大航海时代ol台服找Call记(十五)交易商货物数据分析 - 1
购买货物
打开交易商人购买窗口,分批次购买第1个商品“玛咖”,搜索玛咖的数量,然后对数量地址 find out who access this address
[ecx+20] = 第1个物品数量,那ecx应该就是第1个物品的节点地址。
ECX处的内存数据情况,可以一眼看到很多的商品重要内容。
返回上一层看下,ECX的来源
GVOnline.exe+3F2DCB - 53 - push ebx
GVOnline.exe+3F2DCC - 8B D9 - mov ebx,ecx
GVOnline.exe+3F2DCE - E8 BD030000 - call GVOnline.exe+3F3190 { ------------------>此call 返回的eax 存入 [ebp-18]。 进去看一下 }
GVOnline.exe+3F2DD3 - 89 45 E8 - mov [ebp-18],eax ------------------>[ebp-18] = eax
GVOnline.exe+3F2DD6 - 85 C0 - test eax,eax
GVOnline.exe+3F2DD8 - 0F84 B4010000 - je GVOnline.exe+3F2F92
GVOnline.exe+3F2DDE - 8B C8 - mov ecx,eax
GVOnline.exe+3F2DE0 - E8 1B391900 - call GVOnline.exe+586700
GVOnline.exe+3F2DE5 - 3B 45 0C - cmp eax,[ebp+0C]
GVOnline.exe+3F2DE8 - 0F82 A4010000 - jb GVOnline.exe+3F2F92
GVOnline.exe+3F2DEE - 83 BB 98060000 00 - cmp dword ptr [ebx+00000698],00 { 0 }
GVOnline.exe+3F2DF5 - 56 - push esi
GVOnline.exe+3F2DF6 - 57 - push edi
GVOnline.exe+3F2DF7 - 8B BB 90060000 - mov edi,[ebx+00000690]
GVOnline.exe+3F2DFD - C7 45 F0 00000000 - mov [ebp-10],00000000 { 0 }
GVOnline.exe+3F2E04 - 7E 38 - jle GVOnline.exe+3F2E3E
GVOnline.exe+3F2E06 - 85 FF - test edi,edi
GVOnline.exe+3F2E08 - 0F84 69010000 - je GVOnline.exe+3F2F77
GVOnline.exe+3F2E0E - 8B 47 08 - mov eax,[edi+08]
GVOnline.exe+3F2E11 - 89 45 E4 - mov [ebp-1C],eax
GVOnline.exe+3F2E14 - 85 C0 - test eax,eax
GVOnline.exe+3F2E16 - 74 26 - je GVOnline.exe+3F2E3E
GVOnline.exe+3F2E18 - 8B C8 - mov ecx,eax
GVOnline.exe+3F2E1A - E8 413E1900 - call GVOnline.exe+586C60
GVOnline.exe+3F2E1F - 8B 4D 08 - mov ecx,[ebp+08]
GVOnline.exe+3F2E22 - 8B F0 - mov esi,eax
GVOnline.exe+3F2E24 - E8 77381900 - call GVOnline.exe+5866A0
GVOnline.exe+3F2E29 - 3B F0 - cmp esi,eax
GVOnline.exe+3F2E2B - 74 44 - je GVOnline.exe+3F2E71
GVOnline.exe+3F2E2D - 8B 45 F0 - mov eax,[ebp-10]
GVOnline.exe+3F2E30 - 8B 3F - mov edi,[edi]
GVOnline.exe+3F2E32 - 40 - inc eax
GVOnline.exe+3F2E33 - 89 45 F0 - mov [ebp-10],eax
GVOnline.exe+3F2E36 - 3B 83 98060000 - cmp eax,[ebx+00000698]
GVOnline.exe+3F2E3C - 7C C8 - jl GVOnline.exe+3F2E06
GVOnline.exe+3F2E3E - 33 FF - xor edi,edi
GVOnline.exe+3F2E40 - 33 C0 - xor eax,eax
GVOnline.exe+3F2E42 - 85 FF - test edi,edi
GVOnline.exe+3F2E44 - 0F94 C0 - sete al
GVOnline.exe+3F2E47 - 89 45 E4 - mov [ebp-1C],eax
GVOnline.exe+3F2E4A - 85 C0 - test eax,eax
GVOnline.exe+3F2E4C - 74 31 - je GVOnline.exe+3F2E7F
GVOnline.exe+3F2E4E - 6A 40 - push 40 { 64 }
