冰楓論壇

標題: [最後更新:2016-07-29]TWMS V1.91.1 TWMS IDB 補完計畫 [打印本頁]
作者: Doem    時間: 2016-6-15 22:36
標題: [最後更新:2016-07-29]TWMS V1.91.1 TWMS IDB 補完計畫
本帖最後由 Doem 於 2016-7-29 14:12 編輯

由於許多未測試,所以就不留在Toby大的文了 (反正也不會有人看 OwO
之後打工之餘有空的話會持續在此篇文章更新, 如果有人要幫我做一下自動更新我感激不盡 <(_ _)>

P.s 前面有標[Tested]是指在188.3版本時測試過確認該地址更新正確 (有些我覺得對卻沒測得還是有標,請見諒)

等量多一點我在分類 XD

2016-07-29:
-更新至V1.91.1
-新增以下8個函數
CMinionPool::FindHitMinionInRect
CSkillInfo::GetSkill
CMob::OnHit
SKILLENTRY::IsFastAttack
SKILLLEVELDATA:oadLevelData
CUserLocal::TryDoingFallDown
CMob::TryDoingFallDown
CMobPool::FindHitMobInRect

2016-07-09:
-修正GetData系列5個函數 (我附的AOB不是在函數頭, 請看清楚 OwO)

2016-07-08:
-更新至TWMS V1.90.3
-新增以下16個函數
CVecCtrlUser::WorkUpdateActive
CVecCtrl::WorkUpdateActive
CMovePath::SetKeyPadState
CVecCtrl::SetInput
get_update_time()
CUserLocal::SetInGameForcedInput
CUserLocal::SetAttractMove
CUserLocal::Jump
IVecCtrlOwner::IsOnFoothold
//以下順序可能會 XD 反正就那幾個Case
CVecCtrlMob::CtrlUpdateActiveStop
CVecCtrlMob::CtrlUpdateActiveMove
CVecCtrlMob::CtrlUpdateActiveJump
CVecCtrlMob::FlyCtrlGuardingBefore
CVecCtrlMob::CtrlUpdateActiveFly
CVecCtrlMob::CtrlUpdateActiveEscort
CVecCtrlMob::CtrlUpdateActiveMoveForward

2016-06-25:
-新增CVecCtrl::IsFloating, CVecCtrl::IsSwimming, CVecCtrlUser::IsFloatSkyMap, CMob::FallDown 以及SetData和GetData系列函數
-修正TSecType<unsigned long>::GetData為正確地址

2016-06-24:
CMob::AddDamageInfo和CUserLocal::TryRegisterTelepor開頭都有稍微變動過, 函數關鍵的地方我就沒看了,
就...自行發掘吧~
  1. TWMS V1.91.1 TWMS IDB 補完計畫 By Doem 最後更新:2016-07-29

  3. CVecCtrlSkillPet::CVecCtrlSkillPet(void) -> 011EF5A1 //** 8B ** E8 ** ** ** FF D9 EE 33 C0 DD 96 ** ** 00 00 [1/2]

  5. [Tested] CVecCtrl::raw_Move(CVecCtrl *this, int nX, int nY) -> 011E570F //56 8B ** 24 ** ** 8D 7E ** 33 D2

  7. CDropPool::TryPickUpDrop(CDropPool *this, tagPOINT *pt) -> 00677084 //55 8B EC 83 EC ** ** ** 8B ** 33 DB ** 8B 3D ** ** ** 01 39 5E **

  9. [Tested] CDropPool::TryPickUpDropByPet(CDropPool *this, CPet *pPet, tagPOINT *ptPos, SECPOINT *ptPosCheck) -> 00677A43 //6A ** B8 ** ** ** 01 E8 ** ** ** 00 8B ** 8B 3D ** ** ** 01 6A 00 6A 1E

  11. CSecurityClient::GetMemoryInfoForCRC32Code(CSecurityClient *this, int nIdx, int *nPos, int *nSize) -> 012F2A65 //8B ** 0C 8B 44 24 04 8B 14 C1

