冰楓論壇

標題: maxRush(定點瞬移) v1.3 for TWMS V.98 [打印本頁]

---

作者: qkckcqkckcq    時間: 2012-9-26 12:27
標題: maxRush(定點瞬移) v1.3 for TWMS V.98

1. //maxRush(定點瞬移) v1.3 for TWMS V.98
   
2. 
   
3. //原作者；maxjojo
   
4. 
   
5. //maxRush v1.3 Address：008F518B aob=77 ? 33 c0 5e c3 6a ? 58 5e c3 55
   
6. 
   
7. //EIP：maxRush
   
8. 
   
9. //maxRushCounter： 設定 N 個定點數量
   
10. 
    
11. //maxRushOnOff  ： 0= 抓定點位置   1=啟動瞬移
    
12. 
    
13. //RushCounter   ： 目前定點位置
    
14. 
    
15. //Round : 設定第幾圈，會跳到第 N+1 的定點，0為不啟動。
    
16. 
    
17. 
    
18. 
    
19. [ENABLE]
    
20. 
    
21. registersymbol(maxRush)
    
22. 
    
23. registersymbol(maxRushCounter)
    
24. 
    
25. registersymbol(maxRushOnOff)
    
26. 
    
27. registersymbol(RushCounter)
    
28. 
    
29. alloc(maxRush, 1024)
    
30. 
    
31. alloc(maxRushCounter,4)
    
32. 
    
33. alloc(maxRushOnOff,4)
    
34. 
    
35. alloc(RushCounter,4)
    
36. 
    
37. label(doRushNormal)
    
38. 
    
39. label(getEDIValue)
    
40. 
    
41. label(doRushTele)
    
42. 
    
43. label(doRushTeleStart)
    
44. 
    
45. label(doRushTeleReturn)
    
46. 
    
47. label(doRushResetCounterEnd)
    
48. 
    
49. alloc(loctn,64)
    
50. 
    
51. label(doRushTeleEnd)
    
52. 
    
53. label(doEnd)
    
54. 
    
55. registersymbol(Round)
    
56. 
    
57. alloc(Round,4)
    
58. 
    
59. alloc(VarRound,4)
    
60. 
    
61. alloc(After_time,4)
    
62. 
    
63. 
    
64. 
    
65. Round:
    
66. 
    
67.     dd 0
    
68. 
    
69. VarRound:
    
70. 
    
71.     dd 0
    
72. 
    
73. maxRushCounter:
    
74. 
    
75.     dd 2
    
76. 
    
77. RushCounter:
    
78. 
    
79.     dd 1
    
80. 
    
81. maxRushOnOff:
    
82. 
    
83.     dd 0
    
84. 
    
85.     // {1: On, (char teleport, 定點瞬移) |
    
86. 
    
87.     //  0: Off (platform id detect,平台ID檢測) }
    
88. 
    
89. 
    
90. 
    
91. //配合 KK 抓取位置
    
92. 
    
93. 00400fd0:
    
94. 
    
95.     dd maxRush
    
96. 
    
97. After_time:
    
98. 
    
99.     dd 0
    
100. 
     
101. maxRush:
     
102. 
     
103.     Push Eax
     
104. 
     
105.     Mov Eax,[00adc0d4]      // char pointer
     
106. 
     
107.     Add Eax, 0D6C
     
108. 
     
109.     Mov Eax, [Eax]
     
110. 
     
111.     Sub Eax, C              // char pid
     
112. 
     
113.     Cmp Esi,Eax
     
114. 
     
115.     Pop Eax
     
116. 
     
117.     Je doRushNormal
     
118. 
     
119.     jmp 008F5191
     
120. 
     
121. 
     
122. 
     
123. doRushNormal:
     
124. 
     
125.     call doRushTele
     
126. 
     
127.     ja 008F5191
     
128. 
     
129.     jmp 008F518D
     
130. 
     
131. doRushTele:
     
132. 
     
133.     pushfd
     
134. 
     
135. mov eax, [00ae0714]
     
136. 
     
137.     mov eax,[eax+1dc]
     
138. 
     
139.     cmp eax,[After_time]
     
140. 
     
