内存地址 内存修改值 exe修改值 1,不能生男子 0045E31E 0 60 0045E322 0 ae 0045E32B 57 9b 2,改生姬的机率,“高”改为50,“标准”改为20 (原来高是20 标准是5) 0045E3B7 32 69 0045E3C7 14 bd 0045e3d2 57 37 3,各大名可以生姬(包括女大名) 0046559A c408 6ac6 004655CA 0 00 004655AD 0a c4 004655BD 64 34 4,女将跟姬可以百合 008517c0 00 83 5.MOD锁定势力名专用 (例如有些人物的名字只有一个字“凉”,原来大名挂了后,由“凉”做新大名,势力会变成“无名氏“家的。 还有开了传承后,上衫跟德川两势力会固定变回“上衫家”跟“德川家”的,使用下面锁定势力名内存,将可以解决着这两个问题) 从1016f201处写入自定义函数内容,之前的部分虽然有空白区间 但是会莫名发生更改。。。 0057104c call 00520190 nop掉 //一般大名更换后换家名 0057104C 90 23 nop 0057104D 90 5c nop 0057104E 90 05 nop 0057104F 90 2e nop 00571050 90 90 nop 009E0241 call 00520190 nop掉 //开局传说换家名 009E0241 90 40 nop 009E0242 90 6b nop 009E0243 90 c0 nop 009E0244 90 3e nop 009E0245 90 5e nop 1016F201 8948 04 mov dword ptr ds:[eax+4],ecx 1016F204 8338 00 cmp dword ptr ds:[eax], 0 1016F207 - 0F84 ADEF38F0 je modNOBU1.004FE1BA 1016F20D 8848 0A mov byte ptr ds:[eax+A], cl 1016F210 8B4C24 04 mov ecx, dword ptr ss:[esp+4]1016F214 8379 18 10 cmp dword ptr ds:[ecx+18],10 1016F218 72 12 jb short modNOBU1.1016F22C 1016F21A 8B49 04 mov ecx, dword ptr ds:[ecx+4] 1016F21D 6A 0A push 0A 1016F21F 51 push ecx 1016F220 50 push eax 1016F221 E8 5DF7ACF0 call modNOBU1.00C3E983 1016F226 83C4 0C add esp, 0C 1016F229 C2 0400 retn 4 1016F22C 83C1 04 add ecx, 4 1016F22F C2 0400 retn 4 1016F232 90 nop 1016F240 8948 04 mov dword ptr ds:[eax+4],ecx 1016F243 8338 00 cmp dword ptr ds:[eax], 0 1016F246 - 0F84 FEEF38F0 je modNOBU1.004FE24A 1016F24C 66:8948 08 mov word ptr ds:[eax+8], cx 1016F250 8848 0A mov byte ptr ds:[eax+A], cl 1016F253 8B4C24 04 mov ecx, dword ptr ss:[esp+4] 1016F257 8379 18 10 cmp dword ptr ds:[ecx+18], 10 1016F25B 72 12 jb short modNOBU1.1016F26F 1016F25D 8B49 04 mov ecx, dword ptr ds:[ecx+4] 1016F260 6A 0A push 0A 1016F262 51 push ecx 1016F263 50 push eax 1016F264 E8 1AF7ACF0 call modNOBU1.00C3E983 1016F269 83C4 0C add esp, 0C 1016F26C C2 0400 retn 4 1016F26F 83C1 04 add ecx, 4 1016F272 C2 0400 retn 4 让新武将不会更改家名。这里的改动会让改名事件发生后,实际上人物的名字并不会发生变化。 004FE1B5 - E9 4710C70F 57 4710a7df jmp modNOBU1.1016F201 004FE245 - E9 F60FC70F 57 f60fa7df jmp modNOBU1.1016F240 ***************************************************************************************************************************** 6.