MapleMoon Ver_174.2.1(原楓之明月) 數據
原作誤植了版本,應該是174.1.2。
這個外掛用的是Themida加殼,在對API保護上有一定強度,而且也是以DLL方式注入。
在此爆破所使用的數據,不過數據也都是找得到的。
|
|
|
|
|
-
-
雷鬼效能優化 Ver_173.3 數據
以下數據皆從
雷鬼效能優化 Ver_173.3爆破。
由於此程式使用DLL注入,且數據全數由VMP保護,需手動進行分析才能還原原始數據。
比起VB6+CEASM,已算是十分高難度,一般人缺乏耐心與經驗,是很難著手的。// 173.3 移除背景、前景、地板
// Cracked by Toby
// 注:由於本人沒開楓之谷,請懂修改數據者,幫忙測試Func1~4分別代表什麼功能,以便於命名。
[Enable]
GlobalAlloc(HG_Switch, 4)
Alloc(HideGrounds, 1024)
Label(Func1)
Label(Func2)
Label(Func3)
Label(Func4)
Label(PaPaPa)
Label(Return)
HG_Switch:
DD 0
HideGrounds:
Cmp [Esp+08], 007B282F
Je Func1
Cmp [Esp+08], 007B5236
Je Func2
Cmp [Esp+08], 007AEB35
Je Func3
Func1:
Cmp [HG_Switch], 00
Je Return
Mov [Esp+08], 007B2836
Func2:
Cmp [HG_Switch], 00
Je Return
Mov [Esp+08], 007B5258
Jmp Return
Func3:
Cmp [HG_Switch], 00
Je Return
Mov [Esp+08], 007AEB5D
Jmp Return
Return:
Jmp VariantClear
011782A8:
DD HideGrounds
[Disable]
DeAlloc(HideGrounds)
DeAlloc(HG_Switch)
011782A8:
DD VariantClear// 173.3 怪物不顯示圖像
// Cracked by Toby
[Enable]
GlobalAlloc(HM_Switch)
Alloc(HideMobs, 1024)
Label(Return)
Alloc(HideMobs_Main)
HideMobs:
Cmp [HM_Switch], 01
Jne Return
Cmp [Esp+0000024C], 0080BE39
Jne Return
Mov [Esp+0000024C], HideMobs_Main
Return:
Jmp 5220E7AC
HideMobs_Main:
Cmp [Ebx+0000020C], 38
Je Cond1
Jmp 0080BE45
Cond1:
Jmp 0080BE63
52218BD8:
DD HideMobs
[Disable]
DeAlloc(HM_Switch)
DeAlloc(HideMobs)
52218BD8:
DD 5220E7AC// 173.3 攻擊不顯示傷害
// Cracked by Toby
[Enable]
GlobalAlloc(HDA_Switch, 4)
Alloc(HideDamageAnimation, 1024)
Label(Return)
HDA_Switch:
DD 0
HideDamageAnimation:
Cmp [HDA_Switch], 01
Jne Return
Cmp [Esp+000000B0], 0080AD6F
Jg Return
Mov [Esp+000000D0], 38FFFFFF
Jmp Return
Return:
Jmp InterlockedIncrement
01178084:
DD HideDamageAnimation
[Disable]
DeAlloc(HDA_Switch)
DeAlloc(HideDamageAnimation)
01178084:
DD InterlockedIncrement怪物受擊無動畫(待爆破)
目前爆破出的關鍵數據:尚無。撿取物品無動畫(待爆破)
目前爆破出的關鍵數據:尚無。遊戲視窗無畫面
位址:52207637 -
蓓蓓173.3 數據
一個VB6的外掛,功能只能開啟無法關閉,啟動後需等待無任何用途的進度條跑完。
一但偵測不到遊戲便結束程式,又要再等一次,故特別製作優化版。
此優化版本省略了需等很久的跑馬燈,以及防止在偵測失敗後結束程式。
在此只提供修改後的執行檔,請先自行下載完整版以正常啟動。
下載點:https://mega.co.nz/#!MRRlURpT!iiDdbh5oCSvbAPtQ75cZuhN2c1Gq3ERKwOuV4-cUM-g//TwMS v173.2_ICS_超級定怪
//原創:Onion
//更新:雨月
[Enable]
Alloc(HookEsp, 128)
HookEsp:
Cmp [Esp],00E6E2A9
Jne 00E6E2C8
Mov [Esp],00E6E2C0
jmp 00E6E2C8
01331790:
DD HookEsp
[Disable]
01331790:
DD 00E6E2C8
DeAlloc(HookEsp)
//173.1 限定全圖
[Enable]
Alloc(FullMapAttack, 64)
FullMapAttack:
cmp [esp], 0080DC19
Jne IntersectRect
Mov [Esp], 0080DC2C //Jne
Jmp IntersectRect
0160B538:
DD FullMapAttack
[Disable]
0160B538:
DD IntersectRect
DeAlloc(FullMapAttack)
//TwMS v173.3_ICS_攻擊不停
//Update:s99471379
[Enable]
Alloc(FuckingTubi, 256)
CreateThread(FuckingTubi)
FuckingTubi:
Push 00
Call Sleep
mov eax,[015F84A4] //
Test Eax, Eax
Je FuckingTubi
And [Eax+0000A8A4], 00 //
And [Eax+0000A8B4], 00
Jmp FuckingTubi
[Disable]
//TwMS v173.3_ICS_移除背景
//Update:s99471379
[Enable]
RegisterSymbol(NoBackground)
RegisterSymbol(NoBackgroundSW)
Alloc(NoBackground,128)
Alloc(NoBackgroundSW,4)
NoBackgroundSW:
DD 01
NoBackground:
Cmp [NoBackgroundSW],0
Je VariantClear
Cmp [Esp+08],007B282F
Jne VariantClear
Mov [Esp+08],007B28E4
Jmp VariantClear
011782A8:
DD NoBackground
[Disable]
011782A8:
DD VariantClear
DeAlloc(NoBackground)
UnRegisterSymbol(NoBackground)
//TwMS v173.3_ICS_移動加速
//Update:s99471379
[enable]
alloc(SpeedUp,128)
alloc(Client,128)
alloc(Speed,4)
alloc(FakeTime,4)
label(SpeedChk)
label(Normal)
label(SpeedMain)
label(SpeedUpMain)
Speed: // 移動速度
dd 2
SpeedUp:
cmp [esp], 00DE79C5
je SpeedMain
jmp 00E6FCE2
