[EUD新技术][半成品]和动态修改Unit数据有关的自定义触发

castelu · 发表于 2013-8-22 23:50:23

__declspec(naked) BOOL FASTCALL Comment(ActionParams params)
{_asm{
SUB ESP,0x1C
PUSH EDI
MOV EDI,ECX
MOV AL,BYTE PTR DS:[EDI]
TEST AL,AL
JNZ SHORT starcraf_004C4196
MOV EAX,1
POP EDI
ADD ESP,0x1C
RETN
starcraf_004C4196:
DEC AL
PUSH ESI
MOV BYTE PTR SS:[ESP+8],AL
MOV EAX,DWORD PTR SS:[ESP+8]
AND EAX,0xFF
LEA EDX,DWORD PTR SS:[ESP+8]
LEA ESI,DWORD PTR DS:[EAX+EAX*4]
SHL ESI,2
LEA EAX,DWORD PTR DS:[ESI+0x517288]
MOV ECX,EAX
NEG ECX
SBB ECX,ECX
NEG EDX
SBB EDX,EDX
TEST EDX,ECX
JNZ SHORT starcraf_004C41CD
PUSH 0x57
MOV EAX,0x4CDBB0;=<JMP.&Storm.#465>
CALL EAX
JMP SHORT starcraf_004C41F0
starcraf_004C41CD:
MOV CX,WORD PTR DS:[EAX]
MOV WORD PTR SS:[ESP+8],CX
MOV DX,WORD PTR DS:[EAX+8]
MOV WORD PTR SS:[ESP+0xC],DX
MOV CX,WORD PTR DS:[EAX+4]
MOV WORD PTR SS:[ESP+0xA],CX
MOV DX,WORD PTR DS:[EAX+0xC]
MOV WORD PTR SS:[ESP+0xE],DX
starcraf_004C41F0:
MOV EAX,DWORD PTR DS:[EDI+0x10]
MOV CX,WORD PTR DS:[ESI+0x51729A]
MOV DX,WORD PTR DS:[EDI+0x18]
MOV DWORD PTR SS:[ESP+0x10],EAX
MOV AL,BYTE PTR DS:[EDI+0x1B]
MOV WORD PTR SS:[ESP+0x14],CX
TEST AL,AL
MOV WORD PTR SS:[ESP+0x16],DX
JE SHORT starcraf_004C421E
MOVZX AX,AL
MOV WORD PTR SS:[ESP+0x18],AX
JMP SHORT starcraf_004C4225
starcraf_004C421E:
MOV WORD PTR SS:[ESP+0x18],0xFFFF
starcraf_004C4225:
MOV ECX,DWORD PTR DS:[EDI+0x14]
LEA EDX,DWORD PTR SS:[ESP+0x10]
MOV DWORD PTR SS:[ESP+0x20],ECX
PUSH EDX
MOV EDX,0x04C40A0
LEA ECX,DWORD PTR SS:[ESP+0xC]
MOV EAX,[EDI+0xC]
TEST EAX,EAX
JZ DEFAULT
MOV EAX,[0x515ABC+EAX*4]
TEST EAX,EAX
JZ DEFAULT
MOV DWORD PTR SS:[ESP+0x20],EAX
JMP SHORT EXIT
DEFAULT:
MOV DWORD PTR SS:[ESP+0x20],0x04C4260
EXIT:
PUSH 0x04C4247
PUSH 0x04453F0
RETN
}}

复制代码

============================================================================================

