游戏精英
- 贡献度
- 621
- 金元
- 13990
- 积分
- 3913
- 精华
- 3
- 注册时间
- 2008-1-21
|
。。。。。。
如果你能看懂的话,可以通过搜索特征码的方式找到1.25.2.2版本的地址。
[穿一件顶全套]
物品套装类型数据find access
装备戒指1
1 Torchlight2.exe+3D0A45 - 89 47 40 - mov [edi+40],eax eax=装备套装类型数据
11 Torchlight2.exe+3CDECB - 83 78 40 00 - cmp dword ptr [eax+40],00
11 Torchlight2.exe+3CDEEA - 8B 52 40 - mov edx,[edx+40] 读取
7 Torchlight2.exe+3CB4D2 - 83 7E 40 00 - cmp dword ptr [esi+40],00
7 Torchlight2.exe+3CB4E9 - 39 5E 40 - cmp [esi+40],ebx 这里就是上面分析过的,只影响显示的套装数据,结果。
Torchlight2.exe+3CDE40 - 51 - push ecx
Torchlight2.exe+3CDE41 - 56 - push esi
Torchlight2.exe+3CDE42 - 57 - push edi
Torchlight2.exe+3CDE43 - 33 FF - xor edi,edi
Torchlight2.exe+3CDE45 - 8B F1 - mov esi,ecx
Torchlight2.exe+3CDE47 - 89 7C 24 08 - mov [esp+08],edi
Torchlight2.exe+3CDE4B - 39 7E 20 - cmp [esi+20],edi
Torchlight2.exe+3CDE4E - 0F86 2E010000 - jbe Torchlight2.exe+3CDF82
Torchlight2.exe+3CDE54 - 53 - push ebx
Torchlight2.exe+3CDE55 - 8B 5C 24 14 - mov ebx,[esp+14]
Torchlight2.exe+3CDE59 - 55 - push ebp
Torchlight2.exe+3CDE5A - 8D 9B 00000000 - lea ebx,[ebx+00000000]
Torchlight2.exe+3CDE60 - 80 7C 24 20 00 - cmp byte ptr [esp+20],00
Torchlight2.exe+3CDE65 - 74 1A - je Torchlight2.exe+3CDE81
Torchlight2.exe+3CDE67 - 8B 46 1C - mov eax,[esi+1C]
Torchlight2.exe+3CDE6A - 3B 7E 24 - cmp edi,[esi+24]
Torchlight2.exe+3CDE6D - 73 03 - jae Torchlight2.exe+3CDE72
Torchlight2.exe+3CDE6F - 8D 04 B8 - lea eax,[eax+edi*4]
Torchlight2.exe+3CDE72 - 8B 08 - mov ecx,[eax]
Torchlight2.exe+3CDE74 - 8B 51 30 - mov edx,[ecx+30]
Torchlight2.exe+3CDE77 - 80 7A 25 00 - cmp byte ptr [edx+25],00
Torchlight2.exe+3CDE7B - 0F84 F1000000 - je Torchlight2.exe+3CDF72
Torchlight2.exe+3CDE81 - 80 7C 24 24 00 - cmp byte ptr [esp+24],00
Torchlight2.exe+3CDE86 - 75 1A - jne Torchlight2.exe+3CDEA2
Torchlight2.exe+3CDE88 - 8B 46 1C - mov eax,[esi+1C]
Torchlight2.exe+3CDE8B - 3B 7E 24 - cmp edi,[esi+24]
Torchlight2.exe+3CDE8E - 73 03 - jae Torchlight2.exe+3CDE93
Torchlight2.exe+3CDE90 - 8D 04 B8 - lea eax,[eax+edi*4]
Torchlight2.exe+3CDE93 - 8B 08 - mov ecx,[eax]
Torchlight2.exe+3CDE95 - 8B 51 30 - mov edx,[ecx+30]
Torchlight2.exe+3CDE98 - 80 7A 24 01 - cmp byte ptr [edx+24],01
