馬上加入Android 台灣中文網,立即免費下載應用遊戲。
您需要 登錄 才可以下載或查看,沒有帳號?註冊
x
最直接的想法是
應該會有個地方處理扣錢的動作
將相應的sub改為add
就能由扣錢變加錢
找了下 有找到
; CPopupCandyShop::SuccessBuyItem(void)
看下裡面寫些啥
; CPopupCandyShop::SuccessBuyItem(void)
EXPORT _ZN15CPopupCandyShop14SuccessBuyItemEv
_ZN15CPopupCandyShop14SuccessBuyItemEv
var_28 = -0x28
var_24 = -0x24
2D E9 F7 43 PUSH.W {R0-R2,R4-R9,LR}
04 46 MOV R4, R0
03 69 LDR R3, [R0,#0x10]
A0 4D LDR R5, =(_GLOBAL_OFFSET_TABLE_ - 0x169954)
1B 2B CMP R3, #0x1B
7D 44 ADD R5, PC ; _GLOBAL_OFFSET_TABLE_
5E D1 BNE loc_169A12
D0 F8 9C 32 LDR.W R3, [R0,#0x29C]
D0 F8 94 22 LDR.W R2, [R0,#0x294]
01 33 ADDS R3, #1
9A 42 CMP R2, R3
0C D0 BEQ loc_16997C
50 E0 B loc_169A06
; ---------------------------------------------------------------------------
loc_169964 ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+46�j
50 F8 26 00 LDR.W R0, [R0,R6,LSL#2]
30 B1 CBZ R0, loc_169978
03 68 LDR R3, [R0]
5B 68 LDR R3, [R3,#4]
98 47 BLX R3
D4 F8 64 33 LDR.W R3, [R4,#0x364]
43 F8 26 70 STR.W R7, [R3,R6,LSL#2]
loc_169978 ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+24�j
01 36 ADDS R6, #1
01 E0 B loc_169980
; ---------------------------------------------------------------------------
loc_16997C ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+1C�j
00 26 MOVS R6, #0
37 46 MOV R7, R6
loc_169980 ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+36�j
D4 F8 90 32 LDR.W R3, [R4,#0x290]
D4 F8 64 03 LDR.W R0, [R4,#0x364]
9E 42 CMP R6, R3
EB DB BLT loc_169964
08 B1 CBZ R0, loc_169992
3E F7 FC FC BL _ZdaPv ; operator delete[](void *)
loc_169992 ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+48�j
D4 F8 E0 03 LDR.W R0, [R4,#0x3E0]
00 23 MOVS R3, #0
C4 F8 64 33 STR.W R3, [R4,#0x364]
10 B1 CBZ R0, loc_1699A4
03 68 LDR R3, [R0]
5B 68 LDR R3, [R3,#4]
98 47 BLX R3
loc_1699A4 ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+58�j
D4 F8 7C 32 LDR.W R3, [R4,#0x27C]
00 26 MOVS R6, #0
C4 F8 E0 63 STR.W R6, [R4,#0x3E0]
02 21 MOVS R1, #2
D3 F8 AC 34 LDR.W R3, [R3,#0x4AC]
0A 46 MOV R2, R1
D3 F8 34 06 LDR.W R0, [R3,#0x634]
1E 23 MOVS R3, #0x1E
7D F0 8A FA BL _ZN11CMCharacter12GetCharacterEiiz ; CMCharacter::GetCharacter(int,int,...)
