Fenying

Angus’ Home.


26 May 2015

【反汇编练习】《破天一剑》服务端:BOSS篇【2】(火刀)

该文章迁移自作者的旧博客站点。
源地址:http://fenying.blog.163.com/blog/static/102055993201542575410843/

一次逆向练手记录。

火刀的源代码已经大概复原。先看看汇编代码,

boss_call_huodao proc near        ; CODE XREF: boss_caller+D3p

var1        = byte ptr -4

        push    ecx
        push    ebx
        push    ebp
        push    esi
        push    edi
        mov     edi, MON_HASH_CODE_HUODAO_S_KULOU ; 刷火刀时会先爆各种骷髅
        mov     ebp, 3B9D59Fh
        mov     ebx, 674B78h    ; 小怪和火刀的ID、坐标等

on_creating_monster:            ; CODE XREF: boss_call_huodao+9Fj
        mov     eax, [ebx-8]
        push    eax
        mov     dword ptr [esp+18h+var1], eax ;    此处参数1被当成一个临时变量用了。
        call    monster_get_info_by_id
        mov     esi, eax
        mov     eax, dword ptr [esp+18h+var1]
        add     esp, 4
        test    esi, esi
        jnz     short on_found_monster
        push    eax        ; Monster id
        push    offset aMonsterPutEr_5 ; "Monster put error #1 : %d"
        call    log_write
        add     esp, 8
        jmp     short loc_41A116
; ---------------------------------------------------------------------------

on_found_monster:            ; CODE XREF: boss_call_huodao+2Cj
        mov     ecx, [esi+Monster_Info.moveSpeed]
        mov     edx, [esi+Monster_Info.unknown10]
        push    0
        push    ecx
        push    2
        push    0
        push    2
        push    edx
        push    eax
        push    edi
        call    monster_call
                    ; 假如用GS修改工具7.3修改过,取消了爆骷髅X小怪,那么这里是
                    ; jmp 004ca900h
                    ; 这段地址IDA无法识别,此处给出真实代码:
                    ; 004ca900   cmp eax, 18h    ; 18h 即火刀ID 24
                    ; 004ca903   je    004ca90ah
                    ; 004ca905   jmp loc_41A0D5
                    ; 004ca90a   call monster_call
                    ; 004ca90f   jmp loc_41A0D5

loc_41A0D5:
        mov     ecx, [ebx]
        mov     edx, [ebx-4]
        push    ecx
        push    edx
        push    edi
        call    monster_pos_set
        mov     eax, [esi+Monster_Info.unknown14]
        mov     ecx, [esi+Monster_Info.defense]
        mov     edx, [esi+Monster_Info.hp]
        push    0
        push    eax
        push    ecx
        push    edx
        push    edi
        call    monster_set_basic_info
        add     esp, 40h
        mov     byte ptr [ebp-496h], 0
        mov     byte ptr [ebp+0], 0
        mov     word ptr [ebp-48Dh], 0
        add     edi, 1
        add     ebp, 725h

loc_41A116:                ; CODE XREF: boss_call_huodao+3Cj
        add     ebx, 0Ch
        cmp     ebx, BOSS_TIME_CHUAN
        jl      on_creating_monster
        pop     edi
        pop     esi
        pop     ebp
        mov     dword ptr ds:8210430h, 0
        pop     ebx
        pop     ecx
        retn
boss_call_huodao endp
该文章根据 CC-BY-4.0 协议发表,转载请遵循该协议。
本文地址:https://fenying.net/post/2015/05/26/deassembly-in-pcik-server-for-boss-huodao/

comments powered by Disqus