  13. CSecurityClient::GetCrc32Code(CSecurityClient *this, const char *pData, unsigned int dwSize, unsigned int *dwCrc, unsigned int *dwPos) -> 012F2A84 //55 8B EC 51 53 8B ** 08 56 8B 75 ** 8B **

  15. CDropPool::GetMoneyIconType(CDropPool *this, int nMoney) -> 0067612B //8B ** 24 04 83 ** 32 7D ** 33 C0

  17. CItemInfo::GetItemCoolTime(CItemInfo *this, int nItemID, int *nLimitMin, int *nLimitSec) -> 00859054 //6A ** B8 ** ** ** 01 E8 ** ** ** 00 8B 45 ** 99 BE ** ** ** 00 F7 FE FF 75 08

  19. CUIItem::UpdateItemCoolTime(CUIItem *this) -> 00D2139C //6A ** B8 ** ** ** 01 E8 ** ** ** 00 8B ** 8B 35 ** ** ** 01 8D 45 ** 50 8B ** 89 75 ** [1/2]

  21. [Tested] CMob::GetMaxHP(CMob *this) -> 0066D5AF //8B 81 ** ** 00 00 85 C0 74 ** 8B 40 04 C3

  23. [Tested] CUserLocal::SetDamaged(CUserLocal *this, int nDamage, int vx, int vy, int nIndex, unsigned int dwObstacleData, CMob *pMob, int nAttackIdx, int nDir, int bCheckHitRemain, int bSendPacket, int nDistributeCount) -> 01112BA5 //55 83 EC ** 68 ** 00 00 00 B8 ** ** ** 01 E8 ** ** ** 00 8B ** 89 75 ** 33 DB 89 5D ** 39 5D ** 74 ** 8D 8E

  25. CUserLocal::CheckMissByGuardSkill(CUserLocal *this, MobAttackInfo *pInfo, unsigned int aDamageRandom, int *nSkillID, int *nDamage, int *bDamageMissed, int *bGuard) -> 010A8198 //55 8B EC 83 EC ** 53 56 8B 35 ** ** ** 01 57 8D 45 ** 8B ** 50 8B CE E8 ** ** **  [1/2]

  27. CMob::AddDamageInfo(CMob *this, unsigned int dwCharacterId, int nSkillID, int nSLV, int tDelayedProcess, int nHitAction, int bLeft, int nDamage, int bCriticalAttack, int nAttackIdx, int nMultipleBySkill, tagPOINT pt, Ztl_bstr_t sHitAni, int bChase, bool bLifting, int nMoveType, int nBulletCashItemID, int nMoveEndingPosX, int nMoveEndingPosY, int bMoveLeft, ECharacterSkill eRandSkill, bool bAssist, bool bDot, HitPartsProcessor *pHitPart, int nSummonAttackIdx, int nRandomHitOffset) -> 00960B69 //6A ** B8 ** ** ** 01 E8 ** ** ** 00 8B ** 89 ** ** 8B 35 ** ** ** 01 83 65 ** 00

  29. CMob::IsBossMob(CMob *this) -> 004D47C8//56 8B ** 8B ** ** ** 00 00 E8 ** ** ** FF 85 C0 75 ** 39 ** ** ** 00 00 [1/2]

  31. [Tested] CVecCtrlMob::SetMobTeleport(CVecCtrlMob *this, tagPOINT ptMobTeleportDest) -> 0086CC3F //8B 44 24 04 89 81 ** ** 00 00 8B 44 24 08 C7 81 ** ** 00 00 01 00 00 00

  33. CDraggableItem::PopItemInBag(CDraggableItem *this, CUIBag *pBag, int x, int y) -> 006610AA //55 8B EC 83 EC ** 83 3D ** ** ** 01 00 53 56 57 8B ** 0F 85 ** ** 00 00 83 7D ** 00

  35. CDraggableItem::PopItemInBag(CDraggableItem *this, int nItemID) -> 0065F2B7 //55 8B EC 83 EC ** 83 3D ** ** ** 01 00 53 56 57 8B ** 0F 85 ** ** 00 00 8B 7E ** FF 76

