冰楓論壇

標題: TwMs v239.1 Set Spawn-Point [打印本頁]

---

作者: ningmeng    時間: 2021-12-2 01:08
標題: TwMs v239.1 Set Spawn-Point
// TwMs v239.1 ICS Set Spawn-Point

[ENABLE]
Alloc(SetSpawnPointICS,1024)
RegisterSymbol(CharX)
Alloc(CharX,04)
RegisterSymbol(CharY)
Alloc(CharY,04)
RegisterSymbol(MapID)
Alloc(MapID,04)
Label(SetSpawnPoint)
Label(L1)
Label(L2)
Label(hook)

CharX:
DD 0

CharY:
DD 0

MapID:
DD 0

SetSpawnPointICS:
cmp [esp+58],02C7EDE2
jne GetProcessHeap
mov [esp+58],SetSpawnPoint
jmp GetProcessHeap

SetSpawnPoint:
mov [ebp-00000280],eax
test eax,eax
je 02C7EE55
mov edx,[eax+10]
lea ecx,[eax+10]
lea eax,[ebp-00000298]
mov [ebp-00000298],00000000
push eax
push 03A69674
push ecx
call dword ptr [edx]
xor ecx,ecx
mov [ebp-00000288],eax
test eax,eax
cmovns ecx,[ebp-00000298]
mov [ebp-000002B4],ecx
mov ecx,[ebx+0000EE28]
test ecx,ecx
je L1
mov eax,[ecx]
push ecx
call dword ptr [eax+08]
mov eax,[ebp-00000288]

L1:
mov ecx,[ebp-000002B4]
mov [ebx+0000EE28],ecx
test eax,eax
jns L2
cmp eax,80004002
je L2
push eax
call 034F9AE0
mov ecx,[ebx+0000EE28]
test ecx,ecx
je L2
mov [ebx+0000EE28],00000000
mov eax,[ecx]
push ecx
call dword ptr [eax+08]

L2:
mov ecx,ebx
lea eax,[ebx+04]
neg ecx
sbb ecx,ecx
and ecx,eax
push ecx
mov ecx,[ebp-00000280]
call 00BD76E0
mov ecx,[ebp-00000280]
mov eax,[ebp-00000274]
push 00
push [ebx+0000073C]
mov edx,[ecx]
add eax,-0A
push 00
push 00
push eax
push esi
push 01
push 02C7EEAD
cmp [edx+00000088],00C3D370
je hook
jmp 00C3D370

hook:
mov eax,[042E1EE4]
mov eax,[eax+00000250]
cmp [MapID],eax
jne 00C3D370
mov eax,[CharX]
mov [esp+08],eax
mov eax,[CharY]
mov [esp+0C],eax
jmp 00C3D370

051AB2C4:
DD SetSpawnPointICS

[DISABLE]
051AB2C4:
DD GetProcessHeap

DeAlloc(SetSpawnPointICS)
UnRegisterSymbol(CharX)
DeAlloc(CharX)
UnRegisterSymbol(CharY)
DeAlloc(CharY)
UnRegisterSymbol(MapID)
DeAlloc(MapID)

---

作者: lgf328    時間: 2021-12-8 16:46
这个数据是用来干嘛用的。

---

歡迎光臨 冰楓論壇 (https://bingfong.com/)

Powered by 冰楓