CF一些功能基址特征码开源：全屏飞刀、飞天、玩家数组

Fail · 发表于 2020-12-21 21:18:05

团队竞技2 爆破模式1 个人竞技4 多人生化模式14 多人团队竞技 51 战略爆破53 全能枪王个人竞技36 全能枪王团队模式40
新图浮点无后座关键代码 F3 0F 11 45 E0 F3 0F 11 45 F4
cshell.dll+3E76D1 - 83 BB 34060000 00 - cmp dword ptr [ebx+00000634],00 { 0 }
cshell.dll+3E76D8 - F3 0F58 15 E47CCB20 - addss xmm2,[cshell.dll+1387CE4] { (0.15) } [cshell.dll+1387CE4]=0就是无后座
cshell.dll+3E76E0 - F3 0F10 8C BE 54130000 - movss xmm1,[esi+edi*4+00001354]
cshell.dll+3E76E9 - F3 0F59 CA - mulss xmm1,xmm2
cshell.dll+3E76ED - F3 0F59 0D F85CF220 - mulss xmm1,[cshell.dll+15F5CF8] { (-1.00) } [cshell.dll+1387CE4]=0就是无后座
cshell.dll+3E76F5 - F3 0F11 4D FC - movss [ebp-04],xmm1
cshell.dll+3E76FA - F3 0F10 84 BE 18130000 - movss xmm0,[esi+edi*4+00001318]
cshell.dll+3E7703 - F3 0F59 C2 - mulss xmm0,xmm2
cshell.dll+3E7707 - C7 45 F8 00000000 - mov [ebp-08],00000000 { 0 }
cshell.dll+3E770E - F3 0F11 4D F0 - movss [ebp-10],xmm1
cshell.dll+3E7713 - F3 0F59 05 F85CF220 - mulss xmm0,[cshell.dll+15F5CF8] { (-1.00) }
cshell.dll+3E771B - F3 0F11 45 E0 - movss [ebp-20],xmm0
cshell.dll+3E7720 - F3 0F11 45 F4 - movss [ebp-0C],xmm0 无痕hook点
cshell.dll+3E7725 - 74 2F - je cshell.dll+3E7756
cshell.dll+3E7727 - 8B CB - mov ecx,ebx
旧图浮点无后座关键代码 F3 0F 59 C2 F3 0F 59 CA F3 0F 59 05
cshell.dll+B5C5EB - F3 0F59 C2 - mulss xmm0,xmm2
cshell.dll+B5C5EF - F3 0F59 CA - mulss xmm1,xmm2
cshell.dll+B5C5F3 - F3 0F59 05 F85CF220 - mulss xmm0,[cshell.dll+15F5CF8] { (-1.00) }
cshell.dll+B5C5FB - F3 0F59 0D F85CF220 - mulss xmm1,[cshell.dll+15F5CF8] { (-1.00) }
cshell.dll+B5C603 - F3 0F11 45 E0 - movss [ebp-20],xmm0
cshell.dll+B5C608 - F3 0F11 45 F8 - movss [ebp-08],xmm0
cshell.dll+B5C60D - 0F57 C0 - xorps xmm0,xmm0
cshell.dll+B5C610 - F3 0F11 45 E4 - movss [ebp-1C],xmm0
cshell.dll+B5C615 - F3 0F11 45 FC - movss [ebp-04],xmm0
cshell.dll+B5C61A - 0F28 C1 - movaps xmm0,xmm1
cshell.dll+B5C61D - F3 0F11 4D F0 - movss [ebp-10],xmm1
cshell.dll+B5C622 - F3 0F11 45 F4 - movss [ebp-0C],xmm0 无痕hook点
静默自瞄 8B 01 F3 0F 11 44 24 08 F3 0F 11 54 24 04 F3 0F 11 0C 24 52 FF 50 20 33 DB 33 C9
cshell.dll+B60925 - 8B 0D A08F2721 - mov ecx,[cshell.dll+1948FA0] { (00839FB4) }
cshell.dll+B6092B - 83 EC 0C - sub esp,0C { 12 }
cshell.dll+B6092E - 0F28 C8 - movaps xmm1,xmm0
cshell.dll+B60931 - F3 0F10 87 DC050000 - movss xmm0,[edi+000005DC]
cshell.dll+B60939 - F3 0F58 8F C8050000 - addss xmm1,[edi+000005C8]
cshell.dll+B60941 - 8B 01 - mov eax,[ecx]
cshell.dll+B60943 - F3 0F11 44 24 08 - movss [esp+08],xmm0
cshell.dll+B60949 - F3 0F11 54 24 04 - movss [esp+04],xmm2 无痕hook点 eip+11
