|
|
外挂技术及游戏安全研究
本教程视频1920*1080分辩率下观看最佳
VS2017+win10 64位 环境
郁金香老师: 150330575 //Q+Q
欢迎大家参加 郁金香灬技术 游戏安全与外挂的研究学习。
兴趣是我们最好的老师
成长需要过程与循序渐进
兴趣+坚持+时间+优秀的课教程会帮助你快速成功
需要准备工具 CrazyDbg调试器和配套的CE和xdbg
免责申明:
本课程仅供个人学习和研究软件内含的设计思想和原理,不得用于非法用途.
参考
高级班
学习目标:
分析拍卖行数据 一口价,最高价,起拍价,ID,时间等属性
38500 41250
$ ==> 0000000000009664 起拍价? 38500
$+8 0000000000009664 最低出价? 38500
$+10 00
$+11 00 00000000D8AD4F //疑是分类ID //mov rax, qword ptr [r14 + 0x11]
$+19 00000000000000
$+20 000000000000A122 //41250 一口价
$+28 0000000000000785
$+30 0000000000000000
$+38 0000000000000000
$-11D | E8 FA 4A AC 00 | call lostark.7FF6CFEEBED0 |
$-118 | 90 | nop |
$-117 | 48 8D 88 94 00 00 00 | lea rcx,qword ptr ds:[rax+94] |
$-110 | 48 8B 01 | mov rax,qword ptr ds:[rcx] |
$-10D | FF 50 08 | call qword ptr ds:[rax+8] |
$-10A | 48 8B 05 5D 84 04 03 | mov rax,qword ptr ds:[7FF6D246F848] |
$-103 | 48 8D B0 20 01 00 00 | lea rsi,qword ptr ds:[rax+120] | [0x7ff6d246f848]+120
$-FC | 48 89 B5 A8 01 00 00 | mov qword ptr ss:[rbp+1A8],rsi |
$-F5 | 48 85 F6 | test rsi,rsi |
$-F2 | 0F 84 B4 16 00 00 | je lostark.7FF6CF428AB6 |
$-EC | 85 DB | test ebx,ebx |
$-EA | 75 11 | jne lostark.7FF6CF427417 |
$-E8 | 48 8B 87 F1 00 00 00 | mov rax,qword ptr ds:[rdi+F1] |
$-E1 | 49 39 46 11 | cmp qword ptr ds:[r14+11],rax |
$-DD | 0F 85 9F 16 00 00 | jne lostark.7FF6CF428AB6 |
$-D7 | 49 8B 46 11 | mov rax,qword ptr ds:[r14+11] |
$-D3 | 48 89 85 88 03 00 00 | mov qword ptr ss:[rbp+388],rax |
$-CC | 48 89 87 F1 00 00 00 | mov qword ptr ds:[rdi+F1],rax |
$-C5 | 48 8D 8F 20 01 00 00 | lea rcx,qword ptr ds:[rdi+120] |
$-BE | 49 8D 56 40 | lea rdx,qword ptr ds:[r14+40] |
$-BA | E8 37 A9 3B FF | call lostark.7FF6CE7E1D70 |
$-B5 | 49 8B 46 08 | mov rax,qword ptr ds:[r14+8] |
$-B1 | 48 89 87 E8 00 00 00 | mov qword ptr ds:[rdi+E8],rax |
$-AA | 49 8B 46 20 | mov rax,qword ptr ds:[r14+20] |
$-A6 | 48 89 87 00 01 00 00 | mov qword ptr ds:[rdi+100],rax |
$-9F | 49 8B 46 28 | mov rax,qword ptr ds:[r14+28] |
$-9B | 48 89 87 08 01 00 00 | mov qword ptr ds:[rdi+108],rax |
$-94 | 41 0F B6 86 10 07 00 00 | movzx eax,byte ptr ds:[r14+710] |
$-8C | 88 87 F0 07 00 00 | mov byte ptr ds:[rdi+7F0],al |
$-86 | 49 8B 86 11 07 00 00 | mov rax,qword ptr ds:[r14+711] |
$-7F | 48 89 87 F1 07 00 00 | mov qword ptr ds:[rdi+7F1],rax |
$-78 | 41 80 7E 19 00 | cmp byte ptr ds:[r14+19],0 |
$-73 | 0F 95 C0 | setne al |
$-70 | 84 C0 | test al,al |