141.     jl doRushTeleReturn
     
142. 
     
143. 
     
144. 
     
145.     mov eax, [00ae0714]
     
146. 
     
147.     mov eax,[eax+1dc]
     
148. 
     
149.     mov [After_time],eax
     
150. 
     
151.     add [After_time],3e8   //延遲一秒
     
152. 
     
153.     Cmp [maxRushOnOff],0
     
154. 
     
155.     je getEDIValue
     
156. 
     
157.     call doRushTeleStart
     
158. 
     
159. doRushTeleReturn:
     
160. 
     
161.     popfd
     
162. 
     
163.     ret
     
164. 
     
165. // platform id detect.
     
166. 
     
167. getEDIValue:
     
168. 
     
169.     mov eax,[esi+114]
     
170. 
     
171.     lea edx,[loctn]
     
172. 
     
173.     mov ecx,[RushCounter]
     
174. 
     
175.     shl ecx,1
     
176. 
     
177.     shl ecx,1
     
178. 
     
179.     mov [edx+ecx],eax
     
180. 
     
181.     jmp doRushTeleReturn
     
182. 
     
183. 
     
184. 
     
185. // start charactor teleport
     
186. 
     
187. doRushTeleStart:
     
188. 
     
189.    add  [RushCounter],1
     
190. 
     
191.    mov  ebx,[maxRushCounter]
     
192. 
     
193.    cmp  [RushCounter],ebx
     
194. 
     
195.    ja  doRushTeleEnd
     
196. 
     
197.    lea edx,[loctn]
     
198. 
     
199.    mov ecx,[RushCounter]
     
200. 
     
201.    shl ecx,1
     
202. 
     
203.    shl ecx,1
     
204. 
     
205.    mov eax,[edx+ecx]
     
206. 
     
207.    mov [esi+110],eax
     
208. 
     
209.    jmp doRushResetCounterEnd
     
210. 
     
211. 
     
212. 
     
213. doRushTeleEnd:
     
214. 
     
215.    cmp [Round],0
     
216. 
     
217.    je doEnd
     
218. 
     
219.    add [VarRound],1
     
220. 
     
221.    mov ebx,[Round]
     
222. 
     
223.    cmp [VarRound],ebx
     
224. 
     
225.    jbe doEnd
     
226. 
     
227.    mov [VarRound],0
     
228. 
     
229.    lea edx,[loctn]
     
230. 
     
231.    mov ecx,[RushCounter]
     
232. 
     
233.    shl ecx,1
     
234. 
     
235.    shl ecx,1
     
236. 
     
237.    mov eax,[edx+ecx]
     
238. 
     
239.    mov [esi+110],eax
     
240. 
     
241.    jmp doRushResetCounterEnd
     
242. 
     
243.    
     
244. 
     
245. doEnd:
     
246. 
     
247.    mov [RushCounter],0      // reset counter (歸零重來)
     
248. 
     
249.    jmp doRushTeleStart
     
250. 
     
251. doRushResetCounterEnd:
     
252. 
     
253.    ret
     
254. 
     
255. 
     
256. 
     
257. [DISABLE]
     
258. 
     
259. dealloc(maxRush)
     
260. 
     
261. dealloc(maxRushCounter)
     
262. 
     
263. dealloc(maxRushOnOff)
     
264. 
     
265. dealloc(PlatformIDList)
     
266. 
     
267. unregistersymbol(maxRush)
     
268. 
     
269. unregistersymbol(maxRushCounter)
     
270. 
     
271. unregistersymbol(maxRushOnOff)
     
272. 
     
273. dealloc(loctn)
     
274. 
     
275. unregistersymbol(RushCounter)
     
276. 
     
277. dealloc(RushCounter)
     
278. 
     
279. unregistersymbol(Round)
     
280. 
     
281. dealloc(Round)
     
282. 
     
283. dealloc(VarRound)
     
284. 
     
285. dealloc(After_time)
     
286. 
     
287. 
     
288. 
     
289. 
     
290. 
     
291. 
     
292. 
     
293. 
     

複製代碼

---

歡迎光臨 冰楓論壇 (https://bingfong.com/)

Powered by 冰楓