|
|
发表于 2023-10-1 00:44:41
|
查看: 2079 |
回复: 0
D1010000D1010000A0000000A0000000
血上限 血 蓝上限 蓝
D1010000 D1010000 A0000000 A0000000 //用字节集 定位人物对象指针+88EC
[[基址]+14] 游戏对象
[[[基址]+14]+98] 零0=离线 非零=人物对象指针
//以下偏移 常变化 上边的基址偏移较固定
人物对象指针+18 int x
人物对象指针+44 int y
人物对象指针+8A68 等级
人物对象指针+94B4 int x
人物对象指针+94B8 int y
人物对象指针+94BC 寻路状态
人物对象指针+8868 ascii 人物名字
人物对象指针+88EC MAX HP 血上限
人物对象指针+88F0 MIN HP 血
人物对象指针+88F4 MAX MP 蓝上限
人物对象指针+88F8 MIN MP 蓝
QQSG.exe+CEB90 - 8B 81 50880000 - mov eax,[ecx+00008850] 当前血量
QQSG.exe+CEB96 - 33 C9 - xor ecx,ecx
QQSG.exe+CEB98 - 85 C0 - test eax,eax
QQSG.exe+CEB9A - 0F9E C1 - setle cl
QQSG.exe+CEB9D - 49 - dec ecx
QQSG.exe+CEB9E - 23 C1 - and eax,ecx
QQSG.exe+CEBA0 - C3 - ret
009FA380 | 8B41 40 | mov eax, dword ptr ds:[ecx+40] | [ecx+40]:"0*?"
009FA383 | 85C0 | test eax, eax |
009FA385 | 74 15 | je qqsg.9FA39C |
009FA387 | 8A50 24 | mov dl, byte ptr ds:[eax+24] |
009FA38A | 84D2 | test dl, dl |
009FA38C | 74 0E | je qqsg.9FA39C |
009FA38E | 8B40 20 | mov eax, dword ptr ds:[eax+20] |
009FA391 | 85C0 | test eax, eax |
009FA393 | 74 04 | je qqsg.9FA399 |
009FA395 | 8B40 50 | mov eax, dword ptr ds:[eax+50] |
009FA398 | C3 | ret |
009FA399 | 33C0 | xor eax, eax |
009FA39B | C3 | ret |
009FA39C | 8B41 14 | mov eax, dword ptr ds:[ecx+14] | [[[基址]+14]+98] 零0=离线 非零=人物对象指针
009FA39F | C3 | ret |
0058DF30 | EB 13 | jmp qqsg.58DF45 |
0058DF32 | 8B4424 34 | mov eax, dword ptr ss:[esp+34] |
0058DF36 | 8B4C24 40 | mov ecx, dword ptr ss:[esp+40] |
0058DF3A | A3 A0C12E01 | mov dword ptr ds:[12EC1A0], eax |
0058DF3F | 890D ECC12E01 | mov dword ptr ds:[12EC1EC], ecx
0058DF45 | 8B0D D0982E01 | mov ecx, dword ptr ds:[基址]
0058DF4B | C64424 13 00 | mov byte ptr ss:[esp+13], 0 |
0058DF50 | E8 2BC44600 | call qqsg.9FA380 |
0058DF55 | 8BB0 98000000 | mov esi, dword ptr ds:[eax+98] | [[[基址]+14]+98] 零0=离线 非零=人物对象指针
0058DF5B | 85F6 | test esi, esi |
0058DF5D | 0F84 E4020000 | je qqsg.58E247 |
0058DF63 | 8BAC24 C8000000 | mov ebp, dword ptr ss:[esp+C8] |
0058DF6A | 8B16 | mov edx, dword ptr ds:[esi] |
0058DF6C | 8BCE | mov ecx, esi | ecx:&"$@9\r\x01"
0058DF6E | C64424 12 00 | mov byte ptr ss:[esp+12], 0 |
0058DF73 | 8BBD CFF30000 | mov edi, dword ptr ss:[ebp+F3CF] |
0058DF79 | FF92 FC000000 | call dword ptr ds:[edx+FC] |
0058DF7F | 3BF8 | cmp edi, eax |
0058DF81 | 74 10 | je qqsg.58DF93 |
0058DF83 | 8B06 | mov eax, dword ptr ds:[esi] |
0058DF85 | 57 | push edi |
0058DF86 | 8BCE | mov ecx, esi | ecx:&"$@9\r\x01"
0058DF88 | FF90 00010000 | call dword ptr ds:[eax+100] |
009FA340 | 6A FF | push FFFFFFFF |
009FA342 | 68 E813D100 | push qqsg.D113E8 | D113E8:"笜A?"
