// 疾風N合一 ver 1.23 for TwMs 0.75
//--------------------------------------------------
// 原創:疾風之莊
// 功能: 走, 跳怪左右走 + 笨怪 +10秒損血一次 + 全砍全刺 + 超級撿物 +紅點暫停
// 跳怪不跳 + 致命的吸引力 (有分定點及跟隨角色二種模式,啟動方式提示:5秒)
// 修改:kuruotonix
// 更新:
// 感謝: 感謝99783981大大的損血延遲數據,還有許多前人的努力,
// 最後感謝 A,D,L,N,W,W大大們的測試與指導(按字母排列)
// 日期:2008/07/07
// Address:00413268→EIP:MyLR
//--------------------------------------------------
[enable]
alloc(MyLR,2048)
registersymbol(MyLR)
registersymbol(MyCLSW)
alloc(MyDir,4)
alloc(MyCt,4)
alloc(MyCLSW,4)
alloc(MyPt1,4)
alloc(MyPt2,4)
label(MyLR1)
label(GoLR)
label(GoLR1)
label(GoLR2)
label(GoLR3)
label(GoLR4)
label(GoLR5)
label(GoLRback)
label(JmpLR)
label(JmpLR1)
label(JmpLR2)
label(JmpLRback)
label(MyStupid)
label(MyNoBack)
label(MyState)
label(MyCharX)
label(MyCharY)
label(MyNoJmp)
label(LRDir1)
label(LRDir2)
label(LRDir3)
label(LRDir4)
label(LRDir5)
label(LRDir6)
label(Chop0)
label(Chop1)
label(Chop2)
label(Chop3)
MyDir:
DD 1
MyCLSW:
DD 0 // 0:關閉 2:砍 3:刺
MyLR:
push eax
cmp [009443A4], 00000000 //檢測紅點記憶體位置內有無 pointer
je MyLR1
mov eax,[009443A4] //地圖紅點 pointer
mov eax,[eax+18] //地圖紅點 offset
cmp eax,0
jne MyLR1
cmp [009433BC],00000000 //009443A4+18=009433BC 比較紅點數量
je MyLR1 //若要遇紅點繼續請把JE改成JA
mov eax,[009433BC] //超級撿物 pointer
mov [eax+206C], 0 //超級撿物 Offset
pop eax
cmp dword ptr [esp], 007DAAF7 //走怪
je GoLR
cmp dword ptr [esp], 007DAF0B //跳怪
je JmpLR
cmp dword ptr [esp], 007D9C04 //笨怪
je MyStupid
cmp dword ptr [esp], 0079419F //不後退
je MyNoBack
cmp dword ptr [esp], 007DAEC3 //跳怪不跳
je MyNoJmp
//jne Chop0
pop eax
ret
MyLR1:
pop eax
ret
//================================
GoLR: //走怪
add esp,4
call MyState
push 03
pop ecx
mov [edi+20],eax //007DAAFA - 89 47 20 - mov [edi+20],eax
xor edx,edx //007DAAFD - 33 d2 - xor edx,edx
div ecx //007DAAFF - f7 f1 - div ecx
cmp [MyDir], 1
je GoLRback
cmp [MyDir], 3
je GoLR1
cmp [MyDir], 4
je GoLR3
cmp edx, [MyDir]
je GoLRback
mov [esi+00000468],0 //007DAB23 - ff 8e 68 04 00 00 - dec [esi+00000468]
jmp GoLRback
GoLR1:
push eax
call MyCharX
jmp GoLR4
GoLR3:
push eax
mov eax,[MyPt1]
GoLR4:
cmp edx, 1
je GoLR5
jg GoLR2
cmp eax,[esi+1c4]
pop eax
mov [esi+00000468],5 //007DAB23 - ff 8e 68 04 00 00 - dec [esi+00000468]
jl GoLRback
mov [esi+00000468],0 //007DAB23 - ff 8e 68 04 00 00 - dec [esi+00000468]
jmp GoLRback
GoLR2:
cmp eax,[esi+1c4]
pop eax
mov [esi+00000468],5 //007DAB23 - ff 8e 68 04 00 00 - dec [esi+00000468]
jg GoLRback
