完美的全装备雇佣兵的修改
鉴于Baron-Josh的全装备雇佣兵插件没公布代码,并且存在武器变换时有可能导致物品消失的BUG。而他公布了代码的v.1.1 BETA比起新版的插件多一些存在盾牌的BUG(其实插件解决了盾牌的BUG而引入了新的BUG,如两个单手物品互换时),功能也少一些。由于这些BUG的存在导致开战网的全装备雇佣兵总有些欠缺,而到现在也没有完美的修改方法。本人研究了一个较完美的DLL修改方法,大致特性如下:1、可以设置喝药水的种类
2、可以设置公共装备的种类
3、可以设置私人装备的种类
4、当然戒指、左右手安放物品BUG的问题已经解决
不过以上全部都是基于DLL的修改的,没兴趣的可以跳过看最后面的东西。
首先需要解决的是BUG的问题,需要对安放物品的可能性进行分析,归类,限制了导致物品消失的安放方法。由于涉及到3X3X2X2=36X2=72(3X3X2X2种情况中的一个X2就是考虑是否用双手武器替换,另外的X2是放到左右手,两个X3里表示左右手是空手、单手、双手三种状态。是否放盾牌类的二手物品再乘2)种状态相互转化,安放物品状态检测的控制很复杂,这里就略去(不要怪我,写起来太复杂,我脑袋里明白,但写不出来!自己细心TRACE应该能够看明白。)。下面是我的代码(有我笨拙的英语注释)
在d2game.dll中,在6FC88D86开始修改为如下代码
6FC88D86 . 33C0 xor eax,eax
6FC88D88 . 8A4424 14 mov al,byte ptr ss:[esp+14]
6FC88D8C . 50 push eax
6FC88D8D . 50 push eax
6FC88D8E . 55 push ebp
6FC88D8F . E8 CE2B0900 call
6FC88D94 . 8BF0 mov esi,eax
6FC88D96 . 58 pop eax
6FC88D97 . 83F8 04 cmp eax,4
6FC88D9A . 74 05 je short D2Game.6FC88DA1
6FC88D9C . 83F8 06 cmp eax,6
6FC88D9F . 75 2C jnz short D2Game.6FC88DCD
6FC88DA1 > 8A4424 10 mov al,byte ptr ss:[esp+10]
6FC88DA5 . 50 push eax
6FC88DA6 . 55 push ebp
6FC88DA7 . E8 B62B0900 call
6FC88DAC . 8BE8 mov ebp,eax
6FC88DAE . 53 push ebx
6FC88DAF . 33DB xor ebx,ebx
6FC88DB1 . 56 push esi
6FC88DB2 . E8 CF2B0900 call
6FC88DB7 . C0E0 02 shl al,2
6FC88DBA . 8BD8 mov ebx,eax
6FC88DBC . 55 push ebp
6FC88DBD . E9 03DD0900 jmp D2Game.6FD26AC5
6FC88DC2 90 nop
6FC88DC3 90 nop
6FC88DC4 90 nop
二进制复制:
33 C0 8A 44 24 14 50 50 55 E8 CE 2B 09 00 8B F0 58 83 F8 04 74 05 83 F8 06 75 2C 8A 44 24 10 50 55 E8 B6 2B 09 00 8B E8 53 33 DB 56 E8 CF 2B 09 00 C0 E0 02 8B D8 55 E9 03 DD 09 00 90 90 90
以上只是少量的代码,替换原dll中无用代码,后面还有很多!在d2game.dll找111 BYTE空间,对应地址的转移写入如下代码
6FD26AC5 > \E8 BC4EFFFF call
6FD26ACA . D1E0 shl eax,1
6FD26ACC . 03D8 add ebx,eax
6FD26ACE . 8B4424 30 mov eax,dword ptr ss:[esp+30]
6FD26AD2 . 50 push eax
6FD26AD3 . E8 AE4EFFFF call
6FD26AD8 . 03D8 add ebx,eax
6FD26ADA . 85F6 test esi,esi
6FD26ADC . 75 0B jnz short D2Game.6FD26AE9
6FD26ADE . 85ED test ebp,ebp
6FD26AE0 . 74 1A je short D2Game.6FD26AFC ; 1a,p1
6FD26AE2 . 83FB 01 cmp ebx,1
6FD26AE5 . 75 55 jnz short D2Game.6FD26B3C ; 1b1,ck2
6FD26AE7 . EB 0D jmp short D2Game.6FD26AF6 ; 1b2,ex
6FD26AE9 > 83FB 04 cmp ebx,4
6FD26AEC . 7D 0E jge short D2Game.6FD26AFC ; 2a,p1
6FD26AEE . 85DB test ebx,ebx
6FD26AF0 . 74 16 je short D2Game.6FD26B08 ; 2b,ck1
6FD26AF2 . 85ED test ebp,ebp
6FD26AF4 . 74 06 je short D2Game.6FD26AFC ; 2c,p1
6FD26AF6 > 5B pop ebx ; exit 2d
