT WaGan.0044E555
0044E526 .  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]
0044E529 .  81E1 FF000000 AND ECX,0FF
0044E52F .  6BC9 24    IMUL ECX,ECX,24
0044E532 .  81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E538 .  E8 33110100 CALL WaGan.0045F670
0044E53D .  50          PUSH EAX                               ; /Arg1
0044E53E .  E8 52B20200 CALL WaGan.00479795                   ; \WaGan.00479795
0044E543 .  83C4 04    ADD ESP,4
0044E546 .  8B15 08754B00 MOV EDX,DWORD PTR DS:[4B7508]
0044E54C .  52          PUSH EDX                               ; /hWnd => NULL
0044E54D .  FF15 CC624800 CALL DWORD PTR DS:[<&USER32.SetActiveWin>; \SetActiveWindow
0044E553 .  EB 0A       JMP SHORT WaGan.0044E55F
0044E555 >  6A 06       PUSH 6                                  ; /Arg1 = 00000006
0044E557 .  8B4D C8    MOV ECX,DWORD PTR SS:[EBP-38]          ; |
0044E55A .  E8 C1D8FBFF CALL WaGan.0040BE20                   ; \WaGan.0040BE20
0044E55F >  8B4D C8    MOV ECX,DWORD PTR SS:[EBP-38]
0044E562 .  E8 39140000 CALL WaGan.0044F9A0
0044E567 .  25 FF000000 AND EAX,0FF
0044E56C .  83F8 06    CMP EAX,6
0044E56F .  75 57       JNZ SHORT WaGan.0044E5C8
0044E571 .  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0044E574 .  25 FF000000 AND EAX,0FF
0044E579 .  3D FF000000 CMP EAX,0FF
0044E57E .  74 0E       JE SHORT WaGan.0044E58E
0044E580 .  B9 50424B00 MOV ECX,WaGan.004B4250
0044E585 .  E8 A8580000 CALL WaGan.00453E32
0044E58A .  C645 EC FF MOV BYTE PTR SS:[EBP-14],0FF
0044E58E >  6A 00       PUSH 0                                  ; /Arg1 = 00000000
0044E590 .  E8 51B8FFFF CALL WaGan.00449DE6                   ; \WaGan.00449DE6
0044E595 .  83C4 04    ADD ESP,4
0044E598 .  B9 50424B00 MOV ECX,WaGan.004B4250
0044E59D .  E8 7A600000 CALL WaGan.0045461C
0044E5A2 .  68 20E14800 PUSH WaGan.0048E120                   ; /Arg2 = 0048E120
0044E5A7 .  6A 01       PUSH 1                                  ; |Arg1 = 00000001
0044E5A9 .  E8 EB10FEFF CALL WaGan.0042F699                   ; \WaGan.0042F699
0044E5AE .  83C4 08    ADD ESP,8
0044E5B1 .  8945 F4    MOV DWORD PTR SS:[EBP-C],EAX
0044E5B4 .  6A 00       PUSH 0                                  ; /Arg1 = 00000000
0044E5B6 .  8B4D C8    MOV ECX,DWORD PTR SS:[EBP-38]          ; |
0044E5B9 .  E8 62D8FBFF CALL WaGan.0040BE20                   ; \WaGan.0040BE20
0044E5BE .  6A 01       PUSH 1                                  ; /Arg1 = 00000001
0044E5C0 .  E8 21B8FFFF CALL WaGan.00449DE6                   ; \WaGan.00449DE6
0044E5C5 .  83C4 04    ADD ESP,4
0044E5C8 >  8B4D C8    MOV ECX,DWORD PTR SS:[EBP-38]
0044E5CB .  E8 D0130000 CALL WaGan.0044F9A0
0044E5D0 .  25 FF000000 AND EAX,0FF
0044E5D5 .  83F8 05    CMP EAX,5
0044E5D8 .  75 05       JNZ SHORT WaGan.0044E5DF
0044E5DA .  E9 23010000 JMP WaGan.0044E702
0044E5DF >  837D E4 00 CMP DWORD PTR SS:[EBP-1C],0
0044E5E3 .  0F84 FB000000 JE WaGan.0044E6E4
0044E5E9 .  6A 00       PUSH 0                                  ; /Arg1 = 00000000
0044E5EB .  E8 F6B7FFFF CALL WaGan.00449DE6                   ; \WaGan.00449DE6
0044E5F0 .  83C4 04    ADD ESP,4
0044E5F3 .  8B4D C8    MOV ECX,DWORD PTR SS:[EBP-38]
0044E5F6 .  E8 08E6FFFF CALL WaGan.0044CC03
0044E5FB .  8B4D C8    MOV ECX,DWORD PTR SS:[EBP-38]
0044E5FE .  33D2       XOR EDX,EDX
0044E600 .  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]
0044E603 .  85D2       TEST EDX,EDX
0044E605 .  75 08       JNZ SHORT WaGan.0044E60F
0044E607 .  8B4D C8    MOV ECX,DWORD PTR SS:[EBP-38]
0044E60A .  E8 F2DFFFFF CALL WaGan.0044C601
0044E60F >  8B45 C8    MOV EAX,DWORD PTR SS:[EBP-38]
0044E612 .  33C9       XOR ECX,ECX
0044E614 .  8A48 01    MOV CL,BYTE PTR DS:[EAX+1]
0044E617 .  85C9       TEST ECX,ECX
0044E619 .  74 05       JE SHORT WaGan.0044E620
0044E61B .  E9 E2000000 JMP WaGan.0044E702
0044E620 >  C645 D0 00 MOV BYTE PTR SS:[EBP-30],0
0044E624 .  C745 CC 00000>MOV DWORD PTR SS:[EBP-34],0
0044E62B .  EB 09       JMP SHORT WaGan.0044E636
0044E62D >  8B55 CC    MOV EDX,DWORD PTR SS:[EBP-34]
0044E630 .  83C2 01    ADD EDX,1
0044E633 .  8955 CC    MOV DWORD PTR SS:[EBP-34],EDX
0044E636 >  837D CC 23 CMP DWORD PTR SS:[EBP-34],23
0044E63A .  73 6E       JNB SHORT WaGan.0044E6AA
0044E63C .  6A 02       PUSH 2                                  ; /Arg1 = 00000002
0044E63E .  8B4D CC    MOV ECX,DWORD PTR SS:[EBP-34]          ; |
0044E641 .  6BC9 24    IMUL ECX,ECX,24                         ; |
0044E644 .  81C1 502C4B00 ADD ECX,WaGan.004B2C50                ; |
0044E64A .  E8 A174FDFF CALL WaGan.00425AF0                   ; \WaGan.00425AF0
0044E64F .  85C0       TEST EAX,EAX
0044E651 .  75 55       JNZ SHORT WaGan.0044E6A8
0044E653 .  6A 08       PUSH 8                                  ; /Arg1 = 00000008
0044E655 .  8B4D CC    MOV ECX,DWORD PTR SS:[EBP-34]          ; |
0044E658 .  6BC9 24    IMUL ECX,ECX,24                         ; |
0044E65B .  81C1 502C4B00 ADD ECX,WaGan.004B2C50                ; |
0044E661 .  E8 7A80FBFF CALL WaGan.004066E0                   ; \WaGan.004066E0
0044E666 .  85C0       TEST EAX,EAX
0044E668 .  75 3E       JNZ SHORT WaGan.0044E6A8
0044E66A .  8B4D CC    MOV ECX,DWORD PTR SS:[EBP-34]
0044E66D .  6BC9 24    IMUL ECX,ECX,24
0044E670 .  81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E676 .  E8 15A6FCFF CALL WaGan.00418C90
0044E67B .  25 FF000000 AND EAX,0FF
0044E680 .  83F8 02    CMP EAX,2
0044E683 .  75 23       JNZ SHORT WaGan.0044E6A8
0044E685 .  8B4D CC    MOV ECX,DWORD PTR SS:[EBP-34]
0044E688 .  6BC9 24    IMUL ECX,ECX,24
0044E68B .  81C1 502C4B00 ADD ECX,WaGan.004B2C50
0044E691 .  E8 3A74FDFF CALL WaGan.00425AD0
0044E696 .  25 FF000000 AND EAX,0FF
0044E69B .  83F8 07    CMP EAX,7
0044E69E .  75 08       JNZ SHORT WaGan.0044E6A8
0044E6A0 .  8A45 D0    MOV AL,BYTE PTR SS:[EBP-30]
0044E6A3 .  04 01       ADD AL,1
0044E6A5 .  8845 D0    MOV BYTE PTR SS:[EBP-30],AL
0044E6A8 >^ EB 83       JMP SHORT WaGan.0044E62D
0044E6AA >  8B4D D0    MOV ECX,DWORD PTR SS:[EBP-30]
0044E6AD .  81E1 FF000000 AND ECX,0FF
0044E6B3 .  85C9       TEST ECX,ECX
0044E6B5 .  75 1C       JNZ SHORT WaGan.0044E6D3
0044E6B7 .  B9 50424B00 MOV ECX,WaGan.004B4250
0044E6BC .  E8 5B5F0000 CALL WaGan.0045461C
0044E6C1 .  68 20E14800 PUSH WaGan.0048E120                   ; /Arg2 = 0048E120
0044E6C6 .  6A 01       PUSH 1                                  ; |Arg1 = 00000001
0044E6C8 .  E8 CC0FFEFF CALL WaGan.0042F699                   ; \WaGan.0042F699
0044E6CD .  83C4 08    ADD ESP,8
0044E6D0 .  8945 F4    MOV DWORD PTR SS:[EBP-C],EAX
0044E6D3 >  C745 E4 00000>MOV DWORD PTR SS:[EBP-1C],0
0044E6DA .  6A 01       PUSH 1                                  ; /Arg1 = 00000001
0044E6DC .  E8 05B7FFFF CALL WaGan.00449DE6                   ; \WaGan.00449DE6
0044E6E1 .  83C4 04    ADD ESP,4
0044E6E4 >^ E9 F8FAFFFF JMP WaGan.0044E1E1
0044E6E9 >^ E9 DBFAFFFF JMP WaGan.0044E1C9
0044E6EE .  B9 50424B00 MOV ECX,WaGan.004B4250
0044E6F3 .  E8 245F0000 CALL WaGan.0045461C
0044E6F8 .  B9 50424B00 MOV ECX,WaGan.004B4250
0044E6FD .  E8 17700000 CALL WaGan.00455719
0044E702 >  8BE5       MOV ESP,EBP
0044E704 .  5D          POP EBP
0044E705 .  C3          RETN

