In the previous article, we introduced the change of money, the instant construction and the rapid construction. Not much to say, the beginning of this article
(iv) Unlimited power--Common code processing
Accurate values for power and load can be selected from a power plant to see
Address of the direct power supply: [game.exe+635db4]+52d0
Load Address: [GAME.EXE+635DB4]+52D4
Red Police 2, power plants provide electricity according to their health is different, the less the value of life to provide less power. So when the power plant is attacked, the power value is updated. When new buildings are placed, or buildings are destroyed, and the buildings are sold, electricity and load are updated. To achieve radio power, the power can be changed to large, can also reduce the load. I chose the second one, and zeroed the load. The first kind of change is a problem, the individual does not like to show 99999, not elegant.
Directly find who rewrote the load, enter the game without any action there is an address 004e44fe-mov [Esi+000052d4],eax, according to experience 80% is not, because you have not yet operated, after testing NOP has no effect. Create a new power plant, there are 3 instructions, and then force attacks on their own power plant, found this command 004f2d9b-mov [esi+000052d4],ecx count increases, that is, it, nop off, when you let the power changes, the load successfully zeroed.
So the problem comes, this code is shared, the computer AI also realized unlimited power, do not believe to try to destroy all of the computer power plants, defensive buildings are still working, and the computer only built a power plant. This is to deal with the common code, my implementation is, the judge is not the load address of the player, if it is cleared, if not the normal operation, the following CE script.
[Enable]alloc (newmem,2048) label (returnhere) label (originalcode) label (exit) game.exe+f2d9b: //The instruction address to be modified in JMP Newmemnopreturnhere:newmem:push Eaxmov EAX,GAME.EXE+635DB4 //Player data address mov eax, DWORD ptr [eax]cmp eax, Esipop eaxjnz Originalcode //If not us then jump MOV [esi+000052d4],0 //modified instruction in JMP Exitoriginalcode:mov [esi+000052d4],ecxexit:jmp Returnhere
(v) Money only increases without loss
In the same way, find the code that makes the money less, and you also need to work with common code.
(vi) Full map-simple call, but not easy to find
Initially there is no way to map open ideas, find the map fog array, search unknown, and then always search for change is not reliable, whether the great God told this How to operate?
Then watch the Red Police 2 PvP live, found on the map of the random box can be opened full map. Get ideas, then from then on, the general box is to add money, to find who changed the money (Let your minecart stop, reduce interference), and then go to eat the box, get an address (later found that this address is also all related to the increase in money places). Use OD at this address breakpoint, and then continue to find boxes, encounter add Money box, program broken down.
Then look at the call stack, one layer below the breakpoint. Return a layer:
Return to Layer Two:
Initially looking for, the next broken 4 layers, some of you will find that just into the game, it was broken down, such a breakpoint directly canceled just fine. According to the existing annotations, the actual two layers are good. And when you go back to the first layer, turn it upside down and you'll see the following key string:
Turn up again, and you see the full picture, and re-close the full picture:
The final call to the full map is:
Pushadmov ecx,008324e0 //Game data area call 0055a120popadret
Create a new thread. Inside this function is to rewrite the fog of the whole image to be explored. Don't delve into it.
To be Continued ...
Reprint please indicate source, http://www.cnblogs.com/viewll/p/4769346.html
Red Alert 2 modifier principle Encyclopedia (ii)