009FA347 | 64:A1 00000000 | mov eax, dword ptr fs:[0] |
009FA34D | 50 | push eax |
009FA34E | 64:8925 00000000 | mov dword ptr fs:[0], esp |
009FA355 | 51 | push ecx | ecx:&"$@9\r\x01"
009FA356 | 894C24 00 | mov dword ptr ss:[esp], ecx |
009FA35A | C74424 0C 00000000 | mov dword ptr ss:[esp+C], 0 |
009FA362 | E8 29480000 | call qqsg.9FEB90 |
009FA367 | 8B4C24 04 | mov ecx, dword ptr ss:[esp+4] |
009FA36B | C705 D0982E01 0000000 | mov dword ptr ds:[<基址>], 0 |
009FA375 | 64:890D 00000000 | mov dword ptr fs:[0], ecx | ecx:&"$@9\r\x01"
009FA37C | 83C4 10 | add esp, 10 |
009FA37F | C3 | ret |
006B83D5 | E8 D6973900 | call qqsg.A51BB0 |
006B83DA | 83C4 04 | add esp, 4 |
006B83DD | B8 01000000 | mov eax, 1 |
006B83E2 | 5F | pop edi |
006B83E3 | C3 | ret |
006B83E4 | 53 | push ebx |
006B83E5 | 55 | push ebp |
006B83E6 | 56 | push esi |
006B83E7 | 8B7424 14 | mov esi, dword ptr ss:[esp+14] |
006B83EB | 6A 00 | push 0 |
006B83ED | 6A 00 | push 0 |
006B83EF | 56 | push esi |
006B83F0 | E8 6B9B3900 | call qqsg.A51F60 |
006B83F5 | 8B0D D0982E01 | mov ecx, dword ptr ds:[<基址>] | ecx:&"$@9\r\x01"
006B83FB | 83C4 0C | add esp, C |
006B83FE | 8B49 04 | mov ecx, dword ptr ds:[ecx+4] | ecx:&"$@9\r\x01"
006B8401 | 6A 01 | push 1 |
006B8403 | 6A 04 | push 4 |
006B8405 | E8 C6D92400 | call qqsg.905DD0 |
006B840A | 8B80 E41C0000 | mov eax, dword ptr ds:[eax+1CE4] |
006B8410 | 6A FF | push FFFFFFFF |
006B8412 | 50 | push eax |
006B8413 | 68 3C35FC00 | push qqsg.FC353C | FC353C:"shopState"
006B8418 | 56 | push esi |
006B8419 | E8 626E3A00 | call qqsg.A5F280 |
006B841E | 8B15 D0982E01 | mov edx, dword ptr ds:[<基址>] |
006B8424 | A1 309B2E01 | mov eax, dword ptr ds:[12E9B30] |
006B8429 | 83C4 10 | add esp, 10 |
006B842C | 8B4A 04 | mov ecx, dword ptr ds:[edx+4] | ecx:&"$@9\r\x01"
006B842F | 8B98 40030000 | mov ebx, dword ptr ds:[eax+340] | eax+340:"l_FocusCopy"
006B8435 | 8BA8 44030000 | mov ebp, dword ptr ds:[eax+344] |
006B843B | 6A 01 | push 1 |
006B843D | 6A 04 | push 4 |
006B843F | E8 8CD92400 | call qqsg.905DD0 |
006B8444 | 8B80 D41C0000 | mov eax, dword ptr ds:[eax+1CD4] |
006B844A | 6A FF | push FFFFFFFF |
006B844C | 6A 00 | push 0 |
006B844E | 68 E8030000 | push 3E8 |
006B8453 | 55 | push ebp |
006B8454 | 53 | push ebx |
006B8455 | 894424 28 | mov dword ptr ss:[esp+28], eax |
006B8459 | E8 12856200 | call qqsg.CE0970 |
006B845E | 2B4424 18 | sub eax, dword ptr ss:[esp+18] |
006B8462 | 50 | push eax |