$-6E | 0F 95 C0 | setne al |
$-6B | 88 87 F9 00 00 00 | mov byte ptr ds:[rdi+F9],al |
$-65 | 49 8B 46 38 | mov rax,qword ptr ds:[r14+38] |
$-61 | 48 89 87 18 01 00 00 | mov qword ptr ds:[rdi+118],rax |
$-5A | 49 8B 06 | mov rax,qword ptr ds:[r14] |
$-57 | 48 89 87 E0 00 00 00 | mov qword ptr ds:[rdi+E0],rax |
$-50 | 49 8B 56 30 | mov rdx,qword ptr ds:[r14+30] |
$-4C | 48 89 95 C0 01 00 00 | mov qword ptr ss:[rbp+1C0],rdx |
$-45 | 48 8B 87 10 01 00 00 | mov rax,qword ptr ds:[rdi+110] |
$-3E | 48 89 85 00 02 00 00 | mov qword ptr ss:[rbp+200],rax |
$-37 | 48 8D 8D C0 01 00 00 | lea rcx,qword ptr ss:[rbp+1C0] |
$-30 | 4C 8D 85 00 02 00 00 | lea r8,qword ptr ss:[rbp+200] |
$-29 | 48 3B C2 | cmp rax,rdx |
$-26 | 49 0F 4D C8 | cmovge rcx,r8 |
$-22 | 48 8B 01 | mov rax,qword ptr ds:[rcx] |
$-1F | 48 89 87 10 01 00 00 | mov qword ptr ds:[rdi+110],rax |
$-18 | 41 0F B6 46 10 | movzx eax,byte ptr ds:[r14+10] |
$-13 | 88 87 F0 00 00 00 | mov byte ptr ds:[rdi+F0],al |
$-D | 45 33 C0 | xor r8d,r8d |
$-A | B2 02 | mov dl,2 |
$-8 | 48 8B CE | mov rcx,rsi | [0x7ff6d246f848]+120
$-5 | E8 E2 1D AF 00 | call <lostark.返回当前金币数量> |
$ ==> | 4C 8B F8 | mov r15,rax | rsp+1350+38 //返回地址
$+3 | 4C 03 BF 10 01 00 00 | add r15,qword ptr ds:[rdi+110] |
$+A | 48 8D 0D 49 8D C5 01 | lea rcx,qword ptr ds:[7FF6D1080248] |
$+11 | FF 15 BB 62 BF 01 | call qword ptr ds:[<&appStrlen>] |
$+17 | 8D 58 01 | lea ebx,dword ptr ds:[rax+1] |
$+1A | 48 8D 4D 80 | lea rcx,qword ptr ss:[rbp-80] |
38500 41250
$ ==> 0000000000009664 起拍价? 38500
$+8 0000000000009664 最低出价? 38500
$+10 00
$+11 00 00000000D8AD4F //疑是分类ID //mov rax, qword ptr [r14 + 0x11]
$+19 00000000000000
$+20 000000000000A122 //41250 一口价
$+28 0000000000000785
$+30 0000000000000000
$+38 0000000000000000
$-10A | 48 8B 05 5D 84 04 03 | mov rax,qword ptr ds:[7FF6D246F848] | 基址
$-103 | 48 8D B0 20 01 00 00 | lea rsi,qword ptr ds:[rax+120] | [0x7ff6d246f848]+120
$-FC | 48 89 B5 A8 01 00 00 | mov qword ptr ss:[rbp+1A8],rsi |
$-F5 | 48 85 F6 | test rsi,rsi |
$-F2 | 0F 84 B4 16 00 00 | je lostark.7FF6CF428AB6 |
$-EC | 85 DB | test ebx,ebx |
$-EA | 75 11 | jne lostark.7FF6CF427417 |
$-E8 | 48 8B 87 F1 00 00 00 | mov rax,qword ptr ds:[rdi+F1] |
$-E1 | 49 39 46 11 | cmp qword ptr ds:[r14+11],rax | +011 //UINT64 分类ID?
$-DD | 0F 85 9F 16 00 00 | jne lostark.7FF6CF428AB6 |
$-D7 | 49 8B 46 11 | mov rax,qword ptr ds:[r14+11] | +011 //UINT64 分类ID?
