找回密码
 加入科信
查看: 1033|回复: 0

封最新暗杀的M2修改方法

[复制链接]
①辈子⒈懠赱 发表于 2012-2-28 13:29:33 | 显示全部楼层 |阅读模式
封最新暗杀的M2修改方法

就对我们常见的挖地暗杀而言,其实也是M2的一个小bug:

:004DB7E0 55           push ebp
:004DB7E1 8BEC          mov ebp, esp
:004DB7E3 83C4EC         add esp, FFFFFFEC
:004DB7E6 894DF4         mov dword ptr [ebp-0C], ecx
:004DB7E9 8955F8         mov dword ptr [ebp-08], edx
:004DB7EC 8945FC         mov dword ptr [ebp-04], eax
:004DB7EF 8B45F4         mov eax, dword ptr [ebp-0C]
:004DB7F2 8B55FC         mov edx, dword ptr [ebp-04]
:004DB7F5 2B4224         sub eax, dword ptr [edx+24]
:004DB7F8 99           cdq
:004DB7F9 33C2          xor eax, edx
:004DB7FB 2BC2          sub eax, edx
:004DB7FD 83F802         cmp eax, 00000002        挖的目标与玩家的坐标距离X>2?
:004DB800 0F8F56010000      jg 004DB95C          
:004DB806 8B450C         mov eax, dword ptr [ebp+0C]
:004DB809 8B55FC         mov edx, dword ptr [ebp-04]
:004DB80C 2B4228         sub eax, dword ptr [edx+28]
:004DB80F 99           cdq
:004DB810 33C2          xor eax, edx
:004DB812 2BC2          sub eax, edx
:004DB814 83F802         cmp eax, 00000002        挖的目标与玩家的坐标距离Y>2?
:004DB817 0F8F3F010000      jg 004DB95C
:004DB81D 6A02          push 00000002
:004DB81F 8B45F8         mov eax, dword ptr [ebp-08]
:004DB822 50           push eax
:004DB823 8B4D0C         mov ecx, dword ptr [ebp+0C]
:004DB826 8B55F4         mov edx, dword ptr [ebp-0C]
:004DB829 8B45FC         mov eax, dword ptr [ebp-04]
:004DB82C 8B80F8020000      mov eax, dword ptr [eax+000002F8] ;envir
:004DB832 E805A2FDFF       call 004B5A3C
:004DB837 84C0          test al, al
:004DB839 0F8414010000      je 004DB953
:004DB83F 8B45F8         mov eax, dword ptr [ebp-08]
:004DB842 80B80403000000     cmp byte ptr [eax+00000304], 00
:004DB849 0F8404010000      je 004DB953
:004DB84F 8B45F8         mov eax, dword ptr [ebp-08]
:004DB852 80B8C202000000     cmp byte ptr [eax+000002C2], 00
:004DB859 0F85F4000000      jne 004DB953
:004DB85F 8B45F8         mov eax, dword ptr [ebp-08]
:004DB862 80B8BB02000000     cmp byte ptr [eax+000002BB], 00
:004DB869 0F84E4000000      je 004DB953

.....................
M2的BUG在于,无效的挖地动作也发给其他的玩家,由于挖地动作的延时比较大
大量的封包就会造成其他玩家的客户端不能及时反映,而使用外挂的玩家却过滤了这些封包...

:004DB95C 8B45FC         mov eax, dword ptr [ebp-04]
:004DB95F 8B4024         mov eax, dword ptr [eax+24]
:004DB962 50           push eax
:004DB963 8B45FC         mov eax, dword ptr [ebp-04]
:004DB966 8B4028         mov eax, dword ptr [eax+28]
:004DB969 50           push eax
:004DB96A 6A00          push 00000000
:004DB96C 6A00          push 00000000
:004DB96E 8B45FC         mov eax, dword ptr [ebp-04]
:004DB971 33C9          xor ecx, ecx
:004DB973 8A482C         mov cl, byte ptr [eax+2C]
:004DB976 66BA8727        mov dx, 2787 挖地的动作
:004DB97A 8B45FC         mov eax, dword ptr [ebp-04]
:004DB97D E83AD5FDFF       call 004B8EBC
直接跳到这里,就不发送无效的动作了。
:004DB982 8BE5          mov esp, ebp
:004DB984 5D           pop ebp
:004DB985 C20800         ret 0008

查找:
0F8F560100008B450C8B55FC2B42289933C22BC283F8020F8F3F010000
替换
0F8F7C0100008B450C8B55FC2B42289933C22BC283F8020F8F65010000


试验天下,如果您要查看本帖隐藏内容请回复
您需要登录后才可以回帖 登录 | 加入科信

本版积分规则

关闭

站长推荐上一条 /1 下一条

Archiver|手机版|小黑屋|科信联众网

GMT+8, 2024-11-23 05:03 , Processed in 0.140625 second(s), 27 queries .

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表