读取BGMSET.ini中的内容来调整背景音乐 (就是任何势力都可以有自己的独有BGM的内存修改) 游戏中切换势力更改玩家指针的地方: 原代码 00629EA0 - 8b 44 24 04 - mov eax,[esp+04] 00629EA4 - 89 81 20 02 00 00 - mov [ecx+00000220],eax 00629EAA - c2 04 00 - ret 0004 内存中改为: 00629EA0 - e9 3b 54 b4 0f - jmp 1016f2e0 00629EA5 - 90 - nop 00629EA6 - 90 - nop 00629EA7 - 90 - nop 00629EA8 - 90 - nop 00629EA9 - 90 - nop 00629EAA - c2 04 00 - ret 0004 --------------------------------------------------------------------- exe 00229ea0处改为 5AF7C10A0F90F0406BC0 --------------------------------------------------------------------- 载入游戏时更改玩家指针的地方 原代码: 004FEDE1 - 89 07 - mov [edi],eax // 004FEDE3 - 5f - pop edi //此三行,除了本身顺序的函数调用会用到,还会在其他地方引用 004FEDE4 - 5e - pop esi //所以这三行,是不可以改的 004FEDE5 - c3 - ret 内存中改为: 004FEDE1 - eb 03 - jmp 004fede6 //为了保证原来代码的内容不变,先短跳跃一下 004FEDE3 - 5f - pop edi 004FEDE4 - 5e - pop esi 004FEDE5 - c3 - ret 004FEDE6 - e9 23 05 c7 0f - jmp 1016f30e --------------------------------------------------------------------- exe 000fede1处改为 EB638FA59347ED406E8F --------------------------------------------------------------------- exe 00ef8280 处,修改为以下内容,这些是变量的初始化,凡地址后面有数据的都要改 1016f280 2e 5c 42 47 4d 53 45 54 2e 69 6e 69 00 .\BGMSET.ini 1016f290 00 00 00 00 00 存放读取的字符的地方 1016f298 42 47 4d 31 39 00 默认的值 BGM19 只读 1016f2A0 66 6c 61 67 31 32 38 00 flagXXX 给定的参数存放 1016f2a8 4e 4f 52 4d 41 4c 00 NORMAL 段,只读 1016f2B0 00 00 00 00 存放家纹 1016f2b4 家纹10进制 百位 1016f2b8 家纹10进制 十位 1016f2bc 家纹10进制 个位 1016f2c0 跳跃标志 1016f2c8 42 47 4d 30 32 00 默认的值 BGM02 只读 1016f2ce 42 47 4d 30 34 00 默认的值 BGM04 只读 1016f2d4 42 47 4d 30 35 00 默认的值 BGM05 只读 1016f520 53 49 45 47 45 00 SIEGE 1016f528 46 49 45 4c 44 00 FIELD 1016f530 42 41 54 54 4c 45 00 BATTLE exe 00ef82e0 处修改为以下值 1016F2E0 8B4424 04 mov eax, dword ptr ss:[esp+4] 1016F2E4 8981 20020000 mov dword ptr ds:[ecx+220], eax 1016F2EA C705 C0F21610 01000000 mov dword ptr ds:[1016F2C0], 1 1016F2F4 53 push ebx 1016F2F5 8B1D F04A0701 mov ebx, dword ptr ds:[1074AF0] 1016F2FB 8B9B 0C030000 mov ebx, dword ptr ds:[ebx+30C] 1016F301 3BD9 cmp ebx, ecx 1016F303 75 63 jnz short 1016F368 1016F305 90 nop 1016F306 90 nop 1016F307 90 nop 1016F308 90 nop 1016F309 EB 2A jmp short 1016F335 1016F30B 90 nop 1016F30C 90 nop 1016F30D 90 nop 1016F30E 8907 mov dword ptr ds:[edi], eax 1016F310 C705 C0F21610 02000000 mov dword ptr ds:[1016F2C0], 2 1016F31A 53 push ebx 1016F31B 8B1D F04A0701 mov ebx, dword ptr ds:[1074AF0] 1016F321 8B9B 0C030000 mov ebx, dword ptr ds:[ebx+30C] 1016F327 81C3 20020000 add ebx, 220 1016F32D 3BFB cmp edi, ebx 1016F32F 