因为代码太多,我还是直接粘贴胡杨大神的原话吧。
为了方便大家分析,我分两部分写出。
【第一部分】,这部分之中涉及到的跳转目的函数,会在第二部分给出代码,玩家只需要按照形式调用自己的地址就可。
1、00434F8E push 0x10C --》 push 0x310 修改申请内存大小
2、004368B9 push 0xC8 --> jmp 0053E400 初始化士兵单元指针数组
3、00435120 cmp eax,0x32 --》cmp eax,0x7d rank士兵分配
4、004366E3 cmp [local.5],0x32--》 jmp 0053E420 士兵访问1
5、00436A7F cmp dword ptr ss:[ebp-0x10],0x32 --》jmp 0053E440 士兵访问2
6、00436D39 cmp [local.4],0x32 --》jmp 0053E480 士兵访问3
7、00436DD2 cmp dword ptr ss:[ebp-0x14],0x32 --> jmp Sango3.0053E4C0 士兵访问4
8、00436E1C cmp [local.9],0x32 -->jmp 0053E500 士兵访问5
9、00436ED1 mov eax,[local.12]--->jmp 0053E530 士兵访问6
10、0043568E call Sango3.00436F32--》call 0053E550 士兵访问7(函数替换)
11、00435752 call Sango3.00436F83--》call 0053E5C0 士兵访问8(函数替换)
12、00437709 cmp [local.2],0x32 --》jmp 0053E630 士兵访问9
13 0043610E call Sango3.00437A5C-->call 0053E680 士兵访问10函数替换
14、00437C65 push ebp--->jmp 0053E6E0 士兵访问11
15、00437DAC push ebp--->jmp 0053E770 士兵访问12
16、00437FC0 push ebp--->jmp 0053E850 士兵访问13
17、00438910 push ebp--->jmp 0053E8E0 士兵访问14
18、00437CE5 push ebp--->jmp 0053E940 士兵访问15
【第二部分】
0053E400 68 F4010000 push 0x1F4 ; 初始化004fc320士兵类
0053E405 6A 00 push 0x0
0053E407 8B55 F4 mov edx,dword ptr ss:[ebp-0xC]
0053E40A 81C2 10010000 add edx,0x110
0053E410 52 push edx
0053E411 - E9 B184EFFF jmp Sango3.004368C7
0053E416 90 nop
0053E417 90 nop
0053E418 90 nop
0053E419 90 nop
0053E41A 90 nop
0053E41B 90 nop
0053E41C 90 nop
0053E41D 90 nop
0053E41E 90 nop
0053E41F 90 nop
0053E420 837D EC 7D cmp dword ptr ss:[ebp-0x14],0x7D ; 带兵修改1
0053E424 - 0F8D FB82EFFF jge Sango3.00436725
0053E42A 8B4D EC mov ecx,dword ptr ss:[ebp-0x14]
0053E42D 8B55 F0 mov edx,dword ptr ss:[ebp-0x10]
0053E430 8B848A 10010000 mov eax,dword ptr ds:[edx+ecx*4+0x110]
0053E437 - E9 B782EFFF jmp Sango3.004366F3
0053E43C 90 nop
0053E43D 90 nop
0053E43E 90 nop
0053E43F 90 nop
0053E440 837D F0 7D cmp dword ptr ss:[ebp-0x10],0x7D ; 带兵修改2
0053E444 - 0F8D 6E86EFFF jge Sango3.00436AB8
0053E44A 8B45 F0 mov eax,dword ptr ss:[ebp-0x10]
0053E44D 8B4D D4 mov ecx,dword ptr ss:[ebp-0x2C]
0053E450 83BC81 10010000>cmp dword ptr ds:[ecx+eax*4+0x110],0x0
0053E458 - 0F85 5886EFFF jnz Sango3.00436AB6
0053E45E 8B55 F0 mov edx,dword ptr ss:[ebp-0x10]
0053E461 8B45 D4 mov eax,dword ptr ss:[ebp-0x2C]
0053E464 8B4D EC mov ecx,dword ptr ss:[ebp-0x14]
0053E467 898C90 10010000 mov dword ptr ds:[eax+edx*4+0x110],ecx
0053E46E - E9 2C86EFFF jmp Sango3.00436A9F
0053E473 90 nop
0053E480 837D F0 7D cmp dword ptr ss:[ebp-0x10],0x7D ; 带兵修改3
0053E484 - 0F8D D788EFFF jge Sango3.00436D61
0053E48A 8B4D F0 mov ecx,dword ptr ss:[ebp-0x10]
0053E48D 8B55 D0 mov edx,dword ptr ss:[ebp-0x30]
0053E490 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E498 74 16 je XSango3.0053E4B0
0053E49A 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
0053E49D 50 push eax
0053E49E 8B4D F0 mov ecx,dword ptr ss:[ebp-0x10]
0053E4A1 8B55 D0 mov edx,dword ptr ss:[ebp-0x30]
0053E4A4 8B8C8A 10010000 mov ecx,dword ptr ds:[edx+ecx*4+0x110]
0053E4AB E8 503CF5FF call Sango3.00492100
0053E4B0 - E9 7B88EFFF jmp Sango3.00436D30
0053E4B5 90 nop
0053E4B6 90 nop
0053E4B7 90 nop
0053E4B8 90 nop
0053E4B9 90 nop
0053E4BA 90 nop
0053E4BB 90 nop
0053E4BC 90 nop
0053E4BD 90 nop
0053E4BE 90 nop
0053E4BF 90 nop
0053E4C0 837D EC 7D cmp dword ptr ss:[ebp-0x14],0x7D ; 带兵修改4
0053E4C4 - 0F8D 3089EFFF jge Sango3.00436DFA
0053E4CA 8B4D EC mov ecx,dword ptr ss:[ebp-0x14]
0053E4CD 8B55 D0 mov edx,dword ptr ss:[ebp-0x30]
0053E4D0 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E4D8 74 16 je XSango3.0053E4F0
0053E4DA 8B45 E8 mov eax,dword ptr ss:[ebp-0x18]
0053E4DD 50 push eax
0053E4DE 8B4D EC mov ecx,dword ptr ss:[ebp-0x14]
0053E4E1 8B55 D0 mov edx,dword ptr ss:[ebp-0x30]
0053E4E4 8B8C8A 10010000 mov ecx,dword ptr ds:[edx+ecx*4+0x110]
0053E4EB E8 103CF5FF call Sango3.00492100
0053E4F0 - E9 D488EFFF jmp Sango3.00436DC9
0053E4F5 90 nop
0053E4F6 90 nop
0053E4F7 90 nop
0053E4F8 90 nop
0053E4F9 90 nop
0053E4FA 90 nop
0053E4FB 90 nop
0053E4FC 90 nop
0053E4FD 90 nop
0053E4FE 90 nop
0053E4FF 90 nop
0053E500 837D DC 7D cmp dword ptr ss:[ebp-0x24],0x7D ; 带兵修改5
0053E504 - 0F8D E189EFFF jge Sango3.00436EEB
0053E50A 8B4D DC mov ecx,dword ptr ss:[ebp-0x24]
0053E50D 8B55 D0 mov edx,dword ptr ss:[ebp-0x30]
0053E510 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E518 - E9 1489EFFF jmp Sango3.00436E31
0053E51D 90 nop
0053E530 8B45 D0 mov eax,dword ptr ss:[ebp-0x30] ; 带兵修改6
0053E533 8B8C90 10010000 mov ecx,dword ptr ds:[eax+edx*4+0x110]
0053E53A - E9 9989EFFF jmp Sango3.00436ED8
0053E53F 90 nop
0053E540 90 nop
0053E541 90 nop
0053E542 90 nop
0053E543 90 nop
0053E544 90 nop
0053E545 90 nop
0053E546 90 nop
0053E547 90 nop
0053E548 90 nop
0053E549 90 nop
0053E54A 90 nop
0053E54B 90 nop
0053E54C 90 nop
0053E54D 90 nop
0053E54E 90 nop
0053E54F 90 nop
0053E550 55 push ebp ; 带兵修改7
