跪求大佬!已知该段代码触发掉血机制,如何修改才能实现无敌?
已知该段代码触发掉血机制,如何修改才不掉血不死亡?下面的体力和蓝量我算是改了数值改好了,但是血量一改游戏就崩溃,求大佬看看有什么办法能让它不触发掉血机制,还有能不能跳过死亡CALL?
万分无奈,血量修改已经尝试了2天了,要么就改了无效,要么就改了游戏崩溃!求大佬给个好点的主意,让他无敌,并且游戏不崩溃!
game.exe+2F91B6 - 51 - push ecx
game.exe+2F91B7 - 8D 4D D8 - lea ecx,
game.exe+2F91BA - E8 D1D2F9FF - call game.exe+296490
game.exe+2F91BF - 68 AB9EB800 - push game.exe+789EAB
game.exe+2F91C4 - 6A 00 - push 00
game.exe+2F91C6 - 68 1C0DB600 - push game.exe+760D1C
game.exe+2F91CB - 68 90FFAE00 - push game.exe+6EFF90
game.exe+2F91D0 - 8B 15 70C0A001 - mov edx,
game.exe+2F91D6 - 52 - push edx
game.exe+2F91D7 - FF 15 A0EDAE00 - call dword ptr
game.exe+2F91DD - 83 C4 14 - add esp,14
game.exe+2F91E0 - C7 45 FC FFFFFFFF - mov ,FFFFFFFF
game.exe+2F91E7 - 8D 4D D8 - lea ecx,
game.exe+2F91EA - E8 81D1F9FF - call game.exe+296370
game.exe+2F91EF - 8B 45 EC - mov eax,
game.exe+2F91F2 - 83 78 01 00 - cmp dword ptr ,00
game.exe+2F91F6 - 76 26 - jna game.exe+2F921E
game.exe+2F91F8 - 8B 0D EC8DCD01 - mov ecx,
game.exe+2F91FE - 8B 91 B46C0200 - mov edx,
game.exe+2F9204 - 69 D2 302C0000 - imul edx,edx,00002C30
INJECT - A1 388BCD01 - mov eax,
game.exe+2F920F - 8B 4D EC - mov ecx,
game.exe+2F9212 - 8B 49 01 - mov ecx,
game.exe+2F9215 - 89 8C 10 A4020000 - mov ,ecx //该段代码触发掉血量
game.exe+2F921C - EB 23 - jmp game.exe+2F9241
game.exe+2F921E - 8B 15 EC8DCD01 - mov edx,
game.exe+2F9224 - 8B 82 B46C0200 - mov eax,
game.exe+2F922A - 69 C0 302C0000 - imul eax,eax,00002C30
game.exe+2F9230 - 8B 0D 388BCD01 - mov ecx,
game.exe+2F9236 - C7 84 01 A4020000 00000000 - mov ,00000000
game.exe+2F9241 - 8B 15 EC8DCD01 - mov edx,
game.exe+2F9247 - 8B 82 B46C0200 - mov eax,
game.exe+2F924D - 69 C0 302C0000 - imul eax,eax,00002C30
game.exe+2F9253 - 8B 0D 388BCD01 - mov ecx,
game.exe+2F9259 - 8B 94 01 A4020000 - mov edx,
game.exe+2F9260 - 52 - push edx
game.exe+2F9261 - 8B 45 F0 - mov eax,
game.exe+2F9264 - 50 - push eax
game.exe+2F9265 - 6A 00 - push 00
game.exe+2F9267 - 8B 0D EC8DCD01 - mov ecx,
game.exe+2F926D - 8B 91 D03B0100 - mov edx,
game.exe+2F9273 - 8B 42 04 - mov eax,
game.exe+2F9276 - 8B 0D EC8DCD01 - mov ecx,
game.exe+2F927C - 8D 8C 01 D03B0100 - lea ecx,
game.exe+2F9283 - E8 5811FAFF - call game.exe+29A3E0
game.exe+2F9288 - 8B 55 EC - mov edx,