GVOnline.exe+3F2E50 - E8 F1565900 - call GVOnline.exe+988546
GVOnline.exe+3F2E55 - 83 C4 04 - add esp,04 { 4 }
GVOnline.exe+3F2E58 - 89 45 F0 - mov [ebp-10],eax
GVOnline.exe+3F2E5B - C7 45 FC 00000000 - mov [ebp-04],00000000 { 0 }
GVOnline.exe+3F2E62 - 85 C0 - test eax,eax
GVOnline.exe+3F2E64 - 74 10 - je GVOnline.exe+3F2E76
GVOnline.exe+3F2E66 - 8B C8 - mov ecx,eax
GVOnline.exe+3F2E68 - E8 833C1900 - call GVOnline.exe+586AF0
GVOnline.exe+3F2E6D - 8B F8 - mov edi,eax
GVOnline.exe+3F2E6F - EB 07 - jmp GVOnline.exe+3F2E78
GVOnline.exe+3F2E71 - 8B 7D E4 - mov edi,[ebp-1C]
GVOnline.exe+3F2E74 - EB CA - jmp GVOnline.exe+3F2E40
GVOnline.exe+3F2E76 - 33 FF - xor edi,edi
GVOnline.exe+3F2E78 - C7 45 FC FFFFFFFF - mov [ebp-04],FFFFFFFF { -1 }
GVOnline.exe+3F2E7F - 8B B3 38060000 - mov esi,[ebx+00000638]
GVOnline.exe+3F2E85 - 8B CF - mov ecx,edi
GVOnline.exe+3F2E87 - E8 B43E1900 - call GVOnline.exe+586D40
GVOnline.exe+3F2E8C - 2B F0 - sub esi,eax
GVOnline.exe+3F2E8E - 8B 45 0C - mov eax,[ebp+0C]
GVOnline.exe+3F2E91 - 3B C6 - cmp eax,esi
GVOnline.exe+3F2E93 - 73 04 - jae GVOnline.exe+3F2E99
GVOnline.exe+3F2E95 - 8B F0 - mov esi,eax
GVOnline.exe+3F2E97 - EB 0F - jmp GVOnline.exe+3F2EA8
GVOnline.exe+3F2E99 - 8B B3 38060000 - mov esi,[ebx+00000638]
GVOnline.exe+3F2E9F - 8B CF - mov ecx,edi
GVOnline.exe+3F2EA1 - E8 9A3E1900 - call GVOnline.exe+586D40
GVOnline.exe+3F2EA6 - 2B F0 - sub esi,eax
GVOnline.exe+3F2EA8 - 8B 4D E8 - mov ecx,[ebp-18] { ------------------>ecx = [ebp-18] }
GVOnline.exe+3F2EAB - 56 - push esi
GVOnline.exe+3F2EAC - E8 CF391900 - call GVOnline.exe+586880 { --------------------->返回1 }
GVOnline.exe+3F2EB1 - 8B 4D 08 - mov ecx,[ebp+08]
//-------------进入GVOnline.exe+3F2DCE - E8 BD030000 - call GVOnline.exe+3F3190------------------
进入GVOnline.exe+3F2DCE - E8 BD030000 - call GVOnline.exe+3F3190
GVOnline.exe+3F3190 - 53 - push ebx
GVOnline.exe+3F3191 - 8B D9 - mov ebx,ecx
GVOnline.exe+3F3193 - 56 - push esi
GVOnline.exe+3F3194 - 83 BB 24060000 00 - cmp dword ptr [ebx+00000624],00 { ------------------>购买物品ID }
GVOnline.exe+3F319B - 57 - push edi
GVOnline.exe+3F319C - 74 28 - je GVOnline.exe+3F31C6
GVOnline.exe+3F319E - 8B B3 AC060000 - mov esi,[ebx+000006AC] { ------------------>交易所物品数组首地址 }
GVOnline.exe+3F31A4 - 85 F6 - test esi,esi
观察ebx+000006AC 地址处的内存数据:
可知,EBX+6AC 即为交易商货物的地址,
直接 Pointer find this address 0x010ABB12C
得交易商出售物品首地址 = [01291264]+6AC
第N个物品 = [[[01291264]+6AC]+0]+...+0]+8] (+8 ID)
浙公网安备 33010602011771号