HOOK冰冻代码数据
老样子 自己转换E写法2024年05月30日版本基址有能力的上小白可以X掉了
dnf.exe+4E7E698 - E9 AB31E2FA - jmp 13FCA1848 ‘jmp空白地址
====下面是空白地址数据
13FCA1848 - 54 - push rsp
13FCA1849 - 50 - push rax
13FCA184A - 53 - push rbx
13FCA184B - 51 - push rcx
13FCA184C - 52 - push rdx
13FCA184D - 55 - push rbp
13FCA184E - 56 - push rsi
13FCA184F - 57 - push rdi
13FCA1850 - 41 50 - push r8
13FCA1852 - 41 51 - push r9
13FCA1854 - 41 52 - push r10
13FCA1856 - 41 53 - push r11
13FCA1858 - 41 54 - push r12
13FCA185A - 41 55 - push r13
13FCA185C - 41 56 - push r14
13FCA185E - 41 57 - push r15
13FCA1860 - 9C - pushfq
13FCA1861 - 48 83 EC 40 - sub rsp,40 { 64 }
13FCA1865 - E8 463C0005 - call dnf.exe+4CA54B0‘好像是人物call
13FCA186A - 48 8B F0 - mov rsi,rax
13FCA186D - 31 DB - xor ebx,ebx
13FCA186F - 48 8B 06 - mov rax,
13FCA1872 - 48 8B CE - mov rcx,rsi
13FCA1875 - FF 90 40010000 - call qword ptr ’获取地图
13FCA187B - 85 C0 - test eax,eax
13FCA187D - 0F84 B3000000 - je 13FCA1936
13FCA1883 - 48 8B C8 - mov rcx,rax
13FCA1886 - 8B D3 - mov edx,ebx
13FCA1888 - E8 339AF104 - call dnf.exe+4BBB2C0 ’这个遍历地图call
13FCA188D - 48 8B F8 - mov rdi,rax
13FCA1890 - 48 8B C8 - mov rcx,rax
13FCA1893 - 48 8B 00 - mov rax,
13FCA1896 - BA 11020000 - mov edx,00000211 { 529 }
13FCA189B - FF 90 80000000 - call qword ptr
13FCA18A1 - 84 C0 - test al,al
13FCA18A3 - 0F84 51000000 - je 13FCA18FA
13FCA18A9 - 48 8B CF - mov rcx,rdi
13FCA18AC - 48 8B 07 - mov rax,
13FCA18AF - FF 90 F8020000 - call qword ptr ‘读取方向
13FCA18B5 - 89 45 BC - mov ,eax
13FCA18B8 - 48 8B CF - mov rcx,rdi
13FCA18BB - 48 8B 07 - mov rax,
13FCA18BE - FF 90 E0010000 - call qword ptr ’读取X轴
13FCA18C4 - 89 45 B0 - mov ,eax
13FCA18C7 - 48 8B CF - mov rcx,rdi
13FCA18CA - 48 8B 07 - mov rax,
13FCA18CD - FF 90 E8010000 - call qword ptr ‘读取y轴
13FCA18D3 - 89 45 B4 - mov ,eax
13FCA18D6 - A1 002AE43F01000000 - mov eax, { (0) }
13FCA18DF - 89 45 A0 - mov ,eax
13FCA18E2 - A1 042AE43F01000000 - mov eax, { (0) }
13FCA18EB - 89 45 A4 - mov ,eax
13FCA18EE - A1 0C2AE43F01000000 - mov eax, { (0) }
13FCA18F7 - 89 45 1C - mov ,eax
13FCA18FA - 48 8B 06 - mov rax,
13FCA18FD - 48 8B CE - mov rcx,rsi
13FCA1900 - FF C3 - inc ebx
13FCA1902 - FF 90 40010000 - call qword ptr
13FCA1908 - 48 8B C8 - mov rcx,rax
13FCA190B - 48 8B 51 30 - mov rdx,
13FCA190F - 48 B8 ABAAAAAAAAAAAA2A - mov rax,2AAAAAAAAAAAAAAB { -1431655765 }
13FCA1919 - 48 2B 51 28 - sub rdx,
13FCA191D - 48 F7 EA - imul rdx
13FCA1920 - 48 C1 FA 02 - sar rdx,02 { 2 }
13FCA1924 - 48 8B C2 - mov rax,rdx
13FCA1927 - 48 C1 E8 3F - shr rax,3F { 63 }
13FCA192B - 48 01 D0 - add rax,rdx
13FCA192E - 39 C3 - cmp ebx,eax
13FCA1930 - 0F8C 39FFFFFF - jl 13FCA186F
13FCA1936 - 48 83 C4 40 - add rsp,40 { 64 }
13FCA193A - 9D - popfq
13FCA193B - 41 5F - pop r15
13FCA193D - 41 5E - pop r14
13FCA193F - 41 5D - pop r13
13FCA1941 - 41 5C - pop r12
13FCA1943 - 41 5B - pop r11
13FCA1945 - 41 5A - pop r10
13FCA1947 - 41 59 - pop r9
13FCA1949 - 41 58 - pop r8
13FCA194B - 5F - pop rdi
13FCA194C - 5E - pop rsi
13FCA194D - 5D - pop rbp
13FCA194E - 5A - pop rdx
13FCA194F - 59 - pop rcx
13FCA1950 - 5B - pop rbx
13FCA1951 - 58 - pop rax
13FCA1952 - 5C - pop rsp
13FCA1953 - 90 - nop
13FCA1954 - 48 8D 4D 90 - lea rcx,
13FCA1958 - E9 40CD1D05 - jmp dnf.exe+4E7E69D
-------------
13FE42A00 - 13 A4 00 002A2C0A - adc esp,
---------
13FE42A04 - 2A 2C 0A - sub ch,
13FE42A07 - 00 9A 02000000 - add ,bl
-----------
13FE42A0C - 00 00 - add ,al
13FE42A0E - C8 4200 00 - enter 0042,00 { 66 }
页:
[1]