2010年10月21日木曜日

RagAddress(ini&教學)

[2011/01/28 Update]
RagAddress.ini(3017 2011-01-25bRagexe.rgz)
AutoImo 作者網頁 : (網頁似乎移除了)http://hide.magical.gr.jp/autoimo/index16.html
[Patch]
Number=3017

[RoName]
WindowCaption=Ragnarok
WindowClass=Ragnarok

[Ragexe]
Size=3825786

[Address]
CharName=00848AE4
Zeny=008469D8
BaseExp=00846930
BaseExpNext=0084693C
JobExp=008469EC
JobExpNext=008469E8
Weight=008469F0
WeightMax=008469E4
BaseLv=00846934
JobLv=00846940
HPIndex=008483CC
MaxHPTable=00848410

RagAddress.ini 搜尋教學
使用 W32DASM "嗶"
就可以得到下列的組合語言程式碼
然後利用關鍵字找相關位址
Change Log:
[2011/01/05 Update]2011/01/05 更新後 HP部份的關鍵字會有2組 由上往下找 第2組才是我們要的
[2011/01/28 Update]2011/01/28 更新後 HPIndex MaxHPTable 關鍵字變更
//使用2010-10-15aRagexe
//CharName=
//關鍵字:mov dl, byte ptr [ecx+eax+00

* Referenced by a CALL at Addresses:
|:004622DE   , :00462701   , :00463BE3   , :0046C66D   , :0046C927   ,  
|:0046CA1F   , :0048BE46   , :0048C911   , :0048CAA1   , :00494527   ,  
|:00494566   , :0049597F   , :0049F5CE   , :004A45A5   , :004AD0BA      
|:004ADA4F   , :004C5EAB   , :004D344B   , :004D3484   , :004F0539   ,  
|:004F0DEC   , :004F127D   , :004F13C3   , :0050DE0D   , :005ACF09   ,  
|:005CB333   , :005CB602   , :005CBABF   , :005CBB18   , :005CBD36      
|:005CBF1A   , :005CC0F6   , :005CC2FB   , :005CFD7E   , :005D685E   ,  
|:005D6CF3   , :005DCA3D   , :005DD01A   , :005DD1BD   , :005DF5D2   ,  
|:005DF5FC   , :005DF626   , :005DF66F   , :005DF699   , :005DF6C3      
|:005DF796   , :005DF7BD   , :005DF7E4   , :005DF851   , :005DF878   ,  
|:005DF89F   , :005E050A   , :005E4785   , :005E4F5B   , :005E51A6   ,  
|:005E7D33   , :005E7D78   , :005E8E05   , :005EECC2   , :00639E48      
| 00
:006F0FC0 53                      push ebx :
:006F0FC1 56                      push esi :
:006F0FC2 57                      push edi :
:006F0FC3 8DB15C0F0000            lea esi, dword ptr [ecx+00000F5C] 
:006F0FC9 B910000000              mov ecx, 00000010 
:006F0FCE BFB4B68400              mov edi, 0084B6B4 
:006F0FD3 F3                      repz d
:006F0FD4 A5                      movsd 
:006F0FD5 8B0DDCF47900            mov ecx, dword ptr [0079F4DC] 
:006F0FDB 33C0                    xor eax, eax d
:006F0FDD 81E9B4B68400            sub ecx, 0084B6B4 

* Referenced by a (U)nconditional or (C)onditional Jump at Address: 
|:006F0FFC(C) y 
| 00
:006F0FE3 8A9401B4B68400          mov dl, byte ptr [ecx+eax+0084B6B4]   //CharName=
:006F0FEA 8A98B4B68400            mov bl, byte ptr [eax+0084B6B4] B4
:006F0FF0 32DA                    xor bl, dl
:006F0FF2 8898B4B68400            mov byte ptr [eax+0084B6B4], bl B4
:006F0FF8 40                      inc eax  p
:006F0FF9 83F840                  cmp eax, 00000040 
:006F0FFC 72E5                    jb 006F0FE3 00
:006F0FFE 5F                      pop edi FE
:006F0FFF 5E                      pop esi FE
:006F1000 B8B4B68400              mov eax, 0084B6B4 
:006F1005 5B                      pop ebx  0
:006F1006 C3                      ret eb