$-D3 | 48 89 85 88 03 00 00 | mov qword ptr ss:[rbp+388],rax |
$-CC | 48 89 87 F1 00 00 00 | mov qword ptr ds:[rdi+F1],rax |
$-C5 | 48 8D 8F 20 01 00 00 | lea rcx,qword ptr ds:[rdi+120] |
$-BE | 49 8D 56 40 | lea rdx,qword ptr ds:[r14+40] | +040 //struct ???
$-BA | E8 37 A9 3B FF | call lostark.7FF6CE7E1D70 |
$-B5 | 49 8B 46 08 | mov rax,qword ptr ds:[r14+8] | +08 // 最低出价? 38500
$-B1 | 48 89 87 E8 00 00 00 | mov qword ptr ds:[rdi+E8],rax |
$-AA | 49 8B 46 20 | mov rax,qword ptr ds:[r14+20] | +20 //一口价
$-A6 | 48 89 87 00 01 00 00 | mov qword ptr ds:[rdi+100],rax |
$-9F | 49 8B 46 28 | mov rax,qword ptr ds:[r14+28] | +28
$-9B | 48 89 87 08 01 00 00 | mov qword ptr ds:[rdi+108],rax |
$-94 | 41 0F B6 86 10 07 00 00 | movzx eax,byte ptr ds:[r14+710] | +710 //BYTE
$-8C | 88 87 F0 07 00 00 | mov byte ptr ds:[rdi+7F0],al |
$-86 | 49 8B 86 11 07 00 00 | mov rax,qword ptr ds:[r14+711] | +711 //UINT64
$-7F | 48 89 87 F1 07 00 00 | mov qword ptr ds:[rdi+7F1],rax |
$-78 | 41 80 7E 19 00 | cmp byte ptr ds:[r14+19],0 | +019 //BYTE
$-73 | 0F 95 C0 | setne al |
$-70 | 84 C0 | test al,al |
$-6E | 0F 95 C0 | setne al |
$-6B | 88 87 F9 00 00 00 | mov byte ptr ds:[rdi+F9],al |
$-65 | 49 8B 46 38 | mov rax,qword ptr ds:[r14+38] | +038 //UINT64
$-61 | 48 89 87 18 01 00 00 | mov qword ptr ds:[rdi+118],rax |
$-5A | 49 8B 06 | mov rax,qword ptr ds:[r14] | +000 //起拍价? 38500
$-57 | 48 89 87 E0 00 00 00 | mov qword ptr ds:[rdi+E0],rax |
$-50 | 49 8B 56 30 | mov rdx,qword ptr ds:[r14+30] | +030 //UINT64
$-4C | 48 89 95 C0 01 00 00 | mov qword ptr ss:[rbp+1C0],rdx |
$-45 | 48 8B 87 10 01 00 00 | mov rax,qword ptr ds:[rdi+110] |
$-3E | 48 89 85 00 02 00 00 | mov qword ptr ss:[rbp+200],rax |
$-37 | 48 8D 8D C0 01 00 00 | lea rcx,qword ptr ss:[rbp+1C0] |
$-30 | 4C 8D 85 00 02 00 00 | lea r8,qword ptr ss:[rbp+200] |
$-29 | 48 3B C2 | cmp rax,rdx |
$-26 | 49 0F 4D C8 | cmovge rcx,r8 |
$-22 | 48 8B 01 | mov rax,qword ptr ds:[rcx] |
$-1F | 48 89 87 10 01 00 00 | mov qword ptr ds:[rdi+110],rax |
$-18 | 41 0F B6 46 10 | movzx eax,byte ptr ds:[r14+10] | +010 //BYTE
$-13 | 88 87 F0 00 00 00 | mov byte ptr ds:[rdi+F0],al |
$-D | 45 33 C0 | xor r8d,r8d |
$-A | B2 02 | mov dl,2 |
$-8 | 48 8B CE | mov rcx,rsi | [0x7ff6d246f848]+120
$-5 | E8 E2 1D AF 00 | call <lostark.返回当前金币数量> |
$ ==> | 4C 8B F8 | mov r15,rax | rsp+1350+38 //返回地址
$+3 | 4C 03 BF 10 01 00 00 | add r15,qword ptr ds:[rdi+110] |
$+A | 48 8D 0D 49 8D C5 01 | lea rcx,qword ptr ds:[7FF6D1080248] |
$+11 | FF 15 BB 62 BF 01 | call qword ptr ds:[<&appStrlen>] |
