标签:
写给感兴趣的码农(如果只想使用此工具,请直接跳过这部分):
此文章所有测试都是在1.24E版本进行!!!
其实局域网修改资源之所以会掉线,排除网络和游戏崩溃的因素,就是因为玩家之间的资源数据不同步导致的。只要确保修改之后玩家之间的资源数据同步,就不会出现掉线的情况。我们有两种方法修改:①定时修改资源;②HOOK修改资源的函数。明显前者不太显现实,买东西快一点就容易掉线了,只能选后者了。
经过调试分析发现一个极其关键的CALL,地址是6F473C50(6F000000是game.dll的首地址,这个值视环境而定,也就是说这个CALL的地址为game.dll+473C50,一下所有6F开头的都是以这个dll首地址作为段地址)。不仅仅是金钱木头人口的变动甚至是创建和销毁单位也会调用这个CALL。此处我们要的只是HOOK这里的对金钱木头改变的调用而已,毕竟其他那些变态的功能已经有前人写出来了,没必要重复造轮子。(当然有兴趣的可以自己去分析一下)
只要在mov edx,dword ptr ss:[esp+0x4]之前判断一下edx的值看调用这个CALL的目的是不是要修改金钱木头,如果是就把edx改成我们要的值,不是就按原来的处理就行。
附上我修改后的指令(亲戚小孩急着要玩等得不耐烦了,又因为后面的空闲空间不是连续的,用了好多jmp,写的好挫。。。)
6F473C5E ^\EB E5 jmp Xgame.6F473C45 ; 开始
6F87EFA2 8B15 FCEF876F mov edx,dword ptr ds:[0x6F87EFFC] ; 写入资源,先要把我们要改成的值写入0x6F87EFFC这个地址
6F87EFA8 ^ E9 B54CBFFF jmp game.6F473C62 ; 跳回去
---------------------------------
//
6F473C45 83FA 02 cmp edx,0x2 ; 1金钱
6F473C48 0F84 54B34000 je game.6F87EFA2
6F473C4E EB 22 jmp Xgame.6F473C72
//
6F473C72 83FA 03 cmp edx,0x3 ; 1木头
6F473C75 0F84 27B34000 je game.6F87EFA2
6F473C7B E9 04010000 jmp game.6F473D84
//
6F473D84 83FA 2A cmp edx,0x2A ; 2J
6F473D87 0F84 15B24000 je game.6F87EFA2
6F473D8D EB 06 jmp Xgame.6F473D95
//
6F473D95 83FA 2B cmp edx,0x2B ; 2M
6F473D98 0F84 04B24000 je game.6F87EFA2
6F473D9E EB 61 jmp Xgame.6F473E01
//
6F473E01 83FA 52 cmp edx,0x52 ; 3J
6F473E04 0F84 98B14000 je game.6F87EFA2
6F473E0A E9 F5000000 jmp game.6F473F04
//
6F473F04 83FA 53 cmp edx,0x53 ; 3M
6F473F07 0F84 95B04000 je game.6F87EFA2
6F473F0D EB 53 jmp Xgame.6F473F62
//
6F473F62 83FA 7A cmp edx,0x7A ; 4J
6F473F65 0F84 37B04000 je game.6F87EFA2
6F473F6B EB 55 jmp Xgame.6F473FC2
//
6F473FC2 83FA 7B cmp edx,0x7B ; 4M
6F473FC5 0F84 D7AF4000 je game.6F87EFA2
6F473FCB E9 91AA4000 jmp game.6F87EA61
//
6F87EA61 81FA A2000000 cmp edx,0xA2 ; 5J
6F87EA67 0F84 35050000 je game.6F87EFA2
6F87EA6D EB 02 jmp Xgame.6F87EA71
//
6F87EA71 81FA A3000000 cmp edx,0xA3 ; 5M
6F87EA77 0F84 25050000 je game.6F87EFA2
6F87EA7D EB 02 jmp Xgame.6F87EA81
//
6F87EA81 81FA CA000000 cmp edx,0xCA ; 6J
6F87EA87 0F84 15050000 je game.6F87EFA2
