v96¥N½XÁ`¾ã²z

1. //v96·|¤ß¤§²´20
   
2. //§ó·sªÌ:jimmy80433
   
3. [ENABLE]
   
4. 
   
5. ab4bd1:
   
6. DB 6F D6 6D F9 7B E9 6F 8B 4B 7F DB EA 6F 29 82 63 C0 03 F6 F8 62 B1 4F 7B
   
7. 
   
8. 
   
9. [DISABLE]
   
10. 
    
11. ab4bd1:
    
12. DB 6F D6 6D C5 75 8E 45 AE 73 2C 2A DC 8F 25 72 B1 E9 96 7C 4D B7 E4 8B 1A
    
13. 
    
14. //V96 ·¬¯¬20
    
15. //§ó·sªÌ:jimmy80433
    
16. [ENABLE]
    
17. ab4b89:
    
18. db 6F 15 92 34 D5 2B A5 A9 5E 29 F5 D2 8F 25 BE D5 E8 21 64 15 14 20 EB DB
    
19. 
    
20. [DISABLE]
    
21. ab4b89:
    
22. db 70 EA 6D DB 09 E1 A2 4E 08 17 DD 1C 70 D9 8D FE 83 33 1C 1F 9C E1 F0 BE
    
23. 
    
24. //v96¯«¸t¤§¥ú80%
    
25. //§ó·sªÌ:jimmy80433
    
26. [ENABLE]
    
27. ab4889:
    
28. db 70 E6 8D 4E 99 0F 46 C8 7C 30 F2 12 90 15 12 71 A9 96 04 08 41 24 D8 D3 1B 16 BE D0 35 68 D8 86 D4 CA B6 B4 02 E1 A1 CE C9 75 B0 4E AE 83 75 1C 70 DA 8D BA
    
29. [DISABLE]
    
30. ab4889:
    
31. db 70 E6 8D F5 8A B7 EF 57 BC 7D AF 2E 90 26 72 EB 1B 4A 32 DF 50 92 59 3E 90 D9 8D D0 35 68 D8 86 D4 CA B6 B4 02 E1 A1 CE C9 75 B0 4E AE 83 75 1C 70 DA 8D BA

½Æ»s¥N½X

ª©¤j¡A 6¼Óªº¯e­·¥N½X¡A¦³¨â¬q³Q»{©w¬°¬O  ¡´¸T¨p¤H³¡¸¨®æ¡´  
¨ºÃ䨺´X¦æ­ì¤å¬O  
registersymbol(VarMaxBloom)//µL¼Ä
registersymbol(VarMinBloom)//µL¼Ä

[ ¥»©«³Ì«á¥Ñ uninstall1 ©ó 2009-6-28 21:13 ½s¿è ]

//=================================================
[enable]
//¯e­·N¦X¤@ for TWMS096
//­ì§@¡Gjajaja, ·PÁÂ99,A,D,L,N,W,W(ÁY¼g)
//­ì¥X³B¡G¯e­·¤§²ø
//¥\¯à¡G¨«,¸õ©Ç¤è¦V¡i¥ª­w©¹¥ª,¥k­w©¹¥k,§¤¤U°±¤î±±¨î¡j¡B²Â©Ç¡B10¬í·l¦å¤@¦¸¡B
//¬õÂI¼È°±¡B¸õ©Ç¤£¸õ¡B­P©Rªº§l¤Þ¤O¡i©wÂI¤Î¸òÀH¨¤¦â¤GºØ¼Ò¦¡¡A±Ò°Ê¤è¦¡´£¥Ü¡G5¬í¡j
//Address¡G004145AB
//EIP¡GMyLR
//=================================================
alloc(MyLR,1024)
registersymbol(MyLR)
alloc(MyDir,4)
alloc(MyCt,4)
alloc(MyPt1,4)
label(MyLR1)
label(GoLR)
label(GoLR1)
label(GoLR2)
label(GoLR3)
label(GoLR4)
label(GoLR5)
label(GoLRback)
label(JmpLR)
label(JmpLR1)
label(JmpLR2)
label(JmpLRback)
label(MyStupid)
label(MyNoBack)
label(MyState)
label(MyCharX)
label(MyNoJmp)
label(LRDir1)
label(LRDir2)
label(LRDir3)
label(LRDir4)
label(LRDir5)
label(LRDir6)

label(LRDir7)         //¸õ©Ç±¼¸¨
registersymbol(LR)//¸õ©Ç±¼¸¨
alloc(LR,4)             //¸õ©Ç±¼¸¨