  37. [Tested] CAESCipher::Encrypt(char *pDest, char *pSrc, int nLen, unsigned int *pdwKey, int bUseKey) -> 004B7B6C //55 8B EC 81 EC 3C 01 00 00 A1 ? ? ? ? 33 C5 89 45 FC [2/2]

  39. [Tested] CAESCipher::Decrypt(char *pDest, char *pSrc, int nLen, unsigned int *pdwKey, int bUseKey) -> 004B7ACA //55 8B EC 81 EC 3C 01 00 00 A1 ? ? ? ? 33 C5 89 45 FC [1/2]

  41. CWvsContext::SendMapTransferRequest(CWvsContext *this, int nPacketType, unsigned int dwTargetField, int nItemType) -> 01297DB8 //In CUIMapTransfer::DeleteSelectedField Function

  43. CUIMapTransfer::DeleteSelectedField(CUIMapTransfer *this) -> 00D816F2 //56 8D B1 ** 00 00 00 8B ** 85 C0 7C ** FF B1

  45. CUserLocal::HandleUpKeyDown(CUserLocal *this) -> 010D8A1A //6A ** B8 ** ** ** 01 E8 ** ** ** 00 8B ** 8B 0D ** ** ** 01 33 DB 3B ** 74 ** 39 59 ** 74 ** E8 ** ** ** FF

  47. CPortalList::FindPortal(CPortalList *this, int x, int y, int nXrange) -> 00A29031 //55 8B ** 83 EC ** 8B 41 ** 89 4D ** 85 C0 74 ** 8B 40 ** 53 8D 58 ** 56 57 85 DB 7C ** 8B 41 ** 8B 74 ** ** 83 7E 08 00

  49. CPortalList::FindPortalGroup(long) -> 00A2ADEF //6A ** B8 ** ** ** 01 E8 ** ** ** 00 33 C0 89 45 ** 8B 75 ** 89 46 ** 89 45 ** 56 8D 45 ** 50 83 C1 28 C7 45 [3/3]

  51. CUserLocal::TryRegisterTeleport(CUserLocal *this, SKILLENTRY *pSkill, int nSLV, const char *sPortalName, const char *sTargetPortalName, int bForced, bool bAddAttackProc) -> 010CCCF8 //55 83 EC ** 68 ** ** 00 00 B8 ** ** ** 01 E8 ** ** ** 00 8B ** 89 7D ** 33 DB 89 5D ** 8B 75 **

  53. COpenGatePool::TryEnterOpenGate(tagPOINT,tagPOINT &) -> 009F93A0 //6A ** B8 ** ** ** 01 E8 ** ** ** 00 8B ** 89 5D ** 8B 3D ** ** ** 01 8B 87 ** ** 00 00

  55. CClientSocket::SendFullMemoryCheckResult(CClientSocket *this) -> 005D1629 //6A ** B8 ** ** ** 01 E8 ** ** ** 00 8B ** 6A ** 8D 4D ** C6

  57. CVecCtrl::IsFloating(CVecCtrl *this) -> 011E0741 //56 8B ** 8B ** FF 50 ** 85 C0 75 ** 8B ** E8 ** ** ** FF 85 C0 75 **

  59. CVecCtrl::IsSwimming(void) -> 004CA8BC //55 8B EC ** ** ** 8B ** E8 ** ** ** FF 85 C0 74 ** 33 C0 40

  61. CVecCtrlUser::IsFloatSkyMap(CVecCtrlUser *this) -> 011F512E //8B 81 ** ** 00 00 85 C0 74 ** 8D ** ** E8 ** ** ** ** 85 C0 74 **

  63. CMob::FallDown(CMob *this) -> 0093E0AD //55 8B ** 83 EC ** ** 8B ** E8 ** ** ** FF 85 C0 0F 84 ** ** 00 00 8B 0D ** ** ** 01

