004024F0 /$ 51 PUSH ECX ; 锁定血量004024F1 |. B0 90 MOV AL,90004024F3 |. 56 PUSH ESI004024F4 |. 8B7424 0C MOV ESI,DWORD PTR SS:[ESP+C]004024F8 |. 884424 04 MOV BYTE PTR SS:[ESP+4],AL004024FC |. 884424 05 MOV BYTE PTR SS:[ESP+5],AL00402500 |. A1 CC454000 MOV EAX,DWORD PTR DS:[4045CC]00402505 |. 83C0 0E ADD EAX,0E00402508 |. 6A 00 PUSH 00040250A |. 85F6 TEST ESI,ESI0040250C |. C64424 0A EB MOV BYTE PTR SS:[ESP+A],0EB00402511 |. C64424 0B 14 MOV BYTE PTR SS:[ESP+B],1400402516 |. 6A 02 PUSH 200402518 |. 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]0040251C |. 75 04 JNZ SHORT Unpacked.004025220040251E |. 8D4C24 0E LEA ECX,DWORD PTR SS:[ESP+E]00402522 |> 8B15 10464000 MOV EDX,DWORD PTR DS:[404610] ; |00402528 |. 51 PUSH ECX ; |Buffer00402529 |. 50 PUSH EAX ; |Address0040252A |. 52 PUSH EDX ; |hProcess => 00001A400040252B |. FF15 40304000 CALL DWORD PTR DS:[<&KERNEL32.WriteProce>; /WriteProcessMemory00402531 |. 56 PUSH ESI00402532 |. E8 29F4FFFF CALL Unpacked.0040196000402537 |. 83C4 04 ADD ESP,40040253A |. 5E POP ESI0040253B |. 59 POP ECX0040253C /. C3 RETN 00402540 /$ 51 PUSH ECX ; 一击必杀00402541 |. B0 03 MOV AL,300402543 |. 56 PUSH ESI00402544 |. 8B7424 0C MOV ESI,DWORD PTR SS:[ESP+C]00402548 |. 884424 05 MOV BYTE PTR SS:[ESP+5],AL0040254C |. 884424 07 MOV BYTE PTR SS:[ESP+7],AL00402550 |. A1 C4454000 MOV EAX,DWORD PTR DS:[4045C4]00402555 |. 83C0 16 ADD EAX,1600402558 |. 6A 00 PUSH 00040255A |. 85F6 TEST ESI,ESI0040255C |. C64424 08 74 MOV BYTE PTR SS:[ESP+8],7400402561 |. C64424 0A EB MOV BYTE PTR SS:[ESP+A],0EB00402566 |. 6A 02 PUSH 200402568 |. 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]0040256C |. 75 04 JNZ SHORT Unpacked.004025720040256E |. 8D4C24 0E LEA ECX,DWORD PTR SS:[ESP+E]00402572 |> 8B15 10464000 MOV EDX,DWORD PTR DS:[404610] ; |00402578 |. 51 PUSH ECX ; |Buffer00402579 |. 50 PUSH EAX ; |Address0040257A |. 52 PUSH EDX ; |hProcess => 00001A400040257B |. FF15 40304000 CALL DWORD PTR DS:[<&KERNEL32.WriteProce>; /WriteProcessMemory00402581 |. 56 PUSH ESI00402582 |. E8 D9F3FFFF CALL Unpacked.0040196000402587 |. 83C4 04 ADD ESP,40040258A |. 5E POP ESI0040258B |. 59 POP ECX0040258C /. C3 RETN 00402670 /$ 51 PUSH ECX ; 保存坐标00402671 |. 8B0D C8454000 MOV ECX,DWORD PTR DS:[4045C8]00402677 |. 8B15 10464000 MOV EDX,DWORD PTR DS:[404610]0040267D |. 56 PUSH ESI0040267E |. 8B35 54304000 MOV ESI,DWORD PTR DS:[<&KERNEL32.ReadPro>; kernel32.ReadProcessMemory00402684 |. 6A 00 PUSH 0 ; /pBytesRead = NULL00402686 |. 8D4424 08 LEA EAX,DWORD PTR SS:[ESP+8] ; |0040268A |. 6A 04 PUSH 4 ; |BytesToRead = 40040268C |. 50 PUSH EAX ; |Buffer0040268D |. 51 PUSH ECX ; |pBaseAddress => E405410040268E |. 