6FD26AF7 .^ E9 F222F6FF jmp D2Game.6FC88DEE
6FD26AFC > 5B pop ebx ; p1
6FD26AFD .^ E9 CB22F6FF jmp D2Game.6FC88DCD
6FD26B02 > 5B pop ebx ; p2
6FD26B03 .^ E9 BD22F6FF jmp D2Game.6FC88DC5
6FD26B08 > 8A4424 18 mov al,byte ptr ss:[esp+18] ; ck1
6FD26B0C . 3C 06 cmp al,6
6FD26B0E .^ 74 F2 je short D2Game.6FD26B02
6FD26B10 . 8B4424 30 mov eax,dword ptr ss:[esp+30]
6FD26B14 . 6A 36 push 36
6FD26B16 . 50 push eax
6FD26B17 . E8 B04DFFFF call
6FD26B1C . 85C0 test eax,eax
6FD26B1E . 74 0E je short D2Game.6FD26B2E
6FD26B20 . 6A 36 push 36
6FD26B22 . 56 push esi
6FD26B23 . E8 A44DFFFF call
6FD26B28 . 85C0 test eax,eax
6FD26B2A .^ 74 D6 je short D2Game.6FD26B02
6FD26B2C .^ EB CE jmp short D2Game.6FD26AFC
6FD26B2E > 6A 36 push 36
6FD26B30 . 56 push esi
6FD26B31 . E8 964DFFFF call
6FD26B36 . 85C0 test eax,eax
6FD26B38 .^ 75 C8 jnz short D2Game.6FD26B02
6FD26B3A .^ EB C0 jmp short D2Game.6FD26AFC
6FD26B3C > 8A4424 18 mov al,byte ptr ss:[esp+18] ; ck2
6FD26B40 . 3C 06 cmp al,6
6FD26B42 .^ 74 B8 je short D2Game.6FD26AFC
6FD26B44 . 8B4424 30 mov eax,dword ptr ss:[esp+30]
6FD26B48 . 6A 36 push 36
6FD26B4A . 50 push eax
6FD26B4B . E8 7C4DFFFF call
6FD26B50 . 85C0 test eax,eax
6FD26B52 . 74 0E je short D2Game.6FD26B62
6FD26B54 . 6A 36 push 36
6FD26B56 . 55 push ebp
6FD26B57 . E8 704DFFFF call
6FD26B5C . 85C0 test eax,eax
6FD26B5E .^ 74 9C je short D2Game.6FD26AFC
6FD26B60 .^ EB A0 jmp short D2Game.6FD26B02
6FD26B62 > 6A 36 push 36
6FD26B64 . 55 push ebp
6FD26B65 . E8 624DFFFF call
6FD26B6A . 85C0 test eax,eax
6FD26B6C .^ 75 8E jnz short D2Game.6FD26AFC
6FD26B6E .^ EB 92 jmp short D2Game.6FD26B02
二进制复制:
E8 BC 4E FF FF D1 E0 03 D8 8B 44 24 30 50 E8 AE 4E FF FF 03 D8 85 F6 75 0B 85 ED 74 1A 83 FB 01
75 55 EB 0D 83 FB 04 7D 0E 85 DB 74 16 85 ED 74 06 5B E9 F2 22 F6 FF 5B E9 CB 22 F6 FF 5B E9 BD
22 F6 FF 8A 44 24 18 3C 06 74 F2 8B 44 24 30 6A 36 50 E8 B0 4D FF FF 85 C0 74 0E 6A 36 56 E8 A4
4D FF FF 85 C0 74 D6 EB CE 6A 36 56 E8 96 4D FF FF 85 C0 75 C8 EB C0 8A 44 24 18 3C 06 74 B8 8B
44 24 30 6A 36 50 E8 7C 4D FF FF 85 C0 74 0E 6A 36 55 E8 70 4D FF FF 85 C0 74 9C EB A0 6A 36 55
E8 62 4D FF FF 85 C0 75 8E EB 92
经过修改后,安放物品BUG的问题就解决了。
接着就要增加上面说到的功能。
在d2game.dll中,由于代码整齐,为节省空间,将一些代码清除用于对应可用物品的检测:
6FC88B77 /EB 14 jmp short D2Game.6FC88B8D
6FC88B79 |0000 add byte ptr ds:[eax],al ; drink begin药水类型开始
6FC88B7B |0000 add byte ptr ds:[eax],al
6FC88B7D |0000 add byte ptr ds:[eax],al
