• 979阅读
  • 0回复

2D飞行射击过关网游下断返回相同数据解决思路。 [复制链接]

上一主题 下一主题
离线啊冲
 

只看楼主 倒序阅读 使用道具 楼主  发表于: 2016-08-27
----------------
魔鬼作坊
游戏“禁技巧”分析技术揭秘中……
http://www.moguizuofang.com/bbs/
----------------
屏幕 1024*768  系统:XP3
2D飞行射击过关网游下断返回相同数据解决思路。
魔恩QQ:8643245
各位亲爱的朋友:
我们又在VIP课程相会了,那么,这节课,我将与你分享2D飞行射击过关网游下断返回相同数据解决思路。

解决问题万能思路:遇到什么问题需要解决,百度谷歌一下,你就知道了。
                  因为你想解决的问题,别人可能早已解决。

本课思路:

找CALL特点:
1.游戏下断堆栈返回相同数据。 导致无法直接下send断点获取CALL数据。
2.bp send 的数据包内存地址每次下断都变化。导致无法下硬件类断点获取CALL数据。

ctrl+n  找到 WS2_32.#115  WSAStartup函数,双击进入后,往下找子程序CALL。
在头部下断测试
是否能断下(说明可能会发包),
是否下断后立刻断下(说明发包不相关),
是否堆栈返回数据是相同的(说明不是真正的发包CALL)。


具体操作技巧:

0A6AFEB0   00415E20   ^A.  /CALL 到 send 来自 Game.00415E1A
0A6AFEB4   000006B8  ?..   |Socket = 6B8
0A6AFEB8   0AA906A0  ??    |Data = 0AA906A0
0A6AFEBC   00000012   ...  |DataSize = 12 (18.)
0A6AFEC0   00000000  ....  \Flags = 0

调用堆栈:     线程  00000B24
地址       堆栈       函数过程                              调用来自                      结构
0A6AFEB0   00415E20   WS2_32.send                           Game.00415E1A
0A6AFECC   00415EF9   Game.00415E00                         Game.00415EF4
0A6AFEE0   00412D5E   Game.00415E80                         Game.00412D59
0A6AFEF4   00412E0F   Game.00412D20                         Game.00412E0A
0A6AFF20   00412BBD   Game.00412DC0                         Game.00412BB8
0A6AFF70   004FCCDF   ? Game.00412B00                       Game.004FCCDA
0A6AFFA0   004163F1   包含Game.004FCCDF                       Game.004163EF                 0A6AFF9C
0A6AFFA8   00557649   包含Game.004163F1                       Game.00557647                 0A6AFFEC
0A6AFFB4   00557689   ? Game.00557620                       Game.00557684
0A6AFFB8   7C80B713   包含Game.00557689                       kernel32.7C80B710


===============================

调用堆栈:     主线程
地址       堆栈       函数过程                              调用来自                      结构
0013EE18   0045C4C6   Game.00413240                         Game.0045C4C1
0013EEB0   0047D538   Game.0045C320                         Game.0047D533
//万能。
0013EF8C   100793FF   包含Game.0047D538                       GSE.100793FD
0013EFA0   1E086907   包含GSE.100793FF                        python25.1E086905
0013EFB8   1E038249   python25.PyCFunction_Call             python25.1E038244
0013EFE4   1E03A3BA   python25.1E037FA0                     python25.1E03A3B5
0013F058   1E037070   python25.PyEval_EvalFrameEx           python25.1E03706B
0013F074   1E0382CB   python25.1E036FE0                     python25.1E0382C6
0013F0A0   1E03A3BA   python25.1E037FA0                     python25.1E03A3B5
0013F114   1E037070   python25.PyEval_EvalFrameEx           python25.1E03706B
0013F130   1E0382CB   python25.1E036FE0                     python25.1E0382C6
0013F15C   1E03A3BA   python25.1E037FA0                     python25.1E03A3B5
0013F1D0   1E037070   python25.PyEval_EvalFrameEx           python25.1E03706B
0013F1EC   1E0382CB   python25.1E036FE0                     python25.1E0382C6
0013F218   1E03A3BA   python25.1E037FA0                     python25.1E03A3B5
0013F28C   1E03B337   python25.PyEval_EvalFrameEx           python25.1E03B332
0013F2C0   1E06B5CF   python25.PyEval_EvalCodeEx            python25.1E06B5CA
0013F304   1E024D4C   包含python25.1E06B5CF                   python25.1E024D4A
0013F318   1E03DC28   python25.PyObject_Call                python25.1E03DC23
0013F544   1E024D4C   包含python25.1E03DC28                   python25.1E024D4A
0013F558   1E036EBB   python25.PyObject_Call                python25.1E036EB6
0013F570   100786C0   python25.PyEval_CallObjectWithKeywor  GSE.100786BA
0013F58C   1003F7CE   GSE.?py_run_member_function@pyscript  GSE.1003F7C9
0013F5A8   1006524B   包含GSE.1003F7CE                        GSE.10065249
0013F5BC   10069A7C   包含GSE.1006524B                        GSE.10069A7A


