奇迹私服mu7820点奇迹mu圣导师怎么加点点

 上传我的文档
 下载
 收藏
该文档贡献者很忙,什么也没留下。
 下载此文档
正在努力加载中...
[精品]手把手教你给奇迹私服服务端添加扩展
下载积分:420
内容提示:[精品]手把手教你给奇迹私服服务端添加扩展
文档格式:TXT|
浏览次数:58|
上传日期: 05:20:22|
文档星级:
该用户还上传了这些文档
[精品]手把手教你给奇迹私服服务端添加扩展
官方公共微信当前位置: >
奇迹GS汇编的一点无用的资料A
时间: 06:20 来源:奇迹私服网站 作者:奇迹私服 阅读:次
.常量卓越物品技能暴率,&4302779&,,0041A7BB
.常量卓越物品幸运暴率,&4302789&,,
.常量一般物品技能暴率,&4302868&,,
.常量一般物品幸运暴率,&4302878&,,0041A81E
.常量祝福宝石价格,&5276742&,,
.常量灵魂宝石价格,&5276775&,,
.常量玛雅宝石价格,&5276809&,,
.常量生命宝石价格,&5276843&,,005084AB
.常量创造宝石价格,&5276876&,,005084CC
.常量祝福药水价格,&5277153&,,
.常量灵魂药水价格,&5277191&,,
.常量洛克之羽价格,&5277048&,,
.常量守护宝石价格,&5277098&,,005085AA
.常量祝福组合价格,&5276919&,,
.常量灵魂组合价格,&5276965&,,
.常量国王卷轴价格,&5277064&,,
.常量天鹰合成成功率,&4803546&,,00494BDA
.常量天鹰合成费用,&4803553&,,00494BE1
.常量黑王马合成成功率,&4801961&,,
.常量黑王马合成费用,&4801968&,,
.常量苹果回复量,&4503282&,,
.常量小红回复量,&4503291&,,0044B6FB
.常量中红回复量,&4503300&,,
.常量大红回复量,&4503309&,,0044B70D
.常量套装物品技能暴率,&5237327&,,004FEA4F
.常量套装物品幸运暴率,&5237334&,,004FEA56
.常量大翅膀价格,&5279997&,,005090FD
.常量合成几率加10带幸运,&4789294&,,0049142E
.常量合成几率加13,&4791330&,,00491C22
.常量灵魂成功率带幸运,&5210319&,,004F80CF
.常量灵魂成功率不幸运,&5210542&,,004F81AE
.常量生命成功率,&5212477&,,004F893D
.常量GM移动方式,&5320486&,,00512F26
.常量联盟人数限制,&4543357&,,0045537D
.常量幻影导师加攻防等级,&5554928&,,
.常量仓库最大金钱限制,&4479332&,,
.常量困顿掉落数量,&4298859&,,0041986B
.常量困顿套装爆率,&4299288&,,00419A18
.常量幼龙变身怪物编号,&4933422&,,004B472E
.常量巨人变身怪物编号,&4933431&,,004B4737
.常量骷髅兵变身怪物编号,&4933440&,,004B4740
.常量毒牛怪变身怪物编号,&4933449&,,004B4749
.常量死灵巫師变身怪物编号,&4933458&,,004B4752
.常量牛魔王变身怪物编号,&4933467&,,004B475B
.常量哥布林怪物编号,&4927827&,,004B3153
.常量石巨人怪物编号,&4927876&,,004B3184
.常量暗杀者怪物编号,&4927925&,,004B31B5
.常量雪人王怪物编号,&4927974&,,004B31E6
.常量暗黑骑士怪物编号,&4928023&,,004B3217
.常量守护兽巴里怪物编号,&4928072&,,004B3248
.常量黄金斗士怪物编号,&4928124&,,004B327C
.常量火龙王掉每堆钱数,&4300367&,,00419E4F
.常量赤色要塞人数限制,&5487667&,,0053BC33
.常量大翅膀合成成功率,&4794335&,,004927DF
****************************************************************
UDP端口编号
联盟人数限制
0幻影导师加攻防等级
5经验值计算公式
004FE7D角色最大金钱限制
004D67F8普通角色升级点
004D67DA圣导魔剑升级点
004D67E二次转职升级点
52D59C53B3C89
普通物品技能暴率
1A81E普通物品幸运暴率
A7BB卓越物品技能暴率
00418FCF卓越物品幸运暴率
0E586黄金宝箱技能暴率
黄金宝箱幸运暴率
0046E5BB黄金宝箱物品等级
004FEA4F套装物品技能暴率
004FE87F004FEA56套装物品幸运暴率
004FEB昆顿套装掉落数
00419A20昆顿套装暴率
00405E20祝福宝石暴率
00405E4F灵魂宝石暴率
00405E7E玛雅之石暴率
00405EAD生命宝石暴率
00405EDC创造宝石暴率
00405F0B洛克之羽暴率
00405F3A守护宝石暴率
00405F69守护天使暴率
00405F98小恶魔暴率
00405FC7兽角暴率
00405FF6彩云兽暴率
黑王马暴率
再生宝石暴率
南瓜变身戒指暴率
大防护药水暴率
治疗之石暴率
0040613F防御之石暴率
0040616E攻击之石暴率
0040619D雷霆裂闪之石暴率
004061CC钻云***之石暴率
004061FB生命之光之石暴率
0040622A玄月斩之石暴率
穿透箭之石暴率
冰封箭之石暴率
袭风刺之石暴率
星云火链卷轴暴率
星云召唤卷轴暴率
致命圣印卷轴暴率
圣极光卷轴暴率
火舞旋风卷轴暴率
法师书暴率
恶魔之眼暴率
恶魔之钥暴率
召唤之石暴率
0049136F加10成功率
0049139A加11成功率
加12成功率
加13成功率
最大成功率
F8547灵魂加幸运成功率
004F855B灵魂不幸运成功率
004F8CED生命失败率
004972FB狼兽合成费用
狼兽合成成功率
27DF大翅膀合成成功率
05A9黑王马合成成功率
黑王马合成费用
00494BDA天鹰合成成功率
00494BE1天鹰合成费用
004B472E幼龙变身怪物编号
004B4737巨人变身怪物编号
004B4740骷髅兵变身怪物编号
004B4749毒牛怪变身怪物编号
004B4752死灵巫師变身怪物编号
004B475B牛魔王变身怪物编号
004B3689哥布林怪物编号
004B3698石巨人怪物编号
004B36A7暗杀者怪物编号
004B36B6雪人王怪物编号
004B36C5暗黑骑士怪物编号
004B3248守护兽巴里怪物编号
004B327C黄金斗士怪物编号
白魔法师掉落类型
白魔法师掉落编号
0046A98D毁灭弓手及武士掉落类型
毁灭弓手及武士掉落编号
0046A99F毁灭弓手及武士掉落机率
00531A51血色奖励物品类型
00531A4C血色奖励物品编号
00531B23血色奖励物品数量
0053BC63赤色启动人数
0053EF66灵魂创造暴率
0053EF7A祝福生命暴率
0053ED07奖励灵魂编号
0053ED44奖励创造编号
0053EDBA奖励祝福编号
0053EDF8奖励生命编号
苹果回复量
0044B6FB小红回复量
中红回复量
0044B70D大红回复量
004B3F1C敏捷除数
004B3F3C智力除数
004B3F67守护时间除数
004B3FB2最大守护时间
004B3FB最大守护机率
04B3FCF004B3D67生命之光时间
004B3D6E004B3D80生命之光倍数
004B3D87006BDAA1弓手加攻倍数
004B420F弓手加防倍数
006BDAF92人组队经验
006BDAFD3人组队经验
006BDB014人组队经验
006BDB055人组队经验
006BDB093人组合组队经验
006BDB0D4人组合组队经验
006BDB115人组合组队经验
------------------------------------------------------------------------------------------------------------------------
原理:越南版本的技能武器协议是0DC
大陆9c中文版本的技能武器协议是0D0
要使技能武器正常使用,除了服务端GS要修改处理客户端发来的D0协议外,还需要修改服务端发送给客户端的D0协议,如果没有这个修改,就会导致技能滑动效果失效的情况出现。
知道了问题所在,就可以修改了,只需要修改两个地方:
另:寻找&99.65的新版本GS,有的联系我哦
|&\6A07PUSH7
DC000000PUSH0DC
0044104B|.8D4DF0LEAECX,DWORDPTRSS:[EBP-10]
|&\6A07PUSH7
D0000000PUSH0D0
0044104B|.8D4DF0LEAECX,DWORDPTRSS:[EBP-10]
0044104E|.51PUSHECX
0052814A|.68DC000000PUSH0DC
0052814F|.8D45E4LEAEAX,DWORDPTRSS:[EBP-1C]
D0000000PUSH0D0
0052814F|.8D45E4LEAEAX,DWORDPTRSS:[EBP-1C]
UE修改方法
一共有两处需要替换
*****************************************************************************************************************************
1.00.16红蓝等瓶剂回3的解决办法以及系统限制修改方法:
0AC78548FFFFFF
0AC78568FFFFFF
如果按老的方法修改,附值255,会产生新的BUG,就是无论原来是多少(比如30/50),都会变成255!所以应该不去判断,改为无CaoZuo(既nop/90,这里不让写那个字!)才是正解!
二、系统限制修改方法:
用UE分别查找前面的代码替换成后面的!
