本帖最后由 shane007 于 2023-8-26 16:14 编辑 , K$ a# m) T3 o% T$ i4 M+ ^0 ^! c
$ ?9 D3 D) z1 @& _; Y3 h7 O我用代理dll的方式,让这个游戏窗口化了。' Q, y, e. o4 T
随后用cheat engine(用其他工具老是出异常,无法正常调试)在内存中检索一句字幕,下内存方位断点。
! @5 X$ X, R5 O$ I& p在以下地方断下。
\* Z6 [3 c5 ~% w$ R
" A% C- L4 S" `- W2 h) X2 ]! g- CaptainMorgane.exe+96F5 - 83 C0 01 - add eax,01+ y7 u* B' B7 Z* K/ Z
- 地址004096F5
# B; R# F5 E: Q$ c
/ c9 E3 s+ |. u/ t4 _2 J( h- y随后,在ida pro中查看伪代码,感觉这是一个字符串长度的check函数,+ l( R, O% n# X; E# H O
真正的字幕显示函数需要追到上一层,后续再继续分析
. ?! E8 i ~6 N$ k( B k" R7 L
7 d5 t3 U7 F) U) C* {0 _
. ?" Z# O/ v5 e1 |- void __usercall sub_409670(char a1@<dil>, const char *a2@<esi>)* M g# ^; T* t
- {
1 D' o$ F% Q) T7 e - _DWORD *v2; // eax
8 x5 V0 y5 D; C1 u# }7 M: `
5 D* K1 c6 z# v2 M8 _8 d- if ( !dword_5D9B50 )0 z; a5 r; T% N2 o# V) o [ k* ]
- {# m g* u' h2 V
- if ( !a2 ): ~( T" E7 N O6 C0 o& z
- goto LABEL_7;
6 u" w' a# I$ |- m( ~. O - if ( strlen(a2) >= 0x80 )
/ _4 s7 L* t1 F) l5 N, e' R4 X% N - {' Q7 N6 t: m4 Y1 |" \/ M
- sub_51AEC6("ASSERT\n", a1);
; y4 }' O% o. |$ ] - sub_51AEC6("file: %s(%d)\n", (unsigned int)"..\\..\\Source\\Dialogs\\Common\\DialogInterface.cpp");4 x7 S& o9 w% j# _" p" X
- sub_51AEC6("function: %s\n", (unsigned int)"DialogInterface::SetCaptionDisplayed");$ `* W, y( O$ o/ v5 |) y( `
- sub_51AEC6("condition: %s\n", (unsigned int)"sCaption==NULL || strlen(sCaption)< NB_CHAR_MAX");6 r* `6 ^+ H1 `, e
- }
& }6 X$ b& m9 C% U7 s; C# [! Y - }
$ N0 ?& B/ s7 o8 U# b% _6 w2 Q( C, _ - if ( a2 )4 h: a; S( R% a* v& p* s
- {+ }: T, U" v* ]- d9 ^, `
- strcpy((char *)&unk_5D3370, a2);! k% {1 I; \* y3 U! @# ~8 }' x" I
- v2 = (_DWORD *)dword_5D3E6C;
; O9 v& P+ |( R0 c/ e' {/ _6 b - byte_5D33F0 = 1;: S* \, |5 x/ W3 V& A) }$ a$ `" r2 h
- *(_BYTE *)(dword_5D3E6C + 4) = 1;
! l: ^; ^# N8 P+ H" z - v2[2] = 0;
1 h K: d- ~7 J: l' g* K* x: b" e9 B$ c - v2[4] = 0x100000;
7 P+ }, I( S& A3 I4 p - v2[3] = 0;
( D2 X3 S0 a. w5 v - v2[5] = 786432;( T! j y& L4 x/ C( N! S# \
- return;
# t6 g: T; k% I; h* u6 f - }: ~8 J5 C' ]% I9 \
- LABEL_7:
" z1 K4 U( O* t3 [9 L: d1 j - byte_5D33F0 = 0;2 M, r5 C) R5 X/ B- n3 C
- }
- .text:004096EB ; ---------------------------------------------------------------------------
! z4 u* I4 G. y1 ]" q' h0 K1 ` - .text:004096ED align 10h q1 Y) v; t5 [8 b4 g$ J( G. b
- .text:004096F0
" W* I6 Q3 g& T9 i - .text:004096F0 loc_4096F0: ; CODE XREF: sub_409670+7B↑j4 b' i3 u6 y' M( ~
- .text:004096F0 ; sub_409670+8A↓j7 a% o. D" G0 E+ F" m2 Y' j* `
- .text:004096F0 mov cl, [eax]
! X3 h, t7 Y7 X/ U# e! ^ - .text:004096F2 mov [edx+eax], cl
' K% Q6 R$ f: S3 G- K& o - .text:004096F5 add eax, 1
* }2 S1 a7 n0 P - .text:004096F8 test cl, cl$ q2 F7 |1 G5 M
- .text:004096FA jnz short loc_4096F06 _6 |# ^ w/ `; @1 s0 t
- .text:004096FC mov eax, dword_5D3E6C
7 ], d+ P9 q( Q' e& l8 `8 O& J - .text:00409701 mov byte_5D33F0, 11 @6 O/ f2 o/ F4 J# R' k; |
- .text:00409708 mov byte ptr [eax+4], 13 o/ m2 I: h* R" ?7 h8 F. g
- .text:0040970C mov dword ptr [eax+8], 0( b- I2 |0 K! X* G2 f& h8 `3 W( C" c
- .text:00409713 mov dword ptr [eax+10h], 100000h0 Z c) n0 S/ S
- .text:0040971A mov dword ptr [eax+0Ch], 0
( z/ I, H6 C: ^9 V - .text:00409721 mov dword ptr [eax+14h], 0C0000h5 ~2 @+ W3 f! z1 t2 O: T( l
- .text:00409728 retn
8 f- R( x, Y$ ]: {6 i - .text:00409729 ; ---------------------------------------------------------------------------
|
发表于 2023-8-26 16:09
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
分享
很美好
很差劲
