TwMS v1.46_ICS_物品定位
應某人要求...特別發了個舊版數據,至於更新出不出來我就不管了~
ICS、CRC、記憶體區段一併附上...
//TwMS v1.46_ICS_物品定位
//ICS:Onion
[Enable]
Alloc(ICSHook, 64)
Label(ItemHack)
Label(FakeJmp1)
Label(FakeJmp2)
Label(FakeJmp3)
Label(FakeJmp4)
00B661E8:
DD ICSHook
ICSHook:
Cmp [Esp+10], 004DB75D
Jne 006A8F86
Mov [Esp+10], ItemHack
Jmp 006A8F86
ItemHack:
test eax,eax
je FakeJmp1 //004db769
sub dword ptr [ebp-34],14
add dword ptr [ebp-2c],14
FakeJmp1:
call 008c64ec
mov [ebp+08],eax
mov eax,[esi+2c]
mov [ebp-10],eax
test eax,eax
je 004db890
lea eax,[ebp-10]
push eax
call 004da576
pop ecx
push eax
lea ecx,[ebp-1c]
call 004dab46
mov esi,[ebp-18]
and dword ptr [ebp-04],00
cmp dword ptr [esi+30],00
jne FakeJmp2 //004db7b5
push [esi+34]
mov ecx,[00d30358]
call 00570d10
test eax,eax
jne 004db845
FakeJmp2:
mov eax,[ebp+08]
sub eax,[esi+40]
cmp eax,00003a98
jnl FakeJmp3 //004db7ea
cmp dword ptr [esi+28],00
je FakeJmp3 //004db7ea
mov ecx,[esi+2c]
test ecx,ecx
jne FakeJmp4 //004db7da
mov eax,[edi+000020c0]
cmp [esi+24],eax
jne 004db845
FakeJmp4:
cmp ecx,01
jne FakeJmp3 //004db7ea
mov eax,[edi+0000409c]
cmp [esi+24],eax
jne 004db845
FakeJmp3:
cmp byte ptr [esi+1d],00
je 004db845
cmp dword ptr [esi+48],03
//jne 004db845
Jmp 004DB7F6
[Disable]
00B661E8:
DD 006A8F86
DeAlloc(ICSHook)
[Enable]
004DB7F4:
db 90 90
[Disable]
004DB7F4:
jne 004db845
0x00B661E8
0x006A8F86
004DA9DF - 56 - push esi
004DA9E0 - 8b b1 d0 1d 00 00 - mov esi,[ecx+00001dd0]
004DA9E6 - 8b 06 - mov eax,[esi]
004DA9E8 - 8b ce - mov ecx,esi
004DA9EA - ff 50 04 - call dword ptr [eax+04]
004DAA0D - 56 - push esi
004DAA0E - 8b f1 - mov esi,ecx
004DAA10 - e8 ca ff ff ff - call 004da9df
004DB758 - e8 b0 f2 ff ff - call 004daa0d
004DB75D - 85 c0 - test eax,eax
004DB75F - 74 08 - je 004db769
004DB761 - 83 6d cc 14 - sub dword ptr [ebp-34],14
004DB765 - 83 45 d4 14 - add dword ptr [ebp-2c],14
004DB769 - e8 7e ad 3e 00 - call 008c64ec
004DB76E - 89 45 08 - mov [ebp+08],eax
004DB771 - 8b 46 2c - mov eax,[esi+2c]
004DB774 - 89 45 f0 - mov [ebp-10],eax
004DB777 - 85 c0 - test eax,eax
004DB779 - 0f 84 11 01 00 00 - je 004db890
004DB77F - 8d 45 f0 - lea eax,[ebp-10]
004DB782 - 50 - push eax
004DB783 - e8 ee ed ff ff - call 004da576
004DB788 - 59 - pop ecx
004DB789 - 50 - push eax
004DB78A - 8d 4d e4 - lea ecx,[ebp-1c]
004DB78D - e8 b4 f3 ff ff - call 004dab46
004DB792 - 8b 75 e8 - mov esi,[ebp-18]
004DB795 - 83 65 fc 00 - and dword ptr [ebp-04],00
004DB799 - 83 7e 30 00 - cmp dword ptr [esi+30],00
004DB79D - 75 16 - jne 004db7b5
004DB79F - ff 76 34 - push [esi+34]
004DB7A2 - 8b 0d 58 03 d3 00 - mov ecx,[00d30358] : 091488BC
004DB7A8 - e8 63 55 09 00 - call 00570d10
004DB7AD - 85 c0 - test eax,eax
004DB7AF - 0f 85 90 00 00 00 - jne 004db845
004DB7B5 - 8b 45 08 - mov eax,[ebp+08]
004DB7B8 - 2b 46 40 - sub eax,[esi+40]
004DB7BB - 3d 98 3a 00 00 - cmp eax,00003a98
004DB7C0 - 7d 28 - jnl 004db7ea
004DB7C2 - 83 7e 28 00 - cmp dword ptr [esi+28],00
004DB7C6 - 74 22 - je 004db7ea
004DB7C8 - 8b 4e 2c - mov ecx,[esi+2c]
004DB7CB - 85 c9 - test ecx,ecx
004DB7CD - 75 0b - jne 004db7da
004DB7CF - 8b 87 c0 20 00 00 - mov eax,[edi+000020c0]
004DB7D5 - 39 46 24 - cmp [esi+24],eax
004DB7D8 - 75 6b - jne 004db845
004DB7DA - 83 f9 01 - cmp ecx,01
004DB7DD - 75 0b - jne 004db7ea
004DB7DF - 8b 87 9c 40 00 00 - mov eax,[edi+0000409c]
004DB7E5 - 39 46 24 - cmp [esi+24],eax
004DB7E8 - 75 5b - jne 004db845
004DB7EA - 80 7e 1d 00 - cmp byte ptr [esi+1d],00
004DB7EE - 74 55 - je 004db845
004DB7F0 - 83 7e 48 03 - cmp dword ptr [esi+48],03
004DB7F4 - 75 4f - jne 004db845
原來物品定位轉成ICS這麼長喔0.0
回覆刪除應該可以縮短吧?
我記得有個比較近的位置
刪除可是他的還原位置會變
請問這個要用ME 更新嗎??
回覆刪除ME要去哪邊下載呢 ??
大大在問你個問題為何用技能此數據會失效?
回覆刪除2~4好像能刪掉XD