cshell.dll+B6094F - F3 0F11 0C 24 - movss [esp],xmm1
cshell.dll+B60954 - 52 - push edx
cshell.dll+B60955 - FF 50 20 - call dword ptr [eax+20]
cshell.dll+B60958 - 33 DB - xor ebx,ebx
cshell.dll+B6095A - 33 C9 - xor ecx,ecx
静默自瞄2 8B 01 F3 0F 11 44 24 08 F3 0F 11 54 24 04 F3 0F 11 0C 24 52 FF 50 20 33 DB 33 C9
cshell.dll+3EBE9F - 8B 0D A08F2721 - mov ecx,[cshell.dll+1948FA0] { (00839FB4) }
cshell.dll+3EBEA5 - 83 EC 0C - sub esp,0C { 12 }
cshell.dll+3EBEA8 - 0F28 C8 - movaps xmm1,xmm0
cshell.dll+3EBEAB - F3 0F10 87 3C0E0000 - movss xmm0,[edi+00000E3C]
cshell.dll+3EBEB3 - F3 0F58 8F 280E0000 - addss xmm1,[edi+00000E28]
cshell.dll+3EBEBB - 8B 01 - mov eax,[ecx]
cshell.dll+3EBEBD - F3 0F11 44 24 08 - movss [esp+08],xmm0
cshell.dll+3EBEC3 - F3 0F11 54 24 04 - movss [esp+04],xmm2 无痕hook点 eip+11
cshell.dll+3EBEC9 - F3 0F11 0C 24 - movss [esp],xmm1
cshell.dll+3EBECE - 52 - push edx
cshell.dll+3EBECF - FF 50 20 - call dword ptr [eax+20]
cshell.dll+3EBED2 - 33 DB - xor ebx,ebx
cshell.dll+3EBED4 - 33 C9 - xor ecx,ecx
cshell.dll+3EBED6 - 85 C9 - test ecx,ecx
判断是否是窗口化
cshell.dll+5A76CA - 8D 48 40 - lea ecx,[eax+40]
cshell.dll+5A76CD - A1 90314A1B - mov eax,[cshell.dll+2013190] { (1) } //0是全屏，1是窗口化，2是无边框窗口
cshell.dll+5A76D2 - 3B 01 - cmp eax,[ecx]
cshell.dll+5A76D4 - 74 14 - je cshell.dll+5A76EA
cshell.dll+5A76D6 - C6 86 A1290000 01 - mov byte ptr [esi+000029A1],01 { 1 }
cshell.dll+5A76DD - FF 31 - push [ecx]
cshell.dll+5A76DF - 8D 8E 8C1F0000 - lea ecx,[esi+00001F8C]
cshell.dll+5A76E5 - E8 96D30000 - call cshell.dll+5B4A80
cshell.dll+5A76EA - 6A 00 - push 00 { 0 }
Hook游戏代码 85 C0 74 * C6 05 * * * * * 8B 00 50 8B 08 FF 91 ?? ?? ?? ?? 85 C0
push eax //这里的eax就是我们要的D3D设备指针
crossfire.exe+145FC7 - 85 C0 - test eax,eax
crossfire.exe+145FC9 - 74 1A - je crossfire.exe+145FE5
crossfire.exe+145FCB - C6 05 24748600 00 - mov byte ptr [crossfire.exe+467424],00 { (0),0 }
crossfire.exe+145FD2 - 8B 00 - mov eax,[eax] //无痕HOOK点
crossfire.exe+145FD4 - 50 - push eax
crossfire.exe+145FD5 - 8B 08 - mov ecx,[eax]
crossfire.exe+145FD7 - FF 91 A8000000 - call dword ptr [ecx+000000A8]
crossfire.exe+145FDD - 85 C0 - test eax,eax
crossfire.exe+145FDF - 0F94 45 F3 - sete byte ptr [ebp-0D]
crossfire.exe+145FE3 - EB 04 - jmp crossfire.exe+145FE9
crossfire.exe+145FE5 - C6 45 F3 00 - mov byte ptr [ebp-0D],00 { 0 }
crossfire.exe+145FE9 - 8D 4D EC - lea ecx,[ebp-14]
crossfire.exe+145FEC - E8 BF20FBFF - call crossfire.exe+F80B0
crossfire.exe+145FF1 - 8A 45 F3 - mov al,[ebp-0D]
d3d9.dll+646A7 新的DX HOOK 代码为了防追封，暂未测试 push esi是dx设备对象
d3d9.dll+646A5 - 51 - push ecx