Torchlight2.exe+3CDE9C - 0F84 D0000000 - je Torchlight2.exe+3CDF72
Torchlight2.exe+3CDEA2 - 8B 46 1C - mov eax,[esi+1C]
Torchlight2.exe+3CDEA5 - 3B 7E 24 - cmp edi,[esi+24]
Torchlight2.exe+3CDEA8 - 73 03 - jae Torchlight2.exe+3CDEAD
Torchlight2.exe+3CDEAA - 8D 04 B8 - lea eax,[eax+edi*4]
Torchlight2.exe+3CDEAD - 8B 08 - mov ecx,[eax]
Torchlight2.exe+3CDEAF - 80 79 44 00 - cmp byte ptr [ecx+44],00
Torchlight2.exe+3CDEB3 - 0F84 B9000000 - je Torchlight2.exe+3CDF72
Torchlight2.exe+3CDEB9 - 3B 7E 24 - cmp edi,[esi+24]
Torchlight2.exe+3CDEBC - 73 08 - jae Torchlight2.exe+3CDEC6
Torchlight2.exe+3CDEBE - 8B 56 1C - mov edx,[esi+1C]
Torchlight2.exe+3CDEC1 - 8D 04 BA - lea eax,[edx+edi*4]
Torchlight2.exe+3CDEC4 - EB 03 - jmp Torchlight2.exe+3CDEC9
Torchlight2.exe+3CDEC6 - 8B 46 1C - mov eax,[esi+1C]
Torchlight2.exe+3CDEC9 - 8B 00 - mov eax,[eax]
Torchlight2.exe+3CDECB - 83 78 40 00 - cmp dword ptr [eax+40],00
Torchlight2.exe+3CDECF - 0F84 9D000000 - je Torchlight2.exe+3CDF72 1这个部位没有装备物品,或不是套装
Torchlight2.exe+3CDED5 - 3B 7E 24 - cmp edi,[esi+24]
Torchlight2.exe+3CDED8 - 73 08 - jae Torchlight2.exe+3CDEE2
Torchlight2.exe+3CDEDA - 8B 4E 1C - mov ecx,[esi+1C]
Torchlight2.exe+3CDEDD - 8D 04 B9 - lea eax,[ecx+edi*4]
Torchlight2.exe+3CDEE0 - EB 03 - jmp Torchlight2.exe+3CDEE5
Torchlight2.exe+3CDEE2 - 8B 46 1C - mov eax,[esi+1C]
Torchlight2.exe+3CDEE5 - 8B 10 - mov edx,[eax]
Torchlight2.exe+3CDEE7 - 8B 6B 04 - mov ebp,[ebx+04]
Torchlight2.exe+3CDEEA - 8B 52 40 - mov edx,[edx+40]
Torchlight2.exe+3CDEED - 33 C0 - xor eax,eax
Torchlight2.exe+3CDEEF - 85 ED - test ebp,ebp
Torchlight2.exe+3CDEF1 - 76 0E - jna Torchlight2.exe+3CDF01 1第一件 0不是第一件 //改为jmp后,套装每件都会独立计算,可以重复获得套装效果。
Torchlight2.exe+3CDEF3 - 8B 0B - mov ecx,[ebx]
Torchlight2.exe+3CDEF5 - 39 11 - cmp [ecx],edx
Torchlight2.exe+3CDEF7 - 74 15 - je Torchlight2.exe+3CDF0E 1套装类型相同 //改为nop后,无法获得套装效果。
Torchlight2.exe+3CDEF9 - 40 - inc eax
Torchlight2.exe+3CDEFA - 83 C1 04 - add ecx,04
Torchlight2.exe+3CDEFD - 3B C5 - cmp eax,ebp
Torchlight2.exe+3CDEFF - 72 F4 - jb Torchlight2.exe+3CDEF5
Torchlight2.exe+3CDF01 - 3B 7E 24 - cmp edi,[esi+24]
Torchlight2.exe+3CDF04 - 73 26 - jae Torchlight2.exe+3CDF2C