鼠标移动过去显示武将信息的函数
总共四种情况：攻击，策略，道具和普通移动

:[EBP-18] 存放着攻击伤害值数
[EBP-4]  存放命中率
004404BD  /$  55          PUSH EBP
004404BE  |.  8BEC       MOV EBP,ESP
004404C0  |.  83EC 30    SUB ESP,30
004404C3  |.  56          PUSH ESI
004404C4  |.  894D D8    MOV DWORD PTR SS:[EBP-28],ECX
004404C7  |.  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]
004404CA  |.  8B08       MOV ECX,DWORD PTR DS:[EAX] Data序号
004404CC  |.  6BC9 48    IMUL ECX,ECX,48
004404CF  |.  81C1 0000D600 ADD ECX,0D60000
004404D5  |.  894D F0    MOV DWORD PTR SS:[EBP-10],ECX
004404D8  |.  8A55 0C    MOV DL,BYTE PTR SS:[EBP+C]
004404DB  |.  52          PUSH EDX                               ; /Arg5
004404DC  |.  6A 02       PUSH 2                                  ; |Arg4 = 00000002
004404DE  |.  6A 04       PUSH 4                                  ; |Arg3 = 00000004
004404E0  |.  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]          ; |
004404E3  |.  66:8B48 06 MOV CX,WORD PTR DS:[EAX+6]             ; |
004404E7  |.  51          PUSH ECX                               ; |Arg2
004404E8  |.  8D55 E4    LEA EDX,DWORD PTR SS:[EBP-1C]          ; |
004404EB  |.  52          PUSH EDX                               ; |Arg1
004404EC  |.  E8 5AF70000 CALL WaGan.0044FC4B                   ; \WaGan.0044FC4B
004404F1  |.  83C4 14    ADD ESP,14
004404F4  |.  8A45 E4    MOV AL,BYTE PTR SS:[EBP-1C]
004404F7  |.  8845 F4    MOV BYTE PTR SS:[EBP-C],AL
004404FA  |.  8A4D E5    MOV CL,BYTE PTR SS:[EBP-1B]
004404FD  |.  884D F8    MOV BYTE PTR SS:[EBP-8],CL
00440500  |.  E8 D6E0FDFF CALL WaGan.0041E5DB
00440505  |.  6A 02       PUSH 2                                  ; /Arg4 = 00000002
00440507  |.  6A 04       PUSH 4                                  ; |Arg3 = 00000004
00440509  |.  8A55 F8    MOV DL,BYTE PTR SS:[EBP-8]             ; |
0044050C  |.  52          PUSH EDX                               ; |Arg2
0044050D  |.  8A45 F4    MOV AL,BYTE PTR SS:[EBP-C]             ; |
00440510  |.  50          PUSH EAX                               ; |Arg1
00440511  |.  B9 50424B00 MOV ECX,WaGan.004B4250                ; |
00440516  |.  E8 FC360100 CALL WaGan.00453C17                   ; \WaGan.00453C17
0044051B  |.  6A 1F       PUSH 1F                               ; /Arg3 = 0000001F
0044051D  |.  6A 12       PUSH 12                               ; |Arg2 = 00000012
0044051F  |.  6A 00       PUSH 0                                  ; |Arg1 = 00000000
00440521  |.  E8 CBCC0300 CALL WaGan.0047D1F1                   ; \WaGan.0047D1F1
00440526  |.  83C4 0C    ADD ESP,0C
00440529  |.  8B75 F4    MOV ESI,DWORD PTR SS:[EBP-C]
0044052C  |.  81E6 FF000000 AND ESI,0FF
00440532  |.  6BF6 30    IMUL ESI,ESI,30
00440535  |.  B9 50424B00 MOV ECX,WaGan.004B4250
0044053A  |.  E8 10150100 CALL WaGan.00451A4F
0044053F  |.  03C6       ADD EAX,ESI
00440541  |.  99          CDQ
00440542  |.  83E2 07    AND EDX,7
00440545  |.  03C2       ADD EAX,EDX
00440547  |.  C1F8 03    SAR EAX,3
0044054A  |.  83C0 01    ADD EAX,1
0044054D  |.  8945 E0    MOV DWORD PTR SS:[EBP-20],EAX
00440550  |.  8B75 F8    MOV ESI,DWORD PTR SS:[EBP-8]
00440553  |.  81E6 FF000000 AND ESI,0FF
00440559  |.  6BF6 30    IMUL ESI,ESI,30
0044055C  |.  B9 50424B00 MOV ECX,WaGan.004B4250
00440561  |.  E8 FA140100 CALL WaGan.00451A60
00440566  |.  03F0       ADD ESI,EAX
00440568  |.  8975 EC    MOV DWORD PTR SS:[EBP-14],ESI
0044056B  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0044056E  |.  83C1 04    ADD ECX,4
00440571  |.  894D EC    MOV DWORD PTR SS:[EBP-14],ECX
00440574  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
00440577  |.  52          PUSH EDX                               ; /Arg2
00440578  |.  8B45 E0    MOV EAX,DWORD PTR SS:[EBP-20]          ; |
0044057B  |.  50          PUSH EAX                               ; |Arg1
0044057C  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
00440581  |.  E8 51E6FCFF CALL WaGan.0040EBD7                   ; \WaGan.0040EBD7
00440586  |.  6A 01       PUSH 1                                  ; /Arg1 = 00000001
00440588  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]          ; |
0044058B  |.  E8 1AFEFFFF CALL WaGan.004403AA                   ; \WaGan.004403AA
00440590  |.  6A 04       PUSH 4                                  ; /Arg1 = 00000004
00440592  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
00440597  |.  E8 9AE7FCFF CALL WaGan.0040ED36                   ; \WaGan.0040ED36
0044059C  |.  6A 00       PUSH 0                                  ; /Arg1 = 00000000
0044059E  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
004405A3  |.  E8 62E7FCFF CALL WaGan.0040ED0A                   ; \WaGan.0040ED0A
004405A8  |.  6A 12       PUSH 12                               ; /Arg1 = 00000012
004405AA  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
004405AF  |.  E8 D0E6FCFF CALL WaGan.0040EC84                   ; \WaGan.0040EC84
004405B4  |.  6A 00       PUSH 0                                  ; /Arg1 = 00000000
004405B6  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
004405BB  |.  E8 FCE6FCFF CALL WaGan.0040ECBC                   ; \WaGan.0040ECBC
004405C0  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
004405C3  |.  51          PUSH ECX                               ; /Arg2
004405C4  |.  8B55 E0    MOV EDX,DWORD PTR SS:[EBP-20]          ; |
004405C7  |.  83C2 09    ADD EDX,9                               ; |
004405CA  |.  52          PUSH EDX                               ; |Arg1
004405CB  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
004405D0  |.  E8 02E6FCFF CALL WaGan.0040EBD7                   ; \WaGan.0040EBD7
004405D5  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
004405D8  |.  E8 93D9FDFF CALL WaGan.0041DF70
004405DD  |.  25 FF000000 AND EAX,0FF
004405E2  |.  8B0485 A8BE48>MOV EAX,DWORD PTR DS:[EAX*4+48BEA8]
004405E9  |.  50          PUSH EAX                               ; /Arg3
004405EA  |.  68 54E04800 PUSH WaGan.0048E054                   ; |Arg2 = 0048E054 ASCII "%s" 名字
004405EF  |.  68 382F4900 PUSH WaGan.00492F38                   ; |Arg1 = 00492F38
004405F4  |.  E8 A7F4FCFF CALL WaGan.0040FAA0                   ; \WaGan.0040FAA0 显示信息
004405F9  |.  83C4 0C    ADD ESP,0C
004405FC  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
004405FF  |.  E8 CC5FFCFF CALL WaGan.004065D0
00440604  |.  25 FF000000 AND EAX,0FF
00440609  |.  50          PUSH EAX                               ; /Arg3
0044060A  |.  68 58E04800 PUSH WaGan.0048E058                   ; |Arg2 = 0048E058 ASCII " Lv%2u"
0044060F  |.  68 382F4900 PUSH WaGan.00492F38                   ; |Arg1 = 00492F38
00440614  |.  E8 87F4FCFF CALL WaGan.0040FAA0                   ; \WaGan.0040FAA0  显示信息
00440619  |.  83C4 0C    ADD ESP,0C
0044061C  |.  C745 E8 00000>MOV DWORD PTR SS:[EBP-18],0
00440623  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0044062A  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
0044062D  |.  81E1 FF000000 AND ECX,0FF
00440633  |.  85C9       TEST ECX,ECX
00440635  |.  75 32       JNZ SHORT WaGan.00440669
00440637  |.  8B55 D8    MOV EDX,DWORD PTR SS:[EBP-28]
0044063A  |.  8B42 10    MOV EAX,DWORD PTR DS:[EDX+10]
0044063D  |.  50          PUSH EAX                               ; /Arg5
0044063E  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
00440641  |.  51          PUSH ECX                               ; |Arg4
00440642  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
00440645  |.  83C2 14    ADD EDX,14                            ; |
00440648  |.  8955 EC    MOV DWORD PTR SS:[EBP-14],EDX          ; |
0044064B  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]          ; |
0044064E  |.  50          PUSH EAX                               ; |Arg3
0044064F  |.  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]          ; |
00440652  |.  8D14CD 280000>LEA EDX,DWORD PTR DS:[ECX*8+28]       ; |
00440659  |.  52          PUSH EDX                               ; |Arg2
0044065A  |.  6A 00       PUSH 0                                  ; |Arg1 = 00000000
0044065C  |.  E8 3E0B0100 CALL WaGan.0045119F                   ; \WaGan.0045119F
00440661  |.  83C4 14    ADD ESP,14
00440664  |.  E9 15030000 JMP WaGan.0044097E 4D5408  瓦岗改的
00440669  |>  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
0044066C  |.  25 FF000000 AND EAX,0FF
00440671  |.  8945 D4    MOV DWORD PTR SS:[EBP-2C],EAX
00440674  |.  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]
00440677  |.  83E9 01    SUB ECX,1
0044067A  |.  894D D4    MOV DWORD PTR SS:[EBP-2C],ECX
0044067D  |.  837D D4 03 CMP DWORD PTR SS:[EBP-2C],3
00440681  |.  0F87 F7020000 JA WaGan.0044097E
00440687  |.  8B55 D4    MOV EDX,DWORD PTR SS:[EBP-2C]
0044068A  |.  FF2495 790E44>JMP DWORD PTR DS:[EDX*4+440E79]
00440E79 .  91064400    DD WaGan.00440691    攻击
00440E7D .  15074400    DD WaGan.00440715    攻击策略
00440E81 .  F0074400    DD WaGan.004407F0
00440E85 .  A6084400    DD WaGan.004408A6

