雷云脚本hook 带跟随过图
aobscanmodule(leiyun,dnf.exe,F8 00 8B 04 8A 5D C2 04 00) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
cmp ,#30515//判断
jne @f
mov edx,//偏移到闪电
mov ,#1//跟随过图
mov ,#20022 //代码
mov ,#2000 //x
mov ,#1000 //y
mov ,#15 //个数
mov ,#300 //频率
mov ,#100000 //伤害
mov ,#6000000 //存在时间
mov eax,
pop ebp
ret 0004
jmp return
@@:
mov eax,
pop ebp
ret 0004
jmp return
leiyun+02:
jmp newmem
nop 2
return:
registersymbol(leiyun)
leiyun+02:
db 8B 04 8A 5D C2 04 00
unregistersymbol(leiyun)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: dnf.exe+42C52
dnf.exe+42C31: 8B EC - mov ebp,esp
dnf.exe+42C33: 8B 91 90 02 00 00- mov edx,
dnf.exe+42C39: 8B 81 94 02 00 00- mov eax,
dnf.exe+42C3F: 8B 4D 08 - mov ecx,
dnf.exe+42C42: 2B C2 - sub eax,edx
dnf.exe+42C44: C1 F8 02 - sar eax,02
dnf.exe+42C47: 3B C8 - cmp ecx,eax
dnf.exe+42C49: 7D 0E - jnl dnf.exe+42C59
dnf.exe+42C4B: 72 05 - jb dnf.exe+42C52
dnf.exe+42C4D: E8 05 94 F8 00 - call dnf.exe+FCC057
// ---------- INJECTING HERE ----------
dnf.exe+42C52: 8B 04 8A - mov eax,
// ---------- DONE INJECTING----------
dnf.exe+42C55: 5D - pop ebp
dnf.exe+42C56: C2 04 00 - ret 0004
dnf.exe+42C59: 33 C0 - xor eax,eax
dnf.exe+42C5B: 5D - pop ebp
dnf.exe+42C5C: C2 04 00 - ret 0004
dnf.exe+42C5F: CC - int 3
dnf.exe+42C60: 55 - push ebp
dnf.exe+42C61: 8B EC - mov ebp,esp
dnf.exe+42C63: 51 - push ecx
dnf.exe+42C64: 81 C1 5C 02 00 00- add ecx,0000025C
} 不明觉厉
插眼学习
实在是太棒了
页:
[1]