9ABC257C---&50D6FCFF
92A1267C---&33D6FCFF
6EA3267C---&DDD6FCFF
41BA257C---&A1D5FCFF
983D267C---&65D5FCFF
98A2267C---&8CD6FCFF
3AA0267C---&D3D5FCFF
03BC257C---&B9D5FCFF
*****************************************************************************************************************************
1.00.16对组队金钱和经验少的问题
004DD318&\EB05jmpshort004DD31F
004DD31A.5Bpopebx
004DD31B.8BE5movesp,ebp
004DD31D.5Dpopebp
004DD31E.C3retn
004DD31F&8B4D0Cmovecx,dwordptr[ebp+C]
004DD322.33C0xoreax,eax
004DD324.66:8B4164movax,wordptr[ecx+64]
004DD328.83F802cmpeax,2
004DD32B.7520jnzshort004DD34D
004DD32D.8B91AC000000movedx,dwordptr[ecx+AC]
004DD333.8955F8movdwordptr[ebp-8],edx
004DD336.DB45F8filddwordptr[ebp-8]
004DD339.D80DD9816B00fmuldwordptr[6B81D9]
004DD33F.Ecall005802AC
004DD344.8B4D0Cmovecx,dwordptr[ebp+C]
004DD347.movdwordptr[ecx+AC],eax
004DD34D&5Fpopedi
004DD34E.5Epopesi
004DD34F.5Bpopebx
004DD350.8BE5movesp,ebp
004DD352.5Dpopebp
004DD353.C3retn
==================================================
无UE的替换方法.因为十六进制代码不只这一处是.
请使用Ollydbg``
此方法可以让你的组队掉钱和平时角色打怪时的钱多上N倍
*****************************************************************************************************************************
9960战盟公告与盟聊修改方法,已经测试通过:
83FFBE510E85D20F85AF883B8AF8E8ED080FBE510F83FA3E0FB45080FBEF
83FF85AF883B8AF8E8ED080FBE510E83FA3E9000000
*****************************************************************************************************************************
9962服务端设置多区多线的详细方法:
1.首先打开Muonline修改默认的M盘到D盘设置:
1.UE查找:
D6D6F6E2E004D3A5CDA174
1.替换为:
D6D6F6E2E002E2E5C745C646174
2.UE查找:
652E4D3A5C636F6D6D6F6E2EA656E204D2053
2.替换为:
652E2E2E5C6F6D6D6F6E2E053
然后删除默认的M盘
自己建个批处理:
IF&%Disk%&==&&setDisk=M
subst&%Disk%&:/D
2.修改GS的默认UDP端口号:默认GS为60006,那么2线为60007,3线为60008以次类推!
用UE打开GS,查找66EA,该为67EA,另存为Gameserver1-2,同理,查找66EA,该为68EA,另存为Gameserver1-3,新建Muonline1,Muonline2,把该好的GS放在各自的目录中,复制Muonline下的DATA文件夹,记得修改DATA目录下的ServerInfo.dat文件和MapServerInfo.dat文件!在每个文件夹复制一份!
MapServerInfo.dat(假如你开3条线的话就这样设置,开多线依次类推)
001S127.0.0.155901
101S127.0.0.155903
201S127.0.0.155905
3.修改CS目录下的DATA目录下的ServerList.dat文件!
ServerList.dat
//ServerList
0&GameServer_1-1&&127.0.0.1&55901&SHOW&
1&GameServer_1-2&&127.0.0.1&55903&SHOW&
2&GameServer_1-3&&127.0.0.1&55905&SHOW&
4.创建Muonline/GAMESERVER/gameserver.exe,Muonline1/GAMESERVER/gameserver.exe,Muonline2/GAMESERVER/gameserver.exe的快捷方式到启动文件夹即可!
到此3线修改完毕,要多区的方法只需要修改CS/DATA/ServerList.dat的配置即可,修改GS方法相同!
*****************************************************************************************************************************
战盟公告乱码修正方法:
4CJNZSHORTgameserv.0042CFD3
B5508MOVEDX,DWORDPTRSS:[EBP+8]
0042CF8A.|83C211ADDEDX,11
0042CF8D.|52PUSHEDX
0042CF8E.|8B45F8MOVEAX,DWORDPTRSS:[EBP-8]
B88AC020000MOVECX,DWORDPTRDS:[EAX+2AC]
4CJNZSHORTgameserv.0042CFD3
B5508MOVEDX,DWORDPTRSS:[EBP+8]
C20FADDEDX,0F
0042CF8D.|52PUSHEDX
0042CF8E.|8B45F8MOVEAX,DWORDPTRSS:[EBP-8]
B88AC020000MOVECX,DWORDPTRDS:[EAX+2AC]
UE修改方法
8BD528B45F8
8BD528B45F8
发公告不用再在前面加两个空格了
*****************************************************************************************************************************
9960GameServer_CS_9960罗兰袭击修复罗兰逆袭的公告信息乱码问题:
B8F3BDBAC5CDB5E9C0CC20B7CEB7A320C7F9B0EEC0C720BCBAC0BB20B0F8B0DDC7CFB0ED20C0D6BCD22E20B1D7B4EBB5E9C0C720C8FBC0BB20BAB8BFA9C1D6BDC3BFC021
D2BBC8BAC8BAB9D6CEEFD5FDD4DACFAEBBF7C2DEC0BCCFBFB9C82E20C8C3CBFBC3C7D6AAB5C0C4E3C3C7B5C4C0F7BAA6B0C0
B8F3BDBAC5CDB5E9C0CC20B7CEB7A320C7F9B0EEC0BB20C7E2C7D820C1F8B1BAC7CFB0ED20C0D6BCD22120BFF8B1BAC0BB20BFE4C3BBC7CFBFC021
D2BBC8BAC8BAB9D6CEEFD5FDD4DACDF9C2DEC0BCCFBFB9C8D2C6B6AFD6D02120C7EBC7F3D6A7D4AE2CC7EBC7F3D6A7D4AE
6EB1D7B4EBB5E9C0C720C8B0BEE0C0B8B7CE20B8F3BDBAC5CDB5E9C0BB20B9B0B8AEC4A520BCF620C0D6BEFABCD22E20B0A8BBE7B5E5B8AEBFC02E
6EB8D0D0BBB4F3BCDCEAAC4E3C3C7B5C4B0EFD6FA2C20B3C9B9A6B5C4CFFBC3F0C1CBCBF9D3D0C7D6C2D4D5DF
B7CEB7A3C7F9B0EEC0C720BCBAC0BB20BDC0B0DDC7D120BFA1B7CEC8FB20BACEB4EBB0A120B0DDC5F0B5C7BEFABDC0B4CFB4D92E.
CFAEBBF7C2DEC0BCCFBFB9C8B5C4C1B6D3FCC4A7CDF5B2BFB6D3D2D1BEADB1BBBBF7CDCBC1CB0000
B7CEB7A3C7F9B0EEC0C720BCBAC0BB20BDC0B0DDC7D120BFA1B7CEC8FB20BACEB4EBB8AD4C0CC20B9B0B8AEC4A1BCCCBDC0B4CFB4D92E
A2D0DBBBF7CDCBC1CBCFAEBBF7C2DEC0BCCFBFB9C8B5C4C1B6D3FCC4A7CDF5B2BFB6D00000
B7CEB7A3C7F9B0EEC0C720BCBAC0BB20BDC0B0DDC7DA120B0DDC5F0B5C7BEFABDC0B4CFB4D92E
CFAEBBF7C2DEC0BCCFBFB9C8B5CBBBBF7CDCBC1CB
B7CEB7A3C7F9B0EEC0C720BCBAC0BB20BDC0B0DDC7DAD4C0CC20B9B0B8AEC4A1BCCCBDC0B4CFB4D92E
CFAEBBF7C2DEC0BCCFBFB9C8B5CBBC9B9A6B5C4BBF7CDCBC1CB
*****************************************************************************************************************************
关于罗兰峡谷怪物侵袭事件的基本解释与设置:
文件data\CastleDeepEvent.dat是专门负责罗兰峡谷怪物侵袭事件的!
//发生的时间设置
//小时分钟
//袭击类型:1是一般攻击;2是特殊攻击
//袭击类型可能性(发生的概率%)
//-----------------------------------------------
1100//一般攻击
20//特殊攻击
//袭击类型:1-一般攻击/2-特殊攻击
//分组:设定每一种攻击类型的怪物分组
//袭击类型分组出现时间(分)
//-----------------------------------------------
//袭击类型分组怪物代码数量坐标X1坐标Y1坐标X1坐标Y2
//-----------------------------------------------
*****************************************************************************************************************************
网络魏少的服务端合成bug的UE修复方法
非攻城的gs+11卡死的修复方法:
使用ue搜索:
C0000CCCC33C98B0D52ADC0C00CCCC33C98B0D4EADC0C00CCCCCC33C98B0D4AA769
C0000CCCC33D28B91DC0C00CCCC33C98B0D4EAADC0C00CCCCCC33C98B0D4AA769
今天测试的时候发现在攻城的gs里面合成+11正常,但是+12的时候会掉线,顺便也修复了一下方法如下,有2处
33C98B0D52ADC0C00CCCC33C98B0D4EADC0C00CCCCCC33C98B0D4AA769
33D28B91DC0C00CCCC33C98B0D4EAADC0C00CCCCCC33C98B0D4AA769
*****************************************************************************************************************************
解决杀血名,自己红名的问题:
打开查询分析器复制以下内容执行及可..
use[muonline]
ALTERTABLEdbo.[Character]DROPCONSTRAINTDF_Character_PkLevel
ALTERTABLEdbo.[Character]ADDCONSTRAINTDF_Character_PkLevelDEFAULT(0)FORPkLevel
UPDATE[Character]SETPkLevel=0WHERE(PkLevel=3)
*****************************************************************************************************************************
公布不卡死罗兰的####真正方法:
昨天我说了暂时的办法.真正的解决的办法已经知道了.
方法共享给大家.有些人知道也不说.真没人道..
先说明原因.白白给方法.大家也没学到什么东东.
由于55962是攻城gs的默认端口55960是普通gs的默认端口
所以.我们只要把快捷方式Dataserver的端口改改就可以了
方法如果(举例)
D:\MuOnline\DataServer0\Dataserver.exe559620注意0和mapserver的0是对应的
D:\MuOnline\DataServer0\Dataserver.exe559601注意1和mapserver的1是对应的
就是这样.在隐藏攻城GS线的情况下.罗兰下线再上线不卡就解决了.再上线就会移动到大勇.完全正常
.方法是说了.有些人懂也不说.还有.那些必改刷怪文件的人.一个意见.想大家喜欢你.不要弄太花巧.要尽量为大家干点实事.好了.大家开始骂我吧.