006B8463 | 68 3035FC00 | push qqsg.FC3530 | FC3530:"leftTime"
006B8468 | 56 | push esi |
006B8469 | E8 126E3A00 | call qqsg.A5F280 |
006B846E | 8B4F 04 | mov ecx, dword ptr ds:[edi+4] | ecx:&"$@9\r\x01"
006B8471 | 6A FF | push FFFFFFFF |
006B8473 | 51 | push ecx | ecx:&"$@9\r\x01"
006B8474 | 68 2435FC00 | push qqsg.FC3524 | FC3524:"overTime"
006B8479 | 56 | push esi |
006B847A | E8 016E3A00 | call qqsg.A5F280 |
006B847F | 8B57 0C | mov edx, dword ptr ds:[edi+C] |
006B8482 | 6A FF | push FFFFFFFF |
006B8484 | 52 | push edx |
006B8485 | 68 1C35FC00 | push qqsg.FC351C | FC351C:"itemCnt"
006B848A | 56 | push esi |
006B848B | E8 F06D3A00 | call qqsg.A5F280 |
006B8490 | 8B07 | mov eax, dword ptr ds:[edi] |
006B8492 | 6A FF | push FFFFFFFF |
006B8494 | 50 | push eax |
006B8495 | 68 1035FC00 | push qqsg.FC3510 | FC3510:"costItemID"
006B849A | 56 | push esi |
006B849B | E8 E06D3A00 | call qqsg.A5F280 |
006B84A0 | 8B0D D0982E01 | mov ecx, dword ptr ds:[<基址>] | ecx:&"$@9\r\x01"
006B84A6 | 83C4 40 | add esp, 40 |
006B84A9 | 8B49 04 | mov ecx, dword ptr ds:[ecx+4] | ecx:&"$@9\r\x01"
006B84AC | 6A 01 | push 1 |
006B84AE | 6A 04 | push 4 |
006B84B0 | E8 1BD92400 | call qqsg.905DD0 |
006B84B5 | 8B80 DC1C0000 | mov eax, dword ptr ds:[eax+1CDC] |
006B84BB | 6A FF | push FFFFFFFF |
006B84BD | 50 | push eax |
006B84BE | 68 0035FC00 | push qqsg.FC3500 | FC3500:"itemRefreshCnt"
006B84C3 | 56 | push esi |
006B84C4 | E8 B76D3A00 | call qqsg.A5F280 |
006B84C9 | 8B15 D0982E01 | mov edx, dword ptr ds:[<基址>] |
006B84CF | 83C4 10 | add esp, 10 |
006B84D2 | 8B4A 04 | mov ecx, dword ptr ds:[edx+4] | ecx:&"$@9\r\x01"
006B84D5 | 6A 01 | push 1 |
006B84D7 | 6A 04 | push 4 |
006B84D9 | E8 F2D82400 | call qqsg.905DD0 |
006B84DE | 8B80 DC1C0000 | mov eax, dword ptr ds:[eax+1CDC] |
006B84E4 | D1E0 | shl eax, 1 |
006B84E6 | 85C0 | test eax, eax |
006B84E8 | 7F 05 | jg qqsg.6B84EF |
006B84EA | B8 01000000 | mov eax, 1 |
006B84EF | 6A FF | push FFFFFFFF |
006B84F1 | 50 | push eax |
006B84F2 | 68 EC34FC00 | push qqsg.FC34EC | FC34EC:"itemRefreshNextCnt"
006B84F7 | 56 | push esi |
006B84F8 | E8 836D3A00 | call qqsg.A5F280 |
006B84FD | A1 D0982E01 | mov eax, dword ptr ds:[<基址>] |
006B8502 | 83C4 10 | add esp, 10 |
006B8505 | 8B48 04 | mov ecx, dword ptr ds:[eax+4] | ecx:&"$@9\r\x01"
006B8508 | 6A 01 | push 1 |
006B850A | 6A 04 | push 4 |
006B850C | E8 BFD82400 | call qqsg.905DD0 |
006B8511 | 8B80 E01C0000 | mov eax, dword ptr ds:[eax+1CE0] |
006B8517 | 6A FF | push FFFFFFFF |