mov [esi+00000468],0 //007DAB23 - ff 8e 68 04 00 00 - dec [esi+00000468]
jmp GoLRback
GoLR5:
pop eax
mov [esi+00000468],0 //007DAB23 - ff 8e 68 04 00 00 - dec [esi+00000468]
GoLRback:
jmp 007DAB01 //←每次改版記憶體會變動
//================================
JmpLR: //跳怪
add esp,4
call MyState
cmp [MyDir], 1
je JmpLRback
cmp [MyDir], 2
mov eax,2
je JmpLRback
cmp [MyDir], 0
mov eax,3
je JmpLRback
cmp [MyDir], 4
je JmpLR1
call MyCharX
jmp JmpLR2
JmpLR1:
mov eax,[MyPt1]
JmpLR2:
cmp eax,[esi+1bc]
mov eax,2
mov [esi+00000468],5 //007DAF37 - ff 8e 68 04 00 00 - dec [esi+00000468]
jg JmpLRback
mov eax,3
JmpLRback:
push 03
jmp 007DAF0D //←每次改版記憶體會變動
//================================
MyCharX:
mov eax [009443AC] //Item_X(DemVac) pointer
mov eax, [eax+b5c] //Item_X(DemVac) offset
ret
MyCharY:
mov eax [009443AC] //Item_Y(DemVac) pointer
mov eax, [eax+b60] //Item_Y(DemVac) offset
ret
//================================
MyState:
push eax
mov eax, [009443AC] //人物動作 pointer
mov eax, [eax+33c] //人物動作 offset
cmp eax, a
je LRDir1
cmp eax, b
je LRDir2
cmp eax, 14
je LRDir3
cmp eax, 15
je LRDir3
mov [MyCt], 0
jmp LRDir4
LRDir1:
mov [MyDir],2
cmp [MyCt], 32
ja LRDir5
inc [MyCt]
jmp LRDir4
LRDir2:
mov [MyDir],0
cmp [MyCt], 32
ja LRDir6
inc [MyCt]
jmp LRDir4
LRDir3:
mov [MyDir],1
jmp LRDir4
LRDir5:
mov [MyDir],3
jmp LRDir4
LRDir6:
mov [MyDir],4
call MyCharX
mov [MyPt1],eax
LRDir4:
call MyCharY
mov [MyPt2],eax
pop eax
ret
//============================
MyStupid: //笨怪
add esp, 4 //每次改版檢查程式碼是否有被更動整段都要檢查
xor edx,edx //007D9C04 - 33 d2 - xor edx,edx
mov ecx,0000ea60 //007D9C06 - b9 60 ea 00 00 - mov ecx,0000ea60
div ecx //007D9C0B - f7 f1 - div ecx
lea eax,[esi+00000230] //007D9C0D - 8d 86 30 02 00 00 - lea eax,[esi+00000230]
add edx,0002bf20 //007D9C13 - 81 c2 20 bf 02 00 - add edx,0002bf20
mov [esi+00000238],edx //007D9C19 - 89 96 38 02 00 00 - mov [esi+00000238],edx
mov edx,[esp+10] //007D9C1F - 8b 54 24 10 - mov edx,[esp+10]
cmp [eax],edx //007D9C23 - 39 10 - cmp [eax],edx
je 007d9c4f //←每次改版記憶體會變動
cmp [esi+00000234],edi //007D9C27 - 39 be 34 02 00 00 - cmp [esi+00000234],edi
lea ecx,[esi+00000234] //007D9C2D - 8d 8e 34 02 00 00 - lea ecx,[esi+00000234]
je 007d9c4f //←每次改版記憶體會變動
jmp 007D9C35 //←每次改版記憶體會變動
//============================
MyNoBack: //不後退
add esp,4
mov eax, [ebp-10] //007947DD - 8b 45 f0 - mov eax,[ebp-10]
push FFFFD8F0 //007947E0 - 68 24 fa ff ff - push fffffa24
jmp 007947E5 //←每次改版記憶體會變動
//============================
MyNoJmp: //跳怪不跳