registersymbol(RunSW)//¼öÁä¬õÂI¼Ò²Õ¤Æ
alloc(RunSW, 4)            //¼öÁä¬õÂI¼Ò²Õ¤Æ
alloc(Runtemp, 4)          //¼öÁä¬õÂI¼Ò²Õ¤Æ

registersymbol(ATTACKOF)    //§ðÀ»¥[³t
alloc(ATTACKOF,4)                //§ðÀ»¥[³t
label(CALLATTACK)               //§ðÀ»¥[³t
label(CALLATTACK01)           //§ðÀ»¥[³t
label(CALLATTACK02)           //§ðÀ»¥[³t
registersymbol(ATTACKTIME)//§ðÀ»¥[³t
alloc(ATTACKTIME,4)            //§ðÀ»¥[³t

registersymbol(VarMax¡´¸T¨p¤H³¡¸¨®æ¡´µL¼Ä
registersymbol(VarMin¡´¸T¨p¤H³¡¸¨®æ¡´µL¼Ä
alloc(VarMaxBloom, 4)          //PGµL¼Ä
alloc(VarMinBloom, 4)           //PGµL¼Ä
label(CBR100)                      //PGµL¼Ä

RunSW:               //¼öÁä¬õÂI¼Ò²Õ¤Æ
dd      0                //¼öÁä¬õÂI¼Ò²Õ¤Æ
Runtemp:             //¼öÁä¬õÂI¼Ò²Õ¤Æ
dd      1                //¼öÁä¬õÂI¼Ò²Õ¤Æ

//--------¡õPGµL¼Ä¡õ--------------
  VarMaxBloom:               //
  dd 2                       //³Ì°ª·l¦å¶q: ªì©l­È: 2ºw, ±Ä¥Î16¶i¦¸
  VarMinBloom:               //
  dd 1                       //³Ì§C·l¦å¶q: ªì©l­È: 1ºw, ±Ä¥Î16¶i¦¸ (³]0=miss)
//--------¡ôPGµL¼Ä¡ô--------------

//-------¡õ§ðÀ»¥[³t¡õ-------------
  ATTACKOF:
  DD 7d0   //¥[³t®É¶¡:¥Ø«e³]©w2¬í   3¬í=3000²@¬í=BB8.¤£Ã­©wªº¼W¥[¼Æ­È.í©wªº¥i¥H¸ÕµÛ´î¤Ö¼Æ­È
  ATTACKTIME:
  DD 0
//-------¡ô§ðÀ»¥[³t¡ô-------------

LR:   //¸õ©Ç±¼¸¨
DD 1  //¸õ©Ç±¼¸¨  1°±3¥ª2¥k.¥i¬O­n·f°t¯e­·¥k¨«¤~¦æ

MyDir:
DD 1

MyLR:
push eax

cmp [00AADCB4],00000000   //°±¤î©I§l        
je MyLR1                                 //°±¤î©I§l
mov eax,[00AADCB4]              //°±¤î©I§l
mov [eax+374],0                      //°±¤î©I§l

cmp [00AADCC4],00000000   //¶W¯ÅÀ˪«
je MyLR1                                //¶W¯ÅÀ˪«
mov eax,[00AADCC4]             //¶W¯ÅÀ˪«
mov [eax+206C], 0                 //¶W¯ÅÀ˪«

cmp [00AADCC8],00000000                  
je MyLR1
//----------¡õ¼öÁä¬õÂI¼Ò²Õ¤Æ¡õ-------------
    push eax
    mov eax,[RunSW]
    xor [Runtemp],eax
    mov [RunSW],0
    cmp [Runtemp],1
    pop eax
    jne MyLR1   
    push eax
    mov eax,[00AADCC8] //¬õÂI
    mov eax,[eax+18]   //  
    add [Runtemp],eax
    cmp [Runtemp],1  // ³oùحקï 1¬O¦Û¤v ¥[1­Ó¤H§ï2  ¥H¦¹²Ö±À
    mov [Runtemp],1
    pop eax
    ja MyLR1   
//---------¡ô¼öÁä¬õÂI¼Ò²Õ¤Æ¡ô------------------

pop eax
cmp dword ptr [esp], 008D50A2
je GoLR
cmp dword ptr [esp], 008D54BC
je JmpLR
cmp dword ptr [esp], 008D411D
je MyStupid
cmp dword ptr [esp], 0087D3E1
jz MyNoBack
cmp dword ptr [esp], 008D5474
jz MyNoJmp
ret

MyLR1:
pop eax
ret

//---------------¡õ§ðÀ»¥[³t¡õ-----------------------------------------------
CALLATTACK:   
push eax
mov eax,[00AADE54]
mov eax,[eax+18]
cmp eax,[ATTACKTIME]
pop eax
jg CALLATTACK01
ret