52 PUSH EDX ; |hProcess => NULL0040268F |. FFD6 CALL ESI ; /ReadProcessMemory00402691 |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]00402695 |. 6A 00 PUSH 0 ; /pBytesRead = NULL00402697 |. 2D D0010000 SUB EAX,1D0 ; |0040269C |. 6A 04 PUSH 4 ; |BytesToRead = 40040269E |. 68 F8454000 PUSH Unpacked.004045F8 ; |Buffer = Unpacked.004045F8004026A3 |. 894424 10 MOV DWORD PTR SS:[ESP+10],EAX ; |004026A7 |. 50 PUSH EAX ; |pBaseAddress004026A8 |. A1 10464000 MOV EAX,DWORD PTR DS:[404610] ; |004026AD |. 50 PUSH EAX ; |hProcess => NULL004026AE |. FFD6 CALL ESI ; /ReadProcessMemory004026B0 |. 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4]004026B4 |. 8B15 10464000 MOV EDX,DWORD PTR DS:[404610]004026BA |. 6A 00 PUSH 0 ; /pBytesRead = NULL004026BC |. 6A 04 PUSH 4 ; |BytesToRead = 4004026BE |. 83C1 04 ADD ECX,4 ; |004026C1 |. 68 FC454000 PUSH Unpacked.004045FC ; |Buffer = Unpacked.004045FC004026C6 |. 51 PUSH ECX ; |pBaseAddress004026C7 |. 52 PUSH EDX ; |hProcess => NULL004026C8 |. FFD6 CALL ESI ; /ReadProcessMemory004026CA |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]004026CE |. 8B0D 10464000 MOV ECX,DWORD PTR DS:[404610]004026D4 |. 6A 00 PUSH 0 ; /pBytesRead = NULL004026D6 |. 6A 04 PUSH 4 ; |BytesToRead = 4004026D8 |. 83C0 08 ADD EAX,8 ; |004026DB |. 68 00464000 PUSH Unpacked.00404600 ; |Buffer = Unpacked.00404600004026E0 |. 50 PUSH EAX ; |pBaseAddress004026E1 |. 51 PUSH ECX ; |hProcess => NULL004026E2 |. FFD6 CALL ESI ; /ReadProcessMemory004026E4 |. 6A 01 PUSH 1004026E6 |. E8 75F2FFFF CALL Unpacked.00401960004026EB |. 83C4 04 ADD ESP,4004026EE |. 5E POP ESI004026EF |. 59 POP ECX004026F0 /. C3 RETN 00402590 /$ 51 PUSH ECX ; 传送到指定坐标00402591 |. 8B0D C8454000 MOV ECX,DWORD PTR DS:[4045C8]00402597 |. 8B15 10464000 MOV EDX,DWORD PTR DS:[404610]0040259D |. 56 PUSH ESI0040259E |. 8B35 54304000 MOV ESI,DWORD PTR DS:[<&KERNEL32.ReadPro>; kernel32.ReadProcessMemory004025A4 |. 6A 00 PUSH 0 ; /pBytesRead = NULL004025A6 |. 8D4424 08 LEA EAX,DWORD PTR SS:[ESP+8] ; |004025AA |. 6A 04 PUSH 4 ; |BytesToRead = 4004025AC |. 50 PUSH EAX ; |Buffer004025AD |. 51 PUSH ECX ; |pBaseAddress => E40541004025AE |. 52 PUSH EDX ; |hProcess => 00005220004025AF |. FFD6 CALL ESI ; /ReadProcessMemory004025B1 |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]004025B5 |. 6A 00 PUSH 0 ; /pBytesRead = NULL004025B7 |. 2D D0010000 SUB EAX,1D0 ; |004025BC |. 6A 04 PUSH 4 ; |BytesToRead = 4004025BE |. 68 E8454000 PUSH Unpacked.004045E8 ; |Buffer = Unpacked.004045E8004025C3 |. 894424 10 MOV DWORD PTR SS:[ESP+10],EAX ; |004025C7 |. 50 PUSH EAX ; |pBaseAddress004025C8 |. A1 10464000 MOV EAX,DWORD PTR DS:[404610] ; |004025CD |. 