|
|
发表于 2023-10-4 23:13:01
|
查看: 2349 |
回复: 0
"UIName" 唯一特征
#define 可交互采集名称call 0xF71B60 // 44 0F B6 85 90 00 00 00 48 8B D7 41 8B 0E +E
void 取采集物名称(UINT64 ID, UINT64* rdx)
{
UINT64 固定值 = 全局模块基址 + 取名固定值;
memcpy(rdx, &固定值, sizeof(UINT64) * 1);
UINT_PTR call = 全局模块基址 + 可交互名称call;
sproofcall(call, ID,(UINT64)rdx);
}
$ ==> | 40:57 | push rdi | 可交互采集名称call
$+2 | 48:83EC 60 | sub rsp, 60 |
$+6 | 48:C74424 30 FEFFFFF | mov qword ptr ss:[rsp+30], FFFFFFFFFFFFFFFE |
$+F | 48:895C24 70 | mov qword ptr ss:[rsp+70], rbx |
$+14 | 48:897424 78 | mov qword ptr ss:[rsp+78], rsi |
$+19 | 48:8BFA | mov rdi, rdx |
$+1C | 8BD9 | mov ebx, ecx |
$+1E | BE FFFFFFFF | mov esi, FFFFFFFF |
$+23 | 45:84C0 | test r8b, r8b |
$+26 | 0F84 B5000000 | je diablo iv.7FF71151DCF1 |
$+2C | 48:8D4424 40 | lea rax, qword ptr ss:[rsp+40] |
$+31 | 48:894424 38 | mov qword ptr ss:[rsp+38], rax |
$+36 | 8BD1 | mov edx, ecx |
$+38 | 8D4E 02 | lea ecx, qword ptr ds:[rsi+2] |
$+3B | E8 10E2F7FF | call diablo iv.7FF71149BE60 |
$+40 | 4C:8BC0 | mov r8, rax | "Actor_%s" 有7个
$+43 | 48:8D15 5E020D01 | lea rdx, qword ptr ds:[7FF7125EDEB8] | 00007FF7125EDEB8:"Actor_%s"
$+4A | 48:8D8C24 88000000 | lea rcx, qword ptr ss:[rsp+88] |
$+52 | E8 89A156FF | call diablo iv.7FF710A87DF0 |
$+57 | 90 | nop |
$+58 | 4C:8B00 | mov r8, qword ptr ds:[rax] |
$+5B | 49:83C0 18 | add r8, 18 |
$+5F | 45:33C9 | xor r9d, r9d |
$+62 | 8D56 2B | lea edx, qword ptr ds:[rsi+2B] |
$+65 | 48:8D4C24 20 | lea rcx, qword ptr ss:[rsp+20] |
$+6A | E8 01DFF7FF | call diablo iv.7FF71149BB80 |
$+6F | 90 | nop |
$+70 | 48:8B9424 88000000 | mov rdx, qword ptr ss:[rsp+88] |
$+78 | 8BC6 | mov eax, esi |
$+7A | F0:0FC102 | lock xadd dword ptr ds:[rdx], eax |
$+7E | 83E8 01 | sub eax, 1 |
$+81 | 7F 14 | jg diablo iv.7FF71151DCA7 |
$+83 | 4C:8B42 10 | mov r8, qword ptr ds:[rdx+10] |
$+87 | 49:83C0 19 | add r8, 19 |
$+8B | 48:8B0D 46B49301 | mov rcx, qword ptr ds:[7FF712E590E8] |
$+92 | E8 D9AD56FF | call diablo iv.7FF710A88A80 |
$+97 | 48:C74424 48 0000000 | mov qword ptr ss:[rsp+48], 0 |
$+A0 | 8B4424 20 | mov eax, dword ptr ss:[rsp+20] |
$+A4 | 894424 40 | mov dword ptr ss:[rsp+40], eax |
$+A8 | C64424 44 00 | mov byte ptr ss:[rsp+44], 0 |
$+AD | 4C:8BC7 | mov r8, rdi | "UIName" 唯一特征
$+B0 | 48:8D15 716D0E01 | lea rdx, qword ptr ds:[7FF712604A38] | 00007FF712604A38:"UIName"