0047D41F    BF 74EC5600     MOV EDI,Game.0056EC74                    ; ASCII "cmd_leave_game"
0047D424    8BF5            MOV ESI,EBP
0047D426    B9 0F000000     MOV ECX,0F
0047D42B    33C0            XOR EAX,EAX
0047D42D    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D42F    75 0C           JNZ SHORT Game.0047D43D
0047D431    8BCB            MOV ECX,EBX                              ; EBX=005B5100 (Game.005B5100)
0047D433    E8 E88AFDFF     CALL Game.00455F20

测试成功:

mov ecx,005b5100
call 00455de0

另一种方式:查找字符串

0047D2AF    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],15
0047D2B7    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],14
0047D2BF    8BCB            MOV ECX,EBX
0047D2C1    E8 5AEDFDFF     CALL Game.0045C020
0047D2C6    E9 6F390000     JMP Game.00480C3A
0047D2CB    BF 60ED5600     MOV EDI,Game.0056ED60                    ; ASCII "cmd_get_point_card"
0047D2D0    8BF5            MOV ESI,EBP
0047D2D2    B9 13000000     MOV ECX,13
0047D2D7    33C0            XOR EAX,EAX
0047D2D9    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D2DB    75 0C           JNZ SHORT Game.0047D2E9
0047D2DD    8BCB            MOV ECX,EBX
0047D2DF    E8 DCAAFDFF     CALL Game.00457DC0
0047D2E4    E9 62390000     JMP Game.00480C4B
0047D2E9    BF 48ED5600     MOV EDI,Game.0056ED48                    ; ASCII "cmd_ready_start_game"
0047D2EE    8BF5            MOV ESI,EBP
0047D2F0    B9 15000000     MOV ECX,15
0047D2F5    33D2            XOR EDX,EDX
0047D2F7    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D2F9    75 11           JNZ SHORT Game.0047D30C
0047D2FB    68 26010000     PUSH 126
0047D300    8BCB            MOV ECX,EBX
0047D302    E8 6989FDFF     CALL Game.00455C70
0047D307    E9 3F390000     JMP Game.00480C4B
0047D30C    BF 30ED5600     MOV EDI,Game.0056ED30                    ; ASCII "cmd_game_choose_normal"
0047D311    8BF5            MOV ESI,EBP
0047D313    B9 17000000     MOV ECX,17
0047D318    33C0            XOR EAX,EAX
0047D31A    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D31C    75 11           JNZ SHORT Game.0047D32F
0047D31E    68 27010000     PUSH 127
0047D323    8BCB            MOV ECX,EBX
0047D325    E8 4689FDFF     CALL Game.00455C70
0047D32A    E9 1C390000     JMP Game.00480C4B
0047D32F    BF 14ED5600     MOV EDI,Game.0056ED14                    ; ASCII "cmd_game_choose_adventure"
0047D334    8BF5            MOV ESI,EBP
0047D336    B9 1A000000     MOV ECX,1A
0047D33B    33D2            XOR EDX,EDX
0047D33D    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D33F    75 11           JNZ SHORT Game.0047D352
0047D341    68 28010000     PUSH 128
0047D346    8BCB            MOV ECX,EBX
0047D348    E8 2389FDFF     CALL Game.00455C70
0047D34D    E9 F9380000     JMP Game.00480C4B
0047D352    BF FCEC5600     MOV EDI,Game.0056ECFC                    ; ASCII "cmd_game_choose_hard"
0047D357    8BF5            MOV ESI,EBP
0047D359    B9 15000000     MOV ECX,15
0047D35E    33C0            XOR EAX,EAX
0047D360    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D362    75 11           JNZ SHORT Game.0047D375
0047D364    68 29010000     PUSH 129
0047D369    8BCB            MOV ECX,EBX
0047D36B    E8 0089FDFF     CALL Game.00455C70
0047D370    E9 D6380000     JMP Game.00480C4B
0047D375    BF E4EC5600     MOV EDI,Game.0056ECE4                    ; ASCII "cmd_game_choose_hell"
0047D37A    8BF5            MOV ESI,EBP
0047D37C    B9 15000000     MOV ECX,15
0047D381    33D2            XOR EDX,EDX
0047D383    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D385    75 11           JNZ SHORT Game.0047D398
0047D387    68 2A010000     PUSH 12A