有新的东东我还是会共享的.不要骂我装老大.什么的就好了.我没装.一个普通人而已只是一个喜欢奇迹的~迷~
相信大家也一样.没必要弄得好像你争我夺的.&_&无聊&
*****************************************************************************************************************************
最大伤害修改办法:
00403ED1$|E9FAD90000JMPGameServ.gObjMonsterTopHitDamageUser
&/&\55PUSHEBP
|.8BECMOVEBP,ESP
|.83EC4CSUBESP,4C
|.53PUSHEBX
|.56PUSHESI
|.57PUSHEDI
|.C745FC00000&MOV[LOCAL.MaxHitDamage],0
|.C745F8FFFFF&MOV[LOCAL.MaxHitDamageUser],-1
//看到了吧最大伤害就是-1点血,改个1000,不管防多少都伤害1000
|.C745F400000&MOV[LOCAL.n],0
*****************************************************************************************************************************
城主合成物品次数修改
1]usedGS:&&奇迹联盟[8/9]
2]openGS-CSwithultraeditor
3]searchundercode^^
E9DF6D680000
00:1countperaday
FF:2countperaday
FE:3countperaday
FD:4countperaday
FC:5countperaday
****************************************************************************************************************************1
白色魔法师逆袭事件奖励CompleteRewardChange
1]usedGS:&&奇迹联盟[8/9]
2]openGSwithultraeditor
3]searchundercode^^
//祝福宝石
//玛雅宝石
0D=13/0E=14---&dropblessjewel
0F=15/0C=12---&dropchaosjewel
*****************************************************************************************************************************
设置血城任务的奖品的修改
1]适用GS:&&奇迹联盟[8/9]
2]用UE打开GS和攻城GS
3]搜索以下代码^^
EB7A8B4D0F6A0C
//玛雅宝石
//生命宝石
0F=15/0C=12---&奖励物品为玛雅
10=16/0E=14---&奖励物品为生命
*****************************************************************************************************************************
Warehousemaxinput/outputzen适用&&8月9日
#####openGSandGS-CSwithUltraeditor
#####changelikeunder
1]817DFC00E1F505---&817DFCplaces)
2]81FA00E1F505---&81FA
#####max:---&
*****************************************************************************************************************************
castleitemmix(城堡合成需要的宝石数和钱数)适用&&8月9日适用&&8月9日
#####openGS-CSwithultraeditor
1]needcountofgem
837DFDFDFC1E
03(blessgemmixcount):3bundles
03(soulgemmixcount):3bundles
1E(defendgemcount):30EA
2]needmoney
C745D800CA9A3B
__________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
[GS修改]添加扩展DLL的方法:
C737005PUSHgameserv.0570736C
46D6800PUSHgameserv.00686D74;ASCII&1.02.05&
A0D48549A06MOVCL,BYTEPTRDS:[69A5448]
BMOVEDX,DWORDPTRDS:[69A5470]
0050A27A.B9C852D806MOVECX,gameserv.06D852C8
0050A27F.E8DF91EFFFCALLgameserv.
装载文件完毕后开始正式启动的时候加
71D0A00CALLgameserv.005AC000
这里我自己添加的,直接跳转的添加DLL的代码
005AC000/$PUSHgameserv.005AC040;/FileName=&PNProc.dll&
\\005AC040=&PNProc.dll&
\\其他的类同
005AC005|.E84274FCFFCALL&JMP.&KERNEL32.LoadLibraryA&;\LoadLibraryA
005AC00A|.09C0OREAX,EAX
005AC00C|.0F849B000000JEgameserv.005AC0AD
005AC012|.PUSHgameserv.005AC050;/ProcNameOrOrdinal=&PNLoadProc&
005AC017|.50PUSHEAX;|hModule
005AC018|.E82974FCFFCALL&JMP.&KERNEL32.GetProcAddress&;\GetProcAddress
\\这个就是获取DLL中函数的API
\\我的函数名字为PNLoadProc
005AC01D|.A360C15A00MOVDWORDPTRDS:[5AC160],EAX
005AC022|.09C0OREAX,EAX
005AC024|.0FJEgameserv.005AC0AD
005AC02A|.EB65JMPSHORTgameserv.005AC091
\\这里跳转到下面对DLL进行处理...
005AC091|&\6A30PUSH30;/Style=MB_OK|MB_ICONEXCLAMATION|MB_APPLMODAL
005AC093|.68D0C05A00PUSHgameserv.005AC0D0;|Title=&文件加载完成...&
005AC098|.68F0C05A00PUSHgameserv.005AC0F0;|Text=&PNProc.dll加载完成,正在进行其它装载...&
005AC09D|.6A00PUSH0;|hOwner=NULL
005AC09F|.FFCALLDWORDPTRDS:[&&USER32.MessageBoxA&&;\MessageBoxA
005AC0A5|.A160C15A00MOVEAX,DWORDPTRDS:[5AC160]
005AC0AA|.FFD0CALLEAX\\正式调用DLL中函数
005AC0AC|.C3RETN
005AC0AD|&6A10PUSH10;/Style=MB_OK|MB_ICONHAND|MB_APPLMODAL
005AC0AF|.PUSHgameserv.005AC120;|Title=&发生错误!&
005AC0B4|.PUSHgameserv.005AC130;|Text=&PNProc.dll加载出错,程序不能正常运行...&
005AC0B9|.6A00PUSH0;|hOwner=NULL
005AC0BB|.FFCALLDWORDPTRDS:[&&USER32.MessageBoxA&&;\MessageBoxA
005AC0C1\.C3RETN
*****************************************************************************************************************************
GM命令获取:
$|E93A411000JMPGameServ.CGMMng::GetCmd
用了个循环来判断,如果GM人不了..这里添加:
&/&\55PUSHEBP
BECMOVEBP,ESP
EC48SUBESP,48
4DFCMOVDWORDPTRSS:[EBP-4],ECX
0050581C|.C745F800000&MOVDWORDPTRSS:[EBP-8],0
|.EB09JMPSHORTGameServ.0050582E
B45F8/MOVEAX,DWORDPTRSS:[EBP-8]
C001|ADDEAX,1
0050582B|.8945F8|MOVDWORDPTRSS:[EBP-8],EAX
0050582E|&837DF832CMPDWORDPTRSS:[EBP-8],32
D3F|JGESHORTGameServ.
B4DF8|MOVECX,DWORDPTRSS:[EBP-8]
B55FC|MOVEDX,DWORDPTRSS:[EBP-4]
0050583A|.83BC8AEC0300&|CMPDWORDPTRDS:[EDX+ECX*4+3EC],0
E2D|JLESHORTGameServ.
B45F8|MOVEAX,DWORDPTRSS:[EBP-8]
BC014|IMULEAX,EAX,14
0050584A|.8B4DFC|MOVECX,DWORDPTRSS:[EBP-4]
0050584D|.8D540104|LEAEDX,DWORDPTRDS:[ECX+EAX+4]
B4508|MOVEAX,DWORDPTRSS:[EBP+8]
|.E8C5E60500|CALLGameServ.__strcmpi
0050585B|.83C408|ADDESP,8
0050585E|.85C0|TESTEAX,EAX
0F|JNZSHORTGameServ.
B4DF8|MOVECX,DWORDPTRSS:[EBP-8]
B55FC|MOVEDX,DWORDPTRSS:[EBP-4]
B848AEC0300&|MOVEAX,DWORDPTRDS:[EDX+ECX*4+3EC]
0050586F|.EB04|JMPSHORTGameServ.
|&^EBB2\JMPSHORTGameServ.
C0XOREAX,EAX
BE5MOVESP,EBP
0050587A|.5DPOPEBP
0050587B\.C20400RETN4
*****************************************************************************************************************************
1.0M的角色列表修改一:
我先找到的了位置大致分析就可以知道这个一定是:
==============================================
C1,4B,F3,00,02,00,02,
00,D3,F4,C3,C6,00,00,00,00,00,00,71,08,00,08,20,0A,FF,11,1F,1F,18,6D,80,10,00,00,00,FF,FF,FF,00,00,FF,
01,C4,A7,BB,C3,D6,AE,D6,F7,00,00,71,01,00,00,00,FF,FF,FF,FF,FF,00,00,00,F8,00,00,00,FF,FF,FF,00,00,FF
=================================================
以上是我们的参考封包
F3,协议类型
02,角色数量
我们找到GS里的函数头为:
00403EB8$/E943CB0100JMPGameServ.JGPGetCharList
具体实现为:
00420A00&/&\55PUSHEBP
BECMOVEBP,ESP
ECB4010000SUBESP,1B4
00420A0A|.56PUSHESI
00420A0B|.57PUSHEDI
00420A0C|.8B4508MOVEAX,DWORDPTRSS:[EBP+8]
00420A0F|.8945FCMOVDWORDPTRSS:[EBP-4],EAX
00420A12|.C785E8FEFFFF&MOVDWORDPTRSS:[EBP-118],0
00420A1C|.C785E4FEFFFF&MOVDWORDPTRSS:[EBP-11C],1C
B4DFCMOVECX,DWORDPTRSS:[EBP-4]
FBF5104MOVSXEDX,WORDPTRDS:[ECX+4]
00420A2D|.8995E0FEFFFFMOVDWORDPTRSS:[EBP-120],EDX
00420A33|.C685D4FEFFFF&MOVBYTEPTRSS:[EBP-12C],0C1
00420A3A|.C685D6FEFFFF&MOVBYTEPTRSS:[EBP-12A],0F3
00420A41|.C685D7FEFFFF&MOVBYTEPTRSS:[EBP-129],0
B45FCMOVEAX,DWORDPTRSS:[EBP-4]
00420A4B|.8A4806MOVCL,BYTEPTRDS:[EAX+6]
00420A4E|.888DDAFEFFFFMOVBYTEPTRSS:[EBP-126],CL
00420A54|.C645F600MOVBYTEPTRSS:[EBP-A],0
A0APUSH0A;/n=A(10.)