d3d9.dll+646A6 - 6F - outsd
d3d9.dll+646A7 - E8 9C8C0100 - call d3d9.dll+7D348
d3d9.dll+646AC - 8B 7D 08 - mov edi,[ebp+08]
d3d9.dll+646AF - 8B DF - mov ebx,edi
d3d9.dll+646B1 - 8D 47 04 - lea eax,[edi+04]
d3d9.dll+646B4 - F7 DB - neg ebx
d3d9.dll+646B6 - 1B DB - sbb ebx,ebx
d3d9.dll+646B8 - 23 D8 - and ebx,eax
d3d9.dll+646BA - 89 5D E0 - mov [ebp-20],ebx
d3d9.dll+646BD - 33 F6 - xor esi,esi
d3d9.dll+646BF - 89 75 E4 - mov [ebp-1C],esi
d3d9.dll+646C2 - 39 73 18 - cmp [ebx+18],esi
d3d9.dll+646C5 - 75 73 - jne d3d9.dll+6473A
d3d9.dll+646C7 - 89 75 FC - mov [ebp-04],esi
d3d9.dll+646CA - F7 47 30 02000000 - test [edi+30],00000002 { 2 }
d3d9.dll+646D1 - 0F85 51790300 - jne d3d9.dll+9C028
d3d9.dll+646D7 - C6 45 FC 01 - mov byte ptr [ebp-04],01 { 1 }
d3d9.dll+646DB - 8B 87 002C0000 - mov eax,[edi+00002C00]
d3d9.dll+646E1 - A8 01 - test al,01 { 1 }
d3d9.dll+646E3 - 0F84 24790300 - je d3d9.dll+9C00D
准心基址（鼠标Y）上-1.539380431下1.539380431 有一级偏移
矩阵基址（搜索分辨率，矩阵就在附近）全分辨率支持也可以在这里做支持；
视角地址特征：CC CC CC CC CC CC CC 55 8B EC 83 EC 08 80 7D 0C 00 F3 0F 10 05 * * * * F3 0F 10 4D 08 57 8B F9 F3 0F
关键命令movss xmm0,[cshell.dll+200E77C] { (1.57) } //cshell.dll+200E77C
cshell.dll+974389 - CC - int 3
cshell.dll+97438A - CC - int 3
cshell.dll+97438B - CC - int 3
cshell.dll+97438C - CC - int 3
cshell.dll+97438D - CC - int 3
cshell.dll+97438E - CC - int 3
cshell.dll+97438F - CC - int 3
cshell.dll+974390 - 55 - push ebp
cshell.dll+974391 - 8B EC - mov ebp,esp
cshell.dll+974393 - 83 EC 08 - sub esp,08 { 8 }
cshell.dll+974396 - 80 7D 0C 00 - cmp byte ptr [ebp+0C],00 { 0 }
cshell.dll+97439A - F3 0F10 05 7CE71853 - movss xmm0,[cshell.dll+200E77C] { (1.57) }
cshell.dll+9743A2 - F3 0F10 4D 08 - movss xmm1,[ebp+08]
cshell.dll+9743A7 - 57 - push edi
cshell.dll+9743A8 - 8B F9 - mov edi,ecx
cshell.dll+9743AA - F3 0F11 45 F8 - movss [ebp-08],xmm0
模式基址特征：68 ?? ?? ?? ?? FF ?? ?? E8 ?? ?? ?? ?? 83 C4 ?? 8B ?? ?? 64 89 0D ?? ?? ?? ?? 59 5F 5E 5B 8B E5 5D C3 CC
关键命令push cshell.dll+1B18548 //cshell.dll+1B18548就是模式基址
cshell.dll+10FE74 - 68 48851419 - push cshell.dll+1B18548 { (2) }
cshell.dll+10FE79 - FF 70 04 - push [eax+04]
cshell.dll+10FE7C - E8 8F050000 - call cshell.dll+110410
cshell.dll+10FE81 - 83 C4 08 - add esp,08 { 8 }
cshell.dll+10FE84 - 8B 4D F4 - mov ecx,[ebp-0C]
cshell.dll+10FE87 - 64 89 0D 00000000 - mov fs:[00000000],ecx { 0 }
cshell.dll+10FE8E - 59 - pop ecx
cshell.dll+10FE8F - 5F - pop edi
cshell.dll+10FE90 - 5E - pop esi
cshell.dll+10FE91 - 5B - pop ebx
cshell.dll+10FE92 - 8B E5 - mov esp,ebp
cshell.dll+10FE94 - 5D - pop ebp
