好友
阅读权限10
听众
最后登录1970-1-1
|
00A2F560 /$ 55 push ebp
00A2F561 |. 8BEC mov ebp,esp
00A2F563 |. 83EC 10 sub esp,0x10
00A2F566 |. 894D F4 mov ss:[ebp-0xC],ecx ; 找ecx
00A2F569 |. 837D 08 00 cmp dword ptr ss:[ebp+0x8],0x0
00A2F56D |. 7C 0B jl X00A2F57A
00A2F56F |. 8B45 F4 mov eax,ss:[ebp-0xC]
00A2F572 |. 8B4D 08 mov ecx,ss:[ebp+0x8]
00A2F575 |. 3B48 04 cmp ecx,ds:[eax+0x4] ; 包裹总格数
00A2F578 |. 7C 04 jl X00A2F57E
00A2F57A |> 32C0 xor al,al
00A2F57C |. EB 5D jmp X00A2F5DB
00A2F57E |> 8B55 F4 mov edx,ss:[ebp-0xC]
00A2F581 |. 8B42 0C mov eax,ds:[edx+0xC]
00A2F584 |. 8B4D 08 mov ecx,ss:[ebp+0x8]
00A2F587 |. 833C88 00 cmp dword ptr ds:[eax+ecx*4],0x0
00A2F58B |. 74 3D je X00A2F5CA
00A2F58D |. 0FB655 10 movzx edx,byte ptr ss:[ebp+0x10]
00A2F591 |. 85D2 test edx,edx
00A2F593 |. 74 35 je X00A2F5CA
00A2F595 |. 8B45 F4 mov eax,ss:[ebp-0xC]
00A2F598 |. 8B48 0C mov ecx,ds:[eax+0xC]
00A2F59B |. 8B55 08 mov edx,ss:[ebp+0x8]
00A2F59E |. 8B0491 mov eax,ds:[ecx+edx*4]
00A2F5A1 |. 8945 F8 mov ss:[ebp-0x8],eax
00A2F5A4 |. 8B4D F8 mov ecx,ss:[ebp-0x8]
00A2F5A7 |. 894D FC mov ss:[ebp-0x4],ecx
00A2F5AA |. 837D FC 00 cmp dword ptr ss:[ebp-0x4],0x0
00A2F5AE |. 74 13 je X00A2F5C3
00A2F5B0 |. 6A 01 push 0x1
00A2F5B2 |. 8B55 FC mov edx,ss:[ebp-0x4]
00A2F5B5 |. 8B02 mov eax,ds:[edx]
00A2F5B7 |. 8B4D FC mov ecx,ss:[ebp-0x4]
00A2F5BA |. 8B10 mov edx,ds:[eax]
00A2F5BC |. FFD2 call edx
00A2F5BE |. 8945 F0 mov ss:[ebp-0x10],eax
00A2F5C1 |. EB 07 jmp X00A2F5CA
00A2F5C3 |> C745 F0 00000>mov dword ptr ss:[ebp-0x10],0x0
00A2F5CA |> 8B45 F4 mov eax,ss:[ebp-0xC] ; eax来源於[ebp-c],[ebp-c]来源於00A2F566 |. 894D F4 mov ss:[ebp-0xC],ecx ; ecx=1F960178
00A2F5CD |. 8B48 0C mov ecx,ds:[eax+0xC] ; ecx来源於[eax+c]
00A2F5D0 |. 8B55 08 mov edx,ss:[ebp+0x8]
00A2F5D3 |. 8B45 0C mov eax,ss:[ebp+0xC]
00A2F5D6 |. 890491 mov ds:[ecx+edx*4],eax ; 背包数组起始地址 <====这是一开始CE下访问断,入手点
00A2F5D9 |. B0 01 mov al,0x1
00A2F5DB |> 8BE5 mov esp,ebp
00A2F5DD |. 5D pop ebp
00A2F5DE \. C2 0C00 retn 0xC
00A61289 |> \EB 38 jmp X00A612C3
00A6128B |> 8B4D DC mov ecx,ss:[ebp-0x24] ------这里往上找
00A6128E |. 8B51 40 mov edx,ds:[ecx+0x40]
00A61291 |. 52 push edx
00A61292 |. 8B4D FC mov ecx,ss:[ebp-0x4]
00A61295 |. 81C1 10920000 add ecx,0x9210
00A6129B |. E8 30E0FCFF call 00A2F2D0
00A612A0 |. 8945 F4 mov ss:[ebp-0xC],eax
00A612A3 |. 6A 00 push 0x0
