|
|
工具明天放出(很不完美版)
首先在内存当中搜索AVCAbilityHero(至于为什么知道是寻找AVCAbilityHero,这个想必你搜索第一个英雄的数据的时候往上翻一点点就会看到这个字符串,很显然这个是找到这些动态地址的关键所在,55555,多谢飞雪给我的帮助), 然后往下找就会发现每个英雄的有个324字节的存储区域,解析如下:(内存当中要看啥请倒着看...)
00000000 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03
048E0094 90 BC 75 6F ①02 00 00 00 00 00 00 00 75 03 00 00 惣uo.......u..
048E00A4 75 03 00 00 78 C3 44 00 01 00 00 00 00 00 00 00 u..x 肈........
048E00B4 90 00 00 00 74 03 00 00 74 03 00 00 00 00 00 00 ?..t..t......
048E00C4 14 00 E7 08 72 65 48 41 00 00 00 00 00 00 00 00 .?reHA........
048E00D4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
048E00E4 00 00 00 00 54 B5 77 0E 90 93 70 6F 00 00 00 00 ....T 祑悡po....
048E00F4 00 00 00 00 00 00 00 00 00 00 00 00 50 01 72 6F ............Pro
048E0104 01 00 00 00 76 03 00 00 76 03 00 00 50 01 72 6F ...v..v..Pro
048E0114 01 00 00 00 77 03 00 00 77 03 00 00 00 00 00 00 ② ...w..w......
048E0124 01 00 00 00 ③ 16 00 00 00 ④ BC 22 71 6F 00 00 B0 41 ......?qo.. 癆
048E0134 BC 22 71 6F 00 80 09 44 0D 00 00 00 ⑤ BC 22 71 6F ?qo. .D....?qo
048E0144 34 33 F3 3F BC 22 71 6F 00 00 00 00 BC 22 71 6F 43??qo....?qo
048E0154 B8 1E 85 3E BC 22 71 6F 00 00 7F 43 01 00 00 00 ???qo.. C...
048E0164 BC 22 71 6F CD CC 2C 40 BC 22 71 6F 67 66 E6 3F ?qo 吞,@?qogf?
048E0174 BC 22 71 6F 01 00 C0 3F 01 00 01 00 00 00 00 00 ?qo.?......
048E0184 05 00 00 00 62 68 48 41 73 64 48 41 65 72 48 41 ...bhHAsdHAerHA
048E0194 64 61 48 41 00 00 00 00 ⑥ 05 00 00 00 03 00 00 00 daHA..........
048E01A4 03 00 00 00 01 00 00 00 03 00 00 00 ⑦ 00 00 00 00 .............
048E01B4 05 00 00 00 01 00 00 00 01 00 00 00 06 00 00 00 ............
048E01C4 01 00 00 00 ⑧ 00 00 00 00 01 00 00 00 D0 00 90 0F ..........??
048E01D4 E8 00 90 0F
①ESI寄存器的地址,相信之前你用CE之类的工具搜索以后总会出现ESI+XX,嗯就是在这里开头,然后接下去的324字节内,就是第一个英雄的一部分的数据(因为貌似浮点数等数据是存在其他位置)
②经验
③ 可用升级点数
④力量
⑤敏捷
⑥ 可学习的英雄技能,每个字节对应相应的ASCII码,已学习的技能修改后可变成新的可学习技能,原技能保留.从这里可以看到每个英雄的英雄技能只有有五个.有兴趣的人可以去看看超过5个英雄技能以后多余的英雄技能会放在哪里
⑦ 对应英雄技能能学习几级
⑧ 几级才能学习这个英雄技能
顺着这个思路,继续查找移动速度,发现搜索AVCAbilityMove 然后往下找就会发现每个英雄的有个228字节的存储区域,速度也存在里面
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 43 41 62 69 6C 69 74 79 4D 6F 76 65 40 40 00 00 CAbilityMove@@..
00000010 00 00 00 00 00 00 00 00 10 72 04 00 B9 07 6D 6F .........r..?mo
00000020 00 00 00 00 E8 E9 78 6F 18 00 00 00 00 00 00 00 ....栝xo........
