技能 2A4
HP 3BC
MP 3D0
TYPE异常 3F8
无敌霸体 414
怪物 424
人偶 440
BUFF 460
[ENABLE]
aobscanmodule(wupin,dnf.exe,8B B8 7C 04 00 00) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov ecx,[1AB7CDC]//人物基址
mov ecx,[ecx+52F4] //物品栏1级偏移
mov ecx,[ecx+38]//物品栏2级偏移
mov ecx,[ecx+c]//物品栏位置1
cmp ecx,esi
jne @f
mov [01800000],eax//物品基址写入01800000
mov edi,[eax+0000047C]
jmp return
@@://其他物品返回原代码
mov edi,[eax+0000047C]
jmp return
wupin:
jmp newmem
nop
return:
registersymbol(wupin)
[DISABLE]
wupin:
db 8B B8 7C 04 00 00
unregistersymbol(wupin)
dealloc(newmem)
材料技能
[ENABLE]
aobscanmodule(wupin,dnf.exe,8B B8 7C 04 00 00) // should be unique
alloc(newmem,$1000)
alloc(JN,$1000)
label(code)
label(return)
newmem:
code:
mov ecx,[1AB7CDC]//人物基址
mov ecx,[ecx+52F4] //物品栏1级偏移
mov ecx,[ecx+38]//物品栏2级偏移
mov ecx,[ecx+c]//物品栏位置1
cmp ecx,esi//对比物品
jne @f//1号物品
mov [eax+2A4],JN//技能地址
mov [eax+2A8],JN+1000//技能地址+1000
//mov edi,[eax+0000047C]
jmp return
@@://其他物品返回原代码
mov edi,[eax+0000047C]
jmp return
JN://技能地址
dd #20022//技能代码
dd #1
wupin:
jmp newmem
nop
return:
registersymbol(wupin)
[DISABLE]
wupin:
db 8B B8 7C 04 00 00
unregistersymbol(wupin)
dealloc(newmem)
dealloc(jn)
原汇编
{
// ORIGINAL CODE - INJECTION POINT: dnf.exe+3AB8EE
dnf.exe+3AB8CE: 8B 06 - mov eax,[esi]
dnf.exe+3AB8D0: 8B 90 F0 00 00 00 - mov edx,[eax+000000F0]
dnf.exe+3AB8D6: 8B CE - mov ecx,esi
dnf.exe+3AB8D8: FF D2 - call edx
dnf.exe+3AB8DA: 85 C0 - test eax,eax
dnf.exe+3AB8DC: 0F 84 E1 00 00 00 - je dnf.exe+3AB9C3
dnf.exe+3AB8E2: 8B 06 - mov eax,[esi]
dnf.exe+3AB8E4: 8B 90 F0 00 00 00 - mov edx,[eax+000000F0]
dnf.exe+3AB8EA: 8B CE - mov ecx,esi
dnf.exe+3AB8EC: FF D2 - call edx
// ---------- INJECTING HERE ----------
dnf.exe+3AB8EE: 8B B8 7C 04 00 00 - mov edi,[eax+0000047C]
// ---------- DONE INJECTING ----------
dnf.exe+3AB8F4: 8B 46 60 - mov eax,[esi+60]
dnf.exe+3AB8F7: 85 C0 - test eax,eax
dnf.exe+3AB8F9: 0F 84 9C 00 00 00 - je dnf.exe+3AB99B
dnf.exe+3AB8FF: 8B 0D 88 D9 A3 01 - mov ecx,[dnf.exe+163D988]
dnf.exe+3AB905: 80 B9 D1 01 00 00 00 - cmp byte ptr [ecx+000001D1],00
dnf.exe+3AB90C: 74 5F - je dnf.exe+3AB96D
dnf.exe+3AB90E: 50 - push eax
dnf.exe+3AB90F: E8 7C AC DB FF - call dnf.exe+166590
dnf.exe+3AB914: 84 C0 - test al,al
dnf.exe+3AB916: 74 55 - je dnf.exe+3AB96D
