天龙八部CALL测试篇.docx
《天龙八部CALL测试篇.docx》由会员分享,可在线阅读,更多相关《天龙八部CALL测试篇.docx(14页珍藏版)》请在冰豆网上搜索。
天龙八部CALL测试篇
天龙八部CALL测试篇
注意了:
有的朋友发现CALL不能用,是为什么呢?
因为TL不断在更新,更新一次
可能就会变动基址或CALL,所以调用不成功。
这里我给出我所用的基址信息,更新了客户端需要同步更新(还有一种动态查找基址就是通过机器码来查找,需要基址变了,但是调用方式没有变,所以通过机器可以找基址,这种方法我还没有研究过)
//baseaddr.h
#pragmaonce
//定义基地信息,全部要以h结尾,不能有任何非法字符
//在游戏最上方输出文字信息,pushLPCTSTR;push85h;[ecx+4ch];
#defineCALL_TOP_TXT_OUTPUT6a77E4h
//放技能的上层CALL,此层一般无参数
#defineCALL_ABILITY_TOP_AD042C3C0h
//这个是放技能的具体地址,有六个参数,这个需要上层[CALL_ABILITY_TOP_AD]的指针才能调用
#defineCALL_ABILITY_SUB_AD042BC50h
//走路,打怪,选怪都需要这个值的偏移做指针
//moveax,[CALL_GO_OR_ATTACK_BASE]
//movebx,[eax]
//movecx,eax
//pusheax;
//call[ebx+54];这个里面做需要6个参数,和放技能差不多的
//--sub_call,ecx=上面push的eax;
//--sub_call,esi=ecx=[CALL_GO_OR_ATTACK_BASE];
//--sub_call,[esi+8],[esi+c]为参数
#defineCALL_GO_OR_ATTACK_BASE6A0D6Ch
//对话或走向NPC,需传ID值
#defineCALL_MOVE_OR_TALK_NPC6A77F0h
//角色基址
#definePLAYER_TOP_BASE_AD6A77ECh//怪物等,坐标等都需要这个
#defineMAP_BASE_ADDRPLAYER_TOP_BASE_AD
//[[[PLAYER_TOP_BASE_AD]+64]+44]
#definePLAYER_BASE_ADDR6A0B5Ch
//怪物数组基址
#defineMONSTER_BASE_AD6A0B3Ch
#defineMONSTER_OFFSET_137E4h
#defineMONSTER_OFFSET_SUB40h
#defineMONSTER_OFFSET_COUNT77E4h
#defineCHOOSE_MONSTER_AD12897548h
#defineNET_DATA_SEND_INCRE6A76E4h
//testcall.h
#pragmaonce
#include"baseaddr.h"
#include
usingnamespacestd;
#defineDW_TYPE_IDDWORD
classCTLCallTest
{
public:
CTLCallTest(void);
~CTLCallTest(void);
//structMonster
//{
//floatx;//+0
//floatz;//notuse//+4
//floaty;//+8
//charname[14];
//};
public:
voidAttack(DWORDdwID=0xBD);
voidSiteDown();
voidMoveTo(floatx=100.f,float=100.f);
voidChoose(DW_TYPE_IDdwID=0xFFFFFF);
voidTest();
voidJump();
voidNormal(intid);
voidRecall();//重新调用上次使用的技能
enumACTION_TYPE{AT_MOVE=1,AT_CHOOSE,AT_ATTACK,AT_TALK_TO_NPC=9};
enumABILITY_ID{SITE_DOWN=0x23,BACK_CITY=0x16,CALL_HORSE=0x15,CATCH_BABY=0x1,
NORMAL_ATTACK=0x0,
CALL_BABY=0x2,
TEST_3=0x3,
TEST_4=0x4,
WD_NM_ATTACK=0x173,//needid
WD_TBBDZ=0x178,
WD_WNXY=0x188,
WD_TYSSJ=0x184,
WD_BGZ=0x173,//needid
WD_SHTY=0x176,//needx,y
OTHER=0x161,
OTHER_1=0x162,
OTHER_2=0x163
};
enumPS_INFO{
PS_LEVEL=0x5C,
PS_NAME=0x30,//12len
PS_HP=0x8F4,
PS_MP=0x8F8,
PS_EXP=0x8FC,
PS_MAX_HP=0x960,
PS_MAX_MP=0x964,
PS_SF=0x940,//shengfa
