Перейти к содержанию

[Затерянный мир 4] Нужна помощь в взломе ресурсов


Рекомендуемые сообщения

Доброго всем времени суток.

Решил помучить себя и поломать игру и свою голову):o

Игра называется Затерянный мир 4, 2002 год. 

Издатель

Россия ,
Россия Snowball

Вообщем сюжет таков:

В игре происходит пассивный сбор ресурсов (камень, дерево, вода). Непосредственно игрок может указывать какие ресурсы собирать, и может их тратить но никакого активного участия в сборе не принимает.

Нахожу значения игровых ресурсов ->F5->mov [ecx+esi],di

Раньше никогда не взламывал игры подобного рода.

Смущают: 

mov edx,00000FFF { 4095 }

mov edi,00000FFF { 4095 }

mov eax,00000FFF { 4095 } - Для чего?

Большая просьба объяснить как это работает и по какому принципу происходит изменения, взлом. С уважением Александр.

Спойлер

game.exe+1A95E0 - 55                    - push ebp
game.exe+1A95E1 - 8B EC                 - mov ebp,esp
game.exe+1A95E3 - 6A FF                 - push -01 { 255 }
game.exe+1A95E5 - 68 609D5A00           - push game.exe+1A9D60 { [D31580B8] }
game.exe+1A95EA - 64 A1 00000000        - mov eax,fs:[00000000] { 0 }
game.exe+1A95F0 - 50                    - push eax
game.exe+1A95F1 - 64 89 25 00000000     - mov fs:[00000000],esp { 0 }
game.exe+1A95F8 - 81 EC 80000000        - sub esp,00000080 { 128 }
game.exe+1A95FE - 89 7C 24 08           - mov [esp+08],edi
game.exe+1A9602 - 89 74 24 04           - mov [esp+04],esi
game.exe+1A9606 - 89 1C 24              - mov [esp],ebx
game.exe+1A9609 - 89 65 F0              - mov [ebp-10],esp
game.exe+1A960C - 89 4D DC              - mov [ebp-24],ecx
game.exe+1A960F - C7 45 FC 00000000     - mov [ebp-04],00000000 { 0 }
game.exe+1A9616 - 8B C1                 - mov eax,ecx
game.exe+1A9618 - 33 D2                 - xor edx,edx
game.exe+1A961A - 89 55 D8              - mov [ebp-28],edx
game.exe+1A961D - 8B 88 E0030000        - mov ecx,[eax+000003E0]
game.exe+1A9623 - 8B B0 20010000        - mov esi,[eax+00000120]
game.exe+1A9629 - 8B 45 08              - mov eax,[ebp+08]
game.exe+1A962C - 85 C0                 - test eax,eax
game.exe+1A962E - 75 04                 - jne game.exe+1A9634
game.exe+1A9630 - 33 C0                 - xor eax,eax
game.exe+1A9632 - EB 53                 - jmp game.exe+1A9687
game.exe+1A9634 - 8B 41 0C              - mov eax,[ecx+0C]
game.exe+1A9637 - 8B 5D 08              - mov ebx,[ebp+08]
game.exe+1A963A - 8B 51 24              - mov edx,[ecx+24]
game.exe+1A963D - 8B FE                 - mov edi,esi
game.exe+1A963F - C1 E7 04              - shl edi,04 { 4 }
game.exe+1A9642 - 89 4D E0              - mov [ebp-20],ecx
game.exe+1A9645 - 8B CE                 - mov ecx,esi
game.exe+1A9647 - C1 E1 05              - shl ecx,05 { 5 }
game.exe+1A964A - 89 55 E4              - mov [ebp-1C],edx
game.exe+1A964D - 8B D7                 - mov edx,edi
game.exe+1A964F - 03 D1                 - add edx,ecx
game.exe+1A9651 - 8B 4C 10 0C           - mov ecx,[eax+edx+0C]
game.exe+1A9655 - 03 D9                 - add ebx,ecx
game.exe+1A9657 - B9 FF0F0000           - mov ecx,00000FFF { 4095 }
game.exe+1A965C - 23 CB                 - and ecx,ebx
game.exe+1A965E - 8B FB                 - mov edi,ebx
game.exe+1A9660 - C1 EF 14              - shr edi,14 { 20 }
game.exe+1A9663 - 89 75 E8              - mov [ebp-18],esi
game.exe+1A9666 - 8B 75 E4              - mov esi,[ebp-1C]
game.exe+1A9669 - 8B 34 FE              - mov esi,[esi+edi*8]
game.exe+1A966C - 8B 3C 0E              - mov edi,[esi+ecx]
game.exe+1A966F - 3B FB                 - cmp edi,ebx
game.exe+1A9671 - 8B 75 E8              - mov esi,[ebp-18]
game.exe+1A9674 - 8B 4D E0              - mov ecx,[ebp-20]
game.exe+1A9677 - 75 04                 - jne game.exe+1A967D
game.exe+1A9679 - 33 C0                 - xor eax,eax
game.exe+1A967B - EB 0A                 - jmp game.exe+1A9687
game.exe+1A967D - 8B 44 10 10           - mov eax,[eax+edx+10]
game.exe+1A9681 - 8B D8                 - mov ebx,eax
game.exe+1A9683 - 8B C7                 - mov eax,edi
game.exe+1A9685 - 2B C3                 - sub eax,ebx
game.exe+1A9687 - 8B 55 0C              - mov edx,[ebp+0C]
game.exe+1A968A - 89 55 CC              - mov [ebp-34],edx
game.exe+1A968D - 85 C0                 - test eax,eax
game.exe+1A968F - 74 6B                 - je game.exe+1A96FC
game.exe+1A9691 - 8B 55 DC              - mov edx,[ebp-24]
game.exe+1A9694 - 8B 92 3C010000        - mov edx,[edx+0000013C]
game.exe+1A969A - 89 55 D0              - mov [ebp-30],edx
game.exe+1A969D - 85 C0                 - test eax,eax
game.exe+1A969F - 75 04                 - jne game.exe+1A96A5
game.exe+1A96A1 - 33 D2                 - xor edx,edx
game.exe+1A96A3 - EB 49                 - jmp game.exe+1A96EE
game.exe+1A96A5 - 8B 5D D0              - mov ebx,[ebp-30]
game.exe+1A96A8 - 8B 51 0C              - mov edx,[ecx+0C]
game.exe+1A96AB - 8B FB                 - mov edi,ebx
game.exe+1A96AD - C1 E7 04              - shl edi,04 { 4 }
game.exe+1A96B0 - C1 E3 05              - shl ebx,05 { 5 }
game.exe+1A96B3 - 03 FB                 - add edi,ebx
game.exe+1A96B5 - 89 7D D4              - mov [ebp-2C],edi
game.exe+1A96B8 - 8B D8                 - mov ebx,eax
game.exe+1A96BA - 03 5C 3A 10           - add ebx,[edx+edi+10]
game.exe+1A96BE - 8B 79 24              - mov edi,[ecx+24]
game.exe+1A96C1 - 89 75 E0              - mov [ebp-20],esi
game.exe+1A96C4 - 8B F3                 - mov esi,ebx
game.exe+1A96C6 - C1 EE 14              - shr esi,14 { 20 }
game.exe+1A96C9 - 81 E3 FF0F0000        - and ebx,00000FFF { 4095 }
game.exe+1A96CF - 8B 3C F7              - mov edi,[edi+esi*8]
game.exe+1A96D2 - 8B 7C 1F 08           - mov edi,[edi+ebx+08]
game.exe+1A96D6 - 85 FF                 - test edi,edi
game.exe+1A96D8 - 8B 75 E0              - mov esi,[ebp-20]
game.exe+1A96DB - 74 0F                 - je game.exe+1A96EC
game.exe+1A96DD - 8B 5D D4              - mov ebx,[ebp-2C]
game.exe+1A96E0 - 8B 54 1A 0C           - mov edx,[edx+ebx+0C]
game.exe+1A96E4 - 8B DA                 - mov ebx,edx
game.exe+1A96E6 - 8B D7                 - mov edx,edi
game.exe+1A96E8 - 2B D3                 - sub edx,ebx
game.exe+1A96EA - EB 02                 - jmp game.exe+1A96EE
game.exe+1A96EC - 33 D2                 - xor edx,edx
game.exe+1A96EE - 8B 5D CC              - mov ebx,[ebp-34]
game.exe+1A96F1 - 3B D3                 - cmp edx,ebx
game.exe+1A96F3 - 0F85 9F050000         - jne game.exe+1A9C98
game.exe+1A96F9 - 89 45 D8              - mov [ebp-28],eax
game.exe+1A96FC - 8B 45 D8              - mov eax,[ebp-28]
game.exe+1A96FF - 85 C0                 - test eax,eax
game.exe+1A9701 - 0F85 6A010000         - jne game.exe+1A9871
game.exe+1A9707 - 8B 45 DC              - mov eax,[ebp-24]
game.exe+1A970A - 8B 80 E0000000        - mov eax,[eax+000000E0]
game.exe+1A9710 - 50                    - push eax
game.exe+1A9711 - E8 CA286100           - call game.exe+7BBFE0
game.exe+1A9716 - 8B 55 08              - mov edx,[ebp+08]
game.exe+1A9719 - 8B 5D DC              - mov ebx,[ebp-24]
game.exe+1A971C - 89 45 D8              - mov [ebp-28],eax
game.exe+1A971F - 8B 8B E0030000        - mov ecx,[ebx+000003E0]
game.exe+1A9725 - 8B 83 20010000        - mov eax,[ebx+00000120]
game.exe+1A972B - 85 D2                 - test edx,edx
game.exe+1A972D - 0F84 95000000         - je game.exe+1A97C8
game.exe+1A9733 - 8B 55 D8              - mov edx,[ebp-28]
game.exe+1A9736 - 85 D2                 - test edx,edx
game.exe+1A9738 - 0F84 8A000000         - je game.exe+1A97C8
game.exe+1A973E - 8B 51 0C              - mov edx,[ecx+0C]
game.exe+1A9741 - 8B 5D D8              - mov ebx,[ebp-28]
game.exe+1A9744 - 8B 71 24              - mov esi,[ecx+24]
game.exe+1A9747 - 8B F8                 - mov edi,eax
game.exe+1A9749 - C1 E7 04              - shl edi,04 { 4 }
game.exe+1A974C - C1 E0 05              - shl eax,05 { 5 }
game.exe+1A974F - 03 F8                 - add edi,eax
game.exe+1A9751 - 8B 45 08              - mov eax,[ebp+08]
game.exe+1A9754 - 03 5C 3A 10           - add ebx,[edx+edi+10]
game.exe+1A9758 - 8B 54 3A 0C           - mov edx,[edx+edi+0C]
game.exe+1A975C - BF FF0F0000           - mov edi,00000FFF { 4095 }
game.exe+1A9761 - 23 FB                 - and edi,ebx
game.exe+1A9763 - 03 C2                 - add eax,edx
game.exe+1A9765 - 8B D3                 - mov edx,ebx
game.exe+1A9767 - C1 EA 14              - shr edx,14 { 20 }
game.exe+1A976A - 8B 34 D6              - mov esi,[esi+edx*8]
game.exe+1A976D - BA FF0F0000           - mov edx,00000FFF { 4095 }
game.exe+1A9772 - 23 D0                 - and edx,eax
game.exe+1A9774 - 89 5D E0              - mov [ebp-20],ebx
game.exe+1A9777 - 8B D8                 - mov ebx,eax
game.exe+1A9779 - C1 EB 14              - shr ebx,14 { 20 }
game.exe+1A977C - 89 55 E4              - mov [ebp-1C],edx
game.exe+1A977F - 8B 51 24              - mov edx,[ecx+24]
game.exe+1A9782 - 8B 14 DA              - mov edx,[edx+ebx*8]
game.exe+1A9785 - 89 44 3E 08           - mov [esi+edi+08],eax
game.exe+1A9789 - 89 04 3E              - mov [esi+edi],eax
game.exe+1A978C - 8B 5D DC              - mov ebx,[ebp-24]
game.exe+1A978F - 8B 45 E4              - mov eax,[ebp-1C]
game.exe+1A9792 - 89 5D E8              - mov [ebp-18],ebx
game.exe+1A9795 - 8B 5C 02 04           - mov ebx,[edx+eax+04]
game.exe+1A9799 - 89 5C 3E 04           - mov [esi+edi+04],ebx
game.exe+1A979D - FF 44 02 08           - inc [edx+eax+08]
game.exe+1A97A1 - 8B 5D E0              - mov ebx,[ebp-20]
game.exe+1A97A4 - 89 5C 02 04           - mov [edx+eax+04],ebx
game.exe+1A97A8 - 8B 74 3E 04           - mov esi,[esi+edi+04]
game.exe+1A97AC - 8B 49 24              - mov ecx,[ecx+24]
game.exe+1A97AF - BA FF0F0000           - mov edx,00000FFF { 4095 }
game.exe+1A97B4 - 23 D6                 - and edx,esi
game.exe+1A97B6 - C1 EE 14              - shr esi,14 { 20 }
game.exe+1A97B9 - 8B 0C F1              - mov ecx,[ecx+esi*8]
game.exe+1A97BC - 89 1C 11              - mov [ecx+edx],ebx
game.exe+1A97BF - 8B 55 E8              - mov edx,[ebp-18]
game.exe+1A97C2 - 8B 8A E0030000        - mov ecx,[edx+000003E0]
game.exe+1A97C8 - 8B 55 DC              - mov edx,[ebp-24]
game.exe+1A97CB - 8B 5D CC              - mov ebx,[ebp-34]
game.exe+1A97CE - 8B 82 3C010000        - mov eax,[edx+0000013C]
game.exe+1A97D4 - 85 DB                 - test ebx,ebx
game.exe+1A97D6 - 0F84 95000000         - je game.exe+1A9871
game.exe+1A97DC - 8B 55 D8              - mov edx,[ebp-28]
game.exe+1A97DF - 85 D2                 - test edx,edx
game.exe+1A97E1 - 0F84 8A000000         - je game.exe+1A9871
game.exe+1A97E7 - 8B 51 0C              - mov edx,[ecx+0C]
game.exe+1A97EA - 8B 5D D8              - mov ebx,[ebp-28]
game.exe+1A97ED - 8B 71 24              - mov esi,[ecx+24]
game.exe+1A97F0 - 8B F8                 - mov edi,eax
game.exe+1A97F2 - C1 E7 04              - shl edi,04 { 4 }
game.exe+1A97F5 - C1 E0 05              - shl eax,05 { 5 }
game.exe+1A97F8 - 03 F8                 - add edi,eax
game.exe+1A97FA - 8B 45 CC              - mov eax,[ebp-34]
game.exe+1A97FD - 03 5C 3A 10           - add ebx,[edx+edi+10]
game.exe+1A9801 - 8B 54 3A 0C           - mov edx,[edx+edi+0C]
game.exe+1A9805 - BF FF0F0000           - mov edi,00000FFF { 4095 }
game.exe+1A980A - 23 FB                 - and edi,ebx
game.exe+1A980C - 03 C2                 - add eax,edx
game.exe+1A980E - 8B D3                 - mov edx,ebx
game.exe+1A9810 - C1 EA 14              - shr edx,14 { 20 }
game.exe+1A9813 - 8B 34 D6              - mov esi,[esi+edx*8]
game.exe+1A9816 - BA FF0F0000           - mov edx,00000FFF { 4095 }
game.exe+1A981B - 23 D0                 - and edx,eax
game.exe+1A981D - 89 5D E0              - mov [ebp-20],ebx
game.exe+1A9820 - 8B D8                 - mov ebx,eax
game.exe+1A9822 - C1 EB 14              - shr ebx,14 { 20 }
game.exe+1A9825 - 89 55 E4              - mov [ebp-1C],edx
game.exe+1A9828 - 8B 51 24              - mov edx,[ecx+24]
game.exe+1A982B - 8B 14 DA              - mov edx,[edx+ebx*8]
game.exe+1A982E - 89 44 3E 08           - mov [esi+edi+08],eax
game.exe+1A9832 - 89 04 3E              - mov [esi+edi],eax
game.exe+1A9835 - 8B 5D DC              - mov ebx,[ebp-24]
game.exe+1A9838 - 8B 45 E4              - mov eax,[ebp-1C]
game.exe+1A983B - 89 5D E8              - mov [ebp-18],ebx
game.exe+1A983E - 8B 5C 02 04           - mov ebx,[edx+eax+04]
game.exe+1A9842 - 89 5C 3E 04           - mov [esi+edi+04],ebx
game.exe+1A9846 - FF 44 02 08           - inc [edx+eax+08]
game.exe+1A984A - 8B 5D E0              - mov ebx,[ebp-20]
game.exe+1A984D - 89 5C 02 04           - mov [edx+eax+04],ebx
game.exe+1A9851 - 8B 74 3E 04           - mov esi,[esi+edi+04]
game.exe+1A9855 - 8B 49 24              - mov ecx,[ecx+24]
game.exe+1A9858 - BA FF0F0000           - mov edx,00000FFF { 4095 }
game.exe+1A985D - 23 D6                 - and edx,esi
game.exe+1A985F - C1 EE 14              - shr esi,14 { 20 }
game.exe+1A9862 - 8B 0C F1              - mov ecx,[ecx+esi*8]
game.exe+1A9865 - 89 1C 11              - mov [ecx+edx],ebx
game.exe+1A9868 - 8B 55 E8              - mov edx,[ebp-18]
game.exe+1A986B - 8B 8A E0030000        - mov ecx,[edx+000003E0]
game.exe+1A9871 - 8B 55 08              - mov edx,[ebp+08]
game.exe+1A9874 - 8B 5D DC              - mov ebx,[ebp-24]
game.exe+1A9877 - 8B 75 D8              - mov esi,[ebp-28]
game.exe+1A987A - 8B 7D 10              - mov edi,[ebp+10]
game.exe+1A987D - B8 FF0F0000           - mov eax,00000FFF { 4095 }
game.exe+1A9882 - 23 C6                 - and eax,esi
game.exe+1A9884 - C1 EE 14              - shr esi,14 { 20 }
game.exe+1A9887 - 89 55 E0              - mov [ebp-20],edx
game.exe+1A988A - 8B 51 24              - mov edx,[ecx+24]
game.exe+1A988D - 8B 14 F2              - mov edx,[edx+esi*8]
game.exe+1A9890 - 8B 54 02 0C           - mov edx,[edx+eax+0C]
game.exe+1A9894 - BE FF0F0000           - mov esi,00000FFF { 4095 }
game.exe+1A9899 - 23 F2                 - and esi,edx
game.exe+1A989B - C1 EA 14              - shr edx,14 { 20 }
game.exe+1A989E - 8B 49 24              - mov ecx,[ecx+24]
game.exe+1A98A1 - 8B 0C D1              - mov ecx,[ecx+edx*8]
//////////////////////////////////////////////////////////////////////////////////////////////
game.exe+1A98A4 - 0FB7 14 31            - movzx edx,word ptr [ecx+esi]
	Адреса к которым обращяется данная инструкция:
	Адрес              Значение               Хиты
	075D8248           0                      5
	075D82F0           0                      7
	075D81F4           1                      6
	075D8494           1                      7
	075D8398           1                      5
	075D84E8           1                      4
	075D853C           1                      4
	075D8344           2                      4
	075D83EC           6                      4
	075D829C           6                      1
	075D80F            45                     14        //ресурс фрукты
	075D8050           74                     11        //ресурс дерево
	075D80A4           76                     5         //ресурс камень
|
game.exe+1A98A8 - 03 FA                 - add edi,edx
game.exe+1A98AA - 66 89 3C 31           - mov [ecx+esi],di
//////////////////////////////////////////////////////////////////////////////////////////////
game.exe+1A98AE - 8B 83 E0030000        - mov eax,[ebx+000003E0]
game.exe+1A98B4 - 8B 8B 74010000        - mov ecx,[ebx+00000174]
game.exe+1A98BA - 8B 55 E0              - mov edx,[ebp-20]
game.exe+1A98BD - 85 D2                 - test edx,edx
game.exe+1A98BF - 75 04                 - jne game.exe+1A98C5
game.exe+1A98C1 - 33 D2                 - xor edx,edx
game.exe+1A98C3 - EB 44                 - jmp game.exe+1A9909
game.exe+1A98C5 - 8B 50 0C              - mov edx,[eax+0C]
game.exe+1A98C8 - 8B 5D 08              - mov ebx,[ebp+08]
game.exe+1A98CB - 8B 70 24              - mov esi,[eax+24]
game.exe+1A98CE - 8B F9                 - mov edi,ecx
game.exe+1A98D0 - C1 E7 04              - shl edi,04 { 4 }
game.exe+1A98D3 - 89 45 E0              - mov [ebp-20],eax
game.exe+1A98D6 - 8B C1                 - mov eax,ecx
game.exe+1A98D8 - C1 E0 05              - shl eax,05 { 5 }
game.exe+1A98DB - 03 F8                 - add edi,eax
game.exe+1A98DD - 8B 44 3A 10           - mov eax,[edx+edi+10]
game.exe+1A98E1 - 03 D8                 - add ebx,eax
game.exe+1A98E3 - B8 FF0F0000           - mov eax,00000FFF { 4095 }
game.exe+1A98E8 - 23 C3                 - and eax,ebx
game.exe+1A98EA - C1 EB 14              - shr ebx,14 { 20 }
game.exe+1A98ED - 8B 34 DE              - mov esi,[esi+ebx*8]
game.exe+1A98F0 - 8B 74 06 08           - mov esi,[esi+eax+08]
game.exe+1A98F4 - 85 F6                 - test esi,esi
game.exe+1A98F6 - 8B 45 E0              - mov eax,[ebp-20]
game.exe+1A98F9 - 74 0C                 - je game.exe+1A9907
game.exe+1A98FB - 8B 54 3A 0C           - mov edx,[edx+edi+0C]
game.exe+1A98FF - 8B DA                 - mov ebx,edx
game.exe+1A9901 - 8B D6                 - mov edx,esi
game.exe+1A9903 - 2B D3                 - sub edx,ebx
game.exe+1A9905 - EB 02                 - jmp game.exe+1A9909
game.exe+1A9907 - 33 D2                 - xor edx,edx
game.exe+1A9909 - BB FF0F0000           - mov ebx,00000FFF { 4095 }
game.exe+1A990E - 23 DA                 - and ebx,edx
game.exe+1A9910 - C1 EA 14              - shr edx,14 { 20 }
game.exe+1A9913 - 8B 70 24              - mov esi,[eax+24]
game.exe+1A9916 - 8B 34 D6              - mov esi,[esi+edx*8]
game.exe+1A9919 - 8B 74 1E 0C           - mov esi,[esi+ebx+0C]
game.exe+1A991D - BB FF0F0000           - mov ebx,00000FFF { 4095 }
game.exe+1A9922 - 23 DE                 - and ebx,esi
game.exe+1A9924 - C1 EE 14              - shr esi,14 { 20 }
game.exe+1A9927 - 8B 78 24              - mov edi,[eax+24]
game.exe+1A992A - 8B 3C F7              - mov edi,[edi+esi*8]
game.exe+1A992D - 0FB6 7C 1F 43         - movzx edi,byte ptr [edi+ebx+43]
game.exe+1A9932 - 33 DB                 - xor ebx,ebx
game.exe+1A9934 - 83 FF 02              - cmp edi,02 { 2 }
game.exe+1A9937 - 0F94 C3               - sete bl
game.exe+1A993A - 0FBE DB               - movsx ebx,bl
game.exe+1A993D - 85 DB                 - test ebx,ebx
game.exe+1A993F - 75 0A                 - jne game.exe+1A994B
game.exe+1A9941 - B8 00040000           - mov eax,00000400 { 1024 }
game.exe+1A9946 - E9 C3020000           - jmp game.exe+1A9C0E
game.exe+1A994B - 8B 55 08              - mov edx,[ebp+08]
game.exe+1A994E - 85 D2                 - test edx,edx
game.exe+1A9950 - 75 04                 - jne game.exe+1A9956
game.exe+1A9952 - 33 D2                 - xor edx,edx
game.exe+1A9954 - EB 3C                 - jmp game.exe+1A9992
game.exe+1A9956 - 8B 50 0C              - mov edx,[eax+0C]
game.exe+1A9959 - 8B 5D 08              - mov ebx,[ebp+08]
game.exe+1A995C - 8B 78 24              - mov edi,[eax+24]
game.exe+1A995F - 8B F1                 - mov esi,ecx
game.exe+1A9961 - C1 E6 04              - shl esi,04 { 4 }
game.exe+1A9964 - C1 E1 05              - shl ecx,05 { 5 }
game.exe+1A9967 - 03 F1                 - add esi,ecx
game.exe+1A9969 - 8B 4C 32 10           - mov ecx,[edx+esi+10]
game.exe+1A996D - 03 D9                 - add ebx,ecx
game.exe+1A996F - B9 FF0F0000           - mov ecx,00000FFF { 4095 }
game.exe+1A9974 - 23 CB                 - and ecx,ebx
game.exe+1A9976 - C1 EB 14              - shr ebx,14 { 20 }
game.exe+1A9979 - 8B 3C DF              - mov edi,[edi+ebx*8]
game.exe+1A997C - 8B 4C 0F 08           - mov ecx,[edi+ecx+08]
game.exe+1A9980 - 85 C9                 - test ecx,ecx
game.exe+1A9982 - 74 0C                 - je game.exe+1A9990
game.exe+1A9984 - 8B 54 32 0C           - mov edx,[edx+esi+0C]
game.exe+1A9988 - 8B DA                 - mov ebx,edx
game.exe+1A998A - 8B D1                 - mov edx,ecx
game.exe+1A998C - 2B D3                 - sub edx,ebx
game.exe+1A998E - EB 02                 - jmp game.exe+1A9992
game.exe+1A9990 - 33 D2                 - xor edx,edx
game.exe+1A9992 - 8B 5D DC              - mov ebx,[ebp-24]
game.exe+1A9995 - 85 D2                 - test edx,edx
game.exe+1A9997 - 8B 8B 90010000        - mov ecx,[ebx+00000190]
game.exe+1A999D - 75 04                 - jne game.exe+1A99A3
game.exe+1A999F - 33 D2                 - xor edx,edx
game.exe+1A99A1 - EB 3C                 - jmp game.exe+1A99DF
game.exe+1A99A3 - 8B 58 24              - mov ebx,[eax+24]
game.exe+1A99A6 - 8B F9                 - mov edi,ecx
game.exe+1A99A8 - C1 E7 04              - shl edi,04 { 4 }
game.exe+1A99AB - C1 E1 05              - shl ecx,05 { 5 }
game.exe+1A99AE - 8B F7                 - mov esi,edi
game.exe+1A99B0 - 03 F1                 - add esi,ecx
game.exe+1A99B2 - 8B FA                 - mov edi,edx
game.exe+1A99B4 - 8B 50 0C              - mov edx,[eax+0C]
game.exe+1A99B7 - 03 7C 32 10           - add edi,[edx+esi+10]
game.exe+1A99BB - 8B CF                 - mov ecx,edi
game.exe+1A99BD - C1 E9 14              - shr ecx,14 { 20 }
game.exe+1A99C0 - 81 E7 FF0F0000        - and edi,00000FFF { 4095 }
game.exe+1A99C6 - 8B 1C CB              - mov ebx,[ebx+ecx*8]
game.exe+1A99C9 - 8B 4C 3B 08           - mov ecx,[ebx+edi+08]
game.exe+1A99CD - 85 C9                 - test ecx,ecx
game.exe+1A99CF - 74 0C                 - je game.exe+1A99DD
game.exe+1A99D1 - 8B 54 32 0C           - mov edx,[edx+esi+0C]
game.exe+1A99D5 - 8B DA                 - mov ebx,edx
game.exe+1A99D7 - 8B D1                 - mov edx,ecx
game.exe+1A99D9 - 2B D3                 - sub edx,ebx
game.exe+1A99DB - EB 02                 - jmp game.exe+1A99DF
game.exe+1A99DD - 33 D2                 - xor edx,edx
game.exe+1A99DF - 8B 58 24              - mov ebx,[eax+24]
game.exe+1A99E2 - B9 FF0F0000           - mov ecx,00000FFF { 4095 }
game.exe+1A99E7 - 23 CA                 - and ecx,edx
game.exe+1A99E9 - C1 EA 14              - shr edx,14 { 20 }
game.exe+1A99EC - 8B 40 24              - mov eax,[eax+24]
game.exe+1A99EF - 8B 1C D3              - mov ebx,[ebx+edx*8]
game.exe+1A99F2 - 8D 7D 98              - lea edi,[ebp-68]
game.exe+1A99F5 - 8B 5C 0B 0C           - mov ebx,[ebx+ecx+0C]
game.exe+1A99F9 - 33 C9                 - xor ecx,ecx
game.exe+1A99FB - BA FF0F0000           - mov edx,00000FFF { 4095 }
game.exe+1A9A00 - 23 D3                 - and edx,ebx
game.exe+1A9A02 - C1 EB 14              - shr ebx,14 { 20 }
game.exe+1A9A05 - 8B 04 D8              - mov eax,[eax+ebx*8]
game.exe+1A9A08 - 0FB7 74 10 10         - movzx esi,word ptr [eax+edx+10]
game.exe+1A9A0D - 33 C0                 - xor eax,eax
game.exe+1A9A0F - 25 FFFF0000           - and eax,0000FFFF { 65535 }
game.exe+1A9A14 - 8A E0                 - mov ah,al
game.exe+1A9A16 - 8B D0                 - mov edx,eax
game.exe+1A9A18 - C1 E0 10              - shl eax,10 { 16 }
game.exe+1A9A1B - 0B C2                 - or eax,edx
game.exe+1A9A1D - F3 AB                 - repe stosd 
game.exe+1A9A1F - AA                    - stosb 
game.exe+1A9A20 - 8B 45 DC              - mov eax,[ebp-24]
game.exe+1A9A23 - 66 89 75 AC           - mov [ebp-54],si
game.exe+1A9A27 - 8B 90 98010000        - mov edx,[eax+00000198]
game.exe+1A9A2D - 83 C4 F4              - add esp,-0C { 244 }
game.exe+1A9A30 - 8B 88 E0030000        - mov ecx,[eax+000003E0]
game.exe+1A9A36 - 8D 45 9C              - lea eax,[ebp-64]
game.exe+1A9A39 - 89 14 24              - mov [esp],edx
game.exe+1A9A3C - 89 44 24 04           - mov [esp+04],eax
game.exe+1A9A40 - 8D 45 98              - lea eax,[ebp-68]
game.exe+1A9A43 - 89 44 24 08           - mov [esp+08],eax
game.exe+1A9A47 - E8 04CEE8FF           - call game.exe+36850
game.exe+1A9A4C - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1A9A4F - 8B 4D DC              - mov ecx,[ebp-24]
game.exe+1A9A52 - 89 04 24              - mov [esp],eax
game.exe+1A9A55 - C7 44 24 04 EA030000  - mov [esp+04],000003EA { 1002 }
game.exe+1A9A5D - E8 5EF40600           - call game.exe+218EC0
game.exe+1A9A62 - 0FBE C0               - movsx eax,al
game.exe+1A9A65 - 85 C0                 - test eax,eax
game.exe+1A9A67 - 75 0A                 - jne game.exe+1A9A73
game.exe+1A9A69 - B8 00010000           - mov eax,00000100 { 256 }
game.exe+1A9A6E - E9 9B010000           - jmp game.exe+1A9C0E
game.exe+1A9A73 - 8B 4D DC              - mov ecx,[ebp-24]
game.exe+1A9A76 - 8B 5D 08              - mov ebx,[ebp+08]
game.exe+1A9A79 - 8B 81 E0030000        - mov eax,[ecx+000003E0]
game.exe+1A9A7F - 8B 91 74010000        - mov edx,[ecx+00000174]
game.exe+1A9A85 - 85 DB                 - test ebx,ebx
game.exe+1A9A87 - 75 04                 - jne game.exe+1A9A8D
game.exe+1A9A89 - 33 D2                 - xor edx,edx
game.exe+1A9A8B - EB 3B                 - jmp game.exe+1A9AC8
game.exe+1A9A8D - 8B 78 24              - mov edi,[eax+24]
game.exe+1A9A90 - 8B CA                 - mov ecx,edx
game.exe+1A9A92 - C1 E1 04              - shl ecx,04 { 4 }
game.exe+1A9A95 - C1 E2 05              - shl edx,05 { 5 }
game.exe+1A9A98 - 8B F1                 - mov esi,ecx
game.exe+1A9A9A - 03 F2                 - add esi,edx
game.exe+1A9A9C - 8B 50 0C              - mov edx,[eax+0C]
game.exe+1A9A9F - 8B 4C 32 10           - mov ecx,[edx+esi+10]
game.exe+1A9AA3 - 03 D9                 - add ebx,ecx
game.exe+1A9AA5 - B9 FF0F0000           - mov ecx,00000FFF { 4095 }
game.exe+1A9AAA - 23 CB                 - and ecx,ebx
game.exe+1A9AAC - C1 EB 14              - shr ebx,14 { 20 }
game.exe+1A9AAF - 8B 3C DF              - mov edi,[edi+ebx*8]
game.exe+1A9AB2 - 8B 4C 0F 08           - mov ecx,[edi+ecx+08]
game.exe+1A9AB6 - 85 C9                 - test ecx,ecx
game.exe+1A9AB8 - 74 0C                 - je game.exe+1A9AC6
game.exe+1A9ABA - 8B 54 32 0C           - mov edx,[edx+esi+0C]
game.exe+1A9ABE - 8B DA                 - mov ebx,edx
game.exe+1A9AC0 - 8B D1                 - mov edx,ecx
game.exe+1A9AC2 - 2B D3                 - sub edx,ebx
game.exe+1A9AC4 - EB 02                 - jmp game.exe+1A9AC8
game.exe+1A9AC6 - 33 D2                 - xor edx,edx
game.exe+1A9AC8 - 8B 5D DC              - mov ebx,[ebp-24]
game.exe+1A9ACB - 85 D2                 - test edx,edx
game.exe+1A9ACD - 8B 8B 90010000        - mov ecx,[ebx+00000190]
game.exe+1A9AD3 - 75 04                 - jne game.exe+1A9AD9
game.exe+1A9AD5 - 33 D2                 - xor edx,edx
game.exe+1A9AD7 - EB 3C                 - jmp game.exe+1A9B15
game.exe+1A9AD9 - 8B 58 24              - mov ebx,[eax+24]
game.exe+1A9ADC - 8B F9                 - mov edi,ecx
game.exe+1A9ADE - C1 E7 04              - shl edi,04 { 4 }
game.exe+1A9AE1 - C1 E1 05              - shl ecx,05 { 5 }
game.exe+1A9AE4 - 8B F7                 - mov esi,edi
game.exe+1A9AE6 - 03 F1                 - add esi,ecx
game.exe+1A9AE8 - 8B FA                 - mov edi,edx
game.exe+1A9AEA - 8B 50 0C              - mov edx,[eax+0C]
game.exe+1A9AED - 03 7C 32 10           - add edi,[edx+esi+10]
game.exe+1A9AF1 - 8B CF                 - mov ecx,edi
game.exe+1A9AF3 - C1 E9 14              - shr ecx,14 { 20 }
game.exe+1A9AF6 - 81 E7 FF0F0000        - and edi,00000FFF { 4095 }
game.exe+1A9AFC - 8B 1C CB              - mov ebx,[ebx+ecx*8]
game.exe+1A9AFF - 8B 4C 3B 08           - mov ecx,[ebx+edi+08]
game.exe+1A9B03 - 85 C9                 - test ecx,ecx
game.exe+1A9B05 - 74 0C                 - je game.exe+1A9B13
game.exe+1A9B07 - 8B 54 32 0C           - mov edx,[edx+esi+0C]
game.exe+1A9B0B - 8B DA                 - mov ebx,edx
game.exe+1A9B0D - 8B D1                 - mov edx,ecx
game.exe+1A9B0F - 2B D3                 - sub edx,ebx
game.exe+1A9B11 - EB 02                 - jmp game.exe+1A9B15
game.exe+1A9B13 - 33 D2                 - xor edx,edx
game.exe+1A9B15 - 8B 58 24              - mov ebx,[eax+24]
game.exe+1A9B18 - B9 FF0F0000           - mov ecx,00000FFF { 4095 }
game.exe+1A9B1D - 23 CA                 - and ecx,edx
game.exe+1A9B1F - C1 EA 14              - shr edx,14 { 20 }
game.exe+1A9B22 - 8B 40 24              - mov eax,[eax+24]
game.exe+1A9B25 - 8B 1C D3              - mov ebx,[ebx+edx*8]
game.exe+1A9B28 - 8D 7D B0              - lea edi,[ebp-50]
game.exe+1A9B2B - 8B 5C 0B 0C           - mov ebx,[ebx+ecx+0C]
game.exe+1A9B2F - 33 C9                 - xor ecx,ecx
game.exe+1A9B31 - BA FF0F0000           - mov edx,00000FFF { 4095 }
game.exe+1A9B36 - 23 D3                 - and edx,ebx
game.exe+1A9B38 - C1 EB 14              - shr ebx,14 { 20 }
game.exe+1A9B3B - 8B 04 D8              - mov eax,[eax+ebx*8]
game.exe+1A9B3E - 0FB7 74 10 10         - movzx esi,word ptr [eax+edx+10]
game.exe+1A9B43 - 33 C0                 - xor eax,eax
game.exe+1A9B45 - 25 FFFF0000           - and eax,0000FFFF { 65535 }
game.exe+1A9B4A - 8A E0                 - mov ah,al
game.exe+1A9B4C - 8B D0                 - mov edx,eax
game.exe+1A9B4E - C1 E0 10              - shl eax,10 { 16 }
game.exe+1A9B51 - 0B C2                 - or eax,edx
game.exe+1A9B53 - F3 AB                 - repe stosd 
game.exe+1A9B55 - AA                    - stosb 
game.exe+1A9B56 - 8B 45 DC              - mov eax,[ebp-24]
game.exe+1A9B59 - 66 89 75 C4           - mov [ebp-3C],si
game.exe+1A9B5D - 8B 90 98010000        - mov edx,[eax+00000198]
game.exe+1A9B63 - 83 C4 F4              - add esp,-0C { 244 }
game.exe+1A9B66 - 8B 88 E0030000        - mov ecx,[eax+000003E0]
game.exe+1A9B6C - 8D 45 B4              - lea eax,[ebp-4C]
game.exe+1A9B6F - 89 14 24              - mov [esp],edx
game.exe+1A9B72 - 89 44 24 04           - mov [esp+04],eax
game.exe+1A9B76 - 8D 45 B0              - lea eax,[ebp-50]
game.exe+1A9B79 - 89 44 24 08           - mov [esp+08],eax
game.exe+1A9B7D - E8 CECCE8FF           - call game.exe+36850
game.exe+1A9B82 - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1A9B85 - 8B 4D DC              - mov ecx,[ebp-24]
game.exe+1A9B88 - 89 04 24              - mov [esp],eax
game.exe+1A9B8B - C7 44 24 04 52000000  - mov [esp+04],00000052 { 82 }
game.exe+1A9B93 - E8 28F30600           - call game.exe+218EC0
game.exe+1A9B98 - 0FBE C0               - movsx eax,al
game.exe+1A9B9B - 85 C0                 - test eax,eax
game.exe+1A9B9D - 74 6A                 - je game.exe+1A9C09
game.exe+1A9B9F - 8B 4D DC              - mov ecx,[ebp-24]
game.exe+1A9BA2 - 8B 5D 08              - mov ebx,[ebp+08]
game.exe+1A9BA5 - 8B 81 E0030000        - mov eax,[ecx+000003E0]
game.exe+1A9BAB - 8B 91 04010000        - mov edx,[ecx+00000104]
game.exe+1A9BB1 - 85 DB                 - test ebx,ebx
game.exe+1A9BB3 - 75 04                 - jne game.exe+1A9BB9
game.exe+1A9BB5 - 33 C0                 - xor eax,eax
game.exe+1A9BB7 - EB 3B                 - jmp game.exe+1A9BF4
game.exe+1A9BB9 - 8B 70 24              - mov esi,[eax+24]
game.exe+1A9BBC - 8B 40 0C              - mov eax,[eax+0C]
game.exe+1A9BBF - 8B FA                 - mov edi,edx
game.exe+1A9BC1 - C1 E7 04              - shl edi,04 { 4 }
game.exe+1A9BC4 - C1 E2 05              - shl edx,05 { 5 }
game.exe+1A9BC7 - 8B CF                 - mov ecx,edi
game.exe+1A9BC9 - 03 CA                 - add ecx,edx
game.exe+1A9BCB - 8B 7C 08 10           - mov edi,[eax+ecx+10]
game.exe+1A9BCF - 03 DF                 - add ebx,edi
game.exe+1A9BD1 - BF FF0F0000           - mov edi,00000FFF { 4095 }
game.exe+1A9BD6 - 23 FB                 - and edi,ebx
game.exe+1A9BD8 - C1 EB 14              - shr ebx,14 { 20 }
game.exe+1A9BDB - 8B 34 DE              - mov esi,[esi+ebx*8]
game.exe+1A9BDE - 8B 54 3E 08           - mov edx,[esi+edi+08]
game.exe+1A9BE2 - 85 D2                 - test edx,edx
game.exe+1A9BE4 - 74 0C                 - je game.exe+1A9BF2
game.exe+1A9BE6 - 8B 44 08 0C           - mov eax,[eax+ecx+0C]
game.exe+1A9BEA - 8B D8                 - mov ebx,eax
game.exe+1A9BEC - 8B C2                 - mov eax,edx
game.exe+1A9BEE - 2B C3                 - sub eax,ebx
game.exe+1A9BF0 - EB 02                 - jmp game.exe+1A9BF4
game.exe+1A9BF2 - 33 C0                 - xor eax,eax
game.exe+1A9BF4 - 8B 4D DC              - mov ecx,[ebp-24]
game.exe+1A9BF7 - 8B 55 CC              - mov edx,[ebp-34]
game.exe+1A9BFA - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1A9BFD - 89 04 24              - mov [esp],eax
game.exe+1A9C00 - 89 54 24 04           - mov [esp+04],edx
game.exe+1A9C04 - E8 97870200           - call game.exe+1D23A0
game.exe+1A9C09 - B8 80000000           - mov eax,00000080 { 128 }
game.exe+1A9C0E - 8B 55 08              - mov edx,[ebp+08]
game.exe+1A9C11 - 85 D2                 - test edx,edx
game.exe+1A9C13 - 75 07                 - jne game.exe+1A9C1C
game.exe+1A9C15 - BA 2005D300           - mov edx,game.exe+930520 { [00000000] }
game.exe+1A9C1A - EB 33                 - jmp game.exe+1A9C4F
game.exe+1A9C1C - 8B 4D DC              - mov ecx,[ebp-24]
game.exe+1A9C1F - 8B DA                 - mov ebx,edx
game.exe+1A9C21 - 8B 89 E0030000        - mov ecx,[ecx+000003E0]
game.exe+1A9C27 - BE FF0F0000           - mov esi,00000FFF { 4095 }
game.exe+1A9C2C - 23 F3                 - and esi,ebx
game.exe+1A9C2E - 8B 79 24              - mov edi,[ecx+24]
game.exe+1A9C31 - C1 EB 14              - shr ebx,14 { 20 }
game.exe+1A9C34 - 8B 49 24              - mov ecx,[ecx+24]
game.exe+1A9C37 - 8B 3C DF              - mov edi,[edi+ebx*8]
game.exe+1A9C3A - 8B 7C 37 0C           - mov edi,[edi+esi+0C]
game.exe+1A9C3E - BB FF0F0000           - mov ebx,00000FFF { 4095 }
game.exe+1A9C43 - 23 DF                 - and ebx,edi
game.exe+1A9C45 - C1 EF 14              - shr edi,14 { 20 }
game.exe+1A9C48 - 8B 0C F9              - mov ecx,[ecx+edi*8]
game.exe+1A9C4B - 8D 54 0B 18           - lea edx,[ebx+ecx+18]
game.exe+1A9C4F - 8B 12                 - mov edx,[edx]
game.exe+1A9C51 - 89 55 C8              - mov [ebp-38],edx
game.exe+1A9C54 - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1A9C57 - 8B 0D F44FCC00        - mov ecx,[game.exe+8C4FF4] { [1FB5B1C8] }
game.exe+1A9C5D - 89 04 24              - mov [esp],eax
game.exe+1A9C60 - BF 04000000           - mov edi,00000004 { 4 }
game.exe+1A9C65 - 03 FC                 - add edi,esp
game.exe+1A9C67 - 8D 75 C8              - lea esi,[ebp-38]
game.exe+1A9C6A - 8B 36                 - mov esi,[esi]
game.exe+1A9C6C - 89 37                 - mov [edi],esi
game.exe+1A9C6E - E8 0D2C4F00           - call game.exe+69C880
game.exe+1A9C73 - C7 45 FC FFFFFFFF     - mov [ebp-04],FFFFFFFF { -1 }
game.exe+1A9C7A - 8B 45 D8              - mov eax,[ebp-28]
game.exe+1A9C7D - 8B 4D F4              - mov ecx,[ebp-0C]
game.exe+1A9C80 - 64 89 0D 00000000     - mov fs:[00000000],ecx { 0 }
game.exe+1A9C87 - 8B 1C 24              - mov ebx,[esp]
game.exe+1A9C8A - 8B 74 24 04           - mov esi,[esp+04]
game.exe+1A9C8E - 8B 7C 24 08           - mov edi,[esp+08]
game.exe+1A9C92 - 8B E5                 - mov esp,ebp
game.exe+1A9C94 - 5D                    - pop ebp
game.exe+1A9C95 - C2 0C00               - ret 000C { 12 }

