本帖最后由 shane007 于 2023-8-26 16:14 编辑
% Q: v5 Q0 r+ R; L$ W6 m# p4 |' Z. s; j2 _ ?7 ] p
我用代理dll的方式,让这个游戏窗口化了。( x0 s1 n3 o7 p6 m
随后用cheat engine(用其他工具老是出异常,无法正常调试)在内存中检索一句字幕,下内存方位断点。
# w1 [0 V' H8 b; y在以下地方断下。
+ ?. `9 c1 B; P7 c. [, u2 W+ `- ~% e! Z' X8 a9 k" \0 x
- CaptainMorgane.exe+96F5 - 83 C0 01 - add eax,01
% u( }" U' _0 o( K( R! ~0 A, g. L - 地址004096F5
% _' m: `) Q+ H$ |- q' p: f& i: O9 v% _4 z9 j; N; b, s1 R/ n
随后,在ida pro中查看伪代码,感觉这是一个字符串长度的check函数,* A" a' [- m+ T( Q7 l
真正的字幕显示函数需要追到上一层,后续再继续分析# A) _9 b k# g. M& j
6 {2 l% I/ n; Z0 v. y U$ a
2 |% w3 l4 j- A, C- void __usercall sub_409670(char a1@<dil>, const char *a2@<esi>)
) m& _4 i3 h& C O/ p, ` ] - {7 d) W5 A( n, |5 q* c0 o
- _DWORD *v2; // eax
$ D1 I; ?% B8 o; S - 8 b% w- I; g5 p4 s: Z
- if ( !dword_5D9B50 )$ H* m& y: ?! V+ [& x
- {
! r. H/ v `: k/ k# I# L! q ?" x - if ( !a2 )
( X& L: L/ w, a6 M' K% s# t - goto LABEL_7; E/ K/ X* j& w
- if ( strlen(a2) >= 0x80 )2 y4 u u4 ~# E: R: A$ X7 f
- {0 v8 U+ A6 p6 M9 X1 \* B! K
- sub_51AEC6("ASSERT\n", a1);
! V: B) a' u1 U! ]: _8 s* I1 f4 X - sub_51AEC6("file: %s(%d)\n", (unsigned int)"..\\..\\Source\\Dialogs\\Common\\DialogInterface.cpp");7 a0 l# | p" d4 A0 f) F6 n( e" f) E
- sub_51AEC6("function: %s\n", (unsigned int)"DialogInterface::SetCaptionDisplayed");" m9 u' h# \1 N5 m! b, z! s" s+ ^
- sub_51AEC6("condition: %s\n", (unsigned int)"sCaption==NULL || strlen(sCaption)< NB_CHAR_MAX");: P" P# [6 ]" [2 A% k
- }+ F) z+ U) d$ j
- }
9 o" K) }. _0 b - if ( a2 )
1 s' t3 N9 [* q5 S - {
" ^. l9 P7 _, { r - strcpy((char *)&unk_5D3370, a2); ?% R9 W9 q) j8 n$ f
- v2 = (_DWORD *)dword_5D3E6C;
0 h O# x4 \- T" _( N - byte_5D33F0 = 1;
% D0 F6 l6 s. u9 E7 ~& K" r. g6 C - *(_BYTE *)(dword_5D3E6C + 4) = 1;
}5 ^2 y! O9 H* M - v2[2] = 0;
+ A8 M p0 ?5 M! T. X - v2[4] = 0x100000;
/ d" ?/ l" q* t- z5 d% J, D7 q - v2[3] = 0;, y5 b( |6 j1 s3 u1 `( E7 {
- v2[5] = 786432;4 l0 @# y4 M8 H+ Z
- return;- o+ l* O& u8 X+ k8 R1 {6 U
- }# C p/ R& J. B* p G6 C
- LABEL_7:* l. X8 m* F" H( F1 p9 Q! X
- byte_5D33F0 = 0;
3 q2 r: v, ~" {1 ^2 R( U - }
- .text:004096EB ; ---------------------------------------------------------------------------
2 O& V# g8 v% O, V( T g9 v - .text:004096ED align 10h4 |. V- R1 _9 S# h$ R
- .text:004096F0
' J: T+ I" a6 N( b - .text:004096F0 loc_4096F0: ; CODE XREF: sub_409670+7B↑j$ u8 I1 \, B& G
- .text:004096F0 ; sub_409670+8A↓j5 H% B! r+ g0 X, e' j* d2 F9 H
- .text:004096F0 mov cl, [eax]! X* L8 q' B: f. _
- .text:004096F2 mov [edx+eax], cl ?8 J4 q# U5 f. J9 @7 |
- .text:004096F5 add eax, 1$ h3 Z: c0 L1 q! N/ _
- .text:004096F8 test cl, cl6 o9 @) R; t, B% i5 N' I R. R5 t
- .text:004096FA jnz short loc_4096F06 T* T& d2 j2 y9 R1 B5 n: S
- .text:004096FC mov eax, dword_5D3E6C' S* g8 k3 M5 X* I! M, o: m
- .text:00409701 mov byte_5D33F0, 1
( Q% A8 @5 c, d5 Z+ F* j - .text:00409708 mov byte ptr [eax+4], 1' o- }; E- H' L
- .text:0040970C mov dword ptr [eax+8], 0
) k( f4 n- M: o' T1 T - .text:00409713 mov dword ptr [eax+10h], 100000h( d$ p. l" a9 y/ y a7 F
- .text:0040971A mov dword ptr [eax+0Ch], 0
7 f0 S, k1 a3 e - .text:00409721 mov dword ptr [eax+14h], 0C0000h5 K! M1 Q d2 G( I& j
- .text:00409728 retn
7 C' J9 v; M! f3 K# c - .text:00409729 ; ---------------------------------------------------------------------------
|
发表于 2023-8-26 16:09
![【1091号】南茜·朱尔34:七把钥匙之谜ChinaAVG汉化版[Mystery of the Seven Keys]](data/attachment/forum/202405/24/150933ucjakc8jjfjasf6s.jpg)
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
分享
很美好
很差劲