PS_POWER=0x948,//liliang
PS_MAGIC=0x94C,//lingqi
PS_POWER_A=0x950,//wuligongji
PS_MAGIC_A=0x954,//lingqigongji
PS_POWER_D=0x958,//wulifangyu
PS_MAGIC_D=0x95C,//lingqifangyu
PS_MINGZH=0x970,//mingzhong
PS_SANBI=0x974,
PS_HUIXIN=0x978,//huixinggongji
PS_HUIFANG=0x97C,//huixingfayu
};
DWORDGetPSInfo(PS_INFO);
intIsChooseMonster();
voidAbility(ABILITY_IDid,DWORDdwPara2=0xFFFFFFFF,DWORDdwTargetID=0xFFFFFFFF,
floatx=0xBF800000,floaty=0xBF800000,floatz=0xBF800000
);//使用技能
voidCatchBaby(DWORDdwID);//抓宝宝
voidTmpCall();
voidPrintText(LPCTSTRpCHAR);
voidMoveToNPCAndTalk(DWORDdwID);
voidProcessSth(LPCTSTRpTxt,DWORDprect);
DWORDFindValidMonsterID(int*pTotal=NULL);
voidPrintOneValidMonster();
voidAttackValidMonster();
DWORDGetCurIDMonster();
boolGetPlayerPos(float&x,float&z,float&y);
voidSetPlayerPos(floatx,floaty,floatz);
voidSetPlayerName(stringstrName);
intGetRndVal(intfMin,intfMax);
voidRndGoWhereFromCur(intnMin,intnMax);
stringGetPsName();
voidSendData(PBYTEpByte,intlen);
private:
DWORDm_curMonstID;
voidInnerAction(ACTION_TYPEat,floatdwP1,floatdwP2);
voidShowMonster(DWORDdwID);
};
//.testcall.cpp
#include"StdAfx.h"
#include"TLCallTest.h"
#include
#include
CTLCallTest:
:
CTLCallTest(void)
{
this->m_curMonstID=0;
}
CTLCallTest:
:
~CTLCallTest(void)
{
}
//选怪
voidCTLCallTest:
:
Choose(DW_TYPE_IDdwID)
{
/*
00433E74|>8B0DF0776A00MOVECX,DWORDPTRDS:
[6A77F0];Case2ofswitch00433DFF
00433E7A|.8B4608MOVEAX,DWORDPTRDS:
[ESI+8];[ESI+8]替换为自己想选怪的ID值
00433E7D|.8B11MOVEDX,DWORDPTRDS:
[ECX]
00433E7F|.6A01PUSH1
00433E81|.50PUSHEAX;这个是怪的ID值
00433E82|.FF5238CALLDWORDPTRDS:
[EDX+38]
*/
__asm{
PUSHAD;
MOVEAX,dwordptrds:
[CALL_GO_OR_ATTACK_BASE];
MOVedx,dwordptrds:
[eax];
movebx,dwordptrds:
[eax];
movecx,eax;
addeax,88h;==call[edx+54];
movedx,2;
mov[eax+50h],edx;;操作类型,1移动,2选择,3打怪;
movedx,dwordptr[dwID];
mov[eax+08h],edx;
pusheax;
calldwordptrds:
[ebx+5Ch];
POPAD;
};
}
//
voidCTLCallTest:
:
SiteDown()
{
this->Ability(SITE_DOWN);
}
//放技能
voidCTLCallTest:
:
Ability(ABILITY_IDdwInd,DWORDdwPara2,DWORDdwTargetID,floatx,floaty,floatz)
{
/*
0042C62F|.8B869C000000moveax,dwordptrds:
[esi+9C]
0042C635|.8B8E98000000movecx,dwordptrds:
[esi+98]
0042C63B|.8B9690000000movedx,dwordptrds:
[esi+90]