cshell.dll+10FE95 - C3 - ret
cshell.dll+10FE96 - CC - int 3
cshell.dll+10FE97 - CC - int 3
cshell.dll+10FE98 - CC - int 3
cshell.dll+10FE99 - CC - int 3
cshell.dll+10FE9A - CC - int 3
cshell.dll+10FE9B - CC - int 3
cshell.dll+10FE9C - CC - int 3
cshell.dll+10FE9D - CC - int 3
cshell.dll+10FE9E - CC - int 3
本人偏移（游戏中搜索玩家所在房间的位置，查找访问）
特征码 68 ?? ?? ?? ?? 8d b7 ?? ?? ?? ?? 6a ?? 56 e8 ?? ?? ?? ?? 68 ?? ?? ?? ?? 8d 87
关键命令mov byte ptr [edi+0000020C],-01 { 255 } //20C就是本人偏移了
cshell.dll+C38BF0 - 68 B0B30200 - push 0002B3B0 { 177072 }
cshell.dll+C38BF5 - 8D B7 10020000 - lea esi,[edi+00000210]
cshell.dll+C38BFB - 6A 00 - push 00 { 0 }
cshell.dll+C38BFD - 56 - push esi
cshell.dll+C38BFE - E8 BCE45800 - call cshell.dll+11C70BF { ->->VCRUNTIME140.memset }
cshell.dll+C38C03 - 68 10010000 - push 00000110 { 272 }
cshell.dll+C38C08 - 8D 87 C0B50200 - lea eax,[edi+0002B5C0]
cshell.dll+C38C0E - C6 87 0C020000 FF - mov byte ptr [edi+0000020C],-01 { 255 }
cshell.dll+C38C15 - 6A 00 - push 00 { 0 }
cshell.dll+C38C17 - 50 - push eax
cshell.dll+C38C18 - E8 A2E45800 - call cshell.dll+11C70BF { ->->VCRUNTIME140.memset }
cshell.dll+C38C1D - A1 0079AC52 - mov eax,[cshell.dll+1947900] { (" |Ko") }
cshell.dll+C38C22 - 83 C4 18 - add esp,18 { 24 }
cshell.dll+C38C25 - 85 C0 - test eax,eax
玩家数组和数组大小（搜索玩家0的名字，找到最下面的地址，查找访问得到如下代码）
特征码：8B 0D ?? ?? ?? ?? 33 F6 E8 ?? ?? ?? ?? 85 C0 7E ?? 69 C6 ?? ?? ?? ?? 8D 4F ?? 03 C8
数组地址：mov ecx,[cshell.dll+201313C] //cshell.dll+201313C
数组大小：imul eax,esi,00000D90
人物数据：lea ecx,[edi+06] //06是名字偏移，edi-数组地址=人物数据
cshell.dll+4FC12F - 8B 0D 3C311953 - mov ecx,[cshell.dll+201313C] { (53196600) }
cshell.dll+4FC135 - 33 F6 - xor esi,esi
cshell.dll+4FC137 - E8 048C7300 - call cshell.dll+C34D40
cshell.dll+4FC13C - 85 C0 - test eax,eax
cshell.dll+4FC13E - 7E 55 - jle cshell.dll+4FC195
cshell.dll+4FC140 - 69 C6 900D0000 - imul eax,esi,00000D90 { 3472 }
cshell.dll+4FC146 - 8D 4F 06 - lea ecx,[edi+06]
cshell.dll+4FC149 - 03 C8 - add ecx,eax
cshell.dll+4FC14B - 8B 85 A0FCFFFF - mov eax,[ebp-00000360]
cshell.dll+4FC151 - 8A 10 - mov dl,[eax]
cshell.dll+4FC153 - 3A 11 - cmp dl,[ecx]
cshell.dll+4FC155 - 75 1A - jne cshell.dll+4FC171
cshell.dll+4FC157 - 84 D2 - test dl,dl
cshell.dll+4FC159 - 74 12 - je cshell.dll+4FC16D
cshell.dll+4FC15B - 8A 50 01 - mov dl,[eax+01]
cshell.dll+4FC15E - 3A 51 01 - cmp dl,[ecx+01]
cshell.dll+4FC161 - 75 0E - jne cshell.dll+4FC171
cshell.dll+4FC163 - 83 C0 02 - add eax,02 { 2 }
cshell.dll+4FC166 - 83 C1 02 - add ecx,02 { 2 }
cshell.dll+4FC169 - 84 D2 - test dl,dl