C4 F8 E0 03 STR.W R0, [R4,#0x3E0]
7C F0 38 FF BL _ZN11CMCharacter11setIsMyHeroEv ; CMCharacter::setIsMyHero(void)
02 21 MOVS R1, #2
D4 F8 E0 03 LDR.W R0, [R4,#0x3E0]
7C F0 62 FF BL _ZN11CMCharacter9setMotionE11EMotionType ; CMCharacter::setMotion(EMotionType)
20 46 MOV R0, R4
FA F7 70 FC BL _ZN15CPopupCandyShop16SetCurrentAvatarEv ; CPopupCandyShop::SetCurrentAvatar(void)
7E 4B LDR R3, =(m_pDataMgr_ptr - 0x2B6D8C)
8B 21 MOVS R1, #0X8B
32 46 MOV R2, R6
EB 58 LDR R3, [R5,R3] ; m_pDataMgr
00 96 STR R6, [SP,#0x28+var_28]
18 68 LDR R0, [R3]
03 23 MOVS R3, #3
4B F7 7B F9 BL _ZN8CDataMgr9loadPopupEiPcii ; CDataMgr::loadPopup(int,char *,int,int)
7B 4B LDR R3, =(m_pNetMgr_ptr - 0x2B6D8C)
04 21 MOVS R1, #4
32 46 MOV R2, R6
EB 58 LDR R3, [R5,R3] ; m_pNetMgr
18 68 LDR R0, [R3]
8C F7 02 F9 BL _ZN11CNetManager11PushSendMsgEih ; CNetManager::PushSendMsg(int,uchar)
C4 F8 90 62 STR.W R6, [R4,#0x290]
20 46 MOV R0, R4
31 46 MOV R1, R6
4D E0 B loc_169A9E
; ---------------------------------------------------------------------------
loc_169A02 ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+16A�j
; CPopupCandyShop::SuccessBuyItem(void)+16E�j ...
23 61 STR R3, [R4,#0x10]
E1 E0 B loc_169BCA
; ---------------------------------------------------------------------------
loc_169A06 ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+1E�j
C0 F8 9C 32 STR.W R3, [R0,#0x29C]
73 4B LDR R3, =(m_pNetMgr_ptr - 0x2B6D8C)
EB 58 LDR R3, [R5,R3] ; m_pNetMgr
18 68 LDR R0, [R3]
53 E0 B loc_169ABA
; ---------------------------------------------------------------------------
loc_169A12 ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+E�j
71 4A LDR R2, =(m_pNetMgr_ptr - 0x2B6D8C)
19 2B CMP R3, #0x19
AE 58 LDR R6, [R5,R2] ; m_pNetMgr
6A D1 BNE loc_169AF0
D0 F8 9C 32 LDR.W R3, [R0,#0x29C]
D0 F8 94 22 LDR.W R2, [R0,#0x294]
01 33 ADDS R3, #1
9A 42 CMP R2, R3
45 D1 BNE loc_169AB4
D0 F8 E0 03 LDR.W R0, [R0,#0x3E0]
10 B1 CBZ R0, loc_169A34
03 68 LDR R3, [R0]
5B 68 LDR R3, [R3,#4]
98 47 BLX R3
loc_169A34 ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+E8�j
D4 F8 7C 32 LDR.W R3, [R4,#0x27C]
00 27 MOVS R7, #0
C4 F8 E0 73 STR.W R7, [R4,#0x3E0]
02 21 MOVS R1, #2
D3 F8 AC 34 LDR.W R3, [R3,#0x4AC]
0A 46 MOV R2, R1
D3 F8 34 06 LDR.W R0, [R3,#0x634]
1E 23 MOVS R3, #0x1E
7D F0 42 FA BL _ZN11CMCharacter12GetCharacterEiiz ; CMCharacter::GetCharacter(int,int,...)
C4 F8 E0 03 STR.W R0, [R4,#0x3E0]
7C F0 F0 FE BL _ZN11CMCharacter11setIsMyHeroEv ; CMCharacter::setIsMyHero(void)
02 21 MOVS R1, #2
D4 F8 E0 03 LDR.W R0, [R4,#0x3E0]
7C F0 1A FF BL _ZN11CMCharacter9setMotionE11EMotionType ; CMCharacter::setMotion(EMotionType)
20 46 MOV R0, R4