SpeedMain:
add esp, 4
push esi
mov esi,[Speed]
jmp SpeedChk
SpeedUpMain:
add esp, 4
push esi
mov esi,6
jmp SpeedChk
SpeedChk:
test esi,esi
je Normal
dec esi
Pushad
Mov Ecx,[Client]
mov eax,[015FCD30]
Lea Eax,[Eax+20]
Add [Eax],Ecx
Popad
push esi
push ecx
push eax
call dword ptr [eax]
pop eax
pop ecx
pop esi
Pushad
Mov Ecx,[Client]
mov eax,[015FCD30]
Lea Eax,[Eax+20]
Sub [Eax],Ecx
Add [Client],000001Fe
Popad
jmp SpeedChk
Normal:
pop esi
jmp 00DE79C5
01331FE4:
dd SpeedUp
[disable]
01331FE4:
dd 00E6FCE2
dealloc(SpeedUp)
dealloc(Speed)
dealloc(FakeTime)
//TwMS v173.3_ICS_怪物不退
//Update:s99471379
[Enable]
alloc(BackICS,64)
BackICS:
Cmp [Esp+3C],007FA26A
Jne 0097F1B9
Mov [ESP+3C],007FA27D
Jmp 0097F1B9
015C8BA4:
DD BackICS
[DISABLE]
015C8BA4:
DD 0097F1B9
//TwMS v173.3_ICS_人物不退
//Update:s99471379
[Enable]
Alloc(BackICS,64)
Label(HookBack)
BackICS:
cmp [esp+5C],00DD42E3
Jne 0097F1B9
mov [esp+5C],NoBack
jmp 0097F1B9
NoBack:
add esp,18
mov [ebp-20],ffffffff
lea edi,[ebx+000000B0]
jmp 00DD42F4
015C8BA4:
DD BackICS
[DISABLE]
015C8BA4:
DD 0097F1B9
//TwMS v173.3_ICS_人物隱形
//Update:s99471379
[Enable]
Alloc(NoManICS, 64)
Label(NoMan)
NoManICS:
Cmp [Esp],00D69044
Jne 00DE62F8
Mov [Esp],NoMan
Jmp 00DE62F8
NoMan:
mov ecx,eax
call 00403CCA
cmp eax,64
mov [ebp+68],ebx
Jmp 00D69053
0132BECC:
DD NoManICS
//TwMS v173.3_ICS_物理無敵
//Update:s99471379
[Enable]
Alloc(PhysicalGod, 32)
PhysicalGod:
Cmp [Esp],0080D09F
Jne IsRectEmpty
Xor Eax,Eax
Inc Eax
Ret 0004
0160B57C:
DD PhysicalGod
[Disable]
0160B57C:
DD IsRectEmpty
DeAlloc(PhysicalGod)
//TwMS v173.3_ICS_穿越地板
//Update: s99471379
[Enable]
Alloc(ICSFall, 512)
Label(PassFloor)
ICSFall:
Cmp [Esp],00E72E6E
Jne 00F43173
Mov [Esp], PassFloor
Jmp 00F43173
PassFloor:
jmp 00E72E8F
01336E44:
DD ICSFall
[Disable]
01336E44:
DD 00F43173
//TwMS 173.3_ICS_只撿楓幣
//Update:s99471379
[Enable]
Alloc(MoneyOnly, 64)
MoneyOnly:
Cmp [Esp+13C], 005D971A
Jne 0097F1B9
Mov [Esp+13C], 005D97AE
Jmp 0097F1B9
015C8BA4:
DD MoneyOnly
[Disable]
015C8BA4:
DD 0097F1B9
DeAlloc(MoneyOnly)
//TwMS v173.3_ICS_技能動畫消除
//Update:s99471379
[enable]
alloc(NoSkillAnimation,128)
NoSkillAnimation:
Cmp [Esp],00D488F0
Jne 00D7C811
Mov [Esp],00D521C7
Jmp 00D7C811
0132BEC8:
DD NoSkillAnimation
[disable]
0132BEC8:
DD 00D7C811
dealloc(NoSkillAnimation)
//TwMS 173.2_ICS_移動加速
//更新:Anonymous
[enable]
alloc(SpeedUp,128)
alloc(Client,128)
alloc(Speed,4)
alloc(FakeTime,4)
label(SpeedChk)
label(Normal)
label(SpeedMain)
label(SpeedUpMain)
Speed:
dd 2
SpeedUp:
cmp [esp], 00DE79C5
je SpeedMain
jmp 00E6FCE2
SpeedMain:
add esp, 4
push esi
mov esi,[Speed]
jmp SpeedChk
SpeedUpMain:
add esp, 4
push esi
mov esi,6
jmp SpeedChk
SpeedChk:
test esi,esi
je Normal
dec esi
Pushad
Mov Ecx,[Client]
mov eax,[015FCD30]
Lea Eax,[Eax+20]
Add [Eax],Ecx
Popad
push esi
push ecx
push eax
call dword ptr [eax]
pop eax
pop ecx
pop esi
Pushad
Mov Ecx,[Client]
mov eax,[015FCD30]
Lea Eax,[Eax+20]
Sub [Eax],Ecx
Add [Client],000001Fe
Popad
jmp SpeedChk
Normal:
pop esi
jmp 00DE79C5
01331FE4:
dd SpeedUp
[disable]
01331FE4:
dd 00E6FCE2
dealloc(SpeedUp)
dealloc(Speed)
dealloc(FakeTime)
//TwMS v173.3_ICS_全圖吸物
//Update:s99471379
[Enable]
Alloc(ItemVac,88)
Label(SetItemXY)
ItemVac:
Cmp [Esp],005D97AE
Je SetItemXY
Cmp [Esp],005D8827
Jne PtInRect
Mov [esp],005D882B
Jmp PtInRect
SetItemXY:
Push Eax
mov eax,[esp+0C]
mov [ebx],eax
mov eax,[esp+10]
mov [ebx+04],eax
Pop Eax
Mov [Esp],005D97CA
Jmp PtInRect
0160B554:
DD ItemVac
[Disable]
0160B554:
DD PtInRect
DeAlloc(ItemVac)
//TwMS v173.2_ICS_CS端吸怪(全圖打,物落腳下,攻擊不停)