0053E551 8BEC mov ebp,esp
0053E553 83EC 08 sub esp,0x8
0053E556 894D F8 mov dword ptr ss:[ebp-0x8],ecx
0053E559 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0053E560 EB 09 jmp XSango3.0053E56B
0053E562 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E565 83C0 01 add eax,0x1
0053E568 8945 FC mov dword ptr ss:[ebp-0x4],eax
0053E56B 837D FC 7D cmp dword ptr ss:[ebp-0x4],0x7D
0053E56F 7D 35 jge XSango3.0053E5A6
0053E571 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E574 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E577 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E57F 74 23 je XSango3.0053E5A4
0053E581 6A 00 push 0x0
0053E583 6A 00 push 0x0
0053E585 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E588 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E58B 8B8C81 10010000 mov ecx,dword ptr ds:[ecx+eax*4+0x110]
0053E592 8B55 FC mov edx,dword ptr ss:[ebp-0x4]
0053E595 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E598 8B9490 10010000 mov edx,dword ptr ds:[eax+edx*4+0x110]
0053E59F 8B02 mov eax,dword ptr ds:[edx]
0053E5A1 FF50 0C call dword ptr ds:[eax+0xC]
0053E5A4 ^ EB BC jmp XSango3.0053E562
0053E5A6 8BE5 mov esp,ebp
0053E5A8 5D pop ebp
0053E5A9 C3 retn
0053E5C0 55 push ebp ; 带兵修改8
0053E5C1 8BEC mov ebp,esp
0053E5C3 83EC 08 sub esp,0x8
0053E5C6 894D F8 mov dword ptr ss:[ebp-0x8],ecx
0053E5C9 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E5CC C780 D8000000 0>mov dword ptr ds:[eax+0xD8],0x3
0053E5D6 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0053E5DD EB 09 jmp XSango3.0053E5E8
0053E5DF 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E5E2 83C1 01 add ecx,0x1
0053E5E5 894D FC mov dword ptr ss:[ebp-0x4],ecx
0053E5E8 837D FC 7D cmp dword ptr ss:[ebp-0x4],0x7D
0053E5EC 7D 31 jge XSango3.0053E61F
0053E5EE 8B55 FC mov edx,dword ptr ss:[ebp-0x4]
0053E5F1 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E5F4 83BC90 10010000>cmp dword ptr ds:[eax+edx*4+0x110],0x0
0053E5FC 74 1F je XSango3.0053E61D
0053E5FE 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E601 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E604 8B8C8A 10010000 mov ecx,dword ptr ds:[edx+ecx*4+0x110]
0053E60B 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E60E 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E611 8B8482 10010000 mov eax,dword ptr ds:[edx+eax*4+0x110]
0053E618 8B10 mov edx,dword ptr ds:[eax]
0053E61A FF52 44 call dword ptr ds:[edx+0x44]
0053E61D ^ EB C0 jmp XSango3.0053E5DF
0053E61F 8BE5 mov esp,ebp
0053E621 5D pop ebp
0053E622 C3 retn
0053E623 90 nop
0053E624 90 nop
0053E625 90 nop
0053E626 90 nop
0053E627 90 nop
0053E628 90 nop
0053E629 90 nop
0053E62A 90 nop
0053E62B 90 nop
0053E62C 90 nop
0053E62D 90 nop
0053E62E 90 nop
0053E62F 90 nop
0053E630 837D F8 7D cmp dword ptr ss:[ebp-0x8],0x7D ; 带兵修改9
0053E634 - 0F8D 0291EFFF jge Sango3.0043773C
0053E63A 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E63D 8B4D F4 mov ecx,dword ptr ss:[ebp-0xC]
0053E640 83BC81 10010000>cmp dword ptr ds:[ecx+eax*4+0x110],0x0
0053E648 74 24 je XSango3.0053E66E
0053E64A 837D 08 00 cmp dword ptr ss:[ebp+0x8],0x0
0053E64E 75 15 jnz XSango3.0053E665
0053E650 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E653 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
0053E656 8B8C90 10010000 mov ecx,dword ptr ds:[eax+edx*4+0x110]
0053E65D 894D FC mov dword ptr ss:[ebp-0x4],ecx
0053E660 - E9 D790EFFF jmp Sango3.0043773C
0053E665 8B55 08 mov edx,dword ptr ss:[ebp+0x8]
0053E668 83EA 01 sub edx,0x1
0053E66B 8955 08 mov dword ptr ss:[ebp+0x8],edx
0053E66E - E9 8D90EFFF jmp Sango3.00437700
0053E673 90 nop
0053E680 55 push ebp ; 带兵修改10
0053E681 8BEC mov ebp,esp
0053E683 83EC 08 sub esp,0x8
0053E686 894D F8 mov dword ptr ss:[ebp-0x8],ecx
0053E689 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0053E690 EB 09 jmp XSango3.0053E69B
0053E692 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E695 83C0 01 add eax,0x1
0053E698 8945 FC mov dword ptr ss:[ebp-0x4],eax
0053E69B 837D FC 7D cmp dword ptr ss:[ebp-0x4],0x7D
0053E69F 7D 35 jge XSango3.0053E6D6
0053E6A1 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E6A4 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E6A7 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E6AF 74 23 je XSango3.0053E6D4
0053E6B1 8A45 08 mov al,byte ptr ss:[ebp+0x8]
0053E6B4 50 push eax
0053E6B5 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E6B8 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E6BB 8B8C8A 10010000 mov ecx,dword ptr ds:[edx+ecx*4+0x110]
0053E6C2 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E6C5 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E6C8 8B8482 10010000 mov eax,dword ptr ds:[edx+eax*4+0x110]
0053E6CF 8B10 mov edx,dword ptr ds:[eax]
0053E6D1 FF52 14 call dword ptr ds:[edx+0x14]