6FC88B7F |0000 add byte ptr ds:[eax],al
6FC88B81 |0000 add byte ptr ds:[eax],al
6FC88B83 |0000 add byte ptr ds:[eax],al
6FC88B85 |0000 add byte ptr ds:[eax],al
6FC88B87 |0000 add byte ptr ds:[eax],al
6FC88B89 |0000 add byte ptr ds:[eax],al
6FC88B8B |0000 add byte ptr ds:[eax],al
6FC88B8D \6A 1C push 1C
6FC88B8F 56 push esi
6FC88B90 E8 DBDF0900 call D2Game.6FD26B70 ; drink call
6FC88B95 85C0 test eax,eax
6FC88B97 0F85 3B010000 jnz D2Game.6FC88CD8
6FC88B9D 894424 18 mov dword ptr ss:[esp+18],eax
6FC88BA1 EB 14 jmp short D2Game.6FC88BB7 ; drink end
6FC88BA3 0000 add byte ptr ds:[eax],al ; all begin共用类型开始
6FC88BA5 0000 add byte ptr ds:[eax],al
6FC88BA7 0000 add byte ptr ds:[eax],al
6FC88BA9 0000 add byte ptr ds:[eax],al
6FC88BAB 0000 add byte ptr ds:[eax],al
6FC88BAD 0000 add byte ptr ds:[eax],al
6FC88BAF 0000 add byte ptr ds:[eax],al
6FC88BB1 0000 add byte ptr ds:[eax],al
6FC88BB3 0000 add byte ptr ds:[eax],al
6FC88BB5 0000 add byte ptr ds:[eax],al
6FC88BB7 6A 1C push 1C ; all len +9
6FC88BB9 56 push esi
6FC88BBA E8 B1DF0900 call D2Game.6FD26B70 ; all call
6FC88BBF 85C0 test eax,eax
6FC88BC1 74 08 je short D2Game.6FC88BCB ; nop for all
6FC88BC3 C74424 18 010000>mov dword ptr ss:[esp+18],1
6FC88BCB 8B47 04 mov eax,dword ptr ds:[edi+4]
6FC88BCE 3D 67010000 cmp eax,167
6FC88BD3 77 6C ja short D2Game.6FC88C41 ; to act 5
6FC88BD5 74 46 je short D2Game.6FC88C1D ; to act 3
6FC88BD7 2D 0F010000 sub eax,10F
6FC88BDC 74 27 je short D2Game.6FC88C05 ; to act 1
6FC88BDE EB 17 jmp short D2Game.6FC88BF7 ; act2
6FC88BE0 0000 add byte ptr ds:[eax],al ; act 2 begin ACT2物品类型开始
6FC88BE2 0000 add byte ptr ds:[eax],al
6FC88BE4 0000 add byte ptr ds:[eax],al
6FC88BE6 0000 add byte ptr ds:[eax],al
6FC88BE8 0000 add byte ptr ds:[eax],al
6FC88BEA 0000 add byte ptr ds:[eax],al
6FC88BEC 0000 add byte ptr ds:[eax],al
6FC88BEE 0000 add byte ptr ds:[eax],al
6FC88BF0 0000 add byte ptr ds:[eax],al
6FC88BF2 0000 add byte ptr ds:[eax],al
6FC88BF4 0000 add byte ptr ds:[eax],al
6FC88BF6 006A 1F add byte ptr ds:[edx+1F],ch
6FC88BF9 56 push esi
6FC88BFA E8 71DF0900 call D2Game.6FD26B70 ; act2 call
6FC88BFF 85C0 test eax,eax
6FC88C01 74 6C je short D2Game.6FC88C6F
6FC88C03 EB 72 jmp short D2Game.6FC88C77 ; act2 end
6FC88C05 EB 5C jmp short D2Game.6FC88C63 ; to act1
6FC88C07 0000 add byte ptr ds:[eax],al ; act3 begin ACT3物品类型开始
6FC88C09 0000 add byte ptr ds:[eax],al
6FC88C0B 0000 add byte ptr ds:[eax],al