$+17 | 8D 58 01 | lea ebx,dword ptr ds:[rax+1] |
$-1AE | 40 55 | push rbp |
$-1AC | 56 | push rsi |
$-1AB | 57 | push rdi |
$-1AA | 41 54 | push r12 |
$-1A8 | 41 55 | push r13 |
$-1A6 | 41 56 | push r14 |
$-1A4 | 41 57 | push r15 |
$-1A2 | 48 8D AC 24 B0 ED FF FF | lea rbp,qword ptr ss:[rsp-1250] |
$-19A | B8 50 13 00 00 | mov eax,1350 |
$-195 | E8 22 39 78 01 | call <lostark.RSP堆栈上分配内存空间> |
$-190 | 48 2B E0 | sub rsp,rax |
$-18D | 48 C7 85 80 03 00 00 FE FF FF | mov qword ptr ss:[rbp+380],FFFFFFFFFFFFFF |
$-182 | 48 89 9C 24 A0 13 00 00 | mov qword ptr ss:[rsp+13A0],rbx |
$-17A | 48 8B 05 C5 0D 02 03 | mov rax,qword ptr ds:[7FF6D2448140] |
$-173 | 48 33 C4 | xor rax,rsp |
$-170 | 48 89 85 40 12 00 00 | mov qword ptr ss:[rbp+1240],rax |
$-169 | 41 8B D8 | mov ebx,r8d |
$-166 | 4C 8B F2 | mov r14,rdx | 下节课 继续向上追数据来源
$-163 | 48 8B F9 | mov rdi,rcx |
$-160 | 4C 8B 69 0C | mov r13,qword ptr ds:[rcx+C] |
$-15C | 4D 85 ED | test r13,r13 |
$-159 | 0F 84 1B 17 00 00 | je lostark.7FF6CF428AB6 |
$-153 | 49 8B CD | mov rcx,r13 |
$-150 | E8 6D 24 63 00 | call lostark.7FF6CFA59810 |
$-14B | 85 C0 | test eax,eax |
$-149 | 0F 84 0B 17 00 00 | je lostark.7FF6CF428AB6 |
$-143 | 48 8B 05 96 84 04 03 | mov rax,qword ptr ds:[7FF6D246F848] |
$-13C | 48 85 C0 | test rax,rax |
$-139 | 75 34 | jne lostark.7FF6CF4273EB |
$-137 | 8D 50 08 | lea edx,dword ptr ds:[rax+8] |
$-134 | B9 68 16 00 00 | mov ecx,1668 |
$-12F | FF 15 D3 63 BF 01 | call qword ptr ds:[<&appMalloc>] |
$-129 | 48 89 45 C8 | mov qword ptr ss:[rbp-38],rax |
$-125 | 48 85 C0 | test rax,rax |
$-122 | 74 09 | je lostark.7FF6CF4273D7 |
$-120 | 48 8B C8 | mov rcx,rax |
$-11D | E8 FA 4A AC 00 | call lostark.7FF6CFEEBED0 |
$-118 | 90 | nop |
$-117 | 48 8D 88 94 00 00 00 | lea rcx,qword ptr ds:[rax+94] |
$-110 | 48 8B 01 | mov rax,qword ptr ds:[rcx] |
$-10D | FF 50 08 | call qword ptr ds:[rax+8] |
$-10A | 48 8B 05 5D 84 04 03 | mov rax,qword ptr ds:[7FF6D246F848] | 基址
$-103 | 48 8D B0 20 01 00 00 | lea rsi,qword ptr ds:[rax+120] | [0x7ff6d246f848]+120
$-FC | 48 89 B5 A8 01 00 00 | mov qword ptr ss:[rbp+1A8],rsi |
$-F5 | 48 85 F6 | test rsi,rsi |
$-F2 | 0F 84 B4 16 00 00 | je lostark.7FF6CF428AB6 |
$-EC | 85 DB | test ebx,ebx |
$-EA | 75 11 | jne lostark.7FF6CF427417 |
$-E8 | 48 8B 87 F1 00 00 00 | mov rax,qword ptr ds:[rdi+F1] |
$-E1 | 49 39 46 11 | cmp qword ptr ds:[r14+11],rax | +011 //UINT64 分类ID?
$-DD | 0F 85 9F 16 00 00 | jne lostark.7FF6CF428AB6 |
$-D7 | 49 8B 46 11 | mov rax,qword ptr ds:[r14+11] | +011 //UINT64 分类ID?
