本帖最后由 shane007 于 2023-8-26 16:14 编辑 ) q' T8 l( e9 G! A5 m: }! Z0 m
( p8 @& M5 D7 T' {我用代理dll的方式,让这个游戏窗口化了。
9 c) S+ k2 c* ]# v随后用cheat engine(用其他工具老是出异常,无法正常调试)在内存中检索一句字幕,下内存方位断点。5 _$ X+ k. y& e# N6 d. z; b
在以下地方断下。
7 b n" a' n9 H0 h+ x4 p0 C! c$ g# G0 y& v6 E2 t/ v$ }
- CaptainMorgane.exe+96F5 - 83 C0 01 - add eax,012 ~6 q5 z$ b' G
- 地址004096F5
- S E# y! ]2 S) P/ q1 R" }( a2 {! t9 i$ C# V$ E# d
随后,在ida pro中查看伪代码,感觉这是一个字符串长度的check函数,
* b, B5 |2 D0 I) a& ]! i真正的字幕显示函数需要追到上一层,后续再继续分析
( m1 ^5 H% }$ D- Z0 Y0 Q- U7 T' V9 B% _' m3 I$ ~# S$ X: U
. R& B' O& i+ Q5 b- void __usercall sub_409670(char a1@<dil>, const char *a2@<esi>)
7 ?$ K( E1 o3 \* g - {
7 ?7 ^7 ^4 p4 I* T - _DWORD *v2; // eax/ y' b" T* v+ h/ O
' Z2 S) i' v( j3 b; X' ?- if ( !dword_5D9B50 )+ q( r6 u9 m) m2 Q
- {
% a) a' S h* |3 A - if ( !a2 )
" a( l( E% D+ {+ ^& x1 G) G - goto LABEL_7;( e! Q( ^% |8 V' U$ p2 x
- if ( strlen(a2) >= 0x80 )0 U0 g" P1 e* K P+ V
- {% P+ ]' s- k" c: ]8 S. B
- sub_51AEC6("ASSERT\n", a1);
! `; o4 _5 R/ w+ y: _ - sub_51AEC6("file: %s(%d)\n", (unsigned int)"..\\..\\Source\\Dialogs\\Common\\DialogInterface.cpp");
2 w0 l: _7 _3 d# q" e - sub_51AEC6("function: %s\n", (unsigned int)"DialogInterface::SetCaptionDisplayed");0 X1 r. \) G" z5 @& U
- sub_51AEC6("condition: %s\n", (unsigned int)"sCaption==NULL || strlen(sCaption)< NB_CHAR_MAX");, |2 n f) f, i6 S) R
- }/ @) s0 m9 ]2 J9 O" s
- }! b4 Y! l- r- L
- if ( a2 )
% ]# |! G# J0 T! q9 e& a - {
( ^" I! ~ S$ G3 j" l& m - strcpy((char *)&unk_5D3370, a2);( A6 A9 W/ O9 h( m
- v2 = (_DWORD *)dword_5D3E6C;
5 V7 l$ J7 x1 C* _/ V; B - byte_5D33F0 = 1;6 n8 P6 g- d$ Y8 G0 b
- *(_BYTE *)(dword_5D3E6C + 4) = 1;4 l8 K: |8 Q% w- I P
- v2[2] = 0;
4 ^% s1 P7 O( u2 z - v2[4] = 0x100000;7 p3 Z. C( H" L5 W9 u/ [
- v2[3] = 0;$ W9 B n3 R2 k, }8 n& Q5 F3 \. S
- v2[5] = 786432;
5 C/ C: r! C2 M - return;
( y" ~9 \; v! P - }5 S. b& D( Z) j% N: M6 g- {
- LABEL_7:
P- M) w- t1 Z# ]/ f - byte_5D33F0 = 0;7 c+ Y h2 V$ d( T
- }
- .text:004096EB ; ---------------------------------------------------------------------------7 J9 m) L$ |* O: q
- .text:004096ED align 10h
9 ~4 B$ S* Q# ]2 o- W) p+ {; H - .text:004096F0, [5 _ M. W0 R" w4 r
- .text:004096F0 loc_4096F0: ; CODE XREF: sub_409670+7B↑j" ?5 }, ^2 T h3 y$ K
- .text:004096F0 ; sub_409670+8A↓j
# ~" L% s ~7 X# I5 J. a) x - .text:004096F0 mov cl, [eax]( L1 e% X+ t4 z0 ?% O
- .text:004096F2 mov [edx+eax], cl" S! t. ]( Z! t1 \* d2 O$ k
- .text:004096F5 add eax, 1
" h( o- a2 a* y; e+ S" } - .text:004096F8 test cl, cl# s, H! @9 ?; C& |( J2 N2 i, R
- .text:004096FA jnz short loc_4096F0
M7 ?2 o! @0 R: K: f - .text:004096FC mov eax, dword_5D3E6C
) V% |+ |& K1 k2 ?+ u: S0 r- T6 F( K - .text:00409701 mov byte_5D33F0, 18 D- }( j( i4 ]- R D4 n- }
- .text:00409708 mov byte ptr [eax+4], 1: x. h' m9 m/ G2 y' E4 D' S
- .text:0040970C mov dword ptr [eax+8], 03 c; D& C7 k- y: ^' L |
- .text:00409713 mov dword ptr [eax+10h], 100000h
9 Z- W) x) ~* F% o: _3 b - .text:0040971A mov dword ptr [eax+0Ch], 0& Z+ z/ ~9 r7 s; w* F* u
- .text:00409721 mov dword ptr [eax+14h], 0C0000h
( e. D2 ^ C$ J1 }5 e" A" i - .text:00409728 retn1 Q% U* e6 c1 f; _$ H5 ?
- .text:00409729 ; ---------------------------------------------------------------------------
! m5 _8 i7 w% {; W" G0 B& f |
发表于 2023-8-26 16:09
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
分享
很美好
很差劲