game.exe+2F928B - 0FBF 42 09 - movsx eax,word ptr
game.exe+2F928F - 85 C0 - test eax,eax
game.exe+2F9291 - 7E 26 - jle game.exe+2F92B9
game.exe+2F9293 - 8B 4D EC - mov ecx,
game.exe+2F9296 - 0FBF 51 09 - movsx edx,word ptr
game.exe+2F929A - A1 EC8DCD01 - mov eax,
game.exe+2F929F - 8B 88 B46C0200 - mov ecx,
game.exe+2F92A5 - 69 C9 302C0000 - imul ecx,ecx,00002C30
game.exe+2F92AB - A1 388BCD01 - mov eax,
game.exe+2F92B0 - 89 94 08 4C030000 - mov ,edx //该段代码触发体力
game.exe+2F92B7 - EB 22 - jmp game.exe+2F92DB
game.exe+2F92B9 - 8B 0D EC8DCD01 - mov ecx,
game.exe+2F92BF - 8B 91 B46C0200 - mov edx,
game.exe+2F92C5 - 69 D2 302C0000 - imul edx,edx,00002C30
game.exe+2F92CB - A1 388BCD01 - mov eax,
game.exe+2F92D0 - C7 84 10 4C030000 00000000 - mov ,00000000
game.exe+2F92DB - 8B 4D EC - mov ecx,
game.exe+2F92DE - 83 79 05 00 - cmp dword ptr ,00
game.exe+2F92E2 - 0F86 03010000 - jbe game.exe+2F93EB
game.exe+2F92E8 - 8B 15 EC8DCD01 - mov edx,
game.exe+2F92EE - 8B 8A B46C0200 - mov ecx,
game.exe+2F92F4 - 69 C9 302C0000 - imul ecx,ecx,00002C30
game.exe+2F92FA - 8B 15 EC8DCD01 - mov edx,
game.exe+2F9300 - 8B 82 B46C0200 - mov eax,
game.exe+2F9306 - 69 C0 302C0000 - imul eax,eax,00002C30
game.exe+2F930C - 8B 15 388BCD01 - mov edx,
game.exe+2F9312 - 8B 84 02 F8020000 - mov eax,
game.exe+2F9319 - 6B C0 19 - imul eax,eax,19
game.exe+2F931C - 99 - cdq
game.exe+2F931D - BE 64000000 - mov esi,00000064
game.exe+2F9322 - F7 FE - idiv esi
game.exe+2F9324 - 8B 15 388BCD01 - mov edx,
game.exe+2F932A - 39 84 0A FC020000 - cmp ,eax
game.exe+2F9331 - 0F8E 8E000000 - jng game.exe+2F93C5
game.exe+2F9337 - A1 EC8DCD01 - mov eax,
game.exe+2F933C - 8B 88 B46C0200 - mov ecx,
game.exe+2F9342 - 69 C9 302C0000 - imul ecx,ecx,00002C30
game.exe+2F9348 - 8B 15 388BCD01 - mov edx,
game.exe+2F934E - 8B 84 0A F8020000 - mov eax,
game.exe+2F9355 - 6B C0 19 - imul eax,eax,19
game.exe+2F9358 - 99 - cdq
game.exe+2F9359 - B9 64000000 - mov ecx,00000064
game.exe+2F935E - F7 F9 - idiv ecx
game.exe+2F9360 - 0FB7 D0 - movzx edx,ax
game.exe+2F9363 - 8B 45 EC - mov eax,
game.exe+2F9366 - 3B 50 05 - cmp edx,
game.exe+2F9369 - 72 5A - jb game.exe+2F93C5
game.exe+2F936B - 8B 0D 70C0A001 - mov ecx,
game.exe+2F9371 - 51 - push ecx