//Zeny=
//BaseExp=
//BaseExpNext=
//JobExp=
//JobExpNext=
//關鍵字:* Possible StringData Ref from Data Obj ->"%d : %d/%d More : %d"

* Possible StringData Ref from Data Obj ->"%d : %d/%d More : %d"
                                  | 
:005DA47A 68483E7900              push 00793E48 
:005DA47F 50                      push eax 3
:005DA480 E8B3101400              call 0071B538 
:005DA485 83C418                  add esp, 00000018 
:005DA488 8D8D00FFFFFF            lea ecx, dword ptr [ebp+FFFFFF00] 
:005DA48E 6A00                    push 00000000 
:005DA490 6A00                    push 00000000 
:005DA492 68F51EF500              push 00F51EF5 
:005DA497 51                      push ecx 1
:005DA498 6A01                    push 00000001 
:005DA49A B938337E00              mov ecx, 007E3338 
:005DA49F E8FC2CF3FF              call 0050D1A0 
:005DA4A4 5F                      pop edi 0D

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:   
|:005DA44B(C), :005DA45C(C), :005DA460(C) di
| 00
:005DA4A5 8B5304                  mov edx, dword ptr [ebx+04] re
:005DA4A8 B988828400              mov ecx, 00848288 
:005DA4AD 89153C9D8400            mov dword ptr [00849D3C], edx //BaseExp=
:005DA4B3 E878E60F00              call 006D8B30 
:005DA4B8 5E                      pop esi D8
:005DA4B9 5B                      pop ebx D8
:005DA4BA 8BE5                    mov esp, ebp  
:005DA4BC 5D                      pop ebp  e
:005DA4BD C20400                  ret 0004 e


:005DA4C0 8B4304                  mov eax, dword ptr [ebx+04] x 
:005DA4C3 B988828400              mov ecx, 00848288 
:005DA4C8 A3F89D8400              mov dword ptr [00849DF8], eax //JobExp=
:005DA4CD E85EE60F00              call 006D8B30 
:005DA4D2 5B                      pop ebx D8
:005DA4D3 8BE5                    mov esp, ebp  
:005DA4D5 5D                      pop ebp  e
:005DA4D6 C20400                  ret 0004 e


:005DA4D9 8B8110010000            mov eax, dword ptr [ecx+00000110] 
:005DA4DF 85C0                    test eax, eax 
:005DA4E1 7414                    je 005DA4F7 x 
:005DA4E3 C7811001000000000000    mov dword ptr [ebx+00000110], 00000000
:005DA4ED B988828400              mov ecx, 00848288 
:005DA4F2 E8B96A0F00              call 006D0FB0 

* Referenced by a (U)nconditional or (C)onditional Jump at Address: 
|:005DA4E1(C) y 
| 00
:005DA4F7 8B4B04                  mov ecx, dword ptr [ebx+04] re
:005DA4FA 890DE49D8400            mov dword ptr [00849DE4], ecx //Zeny=
:005DA500 B988828400              mov ecx, 00848288 
:005DA505 E826E60F00              call 006D8B30 
:005DA50A 5B                      pop ebx D8
:005DA50B 8BE5                    mov esp, ebp  
:005DA50D 5D                      pop ebp  e
:005DA50E C20400                  ret 0004 e


:005DA511 8B5304                  mov edx, dword ptr [ebx+04] x 
:005DA514 B988828400              mov ecx, 00848288 
:005DA519 8915489D8400            mov dword ptr [00849D48], edx //BaseExpNext=
:005DA51F E80CE60F00              call 006D8B30 
:005DA524 5B                      pop ebx D8
:005DA525 8BE5                    mov esp, ebp  
:005DA527 5D                      pop ebp  e
:005DA528 C20400                  ret 0004 e