0053E6D4 ^ EB BC jmp XSango3.0053E692
0053E6D6 8BE5 mov esp,ebp
0053E6D8 5D pop ebp
0053E6D9 C2 0400 retn 0x4
0053E6DC 90 nop
0053E6DD 90 nop
0053E6DE 90 nop
0053E6DF 90 nop
0053E6E0 55 push ebp ; 带兵修改11
0053E6E1 8BEC mov ebp,esp
0053E6E3 83EC 14 sub esp,0x14
0053E6E6 894D F0 mov dword ptr ss:[ebp-0x10],ecx
0053E6E9 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0053E6F0 EB 09 jmp XSango3.0053E6FB
0053E6F2 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E6F5 83C0 01 add eax,0x1
0053E6F8 8945 FC mov dword ptr ss:[ebp-0x4],eax
0053E6FB 837D FC 7D cmp dword ptr ss:[ebp-0x4],0x7D
0053E6FF 7D 57 jge XSango3.0053E758
0053E701 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E704 8B55 F0 mov edx,dword ptr ss:[ebp-0x10]
0053E707 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E70F 74 45 je XSango3.0053E756
0053E711 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E714 8B4D F0 mov ecx,dword ptr ss:[ebp-0x10]
0053E717 8B9481 10010000 mov edx,dword ptr ds:[ecx+eax*4+0x110]
0053E71E 8955 F4 mov dword ptr ss:[ebp-0xC],edx
0053E721 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
0053E724 8945 F8 mov dword ptr ss:[ebp-0x8],eax
0053E727 837D F8 00 cmp dword ptr ss:[ebp-0x8],0x0
0053E72B 74 11 je XSango3.0053E73E
0053E72D 6A 01 push 0x1
0053E72F 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E732 8B11 mov edx,dword ptr ds:[ecx]
0053E734 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E737 FF12 call dword ptr ds:[edx]
0053E739 8945 EC mov dword ptr ss:[ebp-0x14],eax
0053E73C EB 07 jmp XSango3.0053E745
0053E73E C745 EC 0000000>mov dword ptr ss:[ebp-0x14],0x0
0053E745 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E748 8B4D F0 mov ecx,dword ptr ss:[ebp-0x10]
0053E74B C78481 10010000>mov dword ptr ds:[ecx+eax*4+0x110],0x0
0053E756 ^ EB 9A jmp XSango3.0053E6F2
0053E758 8B55 F0 mov edx,dword ptr ss:[ebp-0x10]
0053E75B C782 00010000 0>mov dword ptr ds:[edx+0x100],0x0
0053E765 8BE5 mov esp,ebp
0053E767 5D pop ebp
0053E768 C3 retn
0053E770 55 push ebp ; 带兵修改12
0053E771 8BEC mov ebp,esp
0053E773 83EC 08 sub esp,0x8
0053E776 894D F8 mov dword ptr ss:[ebp-0x8],ecx
0053E779 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E77C 83B8 00010000 0>cmp dword ptr ds:[eax+0x100],0x0
0053E783 7F 05 jg XSango3.0053E78A
0053E785 E9 B0000000 jmp Sango3.0053E83A
0053E78A 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E78D 83B9 D8000000 0>cmp dword ptr ds:[ecx+0xD8],0x2
0053E794 75 08 jnz XSango3.0053E79E
0053E796 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E799 E8 1A85EFFF call Sango3.00436CB8
0053E79E C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0053E7A5 EB 09 jmp XSango3.0053E7B0
0053E7A7 8B55 FC mov edx,dword ptr ss:[ebp-0x4]
0053E7AA 83C2 01 add edx,0x1
0053E7AD 8955 FC mov dword ptr ss:[ebp-0x4],edx
0053E7B0 837D FC 7D cmp dword ptr ss:[ebp-0x4],0x7D
0053E7B4 7D 31 jge XSango3.0053E7E7
0053E7B6 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E7B9 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E7BC 83BC81 10010000>cmp dword ptr ds:[ecx+eax*4+0x110],0x0
0053E7C4 74 1F je XSango3.0053E7E5
0053E7C6 8B55 FC mov edx,dword ptr ss:[ebp-0x4]
0053E7C9 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E7CC 8B8C90 10010000 mov ecx,dword ptr ds:[eax+edx*4+0x110]
0053E7D3 8B55 FC mov edx,dword ptr ss:[ebp-0x4]
0053E7D6 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E7D9 8B9490 10010000 mov edx,dword ptr ds:[eax+edx*4+0x110]
0053E7E0 8B02 mov eax,dword ptr ds:[edx]
0053E7E2 FF50 24 call dword ptr ds:[eax+0x24]
0053E7E5 ^ EB C0 jmp XSango3.0053E7A7
0053E7E7 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0053E7EE EB 09 jmp XSango3.0053E7F9
0053E7F0 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E7F3 83C1 01 add ecx,0x1
0053E7F6 894D FC mov dword ptr ss:[ebp-0x4],ecx
0053E7F9 837D FC 7D cmp dword ptr ss:[ebp-0x4],0x7D
0053E7FD 7D 3B jge XSango3.0053E83A
0053E7FF 8B55 FC mov edx,dword ptr ss:[ebp-0x4]
0053E802 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E805 83BC90 10010000>cmp dword ptr ds:[eax+edx*4+0x110],0x0
0053E80D 74 29 je XSango3.0053E838
0053E80F 6A 12 push 0x12
0053E811 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E814 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E817 8B8C8A 10010000 mov ecx,dword ptr ds:[edx+ecx*4+0x110]
0053E81E E8 5ECCF0FF call <Sango3.判断标志位状态>
0053E823 25 FF000000 and eax,0xFF
0053E828 85C0 test eax,eax
0053E82A 74 0C je XSango3.0053E838
0053E82C 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E82F 50 push eax
0053E830 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E833 E8 AD94EFFF call Sango3.00437CE5
0053E838 ^ EB B6 jmp XSango3.0053E7F0
0053E83A 8BE5 mov esp,ebp
0053E83C 5D pop ebp
0053E83D C3 retn
0053E83E 90 nop
0053E850 55 push ebp ; 带兵修改13