game.exe+2F9372 - 8D 4D C4 - lea ecx,
game.exe+2F9375 - E8 B6CEF9FF - call game.exe+296230
game.exe+2F937A - C7 45 FC 01000000 - mov ,00000001
game.exe+2F9381 - 8B 15 EC8DCD01 - mov edx,
game.exe+2F9387 - 81 C2 C83B0100 - add edx,00013BC8
game.exe+2F938D - 52 - push edx
game.exe+2F938E - 8D 4D C4 - lea ecx,
game.exe+2F9391 - E8 FAD0F9FF - call game.exe+296490
game.exe+2F9396 - 68 AB9EB800 - push game.exe+789EAB
game.exe+2F939B - 6A 00 - push 00
game.exe+2F939D - 68 1C0DB600 - push game.exe+760D1C
game.exe+2F93A2 - 68 90FFAE00 - push game.exe+6EFF90
game.exe+2F93A7 - A1 70C0A001 - mov eax,
game.exe+2F93AC - 50 - push eax
game.exe+2F93AD - FF 15 A0EDAE00 - call dword ptr
game.exe+2F93B3 - 83 C4 14 - add esp,14
game.exe+2F93B6 - C7 45 FC FFFFFFFF - mov ,FFFFFFFF
game.exe+2F93BD - 8D 4D C4 - lea ecx,
game.exe+2F93C0 - E8 ABCFF9FF - call game.exe+296370
game.exe+2F93C5 - 8B 0D EC8DCD01 - mov ecx,
game.exe+2F93CB - 8B 91 B46C0200 - mov edx,
game.exe+2F93D1 - 69 D2 302C0000 - imul edx,edx,00002C30
game.exe+2F93D7 - A1 388BCD01 - mov eax,
game.exe+2F93DC - 8B 4D EC - mov ecx,
game.exe+2F93DF - 8B 49 05 - mov ecx,
game.exe+2F93E2 - 89 8C 10 FC020000 - mov ,ecx //该段代码触发掉蓝量
game.exe+2F93E9 - EB 23 - jmp game.exe+2F940E
game.exe+2F93EB - 8B 15 EC8DCD01 - mov edx,
game.exe+2F93F1 - 8B 82 B46C0200 - mov eax,
game.exe+2F93F7 - 69 C0 302C0000 - imul eax,eax,00002C30
game.exe+2F93FD - 8B 0D 388BCD01 - mov ecx,
game.exe+2F9403 - C7 84 01 FC020000 00000000 - mov ,00000000
game.exe+2F940E - 8B 15 EC8DCD01 - mov edx,
game.exe+2F9414 - 8B 82 B46C0200 - mov eax,
game.exe+2F941A - 69 C0 302C0000 - imul eax,eax,00002C30
game.exe+2F9420 - 8B 0D 388BCD01 - mov ecx,
game.exe+2F9426 - 8B 15 8078CE01 - mov edx,
game.exe+2F942C - 8B 92 54010000 - mov edx,
game.exe+2F9432 - 89 94 01 84110000 - mov ,edx
game.exe+2F9439 - A1 EC8DCD01 - mov eax,
game.exe+2F943E - 8B 88 D03B0100 - mov ecx,
game.exe+2F9444 - 8B 51 04 - mov edx,
game.exe+2F9447 - A1 EC8DCD01 - mov eax,
game.exe+2F944C - 8B 8C 10 DC3B0100 - mov ecx,
game.exe+2F9453 - 89 8D 40FFFFFF - mov ,ecx
game.exe+2F9459 - 83 BD 40FFFFFF 00 - cmp dword ptr ,00
game.exe+2F9460 - 74 2F - je game.exe+2F9491
game.exe+2F9462 - 8B 15 EC8DCD01 - mov edx,
game.exe+2F9468 - 8B 82 D03B0100 - mov eax,