  65. TSecType<unsigned long>::GetData(TSecType<unsigned long> *this) -> 004ACE94 //66 3B ** ** 75 ** 8A [1/5]

  67. TSecType<long>::GetData(TSecType<long> *this) -> 004B25DB //66 3B ** ** 75 ** 8A [2/5]

  69. TSecType<double>::GetData(TSecType<double> *this) -> 004CA0F6 //66 3B ** ** 75 ** 8A [3/5]

  71. TSecType<unsigned char>::GetData(TSecType<unsigned char> *this) -> 0058C02C //66 3B ** ** 75 ** 8A [4/5]

  73. TSecType<int>::GetData(TSecType<int> *this) -> 005D10FF //66 3B ** ** 75 ** 8A [5/5]

  75. TSecType<unsigned long>::SetData(TSecType<unsigned long> *this, const unsigned int data) -> 004AC94A //Before ret of TSecType<XXX>::GetData function, you can see call TSecType<XXX>::SetData function

  77. TSecType<long>::SetData(TSecType<long> *this, const int data) -> 004B22D6

  79. TSecType<double>::SetData(TSecType<double> *this, const long double data) -> 004C95B5

  81. TSecType<unsigned char>::SetData(TSecType<unsigned char> *this, const char data) -> 005891FC

  83. TSecType<int>::SetData(TSecType<int> *this, const int data) -> 005D0BA4

  85. CVecCtrlUser::WorkUpdateActive(CVecCtrlUser *this, int tElapse) -> 011F6113 //6A ** B8 ** ** ** 01 E8 ** ** ** 00 8B ** 8B 3D ** ** ** 01 33 ** 89 7D ** 3B ** [2/2]

  87. CVecCtrl::WorkUpdateActive(CVecCtrl *this, int tElapse) -> 011E4DBC //55 8B ** 83 EC ** ** ** 8B ** E8 ** ** ** FF 33 ** 85 C0 74 **

  89. CMovePath::SetKeyPadState(CMovePath *this, int bLeftKeyPressed, int bRightKeyPressed, int bUpKeyPressed, int bDownKeyPressed) -> 009967FC //6A ** 83 C1 ** E8 ** ** ** FF 8A

  91. CVecCtrl::SetInput(CVecCtrl *this, int nInputX, int nInputY, bool bResolveAction) -> 011DD330 //80 7C ** ** 00 8B 54 ** ** ** 8B 7C ** ** 8B ** 89 90 ** ** 00 00 89 B8 ** ** 00 00

  93. get_update_time() -> 01196A43 //A1 ** ** ** 01 8B 40 ** C3

  95. CUserLocal::SetInGameForcedInput(CUserLocal *this, int *nPos_X, int *nPos_Y) -> 010C84E2 //55 8B ** A1 ** ** ** 01 ** ** 33 ** 8B ** 39 B8 ** ** 00 00

  97. CUserLocal::SetAttractMove(CUserLocal *this, int *nPos_X, int *nPos_Y) -> 010C7C37 //55 8B EC ** 8B ** 8B ** FF 50 ** 8B ** E8 ** ** ** FF

  99. CUserLocal::Jump(CUserLocal *this, int bEnforced, int bEnforcedPrepareJump, int bUpkey) -> 010C48D9 //6A ** B8 ** ** ** 01 E8 ** ** ** 00 8B ** 8D BE ** ** ** 00 8B ** E8 ** ** ** FF 85 C0 74 ** 8B **

  101. IVecCtrlOwner::IsOnFoothold(IVecCtrlOwner *this) -> 011DD8E8 //8B 01 FF 50 ** 8B C8 E8 ** ** ** FF F7 D8 1B C0 F7 D8 C3 [25/26]

  103. CVecCtrlMob::CtrlUpdateActiveStop(CVecCtrlMob *this) -> 011EA6B1 //Case 0 , 8B 86 ** ** 00 00 2B ** 74 ** 48 74 ** 48 74 ** 48 74 ** 48