0053E851 8BEC mov ebp,esp
0053E853 83EC 14 sub esp,0x14
0053E856 894D EC mov dword ptr ss:[ebp-0x14],ecx
0053E859 C745 F4 0000000>mov dword ptr ss:[ebp-0xC],0x0
0053E860 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0053E867 C745 F8 0000000>mov dword ptr ss:[ebp-0x8],0x0
0053E86E EB 09 jmp XSango3.0053E879
0053E870 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E873 83C0 01 add eax,0x1
0053E876 8945 F8 mov dword ptr ss:[ebp-0x8],eax
0053E879 837D F8 7D cmp dword ptr ss:[ebp-0x8],0x7D
0053E87D 7D 45 jge XSango3.0053E8C4
0053E87F 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E882 8B55 EC mov edx,dword ptr ss:[ebp-0x14]
0053E885 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E88D 74 33 je XSango3.0053E8C2
0053E88F 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E892 8B4D EC mov ecx,dword ptr ss:[ebp-0x14]
0053E895 8B8C81 10010000 mov ecx,dword ptr ds:[ecx+eax*4+0x110]
0053E89C E8 CF93F0FF call Sango3.00447C70
0053E8A1 8945 F0 mov dword ptr ss:[ebp-0x10],eax
0053E8A4 8B55 F0 mov edx,dword ptr ss:[ebp-0x10]
0053E8A7 3B55 FC cmp edx,dword ptr ss:[ebp-0x4]
0053E8AA 7E 16 jle XSango3.0053E8C2
0053E8AC 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E8AF 8B4D EC mov ecx,dword ptr ss:[ebp-0x14]
0053E8B2 8B9481 10010000 mov edx,dword ptr ds:[ecx+eax*4+0x110]
0053E8B9 8955 F4 mov dword ptr ss:[ebp-0xC],edx
0053E8BC 8B45 F0 mov eax,dword ptr ss:[ebp-0x10]
0053E8BF 8945 FC mov dword ptr ss:[ebp-0x4],eax
0053E8C2 ^ EB AC jmp XSango3.0053E870
0053E8C4 8B4D 08 mov ecx,dword ptr ss:[ebp+0x8]
0053E8C7 8B55 FC mov edx,dword ptr ss:[ebp-0x4]
0053E8CA 8911 mov dword ptr ds:[ecx],edx
0053E8CC 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
0053E8CF 8BE5 mov esp,ebp
0053E8D1 5D pop ebp
0053E8D2 C2 0400 retn 0x4
0053E8E0 55 push ebp ; 带兵修改14
0053E8E1 8BEC mov ebp,esp
0053E8E3 83EC 08 sub esp,0x8
0053E8E6 894D F8 mov dword ptr ss:[ebp-0x8],ecx
0053E8E9 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0053E8F0 EB 09 jmp XSango3.0053E8FB
0053E8F2 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E8F5 83C0 01 add eax,0x1
0053E8F8 8945 FC mov dword ptr ss:[ebp-0x4],eax
0053E8FB 837D FC 7D cmp dword ptr ss:[ebp-0x4],0x7D
0053E8FF 7D 28 jge XSango3.0053E929
0053E901 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E904 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E907 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E90F 74 16 je XSango3.0053E927
0053E911 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E914 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E917 8B9481 10010000 mov edx,dword ptr ds:[ecx+eax*4+0x110]
0053E91E 3B55 08 cmp edx,dword ptr ss:[ebp+0x8]
0053E921 75 04 jnz XSango3.0053E927
0053E923 B0 01 mov al,0x1
0053E925 EB 04 jmp XSango3.0053E92B
0053E927 ^ EB C9 jmp XSango3.0053E8F2
0053E929 32C0 xor al,al
0053E92B 8BE5 mov esp,ebp
0053E92D 5D pop ebp
0053E92E C2 0400 retn 0x4
0053E931 90 nop
0053E932 90 nop
0053E933 90 nop
0053E934 90 nop
0053E935 90 nop
0053E936 90 nop
0053E937 90 nop
0053E938 90 nop
0053E939 90 nop
0053E93A 90 nop
0053E93B 90 nop
0053E93C 90 nop
0053E93D 90 nop
0053E93E 90 nop
0053E93F 90 nop
0053E940 55 push ebp ; 带兵修改15
0053E941 8BEC mov ebp,esp
0053E943 83EC 14 sub esp,0x14
0053E946 894D F0 mov dword ptr ss:[ebp-0x10],ecx
0053E949 8B45 08 mov eax,dword ptr ss:[ebp+0x8]
0053E94C 8945 FC mov dword ptr ss:[ebp-0x4],eax
0053E94F 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E952 8B55 F0 mov edx,dword ptr ss:[ebp-0x10]
0053E955 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E95D 74 5A je XSango3.0053E9B9
0053E95F 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E962 8B4D F0 mov ecx,dword ptr ss:[ebp-0x10]
0053E965 8B9481 10010000 mov edx,dword ptr ds:[ecx+eax*4+0x110]
0053E96C 8955 F4 mov dword ptr ss:[ebp-0xC],edx
0053E96F 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
0053E972 8945 F8 mov dword ptr ss:[ebp-0x8],eax
0053E975 837D F8 00 cmp dword ptr ss:[ebp-0x8],0x0
0053E979 74 11 je XSango3.0053E98C
0053E97B 6A 01 push 0x1
0053E97D 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E980 8B11 mov edx,dword ptr ds:[ecx]
0053E982 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E985 FF12 call dword ptr ds:[edx]
0053E987 8945 EC mov dword ptr ss:[ebp-0x14],eax
0053E98A EB 07 jmp XSango3.0053E993
0053E98C C745 EC 0000000>mov dword ptr ss:[ebp-0x14],0x0
0053E993 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E996 8B4D F0 mov ecx,dword ptr ss:[ebp-0x10]
0053E999 C78481 10010000>mov dword ptr ds:[ecx+eax*4+0x110],0x0
0053E9A4 8B55 F0 mov edx,dword ptr ss:[ebp-0x10]
0053E9A7 8B82 00010000 mov eax,dword ptr ds:[edx+0x100]
0053E9AD 83E8 01 sub eax,0x1
0053E9B0 8B4D F0 mov ecx,dword ptr ss:[ebp-0x10]
0053E9B3 8981 00010000 mov dword ptr ds:[ecx+0x100],eax
0053E9B9 8BE5 mov esp,ebp
0053E9BB 5D pop ebp