 

 

Ссылка на комментарий
Поделиться на другие сайты

1 час назад, Strajder сказал:

mov eax,00000FFF { 4095 } - Для чего?

Этим можешь не париться - это расчет смещения.

Тебя (для ресурсов должна интересовать только эти инструкции:

game.exe+1A98A8 - 03 FA                 - add edi,edx
game.exe+1A98AA - 66 89 3C 31           - mov [ecx+esi],di

Отфильтровать нужные тебе ресурсы, скорее всего можно по esi.

А скрипт, например на добавление ресурса, будет типа:

Спойлер

{ Game   : Процесс не выбран
  Version: 
  Date   : 2018-04-27
  Author : Garik66

  This script does blah blah blah
}

[ENABLE]
aobscan(INJECT,03 FA 66 89 3C 31") // should be unique
alloc(newmem,$1000,00400000)
label(code)
label(return)
label(flag) // флаг добавлен, чтобы происходило один раз, это
            // на случай, если инструкция работает часто.
registersymbol(INJECT)

newmem:
  add edi,edx
  mov [ecx+esi],di
  cmp esi,x //(x - подобранный тобою фильтр) 1-ресурс
  je @f
  cmp esi,y //(y - подобранный тобою фильтр) 2-ресурс
  je @f     // и т.д.
  jmp code

@@:
  cmp [flag],1
  jne code
  mov [flag],0
  add word ptr [ecx+esi],#100 //значения у тебя в игре в двух байтах.

code:
  jmp return

flag:
  dd 1

INJECT:
  jmp newmem
  db 90
return:

[DISABLE]
INJECT:
  db 03 FA 66 89 3C 31

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: 00400000

003FFFF6:  -  ?? 
003FFFF7:  -  ?? 
003FFFF8:  -  ?? 
003FFFF9:  -  ?? 
003FFFFA:  -  ?? 
003FFFFB:  -  ?? 
003FFFFC:  -  ?? 
003FFFFD:  -  ?? 
003FFFFE:  -  ?? 
003FFFFF:  -  ?? 
// ---------- INJECTING HERE ----------
00400000:  -  ?? 
00400001:  -  ?? 
00400002:  -  ?? 
00400003:  -  ?? 
00400004:  -  ?? 
// ---------- DONE INJECTING  ----------
00400005:  -  ?? 
00400006:  -  ?? 
00400007:  -  ?? 
00400008:  -  ?? 
00400009:  -  ?? 
0040000A:  -  ?? 
0040000B:  -  ?? 
0040000C:  -  ?? 
0040000D:  -  ?? 
0040000E:  -  ?? 
}

 

Скрипт будет работать разово: включил - ресурсы добавились, выключил, включил - снова добавились.

Для удобства, можно зарегистрировать метку flag с помощью registersymbol , добавить в таблицу адрес flag и назначить Горячую клавишу.

 

PS: более точнее написать скрипт можно будет только посмотрев как работает твоя инструкция. 

Просто уже увидел в своем скрипте не большую ошибку - нужно не много будет переписать место с flag.

  • Плюс 1
Ссылка на комментарий
Поделиться на другие сайты

Garik66 

Спасибо за способ. Работает. Но тут есть что то еще...

Получается что делая:

cmp esi,a4 //a4 это esi 1 ресурса

да ресурсы добавляются. Но в [ecx+esi] со временем набиваются значения которые потом обнуляются, список постоянно увеличивается. Тем самым команда add word ptr [ecx+esi],#100 забивает 100-ками не только нужные нам значения. Но там и другие гвозди. Есть ресурсы которые производятся. И собственно пока ты не купишь их у торговца или не постоишь предприятие производящие его, то адреса не появляются в инструкции которую мы смотрим.

Можно конечно пойти по другому пути...

Для этой игры есть коды. Собственно можно найти значения ресурсов. Поставить бряк и ввести код. Посмотреть какие инструкции срабатывают для записи всех ресурсов. 

Чет я совсем запутался....

Спойлер

{ Game   : game.exe
  Version: 
  Date   : 2018-04-27
  Author : Sumrak1988

  This script does blah blah blah
}

[ENABLE]
aobscanmodule(Resources,game.exe,03 FA 66 89 3C 31) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
label(flag)

newmem:
  add edi,edx
  mov [ecx+esi],di
  cmp esi,a4 //(x - подобранный тобою фильтр) 1-ресурс
  je @f
  jmp code
@@:
  cmp [flag],1
  jne code
  mov [flag],0
  add word ptr [ecx+esi],#100 //значения у тебя в игре в двух байтах.

code:
  add edi,edx
  mov [ecx+esi],di
  jmp return
flag:
  dd 1
Resources:
  jmp newmem
  nop
return:
registersymbol(Resources)

[DISABLE]

Resources:
  db 03 FA 66 89 3C 31

unregistersymbol(Resources)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "game.exe"+1A98A8

"game.exe"+1A9887: 89 55 E0           -  mov [ebp-20],edx
"game.exe"+1A988A: 8B 51 24           -  mov edx,[ecx+24]
"game.exe"+1A988D: 8B 14 F2           -  mov edx,[edx+esi*8]
"game.exe"+1A9890: 8B 54 02 0C        -  mov edx,[edx+eax+0C]
"game.exe"+1A9894: BE FF 0F 00 00     -  mov esi,00000FFF
"game.exe"+1A9899: 23 F2              -  and esi,edx
"game.exe"+1A989B: C1 EA 14           -  shr edx,14
"game.exe"+1A989E: 8B 49 24           -  mov ecx,[ecx+24]
"game.exe"+1A98A1: 8B 0C D1           -  mov ecx,[ecx+edx*8]
"game.exe"+1A98A4: 0F B7 14 31        -  movzx edx,word ptr [ecx+esi]
// ---------- INJECTING HERE ----------
"game.exe"+1A98A8: 03 FA              -  add edi,edx
"game.exe"+1A98AA: 66 89 3C 31        -  mov [ecx+esi],di
// ---------- DONE INJECTING  ----------
"game.exe"+1A98AE: 8B 83 E0 03 00 00  -  mov eax,[ebx+000003E0]
"game.exe"+1A98B4: 8B 8B 74 01 00 00  -  mov ecx,[ebx+00000174]
"game.exe"+1A98BA: 8B 55 E0           -  mov edx,[ebp-20]
"game.exe"+1A98BD: 85 D2              -  test edx,edx
"game.exe"+1A98BF: 75 04              -  jne game.exe+1A98C5
"game.exe"+1A98C1: 33 D2              -  xor edx,edx
"game.exe"+1A98C3: EB 44              -  jmp game.exe+1A9909
"game.exe"+1A98C5: 8B 50 0C           -  mov edx,[eax+0C]
"game.exe"+1A98C8: 8B 5D 08           -  mov ebx,[ebp+08]
"game.exe"+1A98CB: 8B 70 24           -  mov esi,[eax+24]
}

 

 

Изменено пользователем Strajder
Ссылка на комментарий
Поделиться на другие сайты

Нашел включение/отключения чата для активации чит кодов.

