Strajder Опубликовано 27 апреля, 2018 Поделиться Опубликовано 27 апреля, 2018 Доброго всем времени суток. Решил помучить себя и поломать игру и свою голову) Игра называется Затерянный мир 4, 2002 год. Издатель 1С, Snowball Вообщем сюжет таков: В игре происходит пассивный сбор ресурсов (камень, дерево, вода). Непосредственно игрок может указывать какие ресурсы собирать, и может их тратить но никакого активного участия в сборе не принимает. Нахожу значения игровых ресурсов ->F5->mov [ecx+esi],di Раньше никогда не взламывал игры подобного рода. Смущают: mov edx,00000FFF { 4095 } mov edi,00000FFF { 4095 } mov eax,00000FFF { 4095 } - Для чего? Большая просьба объяснить как это работает и по какому принципу происходит изменения, взлом. С уважением Александр. Спойлер game.exe+1A95E0 - 55 - push ebp game.exe+1A95E1 - 8B EC - mov ebp,esp game.exe+1A95E3 - 6A FF - push -01 { 255 } game.exe+1A95E5 - 68 609D5A00 - push game.exe+1A9D60 { [D31580B8] } game.exe+1A95EA - 64 A1 00000000 - mov eax,fs:[00000000] { 0 } game.exe+1A95F0 - 50 - push eax game.exe+1A95F1 - 64 89 25 00000000 - mov fs:[00000000],esp { 0 } game.exe+1A95F8 - 81 EC 80000000 - sub esp,00000080 { 128 } game.exe+1A95FE - 89 7C 24 08 - mov [esp+08],edi game.exe+1A9602 - 89 74 24 04 - mov [esp+04],esi game.exe+1A9606 - 89 1C 24 - mov [esp],ebx game.exe+1A9609 - 89 65 F0 - mov [ebp-10],esp game.exe+1A960C - 89 4D DC - mov [ebp-24],ecx game.exe+1A960F - C7 45 FC 00000000 - mov [ebp-04],00000000 { 0 } game.exe+1A9616 - 8B C1 - mov eax,ecx game.exe+1A9618 - 33 D2 - xor edx,edx game.exe+1A961A - 89 55 D8 - mov [ebp-28],edx game.exe+1A961D - 8B 88 E0030000 - mov ecx,[eax+000003E0] game.exe+1A9623 - 8B B0 20010000 - mov esi,[eax+00000120] game.exe+1A9629 - 8B 45 08 - mov eax,[ebp+08] game.exe+1A962C - 85 C0 - test eax,eax game.exe+1A962E - 75 04 - jne game.exe+1A9634 game.exe+1A9630 - 33 C0 - xor eax,eax game.exe+1A9632 - EB 53 - jmp game.exe+1A9687 game.exe+1A9634 - 8B 41 0C - mov eax,[ecx+0C] game.exe+1A9637 - 8B 5D 08 - mov ebx,[ebp+08] game.exe+1A963A - 8B 51 24 - mov edx,[ecx+24] game.exe+1A963D - 8B FE - mov edi,esi game.exe+1A963F - C1 E7 04 - shl edi,04 { 4 } game.exe+1A9642 - 89 4D E0 - mov [ebp-20],ecx game.exe+1A9645 - 8B CE - mov ecx,esi game.exe+1A9647 - C1 E1 05 - shl ecx,05 { 5 } game.exe+1A964A - 89 55 E4 - mov [ebp-1C],edx game.exe+1A964D - 8B D7 - mov edx,edi game.exe+1A964F - 03 D1 - add edx,ecx game.exe+1A9651 - 8B 4C 10 0C - mov ecx,[eax+edx+0C] game.exe+1A9655 - 03 D9 - add ebx,ecx game.exe+1A9657 - B9 FF0F0000 - mov ecx,00000FFF { 4095 } game.exe+1A965C - 23 CB - and ecx,ebx game.exe+1A965E - 8B FB - mov edi,ebx game.exe+1A9660 - C1 EF 14 - shr edi,14 { 20 } game.exe+1A9663 - 89 75 E8 - mov [ebp-18],esi game.exe+1A9666 - 8B 75 E4 - mov esi,[ebp-1C] game.exe+1A9669 - 8B 34 FE - mov esi,[esi+edi*8] game.exe+1A966C - 8B 3C 0E - mov edi,[esi+ecx] game.exe+1A966F - 3B FB - cmp edi,ebx game.exe+1A9671 - 8B 75 E8 - mov esi,[ebp-18] game.exe+1A9674 - 8B 4D E0 - mov ecx,[ebp-20] game.exe+1A9677 - 75 04 - jne game.exe+1A967D game.exe+1A9679 - 33 C0 - xor eax,eax game.exe+1A967B - EB 0A - jmp game.exe+1A9687 game.exe+1A967D - 8B 44 10 10 - mov eax,[eax+edx+10] game.exe+1A9681 - 8B D8 - mov ebx,eax game.exe+1A9683 - 8B C7 - mov eax,edi game.exe+1A9685 - 2B C3 - sub eax,ebx game.exe+1A9687 - 8B 55 0C - mov edx,[ebp+0C] game.exe+1A968A - 89 55 CC - mov [ebp-34],edx game.exe+1A968D - 85 C0 - test eax,eax game.exe+1A968F - 74 6B - je game.exe+1A96FC game.exe+1A9691 - 8B 55 DC - mov edx,[ebp-24] game.exe+1A9694 - 8B 92 3C010000 - mov edx,[edx+0000013C] game.exe+1A969A - 89 55 D0 - mov [ebp-30],edx game.exe+1A969D - 85 C0 - test eax,eax game.exe+1A969F - 75 04 - jne game.exe+1A96A5 game.exe+1A96A1 - 33 D2 - xor edx,edx game.exe+1A96A3 - EB 49 - jmp game.exe+1A96EE game.exe+1A96A5 - 8B 5D D0 - mov ebx,[ebp-30] game.exe+1A96A8 - 8B 51 0C - mov edx,[ecx+0C] game.exe+1A96AB - 8B FB - mov edi,ebx game.exe+1A96AD - C1 E7 04 - shl edi,04 { 4 } game.exe+1A96B0 - C1 E3 05 - shl ebx,05 { 5 } game.exe+1A96B3 - 03 FB - add edi,ebx game.exe+1A96B5 - 89 7D D4 - mov [ebp-2C],edi game.exe+1A96B8 - 8B D8 - mov ebx,eax game.exe+1A96BA - 03 5C 3A 10 - add ebx,[edx+edi+10] game.exe+1A96BE - 8B 79 24 - mov edi,[ecx+24] game.exe+1A96C1 - 89 75 E0 - mov [ebp-20],esi game.exe+1A96C4 - 8B F3 - mov esi,ebx game.exe+1A96C6 - C1 EE 14 - shr esi,14 { 20 } game.exe+1A96C9 - 81 E3 FF0F0000 - and ebx,00000FFF { 4095 } game.exe+1A96CF - 8B 3C F7 - mov edi,[edi+esi*8] game.exe+1A96D2 - 8B 7C 1F 08 - mov edi,[edi+ebx+08] game.exe+1A96D6 - 85 FF - test edi,edi game.exe+1A96D8 - 8B 75 E0 - mov esi,[ebp-20] game.exe+1A96DB - 74 0F - je game.exe+1A96EC game.exe+1A96DD - 8B 5D D4 - mov ebx,[ebp-2C] game.exe+1A96E0 - 8B 54 1A 0C - mov edx,[edx+ebx+0C] game.exe+1A96E4 - 8B DA - mov ebx,edx game.exe+1A96E6 - 8B D7 - mov edx,edi game.exe+1A96E8 - 2B D3 - sub edx,ebx game.exe+1A96EA - EB 02 - jmp game.exe+1A96EE game.exe+1A96EC - 33 D2 - xor edx,edx game.exe+1A96EE - 8B 5D CC - mov ebx,[ebp-34] game.exe+1A96F1 - 3B D3 - cmp edx,ebx game.exe+1A96F3 - 0F85 9F050000 - jne game.exe+1A9C98 game.exe+1A96F9 - 89 45 D8 - mov [ebp-28],eax game.exe+1A96FC - 8B 45 D8 - mov eax,[ebp-28] game.exe+1A96FF - 85 C0 - test eax,eax game.exe+1A9701 - 0F85 6A010000 - jne game.exe+1A9871 game.exe+1A9707 - 8B 45 DC - mov eax,[ebp-24] game.exe+1A970A - 8B 80 E0000000 - mov eax,[eax+000000E0] game.exe+1A9710 - 50 - push eax game.exe+1A9711 - E8 CA286100 - call game.exe+7BBFE0 game.exe+1A9716 - 8B 55 08 - mov edx,[ebp+08] game.exe+1A9719 - 8B 5D DC - mov ebx,[ebp-24] game.exe+1A971C - 89 45 D8 - mov [ebp-28],eax game.exe+1A971F - 8B 8B E0030000 - mov ecx,[ebx+000003E0] game.exe+1A9725 - 8B 83 20010000 - mov eax,[ebx+00000120] game.exe+1A972B - 85 D2 - test edx,edx game.exe+1A972D - 0F84 95000000 - je game.exe+1A97C8 game.exe+1A9733 - 8B 55 D8 - mov edx,[ebp-28] game.exe+1A9736 - 85 D2 - test edx,edx game.exe+1A9738 - 0F84 8A000000 - je game.exe+1A97C8 game.exe+1A973E - 8B 51 0C - mov edx,[ecx+0C] game.exe+1A9741 - 8B 5D D8 - mov ebx,[ebp-28] game.exe+1A9744 - 8B 71 24 - mov esi,[ecx+24] game.exe+1A9747 - 8B F8 - mov edi,eax game.exe+1A9749 - C1 E7 04 - shl edi,04 { 4 } game.exe+1A974C - C1 E0 05 - shl eax,05 { 5 } game.exe+1A974F - 03 F8 - add edi,eax game.exe+1A9751 - 8B 45 08 - mov eax,[ebp+08] game.exe+1A9754 - 03 5C 3A 10 - add ebx,[edx+edi+10] game.exe+1A9758 - 8B 54 3A 0C - mov edx,[edx+edi+0C] game.exe+1A975C - BF FF0F0000 - mov edi,00000FFF { 4095 } game.exe+1A9761 - 23 FB - and edi,ebx game.exe+1A9763 - 03 C2 - add eax,edx game.exe+1A9765 - 8B D3 - mov edx,ebx game.exe+1A9767 - C1 EA 14 - shr edx,14 { 20 } game.exe+1A976A - 8B 34 D6 - mov esi,[esi+edx*8] game.exe+1A976D - BA FF0F0000 - mov edx,00000FFF { 4095 } game.exe+1A9772 - 23 D0 - and edx,eax game.exe+1A9774 - 89 5D E0 - mov [ebp-20],ebx game.exe+1A9777 - 8B D8 - mov ebx,eax game.exe+1A9779 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A977C - 89 55 E4 - mov [ebp-1C],edx game.exe+1A977F - 8B 51 24 - mov edx,[ecx+24] game.exe+1A9782 - 8B 14 DA - mov edx,[edx+ebx*8] game.exe+1A9785 - 89 44 3E 08 - mov [esi+edi+08],eax game.exe+1A9789 - 89 04 3E - mov [esi+edi],eax game.exe+1A978C - 8B 5D DC - mov ebx,[ebp-24] game.exe+1A978F - 8B 45 E4 - mov eax,[ebp-1C] game.exe+1A9792 - 89 5D E8 - mov [ebp-18],ebx game.exe+1A9795 - 8B 5C 02 04 - mov ebx,[edx+eax+04] game.exe+1A9799 - 89 5C 3E 04 - mov [esi+edi+04],ebx game.exe+1A979D - FF 44 02 08 - inc [edx+eax+08] game.exe+1A97A1 - 8B 5D E0 - mov ebx,[ebp-20] game.exe+1A97A4 - 89 5C 02 04 - mov [edx+eax+04],ebx game.exe+1A97A8 - 8B 74 3E 04 - mov esi,[esi+edi+04] game.exe+1A97AC - 8B 49 24 - mov ecx,[ecx+24] game.exe+1A97AF - BA FF0F0000 - mov edx,00000FFF { 4095 } game.exe+1A97B4 - 23 D6 - and edx,esi game.exe+1A97B6 - C1 EE 14 - shr esi,14 { 20 } game.exe+1A97B9 - 8B 0C F1 - mov ecx,[ecx+esi*8] game.exe+1A97BC - 89 1C 11 - mov [ecx+edx],ebx game.exe+1A97BF - 8B 55 E8 - mov edx,[ebp-18] game.exe+1A97C2 - 8B 8A E0030000 - mov ecx,[edx+000003E0] game.exe+1A97C8 - 8B 55 DC - mov edx,[ebp-24] game.exe+1A97CB - 8B 5D CC - mov ebx,[ebp-34] game.exe+1A97CE - 8B 82 3C010000 - mov eax,[edx+0000013C] game.exe+1A97D4 - 85 DB - test ebx,ebx game.exe+1A97D6 - 0F84 95000000 - je game.exe+1A9871 game.exe+1A97DC - 8B 55 D8 - mov edx,[ebp-28] game.exe+1A97DF - 85 D2 - test edx,edx game.exe+1A97E1 - 0F84 8A000000 - je game.exe+1A9871 game.exe+1A97E7 - 8B 51 0C - mov edx,[ecx+0C] game.exe+1A97EA - 8B 5D D8 - mov ebx,[ebp-28] game.exe+1A97ED - 8B 71 24 - mov esi,[ecx+24] game.exe+1A97F0 - 8B F8 - mov edi,eax game.exe+1A97F2 - C1 E7 04 - shl edi,04 { 4 } game.exe+1A97F5 - C1 E0 05 - shl eax,05 { 5 } game.exe+1A97F8 - 03 F8 - add edi,eax game.exe+1A97FA - 8B 45 CC - mov eax,[ebp-34] game.exe+1A97FD - 03 5C 3A 10 - add ebx,[edx+edi+10] game.exe+1A9801 - 8B 54 3A 0C - mov edx,[edx+edi+0C] game.exe+1A9805 - BF FF0F0000 - mov edi,00000FFF { 4095 } game.exe+1A980A - 23 FB - and edi,ebx game.exe+1A980C - 03 C2 - add eax,edx game.exe+1A980E - 8B D3 - mov edx,ebx game.exe+1A9810 - C1 EA 14 - shr edx,14 { 20 } game.exe+1A9813 - 8B 34 D6 - mov esi,[esi+edx*8] game.exe+1A9816 - BA FF0F0000 - mov edx,00000FFF { 4095 } game.exe+1A981B - 23 D0 - and edx,eax game.exe+1A981D - 89 5D E0 - mov [ebp-20],ebx game.exe+1A9820 - 8B D8 - mov ebx,eax game.exe+1A9822 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A9825 - 89 55 E4 - mov [ebp-1C],edx game.exe+1A9828 - 8B 51 24 - mov edx,[ecx+24] game.exe+1A982B - 8B 14 DA - mov edx,[edx+ebx*8] game.exe+1A982E - 89 44 3E 08 - mov [esi+edi+08],eax game.exe+1A9832 - 89 04 3E - mov [esi+edi],eax game.exe+1A9835 - 8B 5D DC - mov ebx,[ebp-24] game.exe+1A9838 - 8B 45 E4 - mov eax,[ebp-1C] game.exe+1A983B - 89 5D E8 - mov [ebp-18],ebx game.exe+1A983E - 8B 5C 02 04 - mov ebx,[edx+eax+04] game.exe+1A9842 - 89 5C 3E 04 - mov [esi+edi+04],ebx game.exe+1A9846 - FF 44 02 08 - inc [edx+eax+08] game.exe+1A984A - 8B 5D E0 - mov ebx,[ebp-20] game.exe+1A984D - 89 5C 02 04 - mov [edx+eax+04],ebx game.exe+1A9851 - 8B 74 3E 04 - mov esi,[esi+edi+04] game.exe+1A9855 - 8B 49 24 - mov ecx,[ecx+24] game.exe+1A9858 - BA FF0F0000 - mov edx,00000FFF { 4095 } game.exe+1A985D - 23 D6 - and edx,esi game.exe+1A985F - C1 EE 14 - shr esi,14 { 20 } game.exe+1A9862 - 8B 0C F1 - mov ecx,[ecx+esi*8] game.exe+1A9865 - 89 1C 11 - mov [ecx+edx],ebx game.exe+1A9868 - 8B 55 E8 - mov edx,[ebp-18] game.exe+1A986B - 8B 8A E0030000 - mov ecx,[edx+000003E0] game.exe+1A9871 - 8B 55 08 - mov edx,[ebp+08] game.exe+1A9874 - 8B 5D DC - mov ebx,[ebp-24] game.exe+1A9877 - 8B 75 D8 - mov esi,[ebp-28] game.exe+1A987A - 8B 7D 10 - mov edi,[ebp+10] game.exe+1A987D - B8 FF0F0000 - mov eax,00000FFF { 4095 } game.exe+1A9882 - 23 C6 - and eax,esi game.exe+1A9884 - C1 EE 14 - shr esi,14 { 20 } game.exe+1A9887 - 89 55 E0 - mov [ebp-20],edx game.exe+1A988A - 8B 51 24 - mov edx,[ecx+24] game.exe+1A988D - 8B 14 F2 - mov edx,[edx+esi*8] game.exe+1A9890 - 8B 54 02 0C - mov edx,[edx+eax+0C] game.exe+1A9894 - BE FF0F0000 - mov esi,00000FFF { 4095 } game.exe+1A9899 - 23 F2 - and esi,edx game.exe+1A989B - C1 EA 14 - shr edx,14 { 20 } game.exe+1A989E - 8B 49 24 - mov