:005DA52B 8B4304                  mov eax, dword ptr [ebx+04] x 
:005DA52E B988828400              mov ecx, 00848288 
:005DA533 A3F49D8400              mov dword ptr [00849DF4], eax //JobExpNext=
:005DA538 E8F3E50F00              call 006D8B30 


//Weight=
//WeightMax=
//關鍵字:* Possible StringData Ref from Data Obj ->"Weight %d%%" 

* Referenced by a (U)nconditional or (C)onditional Jump at Address: 
|:0046D5D5(C) y 
| 00
:0046D5F7 C3                      ret C)
:0046D5F8 90                      nop C)
:0046D5F9 90                      nop C)
:0046D5FA 90                      nop C)
:0046D5FB 90                      nop C)
:0046D5FC 90                      nop C)
:0046D5FD 90                      nop C)
:0046D5FE 90                      nop C)
:0046D5FF 90                      nop C)
:0046D600 55                      push ebp i
:0046D601 8BEC                    mov ebp, esp n
:0046D603 83EC40                  sub esp, 00000040 
:0046D606 56                      push esi 0
:0046D607 57                      push edi 0
:0046D608 8BF9                    mov edi, ecx 0
:0046D60A 8B4720                  mov eax, dword ptr [edi+20] re
:0046D60D 8B4F64                  mov ecx, dword ptr [edi+64] re
:0046D610 3BC1                    cmp eax, ecx d
:0046D612 0F858F000000            jne 0046D6A7 d
:0046D618 8D70EC                  lea esi, dword ptr [eax-14] re
:0046D61B 8B4508                  mov eax, dword ptr [ebp+08] re
:0046D61E 85C0                    test eax, eax 
:0046D620 0F8C81000000            jl 0046D6A7 x 
:0046D626 83F864                  cmp eax, 00000064 
:0046D629 7D7C                    jge 0046D6A7 0
:0046D62B 8B450C                  mov eax, dword ptr [ebp+0C] re
:0046D62E 3BC6                    cmp eax, esi d
:0046D630 7C75                    jl 0046D6A7  d
:0046D632 8D4E14                  lea ecx, dword ptr [esi+14] re
:0046D635 3BC1                    cmp eax, ecx d
:0046D637 7D6E                    jge 0046D6A7 d
:0046D639 8B0DF09D8400            mov ecx, dword ptr [00849DF0] //WeightMax=
:0046D63F 85C9                    test ecx, ecx 
:0046D641 750C                    jne 0046D64F  
:0046D643 51                      push ecx 6
:0046D644 8D55C0                  lea edx, dword ptr [ebp-40] ] 

* Possible StringData Ref from Data Obj ->"Weight %d%%" 
                                  | 
:0046D647 68781F7700              push 00771F78 
:0046D64C 52                      push edx 1
:0046D64D EB1B                    jmp 0046D66A  

* Referenced by a (U)nconditional or (C)onditional Jump at Address: 
|:0046D641(C) y 
| 00
:0046D64F A1FC9D8400              mov eax, dword ptr [00849DFC] //Weight=
:0046D654 8D0480                  lea eax, dword ptr [eax+4*eax]
:0046D657 8D0480                  lea eax, dword ptr [eax+4*eax]
:0046D65A C1E002                  shl eax, 02 rd
:0046D65D 99                      cdq ea
:0046D65E F7F9                    idiv ecx 0
:0046D660 50                      push eax 0
:0046D661 8D45C0                  lea eax, dword ptr [ebp-40] x]

* Possible StringData Ref from Data Obj ->"Weight %d%%" 
                                  | 
:0046D664 68781F7700              push 00771F78 
:0046D669 50                      push eax 1


//BaseLv=
//JobLv=
//關鍵字:* Possible StringData Ref from Data Obj ->"Base Lv. %d" 
//關鍵字:* Possible StringData Ref from Data Obj ->"Job Lv. %d"  

