大航海时代ol台服找Call记（十六）交易商货物数据分析 - 2 (出售货物）

出售货物

出售商品，一样用出售数量 Pointer find this address

GVOnline.exe+587760 - 55                    - push ebp
GVOnline.exe+587761 - 8B EC                 - mov ebp,esp
GVOnline.exe+587763 - 0FB7 41 18            - movzx eax,word ptr [ecx+18] { 断在此处，可知出售货物数量为2字节数据 }
GVOnline.exe+587767 - 8B 55 08              - mov edx,[ebp+08]

---

返回上一层看下ecx的来源

GVOnline.exe+3F8B4F - 8B 7D 08              - mov edi,[ebp+08]    -----------------> edi = [ebp+08]  
GVOnline.exe+3F8B52 - 8D 83 90060000        - lea eax,[ebx+00000690] （内存数据见下图，这里明显是 eax = 出售货物的地址）
GVOnline.exe+3F8B58 - 6A 00                 - push 00 { 0 }
GVOnline.exe+3F8B5A - 57                    - push edi
GVOnline.exe+3F8B5B - 8B C8                 - mov ecx,eax          ----------->地址eax 存入 ecx 
GVOnline.exe+3F8B5D - 89 5D EC              - mov [ebp-14],ebx
GVOnline.exe+3F8B60 - 89 45 F0              - mov [ebp-10],eax
GVOnline.exe+3F8B63 - E8 E9085900           - call GVOnline.exe+989451 {  -----------> 返回eax }
GVOnline.exe+3F8B68 - 89 45 08              - mov [ebp+08],eax     ------------> eax => [ebp+08] ,相当于修改了edi的值。
GVOnline.exe+3F8B6B - 85 C0                 - test eax,eax
GVOnline.exe+3F8B6D - 0F84 A3000000         - je GVOnline.exe+3F8C16
GVOnline.exe+3F8B73 - 56                    - push esi
GVOnline.exe+3F8B74 - 8B CF                 - mov ecx,edi
GVOnline.exe+3F8B76 - 8D B3 C8060000        - lea esi,[ebx+000006C8]
GVOnline.exe+3F8B7C - E8 3FE91800           - call GVOnline.exe+5874C0
GVOnline.exe+3F8B81 - 50                    - push eax
GVOnline.exe+3F8B82 - 8B CE                 - mov ecx,esi
GVOnline.exe+3F8B84 - E8 47EC1800           - call GVOnline.exe+5877D0
GVOnline.exe+3F8B89 - 8B D8                 - mov ebx,eax
GVOnline.exe+3F8B8B - 85 DB                 - test ebx,ebx
GVOnline.exe+3F8B8D - 75 3A                 - jne GVOnline.exe+3F8BC9
GVOnline.exe+3F8B8F - 6A 50                 - push 50 { 80 }
GVOnline.exe+3F8B91 - E8 B0F95800           - call GVOnline.exe+988546
GVOnline.exe+3F8B96 - 83 C4 04              - add esp,04 { 4 }
GVOnline.exe+3F8B99 - 89 45 E8              - mov [ebp-18],eax
GVOnline.exe+3F8B9C - 89 5D FC              - mov [ebp-04],ebx
GVOnline.exe+3F8B9F - 85 C0                 - test eax,eax
GVOnline.exe+3F8BA1 - 74 0C                 - je GVOnline.exe+3F8BAF
GVOnline.exe+3F8BA3 - 57                    - push edi
GVOnline.exe+3F8BA4 - 8B C8                 - mov ecx,eax
GVOnline.exe+3F8BA6 - E8 F5E71800           - call GVOnline.exe+5873A0
GVOnline.exe+3F8BAB - 8B D8                 - mov ebx,eax
GVOnline.exe+3F8BAD - EB 02                 - jmp GVOnline.exe+3F8BB1
GVOnline.exe+3F8BAF - 33 DB                 - xor ebx,ebx
GVOnline.exe+3F8BB1 - 6A 00                 - push 00 { 0 }
GVOnline.exe+3F8BB3 - 8B CB                 - mov ecx,ebx
GVOnline.exe+3F8BB5 - C7 45 FC FFFFFFFF     - mov [ebp-04],FFFFFFFF { -1 }
GVOnline.exe+3F8BBC - E8 8FEA1800           - call GVOnline.exe+587650
GVOnline.exe+3F8BC1 - 53                    - push ebx
GVOnline.exe+3F8BC2 - 8B CE                 - mov ecx,esi
GVOnline.exe+3F8BC4 - E8 FAF35A00           - call GVOnline.exe+9A7FC3
GVOnline.exe+3F8BC9 - 8B 75 0C              - mov esi,[ebp+0C]
GVOnline.exe+3F8BCC - 56                    - push esi
GVOnline.exe+3F8BCD - 8B CB                 - mov ecx,ebx
GVOnline.exe+3F8BCF - E8 7CEB1800           - call GVOnline.exe+587750
GVOnline.exe+3F8BD4 - 56                    - push esi
GVOnline.exe+3F8BD5 - 8B CF                 - mov ecx,edi          ---------------->ecx = edi
GVOnline.exe+3F8BD7 - E8 84EB1800           - call GVOnline.exe+587760 {------------> 返回1 }
GVOnline.exe+3F8BDC - 8B CF                 - mov ecx,edi

---

出售货物节点的具体内容补充：（其中：动态ID在出售货物时，作为货物ID使用，每次重新获得均会改变）

搜索Pointer find this address 0x 1ADE2858

得到出售物品首地址 = [01291264]+694

第N个物品 = [[[01291264]+694]+0]+...+0]+8] （+10 ID)