本帖最后由 shane007 于 2023-8-26 16:14 编辑 ' c" l2 b' l/ a5 e
; p- U. _" }' t
我用代理dll的方式,让这个游戏窗口化了。
/ T- e- u9 [8 r. M# o随后用cheat engine(用其他工具老是出异常,无法正常调试)在内存中检索一句字幕,下内存方位断点。$ ^+ U$ D1 U1 Q! |$ S! B
在以下地方断下。# }% s( O# [, y$ @9 M
, [1 l2 s; s9 e: A4 ]6 K5 ^. L5 c
- CaptainMorgane.exe+96F5 - 83 C0 01 - add eax,01- f3 ^8 V* I* `# v
- 地址004096F5
# C# b2 z; w) [; J$ N随后,在ida pro中查看伪代码,感觉这是一个字符串长度的check函数,9 \* w% u9 A, A8 V7 p+ `( N7 R1 C/ H; H
真正的字幕显示函数需要追到上一层,后续再继续分析# R0 C! L3 }5 I \3 Q
. G5 ?4 t6 |5 ^5 \4 `( t
" Q$ S; @0 z+ F3 e( C- void __usercall sub_409670(char a1@<dil>, const char *a2@<esi>)
8 G+ Q# {/ P0 \; L1 V2 F/ |) j - {
1 z. C) P" A/ U$ m4 {% r" k% w" U - _DWORD *v2; // eax
; ^6 W; j) H2 a1 J - . Q2 r* D4 s% K# z, _4 K q& {
- if ( !dword_5D9B50 )
4 O1 F" l6 D% j3 B; ]+ W - {
7 q" `( k; U* K3 ~7 i - if ( !a2 )( b2 Y& j4 q! O
- goto LABEL_7;
: L6 G+ p( ?# J/ P: N" O4 y - if ( strlen(a2) >= 0x80 )
) t$ g7 ~9 d6 u! N - {% x0 [ U8 r+ Z8 z; p
- sub_51AEC6("ASSERT\n", a1);
: b; e5 U! t- T; V* e - sub_51AEC6("file: %s(%d)\n", (unsigned int)"..\\..\\Source\\Dialogs\\Common\\DialogInterface.cpp");& D( Z6 G5 `2 K @8 H" G2 |
- sub_51AEC6("function: %s\n", (unsigned int)"DialogInterface::SetCaptionDisplayed");
, G0 u% f$ t* b - sub_51AEC6("condition: %s\n", (unsigned int)"sCaption==NULL || strlen(sCaption)< NB_CHAR_MAX");# n' j3 P6 k* E$ R" U
- }' P, U5 y& H" F0 @ m: |0 b) C) x
- }- \$ @% ]; l% V+ B
- if ( a2 )( n& _$ c7 O( N* s- |! z
- {) |, N/ u0 K- W9 h+ D' r6 v
- strcpy((char *)&unk_5D3370, a2);; z- q- w' {) p" |$ |8 v
- v2 = (_DWORD *)dword_5D3E6C;! W3 Q1 U/ k6 s
- byte_5D33F0 = 1;5 N. ^+ n* {! C' e" f( f8 T$ `
- *(_BYTE *)(dword_5D3E6C + 4) = 1;
- T7 G9 W; K( X, ~, j( ^% d - v2[2] = 0;; ^, E3 S |4 ^& b
- v2[4] = 0x100000;4 q) _. ^+ q7 d0 x$ u
- v2[3] = 0;
& h& i. b7 D% \9 M% U+ @8 P$ B+ @ - v2[5] = 786432;3 G! s! T) v7 `! H# g$ r
- return;( g' u. j& I Y! x) u" `/ J3 {; t, a) }
- }
# q- U% D d/ ]! u5 M; } - LABEL_7:
# p0 |- O9 k9 m6 i- ]' b8 W - byte_5D33F0 = 0;+ |: y5 V" A+ N* c, [5 H9 j+ W- N0 z; G
- }
- .text:004096EB ; ---------------------------------------------------------------------------
$ i7 j+ h+ [, [5 F3 O3 [ - .text:004096ED align 10h( A* g1 U) W2 Y) a
- .text:004096F07 @4 n6 e, v6 }
- .text:004096F0 loc_4096F0: ; CODE XREF: sub_409670+7B↑j$ X. F9 N* j1 l; r5 e, c" H% t
- .text:004096F0 ; sub_409670+8A↓j4 I( o6 A+ w! F' n/ q$ `7 V
- .text:004096F0 mov cl, [eax]
, E% J. R: l) D) d! m" p - .text:004096F2 mov [edx+eax], cl
6 `- A8 b' ?; y- u( U& A& S - .text:004096F5 add eax, 1
) m3 w9 N1 b2 r9 b# M* x7 Y3 ~ - .text:004096F8 test cl, cl! g1 W* l8 _# g# k2 X/ }# s1 }
- .text:004096FA jnz short loc_4096F09 p0 w/ h" _3 q& R% C' p9 Q+ X
- .text:004096FC mov eax, dword_5D3E6C" R: Y, _8 _9 A- S6 Q
- .text:00409701 mov byte_5D33F0, 1
- q+ [5 I; u V4 b: d - .text:00409708 mov byte ptr [eax+4], 1. d( f# b7 N J8 u& j. s- u
- .text:0040970C mov dword ptr [eax+8], 0
2 A; X/ _- d7 P# f$ Z( w5 Q - .text:00409713 mov dword ptr [eax+10h], 100000h
$ k P8 N& |( f - .text:0040971A mov dword ptr [eax+0Ch], 0/ `1 R3 [+ C& ]. E0 D
- .text:00409721 mov dword ptr [eax+14h], 0C0000h0 o+ _$ z* g# ?( D# w
- .text:00409728 retn
+ c4 s# J! L! S" ~; m - .text:00409729 ; ---------------------------------------------------------------------------
* j2 m" p0 X0 Z. q4 P% X |
发表于 2023-8-26 16:09
![【1115号】双子思维5:致命戏法ChinaAVG汉化版[1.35G]](data/attachment/forum/202409/13/185355ool5hoogw798k9z5.jpg)
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
分享
很美好
很差劲