CALLATTACK01:
push eax
mov eax,[00AADCB4]
mov eax,[eax+37C]
cmp eax,ffffffff
pop eax
jne CALLATTACK02
ret

CALLATTACK02:
push eax
mov eax,[00AADCB4]
mov [eax+37C],ffffffff
mov eax,[00AADE54]
mov eax,[eax+18]
add eax,[ATTACKOF]
mov [ATTACKTIME],eax
pop eax
ret
//-----------------¡ô§ðÀ»¥[³t¡ô-----------------------------------


GoLR:
add esp,4
call MyState
push 03
pop ecx
mov [edi+20],eax
xor edx,edx
div ecx
cmp [MyDir], 1
je GoLRback
cmp [MyDir], 3
je GoLR1
cmp [MyDir], 4
je GoLR3
cmp edx, [MyDir]
je GoLRback
mov [esi+000004A4],0
jmp GoLRback
GoLR1:
push eax
call MyCharX
jmp GoLR4
GoLR3:
push eax
mov eax,[MyPt1]
GoLR4:
cmp edx, 1
je GoLR5         
jg GoLR2
cmp eax,[esi+1c4]
pop eax
mov [esi+000004A4],5
jl GoLRback
mov [esi+000004A4],0
jmp GoLRback
GoLR2:
cmp eax,[esi+1c4]
pop eax
mov [esi+000004A4],5
jg GoLRback
mov [esi+000004A4],0
jmp GoLRback
GoLR5:
pop eax
mov [esi+000004A4],0
GoLRback:
jmp 008D50AC
//================================
JmpLR:
add esp,4
call MyState
cmp [MyDir], 1
je JmpLRback
cmp [MyDir], 2
mov eax,2
je JmpLRback
cmp [MyDir], 0
mov eax,3
je JmpLRback
cmp [MyDir], 4
je JmpLR1
call MyCharX
jmp JmpLR2
JmpLR1:
mov eax,[MyPt1]
JmpLR2:
cmp eax,[esi+1c4]
mov eax,2
mov [esi+000004A4],5
jg JmpLRback
mov eax,3
JmpLRback:

//------¡õ¸õ©Ç±¼¸¨¡õ------------
cmp [esi+00000230],1 //<----------ÁקK§ï¨ì¨«©Ç
je LRDir7
cmp eax,[LR]
jne LRDir7
sub [esi+00000230],2 //<-----³o¸Ì¤£­n¶Ã°Ê §ï¿ù¤F©Ç¶ÃÄÆ·|Âê
LRDir7: //<------------
//------¡ô¸õ©Ç±¼¸¨¡ô------------

push 03
jmp  008D54BE
//================================
MyCharX:
mov eax [00AADCB4]
mov eax, [eax+0CC8]
ret
//================================
MyState:
push eax
mov eax, [00AADCB4]
mov eax, [eax+0378]
cmp eax, a
je LRDir1
cmp eax, b
je LRDir2
cmp eax, 14
je LRDir3
cmp eax, 15
je LRDir3
mov [MyCt], 0
jmp LRDir4
LRDir1:
mov [MyDir],2
cmp [MyCt], 32
ja LRDir5
inc [MyCt]
jmp LRDir4
LRDir2:
mov [MyDir],0
cmp [MyCt], 32
ja LRDir6
inc [MyCt]
jmp LRDir4
LRDir3:
mov [MyDir],1
jmp LRDir4
LRDir5:
mov [MyDir],3
jmp LRDir4
LRDir6:
mov [MyDir],4
call MyCharX
mov [MyPt1],eax
LRDir4:
pop eax
ret
//============================
MyStupid:

call CALLATTACK  //§ðÀ»¥[³t

add esp, 4
xor edx,edx
mov ecx,0000ea60
div ecx
lea eax,[esi+00000238]
add edx,0002bf20
mov [esi+00000240],edx
mov edx,[esp+10]
cmp [eax],edx
je 008D4168
cmp [esi+0000023c],edi   
lea ecx,[esi+0000023c]
je 008D4168
jmp 008D414E
//============================
MyNoBack:
add esp,4