game.exe+2F946E - 8B 48 04 - mov ecx,
game.exe+2F9471 - 8B 15 EC8DCD01 - mov edx,
game.exe+2F9477 - 8D 84 0A D03B0100 - lea eax,
game.exe+2F947E - 89 85 3CFFFFFF - mov ,eax
game.exe+2F9484 - 8B 8D 3CFFFFFF - mov ecx,
game.exe+2F948A - C7 41 0C 00000000 - mov ,00000000
game.exe+2F9491 - 8B 4D F4 - mov ecx,
game.exe+2F9494 - 64 89 0D 00000000 - mov fs:,ecx
game.exe+2F949B - 59 - pop ecx
game.exe+2F949C - 5E - pop esi
game.exe+2F949D - 8B E5 - mov esp,ebp
game.exe+2F949F - 5D - pop ebp
game.exe+2F94A0 - C2 0800 - ret 0008 z7332323 发表于 2020-6-12 11:37
BV1rJ411W7hk
B站简单小教程,参考一下
我看了视频,是找TEST关键。。。
如下方代码所示。。并没有这个啊。。怎么办{:1_909:}
game.exe+2F90C0 - 55 - push ebp
game.exe+2F90C1 - 8B EC - mov ebp,esp
game.exe+2F90C3 - 6A FF - push -01
game.exe+2F90C5 - 68 60CCAB00 - push game.exe+6BCC60
game.exe+2F90CA - 64 A1 00000000 - mov eax,fs:
game.exe+2F90D0 - 50 - push eax
game.exe+2F90D1 - 81 EC BC000000 - sub esp,000000BC
game.exe+2F90D7 - 56 - push esi
game.exe+2F90D8 - A1 0CBCBE00 - mov eax,
game.exe+2F90DD - 33 C5 - xor eax,ebp
game.exe+2F90DF - 50 - push eax
game.exe+2F90E0 - 8D 45 F4 - lea eax,
game.exe+2F90E3 - 64 A3 00000000 - mov fs:,eax
game.exe+2F90E9 - 89 8D 38FFFFFF - mov ,ecx
game.exe+2F90EF - 83 7D 0C 00 - cmp dword ptr ,00
game.exe+2F90F3 - 74 05 - je game.exe+2F90FA
game.exe+2F90F5 - E9 97030000 - jmp game.exe+2F9491
game.exe+2F90FA - 8B 45 08 - mov eax,
game.exe+2F90FD - 89 45 EC - mov ,eax
game.exe+2F9100 - 8B 0D EC8DCD01 - mov ecx,
game.exe+2F9106 - 8B 91 B46C0200 - mov edx,
game.exe+2F910C - 69 D2 302C0000 - imul edx,edx,00002C30
game.exe+2F9112 - A1 388BCD01 - mov eax,
game.exe+2F9117 - 8B 8C 10 A4020000 - mov ecx,
game.exe+2F911E - 89 4D F0 - mov ,ecx
game.exe+2F9121 - 8B 55 EC - mov edx,
game.exe+2F9124 - 8B 45 F0 - mov eax,
game.exe+2F9127 - 3B 42 01 - cmp eax,
game.exe+2F912A - 0F84 58010000 - je game.exe+2F9288
game.exe+2F9130 - 8B 0D EC8DCD01 - mov ecx,
game.exe+2F9136 - 8B 91 B46C0200 - mov edx,
game.exe+2F913C - 69 D2 302C0000 - imul edx,edx,00002C30
game.exe+2F9142 - A1 388BCD01 - mov eax,
game.exe+2F9147 - 8B 84 10 A0020000 - mov eax,
game.exe+2F914E - 6B C0 19 - imul eax,eax,19
game.exe+2F9151 - 99 - cdq
game.exe+2F9152 - B9 64000000 - mov ecx,00000064