Спойлер

game.exe+5841BE - 8B 0D 0425CE00        - mov ecx,[game.exe+8E2504] { [04DA4778] }
game.exe+5841C4 - E8 B72AE8FF           - call game.exe+406C80
game.exe+5841C9 - 3D 90010000           - cmp eax,00000190 { 400 }
game.exe+5841CE - 74 22                 - je game.exe+5841F2
game.exe+5841D0 - 8B FB                 - mov edi,ebx
game.exe+5841D2 - 33 C0                 - xor eax,eax
game.exe+5841D4 - 8A 37                 - mov dh,[edi]
game.exe+5841D6 - 8B CF                 - mov ecx,edi
game.exe+5841D8 - 84 F6                 - test dh,dh
game.exe+5841DA - 74 08                 - je game.exe+5841E4
game.exe+5841DC - 41                    - inc ecx
game.exe+5841DD - 40                    - inc eax
game.exe+5841DE - 8A 11                 - mov dl,[ecx]
game.exe+5841E0 - 84 D2                 - test dl,dl
game.exe+5841E2 - 75 F8                 - jne game.exe+5841DC
game.exe+5841E4 - 83 F8 03              - cmp eax,03 { 3 }
game.exe+5841E7 - 75 09                 - jne game.exe+5841F2
game.exe+5841E9 - 80 3B 4E              - cmp byte ptr [ebx],4E { 78 }
game.exe+5841EC - 0F84 1E030000         - je game.exe+584510
//////////////////////////////////////////////////////////////////////////////////////////
game.exe+5841F2 - A0 6091CB00           - mov al,[game.exe+8B9160] { [00000001] } (Включение/отключения чата для активации чит кодов)
//////////////////////////////////////////////////////////////////////////////////////////
game.exe+5841F7 - 84 C0                 - test al,al
game.exe+5841F9 - 0F84 34020000         - je game.exe+584433
game.exe+5841FF - BE E070DD00           - mov esi,game.exe+9D70E0 { ["happy hour"] }
game.exe+584204 - 8B FB                 - mov edi,ebx
game.exe+584206 - 8A 17                 - mov dl,[edi]
game.exe+584208 - 3A 16                 - cmp dl,[esi]
game.exe+58420A - 75 1A                 - jne game.exe+584226
game.exe+58420C - 0A D2                 - or dl,dl
game.exe+58420E - 74 12                 - je game.exe+584222
game.exe+584210 - 8A 57 01              - mov dl,[edi+01]
game.exe+584213 - 3A 56 01              - cmp dl,[esi+01]
game.exe+584216 - 75 0E                 - jne game.exe+584226
game.exe+584218 - 83 C7 02              - add edi,02 { 2 }
game.exe+58421B - 83 C6 02              - add esi,02 { 2 }
game.exe+58421E - 0A D2                 - or dl,dl
game.exe+584220 - 75 E4                 - jne game.exe+584206
game.exe+584222 - 33 C0                 - xor eax,eax
game.exe+584224 - EB 05                 - jmp game.exe+58422B
game.exe+584226 - 1B C0                 - sbb eax,eax
game.exe+584228 - 83 C8 01              - or eax,01 { 1 }
game.exe+58422B - 85 C0                 - test eax,eax
game.exe+58422D - 0F84 6B010000         - je game.exe+58439E
game.exe+584233 - BE C070DD00           - mov esi,game.exe+9D70C0 { ["toggle fog"] }
game.exe+584238 - 8B FB                 - mov edi,ebx
game.exe+58423A - 8A 17                 - mov dl,[edi]
game.exe+58423C - 3A 16                 - cmp dl,[esi]
game.exe+58423E - 75 1A                 - jne game.exe+58425A
game.exe+584240 - 0A D2                 - or dl,dl
game.exe+584242 - 74 12                 - je game.exe+584256
game.exe+584244 - 8A 57 01              - mov dl,[edi+01]
game.exe+584247 - 3A 56 01              - cmp dl,[esi+01]
game.exe+58424A - 75 0E                 - jne game.exe+58425A
game.exe+58424C - 83 C7 02              - add edi,02 { 2 }
game.exe+58424F - 83 C6 02              - add esi,02 { 2 }
game.exe+584252 - 0A D2                 - or dl,dl
game.exe+584254 - 75 E4                 - jne game.exe+58423A
game.exe+584256 - 33 C0                 - xor eax,eax
game.exe+584258 - EB 05                 - jmp game.exe+58425F
game.exe+58425A - 1B C0                 - sbb eax,eax
game.exe+58425C - 83 C8 01              - or eax,01 { 1 }
game.exe+58425F - 85 C0                 - test eax,eax
game.exe+584261 - 0F84 B3000000         - je game.exe+58431A
game.exe+584267 - BE A070DD00           - mov esi,game.exe+9D70A0 { ["nice gift"] }
game.exe+58426C - 8B FB                 - mov edi,ebx
game.exe+58426E - 8A 17                 - mov dl,[edi]
game.exe+584270 - 3A 16                 - cmp dl,[esi]
game.exe+584272 - 75 1A                 - jne game.exe+58428E
game.exe+584274 - 0A D2                 - or dl,dl
game.exe+584276 - 74 12                 - je game.exe+58428A
game.exe+584278 - 8A 57 01              - mov dl,[edi+01]
game.exe+58427B - 3A 56 01              - cmp dl,[esi+01]
game.exe+58427E - 75 0E                 - jne game.exe+58428E
game.exe+584280 - 83 C7 02              - add edi,02 { 2 }
game.exe+584283 - 83 C6 02              - add esi,02 { 2 }
game.exe+584286 - 0A D2                 - or dl,dl
game.exe+584288 - 75 E4                 - jne game.exe+58426E
game.exe+58428A - 33 C0                 - xor eax,eax
game.exe+58428C - EB 05                 - jmp game.exe+584293
game.exe+58428E - 1B C0                 - sbb eax,eax
game.exe+584290 - 83 C8 01              - or eax,01 { 1 }
game.exe+584293 - 85 C0                 - test eax,eax
game.exe+584295 - 0F85 98010000         - jne game.exe+584433
game.exe+58429B - 8B 4D E4              - mov ecx,[ebp-1C]
game.exe+58429E - 8B 41 70              - mov eax,[ecx+70]
game.exe+5842A1 - 8B 88 18040000        - mov ecx,[eax+00000418]
game.exe+5842A7 - 0FB6 90 D9020000      - movzx edx,byte ptr [eax+000002D9]
game.exe+5842AE - 2B 88 14040000        - sub ecx,[eax+00000414]
game.exe+5842B4 - C1 F9 02              - sar ecx,02 { 2 }
game.exe+5842B7 - 3B CA                 - cmp ecx,edx
game.exe+5842B9 - 0F87 20080000         - ja game.exe+584ADF
game.exe+5842BF - 33 C0                 - xor eax,eax
game.exe+5842C1 - 89 45 C8              - mov [ebp-38],eax
game.exe+5842C4 - 85 C0                 - test eax,eax
game.exe+5842C6 - 0F85 90020000         - jne game.exe+58455C
game.exe+5842CC - 83 C4 F0              - add esp,-10 { 240 }
game.exe+5842CF - C7 04 24  3C000000    - mov [esp],0000003C { 60 }
game.exe+5842D6 - C7 44 24 04 18000000  - mov [esp+04],00000018 { 24 }
game.exe+5842DE - C7 44 24 08 00000000  - mov [esp+08],00000000 { 0 }
game.exe+5842E6 - C7 44 24 0C 01000000  - mov [esp+0C],00000001 { 1 }
game.exe+5842EE - E8 CD55D6FF           - call game.exe+2E98C0
game.exe+5842F3 - 83 C4 10              - add esp,10 { 16 }
game.exe+5842F6 - C7 45 FC FFFFFFFF     - mov [ebp-04],FFFFFFFF { -1 }
game.exe+5842FD - 33 C0                 - xor eax,eax
game.exe+5842FF - 8B 4D F4              - mov ecx,[ebp-0C]
game.exe+584302 - 64 89 0D 00000000     - mov fs:[00000000],ecx { 0 }
game.exe+584309 - 8B 1C 24              - mov ebx,[esp]
game.exe+58430C - 8B 74 24 04           - mov esi,[esp+04]
game.exe+584310 - 8B 7C 24 08           - mov edi,[esp+08]
game.exe+584314 - 8B E5                 - mov esp,ebp
game.exe+584316 - 5D                    - pop ebp
game.exe+584317 - C2 0400               - ret 0004 { 4 }
game.exe+58431A - 8B 55 E4              - mov edx,[ebp-1C]
game.exe+58431D - 8B 42 70              - mov eax,[edx+70]
game.exe+584320 - 0FB6 90 D9020000      - movzx edx,byte ptr [eax+000002D9]
game.exe+584327 - 0FB6 0D 28D4CC00      - movzx ecx,byte ptr [game.exe+8CD428] { [00000000] }
game.exe+58432E - 33 DB                 - xor ebx,ebx
game.exe+584330 - 3B CA                 - cmp ecx,edx
game.exe+584332 - 0F94 C3               - sete bl
game.exe+584335 - 0FBE DB               - movsx ebx,bl
game.exe+584338 - 85 DB                 - test ebx,ebx
game.exe+58433A - 74 09                 - je game.exe+584345
game.exe+58433C - C6 05 28D4CC00 00     - mov byte ptr [game.exe+8CD428],00 { [00000000] }
game.exe+584343 - EB 0B                 - jmp game.exe+584350
game.exe+584345 - 8A 80 D9020000        - mov al,[eax+000002D9]
game.exe+58434B - A2 28D4CC00           - mov [game.exe+8CD428],al { [00000000] }
game.exe+584350 - 83 C4 F0              - add esp,-10 { 240 }
game.exe+584353 - C7 04 24  3C000000    - mov [esp],0000003C { 60 }
game.exe+58435A - C7 44 24 04 02010000  - mov [esp+04],00000102 { 258 }
game.exe+584362 - C7 44 24 08 00000000  - mov [esp+08],00000000 { 0 }
game.exe+58436A - C7 44 24 0C 01000000  - mov [esp+0C],00000001 { 1 }
game.exe+584372 - E8 4955D6FF           - call game.exe+2E98C0
game.exe+584377 - 83 C4 10              - add esp,10 { 16 }
game.exe+58437A - C7 45 FC FFFFFFFF     - mov [ebp-04],FFFFFFFF { -1 }
game.exe+584381 - 33 C0                 - xor eax,eax
game.exe+584383 - 8B 4D F4              - mov ecx,[ebp-0C]
game.exe+584386 - 64 89 0D 00000000     - mov fs:[00000000],ecx { 0 }
game.exe+58438D - 8B 1C 24              - mov ebx,[esp]
game.exe+584390 - 8B 74 24 04           - mov esi,[esp+04]
game.exe+584394 - 8B 7C 24 08           - mov edi,[esp+08]
game.exe+584398 - 8B E5                 - mov esp,ebp
game.exe+58439A - 5D                    - pop ebp
game.exe+58439B - C2 0400               - ret 0004 { 4 }
game.exe+58439E - 8B 45 E4              - mov eax,[ebp-1C]
game.exe+5843A1 - 8B 48 70              - mov ecx,[eax+70]
game.exe+5843A4 - 8A 81 D9020000        - mov al,[ecx+000002D9]
game.exe+5843AA - 88 45 98              - mov [ebp-68],al
game.exe+5843AD - 8A 81 D9020000        - mov al,[ecx+000002D9]
game.exe+5843B3 - 88 45 9C              - mov [ebp-64],al
game.exe+5843B6 - 83 C4 F4              - add esp,-0C { 244 }
game.exe+5843B9 - 8B FC                 - mov edi,esp
game.exe+5843BB - 8D 75 98              - lea esi,[ebp-68]
game.exe+5843BE - 8A 06                 - mov al,[esi]
game.exe+5843C0 - 88 07                 - mov [edi],al
game.exe+5843C2 - BF 04000000           - mov edi,00000004 { 4 }
game.exe+5843C7 - 03 FC                 - add edi,esp
game.exe+5843C9 - 8D 75 9C              - lea esi,[ebp-64]
game.exe+5843CC - 8A 06                 - mov al,[esi]
game.exe+5843CE - 88 07                 - mov [edi],al
game.exe+5843D0 - C7 44 24 08 01000000  - mov [esp+08],00000001 { 1 }
game.exe+5843D8 - E8 9338C2FF           - call game.exe+1A7C70
game.exe+5843DD - EB 54                 - jmp game.exe+584433
game.exe+5843DF - B8 01000000           - mov eax,00000001 { 1 }
game.exe+5843E4 - A2 6091CB00           - mov [game.exe+8B9160],al { [00000001] }
game.exe+5843E9 - 83 C4 F0              - add esp,-10 { 240 }
game.exe+5843EC - C7 04 24  3C000000    - mov [esp],0000003C { 60 }
game.exe+5843F3 - C7 44 24 04 2B000000  - mov [esp+04],0000002B { 43 }
game.exe+5843FB - C7 44 24 08 00000000  - mov [esp+08],00000000 { 0 }
game.exe+584403 - 89 44 24 0C           - mov [esp+0C],eax
game.exe+584407 - E8 B454D6FF           - call game.exe+2E98C0
game.exe+58440C - 83 C4 10              - add esp,10 { 16 }
game.exe+58440F - C7 45 FC FFFFFFFF     - mov [ebp-04],FFFFFFFF { -1 }
game.exe+584416 - 33 C0                 - xor eax,eax
game.exe+584418 - 8B 4D F4              - mov ecx,[ebp-0C]
game.exe+58441B - 64 89 0D 00000000     - mov fs:[00000000],ecx { 0 }
game.exe+584422 - 8B 1C 24              - mov ebx,[esp]
game.exe+584425 - 8B 74 24 04           - mov esi,[esp+04]
game.exe+584429 - 8B 7C 24 08           - mov edi,[esp+08]
game.exe+58442D - 8B E5                 - mov esp,ebp
game.exe+58442F - 5D                    - pop ebp
game.exe+584430 - C2 0400               - ret 0004 { 4 }
game.exe+584433 - C7 45 FC FFFFFFFF     - mov [ebp-04],FFFFFFFF { -1 }
game.exe+58443A - B8 01000000           - mov eax,00000001 { 1 }
game.exe+58443F - 8B 4D F4              - mov ecx,[ebp-0C]
game.exe+584442 - 64 89 0D 00000000     - mov fs:[00000000],ecx { 0 }
game.exe+584449 - 8B 1C 24              - mov ebx,[esp]
game.exe+58444C - 8B 74 24 04           - mov esi,[esp+04]
game.exe+584450 - 8B 7C 24 08           - mov edi,[esp+08]
game.exe+584454 - 8B E5                 - mov esp,ebp
game.exe+584456 - 5D                    - pop ebp
game.exe+584457 - C2 0400               - ret 0004 { 4 }

 

 

Ссылка на комментарий
Поделиться на другие сайты

При вводе кода на ресурсы (NIce gift) 4-ре инструкции:

1)

005B8C48 - 8B 52 24  - mov edx,[edx+24]
005B8C4B - 8B 14 DA   - mov edx,[edx+ebx*8]
005B8C4E - 0FB7 04 0A   - movzx eax,word ptr [edx+ecx] <<
005B8C52 - C7 45 FC FFFFFFFF - mov [ebp-04],FFFFFFFF
005B8C59 - 8B 4D F4  - mov ecx,[ebp-0C]

EAX=00000008
EBX=000000B9
ECX=000003EC
EDX=05988000
ESI=01900240
EDI=00000360
ESP=0019EA4C
EBP=0019EA98
EIP=005B8C52
 

2)

005A989E - 8B 49 24  - mov ecx,[ecx+24]
005A98A1 - 8B 0C D1   - mov ecx,[ecx+edx*8]
005A98A4 - 0FB7 14 31   - movzx edx,word ptr [ecx+esi] <<
005A98A8 - 03 FA  - add edi,edx
005A98AA - 66 89 3C 31   - mov [ecx+esi],di

EAX=0000039C
EBX=0562B040
ECX=05988000
EDX=00000008
ESI=000003EC
EDI=00000064
ESP=0019EA08
EBP=0019EA94
EIP=005A98A8

 

3)

005A98A4 - 0FB7 14 31   - movzx edx,word ptr [ecx+esi]
005A98A8 - 03 FA  - add edi,edx
005A98AA - 66 89 3C 31   - mov [ecx+esi],di <<
005A98AE - 8B 83 E0030000  - mov eax,[ebx+000003E0]
005A98B4 - 8B 8B 74010000  - mov ecx,[ebx+00000174]

EAX=0000039C
EBX=0562B040
ECX=05988000
EDX=00000008
ESI=000003EC
EDI=0000006C
ESP=0019EA08
EBP=0019EA94
EIP=005A98AE

 

4)

005B723F - 8B 48 24  - mov ecx,[eax+24]
005B7242 - 8B 0C D9   - mov ecx,[ecx+ebx*8]
005B7245 - 0FB7 0C 11   - movzx ecx,word ptr [ecx+edx] <<
005B7249 - 03 F9  - add edi,ecx
005B724B - 89 7D AC  - mov [ebp-54],edi

EAX=0FC4C910
EBX=000000B9
ECX=0000006C
EDX=000003EC
ESI=0562B040
EDI=00000000
ESP=0019E8A4
EBP=0019E948
EIP=005B7249


 

Ссылка на комментарий
Поделиться на другие сайты

Нашел адреса без мусора.

Но там так же появляются значения закрытых ресурсов после их покупки или постройки. До этого только адреса имеющихся ресурсов.