6FC88C0D 0000 add byte ptr ds:[eax],al
6FC88C0F 0000 add byte ptr ds:[eax],al
6FC88C11 0000 add byte ptr ds:[eax],al
6FC88C13 0000 add byte ptr ds:[eax],al
6FC88C15 0000 add byte ptr ds:[eax],al
6FC88C17 0000 add byte ptr ds:[eax],al
6FC88C19 0000 add byte ptr ds:[eax],al
6FC88C1B 0000 add byte ptr ds:[eax],al
6FC88C1D 6A 1E push 1E
6FC88C1F 56 push esi ; act 3
6FC88C20 E8 4BDF0900 call D2Game.6FD26B70 ; act 3 call
6FC88C25 85C0 test eax,eax
6FC88C27 74 46 je short D2Game.6FC88C6F
6FC88C29 EB 4C jmp short D2Game.6FC88C77 ; act 3 end
6FC88C2B 0000 add byte ptr ds:[eax],al ; act 5 begin ACT5物品类型开始
6FC88C2D 0000 add byte ptr ds:[eax],al
6FC88C2F 0000 add byte ptr ds:[eax],al
6FC88C31 0000 add byte ptr ds:[eax],al
6FC88C33 0000 add byte ptr ds:[eax],al
6FC88C35 0000 add byte ptr ds:[eax],al
6FC88C37 0000 add byte ptr ds:[eax],al
6FC88C39 0000 add byte ptr ds:[eax],al
6FC88C3B 0000 add byte ptr ds:[eax],al
6FC88C3D 0000 add byte ptr ds:[eax],al
6FC88C3F 0000 add byte ptr ds:[eax],al
6FC88C41 6A 1E push 1E ; act 5 len +9
6FC88C43 56 push esi
6FC88C44 E8 27DF0900 call D2Game.6FD26B70 ; act 5 call
6FC88C49 85C0 test eax,eax
6FC88C4B 74 22 je short D2Game.6FC88C6F
6FC88C4D EB 28 jmp short D2Game.6FC88C77 ; act 5 end
6FC88C4F 0000 add byte ptr ds:[eax],al ; act 1 begin ACT1物品类型开始
6FC88C51 0000 add byte ptr ds:[eax],al
6FC88C53 0000 add byte ptr ds:[eax],al
6FC88C55 0000 add byte ptr ds:[eax],al
6FC88C57 0000 add byte ptr ds:[eax],al
6FC88C59 0000 add byte ptr ds:[eax],al
6FC88C5B 0000 add byte ptr ds:[eax],al
6FC88C5D 0000 add byte ptr ds:[eax],al
6FC88C5F 0000 add byte ptr ds:[eax],al
6FC88C61 0000 add byte ptr ds:[eax],al
6FC88C63 6A 1C push 1C ; act1 len+9
6FC88C65 56 push esi
6FC88C66 E8 05DF0900 call D2Game.6FD26B70 ; act 1 call
6FC88C6B 85C0 test eax,eax 6FC88C6D 75 08 jnz short D2Game.6FC88C77 ; act 1 end
二进制复制:
EB 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6A 1C 56 E8 DB DF 09 00 85 C0
0F 85 3B 01 00 00 89 44 24 18 EB 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
6A 1C 56 E8 B1 DF 09 00 85 C0 74 08 C7 44 24 18 01 00 00 00 8B 47 04 3D 67 01 00 00 77 6C 74 46
2D 0F 01 00 00 74 27 EB 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
6A 1F 56 E8 71 DF 09 00 85 C0 74 6C EB 72 EB 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 6A 1E 56 E8 4B DF 09 00 85 C0 74 46 EB 4C 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 6A 1E 56 E8 27 DF 09 00 85 C0 74 22 EB 28 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 6A 1C 56 E8 05 DF 09 00 85 C0 75 08