00420A5A|.8B55FCMOVEDX,DWORDPTRSS:[EBP-4];|
00420A5D|.83C20DADDEDX,0D;|
PUSHEDX;|src
D45ECLEAEAX,DWORDPTRSS:[EBP-14];|
PUSHEAX;|dest
00420A65|.E8C6141400CALLGameServ._\_memcpy
00420A6A|.83C40CADDESP,0C
/--------------------------------------------------------------------------------
我把上段分析为:
00420A33|.C685D4FEFFFF&MOVBYTEPTRSS:[EBP-12C],0C1
00420A3A|.C685D6FEFFFF&MOVBYTEPTRSS:[EBP-12A],0F3
00420A41|.C685D7FEFFFF&MOVBYTEPTRSS:[EBP-129],0
B45FCMOVEAX,DWORDPTRSS:[EBP-4]
00420A4B|.8A4806MOVCL,BYTEPTRDS:[EAX+6]
00420A4E|.888DDAFEFFFFMOVBYTEPTRSS:[EBP-126],CL
00420A54|.C645F600MOVBYTEPTRSS:[EBP-A],0
堆载&EBP&中[]内的内容为(EBP-[]内容)实际就是地址
[12C]0C1C1
[12A]0F30xf3
[129]00000
[126]CharNum
[125]00FirstObjNum
具体位置为上对应:
可见汇编代码:
00420A33|.C685D4FEFFFF&MOVBYTEPTRSS:[EBP-12C],0C1
00420A3A|.C685D6FEFFFF&MOVBYTEPTRSS:[EBP-12A],0F3
00420A4E|.888DDAFEFFFFMOVBYTEPTRSS:[EBP-126],CL
//角色数量
下面是对角色的物品啊渲染处理的,我就看不明了
这个就是角色列表发送的地方。。。
我决定写个1.02E的就把它替换掉。。。。
下面是对角色名称处理:
A0APUSH0A;charNameLen=10B;/n=A(10.)
00420A5A|.8B55FCMOVEDX,DWORDPTRSS:[EBP-4];|
00420A5D|.83C20DADDEDX,0D;|
PUSHEDX;|src
D45ECLEAEAX,DWORDPTRSS:[EBP-14];|
PUSHEAX;charN|dest
00420A65|.E8C6141400CALLGameServ._memcpy
/------------------------------------------------------------------------------------
CBloodCastle::SetBossMonster
$|E95B8F1100JMPGameServ.CBloodCastle::SetBossMonster
&/&\55PUSHEBP
BECMOVEBP,ESP
EC60SUBESP,60
4DFCMOVDWORDPTRSS:[EBP-4],ECX
0051A37C|.837D0800CMPDWORDPTRSS:[EBP+8],0
D09JGESHORTGameServ.0051A38B
|.C745E000000&MOVDWORDPTRSS:[EBP-20],0
|.EB0CJMPSHORTGameServ.
0051A38B|&33C0XOREAX,EAX
0051A38D|.837D0806CMPDWORDPTRSS:[EBP+8],6
F9EC0SETLEAL
45E0MOVDWORDPTRSS:[EBP-20],EAX
7DE000CMPDWORDPTRSS:[EBP-20],0
0051A39B|.7505JNZSHORTGameServ.
0051A39D|.E9B3010000JMPGameServ.
|&C745F400000&MOVDWORDPTRSS:[EBP-C],0
|.EB09JMPSHORTGameServ.
0051A3AB|&8B4DF4/MOVECX,DWORDPTRSS:[EBP-C]
0051A3AE|.83C101|ADDECX,1
|.894DF4|MOVDWORDPTRSS:[EBP-C],ECX
|&837DF414CMPDWORDPTRSS:[EBP-C],14
|.0F8D|JGEGameServ.
0051A3BE|.8B5508|MOVEDX,DWORDPTRSS:[EBP+8]
|.69D2FC010000|IMULEDX,EDX,1FC
|.8B45FC|MOVEAX,DWORDPTRSS:[EBP-4]
0051A3CA|.8D4C1004|LEAECX,DWORDPTRDS:[EAX+EDX+4]
0051A3CE|.8B55F4|MOVEDX,DWORDPTRSS:[EBP-C]
|.83BC91E00000&|CMPDWORDPTRDS:[ECX+EDX*4+E0],-1
|.0F|JEGameServ.
0051A3DF|.8B4508|MOVEAX,DWORDPTRSS:[EBP+8]
|.69C0FC010000|IMULEAX,EAX,1FC
|.8B4DFC|MOVECX,DWORDPTRSS:[EBP-4]
0051A3EB|.8D540104|LEAEDX,DWORDPTRDS:[ECX+EAX+4]
0051A3EF|.8B45F4|MOVEAX,DWORDPTRSS:[EBP-C]
|.8B8C82E00000&|MOVECX,DWORDPTRDS:[EDX+EAX*4+E0]
|.894DF0|MOVDWORDPTRSS:[EBP-10],ECX
0051A3FC|.8B55F0|MOVEDX,DWORDPTRSS:[EBP-10]
0051A3FF|.6BD20C|IMULEDX,EDX,0C
A82CE3F7605|MOVAL,BYTEPTRDS:[EDX+5763FCE]
45EC|MOVBYTEPTRSS:[EBP-14],AL
0051A40B|.8B4DF0|MOVECX,DWORDPTRSS:[EBP-10]
0051A40E|.6BC90C|IMULECX,ECX,0C
A91D03F7605|MOVDL,BYTEPTRDS:[ECX+5763FD0]
55E8|MOVBYTEPTRSS:[EBP-18],DL
0051A41A|.8B45E8|MOVEAX,DWORDPTRSS:[EBP-18]
0051A41D|.25FF000000|ANDEAX,0FF
E80B|SUBEAX,0B
45E4|MOVBYTEPTRSS:[EBP-1C],AL
B4DE4|MOVECX,DWORDPTRSS:[EBP-1C]
0051A42B|.81E1FF000000|ANDECX,0FF
B4D08|CMPECX,DWORDPTRSS:[EBP+8]
05|JESHORTGameServ.0051A43B
|.^E970FFFFFF|JMPGameServ.0051A3AB
0051A43B|&8B55EC|MOVEDX,DWORDPTRSS:[EBP-14]
0051A43E|.81E2FF000000|ANDEDX,0FF
FA59|CMPEDX,59
5C|JESHORTGameServ.
B45EC|MOVEAX,DWORDPTRSS:[EBP-14]
0051A44C|.25FF000000|ANDEAX,0FF
F85F|CMPEAX,5F
4F|JESHORTGameServ.
B4DEC|MOVECX,DWORDPTRSS:[EBP-14]
E1FF000000|ANDECX,0FF
0051A45F|.83F970|CMPECX,70
41|JESHORTGameServ.
B55EC|MOVEDX,DWORDPTRSS:[EBP-14]
E2FF000000|ANDEDX,0FF
0051A46D|.83FA76|CMPEDX,76
33|JESHORTGameServ.
B45EC|MOVEAX,DWORDPTRSS:[EBP-14]
FF000000|ANDEAX,0FF
0051A47A|.83F87C|CMPEAX,7C
0051A47D|.7426|JESHORTGameServ.
0051A47F|.8B4DEC|MOVECX,DWORDPTRSS:[EBP-14]
E1FF000000|ANDECX,0FF
F|CMPECX,82
0051A48E|.7415|JESHORTGameServ.
B55EC|MOVEDX,DWORDPTRSS:[EBP-14]
E2FF000000|ANDEDX,0FF
FA8F000000|CMPEDX,8F
0051A49F|.0F85AB000000|JNZGameServ.
|&8B45E8|MOVEAX,DWORDPTRSS:[EBP-18]
|.25FF000000|ANDEAX,0FF
0051A4AD|.50|PUSHEAX
0051A4AE|.E802A2EEFF|CALLGameServ.
|.83C404|ADDESP,4
|.0FBFC8|MOVSXECX,AX
|.894DF8|MOVDWORDPTRSS:[EBP-8],ECX
0051A4BC|.837DF800|CMPDWORDPTRSS:[EBP-8],0
|.0F8C8A000000|JLGameServ.
|.8B55F0|MOVEDX,DWORDPTRSS:[EBP-10]
|.52|PUSHEDX
0051A4CA|.8B45F8|MOVEAX,DWORDPTRSS:[EBP-8]
0051A4CD|.50|PUSHEAX
0051A4CE|.E82F91EEFF|CALLGameServ.
|.83C408|ADDESP,8
|.8B4DEC|MOVECX,DWORDPTRSS:[EBP-14]
|.81E1FF000000|ANDECX,0FF
0051A4DF|.51|PUSHECX
|.8B55F8|MOVEDX,DWORDPTRSS:[EBP-8]
|.52|PUSHEDX
|.E85181EEFF|CALLGameServ.0040263A
|.83C408|ADDESP,8
0051A4EC|.8B45F8|MOVEAX,DWORDPTRSS:[EBP-8]
0051A4EF|.69C08C150000|IMULEAX,EAX,158C
|.8B4DFC|MOVECX,DWORDPTRSS:[EBP-4]
|.8B|MOVEDX,DWORDPTRDS:[ECX+E00]
0051A4FE|.CC03|MOVDWORDPTRDS:[EAX+3CCF114],EDX
B45F8|MOVEAX,DWORDPTRSS:[EBP-8]
C08C150000|IMULEAX,EAX,158C
0051A50D|.8A4DE4|MOVCL,BYTEPTRSS:[EBP-1C]
8806FCCC03|MOVBYTEPTRDS:[EAX+3CCFC06],CL
B55F8|MOVEDX,DWORDPTRSS:[EBP-8]
D28C150000|IMULEDX,EDX,158C
0051A51F|.8B45FC|MOVEAX,DWORDPTRSS:[EBP-4]
:8B88F80D0&|MOVCX,WORDPTRDS:[EAX+DF8]
:898A30F2C&|MOVWORDPTRDS:[EDX+3CCF230],CX
|.E8ED720400|CALLGameServ._[_rand
0051A53A|.7905|JNSSHORTGameServ.