00440691  |>  6A 00       PUSH 0
00440693  |.  6A 00       PUSH 0
00440695  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
00440698  |.  50          PUSH EAX
00440699  |.  8B4D 0C    MOV ECX,DWORD PTR SS:[EBP+C] 战场形象编号
0044069C  |.  81E1 FF000000 AND ECX,0FF
004406A2  |.  6BC9 24    IMUL ECX,ECX,24
004406A5  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50
004406AB  |.  E8 9BB5FFFF CALL WaGan.0043BC4B
获取武将ecx对武将08栈的物理攻击伤害，10栈为是否反击，0C栈为是否实际值，是则考虑是否命中和随机数
004406B0  |.  8945 E8    MOV DWORD PTR SS:[EBP-18],EAX
004406B3  |.  8A4D 10    MOV CL,BYTE PTR SS:[EBP+10]
004406B6  |.  51          PUSH ECX
004406B7  |.  8B55 0C    MOV EDX,DWORD PTR SS:[EBP+C]
004406BA  |.  81E2 FF000000 AND EDX,0FF
004406C0  |.  6BD2 24    IMUL EDX,EDX,24
004406C3  |.  81C2 502C4B00 ADD EDX,WaGan.004B2C50
004406C9  |.  52          PUSH EDX
004406CA  |.  6A 01       PUSH 1
004406CC  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
004406CF  |.  E8 39AEFFFF CALL WaGan.0043B50D          获取攻击命中率，考虑爆发力和有关命中率的道具效果，包括镜铠
004406D4  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
004406D7  |.  6A 01       PUSH 1                                  ; /Arg7 = 00000001
004406D9  |.  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]          ; |
004406DC  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10]          ; |
004406DF  |.  2B4D E8    SUB ECX,DWORD PTR SS:[EBP-18]          ; |
004406E2  |.  51          PUSH ECX                               ; |Arg6    一个数减去攻击伤害的值，剩余值
004406E3  |.  8B55 D8    MOV EDX,DWORD PTR SS:[EBP-28]          ; |
004406E6  |.  8B42 10    MOV EAX,DWORD PTR DS:[EDX+10]          ; |
004406E9  |.  50          PUSH EAX                               ; |Arg5
004406EA  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
004406ED  |.  51          PUSH ECX                               ; |Arg4
004406EE  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
004406F1  |.  83C2 14    ADD EDX,14                            ; |
004406F4  |.  8955 EC    MOV DWORD PTR SS:[EBP-14],EDX          ; |
004406F7  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]          ; |
004406FA  |.  50          PUSH EAX                               ; |Arg3
004406FB  |.  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]          ; |
004406FE  |.  8D14CD 280000>LEA EDX,DWORD PTR DS:[ECX*8+28]       ; |
00440705  |.  52          PUSH EDX                               ; |Arg2
00440706  |.  6A 00       PUSH 0                                  ; |Arg1 = 00000000
00440708  |.  E8 C8070100 CALL WaGan.00450ED5                   ; \WaGan.00450ED5
0044070D  |.  83C4 1C    ADD ESP,1C
00440710  |.  E9 69020000 JMP WaGan.0044097E

00440715  |>  8A45 10    MOV AL,BYTE PTR SS:[EBP+10]
00440718  |.  50          PUSH EAX                               ; /Arg1
00440719  |.  E8 8E940000 CALL WaGan.00449BAC                   ; \WaGan.00449BAC
0044071E  |.  83C4 04    ADD ESP,4
00440721  |.  85C0       TEST EAX,EAX
00440723  |.  74 75       JE SHORT WaGan.0044079A
00440725  |.  6A 01       PUSH 1
00440727  |.  8A4D 10    MOV CL,BYTE PTR SS:[EBP+10]
0044072A  |.  51          PUSH ECX
0044072B  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]
0044072E  |.  52          PUSH EDX
0044072F  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
00440732  |.  E8 79BBFDFF CALL WaGan.0041C2B0
00440737  |.  25 FF000000 AND EAX,0FF                            ; |
0044073C  |.  6BC0 24    IMUL EAX,EAX,24                         ; |
0044073F  |.  05 502C4B00 ADD EAX,WaGan.004B2C50                ; |
00440744  |.  50          PUSH EAX                               ; |Arg1
00440745  |.  8B4D 0C    MOV ECX,DWORD PTR SS:[EBP+C]          ; |
00440748  |.  81E1 FF000000 AND ECX,0FF                            ; |
0044074E  |.  6BC9 24    IMUL ECX,ECX,24                         ; |
00440751  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50                ; |
00440757  |.  E8 4EB8FFFF CALL WaGan.0043BFAA                   ; \WaGan.0043BFAA
0044075C  |.  8945 E8    MOV DWORD PTR SS:[EBP-18],EAX
0044075F  |.  6A 02       PUSH 2                                  ; /Arg7 = 00000002
00440761  |.  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]          ; |
00440764  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10]          ; |
00440767  |.  2B4D E8    SUB ECX,DWORD PTR SS:[EBP-18]          ; |
0044076A  |.  51          PUSH ECX                               ; |Arg6
0044076B  |.  8B55 D8    MOV EDX,DWORD PTR SS:[EBP-28]          ; |
0044076E  |.  8B42 10    MOV EAX,DWORD PTR DS:[EDX+10]          ; |
00440771  |.  50          PUSH EAX                               ; |Arg5
00440772  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
00440775  |.  51          PUSH ECX                               ; |Arg4
00440776  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
00440779  |.  83C2 14    ADD EDX,14                            ; |
0044077C  |.  8955 EC    MOV DWORD PTR SS:[EBP-14],EDX          ; |
0044077F  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]          ; |
00440782  |.  50          PUSH EAX                               ; |Arg3
00440783  |.  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]          ; |
00440786  |.  8D14CD 280000>LEA EDX,DWORD PTR DS:[ECX*8+28]       ; |
0044078D  |.  52          PUSH EDX                               ; |Arg2
0044078E  |.  6A 00       PUSH 0                                  ; |Arg1 = 00000000
00440790  |.  E8 40070100 CALL WaGan.00450ED5                   ; \WaGan.00450ED5
00440795  |.  83C4 1C    ADD ESP,1C
00440798  |.  EB 2D       JMP SHORT WaGan.004407C7
0044079A  |>  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]
0044079D  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10]
004407A0  |.  51          PUSH ECX                               ; /Arg5
004407A1  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]          ; |
004407A4  |.  52          PUSH EDX                               ; |Arg4
004407A5  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]          ; |
004407A8  |.  83C0 14    ADD EAX,14                            ; |
004407AB  |.  8945 EC    MOV DWORD PTR SS:[EBP-14],EAX          ; |
004407AE  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
004407B1  |.  51          PUSH ECX                               ; |Arg3
004407B2  |.  8B55 E0    MOV EDX,DWORD PTR SS:[EBP-20]          ; |
004407B5  |.  8D04D5 280000>LEA EAX,DWORD PTR DS:[EDX*8+28]       ; |
004407BC  |.  50          PUSH EAX                               ; |Arg2
004407BD  |.  6A 00       PUSH 0                                  ; |Arg1 = 00000000
004407BF  |.  E8 DB090100 CALL WaGan.0045119F                   ; \WaGan.0045119F
004407C4  |.  83C4 14    ADD ESP,14
004407C7  |>  8A4D 10    MOV CL,BYTE PTR SS:[EBP+10]
004407CA  |.  51          PUSH ECX                               ; /Arg3
004407CB  |.  8B55 0C    MOV EDX,DWORD PTR SS:[EBP+C]          ; |
004407CE  |.  81E2 FF000000 AND EDX,0FF                            ; |
004407D4  |.  6BD2 24    IMUL EDX,EDX,24                         ; |
004407D7  |.  81C2 502C4B00 ADD EDX,WaGan.004B2C50                ; |
004407DD  |.  52          PUSH EDX                               ; |Arg2
004407DE  |.  6A 01       PUSH 1                                  ; |Arg1 = 00000001
004407E0  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]          ; |
004407E3  |.  E8 57AFFFFF CALL WaGan.0043B73F                   ; \WaGan.0043B73F
004407E8  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
004407EB  |.  E9 8E010000 JMP WaGan.0044097E

004407F0  |>  8A45 10    MOV AL,BYTE PTR SS:[EBP+10]
004407F3  |.  50          PUSH EAX                               ; /Arg1
004407F4  |.  E8 5C940000 CALL WaGan.00449C55                   ; \WaGan.00449C55
004407F9  |.  83C4 04    ADD ESP,4
004407FC  |.  85C0       TEST EAX,EAX
004407FE  |.  74 50       JE SHORT WaGan.00440850
00440800  |.  6A 01       PUSH 1                                  ; /Arg3 = 00000001
00440802  |.  8A4D 0C    MOV CL,BYTE PTR SS:[EBP+C]             ; |
00440805  |.  51          PUSH ECX                               ; |Arg2
00440806  |.  8A55 10    MOV DL,BYTE PTR SS:[EBP+10]             ; |
00440809  |.  52          PUSH EDX                               ; |Arg1
0044080A  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]          ; |
0044080D  |.  E8 36BDFFFF CALL WaGan.0043C548                   ; \WaGan.0043C548
00440812  |.  8945 E8    MOV DWORD PTR SS:[EBP-18],EAX
00440815  |.  6A 03       PUSH 3                                  ; /Arg7 = 00000003
00440817  |.  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]          ; |
0044081A  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10]          ; | 获取当前HPCur值
0044081D  |.  034D E8    ADD ECX,DWORD PTR SS:[EBP-18]          ; |
00440820  |.  51          PUSH ECX                               ; |Arg6
00440821  |.  8B55 D8    MOV EDX,DWORD PTR SS:[EBP-28]          ; |
00440824  |.  8B42 10    MOV EAX,DWORD PTR DS:[EDX+10]          ; |
00440827  |.  50          PUSH EAX                               ; |Arg5
00440828  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
0044082B  |.  51          PUSH ECX                               ; |Arg4
0044082C  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
0044082F  |.  83C2 14    ADD EDX,14                            ; |
00440832  |.  8955 EC    MOV DWORD PTR SS:[EBP-14],EDX          ; |
00440835  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]          ; |
00440838  |.  50          PUSH EAX                               ; |Arg3
00440839  |.  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]          ; |
0044083C  |.  8D14CD 280000>LEA EDX,DWORD PTR DS:[ECX*8+28]       ; |
00440843  |.  52          PUSH EDX                               ; |Arg2
00440844  |.  6A 00       PUSH 0                                  ; |Arg1 = 00000000
00440846  |.  E8 8A060100 CALL WaGan.00450ED5                   ; \WaGan.00450ED5
0044084B  |.  83C4 1C    ADD ESP,1C
0044084E  |.  EB 2D       JMP SHORT WaGan.0044087D
00440850  |>  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]
00440853  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10]
00440856  |.  51          PUSH ECX                               ; /Arg5
00440857  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]          ; |
0044085A  |.  52          PUSH EDX                               ; |Arg4
0044085B  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]          ; |
0044085E  |.  83C0 14    ADD EAX,14                            ; |
00440861  |.  8945 EC    MOV DWORD PTR SS:[EBP-14],EAX          ; |
00440864  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
00440867  |.  51          PUSH ECX                               ; |Arg3
00440868  |.  8B55 E0    MOV EDX,DWORD PTR SS:[EBP-20]          ; |
0044086B  |.  8D04D5 280000>LEA EAX,DWORD PTR DS:[EDX*8+28]       ; |
00440872  |.  50          PUSH EAX                               ; |Arg2
00440873  |.  6A 00       PUSH 0                                  ; |Arg1 = 00000000
00440875  |.  E8 25090100 CALL WaGan.0045119F                   ; \WaGan.0045119F
0044087A  |.  83C4 14    ADD ESP,14
0044087D  |>  8A4D 10    MOV CL,BYTE PTR SS:[EBP+10]
00440880  |.  51          PUSH ECX                               ; /Arg3
00440881  |.  8B55 0C    MOV EDX,DWORD PTR SS:[EBP+C]          ; |
00440884  |.  81E2 FF000000 AND EDX,0FF                            ; |
0044088A  |.  6BD2 24    IMUL EDX,EDX,24                         ; |
0044088D  |.  81C2 502C4B00 ADD EDX,WaGan.004B2C50                ; |
00440893  |.  52          PUSH EDX                               ; |Arg2
00440894  |.  6A 01       PUSH 1                                  ; |Arg1 = 00000001
00440896  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]          ; |
00440899  |.  E8 A1AEFFFF CALL WaGan.0043B73F                   ; \WaGan.0043B73F
0044089E  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
004408A1  |.  E9 D8000000 JMP WaGan.0044097E