game.exe+2F9157 - F7 F9 - idiv ecx
game.exe+2F9159 - 39 45 F0 - cmp ,eax
game.exe+2F915C - 0F8E 8D000000 - jng game.exe+2F91EF
game.exe+2F9162 - 8B 15 EC8DCD01 - mov edx,
game.exe+2F9168 - 8B 82 B46C0200 - mov eax,
game.exe+2F916E - 69 C0 302C0000 - imul eax,eax,00002C30
game.exe+2F9174 - 8B 0D 388BCD01 - mov ecx,
game.exe+2F917A - 8B 84 01 A0020000 - mov eax,
game.exe+2F9181 - 6B C0 19 - imul eax,eax,19
game.exe+2F9184 - 33 D2 - xor edx,edx
game.exe+2F9186 - B9 64000000 - mov ecx,00000064
game.exe+2F918B - F7 F1 - div ecx
game.exe+2F918D - 8B 55 EC - mov edx,
game.exe+2F9190 - 3B 42 01 - cmp eax,
game.exe+2F9193 - 72 5A - jb game.exe+2F91EF
game.exe+2F9195 - A1 70C0A001 - mov eax,
game.exe+2F919A - 50 - push eax
game.exe+2F919B - 8D 4D D8 - lea ecx,
game.exe+2F919E - E8 8DD0F9FF - call game.exe+296230
game.exe+2F91A3 - C7 45 FC 00000000 - mov ,00000000
game.exe+2F91AA - 8B 0D EC8DCD01 - mov ecx,
game.exe+2F91B0 - 81 C1 C83B0100 - add ecx,00013BC8
game.exe+2F91B6 - 51 - push ecx
game.exe+2F91B7 - 8D 4D D8 - lea ecx,
game.exe+2F91BA - E8 D1D2F9FF - call game.exe+296490
game.exe+2F91BF - 68 AB9EB800 - push game.exe+789EAB
game.exe+2F91C4 - 6A 00 - push 00
game.exe+2F91C6 - 68 1C0DB600 - push game.exe+760D1C
game.exe+2F91CB - 68 90FFAE00 - push game.exe+6EFF90
game.exe+2F91D0 - 8B 15 70C0A001 - mov edx,
game.exe+2F91D6 - 52 - push edx
game.exe+2F91D7 - FF 15 A0EDAE00 - call dword ptr
game.exe+2F91DD - 83 C4 14 - add esp,14
game.exe+2F91E0 - C7 45 FC FFFFFFFF - mov ,FFFFFFFF
game.exe+2F91E7 - 8D 4D D8 - lea ecx,
game.exe+2F91EA - E8 81D1F9FF - call game.exe+296370
game.exe+2F91EF - 8B 45 EC - mov eax,
game.exe+2F91F2 - 83 78 01 00 - cmp dword ptr ,00
game.exe+2F91F6 - 76 26 - jna game.exe+2F921E
game.exe+2F91F8 - 8B 0D EC8DCD01 - mov ecx,
game.exe+2F91FE - 8B 91 B46C0200 - mov edx,
game.exe+2F9204 - 69 D2 302C0000 - imul edx,edx,00002C30
game.exe+2F920A - A1 388BCD01 - mov eax,
game.exe+2F920F - 8B 4D EC - mov ecx,
game.exe+2F9212 - 8B 49 01 - mov ecx,
game.exe+2F9215 - 89 8C 10 A4020000 - mov ,ecx //该段代码触发掉血。
game.exe+2F921C - EB 23 - jmp game.exe+2F9241
game.exe+2F921E - 8B 15 EC8DCD01 - mov edx,
game.exe+2F9224 - 8B 82 B46C0200 - mov eax,
game.exe+2F922A - 69 C0 302C0000 - imul eax,eax,00002C30