0051A53C|.48|DECEAX
0051A53D|.83C8F8|OREAX,FFFFFFF8
B55F8|MOVEDX,DWORDPTRSS:[EBP-8]
D28C150000|IMULEDX,EDX,158C
0051A54A|.CC03|MOVBYTEPTRDS:[EDX+3CCF010],AL
|&^E956FEFFFF\JMPGameServ.0051A3AB
BE5MOVESP,EBP
0051A55A|.5DPOPEBP
0051A55B\.C20400RETN4
*****************************************************************************************************************************
99.60GS模块_决斗部分:
004010BEJMPGameServ.CGDuelStartRequestRecv
cg决斗开始请求接收
JMPGameServ.GCSendDuelScore
GC发送决斗分数
JMPGameServ.CGDuelOkRequestRecv
CG决斗请求确认接收
004026FDJMPGameServ.gObjSendDuelEnd
发送决斗结束
004030DAJMPGameServ.gObjDuelCheck
JMPGameServ.CGDuelEndRequestRec
接受请求结束决斗
JMPGameServ.gObjSetDuelOption
设置决斗选项
00404B29JMPGameServ.IsOnDuel
00404B2EJMPGameServ.gObjDuelCheck
00404B97JMPGameServ.IsDuelEnable
0040502EJMPGameServ.gObjResetDuel
040586CJMPGameServ.gObjCheckAllUserDuelStop
检测所有停止决斗的用户
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
9960_GS模块_战盟部分:
JMPGameServ.gObjGuildWarProc
004017DAJMPGameServ.GCManagerGuildWarEnd
管理盟战结束
004017DFJMPGameServ.GCManagerGuildWarSet
管理盟战设置
JMPGameServ.GCGuildWarRequestSend
盟战请求发送
JMPGameServ.GCGuildWarRequestSendRecv
收到盟战请求
00401E42JMPGameServ.GCGuildWarRequestResult
盟战请求结果
JMPGameServ.gObjGuildWarEndSend
发送盟战结束
JMPGameServ.gObjGuildWarMasterClose
老大关闭盟站
JMPGameServ.GCGuildWarDeclare
0040316BJMPGameServ.GCGuildWarEnd
004031CFJMPGameServ.GCGuildWarScore
00403C6FJMPGameServ.gObjGuildWarItemGive
送出盟战物品
00403F5DJMPGameServ.gObjTargetGuildWarCheck
检测盟战目标
JMPGameServ.gObjGuildWarEndSend
发送盟战结束
JMPGameServ.gObjGuildWarCheck
00404AA7JMPGameServ.gObjGuildWarEnd
*****************************************************************************************************************************
继续GS模块][汇编到VC++]第一
004FDFA0/&\55PUSHEBP
004FDFA1|.8BECMOVEBP,ESP
004FDFA3|.83EC44SUBESP,44
004FDFA6|.53PUSHEBX
004FDFA7|.56PUSHESI
004FDFA8|.57PUSHEDI
004FDFA9|.8B4508MOVEAX,DWORDPTRSS:[EBP+8]
004FDFAC|.A35C4EB50AMOVDWORDPTRDS:[AB54E5C],EAX
004FDFB1|.6A00PUSH0;/lParam=NULL
004FDFB3|.8B4D08MOVECX,DWORDPTRSS:[EBP+8];|
004FDFB6|.51PUSHECX;|hInst
004FDFB7|.6A00PUSH0;|hMenu=NULL
004FDFB9|.6A00PUSH0;|hParent=NULL
004FDFBB|.6A00PUSH0;|Height=0
004FDFBD|.PUSH;|Width=.)
004FDFC2|.6A00PUSH0;|Y=0
004FDFC4|.PUSH;|X=.)
004FDFC9|.PUSHGameServ.00CF0000;|Style=WS_OVERLAPPED|WS_MINIMIZEBOX|WS_MAXIMIZEBOX|WS_SYSMENU|WS_THICKFRAME|WS_CAPTION
004FDFCE|.68F44DB50APUSHGameServ.0AB54DF4;|WindowName=&GameServer&
004FDFD3|.68904DB50APUSHGameServ.0AB54D90;|Class=&GAMESERVER&
004FDFD8|.6A00PUSH0;|ExtStyle=0
004FDFDA|.FF15BCA1B70ACALLDWORDPTRDS:[&&USER32.CreateWindow&;\CreateWindowExA
/-------------------------------------------------------------------------------------------
BOOLInitInstance(HINSTANCEhInstance,intnCmdShow)
hInst=hI//Storeinstancehandleinourglobalvariable
hWnd=CreateWindow(szWindowClass,szTitle,WS_OVERLAPPEDWINDOW,
CW_USEDEFAULT,0,CW_USEDEFAULT,0,NULL,NULL,hInstance,NULL);
returnFALSE;
//ShowWindow(hWnd,nCmdShow);下面最大化窗口..
//自定义控件函数..没多大用!为了和原代码一样!所以才添加上来..
InitCommonControls();
ShowWindow(hWnd,SW_SHOWMAXIMIZED);
UpdateWindow(hWnd);
returnTRUE;
004FDFED|&\8B550CMOVEDX,DWORDPTRSS:[EBP+C]
004FDFF0|.52PUSHEDX;/ShowState
004FDFF1|.8B45FCMOVEAX,DWORDPTRSS:[EBP-4];|
004FDFF4|.50PUSHEAX;|hWnd
004FDFF5|.FFACALLDWORDPTRDS:[&&USER32.ShowWindow&];\ShowWindow
004FDFFB|.8B4DFCMOVECX,DWORDPTRSS:[EBP-4]
004FDFFE|.51PUSHECX;/hWnd
004FDFFF|.FF15C0A1B70ACALLDWORDPTRDS:[&&USER32.UpdateWindow&;\UpdateWindow
004FE005|.8B55FCMOVEDX,DWORDPTRSS:[EBP-4]
004FE008|.AMOVDWORDPTRDS:[AB54E58],EDX
004FE00E|.BMOVEAX,1
004FE013|&5FPOPEDI
004FE014|.5EPOPESI
004FE015|.5BPOPEBX
004FE016|.8BE5MOVESP,EBP
004FE018|.5DPOPEBP
004FE019\.C3RETN
[继续GS模块][汇编到VC++]第二
004FDA9D.6A6DPUSH6D;/TableName=6D
004FDA9F.8B5508MOVEDX,DWORDPTRSS:[EBP+8];|
004FDAA2.52PUSHEDX;|hInst
004FDAA3.FF15D8A1B70ACALLDWORDPTRDS:[&&USER32.LoadAccelera&;\LoadAcceleratorsA
hAccelTable=LoadAccelerators(hInstance,(LPCTSTR)IDC_GAMESERVER);
==============================================
这里的代码都是和我的代码里粘出来的不是随便写的
开头这一段已经完全正常..里面的变量啊什么都是我反汇编翻译的
==================================================
A10push10;/Style=MB_OK|MB_ICONHAND|MB_APPLMODAL
4C986600push0066984C;|Title=&Error&
1CFF6600push0066FF1C;|Text=&CannotfindM:\Drive.&
00512B5C|.6A00push0;|hOwner=NULL
00512B5E|.FFcall[&&USER32.MessageBoxA&];\MessageBoxA
A10push10;/Style=MB_OK|MB_ICONHAND|MB_APPLMODAL
4C986600push0066984C;|Title=&Error&
00512B1C|.push0066FF50;|Text=&WebzenMuGameServerisalreadyRunning.&
A00push0;|hOwner=NULL
00512B23|.FFcall[&&USER32.MessageBoxA&];\MessageBoxA
00512B3F|.51/pFindFileData=0012FDD0
38FF6600push0066FF38;|FileName=&M:\commonserver.cfg&
00512B45|.FF15DC7CD906call[&&KERNEL32.FindFirstFileA&];\FindFirstFileA
翻译下来为;
intAPIE***YWinMain(HINSTANCEhInstance,
HINSTANCEhPrevInstance,
LPSTRlpCmdLine,
intnCmdShow)
//-------------------------------变量常量声明-----------------------------------------------
charMutexName[0xFF]=&WZ_MU_GS_MUTEX&;
HANDLEMuteHandle=::CreateMutex(NULL,0,MutexName);
DWORDMutexErr=::GetLastError();
HACCELhAccelT
WIN32_FIND_DATApFindFileD
HANDLEFindFistFileHandle=NULL;
//---------------------------------------开始代码------------------------------------------------
if(MutexErr==0x0B7)
::CloseHandle(MuteHandle);
MessageBox(NULL,&WebzenMuGameServerisalreadyRunning.&,&Error&,MB_OK|MB_ICONHAND|MB_APPLMODAL);
if(gLanguage==0)
FindFistFileHandle=::FindFirstFile(&M:\\commonserver.cfg&,&pFindFileData);
if(FindFistFileHandle==INVALID_HANDLE_VALUE)
MessageBox(NULL,&CannotfindM:\\Drive.&,&Error&,MB_OK|MB_ICONHAND|MB_APPLMODAL);
FindClose(FindFistFileHandle);
LoadString(hInstance,GameServer,szTitle,Count);
LoadString(hInstance,GAMES,szWindowClass,Count);
MyRegisterClass(hInstance);
//Performapplicationinitialization:
if(!InitInstance(hInstance,nCmdShow))
returnFALSE;
hAccelTable=LoadAccelerators(hInstance,(LPCTSTR)IDC_GAMESERVER);
//Mainmessageloop:
while(GetMessage(&msg,NULL,0,0))
if(!TranslateAccelerator(msg.hwnd,hAccelTable,&msg))
TranslateMessage(&msg);
DispatchMessage(&msg);
GiocpInit();
returnmsg.wP
//------------------------------结束代码----------------------------------------------------------------
voidReadServerInfo()
charRSIPath[0xFF]=&..\\data\\Serverinfo.dat&;
IsFile(&RSIPath[0]);
//装载信息配置:
GetPrivateProfileString(&GameServerInfo&,&ServerName&,&&,szServerName,50,RSIPath);
gGameServerCode=::GetPrivateProfileInt(&GameServerInfo&,&ServerCode&,0,RSIPath);
bCanConnectMember=::GetPrivateProfileInt(&GameServerInfo&,&ConnectMemberLoad&,0,RSIPath);
上面的代码汇编相近为:
004F5575.50PUSHEAX;/IniFileName
004FPUSH0;|Default=0
004F100PUSHGameServ.;|Key=&ServerType&
004F557D.68EC686100PUSHGameServ.006168EC;|Section=&GameServerInfo&
004F5582.FF15D09CB70ACALLDWORDPTRDS:[&&KERNEL32.GetPrivate&;\GetPrivateProfileIntA
004F80AMOVDWORDPTRDS:[A78F08C],EAX
004F558D.PUSHGameServ.;ASCII&commonserver.cfg&
004FECFB09MOVECX,GameServ.09FBEC10
004F5597.E87FDBF0FFCALLGameServ.0040311B
004F559C.50PUSHEAX;/IniFileName
004F559D.6A00PUSH0;|Default=0
004F559F.68E0686100PUSHGameServ.;|Key=&Partition&
004F55A4.68EC686100PUSHGameServ.006168EC;|Section=&GameServerInfo&
004F55A9.FF15D09CB70ACALLDWORDPTRDS:[&&KERNEL32.GetPrivate&;\GetPrivateProfileIntA
004F55AF.A390F0780AMOVDWORDPTRDS:[A78F090],EAX
004F55B4.PUSHGameServ.;ASCII&commonserver.cfg&
004F55B9.B910ECFB09MOVECX,GameServ.09FBEC10
004F55BE.E858DBF0FFCALLGameServ.0040311B
004F55C3.50PUSHEAX;/IniFileName
004F55C4.6A00PUSH0;|Default=0
004F55C6.68D4686100PUSHGameServ.;|Key=&Language&
004F55CB.68EC686100PUSHGameServ.006168EC;|Section=&GameServerInfo&
004F55D0.FF15D09CB70ACALLDWORDPTRDS:[&&KERNEL32.GetPrivate&;\GetPrivateProfileIntA
004F55D6.A3B8F0780AMOVDWORDPTRDS:[A78F0B8],EAX
004F55DB.B91873B60AMOVECX,GameServ.0AB67318
004F55E0.E8E2CFF0FFCALLGameServ.