  105. CVecCtrlMob::CtrlUpdateActiveMove(CVecCtrlMob *this) -> 011EA876 //Case 1

  107. CVecCtrlMob::CtrlUpdateActiveJump(CVecCtrlMob *this) -> 011EAD27 //Case 2

  109. CVecCtrlMob::FlyCtrlGuardingBefore(CVecCtrlMob *this) -> 011EB62E //Case 3

  111. CVecCtrlMob::CtrlUpdateActiveFly(CVecCtrlMob *this) -> 011EDACB //Case 3

  113. CVecCtrlMob::CtrlUpdateActiveEscort(CVecCtrlMob *this) -> 011EB193 //Case 4

  115. CVecCtrlMob::CtrlUpdateActiveMoveForward(CVecCtrlMob *this) -> 011EAB09 //Case 5

  117. CMinionPool::FindHitMinionInRect(CMinionPool *this, tagRECT *rc, CMinion **apMinion, int nMaxCount, CMinion *pExcept, bool bFindFromEnemy, int nWishMobID, int rPoison, unsigned int dwWishTemplateID, int nSkillID) -> 009244A4 //6A ** B8 ** ** ** 01 E8 ** ** ** 00 8B ** FF 75 ** 8B 0D ** ** ** 01 33 FF 89 7D ** 89 7D ** [1/2]

  119. CSkillInfo::GetSkill(CSkillInfo *this, int nSkillID) -> 00AFC921 //6A ** B8 ** ** ** 01 E8 ** ** ** 00 8B ** 83 ** ** 00 83 ** ** 00 8D ** ** 50 8D 45 ** 8D 7E ** [3/4]

  121. CMob::OnHit(CMob *this, CMob::DAMAGEINFO *damageInfo, int bZigZagDamage) -> 00968002 //55 83 EC ** 6A ** B8 ** ** ** 01 E8 ** ** ** 00 8B ** 89 5D ** 83 ** ** 00 E8 ** ** ** FF

  123. bool __thiscall SKILLENTRY::IsFastAttack(SKILLENTRY *this) -> 0101C0C5 //33 C0 83 B9 ** ** 00 00 FF 0F 95 C0 [1/2]

  125. SKILLLEVELDATA::LoadLevelData(SKILLLEVELDATA *this, int nSkillID, _com_ptr_t<_com_IIID<IWzProperty,&_GUID_986515d9_0a0b_4929_8b4f_718682177b92> > pLevelData, SKILLLEVELDATACommon *pLevelCommon, int nLevel, _com_ptr_t<_com_IIID<IWzProperty,&_GUID_986515d9_0a0b_4929_8b4f_718682177b92> > pStrSR) -> 00AD69B0 //55 8D 6C ** ** 83 EC ** 6A ** 68 ** ** ** ** 64 A1 00 00 00 00 50 B8 ** ** 00 00 E8 ** ** ** 00 A1 ** ** ** 01 33 C5 [3/7]

  127. CUserLocal::TryDoingFallDown(CUserLocal *this) -> 01094654 //8B ** 8D 88 ** ** ** 00 83 ** 00

  129. CMob::TryDoingFallDown(CMob *this) -> 00930AEB //E8 ** ** ** FF 85 C0 74 ** 8B 81 ** ** 00 00 85 C0 74 ** 8D ** ** EB ** [3/3]

  131. CMobPool::FindHitMobInRect(CMobPool *this, tagRECT *rc, CMob **apMob, int nMaxCount, CMob *pExcept, int nWishMobID, int rPoison, unsigned int dwWishTemplateID, int bIncludeDazzledMob, int bIncludeEscortMob, int nSelectRangeSkillID, int nSelectRangeX, int nCurUserX, int nSkillID, int bFindBoss) -> 0096DC0A //6A ** B8 ** ** ** 01 E8 ** ** ** 0 8B ** FF 75 ** 8B 0D ** ** ** 01 33 FF [2/2]
複製代碼
作者: 乂Boyue乂    時間: 2016-6-16 00:17
雖然自動更新寫好了 但我還是完全看不懂就是了 哈哈哈 XD
作者: MSD04T    時間: 2016-8-8 14:30
本帖最後由 MSD04T 於 2016-8-11 18:26 編輯
  1. XxxGetProcAddress(void **Address, _XclioFid Fid) -> 012F2696