ecx,[ecx+24] game.exe+1A98A1 - 8B 0C D1 - mov ecx,[ecx+edx*8] ////////////////////////////////////////////////////////////////////////////////////////////// game.exe+1A98A4 - 0FB7 14 31 - movzx edx,word ptr [ecx+esi] Адреса к которым обращяется данная инструкция: Адрес Значение Хиты 075D8248 0 5 075D82F0 0 7 075D81F4 1 6 075D8494 1 7 075D8398 1 5 075D84E8 1 4 075D853C 1 4 075D8344 2 4 075D83EC 6 4 075D829C 6 1 075D80F 45 14 //ресурс фрукты 075D8050 74 11 //ресурс дерево 075D80A4 76 5 //ресурс камень | game.exe+1A98A8 - 03 FA - add edi,edx game.exe+1A98AA - 66 89 3C 31 - mov [ecx+esi],di ////////////////////////////////////////////////////////////////////////////////////////////// game.exe+1A98AE - 8B 83 E0030000 - mov eax,[ebx+000003E0] game.exe+1A98B4 - 8B 8B 74010000 - mov ecx,[ebx+00000174] game.exe+1A98BA - 8B 55 E0 - mov edx,[ebp-20] game.exe+1A98BD - 85 D2 - test edx,edx game.exe+1A98BF - 75 04 - jne game.exe+1A98C5 game.exe+1A98C1 - 33 D2 - xor edx,edx game.exe+1A98C3 - EB 44 - jmp game.exe+1A9909 game.exe+1A98C5 - 8B 50 0C - mov edx,[eax+0C] game.exe+1A98C8 - 8B 5D 08 - mov ebx,[ebp+08] game.exe+1A98CB - 8B 70 24 - mov esi,[eax+24] game.exe+1A98CE - 8B F9 - mov edi,ecx game.exe+1A98D0 - C1 E7 04 - shl edi,04 { 4 } game.exe+1A98D3 - 89 45 E0 - mov [ebp-20],eax game.exe+1A98D6 - 8B C1 - mov eax,ecx game.exe+1A98D8 - C1 E0 05 - shl eax,05 { 5 } game.exe+1A98DB - 03 F8 - add edi,eax game.exe+1A98DD - 8B 44 3A 10 - mov eax,[edx+edi+10] game.exe+1A98E1 - 03 D8 - add ebx,eax game.exe+1A98E3 - B8 FF0F0000 - mov eax,00000FFF { 4095 } game.exe+1A98E8 - 23 C3 - and eax,ebx game.exe+1A98EA - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A98ED - 8B 34 DE - mov esi,[esi+ebx*8] game.exe+1A98F0 - 8B 74 06 08 - mov esi,[esi+eax+08] game.exe+1A98F4 - 85 F6 - test esi,esi game.exe+1A98F6 - 8B 45 E0 - mov eax,[ebp-20] game.exe+1A98F9 - 74 0C - je game.exe+1A9907 game.exe+1A98FB - 8B 54 3A 0C - mov edx,[edx+edi+0C] game.exe+1A98FF - 8B DA - mov ebx,edx game.exe+1A9901 - 8B D6 - mov edx,esi game.exe+1A9903 - 2B D3 - sub edx,ebx game.exe+1A9905 - EB 02 - jmp game.exe+1A9909 game.exe+1A9907 - 33 D2 - xor edx,edx game.exe+1A9909 - BB FF0F0000 - mov ebx,00000FFF { 4095 } game.exe+1A990E - 23 DA - and ebx,edx game.exe+1A9910 - C1 EA 14 - shr edx,14 { 20 } game.exe+1A9913 - 8B 70 24 - mov esi,[eax+24] game.exe+1A9916 - 8B 34 D6 - mov esi,[esi+edx*8] game.exe+1A9919 - 8B 74 1E 0C - mov esi,[esi+ebx+0C] game.exe+1A991D - BB FF0F0000 - mov ebx,00000FFF { 4095 } game.exe+1A9922 - 23 DE - and ebx,esi game.exe+1A9924 - C1 EE 14 - shr esi,14 { 20 } game.exe+1A9927 - 8B 78 24 - mov edi,[eax+24] game.exe+1A992A - 8B 3C F7 - mov edi,[edi+esi*8] game.exe+1A992D - 0FB6 7C 1F 43 - movzx edi,byte ptr [edi+ebx+43] game.exe+1A9932 - 33 DB - xor ebx,ebx game.exe+1A9934 - 83 FF 02 - cmp edi,02 { 2 } game.exe+1A9937 - 0F94 C3 - sete bl game.exe+1A993A - 0FBE DB - movsx ebx,bl game.exe+1A993D - 85 DB - test ebx,ebx game.exe+1A993F - 75 0A - jne game.exe+1A994B game.exe+1A9941 - B8 00040000 - mov eax,00000400 { 1024 } game.exe+1A9946 - E9 C3020000 - jmp game.exe+1A9C0E game.exe+1A994B - 8B 55 08 - mov edx,[ebp+08] game.exe+1A994E - 85 D2 - test edx,edx game.exe+1A9950 - 75 04 - jne game.exe+1A9956 game.exe+1A9952 - 33 D2 - xor edx,edx game.exe+1A9954 - EB 3C - jmp game.exe+1A9992 game.exe+1A9956 - 8B 50 0C - mov edx,[eax+0C] game.exe+1A9959 - 8B 5D 08 - mov ebx,[ebp+08] game.exe+1A995C - 8B 78 24 - mov edi,[eax+24] game.exe+1A995F - 8B F1 - mov esi,ecx game.exe+1A9961 - C1 E6 04 - shl esi,04 { 4 } game.exe+1A9964 - C1 E1 05 - shl ecx,05 { 5 } game.exe+1A9967 - 03 F1 - add esi,ecx game.exe+1A9969 - 8B 4C 32 10 - mov ecx,[edx+esi+10] game.exe+1A996D - 03 D9 - add ebx,ecx game.exe+1A996F - B9 FF0F0000 - mov ecx,00000FFF { 4095 } game.exe+1A9974 - 23 CB - and ecx,ebx game.exe+1A9976 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A9979 - 8B 3C DF - mov edi,[edi+ebx*8] game.exe+1A997C - 8B 4C 0F 08 - mov ecx,[edi+ecx+08] game.exe+1A9980 - 85 C9 - test ecx,ecx game.exe+1A9982 - 74 0C - je game.exe+1A9990 game.exe+1A9984 - 8B 54 32 0C - mov edx,[edx+esi+0C] game.exe+1A9988 - 8B DA - mov ebx,edx game.exe+1A998A - 8B D1 - mov edx,ecx game.exe+1A998C - 2B D3 - sub edx,ebx game.exe+1A998E - EB 02 - jmp game.exe+1A9992 game.exe+1A9990 - 33 D2 - xor edx,edx game.exe+1A9992 - 8B 5D DC - mov ebx,[ebp-24] game.exe+1A9995 - 85 D2 - test edx,edx game.exe+1A9997 - 8B 8B 90010000 - mov ecx,[ebx+00000190] game.exe+1A999D - 75 04 - jne game.exe+1A99A3 game.exe+1A999F - 33 D2 - xor edx,edx game.exe+1A99A1 - EB 3C - jmp game.exe+1A99DF game.exe+1A99A3 - 8B 58 24 - mov ebx,[eax+24] game.exe+1A99A6 - 8B F9 - mov edi,ecx game.exe+1A99A8 - C1 E7 04 - shl edi,04 { 4 } game.exe+1A99AB - C1 E1 05 - shl ecx,05 { 5 } game.exe+1A99AE - 8B F7 - mov esi,edi game.exe+1A99B0 - 03 F1 - add esi,ecx game.exe+1A99B2 - 8B FA - mov edi,edx game.exe+1A99B4 - 8B 50 0C - mov edx,[eax+0C] game.exe+1A99B7 - 03 7C 32 10 - add edi,[edx+esi+10] game.exe+1A99BB - 8B CF - mov ecx,edi game.exe+1A99BD - C1 E9 14 - shr ecx,14 { 20 } game.exe+1A99C0 - 81 E7 FF0F0000 - and edi,00000FFF { 4095 } game.exe+1A99C6 - 8B 1C CB - mov ebx,[ebx+ecx*8] game.exe+1A99C9 - 8B 4C 3B 08 - mov ecx,[ebx+edi+08] game.exe+1A99CD - 85 C9 - test ecx,ecx game.exe+1A99CF - 74 0C - je game.exe+1A99DD game.exe+1A99D1 - 8B 54 32 0C - mov edx,[edx+esi+0C] game.exe+1A99D5 - 8B DA - mov ebx,edx game.exe+1A99D7 - 8B D1 - mov edx,ecx game.exe+1A99D9 - 2B D3 - sub edx,ebx game.exe+1A99DB - EB 02 - jmp game.exe+1A99DF game.exe+1A99DD - 33 D2 - xor edx,edx game.exe+1A99DF - 8B 58 24 - mov ebx,[eax+24] game.exe+1A99E2 - B9 FF0F0000 - mov ecx,00000FFF { 4095 } game.exe+1A99E7 - 23 CA - and ecx,edx game.exe+1A99E9 - C1 EA 14 - shr edx,14 { 20 } game.exe+1A99EC - 8B 40 24 - mov eax,[eax+24] game.exe+1A99EF - 8B 1C D3 - mov ebx,[ebx+edx*8] game.exe+1A99F2 - 8D 7D 98 - lea edi,[ebp-68] game.exe+1A99F5 - 8B 5C 0B 0C - mov ebx,[ebx+ecx+0C] game.exe+1A99F9 - 33 C9 - xor ecx,ecx game.exe+1A99FB - BA FF0F0000 - mov edx,00000FFF { 4095 } game.exe+1A9A00 - 23 D3 - and edx,ebx game.exe+1A9A02 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A9A05 - 8B 04 D8 - mov eax,[eax+ebx*8] game.exe+1A9A08 - 0FB7 74 10 10 - movzx esi,word ptr [eax+edx+10] game.exe+1A9A0D - 33 C0 - xor eax,eax game.exe+1A9A0F - 25 FFFF0000 - and eax,0000FFFF { 65535 } game.exe+1A9A14 - 8A E0 - mov ah,al game.exe+1A9A16 - 8B D0 - mov edx,eax game.exe+1A9A18 - C1 E0 10 - shl eax,10 { 16 } game.exe+1A9A1B - 0B C2 - or eax,edx game.exe+1A9A1D - F3 AB - repe stosd game.exe+1A9A1F - AA - stosb game.exe+1A9A20 - 8B 45 DC - mov eax,[ebp-24] game.exe+1A9A23 - 66 89 75 AC - mov [ebp-54],si game.exe+1A9A27 - 8B 90 98010000 - mov edx,[eax+00000198] game.exe+1A9A2D - 83 C4 F4 - add esp,-0C { 244 } game.exe+1A9A30 - 8B 88 E0030000 - mov ecx,[eax+000003E0] game.exe+1A9A36 - 8D 45 9C - lea eax,[ebp-64] game.exe+1A9A39 - 89 14 24 - mov [esp],edx game.exe+1A9A3C - 89 44 24 04 - mov [esp+04],eax game.exe+1A9A40 - 8D 45 98 - lea eax,[ebp-68] game.exe+1A9A43 - 89 44 24 08 - mov [esp+08],eax game.exe+1A9A47 - E8 04CEE8FF - call game.exe+36850 game.exe+1A9A4C - 83 C4 F8 - add esp,-08 { 248 } game.exe+1A9A4F - 8B 4D DC - mov ecx,[ebp-24] game.exe+1A9A52 - 89 04 24 - mov [esp],eax game.exe+1A9A55 - C7 44 24 04 EA030000 - mov [esp+04],000003EA { 1002 } game.exe+1A9A5D - E8 5EF40600 - call game.exe+218EC0 game.exe+1A9A62 - 0FBE C0 - movsx eax,al game.exe+1A9A65 - 85 C0 - test eax,eax game.exe+1A9A67 - 75 0A - jne game.exe+1A9A73 game.exe+1A9A69 - B8 00010000 - mov eax,00000100 { 256 } game.exe+1A9A6E - E9 9B010000 - jmp game.exe+1A9C0E game.exe+1A9A73 - 8B 4D DC - mov ecx,[ebp-24] game.exe+1A9A76 - 8B 5D 08 - mov ebx,[ebp+08] game.exe+1A9A79 - 8B 81 E0030000 - mov eax,[ecx+000003E0] game.exe+1A9A7F - 8B 91 74010000 - mov edx,[ecx+00000174] game.exe+1A9A85 - 85 DB - test ebx,ebx game.exe+1A9A87 - 75 04 - jne game.exe+1A9A8D game.exe+1A9A89 - 33 D2 - xor edx,edx game.exe+1A9A8B - EB 3B - jmp game.exe+1A9AC8 game.exe+1A9A8D - 8B 78 24 - mov edi,[eax+24] game.exe+1A9A90 - 8B CA - mov ecx,edx game.exe+1A9A92 - C1 E1 04 - shl ecx,04 { 4 } game.exe+1A9A95 - C1 E2 05 - shl edx,05 { 5 } game.exe+1A9A98 - 8B F1 - mov esi,ecx game.exe+1A9A9A - 03 F2 - add esi,edx game.exe+1A9A9C - 8B 50 0C - mov edx,[eax+0C] game.exe+1A9A9F - 8B 4C 32 10 - mov ecx,[edx+esi+10] game.exe+1A9AA3 - 03 D9 - add ebx,ecx game.exe+1A9AA5 - B9 FF0F0000 - mov ecx,00000FFF { 4095 } game.exe+1A9AAA - 23 CB - and ecx,ebx game.exe+1A9AAC - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A9AAF - 8B 3C DF - mov edi,[edi+ebx*8] game.exe+1A9AB2 - 8B 4C 0F 08 - mov ecx,[edi+ecx+08] game.exe+1A9AB6 - 85 C9 - test ecx,ecx game.exe+1A9AB8 - 74 0C - je game.exe+1A9AC6 game.exe+1A9ABA - 8B 54 32 0C - mov edx,[edx+esi+0C] game.exe+1A9ABE - 8B DA - mov ebx,edx game.exe+1A9AC0 - 8B D1 - mov edx,ecx game.exe+1A9AC2 - 2B D3 - sub edx,ebx game.exe+1A9AC4 - EB 02 - jmp game.exe+1A9AC8 game.exe+1A9AC6 - 33 D2 - xor edx,edx game.exe+1A9AC8 - 8B 5D DC - mov ebx,[ebp-24] game.exe+1A9ACB - 85 D2 - test edx,edx game.exe+1A9ACD - 8B 8B 90010000 - mov ecx,[ebx+00000190] game.exe+1A9AD3 - 75 04 - jne game.exe+1A9AD9 game.exe+1A9AD5 - 33 D2 - xor edx,edx game.exe+1A9AD7 - EB 3C - jmp game.exe+1A9B15 game.exe+1A9AD9 - 8B 58 24 - mov ebx,[eax+24] game.exe+1A9ADC - 8B F9 - mov edi,ecx game.exe+1A9ADE - C1 E7 04 - shl edi,04 { 4 } game.exe+1A9AE1 - C1 E1 05 - shl ecx,05 { 5 } game.exe+1A9AE4 - 8B F7 - mov esi,edi game.exe+1A9AE6 - 03 F1 - add esi,ecx game.exe+1A9AE8 - 8B FA - mov edi,edx game.exe+1A9AEA - 8B 50 0C - mov edx,[eax+0C] game.exe+1A9AED - 03 7C 32 10 - add edi,[edx+esi+10] game.exe+1A9AF1 - 8B CF - mov ecx,edi game.exe+1A9AF3 - C1 E9 14 - shr ecx,14 { 20 } game.exe+1A9AF6 - 81 E7 FF0F0000 - and edi,00000FFF { 4095 } game.exe+1A9AFC - 8B 1C CB - mov ebx,[ebx+ecx*8] game.exe+1A9AFF - 8B 4C 3B 08 - mov ecx,[ebx+edi+08] game.exe+1A9B03 - 85 C9 - test ecx,ecx game.exe+1A9B05 - 74 0C - je game.exe+1A9B13 game.exe+1A9B07 - 8B 54 32 0C - mov edx,[edx+esi+0C] game.exe+1A9B0B - 8B DA - mov ebx,edx game.exe+1A9B0D - 8B D1 - mov edx,ecx game.exe+1A9B0F - 2B D3 - sub edx,ebx game.exe+1A9B11 - EB 02 - jmp game.exe+1A9B15 game.exe+1A9B13 - 33 D2 - xor edx,edx game.exe+1A9B15 - 8B 58 24 - mov ebx,[eax+24] game.exe+1A9B18 - B9 FF0F0000 - mov ecx,00000FFF { 4095 } game.exe+1A9B1D - 23 CA - and ecx,edx game.exe+1A9B1F - C1 EA 14 - shr edx,14 { 20 } game.exe+1A9B22 - 8B 40 24 - mov eax,[eax+24] game.exe+1A9B25 - 8B 1C D3 - mov ebx,[ebx+edx*8] game.exe+1A9B28 - 8D 7D B0 - lea edi,[ebp-50] game.exe+1A9B2B - 8B 5C 0B 0C - mov ebx,[ebx+ecx+0C] game.exe+1A9B2F - 33 C9 - xor ecx,ecx game.exe+1A9B31 - BA FF0F0000 - mov edx,00000FFF { 4095 } game.exe+1A9B36 - 23 D3 - and edx,ebx game.exe+1A9B38 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A9B3B - 8B 04 D8 - mov eax,[eax+ebx*8] game.exe+1A9B3E - 0FB7 74 10 10 - movzx esi,word ptr [eax+edx+10] game.exe+1A9B43 - 33 C0 - xor eax,eax game.exe+1A9B45 - 25 FFFF0000 - and eax,0000FFFF { 65535 } game.exe+1A9B4A - 8A E0 - mov ah,al game.exe+1A9B4C - 8B D0 - mov edx,eax game.exe+1A9B4E - C1 E0 10 - shl