00000030 3A 04 00 00 3A 04 00 00 78 C3 44 00 01 00 00 00 :...:...x肈.....
00000040 00 00 00 00 10 00 00 00 FF FF FF FF FF FF FF FF ........
00000050 00 00 00 00 14 00 15 08 76 6F 6D 41 00 00 00 00 ........vomA....
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000070 00 00 00 00 00 00 00 00 70 A7 46 0B 90 93 70 6F ........p .悡po
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000090 BC 22 71 6F 00 00 87 43 ⑨ BC 22 71 6F 00 00 80 3F ?qo..嘋?qo.. ?
000000A0 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ........
000000B0 00 00 00 00 90 93 70 6F 00 00 00 00 00 00 00 00 ....悡po........
000000C0 00 00 00 00 00 00 00 00 90 93 70 6F 00 00 00 00 ........悡po....
000000D0 00 00 00 00 00 00 00 00 00 00 00 00 BC 22 71 6F ............?qo
000000E0 00 00 00 ... ...e@@
⑨移动速度,按照浮点数在内存的格式转换成浮点,嗯 这里算出来是270
联系 AVCAbilityHero和AVCAbilityMove,于是我们搜索AVCAbility,出现的结果估计会让你吃惊,于是怎么利用你应该知道了吧,
又一个关键词 PVqo , ,搜索出来结果数量是按照地图上面单位的数量决定的,准确的说就是按照地图上面有护甲的单位数量决定的,这里和下一个关键词是一样的说法 ,单位存储区域780
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
083C0000 04 0C 03 00 80 00 3B 08 04 00 00 0C 3B 08 6D 6F .... .;.....;.mo
083C0010 00 00 00 00 50 56 71 6F 1F 00 00 00 EC 04 C6 05 ....PVqo....??
083C0020 2F 04 00 00 2F 04 00 00 78 C3 44 00 01 00 00 00 /.../...x肈.....
083C0030 F4 04 C6 05 06 06 00 00 00 00 00 00 10 70 23 0B ??.........p#.
083C0040 01 00 00 00 6C 61 70 48 ⑩00 00 00 00 FF FF FF FF ....lapH....
083C0050 00 00 00 00 00 00 00 00 6E 00 00 00 6D 00 00 00 ........n...m...
083C0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
083C0070 01 12 00 00 00 00 00 00 12 0F 00 00 90 A3 70 6F ............悾po
083C0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
083C0090 90 A3 70 6F 00 00 00 00 00 00 00 00 00 00 00 00 悾po............
083C00A0 00 00 00 00 D7 02 30 01 D7 02 30 01 B4 DF 70 6F ....?0.?0.催po
083C00B0 01 00 00 00 33 04 00 00 33 04 00 00 D0 00 BE 08 ....3...3...??
083C00C0 8C 33 71 6F 00 00 00 00 00 00 00 00 B4 DF 70 6F ?qo........催po
083C00D0 01 00 00 00 34 04 00 00 34 04 00 00 8C 33 71 6F ....4...4...?qo
083C00E0 00 00 00 00 8C 33 71 6F 00 00 00 00 00 00 00 00 ....?qo........
083C00F0 8C 33 71 6F 00 00 40 40 ⑾ 05 00 00 00 ⑿00 00 00 00 ?qo..@@........
083C0100 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 .... ....
083C0110 B4 DF 70 6F 01 00 00 00 37 04 00 00 37 04 00 00 催po....7...7...
083C0120 06 00 00 00 00 00 00 00 00 00 00 00 B4 DF 70 6F ............催po
083C0130 01 00 00 00 36 04 00 00 36 04 00 00 00 00 00 00 ....6...6.......
083C0140 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 .... ....
083C0150 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 ........
083C0160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
083C0170 00 00 00 00 00 00 00 00 28 58 71 6F 01 00 00 00 ........(Xqo....
083C0180 30 04 00 00 30 04 00 00 FF FF FF FF FF FF FF FF 0...0...
