[EUD新技术][半成品]和动态修改Unit数据有关的自定义触发

castelu

1. __declspec(naked) BOOL FASTCALL Comment(ActionParams params)
   
2. {_asm{
   
3.     SUB ESP,0x1C
   
4.     PUSH EDI
   
5.     MOV EDI,ECX
   
6.     MOV AL,BYTE PTR DS:[EDI]
   
7.     TEST AL,AL
   
8.     JNZ SHORT starcraf_004C4196
   
9.     MOV EAX,1
   
10.     POP EDI
    
11.     ADD ESP,0x1C
    
12.     RETN
    
13. starcraf_004C4196:
    
14.     DEC AL
    
15.     PUSH ESI
    
16.     MOV BYTE PTR SS:[ESP+8],AL
    
17.     MOV EAX,DWORD PTR SS:[ESP+8]
    
18.     AND EAX,0xFF
    
19.     LEA EDX,DWORD PTR SS:[ESP+8]
    
20.     LEA ESI,DWORD PTR DS:[EAX+EAX*4]
    
21.     SHL ESI,2
    
22.     LEA EAX,DWORD PTR DS:[ESI+0x517288]
    
23.     MOV ECX,EAX
    
24.     NEG ECX
    
25.     SBB ECX,ECX
    
26.     NEG EDX
    
27.     SBB EDX,EDX
    
28.     TEST EDX,ECX
    
29.     JNZ SHORT starcraf_004C41CD
    
30.     PUSH 0x57
    
31.     MOV EAX,0x4CDBB0;=<JMP.&Storm.#465>
    
32.     CALL EAX
    
33.     JMP SHORT starcraf_004C41F0
    
34. starcraf_004C41CD:
    
35.     MOV CX,WORD PTR DS:[EAX]
    
36.     MOV WORD PTR SS:[ESP+8],CX
    
37.     MOV DX,WORD PTR DS:[EAX+8]
    
38.     MOV WORD PTR SS:[ESP+0xC],DX
    
39.     MOV CX,WORD PTR DS:[EAX+4]
    
40.     MOV WORD PTR SS:[ESP+0xA],CX
    
41.     MOV DX,WORD PTR DS:[EAX+0xC]
    
42.     MOV WORD PTR SS:[ESP+0xE],DX
    
43. starcraf_004C41F0:
    
44.     MOV EAX,DWORD PTR DS:[EDI+0x10]
    
45.     MOV CX,WORD PTR DS:[ESI+0x51729A]
    
46.     MOV DX,WORD PTR DS:[EDI+0x18]
    
47.     MOV DWORD PTR SS:[ESP+0x10],EAX
    
48.     MOV AL,BYTE PTR DS:[EDI+0x1B]
    
49.     MOV WORD PTR SS:[ESP+0x14],CX
    
50.     TEST AL,AL
    
51.     MOV WORD PTR SS:[ESP+0x16],DX
    
52.     JE SHORT starcraf_004C421E
    
53.     MOVZX AX,AL
    
54.     MOV WORD PTR SS:[ESP+0x18],AX
    
55.     JMP SHORT starcraf_004C4225
    
56. starcraf_004C421E:
    
57.     MOV WORD PTR SS:[ESP+0x18],0xFFFF
    
58. starcraf_004C4225:
    
59.     MOV ECX,DWORD PTR DS:[EDI+0x14]
    
60.     LEA EDX,DWORD PTR SS:[ESP+0x10]
    
61.     MOV DWORD PTR SS:[ESP+0x20],ECX
    
62.     PUSH EDX
    
63.     MOV EDX,0x04C40A0
    
64.     LEA ECX,DWORD PTR SS:[ESP+0xC]
    
65.     MOV EAX,[EDI+0xC]
    
66.     TEST EAX,EAX
    
67.     JZ DEFAULT
    
68.     MOV EAX,[0x515ABC+EAX*4]
    
69.     TEST EAX,EAX
    
70.     JZ DEFAULT
    
71.     MOV DWORD PTR SS:[ESP+0x20],EAX
    
72.     JMP SHORT EXIT
    
73. DEFAULT:
    
74.     MOV DWORD PTR SS:[ESP+0x20],0x04C4260
    
75. EXIT:
    
76.     PUSH 0x04C4247
    
77.     PUSH 0x04453F0
    
78.     RETN
    
79. }}
    

复制代码

============================================================================================

1. __declspec(naked) BOOL FASTCALL Comment(ActionParams params)
   