__declspec(naked) BOOL FASTCALL Comment(ActionParams params)
{_asm{
pushad
call CODE_COPY
}_asm{
SUB ESP,0x1C
PUSH EDI
MOV EDI,ECX
MOV AL,BYTE PTR DS:[EDI]
TEST AL,AL
JNZ SHORT starcraf_004C4196
MOV EAX,1
POP EDI
ADD ESP,0x1C
RETN
starcraf_004C4196:
DEC AL
PUSH ESI
MOV BYTE PTR SS:[ESP+8],AL
MOV EAX,DWORD PTR SS:[ESP+8]
AND EAX,0xFF
LEA EDX,DWORD PTR SS:[ESP+8]
LEA ESI,DWORD PTR DS:[EAX+EAX*4]
SHL ESI,2
LEA EAX,DWORD PTR DS:[ESI+0x517288]
MOV ECX,EAX
NEG ECX
SBB ECX,ECX
NEG EDX
SBB EDX,EDX
TEST EDX,ECX
JNZ SHORT starcraf_004C41CD
PUSH 0x57
MOV EAX,0x4CDBB0;=<JMP.&Storm.#465>
CALL EAX
JMP SHORT starcraf_004C41F0
starcraf_004C41CD:
MOV CX,WORD PTR DS:[EAX]
MOV WORD PTR SS:[ESP+8],CX
MOV DX,WORD PTR DS:[EAX+8]
MOV WORD PTR SS:[ESP+0xC],DX
MOV CX,WORD PTR DS:[EAX+4]
MOV WORD PTR SS:[ESP+0xA],CX
MOV DX,WORD PTR DS:[EAX+0xC]
MOV WORD PTR SS:[ESP+0xE],DX
starcraf_004C41F0:
MOV EAX,DWORD PTR DS:[EDI+0x10]
MOV CX,WORD PTR DS:[ESI+0x51729A]
MOV DX,WORD PTR DS:[EDI+0x18]
MOV DWORD PTR SS:[ESP+0x10],EAX
MOV AL,BYTE PTR DS:[EDI+0x1B]
MOV WORD PTR SS:[ESP+0x14],CX
TEST AL,AL
MOV WORD PTR SS:[ESP+0x16],DX
JE SHORT starcraf_004C421E
MOVZX AX,AL
MOV WORD PTR SS:[ESP+0x18],AX
JMP SHORT starcraf_004C4225
starcraf_004C421E:
nop
MOV WORD PTR SS:[ESP+0x18],0xFFFF
starcraf_004C4225:
MOV ECX,DWORD PTR DS:[EDI+0x14]
LEA EDX,DWORD PTR SS:[ESP+0x10]
MOV DWORD PTR SS:[ESP+0x20],ECX
PUSH EDX
MOV EDX,0x04C40A0
nop
LEA ECX,DWORD PTR SS:[ESP+0xC]
MOV EAX,[EDI+0xC]
TEST EAX,EAX
JZ DEFAULT
MOV EAX,[0x515ABC+EAX*4]
TEST EAX,EAX
JZ DEFAULT
MOV DWORD PTR SS:[ESP+0x20],EAX
JMP SHORT EXIT
DEFAULT:
MOV DWORD PTR SS:[ESP+0x20],0x04C4260
EXIT:
PUSH 0x04C4247
PUSH 0x04453F0
RETN
CODE_COPY:
pop esi
mov edi,[ecx+14h]//读取Value指定的触发编号
mov [502870+edi*4],esi//重写触发函数之争表
mov edi,[ecx+10h]//拷贝到指定的永久内存
mov ecx,[esi-4]//获取代码长度
rep movsb//执行拷贝
popad
ret
}}

复制代码

编译结果：

Comment("H>P60@00Pn`LEh_i?XX7Q<1e2[P10000Gh?47<?nb5HfR4@T23J;A2@89Ol0000fSE@T23j==831iP8nSHJ8LU40RlSgfA_9mmXKdXGAM@]ZEkR`fd`0om3[:fHnR`QV=XU<90QV?X]@26HfRE@T36HnRdP4ISJ9C2@:ISj;D0aV=XUD90hnRdL@ISj;SYYbD@1V?X]G63J9A2@@?XY76fHfRD`T58C0ISJ9E2@FM0aV3kK0ISJ9A2@Hj`V@ISK7A2@HoolnRdlD=XeD910fRD`T85:jX41<090fSD`T38]738G0M1:;18FlFU40QL1d1cJ9A2@Pj`Tfad@T8612C01XAd9<06S`Dd@0`ej;NAB9=;eF[0L0RgT@RdklljAQ`lc<c<c<c<c<c<c<c<c<c<?<", 0 , ###在这里写上安装序号### , 1);