//--------¡õPGµL¼Ä¡õ--------------
push eax
push ebx
push ecx
push edx
xor edx, edx
mov eax,[00AADCB4]     
mov eax,[eax+18]      
mov ecx, [VarMaxBloom]
mov ebx, [VarMinBloom]
sub ecx, ebx
jz CBR100
div ecx // edx:eax °£ ecx, ¾l¼Æ©ñedx   Â²³æ»¡ ´N¬O °£¥H®t­È ¨ú¾l¼Æ
CBR100:
add edx, ebx          //¾l¼Æ+¤W³Ì¤p­È
mov [ebp+8], edx    //§âµ²ªG¥á¶i¥h¦©¼g
pop edx
pop ecx
pop ebx
pop eax
//--------¡ôPGµL¼Ä¡ô--------------

lea    ecx, [edi+000017F4]
push FFFFD8F0 //­ì©l­È=FFFFFA24¡A­×§ï¦¹³B¥i§ó§ïµL¼Ä¬í¼Æ
jmp 0087DA1A
//============================
MyNoJmp:
add esp,4
jmp 008D5488
[disable]
dealloc(MyLR)
unregistersymbol(MyLR)
dealloc(MyDir)
dealloc(MyCt)
dealloc(MyPt1)

dealloc(ATTACKOF)                  //§ðÀ»¥[³t
unregistersymbol(ATTACKOF)  //§ðÀ»¥[³t
dealloc(ATTACKTIME)               //§ðÀ»¥[³t
unregistersymbol(ATTACKTIME)//§ðÀ»¥[³t

unregistersymbol(LR)//¸õ©Ç±¼¸¨
dealloc(LR)               //¸õ©Ç±¼¸¨

unregistersymbol(RunSW) //¼öÁä¬õÂI¼Ò²Õ¤Æ
dealloc(RunSW)                //¼öÁä¬õÂI¼Ò²Õ¤Æ
dealloc(Runtemp)              //¼öÁä¬õÂI¼Ò²Õ¤Æ

//V96±¾¾÷±M¥ÎR2(±M·~ª©)
//­ì§@:¦U¦ì¤j¤j
//Address:004145AB
//EIP:GOO
//MISSµL¼Ä:±Ä¥Î®É¶¡±±¨î.¥Bºë·Çªº±±¨îMISS®É¶¡.­Y°jÁ×°ªªº.½Ð¤Å¥[ªø®É¶¡.¥H¨¾³QÂê
//-----------------------------------------------
[ENABLE]
registersymbol(GOO)
alloc(GOO,1024)
registersymbol(GOOKEY)
alloc(GOOKEY,4)
label(GOO00)
registersymbol(MKSTUPIDKEY)
alloc(MKSTUPIDKEY,4)
label(MKSTUPID)
label(MKSTUPID00)
registersymbol(MKNOJMPKEY)
alloc(MKNOJMPKEY,4)
label(MKNOJMP)
label(MKNOJMP00)
registersymbol(TIMESSOF)
alloc(TIMESSOF,4)
registersymbol(TIMESSOF01)
alloc(TIMESSOF01,4)
registersymbol(SSTIME)
alloc(SSTIME,4)
label(TIMESS)
label(TIMESS01)
registersymbol(MUKSOF)
alloc(MUKSOF,4)
label(MUKS)
label(MUKS00)
registersymbol(MISSKEY)
alloc(MISSKEY,4)
registersymbol(MISSKEY2)
alloc(MISSKEY2,4)
registersymbol(MISSTIME)
alloc(MISSTIME,4)
label(MISS)
label(MISS00)
label(MISSCALL)
label(MISSCALL01)
label(MISSCALL02)
label(MISSCALL03)
//-----------------------------------------------

GOOKEY:
DD 1   //Á`¶}Ãö: 0.Ãö 1.¶}

MKSTUPIDKEY:
DD 1   //©Çª«ÅܲÂ: 0.Ãö 1.¶}

MKNOJMPKEY:
DD 0   //¸õ©Ç¤£¸õ: 0.Ãö 1.¶}

MISSKEY:
DD 1   //µL¼Ä: 0.Ãö 1.MISSµL¼Ä(¤Hª«·|°h«á) 2.·l¦å2ºw(¤Hª«¤£°h«á)