2. {_asm{
   
3.     pushad
   
4.     call CODE_COPY
   
5. }_asm{
   
6.     SUB ESP,0x1C
   
7.     PUSH EDI
   
8.     MOV EDI,ECX
   
9.     MOV AL,BYTE PTR DS:[EDI]
   
10.     TEST AL,AL
    
11.     JNZ SHORT starcraf_004C4196
    
12.     MOV EAX,1
    
13.     POP EDI
    
14.     ADD ESP,0x1C
    
15.     RETN
    
16. starcraf_004C4196:
    
17.     DEC AL
    
18.     PUSH ESI
    
19.     MOV BYTE PTR SS:[ESP+8],AL
    
20.     MOV EAX,DWORD PTR SS:[ESP+8]
    
21.     AND EAX,0xFF
    
22.     LEA EDX,DWORD PTR SS:[ESP+8]
    
23.     LEA ESI,DWORD PTR DS:[EAX+EAX*4]
    
24.     SHL ESI,2
    
25.     LEA EAX,DWORD PTR DS:[ESI+0x517288]
    
26.     MOV ECX,EAX
    
27.     NEG ECX
    
28.     SBB ECX,ECX
    
29.     NEG EDX
    
30.     SBB EDX,EDX
    
31.     TEST EDX,ECX
    
32.     JNZ SHORT starcraf_004C41CD
    
33.     PUSH 0x57
    
34.     MOV EAX,0x4CDBB0;=<JMP.&Storm.#465>
    
35.     CALL EAX
    
36.     JMP SHORT starcraf_004C41F0
    
37. starcraf_004C41CD:
    
38.     MOV CX,WORD PTR DS:[EAX]
    
39.     MOV WORD PTR SS:[ESP+8],CX
    
40.     MOV DX,WORD PTR DS:[EAX+8]
    
41.     MOV WORD PTR SS:[ESP+0xC],DX
    
42.     MOV CX,WORD PTR DS:[EAX+4]
    
43.     MOV WORD PTR SS:[ESP+0xA],CX
    
44.     MOV DX,WORD PTR DS:[EAX+0xC]
    
45.     MOV WORD PTR SS:[ESP+0xE],DX
    
46. starcraf_004C41F0:
    
47.     MOV EAX,DWORD PTR DS:[EDI+0x10]
    
48.     MOV CX,WORD PTR DS:[ESI+0x51729A]
    
49.     MOV DX,WORD PTR DS:[EDI+0x18]
    
50.     MOV DWORD PTR SS:[ESP+0x10],EAX
    
51.     MOV AL,BYTE PTR DS:[EDI+0x1B]
    
52.     MOV WORD PTR SS:[ESP+0x14],CX
    
53.     TEST AL,AL
    
54.     MOV WORD PTR SS:[ESP+0x16],DX
    
55.     JE SHORT starcraf_004C421E
    
56.     MOVZX AX,AL
    
57.     MOV WORD PTR SS:[ESP+0x18],AX
    
58.     JMP SHORT starcraf_004C4225
    
59. starcraf_004C421E:
    
60.     nop
    
61.     MOV WORD PTR SS:[ESP+0x18],0xFFFF
    
62. starcraf_004C4225:
    