00A612A5 |. 6A 00 push 0x0
00A612A7 |. 8B45 DC mov eax,ss:[ebp-0x24]
00A612AA |. 8B48 40 mov ecx,ds:[eax+0x40]
00A612AD |. 51 push ecx
00A612AE |. 8B4D FC mov ecx,ss:[ebp-0x4] ; ecx来源於[ebp-4]
00A612B1 |. 81C1 10920000 add ecx,0x9210
00A612B7 |. E8 A4E2FCFF call 00A2F560 ; ****
00A610D0 /. 55 push ebp
00A610D1 |. 8BEC mov ebp,esp
00A610D3 |. 83EC 2C sub esp,0x2C
00A610D6 |. 894D DC mov ss:[ebp-0x24],ecx
00A610D9 |. 6A 00 push 0x0
00A610DB |. 68 90520101 push 01015290
00A610E0 |. 68 74520101 push 01015274
00A610E5 |. 6A 00 push 0x0
00A610E7 |. 8B45 08 mov eax,ss:[ebp+0x8]
00A610EA |. 50 push eax
00A610EB |. E8 79CC2700 call 00CDDD69
00A610F0 |. 83C4 14 add esp,0x14
00A610F3 |. 8945 EC mov ss:[ebp-0x14],eax
00A610F6 |. C745 FC 00000>mov dword ptr ss:[ebp-0x4],0x0
00A610FD |. 837D EC 00 cmp dword ptr ss:[ebp-0x14],0x0
00A61101 |. 74 1A je X00A6111D
00A61103 |. 8B4D EC mov ecx,ss:[ebp-0x14]
00A61106 |. E8 657DC8FF call 006E8E70 ; eax这有改变---进去
00A6110B |. 8945 FC mov ss:[ebp-0x4],eax ; [ebp-4]来源於eax
00A6110E |. 837D FC 00 cmp dword ptr ss:[ebp-0x4],0x0
00A61112 |. 74 09 je X00A6111D
00A61114 |. C745 D8 01000>mov dword ptr ss:[ebp-0x28],0x1
00A6111B |. EB 07 jmp X00A61124
00A6111D |> C745 D8 00000>mov dword ptr ss:[ebp-0x28],0x0
00A61124 |> 8A4D D8 mov cl,ss:[ebp-0x28]
00A61127 |. 884D FB mov ss:[ebp-0x5],cl
00A6112A |. 0FB655 FB movzx edx,byte ptr ss:[ebp-0x5]
00A6112E |. 85D2 test edx,edx
00A61130 |. 74 14 je X00A61146
00A61132 |. 8B45 0C mov eax,ss:[ebp+0xC]
00A61135 |. 8B10 mov edx,ds:[eax]
00A61137 |. 8B4D 0C mov ecx,ss:[ebp+0xC]
00A6113A |. 8B42 34 mov eax,ds:[edx+0x34]
00A6113D |. FFD0 call eax
00A6113F |. 0FB6C8 movzx ecx,al
00A61142 |. 85C9 test ecx,ecx
00A61144 |. 75 05 jnz X00A6114B
00A61146 |> E9 0F020000 jmp 00A6135A
00A6114B |> 6A 08 push 0x8
00A6114D |. 8B4D 0C mov ecx,ss:[ebp+0xC]
00A61150 |. E8 6BE1A0FF call 0046F2C0
00A610D0 /. 55 push ebp
00A610D1 |. 8BEC mov ebp,esp
00A610D3 |. 83EC 2C sub esp,0x2C
00A610D6 |. 894D DC mov ss:[ebp-0x24],ecx
00A610D9 |. 6A 00 push 0x0
00A610DB |. 68 90520101 push 01015290
00A610E0 |. 68 74520101 push 01015274
00A610E5 |. 6A 00 push 0x0
00A610E7 |. 8B45 08 mov eax,ss:[ebp+0x8]
00A610EA |. 50 push eax
00A610EB |. E8 79CC2700 call 00CDDD69
00A610F0 |. 83C4 14 add esp,0x14