Был бы очень признателен. Хотя бы за догадку как можно посмотреть от чего они появляются. (адреса)

скрипт на ресурсы:

Спойлер

{ Game   : game.exe
  Version: 
  Date   : 2018-04-27
  Author : Sumrak1988

  This script does blah blah blah
}

[ENABLE]
aobscanmodule(RESOURCES,game.exe,0F B7 0C 11 03 F9) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
registersymbol(RESOURCES)

newmem:
  mov word ptr [ecx+edx],#200

code:
  movzx ecx,word ptr [ecx+edx]
  add edi,ecx
  jmp return

RESOURCES:
  jmp newmem
  db 90
return:

[DISABLE]
RESOURCES:
  db 0F B7 0C 11 03 F9
unregistersymbol(RESOURCES)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "game.exe"+1B7245

"game.exe"+1B7225: C1 EA 14              -  shr edx,14
"game.exe"+1B7228: 89 5D E4              -  mov [ebp-1C],ebx
"game.exe"+1B722B: 8B 58 24              -  mov ebx,[eax+24]
"game.exe"+1B722E: 8B 1C D3              -  mov ebx,[ebx+edx*8]
"game.exe"+1B7231: 8B 5C 0B 0C           -  mov ebx,[ebx+ecx+0C]
"game.exe"+1B7235: BA FF 0F 00 00        -  mov edx,00000FFF
"game.exe"+1B723A: 23 D3                 -  and edx,ebx
"game.exe"+1B723C: C1 EB 14              -  shr ebx,14
"game.exe"+1B723F: 8B 48 24              -  mov ecx,[eax+24]
"game.exe"+1B7242: 8B 0C D9              -  mov ecx,[ecx+ebx*8]
// ---------- INJECTING HERE ----------
"game.exe"+1B7245: 0F B7 0C 11           -  movzx ecx,word ptr [ecx+edx]
"game.exe"+1B7249: 03 F9                 -  add edi,ecx
// ---------- DONE INJECTING  ----------
"game.exe"+1B724B: 89 7D AC              -  mov [ebp-54],edi
"game.exe"+1B724E: 8B 8E 74 01 00 00     -  mov ecx,[esi+00000174]
"game.exe"+1B7254: 8B 5D E4              -  mov ebx,[ebp-1C]
"game.exe"+1B7257: E9 CD F7 FF FF        -  jmp game.exe+1B6A29
"game.exe"+1B725C: 8B 55 E0              -  mov edx,[ebp-20]
"game.exe"+1B725F: 8B 8A 74 01 00 00     -  mov ecx,[edx+00000174]
"game.exe"+1B7265: E9 BF F7 FF FF        -  jmp game.exe+1B6A29
"game.exe"+1B726A: 83 C4 F8              -  add esp,-08
"game.exe"+1B726D: 8D 45 8C              -  lea eax,[ebp-74]
"game.exe"+1B7270: C7 45 8C 14 00 00 00  -  mov [ebp-74],00000014
}

 

 