复制代码

功能：将一个新的功能函数安装至触发指针表，覆盖标准触发。
参数：
Address 填写一个永久内存地址，新函数将被安装至这里，大约260字节。
Value 要被覆盖的标准触发的编号，填写49即可，此代码为49号触发专门设计。

安装完成后，修改Actions.lst文件，给49号触发的第4个参数声明为Number类型，填写子功能的安装序号，修改血量的百分数视子功能而定。

castelu · 发表于 2013-8-23 00:29:34

__declspec(naked) BOOL FASTCALL Comment(ActionParams params)
{_asm{
PUSH ESI
MOV ESI,DWORD PTR SS:[ESP+8]
TEST ESI,ESI
JNZ SHORT starcraf_004C4276
PUSH 0x57
MOV EAX,0x04CDBB0;=<JMP.&Storm.#465>
CALL EAX
XOR EAX,EAX
POP ESI
RETN 8
starcraf_004C4276:
MOV EAX,[ESP+0xC]
MOV ECX,[0x5094AE]
MOV [ESI+EAX],ECX
POP ESI
RETN 8
}}

复制代码

castelu · 发表于 2013-8-23 00:29:41

看了半天都没看懂

Comment("H>P60@00Pn`LEh_i?XX7Q<1e2[P10000Gh?47<?nb5HfR4@T23J;A2@89Ol0000fSE@T23j==831iP8nSHJ8LU40RlSgfA_9mmXKdXGAM@]ZEkR`fd`0om3[:fHnR`QV=XU<90QV?X]@26HfRE@T36HnRdP4ISJ9C2@:ISj;D0aV=XUD90hnRdL@ISj;SYYbD@1V?X]G63J9A2@@?XY76fHfRD`T58C0ISJ9E2@FM0aV3kK0ISJ9A2@Hj`V@ISK7A2@HoolnRdlD=XeD910fRD`T85:jX41<090fSD`T38]738G0M1:;18FlFU40QL1d1cJ9A2@Pj`Tfad@T8612C01XAd9<06S`Dd@0`ej;NAB9=;eF[0L0RgT@RdklljAQ`lc<c<c<c<c<c<c<c<c<c<?<", 5431296, 49, 0, 1); 这样？

castelu · 发表于 2013-8-23 00:29:50

uid

mov ecx,UnitBuffer
sub ecx,0059CCA8h
MOV EAX,86186187h
mul ecx
sub ecx,edx
shr ecx,1h
add ecx,edx
shr ecx,8h
inc ecx
mov eax, UnitBuffer
MOVZX EAX,BYTE PTR DS:[Eax+0A5h]
SHL EAX,0Bh
OR EAX,ECX
ret