75 3B jnz short 1016F36C 1016F331 90 nop 1016F332 90 nop 1016F333 90 nop 1016F334 90 nop 1016F335 85C0 test eax, eax 1016F337 74 0E je short 1016F347 1016F339 90 nop 1016F33A 90 nop 1016F33B 90 nop 1016F33C 90 nop 1016F33D 8378 08 00 cmp dword ptr ds:[eax+8], 0 1016F341 75 2D jnz short 1016F370 1016F343 90 nop 1016F344 90 nop 1016F345 90 nop 1016F346 90 nop 1016F347 C705 44F0E700 42474D31 mov dword ptr ds:[E7F044], 314D4742 1016F351 C705 48F0E700 372E6B76 mov dword ptr ds:[E7F048], 766B2E37 1016F35B 833D C0F21610 01 cmp dword ptr ds:[1016F2C0], 1 1016F362 75 08 jnz short 1016F36C 1016F364 90 nop 1016F365 90 nop 1016F366 90 nop 1016F367 90 nop 1016F368 5B pop ebx 1016F369 C2 0400 retn 4 1016F36C 5B pop ebx 1016F36D 5F pop edi 1016F36E 5E pop esi 1016F36F C3 retn 1016F370 50 push eax 1016F371 8B58 08 mov ebx, dword ptr ds:[eax+8] 1016F374 8B83 C4000000 mov eax, dword ptr ds:[ebx+C4] 1016F37A A3 B0F21610 mov dword ptr ds:[1016F2B0], eax 1016F37F 52 push edx 1016F380 BA 00000000 mov edx, 0 1016F385 BB 64000000 mov ebx, 64 1016F38A F7F3 div ebx 1016F38C A3 B4F21610 mov dword ptr ds:[1016F2B4], eax 1016F391 8BC2 mov eax, edx 1016F393 BA 00000000 mov edx, 0 1016F398 BB 0A000000 mov ebx, 0A 1016F39D F7F3 div ebx 1016F39F A3 B8F21610 mov dword ptr ds:[1016F2B8], eax 1016F3A4 8915 BCF21610 mov dword ptr ds:[1016F2BC], edx 1016F3AA 8305 B4F21610 30 add dword ptr ds:[1016F2B4], 30 1016F3B1 8305 B8F21610 30 add dword ptr ds:[1016F2B8], 30 1016F3B8 C125 B8F21610 08 shl dword ptr ds:[1016F2B8], 8 1016F3BF 8305 BCF21610 30 add dword ptr ds:[1016F2BC], 30 1016F3C6 C125 BCF21610 10 shl dword ptr ds:[1016F2BC], 10 1016F3CD C705 A0F21610 666C6167 mov dword ptr ds:[1016F2A0], 67616C66 1016F3D7 A1 B4F21610 mov eax, dword ptr ds:[1016F2B4] 1016F3DC A3 A4F21610 mov dword ptr ds:[1016F2A4], eax 1016F3E1 A1 B8F21610 mov eax, dword ptr ds:[1016F2B8] 1016F3E6 0105 A4F21610 add dword ptr ds:[1016F2A4], eax 1016F3EC A1 BCF21610 mov eax, dword ptr ds:[1016F2BC] 1016F3F1 0105 A4F21610 add dword ptr ds:[1016F2A4], eax 1016F3F7 68 80F21610 push 1016F280 ; ASCII ".