0047D38C    8BCB            MOV ECX,EBX
0047D38E    E8 DD88FDFF     CALL Game.00455C70
0047D393    E9 B3380000     JMP Game.00480C4B
0047D398    BF CCEC5600     MOV EDI,Game.0056ECCC                    ; ASCII "cmd_game_choose_imagic"
0047D39D    8BF5            MOV ESI,EBP
0047D39F    B9 17000000     MOV ECX,17
0047D3A4    33C0            XOR EAX,EAX
0047D3A6    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D3A8    75 11           JNZ SHORT Game.0047D3BB
0047D3AA    68 2B010000     PUSH 12B
0047D3AF    8BCB            MOV ECX,EBX
0047D3B1    E8 BA88FDFF     CALL Game.00455C70
0047D3B6    E9 90380000     JMP Game.00480C4B
0047D3BB    BF ACEC5600     MOV EDI,Game.0056ECAC                    ; ASCII "cmd_game_choose_extream_speed"
0047D3C0    8BF5            MOV ESI,EBP
0047D3C2    B9 1E000000     MOV ECX,1E
0047D3C7    33D2            XOR EDX,EDX
0047D3C9    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D3CB    75 11           JNZ SHORT Game.0047D3DE
0047D3CD    68 2C010000     PUSH 12C
0047D3D2    8BCB            MOV ECX,EBX
0047D3D4    E8 9788FDFF     CALL Game.00455C70
0047D3D9    E9 6D380000     JMP Game.00480C4B
0047D3DE    BF 94EC5600     MOV EDI,Game.0056EC94                    ; ASCII "cmd_game_ready_cancel"
0047D3E3    8BF5            MOV ESI,EBP
0047D3E5    B9 16000000     MOV ECX,16
0047D3EA    33C0            XOR EAX,EAX
0047D3EC    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D3EE    75 11           JNZ SHORT Game.0047D401
0047D3F0    68 2D010000     PUSH 12D
0047D3F5    8BCB            MOV ECX,EBX
0047D3F7    E8 7488FDFF     CALL Game.00455C70
0047D3FC    E9 4A380000     JMP Game.00480C4B
0047D401    BF 84EC5600     MOV EDI,Game.0056EC84                    ; ASCII "cmd_start_game"
0047D406    8BF5            MOV ESI,EBP
0047D408    B9 0F000000     MOV ECX,0F
0047D40D    33D2            XOR EDX,EDX
0047D40F    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D411    75 0C           JNZ SHORT Game.0047D41F
0047D413    8BCB            MOV ECX,EBX                              ; EBX=005B5100 (Game.005B5100)
0047D415    E8 C689FDFF     CALL Game.00455DE0
0047D41A    E9 2C380000     JMP Game.00480C4B
0047D41F    BF 74EC5600     MOV EDI,Game.0056EC74                    ; ASCII "cmd_leave_game"
0047D424    8BF5            MOV ESI,EBP
0047D426    B9 0F000000     MOV ECX,0F
0047D42B    33C0            XOR EAX,EAX
0047D42D    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D42F    75 0C           JNZ SHORT Game.0047D43D
0047D431    8BCB            MOV ECX,EBX                              ; EBX=005B5100 (Game.005B5100)
0047D433    E8 E88AFDFF     CALL Game.00455F20
0047D438    E9 0E380000     JMP Game.00480C4B
0047D43D    BF 64EC5600     MOV EDI,Game.0056EC64                    ; ASCII "cmd_game_end"
0047D442    8BF5            MOV ESI,EBP
0047D444    B9 0D000000     MOV ECX,0D
0047D449    33D2            XOR EDX,EDX
0047D44B    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D44D    75 0E           JNZ SHORT Game.0047D45D
0047D44F    6A 01           PUSH 1
0047D451    8BCB            MOV ECX,EBX
0047D453    E8 78B0FDFF     CALL Game.004584D0
0047D458    E9 EE370000     JMP Game.00480C4B
0047D45D    BF 50EC5600     MOV EDI,Game.0056EC50                    ; ASCII "cmd_treasure_choise"
0047D462    8BF5            MOV ESI,EBP
0047D464    B9 14000000     MOV ECX,14
0047D469    33C0            XOR EAX,EAX
0047D46B    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D46D    75 5E           JNZ SHORT Game.0047D4CD
0047D46F    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D473    E8 F8FEF9FF     CALL Game.0041D370
0047D478    C68424 C8000000>MOV BYTE PTR SS:[ESP+C8],16