//下午 22:31 2014/9/5
//更新:mxc1868
[Enable]
Alloc(CSMobVac,512)
CSMobVac:
Push Ebp
Mov Ebp,Esp
Push Ebx
Push Esi
Mov Esi,[Ebp+08]
Xor Ebx,Ebx
Push Edi
cmp [esi+70],ebx
jne 00E752FA
mov ecx,[015FCD30]
call 00E75200
mov [ebp+08],eax
fild dword ptr [ebp+08]
mov edi,[ebp+0C]
fdiv qword ptr [01240CE8]
fstp qword ptr [ebp+34]
cmp edi,ebx
je 00E75338
fld qword ptr [esi+00000094]
push ecx
fsub qword ptr [esi+74]
push ecx
fmul qword ptr [ebp+34]
fadd qword ptr [esi+74]
fstp qword ptr [esp]
call 005D7AF3
pop ecx
pop ecx
mov eax,[015f84A4]
Mov [Eax+a8a4],0
Mov [Eax+A8b4],0
mov eax,[015f84A4]
mov eax,[eax+00000baf4]
mov [edi],eax
mov edi,[ebp+10]
cmp edi,ebx
je 00E7535C
fld qword ptr [esi+0000009C]
push ecx
fsub qword ptr [esi+7C]
push ecx
fmul qword ptr [ebp+34]
fadd qword ptr [esi+7C]
fstp qword ptr [esp]
call 005D7AF3
pop ecx
pop ecx
mov eax,[015f84A4]
mov eax,[eax+00000baf8]
Jmp 00E7535A
01331730:
DD CSMobVac
[Disable]
01331730:
DD 00E752A7
DeAlloc(CSMobVac)
//TwMS 173.2_ICS_超級笨怪
//更新:Anonymous
[Enable]
Alloc(StupidMobICS,512)
Label(StupidMobMain)
StupidMobICS:
Cmp [Esp+38],00E79124
Jne GetLastError
Mov [Esp+38], StupidMobMain
Jmp GetLastError
StupidMobMain:
xor edi,edi
Jmp 00E7912B
01178180:
DD StupidMobICS
[Disable]
01178180:
DD GetLastError
DeAlloc(StupidMobICS)using ScriptSaver by Toby
-
常春藤 Karen 老師語錄 - 8/2
這是我在聽8/2常春藤解析英語廣播時聽到的,Karen老師常常在廣播中分享這些需要注意的事情,有時候一講就一長串,卻是句句有道理,受用無窮啊!
這天的標題是
24 Hours in A&E 2,在介紹國家地理頻道的一個真人實境節目急診室24小時 2,節目中用了91支攝影機在King's College Hospital的急診室內24小時全天候拍攝,文中提到這些攝影機是經過策略性擺設為了不要干涉到任何治療,於是Wesley和Karen就開始討論這句so as not to interfere with any treatments了。底下把老師們說的話打出來分享!
so as not to V
so as to not VWesley: 這個not按照一般文法教法,是放在to這個不定詞的前面,不定詞的否定通常not是放在to的前面。其實我記的以前我編高中課本的時候也發生過這種現象,就是一個native speaker寫了一篇文章,他的not就放在to的後面。當時我們沒有改,後來送到評審委員會,評審委員就送回來說「根據規定,not一定要放在to的前面」,後來我們決定還是聽評審的,因為怕教學的時候造成學生的混亂。但是事實上呢,真的是這樣子,我後來特別注意這種not的位置,真的發現很多native speaker他們的not會放在後面。
Karen: It has a function. Because "so as not to interfere" is not as strong as; "so as to not interfere" is stronger. In this case if I were writing I would also choose it. I think "not to interfere" is probably more common. That's what I said when I wasn't reading it really carefully, but I prefer the way they did it because it made this stronger.
Wesley: 所以就像我一開始提到的,這個not的位置這樣子放的話,"so as to not interfere"這感覺會比較強,但你如果"so as not to interfere"因為大家都是這樣放,你感覺唸過去就算了,比較沒有強調。所以not的位置按照文法是放在to的前面,可是如果你要強調的話,有時候會出現在後面。考試的時候,我給各位建議你還是把not放在to的前面,因為考試的時候你的考卷是誰讀的不知道,如果讀你考卷的是一個文法家,他絕對堅持not一定要放在to的前面,那你可能就會比較麻煩。
Karen: This is very tiring. If you have somebody telling you things that are not allowed in Chinese you said every day, how would you react? The teaching in America they say you have to follow this rule but you don't say that as usual as you could, but very often you say in another way maybe has a special meaning, but you say "oh, in order to get the good score on the test, you'd better do this way."
It's very tiring because, you know, this happen quite often, and I get question of Karen an Ivy and other sorces saying that sombody insist it has to be this way. It's often happen like in middle school or high shool teachers. And some other teachers will say "you know, I'm not so sure. Let me ask a native speaker" happen recently, and, she ask me. And I said "actually the way that teachers say it is better, but we can also say it this way", and the terchar said "no, you can never do it", and she refused to listened to the evidence from the native speaker. Honestly this gets tiring.
