TwMS v233.2 ICS 亞克-自動變身&能量不消耗&移除變身警告

麗麗

1. // TwMs v233.2 ICS Ark_NoConsumption_Automatic_transformation
   
2. 
   
3. [ENABLE]
   
4. Alloc(Ark_NoConsumption_Automatic_transformationICS,2048)
   
5. Alloc(Ark_NoConsumption_Automatic_transformationSW,4)
   
6. RegisterSymbol(Ark_NoConsumption_Automatic_transformationSW)
   
7. Label(Ark_NoConsumption_Automatic_transformation)
   
8. Label(Ark_NoConsumption)
   
9. Label(Hook)
   
10. Label(fakecall)
    
11. Label(L11)
    
12. Label(L22)
    
13. 
    
14. Alloc(Ark_NoTransformation_warning_ICS,512)
    
15. Alloc(Ark_NoTransformation_warningSW,4)
    
16. RegisterSymbol(Ark_NoTransformation_warningSW)
    
17. Label(Ark_NoTransformation_warning)
    
18. 
    
19. Ark_NoConsumption_Automatic_transformationSW:
    
20. DD 1
    
21. 
    
22. Ark_NoTransformation_warningSW:
    
23. DD 1
    
24. 
    
25. Ark_NoConsumption_Automatic_transformationICS:
    
26. cmp [esp],02F19923 //8B ? ? ? ? ? 89 ? ? 85 ? 74 ? 8B ? 2B ? 81 ? ? ? ? ? 7C
    
27. jne timeGetTime
    
28. cmp [Ark_NoConsumption_Automatic_transformationSW],1
    
29. jne timeGetTime
    
30. mov [esp],Ark_NoConsumption_Automatic_transformation
    
31. jmp timeGetTime
    
32. 
    
33. Ark_NoTransformation_warning_ICS:
    
34. cmp [esp+124],02F43CF4 //6A 03 8B CE E8 ? ? ? ? 8B 3D
    
35. jne VariantInit
    
36. cmp [Ark_NoTransformation_warningSW],1
    
37. jne VariantInit
    
38. mov [esp+124],Ark_NoTransformation_warning
    
39. jmp VariantInit
    
40. 
    
41. Ark_NoConsumption_Automatic_transformation:
    
42. // Automatic_transformation
    
43. pushad
    
44. cmp [0448B638],0
    
45. je Ark_NoConsumption
    
46. mov eax,[0473ADE0]
    
47. mov eax,[eax+04]
    
48. cmp eax,2
    
49. jne Ark_NoConsumption
    
50. mov eax,[0473A268]
    
51. mov eax,[eax+14]
    
52. mov eax,[eax+019218]
    
53. cmp eax,1
    
54. jb Ark_NoConsumption
    
55. mov eax,[0448B638]
    
56. mov eax,[eax+61C]
    
57. cmp eax,FFFFFFFF
    
58. jne Ark_NoConsumption
    
59. mov edi,[0448B638]
    
60. push 00
    
61. push 00
    
62. push 00
    
63. sub esp,08
    
64. mov ecx,edi
    
65. mov eax,esp
    
66. push -01
    
67. push 00
    
68. push 00
    
69. push 00
    
70. push 00
    
71. push 00
    
72. push 00
    
73. push 00
    
74. push 00
    
75. push 00
    
76. mov [eax+04],00000000
    
77. mov eax,[edi]
    
78. push 093EA74E
    
79. call dword ptr [eax+00000084]
    
80. // Automatic_transformation
    
81. 
    
82. Ark_NoConsumption:
    
83. popad
    
84. mov edx,[edi+00003638]
    
85. mov [ebp-10],eax
    
86. test edx,edx
    
87. je Hook
    
88. mov ecx,eax
    
89. sub ecx,edx
    
90. cmp ecx,00001F40
    
91. jl Hook
    
92. mov [edi+00003638],00000000
    
93. 
    
