本帖最后由 shane007 于 2023-8-26 16:14 编辑
/ ~$ ]2 l0 a5 ]' A! ~0 a
% a* [8 c! a9 g我用代理dll的方式,让这个游戏窗口化了。% k8 u6 j- K6 L% p" E8 E$ l
随后用cheat engine(用其他工具老是出异常,无法正常调试)在内存中检索一句字幕,下内存方位断点。6 A5 x: u5 ~0 Y8 l% J) o: x
在以下地方断下。
# @, E2 y! \0 n: _' R5 j
" s( L1 J' ^: ]4 L2 y$ V- CaptainMorgane.exe+96F5 - 83 C0 01 - add eax,01
% q) G- w$ u. s, z - 地址004096F5
0 u4 F1 t* J3 {( h7 m1 r( m; q. f$ w
随后,在ida pro中查看伪代码,感觉这是一个字符串长度的check函数,
) \2 x5 J% {- J- y% R9 v真正的字幕显示函数需要追到上一层,后续再继续分析
- t- q# h% @) ]$ V2 e! K. h b: t
( b4 n$ V; d! Y {- 2 c4 E& ~5 x2 L3 j( G% e q
- void __usercall sub_409670(char a1@<dil>, const char *a2@<esi>)! M7 Y. o# |3 ]7 ]) t5 C- X* a
- {
& Y% D: ^+ D! h; y" f - _DWORD *v2; // eax
/ E: O& n, r+ p0 T8 E! U - ) K" J3 A7 Y/ J2 o
- if ( !dword_5D9B50 )
+ H1 z( {& s. N - {# B6 ?* w" j; Z, _" K- H+ ?; t; _6 ~
- if ( !a2 )2 n7 D9 N [' y3 m) r3 P8 J- g
- goto LABEL_7;
% m! `/ K, s/ n2 X! \% I0 u - if ( strlen(a2) >= 0x80 )) D) K+ N$ p: }
- {
3 y5 b& p1 ^" b$ } - sub_51AEC6("ASSERT\n", a1);
( F* N$ E+ q# g+ U% n - sub_51AEC6("file: %s(%d)\n", (unsigned int)"..\\..\\Source\\Dialogs\\Common\\DialogInterface.cpp");. W. @& L, I% G' I$ ^! Y; g
- sub_51AEC6("function: %s\n", (unsigned int)"DialogInterface::SetCaptionDisplayed");) j5 F1 [) ]5 Y# i# A
- sub_51AEC6("condition: %s\n", (unsigned int)"sCaption==NULL || strlen(sCaption)< NB_CHAR_MAX");
, d8 `7 x. V4 `' s9 |% T7 Q - }
' T2 g- E O5 R5 L - }
) w/ }3 W. d: {& {; S- j+ V' K - if ( a2 )
# K' h5 M( I8 z7 t# u! S - {+ E/ d0 ~/ }% J
- strcpy((char *)&unk_5D3370, a2);) O! x+ p# w5 z: v+ z/ B
- v2 = (_DWORD *)dword_5D3E6C;
# s% n% e3 @) w+ K - byte_5D33F0 = 1;
6 M8 _+ o% C8 }. x. Y$ }. [9 g - *(_BYTE *)(dword_5D3E6C + 4) = 1;/ Z4 L, u2 N7 S% _) L$ ]( k
- v2[2] = 0;
9 q, z1 l! z1 d, A3 @ ?9 y6 c1 e - v2[4] = 0x100000;
; G# L W5 a# ]' d3 t - v2[3] = 0;; {3 D1 m# a5 ] G* a! `! I& @
- v2[5] = 786432;
6 V Z" F) a1 f, L" P - return;# S% i* ~4 T& c1 F
- }8 `* r% r0 r& U% |: U) Z" }& x
- LABEL_7:
2 @( T; r5 j) T5 z1 t - byte_5D33F0 = 0;# b$ L" i1 \- X, F
- }
- .text:004096EB ; ---------------------------------------------------------------------------
6 M& f( I0 p# o3 h3 l4 e - .text:004096ED align 10h6 q2 y% ?7 Q$ m/ }
- .text:004096F0
7 F/ q7 P3 \* C* F! l5 Y; i - .text:004096F0 loc_4096F0: ; CODE XREF: sub_409670+7B↑j+ [( i8 ~9 A& Z
- .text:004096F0 ; sub_409670+8A↓j
( J2 H @5 I/ O6 M - .text:004096F0 mov cl, [eax]
+ P* ?' e$ C; Y- F' S - .text:004096F2 mov [edx+eax], cl# S7 U( ~0 X% B I; N* |) s
- .text:004096F5 add eax, 1
l4 e6 M+ A9 Z* l, t - .text:004096F8 test cl, cl0 \7 Z, d; `) J8 O: y6 G
- .text:004096FA jnz short loc_4096F03 V8 m6 {1 W& X# {: c# q
- .text:004096FC mov eax, dword_5D3E6C8 F) n6 s' k `! n1 G0 ~
- .text:00409701 mov byte_5D33F0, 1
; R6 @# f, e9 B2 H1 M2 [2 p - .text:00409708 mov byte ptr [eax+4], 1
5 `9 g4 s/ U5 H* H+ S1 y - .text:0040970C mov dword ptr [eax+8], 0
* _ F" \ o/ C( T. Z - .text:00409713 mov dword ptr [eax+10h], 100000h$ _' Y3 C7 v) n$ q5 d0 T3 U3 B
- .text:0040971A mov dword ptr [eax+0Ch], 07 @5 C- M3 y; i5 ^7 z
- .text:00409721 mov dword ptr [eax+14h], 0C0000h
. _! ~5 f0 t' W8 m7 N- }: r/ e - .text:00409728 retn% k6 _! }6 _) m2 q
- .text:00409729 ; ---------------------------------------------------------------------------
|
发表于 2023-8-26 16:09
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
分享
很美好
很差劲