eax,10 { 16 } game.exe+1A9B51 - 0B C2 - or eax,edx game.exe+1A9B53 - F3 AB - repe stosd game.exe+1A9B55 - AA - stosb game.exe+1A9B56 - 8B 45 DC - mov eax,[ebp-24] game.exe+1A9B59 - 66 89 75 C4 - mov [ebp-3C],si game.exe+1A9B5D - 8B 90 98010000 - mov edx,[eax+00000198] game.exe+1A9B63 - 83 C4 F4 - add esp,-0C { 244 } game.exe+1A9B66 - 8B 88 E0030000 - mov ecx,[eax+000003E0] game.exe+1A9B6C - 8D 45 B4 - lea eax,[ebp-4C] game.exe+1A9B6F - 89 14 24 - mov [esp],edx game.exe+1A9B72 - 89 44 24 04 - mov [esp+04],eax game.exe+1A9B76 - 8D 45 B0 - lea eax,[ebp-50] game.exe+1A9B79 - 89 44 24 08 - mov [esp+08],eax game.exe+1A9B7D - E8 CECCE8FF - call game.exe+36850 game.exe+1A9B82 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1A9B85 - 8B 4D DC - mov ecx,[ebp-24] game.exe+1A9B88 - 89 04 24 - mov [esp],eax game.exe+1A9B8B - C7 44 24 04 52000000 - mov [esp+04],00000052 { 82 } game.exe+1A9B93 - E8 28F30600 - call game.exe+218EC0 game.exe+1A9B98 - 0FBE C0 - movsx eax,al game.exe+1A9B9B - 85 C0 - test eax,eax game.exe+1A9B9D - 74 6A - je game.exe+1A9C09 game.exe+1A9B9F - 8B 4D DC - mov ecx,[ebp-24] game.exe+1A9BA2 - 8B 5D 08 - mov ebx,[ebp+08] game.exe+1A9BA5 - 8B 81 E0030000 - mov eax,[ecx+000003E0] game.exe+1A9BAB - 8B 91 04010000 - mov edx,[ecx+00000104] game.exe+1A9BB1 - 85 DB - test ebx,ebx game.exe+1A9BB3 - 75 04 - jne game.exe+1A9BB9 game.exe+1A9BB5 - 33 C0 - xor eax,eax game.exe+1A9BB7 - EB 3B - jmp game.exe+1A9BF4 game.exe+1A9BB9 - 8B 70 24 - mov esi,[eax+24] game.exe+1A9BBC - 8B 40 0C - mov eax,[eax+0C] game.exe+1A9BBF - 8B FA - mov edi,edx game.exe+1A9BC1 - C1 E7 04 - shl edi,04 { 4 } game.exe+1A9BC4 - C1 E2 05 - shl edx,05 { 5 } game.exe+1A9BC7 - 8B CF - mov ecx,edi game.exe+1A9BC9 - 03 CA - add ecx,edx game.exe+1A9BCB - 8B 7C 08 10 - mov edi,[eax+ecx+10] game.exe+1A9BCF - 03 DF - add ebx,edi game.exe+1A9BD1 - BF FF0F0000 - mov edi,00000FFF { 4095 } game.exe+1A9BD6 - 23 FB - and edi,ebx game.exe+1A9BD8 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A9BDB - 8B 34 DE - mov esi,[esi+ebx*8] game.exe+1A9BDE - 8B 54 3E 08 - mov edx,[esi+edi+08] game.exe+1A9BE2 - 85 D2 - test edx,edx game.exe+1A9BE4 - 74 0C - je game.exe+1A9BF2 game.exe+1A9BE6 - 8B 44 08 0C - mov eax,[eax+ecx+0C] game.exe+1A9BEA - 8B D8 - mov ebx,eax game.exe+1A9BEC - 8B C2 - mov eax,edx game.exe+1A9BEE - 2B C3 - sub eax,ebx game.exe+1A9BF0 - EB 02 - jmp game.exe+1A9BF4 game.exe+1A9BF2 - 33 C0 - xor eax,eax game.exe+1A9BF4 - 8B 4D DC - mov ecx,[ebp-24] game.exe+1A9BF7 - 8B 55 CC - mov edx,[ebp-34] game.exe+1A9BFA - 83 C4 F8 - add esp,-08 { 248 } game.exe+1A9BFD - 89 04 24 - mov [esp],eax game.exe+1A9C00 - 89 54 24 04 - mov [esp+04],edx game.exe+1A9C04 - E8 97870200 - call game.exe+1D23A0 game.exe+1A9C09 - B8 80000000 - mov eax,00000080 { 128 } game.exe+1A9C0E - 8B 55 08 - mov edx,[ebp+08] game.exe+1A9C11 - 85 D2 - test edx,edx game.exe+1A9C13 - 75 07 - jne game.exe+1A9C1C game.exe+1A9C15 - BA 2005D300 - mov edx,game.exe+930520 { [00000000] } game.exe+1A9C1A - EB 33 - jmp game.exe+1A9C4F game.exe+1A9C1C - 8B 4D DC - mov ecx,[ebp-24] game.exe+1A9C1F - 8B DA - mov ebx,edx game.exe+1A9C21 - 8B 89 E0030000 - mov ecx,[ecx+000003E0] game.exe+1A9C27 - BE FF0F0000 - mov esi,00000FFF { 4095 } game.exe+1A9C2C - 23 F3 - and esi,ebx game.exe+1A9C2E - 8B 79 24 - mov edi,[ecx+24] game.exe+1A9C31 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1A9C34 - 8B 49 24 - mov ecx,[ecx+24] game.exe+1A9C37 - 8B 3C DF - mov edi,[edi+ebx*8] game.exe+1A9C3A - 8B 7C 37 0C - mov edi,[edi+esi+0C] game.exe+1A9C3E - BB FF0F0000 - mov ebx,00000FFF { 4095 } game.exe+1A9C43 - 23 DF - and ebx,edi game.exe+1A9C45 - C1 EF 14 - shr edi,14 { 20 } game.exe+1A9C48 - 8B 0C F9 - mov ecx,[ecx+edi*8] game.exe+1A9C4B - 8D 54 0B 18 - lea edx,[ebx+ecx+18] game.exe+1A9C4F - 8B 12 - mov edx,[edx] game.exe+1A9C51 - 89 55 C8 - mov [ebp-38],edx game.exe+1A9C54 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1A9C57 - 8B 0D F44FCC00 - mov ecx,[game.exe+8C4FF4] { [1FB5B1C8] } game.exe+1A9C5D - 89 04 24 - mov [esp],eax game.exe+1A9C60 - BF 04000000 - mov edi,00000004 { 4 } game.exe+1A9C65 - 03 FC - add edi,esp game.exe+1A9C67 - 8D 75 C8 - lea esi,[ebp-38] game.exe+1A9C6A - 8B 36 - mov esi,[esi] game.exe+1A9C6C - 89 37 - mov [edi],esi game.exe+1A9C6E - E8 0D2C4F00 - call game.exe+69C880 game.exe+1A9C73 - C7 45 FC FFFFFFFF - mov [ebp-04],FFFFFFFF { -1 } game.exe+1A9C7A - 8B 45 D8 - mov eax,[ebp-28] game.exe+1A9C7D - 8B 4D F4 - mov ecx,[ebp-0C] game.exe+1A9C80 - 64 89 0D 00000000 - mov fs:[00000000],ecx { 0 } game.exe+1A9C87 - 8B 1C 24 - mov ebx,[esp] game.exe+1A9C8A - 8B 74 24 04 - mov esi,[esp+04] game.exe+1A9C8E - 8B 7C 24 08 - mov edi,[esp+08] game.exe+1A9C92 - 8B E5 - mov esp,ebp game.exe+1A9C94 - 5D - pop ebp game.exe+1A9C95 - C2 0C00 - ret 000C { 12 } Ссылка на комментарий Поделиться на другие сайты Поделиться
Garik66 Опубликовано 27 апреля, 2018 Поделиться Опубликовано 27 апреля, 2018 1 час назад, Strajder сказал: mov eax,00000FFF { 4095 } - Для чего? Этим можешь не париться - это расчет смещения. Тебя (для ресурсов должна интересовать только эти инструкции: game.exe+1A98A8 - 03 FA - add edi,edx game.exe+1A98AA - 66 89 3C 31 - mov [ecx+esi],di Отфильтровать нужные тебе ресурсы, скорее всего можно по esi. А скрипт, например на добавление ресурса, будет типа: Спойлер { Game : Процесс не выбран Version: Date : 2018-04-27 Author : Garik66 This script does blah blah blah } [ENABLE] aobscan(INJECT,03 FA 66 89 3C 31") // should be unique alloc(newmem,$1000,00400000) label(code) label(return) label(flag) // флаг добавлен, чтобы происходило один раз, это // на случай, если инструкция работает часто. registersymbol(INJECT) newmem: add edi,edx mov [ecx+esi],di cmp esi,x //(x - подобранный тобою фильтр) 1-ресурс je @f cmp esi,y //(y - подобранный тобою фильтр) 2-ресурс je @f // и т.д. jmp code @@: cmp [flag],1 jne code mov [flag],0 add word ptr [ecx+esi],#100 //значения у тебя в игре в двух байтах. code: jmp return flag: dd 1 INJECT: jmp newmem db 90 return: [DISABLE] INJECT: db 03 FA 66 89 3C 31 unregistersymbol(INJECT) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: 00400000 003FFFF6: - ?? 003FFFF7: - ?? 003FFFF8: - ?? 003FFFF9: - ?? 003FFFFA: - ?? 003FFFFB: - ?? 003FFFFC: - ?? 003FFFFD: - ?? 003FFFFE: - ?? 003FFFFF: - ?? // ---------- INJECTING HERE ---------- 00400000: - ?? 00400001: - ?? 00400002: - ?? 00400003: - ?? 00400004: - ?? // ---------- DONE INJECTING ---------- 00400005: - ?? 00400006: - ?? 00400007: - ?? 00400008: - ?? 00400009: - ?? 0040000A: - ?? 0040000B: - ?? 0040000C: - ?? 0040000D: - ?? 0040000E: - ?? } Скрипт будет работать разово: включил - ресурсы добавились, выключил, включил - снова добавились. Для удобства, можно зарегистрировать метку flag с помощью registersymbol , добавить в таблицу адрес flag и назначить Горячую клавишу. PS: более точнее написать скрипт можно будет только посмотрев как работает твоя инструкция. Просто уже увидел в своем скрипте не большую ошибку - нужно не много будет переписать место с flag. 1 Ссылка на комментарий Поделиться на другие сайты Поделиться
Strajder Опубликовано 27 апреля, 2018 Автор Поделиться Опубликовано 27 апреля, 2018 (изменено) Garik66 Спасибо за способ. Работает. Но тут есть что то еще... Получается что делая: cmp esi,a4 //a4 это esi 1 ресурса да ресурсы добавляются. Но в [ecx+esi] со временем набиваются значения которые потом обнуляются, список постоянно увеличивается. Тем самым команда add word ptr [ecx+esi],#100 забивает 100-ками не только нужные нам значения. Но там и другие гвозди. Есть ресурсы которые производятся. И собственно пока ты не купишь их у торговца или не постоишь предприятие производящие его, то адреса не появляются в инструкции которую мы смотрим. Можно конечно пойти по другому пути... Для этой игры есть коды. Собственно можно найти значения ресурсов. Поставить бряк и ввести код. Посмотреть какие инструкции срабатывают для записи всех ресурсов. Чет я совсем запутался.... Спойлер { Game : game.exe Version: Date : 2018-04-27 Author : Sumrak1988 This script does blah blah blah } [ENABLE] aobscanmodule(Resources,game.exe,03 FA 66 89 3C 31) // should be unique alloc(newmem,$1000) label(code) label(return) label(flag) newmem: add edi,edx mov [ecx+esi],di cmp esi,a4 //(x - подобранный тобою фильтр) 1-ресурс je @f jmp code @@: cmp [flag],1 jne code mov [flag],0 add word ptr [ecx+esi],#100 //значения у тебя в игре в двух байтах. code: add edi,edx mov [ecx+esi],di jmp return flag: dd 1 Resources: jmp newmem nop return: registersymbol(Resources) [DISABLE] Resources: db 03 FA 66 89 3C 31 unregistersymbol(Resources) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "game.exe"+1A98A8 "game.exe"+1A9887: 89 55 E0 - mov [ebp-20],edx "game.exe"+1A988A: 8B 51 24 - mov edx,[ecx+24] "game.exe"+1A988D: 8B 14 F2 - mov edx,[edx+esi*8] "game.exe"+1A9890: 8B 54 02 0C - mov edx,[edx+eax+0C] "game.exe"+1A9894: BE FF 0F 00 00 - mov esi,00000FFF "game.exe"+1A9899: 23 F2 - and esi,edx "game.exe"+1A989B: C1 EA 14 - shr edx,14 "game.exe"+1A989E: 8B 49 24 - mov ecx,[ecx+24] "game.exe"+1A98A1: 8B 0C D1 - mov ecx,[ecx+edx*8] "game.exe"+1A98A4: 0F B7 14 31 - movzx edx,word ptr [ecx+esi] // ---------- INJECTING HERE ---------- "game.exe"+1A98A8: 03 FA - add edi,edx "game.exe"+1A98AA: 66 89 3C 31 - mov [ecx+esi],di // ---------- DONE INJECTING ---------- "game.exe"+1A98AE: 8B 83 E0 03 00 00 - mov eax,[ebx+000003E0] "game.exe"+1A98B4: 8B 8B 74 01 00 00 - mov ecx,[ebx+00000174] "game.exe"+1A98BA: 8B 55 E0 - mov edx,[ebp-20] "game.exe"+1A98BD: 85 D2 - test edx,edx "game.exe"+1A98BF: 75 04 - jne game.exe+1A98C5 "game.exe"+1A98C1: 33 D2 - xor edx,edx "game.exe"+1A98C3: EB 44 - jmp game.exe+1A9909 "game.exe"+1A98C5: 8B 50 0C - mov edx,[eax+0C] "game.exe"+1A98C8: 8B 5D 08 - mov ebx,[ebp+08] "game.exe"+1A98CB: 8B 70 24 - mov esi,[eax+24] } Изменено 27 апреля, 2018 пользователем Strajder Ссылка на комментарий Поделиться на другие сайты Поделиться
