[Development] Tự động tìm offsets của một số main bởi -=DarkSim=-

[[Mr.P]]

Thấy hay hay share lại cho anh em, chứ mình không nghiên cứu MU
Đây là một plugin của Odbg: "Odbg Script"
Tác giả làm nó cho SS3.2 -> Ss6.3

Script (Updated: 05.05.2013):

var Start
var Version
var VersionConvert
var Serial
var MapNumber
var MainState
var UserObjectStruct
var ObjectPreviewStruct
var MasterLevel
var MasterPoints
var CursorX
var CursorY
var MaxZenWidth1
var MaxZenWidth2
var MaxZenWidth3
var MaxZenWidth4
var MaxZenWidth5
var WinWidth
var WinHeight
var CameraZoom
var CameraRotY
var CameraRotZ
var CameraPosZ
var CameraClipX
var CameraClipY
var CameraClipGL
// ---------------------------------------------------------
mov LogFile, ".\\MU.txt"
mov Start, 401000
// ---------------------------------------------------------
wrt LogFile, "//Auto researcher script"
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
find Start, #83BD??????FF10#
cmp [$RESULT + f], 8a, 1
je Except1
mov Serial, [$RESULT + 12]
jmp WriteVersion
Except1:
mov Serial, [$RESULT + 11]
WriteVersion:
mov Version, Serial - 8
atoi [Version]
mov VersionConvert, $RESULT - 22345
eval "//Main: 10{VersionConvert}"
wrta LogFile, $RESULT
eval "#define Version					0x{Version} //-> {[Version]}"
wrta LogFile, $RESULT
log Version
eval "#define Serial					0x{Serial} //-> {[Serial]}"
wrta LogFile, $RESULT
log Serial
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
find Start, #83F945#
mov MapNumber, [$RESULT + 7]
eval "#define MapNumber				*(int*)0x{MapNumber}"
wrta LogFile, $RESULT
log MapNumber
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
find Start, #6A006A006A73#
mov MainState, [$RESULT - 7]
eval "#define MainState				*(int*)0x{MainState}"
wrta LogFile, $RESULT
log MainState
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
find Start, #81F980000000740432C0EB19#
mov UserObjectStruct, [$RESULT + 0e]
eval "#define UserObjectStruct		0x{UserObjectStruct}"
wrta LogFile, $RESULT
log UserObjectStruct
// ---------------------------------------------------------
//1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN)
find Start, #C745FC0000000068E900000068C1000000#
mov ObjectPreviewStruct, [$RESULT - 21]
eval "#define ObjectPreviewStruct		0x{ObjectPreviewStruct}"
wrta LogFile, $RESULT
log ObjectPreviewStruct
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN)
find Start, #5?68D2060000#
mov MasterLevel, [$RESULT - 4]
eval "#define MasterLevel				*(short*)0x{MasterLevel}"
wrta LogFile, $RESULT
log MasterLevel
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN)
find Start, #5?68D3060000#
mov MasterPoints, [$RESULT - 4]
eval "#define MasterPoints			*(short*)0x{MasterPoints}"
wrta LogFile, $RESULT
log MasterPoints
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN)
find Start, #813D????????2C010000#
mov CursorX, [$RESULT + 2]
wrta LogFile, "#define CursorX        			*(int*)0x"
wrta LogFile, CursorX, ""
log CursorX
mov CursorY, [$RESULT + 1a]
wrta LogFile, "#define CursorY        			*(int*)0x"
wrta LogFile, CursorY, ""
log CursorY
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
findcmd Start, "push 8;push 0c; push 32"
GREF 0
GREF 1
mov MaxZenWidth1, $RESULT + 1
eval "#define MaxZenWidth1			*(BYTE*)0x{MaxZenWidth1}"
wrta LogFile, $RESULT
log MaxZenWidth1
GREF 2
mov MaxZenWidth2, $RESULT + 1
eval "#define MaxZenWidth2			*(BYTE*)0x{MaxZenWidth2}"
wrta LogFile, $RESULT
log MaxZenWidth2
GREF 3
mov MaxZenWidth3, $RESULT + 1
eval "#define MaxZenWidth3			*(BYTE*)0x{MaxZenWidth3}"
wrta LogFile, $RESULT
log MaxZenWidth3
GREF 4
mov MaxZenWidth4, $RESULT + 1
eval "#define MaxZenWidth4			*(BYTE*)0x{MaxZenWidth4}"
wrta LogFile, $RESULT
log MaxZenWidth4
GREF 5
mov MaxZenWidth5, $RESULT + 1
eval "#define MaxZenWidth5			*(BYTE*)0x{MaxZenWidth5} //-> If 0x0 or 0x1 = not in use"
wrta LogFile, $RESULT
log MaxZenWidth5
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
find Start, #C705????????40060000#
mov WinWidth, [$RESULT + 2]
eval "#define WinWidth				*(GLsizei*)0x{WinWidth}"
wrta LogFile, $RESULT
log WinWidth
mov WinHeight, WinWidth + 4
eval "#define WinHeight				*(GLsizei*)0x{WinHeight}"
wrta LogFile, $RESULT
log WinHeight
// ---------------------------------------------------------
//Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)
find Start, #C705????????00000C42#
cmp $RESULT, 0
je Season6
mov CameraZoom, $RESULT + 6
// ----
find Start, #5ED8C1#
mov CameraRotY, [$RESULT - 11]
// ----
find Start, #C74424??00C0A845C74424??00007A46C705????????000020C2#
mov CameraRotZ, [$RESULT + 12]
// ----
find Start, #D8C1D91D????????DDD8#
mov CameraPosZ, [$RESULT - 4]
// ----
find Start, #C745??????????C745??00609F46C745??????????#
mov CameraClipX, [$RESULT + 52]
mov CameraClipY, $RESULT - 2a
// ----
find Start, #D99D????????E8????????99B958020000F7F9#
mov CameraClipGL, [$RESULT - 4]
// ----
jmp EndOfCamSearch
Season6:
find Start, #6A006A006889000000#
mov CameraZoom, [$RESULT - 14]
// ----
find Start, #0FB7045?????????2?800000007427#
mov CameraRotY, [$RESULT - 1f]
mov CameraRotZ, [$RESULT - 4b]
// ----
find Start, #6AFF6A006AFF6A006A006A285?D905????????D91C24#
mov CameraPosZ, [$RESULT + 0f]
// ----
find Start, #833D????????2775??D905????????D95D??EB??D905????????D95D??833D????????02#
mov CameraClipX, [$RESULT + 9b]
// ----
find Start, #D905????????D95DE?51D9E?D91C??8D55??5?8D45??5?6878010000#
mov CameraClipY, [$RESULT + 2]
// ----
find Start, #D905????????D95D??8B4???8378??7A#
mov CameraClipGL, [$RESULT + 2]
// ----
EndOfCamSearch:
eval "#define CameraZoom				*(float*)0x{CameraZoom}"
wrta LogFile, $RESULT
log CameraZoom
eval "#define CameraRotY				*(float*)0x{CameraRotY}"
wrta LogFile, $RESULT
log CameraRotY
eval "#define CameraRotZ				*(float*)0x{CameraRotZ}"
wrta LogFile, $RESULT
log CameraRotZ
eval "#define CameraPosZ				*(float*)0x{CameraPosZ}"
wrta LogFile, $RESULT
log CameraPosZ
eval "#define CameraClipX				*(float*)0x{CameraClipX} //-> if Season 6+ == *(double*)"
wrta LogFile, $RESULT
log CameraClipX
eval "#define CameraClipY				*(float*)0x{CameraClipY}"
wrta LogFile, $RESULT
log CameraClipY
eval "#define CameraClipGL			*(float*)0x{CameraClipGL}"
wrta LogFile, $RESULT
log CameraClipGL
// ---------------------------------------------------------