6F87EA8D EB 02 jmp Xgame.6F87EA91
//
6F87EA91 81FA CB000000 cmp edx,0xCB ; 6M
6F87EA97 0F84 05050000 je game.6F87EFA2
6F87EA9D EB 02 jmp Xgame.6F87EAA1
//
6F87EAA1 81FA F2000000 cmp edx,0xF2 ; 7J
6F87EAA7 0F84 F5040000 je game.6F87EFA2
6F87EAAD EB 02 jmp Xgame.6F87EAB1
//
6F87EAB1 81FA F3000000 cmp edx,0xF3 ; 7M
6F87EAB7 0F84 E5040000 je game.6F87EFA2
6F87EABD EB 52 jmp Xgame.6F87EB11
//
6F87EB11 81FA 1A010000 cmp edx,0x11A ; 8J
6F87EB17 0F84 85040000 je game.6F87EFA2
6F87EB1D EB 52 jmp Xgame.6F87EB71
//
6F87EB71 81FA 1B010000 cmp edx,0x11B ; 8M
6F87EB77 0F84 25040000 je game.6F87EFA2
6F87EB7D EB 55 jmp Xgame.6F87EBD4
6F87EBD4 /E9 C8000000 jmp game.6F87ECA1 ; 转
6F87ECA1 81FA 42010000 cmp edx,0x142 ; 9J
6F87ECA7 0F84 F5020000 je game.6F87EFA2
6F87ECAD EB 52 jmp Xgame.6F87ED01
6F87ED01 81FA 43010000 cmp edx,0x143 ; 9M
6F87ED07 0F84 95020000 je game.6F87EFA2
6F87ED0D EB 0B jmp Xgame.6F87ED1A
6F87ED1A /EB 75 jmp Xgame.6F87ED91 ; 转
//
6F87ED91 81FA 6A010000 cmp edx,0x16A ; 10J
6F87ED97 0F84 05020000 je game.6F87EFA2
6F87ED9D EB 52 jmp Xgame.6F87EDF1
6F87EDF1 81FA 6B010000 cmp edx,0x16B ; 10M
6F87EDF7 0F84 A5010000 je game.6F87EFA2
6F87EDFD EB 52 jmp Xgame.6F87EE51
6F87EE51 81FA 92010000 cmp edx,0x192 ; 11J
6F87EE57 0F84 45010000 je game.6F87EFA2
6F87EE5D EB 52 jmp Xgame.6F87EEB1
6F87EEB1 81FA 93010000 cmp edx,0x193 ; 11M
6F87EEB7 0F84 E5000000 je game.6F87EFA2
6F87EEBD EB 52 jmp Xgame.6F87EF11
6F87EF11 81FA BA010000 cmp edx,0x1BA ; 12J
6F87EF17 0F84 85000000 je game.6F87EFA2
6F87EF1D EB 0B jmp Xgame.6F87EF2A
6F87EF2A /E9 8B000000 jmp game.6F87EFBA ; 转
6F87EFBA 81FA BB010000 cmp edx,0x1BB ; 12M
6F87EFC0 ^ 74 E0 je Xgame.6F87EFA2
6F87EFC2 8B5424 04 mov edx,dword ptr ss:[esp+0x4] ; 原指令
6F87EFC6 ^ E9 974CBFFF jmp game.6F473C62 ; 跳回去
使用方法:
下载地址: http://download.csdn.net/detail/faithdongdong/8432083 (杀软会报毒,用几年前的入门作改的,懒得弄免杀,不放心的就不要下了)
输入所有玩家代号(通常是楼层数)以空格隔开,然后填好更改数目锁定即可。(注意:所有玩家都要运行此工具,并且所有玩家的这两项设置必须一样!!!)
PS.难得玩一次魔兽,还是和亲戚小孩玩,任务赚钱什么的太浪费时间,不开挂怎么行?
标签:
原文地址:http://blog.csdn.net/faithdmc/article/details/43613899