0047D480    83BC24 90000000>CMP DWORD PTR SS:[ESP+90],10
0047D488    8B4424 7C       MOV EAX,DWORD PTR SS:[ESP+7C]
0047D48C    73 04           JNB SHORT Game.0047D492
0047D48E    8D4424 7C       LEA EAX,DWORD PTR SS:[ESP+7C]
0047D492    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D496    51              PUSH ECX
0047D497    50              PUSH EAX
0047D498    E8 E397F8FF     CALL Game.00406C80
0047D49D    51              PUSH ECX
0047D49E    8D5424 20       LEA EDX,DWORD PTR SS:[ESP+20]
0047D4A2    8BCC            MOV ECX,ESP
0047D4A4    89A424 BC000000 MOV DWORD PTR SS:[ESP+BC],ESP
0047D4AB    52              PUSH EDX
0047D4AC    E8 8F9BFFFF     CALL Game.00477040
0047D4B1    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],17
0047D4B9    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],16
0047D4C1    8BCB            MOV ECX,EBX
0047D4C3    E8 98ECFDFF     CALL Game.0045C160
0047D4C8    E9 6D370000     JMP Game.00480C3A
0047D4CD    BF 40EC5600     MOV EDI,Game.0056EC40                    ; ASCII "cmd_create_team"
0047D4D2    8BF5            MOV ESI,EBP
0047D4D4    B9 10000000     MOV ECX,10
0047D4D9    33C0            XOR EAX,EAX
0047D4DB    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D4DD    75 5E           JNZ SHORT Game.0047D53D
0047D4DF    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D4E3    E8 88FEF9FF     CALL Game.0041D370
0047D4E8    C68424 C8000000>MOV BYTE PTR SS:[ESP+C8],18
0047D4F0    83BC24 90000000>CMP DWORD PTR SS:[ESP+90],10
0047D4F8    8B4424 7C       MOV EAX,DWORD PTR SS:[ESP+7C]
0047D4FC    73 04           JNB SHORT Game.0047D502
0047D4FE    8D4424 7C       LEA EAX,DWORD PTR SS:[ESP+7C]
0047D502    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D506    51              PUSH ECX
0047D507    50              PUSH EAX
0047D508    E8 7397F8FF     CALL Game.00406C80
0047D50D    51              PUSH ECX
0047D50E    8D5424 20       LEA EDX,DWORD PTR SS:[ESP+20]
0047D512    8BCC            MOV ECX,ESP
0047D514    89A424 BC000000 MOV DWORD PTR SS:[ESP+BC],ESP
0047D51B    52              PUSH EDX
0047D51C    E8 1F9BFFFF     CALL Game.00477040
0047D521    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],19
0047D529    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],18
0047D531    8BCB            MOV ECX,EBX
0047D533    E8 E8EDFDFF     CALL Game.0045C320
0047D538    E9 FD360000     JMP Game.00480C3A
0047D53D    BF 30EC5600     MOV EDI,Game.0056EC30                    ; ASCII "cmd_join_team"
0047D542    8BF5            MOV ESI,EBP
0047D544    B9 0E000000     MOV ECX,0E
0047D549    33C0            XOR EAX,EAX
0047D54B    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D54D    75 5E           JNZ SHORT Game.0047D5AD
0047D54F    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D553    E8 18FEF9FF     CALL Game.0041D370
0047D558    C68424 C8000000>MOV BYTE PTR SS:[ESP+C8],1A
0047D560    83BC24 90000000>CMP DWORD PTR SS:[ESP+90],10
0047D568    8B4424 7C       MOV EAX,DWORD PTR SS:[ESP+7C]
0047D56C    73 04           JNB SHORT Game.0047D572
0047D56E    8D4424 7C       LEA EAX,DWORD PTR SS:[ESP+7C]
0047D572    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D576    51              PUSH ECX
0047D577    50              PUSH EAX
0047D578    E8 0397F8FF     CALL Game.00406C80
0047D57D    51              PUSH ECX
0047D57E    8D5424 20       LEA EDX,DWORD PTR SS:[ESP+20]
0047D582    8BCC            MOV ECX,ESP
0047D584    89A424 BC000000 MOV DWORD PTR SS:[ESP+BC],ESP
0047D58B    52              PUSH EDX
0047D58C    E8 AF9AFFFF     CALL Game.00477040
0047D591    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],1B