Teachers, nobody knows everything. I'm a native speaker, I make mistakes. Every single native speaker make mistakes, and there're lots of things that we don't know about our own language. It's true if you're in Chinese, just because you're a native speaker of Chinese there're still a lot of things you don't know about Chinese. You have to be aware of that. If you're not a native speaker, of course, it's even more the case that yor don't know everything about the language. In that case, go to a native speaker and ask, and don't be embarrassed if you got it wrong, because what you are doing is teaching your students that the mistakes are shameful, and they're not shameful. Because mistakes are what helps we learn; we don't learn without mistakes. So that's one thing thar we really need to change in Taiwan.Karen每次廣播都要同學要去Facebook找他們的專頁,不要只是聽聽,要記得follow啊!
我視賴世雄 我視常春藤
Karen on Ivy League Analytical English24 Hours in A&E on Wikipedia: http://en.wikipedia.org/wiki/24_Hours_in_A%26E
-
Line 更新至4.7.0無法更換主題
今天Line更新過後,Google Play出現了一大排一顆星評論說「無法更換主題」。
https://play.google.com/store/apps/details?id=jp.naver.line.android&hl=zh-TW
這又讓我回想起為什麼LINE 台灣區幾乎沒有免費貼圖活動?原因是 ...
如果你是使用官方主題,請無法更換的人到「主題一覽」按「編輯」刪除所有主題重新下載套用,我不知道你們不能用是不是因為曾經使用過第三方程式修改主題造成的,我是沒有改過純官方原版,更新過後一切正常。
在此理性提醒各位,第三方主題修改並非Line官方提供的功能,故若因更新Line造成第三方修改無效,請勿以您的無知責怪官方,官方並無義務要提供您「非法」使用第三方修改的功能,亦即這不是在使用者授權條款中被允許的行為。
看到一堆人一更新完就說無法更換,只為無經過思考的發言感到悲哀。
至於解決方法,
有人說強制結束後重新開啟就可以了,剛剛稍微研究了一下,請參考底下的路徑。因為我沒有用第三方修改主題,所以是否有效不得而知,請看倌自行測試。不要做你口中的酸民。
4.7.0主題檔案位置:
兔兔 /sdcard/Android/data/jp.naver.line.android/theme/a0768339-c2d3-4189-9653-2909e9bb6f58/themefile.13
熊大 /sdcard/Android/data/jp.naver.line.android/theme/ec4a14ea-7437-407b-aee7-96b1cbbc1b4b/themefile.13
白色 /sdcard/Android/data/jp.naver.line.android/theme/3cc08ba6-5d04-4c52-ab76-651231ead8ef/themefile.9 -
BlackGod浮雲V173.3 數據
數據
裡面只有動態數據,數據如下:
// 十字深鎖鏈
[Enable]
0161CC90:
DB 39 73 6C 83 9A 63 1B EC B3 6F E9 8D EB A1 94 BF 06 05 FC 65 95 CF 25 96 28 21 1F CE 24 EA 76 66 AD 80 1C 92 7D AF C7 9C 7B 3D E6 E4 76 90 19 66
[Disable]
0161CC90:
DB 2B 05 78 03 29 C0 1B 58 D2 6F EA 8D A8 44 CA 35 25 52 AE 41 CA 8F 29 6E C6 A9 79 A4 EC DD 25 FD BA 80 1C 56 31 D4 73 FB A1 9E DB 8F C2 8F EA 71
// 加量章魚燒
[Enable]
01619E94:
DB 8C 1E 40 78 F4 00 C2 C3 68 70 D9 D1 E0 7A 30 47 FC 8A C6 BD 53 77 B3 2D 92 80 EC 95 92 F4 79 3C 16 00 F4 35 14 00 55 C7 00 A8 3A A6 80 6F 2A 72 7D DC 8D E3 A9 6E 1C FF 0C 70 E5 81 F4 42 90 D4 17 82 A4 A6 AE 6F 16 72 0F 01 F1 D1 08 88 8F 7E 90 6F EA 91 DA C8 94 19 05 02 F9 31 CB CB 12 EF EF 8C F3 F6 67 9C B7 5F 4E 90 1A 72 BF 6E B2 85 73 93 2D 84 68 90 26 16 1D 1E 42 D0 F0 10 82 EE 60 90 D9 71 F3 EB 67 C1 5F 3F 0B 9E 3E 90 E9 91 20 90 6A 5F 81 54 FB 02 82 8F 29 72 EE A2 D7 F5 17 BD AE 77 AE 8F 2A 92 03 14 4E 4F EB 70 7A 62 0B 90 29 DA 9C 92 3E B1 94 F4 89 E5 A8 8F E6 6D B7 73 2C 29 9D 63 49 B9 BA 6F E5 8D FB B7 04 9B FC 81 ED 3D 3B CC FA EE B7 A9 0D 0B 4D 6D 58 B8 1A 70 E5 8D 61 13 60 36 80 00 B3 C9 9B 6F 19 2E E1 43 32 29 1F 92 49 09 BE 8F E6 6D 8D 79 37 54 CC BB A1 6A 18 90 16 72 25 9A 30 30 D1 84 81 29 22 70 D6 6D AD E3 5B 2F 1D DF 7A 71 BA 8F 2A 76 75 FF 14 9F E7 A7 F8 AC 62 70 26 6E F5 BC F7 2B E7 BD 5F A9 4E 90 EA 6D 44 54 13 32 A2 9A 90 21 C4 8F D6 6D 72 52 41 B4 93 0A A2 95 A6 6F 19 8E EB 40 48 A3 07 42 1A 5D 8E 6F E9 8D F3 70 A9 68 87 4B 45 9B 8E 6F D5 91 BA 56 F8 DF B5 C2 FF D6 EA 6F 2A 92 35 3F 22 9A F9 11 D1 AC 72 90 D5 6D AC B1 B4 2B 8D A5 5D 61 9A 6F E6 6D 91 99 45 FF CC 2C FA 8F 18 70 29 72 F4 A1 C1 96 0F 0D B6 A4 9E 6F 19 6E 11 7E 02 56 F0 13 B0 8A 60 90 15 72 88 C2 2A A3 14 56 19 45 A8 8F E5 6D 2C CC 28 3A 62 46 D1 D9 43 70 D5 E5 34 7D E5 D6 E9 2B B7 A6 52 70 19 72 80 9A B8 75 D4 C4 AD 03 28 70 26 72 C4 AF EB 13 7E 5D 9F 20 7C 90 E9 6D 1C 93 BE 99 9B F4 CD 94 B3 8F E6 1D