0053E9BC C2 0400 retn 0x4
0053E9BF 90 nop
为了方便大家分析,我分两部分写出。
【第一部分】,这部分之中涉及到的跳转目的函数,会在第二部分给出代码,玩家只需要按照形式调用自己的地址就可。
1、00434F8E push 0x10C --》 push 0x310 修改申请内存大小
2、004368B9 push 0xC8 --> jmp 0053E400 初始化士兵单元指针数组
3、00435120 cmp eax,0x32 --》cmp eax,0x7d rank士兵分配
4、004366E3 cmp [local.5],0x32--》 jmp 0053E420 士兵访问1
5、00436A7F cmp dword ptr ss:[ebp-0x10],0x32 --》jmp 0053E440 士兵访问2
6、00436D39 cmp [local.4],0x32 --》jmp 0053E480 士兵访问3
7、00436DD2 cmp dword ptr ss:[ebp-0x14],0x32 --> jmp Sango3.0053E4C0 士兵访问4
8、00436E1C cmp [local.9],0x32 -->jmp 0053E500 士兵访问5
9、00436ED1 mov eax,[local.12]--->jmp 0053E530 士兵访问6
10、0043568E call Sango3.00436F32--》call 0053E550 士兵访问7(函数替换)
11、00435752 call Sango3.00436F83--》call 0053E5C0 士兵访问8(函数替换)
12、00437709 cmp [local.2],0x32 --》jmp 0053E630 士兵访问9
13 0043610E call Sango3.00437A5C-->call 0053E680 士兵访问10函数替换
14、00437C65 push ebp--->jmp 0053E6E0 士兵访问11
15、00437DAC push ebp--->jmp 0053E770 士兵访问12
16、00437FC0 push ebp--->jmp 0053E850 士兵访问13
17、00438910 push ebp--->jmp 0053E8E0 士兵访问14
18、00437CE5 push ebp--->jmp 0053E940 士兵访问15
【第二部分】
0053E400 68 F4010000 push 0x1F4 ; 初始化004fc320士兵类
0053E405 6A 00 push 0x0
0053E407 8B55 F4 mov edx,dword ptr ss:[ebp-0xC]
0053E40A 81C2 10010000 add edx,0x110
0053E410 52 push edx
0053E411 - E9 B184EFFF jmp Sango3.004368C7
0053E416 90 nop
0053E417 90 nop
0053E418 90 nop
0053E419 90 nop
0053E41A 90 nop
0053E41B 90 nop
0053E41C 90 nop
0053E41D 90 nop
0053E41E 90 nop
0053E41F 90 nop
0053E420 837D EC 7D cmp dword ptr ss:[ebp-0x14],0x7D ; 带兵修改1
0053E424 - 0F8D FB82EFFF jge Sango3.00436725
0053E42A 8B4D EC mov ecx,dword ptr ss:[ebp-0x14]
0053E42D 8B55 F0 mov edx,dword ptr ss:[ebp-0x10]
0053E430 8B848A 10010000 mov eax,dword ptr ds:[edx+ecx*4+0x110]
0053E437 - E9 B782EFFF jmp Sango3.004366F3
0053E43C 90 nop
0053E43D 90 nop
0053E43E 90 nop
0053E43F 90 nop
0053E440 837D F0 7D cmp dword ptr ss:[ebp-0x10],0x7D ; 带兵修改2
0053E444 - 0F8D 6E86EFFF jge Sango3.00436AB8
0053E44A 8B45 F0 mov eax,dword ptr ss:[ebp-0x10]
0053E44D 8B4D D4 mov ecx,dword ptr ss:[ebp-0x2C]
0053E450 83BC81 10010000>cmp dword ptr ds:[ecx+eax*4+0x110],0x0
0053E458 - 0F85 5886EFFF jnz Sango3.00436AB6
0053E45E 8B55 F0 mov edx,dword ptr ss:[ebp-0x10]
0053E461 8B45 D4 mov eax,dword ptr ss:[ebp-0x2C]
0053E464 8B4D EC mov ecx,dword ptr ss:[ebp-0x14]
0053E467 898C90 10010000 mov dword ptr ds:[eax+edx*4+0x110],ecx
0053E46E - E9 2C86EFFF jmp Sango3.00436A9F
0053E473 90 nop
0053E480 837D F0 7D cmp dword ptr ss:[ebp-0x10],0x7D ; 带兵修改3
0053E484 - 0F8D D788EFFF jge Sango3.00436D61
0053E48A 8B4D F0 mov ecx,dword ptr ss:[ebp-0x10]
0053E48D 8B55 D0 mov edx,dword ptr ss:[ebp-0x30]
0053E490 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E498 74 16 je XSango3.0053E4B0
0053E49A 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
0053E49D 50 push eax
0053E49E 8B4D F0 mov ecx,dword ptr ss:[ebp-0x10]
0053E4A1 8B55 D0 mov edx,dword ptr ss:[ebp-0x30]
0053E4A4 8B8C8A 10010000 mov ecx,dword ptr ds:[edx+ecx*4+0x110]
0053E4AB E8 503CF5FF call Sango3.00492100
0053E4B0 - E9 7B88EFFF jmp Sango3.00436D30
0053E4B5 90 nop
0053E4B6 90 nop
0053E4B7 90 nop
0053E4B8 90 nop
0053E4B9 90 nop
0053E4BA 90 nop
0053E4BB 90 nop
0053E4BC 90 nop
0053E4BD 90 nop
0053E4BE 90 nop
0053E4BF 90 nop
0053E4C0 837D EC 7D cmp dword ptr ss:[ebp-0x14],0x7D ; 带兵修改4
0053E4C4 - 0F8D 3089EFFF jge Sango3.00436DFA
0053E4CA 8B4D EC mov ecx,dword ptr ss:[ebp-0x14]
0053E4CD 8B55 D0 mov edx,dword ptr ss:[ebp-0x30]
0053E4D0 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E4D8 74 16 je XSango3.0053E4F0
0053E4DA 8B45 E8 mov eax,dword ptr ss:[ebp-0x18]
0053E4DD 50 push eax
0053E4DE 8B4D EC mov ecx,dword ptr ss:[ebp-0x14]
0053E4E1 8B55 D0 mov edx,dword ptr ss:[ebp-0x30]
0053E4E4 8B8C8A 10010000 mov ecx,dword ptr ds:[edx+ecx*4+0x110]
0053E4EB E8 103CF5FF call Sango3.00492100
0053E4F0 - E9 D488EFFF jmp Sango3.00436DC9
0053E4F5 90 nop
0053E4F6 90 nop
0053E4F7 90 nop
0053E4F8 90 nop
0053E4F9 90 nop
0053E4FA 90 nop
0053E4FB 90 nop
0053E4FC 90 nop
0053E4FD 90 nop
0053E4FE 90 nop
0053E4FF 90 nop
0053E500 837D DC 7D cmp dword ptr ss:[ebp-0x24],0x7D ; 带兵修改5
0053E504 - 0F8D E189EFFF jge Sango3.00436EEB
0053E50A 8B4D DC mov ecx,dword ptr ss:[ebp-0x24]
0053E50D 8B55 D0 mov edx,dword ptr ss:[ebp-0x30]
0053E510 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E518 - E9 1489EFFF jmp Sango3.00436E31
0053E51D 90 nop
0053E530 8B45 D0 mov eax,dword ptr ss:[ebp-0x30] ; 带兵修改6
0053E533 8B8C90 10010000 mov ecx,dword ptr ds:[eax+edx*4+0x110]
0053E53A - E9 9989EFFF jmp Sango3.00436ED8
0053E53F 90 nop
0053E540 90 nop
0053E541 90 nop
0053E542 90 nop
0053E543 90 nop
0053E544 90 nop
0053E545 90 nop
0053E546 90 nop
0053E547 90 nop
0053E548 90 nop
0053E549 90 nop
0053E54A 90 nop
0053E54B 90 nop
0053E54C 90 nop
0053E54D 90 nop
0053E54E 90 nop
0053E54F 90 nop