004F55E5.68F9254000PUSHGameServ.
004F55EA.A18CF0780AMOVEAX,DWORDPTRDS:[A78F08C]
004F55EF.50PUSHEAX
004F55F0.PUSHGameServ.094B5E68
004F55F5.PUSHGameServ.00628C40;ASCII&0.99.60T&
004F55FA.6A00PUSH0
004F55FC.8A0D90F0780AMOVCL,BYTEPTRDS:[A78F090]
004F5602.51PUSHECX
004FB8F0780AMOVEDX,DWORDPTRDS:[A78F0B8]
004F5609.52PUSHEDX
004F560A.B91873B60AMOVECX,GameServ.0AB67318
004F560F.E8F7DBF0FFCALLGameServ.0040320B
004F5614.90NOP
004F5615.90NOP
004F5616.90NOP
004F5617.90NOP
004F5618.90NOP
004F561D90DB90
004F561E.909090
*****************************************************************************************************************************
GS的部分函数一
$/EJMPGameServ.std::_Tree&int,std::pair&intconst,TUnionInfo*&,std::map&int,TUnionI&
0040100A$|E9B1B81100JMPGameServ.CBloodCastle::SendNoticeState
血色城堡::发送通告
0040100F$|E93C9E0900JMPGameServ.std::swap
$|EJMPGameServ.FriendMemoSendResult
好友备忘路产生
$|E932E00600JMPGameServ.std::_Tree&int,std::pair&intconst,std::vector&CASTLEDEEP_SPAWNTIME,s&
0040101E$|E9FDC90900JMPGameServ.CWhisperCash::TimeCheckCashDelete
密聊::时间检查消除
$|E9A8191400JMPGameServ.CCastleSiege::CheckGuardianStatueExist
攻城::围攻雕象退出
.|E9B39F0100JMPGameServ.CMonsterAttr::`scalardeletingdestructor
0040102D$|E92E690200JMPGameServ.GS_DGAnsNpcRemove
$|E969DE0100JMPGameServ.CDbSave::Begin
.|EJMPGameServ.wsJoinServerCli::`scalardeletingdestructor
0040103C$|E99F470900JMPGameServ.CastleSpecialItemMix
城堡专用物品混合
$|E9FA740800JMPGameServ.CloseClient
.|E945E70500JMPGameServ.CBattleGround::`scalardeletingdestructor
0040104B$|E9F0500400JMPGameServ.GCReqmoveDevilSquare
$|E96B041400JMPGameServ.CCastleSiege::SaveCsTotalGuildInfo
攻城::保存战盟信息
$|E956DA1200JMPGameServ.std::allocator&tagPOINT&::allocate
0040105A$|EJMPGameServ.std::_Tree&std::basic_string&char,std::char_traits&char&,std::allocato&
0040105F$|E93C4B0600JMPGameServ.CRingAttackEvent::SetMenualStart
戒指事件::设置默认开始
.|E967F90500JMPGameServ.CDragonEvent::`scalardeletingdestructor
$|E9D2C81200JMPGameServ.std::_Tree&int,std::pair&intconst,_MONSTER_ITEM_DROP&,std::map&int,_&
0040106E$|E9CD8F0700JMPGameServ.std::_Tree&int,std::pair&intconst,void*&,std::map&int,void*,std::l&
$|EJMPGameServ.std::basic_string&char,std::char_traits&char&,std::allocator&char&&::&
$|EJMPGameServ.std::_Tree&int,std::pair&intconst,TUnionInfo*&,std::map&int,TUnionI&
0040107D$|E96EDD0A00JMPGameServ.CObjUseSkill::UseSkill
角色技能::角色技能
$|E9D9B30700JMPGameServ.CItemBagEx::~CItemBagEx
时间物品::事件物品
$|E9A4BE0A00JMPGameServ.CObjBaseAttack::DecreaseArrow
0040108C$|E94F570600JMPGameServ.std::vector&RINGMONSTER_DATA,std::allocator&RINGMONSTER_DATA&&::_Ucop&
$|E9CA680100JMPGameServ.gObjMonsterDieGiveItem
怪物死亡获得角色物品
$|E9E5090400JMPGameServ.GCDiePlayerSend
玩家死亡发送数据
0040109B$|E9F04A0500JMPGameServ.GDRelationShipReqKickOutUnionMember
$|E95B640200JMPGameServ.GS_DGAnsSiegeEndedChange
$|E9F6D60000JMPGameServ.std::_Tree&int,std::pair&intconst,_MONSTER_HERD_DATA&,std::map&int,_&
004010AA$|E931BF0000JMPGameServ.std::_Tree&int,std::pair&intconst,_MONSTER_HERD_DATA&,std::map&int,_&
004010AF.|E93C4A0700JMPGameServ.AttackEvent53BagOpen
$|E947C00E00JMPGameServ.gObjMagicManaUse
角色属性包
$|E982FA1400JMPGameServ.std::copy
004010BE$|E9CD850400JMPGameServ.CGDuelStartRequestRecv
估计为恶魔广场
$|EJMPGameServ.std::_Tree&std::basic_string&char,std::char_traits&char&,std::allocato&
$|E933E11300JMPGameServ.CCastleSiege::AdjustDbNpcLevel
004010CD$|E92E6E1500JMPGameServ.std::allocator&_MAPSVR_DATA*&::construct
$|EJMPGameServ.std::_Tree&int,std::pair&intconst,std::vector&CASTLEDEEP_MONSTERINFO&
.|EJMPGameServ.CSendHackLog::`scalardeletingdestructor
004010DC$|E9DF3E0900JMPGameServ.SoulPotionChaosMix
$|E9DA300A00JMPGameServ.std::map&std::basic_string&char,std::char_traits&char&,std::allocator&&
$|EJMPGameServ.gObjMonsterHitDamageInit
怪物攻击角色
004010EB$|EJMPGameServ.std::_Tree&std::basic_string&char,std::char_traits&char&,std::allocato&
$|E95BF81200JMPGameServ.CGuardianStatue::~CGuardianStatue
$|EJMPGameServ.std::map&unsignedint,int,std::less&unsignedint&,std::allocator&int&&
004010FA$|EJMPGameServ.GDGuildDestroySend
004010FF$|E9FC0B0600JMPGameServ.CEledoradoEvent::SetEventState
.|E927C10500JMPGameServ.DevilSquareScoreSort
恶魔广场事件
$|E9F2751400JMPGameServ.std::vector&_CS_SCHEDULE_DATA,std::allocator&_CS_SCHEDULE_DATA&&::ins&
0040110E$|E97D9D0600JMPGameServ.std::vector&CASTLEDEEP_EVENTTIME,std::allocator&CASTLEDEEP_EVENTTIME&&
$|EJMPGameServ.std::vector&RINGMONSTER_DATA,std::allocator&RINGMONSTER_DATA&&::inser&
$|E9E38C0600JMPGameServ.std::_Tree&int,std::pair&intconst,std::vector&CASTLEDEEP_MONSTERINFO&
0040111D$|E93E4F1200JMPGameServ.CChaosCastle::LeaveUserChaosCastle
用户离开城堡
$|E9E96C1500JMPGameServ.std::vector&_MAPSVR_DATA*,std::allocator&_MAPSVR_DATA*&&::_Ucopy
$|E924B40700JMPGameServ.CItemBagEx::LoadItem
事件物品::装载物品
0040112C$|E92FC90800JMPGameServ.MapClass::CheckWall
地图类::查找城墙
$|E92A6E1500JMPGameServ.std::pair&intconst,_MAPSVR_DATA*&::pair&intconst,_MAPSVR_DATA*&
$|E9C5060A00JMPGameServ.PartyClass::PartyClass
0040113B$|E970F40B00JMPGameServ.TUnion::~TUnion
.|E99B720500JMPGameServ.CMultiAttackHackCheck::`scalardeletingdestructor
$|EJMPGameServ.GCItemMoveResultSend
GS-&CS物品移动
0040114A$|E941E40600JMPGameServ.std::vector&CASTLEDEEP_EVENTTIME,std::allocator&CASTLEDEEP_EVENTTIME&&
0040114F$|E92C020300JMPGameServ.CGItemDropRequest
CS-&GS物品凋落
$|EJMPGameServ.CViewportGuild::CViewportGuild
$|EJMPGameServ.CAttackEvent::SetMenualStart
0040115E$|E98DD70500JMPGameServ.std::vector&OBJECTSTRUCT*,std::allocator&OBJECTSTRUCT*&&::~vector&O&
$|E9B8E80F00JMPGameServ.CItem::NormalWeaponDurabilityDown
默认武器耐久下降
$|EJMPGameServ.std::_Tree&int,std::pair&intconst,TUnionInfo*&,std::map&int,TUnionI&
0040116D$|E95EB90200JMPGameServ.PChatProc
$|E9B9560700JMPGameServ.EGRecvChangeStones
恢复改变石头
$|E964B40C00JMPGameServ.gObjAddCallMon
0040117C$|E9FFBE0000JMPGameServ.std::map&int,_MONSTER_HERD_DATA,std::less&int&,std::allocator&_MONSTER&
$|E94A7F0200JMPGameServ.GJPUserKillRecv
用户技能回复
$|E955A31200JMPGameServ.std::map&int,_MONSTER_ITEM_DROP,std::less&int&,std::allocator&_MONSTER&
