模拟call 以地图坐标
[ENABLE]
alloc(new,200)
new:
pushad
push 0
push 0
push 0
push 0
push 0
push 0
push 4
push 0
push 0
push 0//Z轴
push #270//y轴
push #404//x轴
push #66666//伤害
push #20022//代码
mov ecx,1AB7CDC//人物基址
mov ecx,[ecx]
push ecx
mov eax,86EC60// #模拟call
call eax
Popad
ret
createthread(new)
//LdrInitializeThunk:
//db 8B FF 55 8B EC
[DISABLE]
技能call 以自身坐标 这个
alloc(new,200)
new:
Pushad
mov ecx,[019E31E8]
mov edx,[019E31EC]
mov esi,[1AB7CDC]
mov eax,[esi]
push 00
push 00
push 00
push ecx
mov ecx,[ebp-00000314]
push edx
mov edx,[eax+00000340]
push 00
push 04
Push #0//Z
Push #0//X轴)
Push #0//Y轴)
Push 0
Push 0
Push #99999// 伤害)
Push #20057// 代码)
mov ecx,esi
call edx
Popad
ret
[ENABLE]
createthread(new)
//LdrInitializeThunk:
//db 8B FF 55 8B EC
[DISABLE]
{
00C5DBC7 - 8B 0D E8319E01 - mov ecx,[019E31E8]
00C5DBCD - 8B 15 EC319E01 - mov edx,[019E31EC]
00C5DBD3 - 6A 00 - push 00
00C5DBD5 - 6A 00 - push 00
00C5DBD7 - 8B 06 - mov eax,[esi]
00C5DBD9 - 6A 00 - push 00
00C5DBDB - 51 - push ecx
00C5DBDC - 8B 8D ECFCFFFF - mov ecx,[ebp-00000314]
00C5DBE2 - 52 - push edx
00C5DBE3 - 8B 90 40030000 - mov edx,[eax+00000340]
00C5DBE9 - 6A 00 - push 00
00C5DBEB - 6A 04 - push 04
00C5DBED - 6A 3C - push 3C
00C5DBEF - 6A 00 - push 00
00C5DBF1 - 6A 2C - push 2C
00C5DBF3 - 6A 00 - push 00
00C5DBF5 - 53 - push ebx
00C5DBF6 - 51 - push ecx
00C5DBF7 - 68 DF590000 - push 000059DF
00C5DBFC - 8B CE - mov ecx,esi
00C5DBFE - FF D2 - call edx
}
[ENABLE]
alloc(new,200)
new:
pushad
push 0
push 0
push 0
push 0
push 0
push 0
push 4
push 0
push 0
push 0//Z轴
push #270//y轴
push #404//x轴
push #66666//伤害
push #20022//代码
mov ecx,1AB7CDC//人物基址
mov ecx,[ecx]
push ecx
mov eax,86EC60// #模拟call
call eax
Popad
ret
createthread(new)
//LdrInitializeThunk:
//db 8B FF 55 8B EC
[DISABLE]
技能call 以自身坐标 这个
alloc(new,200)
new:
Pushad
mov ecx,[019E31E8]
mov edx,[019E31EC]
mov esi,[1AB7CDC]
mov eax,[esi]
push 00
push 00
push 00
push ecx
mov ecx,[ebp-00000314]
push edx
mov edx,[eax+00000340]
push 00
push 04
Push #0//Z
Push #0//X轴)
Push #0//Y轴)
Push 0
Push 0
Push #99999// 伤害)
Push #20057// 代码)
mov ecx,esi
call edx
Popad
ret
[ENABLE]
createthread(new)
//LdrInitializeThunk:
//db 8B FF 55 8B EC
[DISABLE]
{
00C5DBC7 - 8B 0D E8319E01 - mov ecx,[019E31E8]
00C5DBCD - 8B 15 EC319E01 - mov edx,[019E31EC]
00C5DBD3 - 6A 00 - push 00
00C5DBD5 - 6A 00 - push 00
00C5DBD7 - 8B 06 - mov eax,[esi]
00C5DBD9 - 6A 00 - push 00
00C5DBDB - 51 - push ecx
00C5DBDC - 8B 8D ECFCFFFF - mov ecx,[ebp-00000314]
00C5DBE2 - 52 - push edx
00C5DBE3 - 8B 90 40030000 - mov edx,[eax+00000340]
00C5DBE9 - 6A 00 - push 00
00C5DBEB - 6A 04 - push 04
00C5DBED - 6A 3C - push 3C
00C5DBEF - 6A 00 - push 00
00C5DBF1 - 6A 2C - push 2C
00C5DBF3 - 6A 00 - push 00
00C5DBF5 - 53 - push ebx
00C5DBF6 - 51 - push ecx
00C5DBF7 - 68 DF590000 - push 000059DF
00C5DBFC - 8B CE - mov ecx,esi
00C5DBFE - FF D2 - call edx
}
水帖的。百度就能搜到一堆源码。搁着一个一个发功能写法,有生之年能发完一套源码写法就不错了
