这是原版 abseunit的控制段
.text:00648FE3 lea edx, [esp+0D0h+var_80]
.text:00648FE7 push 80h ; size_t
.text:00648FEC mov [esi+7C4h], eax
.text:00648FF2 mov eax, ds:off_7A9058
.text:00648FF7 push edx ; char *
.text:00648FF8 push offset byte_83C55C ; int
.text:00648FFD push offset aBaseunit ; "BaseUnit"
.text:00649002 push eax ; int
.text:00649003 mov ecx, edi
.text:00649005 call sub_50E9A0
.text:0064900A test eax, eax
我改成
lea eax, [esp+0D0h+var_80]
push 80h
mov [esi+7C4h], eax
mov eax, [esp+0D4h+var_5A]
push offset aBaseunit
push eax
push offset off_xxxxx
push offset aGeneral
nop
push eax
mov ecx, edi
call sub_50E9A0
test eax, eax
结果 载入游戏时闪退了 哈哈哈哈哈哈哈
.text:00648FE3 lea edx, [esp+0D0h+var_80]
.text:00648FE7 push 80h ; size_t
.text:00648FEC mov [esi+7C4h], eax
.text:00648FF2 mov eax, ds:off_7A9058
.text:00648FF7 push edx ; char *
.text:00648FF8 push offset byte_83C55C ; int
.text:00648FFD push offset aBaseunit ; "BaseUnit"
.text:00649002 push eax ; int
.text:00649003 mov ecx, edi
.text:00649005 call sub_50E9A0
.text:0064900A test eax, eax
我改成
lea eax, [esp+0D0h+var_80]
push 80h
mov [esi+7C4h], eax
mov eax, [esp+0D4h+var_5A]
push offset aBaseunit
push eax
push offset off_xxxxx
push offset aGeneral
nop
push eax
mov ecx, edi
call sub_50E9A0
test eax, eax
结果 载入游戏时闪退了 哈哈哈哈哈哈哈