Спойлер

game.exe+1B67A0 - 55                    - push ebp
game.exe+1B67A1 - 8B EC                 - mov ebp,esp
game.exe+1B67A3 - 6A FF                 - push -01 { 255 }
game.exe+1B67A5 - 68 D0725B00           - push game.exe+1B72D0 { [D32B10B8] }
game.exe+1B67AA - 64 A1 00000000        - mov eax,fs:[00000000] { 0 }
game.exe+1B67B0 - 50                    - push eax
game.exe+1B67B1 - 64 89 25 00000000     - mov fs:[00000000],esp { 0 }
game.exe+1B67B8 - 81 EC 98000000        - sub esp,00000098 { 152 }
game.exe+1B67BE - 89 7C 24 08           - mov [esp+08],edi
game.exe+1B67C2 - 89 74 24 04           - mov [esp+04],esi
game.exe+1B67C6 - 89 1C 24              - mov [esp],ebx
game.exe+1B67C9 - 89 65 F0              - mov [ebp-10],esp
game.exe+1B67CC - 89 4D E0              - mov [ebp-20],ecx
game.exe+1B67CF - C7 45 FC 00000000     - mov [ebp-04],00000000 { 0 }
game.exe+1B67D6 - 8B 45 10              - mov eax,[ebp+10]
game.exe+1B67D9 - 89 45 B4              - mov [ebp-4C],eax
game.exe+1B67DC - 33 D2                 - xor edx,edx
game.exe+1B67DE - 89 55 AC              - mov [ebp-54],edx
game.exe+1B67E1 - C7 00 00000000        - mov [eax],00000000 { 0 }
game.exe+1B67E7 - C7 45 FC 01000000     - mov [ebp-04],00000001 { 1 }
game.exe+1B67EE - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1B67F1 - C7 44 24 04 01000000  - mov [esp+04],00000001 { 1 }
game.exe+1B67F9 - C7 04 24  4074C600    - mov [esp],game.exe+867440 { [00000000] }
game.exe+1B6800 - FF 15 9030C600        - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange }
game.exe+1B6806 - 85 C0                 - test eax,eax
game.exe+1B6808 - 0F84 91000000         - je game.exe+1B689F
game.exe+1B680E - 33 DB                 - xor ebx,ebx
game.exe+1B6810 - 8B 35 0073C600        - mov esi,[game.exe+867300] { [0000001E] }
game.exe+1B6816 - A1 2073C600           - mov eax,[game.exe+867320] { [00000000] }
game.exe+1B681B - 85 F6                 - test esi,esi
game.exe+1B681D - C7 45 84 11000000     - mov [ebp-7C],00000011 { 17 }
game.exe+1B6824 - 0F86 6C040000         - jbe game.exe+1B6C96
game.exe+1B682A - D1 E8                 - shr eax,1
game.exe+1B682C - 33 FF                 - xor edi,edi
game.exe+1B682E - 89 45 D0              - mov [ebp-30],eax
game.exe+1B6831 - 8B 45 D0              - mov eax,[ebp-30]
game.exe+1B6834 - 3B F8                 - cmp edi,eax
game.exe+1B6836 - 72 09                 - jb game.exe+1B6841
game.exe+1B6838 - A1 4074C600           - mov eax,[game.exe+867440] { [00000000] }
game.exe+1B683D - 85 C0                 - test eax,eax
game.exe+1B683F - 74 32                 - je game.exe+1B6873
game.exe+1B6841 - 8B 45 84              - mov eax,[ebp-7C]
game.exe+1B6844 - 8B 55 84              - mov edx,[ebp-7C]
game.exe+1B6847 - 0FAF D0               - imul edx,eax
game.exe+1B684A - 89 55 84              - mov [ebp-7C],edx
game.exe+1B684D - 8B 45 84              - mov eax,[ebp-7C]
game.exe+1B6850 - 8B 55 84              - mov edx,[ebp-7C]
game.exe+1B6853 - 0FAF D0               - imul edx,eax
game.exe+1B6856 - 89 55 84              - mov [ebp-7C],edx
game.exe+1B6859 - 8B 45 84              - mov eax,[ebp-7C]
game.exe+1B685C - 8B 55 84              - mov edx,[ebp-7C]
game.exe+1B685F - 0FAF D0               - imul edx,eax
game.exe+1B6862 - 89 55 84              - mov [ebp-7C],edx
game.exe+1B6865 - 8B 45 84              - mov eax,[ebp-7C]
game.exe+1B6868 - 8B 55 84              - mov edx,[ebp-7C]
game.exe+1B686B - 0FAF D0               - imul edx,eax
game.exe+1B686E - 89 55 84              - mov [ebp-7C],edx
game.exe+1B6871 - EB 20                 - jmp game.exe+1B6893
game.exe+1B6873 - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1B6876 - C7 44 24 04 01000000  - mov [esp+04],00000001 { 1 }
game.exe+1B687E - C7 04 24  4074C600    - mov [esp],game.exe+867440 { [00000000] }
game.exe+1B6885 - FF 15 9030C600        - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange }
game.exe+1B688B - 85 C0                 - test eax,eax
game.exe+1B688D - 0F84 67040000         - je game.exe+1B6CFA
game.exe+1B6893 - 43                    - inc ebx
game.exe+1B6894 - 8B FB                 - mov edi,ebx
game.exe+1B6896 - 3B F3                 - cmp esi,ebx
game.exe+1B6898 - 77 97                 - ja game.exe+1B6831
game.exe+1B689A - E9 F7030000           - jmp game.exe+1B6C96
game.exe+1B689F - C7 45 FC 03000000     - mov [ebp-04],00000003 { 3 }
game.exe+1B68A6 - A1 A473C600           - mov eax,[game.exe+8673A4] { [0D312640] }
game.exe+1B68AB - 85 C0                 - test eax,eax
game.exe+1B68AD - 0F84 B7090000         - je game.exe+1B726A
game.exe+1B68B3 - 8B 10                 - mov edx,[eax]
game.exe+1B68B5 - 89 15 A473C600        - mov [game.exe+8673A4],edx { [0D3088A8] }
game.exe+1B68BB - 8B 55 0C              - mov edx,[ebp+0C]
game.exe+1B68BE - 89 55 B0              - mov [ebp-50],edx
game.exe+1B68C1 - C7 45 FC 01000000     - mov [ebp-04],00000001 { 1 }
game.exe+1B68C8 - C7 05 4074C600 00000000 - mov [game.exe+867440],00000000 { [00000000] }
game.exe+1B68D2 - 89 45 90              - mov [ebp-70],eax
game.exe+1B68D5 - 89 00                 - mov [eax],eax
game.exe+1B68D7 - 8B 55 90              - mov edx,[ebp-70]
game.exe+1B68DA - 89 52 04              - mov [edx+04],edx
game.exe+1B68DD - C7 45 FC 04000000     - mov [ebp-04],00000004 { 4 }
game.exe+1B68E4 - C7 45 FC 01000000     - mov [ebp-04],00000001 { 1 }
game.exe+1B68EB - C7 45 FC 00000000     - mov [ebp-04],00000000 { 0 }
game.exe+1B68F2 - C7 45 FC 05000000     - mov [ebp-04],00000005 { 5 }
game.exe+1B68F9 - 8B 4D E0              - mov ecx,[ebp-20]
game.exe+1B68FC - 8B 45 08              - mov eax,[ebp+08]
game.exe+1B68FF - 83 C4 F4              - add esp,-0C { 244 }
game.exe+1B6902 - 8D 55 90              - lea edx,[ebp-70]
game.exe+1B6905 - 89 14 24              - mov [esp],edx
game.exe+1B6908 - C7 44 24 04 EA030000  - mov [esp+04],000003EA { 1002 }
game.exe+1B6910 - 89 44 24 08           - mov [esp+08],eax
game.exe+1B6914 - E8 37080600           - call game.exe+217150
game.exe+1B6919 - 8B 45 90              - mov eax,[ebp-70]
game.exe+1B691C - 8B 10                 - mov edx,[eax]
game.exe+1B691E - 89 55 DC              - mov [ebp-24],edx
game.exe+1B6921 - 33 C9                 - xor ecx,ecx
game.exe+1B6923 - 3B D0                 - cmp edx,eax
game.exe+1B6925 - 0F94 C1               - sete cl
game.exe+1B6928 - 0FBE C9               - movsx ecx,cl
game.exe+1B692B - 85 C9                 - test ecx,ecx
game.exe+1B692D - 0F85 FF040000         - jne game.exe+1B6E32
game.exe+1B6933 - 8B 5D DC              - mov ebx,[ebp-24]
game.exe+1B6936 - 8B 75 E0              - mov esi,[ebp-20]
game.exe+1B6939 - 8B 53 08              - mov edx,[ebx+08]
game.exe+1B693C - 8B 86 E0030000        - mov eax,[esi+000003E0]
game.exe+1B6942 - 85 D2                 - test edx,edx
game.exe+1B6944 - 8B 8E 74010000        - mov ecx,[esi+00000174]
game.exe+1B694A - 75 04                 - jne game.exe+1B6950
game.exe+1B694C - 33 DB                 - xor ebx,ebx
game.exe+1B694E - EB 46                 - jmp game.exe+1B6996
game.exe+1B6950 - 8B 78 24              - mov edi,[eax+24]
game.exe+1B6953 - 8B D9                 - mov ebx,ecx
game.exe+1B6955 - C1 E3 04              - shl ebx,04 { 4 }
game.exe+1B6958 - 8B F1                 - mov esi,ecx
game.exe+1B695A - C1 E6 05              - shl esi,05 { 5 }
game.exe+1B695D - 03 DE                 - add ebx,esi
game.exe+1B695F - 8B F2                 - mov esi,edx
game.exe+1B6961 - 8B 50 0C              - mov edx,[eax+0C]
game.exe+1B6964 - 03 74 1A 0C           - add esi,[edx+ebx+0C]
game.exe+1B6968 - 89 5D E4              - mov [ebp-1C],ebx
game.exe+1B696B - 8B DE                 - mov ebx,esi
game.exe+1B696D - C1 EB 14              - shr ebx,14 { 20 }
game.exe+1B6970 - 8B 3C DF              - mov edi,[edi+ebx*8]
game.exe+1B6973 - BB FF0F0000           - mov ebx,00000FFF { 4095 }
game.exe+1B6978 - 23 DE                 - and ebx,esi
game.exe+1B697A - 89 75 E8              - mov [ebp-18],esi
game.exe+1B697D - 8B 34 1F              - mov esi,[edi+ebx]
game.exe+1B6980 - 8B 7D E8              - mov edi,[ebp-18]
game.exe+1B6983 - 3B F7                 - cmp esi,edi
game.exe+1B6985 - 8B 5D E4              - mov ebx,[ebp-1C]
game.exe+1B6988 - 75 04                 - jne game.exe+1B698E
game.exe+1B698A - 33 DB                 - xor ebx,ebx
game.exe+1B698C - EB 08                 - jmp game.exe+1B6996
game.exe+1B698E - 8B 54 1A 10           - mov edx,[edx+ebx+10]
game.exe+1B6992 - 8B DE                 - mov ebx,esi
game.exe+1B6994 - 2B DA                 - sub ebx,edx
game.exe+1B6996 - 85 DB                 - test ebx,ebx
game.exe+1B6998 - 0F84 94030000         - je game.exe+1B6D32
game.exe+1B699E - 8B 75 E0              - mov esi,[ebp-20]
game.exe+1B69A1 - 85 DB                 - test ebx,ebx
game.exe+1B69A3 - 8B 96 04010000        - mov edx,[esi+00000104]
game.exe+1B69A9 - 75 04                 - jne game.exe+1B69AF
game.exe+1B69AB - 33 D2                 - xor edx,edx
game.exe+1B69AD - EB 46                 - jmp game.exe+1B69F5
game.exe+1B69AF - 8B 70 24              - mov esi,[eax+24]
game.exe+1B69B2 - 8B FA                 - mov edi,edx
game.exe+1B69B4 - C1 E7 04              - shl edi,04 { 4 }
game.exe+1B69B7 - C1 E2 05              - shl edx,05 { 5 }
game.exe+1B69BA - 03 FA                 - add edi,edx
game.exe+1B69BC - 8B 50 0C              - mov edx,[eax+0C]
game.exe+1B69BF - 89 4D E4              - mov [ebp-1C],ecx
game.exe+1B69C2 - 8B CB                 - mov ecx,ebx
game.exe+1B69C4 - 03 4C 3A 10           - add ecx,[edx+edi+10]
game.exe+1B69C8 - 89 7D E8              - mov [ebp-18],edi
game.exe+1B69CB - 8B F9                 - mov edi,ecx
game.exe+1B69CD - C1 EF 14              - shr edi,14 { 20 }
game.exe+1B69D0 - 81 E1 FF0F0000        - and ecx,00000FFF { 4095 }
game.exe+1B69D6 - 8B 34 FE              - mov esi,[esi+edi*8]
game.exe+1B69D9 - 8B 74 0E 08           - mov esi,[esi+ecx+08]
game.exe+1B69DD - 85 F6                 - test esi,esi
game.exe+1B69DF - 8B 4D E4              - mov ecx,[ebp-1C]
game.exe+1B69E2 - 8B 7D E8              - mov edi,[ebp-18]
game.exe+1B69E5 - 74 0C                 - je game.exe+1B69F3
game.exe+1B69E7 - 8B 54 3A 0C           - mov edx,[edx+edi+0C]
game.exe+1B69EB - 8B FA                 - mov edi,edx
game.exe+1B69ED - 8B D6                 - mov edx,esi
game.exe+1B69EF - 2B D7                 - sub edx,edi
game.exe+1B69F1 - EB 02                 - jmp game.exe+1B69F5
game.exe+1B69F3 - 33 D2                 - xor edx,edx
game.exe+1B69F5 - 8B 75 08              - mov esi,[ebp+08]
game.exe+1B69F8 - 3B D6                 - cmp edx,esi
game.exe+1B69FA - 75 2D                 - jne game.exe+1B6A29
game.exe+1B69FC - 8B 4D E0              - mov ecx,[ebp-20]
game.exe+1B69FF - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1B6A02 - 89 1C 24              - mov [esp],ebx
game.exe+1B6A05 - C7 44 24 04 08000000  - mov [esp+04],00000008 { 8 }
game.exe+1B6A0D - E8 9E3C0600           - call game.exe+21A6B0
game.exe+1B6A12 - 85 C0                 - test eax,eax
game.exe+1B6A14 - 0F84 8D000000         - je game.exe+1B6AA7
game.exe+1B6A1A - 8B 55 E0              - mov edx,[ebp-20]
game.exe+1B6A1D - 8B 82 E0030000        - mov eax,[edx+000003E0]
game.exe+1B6A23 - 8B 8A 74010000        - mov ecx,[edx+00000174]
game.exe+1B6A29 - 85 DB                 - test ebx,ebx
game.exe+1B6A2B - 75 04                 - jne game.exe+1B6A31
game.exe+1B6A2D - 33 DB                 - xor ebx,ebx
game.exe+1B6A2F - EB 69                 - jmp game.exe+1B6A9A
game.exe+1B6A31 - 8B 78 0C              - mov edi,[eax+0C]
game.exe+1B6A34 - 8B 50 24              - mov edx,[eax+24]
game.exe+1B6A37 - 8B F1                 - mov esi,ecx
game.exe+1B6A39 - C1 E6 04              - shl esi,04 { 4 }
game.exe+1B6A3C - 89 45 E4              - mov [ebp-1C],eax
game.exe+1B6A3F - 8B C1                 - mov eax,ecx
game.exe+1B6A41 - C1 E0 05              - shl eax,05 { 5 }
game.exe+1B6A44 - 03 F0                 - add esi,eax
game.exe+1B6A46 - 8B 74 37 10           - mov esi,[edi+esi+10]
game.exe+1B6A4A - 8B FB                 - mov edi,ebx
game.exe+1B6A4C - 03 FE                 - add edi,esi
game.exe+1B6A4E - B8 FF0F0000           - mov eax,00000FFF { 4095 }
game.exe+1B6A53 - 23 C7                 - and eax,edi
game.exe+1B6A55 - C1 EF 14              - shr edi,14 { 20 }
game.exe+1B6A58 - 8B 14 FA              - mov edx,[edx+edi*8]
game.exe+1B6A5B - 8B FA                 - mov edi,edx
game.exe+1B6A5D - 8B 14 02              - mov edx,[edx+eax]
game.exe+1B6A60 - 3B 54 07 08           - cmp edx,[edi+eax+08]
game.exe+1B6A64 - 8B 45 E4              - mov eax,[ebp-1C]
game.exe+1B6A67 - 74 2F                 - je game.exe+1B6A98
game.exe+1B6A69 - C1 EB 14              - shr ebx,14 { 20 }
game.exe+1B6A6C - 8B 78 24              - mov edi,[eax+24]
game.exe+1B6A6F - 8B 7C DF 04           - mov edi,[edi+ebx*8+04]
game.exe+1B6A73 - C1 E7 06              - shl edi,06 { 6 }
game.exe+1B6A76 - 8B 18                 - mov ebx,[eax]
game.exe+1B6A78 - 8B 5C 3B 10           - mov ebx,[ebx+edi+10]
game.exe+1B6A7C - 8B 78 64              - mov edi,[eax+64]
game.exe+1B6A7F - C1 E7 06              - shl edi,06 { 6 }
game.exe+1B6A82 - 89 75 E4              - mov [ebp-1C],esi
game.exe+1B6A85 - 8B 30                 - mov esi,[eax]
game.exe+1B6A87 - 03 5C 37 08           - add ebx,[edi+esi+08]
game.exe+1B6A8B - 3B D3                 - cmp edx,ebx
game.exe+1B6A8D - 8B 75 E4              - mov esi,[ebp-1C]
game.exe+1B6A90 - 74 06                 - je game.exe+1B6A98
game.exe+1B6A92 - 8B DA                 - mov ebx,edx
game.exe+1B6A94 - 2B DE                 - sub ebx,esi
game.exe+1B6A96 - EB 02                 - jmp game.exe+1B6A9A
game.exe+1B6A98 - 33 DB                 - xor ebx,ebx
game.exe+1B6A9A - 85 DB                 - test ebx,ebx
game.exe+1B6A9C - 0F85 FCFEFFFF         - jne game.exe+1B699E
game.exe+1B6AA2 - E9 83020000           - jmp game.exe+1B6D2A
game.exe+1B6AA7 - 8B 4D E0              - mov ecx,[ebp-20]
game.exe+1B6AAA - 85 DB                 - test ebx,ebx
game.exe+1B6AAC - 8B 81 E0030000        - mov eax,[ecx+000003E0]
game.exe+1B6AB2 - 8B 91 74010000        - mov edx,[ecx+00000174]
game.exe+1B6AB8 - 75 04                 - jne game.exe+1B6ABE
game.exe+1B6ABA - 33 D2                 - xor edx,edx
game.exe+1B6ABC - EB 42                 - jmp game.exe+1B6B00
game.exe+1B6ABE - 8B 78 24              - mov edi,[eax+24]
game.exe+1B6AC1 - 8B CA                 - mov ecx,edx
game.exe+1B6AC3 - C1 E1 04              - shl ecx,04 { 4 }
game.exe+1B6AC6 - C1 E2 05              - shl edx,05 { 5 }
game.exe+1B6AC9 - 8B F1                 - mov esi,ecx
game.exe+1B6ACB - 03 F2                 - add esi,edx
game.exe+1B6ACD - 8B 50 0C              - mov edx,[eax+0C]
game.exe+1B6AD0 - 8B CB                 - mov ecx,ebx
game.exe+1B6AD2 - 03 4C 32 10           - add ecx,[edx+esi+10]
game.exe+1B6AD6 - 89 75 E4              - mov [ebp-1C],esi
game.exe+1B6AD9 - 8B F1                 - mov esi,ecx
game.exe+1B6ADB - C1 EE 14              - shr esi,14 { 20 }
game.exe+1B6ADE - 81 E1 FF0F0000        - and ecx,00000FFF { 4095 }
game.exe+1B6AE4 - 8B 3C F7              - mov edi,[edi+esi*8]
game.exe+1B6AE7 - 8B 4C 0F 08           - mov ecx,[edi+ecx+08]
game.exe+1B6AEB - 85 C9                 - test ecx,ecx
game.exe+1B6AED - 8B 75 E4              - mov esi,[ebp-1C]
game.exe+1B6AF0 - 74 0C                 - je game.exe+1B6AFE
game.exe+1B6AF2 - 8B 54 32 0C           - mov edx,[edx+esi+0C]
game.exe+1B6AF6 - 8B FA                 - mov edi,edx
game.exe+1B6AF8 - 8B D1                 - mov edx,ecx
game.exe+1B6AFA - 2B D7                 - sub edx,edi
game.exe+1B6AFC - EB 02                 - jmp game.exe+1B6B00
game.exe+1B6AFE - 33 D2                 - xor edx,edx
game.exe+1B6B00 - 8B 4D E0              - mov ecx,[ebp-20]
game.exe+1B6B03 - 8B 75 B4              - mov esi,[ebp-4C]
game.exe+1B6B06 - BF FF0F0000           - mov edi,00000FFF { 4095 }
game.exe+1B6B0B - 23 FA                 - and edi,edx
game.exe+1B6B0D - C1 EA 14              - shr edx,14 { 20 }
game.exe+1B6B10 - 89 5D E4              - mov [ebp-1C],ebx
game.exe+1B6B13 - 8B 58 24              - mov ebx,[eax+24]
game.exe+1B6B16 - 8B 1C D3              - mov ebx,[ebx+edx*8]
game.exe+1B6B19 - 8B 5C 3B 0C           - mov ebx,[ebx+edi+0C]
game.exe+1B6B1D - BF FF0F0000           - mov edi,00000FFF { 4095 }