game.exe+2F9230 - 8B 0D 388BCD01 - mov ecx,
game.exe+2F9236 - C7 84 01 A4020000 00000000 - mov ,00000000
game.exe+2F9241 - 8B 15 EC8DCD01 - mov edx,
game.exe+2F9247 - 8B 82 B46C0200 - mov eax,
game.exe+2F924D - 69 C0 302C0000 - imul eax,eax,00002C30
game.exe+2F9253 - 8B 0D 388BCD01 - mov ecx,
game.exe+2F9259 - 8B 94 01 A4020000 - mov edx,
game.exe+2F9260 - 52 - push edx
game.exe+2F9261 - 8B 45 F0 - mov eax,
game.exe+2F9264 - 50 - push eax
game.exe+2F9265 - 6A 00 - push 00
game.exe+2F9267 - 8B 0D EC8DCD01 - mov ecx,
game.exe+2F926D - 8B 91 D03B0100 - mov edx,
game.exe+2F9273 - 8B 42 04 - mov eax,
game.exe+2F9276 - 8B 0D EC8DCD01 - mov ecx,
game.exe+2F927C - 8D 8C 01 D03B0100 - lea ecx,
game.exe+2F9283 - E8 5811FAFF - call game.exe+29A3E0
game.exe+2F9288 - 8B 55 EC - mov edx,
game.exe+2F928B - 0FBF 42 09 - movsx eax,word ptr
game.exe+2F928F - 85 C0 - test eax,eax
game.exe+2F9291 - 7E 26 - jle game.exe+2F92B9
game.exe+2F9293 - 8B 4D EC - mov ecx,
game.exe+2F9296 - 0FBF 51 09 - movsx edx,word ptr
game.exe+2F929A - A1 EC8DCD01 - mov eax,
game.exe+2F929F - 8B 88 B46C0200 - mov ecx,
game.exe+2F92A5 - 69 C9 302C0000 - imul ecx,ecx,00002C30
game.exe+2F92AB - A1 388BCD01 - mov eax,
game.exe+2F92B0 - 89 94 08 4C030000 - mov ,edx
game.exe+2F92B7 - EB 22 - jmp game.exe+2F92DB
game.exe+2F92B9 - 8B 0D EC8DCD01 - mov ecx,
game.exe+2F92BF - 8B 91 B46C0200 - mov edx,
game.exe+2F92C5 - 69 D2 302C0000 - imul edx,edx,00002C30
game.exe+2F92CB - A1 388BCD01 - mov eax,
game.exe+2F92D0 - C7 84 10 4C030000 00000000 - mov ,00000000
game.exe+2F92DB - 8B 4D EC - mov ecx,
game.exe+2F92DE - 83 79 05 00 - cmp dword ptr ,00
game.exe+2F92E2 - 0F86 03010000 - jbe game.exe+2F93EB
game.exe+2F92E8 - 8B 15 EC8DCD01 - mov edx,
game.exe+2F92EE - 8B 8A B46C0200 - mov ecx,
game.exe+2F92F4 - 69 C9 302C0000 - imul ecx,ecx,00002C30
game.exe+2F92FA - 8B 15 EC8DCD01 - mov edx,
game.exe+2F9300 - 8B 82 B46C0200 - mov eax,
game.exe+2F9306 - 69 C0 302C0000 - imul eax,eax,00002C30
game.exe+2F930C - 8B 15 388BCD01 - mov edx,
game.exe+2F9312 - 8B 84 02 F8020000 - mov eax,
game.exe+2F9319 - 6B C0 19 - imul eax,eax,19
game.exe+2F931C - 99 - cdq
game.exe+2F931D - BE 64000000 - mov esi,00000064
game.exe+2F9322 - F7 FE - idiv esi