94. Hook:
    
95. push eax
    
96. mov ecx,edi
    
97. call fakecall
    
98. jmp 02F1994E
    
99. 
    
100. fakecall:
     
101. push ebp
     
102. mov ebp,esp
     
103. push -01
     
104. push 03A9CE16
     
105. mov eax,fs:[00000000]
     
106. push eax
     
107. sub esp,3C
     
108. push ebx
     
109. push esi
     
110. push edi
     
111. mov eax,[04472154]
     
112. xor eax,ebp
     
113. push eax
     
114. lea eax,[ebp-0C]
     
115. mov fs:[00000000],eax
     
116. mov esi,ecx
     
117. call 02EEAAB0
     
118. cmp eax,00003A99
     
119. je L11
     
120. add eax,FFFFC374
     
121. cmp eax,64
     
122. jae 02F43FCC
     
123. 
     
124. L11:
     
125. mov edi,[0448B638]
     
126. test edi,edi
     
127. je 02F43FCC
     
128. lea ecx,[edi+000000C0]
     
129. call 011DCA00
     
130. test eax,eax
     
131. jne 02F43FCC
     
132. push 093D20B0
     
133. mov ecx,esi
     
134. call 02F1BEF0
     
135. mov ebx,eax
     
136. test ebx,ebx
     
137. je L22
     
138. call dword ptr [03BDA5D0]
     
139. sub ebx,eax
     
140. xor ecx,ecx
     
141. test ebx,ebx
     
142. setg cl
     
143. test ecx,ecx
     
144. jne 02F43FCC
     
145. 
     
146. L22:
     
147. mov ecx,edi
     
148. call 0297BE40
     
149. test al,al
     
150. je 02F43ECF
     
151. mov ecx,esi
     
152. call 02EEF910
     
153. mov ecx,eax
     
154. call 00CE8E80
     
155. test eax,eax
     
156. je 02F43FCC
     
157. jmp 02F43ECF
     
158. 
     
159. Ark_NoTransformation_warning:
     
160. push 03
     
161. mov ecx,esi
     
162. call 02FD7F80
     
163. mov edi,[0448B638]
     
164. mov bl,al
     
165. push 093D1CC7
     
166. lea eax,[ebp-2C]
     
167. push esi
     
168. push eax
     
169. call 00B0A1D0
     
170. add esp,0C
     
171. lea ecx,[ebp-2C]
     
172. call 00B0A1A0
     
173. test al,al
     
174. je 02F43DF5
     
175. test edi,edi
     
176. je 02F43DF5
     
177. mov ecx,edi
     
178. call 0297BE40
     
179. test al,al
     
180. je 02F43DA1
     
181. mov ecx,[ebp-20]
     
182. mov edi,[esi+00003814]
     
183. call 0064EB90
     
184. cmp edi,eax
     
185. jmp 02F43DA1
     
186. 
     
187. 03BDA5D0:
     
188. DD Ark_NoConsumption_Automatic_transformationICS
     
189. 
     
190. 03BDA458:
     
191. DD Ark_NoTransformation_warning_ICS
     
192. 
     
193. [DISABLE]
     
194. 03BDA5D0:
     
195. DD timeGetTime
     
196. 
     
197. 03BDA458:
     
198. DD VariantInit

複製代碼

qweads

十分感謝 直接一套寫好QQ

qq255500

只有能量不消耗的ICS能提供下麽？

qq255500

不知道怎麽拆解這個三合一的數據，Ark_NoConsumption 我知道是我想要的數據，但是開頭和尾巴我不會處理。

btb

qq255500 發表於 2021-4-14 20:19
不知道怎麽拆解這個三合一的數據，Ark_NoConsumption 我知道是我想要的數據，但是開頭和尾巴我不會處理。 ...