$-D3 | 48 89 85 88 03 00 00 | mov qword ptr ss:[rbp+388],rax |
$-CC | 48 89 87 F1 00 00 00 | mov qword ptr ds:[rdi+F1],rax |
$-C5 | 48 8D 8F 20 01 00 00 | lea rcx,qword ptr ds:[rdi+120] | rdi+120:L".dll,-572"
$-BE | 49 8D 56 40 | lea rdx,qword ptr ds:[r14+40] | +040 //struct ???
$-BA | E8 37 A9 3B FF | call lostark.7FF6CE7E1D70 |
$-B5 | 49 8B 46 08 | mov rax,qword ptr ds:[r14+8] | +08 // 最低出价? 38500
$-B1 | 48 89 87 E8 00 00 00 | mov qword ptr ds:[rdi+E8],rax | [rdi+E8]:Ordinal95+100
$-AA | 49 8B 46 20 | mov rax,qword ptr ds:[r14+20] | +20 //一口价
$-A6 | 48 89 87 00 01 00 00 | mov qword ptr ds:[rdi+100],rax |
$-9F | 49 8B 46 28 | mov rax,qword ptr ds:[r14+28] | +28
$-9B | 48 89 87 08 01 00 00 | mov qword ptr ds:[rdi+108],rax |
$-94 | 41 0F B6 86 10 07 00 00 | movzx eax,byte ptr ds:[r14+710] | +710 //BYTE
$-8C | 88 87 F0 07 00 00 | mov byte ptr ds:[rdi+7F0],al |
$-86 | 49 8B 86 11 07 00 00 | mov rax,qword ptr ds:[r14+711] | +711 //UINT64
$-7F | 48 89 87 F1 07 00 00 | mov qword ptr ds:[rdi+7F1],rax |
$-78 | 41 80 7E 19 00 | cmp byte ptr ds:[r14+19],0 | +019 //BYTE
$-73 | 0F 95 C0 | setne al |
$-70 | 84 C0 | test al,al |
$-6E | 0F 95 C0 | setne al |
$-6B | 88 87 F9 00 00 00 | mov byte ptr ds:[rdi+F9],al |
$-65 | 49 8B 46 38 | mov rax,qword ptr ds:[r14+38] | +038 //UINT64
$-61 | 48 89 87 18 01 00 00 | mov qword ptr ds:[rdi+118],rax | rdi+118:L"zres.dll,-572"
$-5A | 49 8B 06 | mov rax,qword ptr ds:[r14] | +000 //起拍价? 38500
$-57 | 48 89 87 E0 00 00 00 | mov qword ptr ds:[rdi+E0],rax |
$-50 | 49 8B 56 30 | mov rdx,qword ptr ds:[r14+30] | +030 //UINT64
$-4C | 48 89 95 C0 01 00 00 | mov qword ptr ss:[rbp+1C0],rdx |
$-45 | 48 8B 87 10 01 00 00 | mov rax,qword ptr ds:[rdi+110] |
$-3E | 48 89 85 00 02 00 00 | mov qword ptr ss:[rbp+200],rax |
$-37 | 48 8D 8D C0 01 00 00 | lea rcx,qword ptr ss:[rbp+1C0] |
$-30 | 4C 8D 85 00 02 00 00 | lea r8,qword ptr ss:[rbp+200] |
$-29 | 48 3B C2 | cmp rax,rdx |
$-26 | 49 0F 4D C8 | cmovge rcx,r8 |
$-22 | 48 8B 01 | mov rax,qword ptr ds:[rcx] |
$-1F | 48 89 87 10 01 00 00 | mov qword ptr ds:[rdi+110],rax |
$-18 | 41 0F B6 46 10 | movzx eax,byte ptr ds:[r14+10] | +010 //BYTE
$-13 | 88 87 F0 00 00 00 | mov byte ptr ds:[rdi+F0],al |
$-D | 45 33 C0 | xor r8d,r8d |
$-A | B2 02 | mov dl,2 |
$-8 | 48 8B CE | mov rcx,rsi | [0x7ff6d246f848]+120
$-5 | E8 E2 1D AF 00 | call <lostark.返回当前金币数量> |
$ ==> | 4C 8B F8 | mov r15,rax | rsp+1350+38 //返回地址
$+3 | 4C 03 BF 10 01 00 00 | add r15,qword ptr ds:[rdi+110] |
