飞到任意在线玩家身边的GM命令(汇编)+UE改法

我偷懒，将原来的GM命令"测试金币变化"废掉了，换成了这个

* 很可能是 字符串数据 Ref from Code Obj ->"飞到"
                      |
:004D440C BA14624D00         mov edx, 004D6214
:004D4411 E82A49F3FF         call 00408D40
:004D4416 0F8599000000         jne 004D44B5
:004D441C E8C5B90300         call 0050FDE6
:004D4421 E98F000000         jmp 004D44B5
:004D4426 90               nop


  
|:004D441C  
|
:0050FDE6 A190A44E00         mov eax, dword ptr [004EA490]       ====== 0x10a1e6
:0050FDEB 8B00             mov eax, dword ptr [eax]
:0050FDED 8B55EC             mov edx, dword ptr [ebp-14]
:0050FDF0 E84BE8F9FF         call 004AE640
:0050FDF5 8945D0             mov dword ptr [ebp-30], eax
:0050FDF8 837DD000           cmp dword ptr [ebp-30], 00000000
:0050FDFC 7452             je 0050FE50
:0050FDFE 8D9528FFFFFF         lea edx, dword ptr [ebp+FFFFFF28]
:0050FE04 8B45D0             mov eax, dword ptr [ebp-30]
:0050FE07 8B4028             mov eax, dword ptr [eax+28]
:0050FE0A E8B193EFFF         call 004091C0
:0050FE0F 8B8528FFFFFF         mov eax, dword ptr [ebp+FFFFFF28]
:0050FE15 50               push eax
:0050FE16 8D9524FFFFFF         lea edx, dword ptr [ebp+FFFFFF24]
:0050FE1C 8B45D0             mov eax, dword ptr [ebp-30]
:0050FE1F 8B4024             mov eax, dword ptr [eax+24]
:0050FE22 E89993EFFF         call 004091C0
:0050FE27 8B8524FFFFFF         mov eax, dword ptr [ebp+FFFFFF24]
:0050FE2D 50               push eax
:0050FE2E 8D8520FFFFFF         lea eax, dword ptr [ebp+FFFFFF20]
:0050FE34 8B55D0             mov edx, dword ptr [ebp-30]
:0050FE37 83C204             add edx, 00000004 dedecms.com
:0050FE3A E83140EFFF         call 00403E70
:0050FE3F 8B9520FFFFFF         mov edx, dword ptr [ebp+FFFFFF20]
:0050FE45 8B45FC             mov eax, dword ptr [ebp-04]
:0050FE48 59               pop ecx
:0050FE49 E876D2FAFF         call 004BD0C4
:0050FE4E EB26             jmp 0050FE76

* 此处被引用自: a (U)无条件 跳转 or (C)某种条件的 跳转 at Address:
|:0050FDFC(C)
|
:0050FE50 8D851CFFFFFF         lea eax, dword ptr [ebp+FFFFFF1C]

* 很可能是 字符串数据 Ref from Code Obj ->"此人现在不可查找"
                      |
:0050FE56 B924624D00         mov ecx, 004D6224

dedecms.com

:0050FE5B 8B55EC             mov edx, dword ptr [ebp-14]
:0050FE5E E8B540EFFF         call 00403F18
:0050FE63 8B951CFFFFFF         mov edx, dword ptr [ebp+FFFFFF1C]
:0050FE69 B901000000         mov ecx, 00000001
:0050FE6E 8B45FC             mov eax, dword ptr [ebp-04]
:0050FE71 E8AEB2FAFF         call 004BB124

* 此处被引用自: a (U)无条件 跳转 or (C)某种条件的 跳转 at Address:
|:0050FE4E(U)
|
:0050FE76 C3               ret

UE查找替换：

ctrl+g,输入0xd3809
查:
8B45F0BA14624D00E8C6FBF2FF0F8599000000BA28624D008D85B4FDFFFF
换:
8B45F0BA14624D00E82A49F3FF0F8599000000E8C5B90300E98F00000090


ctrl+g,输入0x10a1e6 dedecms.com
查:
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