0040118B$|E9C01D0500JMPGameServ.DGGuildMemberInfo
战盟成员信息
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
GS中是怎么改的,GS的函数表我发出来,认识英文的都知道
004012EE$/E97D810F00JMPGameServ.CSetItemOption::GetSetOptionName
0040133E$/E9AD261000JMPGameServ.GetItemAttr
$/EJMPGameServ.CGUseItemRecv
$/E914F60A00JMPGameServ.CObjUseSkill::SkillChangeUse
004013FC$/E95F411000JMPGameServ.CGMMng::ManagerAdd
0040140B$/E9F0C40300JMPGameServ.GCGuildMasterManagerRun
./EJMPGameServ.CShop::LoadShopItem
./E9CAAE0900JMPGameServ.LogAddStrHexFunc
$/E9A2DC0D00JMPGameServ.gObjTradeItemBoxSet
$/E9F3EF0900JMPGameServ.TNotice::TNotice
./E915FE0F00JMPGameServ.ItemGetDefenseDurability
$/EJMPGameServ.gPlusItemNumber
$/EJMPGameServ.CSetItemOption::IsRequireClass
004014FB$/EJMPGameServ.DGOptionDataSend
0040151E$/E9FD4A0F00JMPGameServ.MsgOutput
$/E913D10E00JMPGameServ.gObjItemRandomLevelUp
$/E925A20700JMPGameServ.CItemBag::CItemBag
$/E967AD0B00JMPGameServ.gObjSetItemPlusSpecial
004016AE$/E91D280200JMPGameServ.ItemSerialCreateRecv
004016EF./E95C641000JMPGameServ.CMoveCommand::Load
$/E937AA0800JMPGameServ.MapClass::ItemGive
0040187F$/E94C480400JMPGameServ.GCServerCmd
$/EJMPGameServ.CShop::InsertItem
$/E9C3EF0100JMPGameServ.DataServerLogin
$/E9C6D60F00JMPGameServ.CItem::PetItemLevelDown
$/EJMPGameServ.CGPShopAnsOpen
$/EJMPGameServ.CShop::LoadShopItem
00401A00$/E94BD20F00JMPGameServ.CItem::DecPetItemExp
00401A8C./E9CF700F00JMPGameServ.CSetItemOption::LoadOptionInfo
00401ADC$/E92F711000JMPGameServ.CMoveCommand::Move
//大家说的移动不了的就是在这里改的
//也许大家应该明白点吧
00401AEB./E9A06D0F00JMPGameServ.CSetItemOption::LoadTypeInfo
00401B4F$/E92C391000JMPGameServ.CGMCommand::Add
GM的ADD命令不知道做什么的
00401BAE$/E90D030B00JMPGameServ.CObjUseSkill::SkillSuddenIce
00401BC7$/EJMPGameServ.zzzItemLevel
00401CF3./EJMPGameServ.CLoginCount::~CLoginCount
00401D20$/E94BDA0100JMPGameServ.DBSockMng::MsgProc
00401EA1$/E9BA0F1100JMPGameServ.GameServerStart
00401ED3./EJMPGameServ.NpcDeviasWareHousemen
00401FE1$/E94AC90F00JMPGameServ.CItem::AddPetItemExp
0040202C$/E9FFFF0100JMPGameServ.JGGetCharacterInfo
004020BD$/E9DE921100JMPGameServ.CBloodCastle::AddExperience
$/E9EB651000JMPGameServ.CMoveCommand::GetMoveLevel
$/E9D7190200JMPGameServ.GDGameServerInfoSave
004021CB$/EJMPGameServ.CMoveCommand::FindIndex
$/E928A50C00JMPGameServ.gObjUserKill
$/E9E8F80A00JMPGameServ.CObjUseSkill::SkillDeathPoison
004022BB$/EJMPGameServ.CItem::IsItem
0040230B./EJMPGameServ.CShop::CShop
$/E9AB151000JMPGameServ.IsItem
0040269E$/E9ED640200JMPGameServ.JGPAccountRequest
$/E9D27B0F00JMPGameServ.CItem::Convert
$/E978B50F00JMPGameServ.CItem::OldValue
0040286A$/E9C1661500JMPGameServ.NpcWarehouse
004029DC$/E9EF3F0900JMPGameServ.CLoginCount::Get
00402C3E$/E92D520B00JMPGameServ.gObjCalCharacter
00402C89$/E9D2F00100JMPGameServ.JGCharacterCreateRequest
00402CC5$/E9B67E0300JMPGameServ.CGPShopAnsBuyItem
00402CE8$/E993BD0800JMPGameServ.CMapItem::DropCreateItem
00402D15$/E9D68C0700JMPGameServ.CItemBag::LoadItem
00402D1A$/E9A17F0300JMPGameServ.CGPShopAnsSoldItem
00402D2E./E9CD061000JMPGameServ.OpenItemNameScript
00402E0F$/E99C241100JMPGameServ.CGate::GetGate
00402E6E./E98D440C00JMPGameServ.GetMapMoveLevel
00402EC3$/E9A8B81000JMPGameServ.GameServerInfoSend
00402EC8./EJMPGameServ.MonsterHerd::MonsterMoveAction
00402F04$/E9C7C50F00JMPGameServ.CItem::IsExtMonsterMoney
00402F2C$/E93F460500JMPGameServ.WithdrawUserMoney
00402F4F$/E9CC6B0300JMPGameServ.CGPShopReqBuyItem
00402FEA$/EJMPGameServ.IoSendSecond
$/E97AAE0F00JMPGameServ.CItem::GetSize
$/EJMPGameServ.CItem::Value
$/E9D4E80E00JMPGameServ.gObjGetItemCountInIventory
$/E9F75C0300JMPGameServ.CGPShopReqBuyList
$/EJMPGameServ.ShopDataLoad
$/EJMPGameServ.CGReqMoveOtherServer
0040346D$/E98EB40200JMPGameServ.CGPCharacterCreate
$/E9D42A0400JMPGameServ.GCItemUseSpecialTimeSend
004035AD$/E9FE030200JMPGameServ.GDUserItemSave
$/E94AE30300JMPGameServ.GCKillPlayerExpSend
$/E966CE0F00JMPGameServ.BufferItemtoConvert3
0040374C$/E9DF010F00JMPGameServ.MakeRandomSetItem
00403CC9$/E9F2B00300JMPGameServ.CGWarehouseMoneyInOut
00403DD7$/E9F4970200JMPGameServ.CGChatRecv
$/E9A6920700JMPGameServ.CItemBagEx::DropItem
$/E994BC1000JMPGameServ.SetMapName
0040410B./E900E30F00JMPGameServ.OpenItemScript
$/E9DA820F00JMPGameServ.CItem::GetNumber
$/E9D4F10100JMPGameServ.GDSetWarehouseMoney
$/E94A0D0100JMPGameServ.PathFindMoveMsgSend
./E998B50100JMPGameServ.TestDSSend
$/E9A89E1000JMPGameServ.LoadItemBag
00404BFB$/E960C40F00JMPGameServ.ItemGetSize
00404C46$/E915BD0700JMPGameServ.GetSkillNumberInex
00404CC3./E9C8B80F00JMPGameServ.ItemByteConvert7
00404CE1$/E94A1C0900JMPGameServ.CLoginCount::Init
00404F9D$/E96E130500JMPGameServ.char_ID::GetBuffer
0040506A$/E901A30200JMPGameServ.GCPkLevelSend
$/E927AE0300JMPGameServ.PMoveProc
$/E999DC0100JMPGameServ.DGGetWarehouseList
004050FB./E950E80F00JMPGameServ.GetSerialItem
./E934F70100JMPGameServ.ItemMovePathSave
$/E933BE0F00JMPGameServ.ItemGetNumberMake
./E9F26D1000JMPGameServ.GMDataClientMsgProc
$/E9A8400F00JMPGameServ.CSetItemOption::IsSetItem
$/E9F5971300JMPGameServ.CCastleSiege::SendNpcStateList
$/E9E7450200JMPGameServ.UserNoticeRecv
$/E9D2250800JMPGameServ.DataSend
004053DF$/E90C520200JMPGameServ.DataEncryptCheck
$/EJMPGameServ.MapClass::MoneyItemDrop
004054AC$/E95F920F00JMPGameServ.CItem::SetPetItemInfo
$/E959F20A00JMPGameServ.DecPartyMemberHPandMP
004055BA$/E951D30100JMPGameServ.GJSetCharacterInfo
$/EJMPGameServ.gObjMagicTextSave
$/E9E7691000JMPGameServ.ReadCommonServerInfo
$/E93BDE0F00JMPGameServ.GetLevelItem
***********************************************************************************************************************
1.00.16GS支持最大等级修改
004BC239|.894DFCmov[local.1],ecx
004BC23C|.837D0801cmp[arg.1],1
004BC240|.7C09jlshort004BC24B
004BC0010&cmpdwordptr[ebp+8],190;
这里为:160=400级!最大默认级别是400
004BC249|.7E04jleshort004BC24F
004BC24B|&33C0xoreax,eax
=========================================================
004BC2C0|./7C09jlshort004BC2CB
004BC2C2|817D0890010&cmpdwordptr[ebp+8],190
这里是第二处地址修改!
