郁金香灬老师
QQ 150330575
视频下载地址链接:https://pan.baidu.com/s/1Bu_DCumBkQPj4JqkwRJm1g 密码:uxku
0042E748 - 83 BF 64040000 00 - cmp dword ptr [edi+00000464],00
0042E74F - 0F84 64010000 - je NYCSClient.exe+30E8B9
0042E755 - 83 BF 00030000 00 - cmp dword ptr [edi+00000300],00 << //300偏移为物品数量
0042E75C - 0F86 57010000 - jbe NYCSClient.exe+30E8B9
0042E762 - 8B 8E 24040000 - mov ecx,[esi+00000424]
00F64EA6 85C9 TEST ECX,ECX
00F64EA8 0F8C 98010000 JL NYCSClie.00F65046
00F64EAE 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
00F64EB1 8D42 9C LEA EAX,DWORD PTR DS:[EDX-64]
00F64EB4 83F8 7C CMP EAX,7C
00F64EB7 0F87 89010000 JA NYCSClie.00F65046
00F64EBD 0FB680 9050F600 MOVZX EAX, BYTE [EAX+F65090]
00F64EC4 FF2485 4C50F600 JMP DWORD PTR DS:[EAX*4+F6504C]
00F64ECB 51 PUSH ECX
00F64ECC B9 582E7602 MOV ECX,NYCSClie.02762E58 ; 可能是基址
00F64ED1 E8 1AA6E6FF CALL NYCSClie.00DCF4F0
00F64ED6 5D POP EBP
00DCF565 FFD7 CALL EDI
00DCF567 50 PUSH EAX
00DCF568 FF15 78DEB301 CALL DWORD PTR DS:[<&USER32.ShowWindow>] ; USER32.ShowWindow
00DCF56E EB 01 JMP SHORT NYCSClie.00DCF571
00DCF570 CC INT3
00DCF571 5F POP EDI
00DCF572 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
00DCF575 69F6 70040000 IMUL ESI,ESI,470 ; 结构大小 struct
00DCF57B 8D841E 20010000 LEA EAX,DWORD PTR DS:[ESI+EBX+120] ; dd [02762E58+120+470*2]
00DCF582 5E POP ESI
00DCF583 33CD XOR ECX,EBP
00DCF585 5B POP EBX
00DCF586 E8 136D2800 CALL NYCSClie.0105629E
00DCF58B 8BE5 MOV ESP,EBP
typedef strcut 背包结构
{
int i;
int b;
char szName[333];
char *pmsg;
}
背包结构 背包数组[20];
db [02762E58+120+470*4+468]+1a8
NYCSClient.exe+2642E58 - 98 - cwde
DWORD BASE=(DWORD)LoadLibraryA("NYCSClient.exe");
DWORD dw背包数组基址=BASE+0x2642E58;
|
|小黑屋|手机版|鑫郁飞网络技术-郁金香灬老师
( 苏ICP备10059359号 )
发表于