004408A6  |>  8B4D 10    MOV ECX,DWORD PTR SS:[EBP+10]
004408A9  |.  81E1 FF000000 AND ECX,0FF
004408AF  |.  6BC9 19    IMUL ECX,ECX,19
004408B2  |.  81C1 40114A00 ADD ECX,WaGan.004A1140
004408B8  |.  E8 838CFCFF CALL WaGan.00409540
004408BD  |.  25 FF000000 AND EAX,0FF
004408C2  |.  83F8 3F    CMP EAX,3F
004408C5  |.  75 4C       JNZ SHORT WaGan.00440913
004408C7  |.  6A 01       PUSH 1                                  ; /Arg2 = 00000001
004408C9  |.  8A45 10    MOV AL,BYTE PTR SS:[EBP+10]             ; |
004408CC  |.  50          PUSH EAX                               ; |Arg1
004408CD  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]          ; |
004408D0  |.  E8 59BBFFFF CALL WaGan.0043C42E                   ; \WaGan.0043C42E
004408D5  |.  8945 E8    MOV DWORD PTR SS:[EBP-18],EAX
004408D8  |.  6A 04       PUSH 4                                  ; /Arg7 = 00000004
004408DA  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]          ; |
004408DD  |.  8B51 10    MOV EDX,DWORD PTR DS:[ECX+10]          ; |
004408E0  |.  0355 E8    ADD EDX,DWORD PTR SS:[EBP-18]          ; |
004408E3  |.  52          PUSH EDX                               ; |Arg6
004408E4  |.  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]          ; |
004408E7  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10]          ; |
004408EA  |.  51          PUSH ECX                               ; |Arg5
004408EB  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]          ; |
004408EE  |.  52          PUSH EDX                               ; |Arg4
004408EF  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]          ; |
004408F2  |.  83C0 14    ADD EAX,14                            ; |
004408F5  |.  8945 EC    MOV DWORD PTR SS:[EBP-14],EAX          ; |
004408F8  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
004408FB  |.  51          PUSH ECX                               ; |Arg3
004408FC  |.  8B55 E0    MOV EDX,DWORD PTR SS:[EBP-20]          ; |
004408FF  |.  8D04D5 280000>LEA EAX,DWORD PTR DS:[EDX*8+28]       ; |
00440906  |.  50          PUSH EAX                               ; |Arg2
00440907  |.  6A 00       PUSH 0                                  ; |Arg1 = 00000000
00440909  |.  E8 C7050100 CALL WaGan.00450ED5                   ; \WaGan.00450ED5
0044090E  |.  83C4 1C    ADD ESP,1C
00440911  |.  EB 4C       JMP SHORT WaGan.0044095F