List: (Updated: 05.05.2013):

char Version
char Serial
int MapNumber
int MainState
- SelectServer = 2, SwitchCharacter = 4, Playing = 5
struct UserObjectStruct
struct ObjectPreviewStruct (like MakePreviewCharSet, but it global)
short MasterLevel
short MasterPoints
int CursorX
int CursorY
BYTE MaxZenWidth[1-5] (Max. width of numbers in vault / trade)
- It is direct offset, like *(BYTE*)0xXXXXXXXX = 9;, not +1;
GLsizei WinWidth
GLsizei WinHeight
float CameraZoom
float CameraRotY
float CameraRotZ
float CameraPosZ
float CameraClipX
- In Season 6+ clients it can be double (8 byte)
float CameraClipY
float CameraClipGL

Cách dùng:
0. Tải Olly 1.10:

You must be registered for see links

1. Copy code from thread, create new text file, paste code and save with format .osc
2.

You must be registered for see links

,

You must be registered for see links

in Olly
3. Open u main.exe via Olly

5. Run script, Plugins -> ODbgScript -> Run Script...
6. Go to MU.txt and "magic":
4. Go to menu Plugins -> ODbgScript -> Log Window

Tested: 1.04.04 (ENG), 1.03.28 (ENG), 1.03.25 (JPN), 1.03.11 (JPN)

Nguồn: Ragezone