不掉血特征码：5F 5E 5D C2 0C 00 80 BF ?? ?? ?? ?? 00 0F 84 ?? ?? ?? ?? 83 BF
cmp 等于0就掉血，不等于就不掉血 cmp byte ptr [edi+000001A0],00
cshell.dll+12327EF - F3 0F58 C1 - addss xmm0,xmm1
cshell.dll+12327F3 - F3 0F11 87 C8020000 - movss [edi+000002C8],xmm0
cshell.dll+12327FB - 5F - pop edi
cshell.dll+12327FC - 5E - pop esi
cshell.dll+12327FD - 5D - pop ebp
cshell.dll+12327FE - C2 0C00 - ret 000C { 12 }
cshell.dll+1232801 - 80 BF A0010000 00 - cmp byte ptr [edi+000001A0],00 { 0 }
cshell.dll+1232808 - 0F84 8B000000 - je cshell.dll+1232899
cshell.dll+123280E - 83 BF C0020000 01 - cmp dword ptr [edi+000002C0],01 { 1 }
cshell.dll+1232815 - 7C 40 - jl cshell.dll+1232857
cshell.dll+1232817 - 8B 0D 50FB361A - mov ecx,[cshell.dll+220FB50] { (1A370518) }
cshell.dll+123281D - E8 AE25AFFF - call cshell.dll+D24DD0
cshell.dll+1232822 - 84 C0 - test al,al
cshell.dll+1232824 - 75 73 - jne cshell.dll+1232899
cshell.dll+1232826 - F3 0F7E 45 08 - movq xmm0,[ebp+08]
cshell.dll+123282B - 8B 45 10 - mov eax,[ebp+10]
cshell.dll+123282E - 6A 00 - push 00 { 0 }
cshell.dll+1232830 - 83 EC 0C - sub esp,0C { 12 }
cshell.dll+1232833 - 8B CC - mov ecx,esp
cshell.dll+1232835 - 66 0FD6 01 - movq [ecx],xmm0
cshell.dll+1232839 - 89 41 08 - mov [ecx+08],eax
cshell.dll+123283C - 8B CF - mov ecx,edi
cshell.dll+123283E - 8B 87 B0020000 - mov eax,[edi+000002B0]
cshell.dll+1232844 - FF D0 - call eax
cshell.dll+1232846 - 50 - push eax
cshell.dll+1232847 - 8B 87 B4020000 - mov eax,[edi+000002B4]
cshell.dll+123284D - 8B CF - mov ecx,edi
cshell.dll+123284F - FF D0 - call eax
cshell.dll+1232851 - 5F - pop edi
cshell.dll+1232852 - 5E - pop esi
cshell.dll+1232853 - 5D - pop ebp
cshell.dll+1232854 - C2 0C00 - ret 000C { 12 }
旧图飞天搜索405506 或特征码：
83 C4 ?? 8B 55 ?? 8B 42 ?? 89 85 ?? ?? ?? ?? 8B 4D ?? 8B 51 ?? 8B 82 ?? ?? ?? ?? 89
关键代码：mov eax,[edx+00000088] 可nop
crossfire.exe+35975B - 83 C4 04 - add esp,04 { 4 }
crossfire.exe+35975E - 8B 55 08 - mov edx,[ebp+08]
crossfire.exe+359761 - 8B 42 18 - mov eax,[edx+18]
crossfire.exe+359764 - 89 85 38FFFFFF - mov [ebp-000000C8],eax
crossfire.exe+35976A - 8B 4D 08 - mov ecx,[ebp+08]
crossfire.exe+35976D - 8B 51 08 - mov edx,[ecx+08]
crossfire.exe+359770 - 8B 82 88000000 - mov eax,[edx+00000088]
crossfire.exe+359776 - 89 85 70FFFFFF - mov [ebp-00000090],eax
crossfire.exe+35977C - 8B 8D 38FFFFFF - mov ecx,[ebp-000000C8]
crossfire.exe+359782 - 51 - push ecx
crossfire.exe+359783 - 8B 95 70FFFFFF - mov edx,[ebp-00000090]
crossfire.exe+359789 - 52 - push edx
调用游戏弹窗特征码
6A ?? 68 ?? ?? ?? ?? 6A ?? 6A ?? 6A ?? E8 ?? ?? ?? ?? 83 C4 ?? 5F 5E 8B E5 5D C2
