热点推荐

小喇叭+ 发布

01-16 02:17
01-16 02:04
01-13 17:30
查看: 898|回复: 0

[脚本示例] 飞到任意在线玩家身边的GM命令(汇编)+UE改法

[复制链接]
avatar

签到天数: 350 天

[LV.8]以坛为家I

7651

主题

255

回帖

31万

积分

司徒主管

Rank: 20Rank: 20Rank: 20Rank: 20Rank: 20

UID
1
司徒币
260203
传世币
3000
元宝
0
在线时间
266 小时

最佳新人灌水之王

QQ
online_admin 发表于 2022-3-26 04:49:09 | 显示全部楼层 |阅读模式
我偷懒,将原来的GM命令"测试金币变化"废掉了,换成了这个

* 很可能是 字符串数据 Ref from Code Obj ->"飞到"
|
:004D440C BA14624D00 mov edx, 004D6214
:004D4411 E82A49F3FF call 00408D40
:004D4416 0F8599000000 jne 004D44B5
:004D441C E8C5B90300 call 0050FDE6
:004D4421 E98F000000 jmp 004D44B5
:004D4426 90 nop



|:004D441C
|
:0050FDE6 A190A44E00 mov eax, dword ptr [004EA490] ====== 0x10a1e6  织梦好,好织梦
:0050FDEB 8B00 mov eax, dword ptr [eax]
:0050FDED 8B55EC mov edx, dword ptr [ebp-14]
:0050FDF0 E84BE8F9FF call 004AE640
:0050FDF5 8945D0 mov dword ptr [ebp-30], eax
:0050FDF8 837DD000 cmp dword ptr [ebp-30], 00000000
:0050FDFC 7452 je 0050FE50
:0050FDFE 8D9528FFFFFF lea edx, dword ptr [ebp+FFFFFF28]
:0050FE04 8B45D0 mov eax, dword ptr [ebp-30]
:0050FE07 8B4028 mov eax, dword ptr [eax+28]
:0050FE0A E8B193EFFF call 004091C0 织梦好,好织梦

:0050FE0F 8B8528FFFFFF mov eax, dword ptr [ebp+FFFFFF28]
:0050FE15 50 push eax
:0050FE16 8D9524FFFFFF lea edx, dword ptr [ebp+FFFFFF24]
:0050FE1C 8B45D0 mov eax, dword ptr [ebp-30]
:0050FE1F 8B4024 mov eax, dword ptr [eax+24]
:0050FE22 E89993EFFF call 004091C0
:0050FE27 8B8524FFFFFF mov eax, dword ptr [ebp+FFFFFF24]
:0050FE2D 50 push eax
:0050FE2E 8D8520FFFFFF lea eax, dword ptr [ebp+FFFFFF20]
:0050FE34 8B55D0 mov edx, dword ptr [ebp-30] 本文来自织梦

:0050FE37 83C204 add edx, 00000004
:0050FE3A E83140EFFF call 00403E70
:0050FE3F 8B9520FFFFFF mov edx, dword ptr [ebp+FFFFFF20]
:0050FE45 8B45FC mov eax, dword ptr [ebp-04]
:0050FE48 59 pop ecx
:0050FE49 E876D2FAFF call 004BD0C4
:0050FE4E EB26 jmp 0050FE76

* 此处被引用自: a (U)无条件 跳转 or (C)某种条件的 跳转 at Address:
|:0050FDFC(C)
|
:0050FE50 8D851CFFFFFF lea eax, dword ptr [ebp+FFFFFF1C]

* 很可能是 字符串数据 Ref from Code Obj ->"此人现在不可查找" 织梦内容管理系统
|
:0050FE56 B924624D00 mov ecx, 004D6224
:0050FE5B 8B55EC mov edx, dword ptr [ebp-14]
:0050FE5E E8B540EFFF call 00403F18
:0050FE63 8B951CFFFFFF mov edx, dword ptr [ebp+FFFFFF1C]
:0050FE69 B901000000 mov ecx, 00000001
:0050FE6E 8B45FC mov eax, dword ptr [ebp-04]
:0050FE71 E8AEB2FAFF call 004BB124

* 此处被引用自: a (U)无条件 跳转 or (C)某种条件的 跳转 at Address:
|:0050FE4E(U)
|
:0050FE76 C3 ret 织梦好,好织梦