  3. CSecurityClient::EncodeFullMemoryCheckResult(CSecurityClient *this, COutPacket *oPacket) -> 012F356C

  5. CSecurityClient::OnFullMemoryCRCCheck(CSecurityClient *this, unsigned int *dwCrc, unsigned int *dwSimpleGuardPoint) -> 012F2C67

  7. COutPacket::Encode4(COutPacket *this, unsigned int n)
  8. Entry: 004AD32A
  9. Main: 004AD2EC

  11. CSecurityClient::InitCrc32Table(CSecurityClient *this) -> 012F365F

  13. CCrc32::CopyCrc32Table(ZArray<unsigned long> *adwCrc32Table)
  14. Entry: 012F34AA
  15. Main: 0051C462

  17. CSecurityClient::CSecurityClient(CSecurityClient *this) -> 012F366A

  19. CSecurityClient::EncodeMemoryCheckResult(CSecurityClient *this, unsigned __int16 usSeq, COutPacket *oPacket) -> 012F34EC

  21. CCrc32::GetCrc32(const char *pData, unsigned int dwSize, unsigned int dwInit, int bUseAddr, unsigned int *pdwSimpleGuardPoint, int bPosSave, int nItemID) -> 005F1857

  23. COutPacket::Init(COutPacket *this, int nType)
  24. Entry: 00A0559D

  26. COutPacket::Encode1(COutPacket *this, char n)
  27. Entry: 004B2FBF
  28. Main: 0051C462

  30. COutPacket::Encode4(COutPacket *this, unsigned int n)
  31. Entry: 004AD32A
  32. Main: 004AD2EC

  34. CSecurityClient::OnCRCCheck(CSecurityClient *this, int nIdx, unsigned int *dwCrc, unsigned int *dwSimpleGuardPoint) -> 012F289B
複製代碼
  1. /*
  2.         CLogo All Functions
  3.         Credit to MapleStory Korea leaked files & Me XD
  4. */

  6. CLogo::GetClassRTTI() -> Not Found/Doesn't Exist
  7. CLogo::CanSkip(CLogo *this) -> 008D6D75
  8. CLogo::CLogo(CLogo *this) -> 008D6E54
  9. CLogo::OnSetFocus(CLogo *this, int bFocus) -> 008D6EA1
  10. CLogo::GetRTTI(CLogo *this) -> 008D6EA7
  11. [thunk]:CLogo::`vector deleting destructor'`adjustor{12}' (unsigned int) -> 008D6EAD
  12. CLogo::IsKindOf(CLogo *this, CRTTI *pRTTI) -> 008D6EB5
  13. CLogo::~CLogo(CLogo *this) -> 008D6EBF
  14. CLogo::`vector deleting destructor'(CLogo *this, unsigned int) -> 008D6F26
  15. CLogo::LogoEnd(CLogo *this) -> 008D6F46
  16. CLogo::UpdateVideo(CLogo *this) -> 008D6FC4
  17. CLogo::InitWZLogo(CLogo *this) -> 008D70D9
  18. CLogo::Init(CLogo *this, void *pParam) -> 008D79A5
  19. CLogo::Close(CLogo *this) -> 008D7A5A
  20. CLogo::DrawWZLogo(CLogo *this, int nFrame) -> 008D7A7C
  21. CLogo::ForcedEnd(CLogo *this) -> 008D7FB5
  22. CLogo::OnKey(CLogo *this, unsigned int wParam, unsigned int lParam) -> 008D7FE1
  23. CLogo::OnMouseButton(CLogo *this, unsigned int msg, unsigned int wParam, int rx, int ry) -> 008D801A
  24. CLogo::UpdateLogo(CLogo *this) -> 008D803E
  25. CLogo::Update(CLogo *this) -> 008D80B7
複製代碼
VM VM VM VM VM VM VM VM...
CSecurity.jpg
作者: nanco971323    時間: 2020-6-25 02:21
請問大大這些現在還有效嗎
我想找CAESCipher:ecrypt
CE搜55 8B EC 81 EC 3C 01 00 00 A1 ? ? ? ? 33 C5 89 45 FC找不到




歡迎光臨 冰楓論壇 (https://bingfong.com/) Powered by 冰楓