【反汇编练习】《破天一剑》服务端：BOSS篇【2】(火刀)

May 26, 2015 · 2 min read · deassembly pcik boss game MIGRATED ·

该文章根据 CC-BY-4.0 协议发表，转载请遵循该协议。
本文地址：https://fenying.net/post/2015/05/26/deassembly-in-pcik-server-for-boss-huodao/

一次逆向练手记录。

火刀的源代码已经大概复原。先看看汇编代码，

 1boss_call_huodao proc near        ; CODE XREF: boss_caller+D3p
 2
 3var1        = byte ptr -4
 4
 5        push    ecx
 6        push    ebx
 7        push    ebp
 8        push    esi
 9        push    edi
10        mov     edi, MON_HASH_CODE_HUODAO_S_KULOU ; 刷火刀时会先爆各种骷髅
11        mov     ebp, 3B9D59Fh
12        mov     ebx, 674B78h    ; 小怪和火刀的ID、坐标等
13
14on_creating_monster:            ; CODE XREF: boss_call_huodao+9Fj
15        mov     eax, [ebx-8]
16        push    eax
17        mov     dword ptr [esp+18h+var1], eax ;    此处参数1被当成一个临时变量用了。
18        call    monster_get_info_by_id
19        mov     esi, eax
20        mov     eax, dword ptr [esp+18h+var1]
21        add     esp, 4
22        test    esi, esi
23        jnz     short on_found_monster
24        push    eax        ; Monster id
25        push    offset aMonsterPutEr_5 ; "Monster put error #1 : %d"
26        call    log_write
27        add     esp, 8
28        jmp     short loc_41A116
29; ---------------------------------------------------------------------------
30
31on_found_monster:            ; CODE XREF: boss_call_huodao+2Cj
32        mov     ecx, [esi+Monster_Info.moveSpeed]
33        mov     edx, [esi+Monster_Info.unknown10]
34        push    0
35        push    ecx
36        push    2
37        push    0
38        push    2
39        push    edx
40        push    eax
41        push    edi
42        call    monster_call
43                    ; 假如用GS修改工具7.3修改过，取消了爆骷髅X小怪，那么这里是
44                    ; jmp 004ca900h
45                    ; 这段地址IDA无法识别，此处给出真实代码：
46                    ; 004ca900   cmp eax, 18h    ; 18h 即火刀ID 24
47                    ; 004ca903   je    004ca90ah
48                    ; 004ca905   jmp loc_41A0D5
49                    ; 004ca90a   call monster_call
50                    ; 004ca90f   jmp loc_41A0D5
51
52loc_41A0D5:
53        mov     ecx, [ebx]
54        mov     edx, [ebx-4]
55        push    ecx
56        push    edx
57        push    edi
58        call    monster_pos_set
59        mov     eax, [esi+Monster_Info.unknown14]
60        mov     ecx, [esi+Monster_Info.defense]
61        mov     edx, [esi+Monster_Info.hp]
62        push    0
63        push    eax
64        push    ecx
65        push    edx
66        push    edi
67        call    monster_set_basic_info
68        add     esp, 40h
69        mov     byte ptr [ebp-496h], 0
70        mov     byte ptr [ebp+0], 0
71        mov     word ptr [ebp-48Dh], 0
72        add     edi, 1
73        add     ebp, 725h
74
75loc_41A116:                ; CODE XREF: boss_call_huodao+3Cj
76        add     ebx, 0Ch
77        cmp     ebx, BOSS_TIME_CHUAN
78        jl      on_creating_monster
79        pop     edi
80        pop     esi
81        pop     ebp
82        mov     dword ptr ds:8210430h, 0
83        pop     ebx
84        pop     ecx
85        retn
86boss_call_huodao endp