Torchlight2.exe+3CDF06 - 8B 56 1C - mov edx,[esi+1C]
Torchlight2.exe+3CDF09 - 8D 04 BA - lea eax,[edx+edi*4]
Torchlight2.exe+3CDF0C - EB 21 - jmp Torchlight2.exe+3CDF2F
Torchlight2.exe+3CDF0E - 83 F8 FF - cmp eax,-01 { 255 }
Torchlight2.exe+3CDF11 - 74 EE - je Torchlight2.exe+3CDF01
Torchlight2.exe+3CDF13 - 8B 4C 24 1C - mov ecx,[esp+1C]
Torchlight2.exe+3CDF17 - 3B 41 08 - cmp eax,[ecx+08]
Torchlight2.exe+3CDF1A - 73 0A - jae Torchlight2.exe+3CDF26
Torchlight2.exe+3CDF1C - 8B 09 - mov ecx,[ecx]
Torchlight2.exe+3CDF1E - FF 04 81 - inc [ecx+eax*4]
Torchlight2.exe+3CDF21 - 8D 04 81 - lea eax,[ecx+eax*4]
Torchlight2.exe+3CDF24 - EB 4C - jmp Torchlight2.exe+3CDF72
Torchlight2.exe+3CDF26 - 8B 01 - mov eax,[ecx]
Torchlight2.exe+3CDF28 - FF 00 - inc [eax]
Torchlight2.exe+3CDF2A - EB 46 - jmp Torchlight2.exe+3CDF72
Torchlight2.exe+3CDF2C - 8B 46 1C - mov eax,[esi+1C]
Torchlight2.exe+3CDF2F - 8B 00 - mov eax,[eax]
Torchlight2.exe+3CDF31 - 8B 78 40 - mov edi,[eax+40]
Torchlight2.exe+3CDF34 - 3B 6B 08 - cmp ebp,[ebx+08]
Torchlight2.exe+3CDF37 - 72 07 - jb Torchlight2.exe+3CDF40
Torchlight2.exe+3CDF39 - 8B CB - mov ecx,ebx
Torchlight2.exe+3CDF3B - E8 70890000 - call Torchlight2.exe+3D68B0
Torchlight2.exe+3CDF40 - 8B 4B 04 - mov ecx,[ebx+04]
Torchlight2.exe+3CDF43 - 8B 13 - mov edx,[ebx]
Torchlight2.exe+3CDF45 - 89 3C 8A - mov [edx+ecx*4],edi
Torchlight2.exe+3CDF48 - 8B 7C 24 1C - mov edi,[esp+1C]
Torchlight2.exe+3CDF4C - BD 01000000 - mov ebp,00000001
Torchlight2.exe+3CDF51 - 01 6B 04 - add [ebx+04],ebp
Torchlight2.exe+3CDF54 - 8B 47 04 - mov eax,[edi+04]
Torchlight2.exe+3CDF57 - 3B 47 08 - cmp eax,[edi+08]
Torchlight2.exe+3CDF5A - 72 07 - jb Torchlight2.exe+3CDF63
Torchlight2.exe+3CDF5C - 8B CF - mov ecx,edi
Torchlight2.exe+3CDF5E - E8 4D890000 - call Torchlight2.exe+3D68B0
Torchlight2.exe+3CDF63 - 8B 4F 04 - mov ecx,[edi+04]
Torchlight2.exe+3CDF66 - 8B 17 - mov edx,[edi]
Torchlight2.exe+3CDF68 - 89 2C 8A - mov [edx+ecx*4],ebp
Torchlight2.exe+3CDF6B - 01 6F 04 - add [edi+04],ebp
Torchlight2.exe+3CDF6E - 8B 7C 24 10 - mov edi,[esp+10]
Torchlight2.exe+3CDF72 - 47 - inc edi
Torchlight2.exe+3CDF73 - 89 7C 24 10 - mov [esp+10],edi
Torchlight2.exe+3CDF77 - 3B 7E 20 - cmp edi,[esi+20]