MISSTIME:
DD 9   //MISSµL¼Ä®É¶¡: (16¶i¦ì).¥Ø«e9¬í

//-----------------------------------------------

TIMESSOF:
DD 0

TIMESSOF01:
DD 0

SSTIME:
DD 0   //¬í¼Æ·§­È

MUKSOF:
DD 0   //¯u¹ê¶Ë®`¦¸¼Æ

MISSKEY2:
DD 0

//-----------------------------------------------
GOO:
cmp [GOOKEY],0
je GOO00

cmp dword ptr [esp], 008D411D
je MKSTUPID
            
cmp dword ptr [esp], 008D5474
je MKNOJMP
              
cmp dword ptr [esp], 0087D3E1
je MUKS
           
cmp dword ptr [esp], 0087CD79
je MISS

call TIMESS
ret
GOO00:
ret
//-----------------------------------------------
MKSTUPID:
add esp,4
cmp [MKSTUPIDKEY],0
je MKSTUPID00
xor edx,edx
mov ecx,0000ea60
div ecx
lea eax,[esi+00000238]
add edx,0002bf20
mov [esi+00000240],edx
mov edx,[esp+10]
jmp 008D4168
//-----------------------------------------------
MKSTUPID00:
xor edx,edx
jmp 008D411F
//-----------------------------------------------
MKNOJMP:
add esp,4
cmp [MKNOJMPKEY],0
je MKNOJMP00
push 05
xor edx,edx
pop ecx
div ecx
test edx,edx
jmp 008D5488
//-----------------------------------------------
MKNOJMP00:
push 05
jmp 008D5476
//-----------------------------------------------
MUKS:
add esp,4
add [MUKSOF],1
cmp [MISSKEY],2
jne MUKS00
mov [ebp+8],2
lea ecx, [edi+000017f4]
push fffffa24
jmp 0087DA1A  
//-----------------------------------------------
MUKS00:
push 64
jmp 0087D3E3
//-----------------------------------------------
MISS:
add esp,4
cmp [MISSKEY],1
jne MISS00
call MISSCALL
cmp [MISSKEY2],0
je MISS00
mov [esi],eax
add esi,04
dec [ebp-48]
jne 0087cd6b
mov esi,[ebp+18]
cmp esi,ebx
mov [ebp-20],ebx
mov [ebp-40],ebx
mov [ebp-34],ebx
mov [ebp-44],ebx
mov [ebp-50],ebx
mov [ebp-4c],ebx
mov [ebp-68],ebx
mov [ebp-6c],ebx
mov [ebp-70],ebx
mov [ebp-64],ebx
mov [ebp-5c],ebx
mov [ebp-58],ebx
mov [ebp-74],ebx
jmp 0087A4F4  
//-----------------------------------------------
MISS00:
mov [esi],eax
jmp 0087CD7B
//-----------------------------------------------
MISSCALL:
push eax
mov eax,[MISSTIME]
cmp [SSTIME],eax
pop eax
jle MISSCALL01
jmp MISSCALL02
//-----------------------------------------------
MISSCALL01:
mov [MISSKEY2],1
ret
//-----------------------------------------------
MISSCALL02:
mov [MISSKEY2],0
cmp [MUKSOF],0
jg MISSCALL03
ret
//-----------------------------------------------
MISSCALL03:
mov [MISSKEY2],1
mov [SSTIME],0
mov [MUKSOF],0
ret
//-----------------------------------------------
TIMESS:
push eax
push ebx
mov eax,[00aaf0cc]
sub eax,[TIMESSOF]
mov ebx,[00aaf0cc]
mov [TIMESSOF],ebx
add [TIMESSOF01],eax
cmp [TIMESSOF01],21
pop ebx
pop eax
jg TIMESS01
ret
//-----------------------------------------------
TIMESS01:
mov [TIMESSOF01],0
add [SSTIME],1
ret
//-----------------------------------------------
[DISABLE]
dealloc(GOO)
unregistersymbol(GOO)
dealloc(GOOKEY)
unregistersymbol(GOOKEY)
dealloc(MKSTUPIDKEY)
unregistersymbol(MKSTUPIDKEY)
dealloc(MKNOJMPKEY)
unregistersymbol(MKNOJMPKEY)
dealloc(TIMESSOF)
unregistersymbol(TIMESSOF)
dealloc(TIMESSOF01)
unregistersymbol(TIMESSOF01)
dealloc(SSTIME)
unregistersymbol(SSTIME)
dealloc(MUKSOF)
unregistersymbol(MUKSOF)
dealloc(MISSKEY)
unregistersymbol(MISSKEY)
dealloc(MISSKEY2)
unregistersymbol(MISSKEY2)
dealloc(MISSTIME)
unregistersymbol(MISSTIME)

//=======================================
//TWMS096 ª««~¹LÂo
//¥N½X¡G004ECF1D   
//EIP¡GItemFilter
//ª««~ID¡GItemCounter
//=======================================
[ENABLE]
alloc(ItemFilter,124)
alloc(IFTable,16024)
alloc(ItemCounter,4)
label(ifreject)
label(end)
label(skip)
registersymbol(ItemFilter)
registersymbol(ItemCounter)

ItemFilter:
        mov [ItemCounter],eax
        push ebx
        push esi
        xor ebx, ebx
        mov esi,IFTable
ifreject:
        cmp eax,[esi]
        je skip
        cmp [esi],ebx
        je end
        add esi,4
        jmp ifreject
skip:
        mov eax,00
end:
        pop esi
        pop ebx
        mov [edi+34],eax
        jmp 004ECF23