game.exe+1B6B22 - 23 FB                 - and edi,ebx
game.exe+1B6B24 - C1 EB 14              - shr ebx,14 { 20 }
game.exe+1B6B27 - 8B 40 24              - mov eax,[eax+24]
game.exe+1B6B2A - 8B 04 D8              - mov eax,[eax+ebx*8]
game.exe+1B6B2D - 0FB7 44 38 38         - movzx eax,word ptr [eax+edi+38]
game.exe+1B6B32 - 01 06                 - add [esi],eax
game.exe+1B6B34 - 8B 81 E0030000        - mov eax,[ecx+000003E0]
game.exe+1B6B3A - 8B 89 20010000        - mov ecx,[ecx+00000120]
game.exe+1B6B40 - 89 4D D4              - mov [ebp-2C],ecx
game.exe+1B6B43 - 8B 5D E4              - mov ebx,[ebp-1C]
game.exe+1B6B46 - 85 DB                 - test ebx,ebx
game.exe+1B6B48 - 75 04                 - jne game.exe+1B6B4E
game.exe+1B6B4A - 33 D2                 - xor edx,edx
game.exe+1B6B4C - EB 46                 - jmp game.exe+1B6B94
game.exe+1B6B4E - 8B 50 0C              - mov edx,[eax+0C]
game.exe+1B6B51 - 8B 78 24              - mov edi,[eax+24]
game.exe+1B6B54 - 8B F1                 - mov esi,ecx
game.exe+1B6B56 - C1 E6 04              - shl esi,04 { 4 }
game.exe+1B6B59 - C1 E1 05              - shl ecx,05 { 5 }
game.exe+1B6B5C - 03 CE                 - add ecx,esi
game.exe+1B6B5E - 8B F3                 - mov esi,ebx
game.exe+1B6B60 - 03 74 0A 0C           - add esi,[edx+ecx+0C]
game.exe+1B6B64 - 89 5D E4              - mov [ebp-1C],ebx
game.exe+1B6B67 - 8B DE                 - mov ebx,esi
game.exe+1B6B69 - C1 EB 14              - shr ebx,14 { 20 }
game.exe+1B6B6C - 8B 3C DF              - mov edi,[edi+ebx*8]
game.exe+1B6B6F - BB FF0F0000           - mov ebx,00000FFF { 4095 }
game.exe+1B6B74 - 23 DE                 - and ebx,esi
game.exe+1B6B76 - 89 75 E8              - mov [ebp-18],esi
game.exe+1B6B79 - 8B 34 1F              - mov esi,[edi+ebx]
game.exe+1B6B7C - 8B 7D E8              - mov edi,[ebp-18]
game.exe+1B6B7F - 3B F7                 - cmp esi,edi
game.exe+1B6B81 - 8B 5D E4              - mov ebx,[ebp-1C]
game.exe+1B6B84 - 75 04                 - jne game.exe+1B6B8A
game.exe+1B6B86 - 33 D2                 - xor edx,edx
game.exe+1B6B88 - EB 0A                 - jmp game.exe+1B6B94
game.exe+1B6B8A - 8B 54 0A 10           - mov edx,[edx+ecx+10]
game.exe+1B6B8E - 8B FA                 - mov edi,edx
game.exe+1B6B90 - 8B D6                 - mov edx,esi
game.exe+1B6B92 - 2B D7                 - sub edx,edi
game.exe+1B6B94 - 85 D2                 - test edx,edx
game.exe+1B6B96 - 0F84 C0060000         - je game.exe+1B725C
game.exe+1B6B9C - 8B 4D E0              - mov ecx,[ebp-20]
game.exe+1B6B9F - 8B 89 3C010000        - mov ecx,[ecx+0000013C]
game.exe+1B6BA5 - 89 4D CC              - mov [ebp-34],ecx
game.exe+1B6BA8 - 85 D2                 - test edx,edx
game.exe+1B6BAA - 75 04                 - jne game.exe+1B6BB0
game.exe+1B6BAC - 33 C9                 - xor ecx,ecx
game.exe+1B6BAE - EB 49                 - jmp game.exe+1B6BF9
game.exe+1B6BB0 - 8B 7D CC              - mov edi,[ebp-34]
game.exe+1B6BB3 - 8B 48 0C              - mov ecx,[eax+0C]
game.exe+1B6BB6 - 8B F7                 - mov esi,edi
game.exe+1B6BB8 - C1 E6 04              - shl esi,04 { 4 }
game.exe+1B6BBB - C1 E7 05              - shl edi,05 { 5 }
game.exe+1B6BBE - 03 FE                 - add edi,esi
game.exe+1B6BC0 - 8B F2                 - mov esi,edx
game.exe+1B6BC2 - 03 74 39 10           - add esi,[ecx+edi+10]
game.exe+1B6BC6 - 89 7D E4              - mov [ebp-1C],edi
game.exe+1B6BC9 - 8B FE                 - mov edi,esi
game.exe+1B6BCB - C1 EF 14              - shr edi,14 { 20 }
game.exe+1B6BCE - 81 E6 FF0F0000        - and esi,00000FFF { 4095 }
game.exe+1B6BD4 - 89 5D E8              - mov [ebp-18],ebx
game.exe+1B6BD7 - 8B 58 24              - mov ebx,[eax+24]
game.exe+1B6BDA - 8B 1C FB              - mov ebx,[ebx+edi*8]
game.exe+1B6BDD - 8B 74 33 08           - mov esi,[ebx+esi+08]
game.exe+1B6BE1 - 85 F6                 - test esi,esi
game.exe+1B6BE3 - 8B 5D E8              - mov ebx,[ebp-18]
game.exe+1B6BE6 - 8B 7D E4              - mov edi,[ebp-1C]
game.exe+1B6BE9 - 74 0C                 - je game.exe+1B6BF7
game.exe+1B6BEB - 8B 4C 39 0C           - mov ecx,[ecx+edi+0C]
game.exe+1B6BEF - 8B F9                 - mov edi,ecx
game.exe+1B6BF1 - 8B CE                 - mov ecx,esi
game.exe+1B6BF3 - 2B CF                 - sub ecx,edi
game.exe+1B6BF5 - EB 02                 - jmp game.exe+1B6BF9
game.exe+1B6BF7 - 33 C9                 - xor ecx,ecx
game.exe+1B6BF9 - 8B 75 B0              - mov esi,[ebp-50]
game.exe+1B6BFC - 3B CE                 - cmp ecx,esi
game.exe+1B6BFE - 0F84 14060000         - je game.exe+1B7218
game.exe+1B6C04 - 85 D2                 - test edx,edx
game.exe+1B6C06 - 75 04                 - jne game.exe+1B6C0C
game.exe+1B6C08 - 33 D2                 - xor edx,edx
game.exe+1B6C0A - EB 6B                 - jmp game.exe+1B6C77
game.exe+1B6C0C - 8B 7D D4              - mov edi,[ebp-2C]
game.exe+1B6C0F - 8B 48 0C              - mov ecx,[eax+0C]
game.exe+1B6C12 - 8B F7                 - mov esi,edi
game.exe+1B6C14 - C1 E6 04              - shl esi,04 { 4 }
game.exe+1B6C17 - C1 E7 05              - shl edi,05 { 5 }
game.exe+1B6C1A - 03 F7                 - add esi,edi
game.exe+1B6C1C - 8B 78 24              - mov edi,[eax+24]
game.exe+1B6C1F - 8B 74 31 10           - mov esi,[ecx+esi+10]
game.exe+1B6C23 - 8B CA                 - mov ecx,edx
game.exe+1B6C25 - 03 CE                 - add ecx,esi
game.exe+1B6C27 - 89 75 E4              - mov [ebp-1C],esi
game.exe+1B6C2A - 8B F1                 - mov esi,ecx
game.exe+1B6C2C - C1 EE 14              - shr esi,14 { 20 }
game.exe+1B6C2F - 81 E1 FF0F0000        - and ecx,00000FFF { 4095 }
game.exe+1B6C35 - 8B 3C F7              - mov edi,[edi+esi*8]
game.exe+1B6C38 - 8B F1                 - mov esi,ecx
game.exe+1B6C3A - 8B 0C 0F              - mov ecx,[edi+ecx]
game.exe+1B6C3D - 3B 4C 37 08           - cmp ecx,[edi+esi+08]
game.exe+1B6C41 - 8B 75 E4              - mov esi,[ebp-1C]
game.exe+1B6C44 - 74 2F                 - je game.exe+1B6C75
game.exe+1B6C46 - C1 EA 14              - shr edx,14 { 20 }
game.exe+1B6C49 - 8B 78 24              - mov edi,[eax+24]
game.exe+1B6C4C - 8B 7C D7 04           - mov edi,[edi+edx*8+04]
game.exe+1B6C50 - C1 E7 06              - shl edi,06 { 6 }
game.exe+1B6C53 - 8B 10                 - mov edx,[eax]
game.exe+1B6C55 - 8B 54 3A 10           - mov edx,[edx+edi+10]
game.exe+1B6C59 - 8B 78 64              - mov edi,[eax+64]
game.exe+1B6C5C - C1 E7 06              - shl edi,06 { 6 }
game.exe+1B6C5F - 89 75 E4              - mov [ebp-1C],esi
game.exe+1B6C62 - 8B 30                 - mov esi,[eax]
game.exe+1B6C64 - 03 54 37 08           - add edx,[edi+esi+08]
game.exe+1B6C68 - 3B CA                 - cmp ecx,edx
game.exe+1B6C6A - 8B 75 E4              - mov esi,[ebp-1C]
game.exe+1B6C6D - 74 06                 - je game.exe+1B6C75
game.exe+1B6C6F - 8B D1                 - mov edx,ecx
game.exe+1B6C71 - 2B D6                 - sub edx,esi
game.exe+1B6C73 - EB 02                 - jmp game.exe+1B6C77
game.exe+1B6C75 - 33 D2                 - xor edx,edx
game.exe+1B6C77 - 85 D2                 - test edx,edx
game.exe+1B6C79 - 0F85 29FFFFFF         - jne game.exe+1B6BA8
game.exe+1B6C7F - 8B 55 E0              - mov edx,[ebp-20]
game.exe+1B6C82 - 8B 8A 74010000        - mov ecx,[edx+00000174]
game.exe+1B6C88 - E9 9CFDFFFF           - jmp game.exe+1B6A29
game.exe+1B6C8D - 8D 4D 80              - lea ecx,[ebp-80]
game.exe+1B6C90 - E8 FB09E6FF           - call game.exe+17690
game.exe+1B6C95 - C3                    - ret 
game.exe+1B6C96 - C7 05 0073C600 1E000000 - mov [game.exe+867300],0000001E { [0000001E] }
game.exe+1B6CA0 - 33 F6                 - xor esi,esi
game.exe+1B6CA2 - 8D 5E 06              - lea ebx,[esi+06]
game.exe+1B6CA5 - 83 FB 1B              - cmp ebx,1B { 27 }
game.exe+1B6CA8 - 7E 05                 - jle game.exe+1B6CAF
game.exe+1B6CAA - BB 1B000000           - mov ebx,0000001B { 27 }
game.exe+1B6CAF - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1B6CB2 - C7 44 24 04 01000000  - mov [esp+04],00000001 { 1 }
game.exe+1B6CBA - C7 04 24  4074C600    - mov [esp],game.exe+867440 { [00000000] }
game.exe+1B6CC1 - FF 15 9030C600        - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange }
game.exe+1B6CC7 - 85 C0                 - test eax,eax
game.exe+1B6CC9 - 0F84 D0FBFFFF         - je game.exe+1B689F
game.exe+1B6CCF - 83 FB 14              - cmp ebx,14 { 20 }
game.exe+1B6CD2 - 7F 10                 - jg game.exe+1B6CE4
game.exe+1B6CD4 - 57                    - push edi
game.exe+1B6CD5 - C7 04 24  00000000    - mov [esp],00000000 { 0 }
game.exe+1B6CDC - FF 15 F430C600        - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep }
game.exe+1B6CE2 - EB 13                 - jmp game.exe+1B6CF7
game.exe+1B6CE4 - 83 C3 EC              - add ebx,-14 { 236 }
game.exe+1B6CE7 - B8 01000000           - mov eax,00000001 { 1 }
game.exe+1B6CEC - 8B CB                 - mov ecx,ebx
game.exe+1B6CEE - D3 E0                 - shl eax,cl
game.exe+1B6CF0 - 50                    - push eax
game.exe+1B6CF1 - FF 15 F430C600        - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep }
game.exe+1B6CF7 - 46                    - inc esi
game.exe+1B6CF8 - EB A8                 - jmp game.exe+1B6CA2
game.exe+1B6CFA - 89 3D 2073C600        - mov [game.exe+867320],edi { [00000000] }
game.exe+1B6D00 - C7 05 0073C600 E8030000 - mov [game.exe+867300],000003E8 { [0000001E] }
game.exe+1B6D0A - E9 90FBFFFF           - jmp game.exe+1B689F
game.exe+1B6D0F - 8D 4D 88              - lea ecx,[ebp-78]
game.exe+1B6D12 - E8 8987E5FF           - call game.exe+F4A0
game.exe+1B6D17 - C3                    - ret 
game.exe+1B6D18 - 8D 4D 90              - lea ecx,[ebp-70]
game.exe+1B6D1B - E8 00BCE5FF           - call game.exe+12920
game.exe+1B6D20 - C3                    - ret 
game.exe+1B6D21 - 8D 4D 90              - lea ecx,[ebp-70]
game.exe+1B6D24 - E8 87B8E5FF           - call game.exe+125B0
game.exe+1B6D29 - C3                    - ret 
game.exe+1B6D2A - 8B 45 90              - mov eax,[ebp-70]
game.exe+1B6D2D - 8B 00                 - mov eax,[eax]
game.exe+1B6D2F - 89 45 DC              - mov [ebp-24],eax
game.exe+1B6D32 - 8B 45 DC              - mov eax,[ebp-24]
game.exe+1B6D35 - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1B6D38 - 8B 50 04              - mov edx,[eax+04]
game.exe+1B6D3B - 8B 00                 - mov eax,[eax]
game.exe+1B6D3D - C7 44 24 04 01000000  - mov [esp+04],00000001 { 1 }
game.exe+1B6D45 - 89 02                 - mov [edx],eax
game.exe+1B6D47 - 89 50 04              - mov [eax+04],edx
game.exe+1B6D4A - C7 04 24  4074C600    - mov [esp],game.exe+867440 { [00000000] }
game.exe+1B6D51 - FF 15 9030C600        - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange }
game.exe+1B6D57 - 85 C0                 - test eax,eax
game.exe+1B6D59 - 0F84 91000000         - je game.exe+1B6DF0
game.exe+1B6D5F - 33 DB                 - xor ebx,ebx
game.exe+1B6D61 - 8B 3D 0073C600        - mov edi,[game.exe+867300] { [0000001E] }
game.exe+1B6D67 - A1 2073C600           - mov eax,[game.exe+867320] { [00000000] }
game.exe+1B6D6C - 85 FF                 - test edi,edi
game.exe+1B6D6E - C7 45 94 11000000     - mov [ebp-6C],00000011 { 17 }
game.exe+1B6D75 - 0F86 F2030000         - jbe game.exe+1B716D
game.exe+1B6D7B - D1 E8                 - shr eax,1
game.exe+1B6D7D - 33 F6                 - xor esi,esi
game.exe+1B6D7F - 89 45 C0              - mov [ebp-40],eax
game.exe+1B6D82 - 8B 45 C0              - mov eax,[ebp-40]
game.exe+1B6D85 - 3B F0                 - cmp esi,eax
game.exe+1B6D87 - 72 09                 - jb game.exe+1B6D92
game.exe+1B6D89 - A1 4074C600           - mov eax,[game.exe+867440] { [00000000] }
game.exe+1B6D8E - 85 C0                 - test eax,eax
game.exe+1B6D90 - 74 32                 - je game.exe+1B6DC4
game.exe+1B6D92 - 8B 45 94              - mov eax,[ebp-6C]
game.exe+1B6D95 - 8B 55 94              - mov edx,[ebp-6C]
game.exe+1B6D98 - 0FAF D0               - imul edx,eax
game.exe+1B6D9B - 89 55 94              - mov [ebp-6C],edx
game.exe+1B6D9E - 8B 45 94              - mov eax,[ebp-6C]
game.exe+1B6DA1 - 8B 55 94              - mov edx,[ebp-6C]
game.exe+1B6DA4 - 0FAF D0               - imul edx,eax
game.exe+1B6DA7 - 89 55 94              - mov [ebp-6C],edx
game.exe+1B6DAA - 8B 45 94              - mov eax,[ebp-6C]
game.exe+1B6DAD - 8B 55 94              - mov edx,[ebp-6C]
game.exe+1B6DB0 - 0FAF D0               - imul edx,eax
game.exe+1B6DB3 - 89 55 94              - mov [ebp-6C],edx
game.exe+1B6DB6 - 8B 45 94              - mov eax,[ebp-6C]
game.exe+1B6DB9 - 8B 55 94              - mov edx,[ebp-6C]
game.exe+1B6DBC - 0FAF D0               - imul edx,eax
game.exe+1B6DBF - 89 55 94              - mov [ebp-6C],edx
game.exe+1B6DC2 - EB 20                 - jmp game.exe+1B6DE4
game.exe+1B6DC4 - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1B6DC7 - C7 44 24 04 01000000  - mov [esp+04],00000001 { 1 }
game.exe+1B6DCF - C7 04 24  4074C600    - mov [esp],game.exe+867440 { [00000000] }
game.exe+1B6DD6 - FF 15 9030C600        - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange }
game.exe+1B6DDC - 85 C0                 - test eax,eax
game.exe+1B6DDE - 0F84 74030000         - je game.exe+1B7158
game.exe+1B6DE4 - 43                    - inc ebx
game.exe+1B6DE5 - 8B F3                 - mov esi,ebx
game.exe+1B6DE7 - 3B FB                 - cmp edi,ebx
game.exe+1B6DE9 - 77 97                 - ja game.exe+1B6D82
game.exe+1B6DEB - E9 7D030000           - jmp game.exe+1B716D
game.exe+1B6DF0 - C7 45 FC 06000000     - mov [ebp-04],00000006 { 6 }
game.exe+1B6DF7 - 8B 45 DC              - mov eax,[ebp-24]
game.exe+1B6DFA - 8B 15 A473C600        - mov edx,[game.exe+8673A4] { [0D312640] }
game.exe+1B6E00 - 89 10                 - mov [eax],edx
game.exe+1B6E02 - A3 A473C600           - mov [game.exe+8673A4],eax { [0D3088A8] }
game.exe+1B6E07 - C7 45 FC 05000000     - mov [ebp-04],00000005 { 5 }
game.exe+1B6E0E - C7 05 4074C600 00000000 - mov [game.exe+867440],00000000 { [00000000] }
game.exe+1B6E18 - 8B 45 90              - mov eax,[ebp-70]
game.exe+1B6E1B - 8B 10                 - mov edx,[eax]
game.exe+1B6E1D - 89 55 DC              - mov [ebp-24],edx
game.exe+1B6E20 - 33 C9                 - xor ecx,ecx
game.exe+1B6E22 - 3B D0                 - cmp edx,eax
game.exe+1B6E24 - 0F94 C1               - sete cl
game.exe+1B6E27 - 0FBE C9               - movsx ecx,cl
game.exe+1B6E2A - 85 C9                 - test ecx,ecx
game.exe+1B6E2C - 0F84 01FBFFFF         - je game.exe+1B6933
game.exe+1B6E32 - C7 45 FC 07000000     - mov [ebp-04],00000007 { 7 }
game.exe+1B6E39 - C7 45 FC 05000000     - mov [ebp-04],00000005 { 5 }
game.exe+1B6E40 - 8B 45 90              - mov eax,[ebp-70]
game.exe+1B6E43 - 8B 10                 - mov edx,[eax]
game.exe+1B6E45 - 89 55 D8              - mov [ebp-28],edx
game.exe+1B6E48 - 3B D0                 - cmp edx,eax
game.exe+1B6E4A - 0F84 F2000000         - je game.exe+1B6F42
game.exe+1B6E50 - 8B 45 D8              - mov eax,[ebp-28]
game.exe+1B6E53 - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1B6E56 - 89 45 C8              - mov [ebp-38],eax
game.exe+1B6E59 - 8B 00                 - mov eax,[eax]
game.exe+1B6E5B - C7 44 24 04 01000000  - mov [esp+04],00000001 { 1 }
game.exe+1B6E63 - C7 04 24  4074C600    - mov [esp],game.exe+867440 { [00000000] }
game.exe+1B6E6A - 89 45 D8              - mov [ebp-28],eax
game.exe+1B6E6D - FF 15 9030C600        - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange }
game.exe+1B6E73 - 85 C0                 - test eax,eax
game.exe+1B6E75 - 0F84 91000000         - je game.exe+1B6F0C
game.exe+1B6E7B - 33 DB                 - xor ebx,ebx
game.exe+1B6E7D - 8B 3D 0073C600        - mov edi,[game.exe+867300] { [0000001E] }
game.exe+1B6E83 - A1 2073C600           - mov eax,[game.exe+867320] { [00000000] }
game.exe+1B6E88 - 85 FF                 - test edi,edi
game.exe+1B6E8A - C7 45 9C 11000000     - mov [ebp-64],00000011 { 17 }
game.exe+1B6E91 - 0F86 36020000         - jbe game.exe+1B70CD
game.exe+1B6E97 - D1 E8                 - shr eax,1
game.exe+1B6E99 - 33 F6                 - xor esi,esi
game.exe+1B6E9B - 89 45 BC              - mov [ebp-44],eax
game.exe+1B6E9E - 8B 45 BC              - mov eax,[ebp-44]
game.exe+1B6EA1 - 3B F0                 - cmp esi,eax
game.exe+1B6EA3 - 72 09                 - jb game.exe+1B6EAE