004BC2C9|.|7E04jleshort004BC2CF
004BC2CB|&\33C0xoreax,eax
004BC2CD|.EB37jmpshort004BC306
004BC2CF|&837D0C03cmp[arg.2],3
一共有两处!
*************************************************************************************************
1.00.16火龙王控制
内存/OD地址
火龙王掉钱每堆
00419E4F|?1027ADCBYTEPTRDS:[EDI],AH
掉落物品控制:
其中第一个&0e&的十进制(14)表示要掉落物品的子Item号(在Item.txt中定义),第二个表示要掉落物品的主Item号,1414对应的是Item.txt中的灵魂宝石.
00419F0B|.6A0EPUSH0E
00419F0D|.6A0EPUSH0E
其中第一个&0d&的十进制(13)表示要掉落物品的子Item号(在Item.txt中定义),第二个表示要掉落物品的主Item号,1413对应的是Item.txt中的祝福宝石.
00419E9D|.6A0DPUSH0D
00419E9F|.6A0EPUSH0E
**************************************************************************************************
1.00.16血色城堡奖励地址
00531A60/&\55pushebp
BECmovebp,esp
EC50subesp,50
4DFCmovdwordptr[ebp-4],ecx
00531A6C|.837D0800cmpdwordptr[ebp+8],0
D09jgeshort00531A7B
00531A72|.C745F000000&movdwordptr[ebp-10],0
00531A79|.EB0Fjmpshort00531A8A
00531A7B|&33C0xoreax,eax
00531A7D|.817D08E71C0&cmpdwordptr[ebp+8],1CE7
F9EC0setleal
45F0movdwordptr[ebp-10],eax
00531A8A|&837DF000cmpdwordptr[ebp-10],0
00531A8E|.7502jnzshort00531A92
00531A90|.EB7Ajmpshort00531B0C
B4D08movecx,dwordptr[ebp+8]
4DF8movdwordptr[ebp-8],ecx
A0Fpush0F;物品编号1
00531A9A|.6A0Cpush0C;物品编号2
00531A9C|.E81535EDFFcall00404FB6
0C408addesp,8
045F4movdwordptr[ebp-C],eax
00531AAB|.8B55F8movedx,dwordptr[ebp-8]
00531AAE|.52pushedx
00531AAF|.6A00push0
0B45F4moveax,dwordptr[ebp-C]
00531ABC|.50pusheax
00531ABD|.8B4D08movecx,dwordptr[ebp+8]
0C95C190000imulecx,ecx,195C
0Amovdl,byteptr[ecx+65E4062]
00531ACC|.52pushedx
00531ACD|.8B4508moveax,dwordptr[ebp+8]
0C05C190000imuleax,eax,195C
0Amovcl,byteptr[eax+65E4060]
00531ADC|.51pushecx
00531ADD|.8B5508movedx,dwordptr[ebp+8]
0D25C190000imuledx,edx,195C
0C0xoreax,eax
0Amoval,byteptr[edx+65E4065]
00531AEE|.05E3000000addeax,0E3
0B4D08movecx,dwordptr[ebp+8]
0C95C190000imulecx,ecx,195C
00531AFD|.8Bmovedx,dwordptr[ecx+65E3F58]
00531B04|.E8B21BEDFFcall004036BB
C434addesp,34
00531B0C|&5Fpopedi
00531B0D|.5Epopesi
00531B0E|.5Bpopebx
00531B0F|.8BE5movesp,ebp
00531B12\.C20400retn4
************************************************************************************************************************
1.00.16宝石掉率控制
DA8816B00&CMPDWORDPTRDS:[6B81A8],0-----这里就是祝福的了
FADDBYTEPTRDS:[EDI],CL-----这里就是祝福的了
0041AC7C|.0F8EA9000000JLEGameServ.0041AD2B
0041AC82|.E8FD4F1600CALLGameServ.0057FC84
0041AC88|.F73DA8816B00IDIVDWORDPTRDS:[6B81A8];GameServ.
0041AC8E|.85D2TESTEDX,EDX
********************************************************************************************************
1.00.16物品追加控制参数0041907D|&\8B559C|MOVEDX,DWORDPTRSS:[EBP-64]
5598|MOVDWORDPTRSS:[EBP-68],EDX
7D9800|CMPDWORDPTRSS:[EBP-68],0
0E|JESHORTGameServ.
7D9801|CMPDWORDPTRSS:[EBP-68],1
0041908D|.7417|JESHORTGameServ.
0041908F|.837D9802|CMPDWORDPTRSS:[EBP-68],2--------追16
20|JESHORTGameServ.
|.EB2B|JMPSHORTGameServ.
********************************************************************************************************
1.00.16部分接口跳转位置
置接口跳转(&OpenItemNameScript,到十进制(&&))***调用函数OpenItemNameScript
置接口跳转(&LogSkillNameList,到十进制(&&))***调用函数LogSkillNameList
置接口跳转(&CAcceptIpLoad,到十进制(&&))***调用函数.CAcceptIp::Load
置接口跳转(&gObjLevelUp,到十进制(&004D6380&))***调用函数gObjLevelUp004D6380
置接口跳转(&GCKillPlayerExpSend,到十进制(&&))***调用函数GCKillPlayerExpSend
置接口跳转(&CGWarehouseUseEnd,到十进制(&00445E00&))***调用函数CGWarehouseUseEnd00445E00
置接口跳转(&ManagementProc,到十进制(&&))***调用函数ManagementProc/cmdmove
置接口跳转(&GCCloseMsgSend,到十进制(&&))***调用函数GCCloseMsgSend
置接口跳转(&ResponErrorCloseClient,到十进制(&00487B40&))***调用函数ResponErrorCloseClient00487B40
置接口跳转(&GJPUserClose,到十进制(&&))***调用函数GJPUserClose
置接口跳转(&gObjGameClose,到十进制(&004D33C0&))***调用函数gObjGameClose004D33C0
置接口跳转(&gObjDel,到十进制(&004D3940&))***调用函数gObjDel004D3940
置接口跳转(&CGPCharDel,到十进制(&&))***调用函数CGPCharDel
置接口跳转(&GetNewPath,到十进制(&&))***调用函数GetNewPath
置接口跳转(&gObjTeleport,到十进制(&004F6230&))***调用函数gObjTeleport004F6230
置接口跳转(&Closechar,到十进制(&00426ED0&))***调用函数检查结婚角色退出,清档00426ED0
********************************************************************************************************
1.00.16赤色要塞启动人数修改
B4DFCMOVECX,DWORDPTRSS:[EBP-4]
0053BC28|.E86260ECFFCALLGameServ.00401C8F
0053BC2D|.8945F8MOVDWORDPTRSS:[EBP-8],EAX
7DF802CMPDWORDPTRSS:[EBP-8],2-------这里是启动所需要人数
D1DJGESHORTGameServ.0053BC53
B55F8MOVEDX,DWORDPTRSS:[EBP-8]
0053BC3A|.8B4508MOVEAX,DWORDPTRSS:[EBP+8]
0053BC3D|.83C001ADDEAX,1
完成要塞后套装掉率修改(祝福和创造)
0053ECBD|.BMOVECX,64
0053ECC2|.F7F9IDIVECX
0053ECC4|.8955F8MOVDWORDPTRSS:[EBP-8],EDX
0053ECC7|.C745F400000&MOVDWORDPTRSS:[EBP-C],0
0053ECCE|.C745F000000&MOVDWORDPTRSS:[EBP-10],0
0053ECD5|.C745EC00000&MOVDWORDPTRSS:[EBP-14],0
0053ECDC|.837DF832CMPDWORDPTRSS:[EBP-8],32
0053ECE0|.0F8DA9000000JGEGameServ.0053ED8F
********************************************************************************************************
1.00.16读取配置***接口
***接口(到十进制(&0051DCC9&),取子程指针(&读取配置,真),{232},{144,144,144,144,144},真)读取配置
0051DCA0&\EB27JMPSHORTGameServ.0051DCC9--主要在这里把函数导出
0051DCA2.5BPOPEBX
0051DCA3.8BE5MOVESP,EBP
0051DCA5.5DPOPEBP
0051DCA6.C3RETN
0051DCA7.D5A95100DDGameServ.;分支表已用于0051A9CE
0051DCAB.0FAB5100DDGameServ.0051AB0F
0051DCAF.5BAC5100DDGameServ.0051AC5B
0051DCB3.A7AD5100DDGameServ.0051ADA7
0051DCB7.F3AE5100DDGameServ.0051AEF3
0051DCBB.3FB05100DDGameServ.0051B03F
0051DCBF.D2B25100DDGameServ.
0051DCC3.8BB15100DDGameServ.0051B18B
0051DCC7CCINT3
0051DCC8CCINT3
这里开始汇编,写自己的接口.
0051DCC9&90NOP
0051DCCA.90NOP
0051DCCB.90NOP
0051DCCC.90NOP
0051DCCD.90NOP
以上是5个NOP,简称90大法,拓展接口,给DLL用的
0051DCCE.5FPOPEDI
0051DCCF.5EPOPESI
0051DCD0.5BPOPEBX
0051DCD1.8BE5MOVESP,EBP
0051DCD3.5DPOPEBP
0051DCD4.C3RETN
以上把函数在换回去,借了的不还可不行
0051DCD5CCINT3
0051DCD6CCINT3
0051DCD7CCINT3
0051DCD8CCINT3
0051DCD9CCINT3
0051DCDACCINT3
0051DCDBCCINT3
0051DCDCCCINT3
0051DCDDCCINT3
0051DCDECCINT3
(责任编辑:一路玩奇迹网)
本文由一路玩奇迹网原创,转载请注明链接:/jishu/programming/.html

参考资料

 

随机推荐