63.     MOV ECX,DWORD PTR DS:[EDI+0x14]
    
64.     LEA EDX,DWORD PTR SS:[ESP+0x10]
    
65.     MOV DWORD PTR SS:[ESP+0x20],ECX
    
66.     PUSH EDX
    
67.     MOV EDX,0x04C40A0
    
68.     nop
    
69.     LEA ECX,DWORD PTR SS:[ESP+0xC]
    
70.     MOV EAX,[EDI+0xC]
    
71.     TEST EAX,EAX
    
72.     JZ DEFAULT
    
73.     MOV EAX,[0x515ABC+EAX*4]
    
74.     TEST EAX,EAX
    
75.     JZ DEFAULT
    
76.     MOV DWORD PTR SS:[ESP+0x20],EAX
    
77.     JMP SHORT EXIT
    
78. DEFAULT:
    
79.     MOV DWORD PTR SS:[ESP+0x20],0x04C4260
    
80. EXIT:
    
81.     PUSH 0x04C4247
    
82.     PUSH 0x04453F0
    
83.     RETN
    
84. CODE_COPY:
    
85.     pop esi
    
86.     mov edi,[ecx+14h]//读取Value指定的触发编号
    
87.     mov [502870+edi*4],esi//重写触发函数之争表
    
88.     mov edi,[ecx+10h]//拷贝到指定的永久内存
    
89.     mov ecx,[esi-4]//获取代码长度
    
90.     rep movsb//执行拷贝
    
91.     popad
    
92.     ret
    
93. }}
    

复制代码

编译结果：

1. Comment("H>P60@00Pn`LEh_i?XX7Q<1e2[P10000Gh?47<?nb5HfR4@T23J;A2@89Ol0000fSE@T23j==831iP8nSHJ8LU40RlSgfA_9mmXKdXGAM@]ZEkR`fd`0om3[:fHnR`QV=XU<90QV?X]@26HfRE@T36HnRdP4ISJ9C2@:ISj;D0aV=XUD90hnRdL@ISj;SYYbD@1V?X]G63J9A2@@?XY76fHfRD`T58C0ISJ9E2@FM0aV3kK0ISJ9A2@Hj`V@ISK7A2@HoolnRdlD=XeD910fRD`T85:jX41<090fSD`T38]738G0M1:;18FlFU40QL1d1cJ9A2@Pj`Tfad@T8612C01XAd9<06S`Dd@0`ej;NAB9=;eF[0L0RgT@RdklljAQ`lc<c<c<c<c<c<c<c<c<c<?<", 0 , ###在这里写上安装序号### , 1);
   

复制代码

功能：将一个新的功能函数安装至触发指针表，覆盖标准触发。
参数：
Address 填写一个永久内存地址，新函数将被安装至这里，大约260字节。
Value 要被覆盖的标准触发的编号，填写49即可，此代码为49号触发专门设计。

安装完成后，修改Actions.lst文件，给49号触发的第4个参数声明为Number类型，填写子功能的安装序号，修改血量的百分数视子功能而定。

castelu

1. __declspec(naked) BOOL FASTCALL Comment(ActionParams params)
   
2. {_asm{
   
3.     PUSH ESI
   
4.     MOV ESI,DWORD PTR SS:[ESP+8]
   
5.     TEST ESI,ESI
   
6.     JNZ SHORT starcraf_004C4276
   
7.     PUSH 0x57
   
8.     MOV EAX,0x04CDBB0;=<JMP.&Storm.#465>
   
9.     CALL EAX
   
10.     XOR EAX,EAX
    
11.     POP ESI
    
12.     RETN 8
    
13. starcraf_004C4276:
    
14.     MOV EAX,[ESP+0xC]
    
15.     MOV ECX,[0x5094AE]
    
16.     MOV [ESI+EAX],ECX
    
17.     POP ESI
    
18.     RETN 8
    
19. }}

复制代码

castelu

看了半天都没看懂

Comment("H>P60@00Pn`LEh_i?XX7Q<1e2[P10000Gh?47<?nb5HfR4@T23J;A2@89Ol0000fSE@T23j==831iP8nSHJ8LU40RlSgfA_9mmXKdXGAM@]ZEkR`fd`0om3[:fHnR`QV=XU<90QV?X]@26HfRE@T36HnRdP4ISJ9C2@:ISj;D0aV=XUD90hnRdL@ISj;SYYbD@1V?X]G63J9A2@@?XY76fHfRD`T58C0ISJ9E2@FM0aV3kK0ISJ9A2@Hj`V@ISK7A2@HoolnRdlD=XeD910fRD`T85:jX41<090fSD`T38]738G0M1:;18FlFU40QL1d1cJ9A2@Pj`Tfad@T8612C01XAd9<06S`Dd@0`ej;NAB9=;eF[0L0RgT@RdklljAQ`lc<c<c<c<c<c<c<c<c<c<?<", 5431296, 49, 0, 1);  这样？

castelu

uid


mov ecx,UnitBuffer
sub ecx,0059CCA8h
MOV EAX,86186187h
mul ecx
sub ecx,edx
shr ecx,1h
add ecx,edx
shr ecx,8h
inc ecx
mov eax, UnitBuffer
MOVZX EAX,BYTE PTR DS:[Eax+0A5h]
SHL EAX,0Bh
OR EAX,ECX
ret