关键代码call cshell.dll+577960
cshell.dll+1A634E - 6A 00 - push 00 { 0 }
cshell.dll+1A6350 - 6A 00 - push 00 { 0 }
cshell.dll+1A6352 - 6A 00 - push 00 { 0 }
cshell.dll+1A6354 - 6A 00 - push 00 { 0 }
cshell.dll+1A6356 - 68 182A1355 - push cshell.dll+1532A18 { ("UNKNOWN CHANGE_TYPE") }
cshell.dll+1A635B - 6A 00 - push 00 { 0 }
cshell.dll+1A635D - 6A 76 - push 76 { 118 }
cshell.dll+1A635F - 6A 37 - push 37 { 55 }
cshell.dll+1A6361 - E8 FA153D00 - call cshell.dll+577960
cshell.dll+1A6366 - 83 C4 20 - add esp,20 { 32 }
cshell.dll+1A6369 - 5F - pop edi
cshell.dll+1A636A - 5E - pop esi
cshell.dll+1A636B - 8B E5 - mov esp,ebp
cshell.dll+1A636D - 5D - pop ebp
cshell.dll+1A636E - C2 1800 - ret 0018 { 24 }
飞刀距离：5E 5D C3 83 F8 ?? 75 0C D9 86 ?? ?? ?? ?? D8 45 ?? 5E 5D C3 83 F8 ??
关键命令：fld dword ptr [esi+00000BF0]
cshell.dll+DFE8B - 5E - pop esi
cshell.dll+DFE8C - 5D - pop ebp
cshell.dll+DFE8D - C3 - ret
cshell.dll+DFE8E - 83 F8 01 - cmp eax,01 { 1 }
cshell.dll+DFE91 - 75 0C - jne cshell.dll+DFE9F
cshell.dll+DFE93 - D9 86 F00B0000 - fld dword ptr [esi+00000BF0]
cshell.dll+DFE99 - D8 45 20 - fadd dword ptr [ebp+20]
cshell.dll+DFE9C - 5E - pop esi
cshell.dll+DFE9D - 5D - pop ebp
cshell.dll+DFE9E - C3 - ret
cshell.dll+DFE9F - 83 F8 02 - cmp eax,02 { 2 }
飞刀范围：
5F 5E 8B E5 5D C2 ?? ?? D9 87 ?? ?? ?? ?? 5B 5F 5E 8B E5 5D C2 ?? ?? 51
关键命令：fld dword ptr [edi+00000ED4]
cshell.dll+3FE24F - 5B - pop ebx
cshell.dll+3FE250 - 5F - pop edi
cshell.dll+3FE251 - 5E - pop esi
cshell.dll+3FE252 - 8B E5 - mov esp,ebp
cshell.dll+3FE254 - 5D - pop ebp
cshell.dll+3FE255 - C2 0400 - ret 0004 { 4 }
cshell.dll+3FE258 - 8B 86 28030000 - mov eax,[esi+00000328]
cshell.dll+3FE25E - 5B - pop ebx
cshell.dll+3FE25F - D9 84 87 D40E0000 - fld dword ptr [edi+eax*4+00000ED4]
cshell.dll+3FE266 - 5F - pop edi
cshell.dll+3FE267 - 5E - pop esi
cshell.dll+3FE268 - 8B E5 - mov esp,ebp
cshell.dll+3FE26A - 5D - pop ebp
cshell.dll+3FE26B - C2 0400 - ret 0004 { 4 }
cshell.dll+3FE26E - D9 87 D40E0000 - fld dword ptr [edi+00000ED4]
cshell.dll+3FE274 - 5B - pop ebx
cshell.dll+3FE275 - 5F - pop edi
cshell.dll+3FE276 - 5E - pop esi
cshell.dll+3FE277 - 8B E5 - mov esp,ebp
cshell.dll+3FE279 - 5D - pop ebp
cshell.dll+3FE27A - C2 0400 - ret 0004 { 4 }
cshell.dll+3FE27D - 51 - push ecx
飞刀伤害：
5E 5B 8B E5 5D C2 ?? ?? D9 86 ?? ?? ?? ?? 5F 5E 5B 8B E5 5D C2 ?? ?? 51
关键命令：fld dword ptr [esi+000011F8]
cshell.dll+3FDEF8 - 5F - pop edi
cshell.dll+3FDEF9 - 5E - pop esi
cshell.dll+3FDEFA - 5B - pop ebx
cshell.dll+3FDEFB - 8B E5 - mov esp,ebp
cshell.dll+3FDEFD - 5D - pop ebp