Torchlight2.exe+3CDF7A - 0F82 E0FEFFFF - jb Torchlight2.exe+3CDE60
Torchlight2.exe+3CDF80 - 5D - pop ebp
Torchlight2.exe+3CDF81 - 5B - pop ebx
Torchlight2.exe+3CDF82 - 5F - pop edi
Torchlight2.exe+3CDF83 - 5E - pop esi
Torchlight2.exe+3CDF84 - 59 - pop ecx
Torchlight2.exe+3CDF85 - C2 1000 - ret 0010 { 16 }
返回后
Torchlight2.exe+3CA4F5 - 56 - push esi
Torchlight2.exe+3CA4F6 - 6A 01 - push 01
Torchlight2.exe+3CA4F8 - 68 AC601004 - push Torchlight2.exe+38560AC
Torchlight2.exe+3CA4FD - 68 BC601004 - push Torchlight2.exe+38560BC
Torchlight2.exe+3CA502 - E8 39390000 - call Torchlight2.exe+3CDE40 套装id1
Torchlight2.exe+3CA507 - 43 - inc ebx
Torchlight2.exe+3CA508 - 3B 5F 1C - cmp ebx,[edi+1C]
Torchlight2.exe+3CA50B - 72 C3 - jb Torchlight2.exe+3CA4D0
Torchlight2.exe+3CA50D - 33 C9 - xor ecx,ecx
Torchlight2.exe+3CA50F - 89 4C 24 48 - mov [esp+48],ecx
Torchlight2.exe+3CA513 - 39 35 C0601004 - cmp [Torchlight2.exe+38560C0],esi
Torchlight2.exe+3CA519 - 0F86 59010000 - jbe Torchlight2.exe+3CA678
Torchlight2.exe+3CA51F - 90 - nop
Torchlight2.exe+3CA520 - 3B 0D C4601004 - cmp ecx,[Torchlight2.exe+38560C4]
Torchlight2.exe+3CA526 - 73 0B - jae Torchlight2.exe+3CA533
Torchlight2.exe+3CA528 - 8B 15 BC601004 - mov edx,[Torchlight2.exe+38560BC]
Torchlight2.exe+3CA52E - 8D 04 8A - lea eax,[edx+ecx*4]
Torchlight2.exe+3CA531 - EB 05 - jmp Torchlight2.exe+3CA538
Torchlight2.exe+3CA533 - A1 BC601004 - mov eax,[Torchlight2.exe+38560BC]
Torchlight2.exe+3CA538 - 8B 38 - mov edi,[eax]
Torchlight2.exe+3CA53A - A1 AC601004 - mov eax,[Torchlight2.exe+38560AC]
Torchlight2.exe+3CA53F - 3B 0D B4601004 - cmp ecx,[Torchlight2.exe+38560B4] { [0000000A] }
Torchlight2.exe+3CA545 - 73 03 - jae Torchlight2.exe+3CA54A
Torchlight2.exe+3CA547 - 8D 04 88 - lea eax,[eax+ecx*4] //这里改为 mov eax,10,就可以1件获得全套效果。
Torchlight2.exe+3CA54A - 8B 00 - mov eax,[eax]
Torchlight2.exe+3CA54C - 33 F6 - xor esi,esi
Torchlight2.exe+3CA54E - 89 44 24 4C - mov [esp+4C],eax 装备的套装数量
Torchlight2.exe+3CA552 - 3B FE - cmp edi,esi
Torchlight2.exe+3CA554 - 0F84 07010000 - je Torchlight2.exe+3CA661
Torchlight2.exe+3CA55A - 3B C6 - cmp eax,esi
Torchlight2.exe+3CA55C - 0F86 FF000000 - jbe Torchlight2.exe+3CA661
...