0047D599    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],1A
0047D5A1    8BCB            MOV ECX,EBX
0047D5A3    E8 F8F1FDFF     CALL Game.0045C7A0
0047D5A8    E9 8D360000     JMP Game.00480C3A
0047D5AD    BF 34D95600     MOV EDI,Game.0056D934                    ; ASCII "cmd_someone_join_team_ok"
0047D5B2    8BF5            MOV ESI,EBP
0047D5B4    B9 19000000     MOV ECX,19
0047D5B9    33C0            XOR EAX,EAX
0047D5BB    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D5BD    0F84 1D360000   JE Game.00480BE0
0047D5C3    BF 14EC5600     MOV EDI,Game.0056EC14                    ; ASCII "cmd_someone_join_team_err"
0047D5C8    8BF5            MOV ESI,EBP
0047D5CA    B9 1A000000     MOV ECX,1A
0047D5CF    33D2            XOR EDX,EDX
0047D5D1    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D5D3    0F84 07360000   JE Game.00480BE0
0047D5D9    BF 04EC5600     MOV EDI,Game.0056EC04                    ; ASCII "cmd_invite_team"
0047D5DE    8BF5            MOV ESI,EBP
0047D5E0    B9 10000000     MOV ECX,10
0047D5E5    33C0            XOR EAX,EAX
0047D5E7    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D5E9    75 5E           JNZ SHORT Game.0047D649
0047D5EB    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D5EF    E8 7CFDF9FF     CALL Game.0041D370
0047D5F4    C68424 C8000000>MOV BYTE PTR SS:[ESP+C8],1E
0047D5FC    83BC24 90000000>CMP DWORD PTR SS:[ESP+90],10
0047D604    8B4424 7C       MOV EAX,DWORD PTR SS:[ESP+7C]
0047D608    73 04           JNB SHORT Game.0047D60E
0047D60A    8D4424 7C       LEA EAX,DWORD PTR SS:[ESP+7C]
0047D60E    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D612    51              PUSH ECX
0047D613    50              PUSH EAX
0047D614    E8 6796F8FF     CALL Game.00406C80
0047D619    51              PUSH ECX
0047D61A    8D5424 20       LEA EDX,DWORD PTR SS:[ESP+20]
0047D61E    8BCC            MOV ECX,ESP
0047D620    89A424 BC000000 MOV DWORD PTR SS:[ESP+BC],ESP
0047D627    52              PUSH EDX
0047D628    E8 139AFFFF     CALL Game.00477040
0047D62D    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],1F
0047D635    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],1E
0047D63D    8BCB            MOV ECX,EBX
0047D63F    E8 DCF4FDFF     CALL Game.0045CB20
0047D644    E9 F1350000     JMP Game.00480C3A
0047D649    BF E8EB5600     MOV EDI,Game.0056EBE8                    ; ASCII "cmd_someone_invite_team_ok"
0047D64E    8BF5            MOV ESI,EBP
0047D650    B9 1B000000     MOV ECX,1B
0047D655    33C0            XOR EAX,EAX
0047D657    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D659    75 5E           JNZ SHORT Game.0047D6B9
0047D65B    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D65F    E8 0CFDF9FF     CALL Game.0041D370
0047D664    C68424 C8000000>MOV BYTE PTR SS:[ESP+C8],20
0047D66C    83BC24 90000000>CMP DWORD PTR SS:[ESP+90],10
0047D674    8B4424 7C       MOV EAX,DWORD PTR SS:[ESP+7C]
0047D678    73 04           JNB SHORT Game.0047D67E
0047D67A    8D4424 7C       LEA EAX,DWORD PTR SS:[ESP+7C]
0047D67E    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D682    51              PUSH ECX
0047D683    50              PUSH EAX
0047D684    E8 F795F8FF     CALL Game.00406C80
0047D689    51              PUSH ECX
0047D68A    8D5424 20       LEA EDX,DWORD PTR SS:[ESP+20]
0047D68E    8BCC            MOV ECX,ESP
0047D690    89A424 BC000000 MOV DWORD PTR SS:[ESP+BC],ESP
0047D697    52              PUSH EDX
0047D698    E8 A399FFFF     CALL Game.00477040
0047D69D    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],21
0047D6A5    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],20
0047D6AD    8BCB            MOV ECX,EBX