对于药水、共同可穿戴物品、和ACT1、ACT2、ACT3、ACT5雇佣兵武器的各类别的各个检测代码,只保留一个,其余的空间用于对应类型的物品类型代码的储存。关于物品类型代码,即itemtype.txt中的物品类型代码。设定的方法举例如下:
例:共同可穿戴物品 ,原来有盔甲03h和帽子25h,现在要加上戒指0Ah项链0Ch和腰带13h,那么就要在6FC88BA3开始写入03 25 0A 0C 13 注意,末尾要以00结束。
由于程序各位置不同,可用的长度也不同,大致都在19个以上,上面的例子中空间已经清除为00了。物品类型代码可写在由开始到PUSH命令前1 BYTE(要以00结束)。对于上面的例子,就是到6FC88BB5,后面的代码为00 6A 1C。
另外,将检测是否对应单个物品类型的函数改为自己的物品类型检测函数。此函数的功能是依次对物品列表进行检测。代码写在d2game.dll末尾,接着上面安放物品状态检测的控制附加代码后面。
6FD26B70 55 push ebp
6FD26B71 56 push esi
6FD26B72 8B6C24 08 mov ebp,dword ptr ss:[esp+8]
6FD26B76 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
6FD26B7A 8B7424 0C mov esi,dword ptr ss:[esp+C]
6FD26B7E 2BE9 sub ebp,ecx
6FD26B80 33C0 xor eax,eax
6FD26B82 8A45 00 mov al,byte ptr ss:[ebp]
6FD26B85 85C0 test eax,eax
6FD26B87 74 0E je short D2Game.6FD26B97 ;检测到末尾标志00h退出检测
6FD26B89 50 push eax
6FD26B8A 56 push esi
6FD26B8B E8 3C4DFFFF call
6FD26B90 85C0 test eax,eax
6FD26B92 75 03 jnz short D2Game.6FD26B97
6FD26B94 45 inc ebp
6FD26B95 ^ EB EB jmp short D2Game.6FD26B82
6FD26B97 5E pop esi
6FD26B98 5D pop ebp
6FD26B99 C2 0800 retn 8
二进制复制:
55 56 8B 6C 24 08 8B 4C 24 10 8B 74 24 0C 2B E9 33 C0 8A 45 00 85 C0 74 0E 50 56 E8 3C 4D FF FF
85 C0 75 03 45 EB EB 5E 5D C2 08 00
同时还要修改D2Client.dll。由于D2Client.dll中的代码较乱,不能清除大致相同大小的空间,将物品类型代码写在代码末。当然,对应还是要修改单个物品类型的检测函数为新的列表检测函数。这里的相互跳转紧密,还要进行对 共同可穿戴物品、和ACT1、ACT2、ACT3、ACT5雇佣兵武器的各类别的分离修改。以下为修改后的代码:
6FAED4DF 6A 01 push 1 ; all, table 1
6FAED4E1 53 push ebx
6FAED4E2 E8 39F00700 call d2client.6FB6C520 ; all call
6FAED4E7 85C0 test eax,eax
6FAED4E9 74 07 je short d2client.6FAED4F2
6FAED4EB BE 01000000 mov esi,1
6FAED4F0 |. 8937 mov dword ptr ds:[edi],esi
6FAED4F2 |> 85ED test ebp,ebp
6FAED4F4 |. 75 05 jnz short d2client.6FAED4FB
6FAED4F6 |. 83C9 FF or ecx,FFFFFFFF
6FAED4F9 |. EB 03 jmp short d2client.6FAED4FE
6FAED4FB |> 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
6FAED4FE |> E8 DD45FCFF call d2client.6FAB1AE0
6FAED503 |. 3D 67010000 cmp eax,167 ; Switch (cases 10F..231)
6FAED508 7F 7F jg short d2client.6FAED589 ; act 5
6FAED50A |. 74 2A je short d2client.6FAED536 ; act 3
6FAED50C |. 2D 0F010000 sub eax,10F
6FAED511 |. 74 1C je short d2client.6FAED52F ; act1
6FAED513 90 nop ; nop for below act5
6FAED514 90 nop ;这里NOP了雇佣兵的ID检测
6FAED515 90 nop ;以为可以随意设定ID,结果不行。
6FAED516 90 nop
6FAED517 90 nop
6FAED518 6A 03 push 3 ; act2 table3