[Disable]
01619E94:
DB 52 62 00 9F 12 03 F8 94 A4 6F 25 8E 7C C1 89 77 0B 4E BC E3 96 6F 25 72 C9 12 C2 84 25 83 F0 4C 3B 02 E4 6E 19 56 F9 C4 B0 CA 27 CE E0 6F 1A 72 ED 81 4F 42 45 7C 12 7A D4 8F D9 81 F4 42 90 D4 17 82 A4 A6 AE 6F 16 72 0F 01 F1 D1 08 88 8F 7E 90 6F EA 91 DA C8 94 19 05 02 F9 31 CB CB 12 EF 3D 72 BA 6D 91 D3 6D CB A2 8F 26 52 36 2F 77 12 7F B9 93 C8 78 90 DA A5 1D 1E 42 D0 F0 10 82 EE 60 90 D9 71 F3 EB 67 C1 5F 3F 0B 9E 3E 90 E9 91 20 90 6A 5F 81 54 FB 02 82 8F 29 72 A6 35 89 B0 AD 49 84 35 DA 6F D5 8D A1 D4 64 24 EE 26 23 71 13 70 19 D6 9C 92 3E B1 94 F4 89 E5 A8 8F E6 6D B7 73 2C 29 9D 63 49 B9 BA 6F E5 8D FB B7 04 9B FC 81 ED 3D 3B CC FA EE 3F D8 3D 11 C1 EE 89 F8 02 70 E6 8D 94 77 E7 6A A7 3B 57 63 E3 8F D9 31 E1 43 32 29 1F 92 49 09 BE 8F E6 6D 8D 79 37 54 CC BB A1 6A 18 90 16 72 25 9A 30 30 D1 84 81 29 22 70 D6 6D 78 2B 3F 57 5B F9 B9 DA 36 90 26 8A 57 06 53 88 2E 98 42 BC E0 8F DA 8D F5 BC F7 2B E7 BD 5F A9 4E 90 EA 6D 44 54 13 32 A2 9A 90 21 C4 8F D6 6D 72 52 41 B4 93 0A A2 95 A6 6F 19 8E 28 38 83 F9 C1 19 CC 47 02 90 E5 71 F3 70 A9 68 87 4B 45 9B 8E 6F D5 91 BA 56 F8 DF B5 C2 FF D6 EA 6F 2A 92 35 3F 22 9A F9 11 D1 AC 72 90 D5 6D AC B1 B4 2B 8D A5 5D 61 9A 6F E6 6D 91 99 45 FF CC 2C FA 8F 18 70 29 72 F4 A1 C1 96 0F 0D B6 A4 9E 6F 19 6E 11 7E 02 56 F0 13 B0 8A 60 90 15 72 88 C2 2A A3 14 56 19 45 A8 8F E5 6D EF 25 14 DB 2C A1 D8 C6 DB 6F E6 D9 34 7D E5 D6 E9 2B B7 A6 52 70 19 72 80 9A B8 75 D4 C4 AD 03 28 70 26 72 C4 AF EB 13 7E 5D 9F 20 7C 90 E9 6D 37 FE 51 72 F2 8F 92 CB 63 70 DA A1
// 神域護佑
[Enable]
0161B024:
DB 26 C7 FF 44 39 FE 27 3A F2 8F 1A 9A B1 0E D5 BF 78 3D FE 7D 6D 05 2A 5E
[Disable]
0161B024:
DB B3 7B 41 87 DD 0B 3A 9C 3A 70 29 8E D5 9F 8F FD FE 7C EC AF 7C 90 25 72
// 神聖之火
[Enable]
0161A1A0:
DB FB C7 8C 43 3D 66 1C 5A FC 6F E5 11 57 5E A6 85 22 AC 2D C4 94 09 26 96 FF EE 39 40 97 77 13 0A 8E 18 E8 A1 67 A1 29 BF 0A 4D F9 DD 95 6F 25 2E 2F A3 A0 13 C9 9B 9D 00 62 06 E6 15
[Disable]
0161A1A0:
DB E8 28 86 55 47 31 AC 42 0E 90 25 72 1E 2F FD 63 78 E9 1F F3 70 70 EA 91 FF EE 39 40 97 77 13 0A 8E 18 E8 A1 BA 94 27 C2 A5 3C 11 D6 CA 8F D5 91 C2 81 0B C7 0E 5C 38 16 9C 8F 25 92
// 神聖之光
[Enable]
0161A1E3:
DB 69 E0 8F 19 6E E9 29 7F 56 4F F9 B3 82 1E 90 1A AA 91 A0 D1 F0 E6 95 87 D7 6A 78 DB B9
[Disable]
0161A1E3:
DB 69 E0 8F 19 6E 3E E2 72 08 11 97 43 F0 A2 8F DA 8D AB 49 98 FF 4D C2 FC 5F 1A 70 26 92
// 終極射擊弩
[Enable]
0161CD38:
DB AA CD AB 89 6D 5E 4D 9C 5A 90 E5 D5 DE E0 EC 4D FE E0 6E D2 84 E9 28 72 8D BF 5F EA 0C A6 60 9E 88 38 E8 A0 56 0F 4F 27 7B 78 3A 21 75 90 29 FE
[Disable]
0161CD38:
DB 57 AD E2 8E 6A 15 77 BC 54 90 19 8E 8E 34 D0 92 A4 81 96 74 C8 6F DA 8D C9 26 4A C2 36 51 12 4E EC 8F D9 71 85 CF DE 86 7C F6 36 2C 78 90 1A 6E
// 無限手裡劍魔
[Enable]
0161A730:
DB EF FD 46 05 EF 37 2A D8 5E 90 29 EE 79 9C AF EF 36 89 7C C7 99 9C 24 6A 31 04 C6 AE C2 FA 77 A5 63 5A 1B 86
[Disable]
0161A730:
DB 17 AD EF AC 68 7D 67 BD 50 90 19 8E 50 F9 3C FA CA E7 D1 87 14 70 D6 71
// 楓葉祝福30
[Enable]
0161A628:
DB D1 0B 35 C2 5E A8 11 F6 3C 70 D6 D9 A9 CF 89 B4 70 B9 A5 0D 6D DB 16 2E 26 9D F4 46 05 76 E1 D2 6E 41 C4 32