00440913  |>  8B4D 10    MOV ECX,DWORD PTR SS:[EBP+10]
00440916  |.  81E1 FF000000 AND ECX,0FF
0044091C  |.  6BC9 19    IMUL ECX,ECX,19
0044091F  |.  81C1 40114A00 ADD ECX,WaGan.004A1140
00440925  |.  E8 46D4FDFF CALL WaGan.0041DD70
0044092A  |.  25 FF000000 AND EAX,0FF
0044092F  |.  8945 E8    MOV DWORD PTR SS:[EBP-18],EAX
00440932  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
00440935  |.  8B51 10    MOV EDX,DWORD PTR DS:[ECX+10]
00440938  |.  52          PUSH EDX                               ; /Arg5
00440939  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]          ; |
0044093C  |.  50          PUSH EAX                               ; |Arg4
0044093D  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
00440940  |.  83C1 14    ADD ECX,14                            ; |
00440943  |.  894D EC    MOV DWORD PTR SS:[EBP-14],ECX          ; |
00440946  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
00440949  |.  52          PUSH EDX                               ; |Arg3
0044094A  |.  8B45 E0    MOV EAX,DWORD PTR SS:[EBP-20]          ; |
0044094D  |.  8D0CC5 280000>LEA ECX,DWORD PTR DS:[EAX*8+28]       ; |
00440954  |.  51          PUSH ECX                               ; |Arg2
00440955  |.  6A 00       PUSH 0                                  ; |Arg1 = 00000000
00440957  |.  E8 43080100 CALL WaGan.0045119F                   ; \WaGan.0045119F
0044095C  |.  83C4 14    ADD ESP,14
0044095F  |>  6A 01       PUSH 1
00440961  |.  8B55 D8    MOV EDX,DWORD PTR SS:[EBP-28]
00440964  |.  8A42 04    MOV AL,BYTE PTR DS:[EDX+4]
00440967  |.  50          PUSH EAX
00440968  |.  8A4D 10    MOV CL,BYTE PTR SS:[EBP+10]
0044096B  |.  51          PUSH ECX
0044096C  |.  E8 78BBFDFF CALL WaGan.0041C4E9
00440971  |.  83C4 0C    ADD ESP,0C
00440974  |.  F7D8       NEG EAX
00440976  |.  1BC0       SBB EAX,EAX
00440978  |.  83E0 64    AND EAX,64
0044097B  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
0044097E  |>  6A 04       PUSH 4                                  ; /Arg6 = 00000004
00440980  |.  6A 04       PUSH 4                                  ; |/Arg3 = 00000004
00440982  |.  6A 00       PUSH 0                                  ; ||Arg2 = 00000000
00440984  |.  68 80010000 PUSH 180                               ; ||Arg1 = 00000180
00440989  |.  B9 50EB4A00 MOV ECX,WaGan.004AEB50                ; ||
0044098E  |.  E8 ADF00300 CALL WaGan.0047FA40                   ; |\WaGan.0047FA40
00440993  |.  50          PUSH EAX                               ; |Arg5
00440994  |.  6A 18       PUSH 18                               ; |Arg4 = 00000018
00440996  |.  6A 18       PUSH 18                               ; |Arg3 = 00000018
00440998  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
0044099B  |.  52          PUSH EDX                               ; |Arg2
0044099C  |.  8B45 E0    MOV EAX,DWORD PTR SS:[EBP-20]          ; |
0044099F  |.  8D0CC5 080000>LEA ECX,DWORD PTR DS:[EAX*8+8]          ; |
004409A6  |.  51          PUSH ECX                               ; |Arg1
004409A7  |.  E8 670F0100 CALL WaGan.00451913                   ; \WaGan.00451913
004409AC  |.  83C4 18    ADD ESP,18
004409AF  |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]
004409B2  |.  81E2 FF000000 AND EDX,0FF
004409B8  |.  85D2       TEST EDX,EDX
004409BA  |.  74 0D       JE SHORT WaGan.004409C9
004409BC  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
004409BF  |.  25 FF000000 AND EAX,0FF
004409C4  |.  83F8 01    CMP EAX,1
004409C7  |.  75 32       JNZ SHORT WaGan.004409FB
004409C9  |>  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
004409CC  |.  8B51 14    MOV EDX,DWORD PTR DS:[ECX+14] 当前MPCur值
004409CF  |.  52          PUSH EDX                               ; /Arg5
004409D0  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]          ; |
004409D3  |.  50          PUSH EAX                               ; |Arg4
004409D4  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
004409D7  |.  83C1 18    ADD ECX,18                            ; |
004409DA  |.  894D EC    MOV DWORD PTR SS:[EBP-14],ECX          ; |
004409DD  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
004409E0  |.  52          PUSH EDX                               ; |Arg3
004409E1  |.  8B45 E0    MOV EAX,DWORD PTR SS:[EBP-20]          ; |
004409E4  |.  8D0CC5 280000>LEA ECX,DWORD PTR DS:[EAX*8+28]       ; |
004409EB  |.  51          PUSH ECX                               ; |Arg2
004409EC  |.  6A 01       PUSH 1                                  ; |Arg1 = 00000001
004409EE  |.  E8 AC070100 CALL WaGan.0045119F                   ; \WaGan.0045119F
004409F3  |.  83C4 14    ADD ESP,14
004409F6  |.  E9 08020000 JMP WaGan.00440C03
004409FB  |>  8A55 08    MOV DL,BYTE PTR SS:[EBP+8]
004409FE  |.  8855 D0    MOV BYTE PTR SS:[EBP-30],DL
00440A01  |.  807D D0 02 CMP BYTE PTR SS:[EBP-30],2
00440A05  |.  74 19       JE SHORT WaGan.00440A20
00440A07  |.  807D D0 03 CMP BYTE PTR SS:[EBP-30],3
00440A0B  |.  0F84 C6000000 JE WaGan.00440AD7
00440A11  |.  807D D0 04 CMP BYTE PTR SS:[EBP-30],4
00440A15  |.  0F84 4E010000 JE WaGan.00440B69
00440A1B  |.  E9 E3010000 JMP WaGan.00440C03
00440A20  |>  8A45 10    MOV AL,BYTE PTR SS:[EBP+10]
00440A23  |.  50          PUSH EAX                               ; /Arg1
00440A24  |.  E8 0D920000 CALL WaGan.00449C36                   ; \WaGan.00449C36
00440A29  |.  83C4 04    ADD ESP,4
00440A2C  |.  85C0       TEST EAX,EAX
00440A2E  |.  74 75       JE SHORT WaGan.00440AA5
00440A30  |.  6A 01       PUSH 1
00440A32  |.  8A4D 10    MOV CL,BYTE PTR SS:[EBP+10]
00440A35  |.  51          PUSH ECX
00440A36  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]
00440A39  |.  52          PUSH EDX
00440A3A  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
00440A3D  |.  E8 6EB8FDFF CALL WaGan.0041C2B0
00440A42  |.  25 FF000000 AND EAX,0FF                            ; |
00440A47  |.  6BC0 24    IMUL EAX,EAX,24                         ; |
00440A4A  |.  05 502C4B00 ADD EAX,WaGan.004B2C50                ; |
00440A4F  |.  50          PUSH EAX                               ; |Arg1
00440A50  |.  8B4D 0C    MOV ECX,DWORD PTR SS:[EBP+C]          ; |
00440A53  |.  81E1 FF000000 AND ECX,0FF                            ; |
00440A59  |.  6BC9 24    IMUL ECX,ECX,24                         ; |
00440A5C  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50                ; |
00440A62  |.  E8 43B5FFFF CALL WaGan.0043BFAA                   ; \WaGan.0043BFAA
00440A67  |.  8945 E8    MOV DWORD PTR SS:[EBP-18],EAX
00440A6A  |.  6A 02       PUSH 2                                  ; /Arg7 = 00000002
00440A6C  |.  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]          ; |
00440A6F  |.  8B48 14    MOV ECX,DWORD PTR DS:[EAX+14]          ; |
00440A72  |.  2B4D E8    SUB ECX,DWORD PTR SS:[EBP-18]          ; |
00440A75  |.  51          PUSH ECX                               ; |Arg6
00440A76  |.  8B55 D8    MOV EDX,DWORD PTR SS:[EBP-28]          ; |
00440A79  |.  8B42 14    MOV EAX,DWORD PTR DS:[EDX+14]          ; |
00440A7C  |.  50          PUSH EAX                               ; |Arg5
00440A7D  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
00440A80  |.  51          PUSH ECX                               ; |Arg4
00440A81  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
00440A84  |.  83C2 18    ADD EDX,18                            ; |
00440A87  |.  8955 EC    MOV DWORD PTR SS:[EBP-14],EDX          ; |
00440A8A  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]          ; |
00440A8D  |.  50          PUSH EAX                               ; |Arg3
00440A8E  |.  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]          ; |
00440A91  |.  8D14CD 280000>LEA EDX,DWORD PTR DS:[ECX*8+28]       ; |
00440A98  |.  52          PUSH EDX                               ; |Arg2
00440A99  |.  6A 01       PUSH 1                                  ; |Arg1 = 00000001
00440A9B  |.  E8 35040100 CALL WaGan.00450ED5                   ; \WaGan.00450ED5
00440AA0  |.  83C4 1C    ADD ESP,1C
00440AA3  |.  EB 2D       JMP SHORT WaGan.00440AD2
00440AA5  |>  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]
00440AA8  |.  8B48 14    MOV ECX,DWORD PTR DS:[EAX+14]
00440AAB  |.  51          PUSH ECX                               ; /Arg5
00440AAC  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]          ; |
00440AAF  |.  52          PUSH EDX                               ; |Arg4
00440AB0  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]          ; |
00440AB3  |.  83C0 18    ADD EAX,18                            ; |
00440AB6  |.  8945 EC    MOV DWORD PTR SS:[EBP-14],EAX          ; |
00440AB9  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
00440ABC  |.  51          PUSH ECX                               ; |Arg3
00440ABD  |.  8B55 E0    MOV EDX,DWORD PTR SS:[EBP-20]          ; |
00440AC0  |.  8D04D5 280000>LEA EAX,DWORD PTR DS:[EDX*8+28]       ; |
00440AC7  |.  50          PUSH EAX                               ; |Arg2
00440AC8  |.  6A 01       PUSH 1                                  ; |Arg1 = 00000001
00440ACA  |.  E8 D0060100 CALL WaGan.0045119F                   ; \WaGan.0045119F
00440ACF  |.  83C4 14    ADD ESP,14
00440AD2  |>  E9 2C010000 JMP WaGan.00440C03
00440AD7  |>  8A4D 10    MOV CL,BYTE PTR SS:[EBP+10]
00440ADA  |.  51          PUSH ECX                               ; /Arg1
00440ADB  |.  E8 9A910000 CALL WaGan.00449C7A                   ; \WaGan.00449C7A
00440AE0  |.  83C4 04    ADD ESP,4
00440AE3  |.  85C0       TEST EAX,EAX
00440AE5  |.  74 50       JE SHORT WaGan.00440B37