50 PUSH EAX ; |hProcess => 00005220004025CE |. FFD6 CALL ESI ; /ReadProcessMemory004025D0 |. 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4]004025D4 |. 8B15 10464000 MOV EDX,DWORD PTR DS:[404610]004025DA |. 6A 00 PUSH 0 ; /pBytesRead = NULL004025DC |. 6A 04 PUSH 4 ; |BytesToRead = 4004025DE |. 83C1 04 ADD ECX,4 ; |004025E1 |. 68 EC454000 PUSH Unpacked.004045EC ; |Buffer = Unpacked.004045EC004025E6 |. 51 PUSH ECX ; |pBaseAddress004025E7 |. 52 PUSH EDX ; |hProcess => 00005220004025E8 |. FFD6 CALL ESI ; /ReadProcessMemory004025EA |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]004025EE |. 8B0D 10464000 MOV ECX,DWORD PTR DS:[404610]004025F4 |. 6A 00 PUSH 0 ; /pBytesRead = NULL004025F6 |. 6A 04 PUSH 4 ; |BytesToRead = 4004025F8 |. 83C0 08 ADD EAX,8 ; |004025FB |. 68 F0454000 PUSH Unpacked.004045F0 ; |Buffer = Unpacked.004045F000402600 |. 50 PUSH EAX ; |pBaseAddress00402601 |. 51 PUSH ECX ; |hProcess => 0000522000402602 |. FFD6 CALL ESI ; /ReadProcessMemory00402604 |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]00402608 |. 8B0D 10464000 MOV ECX,DWORD PTR DS:[404610]0040260E |. 8B35 40304000 MOV ESI,DWORD PTR DS:[<&KERNEL32.WritePr>; kernel32.WriteProcessMemory00402614 |. 6A 00 PUSH 0 ; /pBytesWritten = NULL00402616 |. 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+10] ; |0040261A |. 6A 04 PUSH 4 ; |BytesToWrite = 40040261C |. 52 PUSH EDX ; |Buffer0040261D |. 50 PUSH EAX ; |Address0040261E |. 51 PUSH ECX ; |hProcess => 000052200040261F |. FFD6 CALL ESI ; /WriteProcessMemory00402621 |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]00402625 |. 8B0D 10464000 MOV ECX,DWORD PTR DS:[404610]0040262B |. 6A 00 PUSH 0 ; /pBytesWritten = NULL0040262D |. 8D5424 14 LEA EDX,DWORD PTR SS:[ESP+14] ; |00402631 |. 6A 04 PUSH 4 ; |BytesToWrite = 400402633 |. 83C0 04 ADD EAX,4 ; |00402636 |. 52 PUSH EDX ; |Buffer00402637 |. 50 PUSH EAX ; |Address00402638 |. 51 PUSH ECX ; |hProcess => 0000522000402639 |. FFD6 CALL ESI ; /WriteProcessMemory0040263B |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]0040263F |. 8B0D 10464000 MOV ECX,DWORD PTR DS:[404610]00402645 |. 6A 00 PUSH 0 ; /pBytesWritten = NULL00402647 |. 8D5424 18 LEA EDX,DWORD PTR SS:[ESP+18] ; |0040264B |. 6A 04 PUSH 4 ; |BytesToWrite = 40040264D |. 83C0 08 ADD EAX,8 ; |00402650 |. 52 PUSH EDX ; |Buffer00402651 |. 50 PUSH EAX ; |Address00402652 |. 51 PUSH ECX ; |hProcess => 0000522000402653 |. FFD6 CALL ESI ; /WriteProcessMemory00402655 |. 6A 01 PUSH 100402657 |. E8 04F3FFFF CALL Unpacked.004019600040265C |. 83C4 04 ADD ESP,40040265F |. 5E POP ESI00402660 |. 59 POP ECX00402661 /. C3 RETN