0047D6AF    E8 DCF5FDFF     CALL Game.0045CC90
0047D6B4    E9 81350000     JMP Game.00480C3A
0047D6B9    BF D4EB5600     MOV EDI,Game.0056EBD4                    ; ASCII "cmd_disband_team"
0047D6BE    8BF5            MOV ESI,EBP
0047D6C0    B9 11000000     MOV ECX,11
0047D6C5    33C0            XOR EAX,EAX
0047D6C7    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D6C9    75 0C           JNZ SHORT Game.0047D6D7
0047D6CB    8BCB            MOV ECX,EBX
0047D6CD    E8 9E8CFDFF     CALL Game.00456370
0047D6D2    E9 74350000     JMP Game.00480C4B
0047D6D7    BF C4EB5600     MOV EDI,Game.0056EBC4                    ; ASCII "cmd_kick_team"
0047D6DC    8BF5            MOV ESI,EBP
0047D6DE    B9 0E000000     MOV ECX,0E
0047D6E3    33D2            XOR EDX,EDX
0047D6E5    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D6E7    75 5E           JNZ SHORT Game.0047D747
0047D6E9    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D6ED    E8 7EFCF9FF     CALL Game.0041D370
0047D6F2    C68424 C8000000>MOV BYTE PTR SS:[ESP+C8],22
0047D6FA    83BC24 90000000>CMP DWORD PTR SS:[ESP+90],10
0047D702    8B4424 7C       MOV EAX,DWORD PTR SS:[ESP+7C]
0047D706    73 04           JNB SHORT Game.0047D70C
0047D708    8D4424 7C       LEA EAX,DWORD PTR SS:[ESP+7C]
0047D70C    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D710    51              PUSH ECX
0047D711    50              PUSH EAX
0047D712    E8 6995F8FF     CALL Game.00406C80
0047D717    51              PUSH ECX
0047D718    8D5424 20       LEA EDX,DWORD PTR SS:[ESP+20]
0047D71C    8BCC            MOV ECX,ESP
0047D71E    89A424 BC000000 MOV DWORD PTR SS:[ESP+BC],ESP
0047D725    52              PUSH EDX
0047D726    E8 1599FFFF     CALL Game.00477040
0047D72B    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],23
0047D733    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],22
0047D73B    8BCB            MOV ECX,EBX
0047D73D    E8 BEF6FDFF     CALL Game.0045CE00
0047D742    E9 F3340000     JMP Game.00480C3A
0047D747    BF ACEB5600     MOV EDI,Game.0056EBAC                    ; ASCII "cmd_depute_teamleader"
0047D74C    8BF5            MOV ESI,EBP
0047D74E    B9 16000000     MOV ECX,16
0047D753    33C0            XOR EAX,EAX
0047D755    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D757    75 5E           JNZ SHORT Game.0047D7B7
0047D759    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D75D    E8 0EFCF9FF     CALL Game.0041D370
0047D762    C68424 C8000000>MOV BYTE PTR SS:[ESP+C8],24
0047D76A    83BC24 90000000>CMP DWORD PTR SS:[ESP+90],10
0047D772    8B4424 7C       MOV EAX,DWORD PTR SS:[ESP+7C]
0047D776    73 04           JNB SHORT Game.0047D77C
0047D778    8D4424 7C       LEA EAX,DWORD PTR SS:[ESP+7C]
0047D77C    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D780    51              PUSH ECX
0047D781    50              PUSH EAX
0047D782    E8 F994F8FF     CALL Game.00406C80
0047D787    51              PUSH ECX
0047D788    8D5424 20       LEA EDX,DWORD PTR SS:[ESP+20]
0047D78C    8BCC            MOV ECX,ESP
0047D78E    89A424 BC000000 MOV DWORD PTR SS:[ESP+BC],ESP
0047D795    52              PUSH EDX
0047D796    E8 A598FFFF     CALL Game.00477040
0047D79B    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],25
0047D7A3    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],24
0047D7AB    8BCB            MOV ECX,EBX
0047D7AD    E8 CEF7FDFF     CALL Game.0045CF80
0047D7B2    E9 83340000     JMP Game.00480C3A
0047D7B7    BF 9CEB5600     MOV EDI,Game.0056EB9C                    ; ASCII "cmd_hand_ready"
0047D7BC    8BF5            MOV ESI,EBP
0047D7BE    B9 0F000000     MOV ECX,0F
0047D7C3    33C0            XOR EAX,EAX