game.exe+2F9324 - 8B 15 388BCD01 - mov edx,
game.exe+2F932A - 39 84 0A FC020000 - cmp ,eax
game.exe+2F9331 - 0F8E 8E000000 - jng game.exe+2F93C5
game.exe+2F9337 - A1 EC8DCD01 - mov eax,
game.exe+2F933C - 8B 88 B46C0200 - mov ecx,
game.exe+2F9342 - 69 C9 302C0000 - imul ecx,ecx,00002C30
game.exe+2F9348 - 8B 15 388BCD01 - mov edx,
game.exe+2F934E - 8B 84 0A F8020000 - mov eax,
game.exe+2F9355 - 6B C0 19 - imul eax,eax,19
game.exe+2F9358 - 99 - cdq
game.exe+2F9359 - B9 64000000 - mov ecx,00000064
game.exe+2F935E - F7 F9 - idiv ecx
game.exe+2F9360 - 0FB7 D0 - movzx edx,ax
game.exe+2F9363 - 8B 45 EC - mov eax,
game.exe+2F9366 - 3B 50 05 - cmp edx,
game.exe+2F9369 - 72 5A - jb game.exe+2F93C5
game.exe+2F936B - 8B 0D 70C0A001 - mov ecx,
game.exe+2F9371 - 51 - push ecx
game.exe+2F9372 - 8D 4D C4 - lea ecx,
game.exe+2F9375 - E8 B6CEF9FF - call game.exe+296230
game.exe+2F937A - C7 45 FC 01000000 - mov ,00000001
game.exe+2F9381 - 8B 15 EC8DCD01 - mov edx,
game.exe+2F9387 - 81 C2 C83B0100 - add edx,00013BC8
game.exe+2F938D - 52 - push edx
game.exe+2F938E - 8D 4D C4 - lea ecx,
game.exe+2F9391 - E8 FAD0F9FF - call game.exe+296490
game.exe+2F9396 - 68 AB9EB800 - push game.exe+789EAB
game.exe+2F939B - 6A 00 - push 00
game.exe+2F939D - 68 1C0DB600 - push game.exe+760D1C
game.exe+2F93A2 - 68 90FFAE00 - push game.exe+6EFF90
game.exe+2F93A7 - A1 70C0A001 - mov eax,
game.exe+2F93AC - 50 - push eax
game.exe+2F93AD - FF 15 A0EDAE00 - call dword ptr
game.exe+2F93B3 - 83 C4 14 - add esp,14
game.exe+2F93B6 - C7 45 FC FFFFFFFF - mov ,FFFFFFFF
game.exe+2F93BD - 8D 4D C4 - lea ecx,
game.exe+2F93C0 - E8 ABCFF9FF - call game.exe+296370
game.exe+2F93C5 - 8B 0D EC8DCD01 - mov ecx,
game.exe+2F93CB - 8B 91 B46C0200 - mov edx,
game.exe+2F93D1 - 69 D2 302C0000 - imul edx,edx,00002C30
game.exe+2F93D7 - A1 388BCD01 - mov eax,
game.exe+2F93DC - 8B 4D EC - mov ecx,
game.exe+2F93DF - 8B 49 05 - mov ecx,
game.exe+2F93E2 - 89 8C 10 FC020000 - mov ,ecx
game.exe+2F93E9 - EB 23 - jmp game.exe+2F940E
game.exe+2F93EB - 8B 15 EC8DCD01 - mov edx,
game.exe+2F93F1 - 8B 82 B46C0200 - mov eax,
game.exe+2F93F7 - 69 C0 302C0000 - imul eax,eax,00002C30
game.exe+2F93FD - 8B 0D 388BCD01 - mov ecx,
game.exe+2F9403 - C7 84 01 FC020000 00000000 - mov ,00000000