IFTable:
dd 1F6EE0 //Arrow for Bow ½b¥Ú
dd 1F6EE3 //Arrow for Bow ½b¥Ú
dd 1F6EE1 //Bronze Arrow for Bow ½b¥Ú
dd 1F72C8 //Arrow for Crossbow ½b¥Ú
dd 1F72CB //Arrow for Crossbow ½b¥Ú
dd 1F72C9 //Bronze Arrow for Crossbow ½b¥Ú
dd 00

[DISABLE]
dealloc(ItemFilter)
unregistersymbol(ItemFilter)
dealloc(IFTable)
dealloc(ItemCounter)
unregistersymbol(ItemCounter)

//TWms96Àþ²¾¨ì³Ì¤W­±
//008D028C EIP= MoveTop    //GoTop: ³]¬°¼öÁä,0=°±¤î,1=Àþ²¾¨ì³Ì¤W­±
//Àþ²¾¨ì³Ì¤W­±«áGoTopªº­È·|¦Û°Ê­«³]¬°0
//¨Ï¥Î®É¥u­n³]©w¦n¡AGoTop¬°1«á¡A«ö¸õ´N¥i¥H¤F
//ª`·N: ­Y¦³¸õ©Ç¦b¡A«h·í¸õ©Ç¸õ°_¨Ó®É¡A´N·|Åܦ¨¥¦·|Àþ²¾¨ì³Ì¤W­±
[Enable]
alloc(MoveTop,256)
alloc(GoTop,4)
label(Back)
registersymbol(MoveTop)
registersymbol(GoTop)
GoTop:
  DB 0
MoveTop:
  cmp [GoTop],0
  je Back
  mov [GoTop],0
  jmp 008D028E              
Back:
  jae 008D02FA        
  jmp 008D028E
[disable]
dealloc(MoveTop)
dealloc(GoTop)
unregistersymbol(MoveTop)
unregistersymbol(GoTop)

maxRush(©wÂIÀþ²¾) v1.3 for TWMS V.96
//maxRush(©wÂIÀþ²¾) v1.3 for TWMS V.96
//­ì§@ªÌ¡Fmaxjojo
//maxRush v1.3 Address¡G008CDF82     
//EIP¡GmaxRush
//maxRushCounter¡G ³]©w N ­Ó©wÂI¼Æ¶q
//maxRushOnOff  ¡G 0= §ì©wÂI¦ì¸m   1=±Ò°ÊÀþ²¾
//RushCounter   ¡G ¥Ø«e©wÂI¦ì¸m
//Round : ³]©w²Ä´X°é¡A·|¸õ¨ì²Ä N+1 ªº©wÂI¡A0¬°¤£±Ò°Ê¡C

[ENABLE]
registersymbol(maxRush)
registersymbol(maxRushCounter)
registersymbol(maxRushOnOff)
registersymbol(EDIValue)
alloc(maxRush, 1024)
alloc(EDIValue,4)
alloc(maxRushCounter,4)
alloc(maxRushOnOff,4)
label(doRushNormal)
label(getEDIValue)
label(doRushTele)
label(doRushTeleStart)
label(doRushTeleReturn)
label(doRushResetCounterEnd)
alloc(loctn,64)
label(doRushTeleEnd)
label(doEnd)
registersymbol(RushCounter)
alloc(RushCounter,4)
registersymbol(Round)
alloc(Round,4)
alloc(VarRound,4)
Round:
    dd 0
VarRound:
    dd 0
maxRushCounter:
    dd 2
RushCounter:
    dd 1
maxRushOnOff:
    dd 0
    // {1: On, (char teleport, ©wÂIÀþ²¾) |
    //  0: Off (platform id detect,¥­¥xIDÀË´ú) }
EDIValue:
    dd 0                    // platform id (¥­¥xID)
maxRush:
    Push Eax
    Mov Eax,[00AADCB4]      // char pointer
    Add Eax, 0D08
    Mov Eax, [Eax]
    Sub Eax, C              // char pid
    Cmp Esi,Eax
    Pop Eax
    Je doRushNormal
    jmp 008CDF88  
doRushNormal:
    call doRushTele
    ja 008CDF88   
    jmp 008CDF84  
doRushTele:
    pushfd
    Cmp [maxRushOnOff],0
    je getEDIValue
    call doRushTeleStart
doRushTeleReturn:
    popfd
    ret
// platform id detect.
getEDIValue:
    push eax
    push edx
    push ecx
   
    mov eax,[esi+114]
    lea edx,[loctn]
    mov ecx,[RushCounter]
    shl ecx,1
    shl ecx,1
    mov [edx+ecx],eax
    pop ecx
    pop edx
    pop eax
    jmp doRushTeleReturn