add esp,4
jmp 007DAABD //←每次改版記憶體會變動
//============================
//以下這沒有更新
Chop0:
push ebp
mov ebp, esp
sub esp,30
push ecx
push ebx
push eax
xor ecx, [ebp+4]
mov [ebp-0c],ecx
mov ebx,[ebp-24]
mov [ebp-18], eax
push MyLR1
mov [ebp-04], 24980200
mov [ebp-1c], eax
mov eax, [ebp+08]
mov [ebp-20], 6803c5b9
mov [ebp-10], edx
lea edx, [ebp-10]
mov ebx, [ebp-1c]
push [ebp-1c]
shr eax,1
and eax,01
mov [ebp-0c],eax
pop eax
mov eax, ebx
pop ecx
mov eax, [edx-30]
mov [ebp-1c], eax
and eax,ffffff00
mov ebx, [ebp-20]
push 05
push ebx
mov [edx-14], eax
call 0084d96a
and eax,bafc006f
or dword ptr [ebp-08],eax
mov ecx,[ebp-20]
pop ebx
add eax,C942
cmp [ebp+04], eax
mov edx,[ebp-10]
pop ecx
jne Chop1
lea eax,[ebp-0c]
mov ebx, [eax-10]
mov eax, [eax-18]
xor ebx, eax
mov ecx, [eax+18]
xor ecx, [eax+1c]
sub ebx, 6
shl ebx,8
add ebx, e9
xor ecx, 6d753d18
jne Chop2
mov ebx, [eax+20]
xor ebx, [eax+24]
add eax, 000004f5
mov [ebp-08], eax
inc eax
add eax, ecx
push ecx
mov ecx,eax
mov eax, [eax+28]
sub ebx, ecx
je Chop3
mov ecx, ebx
Chop3:
mov ecx, eax
lea eax,[9492ac]
push [eax+08]
mov [ebp-0c],eax
push eax
call 00413158
fld [ebp-18]
pop ecx
pop ecx
mov [ebp-0c],ecx
mov eax,[ebp-24]
mov ebx, [ebp-08]
mov ebx, [ebx]
xor ebx,c35de58b
mov [ebp-08], ebx
pop ecx
fstp [ebp-18]
jne Chop2
mov eax, [ebp-04]
xor eax, 24980a08
sub ebp, ecx
add eax,[ebp-24]
mov eax, [eax]
add [ebp-20],eax
mov [ebp-1c],ecx
xor ecx, [ebp+24]
mov [ebp-0c],ecx
mov ebx,[ebp+24]
mov [ebp-18], eax
test eax, eax
je Chop1
pop ecx
pop ebx
pop ecx
mov esp, ebp
pop ebp
ret
cmp [ebp+0c],ebx
je Chop1
mov eax,[ebp+0c]
mov ecx,[ebp-70]
imul eax,eax,000001bc
mov ecx,[ecx+48]
push [eax+ecx+000000cc]
lea eax,[eax+ecx+000001bc]
add eax,000000e8
pop eax
pop ebx
pop ecx
mov esp, ebp
pop ebp
ret
push eax
call 00412917
pop ecx
pop ecx
mov [ebp+0c],eax
mov eax,[ebp-80]
push 64
xor edx,edx
pop ecx
div ecx
cmp edx,[ebp+0c]
jae MyLR1
call 0042600f
mov eax,[eax+000000e8]
Chop2:
mov [eax], 555756c3
inc eax
mov [eax], ebx
add eax, 4
mov [eax],3d000000
jmp Chop1
shr eax,1
and eax,01
mov [ebp+0c],eax
jne Chop1
or dword ptr [ebp+08],ff
mov [ebp-40],00000001
mov eax,[ebp-7c]
push 64
xor edx,edx
pop ecx
div ecx
mov eax,[ebp+18]
cmp edx,[eax+000002a0]
jae MyLR1
Chop1:
pop eax
pop ebx
pop ecx
mov esp, ebp
pop ebp
ret
[DISABLE]
unregistersymbol(MyLR)
unregistersymbol(MyCLSW)
dealloc(MyLR)
dealloc(MyDir)
dealloc(MyCt)
dealloc(MyCLSW)
dealloc(MyPt1)
dealloc(MyPt2)