本帖最后由 shane007 于 2023-8-26 16:14 编辑 / n: L% W0 C) f3 B8 k9 P
; Q% g, s! Y' }5 X2 [6 I5 f
我用代理dll的方式,让这个游戏窗口化了。
5 o! \, Z5 m- D' G+ N随后用cheat engine(用其他工具老是出异常,无法正常调试)在内存中检索一句字幕,下内存方位断点。5 O3 a# p, c' o1 k" ?0 X: @" [2 t
在以下地方断下。0 ~! V% k1 L2 N0 Z/ R
w; e) r; N2 T7 s7 M
- CaptainMorgane.exe+96F5 - 83 C0 01 - add eax,01/ f5 i( E& ~5 N2 d5 ^
- 地址004096F5
" z* v, B/ Q4 R1 `
# t9 i' b3 ~) w: K随后,在ida pro中查看伪代码,感觉这是一个字符串长度的check函数, a' G# V: b( \% e' a
真正的字幕显示函数需要追到上一层,后续再继续分析
1 l9 w, K# J8 a0 m1 m: [" }/ |6 b$ F% x' A L: Z( g) N$ d" z
! X. n- F4 f& a1 i: j" |& L/ n8 `- void __usercall sub_409670(char a1@<dil>, const char *a2@<esi>)
6 E5 U, Z( u) H: r - {1 w3 S3 a" |+ y
- _DWORD *v2; // eax
/ K, D9 j" B" b. O
1 f- B, A% j% w& V) y( h- if ( !dword_5D9B50 )
( c; e8 j8 `$ T$ T6 C/ P: n - {! ^6 M; [6 p9 u0 @$ X; J- k
- if ( !a2 )
0 n5 a, f# s$ e) C1 z3 g+ \ - goto LABEL_7;4 u. ^: f' S4 G9 J
- if ( strlen(a2) >= 0x80 )% o* E( o( P# R3 C8 K
- {
I! Y, U; h* {% F5 D: u - sub_51AEC6("ASSERT\n", a1);
% T7 Y" @2 {7 j0 J1 o) M - sub_51AEC6("file: %s(%d)\n", (unsigned int)"..\\..\\Source\\Dialogs\\Common\\DialogInterface.cpp");( z5 \8 R3 V# R
- sub_51AEC6("function: %s\n", (unsigned int)"DialogInterface::SetCaptionDisplayed");
5 t' ^* o( j. f5 v, f& }) @ - sub_51AEC6("condition: %s\n", (unsigned int)"sCaption==NULL || strlen(sCaption)< NB_CHAR_MAX");
# `# a% x5 `9 I7 {6 | O - }/ e# X7 \# n& W9 q" F3 F4 v
- }
8 i' H; S5 M5 ?7 y y8 ` - if ( a2 )5 @9 X! W% g! K, J& Y! G5 V
- {' L0 D4 o" t ^* U$ z& W
- strcpy((char *)&unk_5D3370, a2);
( A% u7 J2 Q7 E! P9 ] - v2 = (_DWORD *)dword_5D3E6C;
& M6 r5 h- I! g% }/ } - byte_5D33F0 = 1;: m. h- z: _8 ?/ F' l
- *(_BYTE *)(dword_5D3E6C + 4) = 1;+ {" t: Q# K$ P" R3 j) j2 f
- v2[2] = 0;0 M* M! u& A& R1 m' K
- v2[4] = 0x100000;
3 f5 {" B9 M- L" I - v2[3] = 0;& Z" {- t, Q8 B& \- I" ?
- v2[5] = 786432;
( x0 D) M* U# x0 G - return;
0 ?/ E- O$ I# w0 F - }, q+ s. ?; B, C$ u _% h [: E
- LABEL_7:
1 \5 _/ \% Z7 K5 u! v4 c7 F - byte_5D33F0 = 0;
6 b$ G3 [' ?0 S( X0 X6 e3 z; j - }
- .text:004096EB ; ---------------------------------------------------------------------------# I; }5 C* @3 z5 Z0 [9 p
- .text:004096ED align 10h
# R5 g5 D0 |* P+ w- | - .text:004096F0
1 i5 s7 L; _- H/ C+ @. I- d$ i - .text:004096F0 loc_4096F0: ; CODE XREF: sub_409670+7B↑j
* n" n! t' }4 t% L/ z - .text:004096F0 ; sub_409670+8A↓j
8 b8 V2 K0 S+ A& @$ b ` - .text:004096F0 mov cl, [eax]
3 l% I2 O% w& [5 Q7 J' J. Y, t1 s7 m - .text:004096F2 mov [edx+eax], cl
2 X( I# J0 @1 E: m! E1 W - .text:004096F5 add eax, 1
% d+ D+ w, S; |4 i) }) f: J7 m - .text:004096F8 test cl, cl; U7 j$ b8 x4 a" @
- .text:004096FA jnz short loc_4096F0
9 m2 [8 H6 Z- X$ e/ Z, l - .text:004096FC mov eax, dword_5D3E6C3 W. }4 e6 h5 q" g& D
- .text:00409701 mov byte_5D33F0, 17 O' c+ N0 Y3 ^* l& r
- .text:00409708 mov byte ptr [eax+4], 1
7 a( E6 R' N( b5 Q* l! _1 m! f: a - .text:0040970C mov dword ptr [eax+8], 0
) L7 l7 q; Y. y* e! L - .text:00409713 mov dword ptr [eax+10h], 100000h
9 J7 |2 ]1 |1 k: r& n - .text:0040971A mov dword ptr [eax+0Ch], 02 _4 x4 J _9 O; i; Y- e
- .text:00409721 mov dword ptr [eax+14h], 0C0000h: H& [ i1 j6 |+ j
- .text:00409728 retn+ L2 X9 {% W# k& o. {5 S- \ x
- .text:00409729 ; ---------------------------------------------------------------------------
|
发表于 2023-8-26 16:09
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
分享
很美好
很差劲