\BGMSET.ini" 1016F3FC 6A 06 push 6 1016F3FE 68 90F21610 push 1016F290 1016F403 68 98F21610 push 1016F298 ; ASCII "BGM19" 1016F408 68 A0F21610 push 1016F2A0 1016F40D 68 A8F21610 push 1016F2A8 ; ASCII "NORMAL" 平时 1016F412 FF15 08CE1510 call dword ptr ds:[1015CE08] ; kernel32.GetPrivateProfileStringA 1016F418 A1 90F21610 mov eax, dword ptr ds:[1016F290] 1016F41D A3 44F0E700 mov dword ptr ds:[E7F044], eax 1016F422 A1 94F21610 mov eax, dword ptr ds:[1016F294] 1016F427 25 FF000000 and eax, 0FF 1016F42C 05 002E6B76 add eax, 766B2E00 1016F431 A3 48F0E700 mov dword ptr ds:[E7F048], eax 1016F436 68 80F21610 push 1016F280 ; ASCII ".\BGMSET.ini" 1016F43B 6A 06 push 6 1016F43D 68 90F21610 push 1016F290 1016F442 68 D4F21610 push 1016F2D4 ; ASCII "BGM05" 1016F447 68 A0F21610 push 1016F2A0 1016F44C 68 20F51610 push 1016F520 ; ASCII "SIEGE" 攻城 1016F451 FF15 08CE1510 call dword ptr ds:[<&KERNEL32.GetPrivateProfileStringA>] ; kernel32.GetPrivateProfileStringA 1016F457 A1 90F21610 mov eax, dword ptr ds:[1016F290] 1016F45C A3 40EFE700 mov dword ptr ds:[E7EF40], eax 1016F461 A1 94F21610 mov eax, dword ptr ds:[1016F294] 1016F466 25 FF000000 and eax, 0FF 1016F46B 05 002E6B76 add eax, 766B2E00 1016F470 A3 44EFE700 mov dword ptr ds:[E7EF44], eax 1016F475 68 80F21610 push 1016F280 ; ASCII ".\BGMSET.ini" 1016F47A 6A 06 push 6 1016F47C 68 90F21610 push 1016F290 1016F481 68 CEF21610 push 1016F2CE ; ASCII "BGM04" 1016F486 68 A0F21610 push 1016F2A0 1016F48B 68 28F51610 push 1016F528 ; ASCII "FIELD" 野战 1016F490 FF15 08CE1510 call dword ptr ds:[<&KERNEL32.GetPrivateProfileStringA>] ; kernel32.GetPrivateProfileStringA 1016F496 A1 90F21610 mov eax, dword ptr ds:[1016F290] 1016F49B A3 2CEFE700 mov dword ptr ds:[E7EF2C], eax 1016F4A0 A3 68EFE700 mov dword ptr ds:[E7EF68], eax 1016F4A5 A1 94F21610 mov eax, dword ptr ds:[1016F294] 1016F4AA 25 FF000000 and eax, 0FF 1016F4AF 05 002E6B76 add eax, 766B2E00 1016F4B4 A3 30EFE700 mov dword ptr ds:[E7EF30], eax 1016F4B9 A3 6CEFE700 mov dword ptr ds:[E7EF6C], eax 1016F4BE 68 80F21610 push 1016F280 ; ASCII ".\BGMSET.ini" 1016F4C3 6A 06 push 6 1016F4C5 68 90F21610 push 1016F290 1016F4CA 68 C8F21610 push 1016F2C8 ; ASCII "BGM02" 1016F4CF 68 A0F21610 push 1016F2A0 1016F4D4 68 30F51610 push 1016F530 ; ASCII "BATTLE" 进军 1016F4D9 FF15 08CE1510 call dword ptr ds:[<&KERNEL32.GetPrivateProfileStringA>] ; kernel32.GetPrivateProfileStringA 1016F4DF A1 90F21610 mov eax, dword ptr ds:[1016F290] 1016F4E4 A3 04EFE700 mov dword ptr ds:[E7EF04], eax 1016F4E9 A3 54EFE700 mov dword ptr ds:[E7EF54], eax 1016F4EE A1 94F21610 mov eax, dword ptr ds:[1016F294] 1016F4F3 25 FF000000 and eax, 0FF 1016F4F8 05 002E6B76 add