* Referenced by a (U)nconditional or (C)onditional Jump at Address: 
|:0046D2F8(C) y 
| 00
:0046D30E 8B15409D8400            mov edx, dword ptr [00849D40] //BaseLv=
:0046D314 8D8564FFFFFF            lea eax, dword ptr [ebp+FFFFFF64] 
:0046D31A 52                      push edx d

* Possible StringData Ref from Data Obj ->"Base Lv. %d" 

* Referenced by a (U)nconditional or (C)onditional Jump at Address: 
|:0046D352(C) y 
| 00
:0046D368 8B154C9D8400            mov edx, dword ptr [00849D4C] //JobLv=
:0046D36E 8D8564FFFFFF            lea eax, dword ptr [ebp+FFFFFF64] 
:0046D374 52                      push edx d

* Possible StringData Ref from Data Obj ->"Job Lv. %d"  


//HPIndex=
//MaxHPTable=
//2011/01/28 Update
//關鍵字:mov eax, dword ptr [esi+00000E6A] 

* Referenced by a (U)nconditional or (C)onditional Jump at Address: 
|:0061CDB3(C) y 
| 00
:0061CDC8 8D14C500000000          lea edx, dword ptr [8*eax+00000000] ] 
:0061CDCF 2BD0                    sub edx, eax d
:0061CDD1 33C0                    xor eax, eax d
:0061CDD3 C1E204                  shl edx, 04  d
:0061CDD6 8A841AAC0E0000          mov al, byte ptr [edx+ebx+00000EAC] ] 
:0061CDDD 8D341A                  lea esi, dword ptr [edx+ebx] 0
:0061CDE0 A358968400              mov dword ptr [00849658], eax 
:0061CDE5 0FBF8E780E0000          movsx ecx, word ptr [esi+00000E78]
:0061CDEC 890D389D8400            mov dword ptr [00849D38], ecx 
:0061CDF2 B988828400              mov ecx, 00848288 
:0061CDF7 E834BD0B00              call 006D8B30 
:0061CDFC B988828400              mov ecx, 00848288 
:0061CE01 E88ABC0B00              call 006D8A90 
:0061CE06 8B96400E0000            mov edx, dword ptr [esi+00000E40] 
:0061CE0C B988828400              mov ecx, 00848288 
:0061CE11 89152C9D8400            mov dword ptr [00849D2C], edx 
:0061CE17 0FBF86760E0000          movsx eax, word ptr [esi+00000E76]
:0061CE1E A3E89D8400              mov dword ptr [00849DE8], eax 
:0061CE23 E808BD0B00              call 006D8B30 
:0061CE28 0FBF8E7E0E0000          movsx ecx, word ptr [esi+00000E7E]
:0061CE2F 890D409D8400            mov dword ptr [00849D40], ecx 
:0061CE35 B988828400              mov ecx, 00848288 
:0061CE3A E8F1BC0B00              call 006D8B30 
:0061CE3F 0FBF96800E0000          movsx edx, word ptr [esi+00000E80]
:0061CE46 B988828400              mov ecx, 00848288 
:0061CE4B 8915509D8400            mov dword ptr [00849D50], edx 
:0061CE51 E8DABC0B00              call 006D8B30 
:0061CE56 0FBF86680E0000          movsx eax, word ptr [esi+00000E68]
:0061CE5D B988828400              mov ecx, 00848288 
:0061CE62 A3449D8400              mov dword ptr [00849D44], eax 
:0061CE67 E8C4BC0B00              call 006D8B30 
:0061CE6C 33C9                    xor ecx, ecx  