00440AE7  |.  6A 01       PUSH 1                                  ; /Arg3 = 00000001
00440AE9  |.  8A55 0C    MOV DL,BYTE PTR SS:[EBP+C]             ; |
00440AEC  |.  52          PUSH EDX                               ; |Arg2
00440AED  |.  8A45 10    MOV AL,BYTE PTR SS:[EBP+10]             ; |
00440AF0  |.  50          PUSH EAX                               ; |Arg1
00440AF1  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]          ; |
00440AF4  |.  E8 4FBAFFFF CALL WaGan.0043C548                   ; \WaGan.0043C548
00440AF9  |.  8945 E8    MOV DWORD PTR SS:[EBP-18],EAX
00440AFC  |.  6A 03       PUSH 3                                  ; /Arg7 = 00000003
00440AFE  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]          ; |
00440B01  |.  8B51 14    MOV EDX,DWORD PTR DS:[ECX+14]          ; |
00440B04  |.  0355 E8    ADD EDX,DWORD PTR SS:[EBP-18]          ; |
00440B07  |.  52          PUSH EDX                               ; |Arg6
00440B08  |.  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]          ; |
00440B0B  |.  8B48 14    MOV ECX,DWORD PTR DS:[EAX+14]          ; |
00440B0E  |.  51          PUSH ECX                               ; |Arg5
00440B0F  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]          ; |
00440B12  |.  52          PUSH EDX                               ; |Arg4
00440B13  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]          ; |
00440B16  |.  83C0 18    ADD EAX,18                            ; |
00440B19  |.  8945 EC    MOV DWORD PTR SS:[EBP-14],EAX          ; |
00440B1C  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
00440B1F  |.  51          PUSH ECX                               ; |Arg3
00440B20  |.  8B55 E0    MOV EDX,DWORD PTR SS:[EBP-20]          ; |
00440B23  |.  8D04D5 280000>LEA EAX,DWORD PTR DS:[EDX*8+28]       ; |
00440B2A  |.  50          PUSH EAX                               ; |Arg2
00440B2B  |.  6A 01       PUSH 1                                  ; |Arg1 = 00000001
00440B2D  |.  E8 A3030100 CALL WaGan.00450ED5                   ; \WaGan.00450ED5
00440B32  |.  83C4 1C    ADD ESP,1C
00440B35  |.  EB 2D       JMP SHORT WaGan.00440B64
00440B37  |>  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
00440B3A  |.  8B51 14    MOV EDX,DWORD PTR DS:[ECX+14]
00440B3D  |.  52          PUSH EDX                               ; /Arg5
00440B3E  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]          ; |
00440B41  |.  50          PUSH EAX                               ; |Arg4
00440B42  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
00440B45  |.  83C1 18    ADD ECX,18                            ; |
00440B48  |.  894D EC    MOV DWORD PTR SS:[EBP-14],ECX          ; |
00440B4B  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
00440B4E  |.  52          PUSH EDX                               ; |Arg3
00440B4F  |.  8B45 E0    MOV EAX,DWORD PTR SS:[EBP-20]          ; |
00440B52  |.  8D0CC5 280000>LEA ECX,DWORD PTR DS:[EAX*8+28]       ; |
00440B59  |.  51          PUSH ECX                               ; |Arg2
00440B5A  |.  6A 01       PUSH 1                                  ; |Arg1 = 00000001
00440B5C  |.  E8 3E060100 CALL WaGan.0045119F                   ; \WaGan.0045119F
00440B61  |.  83C4 14    ADD ESP,14
00440B64  |>  E9 9A000000 JMP WaGan.00440C03
00440B69  |>  8B4D 10    MOV ECX,DWORD PTR SS:[EBP+10]
00440B6C  |.  81E1 FF000000 AND ECX,0FF
00440B72  |.  6BC9 19    IMUL ECX,ECX,19
00440B75  |.  81C1 40114A00 ADD ECX,WaGan.004A1140
00440B7B  |.  E8 C089FCFF CALL WaGan.00409540
00440B80  |.  25 FF000000 AND EAX,0FF
00440B85  |.  83F8 40    CMP EAX,40
00440B88  |.  75 4C       JNZ SHORT WaGan.00440BD6
00440B8A  |.  6A 01       PUSH 1                                  ; /Arg2 = 00000001
00440B8C  |.  8A55 10    MOV DL,BYTE PTR SS:[EBP+10]             ; |
00440B8F  |.  52          PUSH EDX                               ; |Arg1
00440B90  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]          ; |
00440B93  |.  E8 96B8FFFF CALL WaGan.0043C42E                   ; \WaGan.0043C42E
00440B98  |.  8945 E8    MOV DWORD PTR SS:[EBP-18],EAX
00440B9B  |.  6A 04       PUSH 4                                  ; /Arg7 = 00000004
00440B9D  |.  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]          ; |
00440BA0  |.  8B48 14    MOV ECX,DWORD PTR DS:[EAX+14]          ; |
00440BA3  |.  034D E8    ADD ECX,DWORD PTR SS:[EBP-18]          ; |
00440BA6  |.  51          PUSH ECX                               ; |Arg6
00440BA7  |.  8B55 D8    MOV EDX,DWORD PTR SS:[EBP-28]          ; |
00440BAA  |.  8B42 14    MOV EAX,DWORD PTR DS:[EDX+14]          ; |
00440BAD  |.  50          PUSH EAX                               ; |Arg5
00440BAE  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
00440BB1  |.  51          PUSH ECX                               ; |Arg4
00440BB2  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]          ; |
00440BB5  |.  83C2 18    ADD EDX,18                            ; |
00440BB8  |.  8955 EC    MOV DWORD PTR SS:[EBP-14],EDX          ; |
00440BBB  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]          ; |
00440BBE  |.  50          PUSH EAX                               ; |Arg3
00440BBF  |.  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]          ; |
00440BC2  |.  8D14CD 280000>LEA EDX,DWORD PTR DS:[ECX*8+28]       ; |
00440BC9  |.  52          PUSH EDX                               ; |Arg2
00440BCA  |.  6A 01       PUSH 1                                  ; |Arg1 = 00000001
00440BCC  |.  E8 04030100 CALL WaGan.00450ED5                   ; \WaGan.00450ED5
00440BD1  |.  83C4 1C    ADD ESP,1C
00440BD4  |.  EB 2D       JMP SHORT WaGan.00440C03
00440BD6  |>  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]
00440BD9  |.  8B48 14    MOV ECX,DWORD PTR DS:[EAX+14]
00440BDC  |.  51          PUSH ECX                               ; /Arg5
00440BDD  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]          ; |
00440BE0  |.  52          PUSH EDX                               ; |Arg4
00440BE1  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]          ; |
00440BE4  |.  83C0 18    ADD EAX,18                            ; |
00440BE7  |.  8945 EC    MOV DWORD PTR SS:[EBP-14],EAX          ; |
00440BEA  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
00440BED  |.  51          PUSH ECX                               ; |Arg3
00440BEE  |.  8B55 E0    MOV EDX,DWORD PTR SS:[EBP-20]          ; |
00440BF1  |.  8D04D5 280000>LEA EAX,DWORD PTR DS:[EDX*8+28]       ; |
00440BF8  |.  50          PUSH EAX                               ; |Arg2
00440BF9  |.  6A 01       PUSH 1                                  ; |Arg1 = 00000001
00440BFB  |.  E8 9F050100 CALL WaGan.0045119F                   ; \WaGan.0045119F
00440C00  |.  83C4 14    ADD ESP,14
00440C03  |>  6A 04       PUSH 4                                  ; /Arg6 = 00000004
00440C05  |.  6A 04       PUSH 4                                  ; |/Arg3 = 00000004
00440C07  |.  6A 00       PUSH 0                                  ; ||Arg2 = 00000000
00440C09  |.  68 C0030000 PUSH 3C0                               ; ||Arg1 = 000003C0
00440C0E  |.  B9 50EB4A00 MOV ECX,WaGan.004AEB50                ; ||
00440C13  |.  E8 28EE0300 CALL WaGan.0047FA40                   ; |\WaGan.0047FA40
00440C18  |.  50          PUSH EAX                               ; |Arg5
00440C19  |.  6A 18       PUSH 18                               ; |Arg4 = 00000018
00440C1B  |.  6A 18       PUSH 18                               ; |Arg3 = 00000018
00440C1D  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
00440C20  |.  51          PUSH ECX                               ; |Arg2
00440C21  |.  8B55 E0    MOV EDX,DWORD PTR SS:[EBP-20]          ; |
00440C24  |.  8D04D5 080000>LEA EAX,DWORD PTR DS:[EDX*8+8]          ; |
00440C2B  |.  50          PUSH EAX                               ; |Arg1
00440C2C  |.  E8 E20C0100 CALL WaGan.00451913                   ; \WaGan.00451913
00440C31  |.  83C4 18    ADD ESP,18
00440C34  |.  6A 00       PUSH 0                                  ; /Arg1 = 00000000
00440C36  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
00440C3B  |.  E8 CAE0FCFF CALL WaGan.0040ED0A                   ; \WaGan.0040ED0A
00440C40  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
00440C43  |.  83C1 1B    ADD ECX,1B
00440C46  |.  894D EC    MOV DWORD PTR SS:[EBP-14],ECX
00440C49  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
00440C4C  |.  52          PUSH EDX                               ; /Arg2
00440C4D  |.  8B45 E0    MOV EAX,DWORD PTR SS:[EBP-20]          ; |
00440C50  |.  50          PUSH EAX                               ; |Arg1
00440C51  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
00440C56  |.  E8 7CDFFCFF CALL WaGan.0040EBD7                   ; \WaGan.0040EBD7
00440C5B  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
00440C5E  |.  81E1 FF000000 AND ECX,0FF
00440C64  |.  85C9       TEST ECX,ECX
00440C66  |.  0F85 C9010000 JNZ WaGan.00440E35
00440C6C  |.  8B55 D8    MOV EDX,DWORD PTR SS:[EBP-28]
00440C6F  |.  83C2 06    ADD EDX,6
00440C72  |.  52          PUSH EDX                               ; /Arg1
00440C73  |.  E8 194DFFFF CALL WaGan.00435991                   ; \WaGan.00435991 获取坐标位置的地形
00440C78  |.  83C4 04    ADD ESP,4
00440C7B  |.  8845 DC    MOV BYTE PTR SS:[EBP-24],AL
00440C7E  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
00440C81  |.  50          PUSH EAX                               ; /Arg2
00440C82  |.  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]          ; |
00440C85  |.  83C1 01    ADD ECX,1                               ; |