FA F7 28 FC BL _ZN15CPopupCandyShop16SetCurrentAvatarEv ; CPopupCandyShop::SetCurrentAvatar(void)
5A 4B LDR R3, =(m_pDataMgr_ptr - 0x2B6D8C)
99 21 MOVS R1, #0x99
3A 46 MOV R2, R7
ED 58 LDR R5, [R5,R3] ; m_pDataMgr
03 23 MOVS R3, #3
00 97 STR R7, [SP,#0x28+var_28]
28 68 LDR R0, [R5]
4B F7 33 F9 BL _ZN8CDataMgr9loadPopupEiPcii ; CDataMgr::loadPopup(int,char *,int,int)
28 68 LDR R0, [R5]
01 23 MOVS R3, #1
00 97 STR R7, [SP,#0x28+var_28]
01 93 STR R3, [SP,#0x28+var_24]
02 21 MOVS R1, #2
82 6B LDR R2, [R0,#0x38]
3B 46 MOV R3, R7
4C F7 A2 FD BL _ZN8CDataMgr18SetInvenInfomationEiihhh ; CDataMgr::SetInvenInfomation(int,int,uchar,uchar,uchar)
30 68 LDR R0, [R6]
04 21 MOVS R1, #4
3A 46 MOV R2, R7
8C F7 B3 F8 BL _ZN11CNetManager11PushSendMsgEih ; CNetManager::PushSendMsg(int,uchar)
20 46 MOV R0, R4
39 46 MOV R1, R7
C4 F8 90 72 STR.W R7, [R4,#0x290]
loc_169A9E ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+BC�j
FF F7 C9 FB BL _ZN15CPopupCandyShop12SetTypeAvataEh ; CPopupCandyShop::SetTypeAvata(uchar)
94 F8 85 32 LDRB.W R3, [R4,#0x285]
09 2B CMP R3, #9
18 BF IT NE
4F F0 FF 33 MOVNE.W R3, #0xFFFFFFFF
A8 D1 BNE loc_169A02
1F 23 MOVS R3, #0x1F
A6 E7 B loc_169A02
; ---------------------------------------------------------------------------
loc_169AB4 ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+E2�j
C0 F8 9C 32 STR.W R3, [R0,#0x29C]
30 68 LDR R0, [R6]
loc_169ABA ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+CC�j
00 F5 80 23 ADD.W R3, R0, #0x40000
05 21 MOVS R1, #5
D3 F8 2C 21 LDR.W R2, [R3,#0x12C]
D1 65 STR R1, [R2,#0x5C]
D4 F8 9C 52 LDR.W R5, [R4,#0x29C]
D4 F8 64 13 LDR.W R1, [R4,#0x364]
D3 F8 2C 21 LDR.W R2, [R3,#0x12C]
51 F8 25 10 LDR.W R1, [R1,R5,LSL#2]
D1 F8 00 11 LDR.W R1, [R1,#0x100]
11 67 STR R1, [R2,#0x70]
01 22 MOVS R2, #1
D3 F8 2C 31 LDR.W R3, [R3,#0x12C]
46 21 MOVS R1, #0x46
9A 67 STR R2, [R3,#0x78]
03 B0 ADD SP, SP, #0xC
BD E8 F0 43 POP.W {R4-R9,LR}
93 F7 24 BC B.W _ZN11CNetManager13SendMsgDirectEi ; CNetManager::SendMsgDirect(int)
; ---------------------------------------------------------------------------
loc_169AF0 ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+D4�j
1A 2B CMP R3, #0x1A
17 D1 BNE loc_169B24
37 4B LDR R3, =(m_pDataMgr_ptr - 0x2B6D8C)
8B 21 MOVS R1, #0x8B
EB 58 LDR R3, [R5,R3] ; m_pDataMgr
00 25 MOVS R5, #0
00 95 STR R5, [SP,#0x28+var_28]
2A 46 MOV R2, R5
18 68 LDR R0, [R3]
03 23 MOVS R3, #3
4B F7 EC F8 BL _ZN8CDataMgr9loadPopupEiPcii ; CDataMgr::loadPopup(int,char *,int,int)
30 68 LDR R0, [R6]
04 21 MOVS R1, #4
4F F0 FF 36 MOV.W R6, #0xFFFFFFFF
00 F5 80 23 ADD.W R3, R0, #0x40000
2A 46 MOV R2, R5
D3 F8 2C 31 LDR.W R3, [R3,#0x12C]
5E 65 STR R6, [R3,#0x54]
8C F7 6E F8 BL _ZN11CNetManager11PushSendMsgEih ; CNetManager::PushSendMsg(int,uchar)