0042C641|.50pusheax
0042C642|.8B868C000000moveax,dwordptrds:
[esi+8C]
0042C648|.51pushecx
0042C649|.8B8E88000000movecx,dwordptrds:
[esi+88]
0042C64F|.52pushedx
0042C650|.0FBF96840000>movsxedx,wordptrds:
[esi+84]
0042C657|.50pusheax
0042C658|.51pushecx
0042C659|.52pushedx
0042C65A|.8BCEmovecx,esi
0042C65C|.E82FF7FFFFcall0042BD90;
*/
__asm{
PUSHAD;
MOVEAX,DWORDPTRDS:
[PLAYER_TOP_BASE_AD];
MOVEAX,[EAX+64h];
MOVEAX,[EAX+164h];
MOVESI,EAX;
MOVEDX,dwordptr[z];//0BF800000h;
MOVdwordptrds:
[esi+9ch],EDX;//push1para6usualyBF800000
MOVEDX,dwordptr[y];//0BF800000h;
MOVdwordptrds:
[esi+98h],EDX;//push2para5usualyBF800000
MOVEDX,dwordptr[x];//0BF800000h;
MOVdwordptrds:
[esi+90h],EDX;//push3para4usualyBF800000
MOVEDX,[dwTargetID];
MOVdwordptrds:
[esi+8Ch],EDX;//push4para3usualy-1
MOVEDX,[dwPara2];
MOVdwordptrds:
[esi+88h],EDX;//push5para2usualy-1
MOVSXDX,WORDPTR[dwInd];
MOVwordptrds:
[esi+84h],DX;//push6para1,abilityID
movecx,esi;
moveax,CALL_ABILITY_TOP_AD;
calleax;
POPAD;
};
}
//
voidCTLCallTest:
:
CatchBaby(DWORDdwID)
{
this->Ability(CATCH_BABY,dwID);
}
//
DWORDCTLCallTest:
:
GetPSInfo(PS_INFOps)
{
DWORDrs=0;
try{
__asm
{
PUSHAD;
MOVEAX,dwordptrds:
[PLAYER_BASE_ADDR];
MOVEAX,dwordptrds:
[EAX+64h];
MOVEAX,dwordptrds:
[EAX+158h];
MOVEAX,dwordptrds:
[EAX+4h];
MOVEBX,dwordptr[ps];
ADDEAX,EBX;
MOVEBX,[EAX];
MOVdwordptr[rs],EBX;
POPAD;
};
}catch(...)
{
}
returnrs;
}
//设置当前角色名称,注意是本机有效,不会传给服务器,
//可以这样更改名称#b#RGMGMGMGM,可以加任务颜色,长度不能超过12,否则
//无效
voidCTLCallTest:
:
SetPlayerName(std:
:
stringstrName)
{
try{
char*pName=NULL;
__asm
{
PUSHAD;
MOVEAX,dwordptrds:
[PLAYER_BASE_ADDR];
MOVEAX,dwordptrds:
[EAX+64h];
MOVEAX,dwordptrds:
[EAX+158h];
MOVEAX,dwordptrds:
[EAX+4h];
LEAEBX,dwordptrds:
[EAX+30h];
MOVdwordptr[pName],EBX;
POPAD;
};
if(pName)
{
strcpy_s(pName,13,strName.substr(0,12).c_str());
}
}catch(...)
{
PrintText(_T("SetPlayerNameexception!
!
"));
}
}
//返回角色名称
stringCTLCallTest:
:
GetPsName()
{
stringstr("Unknow");
try{
LPCSTRpName=NULL;
__asm
{
PUSHAD;
MOVEAX,dwordptrds:
[PLAYER_BASE_ADDR];
MOVEAX,dwordptrds:
[EAX+64h];
MOVEAX,dwordptrds:
[EAX+158h];
MOVEAX,dwordptrds:
[EAX+4h];
LEAEBX,dwordptrds:
[EAX+30h];
MOVdwordptr[pName],EBX;
POPAD;
};
if(pName){str=pName;}
}catch(...)