00440C88  |.  894D E0    MOV DWORD PTR SS:[EBP-20],ECX          ; |
00440C8B  |.  8B55 E0    MOV EDX,DWORD PTR SS:[EBP-20]          ; |
00440C8E  |.  52          PUSH EDX                               ; |Arg1
00440C8F  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
00440C94  |.  E8 3EDFFCFF CALL WaGan.0040EBD7                   ; \WaGan.0040EBD7
00440C99  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
00440C9C  |.  E8 B3F2FFFF CALL WaGan.0043FF54
00440CA1  |.  85C0       TEST EAX,EAX
00440CA3  |.  0F84 AD000000 JE WaGan.00440D56
00440CA9  |.  6A 12       PUSH 12                               ; /Arg1 = 00000012
00440CAB  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
00440CB0  |.  E8 CFDFFCFF CALL WaGan.0040EC84                   ; \WaGan.0040EC84
00440CB5  |.  68 60E04800 PUSH WaGan.0048E060                   ; /Arg2 = 0048E060 ASCII "Exp"
00440CBA  |.  68 382F4900 PUSH WaGan.00492F38                   ; |Arg1 = 00492F38
00440CBF  |.  E8 DCEDFCFF CALL WaGan.0040FAA0                   ; \WaGan.0040FAA0
00440CC4  |.  83C4 08    ADD ESP,8
00440CC7  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
00440CCA  |.  50          PUSH EAX                               ; /Arg2
00440CCB  |.  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]          ; |
00440CCE  |.  83C1 05    ADD ECX,5                               ; |
00440CD1  |.  894D E0    MOV DWORD PTR SS:[EBP-20],ECX          ; |
00440CD4  |.  8B55 E0    MOV EDX,DWORD PTR SS:[EBP-20]          ; |
00440CD7  |.  52          PUSH EDX                               ; |Arg1
00440CD8  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
00440CDD  |.  E8 F5DEFCFF CALL WaGan.0040EBD7                   ; \WaGan.0040EBD7
00440CE2  |.  6A 12       PUSH 12                               ; /Arg1 = 00000012
00440CE4  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
00440CE9  |.  E8 96DFFCFF CALL WaGan.0040EC84                   ; \WaGan.0040EC84
00440CEE  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
00440CF1  |.  E8 5A59FCFF CALL WaGan.00406650
00440CF6  |.  25 FF000000 AND EAX,0FF
00440CFB  |.  3D FF000000 CMP EAX,0FF
00440D00  |.  75 14       JNZ SHORT WaGan.00440D16
00440D02  |.  68 64E04800 PUSH WaGan.0048E064                   ; /Arg2 = 0048E064 ASCII "MAX"
00440D07  |.  68 382F4900 PUSH WaGan.00492F38                   ; |Arg1 = 00492F38
00440D0C  |.  E8 8FEDFCFF CALL WaGan.0040FAA0                   ; \WaGan.0040FAA0
00440D11  |.  83C4 08    ADD ESP,8
00440D14  |.  EB 20       JMP SHORT WaGan.00440D36
00440D16  |>  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
00440D19  |.  E8 3259FCFF CALL WaGan.00406650
00440D1E  |.  25 FF000000 AND EAX,0FF
00440D23  |.  50          PUSH EAX                               ; /Arg3
00440D24  |.  68 68E04800 PUSH WaGan.0048E068                   ; |Arg2 = 0048E068 ASCII "%3u"
00440D29  |.  68 382F4900 PUSH WaGan.00492F38                   ; |Arg1 = 00492F38
00440D2E  |.  E8 6DEDFCFF CALL WaGan.0040FAA0                   ; \WaGan.0040FAA0
00440D33  |.  83C4 0C    ADD ESP,0C
00440D36  |>  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
00440D39  |.  50          PUSH EAX                               ; /Arg2
00440D3A  |.  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]          ; |
00440D3D  |.  83C1 05    ADD ECX,5                               ; |
00440D40  |.  894D E0    MOV DWORD PTR SS:[EBP-20],ECX          ; |
00440D43  |.  8B55 E0    MOV EDX,DWORD PTR SS:[EBP-20]          ; |
00440D46  |.  52          PUSH EDX                               ; |Arg1
00440D47  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
00440D4C  |.  E8 86DEFCFF CALL WaGan.0040EBD7                   ; \WaGan.0040EBD7
00440D51  |.  E9 80000000 JMP WaGan.00440DD6
00440D56  |>  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
00440D59  |.  E8 B259FCFF CALL WaGan.00406710
00440D5E  |.  85C0       TEST EAX,EAX
00440D60  |.  74 3B       JE SHORT WaGan.00440D9D
00440D62  |.  6A 24       PUSH 24                               ; /Arg1 = 00000024
00440D64  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
00440D69  |.  E8 16DFFCFF CALL WaGan.0040EC84                   ; \WaGan.0040EC84
00440D6E  |.  68 6CE04800 PUSH WaGan.0048E06C                   ; /Arg2 = 0048E06C
00440D73  |.  68 382F4900 PUSH WaGan.00492F38                   ; |Arg1 = 00492F38
00440D78  |.  E8 23EDFCFF CALL WaGan.0040FAA0                   ; \WaGan.0040FAA0
00440D7D  |.  83C4 08    ADD ESP,8
00440D80  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
00440D83  |.  50          PUSH EAX                               ; /Arg2
00440D84  |.  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]          ; |
00440D87  |.  83C1 0A    ADD ECX,0A                            ; |
00440D8A  |.  894D E0    MOV DWORD PTR SS:[EBP-20],ECX          ; |
00440D8D  |.  8B55 E0    MOV EDX,DWORD PTR SS:[EBP-20]          ; |
00440D90  |.  52          PUSH EDX                               ; |Arg1
00440D91  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
00440D96  |.  E8 3CDEFCFF CALL WaGan.0040EBD7                   ; \WaGan.0040EBD7
00440D9B  |.  EB 39       JMP SHORT WaGan.00440DD6
00440D9D  |>  6A 35       PUSH 35                               ; /Arg1 = 00000035
00440D9F  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
00440DA4  |.  E8 DBDEFCFF CALL WaGan.0040EC84                   ; \WaGan.0040EC84
00440DA9  |.  68 74E04800 PUSH WaGan.0048E074                   ; /Arg2 = 0048E074
00440DAE  |.  68 382F4900 PUSH WaGan.00492F38                   ; |Arg1 = 00492F38
00440DB3  |.  E8 E8ECFCFF CALL WaGan.0040FAA0                   ; \WaGan.0040FAA0
00440DB8  |.  83C4 08    ADD ESP,8
00440DBB  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
00440DBE  |.  50          PUSH EAX                               ; /Arg2
00440DBF  |.  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]          ; |
00440DC2  |.  83C1 0A    ADD ECX,0A                            ; |
00440DC5  |.  894D E0    MOV DWORD PTR SS:[EBP-20],ECX          ; |
00440DC8  |.  8B55 E0    MOV EDX,DWORD PTR SS:[EBP-20]          ; |
00440DCB  |.  52          PUSH EDX                               ; |Arg1
00440DCC  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
00440DD1  |.  E8 01DEFCFF CALL WaGan.0040EBD7                   ; \WaGan.0040EBD7
00440DD6  |>  6A 53       PUSH 53                               ; /Arg1 = 00000053
00440DD8  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
00440DDD  |.  E8 A2DEFCFF CALL WaGan.0040EC84                   ; \WaGan.0040EC84
00440DE2  |.  8B45 DC    MOV EAX,DWORD PTR SS:[EBP-24]
00440DE5  |.  25 FF000000 AND EAX,0FF
00440DEA  |.  8B0C85 B0BD48>MOV ECX,DWORD PTR DS:[EAX*4+48BDB0]
00440DF1  |.  51          PUSH ECX                               ; /Arg3
00440DF2  |.  68 7CE04800 PUSH WaGan.0048E07C                   ; |Arg2 = 0048E07C ASCII "%s"
00440DF7  |.  68 382F4900 PUSH WaGan.00492F38                   ; |Arg1 = 00492F38
00440DFC  |.  E8 9FECFCFF CALL WaGan.0040FAA0                   ; \WaGan.0040FAA0
00440E01  |.  83C4 0C    ADD ESP,0C
00440E04  |.  6A 12       PUSH 12                               ; /Arg1 = 00000012
00440E06  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
00440E0B  |.  E8 74DEFCFF CALL WaGan.0040EC84                   ; \WaGan.0040EC84
00440E10  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]
00440E13  |.  E8 35EAFFFF CALL WaGan.0043F84D
00440E18  |.  25 FF000000 AND EAX,0FF
00440E1D  |.  6BC0 0A    IMUL EAX,EAX,0A
00440E20  |.  50          PUSH EAX                               ; /Arg3
00440E21  |.  68 80E04800 PUSH WaGan.0048E080                   ; |Arg2 = 0048E080 ASCII "%4u%%"
00440E26  |.  68 382F4900 PUSH WaGan.00492F38                   ; |Arg1 = 00492F38
00440E2B  |.  E8 70ECFCFF CALL WaGan.0040FAA0                   ; \WaGan.0040FAA0
00440E30  |.  83C4 0C    ADD ESP,0C
00440E33  |.  EB 20       JMP SHORT WaGan.00440E55
00440E35  |>  8A55 10    MOV DL,BYTE PTR SS:[EBP+10]
00440E38  |.  52          PUSH EDX                               ; /Arg6
00440E39  |.  8A45 08    MOV AL,BYTE PTR SS:[EBP+8]             ; |
00440E3C  |.  50          PUSH EAX                               ; |Arg5
00440E3D  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00440E40  |.  51          PUSH ECX                               ; |Arg4
00440E41  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]          ; |
00440E44  |.  52          PUSH EDX                               ; |Arg3
00440E45  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]          ; |
00440E48  |.  50          PUSH EAX                               ; |Arg2
00440E49  |.  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]          ; |
00440E4C  |.  51          PUSH ECX                               ; |Arg1
00440E4D  |.  E8 37000000 CALL WaGan.00440E89                   ; \WaGan.00440E89
00440E52  |.  83C4 18    ADD ESP,18
00440E55  |>  6A 00       PUSH 0                                  ; /Arg1 = 00000000
00440E57  |.  B9 382F4900 MOV ECX,WaGan.00492F38                ; |
00440E5C  |.  E8 A9DEFCFF CALL WaGan.0040ED0A                   ; \WaGan.0040ED0A
00440E61  |.  6A 01       PUSH 1                                  ; /Arg1 = 00000001
00440E63  |.  B9 50424B00 MOV ECX,WaGan.004B4250                ; |
00440E68  |.  E8 14300100 CALL WaGan.00453E81                   ; \WaGan.00453E81
00440E6D  |.  E8 84D7FDFF CALL WaGan.0041E5F6                   ;  画图
00440E72  |.  5E          POP ESI
00440E73  |.  8BE5       MOV ESP,EBP
00440E75  |.  5D          POP EBP
00440E76  \.  C2 0C00    RETN 0C