cshell.dll+3FDEFE - C2 0400 - ret 0004 { 4 }
cshell.dll+3FDF01 - 8B 83 28030000 - mov eax,[ebx+00000328]
cshell.dll+3FDF07 - 5F - pop edi
cshell.dll+3FDF08 - D9 84 86 F8110000 - fld dword ptr [esi+eax*4+000011F8]
cshell.dll+3FDF0F - 5E - pop esi
cshell.dll+3FDF10 - 5B - pop ebx
cshell.dll+3FDF11 - 8B E5 - mov esp,ebp
cshell.dll+3FDF13 - 5D - pop ebp
cshell.dll+3FDF14 - C2 0400 - ret 0004 { 4 }
cshell.dll+3FDF17 - D9 86 F8110000 - fld dword ptr [esi+000011F8]
cshell.dll+3FDF1D - 5F - pop edi
cshell.dll+3FDF1E - 5E - pop esi
cshell.dll+3FDF1F - 5B - pop ebx
cshell.dll+3FDF20 - 8B E5 - mov esp,ebp
cshell.dll+3FDF22 - 5D - pop ebp
cshell.dll+3FDF23 - C2 0400 - ret 0004 { 4 }
cshell.dll+3FDF26 - 51 - push ecx
队友伤害：
cshell.dll+C35851 - 80 3D 7BE0E218 00 - cmp byte ptr [cshell.dll+220E07B],00 { (1),0 }
cshell.dll+C35858 - 74 0D - je cshell.dll+C35867
cshell.dll+C3585A - 33 C9 - xor ecx,ecx
cshell.dll+C3585C - 89 8D 24FEFFFF - mov [ebp-000001DC],ecx
cshell.dll+C35862 - 8D 41 10 - lea eax,[ecx+10]
cshell.dll+C35865 - EB 0F - jmp cshell.dll+C35876
cshell.dll+C35867 - 8B 85 E8FDFFFF - mov eax,[ebp-00000218]
cshell.dll+C3586D - 8B 8D 24FEFFFF - mov ecx,[ebp-000001DC]
cshell.dll+C35873 - 0FB6 C0 - movzx eax,al
cshell.dll+C35876 - 0FB6 F1 - movzx esi,cl
cshell.dll+C35879 - 89 85 18FEFFFF - mov [ebp-000001E8],eax
cshell.dll+C3587F - 89 B5 2CFEFFFF - mov [ebp-000001D4],esi
cshell.dll+C35885 - 3B F0 - cmp esi,eax
枪秒杀原值数据：更新√待改
M16伤害： 1119092736修四倍：1119102436修全开：9999999999999
M4伤害： 1120796672修四倍：1120806272修全开：9999999999999
M60伤害1：1121189888修四倍：1121209888修全开：9999999999999
M60伤害2：1121189888修四倍：1121209888修全开：9999999999999
M60伤害3：1121189888修四倍：1121209888修全开：9999999999999
M4_S伤害：1120796672修四倍：1121096472修全开：9999999999999
散弹伤害：1114636288修四倍：1114706188修全开：9999999999999
AWM伤害： 1136852992修四倍：1136802292修全开：9999999999999
M700伤害：1131544576修四倍：1131604376修全开：9999999999999
手枪伤害：1114112000修四倍：1114202000修全开：9999999999999
刀秒杀原值数据：更新√待改
刀原伤害：1119092736修四倍：1119102436修全开：9999999999999
尼原伤害：1120403456修四倍：1120503456修全开：9999999999999
斧原伤害：1120403456修四倍：1120503456修全开：9999999999999
铁原伤害：1117913088修四倍：1117996088修全开：9999999999999
马原伤害：1120403456修四倍：1120503456修全开：9999999999999
收原伤害：1121058816修四倍：1121158816修全开：9999999999999
爪原伤害：1119092736修四倍：1119102436修全开：9999999999999
刀类飞刀原值数据：更新√ 完成
刀原远度：1133903872修1.5倍：1138903872修全开：1198903872
尼原远度：1134886912修1.5倍：1139886912修全开：1198903872
斧原远度：1134886912修1.5倍：1139886912修全开：1198903872
铁原远度：1134723072修1.5倍：1139723072修全开：1198903872
马原远度：1135050752修1.5倍：1140050752修全开：1198903872
收原远度：1134886912修1.5倍：1139886912修全开：1198903872
