TwMS v149_ICS_物品過濾
//TwMS v149_ICS_物品過濾
//Update: Onion
[Enable]
Registersymbol(CheckESP)
Alloc(CheckESP,512)
Registersymbol(ItemList)
Alloc(ItemList,204800)
Label(HookESP)
Label(HookFun)
Label(HookOr1)
Label(HookOr2)
Label(Filter)
Label(Skip)
Label(End)
ItemList:
//請在以下加入欲過濾名單
//請在以上加入欲過濾名單
DD 00
CheckESP:
Cmp [Esp+6C], 004EE1E7
Je HookESP
Jmp 007291DA
HookESP:
Mov [Esp+6C], HookFun
Jmp 007291DA
HookFun:
mov eax,[ebp-1C]
mov esi,[ebp-50]
mov [esi+1C],al
cmp eax,01
Je HookOr1
cmp eax,02
Je HookOr1
xor al,al
Jmp HookOr2
HookOr1:
mov al,01
HookOr2:
mov [esi+1D],al
mov [esi+20],edi
mov edi,[ebp+08]
mov ecx,edi
call 00408b13
movzx eax,al
mov ecx,edi
//Xor Eax, Eax //過濾楓幣
mov [esi+30],eax
call 00408b6f
PUSH ESI
MOV ESI,ItemList
Filter:
CMP EAX,C350
JLE End
CMP DWORD PTR DS:[ESI],0
Je End
CMP DWORD PTR DS:[ESI],EAX
Je Skip
ADD ESI,4
JMP Filter
Skip:
XOR EAX,EAX
End:
POP ESI
MOV ECX,EDI
MOV [ESI+34],EAX
Jmp 004EE222
00DF062C:
DD CheckESP
[Disable]
00DF062C:
DD 007291DA
UnRegistersymbol(CheckESP)
DeAlloc(CheckESP)
UnRegistersymbol(ItemList)
DeAlloc(ItemList)
請問一下
回覆刪除要怎麼修改才不會把楓幣也一起過濾掉呢?
//Xor Eax, Eax //過濾楓幣
刪除這行不要註解掉
想請問一下 要如何測得物品的代碼呢?
回覆刪除網路上查找比較快,不然就要重記憶體當中抓 (聽說wz可以查到,不確定)
刪除怎麼過濾楓幣~ ?
回覆刪除