Strajder Опубликовано 27 апреля, 2018 Автор Поделиться Опубликовано 27 апреля, 2018 Нашел включение/отключения чата для активации чит кодов. Спойлер game.exe+5841BE - 8B 0D 0425CE00 - mov ecx,[game.exe+8E2504] { [04DA4778] } game.exe+5841C4 - E8 B72AE8FF - call game.exe+406C80 game.exe+5841C9 - 3D 90010000 - cmp eax,00000190 { 400 } game.exe+5841CE - 74 22 - je game.exe+5841F2 game.exe+5841D0 - 8B FB - mov edi,ebx game.exe+5841D2 - 33 C0 - xor eax,eax game.exe+5841D4 - 8A 37 - mov dh,[edi] game.exe+5841D6 - 8B CF - mov ecx,edi game.exe+5841D8 - 84 F6 - test dh,dh game.exe+5841DA - 74 08 - je game.exe+5841E4 game.exe+5841DC - 41 - inc ecx game.exe+5841DD - 40 - inc eax game.exe+5841DE - 8A 11 - mov dl,[ecx] game.exe+5841E0 - 84 D2 - test dl,dl game.exe+5841E2 - 75 F8 - jne game.exe+5841DC game.exe+5841E4 - 83 F8 03 - cmp eax,03 { 3 } game.exe+5841E7 - 75 09 - jne game.exe+5841F2 game.exe+5841E9 - 80 3B 4E - cmp byte ptr [ebx],4E { 78 } game.exe+5841EC - 0F84 1E030000 - je game.exe+584510 ////////////////////////////////////////////////////////////////////////////////////////// game.exe+5841F2 - A0 6091CB00 - mov al,[game.exe+8B9160] { [00000001] } (Включение/отключения чата для активации чит кодов) ////////////////////////////////////////////////////////////////////////////////////////// game.exe+5841F7 - 84 C0 - test al,al game.exe+5841F9 - 0F84 34020000 - je game.exe+584433 game.exe+5841FF - BE E070DD00 - mov esi,game.exe+9D70E0 { ["happy hour"] } game.exe+584204 - 8B FB - mov edi,ebx game.exe+584206 - 8A 17 - mov dl,[edi] game.exe+584208 - 3A 16 - cmp dl,[esi] game.exe+58420A - 75 1A - jne game.exe+584226 game.exe+58420C - 0A D2 - or dl,dl game.exe+58420E - 74 12 - je game.exe+584222 game.exe+584210 - 8A 57 01 - mov dl,[edi+01] game.exe+584213 - 3A 56 01 - cmp dl,[esi+01] game.exe+584216 - 75 0E - jne game.exe+584226 game.exe+584218 - 83 C7 02 - add edi,02 { 2 } game.exe+58421B - 83 C6 02 - add esi,02 { 2 } game.exe+58421E - 0A D2 - or dl,dl game.exe+584220 - 75 E4 - jne game.exe+584206 game.exe+584222 - 33 C0 - xor eax,eax game.exe+584224 - EB 05 - jmp game.exe+58422B game.exe+584226 - 1B C0 - sbb eax,eax game.exe+584228 - 83 C8 01 - or eax,01 { 1 } game.exe+58422B - 85 C0 - test eax,eax game.exe+58422D - 0F84 6B010000 - je game.exe+58439E game.exe+584233 - BE C070DD00 - mov esi,game.exe+9D70C0 { ["toggle fog"] } game.exe+584238 - 8B FB - mov edi,ebx game.exe+58423A - 8A 17 - mov dl,[edi] game.exe+58423C - 3A 16 - cmp dl,[esi] game.exe+58423E - 75 1A - jne game.exe+58425A game.exe+584240 - 0A D2 - or dl,dl game.exe+584242 - 74 12 - je game.exe+584256 game.exe+584244 - 8A 57 01 - mov dl,[edi+01] game.exe+584247 - 3A 56 01 - cmp dl,[esi+01] game.exe+58424A - 75 0E - jne game.exe+58425A game.exe+58424C - 83 C7 02 - add edi,02 { 2 } game.exe+58424F - 83 C6 02 - add esi,02 { 2 } game.exe+584252 - 0A D2 - or dl,dl game.exe+584254 - 75 E4 - jne game.exe+58423A game.exe+584256 - 33 C0 - xor eax,eax game.exe+584258 - EB 05 - jmp game.exe+58425F game.exe+58425A - 1B C0 - sbb eax,eax game.exe+58425C - 83 C8 01 - or eax,01 { 1 } game.exe+58425F - 85 C0 - test eax,eax game.exe+584261 - 0F84 B3000000 - je game.exe+58431A game.exe+584267 - BE A070DD00 - mov esi,game.exe+9D70A0 { ["nice gift"] } game.exe+58426C - 8B FB - mov edi,ebx game.exe+58426E - 8A 17 - mov dl,[edi] game.exe+584270 - 3A 16 - cmp dl,[esi] game.exe+584272 - 75 1A - jne game.exe+58428E game.exe+584274 - 0A D2 - or dl,dl game.exe+584276 - 74 12 - je game.exe+58428A game.exe+584278 - 8A 57 01 - mov dl,[edi+01] game.exe+58427B - 3A 56 01 - cmp dl,[esi+01] game.exe+58427E - 75 0E - jne game.exe+58428E game.exe+584280 - 83 C7 02 - add edi,02 { 2 } game.exe+584283 - 83 C6 02 - add esi,02 { 2 } game.exe+584286 - 0A D2 - or dl,dl game.exe+584288 - 75 E4 - jne game.exe+58426E game.exe+58428A - 33 C0 - xor eax,eax game.exe+58428C - EB 05 - jmp game.exe+584293 game.exe+58428E - 1B C0 - sbb eax,eax game.exe+584290 - 83 C8 01 - or eax,01 { 1 } game.exe+584293 - 85 C0 - test eax,eax game.exe+584295 - 0F85 98010000 - jne game.exe+584433 game.exe+58429B - 8B 4D E4 - mov ecx,[ebp-1C] game.exe+58429E - 8B 41 70 - mov eax,[ecx+70] game.exe+5842A1 - 8B 88 18040000 - mov ecx,[eax+00000418] game.exe+5842A7 - 0FB6 90 D9020000 - movzx edx,byte ptr [eax+000002D9] game.exe+5842AE - 2B 88 14040000 - sub ecx,[eax+00000414] game.exe+5842B4 - C1 F9 02 - sar ecx,02 { 2 } game.exe+5842B7 - 3B CA - cmp ecx,edx game.exe+5842B9 - 0F87 20080000 - ja game.exe+584ADF game.exe+5842BF - 33 C0 - xor eax,eax game.exe+5842C1 - 89 45 C8 - mov [ebp-38],eax game.exe+5842C4 - 85 C0 - test eax,eax game.exe+5842C6 - 0F85 90020000 - jne game.exe+58455C game.exe+5842CC - 83 C4 F0 - add esp,-10 { 240 } game.exe+5842CF - C7 04 24 3C000000 - mov [esp],0000003C { 60 } game.exe+5842D6 - C7 44 24 04 18000000 - mov [esp+04],00000018 { 24 } game.exe+5842DE - C7 44 24 08 00000000 - mov [esp+08],00000000 { 0 } game.exe+5842E6 - C7 44 24 0C 01000000 - mov [esp+0C],00000001 { 1 } game.exe+5842EE - E8 CD55D6FF - call game.exe+2E98C0 game.exe+5842F3 - 83 C4 10 - add esp,10 { 16 } game.exe+5842F6 - C7 45 FC FFFFFFFF - mov [ebp-04],FFFFFFFF { -1 } game.exe+5842FD - 33 C0 - xor eax,eax game.exe+5842FF - 8B 4D F4 - mov ecx,[ebp-0C] game.exe+584302 - 64 89 0D 00000000 - mov fs:[00000000],ecx { 0 } game.exe+584309 - 8B 1C 24 - mov ebx,[esp] game.exe+58430C - 8B 74 24 04 - mov esi,[esp+04] game.exe+584310 - 8B 7C 24 08 - mov edi,[esp+08] game.exe+584314 - 8B E5 - mov esp,ebp game.exe+584316 - 5D - pop ebp game.exe+584317 - C2 0400 - ret 0004 { 4 } game.exe+58431A - 8B 55 E4 - mov edx,[ebp-1C] game.exe+58431D - 8B 42 70 - mov eax,[edx+70] game.exe+584320 - 0FB6 90 D9020000 - movzx edx,byte ptr [eax+000002D9] game.exe+584327 - 0FB6 0D 28D4CC00 - movzx ecx,byte ptr [game.exe+8CD428] { [00000000] } game.exe+58432E - 33 DB - xor ebx,ebx game.exe+584330 - 3B CA - cmp ecx,edx game.exe+584332 - 0F94 C3 - sete bl game.exe+584335 - 0FBE DB - movsx ebx,bl game.exe+584338 - 85 DB - test ebx,ebx game.exe+58433A - 74 09 - je game.exe+584345 game.exe+58433C - C6 05 28D4CC00 00 - mov byte ptr [game.exe+8CD428],00 { [00000000] } game.exe+584343 - EB 0B - jmp game.exe+584350 game.exe+584345 - 8A 80 D9020000 - mov al,[eax+000002D9] game.exe+58434B - A2 28D4CC00 - mov [game.exe+8CD428],al { [00000000] } game.exe+584350 - 83 C4 F0 - add esp,-10 { 240 } game.exe+584353 - C7 04 24 3C000000 - mov [esp],0000003C { 60 } game.exe+58435A - C7 44 24 04 02010000 - mov [esp+04],00000102 { 258 } game.exe+584362 - C7 44 24 08 00000000 - mov [esp+08],00000000 { 0 } game.exe+58436A - C7 44 24 0C 01000000 - mov [esp+0C],00000001 { 1 } game.exe+584372 - E8 4955D6FF - call game.exe+2E98C0 game.exe+584377 - 83 C4 10 - add esp,10 { 16 } game.exe+58437A - C7 45 FC FFFFFFFF - mov [ebp-04],FFFFFFFF { -1 } game.exe+584381 - 33 C0 - xor eax,eax game.exe+584383 - 8B 4D F4 - mov ecx,[ebp-0C] game.exe+584386 - 64 89 0D 00000000 - mov fs:[00000000],ecx { 0 } game.exe+58438D - 8B 1C 24 - mov ebx,[esp] game.exe+584390 - 8B 74 24 04 - mov esi,[esp+04] game.exe+584394 - 8B 7C 24 08 - mov edi,[esp+08] game.exe+584398 - 8B E5 - mov esp,ebp game.exe+58439A - 5D - pop ebp game.exe+58439B - C2 0400 - ret 0004 { 4 } game.exe+58439E - 8B 45 E4 - mov eax,[ebp-1C] game.exe+5843A1 - 8B 48 70 - mov ecx,[eax+70] game.exe+5843A4 - 8A 81 D9020000 - mov al,[ecx+000002D9] game.exe+5843AA - 88 45 98 - mov [ebp-68],al game.exe+5843AD - 8A 81 D9020000 - mov al,[ecx+000002D9] game.exe+5843B3 - 88 45 9C - mov [ebp-64],al game.exe+5843B6 - 83 C4 F4 - add esp,-0C { 244 } game.exe+5843B9 - 8B FC - mov edi,esp game.exe+5843BB - 8D 75 98 - lea esi,[ebp-68] game.exe+5843BE - 8A 06 - mov al,[esi] game.exe+5843C0 - 88 07 - mov [edi],al game.exe+5843C2 - BF 04000000 - mov edi,00000004 { 4 } game.exe+5843C7 - 03 FC - add edi,esp game.exe+5843C9 - 8D 75 9C - lea esi,[ebp-64] game.exe+5843CC - 8A 06 - mov al,[esi] game.exe+5843CE - 88 07 - mov [edi],al game.exe+5843D0 - C7 44 24 08 01000000 - mov [esp+08],00000001 { 1 } game.exe+5843D8 - E8 9338C2FF - call game.exe+1A7C70 game.exe+5843DD - EB 54 - jmp game.exe+584433 game.exe+5843DF - B8 01000000 - mov eax,00000001 { 1 } game.exe+5843E4 - A2 6091CB00 - mov [game.exe+8B9160],al { [00000001] } game.exe+5843E9 - 83 C4 F0 - add esp,-10 { 240 } game.exe+5843EC - C7 04 24 3C000000 - mov [esp],0000003C { 60 } game.exe+5843F3 - C7 44 24 04 2B000000 - mov [esp+04],0000002B { 43 } game.exe+5843FB - C7 44 24 08 00000000 - mov [esp+08],00000000 { 0 } game.exe+584403 - 89 44 24 0C - mov [esp+0C],eax game.exe+584407 - E8 B454D6FF - call game.exe+2E98C0 game.exe+58440C - 83 C4 10 - add esp,10 { 16 } game.exe+58440F - C7 45 FC FFFFFFFF - mov [ebp-04],FFFFFFFF { -1 } game.exe+584416 - 33 C0 - xor eax,eax game.exe+584418 - 8B 4D F4 - mov ecx,[ebp-0C] game.exe+58441B - 64 89 0D 00000000 - mov fs:[00000000],ecx { 0 } game.exe+584422 - 8B 1C 24 - mov ebx,[esp] game.exe+584425 - 8B 74 24 04 - mov esi,[esp+04] game.exe+584429 - 8B 7C 24 08 - mov edi,[esp+08] game.exe+58442D - 8B E5 - mov esp,ebp game.exe+58442F - 5D - pop ebp game.exe+584430 - C2 0400 - ret 0004 { 4 } game.exe+584433 - C7 45 FC FFFFFFFF - mov [ebp-04],FFFFFFFF { -1 } game.exe+58443A - B8 01000000 - mov eax,00000001 { 1 } game.exe+58443F - 8B 4D F4 - mov ecx,[ebp-0C] game.exe+584442 - 64 89 0D 00000000 - mov fs:[00000000],ecx { 0 } game.exe+584449 - 8B 1C 24 - mov ebx,[esp] game.exe+58444C - 8B 74 24 04 - mov esi,[esp+04] game.exe+584450 - 8B 7C 24 08 - mov edi,[esp+08] game.exe+584454 - 8B E5 - mov esp,ebp game.exe+584456 - 5D - pop ebp game.exe+584457 - C2 0400 - ret 0004 { 4 } Ссылка на комментарий Поделиться на другие сайты Поделиться
Strajder Опубликовано 27 апреля, 2018 Автор Поделиться Опубликовано 27 апреля, 2018 При вводе кода на ресурсы (NIce gift) 4-ре инструкции: 1) 005B8C48 - 8B 52 24 - mov edx,[edx+24] 005B8C4B - 8B 14 DA - mov edx,[edx+ebx*8] 005B8C4E - 0FB7 04 0A - movzx eax,word ptr [edx+ecx] << 005B8C52 - C7 45 FC FFFFFFFF - mov [ebp-04],FFFFFFFF 005B8C59 - 8B 4D F4 - mov ecx,[ebp-0C] EAX=00000008 EBX=000000B9 ECX=000003EC EDX=05988000 ESI=01900240 EDI=00000360 ESP=0019EA4C EBP=0019EA98 EIP=005B8C52 2) 005A989E - 8B 49 24 - mov ecx,[ecx+24] 005A98A1 - 8B 0C D1 - mov ecx,[ecx+edx*8] 005A98A4 - 0FB7 14 31 - movzx edx,word ptr [ecx+esi] << 005A98A8 - 03 FA - add edi,edx 005A98AA - 66 89 3C 31 - mov [ecx+esi],di EAX=0000039C EBX=0562B040 ECX=05988000 EDX=00000008 ESI=000003EC EDI=00000064 ESP=0019EA08 EBP=0019EA94 EIP=005A98A8 3) 005A98A4 - 0FB7 14 31 - movzx edx,word ptr [ecx+esi] 005A98A8 - 03 FA - add edi,edx 005A98AA - 66 89 3C 31 - mov [ecx+esi],di << 005A98AE - 8B 83 E0030000 - mov eax,[ebx+000003E0] 005A98B4 - 8B 8B 74010000 - mov ecx,[ebx+00000174] EAX=0000039C EBX=0562B040 ECX=05988000 EDX=00000008 ESI=000003EC EDI=0000006C ESP=0019EA08 EBP=0019EA94 EIP=005A98AE 4) 005B723F - 8B 48 24 - mov ecx,[eax+24] 005B7242 - 8B 0C D9 - mov ecx,[ecx+ebx*8] 005B7245 - 0FB7 0C 11 - movzx ecx,word ptr [ecx+edx] << 005B7249 - 03 F9 - add edi,ecx 005B724B - 89 7D AC - mov [ebp-54],edi EAX=0FC4C910 EBX=000000B9 ECX=0000006C EDX=000003EC ESI=0562B040 EDI=00000000 ESP=0019E8A4 EBP=0019E948 EIP=005B7249 Ссылка на комментарий Поделиться на другие сайты Поделиться