$+A | 48 8D 0D 49 8D C5 01 | lea rcx,qword ptr ds:[7FF6D1080248] |
$+11 | FF 15 BB 62 BF 01 | call qword ptr ds:[<&appStrlen>] |
$+17 | 8D 58 01 | lea ebx,dword ptr ds:[rax+1] |
$+1A | 48 8D 4D 80 | lea rcx,qword ptr ss:[rbp-80] |
$+1E | FF 15 96 62 BF 01 | call qword ptr ds:[<&FCoverReference::FCo |
$+24 | 90 | nop |
$+25 | 89 5D 88 | mov dword ptr ss:[rbp-78],ebx |
$+28 | 89 5D 8C | mov dword ptr ss:[rbp-74],ebx |
$+2B | 41 B9 02 00 00 00 | mov r9d,2 |
$+31 | 44 8B C3 | mov r8d,ebx |
$+34 | 33 D2 | xor edx,edx |
$+36 | 48 8D 4D 80 | lea rcx,qword ptr ss:[rbp-80] |
$+3A | FF 15 8A 62 BF 01 | call qword ptr ds:[<&FHeapAllocator::ForA |
$+40 | 90 | nop |
$+41 | 48 63 45 88 | movsxd rax,dword ptr ss:[rbp-78] |
$+45 | 85 C0 | test eax,eax |
$+47 | 74 17 | je lostark.7FF6CF42754E |
$+49 | 4C 8B C0 | mov r8,rax |
$+4C | 4D 03 C0 | add r8,r8 |
$+4F | 48 8D 15 04 8D C5 01 | lea rdx,qword ptr ds:[7FF6D1080248] |
$+56 | 48 8B 4D 80 | mov rcx,qword ptr ss:[rbp-80] |
$+5A | E8 43 35 78 01 | call <lostark.memcpy> |
$+5F | 90 | nop |
$+60 | 49 8B 56 20 | mov rdx,qword ptr ds:[r14+20] |
$+64 | 48 8D 35 AF 6A C2 01 | lea rsi,qword ptr ds:[7FF6D104E008] |
$+6B | 48 85 D2 | test rdx,rdx |
$+6E | 0F 84 F9 00 00 00 | je lostark.7FF6CF42765B |
$+74 | 48 8D 4D 80 | lea rcx,qword ptr ss:[rbp-80] |
$+78 | 4C 3B FA | cmp r15,rdx |
$+7B | 0F 8D E1 00 00 00 | jge lostark.7FF6CF427650 |
$+81 | E8 AC 46 4C 00 | call lostark.7FF6CF8EBC20 |
$+86 | 8B 5D 88 | mov ebx,dword ptr ss:[rbp-78] |
$+89 | 48 8D 4D 48 | lea rcx,qword ptr ss:[rbp+48] |
$+8D | FF 15 27 62 BF 01 | call qword ptr ds:[<&FCoverReference::FCo |
$+93 | 90 | nop |
$+94 | 89 5D 50 | mov dword ptr ss:[rbp+50],ebx |
$+97 | 89 5D 54 | mov dword ptr ss:[rbp+54],ebx |
$+9A | 41 B9 02 00 00 00 | mov r9d,2 |
$+A0 | 44 8B C3 | mov r8d,ebx |
$+A3 | 33 D2 | xor edx,edx |
$+A5 | 48 8D 4D 48 | lea rcx,qword ptr ss:[rbp+48] |
$+A9 | FF 15 1B 62 BF 01 | call qword ptr ds:[<&FHeapAllocator::ForA |
$+AF | 90 | nop |
$+B0 | 48 63 45 50 | movsxd rax,dword ptr ss:[rbp+50] |
$+B4 | 85 C0 | test eax,eax |
$+B6 | 74 14 | je lostark.7FF6CF4275BA |
$+B8 | 4C 8B C0 | mov r8,rax |
$+BB | 4D 03 C0 | add r8,r8 |
$+BE | 48 8B 55 80 | mov rdx,qword ptr ss:[rbp-80] |
$+C2 | 48 8B 4D 48 | mov rcx,qword ptr ss:[rbp+48] |
$+C6 | E8 D7 34 78 01 | call <lostark.memcpy> |
$+CB | 90 | nop |
$+CC | C7 44 24 20 00 00 00 00 | mov dword ptr ss:[rsp+20],0 |
$+D4 | 45 33 C9 | xor r9d,r9d |