0053E550 55 push ebp ; 带兵修改7
0053E551 8BEC mov ebp,esp
0053E553 83EC 08 sub esp,0x8
0053E556 894D F8 mov dword ptr ss:[ebp-0x8],ecx
0053E559 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0053E560 EB 09 jmp XSango3.0053E56B
0053E562 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E565 83C0 01 add eax,0x1
0053E568 8945 FC mov dword ptr ss:[ebp-0x4],eax
0053E56B 837D FC 7D cmp dword ptr ss:[ebp-0x4],0x7D
0053E56F 7D 35 jge XSango3.0053E5A6
0053E571 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E574 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E577 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E57F 74 23 je XSango3.0053E5A4
0053E581 6A 00 push 0x0
0053E583 6A 00 push 0x0
0053E585 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E588 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E58B 8B8C81 10010000 mov ecx,dword ptr ds:[ecx+eax*4+0x110]
0053E592 8B55 FC mov edx,dword ptr ss:[ebp-0x4]
0053E595 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E598 8B9490 10010000 mov edx,dword ptr ds:[eax+edx*4+0x110]
0053E59F 8B02 mov eax,dword ptr ds:[edx]
0053E5A1 FF50 0C call dword ptr ds:[eax+0xC]
0053E5A4 ^ EB BC jmp XSango3.0053E562
0053E5A6 8BE5 mov esp,ebp
0053E5A8 5D pop ebp
0053E5A9 C3 retn
0053E5C0 55 push ebp ; 带兵修改8
0053E5C1 8BEC mov ebp,esp
0053E5C3 83EC 08 sub esp,0x8
0053E5C6 894D F8 mov dword ptr ss:[ebp-0x8],ecx
0053E5C9 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E5CC C780 D8000000 0>mov dword ptr ds:[eax+0xD8],0x3
0053E5D6 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0053E5DD EB 09 jmp XSango3.0053E5E8
0053E5DF 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E5E2 83C1 01 add ecx,0x1
0053E5E5 894D FC mov dword ptr ss:[ebp-0x4],ecx
0053E5E8 837D FC 7D cmp dword ptr ss:[ebp-0x4],0x7D
0053E5EC 7D 31 jge XSango3.0053E61F
0053E5EE 8B55 FC mov edx,dword ptr ss:[ebp-0x4]
0053E5F1 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E5F4 83BC90 10010000>cmp dword ptr ds:[eax+edx*4+0x110],0x0
0053E5FC 74 1F je XSango3.0053E61D
0053E5FE 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E601 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E604 8B8C8A 10010000 mov ecx,dword ptr ds:[edx+ecx*4+0x110]
0053E60B 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E60E 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E611 8B8482 10010000 mov eax,dword ptr ds:[edx+eax*4+0x110]
0053E618 8B10 mov edx,dword ptr ds:[eax]
0053E61A FF52 44 call dword ptr ds:[edx+0x44]
0053E61D ^ EB C0 jmp XSango3.0053E5DF
0053E61F 8BE5 mov esp,ebp
0053E621 5D pop ebp
0053E622 C3 retn
0053E623 90 nop
0053E624 90 nop
0053E625 90 nop
0053E626 90 nop
0053E627 90 nop
0053E628 90 nop
0053E629 90 nop
0053E62A 90 nop
0053E62B 90 nop
0053E62C 90 nop
0053E62D 90 nop
0053E62E 90 nop
0053E62F 90 nop
0053E630 837D F8 7D cmp dword ptr ss:[ebp-0x8],0x7D ; 带兵修改9
0053E634 - 0F8D 0291EFFF jge Sango3.0043773C
0053E63A 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E63D 8B4D F4 mov ecx,dword ptr ss:[ebp-0xC]
0053E640 83BC81 10010000>cmp dword ptr ds:[ecx+eax*4+0x110],0x0
0053E648 74 24 je XSango3.0053E66E
0053E64A 837D 08 00 cmp dword ptr ss:[ebp+0x8],0x0
0053E64E 75 15 jnz XSango3.0053E665
0053E650 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E653 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
0053E656 8B8C90 10010000 mov ecx,dword ptr ds:[eax+edx*4+0x110]
0053E65D 894D FC mov dword ptr ss:[ebp-0x4],ecx
0053E660 - E9 D790EFFF jmp Sango3.0043773C
0053E665 8B55 08 mov edx,dword ptr ss:[ebp+0x8]
0053E668 83EA 01 sub edx,0x1
0053E66B 8955 08 mov dword ptr ss:[ebp+0x8],edx
0053E66E - E9 8D90EFFF jmp Sango3.00437700
0053E673 90 nop
0053E680 55 push ebp ; 带兵修改10
0053E681 8BEC mov ebp,esp
0053E683 83EC 08 sub esp,0x8
0053E686 894D F8 mov dword ptr ss:[ebp-0x8],ecx
0053E689 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0053E690 EB 09 jmp XSango3.0053E69B
0053E692 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E695 83C0 01 add eax,0x1
0053E698 8945 FC mov dword ptr ss:[ebp-0x4],eax
0053E69B 837D FC 7D cmp dword ptr ss:[ebp-0x4],0x7D
0053E69F 7D 35 jge XSango3.0053E6D6
0053E6A1 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E6A4 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E6A7 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E6AF 74 23 je XSango3.0053E6D4
0053E6B1 8A45 08 mov al,byte ptr ss:[ebp+0x8]
0053E6B4 50 push eax
0053E6B5 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E6B8 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E6BB 8B8C8A 10010000 mov ecx,dword ptr ds:[edx+ecx*4+0x110]
0053E6C2 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E6C5 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E6C8 8B8482 10010000 mov eax,dword ptr ds:[edx+eax*4+0x110]
0053E6CF 8B10 mov edx,dword ptr ds:[eax]