6FAED51A |. 53 push ebx
6FAED51B E8 00F00700 call d2client.6FB6C520 ; act2 call
6FAED520 |. 85C0 test eax,eax
6FAED522 |. 0F85 9A000000 jnz d2client.6FAED5C2
6FAED528 90 nop
6FAED529 90 nop
6FAED52A E9 30000000 jmp d2client.6FAED55F ; pass nest check(act1 used)
6FAED52F 6A 02 push 2 ; act 1 table 2
6FAED531 |. E9 82000000 jmp d2client.6FAED5B8
6FAED536 6A 04 push 4 ; act3 table 4
6FAED538 |. 53 push ebx
6FAED539 E8 E2EF0700 call d2client.6FB6C520 ; act3 call
6FAED53E |. 85C0 test eax,eax
6FAED540 |. 74 07 je short d2client.6FAED549
6FAED542 |. BE 01000000 mov esi,1
6FAED547 |. 8937 mov dword ptr ds:[edi],esi
6FAED549 |> 6A 1E push 1E
6FAED54B |. 53 push ebx
6FAED54C |. E8 CFD60700 call
6FAED551 |. 85C0 test eax,eax
6FAED553 |. 74 0A je short d2client.6FAED55F
6FAED555 |. 53 push ebx
6FAED556 |. E8 DDD90700 call
6FAED55B |. 85C0 test eax,eax
6FAED55D 74 63 je short d2client.6FAED5C2 ; pass 2h check
6FAED55F 85F6 test esi,esi ; nop to use all
6FAED561 |. 74 15 je short d2client.6FAED578
6FAED563 |> 6A 00 push 0
6FAED565 |. 6A 00 push 0
6FAED567 |. 6A 00 push 0
6FAED569 |. 6A 00 push 0
6FAED56B |. 55 push ebp
6FAED56C |. 53 push ebx
6FAED56D |. E8 C0D90700 call
6FAED572 |. 85C0 test eax,eax
6FAED574 |. 75 02 jnz short d2client.6FAED578
6FAED576 |. 33F6 xor esi,esi
6FAED578 |> 8BC6 mov eax,esi
6FAED57A |. 5F pop edi
6FAED57B |. 5E pop esi
6FAED57C |. 5D pop ebp
6FAED57D |. 5B pop ebx
6FAED57E |. C2 0400 retn 4
6FAED581 |> 2D 30020000 sub eax,230
6FAED586 74 11 je short d2client.6FAED599
6FAED588 48 dec eax
6FAED589 90 nop ; act 5
6FAED58A 90 nop
6FAED58B 6A 05 push 5 ;act5 table 5
6FAED58D |. 53 push ebx
6FAED58E E8 8DEF0700 call d2client.6FB6C520 ; act5 call
6FAED593 |. 85C0 test eax,eax
6FAED595 ^ 74 C8 je short d2client.6FAED55F ; pass nest check(act1 used)
6FAED597 EB 29 jmp short d2client.6FAED5C2 ; pass nest check(act1 used)
6FAED599 |> 6A 1C push 1C ; never use; Case 230 of switch 6FAED503
6FAED59B |. 53 push ebx
6FAED59C |. E8 7FD60700 call
6FAED5A1 |. 85C0 test eax,eax
6FAED5A3 |. 74 11 je short d2client.6FAED5B6
6FAED5A5 |. 53 push ebx
6FAED5A6 |. E8 8DD90700 call
6FAED5AB |. 85C0 test eax,eax
6FAED5AD |. 75 07 jnz short d2client.6FAED5B6
6FAED5AF |> BE 01000000 mov esi,1
6FAED5B4 |. 8937 mov dword ptr ds:[edi],esi
6FAED5B6 |> 6A 47 push 47
6FAED5B8 |> 53 push ebx
6FAED5B9 E8 62EF0700 call d2client.6FB6C520 ; act1 call
二进制复制:
