1.0M的角色列表修改.docVIP

1.0M的角色列表修改 1.0M的角色列表修改一: 我先找到的了位置大致分析就可以知道这个一定是: ============================================== C1,4B,F3,00,02,00,02, 00,D3,F4,C3,C6,00,00,00,00,00,00,71,08,00,08,20,0A,FF,11,1F,1F,18,6D,80,10,00,00,00,FF,FF,FF,00,00,FF, 01,C4,A7,BB,C3,D6,AE,D6,F7,00,00,71,01,00,00,00,FF,FF,FF,FF,FF,00,00,00,F8,00,00,00,FF,FF,FF,00,00,FF ================================================= 以上是我们的参考封包 关键是: C1,标头 4B,长度 F3,协议类型 00, 02, 00, 02,角色数量 我们找到GS里的函数头为: 00403EB8 $ /E9 43CB0100 JMP GameServ.JGPGetCharList 具体实现为: 00420A00 / \55 PUSH EBP 00420A01 |. 8BEC MOV EBP,ESP 00420A03 |. 81EC B4010000 SUB ESP,1B4 00420A09 |. 53 PUSH EBX 00420A0A |. 56 PUSH ESI 00420A0B |. 57 PUSH EDI 00420A0C |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 00420A0F |. 8945 FC MOV DWORD PTR SS:[EBP-4],EAX 00420A12 |. C785 E8FEFFFFMOV DWORD PTR SS:[EBP-118],0 00420A1C |. C785 E4FEFFFFMOV DWORD PTR SS:[EBP-11C],1C 00420A26 |. 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] 00420A29 |. 0FBF51 04 MOVSX EDX,WORD PTR DS:[ECX+4] 00420A2D |. 8995 E0FEFFFF MOV DWORD PTR SS:[EBP-120],EDX 00420A33 |. C685 D4FEFFFFMOV BYTE PTR SS:[EBP-12C],0C1 00420A3A |. C685 D6FEFFFFMOV BYTE PTR SS:[EBP-12A],0F3 00420A41 |. C685 D7FEFFFFMOV BYTE PTR SS:[EBP-129],0 00420A48 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 00420A4B |. 8A48 06 MOV CL,BYTE PTR DS:[EAX+6] 00420A4E |. 888D DAFEFFFF MOV BYTE PTR SS:[EBP-126],CL 00420A54 |. C645 F6 00 MOV BYTE PTR SS:[EBP-A],0 00420A58 |. 6A 0A PUSH 0A ; /n = A (10.) 00420A5A |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] ; | 00420A5D |. 83C2 0D ADD EDX,0D ; | 00420A60 |. 52 PUSH EDX ; |src 00420A61 |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14] ; | 00420A64 |. 50 PUSH EAX ; |dest 00420A65 |. E8 C6141400 CALL GameServ._memcpy ; \_memcpy 00420A6A |. 83C4 0C ADD ESP,0C /-------------------------------------------------------------------------------- 我把上段分析为