0053E6D1 FF52 14 call dword ptr ds:[edx+0x14]
0053E6D4 ^ EB BC jmp XSango3.0053E692
0053E6D6 8BE5 mov esp,ebp
0053E6D8 5D pop ebp
0053E6D9 C2 0400 retn 0x4
0053E6DC 90 nop
0053E6DD 90 nop
0053E6DE 90 nop
0053E6DF 90 nop
0053E6E0 55 push ebp ; 带兵修改11
0053E6E1 8BEC mov ebp,esp
0053E6E3 83EC 14 sub esp,0x14
0053E6E6 894D F0 mov dword ptr ss:[ebp-0x10],ecx
0053E6E9 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0053E6F0 EB 09 jmp XSango3.0053E6FB
0053E6F2 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E6F5 83C0 01 add eax,0x1
0053E6F8 8945 FC mov dword ptr ss:[ebp-0x4],eax
0053E6FB 837D FC 7D cmp dword ptr ss:[ebp-0x4],0x7D
0053E6FF 7D 57 jge XSango3.0053E758
0053E701 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E704 8B55 F0 mov edx,dword ptr ss:[ebp-0x10]
0053E707 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E70F 74 45 je XSango3.0053E756
0053E711 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E714 8B4D F0 mov ecx,dword ptr ss:[ebp-0x10]
0053E717 8B9481 10010000 mov edx,dword ptr ds:[ecx+eax*4+0x110]
0053E71E 8955 F4 mov dword ptr ss:[ebp-0xC],edx
0053E721 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
0053E724 8945 F8 mov dword ptr ss:[ebp-0x8],eax
0053E727 837D F8 00 cmp dword ptr ss:[ebp-0x8],0x0
0053E72B 74 11 je XSango3.0053E73E
0053E72D 6A 01 push 0x1
0053E72F 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E732 8B11 mov edx,dword ptr ds:[ecx]
0053E734 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E737 FF12 call dword ptr ds:[edx]
0053E739 8945 EC mov dword ptr ss:[ebp-0x14],eax
0053E73C EB 07 jmp XSango3.0053E745
0053E73E C745 EC 0000000>mov dword ptr ss:[ebp-0x14],0x0
0053E745 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E748 8B4D F0 mov ecx,dword ptr ss:[ebp-0x10]
0053E74B C78481 10010000>mov dword ptr ds:[ecx+eax*4+0x110],0x0
0053E756 ^ EB 9A jmp XSango3.0053E6F2
0053E758 8B55 F0 mov edx,dword ptr ss:[ebp-0x10]
0053E75B C782 00010000 0>mov dword ptr ds:[edx+0x100],0x0
0053E765 8BE5 mov esp,ebp
0053E767 5D pop ebp
0053E768 C3 retn
0053E770 55 push ebp ; 带兵修改12
0053E771 8BEC mov ebp,esp
0053E773 83EC 08 sub esp,0x8
0053E776 894D F8 mov dword ptr ss:[ebp-0x8],ecx
0053E779 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E77C 83B8 00010000 0>cmp dword ptr ds:[eax+0x100],0x0
0053E783 7F 05 jg XSango3.0053E78A
0053E785 E9 B0000000 jmp Sango3.0053E83A
0053E78A 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E78D 83B9 D8000000 0>cmp dword ptr ds:[ecx+0xD8],0x2
0053E794 75 08 jnz XSango3.0053E79E
0053E796 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E799 E8 1A85EFFF call Sango3.00436CB8
0053E79E C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0053E7A5 EB 09 jmp XSango3.0053E7B0
0053E7A7 8B55 FC mov edx,dword ptr ss:[ebp-0x4]
0053E7AA 83C2 01 add edx,0x1
0053E7AD 8955 FC mov dword ptr ss:[ebp-0x4],edx
0053E7B0 837D FC 7D cmp dword ptr ss:[ebp-0x4],0x7D
0053E7B4 7D 31 jge XSango3.0053E7E7
0053E7B6 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E7B9 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E7BC 83BC81 10010000>cmp dword ptr ds:[ecx+eax*4+0x110],0x0
0053E7C4 74 1F je XSango3.0053E7E5
0053E7C6 8B55 FC mov edx,dword ptr ss:[ebp-0x4]
0053E7C9 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E7CC 8B8C90 10010000 mov ecx,dword ptr ds:[eax+edx*4+0x110]
0053E7D3 8B55 FC mov edx,dword ptr ss:[ebp-0x4]
0053E7D6 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E7D9 8B9490 10010000 mov edx,dword ptr ds:[eax+edx*4+0x110]
0053E7E0 8B02 mov eax,dword ptr ds:[edx]
0053E7E2 FF50 24 call dword ptr ds:[eax+0x24]
0053E7E5 ^ EB C0 jmp XSango3.0053E7A7
0053E7E7 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0053E7EE EB 09 jmp XSango3.0053E7F9
0053E7F0 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E7F3 83C1 01 add ecx,0x1
0053E7F6 894D FC mov dword ptr ss:[ebp-0x4],ecx
0053E7F9 837D FC 7D cmp dword ptr ss:[ebp-0x4],0x7D
0053E7FD 7D 3B jge XSango3.0053E83A
0053E7FF 8B55 FC mov edx,dword ptr ss:[ebp-0x4]
0053E802 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E805 83BC90 10010000>cmp dword ptr ds:[eax+edx*4+0x110],0x0
0053E80D 74 29 je XSango3.0053E838
0053E80F 6A 12 push 0x12
0053E811 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E814 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E817 8B8C8A 10010000 mov ecx,dword ptr ds:[edx+ecx*4+0x110]
0053E81E E8 5ECCF0FF call <Sango3.判断标志位状态>
0053E823 25 FF000000 and eax,0xFF
0053E828 85C0 test eax,eax
0053E82A 74 0C je XSango3.0053E838
0053E82C 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E82F 50 push eax
0053E830 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E833 E8 AD94EFFF call Sango3.00437CE5
0053E838 ^ EB B6 jmp XSango3.0053E7F0
0053E83A 8BE5 mov esp,ebp
0053E83C 5D pop ebp
0053E83D C3 retn
0053E83E 90 nop
0053E850 55 push ebp ; 带兵修改13