6A 01 53 E8 39 F0 07 00 85 C0 74 07 BE 01 00 00 00 89 37 85 ED 75 05 83 C9 FF EB 03 8B 4D 0C E8
DD 45 FC FF 3D 67 01 00 00 7F 7F 74 2A 2D 0F 01 00 00 74 1C 90 90 90 90 90 6A 03 53 E8 00 F0 07
00 85 C0 0F 85 9A 00 00 00 90 90 E9 30 00 00 00 6A 02 E9 82 00 00 00 6A 04 53 E8 E2 EF 07 00 85
C0 74 07 BE 01 00 00 00 89 37 6A 1E 53 E8 CF D6 07 00 85 C0 74 0A 53 E8 DD D9 07 00 85 C0 74 63
85 F6 74 15 6A 00 6A 00 6A 00 6A 00 55 53 E8 C0 D9 07 00 85 C0 75 02 33 F6 8B C6 5F 5E 5D 5B C2
04 00 2D 30 02 00 00 74 11 48 90 90 6A 05 53 E8 8D EF 07 00 85 C0 74 C8 EB 29 6A 1C 53 E8 7F D6
07 00 85 C0 74 11 53 E8 8D D9 07 00 85 C0 75 07 BE 01 00 00 00 89 37 6A 47 53 E8 62 EF 07 00
新的物品类型检测函数
6FB6C520 55 push ebp
6FB6C521 56 push esi
6FB6C522 8B7424 0C mov esi,dword ptr ss:[esp+C]
6FB6C526 8B4C24 10 mov ecx,dword ptr ss:[esp+10]
6FB6C52A E8 00000000 call d2client.6FB6C52F
6FB6C52F 8B2C24 mov ebp,dword ptr ss:[esp]
6FB6C532 B8 18000000 mov eax,18 ;每类长24byte
6FB6C537 F7E1 mul ecx ;乘以类别
6FB6C539 03E8 add ebp,eax
6FB6C53B 83C5 2E add ebp,2E
6FB6C53E 83C4 04 add esp,4
6FB6C541 33C0 xor eax,eax
6FB6C543 8A45 00 mov al,byte ptr ss:[ebp]
6FB6C546 85C0 test eax,eax
6FB6C548 74 0E je short d2client.6FB6C558
6FB6C54A 50 push eax
6FB6C54B 56 push esi
6FB6C54C E8 CFE6FFFF call
6FB6C551 85C0 test eax,eax
6FB6C553 75 03 jnz short d2client.6FB6C558
6FB6C555 45 inc ebp
6FB6C556 ^ EB EB jmp short d2client.6FB6C543
6FB6C558 5E pop esi
6FB6C559 5D pop ebp
6FB6C55A C2 0800 retn 8
二进制复制:
55 56 8B 74 24 0C 8B 4C 24 10 E8 00 00 00 00 8B 2C 24 B8 18 00 00 00 F7 E1 03 E8 83 C5 2E 83 C4
04 33 C0 8A 45 00 85 C0 74 0E 50 56 E8 CF E6 FF FF 85 C0 75 03 45 EB EB 5E 5D C2 08 00
可用的物品列表的格式为:每类24 BYTE,一类接着一类,每类以00h结束。对应药水、共同可穿戴物品、和ACT1、ACT2、ACT3、ACT5雇佣兵武器,分别为table0、table1、table2、table3、table4、table5。当然虽然这里给了23BYTE的空间,实际上还要对应前面D2Game.dll的空间来列表,每类24 BYTE只为了使计算简单。这个列表紧跟在上面的代码,起始地址为6FB6C55D。另外,我没有找到药水检测部分,只找到当药水在头像上时的检测。
如果觉得自己设定药水、共同可穿戴物品、和ACT1、ACT2、ACT3、ACT5雇佣兵武器的各类别比较麻烦,想直接能够装备任何东西,可参看Baron-Josh的110-hireling_v.1.1 BETA。当然,要再进行我上面的安放物品状态检测的控制的修改。
最后,是付上我做好的一个修改:
下载地址:[url]http://bbs.dsxu.com/read.php?tid=825&page=e[/url]
新加共同可穿戴物品:盾牌02、戒指0A、项链0C、手套0E、鞋子0F、腰带13、木棒1C、斧头1D
新加ACT1专用物品:十字弓23、标枪2C
其他跟原版一样,如下,上面新加的意思一下,方便测试。
药水类:4C 50 51
共同可穿戴:03 25
ACT1:1B
ACT2:21 22
ACT3:1E 02
ACT5:1E
这些文件同时做了15孔、64K限制、移了键的大箱子、shift键后的限制加属性点等等的一些修改。给出MPQ的形式,保存原相应文件,用新文件覆盖旧文件就可以使用了。如果使用PLUGY,要把ActiveShiftCkickLimit=1 改为ActiveShiftCkickLimit=0 。测试一下吧。
页:
[1]