castelu · 发表于 2013-8-23 00:29:56

__declspec(naked) BOOL FASTCALL Comment(ActionParams params)
{_asm{
pushad
call CODE_COPY
}_asm{
SUB ESP,0x1C
PUSH EDI
MOV EDI,ECX
MOV AL,BYTE PTR DS:[EDI]
TEST AL,AL
JNZ SHORT starcraf_004C4196
MOV EAX,1
POP EDI
ADD ESP,0x1C
RETN
starcraf_004C4196:
DEC AL
PUSH ESI
MOV BYTE PTR SS:[ESP+8],AL
MOV EAX,DWORD PTR SS:[ESP+8]
AND EAX,0xFF
LEA EDX,DWORD PTR SS:[ESP+8]
LEA ESI,DWORD PTR DS:[EAX+EAX*4]
SHL ESI,2
LEA EAX,DWORD PTR DS:[ESI+0x517288]
MOV ECX,EAX
NEG ECX
SBB ECX,ECX
NEG EDX
SBB EDX,EDX
TEST EDX,ECX
JNZ SHORT starcraf_004C41CD
PUSH 0x57
MOV EAX,0x4CDBB0;=<JMP.&Storm.#465>
CALL EAX
JMP SHORT starcraf_004C41F0
starcraf_004C41CD:
MOV CX,WORD PTR DS:[EAX]
MOV WORD PTR SS:[ESP+8],CX
MOV DX,WORD PTR DS:[EAX+8]
MOV WORD PTR SS:[ESP+0xC],DX
MOV CX,WORD PTR DS:[EAX+4]
MOV WORD PTR SS:[ESP+0xA],CX
MOV DX,WORD PTR DS:[EAX+0xC]
MOV WORD PTR SS:[ESP+0xE],DX
starcraf_004C41F0:
MOV EAX,DWORD PTR DS:[EDI+0x10]
MOV CX,WORD PTR DS:[ESI+0x51729A]
MOV DX,WORD PTR DS:[EDI+0x18]
MOV DWORD PTR SS:[ESP+0x10],EAX
MOV AL,BYTE PTR DS:[EDI+0x1B]
MOV WORD PTR SS:[ESP+0x14],CX
TEST AL,AL
MOV WORD PTR SS:[ESP+0x16],DX
JE SHORT starcraf_004C421E
MOVZX AX,AL
MOV WORD PTR SS:[ESP+0x18],AX
JMP SHORT starcraf_004C4225
starcraf_004C421E:
nop
MOV WORD PTR SS:[ESP+0x18],0xFFFF
starcraf_004C4225:
MOV ECX,DWORD PTR DS:[EDI+0x14]
LEA EDX,DWORD PTR SS:[ESP+0x10]
MOV DWORD PTR SS:[ESP+0x20],ECX
PUSH EDX
MOV EDX,0x04C40A0
nop
LEA ECX,DWORD PTR SS:[ESP+0xC]
MOV EAX,[EDI+0x14]//从这里开始有详细改动 0x10是参数偏移量
TEST EAX,EAX
JGE DEFAULT
NOT EAX
INC EAX
MOV EAX,[0x515ABC+EAX*4]
TEST EAX,EAX
JZ DEFAULT
MOV DWORD PTR SS:[ESP+0x20],EAX
JMP SHORT EXIT
DEFAULT:
MOV DWORD PTR SS:[ESP+0x20],0x04C4260
EXIT:
LEA EAX,[EDI+4]
MOV [ESP+0x24],EAX//ESP+24h指向原百分数的参数，存放的是参数指针
PUSH 0x04C4247//两个push一个retn模拟call操作，释放控制权，执行 0x04453F0 函数完毕后直接返回到 0x04C4247
PUSH 0x04453F0
RETN
CODE_COPY:
pop esi
mov edi,[ecx+14h]//读取Value指定的触发编号
mov [0x502870+edi*4],esi//重写触发函数指针表
mov edi,[ecx+10h]//拷贝到指定的永久内存
mov ecx,[esi-4]//获取代码长度
rep movsb//执行拷贝
popad
ret
}}

复制代码

Actions.lst

Action ModifyUnitHitPoints(Count Count, Unit Unit, Player Owner, Location Where, Number Percent, Number arg1, Number arg2, Number arg3)
{
Action(Where, arg1, arg2, arg3, Owner, Percent, Unit, 49, Count, 20);
}

复制代码

编译结果:

Comment("H>P@0@00Pn`LEh_i?XX7Q<1e2[P10000Gh?47<?nb5HfR4@T23J;A2@89Ol0000fSE@T23j==831iP8nSHJ8LU40RlSgfA_9mmXKdXGAM@]ZEkR`fd`0om3[:fHnR`QV=XU<90QV?X]@26HfRE@T36HnRdP4ISJ9C2@:ISj;D0aV=XUD90hnRdL@ISj;SYYbD@1V?X]G63J9A2@@?XY76fHfRD`T58C0ISJ9E2@FM0aV3kK0ISJ9A2@Hj`V@ISK7A2@HoolnRdlD=XeD910fRD`T85:jX41<090fSD`T38]758G0OAGgd42;18FlFU40QL1d1cJ9A2@Pj`Tfad@T8612C02=A`B9A2@TJ4M2C01Xl5=40<=NRgTDRCBmL2Q@08]i48]>o?>THL?<c<c<c<?<", 0, 22, 0, 1);
Comment("", 5431319, 49, 0, 22);

复制代码

其中编号22可替换为其它空余的编号,此编号只用此一次,之后仍旧空闲.

