本帖最后由 shane007 于 2023-8-26 16:14 编辑
' C9 F( o: I( a; G1 x2 t, c- E# i; L
我用代理dll的方式,让这个游戏窗口化了。: R, w+ y5 W. C* b. z/ y. m
随后用cheat engine(用其他工具老是出异常,无法正常调试)在内存中检索一句字幕,下内存方位断点。5 ~3 W5 R7 U9 ` W
在以下地方断下。4 Y/ A) S' `. l& S6 v! L
, E6 T! S! I2 u% k- CaptainMorgane.exe+96F5 - 83 C0 01 - add eax,01
& V) c m2 ]# T" I4 {9 ^& P# \ - 地址004096F5
7 Q& T" m: K k% f' D( e6 b( M8 W* M$ j& D* t5 l
随后,在ida pro中查看伪代码,感觉这是一个字符串长度的check函数,
* m8 Z0 r+ c7 Z- U) `真正的字幕显示函数需要追到上一层,后续再继续分析( C( k8 i7 B$ M: q
( E) `1 ?6 V& C1 Z# o1 Y7 k- x' ]
- $ m6 r5 b! X. ]9 G' n
- void __usercall sub_409670(char a1@<dil>, const char *a2@<esi>)+ m/ N# p7 u- d) H. a+ L2 m
- {
5 |# o9 L4 O" Y9 }4 J$ f2 } - _DWORD *v2; // eax
: e$ N' l* {& y5 p. Q
" N) r+ O @8 R- if ( !dword_5D9B50 )
2 T7 \* B$ l3 W( J; Y7 x2 H - {& y: B w, |1 `9 w: x" Q
- if ( !a2 )
( V. `$ z) [8 j- m0 t - goto LABEL_7;4 v8 \+ o' d. j: H- _7 l
- if ( strlen(a2) >= 0x80 )
# U7 u3 u* [ E. W0 E - {
: X% \8 a/ `2 \* u! X9 e - sub_51AEC6("ASSERT\n", a1);8 E5 T/ v/ s& c
- sub_51AEC6("file: %s(%d)\n", (unsigned int)"..\\..\\Source\\Dialogs\\Common\\DialogInterface.cpp");
$ L1 J: C' }4 d! O( j. F" H1 o - sub_51AEC6("function: %s\n", (unsigned int)"DialogInterface::SetCaptionDisplayed");- [) m: p* s* A9 M5 C7 }6 H
- sub_51AEC6("condition: %s\n", (unsigned int)"sCaption==NULL || strlen(sCaption)< NB_CHAR_MAX");2 _( R- K) C) i) _
- }( S# g$ W) }$ L1 J" r, w& o# D+ e
- }, b# `9 T- [: s+ d7 ?! n
- if ( a2 )6 q# C1 L, T; C _
- {1 _; @2 K: M0 }1 ]- F
- strcpy((char *)&unk_5D3370, a2);- q Q) H7 q) Y7 D9 f2 e, a3 }2 u
- v2 = (_DWORD *)dword_5D3E6C;
/ b+ E4 U" d5 X - byte_5D33F0 = 1;4 c% p$ V1 e% b) e
- *(_BYTE *)(dword_5D3E6C + 4) = 1;
% C$ ^ G# o: K - v2[2] = 0;
2 B: D( B5 v9 d# X9 o3 @% w6 U - v2[4] = 0x100000;3 _6 k6 Y' C! Z& x, E+ C
- v2[3] = 0;+ N& M5 w8 c6 M! ` w0 G
- v2[5] = 786432;- |* ^) J8 I# ^6 w
- return;
1 ?. g* i% o3 l! o, c; t2 g; T - }
4 {' b; Y2 E9 n H- E - LABEL_7:- t1 n8 I; n5 E: Z: }% F
- byte_5D33F0 = 0;
7 u2 U! X( ~; @. ^ - }
- .text:004096EB ; ---------------------------------------------------------------------------
; R4 A0 j u2 p6 E: Z. [ - .text:004096ED align 10h
2 }2 Y. I: l! ?5 T3 H - .text:004096F09 U( c: r! t) f# r8 D% L4 [. C
- .text:004096F0 loc_4096F0: ; CODE XREF: sub_409670+7B↑j
4 x' {. q% O6 i8 ?% X- d9 T - .text:004096F0 ; sub_409670+8A↓j9 s* s# k, [5 W% s0 W: E. b
- .text:004096F0 mov cl, [eax]2 i1 T6 T) c8 b5 U
- .text:004096F2 mov [edx+eax], cl
) }1 |0 p, k: b7 E - .text:004096F5 add eax, 1% E7 O& `9 w" d0 ?
- .text:004096F8 test cl, cl
% T/ k" o1 l8 b* H- C - .text:004096FA jnz short loc_4096F0" l" k# a+ ]2 x# R$ B
- .text:004096FC mov eax, dword_5D3E6C
* `! I# |" C1 P& V - .text:00409701 mov byte_5D33F0, 1# W4 Q5 ^) }2 [. ^
- .text:00409708 mov byte ptr [eax+4], 1; E! u6 ~9 q5 p1 z
- .text:0040970C mov dword ptr [eax+8], 0
& O# Y' E% a0 G. D' I( q% L1 @; n* q# e) Q - .text:00409713 mov dword ptr [eax+10h], 100000h+ R6 x3 b) ]# h; T
- .text:0040971A mov dword ptr [eax+0Ch], 0
9 u. V. m* [7 K9 O - .text:00409721 mov dword ptr [eax+14h], 0C0000h- l! L, g& y- L( G/ P% F
- .text:00409728 retn+ B" Z8 }1 q8 q6 i V2 j
- .text:00409729 ; ---------------------------------------------------------------------------
. v# ~6 F; ^) w6 z- u- E |
[复制链接]
发表于 2023-8-26 16:09
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
分享
很美好
很差劲
发表于 2025-4-14 09:41