game.exe+2F940E - 8B 15 EC8DCD01 - mov edx,
game.exe+2F9414 - 8B 82 B46C0200 - mov eax,
game.exe+2F941A - 69 C0 302C0000 - imul eax,eax,00002C30
game.exe+2F9420 - 8B 0D 388BCD01 - mov ecx,
game.exe+2F9426 - 8B 15 8078CE01 - mov edx,
game.exe+2F942C - 8B 92 54010000 - mov edx,
game.exe+2F9432 - 89 94 01 84110000 - mov ,edx
game.exe+2F9439 - A1 EC8DCD01 - mov eax,
game.exe+2F943E - 8B 88 D03B0100 - mov ecx,
game.exe+2F9444 - 8B 51 04 - mov edx,
game.exe+2F9447 - A1 EC8DCD01 - mov eax,
game.exe+2F944C - 8B 8C 10 DC3B0100 - mov ecx,
game.exe+2F9453 - 89 8D 40FFFFFF - mov ,ecx
game.exe+2F9459 - 83 BD 40FFFFFF 00 - cmp dword ptr ,00
game.exe+2F9460 - 74 2F - je game.exe+2F9491
game.exe+2F9462 - 8B 15 EC8DCD01 - mov edx,
game.exe+2F9468 - 8B 82 D03B0100 - mov eax,
game.exe+2F946E - 8B 48 04 - mov ecx,
game.exe+2F9471 - 8B 15 EC8DCD01 - mov edx,
game.exe+2F9477 - 8D 84 0A D03B0100 - lea eax,
game.exe+2F947E - 89 85 3CFFFFFF - mov ,eax
game.exe+2F9484 - 8B 8D 3CFFFFFF - mov ecx,
game.exe+2F948A - C7 41 0C 00000000 - mov ,00000000
game.exe+2F9491 - 8B 4D F4 - mov ecx,
game.exe+2F9494 - 64 89 0D 00000000 - mov fs:,ecx
game.exe+2F949B - 59 - pop ecx
game.exe+2F949C - 5E - pop esi
game.exe+2F949D - 8B E5 - mov esp,ebp
game.exe+2F949F - 5D - pop ebp
game.exe+2F94A0 - C2 0800 - ret 0008
alicc 发表于 2020-6-13 10:08
游戏下载地址发我即可。不暴露QQ。为了防止未来时间被其他人搜索查询。
1、我已经找到我的血量和怪物的血量。问题来了。我把我的血量改了666666。。受到伤害还是会死,也就是说我只改了前台血量。。。并没有实现真正意义的无敌。
2、我也找到了怪物血量,把怪血量改成了1,然后打了一下,还是没有秒掉。同上。。。等于只修改了前台血量。。后台血量还是没变。。。
求教。。怎么解决。。。是不是因为这是网络游戏改不了???
那DNF那些是怎么做到秒杀的? game.exe+2F9215 - 89 8C 10 A4020000 - mov ,ecx //该段代码触发掉血量
不如把mov改成add试试?话说是单机游戏么 z7332323 发表于 2020-6-12 11:27
game.exe+2F9215 - 89 8C 10 A4020000 - mov ,ecx //该段代码触发掉血量
不如把m ...
改了ADD不行,表面不掉血,伤害够了还是死亡。而且。。。取消激活游戏还崩溃了!{:1_909:} sgsy 发表于 2020-6-12 11:31
改了ADD不行,表面不掉血,伤害够了还是死亡。而且。。。取消激活游戏还崩溃了!
BV1rJ411W7hk
B站简单小教程,参考一下 你首先要确保你找到的数值是真是有用的,别找个血条的长度
然后才能下断点看汇编 你确定这个寄存器里面只有你自己HP? wangyujie96 发表于 2020-6-12 12:01
你首先要确保你找到的数值是真是有用的,别找个血条的长度
然后才能下断点看汇编
他找的地方应该不对,很明显这是赋值,掉血应该是类似sub的语句… 无闻无问 发表于 2020-6-12 13:08
他找的地方应该不对,很明显这是赋值,掉血应该是类似sub的语句…
已经重复确定了。就是这段代码。。。我也确实有你这个想法~ alicc 发表于 2020-6-12 12:13
你确定这个寄存器里面只有你自己HP?
这段寄存器里不止有HP。还有蓝量和体力,怪物的血量也在这。有一次把怪的血量显示改到10了- -但是实际效果还是正常血量。。