0053E851 8BEC mov ebp,esp
0053E853 83EC 14 sub esp,0x14
0053E856 894D EC mov dword ptr ss:[ebp-0x14],ecx
0053E859 C745 F4 0000000>mov dword ptr ss:[ebp-0xC],0x0
0053E860 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0053E867 C745 F8 0000000>mov dword ptr ss:[ebp-0x8],0x0
0053E86E EB 09 jmp XSango3.0053E879
0053E870 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E873 83C0 01 add eax,0x1
0053E876 8945 F8 mov dword ptr ss:[ebp-0x8],eax
0053E879 837D F8 7D cmp dword ptr ss:[ebp-0x8],0x7D
0053E87D 7D 45 jge XSango3.0053E8C4
0053E87F 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E882 8B55 EC mov edx,dword ptr ss:[ebp-0x14]
0053E885 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E88D 74 33 je XSango3.0053E8C2
0053E88F 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E892 8B4D EC mov ecx,dword ptr ss:[ebp-0x14]
0053E895 8B8C81 10010000 mov ecx,dword ptr ds:[ecx+eax*4+0x110]
0053E89C E8 CF93F0FF call Sango3.00447C70
0053E8A1 8945 F0 mov dword ptr ss:[ebp-0x10],eax
0053E8A4 8B55 F0 mov edx,dword ptr ss:[ebp-0x10]
0053E8A7 3B55 FC cmp edx,dword ptr ss:[ebp-0x4]
0053E8AA 7E 16 jle XSango3.0053E8C2
0053E8AC 8B45 F8 mov eax,dword ptr ss:[ebp-0x8]
0053E8AF 8B4D EC mov ecx,dword ptr ss:[ebp-0x14]
0053E8B2 8B9481 10010000 mov edx,dword ptr ds:[ecx+eax*4+0x110]
0053E8B9 8955 F4 mov dword ptr ss:[ebp-0xC],edx
0053E8BC 8B45 F0 mov eax,dword ptr ss:[ebp-0x10]
0053E8BF 8945 FC mov dword ptr ss:[ebp-0x4],eax
0053E8C2 ^ EB AC jmp XSango3.0053E870
0053E8C4 8B4D 08 mov ecx,dword ptr ss:[ebp+0x8]
0053E8C7 8B55 FC mov edx,dword ptr ss:[ebp-0x4]
0053E8CA 8911 mov dword ptr ds:[ecx],edx
0053E8CC 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
0053E8CF 8BE5 mov esp,ebp
0053E8D1 5D pop ebp
0053E8D2 C2 0400 retn 0x4
0053E8E0 55 push ebp ; 带兵修改14
0053E8E1 8BEC mov ebp,esp
0053E8E3 83EC 08 sub esp,0x8
0053E8E6 894D F8 mov dword ptr ss:[ebp-0x8],ecx
0053E8E9 C745 FC 0000000>mov dword ptr ss:[ebp-0x4],0x0
0053E8F0 EB 09 jmp XSango3.0053E8FB
0053E8F2 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E8F5 83C0 01 add eax,0x1
0053E8F8 8945 FC mov dword ptr ss:[ebp-0x4],eax
0053E8FB 837D FC 7D cmp dword ptr ss:[ebp-0x4],0x7D
0053E8FF 7D 28 jge XSango3.0053E929
0053E901 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E904 8B55 F8 mov edx,dword ptr ss:[ebp-0x8]
0053E907 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E90F 74 16 je XSango3.0053E927
0053E911 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E914 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E917 8B9481 10010000 mov edx,dword ptr ds:[ecx+eax*4+0x110]
0053E91E 3B55 08 cmp edx,dword ptr ss:[ebp+0x8]
0053E921 75 04 jnz XSango3.0053E927
0053E923 B0 01 mov al,0x1
0053E925 EB 04 jmp XSango3.0053E92B
0053E927 ^ EB C9 jmp XSango3.0053E8F2
0053E929 32C0 xor al,al
0053E92B 8BE5 mov esp,ebp
0053E92D 5D pop ebp
0053E92E C2 0400 retn 0x4
0053E931 90 nop
0053E932 90 nop
0053E933 90 nop
0053E934 90 nop
0053E935 90 nop
0053E936 90 nop
0053E937 90 nop
0053E938 90 nop
0053E939 90 nop
0053E93A 90 nop
0053E93B 90 nop
0053E93C 90 nop
0053E93D 90 nop
0053E93E 90 nop
0053E93F 90 nop
0053E940 55 push ebp ; 带兵修改15
0053E941 8BEC mov ebp,esp
0053E943 83EC 14 sub esp,0x14
0053E946 894D F0 mov dword ptr ss:[ebp-0x10],ecx
0053E949 8B45 08 mov eax,dword ptr ss:[ebp+0x8]
0053E94C 8945 FC mov dword ptr ss:[ebp-0x4],eax
0053E94F 8B4D FC mov ecx,dword ptr ss:[ebp-0x4]
0053E952 8B55 F0 mov edx,dword ptr ss:[ebp-0x10]
0053E955 83BC8A 10010000>cmp dword ptr ds:[edx+ecx*4+0x110],0x0
0053E95D 74 5A je XSango3.0053E9B9
0053E95F 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E962 8B4D F0 mov ecx,dword ptr ss:[ebp-0x10]
0053E965 8B9481 10010000 mov edx,dword ptr ds:[ecx+eax*4+0x110]
0053E96C 8955 F4 mov dword ptr ss:[ebp-0xC],edx
0053E96F 8B45 F4 mov eax,dword ptr ss:[ebp-0xC]
0053E972 8945 F8 mov dword ptr ss:[ebp-0x8],eax
0053E975 837D F8 00 cmp dword ptr ss:[ebp-0x8],0x0
0053E979 74 11 je XSango3.0053E98C
0053E97B 6A 01 push 0x1
0053E97D 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E980 8B11 mov edx,dword ptr ds:[ecx]
0053E982 8B4D F8 mov ecx,dword ptr ss:[ebp-0x8]
0053E985 FF12 call dword ptr ds:[edx]
0053E987 8945 EC mov dword ptr ss:[ebp-0x14],eax
0053E98A EB 07 jmp XSango3.0053E993
0053E98C C745 EC 0000000>mov dword ptr ss:[ebp-0x14],0x0
0053E993 8B45 FC mov eax,dword ptr ss:[ebp-0x4]
0053E996 8B4D F0 mov ecx,dword ptr ss:[ebp-0x10]
0053E999 C78481 10010000>mov dword ptr ds:[ecx+eax*4+0x110],0x0
0053E9A4 8B55 F0 mov edx,dword ptr ss:[ebp-0x10]
0053E9A7 8B82 00010000 mov eax,dword ptr ds:[edx+0x100]
0053E9AD 83E8 01 sub eax,0x1
0053E9B0 8B4D F0 mov ecx,dword ptr ss:[ebp-0x10]
0053E9B3 8981 00010000 mov dword ptr ds:[ecx+0x100],eax
0053E9B9 8BE5 mov esp,ebp
0053E9BB 5D pop ebp
0053E9BC C2 0400 retn 0x4
0053E9BF 90 nop