:0061CE6E 8A8EA60E0000            mov cl, byte ptr [esi+00000EA6] 8]
:0061CE74 890D789D8400            mov dword ptr [00849D78], ecx 
:0061CE7A B988828400              mov ecx, 00848288 
:0061CE7F E8ACBC0B00              call 006D8B30 
:0061CE84 33D2                    xor edx, edx  
:0061CE86 B988828400              mov ecx, 00848288 
:0061CE8B 8A96A70E0000            mov dl, byte ptr [esi+00000EA7] 8]
:0061CE91 89157C9D8400            mov dword ptr [00849D7C], edx 
:0061CE97 E894BC0B00              call 006D8B30 
:0061CE9C 33C0                    xor eax, eax  
:0061CE9E B988828400              mov ecx, 00848288 
:0061CEA3 8A86A80E0000            mov al, byte ptr [esi+00000EA8] 8]
:0061CEA9 A3809D8400              mov dword ptr [00849D80], eax 
:0061CEAE E87DBC0B00              call 006D8B30 
:0061CEB3 33C9                    xor ecx, ecx  
:0061CEB5 8A8EA90E0000            mov cl, byte ptr [esi+00000EA9] 8]
:0061CEBB 890D849D8400            mov dword ptr [00849D84], ecx 
:0061CEC1 B988828400              mov ecx, 00848288 
:0061CEC6 E865BC0B00              call 006D8B30 
:0061CECB 33D2                    xor edx, edx  
:0061CECD B988828400              mov ecx, 00848288 
:0061CED2 8A96AA0E0000            mov dl, byte ptr [esi+00000EAA] 8]
:0061CED8 8915889D8400            mov dword ptr [00849D88], edx 
:0061CEDE E84DBC0B00              call 006D8B30 
:0061CEE3 33C0                    xor eax, eax  
:0061CEE5 B988828400              mov ecx, 00848288 
:0061CEEA 8A86AB0E0000            mov al, byte ptr [esi+00000EAB] 8]
:0061CEF0 A38C9D8400              mov dword ptr [00849D8C], eax 
:0061CEF5 E836BC0B00              call 006D8B30 
:0061CEFA 8B8E440E0000            mov ecx, dword ptr [esi+00000E44] 
:0061CF00 890D3C9D8400            mov dword ptr [00849D3C], ecx 
:0061CF06 B988828400              mov ecx, 00848288 
:0061CF0B E820BC0B00              call 006D8B30 
:0061CF10 8B15BCAF8400            mov edx, dword ptr [0084AFBC] 
:0061CF16 8B866A0E0000            mov eax, dword ptr [esi+00000E6A] 
:0061CF1C 8B0C95C8AF8400          mov ecx, dword ptr [4*edx+0084AFC8] ] 
:0061CF23 51                      push ecx d
:0061CF24 50                      push eax d
:0061CF25 B988828400              mov ecx, 00848288 
:0061CF2A E851990C00              call 006E6880 
:0061CF2F 8B0DB4AF8400            mov ecx, dword ptr [0084AFB4] //HPIndex=
:0061CF35 3B048D58B08400          cmp eax, dword ptr [4*ecx+0084B058] ] 
:0061CF3C 7417                    je 0061CF55 rd
:0061CF3E 89048D58B08400          mov dword ptr [4*ecx+0084B058], eax ] 
:0061CF45 B988828400              mov ecx, 00848288 
:0061CF4A E881BB0B00              call 006D8AD0 
:0061CF4F 8B0DB4AF8400            mov ecx, dword ptr [0084AFB4] //HPIndex=