// TwMS v233.2 ICS Ark_NoConsumption_Automatic_transformation

[ENABLE]
Alloc(Ark_NoConsumption_Automatic_transformationICS,2048)
Alloc(Ark_NoConsumption_Automatic_transformationSW,4)
RegisterSymbol(Ark_NoConsumption_Automatic_transformationSW)
Label(Ark_NoConsumption_Automatic_transformation)
Label(Ark_NoConsumption)
Label(Hook)
Label(fakecall)
Label(L11)
Label(L22)


Ark_NoConsumption_Automatic_transformationSW:
DD 1



Ark_NoConsumption_Automatic_transformationICS:
cmp [esp],02F19923 //8B ? ? ? ? ? 89 ? ? 85 ? 74 ? 8B ? 2B ? 81 ? ? ? ? ? 7C
jne timeGetTime
cmp [Ark_NoConsumption_Automatic_transformationSW],1
jne timeGetTime
mov [esp],Ark_NoConsumption_Automatic_transformation
jmp timeGetTime



Ark_NoConsumption_Automatic_transformation:
// Automatic_transformation
pushad
cmp [0448B638],0
je Ark_NoConsumption
mov eax,[0473ADE0]
mov eax,[eax+04]
cmp eax,2
jne Ark_NoConsumption
mov eax,[0473A268]
mov eax,[eax+14]
mov eax,[eax+019218]
cmp eax,1
jb Ark_NoConsumption
mov eax,[0448B638]
mov eax,[eax+61C]
cmp eax,FFFFFFFF
jne Ark_NoConsumption
mov edi,[0448B638]
push 00
push 00
push 00
sub esp,08
mov ecx,edi
mov eax,esp
push -01
push 00
push 00
push 00
push 00
push 00
push 00
push 00
push 00
push 00
mov [eax+04],00000000
mov eax,[edi]
push 093EA74E
call dword ptr [eax+00000084]
// Automatic_transformation

Ark_NoConsumption:
popad
mov edx,[edi+00003638]
mov [ebp-10],eax
test edx,edx
je Hook
mov ecx,eax
sub ecx,edx
cmp ecx,00001F40
jl Hook
mov [edi+00003638],00000000

Hook:
push eax
mov ecx,edi
call fakecall
jmp 02F1994E

fakecall:
push ebp
mov ebp,esp
push -01
push 03A9CE16
mov eax,fs:[00000000]
push eax
sub esp,3C
push ebx
push esi
push edi
mov eax,[04472154]
xor eax,ebp
push eax
lea eax,[ebp-0C]
mov fs:[00000000],eax
mov esi,ecx
call 02EEAAB0
cmp eax,00003A99
je L11
add eax,FFFFC374
cmp eax,64
jae 02F43FCC

L11:
mov edi,[0448B638]
test edi,edi
je 02F43FCC
lea ecx,[edi+000000C0]
call 011DCA00
test eax,eax
jne 02F43FCC
push 093D20B0
mov ecx,esi
call 02F1BEF0
mov ebx,eax
test ebx,ebx
je L22
call dword ptr [03BDA5D0]
sub ebx,eax
xor ecx,ecx
test ebx,ebx
setg cl
test ecx,ecx
jne 02F43FCC

L22:
mov ecx,edi
call 0297BE40
test al,al
je 02F43ECF
mov ecx,esi
call 02EEF910
mov ecx,eax
call 00CE8E80
test eax,eax
je 02F43FCC
jmp 02F43ECF



03BDA5D0:
DD Ark_NoConsumption_Automatic_transformationICS

[DISABLE]
03BDA5D0:
DD timeGetTime
//能量不消耗+自動變身

dinmaxfo

想問一下
三合一使用下去好像沒反應?
還是不太穩定

麗麗

dinmaxfo 發表於 2021-4-15 18:24
想問一下
三合一使用下去好像沒反應?
還是不太穩定

我使用是正常的，沒反應可以使用crc的。
因爲ics很多hook點都是這個api，你不會整合的話會衝突失效。