}
HP 3BC
MP 3D0
TYPE异常 3F8
无敌霸体 414
怪物 424
人偶 440
BUFF 460
[ENABLE]
aobscanmodule(wupin,dnf.exe,8B B8 7C 04 00 00) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov ecx,[1AB7CDC]//人物基址
mov ecx,[ecx+52F4] //物品栏1级偏移
mov ecx,[ecx+38]//物品栏2级偏移
mov ecx,[ecx+c]//物品栏位置1
cmp ecx,esi
jne @f
mov [01800000],eax//物品基址写入01800000
mov edi,[eax+0000047C]
jmp return
@@://其他物品返回原代码
mov edi,[eax+0000047C]
jmp return
wupin:
jmp newmem
nop
return:
registersymbol(wupin)
[DISABLE]
wupin:
db 8B B8 7C 04 00 00
unregistersymbol(wupin)
dealloc(newmem)
材料技能
[ENABLE]
aobscanmodule(wupin,dnf.exe,8B B8 7C 04 00 00) // should be unique
alloc(newmem,$1000)
alloc(JN,$1000)
label(code)
label(return)
newmem:
code:
mov ecx,[1AB7CDC]//人物基址
mov ecx,[ecx+52F4] //物品栏1级偏移
mov ecx,[ecx+38]//物品栏2级偏移
mov ecx,[ecx+c]//物品栏位置1
cmp ecx,esi//对比物品
jne @f//1号物品
mov [eax+2A4],JN//技能地址
mov [eax+2A8],JN+1000//技能地址+1000
//mov edi,[eax+0000047C]
jmp return
@@://其他物品返回原代码
mov edi,[eax+0000047C]
jmp return
JN://技能地址
dd #20022//技能代码
dd #1
wupin:
jmp newmem
nop
return:
registersymbol(wupin)
[DISABLE]
wupin:
db 8B B8 7C 04 00 00
unregistersymbol(wupin)
dealloc(newmem)
dealloc(jn)
原汇编
{
// ORIGINAL CODE - INJECTION POINT: dnf.exe+3AB8EE
dnf.exe+3AB8CE: 8B 06 - mov eax,[esi]
dnf.exe+3AB8D0: 8B 90 F0 00 00 00 - mov edx,[eax+000000F0]
dnf.exe+3AB8D6: 8B CE - mov ecx,esi
dnf.exe+3AB8D8: FF D2 - call edx
dnf.exe+3AB8DA: 85 C0 - test eax,eax
dnf.exe+3AB8DC: 0F 84 E1 00 00 00 - je dnf.exe+3AB9C3
dnf.exe+3AB8E2: 8B 06 - mov eax,[esi]
dnf.exe+3AB8E4: 8B 90 F0 00 00 00 - mov edx,[eax+000000F0]
dnf.exe+3AB8EA: 8B CE - mov ecx,esi
dnf.exe+3AB8EC: FF D2 - call edx
// ---------- INJECTING HERE ----------
dnf.exe+3AB8EE: 8B B8 7C 04 00 00 - mov edi,[eax+0000047C]
// ---------- DONE INJECTING ----------
dnf.exe+3AB8F4: 8B 46 60 - mov eax,[esi+60]
dnf.exe+3AB8F7: 85 C0 - test eax,eax
dnf.exe+3AB8F9: 0F 84 9C 00 00 00 - je dnf.exe+3AB99B
dnf.exe+3AB8FF: 8B 0D 88 D9 A3 01 - mov ecx,[dnf.exe+163D988]
dnf.exe+3AB905: 80 B9 D1 01 00 00 00 - cmp byte ptr [ecx+000001D1],00
dnf.exe+3AB90C: 74 5F - je dnf.exe+3AB96D
dnf.exe+3AB90E: 50 - push eax
dnf.exe+3AB90F: E8 7C AC DB FF - call dnf.exe+166590
dnf.exe+3AB914: 84 C0 - test al,al
dnf.exe+3AB916: 74 55 - je dnf.exe+3AB96D
}