[Disable]
0161A628:
DB 88 5B 71 BD DC 8A EB 45 38 70 2A 6E 36 A0 3F B5 01 FD A9 B5 82 8F 26 8E
// 聖十字魔法盾
[Enable]
0161B454:
DB 06 A8 2D 08 40 6D 41 60 00 70 D5 BD 9D 2E AB 66 6F 43 34 E3 63 7A 14 6A
[Disable]
0161B454:
DB C9 69 F3 05 4E 9B 2F 48 1C 90 2A 6E AE 92 D2 37 95 94 BE 71 AA 8F 2A 8E
// 聖靈守護
[Enable]
0161AECC:
DB AB C8 A1 6F 45 0E 7D 53 0A 70 25 8A B4 00 DB 22 1E C2 17 81 A3 79 DB 4D 49 48 3B 22 F0 41 DF 39 B2 F7 A3 5E D4 D5 00 00 5B 70 D5 CD
[Disable]
0161AECC:
DB 3E 6D D6 B5 69 B3 AE F5 52 90 2A 8E 5F E8 98 F7 42 C7 BC FF 04 70 26 92
// 鮮奶蛋糕
[Enable]
01619E94:
DB 9C 7F D5 87 FD AB 3E A4 79 70 2A 2E 6D A0 F3 7D 19 94 10 A4 9C 86 4B AA 4F 73 44 37 C8 BD BB 58 E2 09 2B 6D 9B 99 AF AD CC 7C 6D DD 18 90 25 8E A1 A1 D8 D7 51 C5 BE DE DE 6F 2A 42 AD 63 E6 75 1C 33 AF 2B B9 8F 29 32 B8 82 C9 FB 0F 45 21 08 A4 68 2C B2 34 21 B8 09 5B 5F 4C 81 E4 0D E5 4E CB 5F E8 88 FE 42 47 7C 7C 70 D9 AD 98 D3 42 9F 9A 16 FA 44 B6 8F 29 EE 55 0F EE 19 7B 70 CF E8 75 90 E9 AD 89 48 13 BB 5E 93 27 82 22 89 35 A2 1E DC D1 B5 B2 10 AF D4 12 F2 2A 6D 24 BB C2 94 D9 15 A6 24 32 90 19 6E 36 38 FE 30 9F F1 87 89 E0 8F DA 65 31 66 EA 88 31 53 47 8C E2 8F D9 6D 88 F5 81 33 AC 0F 9C 41 D8 6F E5 6D 30 87 05 72 39 2C 90 83 F2 6F D5 71 66 F3 34 E2 9B A7 11 37 B6 6F D6 91 53 E3 97 EC 01 BF 64 5F 9B 8F 16 52 D0 33 EA 15 9E 51 AF 80 BC 8F 29 6E 37 1C 17 E4 E1 B8 20 BF 42 90 16 92 67 C7 BB 23 3B DE 1D 39 F6 8F E6 8D DF CD BC 1E 6E E6 F5 E0 5C 70 16 76 6B CA 68 5F 4F 46 FB 5A 22 70 29 92 D9 81 CD C6 0E 6C 36 CE 9C 6F 19 72 6C DC BB 69 E3 DE 4D 63 46 90 E6 71 40 E4 95 23 22 AF 1C 01 C4 6F E6 6D 7C BC 07 80 E3 3D 00 E4 46 90 D5 6D 7A 31 81 B2 8B 09 94 D5 96 6F D5 8D 2F 78 20 99 C1 03 C9 7C 02 70 E5 8D 45 C3 DF 6A 1A FE 56 2B B4 8F DA 71 B2 5B 99 A8 DD CA 44 95 3A 70 D6 8D E6 BC 4D 33 E7 6D 9A 31 4E 70 E9 8D EF 05 FF 2C 2F F8 67 79 DE 8F 1A 8E 48 D9 20 9D CA 06 E9 44 14 70 25 6E C6 94 73 20 A6 9C 03 31 CC 8F DA 8D 7E F4 33 60 A0 9F 01 4B C3 8F D6 E9 EC B9 D1 FD CF 8D EE 67 1E 70 2A 72 2B AF B2 90 79 95 85 5C 72 90 D6 8D B6 46 B2 4A 35 92 55 B2 EA 8F D6 91 88 12 B5 D9 97 A8 CD 36 AB 6F E6 61
[Disable]
01619E94:
DB DE B9 F0 D3 CE 85 9F F6 1C 70 EA 91 66 08 85 F4 43 28 A4 37 06 70 15 92 4F 73 44 37 C8 BD BB 58 E2 09 2B 6D C3 2C EB 03 66 59 1F 18 4C 90 E9 8D 22 72 F5 04 CD AB 27 C0 DE 6F 1A 3E 77 DB 06 7D DB 36 E8 BB 36 90 25 92 83 E1 BB 53 0C DF 9D 1A 98 8F E6 91 34 21 B8 09 5B 5F 4C 81 E4 0D E5 4E 49 E0 0A 96 02 57 B0 6C 84 8F 15 8E 00 8C 28 88 66 44 41 84 46 70 D5 ED 4D AB 8B 40 5A 5D 04 6A 34 90 D5 71 FB 34 70 DD A7 81 EB DE CE 6F 2A 92 1E DC D1 B5 B2 10 AF D4 12 F2 2A 6D AC 9D 89 D8 ED 4C C4 66 5A 70 D5 71 97 EC FF B8 3A FF C7 85 1E 90 DA 55 31 66 EA 88 31 53 47 8C E2 8F D9 6D 88 F5 81 33 AC 0F 9C 41 D8 6F E5 6D 30 87 05 72 39 2C 90 83 F2 6F D5 71 BC F2 97 74 95 BF A4 E3 AA 8F 16 72 48 8F DC 39 61 E4 CE 81 5B 70 EA AD D0 33 EA 15 9E 51 AF 80 BC 8F 29 6E 37 1C 17 E4 E1 B8 20 BF 42 90 16 92 67 C7 BB 23 3B DE 1D 39 F6 8F E6 8D 6C 54 6D D3 A3 6A 9B 7E C6 6F E9 89 1C C2 36 8E 0C B6 71 E4 9C 8F 16 6E D9 81 CD C6 0E 6C 36 CE 9C 6F 19 72 6C DC BB 69 E3 DE 4D 63 46 90 E6 71 40 E4 95 23 22 AF 1C 01 C4 6F E6 6D 25 13 38 4D 99 C0 69 2A B2 6F 26 72 7A 31 81 B2 8B 09 94 D5 96 6F D5 8D 2F 78 20 99 C1 03 C9 7C 02 70 E5 8D 45 C3 DF 6A 1A FE 56 2B B4 8F DA 71 B2 5B 99 A8 DD CA 44 95 3A 70 D6 8D E6 BC 4D 33 E7 6D 9A 31 4E 70 E9 8D EF 05 FF 2C 2F F8 67 79 DE 8F 1A 8E 48 D9 20 9D CA 06 E9 44 14 70 25 6E C6 94 73 20 A6 9C 03 31 CC 8F DA 8D 46 CD 74 20 69 A6 03 89 53 70 DA E5 EC B9 D1 FD CF 8D EE 67 1E 70 2A 72 2B AF B2 90 79 95 85 5C 72 90 D6 8D B6 46 B2 4A 35 92 55 B2 EA 8F D6 91 8B F7 C0 55 BF 07 AE 2A FB 6F 29 62指針