$+D7 | 41 B8 FF 00 00 00 | mov r8d,FF |
$+DD | 48 8D 95 F0 01 00 00 | lea rdx,qword ptr ss:[rbp+1F0] |
$+E4 | 48 8D 4D 48 | lea rcx,qword ptr ss:[rbp+48] |
$+E8 | E8 D5 63 FD FF | call lostark.7FF6CF3FD9B0 |
$+ED | 48 8B D8 | mov rbx,rax |
$+F0 | 48 8D 45 80 | lea rax,qword ptr ss:[rbp-80] |
$+F4 | 48 3B C3 | cmp rax,rbx |
$+F7 | 74 42 | je lostark.7FF6CF427629 |
$+F9 | 44 8B 43 08 | mov r8d,dword ptr ds:[rbx+8] |
$+FD | 44 89 45 8C | mov dword ptr ss:[rbp-74],r8d |
$+101 | 44 89 45 88 | mov dword ptr ss:[rbp-78],r8d |
$+105 | 33 D2 | xor edx,edx |
$+107 | 44 8D 4A 02 | lea r9d,dword ptr ds:[rdx+2] |
$+10B | 48 8D 4D 80 | lea rcx,qword ptr ss:[rbp-80] |
$+10F | FF 15 B5 61 BF 01 | call qword ptr ds:[<&FHeapAllocator::ForA |
$+115 | 48 63 45 88 | movsxd rax,dword ptr ss:[rbp-78] |
$+119 | 85 C0 | test eax,eax |
$+11B | 74 1E | je lostark.7FF6CF427629 |
$+11D | 83 7B 08 00 | cmp dword ptr ds:[rbx+8],0 |
$+121 | 74 05 | je lostark.7FF6CF427616 |
$+123 | 48 8B 13 | mov rdx,qword ptr ds:[rbx] |
$+126 | EB 03 | jmp lostark.7FF6CF427619 |
$+128 | 48 8B D6 | mov rdx,rsi |
$+12B | 4C 8B C0 | mov r8,rax |
$+12E | 4D 03 C0 | add r8,r8 |
$+131 | 48 8B 4D 80 | mov rcx,qword ptr ss:[rbp-80] |
$+135 | E8 68 34 78 01 | call <lostark.memcpy> |
$+13A | 90 | nop |
$+13B | 33 DB | xor ebx,ebx |
$+13D | 48 89 9D F8 01 00 00 | mov qword ptr ss:[rbp+1F8],rbx |
$+144 | 48 8D 8D F0 01 00 00 | lea rcx,qword ptr ss:[rbp+1F0] |
$+14B | FF 15 71 61 BF 01 | call qword ptr ds:[<&FHeapAllocator::ForA |
$+151 | 90 | nop |
$+152 | 48 89 5D 50 | mov qword ptr ss:[rbp+50],rbx |
$+156 | 48 8D 4D 48 | lea rcx,qword ptr ss:[rbp+48] |
$+15A | FF 15 62 61 BF 01 | call qword ptr ds:[<&FHeapAllocator::ForA |
$+160 | EB 0D | jmp lostark.7FF6CF42765D |
$+162 | 45 33 C9 | xor r9d,r9d |
$+165 | 45 33 C0 | xor r8d,r8d |
$+168 | E8 95 4D 4C 00 | call lostark.7FF6CF8EC3F0 |
$+16D | 33 DB | xor ebx,ebx |
$+16F | 8B D3 | mov edx,ebx |
$+171 | 49 83 7E 20 00 | cmp qword ptr ds:[r14+20],0 |
$+176 | 0F 95 C2 | setne dl |
$+179 | 48 8B 8F A0 00 00 00 | mov rcx,qword ptr ds:[rdi+A0] |
$+180 | E8 9D C7 21 00 | call lostark.7FF6CF643E10 |
$+185 | 48 8B 8F 98 00 00 00 | mov rcx,qword ptr ds:[rdi+98] |
$+18C | 48 8B 01 | mov rax,qword ptr ds:[rcx] |
$+18F | 45 33 C0 | xor r8d,r8d |
$+192 | 48 8D 55 80 | lea rdx,qword ptr ss:[rbp-80] |
$+196 | FF 90 B0 00 00 00 | call qword ptr ds:[rax+B0] |
$+19C | 48 8D 4D 78 | lea rcx,qword ptr ss:[rbp+78] |
