本帖最后由 shane007 于 2023-8-26 16:14 编辑
' G- _* e, J( _7 \" o: ~
$ s, w, g" f# |- N% h$ v我用代理dll的方式,让这个游戏窗口化了。+ p/ z9 e' k% c$ ^
随后用cheat engine(用其他工具老是出异常,无法正常调试)在内存中检索一句字幕,下内存方位断点。% U, l8 _" g* m
在以下地方断下。: h* E: `" ?3 p1 U6 i
$ Q# t( ^8 X0 y
- CaptainMorgane.exe+96F5 - 83 C0 01 - add eax,013 X. y5 g! ~0 v6 A P! B
- 地址004096F5
1 y2 H* d! B) ^" b. ?3 o1 G: @; A8 g7 Z. v' G7 @# ~
随后,在ida pro中查看伪代码,感觉这是一个字符串长度的check函数,+ ]9 P0 I- ^! d& e7 o2 C% _+ a
真正的字幕显示函数需要追到上一层,后续再继续分析2 [0 b* K9 f& c8 x) M9 p
) q+ v* w6 b* x* V0 l, t+ P: p- " v/ d0 y( C8 S+ ?' k$ J8 q( H
- void __usercall sub_409670(char a1@<dil>, const char *a2@<esi>)! }7 S' R7 _3 o. F, ^1 |3 G! M
- {; ~7 y6 O, B2 ^ Q: M% p3 R g
- _DWORD *v2; // eax. G' Q' X* v$ u, E5 `! d7 f
* C1 d |; ?+ t1 Q3 X4 x7 x- w- if ( !dword_5D9B50 )
( H0 a8 N% R5 ~. ^: `: x" i2 _ - {
! W' m1 b9 E+ m/ O3 ]) v* r1 G - if ( !a2 )
) l& e/ N* n* b E# W8 z; N& t ~$ o - goto LABEL_7;
6 b5 B, N; w [0 r! s6 D/ N' p, ^ - if ( strlen(a2) >= 0x80 ): I- g& P' s$ R* Q3 K- i
- {
3 @) I9 I% F* R' N - sub_51AEC6("ASSERT\n", a1);4 Y: o4 f! `5 L8 k4 i* Q1 Y4 |# k$ {
- sub_51AEC6("file: %s(%d)\n", (unsigned int)"..\\..\\Source\\Dialogs\\Common\\DialogInterface.cpp");8 c k$ i0 n8 Q% P" ]
- sub_51AEC6("function: %s\n", (unsigned int)"DialogInterface::SetCaptionDisplayed");3 z. M7 O0 Z& _ ^
- sub_51AEC6("condition: %s\n", (unsigned int)"sCaption==NULL || strlen(sCaption)< NB_CHAR_MAX");* G; W& ^# B, y7 ~( Z
- } \7 Q& Y4 W" _, Z, J
- }
/ M7 C3 I: L4 v - if ( a2 )' C2 |" v( W; ]9 O. d
- {
: R4 y2 G% s% T' T: W% Z6 [ - strcpy((char *)&unk_5D3370, a2);- } r0 o3 Z; z6 `$ X/ R* }
- v2 = (_DWORD *)dword_5D3E6C;
' `+ w. W4 K1 e ^2 L7 w) h3 Q+ P - byte_5D33F0 = 1;
2 Y& e, T* L) u) r* }' t7 a - *(_BYTE *)(dword_5D3E6C + 4) = 1;
5 {% C% M' F+ d - v2[2] = 0;6 Q+ g, @4 E @2 t' J
- v2[4] = 0x100000;( G. Z( I+ X( l; W2 P
- v2[3] = 0;
- V0 |0 @0 ?5 t- C - v2[5] = 786432;0 B$ H8 X2 T7 Q% X6 \4 a. }/ G2 \
- return;5 G# }7 p2 b( R9 U, n# }
- }
: f/ |- v; }. W9 Y! Y2 g - LABEL_7:
v: g/ S# V+ R- j/ g - byte_5D33F0 = 0;5 m& K! u- I! s
- }
- .text:004096EB ; ---------------------------------------------------------------------------
) D9 ~) l* G1 R4 Y# D/ P( F$ C - .text:004096ED align 10h
; B1 s7 R1 ]6 s2 I- d: @, D - .text:004096F0
2 U+ S3 O$ i8 z% T% h4 c0 f - .text:004096F0 loc_4096F0: ; CODE XREF: sub_409670+7B↑j) R0 o% ^0 r6 m
- .text:004096F0 ; sub_409670+8A↓j
( g4 L8 N' C1 a/ v6 f! b- } - .text:004096F0 mov cl, [eax]
0 I+ a4 t/ x r, L5 d5 ~2 A - .text:004096F2 mov [edx+eax], cl
. A2 {5 s! \5 _6 ?6 g7 d - .text:004096F5 add eax, 1- r* z! ]3 t/ u1 g; q% r$ W7 k
- .text:004096F8 test cl, cl
! W$ K) k$ u+ G/ Q: L6 i - .text:004096FA jnz short loc_4096F0
+ D' Y% K9 }9 o* Z - .text:004096FC mov eax, dword_5D3E6C/ `; P6 |. Z1 ]! T) o% U
- .text:00409701 mov byte_5D33F0, 1& [: h6 Y4 q6 z8 g) A
- .text:00409708 mov byte ptr [eax+4], 15 R* I; P3 ~0 u+ t
- .text:0040970C mov dword ptr [eax+8], 0' N& x- H Q( }+ O% G& I
- .text:00409713 mov dword ptr [eax+10h], 100000h3 q/ K% U* L$ y9 n7 [
- .text:0040971A mov dword ptr [eax+0Ch], 0
3 L& d2 u% {/ u" B0 M - .text:00409721 mov dword ptr [eax+14h], 0C0000h) f+ n ]/ m, e! F7 ?$ R9 v
- .text:00409728 retn
5 |" E4 D4 G/ W# t7 o( }8 s - .text:00409729 ; ---------------------------------------------------------------------------
|
发表于 2023-8-26 16:09
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
分享
很美好
很差劲