0047D7C5    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D7C7    75 0C           JNZ SHORT Game.0047D7D5
0047D7C9    8BCB            MOV ECX,EBX
0047D7CB    E8 608DFDFF     CALL Game.00456530
0047D7D0    E9 76340000     JMP Game.00480C4B
0047D7D5    BF 88EB5600     MOV EDI,Game.0056EB88                    ; ASCII "cmd_hand_unready"
0047D7DA    8BF5            MOV ESI,EBP
0047D7DC    B9 11000000     MOV ECX,11
0047D7E1    33D2            XOR EDX,EDX
0047D7E3    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D7E5  ^ 74 E2           JE SHORT Game.0047D7C9
0047D7E7    BF 70EB5600     MOV EDI,Game.0056EB70                    ; ASCII "cmd_invite_make_team"
0047D7EC    8BF5            MOV ESI,EBP
0047D7EE    B9 15000000     MOV ECX,15
0047D7F3    33C0            XOR EAX,EAX
0047D7F5    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D7F7    75 5E           JNZ SHORT Game.0047D857
0047D7F9    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D7FD    E8 6EFBF9FF     CALL Game.0041D370
0047D802    C68424 C8000000>MOV BYTE PTR SS:[ESP+C8],26
0047D80A    83BC24 90000000>CMP DWORD PTR SS:[ESP+90],10
0047D812    8B4424 7C       MOV EAX,DWORD PTR SS:[ESP+7C]
0047D816    73 04           JNB SHORT Game.0047D81C
0047D818    8D4424 7C       LEA EAX,DWORD PTR SS:[ESP+7C]
0047D81C    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D820    51              PUSH ECX
0047D821    50              PUSH EAX
0047D822    E8 5994F8FF     CALL Game.00406C80
0047D827    51              PUSH ECX
0047D828    8D5424 20       LEA EDX,DWORD PTR SS:[ESP+20]
0047D82C    8BCC            MOV ECX,ESP
0047D82E    89A424 BC000000 MOV DWORD PTR SS:[ESP+BC],ESP
0047D835    52              PUSH EDX
0047D836    E8 0598FFFF     CALL Game.00477040
0047D83B    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],27
0047D843    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],26
0047D84B    8BCB            MOV ECX,EBX
0047D84D    E8 AEF8FDFF     CALL Game.0045D100
0047D852    E9 E3330000     JMP Game.00480C3A
0047D857    BF 50EB5600     MOV EDI,Game.0056EB50                    ; ASCII "cmd_accept_invite_to_make_team"
0047D85C    8BF5            MOV ESI,EBP
0047D85E    B9 1F000000     MOV ECX,1F
0047D863    33C0            XOR EAX,EAX
0047D865    F3:A6           REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0047D867    75 5E           JNZ SHORT Game.0047D8C7
0047D869    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D86D    E8 FEFAF9FF     CALL Game.0041D370
0047D872    C68424 C8000000>MOV BYTE PTR SS:[ESP+C8],28
0047D87A    83BC24 90000000>CMP DWORD PTR SS:[ESP+90],10
0047D882    8B4424 7C       MOV EAX,DWORD PTR SS:[ESP+7C]
0047D886    73 04           JNB SHORT Game.0047D88C
0047D888    8D4424 7C       LEA EAX,DWORD PTR SS:[ESP+7C]
0047D88C    8D4C24 14       LEA ECX,DWORD PTR SS:[ESP+14]
0047D890    51              PUSH ECX
0047D891    50              PUSH EAX
0047D892    E8 E993F8FF     CALL Game.00406C80
0047D897    51              PUSH ECX
0047D898    8D5424 20       LEA EDX,DWORD PTR SS:[ESP+20]
0047D89C    8BCC            MOV ECX,ESP
0047D89E    89A424 BC000000 MOV DWORD PTR SS:[ESP+BC],ESP
0047D8A5    52              PUSH EDX
0047D8A6    E8 9597FFFF     CALL Game.00477040
0047D8AB    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],29
0047D8B3    C68424 D4000000>MOV BYTE PTR SS:[ESP+D4],28
0047D8BB    8BCB            MOV ECX,EBX
0047D8BD    E8 AEF9FDFF     CALL Game.0045D270
0047D8C2    E9 73330000     JMP Game.00480C3A
0047D8C7    BF 3CEB5600     MOV EDI,Game.0056EB3C                    ; ASCII "cmd_invite_make_pk"
0047D8CC    8BF5            MOV ESI,EBP
0047D8CE    B9 13000000     MOV ECX,13