$+1A0 | FF 15 14 61 BF 01 | call qword ptr ds:[<&FCoverReference::FCo |
$+1A6 | 48 C7 85 80 00 00 00 00 00 00 | mov qword ptr ss:[rbp+80],0 |
$+1B1 | 45 33 C9 | xor r9d,r9d |
$+1B4 | 45 33 C0 | xor r8d,r8d |
$+1B7 | 49 8B 56 08 | mov rdx,qword ptr ds:[r14+8] |
$+1BB | 48 8D 4D 78 | lea rcx,qword ptr ss:[rbp+78] |
$+1BF | E8 3E 4D 4C 00 | call lostark.7FF6CF8EC3F0 |
$+1C4 | 48 8B 4F 60 | mov rcx,qword ptr ds:[rdi+60] |
$+1C8 | 48 8B 01 | mov rax,qword ptr ds:[rcx] |
$+1CB | 45 33 C0 | xor r8d,r8d |
$+1CE | 48 8D 55 78 | lea rdx,qword ptr ss:[rbp+78] |
$+1D2 | FF 90 B0 00 00 00 | call qword ptr ds:[rax+B0] |
$+1D8 | 48 8D 4D 68 | lea rcx,qword ptr ss:[rbp+68] |
$+1DC | FF 15 D8 60 BF 01 | call qword ptr ds:[<&FCoverReference::FCo |
$+1E2 | 48 C7 45 70 00 00 00 00 | mov qword ptr ss:[rbp+70],0 |
$+1EA | 49 83 7E 38 00 | cmp qword ptr ds:[r14+38],0 |
$+1EF | 48 8B D3 | mov rdx,rbx |
$+1F2 | 74 03 | je lostark.7FF6CF4276E5 |
$+1F4 | 49 8B 16 | mov rdx,qword ptr ds:[r14] |
$+1F7 | 45 33 C9 | xor r9d,r9d |
$+1FA | 45 33 C0 | xor r8d,r8d |
$+1FD | 48 8D 4D 68 | lea rcx,qword ptr ss:[rbp+68] |
$+201 | E8 FC 4C 4C 00 | call lostark.7FF6CF8EC3F0 |
$+206 | 48 8B 4F 68 | mov rcx,qword ptr ds:[rdi+68] |
$+20A | 48 8B 01 | mov rax,qword ptr ds:[rcx] |
$+20D | 45 33 C0 | xor r8d,r8d |
$+210 | 48 8D 55 68 | lea rdx,qword ptr ss:[rbp+68] |
$+214 | FF 90 B0 00 00 00 | call qword ptr ds:[rax+B0] |
$+21A | 48 8B 1D C1 1F 0A 03 | mov rbx,qword ptr ds:[7FF6D24C96D0] |
$+221 | 48 85 DB | test rbx,rbx |
$+224 | 75 34 | jne lostark.7FF6CF427748 |
$+226 | 8D 53 08 | lea edx,dword ptr ds:[rbx+8] |
$+229 | B9 60 05 00 00 | mov ecx,560 |
$+22E | FF 15 76 60 BF 01 | call qword ptr ds:[<&appMalloc>] |
$+234 | 48 89 45 C8 | mov qword ptr ss:[rbp-38],rax |
$+238 | 48 85 C0 | test rax,rax |
$+23B | 74 09 | je lostark.7FF6CF427734 |
$+23D | 48 8B C8 | mov rcx,rax |
$+240 | E8 5D 5F 3B FF | call lostark.7FF6CE7DD690 |
$+245 | 90 | nop |
$+246 | 48 8D 88 8C 00 00 00 | lea rcx,qword ptr ds:[rax+8C] |
$+24D | 48 8B 01 | mov rax,qword ptr ds:[rcx] |
$+250 | FF 50 08 | call qword ptr ds:[rax+8] |
$+253 | 48 8B 1D 88 1F 0A 03 | mov rbx,qword ptr ds:[7FF6D24C96D0] |
$+25A | 49 8B D6 | mov rdx,r14 |
$+25D | 48 8D 8D C0 0A 00 00 | lea rcx,qword ptr ss:[rbp+AC0] |
$+264 | E8 D9 55 3B FF | call lostark.7FF6CE7DCD30 |
论坛网址 www.yjxsoft.com
郁金香老师:QQ-150330575
VIP群 153338418
QQ交流群 90923318 9569245 158280115
|
|
发表于 2022-12-28 23:27:52