這邊列出可能比較有人想要的指針
角色名稱 [01619C74]
遊戲帳號 [01619BE8]
滑鼠物品編號 [[015F84A4]+A548]資料
Data資料夾內的ItemAll.dll和Map.dll都可以用純文字編輯器開啟,一個是物品ID清單一個是地圖ID清單,兩個都有因為WZ格式造成的問題。
-
狩龍戰紀 以Game.EXE啟動
This is a generic bypass for
Dragon Slayerin order to run the game directly by renamingGame.bintoGame.exewithout showing a message box and being terminated.
The advantage is that you won't need to wait for the launcher to check for updates every time you launch the game.
Tested on Taiwan server.這是讓你能透過把
Game.bin重新命名為Game.exe可直接執行狩龍戰紀而不會出現訊息和被終止的通用bypass。
(怎麼用英文寫完翻成中文就變得很怪)
好處是你不用每次啟動遊戲都要等待檢查更新。
已測試台灣伺服器。Usage
- Extract the downloaded archieve, then put the dll file into the game's directory.
- Rename your
Game.bintoGame.exeand runGame.exe.
使用方法
- 解壓縮下載完的壓縮檔,將DLL檔案放到遊戲資料夾內
- 把
Game.bin重新命名為Game.exe並執行Game.exe
關於本程式
編譯器(Compiler) 壓縮工具(Packer) Embarcadero C++ 6.80 for Win32 None 想要學習 C++Builder?這裡不定期會有教學唷!更新紀錄
1.0
1. 首次發布下載點
版本 檔名 大小 下載點 掃毒報告 1.0 DragonSlayer_Bypass_1.0.rar 60 KB MEGA VirusTotal -
C++Builder Define DLL Export Function Names Using DEF File
Recently, I've been working on looking for the way to customize dll export function names in C++Builder.
There are several methods to achieve this in VC++, including using a.deffile, using__declspeckeyword, and using an/EXPORTspecification in aLINKcommand.
The third way seems not to be supported by bcc32 compiler (aka Borland C++ compiler), so I've researched on the implementation of the prior two methods.First, I use
__declspec(dllexport)keyword with specifying different calling conventions to export the functions below.void __declspec(dllexport) DLLEXPORT()
{
return;
}
void __fastcall __declspec(dllexport) FASTCALL_DLLEXPORT()
{
return;
}
void __stdcall __declspec(dllexport) STDCALL_DLLEXPORT()
{
return;
}
void __cdecl __declspec(dllexport) CDECL_DLLEXPORT()
{
return;
}
extern "C" void __declspec(dllexport) EXTNC_DLLEXPORT()
{
return;
}
extern "C" void __fastcall __declspec(dllexport) EXTNC_FASTCALL_DLLEXPORT()
{
return;
}
extern "C" void __stdcall __declspec(dllexport) EXTNC_STDCALL_DLLEXPORT()
{
return;
}
extern "C" void __cdecl __declspec(dllexport) EXTNC_CDECL_DLLEXPORT()
{
return;
}If we look up our code in a disassembler, we'll find that all of these functions have the same operation code like below.
TestDll.DLLEXPORT$qv - 55 - push ebp
TestDll.DLLEXPORT$qv+1- 8B EC - mov ebp,esp
TestDll.DLLEXPORT$qv+3- 5D - pop ebp
TestDll.DLLEXPORT$qv+4- C3 - retAnd let me use
impdeftool to list all the export functions to a def file.impdef TestDll.def TestDll.dll
TestDll.def LIBRARY TESTDLL.DLL
EXPORTS
@CDECL_DLLEXPORT$qv @4 ; CDECL_DLLEXPORT()
@DLLEXPORT$qv @1 ; DLLEXPORT()
@EXTNC_FASTCALL_DLLEXPORT @6 ; extnc_fastcall_dllexport
@FASTCALL_DLLEXPORT$qqrv @2 ; __fastcall FASTCALL_DLLEXPORT()
@STDCALL_DLLEXPORT$qqsv @3 ; __stdcall STDCALL_DLLEXPORT()
EXTNC_STDCALL_DLLEXPORT @7 ; EXTNC_STDCALL_DLLEXPORT
_EXTNC_CDECL_DLLEXPORT @8 ; _EXTNC_CDECL_DLLEXPORT
_EXTNC_DLLEXPORT @5 ; _EXTNC_DLLEXPORT
___CPPdebugHook @9 ; ___CPPdebugHookThe result shows that whether we use
extern "C"or not, the effect of functions using__cdeclare the same.