00413240    51              PUSH ECX                                         ; 1这个可以获取封包数据35
00413241    8B5424 10       MOV EDX,DWORD PTR SS:[ESP+10]
00413245    85D2            TEST EDX,EDX
00413247    8B4424 0C       MOV EAX,DWORD PTR SS:[ESP+C]
0041324B    890C24          MOV DWORD PTR SS:[ESP],ECX
0041324E    75 09           JNZ SHORT Game.00413259
00413250    3B41 14         CMP EAX,DWORD PTR DS:[ECX+14]
00413253    0F86 86000000   JBE Game.004132DF
00413259    53              PUSH EBX
0041325A    55              PUSH EBP
0041325B    56              PUSH ESI
0041325C    57              PUSH EDI
0041325D    8B79 14         MOV EDI,DWORD PTR DS:[ECX+14]
00413260    3BC7            CMP EAX,EDI
00413262    73 74           JNB SHORT Game.004132D8
00413264    2BF8            SUB EDI,EAX
00413266    3BD7            CMP EDX,EDI
00413268    77 6E           JA SHORT Game.004132D8
0041326A    BE 01000000     MOV ESI,1
0041326F    2BF2            SUB ESI,EDX
00413271    03FE            ADD EDI,ESI
00413273    8379 18 10      CMP DWORD PTR DS:[ECX+18],10
00413277    72 0B           JB SHORT Game.00413284
00413279    83C1 04         ADD ECX,4
0041327C    894C24 1C       MOV DWORD PTR SS:[ESP+1C],ECX
00413280    8B09            MOV ECX,DWORD PTR DS:[ECX]
00413282    EB 07           JMP SHORT Game.0041328B
00413284    83C1 04         ADD ECX,4
00413287    894C24 1C       MOV DWORD PTR SS:[ESP+1C],ECX
0041328B    8B6C24 18       MOV EBP,DWORD PTR SS:[ESP+18]
0041328F    8D1C01          LEA EBX,DWORD PTR DS:[ECX+EAX]
00413292    0FBE45 00       MOVSX EAX,BYTE PTR SS:[EBP]
00413296    57              PUSH EDI
00413297    50              PUSH EAX
00413298    53              PUSH EBX
00413299    E8 F2641200     CALL Game.00539790
0041329E    8BF0            MOV ESI,EAX
004132A0    83C4 0C         ADD ESP,0C
004132A3    85F6            TEST ESI,ESI
004132A5    74 31           JE SHORT Game.004132D8
004132A7    8B4C24 20       MOV ECX,DWORD PTR SS:[ESP+20]
004132AB    51              PUSH ECX
004132AC    55              PUSH EBP
004132AD    56              PUSH ESI
004132AE    E8 ADDDFEFF     CALL Game.00401060
004132B3    83C4 0C         ADD ESP,0C
004132B6    85C0            TEST EAX,EAX
004132B8    74 29           JE SHORT Game.004132E3
004132BA    0FBE55 00       MOVSX EDX,BYTE PTR SS:[EBP]
004132BE    2BDE            SUB EBX,ESI
004132C0    8D7C1F FF       LEA EDI,DWORD PTR DS:[EDI+EBX-1]
004132C4    57              PUSH EDI
004132C5    52              PUSH EDX
004132C6    8D5E 01         LEA EBX,DWORD PTR DS:[ESI+1]
004132C9    53              PUSH EBX
004132CA    E8 C1641200     CALL Game.00539790
004132CF    8BF0            MOV ESI,EAX
004132D1    83C4 0C         ADD ESP,0C
004132D4    85F6            TEST ESI,ESI
004132D6  ^ 75 CF           JNZ SHORT Game.004132A7
004132D8    5F              POP EDI
004132D9    5E              POP ESI
004132DA    5D              POP EBP
004132DB    83C8 FF         OR EAX,FFFFFFFF
004132DE    5B              POP EBX
004132DF    59              POP ECX
004132E0    C2 0C00         RETN 0C
善者 慈悲心常在 无怨无恨 以苦为乐
默认压缩密码www.hifyl.com
文件分享密码问题:http://www.hifyl.com/read-htm-tid-4444.html
快速回复
限100 字节
如果您在写长篇帖子又不马上发表,建议存为草稿
 
上一个 下一个