{
str="ReadException!
!
!
";
}
returnstr;
}
//
DWORDCTLCallTest:
:
GetCurIDMonster()
{
returnthis->m_curMonstID;
}
//功击某个怪,以ID为准,
voidCTLCallTest:
:
Attack(DWORDdwID)
{
__asm{
PUSHAD;
MOVEAX,dwordptrds:
[CALL_GO_OR_ATTACK_BASE];
MOVedx,dwordptrds:
[eax];
movebx,dwordptrds:
[eax];
movecx,eax;
addeax,88h;==call[edx+54];
movedx,3;
mov[eax+50h],edx;;操作类型,1移动,2选择,3打怪;
movedx,dwordptrds:
[6A5FE4h];
movedx,dwordptrds:
[edx+3ch];
mov[eax+08h],edx;;为功击怪时的必要指针[[6A5FE4]+3ch];
;//[14DA9028h];
movedx,dwordptr[dwID];
mov[eax+0ch],edx;
pusheax;
calldwordptrds:
[ebx+5Ch];
POPAD;
};
}
//移动到某处,相当鼠标点击地图中任意一个位置
voidCTLCallTest:
:
MoveTo(floatgox,floatgoy)
{
InnerAction(AT_MOVE,gox,goy);
}
//设置当前角色X,Z,Y,注意是本机有效,不会传给服务器,
voidCTLCallTest:
:
SetPlayerPos(floatx,floaty,floatz)
{
try{
__asm{
PUSHAD;
MOVEAX,dwordptrds:
[MAP_BASE_ADDR];
MOVEAX,dwordptrds:
[EAX+64h];
MOVEBX,dwordptr[x];
MOV[EAX+44h],EBX;
MOVEBX,dwordptr[z];
MOV[EAX+48h],EBX;
MOVEBX,dwordptr[y];
MOV[EAX+4Ch],EBX;
POPAD;
};
}catch(...)
{
this->PrintText(_T("#bSetplayerposexception!
!
!
"));
}
}
//获取角色的坐标信息
boolCTLCallTest:
:
GetPlayerPos(float&x,float&z,float&y)
{
floatvX=0.0f,vZ=vX,vY=vX;
try{
__asm{
PUSHAD;
MOVEAX,dwordptrds:
[MAP_BASE_ADDR];
MOVEAX,dwordptrds:
[EAX+64h];
MOVEBX,[EAX+44h];
MOVdwordptr[vX],EBX;
MOVEBX,[EAX+48h];
MOVdwordptr[vZ],EBX;
MOVEBX,[EAX+4Ch];
MOVdwordptr[vY],EBX;
POPAD;
};
}catch(...)
{
returnfalse;
}
x=vX;
y=vY;
z=vZ;
returntrue;
}
//一些内部操作,移动,选怪,打怪等
voidCTLCallTest:
:
InnerAction(ACTION_TYPEat,floatdwP1,floatdwP2)
{
//__asm{
/*
00433E14|>\A114786A00moveax,dwordptrds:
[6A7814];Case1ofswitch00433DFF
00433E19|.8B0D700D6A00movecx,dwordptrds:
[6A0D70]
00433E1F|.8B4030moveax,dwordptrds:
[eax+30]
00433E22|.83C164addecx,64
00433E25|.3BC1cmpeax,ecx
00433E27|.0F86BF0A0000jbe004348EC
00433E2D|.8B5608movedx,dwordptrds:
[esi+8]
00433E30|.8B0DF0776A00movecx,dwordptrds:
[6A77F0]
00433E36|.A3700D6A00movdwordptrds:
[6A0D70],eax
00433E3B|.8B460Cmoveax,dwordptrds:
[esi+C]
00433E3E|.8985A0FEFFFFmovdwordptrss:
[ebp-160],eax
00433E44|.8D859CFEFFFFleaeax,dwordptrss:
[ebp-164]
00433E4A|.89959CFEFFFFmovdwordptrss:
[ebp-164],edx
00433E50|.8B11movedx,dwordptrds:
[ecx]
00433E52|.50pusheax
0