本来计划实现了陆地上的自动跟随,接下来就开始找海上的跟随call,结果找了半天没有一点眉目,与陆地上不一样,尝试了很久也没有啥进展。就先放下,试试看与NPC对话的Call。
在选中NPC的ID地址(tabid地址)= 01212120+34 上,find who access this address ;
点击码头官员,进码头,有以下断点:
004450C7 - 83 7B 34 00 - cmp dword ptr [ebx+34],00
a进汇编:
//=======================================================
gvonline.bin+450BC - 8B 43 30 - mov eax,[ebx+30]
gvonline.bin+450BF - 89 45 08 - mov [ebp+08],eax
gvonline.bin+450C2 - 83 F8 02 - cmp eax,02 { 2 }
gvonline.bin+450C5 - 74 5E - je gvonline.bin+45125
gvonline.bin+450C7 - 83 7B 34 00 - cmp dword ptr [ebx+34],00 { 0 } <====断点此处(1),执行返回到上一层
gvonline.bin+450CB - 74 58 - je gvonline.bin+45125
//---------------------------------------------------------------------------
gvonline.bin+44140 - 56 - push esi
gvonline.bin+44141 - 8B CB - mov ecx,ebx
gvonline.bin+44143 - E8 280F0000 - call gvonline.bin+45070
gvonline.bin+44148 - 85 C0 - test eax,eax <-----返回此,继续返回(2)
//------------------------------------------------------------
gvonline.bin+441D6 - 83 3E 00 - cmp dword ptr [esi],00 { 0 }
gvonline.bin+441D9 - 75 15 - jne gvonline.bin+441F0
gvonline.bin+441DB - FF 75 08 - push [ebp+08]
gvonline.bin+441DE - E8 7DFEFFFF - call gvonline.bin+44060 //疑似?经测试不是。
gvonline.bin+441E3 - 83 7E 10 FF - cmp dword ptr [esi+10],-01 <-----返回此,继续返回(3)
gvonline.bin+441E7 - 74 07 - je gvonline.bin+441F0
//----------------------------------------------------------------
gvonline.bin+406A6 - 50 - push eax //eax=不同按钮不同数值(进城0x8f;进码头0x43...)
gvonline.bin+406A7 - 8B CF - mov ecx,edi //ecx = 0x01212120
gvonline.bin+406A9 - E8 223B0000 - call gvonline.bin+441D0 //此为进城、出港call,
gvonline.bin+406AE - EB CF - jmp gvonline.bin+4067F <-----返回此,经测试,上面即为对话Call(4)
CE的Auto Assecmble :
//--------------------
alloc(newmem,2048)
newmem:
push 0x8b //点不同按钮的ID
mov ecx,0x01212120
call gvonline.bin+441D0
ret
createthread(newmem)
浙公网安备 33010602011771号