本帖最后由 shane007 于 2023-8-26 16:14 编辑 8 `( E! F, Y" @: {
' [' ]9 u! g* w- i# \9 z$ q我用代理dll的方式,让这个游戏窗口化了。2 t3 L# H$ m3 r, Y3 t$ l$ `) W
随后用cheat engine(用其他工具老是出异常,无法正常调试)在内存中检索一句字幕,下内存方位断点。
: R0 Y) M) m2 J' P- }在以下地方断下。6 n4 i8 z% l8 M; P$ G0 u/ A) K
3 H- m b& D. O W! L- CaptainMorgane.exe+96F5 - 83 C0 01 - add eax,01
0 }* \0 p" U: c/ e9 `# s" z - 地址004096F5
1 {7 x3 b/ p1 J) ]# }
随后,在ida pro中查看伪代码,感觉这是一个字符串长度的check函数,
; _. |& r" C$ F) z1 C/ |; e. n真正的字幕显示函数需要追到上一层,后续再继续分析( q( |; n4 u1 q% \9 ~# F
) _" _! q) V+ ~/ _7 Z f8 X
6 V/ p* m5 M7 C- void __usercall sub_409670(char a1@<dil>, const char *a2@<esi>)! G. o6 h% T1 [, C! b: Z/ r
- {
% ?+ }( v8 N! c* L1 ? - _DWORD *v2; // eax. p3 [. Z' A# I! ?
- 9 q, P0 F- p+ B! v, V) G- Z
- if ( !dword_5D9B50 )
3 }, A! O h& j; x7 y- k - {
$ o4 P: l$ C) Z3 |7 t a& } - if ( !a2 )
# t: l6 \% q) C2 Y4 v - goto LABEL_7;
. e+ D A; _0 F j+ a - if ( strlen(a2) >= 0x80 ), r q* v7 f$ D: o( X
- {
) {% U2 ?, ?7 a - sub_51AEC6("ASSERT\n", a1);" I) ~- R3 _' P1 w$ A r- Y
- sub_51AEC6("file: %s(%d)\n", (unsigned int)"..\\..\\Source\\Dialogs\\Common\\DialogInterface.cpp");
9 [6 ?. u5 O2 ?- S: [% n - sub_51AEC6("function: %s\n", (unsigned int)"DialogInterface::SetCaptionDisplayed");
$ M. L- \9 o, c, S5 `1 W - sub_51AEC6("condition: %s\n", (unsigned int)"sCaption==NULL || strlen(sCaption)< NB_CHAR_MAX");
6 X8 C* Y1 m1 q# H% H9 c - }* n# q3 m* |5 c9 @" V! G/ o
- }0 W- \9 f6 |% h. k5 v) L: R- R$ v
- if ( a2 )
, _$ }' K0 Y$ @/ b - {3 I! k# C3 i8 ^$ }+ t
- strcpy((char *)&unk_5D3370, a2);
8 H1 B! b% r: k4 P" E* } - v2 = (_DWORD *)dword_5D3E6C;
/ K- _- \( G( I; X9 L: z+ m - byte_5D33F0 = 1;
' S# t6 }5 K2 Y0 n; R - *(_BYTE *)(dword_5D3E6C + 4) = 1;
# H/ I; d `" Y) q' X - v2[2] = 0;
7 m- ?+ e& X5 O6 l; o5 U3 y) E - v2[4] = 0x100000;
! y- d4 ~+ d3 n - v2[3] = 0;
2 i! b* F" }" Z# g) F8 R# j - v2[5] = 786432;
) p1 Q- Q! b4 \4 C7 E - return;
, B- j5 c3 s( j+ }1 b7 ? - }
/ {' g. L7 [! A - LABEL_7:
# s" l: Z4 }3 s1 ^. [ - byte_5D33F0 = 0;- ]6 _5 M( E# j K3 b& L) f
- }
- .text:004096EB ; ---------------------------------------------------------------------------
$ z }" x0 s# S6 F" G3 T% o - .text:004096ED align 10h
, y, @( m! w6 Y9 u( l+ u& t - .text:004096F0
" n# u2 L+ a/ b! A - .text:004096F0 loc_4096F0: ; CODE XREF: sub_409670+7B↑j
8 K- q, d$ X' E7 O4 q% T - .text:004096F0 ; sub_409670+8A↓j
# G l3 T( H( H - .text:004096F0 mov cl, [eax]4 R; _2 d) @4 C% L, u' t
- .text:004096F2 mov [edx+eax], cl2 W9 @2 O8 u' }" t
- .text:004096F5 add eax, 1
+ M2 Q! W n# w - .text:004096F8 test cl, cl
* c2 e/ N& H, |! S( O - .text:004096FA jnz short loc_4096F0
% F5 \0 l. i( K9 ^. T - .text:004096FC mov eax, dword_5D3E6C# O" o0 S" A' [, z, I: E/ h
- .text:00409701 mov byte_5D33F0, 1$ y0 j) u O% }* U4 Z& e
- .text:00409708 mov byte ptr [eax+4], 1% Z& F# b$ h/ E+ j7 j% h7 Z
- .text:0040970C mov dword ptr [eax+8], 0
3 @) f e7 c! [" g - .text:00409713 mov dword ptr [eax+10h], 100000h2 K! B, C @ ?1 @& {
- .text:0040971A mov dword ptr [eax+0Ch], 0* @( m& Z2 A- w" z/ V" f. j! J
- .text:00409721 mov dword ptr [eax+14h], 0C0000h
- i, A* K: Y6 }+ Q+ t! G" t - .text:00409728 retn6 f2 m* Z, W5 i/ n0 N t
- .text:00409729 ; ---------------------------------------------------------------------------
' q; ]7 ^2 k& @7 Q! m5 i |
发表于 2023-8-26 16:09
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
分享
很美好
很差劲