26 61 STR R6, [R4,#0x10]
52 E0 B loc_169BCA
; ---------------------------------------------------------------------------
loc_169B24 ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+1AE�j
33 68 LDR R3, [R6]
03 F5 80 23 ADD.W R3, R3, #0x40000
D3 F8 2C 31 LDR.W R3, [R3,#0x12C]
DA 6D LDR R2, [R3,#0x5C]
0C 2A CMP R2, #0xC
15 D1 BNE loc_169B60
1B 6F LDR R3, [R3,#0x70]
01 2B CMP R3, #1
47 D1 BNE loc_169BCA
26 4B LDR R3, =(m_pDataMgr_ptr - 0x2B6D8C)
00 22 MOVS R2, #0
17 21 MOVS R1, #0x17
EB 58 LDR R3, [R5,R3] ; m_pDataMgr
00 92 STR R2, [SP,#0x28+var_28]
18 68 LDR R0, [R3]
03 23 MOVS R3, #3
4B F7 CA F8 BL _ZN8CDataMgr9loadPopupEiPcii ; CDataMgr::loadPopup(int,char *,int,int)
33 68 LDR R3, [R6]
4F F0 FF 32 MOV.W R2, #0xFFFFFFFF
03 F5 80 23 ADD.W R3, R3, #0x40000
D3 F8 2C 31 LDR.W R3, [R3,#0x12C]
5A 65 STR R2, [R3,#0x54]
13 23 MOVS R3, #0x13
50 E7 B loc_169A02
; ---------------------------------------------------------------------------
loc_169B60 ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+1EE�j
1C 4B LDR R3, =(m_pDataMgr_ptr - 0x2B6D8C)
33 21 MOVS R1, #0x33
4F F0 01 08 MOV.W R8, #1
4F F0 FF 39 MOV.W R9, #0xFFFFFFFF
EF 58 LDR R7, [R5,R3] ; m_pDataMgr
00 25 MOVS R5, #0
00 95 STR R5, [SP,#0x28+var_28]
03 23 MOVS R3, #3
2A 46 MOV R2, R5
38 68 LDR R0, [R7]
4B F7 B2 F8 BL _ZN8CDataMgr9loadPopupEiPcii ; CDataMgr::loadPopup(int,char *,int,int)
33 68 LDR R3, [R6]
38 68 LDR R0, [R7]
41 46 MOV R1, R8
03 F5 80 23 ADD.W R3, R3, #0x40000
D3 F8 2C 31 LDR.W R3, [R3,#0x12C]
C3 F8 54 90 STR.W R9, [R3,#0x54]
2B 46 MOV R3, R5
00 95 STR R5, [SP,#0x28+var_28]
CD F8 04 80 STR.W R8, [SP,#0x28+var_24]
82 6B LDR R2, [R0,#0x38]
4C F7 1A FD BL _ZN8CDataMgr18SetInvenInfomationEiihhh ; CDataMgr::SetInvenInfomation(int,int,uchar,uchar,uchar)
38 68 LDR R0, [R7]
29 46 MOV R1, R5
8D E8 20 01 STMEA.W SP, {R5,R8}
2B 46 MOV R3, R5
82 6B LDR R2, [R0,#0x38]
4C F7 12 FD BL _ZN8CDataMgr18SetInvenInfomationEiihhh ; CDataMgr::SetInvenInfomation(int,int,uchar,uchar,uchar)
38 68 LDR R0, [R7]
02 21 MOVS R1, #2
8D E8 20 01 STMEA.W SP, {R5,R8}
2B 46 MOV R3, R5
82 6B LDR R2, [R0,#0x38]
4C F7 0A FD BL _ZN8CDataMgr18SetInvenInfomationEiihhh ; CDataMgr::SetInvenInfomation(int,int,uchar,uchar,uchar)
30 68 LDR R0, [R6]
04 21 MOVS R1, #4
2A 46 MOV R2, R5
8C F7 1B F8 BL _ZN11CNetManager11PushSendMsgEih ; CNetManager::PushSendMsg(int,uchar)
C4 F8 10 90 STR.W R9, [R4,#0x10]
loc_169BCA ; CODE XREF: CPopupCandyShop::SuccessBuyItem(void)+C0�j
; CPopupCandyShop::SuccessBuyItem(void)+1DE�j ...
03 B0 ADD SP, SP, #0xC
BD E8 F0 83 POP.W {R4-R9,PC}
; End of function CPopupCandyShop::SuccessBuyItem(void)
先不論伺服端是否另有驗証的機制
怎會只看到一堆add 沒找到sub咧
求大神解答XD |
鑽石
碎鑽
金豆
收藏
分享
專題
提升卡
變色卡
排首位