castelu

1. __declspec(naked) BOOL FASTCALL Comment(ActionParams params)
2. {_asm{
3. pushad
4. call CODE_COPY
5. }_asm{
6. SUB ESP,0x1C
7. PUSH EDI
8. MOV EDI,ECX
9. MOV AL,BYTE PTR DS:[EDI]
10. TEST AL,AL
11. JNZ SHORT starcraf_004C4196
12. MOV EAX,1
13. POP EDI
14. ADD ESP,0x1C
15. RETN
16. starcraf_004C4196:
17. DEC AL
18. PUSH ESI
19. MOV BYTE PTR SS:[ESP+8],AL
20. MOV EAX,DWORD PTR SS:[ESP+8]
21. AND EAX,0xFF
22. LEA EDX,DWORD PTR SS:[ESP+8]
23. LEA ESI,DWORD PTR DS:[EAX+EAX*4]
24. SHL ESI,2
25. LEA EAX,DWORD PTR DS:[ESI+0x517288]
26. MOV ECX,EAX
27. NEG ECX
28. SBB ECX,ECX
29. NEG EDX
30. SBB EDX,EDX
31. TEST EDX,ECX
32. JNZ SHORT starcraf_004C41CD
33. PUSH 0x57
34. MOV EAX,0x4CDBB0;=<JMP.&Storm.#465>
35. CALL EAX
36. JMP SHORT starcraf_004C41F0
37. starcraf_004C41CD:
38. MOV CX,WORD PTR DS:[EAX]
39. MOV WORD PTR SS:[ESP+8],CX
40. MOV DX,WORD PTR DS:[EAX+8]
41. MOV WORD PTR SS:[ESP+0xC],DX
42. MOV CX,WORD PTR DS:[EAX+4]
43. MOV WORD PTR SS:[ESP+0xA],CX
44. MOV DX,WORD PTR DS:[EAX+0xC]
45. MOV WORD PTR SS:[ESP+0xE],DX
46. starcraf_004C41F0:
47. MOV EAX,DWORD PTR DS:[EDI+0x10]
48. MOV CX,WORD PTR DS:[ESI+0x51729A]
49. MOV DX,WORD PTR DS:[EDI+0x18]
50. MOV DWORD PTR SS:[ESP+0x10],EAX
51. MOV AL,BYTE PTR DS:[EDI+0x1B]
52. MOV WORD PTR SS:[ESP+0x14],CX
53. TEST AL,AL
54. MOV WORD PTR SS:[ESP+0x16],DX
55. JE SHORT starcraf_004C421E
56. MOVZX AX,AL
57. MOV WORD PTR SS:[ESP+0x18],AX
58. JMP SHORT starcraf_004C4225
59. starcraf_004C421E:
60. nop
61. MOV WORD PTR SS:[ESP+0x18],0xFFFF
62. starcraf_004C4225:
63. MOV ECX,DWORD PTR DS:[EDI+0x14]
64. LEA EDX,DWORD PTR SS:[ESP+0x10]
65. MOV DWORD PTR SS:[ESP+0x20],ECX
66. PUSH EDX
67. MOV EDX,0x04C40A0
68. nop
69. LEA ECX,DWORD PTR SS:[ESP+0xC]
70. MOV EAX,[EDI+0x14]//从这里开始有详细改动 0x10是参数偏移量
71. TEST EAX,EAX
72. JGE DEFAULT
73. NOT EAX
74. INC EAX
75. MOV EAX,[0x515ABC+EAX*4]
76. TEST EAX,EAX
77. JZ DEFAULT
78. MOV DWORD PTR SS:[ESP+0x20],EAX
79. JMP SHORT EXIT
80. DEFAULT:
81. MOV DWORD PTR SS:[ESP+0x20],0x04C4260
82. EXIT:
83. LEA EAX,[EDI+4]
84. MOV [ESP+0x24],EAX//ESP+24h指向原百分数的参数，存放的是参数指针
85. PUSH 0x04C4247//两个push一个retn模拟call操作，释放控制权，执行 0x04453F0 函数完毕后直接返回到 0x04C4247
86. PUSH 0x04453F0
87. RETN
88. CODE_COPY:
89. pop esi
90. mov edi,[ecx+14h]//读取Value指定的触发编号
91. mov [0x502870+edi*4],esi//重写触发函数指针表
92. mov edi,[ecx+10h]//拷贝到指定的永久内存
93. mov ecx,[esi-4]//获取代码长度
94. rep movsb//执行拷贝
95. popad
96. ret
97. }}

复制代码

Actions.lst

1. Action ModifyUnitHitPoints(Count Count, Unit Unit, Player Owner, Location Where, Number Percent, Number arg1, Number arg2, Number arg3)
2. {
3. Action(Where, arg1, arg2, arg3, Owner, Percent, Unit, 49, Count, 20);
4. }