UE查找替换:

ctrl+g,输入0xd3809
查:
8B45F0BA14624D00E8C6FBF2FF0F8599000000BA28624D008D85B4FDFFFF
换:
8B45F0BA14624D00E82A49F3FF0F8599000000E8C5B90300E98F00000090


ctrl+g,输入0x10a1e6
查:
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

换:
A190A44E008B008B55ECE84BE8F9FF8945D0837DD00074528D9528FFFFFF8B45D08B4028E8B193EFFF8B8528FFFFFF508D9524FFFFFF8B45D08B4024E89993EFFF8B8524FFFFFF508D8520FFFFFF8B55D083C204E83140EFFF8B9520FFFFFF8B45FC59E876D2FAFFEB268D851CFFFFFFB924624D008B55ECE8B540EFFF8B951CFFFFFFB9010000008B45FCE8AEB2FAFFC3


ctrl+g,0xd5610
查:
0C000000B2E2CAD4BDF0C7AEB1E4BBAF00000000000000000B5BD6C6D4ECBDF0C7AE5D2001200000 本文来自织梦

换:
04000000B7C9B5BD00000000FFFFFFFF10000000B4CBC8CBCFD6D4DAB2BBBFC9B2E9D5D200000000

用法 : @飞到 玩家名
织梦内容管理系统
以下为BLUE修正 内容来自dedecms

* 很可能是 字符串数据 Ref from Code Obj ->"飞到"
|
:004D440C BA14624D00 mov edx, 004D6214
:004D4411 E82A49F3FF call 00408D40
:004D4416 0F8599000000 jne 004D44B5
:004D441C E8C5B90300 call 0050FDE6
:004D4421 E98F000000 jmp 004D44B5
:004D4426 90 nop


"[/ ===>
需要在这里插个验证:
cmp dword ptr [ebp-14], 00000000
JE "FALSE"


|:004D441C
|
:0050FDE6 A190A44E00 mov eax, dword ptr [004EA490] ====== 0x10a1e6
:0050FDEB 8B00 mov eax, dword ptr [eax]
:0050FDED 8B55EC mov edx, dword ptr [ebp-14] 内容来自dedecms
:0050FDF0 E84BE8F9FF call 004AE640
:0050FDF5 8945D0 mov dword ptr [ebp-30], eax
:0050FDF8 837DD000 cmp dword ptr [ebp-30], 00000000
:0050FDFC 7452 je 0050FE50
:0050FDFE 8D9528FFFFFF lea edx, dword ptr [ebp+FFFFFF28]
:0050FE04 8B45D0 mov eax, dword ptr [ebp-30]
:0050FE07 8B4028 mov eax, dword ptr [eax+28]
:0050FE0A E8B193EFFF call 004091C0
:0050FE0F 8B8528FFFFFF mov eax, dword ptr [ebp+FFFFFF28]
:0050FE15 50 push eax
:0050FE16 8D9524FFFFFF lea edx, dword ptr [ebp+FFFFFF24]
:0050FE1C 8B45D0 mov eax, dword ptr [ebp-30] copyright dedecms

:0050FE1F 8B4024 mov eax, dword ptr [eax+24]
:0050FE22 E89993EFFF call 004091C0
:0050FE27 8B8524FFFFFF mov eax, dword ptr [ebp+FFFFFF24]
:0050FE2D 50 push eax
:0050FE2E 8D8520FFFFFF lea eax, dword ptr [ebp+FFFFFF20]
:0050FE34 8B55D0 mov edx, dword ptr [ebp-30]
:0050FE37 83C204 add edx, 00000004
:0050FE3A E83140EFFF call 00403E70
:0050FE3F 8B9520FFFFFF mov edx, dword ptr [ebp+FFFFFF20]
:0050FE45 8B45FC mov eax, dword ptr [ebp-04]
:0050FE48 59 pop ecx
:0050FE49 E876D2FAFF call 004BD0C4 dedecms.com

:0050FE4E EB26 jmp 0050FE76 --- 注意这个跳转,错了~~:)

* 此处被引用自: a (U)无条件 跳转 or (C)某种条件的 跳转 at Address:
|:0050FDFC(C)
|
:0050FE50 8D851CFFFFFF lea eax, dword ptr [ebp+FFFFFF1C]

* 很可能是 字符串数据 Ref from Code Obj ->"此人现在不可查找"
|
:0050FE56 B924624D00 mov ecx, 004D6224
:0050FE5B 8B55EC mov edx, dword ptr [ebp-14]
:0050FE5E E8B540EFFF call 00403F18
:0050FE63 8B951CFFFFFF mov edx, dword ptr [ebp+FFFFFF1C]
:0050FE69 B901000000 mov ecx, 00000001
:0050FE6E 8B45FC mov eax, dword ptr [ebp-04] dedecms.com
:0050FE71 E8AEB2FAFF call 004BB124

* 此处被引用自: a (U)无条件 跳转 or (C)某种条件的 跳转 at Address:
|:0050FE4E(U)
|
:0050FE76 C3 ret copyright dedecms

帖子地址: 





上一篇:NPC加血加魔的UE修改方法
下一篇:4F中跨职业学习技能的设置方法
回复

使用道具 举报

懒得打字嘛,点击右侧快捷回复 【乱回复灌水将给予禁言处理】
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则