// start charactor teleport
doRushTeleStart:
    push ebx
    push eax
   add  [RushCounter],1
   mov  ebx,[maxRushCounter]
   cmp  [RushCounter],ebx
    ja  doRushTeleEnd
    push edx
    push ecx   
    lea edx,[loctn]
    mov ecx,[RushCounter]
    shl ecx,1
    shl ecx,1
    mov eax,[edx+ecx]
    mov [esi+110],eax
    pop ecx
    pop edx
    jmp doRushResetCounterEnd
doRushTeleEnd:
cmp [Round],0
je doEnd
add [VarRound],1
mov ebx,[Round]
cmp [VarRound],ebx
jbe doEnd
    push edx
    push ecx  
mov [VarRound],0
    lea edx,[loctn]
    mov ecx,[RushCounter]
    shl ecx,1
    shl ecx,1
    mov eax,[edx+ecx]
    mov [esi+110],eax
    pop ecx
    pop edx
    jmp doRushResetCounterEnd
   
doEnd:
    mov [RushCounter],0      // reset counter (Âk¹s­«¨Ó)
    pop eax
    pop ebx
    jmp doRushTeleStart
doRushResetCounterEnd:
    pop eax
    pop ebx
    ret

[DISABLE]
dealloc(maxRush)
dealloc(maxRushCounter)
dealloc(maxRushOnOff)
dealloc(PlatformIDList)
unregistersymbol(maxRush)
unregistersymbol(maxRushCounter)
unregistersymbol(maxRushOnOff)
dealloc(EDIValue)
unregistersymbol(EDIValue)
dealloc(loctn)
unregistersymbol(RushCounter)
dealloc(RushCounter)
unregistersymbol(Round)
dealloc(Round)
dealloc(VarRound)

IJµo¦¡Àþ²¾¨ì³ÌÃäÃä
// TWMS096 IJµo¦¡Àþ²¾¨ì³ÌÃäÃä
//
// ¥N½X¡G0051DDAD EIP=MoveHook
//
// ¼öÁä¡GmDir= 0:Ãö³¬ 1:¤W­± 2:¥ªÃä 3:¥kÃä
//
//§ó·sªÌ¡GÉ@BoyueÉ@
//=========================================
[Enable]
registersymbol(MoveHook)
registersymbol(mDir)
alloc(MoveHook,256)
alloc(mDir, 4)
label(DoHook)
label(HookRet)
label(Handler_Up)
label(Handler_Left)
label(Handler_Right)
label(MoveToUp)
label(MoveToLeft)
label(MoveToRight)


MoveHook:
       push   eax
       mov    eax, [00AA8944]
       mov    eax, [eax+378]
       cmp    eax, 6
       je     DoHook
       cmp    eax, 7
       je     DoHook
       pop    eax
       jmp    HookRet

DoHook:
       pop    eax
       cmp    [esp], 008D027B       // Àþ²¾¨ì³Ì¤W­±  
       je     Handler_Up
       cmp    [esp], 008D017A       // Àþ²¾¨ì³Ì¥ªÃä  
       je     Handler_Left
       cmp    [esp], 008D01EA       // Àþ²¾¨ì³Ì¥kÃä  
       je     Handler_Right

HookRet:
       push   ebp
       jmp    0051DDAE  

//===[ Àþ²¾¨ì³Ì¤W­± ]====================
Handler_Up:
       cmp    [mDir], 1
       jne    HookRet
       mov    [esp], MoveToUp
       jmp    HookRet

MoveToUp:
       mov    [mDir], 0
       fild   dword ptr [ebx+00000134]
       pop    ecx
       pop    ecx
       fstp   qword ptr [ebp-14]
       fcomp  qword ptr [ebp-14]
       db     df e0
       sahf
       jmp    008D028E  

//===[ Àþ²¾¨ì³Ì¥ªÃä ]====================
Handler_Left:
       cmp    [mDir], 2
       jne    HookRet
       mov    [esp], MoveToLeft
       jmp    HookRet

MoveToLeft:
       mov    [mDir], 0
       fild   dword ptr [ebx+00000130]
       add    esp, 28
       fstp   qword ptr [ebp-14]
       fcomp  qword ptr [ebp-14]
       db     df e0
       sahf
       jmp    008D018E  