006B8519 | 50 | push eax |
006B851A | 68 D834FC00 | push qqsg.FC34D8 | FC34D8:"discountRefreshCnt"
006B851F | 56 | push esi |
006B8520 | E8 5B6D3A00 | call qqsg.A5F280 |
006B8525 | 8B0D D0982E01 | mov ecx, dword ptr ds:[<基址>] | ecx:&"$@9\r\x01"
006B852B | 83C4 10 | add esp, 10 |
006B852E | 8B49 04 | mov ecx, dword ptr ds:[ecx+4] | ecx:&"$@9\r\x01"
006B8531 | 6A 01 | push 1 |
006B8533 | 6A 04 | push 4 |
006B8535 | E8 96D82400 | call qqsg.905DD0 |
006B853A | 8B80 E01C0000 | mov eax, dword ptr ds:[eax+1CE0] |
006B8540 | D1E0 | shl eax, 1 |
006B8542 | 85C0 | test eax, eax |
006B8544 | 7F 05 | jg qqsg.6B854B |
006B8546 | B8 01000000 | mov eax, 1 |
006B854B | 6A FF | push FFFFFFFF |
006B854D | 50 | push eax |
006B854E | 68 C034FC00 | push qqsg.FC34C0 | FC34C0:"discountRefreshNextCnt"
006B8553 | 56 | push esi |
006B8554 | E8 276D3A00 | call qqsg.A5F280 |
006B8559 | 8B3F | mov edi, dword ptr ds:[edi] |
006B855B | 8B15 D0982E01 | mov edx, dword ptr ds:[<基址>] |
006B8561 | 83C4 10 | add esp, 10 |
006B8564 | 8B4A 04 | mov ecx, dword ptr ds:[edx+4] | ecx:&"$@9\r\x01"
006B8567 | 57 | push edi |
006B8568 | 6A 01 | push 1 |
006B856A | 6A 09 | push 9 |
006B856C | E8 5FD82400 | call qqsg.905DD0 |
006B8571 | 8BC8 | mov ecx, eax | ecx:&"$@9\r\x01"
006B8573 | E8 3821D7FF | call qqsg.42A6B0 |
006B8578 | 6A FF | push FFFFFFFF |
006B857A | 50 | push eax |
006B857B | 68 B434FC00 | push qqsg.FC34B4 | FC34B4:"costItemCnt"
006B8580 | 56 | push esi |
006B8581 | E8 FA6C3A00 | call qqsg.A5F280 |
006B8586 | A1 D0982E01 | mov eax, dword ptr ds:[<基址>] |
006B858B | 83C4 10 | add esp, 10 |
006B858E | 8B48 04 | mov ecx, dword ptr ds:[eax+4] | ecx:&"$@9\r\x01"
006B8591 | 6A 01 | push 1 |
006B8593 | 6A 04 | push 4 |
006B8595 | E8 36D82400 | call qqsg.905DD0 |
006B859A | 8B88 D81C0000 | mov ecx, dword ptr ds:[eax+1CD8] | ecx:&"$@9\r\x01"
006B85A0 | B8 1F85EB51 | mov eax, 51EB851F |
006B85A5 | F7E1 | mul ecx | ecx:&"$@9\r\x01"
006B85A7 | C1EA 05 | shr edx, 5 |
006B85AA | 6A FF | push FFFFFFFF |
006B85AC | 52 | push edx |
006B85AD | 68 A834FC00 | push qqsg.FC34A8 | FC34A8:"discount"
006B85B2 | 56 | push esi |
006B85B3 | E8 C86C3A00 | call qqsg.A5F280 |
006B85B8 | 83C4 10 | add esp, 10 |
006B85BB | B8 01000000 | mov eax, 1 |
006B85C0 | 5E | pop esi |
006B85C1 | 5D | pop ebp |
006B85C2 | 5B | pop ebx |
006B85C3 | 5F | pop edi |
006B85C4 | C3 | ret |
|
|
游戏安全课程 学员办理咨询联系QQ150330575 手机 139 9636 2600 免费课程 在 www.bilibili.com 搜 郁金香灬老师
|
|