game.exe+1B6EA5 - A1 4074C600           - mov eax,[game.exe+867440] { [00000000] }
game.exe+1B6EAA - 85 C0                 - test eax,eax
game.exe+1B6EAC - 74 32                 - je game.exe+1B6EE0
game.exe+1B6EAE - 8B 45 9C              - mov eax,[ebp-64]
game.exe+1B6EB1 - 8B 55 9C              - mov edx,[ebp-64]
game.exe+1B6EB4 - 0FAF D0               - imul edx,eax
game.exe+1B6EB7 - 89 55 9C              - mov [ebp-64],edx
game.exe+1B6EBA - 8B 45 9C              - mov eax,[ebp-64]
game.exe+1B6EBD - 8B 55 9C              - mov edx,[ebp-64]
game.exe+1B6EC0 - 0FAF D0               - imul edx,eax
game.exe+1B6EC3 - 89 55 9C              - mov [ebp-64],edx
game.exe+1B6EC6 - 8B 45 9C              - mov eax,[ebp-64]
game.exe+1B6EC9 - 8B 55 9C              - mov edx,[ebp-64]
game.exe+1B6ECC - 0FAF D0               - imul edx,eax
game.exe+1B6ECF - 89 55 9C              - mov [ebp-64],edx
game.exe+1B6ED2 - 8B 45 9C              - mov eax,[ebp-64]
game.exe+1B6ED5 - 8B 55 9C              - mov edx,[ebp-64]
game.exe+1B6ED8 - 0FAF D0               - imul edx,eax
game.exe+1B6EDB - 89 55 9C              - mov [ebp-64],edx
game.exe+1B6EDE - EB 20                 - jmp game.exe+1B6F00
game.exe+1B6EE0 - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1B6EE3 - C7 44 24 04 01000000  - mov [esp+04],00000001 { 1 }
game.exe+1B6EEB - C7 04 24  4074C600    - mov [esp],game.exe+867440 { [00000000] }
game.exe+1B6EF2 - FF 15 9030C600        - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange }
game.exe+1B6EF8 - 85 C0                 - test eax,eax
game.exe+1B6EFA - 0F84 31020000         - je game.exe+1B7131
game.exe+1B6F00 - 43                    - inc ebx
game.exe+1B6F01 - 8B F3                 - mov esi,ebx
game.exe+1B6F03 - 3B FB                 - cmp edi,ebx
game.exe+1B6F05 - 77 97                 - ja game.exe+1B6E9E
game.exe+1B6F07 - E9 C1010000           - jmp game.exe+1B70CD
game.exe+1B6F0C - C7 45 FC 08000000     - mov [ebp-04],00000008 { 8 }
game.exe+1B6F13 - 8B 45 C8              - mov eax,[ebp-38]
game.exe+1B6F16 - 8B 15 A473C600        - mov edx,[game.exe+8673A4] { [0D312640] }
game.exe+1B6F1C - 89 10                 - mov [eax],edx
game.exe+1B6F1E - A3 A473C600           - mov [game.exe+8673A4],eax { [0D312640] }
game.exe+1B6F23 - C7 45 FC 05000000     - mov [ebp-04],00000005 { 5 }
game.exe+1B6F2A - C7 05 4074C600 00000000 - mov [game.exe+867440],00000000 { [00000000] }
game.exe+1B6F34 - 8B 45 90              - mov eax,[ebp-70]
game.exe+1B6F37 - 8B 55 D8              - mov edx,[ebp-28]
game.exe+1B6F3A - 3B D0                 - cmp edx,eax
game.exe+1B6F3C - 0F85 0EFFFFFF         - jne game.exe+1B6E50
game.exe+1B6F42 - 89 00                 - mov [eax],eax
game.exe+1B6F44 - 8B 55 90              - mov edx,[ebp-70]
game.exe+1B6F47 - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1B6F4A - 89 52 04              - mov [edx+04],edx
game.exe+1B6F4D - C7 44 24 04 01000000  - mov [esp+04],00000001 { 1 }
game.exe+1B6F55 - 8B 55 90              - mov edx,[ebp-70]
game.exe+1B6F58 - C7 04 24  4074C600    - mov [esp],game.exe+867440 { [00000000] }
game.exe+1B6F5F - 89 55 C4              - mov [ebp-3C],edx
game.exe+1B6F62 - FF 15 9030C600        - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange }
game.exe+1B6F68 - 85 C0                 - test eax,eax
game.exe+1B6F6A - 0F84 8E000000         - je game.exe+1B6FFE
game.exe+1B6F70 - 33 DB                 - xor ebx,ebx
game.exe+1B6F72 - 8B 3D 0073C600        - mov edi,[game.exe+867300] { [0000001E] }
game.exe+1B6F78 - A1 2073C600           - mov eax,[game.exe+867320] { [00000000] }
game.exe+1B6F7D - 85 FF                 - test edi,edi
game.exe+1B6F7F - C7 45 A4 11000000     - mov [ebp-5C],00000011 { 17 }
game.exe+1B6F86 - 0F86 BF000000         - jbe game.exe+1B704B
game.exe+1B6F8C - D1 E8                 - shr eax,1
game.exe+1B6F8E - 33 F6                 - xor esi,esi
game.exe+1B6F90 - 89 45 B8              - mov [ebp-48],eax
game.exe+1B6F93 - 8B 45 B8              - mov eax,[ebp-48]
game.exe+1B6F96 - 3B F0                 - cmp esi,eax
game.exe+1B6F98 - 72 09                 - jb game.exe+1B6FA3
game.exe+1B6F9A - A1 4074C600           - mov eax,[game.exe+867440] { [00000000] }
game.exe+1B6F9F - 85 C0                 - test eax,eax
game.exe+1B6FA1 - 74 32                 - je game.exe+1B6FD5
game.exe+1B6FA3 - 8B 45 A4              - mov eax,[ebp-5C]
game.exe+1B6FA6 - 8B 55 A4              - mov edx,[ebp-5C]
game.exe+1B6FA9 - 0FAF D0               - imul edx,eax
game.exe+1B6FAC - 89 55 A4              - mov [ebp-5C],edx
game.exe+1B6FAF - 8B 45 A4              - mov eax,[ebp-5C]
game.exe+1B6FB2 - 8B 55 A4              - mov edx,[ebp-5C]
game.exe+1B6FB5 - 0FAF D0               - imul edx,eax
game.exe+1B6FB8 - 89 55 A4              - mov [ebp-5C],edx
game.exe+1B6FBB - 8B 45 A4              - mov eax,[ebp-5C]
game.exe+1B6FBE - 8B 55 A4              - mov edx,[ebp-5C]
game.exe+1B6FC1 - 0FAF D0               - imul edx,eax
game.exe+1B6FC4 - 89 55 A4              - mov [ebp-5C],edx
game.exe+1B6FC7 - 8B 45 A4              - mov eax,[ebp-5C]
game.exe+1B6FCA - 8B 55 A4              - mov edx,[ebp-5C]
game.exe+1B6FCD - 0FAF D0               - imul edx,eax
game.exe+1B6FD0 - 89 55 A4              - mov [ebp-5C],edx
game.exe+1B6FD3 - EB 20                 - jmp game.exe+1B6FF5
game.exe+1B6FD5 - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1B6FD8 - C7 44 24 04 01000000  - mov [esp+04],00000001 { 1 }
game.exe+1B6FE0 - C7 04 24  4074C600    - mov [esp],game.exe+867440 { [00000000] }
game.exe+1B6FE7 - FF 15 9030C600        - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange }
game.exe+1B6FED - 85 C0                 - test eax,eax
game.exe+1B6FEF - 0F84 BA000000         - je game.exe+1B70AF
game.exe+1B6FF5 - 43                    - inc ebx
game.exe+1B6FF6 - 8B F3                 - mov esi,ebx
game.exe+1B6FF8 - 3B FB                 - cmp edi,ebx
game.exe+1B6FFA - 77 97                 - ja game.exe+1B6F93
game.exe+1B6FFC - EB 4D                 - jmp game.exe+1B704B
game.exe+1B6FFE - C7 45 FC 09000000     - mov [ebp-04],00000009 { 9 }
game.exe+1B7005 - 8B 45 C4              - mov eax,[ebp-3C]
game.exe+1B7008 - 8B 15 A473C600        - mov edx,[game.exe+8673A4] { [0D312640] }
game.exe+1B700E - 89 10                 - mov [eax],edx
game.exe+1B7010 - A3 A473C600           - mov [game.exe+8673A4],eax { [0D312640] }
game.exe+1B7015 - C7 45 FC 05000000     - mov [ebp-04],00000005 { 5 }
game.exe+1B701C - C7 05 4074C600 00000000 - mov [game.exe+867440],00000000 { [00000000] }
game.exe+1B7026 - C7 45 FC FFFFFFFF     - mov [ebp-04],FFFFFFFF { -1 }
game.exe+1B702D - 8B 45 AC              - mov eax,[ebp-54]
game.exe+1B7030 - 8B 4D F4              - mov ecx,[ebp-0C]
game.exe+1B7033 - 64 89 0D 00000000     - mov fs:[00000000],ecx { 0 }
game.exe+1B703A - 8B 1C 24              - mov ebx,[esp]
game.exe+1B703D - 8B 74 24 04           - mov esi,[esp+04]
game.exe+1B7041 - 8B 7C 24 08           - mov edi,[esp+08]
game.exe+1B7045 - 8B E5                 - mov esp,ebp
game.exe+1B7047 - 5D                    - pop ebp
game.exe+1B7048 - C2 0C00               - ret 000C { 12 }
game.exe+1B704B - C7 05 0073C600 1E000000 - mov [game.exe+867300],0000001E { [0000001E] }
game.exe+1B7055 - 33 F6                 - xor esi,esi
game.exe+1B7057 - 8D 5E 06              - lea ebx,[esi+06]
game.exe+1B705A - 83 FB 1B              - cmp ebx,1B { 27 }
game.exe+1B705D - 7E 05                 - jle game.exe+1B7064
game.exe+1B705F - BB 1B000000           - mov ebx,0000001B { 27 }
game.exe+1B7064 - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1B7067 - C7 44 24 04 01000000  - mov [esp+04],00000001 { 1 }
game.exe+1B706F - C7 04 24  4074C600    - mov [esp],game.exe+867440 { [00000000] }
game.exe+1B7076 - FF 15 9030C600        - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange }
game.exe+1B707C - 85 C0                 - test eax,eax
game.exe+1B707E - 0F84 7AFFFFFF         - je game.exe+1B6FFE
game.exe+1B7084 - 83 FB 14              - cmp ebx,14 { 20 }
game.exe+1B7087 - 7F 10                 - jg game.exe+1B7099
game.exe+1B7089 - 57                    - push edi
game.exe+1B708A - C7 04 24  00000000    - mov [esp],00000000 { 0 }
game.exe+1B7091 - FF 15 F430C600        - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep }
game.exe+1B7097 - EB 13                 - jmp game.exe+1B70AC
game.exe+1B7099 - 83 C3 EC              - add ebx,-14 { 236 }
game.exe+1B709C - B8 01000000           - mov eax,00000001 { 1 }
game.exe+1B70A1 - 8B CB                 - mov ecx,ebx
game.exe+1B70A3 - D3 E0                 - shl eax,cl
game.exe+1B70A5 - 50                    - push eax
game.exe+1B70A6 - FF 15 F430C600        - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep }
game.exe+1B70AC - 46                    - inc esi
game.exe+1B70AD - EB A8                 - jmp game.exe+1B7057
game.exe+1B70AF - 89 35 2073C600        - mov [game.exe+867320],esi { [00000000] }
game.exe+1B70B5 - C7 05 0073C600 E8030000 - mov [game.exe+867300],000003E8 { [0000001E] }
game.exe+1B70BF - E9 3AFFFFFF           - jmp game.exe+1B6FFE
game.exe+1B70C4 - 8D 4D A8              - lea ecx,[ebp-58]
game.exe+1B70C7 - E8 D483E5FF           - call game.exe+F4A0
game.exe+1B70CC - C3                    - ret 
game.exe+1B70CD - C7 05 0073C600 1E000000 - mov [game.exe+867300],0000001E { [0000001E] }
game.exe+1B70D7 - 33 F6                 - xor esi,esi
game.exe+1B70D9 - 8D 5E 06              - lea ebx,[esi+06]
game.exe+1B70DC - 83 FB 1B              - cmp ebx,1B { 27 }
game.exe+1B70DF - 7E 05                 - jle game.exe+1B70E6
game.exe+1B70E1 - BB 1B000000           - mov ebx,0000001B { 27 }
game.exe+1B70E6 - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1B70E9 - C7 44 24 04 01000000  - mov [esp+04],00000001 { 1 }
game.exe+1B70F1 - C7 04 24  4074C600    - mov [esp],game.exe+867440 { [00000000] }
game.exe+1B70F8 - FF 15 9030C600        - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange }
game.exe+1B70FE - 85 C0                 - test eax,eax
game.exe+1B7100 - 0F84 06FEFFFF         - je game.exe+1B6F0C
game.exe+1B7106 - 83 FB 14              - cmp ebx,14 { 20 }
game.exe+1B7109 - 7F 10                 - jg game.exe+1B711B
game.exe+1B710B - 57                    - push edi
game.exe+1B710C - C7 04 24  00000000    - mov [esp],00000000 { 0 }
game.exe+1B7113 - FF 15 F430C600        - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep }
game.exe+1B7119 - EB 13                 - jmp game.exe+1B712E
game.exe+1B711B - 83 C3 EC              - add ebx,-14 { 236 }
game.exe+1B711E - B8 01000000           - mov eax,00000001 { 1 }
game.exe+1B7123 - 8B CB                 - mov ecx,ebx
game.exe+1B7125 - D3 E0                 - shl eax,cl
game.exe+1B7127 - 50                    - push eax
game.exe+1B7128 - FF 15 F430C600        - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep }
game.exe+1B712E - 46                    - inc esi
game.exe+1B712F - EB A8                 - jmp game.exe+1B70D9
game.exe+1B7131 - 89 35 2073C600        - mov [game.exe+867320],esi { [00000000] }
game.exe+1B7137 - C7 05 0073C600 E8030000 - mov [game.exe+867300],000003E8 { [0000001E] }
game.exe+1B7141 - E9 C6FDFFFF           - jmp game.exe+1B6F0C
game.exe+1B7146 - 8D 4D A0              - lea ecx,[ebp-60]
game.exe+1B7149 - E8 5283E5FF           - call game.exe+F4A0
game.exe+1B714E - C3                    - ret 
game.exe+1B714F - 8D 4D 90              - lea ecx,[ebp-70]
game.exe+1B7152 - E8 C9B7E5FF           - call game.exe+12920
game.exe+1B7157 - C3                    - ret 
game.exe+1B7158 - 89 35 2073C600        - mov [game.exe+867320],esi { [00000000] }
game.exe+1B715E - C7 05 0073C600 E8030000 - mov [game.exe+867300],000003E8 { [0000001E] }
game.exe+1B7168 - E9 83FCFFFF           - jmp game.exe+1B6DF0
game.exe+1B716D - C7 05 0073C600 1E000000 - mov [game.exe+867300],0000001E { [0000001E] }
game.exe+1B7177 - 33 F6                 - xor esi,esi
game.exe+1B7179 - 8D 5E 06              - lea ebx,[esi+06]
game.exe+1B717C - 83 FB 1B              - cmp ebx,1B { 27 }
game.exe+1B717F - 7E 05                 - jle game.exe+1B7186
game.exe+1B7181 - BB 1B000000           - mov ebx,0000001B { 27 }
game.exe+1B7186 - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1B7189 - C7 44 24 04 01000000  - mov [esp+04],00000001 { 1 }
game.exe+1B7191 - C7 04 24  4074C600    - mov [esp],game.exe+867440 { [00000000] }
game.exe+1B7198 - FF 15 9030C600        - call dword ptr [game.exe+863090] { ->KERNEL32.InterlockedExchange }
game.exe+1B719E - 85 C0                 - test eax,eax
game.exe+1B71A0 - 0F84 4AFCFFFF         - je game.exe+1B6DF0
game.exe+1B71A6 - 83 FB 14              - cmp ebx,14 { 20 }
game.exe+1B71A9 - 7F 10                 - jg game.exe+1B71BB
game.exe+1B71AB - 57                    - push edi
game.exe+1B71AC - C7 04 24  00000000    - mov [esp],00000000 { 0 }
game.exe+1B71B3 - FF 15 F430C600        - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep }
game.exe+1B71B9 - EB 13                 - jmp game.exe+1B71CE
game.exe+1B71BB - 83 C3 EC              - add ebx,-14 { 236 }
game.exe+1B71BE - B8 01000000           - mov eax,00000001 { 1 }
game.exe+1B71C3 - 8B CB                 - mov ecx,ebx
game.exe+1B71C5 - D3 E0                 - shl eax,cl
game.exe+1B71C7 - 50                    - push eax
game.exe+1B71C8 - FF 15 F430C600        - call dword ptr [game.exe+8630F4] { ->->KERNELBASE.Sleep }
game.exe+1B71CE - 46                    - inc esi
game.exe+1B71CF - EB A8                 - jmp game.exe+1B7179
game.exe+1B71D1 - 8D 4D 98              - lea ecx,[ebp-68]
game.exe+1B71D4 - E8 C782E5FF           - call game.exe+F4A0
game.exe+1B71D9 - C3                    - ret 
game.exe+1B71DA - 83 C4 F8              - add esp,-08 { 248 }
game.exe+1B71DD - C7 04 24  8070D400    - mov [esp],game.exe+947080 { ["GameSession::getResourceAmountInStores"] }
game.exe+1B71E4 - E8 D7915F00           - call game.exe+7B03C0
game.exe+1B71E9 - 33 C0                 - xor eax,eax
game.exe+1B71EB - 89 04 24              - mov [esp],eax
game.exe+1B71EE - 89 44 24 04           - mov [esp+04],eax
game.exe+1B71F2 - E8 A3156A00           - call game.exe+85879A
game.exe+1B71F7 - B8 FD715B00           - mov eax,game.exe+1B71FD { [139] }
game.exe+1B71FC - C3                    - ret 
game.exe+1B71FD - 8B 4D F4              - mov ecx,[ebp-0C]
game.exe+1B7200 - 64 89 0D 00000000     - mov fs:[00000000],ecx { 0 }
game.exe+1B7207 - 8B 1C 24              - mov ebx,[esp]
game.exe+1B720A - 8B 74 24 04           - mov esi,[esp+04]
game.exe+1B720E - 8B 7C 24 08           - mov edi,[esp+08]
game.exe+1B7212 - 8B E5                 - mov esp,ebp
game.exe+1B7214 - 5D                    - pop ebp
game.exe+1B7215 - C2 0C00               - ret 000C { 12 }
game.exe+1B7218 - 8B 75 E0              - mov esi,[ebp-20]
game.exe+1B721B - 8B 7D AC              - mov edi,[ebp-54]
game.exe+1B721E - B9 FF0F0000           - mov ecx,00000FFF { 4095 }
game.exe+1B7223 - 23 CA                 - and ecx,edx
game.exe+1B7225 - C1 EA 14              - shr edx,14 { 20 }
game.exe+1B7228 - 89 5D E4              - mov [ebp-1C],ebx
game.exe+1B722B - 8B 58 24              - mov ebx,[eax+24]
game.exe+1B722E - 8B 1C D3              - mov ebx,[ebx+edx*8]
game.exe+1B7231 - 8B 5C 0B 0C           - mov ebx,[ebx+ecx+0C]
game.exe+1B7235 - BA FF0F0000           - mov edx,00000FFF { 4095 }
game.exe+1B723A - 23 D3                 - and edx,ebx
game.exe+1B723C - C1 EB 14              - shr ebx,14 { 20 }
game.exe+1B723F - 8B 48 24              - mov ecx,[eax+24]
game.exe+1B7242 - 8B 0C D9              - mov ecx,[ecx+ebx*8]
//////////////////////////////////////////////////////////////////////////////////
game.exe+1B7245 - 0FB7 0C 11            - movzx ecx,word ptr [ecx+edx]  (Адреса всех ресурсов. Но нет тех которые не открыты - не куплены не построенны производством)
/////////////////////////////////////////////////////////////////////////////////
game.exe+1B7249 - 03 F9                 - add edi,ecx
game.exe+1B724B - 89 7D AC              - mov [ebp-54],edi
game.exe+1B724E - 8B 8E 74010000        - mov ecx,[esi+00000174]
game.exe+1B7254 - 8B 5D E4              - mov ebx,[ebp-1C]
game.exe+1B7257 - E9 CDF7FFFF           - jmp game.exe+1B6A29
game.exe+1B725C - 8B 55 E0              - mov edx,[ebp-20]
game.exe+1B725F - 8B 8A 74010000        - mov ecx,[edx+00000174]
game.exe+1B7265 - E9 BFF7FFFF           - jmp game.exe+1B6A29