083C0190 00 00 00 00 90 A3 70 6F 00 00 00 00 00 00 00 00 ....悾po........
083C01A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
083C01B0 FF FF FF FF FF FF FF FF 00 00 00 00 FF FF FF FF ....
083C01C0 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 ............
083C01D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
083C01E0 00 00 00 00 00 00 00 00 00 00 00 00 43 04 00 00 ............C...
083C01F0 43 04 00 00 00 00 00 00 14 00 D0 07 94 00 E0 07 C.........???
083C0200 94 00 CA 07 00 00 00 00 94 00 CB 07 01 00 00 00 ??....??....
083C0210 00 00 00 00 44 36 71 6F 00 00 00 00 00 00 00 00 ....D6qo........
083C0220 00 00 00 00 B4 DF 70 6F 01 00 00 00 35 04 00 00 ....催po....5...
083C0230 35 04 00 00 00 00 00 00 00 00 70 42 00 00 00 00 5.........pB....
083C0240 00 00 00 00 00 00 00 00 00 00 70 42 00 00 00 00 ..........pB....
083C0250 FF FF FF FF FF FF FF FF 00 00 00 00 02 00 00 00 ........
083C0260 FF FF FF FF FF FF FF FF 00 00 00 00 65 00 00 00 ....e...
083C0270 66 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 f...............
083C0280 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 .... ....
083C0290 10 00 00 00 90 27 0C 43 17 D1 AE C4 00 00 00 00 ....?.C.旬?...
083C02A0 AE 07 B3 40 2A 42 45 3F 08 2C 23 BF 00 00 00 00 ?矦*BE?.,#?...
083C02B0 08 2C 23 3F 2A 42 45 3F 00 00 00 00 00 00 00 00 .,#?*BE?........
083C02C0 00 00 00 00 00 00 80 3F 00 00 00 00 00 00 00 00 ...... ?........
083C02D0 00 00 00 00 00 00 00 00 00 00 00 00 3F 75 12 43 ............?u.C
083C02E0 FF FF FF FF FF FF FF FF 01 00 00 00 06 00 00 00 ........
083C02F0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
083C0300 00 00 00 00 00 00 00 00 00 00 7A 43 00 00 7A 43 ..........zC..zC
083C0310 00 00 80 3F FF FF FF FF FF FF FF FF 00 00 00 00 .. ? ....
⑩单位ID,当然也是按照ASCII码,判断ID的首字母是不是大写就可以判断他是不是英雄
⑾护甲,浮点型,
⑿护甲类型,这里是5代表英雄甲,
1
| 2
| 3
| 4
| 5
| 6
| 7
| 8
| 轻型
| 中型
| 重型
| 加强型
| 一般型
| 英雄
| 神圣型
| 未装备护甲
|
要改照着这个改
既然 PVqo的数量表明地图上面有护甲的单位数量,那些肯定有一个关键字是表明地图上面有攻击的单位数量, ktaA就是这样的一个关键字.不过ktaA有点麻烦
不过只有搜索AVCAbilityHero和AVCAbilityMove之间的ktaA的话,出来的东西就是地图上面有攻击的单位数量,这里呢有个问题,正因为如此,和 PVqo那里的单位的顺序就无法对应,因为除了物品以外所有单位都有护甲,而且在这里附近我也没有发现表明单位特征的地方(PVqo附近有单位的ID),所以呢造成我的工具的极其不完美,嗯 不知道有没有人可以帮我解决这个麻烦55555555我弄好多天了,,,,,,这里每个单位储存区域是1040字节
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
07BE0040 6B 74 61 41 00 00 00 00 ktaA....
07BE0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
07BE0060 00 00 00 00 00 00 00 00 64 AD 62 0B 90 A3 70 6F ........d璪.悾po
07BE0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
07BE0080 FF FF FF FF FF FF FF FF 00 00 00 00 FF FF FF FF |
-
评分
-
查看全部评分
|
窥视卡
雷达卡
发表于 2008-4-7 22:06:50
提升卡
置顶卡
沉默卡
喧嚣卡
±????¨
千斤顶
???í?¨
完全看不懂