00A610F3 |. 8945 EC mov ss:[ebp-0x14],eax
00A610F6 |. C745 FC 00000>mov dword ptr ss:[ebp-0x4],0x0
00A610FD |. 837D EC 00 cmp dword ptr ss:[ebp-0x14],0x0
00A61101 |. 74 1A je X00A6111D
00A61103 |. 8B4D EC mov ecx,ss:[ebp-0x14]
00A61106 |. E8 657DC8FF call 006E8E70 ; eax这有改变---进去
00A6110B |. 8945 FC mov ss:[ebp-0x4],eax ; [ebp-4]来源於eax
00A6110E |. 837D FC 00 cmp dword ptr ss:[ebp-0x4],0x0
00A61112 |. 74 09 je X00A6111D
00A61114 |. C745 D8 01000>mov dword ptr ss:[ebp-0x28],0x1
00A6111B |. EB 07 jmp X00A61124
00A6111D |> C745 D8 00000>mov dword ptr ss:[ebp-0x28],0x0
00A61124 |> 8A4D D8 mov cl,ss:[ebp-0x28]
00A61127 |. 884D FB mov ss:[ebp-0x5],cl
00A6112A |. 0FB655 FB movzx edx,byte ptr ss:[ebp-0x5]
00A6112E |. 85D2 test edx,edx
00A61130 |. 74 14 je X00A61146
00A61132 |. 8B45 0C mov eax,ss:[ebp+0xC]
00A61135 |. 8B10 mov edx,ds:[eax]
00A61137 |. 8B4D 0C mov ecx,ss:[ebp+0xC]
00A6113A |. 8B42 34 mov eax,ds:[edx+0x34]
00A6113D |. FFD0 call eax
00A6113F |. 0FB6C8 movzx ecx,al
00A61142 |. 85C9 test ecx,ecx
00A61144 |. 75 05 jnz X00A6114B
00A61146 |> E9 0F020000 jmp 00A6135A
00A6114B |> 6A 08 push 0x8
00A6114D |. 8B4D 0C mov ecx,ss:[ebp+0xC]
00A61150 |. E8 6BE1A0FF call 0046F2C0
006E8E70 /$ 55 push ebp
006E8E71 |. 8BEC mov ebp,esp
006E8E73 |. 51 push ecx
006E8E74 |. 894D FC mov ss:[ebp-0x4],ecx
006E8E77 |. 6A 00 push 0x0
006E8E79 |. 68 D0D50801 push 0108D5D0
006E8E7E |. 68 286E0101 push 01016E28
006E8E83 |. 8B4D FC mov ecx,ss:[ebp-0x4]
006E8E86 |. 81C1 18040000 add ecx,0x418
006E8E8C |. E8 CFFADBFF call 004A8960 ; eax有改变--进去
006E8E91 |. 6A 00 push 0x0
006E8E93 |. 50 push eax
006E8E94 |. E8 D04E5F00 call 00CDDD69
006E8E99 |. 83C4 14 add esp,0x14
006E8E9C |. 8BE5 mov esp,ebp
006E8E9E |. 5D pop ebp
006E8E9F \. C3 retn
004A8960 /$ 55 push ebp
004A8961 |. 8BEC mov ebp,esp
004A8963 |. 51 push ecx
004A8964 |. 894D FC mov ss:[ebp-0x4],ecx ; [ebp-4]来源於ecx,找ecx,返回上一层看
004A8967 |. 8B45 FC mov eax,ss:[ebp-0x4]
004A896A |. 8B00 mov eax,ds:[eax] ; eax来源於[eax]
004A896C |. 8BE5 mov esp,ebp
004A896E |. 5D pop ebp
004A896F \. C3 retn
006D121C . 8B48 08 mov ecx,ds:[eax+0x8]
006D121F . 898A 30020000 mov ds:[edx+0x230],ecx
006D1225 . 8B55 F8 mov edx,ss:[ebp-0x8]
006D1228 . 83C2 01 add edx,0x1
006D122B . 8955 F8 mov ss:[ebp-0x8],edx
006D122E . A1 C4401A01 mov eax,ds:[0x11A40C4]
006D1233 . 83C0 01 add eax,0x1