[广告] 安装Alexa工具条，提高轩辕排名，支持轩辕发展！


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#29

发表于 2007-12-30 21:23 资料个人空间短消息看全部作者

升级

004073B8  /$  55          PUSH EBP
004073B9  |.  8BEC       MOV EBP,ESP
004073BB  |.  83EC 18    SUB ESP,18
004073BE  |.  894D E8    MOV DWORD PTR SS:[EBP-18],ECX
004073C1  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
004073C4  |.  E8 37210000 CALL WaGan.00409500
004073C9  |.  8945 F4    MOV DWORD PTR SS:[EBP-C],EAX
004073CC  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
004073CF  |.  25 FF000000 AND EAX,0FF
004073D4  |.  B9 FF000000 MOV ECX,0FF
004073D9  |.  2BC8       SUB ECX,EAX
004073DB  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]
004073DE  |.  33C0       XOR EAX,EAX
004073E0  |.  8A42 2C    MOV AL,BYTE PTR DS:[EDX+2C]
004073E3  |.  3BC8       CMP ECX,EAX
004073E5  |.  73 12       JNB SHORT WaGan.004073F9
004073E7  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
004073EA  |.  33D2       XOR EDX,EDX
004073EC  |.  8A51 2C    MOV DL,BYTE PTR DS:[ECX+2C]
004073EF  |.  B8 FF000000 MOV EAX,0FF
004073F4  |.  2BC2       SUB EAX,EDX
004073F6  |.  8845 08    MOV BYTE PTR SS:[EBP+8],AL
004073F9  |>  C645 F0 00 MOV BYTE PTR SS:[EBP-10],0
004073FD  |.  EB 09       JMP SHORT WaGan.00407408
004073FF  |>  8A4D F0    /MOV CL,BYTE PTR SS:[EBP-10]
00407402  |.  80C1 01    |ADD CL,1
00407405  |.  884D F0    |MOV BYTE PTR SS:[EBP-10],CL
00407408  |>  8B55 F0       MOV EDX,DWORD PTR SS:[EBP-10]
0040740B  |.  81E2 FF000000 |AND EDX,0FF
00407411  |.  83FA 07    |CMP EDX,7
00407414  |.  0F8D 94000000 |JGE WaGan.004074AE
0040741A  |.  8B45 F0    |MOV EAX,DWORD PTR SS:[EBP-10]
0040741D  |.  25 FF000000 |AND EAX,0FF
00407422  |.  50          |PUSH EAX                               ; /Arg1
00407423  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]          ; |
00407426  |.  33D2       |XOR EDX,EDX                            ; |
00407428  |.  8A51 2B    |MOV DL,BYTE PTR DS:[ECX+2B]          ; |
0040742B  |.  8BCA       |MOV ECX,EDX                            ; |
0040742D  |.  6BC9 1B    |IMUL ECX,ECX,1B                      ; |
00407430  |.  81C1 A0BF4A00 |ADD ECX,WaGan.004ABFA0                ; |
00407436  |.  E8 65210000 |CALL WaGan.004095A0                   ; \WaGan.004095A0
0040743B  |.  25 FF000000 |AND EAX,0FF
00407440  |.  8945 FC    |MOV DWORD PTR SS:[EBP-4],EAX
00407443  |.  8B45 F0    |MOV EAX,DWORD PTR SS:[EBP-10]
00407446  |.  25 FF000000 |AND EAX,0FF
0040744B  |.  83F8 04    |CMP EAX,4
0040744E  |.  7F 21       |JG SHORT WaGan.00407471
00407450  |.  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10]
00407453  |.  81E1 FF000000 |AND ECX,0FF
00407459  |.  51          |PUSH ECX
0040745A  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]
0040745D  |.  E8 9AFEFFFF |CALL WaGan.004072FC 从人物属性出来结果
00407462  |.  25 FF000000 |AND EAX,0FF
00407467  |.  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
0040746A  |.  03D0       |ADD EDX,EAX
0040746C  |.  D1EA       |SHR EDX,1
0040746E  |.  8955 FC    |MOV DWORD PTR SS:[EBP-4],EDX
00407471  |>  837D FC 00 |CMP DWORD PTR SS:[EBP-4],0
00407475  |.  74 32       |JE SHORT WaGan.004074A9
00407477  |.  C745 EC 00000>|MOV DWORD PTR SS:[EBP-14],0
0040747E  |.  EB 09       |JMP SHORT WaGan.00407489
00407480  |>  8B45 EC    |/MOV EAX,DWORD PTR SS:[EBP-14]
00407483  |.  83C0 01    ||ADD EAX,1
00407486  |.  8945 EC    ||MOV DWORD PTR SS:[EBP-14],EAX
00407489  |>  8B4D 08    | MOV ECX,DWORD PTR SS:[EBP+8]
0040748C  |.  81E1 FF000000 ||AND ECX,0FF
00407492  |.  394D EC    ||CMP DWORD PTR SS:[EBP-14],ECX
00407495  |.  7D 12       ||JGE SHORT WaGan.004074A9
00407497  |.  8B55 FC    ||MOV EDX,DWORD PTR SS:[EBP-4]
0040749A  |.  52          ||PUSH EDX                            ; /Arg2
0040749B  |.  8A45 F0    ||MOV AL,BYTE PTR SS:[EBP-10]          ; |
0040749E  |.  50          ||PUSH EAX                            ; |Arg1
0040749F  |.  8B4D E8    ||MOV ECX,DWORD PTR SS:[EBP-18]       ; |
004074A2  |.  E8 70F9FFFF ||CALL WaGan.00406E17                   ; \WaGan.00406E17
004074A7  |.^ EB D7       |\JMP SHORT WaGan.00407480
004074A9  |>^ E9 51FFFFFF \JMP WaGan.004073FF
004074AE  |>  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
004074B1  |.  8A51 2C    MOV DL,BYTE PTR DS:[ECX+2C]
004074B4  |.  0255 08    ADD DL,BYTE PTR SS:[EBP+8]
004074B7  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18]
004074BA  |.  8850 2C    MOV BYTE PTR DS:[EAX+2C],DL
004074BD  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
004074C0  |.  33D2       XOR EDX,EDX
004074C2  |.  8A51 2C    MOV DL,BYTE PTR DS:[ECX+2C]
004074C5  |.  83FA FF    CMP EDX,-1
004074C8  |.  72 07       JB SHORT WaGan.004074D1
004074CA  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18]
004074CD  |.  C640 2D FF MOV BYTE PTR DS:[EAX+2D],0FF
004074D1  |>  837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
004074D5  |.  0F84 C0000000 JE WaGan.0040759B
004074DB  |.  E8 42440000 CALL WaGan.0040B922
004074E0  |.  85C0       TEST EAX,EAX
004074E2  |.  74 14       JE SHORT WaGan.004074F8
004074E4  |.  6A 00       PUSH 0                                  ; /Arg4 = 00000000
004074E6  |.  6A 00       PUSH 0                                  ; |Arg3 = 00000000
004074E8  |.  6A 0B       PUSH 0B                               ; |Arg2 = 0000000B
004074EA  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
004074ED  |.  51          PUSH ECX                               ; |Arg1
004074EE  |.  B9 F05D4B00 MOV ECX,WaGan.004B5DF0                ; |
004074F3  |.  E8 97020500 CALL WaGan.0045778F                   ; \WaGan.0045778F
004074F8  |>  6A 01       PUSH 1                                  ; /Arg2 = 00000001
004074FA  |.  6A 0B       PUSH 0B                               ; |Arg1 = 0000000B
004074FC  |.  B9 B0694B00 MOV ECX,WaGan.004B69B0                ; |
00407501  |.  E8 74D10600 CALL WaGan.0047467A                   ; \WaGan.0047467A
00407506  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]
00407509  |.  33C0       XOR EAX,EAX
0040750B  |.  8A42 2C    MOV AL,BYTE PTR DS:[EDX+2C]
0040750E  |.  50          PUSH EAX                               ; /Arg4
0040750F  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]          ; |
00407512  |.  83C1 08    ADD ECX,8                               ; |
00407515  |.  51          PUSH ECX                               ; |Arg3
00407516  |.  68 50B14800 PUSH WaGan.0048B150                   ; |Arg2 = 0048B150
0040751B  |.  6A 02       PUSH 2                                  ; |Arg1 = 00000002
0040751D  |.  E8 77810200 CALL WaGan.0042F699                   ; \WaGan.0042F699
00407522  |.  83C4 10    ADD ESP,10
00407525  |.  C645 F8 00 MOV BYTE PTR SS:[EBP-8],0
00407529  |.  EB 09       JMP SHORT WaGan.00407534
0040752B  |>  8A55 F8    /MOV DL,BYTE PTR SS:[EBP-8]
0040752E  |.  80C2 01    |ADD DL,1
00407531  |.  8855 F8    |MOV BYTE PTR SS:[EBP-8],DL
00407534  |>  8B45 F8       MOV EAX,DWORD PTR SS:[EBP-8]
00407537  |.  25 FF000000 |AND EAX,0FF
0040753C  |.  83F8 44    |CMP EAX,44
0040753F  |.  7D 5A       |JGE SHORT WaGan.0040759B
00407541  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]
00407544  |.  33D2       |XOR EDX,EDX
00407546  |.  8A51 2B    |MOV DL,BYTE PTR DS:[ECX+2B]
00407549  |.  52          |PUSH EDX                               ; /Arg1
0040754A  |.  8B4D F8    |MOV ECX,DWORD PTR SS:[EBP-8]          ; |
0040754D  |.  81E1 FF000000 |AND ECX,0FF                            ; |
00407553  |.  6BC9 46    |IMUL ECX,ECX,46                      ; |
00407556  |.  81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0                ; |
0040755C  |.  E8 1F200000 |CALL WaGan.00409580                   ; \WaGan.00409580
00407561  |.  25 FF000000 |AND EAX,0FF
00407566  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]
00407569  |.  33D2       |XOR EDX,EDX
0040756B  |.  8A51 2C    |MOV DL,BYTE PTR DS:[ECX+2C]
0040756E  |.  3BC2       |CMP EAX,EDX
00407570  |.  75 27       |JNZ SHORT WaGan.00407599
00407572  |.  8B4D F8    |MOV ECX,DWORD PTR SS:[EBP-8]
00407575  |.  81E1 FF000000 |AND ECX,0FF
0040757B  |.  6BC9 46    |IMUL ECX,ECX,46
0040757E  |.  81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0
00407584  |.  E8 87810500 |CALL WaGan.0045F710
00407589  |.  50          |PUSH EAX                               ; /Arg3
0040758A  |.  68 60B14800 |PUSH WaGan.0048B160                   ; |Arg2 = 0048B160
0040758F  |.  6A 02       |PUSH 2                               ; |Arg1 = 00000002
00407591  |.  E8 03810200 |CALL WaGan.0042F699                   ; \WaGan.0042F699
00407596  |.  83C4 0C    |ADD ESP,0C
00407599  |>^ EB 90       \JMP SHORT WaGan.0040752B
0040759B  |>  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18]
0040759E  |.  8A40 2C    MOV AL,BYTE PTR DS:[EAX+2C]
004075A1  |.  8BE5       MOV ESP,EBP
004075A3  |.  5D          POP EBP
004075A4  \.  C2 0800    RETN 8

修改为：
00407430  |.  81C1 A0BF4A00 |ADD ECX,WaGan.004ABFA0                ; |
00407436  |.  E8 65210000 |CALL WaGan.004095A0                   ; \WaGan.004095A0 从内存中取出结果
0040743B  |.  E8 CC160400 |CALL WaGan.00448B0C 随机计算函数
00407440  |.  8945 FC    |MOV DWORD PTR SS:[EBP-4],EAX
00407443  |.  8B45 F0    |MOV EAX,DWORD PTR SS:[EBP-10]
00407446  |.  25 FF000000 |AND EAX,0FF
0040744B  |.  83F8 04    |CMP EAX,4
0040744E  |.  7F 21       |JG SHORT WaGan.00407471
00407450  |.  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10]
00407453  |.  81E1 FF000000 |AND ECX,0FF
00407459  |.  51          |PUSH ECX                               ; /Arg1
0040745A  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]          ; |
0040745D  |.  E8 9AFEFFFF |CALL WaGan.004072FC                   ; \WaGan.004072FC

人物成长:
00448B0C  /$  55          PUSH EBP
00448B0D  |.  8BEC       MOV EBP,ESP
call 43FF54 查看属于哪一方
cmp eax,dksafjasdf
je 12321312
00448B0F  |.  25 FF000000 AND EAX,0FF
00448B14  |.  33C9       XOR ECX,ECX
00448B16  |.  8BC8       MOV ECX,EAX
00448B18  |.  6A 32       PUSH 32
00448B1A  |.  E8 13700300 CALL WaGan.0047FB32
00448B1F  |.  85C0       TEST EAX,EAX
00448B21  |.  74 03       JE SHORT WaGan.00448B26
00448B23  |.  83C1 01    ADD ECX,1
00448B26  |>  6A 32       PUSH 32
00448B28  |.  E8 05700300 CALL WaGan.0047FB32
00448B2D  |.  85C0       TEST EAX,EAX
00448B2F  |.  74 03       JE SHORT WaGan.00448B34
00448B31  |.  83E9 01    SUB ECX,1
00448B34  |>  8BC1       MOV EAX,ECX
00448B36  |.  8BE5       MOV ESP,EBP
00448B38  |.  5D          POP EBP
00448B39  \.  C3          RETN

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#30

发表于 2007-12-30 21:26 资料个人空间短消息看全部作者

判断文官武将的代码

0043FFED  /$  55          PUSH EBP
0043FFEE  |.  8BEC       MOV EBP,ESP
0043FFF0  |.  83EC 10    SUB ESP,10
0043FFF3  |.  894D F4    MOV DWORD PTR SS:[EBP-C],ECX
0043FFF6  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
0043FFF9  |.  E8 72B4FFFF CALL Ekd5.0043B470    获取武将ecx的职业
0043FFFE  |.  8845 F8    MOV BYTE PTR SS:[EBP-8],AL
00440001  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
00440004  |.  25 FF000000 AND EAX,0FF
00440009  |.  8945 F0    MOV DWORD PTR SS:[EBP-10],EAX
0044000C  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
0044000F  |.  83E9 08    SUB ECX,8                      职业-8
00440012  |.  894D F0    MOV DWORD PTR SS:[EBP-10],ECX
00440015  |.  837D F0 0C CMP DWORD PTR SS:[EBP-10],0C 大于0C 跳转 (仙人后面的跳转，策士前面的都跳转) 注意前面 -08出现负值也大于0C
00440019  |.  77 1B       JA SHORT Ekd5.00440036
0044001B  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
0044001E  |.  33D2       XOR EDX,EDX
00440020  |.  8A90 50004400 MOV DL,BYTE PTR DS:[EAX+440050]
00440026  |.  FF2495 440044>JMP DWORD PTR DS:[EDX*4+440044]
0044002D  |>  C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
00440034  |.  EB 07       JMP SHORT Ekd5.0044003D
00440036  |>  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0044003D  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00440040  |.  8BE5       MOV ESP,EBP
00440042  |.  5D          POP EBP
00440043  \.  C3          RETN
00440044 .  2D004400    DD Ekd5.0044002D                      ;  分支表被用于 00440026
00440048 .  2D004400    DD Ekd5.0044002D
0044004C .  36004400    DD Ekd5.00440036
00440050 .  00          DB 00                                  ;  分支 00440044 索引表
00440051 .  00          DB 00
00440052 .  00          DB 00
00440053 .  00          DB 00
00440054 .  02          DB 02
00440055 .  02          DB 02
00440056 .  02          DB 02
00440057 .  02          DB 02
00440058 .  02          DB 02
00440059 .  02          DB 02       武力
0044005A .  01          DB 01
0044005B .  01          DB 01
0044005C .  01          DB 01

[广告] 安装Alexa工具条，提高轩辕排名，支持轩辕发展！

打印 \| 推荐 \| 订阅 \| 收藏 \| 开通个人空间 \| 加入资讯标题: 解读KOEI曹操传代码, 好久米更新，又不太想更新，就贴些旧笔记吧并先祝大家2008快乐
本帖已经被作者加入个人空间