The reason is that it is the default calling convention for C and C++ programs.
(@1 with @4 and @5 with @8)
And this setting can be found inProject Options.
So if we modify our
TestDll.deflike this:TestDll.def LIBRARY TESTDLL.DLL
EXPORTS
A=@CDECL_DLLEXPORT$qv
B=@DLLEXPORT$qv
C=@EXTNC_FASTCALL_DLLEXPORT
D=@FASTCALL_DLLEXPORT$qqrv
E=@STDCALL_DLLEXPORT$qqsv
F=EXTNC_STDCALL_DLLEXPORT
G=_EXTNC_CDECL_DLLEXPORT
H=_EXTNC_DLLEXPORTand put it into the project then do a compile, cheer! We make it!
Let me orginize the result into tables:
void FUNCTION_NAME()
C/C++ __cdecl __stdcall __fastcall extern "C" _FUNCTION_NAME FUNCTION_NAME @FUNCTION_NAME @FUNCTION_NAME$qv @FUNCTION_NAME$qqsv @FUNCTION_NAME$qqrv After all, we can now export
__declspec(naked)function in this way!
Since functions declared with the naked attribute, the compiler generates code without prolog and epilog code, we can have a pure assembly function and do less operations to hijack a dll. :pextern "C" void __stdcall __declspec(naked) MyFunction()
{
__asm
{
Xor Eax, Eax
Ret
}
}TestDll.def LIBRARY TESTDLL.DLL
EXPORTS
MyExportFunction=MyFunctionTestDll.MyExportFunction - 31 C0 - xor eax,eax
TestDll.MyExportFunction+2- C3 - retRef:
http://docwiki.embarcadero.com/RADStudio/XE6/en/Module_Definition_Files
http://aftcast.pixnet.net/blog/post/22191720-%E4%BD%BF%E7%94%A8vc%E8%88%87bcb%E9%96%8B%E7%99%BC%E7%9A%84dll
http://purefractalsolutions.com/show.php?a=utils/expdef
http://msdn.microsoft.com/en-US/library/d91k01sh.aspx
http://msdn.microsoft.com/en-US/library/7k30y2k5.aspx
http://msdn.microsoft.com/en-US/library/dabb5z75.aspx -
狩龍戰紀 三處CreateThread
要開學了,所以隨手記錄一下,不知道有沒有用
我不是高手,我什麼都不會(攤
懇求大大分享教學<(_ _)>Game.bin+F25E6 - 8B 46 0C - mov eax,[esi+0C]
Game.bin+F25E9 - 6A 00 - push 00 ; lpThreadId
Game.bin+F25EB - 6A 04 - push 04 ; dwCreationFlags
Game.bin+F25ED - 56 - push esi ; lpParameter
Game.bin+F25EE - 68 10244F00 - push Game.bin+F2410 ; lpStartAddress
Game.bin+F25F3 - 50 - push eax ; dwStackSize
Game.bin+F25F4 - 6A 00 - push 00 ; lpThreadAttributes
Game.bin+F25F6 - FF 15 24C3F200 - call dword ptr [Game.bin+B2C324] ; CreateThread
Game.bin+F25FC - 89 46 20 - mov [esi+20],eaxGame.bin+11948F - 6A 00 - push 00 ; lpThreadId
Game.bin+119491 - 89 4C 07 04 - mov [edi+eax+04],ecx
Game.bin+119495 - 8B 56 24 - mov edx,[esi+24]
Game.bin+119498 - 6A 00 - push 00 ; dwCreationFlags
Game.bin+11949A - 8D 04 17 - lea eax,[edi+edx]
Game.bin+11949D - 50 - push eax ; lpParameter
Game.bin+11949E - 68 508F5100 - push Game.bin+118F50 ; lpStartAddress
Game.bin+1194A3 - 68 FFFF0000 - push 0000FFFF ; dwStackSize
Game.bin+1194A8 - 6A 00 - push 00 ; lpThreadAttributes
Game.bin+1194AA - 89 45 E4 - mov [ebp-1C],eax
Game.bin+1194AD - FF 15 24C3F200 - call dword ptr [Game.bin+B2C324] ; CreateThread
Game.bin+1194B3 - 8B 4D E4 - mov ecx,[ebp-1C]Game.bin+2E6D2E - 89 46 04 - mov [esi+04],eax
Game.bin+2E6D31 - FF D7 - call edi ; CreateEventA
Game.bin+2E6D33 - 53 - push ebx ; lpThreadId
Game.bin+2E6D34 - 53 - push ebx ; dwCreationFlags
Game.bin+2E6D35 - 56 - push esi ; lpParameter
Game.bin+2E6D36 - 68 605C6E00 - push Game.bin+2E5C60 ; lpStartAddress
Game.bin+2E6D3B - 68 FFFF0000 - push 0000FFFF ; dwStackSize
Game.bin+2E6D40 - 53 - push ebx ; lpThreadAttributes
Game.bin+2E6D41 - 89 46 08 - mov [esi+08],eax
Game.bin+2E6D44 - FF 15 24C3F200 - call dword ptr [Game.bin+B2C324] ; CreateThread
Game.bin+2E6D4A - 8B 4D F4 - mov ecx,[ebp-0C] -
逆向工程 Proxifier的序號驗證
由於這個軟體不是免費的,試用只有31天
所以就動手變成正版吧XD過程略
這次逆向後,修改成我的序號才能通過驗證XD
Name: Toby
SN: CRACKED_BY_TOBY_SKARTING_1008下載點:proxifier_v3.21_patch_toby.zip 由於侵權問題,本站不提供下載點