Strajder Опубликовано 27 апреля, 2018 Автор Поделиться Опубликовано 27 апреля, 2018 Нашел адреса без мусора. Но там так же появляются значения закрытых ресурсов после их покупки или постройки. До этого только адреса имеющихся ресурсов. Был бы очень признателен. Хотя бы за догадку как можно посмотреть от чего они появляются. (адреса) скрипт на ресурсы: Спойлер { Game : game.exe Version: Date : 2018-04-27 Author : Sumrak1988 This script does blah blah blah } [ENABLE] aobscanmodule(RESOURCES,game.exe,0F B7 0C 11 03 F9) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(RESOURCES) newmem: mov word ptr [ecx+edx],#200 code: movzx ecx,word ptr [ecx+edx] add edi,ecx jmp return RESOURCES: jmp newmem db 90 return: [DISABLE] RESOURCES: db 0F B7 0C 11 03 F9 unregistersymbol(RESOURCES) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "game.exe"+1B7245 "game.exe"+1B7225: C1 EA 14 - shr edx,14 "game.exe"+1B7228: 89 5D E4 - mov [ebp-1C],ebx "game.exe"+1B722B: 8B 58 24 - mov ebx,[eax+24] "game.exe"+1B722E: 8B 1C D3 - mov ebx,[ebx+edx*8] "game.exe"+1B7231: 8B 5C 0B 0C - mov ebx,[ebx+ecx+0C] "game.exe"+1B7235: BA FF 0F 00 00 - mov edx,00000FFF "game.exe"+1B723A: 23 D3 - and edx,ebx "game.exe"+1B723C: C1 EB 14 - shr ebx,14 "game.exe"+1B723F: 8B 48 24 - mov ecx,[eax+24] "game.exe"+1B7242: 8B 0C D9 - mov ecx,[ecx+ebx*8] // ---------- INJECTING HERE ---------- "game.exe"+1B7245: 0F B7 0C 11 - movzx ecx,word ptr [ecx+edx] "game.exe"+1B7249: 03 F9 - add edi,ecx // ---------- DONE INJECTING ---------- "game.exe"+1B724B: 89 7D AC - mov [ebp-54],edi "game.exe"+1B724E: 8B 8E 74 01 00 00 - mov ecx,[esi+00000174] "game.exe"+1B7254: 8B 5D E4 - mov ebx,[ebp-1C] "game.exe"+1B7257: E9 CD F7 FF FF - jmp game.exe+1B6A29 "game.exe"+1B725C: 8B 55 E0 - mov edx,[ebp-20] "game.exe"+1B725F: 8B 8A 74 01 00 00 - mov ecx,[edx+00000174] "game.exe"+1B7265: E9 BF F7 FF FF - jmp game.exe+1B6A29 "game.exe"+1B726A: 83 C4 F8 - add esp,-08 "game.exe"+1B726D: 8D 45 8C - lea eax,[ebp-74] "game.exe"+1B7270: C7 45 8C 14 00 00 00 - mov [ebp-74],00000014 } Спойлер game.exe+1B67A0 - 55 - push ebp game.exe+1B67A1 - 8B EC - mov ebp,esp game.exe+1B67A3 - 6A FF - push -01 { 255 } game.exe+1B67A5 - 68 D0725B00 - push game.exe+1B72D0 { [D32B10B8] } game.exe+1B67AA - 64 A1 00000000 - mov eax,fs:[00000000] { 0 } game.exe+1B67B0 - 50 - push eax game.exe+1B67B1 - 64 89 25 00000000 - mov fs:[00000000],esp { 0 } game.exe+1B67B8 - 81 EC 98000000 - sub esp,00000098 { 152 } game.exe+1B67BE - 89 7C 24 08 - mov [esp+08],edi game.exe+1B67C2 - 89 74 24 04 - mov [esp+04],esi game.exe+1B67C6 - 89 1C 24 - mov [esp],ebx game.exe+1B67C9 - 89 65 F0 - mov [ebp-10],esp game.exe+1B67CC - 89 4D E0 - mov [ebp-20],ecx game.exe+1B67CF - C7 45 FC 00000000 - mov [ebp-04],00000000 { 0 } game.exe+1B67D6 - 8B 45 10 - mov eax,[ebp+10] game.exe+1B67D9 - 89 45 B4 - mov [ebp-4C],eax game.exe+1B67DC - 33 D2 - xor edx,edx game.exe+1B67DE - 89 55 AC - mov [ebp-54],edx game.exe+1B67E1 - C7 00 00000000 - mov [eax],00000000 { 0 } game.exe+1B67E7 - C7 45 FC 01000000 - mov [ebp-04],00000001 { 1 } game.exe+1B67EE - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B67F1 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B67F9 - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6800 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B6806 - 85 C0 - test eax,eax game.exe+1B6808 - 0F84 91000000 - je game.exe+1B689F game.exe+1B680E - 33 DB - xor ebx,ebx game.exe+1B6810 - 8B 35 0073C600 - mov esi,[game.exe+867300] { [0000001E] } game.exe+1B6816 - A1 2073C600 - mov eax,[game.exe+867320] { [00000000] } game.exe+1B681B - 85 F6 - test esi,esi game.exe+1B681D - C7 45 84 11000000 - mov [ebp-7C],00000011 { 17 } game.exe+1B6824 - 0F86 6C040000 - jbe game.exe+1B6C96 game.exe+1B682A - D1 E8 - shr eax,1 game.exe+1B682C - 33 FF - xor edi,edi game.exe+1B682E - 89 45 D0 - mov [ebp-30],eax game.exe+1B6831 - 8B 45 D0 - mov eax,[ebp-30] game.exe+1B6834 - 3B F8 - cmp edi,eax game.exe+1B6836 - 72 09 - jb game.exe+1B6841 game.exe+1B6838 - A1 4074C600 - mov eax,[game.exe+867440] { [00000000] } game.exe+1B683D - 85 C0 - test eax,eax game.exe+1B683F - 74 32 - je game.exe+1B6873 game.exe+1B6841 - 8B 45 84 - mov eax,[ebp-7C] game.exe+1B6844 - 8B 55 84 - mov edx,[ebp-7C] game.exe+1B6847 - 0FAF D0 - imul edx,eax game.exe+1B684A - 89 55 84 - mov [ebp-7C],edx game.exe+1B684D - 8B 45 84 - mov eax,[ebp-7C] game.exe+1B6850 - 8B 55 84 - mov edx,[ebp-7C] game.exe+1B6853 - 0FAF D0 - imul edx,eax game.exe+1B6856 - 89 55 84 - mov [ebp-7C],edx game.exe+1B6859 - 8B 45 84 - mov eax,[ebp-7C] game.exe+1B685C - 8B 55 84 - mov edx,[ebp-7C] game.exe+1B685F - 0FAF D0 - imul edx,eax game.exe+1B6862 - 89 55 84 - mov [ebp-7C],edx game.exe+1B6865 - 8B 45 84 - mov eax,[ebp-7C] game.exe+1B6868 - 8B 55 84 - mov edx,[ebp-7C] game.exe+1B686B - 0FAF D0 - imul edx,eax game.exe+1B686E - 89 55 84 - mov [ebp-7C],edx game.exe+1B6871 - EB 20 - jmp game.exe+1B6893 game.exe+1B6873 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6876 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B687E - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6885 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B688B - 85 C0 - test eax,eax game.exe+1B688D - 0F84 67040000 - je game.exe+1B6CFA game.exe+1B6893 - 43 - inc ebx game.exe+1B6894 - 8B FB - mov edi,ebx game.exe+1B6896 - 3B F3 - cmp esi,ebx game.exe+1B6898 - 77 97 - ja game.exe+1B6831 game.exe+1B689A - E9 F7030000 - jmp game.exe+1B6C96 game.exe+1B689F - C7 45 FC 03000000 - mov [ebp-04],00000003 { 3 } game.exe+1B68A6 - A1 A473C600 - mov eax,[game.exe+8673A4] { [0D312640] } game.exe+1B68AB - 85 C0 - test eax,eax game.exe+1B68AD - 0F84 B7090000 - je game.exe+1B726A game.exe+1B68B3 - 8B 10 - mov edx,[eax] game.exe+1B68B5 - 89 15 A473C600 - mov [game.exe+8673A4],edx { [0D3088A8] } game.exe+1B68BB - 8B 55 0C - mov edx,[ebp+0C] game.exe+1B68BE - 89 55 B0 - mov [ebp-50],edx game.exe+1B68C1 - C7 45 FC 01000000 - mov [ebp-04],00000001 { 1 } game.exe+1B68C8 - C7 05 4074C600 00000000 - mov [game.exe+867440],00000000 { [00000000] } game.exe+1B68D2 - 89 45 90 - mov [ebp-70],eax game.exe+1B68D5 - 89 00 - mov [eax],eax game.exe+1B68D7 - 8B 55 90 - mov edx,[ebp-70] game.exe+1B68DA - 89 52 04 - mov [edx+04],edx game.exe+1B68DD - C7 45 FC 04000000 - mov [ebp-04],00000004 { 4 } game.exe+1B68E4 - C7 45 FC 01000000 - mov [ebp-04],00000001 { 1 } game.exe+1B68EB - C7 45 FC 00000000 - mov [ebp-04],00000000 { 0 } game.exe+1B68F2 - C7 45 FC 05000000 - mov [ebp-04],00000005 { 5 } game.exe+1B68F9 - 8B 4D E0 - mov ecx,[ebp-20] game.exe+1B68FC - 8B 45 08 - mov eax,[ebp+08] game.exe+1B68FF - 83 C4 F4 - add esp,-0C { 244 } game.exe+1B6902 - 8D 55 90 - lea edx,[ebp-70] game.exe+1B6905 - 89 14 24 - mov [esp],edx game.exe+1B6908 - C7 44 24 04 EA030000 - mov [esp+04],000003EA { 1002 } game.exe+1B6910 - 89 44 24 08 - mov [esp+08],eax game.exe+1B6914 - E8 37080600 - call game.exe+217150 game.exe+1B6919 - 8B 45 90 - mov eax,[ebp-70] game.exe+1B691C - 8B 10 - mov edx,[eax] game.exe+1B691E - 89 55 DC - mov [ebp-24],edx game.exe+1B6921 - 33 C9 - xor ecx,ecx game.exe+1B6923 - 3B D0 - cmp edx,eax game.exe+1B6925 - 0F94 C1 - sete cl game.exe+1B6928 - 0FBE C9 - movsx ecx,cl game.exe+1B692B - 85 C9 - test ecx,ecx game.exe+1B692D - 0F85 FF040000 - jne game.exe+1B6E32 game.exe+1B6933 - 8B 5D DC - mov ebx,[ebp-24] game.exe+1B6936 - 8B 75 E0 - mov esi,[ebp-20] game.exe+1B6939 - 8B 53 08 - mov edx,[ebx+08] game.exe+1B693C - 8B 86 E0030000 - mov eax,[esi+000003E0] game.exe+1B6942 - 85 D2 - test edx,edx game.exe+1B6944 - 8B 8E 74010000 - mov ecx,[esi+00000174] game.exe+1B694A - 75 04 - jne game.exe+1B6950 game.exe+1B694C - 33 DB - xor ebx,ebx game.exe+1B694E - EB 46 - jmp game.exe+1B6996 game.exe+1B6950 - 8B 78 24 - mov edi,[eax+24] game.exe+1B6953 - 8B D9 - mov ebx,ecx game.exe+1B6955 - C1 E3 04 - shl ebx,04 { 4 } game.exe+1B6958 - 8B F1 - mov esi,ecx game.exe+1B695A - C1 E6 05 - shl esi,05 { 5 } game.exe+1B695D - 03 DE - add ebx,esi game.exe+1B695F - 8B F2 - mov esi,edx game.exe+1B6961 - 8B 50 0C - mov edx,[eax+0C] game.exe+1B6964 - 03 74 1A 0C - add esi,[edx+ebx+0C] game.exe+1B6968 - 89 5D E4 - mov [ebp-1C],ebx game.exe+1B696B - 8B DE - mov ebx,esi game.exe+1B696D - C1 EB 14 - shr ebx,14 { 20 } game.exe+1B6970 - 8B 3C DF - mov edi,[edi+ebx*8] game.exe+1B6973 - BB FF0F0000 - mov ebx,00000FFF { 4095 } game.exe+1B6978 - 23 DE - and ebx,esi game.exe+1B697A - 89 75 E8 - mov [ebp-18],esi game.exe+1B697D - 8B 34 1F - mov esi,[edi+ebx] game.exe+1B6980 - 8B 7D E8 - mov edi,[ebp-18] game.exe+1B6983 - 3B F7 - cmp esi,edi game.exe+1B6985 - 8B 5D E4 - mov ebx,[ebp-1C] game.exe+1B6988 - 75 04 - jne game.exe+1B698E game.exe+1B698A - 33 DB - xor ebx,ebx game.exe+1B698C - EB 08 - jmp game.exe+1B6996 game.exe+1B698E - 8B 54 1A 10 - mov edx,[edx+ebx+10] game.exe+1B6992 - 8B DE - mov ebx,esi game.exe+1B6994 - 2B DA - sub ebx,edx game.exe+1B6996 - 85 DB - test ebx,ebx game.exe+1B6998 - 0F84 94030000 - je game.exe+1B6D32 game.exe+1B699E - 8B 75 E0 - mov esi,[ebp-20] game.exe+1B69A1 - 85 DB - test ebx,ebx game.exe+1B69A3 - 8B 96 04010000 - mov edx,[esi+00000104] game.exe+1B69A9 - 75 04 - jne game.exe+1B69AF game.exe+1B69AB - 33 D2 - xor edx,edx game.exe+1B69AD - EB 46 - jmp game.exe+1B69F5 game.exe+1B69AF - 8B 70 24 - mov esi,[eax+24] game.exe+1B69B2 - 8B FA - mov edi,edx game.exe+1B69B4 - C1 E7 04 - shl edi,04 { 4 } game.exe+1B69B7 - C1 E2 05 - shl edx,05 { 5 } game.exe+1B69BA - 03 FA - add edi,edx game.exe+1B69BC - 8B 50 0C - mov edx,[eax+0C] game.exe+1B69BF - 89 4D E4 - mov [ebp-1C],ecx game.exe+1B69C2 - 8B CB - mov ecx,ebx game.exe+1B69C4 - 03 4C 3A 10 - add ecx,[edx+edi+10] game.exe+1B69C8 - 89 7D E8 - mov [ebp-18],edi game.exe+1B69CB - 8B F9 - mov edi,ecx game.exe+1B69CD - C1 EF 14 - shr edi,14 { 20 } game.exe+1B69D0 - 81 E1 FF0F0000 - and ecx,00000FFF { 4095 } game.exe+1B69D6 - 8B 34 FE - mov esi,[esi+edi*8] game.exe+1B69D9 - 8B 74 0E 08 - mov esi,[esi+ecx+08] game.exe+1B69DD - 85 F6 - test esi,esi game.exe+1B69DF - 8B 4D E4 - mov ecx,[ebp-1C] game.exe+1B69E2 - 8B 7D E8 - mov edi,[ebp-18] game.exe+1B69E5 - 74 0C - je game.exe+1B69F3 game.exe+1B69E7 - 8B 54 3A 0C - mov edx,[edx+edi+0C] game.exe+1B69EB - 8B FA - mov edi,edx game.exe+1B69ED - 8B D6 - mov edx,esi game.exe+1B69EF - 2B D7 - sub edx,edi game.exe+1B69F1 - EB 02 - jmp game.exe+1B69F5 game.exe+1B69F3 - 33 D2 - xor edx,edx game.exe+1B69F5 - 8B 75 08 - mov esi,[ebp+08] game.exe+1B69F8 - 3B D6 - cmp edx,esi game.exe+1B69FA - 75 2D - jne game.exe+1B6A29 game.exe+1B69FC - 8B 4D E0 - mov ecx,[ebp-20] game.exe+1B69FF - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6A02 - 89 1C 24 - mov [esp],ebx game.exe+1B6A05 - C7 44 24 04 08000000 - mov [esp+04],00000008 { 8 } game.exe+1B6A0D - E8 9E3C0600 - call game.exe+21A6B0 game.exe+1B6A12 - 85 C0 - test eax,eax game.exe+1B6A14 - 0F84 8D000000 - je game.exe+1B6AA7 game.exe+1B6A1A - 8B 55 E0 - mov edx,[ebp-20] game.exe+1B6A1D - 8B 82 E0030000 - mov eax,[edx+000003E0] game.exe+1B6A23 - 8B 8A 74010000 - mov ecx,[edx+00000174] game.exe+1B6A29 - 85 DB - test ebx,ebx game.exe+1B6A2B - 75 04 - jne game.exe+1B6A31 game.exe+1B6A2D - 33 DB - xor ebx,ebx game.exe+1B6A2F - EB 69 - jmp game.exe+1B6A9A game.exe+1B6A31 - 8B 78 0C - mov edi,[eax+0C] game.exe+1B6A34 - 8B 50 24 - mov edx,[eax+24] game.exe+1B6A37 - 8B F1 - mov esi,ecx game.exe+1B6A39 - C1 E6 04 - shl esi,04 { 4 } game.exe+1B6A3C - 89 45 E4 - mov [ebp-1C],eax game.exe+1B6A3F - 8B C1 - mov eax,ecx game.exe+1B6A41 - C1 E0 05 - shl eax,05 { 5 } game.exe+1B6A44 - 03 F0 - add esi,eax game.exe+1B6A46 - 8B 74 37 10 - mov esi,[edi+esi+10] game.exe+1B6A4A - 8B FB - mov edi,ebx game.exe+1B6A4C - 03 FE - add edi,esi game.exe+1B6A4E - B8 FF0F0000 - mov eax,00000FFF { 4095 } game.exe+1B6A53 - 23 C7 - and eax,edi game.exe+1B6A55 - C1 EF 14 - shr edi,14 { 20 } game.exe+1B6A58 - 8B 14 FA - mov edx,[edx+edi*8] game.exe+1B6A5B - 8B FA - mov edi,edx game.exe+1B6A5D - 8B 14 02 - mov edx,[edx+eax] game.exe+1B6A60 - 3B 54 07 08 - cmp edx,[edi+eax+08] game.exe+1B6A64 - 8B 45 E4 - mov eax,[ebp-1C] game.exe+1B6A67 - 74 2F - je game.exe+1B6A98 game.exe+1B6A69 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1B6A6C - 8B 78 24 - mov edi,[eax+24] game.exe+1B6A6F - 8B 7C DF 04 - mov edi,[edi+ebx*8+04] game.exe+1B6A73 - C1 E7 06 - shl edi,06 { 6 } game.exe+1B6A76 - 8B 18 - mov ebx,[eax] game.exe+1B6A78 - 8B 5C 3B 10 - mov ebx,[ebx+edi+10] game.exe+1B6A7C - 8B 78 64 - mov edi,[eax+64] game.exe+1B6A7F - C1 E7 06 - shl edi,06 { 6 } game.exe+1B6A82 - 89 75 E4 - mov [ebp-1C],esi game.exe+1B6A85 - 8B 30 - mov esi,[eax] game.exe+1B6A87 - 03 5C 37 08 - add ebx,[edi+esi+08] game.exe+1B6A8B - 3B D3 - cmp edx,ebx game.exe+1B6A8D - 8B 75 E4 - mov esi,[ebp-1C] game.exe+1B6A90 - 74 06 - je game.exe+1B6A98 game.exe+1B6A92 - 8B DA - mov ebx,edx game.exe+1B6A94 - 2B DE - sub ebx,esi game.exe+1B6A96 - EB 02 - jmp game.exe+1B6A9A game.exe+1B6A98 - 33 DB - xor ebx,ebx game.exe+1B6A9A - 85 DB - test ebx,ebx game.exe+1B6A9C - 0F85 FCFEFFFF - jne game.exe+1B699E game.exe+1B6AA2 - E9 83020000 - jmp game.exe+1B6D2A game.exe+1B6AA7 - 8B 4D E0 - mov ecx,[ebp-20] game.exe+1B6AAA - 85 DB - test ebx,ebx game.exe+1B6AAC - 8B 81 E0030000 - mov eax,[ecx+000003E0] game.exe+1B6AB2 - 8B 91 74010000 - mov edx,[ecx+00000174] game.exe+1B6AB8 - 75 04 - jne game.exe+1B6ABE game.exe+1B6ABA - 33 D2 - xor edx,edx game.exe+1B6ABC - EB 42 - jmp game.exe+1B6B00 game.exe+1B6ABE - 8B 78 24 - mov edi,[eax+24] game.exe+1B6AC1 - 8B CA - mov ecx,edx game.exe+1B6AC3 - C1 E1 04 - shl ecx,04 { 4 } game.exe+1B6AC6 - C1 E2 05 - shl edx,05 { 5 } game.exe+1B6AC9 - 8B F1 - mov esi,ecx game.exe+1B6ACB - 03 F2 - add esi,edx game.exe+1B6ACD - 8B 50 0C - mov edx,[eax+0C] game.exe+1B6AD0 - 8B CB - mov ecx,ebx game.exe+1B6AD2 - 03 4C 32 10 - add ecx,[edx+esi+10] game.exe+1B6AD6 - 89 75 E4 - mov [ebp-1C],esi game.exe+1B6AD9 - 8B F1 - mov esi,ecx game.exe+1B6ADB - C1 EE 14 - shr esi,14 { 20 } game.exe+1B6ADE - 81 E1 FF0F0000 - and ecx,00000FFF { 4095 } game.exe+1B6AE4 - 8B 3C F7 - mov edi,[edi+esi*8] game.exe+1B6AE7 - 8B 4C 0F 08 - mov ecx,[edi+ecx+08] game.exe+1B6AEB - 85 C9 - test ecx,ecx game.exe+1B6AED - 8B 75 E4 - mov esi,[ebp-1C] game.exe+1B6AF0 - 74 0C - je game.exe+1B6AFE game.exe+1B6AF2 - 8B 54 32 0C - mov edx,[edx+esi+0C] game.exe+1B6AF6 - 8B FA - mov edi,edx game.exe+1B6AF8 - 8B D1 - mov edx,ecx game.exe+1B6AFA - 2B D7 - sub edx,edi game.exe+1B6AFC - EB 02 - jmp game.exe+1B6B00 game.exe+1B6AFE - 33 D2 - xor edx,edx game.exe+1B6B00 - 8B 4D E0 - mov ecx,[ebp-20] game.exe+1B6B03 - 8B 75 B4 - mov esi,[ebp-4C] game.exe+1B6B06 - BF FF0F0000 - mov edi,00000FFF { 4095 } game.exe+1B6B0B - 23 FA - and edi,edx game.exe+1B6B0D - C1 EA 14 - shr edx,14 { 20 } game.exe+1B6B10 - 89 5D E4 - mov [ebp-1C],ebx game.exe+1B6B13 - 8B 58 24 - mov ebx,[eax+24] game.exe+1B6B16 - 8B 1C D3 - mov ebx,[ebx+edx*8] game.exe+1B6B19 - 8B 5C 3B 0C - mov ebx,[ebx+edi+0C] game.exe+1B6B1D - BF FF0F0000 - mov edi,00000FFF { 4095 } game.exe+1B6B22 - 23 FB - and edi,ebx game.exe+1B6B24 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1B6B27 - 8B 40 24 - mov eax,[eax+24] game.exe+1B6B2A - 8B 04 D8 - mov eax,[eax+ebx*8] game.exe+1B6B2D - 0FB7 44 38 38 - movzx eax,word ptr [eax+edi+38] game.exe+1B6B32 - 01 06 - add [esi],eax game.exe+1B6B34 - 8B 81 E0030000 - mov eax,[ecx+000003E0] game.exe+1B6B3A - 8B 89 20010000 - mov ecx,[ecx+00000120] game.exe+1B6B40 - 89 4D D4 - mov [ebp-2C],ecx game.exe+1B6B43 - 8B 5D E4 - mov ebx,[ebp-1C] game.exe+1B6B46 - 85 DB - test ebx,ebx game.exe+1B6B48 - 75 04 - jne game.exe+1B6B4E game.exe+1B6B4A - 33 D2 - xor edx,edx game.exe+1B6B4C - EB 46 - jmp game.exe+1B6B94 game.exe+1B6B4E - 8B 50 0C - mov edx,[eax+0C] game.exe+1B6B51 - 8B 78 24 - mov edi,[eax+24] game.exe+1B6B54 - 8B F1 - mov esi,ecx game.exe+1B6B56 - C1 E6 04 - shl esi,04 { 4 } game.exe+1B6B59 - C1 E1 05 - shl ecx,05 { 5 } game.exe+1B6B5C - 03 CE - add ecx,esi game.exe+1B6B5E - 8B F3 - mov esi,ebx game.exe+1B6B60 - 03 74 0A 0C - add esi,[edx+ecx+0C] game.exe+1B6B64 - 89 5D E4 - mov [ebp-1C],ebx game.exe+1B6B67 - 8B DE - mov ebx,esi game.exe+1B6B69 - C1 EB 14 - shr ebx,14 { 20 } game.exe+1B6B6C - 8B 3C DF - mov edi,[edi+ebx*8] game.exe+1B6B6F - BB FF0F0000 - mov ebx,00000FFF { 4095 } game.exe+1B6B74 - 23 DE - and ebx,esi game.exe+1B6B76 - 89 75 E8 - mov [ebp-18],esi game.exe+1B6B79 - 8B 34 1F - mov esi,[edi+ebx] game.exe+1B6B7C - 8B 7D E8 - mov edi,[ebp-18] game.exe+1B6B7F - 3B F7 - cmp esi,edi game.exe+1B6B81 - 8B 5D E4 - mov ebx,[ebp-1C] game.exe+1B6B84 - 75 04 - jne game.exe+1B6B8A game.exe+1B6B86 - 33 D2 - xor edx,edx game.exe+1B6B88 - EB 0A - jmp game.exe+1B6B94 game.exe+1B6B8A - 8B 54 0A 10 - mov edx,[edx+ecx+10] game.exe+1B6B8E - 8B FA - mov edi,edx game.exe+1B6B90 - 8B D6 - mov edx,esi game.exe+1B6B92 - 2B D7 - sub edx,edi game.exe+1B6B94 - 85 D2 - test edx,edx game.exe+1B6B96 - 0F84 C0060000 - je game.exe+1B725C game.exe+1B6B9C - 8B 4D E0 - mov ecx,[ebp-20] game.exe+1B6B9F - 8B 89 3C010000 - mov ecx,[ecx+0000013C] game.exe+1B6BA5 - 89 4D CC - mov [ebp-34],ecx game.exe+1B6BA8 - 85 D2 - test edx,edx game.exe+1B6BAA - 75 04 - jne game.exe+1B6BB0 game.exe+1B6BAC - 33 C9 - xor ecx,ecx game.exe+1B6BAE - EB 49 - jmp game.exe+1B6BF9 game.exe+1B6BB0 - 8B 7D CC - mov edi,[ebp-34] game.exe+1B6BB3 - 8B 48 0C - mov ecx,[eax+0C] game.exe+1B6BB6 - 8B F7 - mov esi,edi game.exe+1B6BB8 - C1 E6 04 - shl esi,04 { 4 } game.exe+1B6BBB - C1 E7 05 - shl edi,05 { 5 } game.exe+1B6BBE - 03 FE - add edi,esi game.exe+1B6BC0 - 8B F2 - mov esi,edx game.exe+1B6BC2 - 03 74 39 10 - add esi,[ecx+edi+10] game.exe+1B6BC6 - 89 7D E4 - mov [ebp-1C],edi game.exe+1B6BC9 - 8B FE - mov edi,esi game.exe+1B6BCB - C1 EF 14 - shr edi,14 { 20 } game.exe+1B6BCE - 81 E6 FF0F0000 - and esi,00000FFF { 4095 } game.exe+1B6BD4 - 89 5D E8 - mov [ebp-18],ebx game.exe+1B6BD7 - 8B 58 24 - mov ebx,[eax+24] game.exe+1B6BDA - 8B 1C FB - mov ebx,[ebx+edi*8] game.exe+1B6BDD - 8B 74 33 08 - mov esi,[ebx+esi+08] game.exe+1B6BE1 - 85 F6 - test esi,esi game.exe+1B6BE3 - 8B 5D E8 - mov ebx,[ebp-18] game.exe+1B6BE6 - 8B 7D E4 - mov edi,[ebp-1C] game.exe+1B6BE9 - 74 0C - je game.exe+1B6BF7 game.exe+1B6BEB - 8B 4C 39 0C - mov ecx,[ecx+edi+0C] game.exe+1B6BEF - 8B F9 - mov edi,ecx game.exe+1B6BF1 - 8B CE - mov ecx,esi game.exe+1B6BF3 - 2B CF - sub ecx,edi game.exe+1B6BF5 - EB 02 - jmp game.exe+1B6BF9 game.exe+1B6BF7 - 33 C9 - xor ecx,ecx game.exe+1B6BF9 - 8B 75 B0 - mov esi,[ebp-50] game.exe+1B6BFC - 3B CE - cmp ecx,esi game.exe+1B6BFE - 0F84 14060000 - je game.exe+1B7218 game.exe+1B6C04 - 85 D2 - test edx,edx game.exe+1B6C06 - 75 04 - jne game.exe+1B6C0C game.exe+1B6C08 - 33 D2 - xor edx,edx game.exe+1B6C0A - EB 6B - jmp game.exe+1B6C77 game.exe+1B6C0C - 8B 7D D4 - mov edi,[ebp-2C] game.exe+1B6C0F - 8B 48 0C - mov ecx,[eax+0C] game.exe+1B6C12 - 8B F7 - mov esi,edi game.exe+1B6C14 - C1 E6 04 - shl esi,04 { 4 } game.exe+1B6C17 - C1 E7 05 - shl edi,05 { 5 } game.exe+1B6C1A - 03 F7 - add esi,edi game.exe+1B6C1C - 8B 78 24 - mov edi,[eax+24] game.exe+1B6C1F - 8B 74 31 10 - mov esi,[ecx+esi+10] game.exe+1B6C23 - 8B CA - mov ecx,edx game.exe+1B6C25 - 03 CE - add ecx,esi game.exe+1B6C27 - 89 75 E4 - mov [ebp-1C],esi game.exe+1B6C2A - 8B F1 - mov esi,ecx game.exe+1B6C2C - C1 EE 14 - shr esi,14 { 20 } game.exe+1B6C2F - 81 E1 FF0F0000 - and ecx,00000FFF { 4095 } game.exe+1B6C35 - 8B 3C F7 - mov edi,[edi+esi*8] game.exe+1B6C38 - 8B F1 - mov esi,ecx game.exe+1B6C3A - 8B 0C 0F - mov ecx,[edi+ecx] game.exe+1B6C3D - 3B 4C 37 08 - cmp ecx,[edi+esi+08] game.exe+1B6C41 - 8B 75 E4 - mov esi,[ebp-1C] game.exe+1B6C44 - 74 2F - je game.exe+1B6C75 game.exe+1B6C46 - C1 EA 14 - shr edx,14 { 20 } game.exe+1B6C49 - 8B 78 24 - mov edi,[eax+24] game.exe+1B6C4C - 8B 7C D7 04 - mov edi,[edi+edx*8+04] game.exe+1B6C50 - C1 E7 06 - shl edi,06 { 6 } game.exe+1B6C53 - 8B 10 - mov edx,[eax] game.exe+1B6C55 - 8B 54 3A 10 - mov edx,[edx+edi+10] game.exe+1B6C59 - 8B 78 64 - mov edi,[eax+64] game.exe+1B6C5C - C1 E7 06 - shl edi,06 { 6 } game.exe+1B6C5F - 89 75 E4 - mov [ebp-1C],esi game.exe+1B6C62 - 8B 30 - mov esi,[eax] game.exe+1B6C64 - 03 54 37 08 - add edx,[edi+esi+08] game.exe+1B6C68 - 3B CA - cmp ecx,edx game.exe+1B6C6A - 8B 75 E4 - mov esi,[ebp-1C] game.exe+1B6C6D - 74 06 - je game.exe+1B6C75 game.exe+1B6C6F - 8B D1 - mov edx,ecx game.exe+1B6C71 - 2B D6 - sub edx,esi game.exe+1B6C73 - EB 02 - jmp game.exe+1B6C77 game.exe+1B6C75 - 33 D2 - xor edx,edx game.exe+1B6C77 - 85 D2 - test edx,edx game.exe+1B6C79 - 0F85 29FFFFFF - jne game.exe+1B6BA8 game.exe+1B6C7F - 8B 55 E0 - mov edx,[ebp-20] game.exe+1B6C82 - 8B 8A 74010000 - mov ecx,[edx+00000174] game.exe+1B6C88 - E9 9CFDFFFF - jmp game.exe+1B6A29 game.exe+1B6C8D - 8D 4D 80 - lea ecx,[ebp-80] game.exe+1B6C90 - E8 FB09E6FF - call game.exe+17690 game.exe+1B6C95 - C3 - ret game.exe+1B6C96 - C7 05 0073C600 1E000000 - mov [game.exe+867300],0000001E { [0000001E] } game.exe+1B6CA0 - 33 F6 - xor esi,esi game.exe+1B6CA2 - 8D 5E 06 - lea ebx,[esi+06] game.exe+1B6CA5 - 83 FB 1B - cmp ebx,1B { 27 } game.exe+1B6CA8 - 7E 05 - jle game.exe+1B6CAF game.exe+1B6CAA - BB 1B000000 - mov ebx,0000001B { 27 } game.exe+1B6CAF - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6CB2 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B6CBA - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6CC1 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B6CC7 - 85 C0 - test eax,eax game.exe+1B6CC9 - 0F84 D0FBFFFF - je game.exe+1B689F game.exe+1B6CCF - 83 FB 14 - cmp ebx,14 { 20 } game.exe+1B6CD2 - 7F 10 - jg game.exe+1B6CE4 game.exe+1B6CD4 - 57 - push edi game.exe+1B6CD5 - C7 04 24 00000000 - mov [esp],00000000 { 0 } game.exe+1B6CDC - FF 15 F430C600 - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep } game.exe+1B6CE2 - EB 13 - jmp game.exe+1B6CF7 game.exe+1B6CE4 - 83 C3 EC - add ebx,-14 { 236 } game.exe+1B6CE7 - B8 01000000 - mov eax,00000001 { 1 } game.exe+1B6CEC - 8B CB - mov ecx,ebx game.exe+1B6CEE - D3 E0 - shl eax,cl game.exe+1B6CF0 - 50 - push eax game.exe+1B6CF1 - FF 15 F430C600 - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep } game.exe+1B6CF7 - 46 - inc esi game.exe+1B6CF8 - EB A8 - jmp game.exe+1B6CA2 game.exe+1B6CFA - 89 3D 2073C600 - mov [game.exe+867320],edi { [00000000] } game.exe+1B6D00 - C7 05 0073C600 E8030000 - mov [game.exe+867300],000003E8 { [0000001E] } game.exe+1B6D0A - E9 90FBFFFF - jmp game.exe+1B689F game.exe+1B6D0F - 8D 4D 88 - lea ecx,[ebp-78] game.exe+1B6D12 - E8 8987E5FF - call game.exe+F4A0 game.exe+1B6D17 - C3 - ret game.exe+1B6D18 - 8D 4D 90 - lea ecx,[ebp-70] game.exe+1B6D1B - E8 00BCE5FF - call game.exe+12920 game.exe+1B6D20 - C3 - ret game.exe+1B6D21 - 8D 4D 90 - lea ecx,[ebp-70] game.exe+1B6D24 - E8 87B8E5FF - call game.exe+125B0 game.exe+1B6D29 - C3 - ret game.exe+1B6D2A - 8B 45 90 - mov eax,[ebp-70] game.exe+1B6D2D - 8B 00 - mov eax,[eax] game.exe+1B6D2F - 89 45 DC - mov [ebp-24],eax game.exe+1B6D32 - 8B 45 DC - mov eax,[ebp-24] game.exe+1B6D35 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6D38 - 8B 50 04 - mov edx,[eax+04] game.exe+1B6D3B - 8B 00 - mov eax,[eax] game.exe+1B6D3D - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B6D45 - 89 02 - mov [edx],eax game.exe+1B6D47 - 89 50 04 - mov [eax+04],edx game.exe+1B6D4A - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6D51 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B6D57 - 85 C0 - test eax,eax game.exe+1B6D59 - 0F84 91000000 - je game.exe+1B6DF0 game.exe+1B6D5F - 33 DB - xor ebx,ebx