* Referenced by a (U)nconditional or (C)onditional Jump at Address: 
|:0061CF3C(C) y 
| 00
:0061CF55 8B15BCAF8400            mov edx, dword ptr [0084AFBC] 
:0061CF5B 8B0C8D58B08400          mov ecx, dword ptr [4*ecx+0084B058] ] 
:0061CF62 8B0495C8AF8400          mov eax, dword ptr [4*edx+0084AFC8] ] 
:0061CF69 50                      push eax d
:0061CF6A 51                      push ecx d
:0061CF6B B988828400              mov ecx, 00848288 
:0061CF70 E86B9A0C00              call 006E69E0 
:0061CF75 8B15BCAF8400            mov edx, dword ptr [0084AFBC] 
:0061CF7B A308B28400              mov dword ptr [0084B208], eax 
:0061CF80 8B866E0E0000            mov eax, dword ptr [esi+00000E6E] 
:0061CF86 8B0C95C8AF8400          mov ecx, dword ptr [4*edx+0084AFC8] ] 
:0061CF8D 51                      push ecx d
:0061CF8E 50                      push eax d
:0061CF8F B988828400              mov ecx, 00848288 
:0061CF94 E8E7980C00              call 006E6880 
:0061CF99 8B0DC0AF8400            mov ecx, dword ptr [0084AFC0] 
:0061CF9F 3B048DF8AF8400          cmp eax, dword ptr [4*ecx+0084AFF8] ] //MaxHPTable=
:0061CFA6 7417                    je 0061CFBF rd
:0061CFA8 89048DF8AF8400          mov dword ptr [4*ecx+0084AFF8], eax ] //MaxHPTable=
:0061CFAF B988828400              mov ecx, 00848288 
:0061CFB4 E817BB0B00              call 006D8AD0 
:0061CFB9 8B0DC0AF8400            mov ecx, dword ptr [0084AFC0] 

9 件のコメント:

bocool さんのコメント...

想請教一個愚蠢的問題XD

就是您當初是如何辨識什麼些字串是負責哪個數值的?

以後也打算自己更新ini

所以想瞭解一下

瑋甯 さんのコメント...

我想請問一下用在自動芋裡面有個
[Patch]
Number=2984
還有
[Ragexe]
Size=3862648
這兩個怎麼找出來@@?


另外HP那個部份好像很難找到我只找到了一個規律性 如下
尋找關鍵字

* Possible StringData Ref from Data Obj ->"HP %d / %d"

然後這個上面的第一個被括號起來的
mov eax, dword ptr [00850698]
把它用小算盤16進位的扣掉210
就會是MaxHPTable
再扣掉44就會是HPIndex
給你參考看看@_@

千's notes さんのコメント...

number 是從 patch2.txt 裡
每次更新的 ragexe.exe 的版本號碼(或是辨識碼)

size 的話就單純是檔案大小而已

hp 的關鍵字確定是那串可以用了
只是有點長 不太容易辨識

當初這個是參考了很多文件
(巴哈的精華區 網路上的私服文件 有的沒有很多)
然後反組譯後 再下去對照
去推敲位址 才有這篇教學
(巴哈 bbs ro-t 版的教學也是我寫的 不過 bbs 介面比較不好讀 所以就只更新這邊了)

Kenny さんのコメント...

可不可以請大大提供最新的經典伺服器自動竽~
複製你上面的ragaddress他說要更新><
謝謝你喔!!

千's notes さんのコメント...

基本上 新幹線最近更新的執行檔
所有的伺服器都用相同的(也可能有例外)
應該能通用才對
不能用的話 要看你有沒有裝雙視窗(可能裝到舊版)
我也只有玩免服 只能測試免服而已

Kenny さんのコメント...

阿~~我免服也不能用耶~~為什麼~@@?
雙視窗是從romp3上面更新的 移除雙視窗後也是不能用 煩惱中...
你的教學我研究了一下 但是似乎是看不懂...
可以請你教我怎麼寫 感激不盡!!

Kenny さんのコメント...

不好意思@@我會了~~
但是
//HPIndex=
//MaxHPTable=
//關鍵字:lea edx, dword ptr [8*eax+00000000] ]
會找到很多組 關鍵字要搜尋哪一個才會找的到@@
謝謝你的指教~~

qookizz さんのコメント...

您好~小弟想要學習自己可以修改
我有在巴哈的ro-t翻到您的文章
http://bgrich.myweb.hinet.net/
可是我計算出來
CharName=
HPIndex=
MaxHPTable
這3各地方錯誤,其他都對得
小弟哪出錯了呢

千's notes さんのコメント...

//CharName=
這個關鍵字還沒換過 再試試

//HPIndex=
//MaxHPTable=
這2組的關鍵字換了(詳內文)