//===[ Àþ²¾¨ì³Ì¥kÃä ]====================
Handler_Right:
       cmp    [mDir], 3
       jne    HookRet
       mov    [esp], MoveToRight
       jmp    HookRet

MoveToRight:
       mov    [mDir], 0
       fild   dword ptr [ebx+00000138]
       pop    ecx
       pop    ecx
       fstp   qword ptr [ebp-14]
       fcomp  qword ptr [ebp-14]
       db     df e0
       sahf
       jmp   008D01FD  

mDir:
       dd     0                    //Àþ²¾¤è¦V 0:Ãö³¬ 1:¤WÃä 2:¥ª­± 3:¥kÃä

[Disable]
unregistersymbol(MoveHook)
dealloc(MoveHook)
unregistersymbol(mDir)
dealloc(mDir)

¶W¾ß                       00AA9850          offset ;  2070
¦a¹Ï¬õÂI               00AADCC8       Offset¡G 0018

1. //TWMS096
   
2. //®É¶¡¡G2009/6/24
   
3. //§ó·s¡Gmoyamoya
   
4. //­ì§@¡Gzgenden
   
5. //¥N½X¡G0051DE2A
   
6. //EIP¡GMAXONE
   
7. //¥\¯à¡G¸õ©Ç±¼¸¨1.¸õ©Ç±¼¸¨2
   
8. //-----------------------------------------------
   
9. [ENABLE]
   
10. registersymbol(MAXONE)
    
11. alloc(MAXONE,2048)
    
12. label(MAXONE00)
    
13. label(ONE)
    
14. registersymbol(ONEKEY)
    
15. alloc(ONEKEY,4)
    
16. registersymbol(ONEKEY00)
    
17. alloc(ONEKEY00,4)
    
18. registersymbol(JUPKEY)
    
19. alloc(JUPKEY, 4)
    
20. label(JUP)
    
21. label(JUP2)
    
22. label(TWO)
    
23. label(TWO00)
    
24. registersymbol(JUPKEY2)
    
25. alloc(JUPKEY2, 4)
    
26. //-----------------------------------------------
    
27. ONEKEY00:
    
28. DD 1   //Á`¶}Ãö:   0.Ãö 1.¶}
    
29. 
    
30. JUPKEY:
    
31. DD 1   //¸õ©Ç±¼¸¨1: 0.Ãö 1.¶}
    
32. 
    
33. JUPKEY2:
    
34. DD 1   //¸õ©Ç±¼¸¨2: 0.Ãö 1.¶}
    
35. 
    
36. //-----------------------------------------------
    
37. MAXONE:
    
38. cmp [ONEKEY00],0
    
39. je MAXONE00
    
40. 
    
41. 
    
42. cmp dword ptr [esp], 008D5D2B
    
43. je ONE
    
44. cmp dword ptr [esp], 008D6227
    
45. je TWO
    
46. ret
    
47. 
    
48. 
    
49. MAXONE00:
    
50. ret
    
51. //-----------------------------------------------
    
52. ONE:
    
53. add esp,4
    
54. cmp [JUPKEY],1
    
55. je JUP
    
56. fsubr qword ptr [ebp-18]
    
57. jmp 008D5D2E
    
58. //-----------------------------------------------
    
59. JUP:
    
60. cmp [ebx+0230],2
    
61. jne JUP2
    
62. mov [ebx+02D0],0
    
63. fsubr qword ptr [ebp-18]
    
64. add esp,10
    
65. fst qword ptr [ebp-18]
    
66. fcomp qword ptr [009E7B98]
    
67. jmp 008D60BA
    
68. //-----------------------------------------------
    
69. JUP2:
    
70. fsubr qword ptr [ebp-18]
    
71. jmp 008D5D2E
    
72. //-----------------------------------------------
    
73. TWO:
    
74. add esp,4
    
75. cmp [JUPKEY2],1
    
76. jne TWO00
    
77. fcomp qword ptr [ebp-08]
    
78. pop ecx
    
79. pop ecx
    
80. jmp 008D6291
    
81. TWO00:
    
82. fcomp qword ptr [ebp-08]
    
83. jmp 008D622A
    
84. //-----------------------------------------------
    
85. 
    
86. [DISABLE]
    
87. dealloc(MAXONE)
    
88. unregistersymbol(MAXONE)
    
89. dealloc(ONEKEY)
    
90. unregistersymbol(ONEKEY)
    
91. dealloc(ONEKEY00)
    
92. unregistersymbol(ONEKEY00)
    
93. dealloc(JUPKEY)
    
94. unregistersymbol(JUPKEY)
    
95. dealloc(JUPKEY2)
    
96. unregistersymbol(JUPKEY2)

½Æ»s¥N½X