game.exe+1B6D61 - 8B 3D 0073C600 - mov edi,[game.exe+867300] { [0000001E] } game.exe+1B6D67 - A1 2073C600 - mov eax,[game.exe+867320] { [00000000] } game.exe+1B6D6C - 85 FF - test edi,edi game.exe+1B6D6E - C7 45 94 11000000 - mov [ebp-6C],00000011 { 17 } game.exe+1B6D75 - 0F86 F2030000 - jbe game.exe+1B716D game.exe+1B6D7B - D1 E8 - shr eax,1 game.exe+1B6D7D - 33 F6 - xor esi,esi game.exe+1B6D7F - 89 45 C0 - mov [ebp-40],eax game.exe+1B6D82 - 8B 45 C0 - mov eax,[ebp-40] game.exe+1B6D85 - 3B F0 - cmp esi,eax game.exe+1B6D87 - 72 09 - jb game.exe+1B6D92 game.exe+1B6D89 - A1 4074C600 - mov eax,[game.exe+867440] { [00000000] } game.exe+1B6D8E - 85 C0 - test eax,eax game.exe+1B6D90 - 74 32 - je game.exe+1B6DC4 game.exe+1B6D92 - 8B 45 94 - mov eax,[ebp-6C] game.exe+1B6D95 - 8B 55 94 - mov edx,[ebp-6C] game.exe+1B6D98 - 0FAF D0 - imul edx,eax game.exe+1B6D9B - 89 55 94 - mov [ebp-6C],edx game.exe+1B6D9E - 8B 45 94 - mov eax,[ebp-6C] game.exe+1B6DA1 - 8B 55 94 - mov edx,[ebp-6C] game.exe+1B6DA4 - 0FAF D0 - imul edx,eax game.exe+1B6DA7 - 89 55 94 - mov [ebp-6C],edx game.exe+1B6DAA - 8B 45 94 - mov eax,[ebp-6C] game.exe+1B6DAD - 8B 55 94 - mov edx,[ebp-6C] game.exe+1B6DB0 - 0FAF D0 - imul edx,eax game.exe+1B6DB3 - 89 55 94 - mov [ebp-6C],edx game.exe+1B6DB6 - 8B 45 94 - mov eax,[ebp-6C] game.exe+1B6DB9 - 8B 55 94 - mov edx,[ebp-6C] game.exe+1B6DBC - 0FAF D0 - imul edx,eax game.exe+1B6DBF - 89 55 94 - mov [ebp-6C],edx game.exe+1B6DC2 - EB 20 - jmp game.exe+1B6DE4 game.exe+1B6DC4 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6DC7 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B6DCF - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6DD6 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B6DDC - 85 C0 - test eax,eax game.exe+1B6DDE - 0F84 74030000 - je game.exe+1B7158 game.exe+1B6DE4 - 43 - inc ebx game.exe+1B6DE5 - 8B F3 - mov esi,ebx game.exe+1B6DE7 - 3B FB - cmp edi,ebx game.exe+1B6DE9 - 77 97 - ja game.exe+1B6D82 game.exe+1B6DEB - E9 7D030000 - jmp game.exe+1B716D game.exe+1B6DF0 - C7 45 FC 06000000 - mov [ebp-04],00000006 { 6 } game.exe+1B6DF7 - 8B 45 DC - mov eax,[ebp-24] game.exe+1B6DFA - 8B 15 A473C600 - mov edx,[game.exe+8673A4] { [0D312640] } game.exe+1B6E00 - 89 10 - mov [eax],edx game.exe+1B6E02 - A3 A473C600 - mov [game.exe+8673A4],eax { [0D3088A8] } game.exe+1B6E07 - C7 45 FC 05000000 - mov [ebp-04],00000005 { 5 } game.exe+1B6E0E - C7 05 4074C600 00000000 - mov [game.exe+867440],00000000 { [00000000] } game.exe+1B6E18 - 8B 45 90 - mov eax,[ebp-70] game.exe+1B6E1B - 8B 10 - mov edx,[eax] game.exe+1B6E1D - 89 55 DC - mov [ebp-24],edx game.exe+1B6E20 - 33 C9 - xor ecx,ecx game.exe+1B6E22 - 3B D0 - cmp edx,eax game.exe+1B6E24 - 0F94 C1 - sete cl game.exe+1B6E27 - 0FBE C9 - movsx ecx,cl game.exe+1B6E2A - 85 C9 - test ecx,ecx game.exe+1B6E2C - 0F84 01FBFFFF - je game.exe+1B6933 game.exe+1B6E32 - C7 45 FC 07000000 - mov [ebp-04],00000007 { 7 } game.exe+1B6E39 - C7 45 FC 05000000 - mov [ebp-04],00000005 { 5 } game.exe+1B6E40 - 8B 45 90 - mov eax,[ebp-70] game.exe+1B6E43 - 8B 10 - mov edx,[eax] game.exe+1B6E45 - 89 55 D8 - mov [ebp-28],edx game.exe+1B6E48 - 3B D0 - cmp edx,eax game.exe+1B6E4A - 0F84 F2000000 - je game.exe+1B6F42 game.exe+1B6E50 - 8B 45 D8 - mov eax,[ebp-28] game.exe+1B6E53 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6E56 - 89 45 C8 - mov [ebp-38],eax game.exe+1B6E59 - 8B 00 - mov eax,[eax] game.exe+1B6E5B - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B6E63 - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6E6A - 89 45 D8 - mov [ebp-28],eax game.exe+1B6E6D - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B6E73 - 85 C0 - test eax,eax game.exe+1B6E75 - 0F84 91000000 - je game.exe+1B6F0C game.exe+1B6E7B - 33 DB - xor ebx,ebx game.exe+1B6E7D - 8B 3D 0073C600 - mov edi,[game.exe+867300] { [0000001E] } game.exe+1B6E83 - A1 2073C600 - mov eax,[game.exe+867320] { [00000000] } game.exe+1B6E88 - 85 FF - test edi,edi game.exe+1B6E8A - C7 45 9C 11000000 - mov [ebp-64],00000011 { 17 } game.exe+1B6E91 - 0F86 36020000 - jbe game.exe+1B70CD game.exe+1B6E97 - D1 E8 - shr eax,1 game.exe+1B6E99 - 33 F6 - xor esi,esi game.exe+1B6E9B - 89 45 BC - mov [ebp-44],eax game.exe+1B6E9E - 8B 45 BC - mov eax,[ebp-44] game.exe+1B6EA1 - 3B F0 - cmp esi,eax game.exe+1B6EA3 - 72 09 - jb game.exe+1B6EAE game.exe+1B6EA5 - A1 4074C600 - mov eax,[game.exe+867440] { [00000000] } game.exe+1B6EAA - 85 C0 - test eax,eax game.exe+1B6EAC - 74 32 - je game.exe+1B6EE0 game.exe+1B6EAE - 8B 45 9C - mov eax,[ebp-64] game.exe+1B6EB1 - 8B 55 9C - mov edx,[ebp-64] game.exe+1B6EB4 - 0FAF D0 - imul edx,eax game.exe+1B6EB7 - 89 55 9C - mov [ebp-64],edx game.exe+1B6EBA - 8B 45 9C - mov eax,[ebp-64] game.exe+1B6EBD - 8B 55 9C - mov edx,[ebp-64] game.exe+1B6EC0 - 0FAF D0 - imul edx,eax game.exe+1B6EC3 - 89 55 9C - mov [ebp-64],edx game.exe+1B6EC6 - 8B 45 9C - mov eax,[ebp-64] game.exe+1B6EC9 - 8B 55 9C - mov edx,[ebp-64] game.exe+1B6ECC - 0FAF D0 - imul edx,eax game.exe+1B6ECF - 89 55 9C - mov [ebp-64],edx game.exe+1B6ED2 - 8B 45 9C - mov eax,[ebp-64] game.exe+1B6ED5 - 8B 55 9C - mov edx,[ebp-64] game.exe+1B6ED8 - 0FAF D0 - imul edx,eax game.exe+1B6EDB - 89 55 9C - mov [ebp-64],edx game.exe+1B6EDE - EB 20 - jmp game.exe+1B6F00 game.exe+1B6EE0 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6EE3 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B6EEB - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6EF2 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B6EF8 - 85 C0 - test eax,eax game.exe+1B6EFA - 0F84 31020000 - je game.exe+1B7131 game.exe+1B6F00 - 43 - inc ebx game.exe+1B6F01 - 8B F3 - mov esi,ebx game.exe+1B6F03 - 3B FB - cmp edi,ebx game.exe+1B6F05 - 77 97 - ja game.exe+1B6E9E game.exe+1B6F07 - E9 C1010000 - jmp game.exe+1B70CD game.exe+1B6F0C - C7 45 FC 08000000 - mov [ebp-04],00000008 { 8 } game.exe+1B6F13 - 8B 45 C8 - mov eax,[ebp-38] game.exe+1B6F16 - 8B 15 A473C600 - mov edx,[game.exe+8673A4] { [0D312640] } game.exe+1B6F1C - 89 10 - mov [eax],edx game.exe+1B6F1E - A3 A473C600 - mov [game.exe+8673A4],eax { [0D312640] } game.exe+1B6F23 - C7 45 FC 05000000 - mov [ebp-04],00000005 { 5 } game.exe+1B6F2A - C7 05 4074C600 00000000 - mov [game.exe+867440],00000000 { [00000000] } game.exe+1B6F34 - 8B 45 90 - mov eax,[ebp-70] game.exe+1B6F37 - 8B 55 D8 - mov edx,[ebp-28] game.exe+1B6F3A - 3B D0 - cmp edx,eax game.exe+1B6F3C - 0F85 0EFFFFFF - jne game.exe+1B6E50 game.exe+1B6F42 - 89 00 - mov [eax],eax game.exe+1B6F44 - 8B 55 90 - mov edx,[ebp-70] game.exe+1B6F47 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6F4A - 89 52 04 - mov [edx+04],edx game.exe+1B6F4D - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B6F55 - 8B 55 90 - mov edx,[ebp-70] game.exe+1B6F58 - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6F5F - 89 55 C4 - mov [ebp-3C],edx game.exe+1B6F62 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B6F68 - 85 C0 - test eax,eax game.exe+1B6F6A - 0F84 8E000000 - je game.exe+1B6FFE game.exe+1B6F70 - 33 DB - xor ebx,ebx game.exe+1B6F72 - 8B 3D 0073C600 - mov edi,[game.exe+867300] { [0000001E] } game.exe+1B6F78 - A1 2073C600 - mov eax,[game.exe+867320] { [00000000] } game.exe+1B6F7D - 85 FF - test edi,edi game.exe+1B6F7F - C7 45 A4 11000000 - mov [ebp-5C],00000011 { 17 } game.exe+1B6F86 - 0F86 BF000000 - jbe game.exe+1B704B game.exe+1B6F8C - D1 E8 - shr eax,1 game.exe+1B6F8E - 33 F6 - xor esi,esi game.exe+1B6F90 - 89 45 B8 - mov [ebp-48],eax game.exe+1B6F93 - 8B 45 B8 - mov eax,[ebp-48] game.exe+1B6F96 - 3B F0 - cmp esi,eax game.exe+1B6F98 - 72 09 - jb game.exe+1B6FA3 game.exe+1B6F9A - A1 4074C600 - mov eax,[game.exe+867440] { [00000000] } game.exe+1B6F9F - 85 C0 - test eax,eax game.exe+1B6FA1 - 74 32 - je game.exe+1B6FD5 game.exe+1B6FA3 - 8B 45 A4 - mov eax,[ebp-5C] game.exe+1B6FA6 - 8B 55 A4 - mov edx,[ebp-5C] game.exe+1B6FA9 - 0FAF D0 - imul edx,eax game.exe+1B6FAC - 89 55 A4 - mov [ebp-5C],edx game.exe+1B6FAF - 8B 45 A4 - mov eax,[ebp-5C] game.exe+1B6FB2 - 8B 55 A4 - mov edx,[ebp-5C] game.exe+1B6FB5 - 0FAF D0 - imul edx,eax game.exe+1B6FB8 - 89 55 A4 - mov [ebp-5C],edx game.exe+1B6FBB - 8B 45 A4 - mov eax,[ebp-5C] game.exe+1B6FBE - 8B 55 A4 - mov edx,[ebp-5C] game.exe+1B6FC1 - 0FAF D0 - imul edx,eax game.exe+1B6FC4 - 89 55 A4 - mov [ebp-5C],edx game.exe+1B6FC7 - 8B 45 A4 - mov eax,[ebp-5C] game.exe+1B6FCA - 8B 55 A4 - mov edx,[ebp-5C] game.exe+1B6FCD - 0FAF D0 - imul edx,eax game.exe+1B6FD0 - 89 55 A4 - mov [ebp-5C],edx game.exe+1B6FD3 - EB 20 - jmp game.exe+1B6FF5 game.exe+1B6FD5 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B6FD8 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B6FE0 - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B6FE7 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B6FED - 85 C0 - test eax,eax game.exe+1B6FEF - 0F84 BA000000 - je game.exe+1B70AF game.exe+1B6FF5 - 43 - inc ebx game.exe+1B6FF6 - 8B F3 - mov esi,ebx game.exe+1B6FF8 - 3B FB - cmp edi,ebx game.exe+1B6FFA - 77 97 - ja game.exe+1B6F93 game.exe+1B6FFC - EB 4D - jmp game.exe+1B704B game.exe+1B6FFE - C7 45 FC 09000000 - mov [ebp-04],00000009 { 9 } game.exe+1B7005 - 8B 45 C4 - mov eax,[ebp-3C] game.exe+1B7008 - 8B 15 A473C600 - mov edx,[game.exe+8673A4] { [0D312640] } game.exe+1B700E - 89 10 - mov [eax],edx game.exe+1B7010 - A3 A473C600 - mov [game.exe+8673A4],eax { [0D312640] } game.exe+1B7015 - C7 45 FC 05000000 - mov [ebp-04],00000005 { 5 } game.exe+1B701C - C7 05 4074C600 00000000 - mov [game.exe+867440],00000000 { [00000000] } game.exe+1B7026 - C7 45 FC FFFFFFFF - mov [ebp-04],FFFFFFFF { -1 } game.exe+1B702D - 8B 45 AC - mov eax,[ebp-54] game.exe+1B7030 - 8B 4D F4 - mov ecx,[ebp-0C] game.exe+1B7033 - 64 89 0D 00000000 - mov fs:[00000000],ecx { 0 } game.exe+1B703A - 8B 1C 24 - mov ebx,[esp] game.exe+1B703D - 8B 74 24 04 - mov esi,[esp+04] game.exe+1B7041 - 8B 7C 24 08 - mov edi,[esp+08] game.exe+1B7045 - 8B E5 - mov esp,ebp game.exe+1B7047 - 5D - pop ebp game.exe+1B7048 - C2 0C00 - ret 000C { 12 } game.exe+1B704B - C7 05 0073C600 1E000000 - mov [game.exe+867300],0000001E { [0000001E] } game.exe+1B7055 - 33 F6 - xor esi,esi game.exe+1B7057 - 8D 5E 06 - lea ebx,[esi+06] game.exe+1B705A - 83 FB 1B - cmp ebx,1B { 27 } game.exe+1B705D - 7E 05 - jle game.exe+1B7064 game.exe+1B705F - BB 1B000000 - mov ebx,0000001B { 27 } game.exe+1B7064 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B7067 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B706F - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B7076 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B707C - 85 C0 - test eax,eax game.exe+1B707E - 0F84 7AFFFFFF - je game.exe+1B6FFE game.exe+1B7084 - 83 FB 14 - cmp ebx,14 { 20 } game.exe+1B7087 - 7F 10 - jg game.exe+1B7099 game.exe+1B7089 - 57 - push edi game.exe+1B708A - C7 04 24 00000000 - mov [esp],00000000 { 0 } game.exe+1B7091 - FF 15 F430C600 - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep } game.exe+1B7097 - EB 13 - jmp game.exe+1B70AC game.exe+1B7099 - 83 C3 EC - add ebx,-14 { 236 } game.exe+1B709C - B8 01000000 - mov eax,00000001 { 1 } game.exe+1B70A1 - 8B CB - mov ecx,ebx game.exe+1B70A3 - D3 E0 - shl eax,cl game.exe+1B70A5 - 50 - push eax game.exe+1B70A6 - FF 15 F430C600 - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep } game.exe+1B70AC - 46 - inc esi game.exe+1B70AD - EB A8 - jmp game.exe+1B7057 game.exe+1B70AF - 89 35 2073C600 - mov [game.exe+867320],esi { [00000000] } game.exe+1B70B5 - C7 05 0073C600 E8030000 - mov [game.exe+867300],000003E8 { [0000001E] } game.exe+1B70BF - E9 3AFFFFFF - jmp game.exe+1B6FFE game.exe+1B70C4 - 8D 4D A8 - lea ecx,[ebp-58] game.exe+1B70C7 - E8 D483E5FF - call game.exe+F4A0 game.exe+1B70CC - C3 - ret game.exe+1B70CD - C7 05 0073C600 1E000000 - mov [game.exe+867300],0000001E { [0000001E] } game.exe+1B70D7 - 33 F6 - xor esi,esi game.exe+1B70D9 - 8D 5E 06 - lea ebx,[esi+06] game.exe+1B70DC - 83 FB 1B - cmp ebx,1B { 27 } game.exe+1B70DF - 7E 05 - jle game.exe+1B70E6 game.exe+1B70E1 - BB 1B000000 - mov ebx,0000001B { 27 } game.exe+1B70E6 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B70E9 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B70F1 - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B70F8 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B70FE - 85 C0 - test eax,eax game.exe+1B7100 - 0F84 06FEFFFF - je game.exe+1B6F0C game.exe+1B7106 - 83 FB 14 - cmp ebx,14 { 20 } game.exe+1B7109 - 7F 10 - jg game.exe+1B711B game.exe+1B710B - 57 - push edi game.exe+1B710C - C7 04 24 00000000 - mov [esp],00000000 { 0 } game.exe+1B7113 - FF 15 F430C600 - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep } game.exe+1B7119 - EB 13 - jmp game.exe+1B712E game.exe+1B711B - 83 C3 EC - add ebx,-14 { 236 } game.exe+1B711E - B8 01000000 - mov eax,00000001 { 1 } game.exe+1B7123 - 8B CB - mov ecx,ebx game.exe+1B7125 - D3 E0 - shl eax,cl game.exe+1B7127 - 50 - push eax game.exe+1B7128 - FF 15 F430C600 - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep } game.exe+1B712E - 46 - inc esi game.exe+1B712F - EB A8 - jmp game.exe+1B70D9 game.exe+1B7131 - 89 35 2073C600 - mov [game.exe+867320],esi { [00000000] } game.exe+1B7137 - C7 05 0073C600 E8030000 - mov [game.exe+867300],000003E8 { [0000001E] } game.exe+1B7141 - E9 C6FDFFFF - jmp game.exe+1B6F0C game.exe+1B7146 - 8D 4D A0 - lea ecx,[ebp-60] game.exe+1B7149 - E8 5283E5FF - call game.exe+F4A0 game.exe+1B714E - C3 - ret game.exe+1B714F - 8D 4D 90 - lea ecx,[ebp-70] game.exe+1B7152 - E8 C9B7E5FF - call game.exe+12920 game.exe+1B7157 - C3 - ret game.exe+1B7158 - 89 35 2073C600 - mov [game.exe+867320],esi { [00000000] } game.exe+1B715E - C7 05 0073C600 E8030000 - mov [game.exe+867300],000003E8 { [0000001E] } game.exe+1B7168 - E9 83FCFFFF - jmp game.exe+1B6DF0 game.exe+1B716D - C7 05 0073C600 1E000000 - mov [game.exe+867300],0000001E { [0000001E] } game.exe+1B7177 - 33 F6 - xor esi,esi game.exe+1B7179 - 8D 5E 06 - lea ebx,[esi+06] game.exe+1B717C - 83 FB 1B - cmp ebx,1B { 27 } game.exe+1B717F - 7E 05 - jle game.exe+1B7186 game.exe+1B7181 - BB 1B000000 - mov ebx,0000001B { 27 } game.exe+1B7186 - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B7189 - C7 44 24 04 01000000 - mov [esp+04],00000001 { 1 } game.exe+1B7191 - C7 04 24 4074C600 - mov [esp],game.exe+867440 { [00000000] } game.exe+1B7198 - FF 15 9030C600 - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange } game.exe+1B719E - 85 C0 - test eax,eax game.exe+1B71A0 - 0F84 4AFCFFFF - je game.exe+1B6DF0 game.exe+1B71A6 - 83 FB 14 - cmp ebx,14 { 20 } game.exe+1B71A9 - 7F 10 - jg game.exe+1B71BB game.exe+1B71AB - 57 - push edi game.exe+1B71AC - C7 04 24 00000000 - mov [esp],00000000 { 0 } game.exe+1B71B3 - FF 15 F430C600 - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep } game.exe+1B71B9 - EB 13 - jmp game.exe+1B71CE game.exe+1B71BB - 83 C3 EC - add ebx,-14 { 236 } game.exe+1B71BE - B8 01000000 - mov eax,00000001 { 1 } game.exe+1B71C3 - 8B CB - mov ecx,ebx game.exe+1B71C5 - D3 E0 - shl eax,cl game.exe+1B71C7 - 50 - push eax game.exe+1B71C8 - FF 15 F430C600 - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep } game.exe+1B71CE - 46 - inc esi game.exe+1B71CF - EB A8 - jmp game.exe+1B7179 game.exe+1B71D1 - 8D 4D 98 - lea ecx,[ebp-68] game.exe+1B71D4 - E8 C782E5FF - call game.exe+F4A0 game.exe+1B71D9 - C3 - ret game.exe+1B71DA - 83 C4 F8 - add esp,-08 { 248 } game.exe+1B71DD - C7 04 24 8070D400 - mov [esp],game.exe+947080 { ["GameSession::getResourceAmountInStores"] } game.exe+1B71E4 - E8 D7915F00 - call game.exe+7B03C0 game.exe+1B71E9 - 33 C0 - xor eax,eax game.exe+1B71EB - 89 04 24 - mov [esp],eax game.exe+1B71EE - 89 44 24 04 - mov [esp+04],eax game.exe+1B71F2 - E8 A3156A00 - call game.exe+85879A game.exe+1B71F7 - B8 FD715B00 - mov eax,game.exe+1B71FD { [139] } game.exe+1B71FC - C3 - ret game.exe+1B71FD - 8B 4D F4 - mov ecx,[ebp-0C] game.exe+1B7200 - 64 89 0D 00000000 - mov fs:[00000000],ecx { 0 } game.exe+1B7207 - 8B 1C 24 - mov ebx,[esp] game.exe+1B720A - 8B 74 24 04 - mov esi,[esp+04] game.exe+1B720E - 8B 7C 24 08 - mov edi,[esp+08] game.exe+1B7212 - 8B E5 - mov esp,ebp game.exe+1B7214 - 5D - pop ebp game.exe+1B7215 - C2 0C00 - ret 000C { 12 } game.exe+1B7218 - 8B 75 E0 - mov esi,[ebp-20] game.exe+1B721B - 8B 7D AC - mov edi,[ebp-54] game.exe+1B721E - B9 FF0F0000 - mov ecx,00000FFF { 4095 } game.exe+1B7223 - 23 CA - and ecx,edx game.exe+1B7225 - C1 EA 14 - shr edx,14 { 20 } game.exe+1B7228 - 89 5D E4 - mov [ebp-1C],ebx game.exe+1B722B - 8B 58 24 - mov ebx,[eax+24] game.exe+1B722E - 8B 1C D3 - mov ebx,[ebx+edx*8] game.exe+1B7231 - 8B 5C 0B 0C - mov ebx,[ebx+ecx+0C] game.exe+1B7235 - BA FF0F0000 - mov edx,00000FFF { 4095 } game.exe+1B723A - 23 D3 - and edx,ebx game.exe+1B723C - C1 EB 14 - shr ebx,14 { 20 } game.exe+1B723F - 8B 48 24 - mov ecx,[eax+24] game.exe+1B7242 - 8B 0C D9 - mov ecx,[ecx+ebx*8] ////////////////////////////////////////////////////////////////////////////////// game.exe+1B7245 - 0FB7 0C 11 - movzx ecx,word ptr [ecx+edx] (Адреса всех ресурсов. Но нет тех которые не открыты - не куплены не построенны производством) ///////////////////////////////////////////////////////////////////////////////// game.exe+1B7249 - 03 F9 - add edi,ecx game.exe+1B724B - 89 7D AC - mov [ebp-54],edi game.exe+1B724E - 8B 8E 74010000 - mov ecx,[esi+00000174] game.exe+1B7254 - 8B 5D E4 - mov ebx,[ebp-1C] game.exe+1B7257 - E9 CDF7FFFF - jmp game.exe+1B6A29 game.exe+1B725C - 8B 55 E0 - mov edx,[ebp-20] game.exe+1B725F - 8B 8A 74010000 - mov ecx,[edx+00000174] game.exe+1B7265 - E9 BFF7FFFF - jmp game.exe+1B6A29 Ссылка на комментарий Поделиться на другие сайты Поделиться
Garik66 Опубликовано 27 апреля, 2018 Поделиться Опубликовано 27 апреля, 2018 25 минут назад, Strajder сказал: скрипт на ресурсы На другую инструкцию лучше сделать (она чаще читает, при открытии здания - мерии, таверны): Спойлер { Game : game.exe Version: Date : 2018-04-27 Author : Garik66 This script does blah blah blah } [ENABLE] aobscanmodule(RESOURCES,game.exe,0F B7 04 0A C7 45 FC FF FF FF FF) // should be unique alloc(newmem,$1000) label(code) label(return) registersymbol(RESOURCES) newmem: mov word ptr [edx+ecx],#66 code: movzx eax,word ptr [edx+ecx] mov [ebp-04],FFFFFFFF jmp return RESOURCES: jmp newmem db 90 90 90 90 90 90 return: [DISABLE] RESOURCES: db 0F B7 04 0A C7 45 FC FF FF FF FF unregistersymbol(RESOURCES) dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "game.exe"+1B8C4E "game.exe"+1B8C2F: 23 C8 - and ecx,eax "game.exe"+1B8C31: C1 E8 14 - shr eax,14 "game.exe"+1B8C34: 8B 5A 24 - mov ebx,[edx+24] "game.exe"+1B8C37: 8B 1C C3 - mov ebx,[ebx+eax*8] "game.exe"+1B8C3A: 8B 5C 0B 0C - mov ebx,[ebx+ecx+0C] "game.exe"+1B8C3E: B9 FF 0F 00 00 - mov ecx,00000FFF "game.exe"+1B8C43: 23 CB - and ecx,ebx "game.exe"+1B8C45: C1 EB 14 - shr ebx,14 "game.exe"+1B8C48: 8B 52 24 - mov edx,[edx+24] "game.exe"+1B8C4B: 8B 14 DA - mov edx,[edx+ebx*8] // ---------- INJECTING HERE ---------- "game.exe"+1B8C4E: 0F B7 04 0A - movzx eax,word ptr [edx+ecx] "game.exe"+1B8C52: C7 45 FC FF FF FF FF - mov [ebp-04],FFFFFFFF // ---------- DONE INJECTING ---------- "game.exe"+1B8C59: 8B 4D F4 - mov ecx,[ebp-0C] "game.exe"+1B8C5C: 64 89 0D 00 00 00 00 - mov fs:[00000000],ecx "game.exe"+1B8C63: 8B 1C 24 - mov ebx,[esp] "game.exe"+1B8C66: 8B 74 24 04 - mov esi,[esp+04] "game.exe"+1B8C6A: 8B 7C 24 08 - mov edi,[esp+08] "game.exe"+1B8C6E: 8B E5 - mov esp,ebp "game.exe"+1B8C70: 5D - pop ebp "game.exe"+1B8C71: C2 08 00 - ret 0008 "game.exe"+1B8C74: 8D B6 00 00 00 00 - lea esi,[esi+00000000] "game.exe"+1B8C7A: 8D BF 00 00 00 00 - lea edi,[edi+00000000] } Как открыть неоткрытое пока не нашел - игру не знаю. 1 Ссылка на комментарий Поделиться на другие сайты Поделиться
Strajder Опубликовано 27 апреля, 2018 Автор Поделиться Опубликовано 27 апреля, 2018 Garik66 Спасибо. Буду сейчас смотреть что меняется добавляется при вводе кода. Там добавляются все ресурсы по 100 сразу. Может от туда как то можно будет выйти на адреса. 1 Ссылка на комментарий Поделиться на другие сайты Поделиться
Garik66 Опубликовано 27 апреля, 2018 Поделиться Опубликовано 27 апреля, 2018 1 минуту назад, Strajder сказал: Может от туда как то можно будет выйти на адреса. Да 1 минуту назад, Strajder сказал: Garik66 Спасибо. 2 минуты назад, Strajder сказал: Буду сейчас смотреть Я не буду. У меня на 10 чей-то она как то медленно работает, так что я её снесу. Ссылка на комментарий Поделиться на другие сайты Поделиться
Strajder Опубликовано 27 апреля, 2018 Автор Поделиться Опубликовано 27 апреля, 2018 Ну да - игра старая. Оптимизации для Windows 10 нет. Да и не будет уже. Все равно спасибо. Буду один ковыряться. Может чего додумаю Ссылка на комментарий Поделиться на другие сайты Поделиться
Strajder Опубликовано 27 апреля, 2018 Автор Поделиться Опубликовано 27 апреля, 2018 Скрипт на открытие всей карты: Спойлер { Game : game.exe Version: Date : 2018-04-27 Author : Sumrak1988 This script does blah blah blah } [ENABLE] aobscanmodule(MAPS,game.exe,04 00 00 00 A0 ?? ?? ?? ?? 00 00 00 09) // should be unique registersymbol(MAPS) MAPS: db 00 00 [DISABLE] MAPS: db 04 00 unregistersymbol(MAPS) { // ORIGINAL CODE - INJECTION POINT: "game.exe"+8CD428 "game.exe"+8CD40D: 00 00 - add [eax],al "game.exe"+8CD40F: 00 BA 06 00 00 00 - add [edx+00000006],bh "game.exe"+8CD415: 00 00 - add [eax],al "game.exe"+8CD417: 00 5E C7 - add [esi-39],bl "game.exe"+8CD41A: 0E - push cs "game.exe"+8CD41B: 00 EB - add bl,ch "game.exe"+8CD41D: 05 00 00 01 01 - add eax,01010000 "game.exe"+8CD422: 01 01 - add [ecx],eax "game.exe"+8CD424: 01 01 - add [ecx],eax "game.exe"+8CD426: 01 01 - add [ecx],eax // ---------- INJECTING HERE ---------- "game.exe"+8CD428: 04 00 - add al,00 "game.exe"+8CD42A: 00 00 - add [eax],al "game.exe"+8CD42C: A0 5A 4D 03 03 - mov al,[03034D5A] // ---------- DONE INJECTING ---------- "game.exe"+8CD431: 00 00 - add [eax],al "game.exe"+8CD433: 00 09 - add [ecx],cl "game.exe"+8CD435: 00 00 - add [eax],al "game.exe"+8CD437: 00 80 5A 4D 03 12 - add [eax+12034D5A],al "game.exe"+8CD43D: 01 00 - add [eax],eax "game.exe"+8CD43F: 00 00 - add [eax],al "game.exe"+8CD441: 00 00 - add [eax],al "game.exe"+8CD443: 00 00 - add [eax],al "game.exe"+8CD445: 00 00 - add [eax],al "game.exe"+8CD447: 00 01 - add [ecx],al } 4 Ссылка на комментарий Поделиться на другие сайты Поделиться
Рекомендуемые сообщения