复制代码

编译结果:

1. Comment("H>P@0@00Pn`LEh_i?XX7Q<1e2[P10000Gh?47<?nb5HfR4@T23J;A2@89Ol0000fSE@T23j==831iP8nSHJ8LU40RlSgfA_9mmXKdXGAM@]ZEkR`fd`0om3[:fHnR`QV=XU<90QV?X]@26HfRE@T36HnRdP4ISJ9C2@:ISj;D0aV=XUD90hnRdL@ISj;SYYbD@1V?X]G63J9A2@@?XY76fHfRD`T58C0ISJ9E2@FM0aV3kK0ISJ9A2@Hj`V@ISK7A2@HoolnRdlD=XeD910fRD`T85:jX41<090fSD`T38]758G0OAGgd42;18FlFU40QL1d1cJ9A2@Pj`Tfad@T8612C02=A`B9A2@TJ4M2C01Xl5=40<=NRgTDRCBmL2Q@08]i48]>o?>THL?<c<c<c<?<", 0, 22, 0, 1);
2. Comment("", 5431319, 49, 0, 22);

复制代码

其中编号22可替换为其它空余的编号,此编号只用此一次,之后仍旧空闲.

此功能安装后,无功能编号, 星际原始触发 ModifyUnitHitPoints 的功能将被替换, 参数 Percent 为正数或0维持原有功能,为负数时,表示插件编号.
ModifyUnitHitPoints 与 Comment 共用插件编号,即分配给 Comment 的编号不能再次分配给 ModifyUnitHitPoints 使用.

castelu

加血插件源码:

1.     PUSH ESI
   
2.     MOV ESI,[ESP+8]
   
3.     TEST ESI,ESI
   
4.     JNZ starcraf_004C4276
   
5.     PUSH 0x57
   
6.     nop
   
7.     MOV EAX,0x04CDBB0;=<JMP.&Storm.#465>
   
8.     CALL EAX
   
9.     XOR EAX,EAX
   
10.     POP ESI
    
11.     nop
    
12.     RETN 8
    
13. starcraf_004C4276:
    
14.     MOV EAX,[ESP+0xC]
    
15.     MOV EDX,[EAX]
    
16.     SHL EDX,8
    
17.     ADD EDX,[ESI+8]
    
18.      PUSH EDX
    
19.      MOV ECX,ESI
    
20.     PUSH 0x4C42C4
    
21.     PUSH 0x0417910
    
22.     RETN
    

复制代码

编译结果:

1. Comment("EX]d90R5mWDAJUN@^;3KC03od3?0GY32202;A2@<Ra31hPP3EPQBRliXa49<06P@ND40`lc<c<c<c<c<c<c<c<?<", 0 , ###在这里写上安装序号### , 1);
   

复制代码

参数说明:
arg1写需要加或减的HP值,减法写负数,有保护,不用担心加出意外

castelu

修改单位属性插件源码:

1. PUSH ESI
2. MOV ESI,[ESP+0x8]
3. TEST ESI,ESI
4. JNZ starcraf_004C4276
5. PUSH 0x57
6. NOP
7. MOV EAX,0x04CDBB0;=<JMP.&Storm.#465>
8. CALL EAX
9. XOR EAX,EAX
10. POP ESI
11. NOP
12. RETN 0x8
13. starcraf_004C4276:
14. MOV EAX,[ESP+0xC]
15. MOV ECX,[EAX+8]
16. MOV EDX,[EAX+4]
17. MOV EAX,[EAX]
18. PUSH 0x4C42C4
19. TEST ECX,ECX
20. JGE setValue
21. NOT ECX
22. INC ECX
23. ADD EDX,[ESI+EAX]
24. setValue:
25. pushad
26. LEA EDI,[ESI+EAX]
27. PUSH EDX
28. MOV ESI,ESP
29. rep movsb
30. POP EDX
31. popad
32. RETN

复制代码

编译结果:

1. Comment("EX]d90R5mWDAJUN@^;3KC03od3?0GY32202;A2@<RdP8Re04R`1Xa49<08G9O@KgdD4350IPSC`6DX_dljAJHL?<c<c<c<c<c<c<c<c<c<c3", 0 , ###在这里写上安装序号### , 1);

复制代码

参数说明:
arg1: 属性的偏移量
arg2: 属性的数值,减法操作写负数.
arg3: 赋值写正数,加减写负数,绝对值表示操作数的长度,取值1~4,0无效