Torchlight2.exe+3CA5CA - 72 02 - jb Torchlight2.exe+3CA5CE
Torchlight2.exe+3CA5CC - 8B C8 - mov ecx,eax
Torchlight2.exe+3CA5CE - 8B 09 - mov ecx,[ecx]
Torchlight2.exe+3CA5D0 - 8B 5C 24 4C - mov ebx,[esp+4C] 套装装备的数量
Torchlight2.exe+3CA5D4 - 39 59 24 - cmp [ecx+24],ebx ds=2
Torchlight2.exe+3CA5D7 - 7F 4C - jg Torchlight2.exe+3CA625 0装备的大于2件
Torchlight2.exe+3CA5D9 - 8B 4C 24 44 - mov ecx,[esp+44]
Torchlight2.exe+3CA5DD - 8B 49 40 - mov ecx,[ecx+40]
Torchlight2.exe+3CA5E0 - 8B 99 C4010000 - mov ebx,[ecx+000001C4]
Torchlight2.exe+3CA5E6 - 8D 0C B0 - lea ecx,[eax+esi*4]
Torchlight2.exe+3CA5E9 - 3B F2 - cmp esi,edx
Torchlight2.exe+3CA5EB - 72 04 - jb Torchlight2.exe+3CA5F1
Torchlight2.exe+3CA5ED - 8B C8 - mov ecx,eax
Torchlight2.exe+3CA5EF - EB 03 - jmp Torchlight2.exe+3CA5F4
Torchlight2.exe+3CA5F1 - 8D 04 B0 - lea eax,[eax+esi*4]
Torchlight2.exe+3CA5F4 - D9E8 - fld1
Torchlight2.exe+3CA5F6 - 8B 11 - mov edx,[ecx]
Torchlight2.exe+3CA5F8 - 8B 4A 20 - mov ecx,[edx+20]
Torchlight2.exe+3CA5FB - 8B 10 - mov edx,[eax]
Torchlight2.exe+3CA5FD - 8B 44 24 44 - mov eax,[esp+44]
Torchlight2.exe+3CA601 - 83 EC 0C - sub esp,0C
Torchlight2.exe+3CA604 - D9 54 24 08 - fst dword ptr [esp+08]
Torchlight2.exe+3CA608 - 83 C2 04 - add edx,04 { 4 }
Torchlight2.exe+3CA60B - D9 5C 24 04 - fstp dword ptr [esp+04]
Torchlight2.exe+3CA60F - D9 05 D8C55E02 - fld dword ptr [Torchlight2.exe+1D3C5D8] { [-1.00] }
Torchlight2.exe+3CA615 - D9 1C 24 - fstp dword ptr [esp]
Torchlight2.exe+3CA618 - 53 - push ebx
Torchlight2.exe+3CA619 - 6A 00 - push 00
Torchlight2.exe+3CA61B - 51 - push ecx
Torchlight2.exe+3CA61C - 8B 48 44 - mov ecx,[eax+44]
Torchlight2.exe+3CA61F - 52 - push edx
Torchlight2.exe+3CA620 - E8 AB5AFEFF - call Torchlight2.exe+3B00D0
Torchlight2.exe+3CA625 - 46 - inc esi
Torchlight2.exe+3CA626 - 3B 77 04 - cmp esi,[edi+04]
Torchlight2.exe+3CA629 - 72 95 - jb Torchlight2.exe+3CA5C0
Torchlight2.exe+3CA62B - 8B 5C 24 44 - mov ebx,[esp+44]
Torchlight2.exe+3CA62F - 8B 4B 40 - mov ecx,[ebx+40]
Torchlight2.exe+3CA632 - E8 8974D4FF - call Torchlight2.exe+111AC0
Torchlight2.exe+3CA637 - 84 C0 - test al,al
Torchlight2.exe+3CA639 - 74 22 - je Torchlight2.exe+3CA65D
Torchlight2.exe+3CA63B - 8B CF - mov ecx,edi
Torchlight2.exe+3CA63D - E8 CEA8E8FF - call Torchlight2.exe+254F10
Torchlight2.exe+3CA642 - 39 44 24 4C - cmp [esp+4C],eax ds=a 套装最大件数?
Torchlight2.exe+3CA646 - 72 15 - jb Torchlight2.exe+3CA65D 1小于最大件数
Torchlight2.exe+3CA648 - 6A 72 - push 72 { 114 }
Torchlight2.exe+3CA64A - E8 017F0000 - call Torchlight2.exe+3D2550
Torchlight2.exe+3CA64F - 8B C8 - mov ecx,eax
Torchlight2.exe+3CA651 - E8 7A820000 - call Torchlight2.exe+3D28D0
Torchlight2.exe+3CA656 - 8B C8 - mov ecx,eax
Torchlight2.exe+3CA658 - E8 D37D0000 - call Torchlight2.exe+3D2430
Torchlight2.exe+3CA65D - 8B 4C 24 48 - mov ecx,[esp+48]
|
|
发表于 2016-9-1 20:54
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
楼主