$+B7 | 48:8D4C24 40 | lea rcx, qword ptr ss:[rsp+40] |
$+BC | E8 7F25FCFF | call diablo iv.7FF7114E0250 |
$+C1 | 84C0 | test al, al |
$+C3 | 74 1C | je diablo iv.7FF71151DCF1 |
$+C5 | 48:8B07 | mov rax, qword ptr ds:[rdi] |
$+C8 | 48:8378 08 00 | cmp qword ptr ds:[rax+8], 0 |
$+CD | 74 12 | je diablo iv.7FF71151DCF1 |
$+CF | B0 01 | mov al, 1 |
$+D1 | 48:8B5C24 70 | mov rbx, qword ptr ss:[rsp+70] |
$+D6 | 48:8B7424 78 | mov rsi, qword ptr ss:[rsp+78] |
$+DB | 48:83C4 60 | add rsp, 60 |
$+DF | 5F | pop rdi |
$+E0 | C3 | ret |
$+E1 | 48:8D4424 50 | lea rax, qword ptr ss:[rsp+50] |
$+E6 | 48:898424 88000000 | mov qword ptr ss:[rsp+88], rax |
$+EE | 8BD3 | mov edx, ebx |
$+F0 | B9 01000000 | mov ecx, 1 |
$+F5 | E8 56E1F7FF | call diablo iv.7FF71149BE60 |
$+FA | 4C:8BC0 | mov r8, rax |
$+FD | 48:8D15 A4010D01 | lea rdx, qword ptr ds:[7FF7125EDEB8] | 00007FF7125EDEB8:"Actor_%s"
$+104 | 48:8D4C24 28 | lea rcx, qword ptr ss:[rsp+28] |
$-2B | 48:85C9 | test rcx, rcx |
$-28 | 75 04 | jne diablo iv.7FF71151E82F |
$-26 | 49:8B48 60 | mov rcx, qword ptr ds:[r8+60] |
$-22 | 48:8B01 | mov rax, qword ptr ds:[rcx] |
$-1F | FF50 18 | call qword ptr ds:[rax+18] |
$-1C | E9 39030000 | jmp diablo iv.7FF71151EB73 |
$-17 | 44:8B45 78 | mov r8d, dword ptr ss:[rbp+78] |
$-13 | 8B55 70 | mov edx, dword ptr ss:[rbp+70] |
$-10 | 48:8BCF | mov rcx, rdi |
$-D | E8 97F8FFFF | call diablo iv.7FF71151E0E0 |
$-8 | 84C0 | test al, al |
$-6 | 0F85 22030000 | jne diablo iv.7FF71151EB73 |
$ ==> | 44:0FB685 90000000 | movzx r8d, byte ptr ss:[rbp+90] |
$+8 | 48:8BD7 | mov rdx, rdi |
$+B | 41:8B0E | mov ecx, dword ptr ds:[r14] |
$+E | E8 ACF3FFFF | call <diablo iv.可交互采集名称call>
$+13 | 0FB6D8 | movzx ebx, al |
$+16 | 49:8BCE | mov rcx, r14 |
$+19 | E8 51F061FF | call diablo iv.7FF710B3D8C0
$+1E | 0FB6C3 | movzx eax, bl
$+21 | 48:8B4D 00 | mov rcx, qword ptr ss:[rbp]
$+25 | 48:33CC | xor rcx, rsp
$+28 | E8 A2244300 | call diablo iv.7FF711950D20
$+2D | 48:8B9C24 60010000 | mov rbx, qword ptr ss:[rsp+160]
$+35 | 48:81C4 10010000 | add rsp, 110
$+3C | 41:5F | pop r15
$+3E | 41:5E | pop r14
$+40 | 41:5D | pop r13
$+42 | 41:5C | pop r12
$+44 | 5F | pop rdi
$+45 | 5E | pop rsi
$+46 | 5D | pop rbp
$+47 | C3 | ret
|
|
游戏安全课程 学员办理咨询联系QQ150330575 手机 139 9636 2600 免费课程 在 www.bilibili.com 搜 郁金香灬老师
|
|