 

 

Ссылка на комментарий
Поделиться на другие сайты

25 минут назад, Strajder сказал:

скрипт на ресурсы

На другую инструкцию лучше сделать (она чаще читает, при открытии здания - мерии, таверны):

Спойлер

{ Game   : game.exe
  Version: 
  Date   : 2018-04-27
  Author : Garik66

  This script does blah blah blah
}

[ENABLE]
aobscanmodule(RESOURCES,game.exe,0F B7 04 0A C7 45 FC FF FF FF FF) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
registersymbol(RESOURCES)

newmem:
  mov word ptr [edx+ecx],#66

code:
  movzx eax,word ptr [edx+ecx]
  mov [ebp-04],FFFFFFFF
  jmp return

RESOURCES:
  jmp newmem
  db 90 90 90 90 90 90
return:

[DISABLE]
RESOURCES:
  db 0F B7 04 0A C7 45 FC FF FF FF FF

unregistersymbol(RESOURCES)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "game.exe"+1B8C4E

"game.exe"+1B8C2F: 23 C8                 -  and ecx,eax
"game.exe"+1B8C31: C1 E8 14              -  shr eax,14
"game.exe"+1B8C34: 8B 5A 24              -  mov ebx,[edx+24]
"game.exe"+1B8C37: 8B 1C C3              -  mov ebx,[ebx+eax*8]
"game.exe"+1B8C3A: 8B 5C 0B 0C           -  mov ebx,[ebx+ecx+0C]
"game.exe"+1B8C3E: B9 FF 0F 00 00        -  mov ecx,00000FFF
"game.exe"+1B8C43: 23 CB                 -  and ecx,ebx
"game.exe"+1B8C45: C1 EB 14              -  shr ebx,14
"game.exe"+1B8C48: 8B 52 24              -  mov edx,[edx+24]
"game.exe"+1B8C4B: 8B 14 DA              -  mov edx,[edx+ebx*8]
// ---------- INJECTING HERE ----------
"game.exe"+1B8C4E: 0F B7 04 0A           -  movzx eax,word ptr [edx+ecx]
"game.exe"+1B8C52: C7 45 FC FF FF FF FF  -  mov [ebp-04],FFFFFFFF
// ---------- DONE INJECTING  ----------
"game.exe"+1B8C59: 8B 4D F4              -  mov ecx,[ebp-0C]
"game.exe"+1B8C5C: 64 89 0D 00 00 00 00  -  mov fs:[00000000],ecx
"game.exe"+1B8C63: 8B 1C 24              -  mov ebx,[esp]
"game.exe"+1B8C66: 8B 74 24 04           -  mov esi,[esp+04]
"game.exe"+1B8C6A: 8B 7C 24 08           -  mov edi,[esp+08]
"game.exe"+1B8C6E: 8B E5                 -  mov esp,ebp
"game.exe"+1B8C70: 5D                    -  pop ebp
"game.exe"+1B8C71: C2 08 00              -  ret 0008
"game.exe"+1B8C74: 8D B6 00 00 00 00     -  lea esi,[esi+00000000]
"game.exe"+1B8C7A: 8D BF 00 00 00 00     -  lea edi,[edi+00000000]
}

 

Как открыть неоткрытое пока не нашел - игру не знаю.

  • Плюс 1
Ссылка на комментарий
Поделиться на другие сайты

Garik66 Спасибо. Буду сейчас смотреть что меняется добавляется при вводе кода. Там добавляются все ресурсы по 100 сразу. Может от туда как то можно будет выйти на адреса.

  • Плюс 1
Ссылка на комментарий
Поделиться на другие сайты

1 минуту назад, Strajder сказал:

Может от туда как то можно будет выйти на адреса.

Да

1 минуту назад, Strajder сказал:

Garik66 Спасибо.

:D

2 минуты назад, Strajder сказал:

Буду сейчас смотреть

Я не буду. У меня на 10 чей-то она как то медленно работает, так что я её снесу.

Ссылка на комментарий
Поделиться на другие сайты

Ну да - игра старая. Оптимизации для Windows 10 нет. Да и не будет уже. Все равно спасибо. Буду один ковыряться. Может чего додумаю :rolleyes:

Ссылка на комментарий
Поделиться на другие сайты

Скрипт на открытие всей карты:

Спойлер

{ Game   : game.exe
  Version: 
  Date   : 2018-04-27
  Author : Sumrak1988

  This script does blah blah blah
}

[ENABLE]
aobscanmodule(MAPS,game.exe,04 00 00 00 A0 ?? ?? ?? ?? 00 00 00 09) // should be unique
registersymbol(MAPS)

MAPS:
  db 00 00

[DISABLE]
MAPS:
  db 04 00
unregistersymbol(MAPS)


{
// ORIGINAL CODE - INJECTION POINT: "game.exe"+8CD428

"game.exe"+8CD40D: 00 00              -  add [eax],al
"game.exe"+8CD40F: 00 BA 06 00 00 00  -  add [edx+00000006],bh
"game.exe"+8CD415: 00 00              -  add [eax],al
"game.exe"+8CD417: 00 5E C7           -  add [esi-39],bl
"game.exe"+8CD41A: 0E                 -  push cs
"game.exe"+8CD41B: 00 EB              -  add bl,ch
"game.exe"+8CD41D: 05 00 00 01 01     -  add eax,01010000
"game.exe"+8CD422: 01 01              -  add [ecx],eax
"game.exe"+8CD424: 01 01              -  add [ecx],eax
"game.exe"+8CD426: 01 01              -  add [ecx],eax
// ---------- INJECTING HERE ----------
"game.exe"+8CD428: 04 00              -  add al,00
"game.exe"+8CD42A: 00 00              -  add [eax],al
"game.exe"+8CD42C: A0 5A 4D 03 03     -  mov al,[03034D5A]
// ---------- DONE INJECTING  ----------
"game.exe"+8CD431: 00 00              -  add [eax],al
"game.exe"+8CD433: 00 09              -  add [ecx],cl
"game.exe"+8CD435: 00 00              -  add [eax],al
"game.exe"+8CD437: 00 80 5A 4D 03 12  -  add [eax+12034D5A],al
"game.exe"+8CD43D: 01 00              -  add [eax],eax
"game.exe"+8CD43F: 00 00              -  add [eax],al
"game.exe"+8CD441: 00 00              -  add [eax],al
"game.exe"+8CD443: 00 00              -  add [eax],al
"game.exe"+8CD445: 00 00              -  add [eax],al
"game.exe"+8CD447: 00 01              -  add [ecx],al
}

 

 

  • Плюс 4
Ссылка на комментарий
Поделиться на другие сайты

×
×
  • Создать...

Важная информация

Находясь на нашем сайте, Вы автоматически соглашаетесь соблюдать наши Условия использования.