自己瞎分析的,不知道对不对
//从eax取值给[ebp-30]
Tutorial-i386.exe+26B19 - 89 45 D0 - mov [ebp-30],eax
//整数入栈, st0=(double)[ebp-30]
Tutorial-i386.exe+26B1C - DB 45 D0 - fild dword ptr [ebp-30]
//将[ebp-40]里面的浮点数据压入st0。这里的[ebp-40],应该是和[ebp-30]相等吧。
Tutorial-i386.exe+26B1F - DB 6D C0 - fld tword ptr [ebp-40]
//这一句好像没意义吧
Tutorial-i386.exe+26B22 - DEC1 - faddp
//将ST0里面的浮点值,放到ebp-04这个内存里面,清空ST0里面的值
Tutorial-i386.exe+26B24 - D9 5D FC - fstp dword ptr [ebp-04]
//将浮点数据压入st0
Tutorial-i386.exe+26B27 - D9 45 FC - fld dword ptr [ebp-04]
// st0=st0-[esi+000004C0]
Tutorial-i386.exe+26B2A - D8 AE C0040000 - fsubr dword ptr [esi+000004C0]
//将ST0里面的浮点值,放到esi+000004C0这个内存里面,清空ST0里面的值
Tutorial-i386.exe+26B30 - D9 9E C0040000 - fstp dword ptr [esi+000004C0]
因此要想改每次减少的健康值,应该是改了eax就可以了
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
//这里改为1,就可以保证每次就只减少2点健康值,试过了确实可以。
cmp eax,1
jb originalcode
sub eax,1
jmp newmem
originalcode:
mov [ebp-30],eax
fild dword ptr [ebp-30]
exit:
jmp returnhere
"Tutorial-i386.exe"+26B19:
jmp newmem
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"Tutorial-i386.exe"+26B19:
db 89 45 D0 DB 45 D0
//mov [ebp-30],eax
//fild dword ptr [ebp-30]
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
