更新怪物掉落問題
這是我從199.2更新成201.2版本,但一直出錯,請高手幫我看錯誤地方,並說明更正方法,要是能成功直接給錢。//V200.1.2怪物掉落
alloc(MyLR,4096)
registersymbol(MyLR)
alloc(rx,4)
label(MyLRend)
label(mob1)
label(mobR)
label(mobj)
Alloc(FakeDump,1024)
Alloc(CRCBypass,4)
Label(MSmemcpy)
//================================
MyLR:
cmp ,0085E074
je mob1
cmp ,0
je MSmemcpy
jmp MyLRend
MyLRend:
jmp 012816E0
//================================
mob1:
cmp ,0
je MyLRend
mov ,mobR
jmp MyLRend
//================================
mobR:
cmp ,02bbe120
jne 0083f8d4
mov ,eax
mov ecx,eax
xor eax,baadf00d
xor ecx,esi
ror ecx,05
ror eax,05
add eax,ecx
mov ,ecx
mov ,eax
mov eax,FakeDump
mov ,eax
mov ecx,edi
mov eax,
push ebx
call dword ptr
mov ,02bbe120 //ADD1
jmp 0085E09F
mobj:
push ebp
mov ebp,esp
sub esp,14
push ebx
mov ebx,
push esi
mov esi,ecx
mov ,eax
push edi
cmp dword ptr ,02
jmp 01db530c
MSmemcpy:
pushad
mov edi,FakeDump
mov esi,02bbe120
mov ecx,0000080
repe movsd
mov edi,FakeDump
mov ,008395c0
mov eax,mobj
mov ,eax
ret
mov ,1
jmp MyLRend
03038DD4:
DD MyLR
03038DD4:
dd 012816E0
dealloc(MyLR)
unregistersymbol(MyLR)
//TwMS v201.2_ICS_怪物掉落
alloc(MyLR,4096)
registersymbol(MyLR)
registersymbol(TEMP)
alloc(rx,4)
alloc(TEMP,4)
label(MyLRend)
label(mob1)
label(mobR)
label(mobj)
Alloc(FakeDump,1024)
Alloc(CRCBypass,256)
Label(MSmemcpy)
CreateThread(MSmemcpy)
CRCBypass:
MSmemcpy:
mov edi,FakeDump
mov esi,02BBE120 //?
mov ecx,0000080 //128*8=1024
repe movsd
mov edi,FakeDump
mov ,00857CA0 //走怪 //55 8B EC 6A FF 68 ** ** ** ** 64 A1 00 00 00 00 50 81 EC ** 00 00 00 56 57 A1 ** ** ** ** 33 C5 50 8D 45 ** 64 A3 00 00 00 00 8B F1 89 75 ** 8B 4D ** 0F 57 C0
mov eax,mobj //跳怪
mov ,eax
ret
//================================
MyLR:
cmp ,0085E074 //走怪掉落 //89 87 ** ** 00 00 8B C8 35 0D F0 AD BA 33 CE C1 C9 ** C1 C8 ** 03 C1 89 8F ** ** 00 00 89 87 ** ** 00 00 8B CF 8B 07 53
je mob1
jmp MyLRend
MyLRend:
jmp 012816E0
//================================
mob1:
mov ,mobR
jmp MyLRend
//================================
mobR:
push
pop //我不會找下面那個值 但我用Temp讀到兩種值(02BBE120,02AE9A74)
cmp ,02BBE120 //? 兩個都試過,另一個會不能怪物掉落
jne 0085E074
//--
mov ,eax
mov ecx,eax
xor eax,baadf00d
xor ecx,esi
ror ecx,05
ror eax,05
add eax,ecx
mov ,ecx
mov ,eax
mov eax,FakeDump
mov ,eax
mov ecx,edi
mov eax,
push ebx
call dword ptr
//--
mov ,02BBE120
jmp 0085E09F //call dword ptr -> Next
mobj:
push ebp
mov ebp,esp
sub esp,14
push ebx
mov ebx,
push esi
mov esi,ecx
mov ,eax
push edi
cmp dword ptr ,02
jmp 01DB530C //jne //8B 86 ** ** 00 00 83 F8 ** 0F 85 ** ** ** ** 8B 8E ** 00 00 00 33 DB
03038DD4:
DD MyLR
03038DD4:
DD 012816E0
dealloc(MyLR)
unregistersymbol(MyLR)
dealloc(TEMP)
unregistersymbol(TEMP)附上AoB和不專業講解 .... 自己測試是確定可以讓走怪和跳怪掉落。如果還有甚麼問題可以互相討論 {:8_248:}
本帖最後由 btb 於 2017-9-10 15:15 編輯
xmax 發表於 2017-9-10 14:47
附上AoB和不專業講解 .... 自己測試是確定可以讓走怪和跳怪掉落。如果還有甚麼問題可以互相討論 ...
不好意思我不能用CreateThread能不能轉成uce版本 xmax 發表於 2017-9-10 14:47 static/image/common/back.gif
附上AoB和不專業講解 .... 自己測試是確定可以讓走怪和跳怪掉落。如果還有甚麼問題可以互相討論 ...
你好黑喔
頁:
[1]