爪原远度：1133903872修1.5倍：1138903872修全开：1198903872
如果 (内容＝ “正常”)
返回 (“M-idle”)
如果 (内容＝ “审判踢腿”)
返回 (“M-Kick”)
如果 (内容＝ “零踢腿”)
返回 (“M-Spinkick”)
如果 (内容＝ “趟地上”)
返回 (“M-Sliding”)
如果 (内容＝ “反抗”)
返回 (“M-Holding-combo1”)
如果 (内容＝ “向上跳”)
返回 (“M-jump-Rope”)
如果 (内容＝ “游泳”)
返回 (“M-swim”)
如果 (内容＝ “抽搐”)
返回 (“M-Kick”)
如果 (内容＝ “跳Rope”)
返回 (“M-jump-Rope”)
如果 (内容＝ “蹲”)
返回 (“M-c-idle-knife”)
如果 (内容＝ “手臂伸直”)
返回 (“M-null-pose”)
如果 (内容＝ “太空步”)
返回 (“M-run-Bside”)
如果 (内容＝ “螃蟹步”)
返回 (“M-run-Lside”)
如果 (内容＝ “蹲瞬移步”)
返回 (“M-c-idle”)
如果 (内容＝ “急速太空步”)
返回 (“M-walk-Bside”)
如果 (内容＝ “急速螃蟹步”)
返回 (“M-walk-Lside”)
如果 (内容＝ “袋鼠跳”)
返回 (“M-jump-Rope”)
如果 (内容＝ “跳跃腿拉直”)
返回 (“M-null-pose”)
如果 (内容＝ “跳跃倒地”)
返回 (“M-Sliding”)
如果 (内容＝ “跳跃蹲地”)
返回 (“M-Groggy”)
如果 (内容＝ “隐身”)
返回 (“M-combo_Bighead”)
如果 (内容＝ “躺地”)
返回 (“M-Laststand-Commander”)
如果 (内容＝ “跳舞”)
返回 (“M-Social_Shuffle10th”)
如果 (内容＝ “下跪”)
返回 (“M-Groggy”)
如果 (内容＝ “上吊”)
返回 (“M-balloon-groggy”)
如果 (内容＝ “滑铲”)
返回 (“M-Laststand-Commander”)
如果 (内容＝ “死亡”)
返回 (“Stdown-A”)
如果 (内容＝ “盘腿”)
返回 (“M-bind”)
如果 (内容＝ “盘腿”)
返回 (“M-bind”)
站着
返回 (“M-idle”)
M-Btldefense-hit 斜着跳舞
M-Kick 踢腿
M-Groggy-walk-Rside 蹲下
M-Laststand-shoot-Commander 睡觉 M-Sliding
M-Flash_1 弯腰
M-Jump-board 跳起来
M-Holding-combo2 水上
M-Spinkick 旋转飞毛腿
动作：反抗动作写M-Holding-combo1开上跳写M-jump-Rope 下蹲写M-Groggy 旋转飞毛腿写M-Spinkick
飞毛腿写M-Kick 战旗写M-Sliding 跳舞写M-Btldefense-hit
M-c-Bdown_d死亡（三方）M-crying_nano生气M-Swim水里向前走M-SwimDie1水里死亡1M-SwimDie12水里死亡2M-Flash_1用手打
蹲着准备M-land-Rope滑索下来动作M-Sliding躺在地上打装死M-combo_Bighead
M-Sliding躺在地上打M-Laststanddown死亡动作M-wait0M-walk-RsideM-walk-LsideM-c-walk-RsideM-c-walk-LsideM-runM-Run-BsideM-walk
下跪Stdown-A 关写M-idle
【站着动作】
偏移50
M-Kick 审判踢腿
M-Spinkick 零踢腿
M-Sliding 趟地上
M-Holding-combo1 反抗
M-jump-Rope 向上跳
M-swim 游泳
M-idle 结束
【刀武器攻击姿势】偏移50
M-c-idle-knife 左键攻击弯腰
M-Groggy 左键攻击抱拳
M-Holding-combo1 左键攻击拳头
M-combo1_%s 结束
【枪械攻击姿势】偏移28
M-Kick 抽搐
M-jump-Rope 举手
M-c-idle-knife 弯腰
M-idle-M700 狙击
M-null-pose 手臂伸直
M-shoot-%s-upper 结束
【人物走路姿势拿着主武器开启功能打一枪】
偏移50
M-run-Bside 太空步
M-run-Lside 螃蟹步
M-idle 瞬移步
M-c-idle 蹲瞬移步
M-walk-Bside 急速太空步
M-walk-Lside 急速螃蟹步
偏移16
M-jump-Rope 袋鼠跳
M-null-pose 跳跃腿拉直
M-Sliding 跳跃倒地
M-Groggy 跳跃蹲地
M-swim 游泳跳
M-jump 结束
隐身写M-combo_Bighead 躺地下死写M-Laststand-Commander 写M-idle

复制代码

liu1052186627 · 发表于 2020-12-21 21:54:21

提示: 作者被禁止或删除内容自动屏蔽

931425291 · 发表于 2020-12-21 23:16:22

直接懵逼

397249367 · 发表于 2020-12-22 00:20:40

啥也不说了，感谢楼主分享哇！

[其他发布] CF一些功能基址特征码开源：全屏飞刀、飞天、玩家数组

发主题奖

在线狂人

发帖勋章

活跃会员

论坛为家

liu1052186627 liu1052186627 当前离线头像被屏蔽签到天数: 8 天 [LV.3]偶尔看看II 发消息	发表于 2020-12-21 21:54:21 \| 显示全部楼层提示: 作者被禁止或删除内容自动屏蔽

	回复使用道具举报