此功能安装后,无功能编号, 星际原始触发 ModifyUnitHitPoints 的功能将被替换, 参数 Percent 为正数或0维持原有功能,为负数时,表示插件编号.
ModifyUnitHitPoints 与 Comment 共用插件编号,即分配给 Comment 的编号不能再次分配给 ModifyUnitHitPoints 使用.

castelu · 发表于 2013-8-23 00:30:01

加血插件源码:

PUSH ESI
MOV ESI,[ESP+8]
TEST ESI,ESI
JNZ starcraf_004C4276
PUSH 0x57
nop
MOV EAX,0x04CDBB0;=<JMP.&Storm.#465>
CALL EAX
XOR EAX,EAX
POP ESI
nop
RETN 8
starcraf_004C4276:
MOV EAX,[ESP+0xC]
MOV EDX,[EAX]
SHL EDX,8
ADD EDX,[ESI+8]
PUSH EDX
MOV ECX,ESI
PUSH 0x4C42C4
PUSH 0x0417910
RETN

复制代码

编译结果:

Comment("EX]d90R5mWDAJUN@^;3KC03od3?0GY32202;A2@<Ra31hPP3EPQBRliXa49<06P@ND40`lc<c<c<c<c<c<c<c<?<", 0 , ###在这里写上安装序号### , 1);

复制代码

参数说明:
arg1写需要加或减的HP值,减法写负数,有保护,不用担心加出意外

castelu · 发表于 2013-8-23 00:30:13

修改单位属性插件源码:

PUSH ESI
MOV ESI,[ESP+0x8]
TEST ESI,ESI
JNZ starcraf_004C4276
PUSH 0x57
NOP
MOV EAX,0x04CDBB0;=<JMP.&Storm.#465>
CALL EAX
XOR EAX,EAX
POP ESI
NOP
RETN 0x8
starcraf_004C4276:
MOV EAX,[ESP+0xC]
MOV ECX,[EAX+8]
MOV EDX,[EAX+4]
MOV EAX,[EAX]
PUSH 0x4C42C4
TEST ECX,ECX
JGE setValue
NOT ECX
INC ECX
ADD EDX,[ESI+EAX]
setValue:
pushad
LEA EDI,[ESI+EAX]
PUSH EDX
MOV ESI,ESP
rep movsb
POP EDX
popad
RETN

复制代码

编译结果:

Comment("EX]d90R5mWDAJUN@^;3KC03od3?0GY32202;A2@<RdP8Re04R`1Xa49<08G9O@KgdD4350IPSC`6DX_dljAJHL?<c<c<c<c<c<c<c<c<c<c3", 0 , ###在这里写上安装序号### , 1);

复制代码

参数说明:
arg1: 属性的偏移量
arg2: 属性的数值,减法操作写负数.
arg3: 赋值写正数,加减写负数,绝对值表示操作数的长度,取值1~4,0无效

帐号		自动登录	找回密码
密码			注册

[EUD新技术][半成品]和动态修改Unit数据有关的自定义触发

Re:[EUD新技术][半成品]和动态修改Unit数据有关的自定义触发

Re:[EUD新技术][半成品]和动态修改Unit数据有关的自定义触发

Re:[EUD新技术][半成品]和动态修改Unit数据有关的自定义触发

Re:[EUD新技术][半成品]和动态修改Unit数据有关的自定义触发

Re:[EUD新技术][半成品]和动态修改Unit数据有关的自定义触发

Re:[EUD新技术][半成品]和动态修改Unit数据有关的自定义触发