换:
A190A44E008B008B55ECE84BE8F9FF8945D0837DD00074528D9528FFFFFF8B45D08B4028E8B193EFFF8B8528FFFFFF508D9524FFFFFF8B45D08B4024E89993EFFF8B8524FFFFFF508D8520FFFFFF8B55D083C204E83140EFFF8B9520FFFFFF8B45FC59E876D2FAFFEB268D851CFFFFFFB924624D008B55ECE8B540EFFF8B951CFFFFFFB9010000008B45FCE8AEB2FAFFC3
                    

ctrl+g,0xd5610
查:
0C000000B2E2CAD4BDF0C7AEB1E4BBAF00000000000000000B5BD6C6D4ECBDF0C7AE5D2001200000
换:
04000000B7C9B5BD00000000FFFFFFFF10000000B4CBC8CBCFD6D4DAB2BBBFC9B2E9D5D200000000

用法 : @飞到 玩家名

dedecms.com

以下为BLUE修正

* 很可能是 字符串数据 Ref from Code Obj ->"飞到"
              |
:004D440C BA14624D00       mov edx, 004D6214
:004D4411 E82A49F3FF       call 00408D40
:004D4416 0F8599000000       jne 004D44B5
:004D441C E8C5B90300       call 0050FDE6
:004D4421 E98F000000       jmp 004D44B5
:004D4426 90           nop


"[/ ===>
需要在这里插个验证:
cmp dword ptr [ebp-14], 00000000
JE "FALSE"

|:004D441C  
|
:0050FDE6 A190A44E00       mov eax, dword ptr [004EA490]     ====== 0x10a1e6
:0050FDEB 8B00         mov eax, dword ptr [eax]
:0050FDED 8B55EC         mov edx, dword ptr [ebp-14]
:0050FDF0 E84BE8F9FF       call 004AE640
:0050FDF5 8945D0         mov dword ptr [ebp-30], eax
:0050FDF8 837DD000       cmp dword ptr [ebp-30], 00000000
:0050FDFC 7452         je 0050FE50
:0050FDFE 8D9528FFFFFF       lea edx, dword ptr [ebp+FFFFFF28]
:0050FE04 8B45D0         mov eax, dword ptr [ebp-30]
:0050FE07 8B4028         mov eax, dword ptr [eax+28]
:0050FE0A E8B193EFFF       call 004091C0
:0050FE0F 8B8528FFFFFF       mov eax, dword ptr [ebp+FFFFFF28]
:0050FE15 50           push eax
:0050FE16 8D9524FFFFFF       lea edx, dword ptr [ebp+FFFFFF24]
:0050FE1C 8B45D0         mov eax, dword ptr [ebp-30]
:0050FE1F 8B4024         mov eax, dword ptr [eax+24]
:0050FE22 E89993EFFF       call 004091C0
:0050FE27 8B8524FFFFFF       mov eax, dword ptr [ebp+FFFFFF24]
:0050FE2D 50           push eax
:0050FE2E 8D8520FFFFFF       lea eax, dword ptr [ebp+FFFFFF20]
:0050FE34 8B55D0         mov edx, dword ptr [ebp-30]
:0050FE37 83C204         add edx, 00000004
:0050FE3A E83140EFFF       call 00403E70
:0050FE3F 8B9520FFFFFF       mov edx, dword ptr [ebp+FFFFFF20]
:0050FE45 8B45FC         mov eax, dword ptr [ebp-04]
:0050FE48 59           pop ecx
:0050FE49 E876D2FAFF       call 004BD0C4
:0050FE4E EB26         jmp 0050FE76   ---   注意这个跳转，错了~~：）

* 此处被引用自: a (U)无条件 跳转 or (C)某种条件的 跳转 at Address:
|:0050FDFC(C)
|
:0050FE50 8D851CFFFFFF       lea eax, dword ptr [ebp+FFFFFF1C]

* 很可能是 字符串数据 Ref from Code Obj ->"此人现在不可查找"
              |
:0050FE56 B924624D00       mov ecx, 004D6224
:0050FE5B 8B55EC         mov edx, dword ptr [ebp-14]
:0050FE5E E8B540EFFF       call 00403F18
:0050FE63 8B951CFFFFFF       mov edx, dword ptr [ebp+FFFFFF1C]
:0050FE69 B901000000       mov ecx, 00000001
:0050FE6E 8B45FC         mov eax, dword ptr [ebp-04]
:0050FE71 E8AEB2FAFF       call 004BB124

* 此处被引用自: a (U)无条件 跳转 or (C)某种条件的 跳转 at Address:
|:0050FE4E(U)
|
:0050FE76 C3           ret