更新"控怪掉怪數據"的offset
本帖最後由 e10022013 於 2016-2-10 23:55 編輯想請問大大們
ECX的偏移量該怎麼找
怪物基址我有找到 但不清楚跟偏移量的關西
土法煉鋼好幾次....吃土中
//TwMS_v181.3_ICS_控怪掉落
//原創:kkmomo
//更新:
RegisterSymbol(MobControlOnOff)
RegisterSymbol(MobControl)
RegisterSymbol(FallDown)
Alloc(MobFall,512)
Alloc(MobControlOnOff,4)
Alloc(FallDown,8)
Alloc(MobControl,32)
Label(MobControlHook)
Label(MobFallMain)
Label(Right)
Label(Back)
Label(Left)
MobControlOnOff:
DD 01
MobControl:
DD 01 //01左 02右 03跟隨 04定怪 05定點
FallDown:
DD 01
MobFall:
Cmp ,01
Jne 00A44EDE //00AE2C1C
Cmp ,00FD9A78 //01115410
Jne 00A44EDE //00AE2C1C
Mov , MobFallMain
Jmp 00A44EDE //00AE2C1C
MobFallMain:
cmp ,0152203C //01732EC4
jne 00FD9A78 //01115410
mov eax,
push ebx
lea ecx,
push ecx
lea ecx,
push ecx
mov ecx,esi
push 01115420
jmp MobControlHook
MobControlHook:
cmp ,01 //左
je Left
cmp ,02 //右
je Right
Left:
mov , 5
mov , -1
jmp Back
Right:
mov , 4
mov , 1
Back:
cmp ,1
je 00FD3D93 //01113B24
Push 00FE0706 //0111C02E
01A7743C:
DD MobFall
01A7743C:
DD 00AE2C1C
UnRegisterSymbol(MobControlOnOff)
UnRegisterSymbol(MobControl)
UnRegisterSymbol(FallDown)
DeAlloc(MobControlOnOff)
DeAlloc(FallDown)
DeAlloc(MobFallMain)
DeAlloc(MobControl)
DeAlloc(FallDown)
DeAlloc(MobFall)
Same method as Pointer 這東西不容易,要先找到哪裡寫入怪物走動方向的 我更新出來.....剛好一樣耶
+190 //面相 (印象中)
+1A0 //移動方向
沒測過...我在無法開MS的環境下更新的 =口=...
頁:
[1]