006D1236 . A3 C4401A01 mov ds:[0x11A40C4],eax
006D123B . 8B8D B8FBFFFF mov ecx,ss:[ebp-0x448] ; ecx来源於ebp-448
006D1241 . 51 push ecx
006D1242 . 8B95 C0FBFFFF mov edx,ss:[ebp-0x440]
006D0BBF CC int3
006D0BC0 $ 55 push ebp
006D0BC1 . 8BEC mov ebp,esp
006D0BC3 . 81EC 48040000 sub esp,0x448
006D0BC9 . A1 BCFE0F01 mov eax,ds:[0x10FFEBC]
006D0BCE . 33C5 xor eax,ebp
006D0BD0 . 8945 EC mov ss:[ebp-0x14],eax
006D0BD3 . 898D B8FBFFFF mov ss:[ebp-0x448],ecx ; ebp-448来源於 ecx,找ecx
006D0BD9 . C785 E0FBFFFF>mov dword ptr ss:[ebp-0x420],-0x2
006D0BE3 . 8B85 B8FBFFFF mov eax,ss:[ebp-0x448]
006D0BE9 . 05 30020000 add eax,0x230
006D0BEE . 8945 FC mov ss:[ebp-0x4],eax
006D0BF1 . C645 F3 01 mov byte ptr ss:[ebp-0xD],0x1
006D0BF5 . C745 F4 00000>mov dword ptr ss:[ebp-0xC],0x0
006D0BFC . C745 F8 00000>mov dword ptr ss:[ebp-0x8],0x0
006D0C03 > B9 01000000 mov ecx,0x1
006EA450 /. 55 push ebp
006EA451 |. 8BEC mov ebp,esp
006EA453 |. 6A FF push -0x1
006EA455 |. 68 AABEDC00 push 00DCBEAA
006EA45A |. 64:A1 0000000>mov eax,fs:[0]
006EA460 |. 50 push eax
006EA461 |. 81EC 8C010000 sub esp,0x18C
006EA467 |. A1 BCFE0F01 mov eax,ds:[0x10FFEBC]
006EA46C |. 33C5 xor eax,ebp
006EA46E |. 8945 F0 mov ss:[ebp-0x10],eax
006EA471 |. 50 push eax
006EA472 |. 8D45 F4 lea eax,ss:[ebp-0xC]
006EA475 |. 64:A3 0000000>mov fs:[0],eax
006EA47B |. 898D 6CFEFFFF mov ss:[ebp-0x194],ecx ; 找ecx
00471150 /$ 55 push ebp
00471151 |. 8BEC mov ebp,esp
00471153 |. 83EC 24 sub esp,0x24
00471156 |. 894D DC mov ss:[ebp-0x24],ecx ; 找ecx
00471159 |. 8B45 08 mov eax,ss:[ebp+0x8]
0047115C |. 8B10 mov edx,ds:[eax]
0047115E |. 8B4D 08 mov ecx,ss:[ebp+0x8]
006CBB70 /$ 55 push ebp
006CBB71 |. 8BEC mov ebp,esp
006CBB73 |. 8B45 08 mov eax,ss:[ebp+0x8] ; 堆栈 ss:[0018E51C]=0018E5BC
006CBB76 |. 8B40 04 mov eax,ds:[eax+0x4] ; 堆栈 ds:[0018E5C0]=8F9AED0A
006CBB79 |. 33D2 xor edx,edx ; edx=028F4C0A
006CBB7B |. B9 7F000000 mov ecx,0x7F ; ecx=00000028
006CBB80 |. F7F1 div ecx ; div ecx = eax/0x7f
006CBB82 |. 8BC2 mov eax,edx ; edx=eax/0x7f的余数
006CBB84 |. 5D pop ebp
006CBB85 \. C3 retn
物品id
dd [[[55*4+0x11A40D0]+418]+0x9210+c]+0*4
物品数量
dd [[[[[[55*4+0x11A40D0]+418]+0x9210+c]+0*4]+14]+4]+2c
物品名
db [[[[[[[55*4+0x11A40D0]+418]+0x9210+c]+0*4]+14]]+4]
物品名找了一整天,原来怪物对象要加好几层偏移,才有背包名
|
免费评分
-
查看全部评分
|
发表于 2014-12-30 19:05