eax, 766B2E00 1016F4FD A3 08EFE700 mov dword ptr ds:[E7EF08], eax 1016F502 A3 58EFE700 mov dword ptr ds:[E7EF58], eax 1016F507 5A pop edx 1016F508 58 pop eax 1016F509 5B pop ebx 1016F50A 833D C0F21610 01 cmp dword ptr ds:[1016F2C0], 1 1016F511 75 03 jnz short 1016F516 1016F513 C2 0400 retn 4 1016F516 5F pop edi 1016F517 5E pop esi 1016F518 C3 retn ps: [1074af0] 基址a [基址a+0x30c]+0x220 就是判断玩家是哪个势力的地址 该地址指向势力列表中对应的势力开始的地址 ***************************************************************************************************************************** 7.妨害战法带伤害值: (就是使妨害战法,如骂声,乱破等都带伤害参数,而原来的离间,火牛也可以使用这些新的伤害参数) 1016f540 储存施放者智力 <原文件exe ef8550处开始修改> 1016F550 50 push eax //获得施术武将智力并储存的函数 1016F551 8B46 08 mov eax, dword ptr ds:[esi+8] 1016F554 8B40 20 mov eax, dword ptr ds:[eax+20] 1016F557 8B40 10 mov eax, dword ptr ds:[eax+10] 1016F55A 8B40 08 mov eax, dword ptr ds:[eax+8] 1016F55D 8B80 C0010000 mov eax, dword ptr ds:[eax+1C0] 1016F563 A3 40F51610 mov dword ptr ds:[1016F540], eax 1016F568 58 pop eax 1016F569 C3 retn 1016F570 E8 DBFFFFFF call modNOBU1.1016F550 //与原程序接口,先调用自写函数获得施术武将智力并储存 1016F575 6A FF push -1 1016F577 68 88FADB00 push modNOBU1.00DBFA88 1016F57C - E9 960947F0 jmp modNOBU1.005DFF17 1016F5B0 83EC 08 sub esp, 8 //自写伤害函数 1016F5B3 53 push ebx 1016F5B4 56 push esi 1016F5B5 8B7424 14 mov esi, dword ptr ss:[esp+14] 1016F5B9 56 push esi 1016F5BA 8BD9 mov ebx, ecx 1016F5BC E8 2F093CF0 call modNOBU1.0052FEF0 //?判断小队是否受到伤害 1016F5C1 83C4 04 add esp, 4 1016F5C4 84C0 test al, al 1016F5C6 0F84 E8000000 je modNOBU1.1016F6B4 1016F5CC 8B06 mov eax, dword ptr ds:[esi] 1016F5CE 8B90 84000000 mov edx, dword ptr ds:[eax+84] 1016F5D4 57 push edi 1016F5D5 8BCE mov ecx, esi 1016F5D7 BF 01000000 mov edi, 1 1016F5DC FFD2 call edx 1016F5DE 84C0 test al, al 1016F5E0 74 1B je short modNOBU1.1016F5FD 1016F5E2 90 nop 1016F5E3 90 nop 1016F5E4 90 nop 1016F5E5 90 nop 1016F5E6 56 push esi 1016F5E7 E8 34BD4CF0 call modNOBU1.0063B320 1016F5EC 83C4 04 add esp, 4 1016F5EF 85C0 test eax, eax 1016F5F1 7E 0A jle short modNOBU1.1016F5FD //判断对象是否是一个据点,如果是部队就跳 1016F5F3 90 nop 1016F5F4 90 nop 1016F5F5 90 nop 1016F5F6 90 nop 1016F5F7 BF 02000000 mov edi, 2 //对城效果减半 1016F5FC 90 nop 1016F5FD 8B06 mov eax, dword ptr ds:[esi] 1016F5FF 8B90 88000000 mov edx, dword ptr ds:[eax+88] 1016F605 8BCE mov ecx, esi 1016F607 FFD2 call edx 1016F609 BA 14000000 mov edx, 14 //伤害变量 A = 20 1016F60E E8 AC000000 call modNOBU1.1016F6BF //调用自写伤害数值函数 1016F613 8BCE mov ecx, esi 1016F615 C74424 0C 64000000 mov dword ptr ss:[esp+C], 64 1016F61D F7FF idiv edi //对据点减弱倍数 1016F61F 8BF8 mov edi, eax 1016F621 897C24 18 mov dword ptr ss:[esp+18], edi 1016F625 E8 066D3CF0 call modNOBU1.00536330 1016F62A 83FF 64 cmp edi, 64 1016F62D 8BC8 mov ecx, eax 1016F62F 894C24 10 mov dword ptr ss:[esp+10], ecx 1016F633 8D4424 18 lea eax, dword ptr ss:[esp+18] 1016F637 7F 04 jg short modNOBU1.1016F63D 1016F639 8D4424 0C lea eax, dword ptr ss:[esp+C] 1016F63D 3908 cmp dword ptr ds:[eax], ecx 1016F63F 7C 04 jl short modNOBU1.1016F645 1016F641 8D4424 10 lea eax, dword ptr ss:[esp+10] 1016F645 8B38 mov edi, dword ptr ds:[eax] 1016F647 8B06 mov eax, dword ptr ds:[esi] 1016F649 8B90 DC000000 mov edx, dword ptr ds:[eax+DC] 1016F64F 6A 01 push 1 1016F651 6A 01 push 1 1016F653 57 push edi 1016F654 68 822D0000 push 2D82 1016F659 8BCE mov ecx, esi 1016F65B FFD2 call edx 1016F65D 8BCE mov ecx, esi 1016F65F E8 CC6C3CF0 call modNOBU1.00536330 1016F664 2BC7 sub eax, edi 1016F666 50 push eax 1016F667 8BCE mov ecx, esi 1016F669 E8 821A3AF0 call modNOBU1.005110F0 1016F66E 8BCE mov ecx, esi 1016F670 E8 BB6C3CF0 call modNOBU1.00536330 1016F675 85C0 test eax, eax 1016F677 5F pop edi 1016F678 7F 3A jg short modNOBU1.1016F6B4 //判断是否灭队,没灭就跳 1016F67A 8B4B 08 mov ecx, dword ptr ds:[ebx+8] 1016F67D 8B01 mov eax, dword ptr ds:[ecx] 1016F67F 8B90 CC000000 mov edx, dword ptr ds:[eax+CC] 1016F685 FFD2 call edx 1016F687 84C0 test al, al 1016F689 74 10 je short modNOBU1.1016F69B 1016F68B 8B06 mov eax, dword ptr ds:[esi] 1016F68D 8B90 84000000 mov edx, dword ptr ds:[eax+84] 1016F693 8BCE mov ecx, esi 1016F695 FFD2 call edx 1016F697 84C0 test al, al 1016F699 75 19 jnz short modNOBU1.1016F6B4 //?是否全灭 1016F69B 8B4B 08 mov ecx, dword ptr ds:[ebx+8] 1016F69E 8B06 mov eax, dword ptr ds:[esi] 1016F6A0 8B50 40 mov edx, dword ptr ds:[eax+40] 1016F6A3 6A 00 push 0 1016F6A5 6A 00 push 0 1016F6A7 51 push ecx 1016F6A8 8BCE mov ecx, esi 1016F6AA FFD2 call edx 1016F6AC 5E pop esi 1016F6AD 5B pop ebx 1016F6AE 83C4 08 add esp, 8 1016F6B1 C2 0400 retn 4 1016F6B4 5E pop esi 1016F6B5 5B pop ebx 1016F6B6 83C4 08 add esp, 8 1016F6B9 C2 0400 retn 4 1016F6BF 53 push ebx //自写伤害计算函数,最终伤害为eax 1016F6C0 52 push edx 1016F6C1 8BD8 mov ebx, eax 1016F6C3 A1 40F51610 mov eax, dword ptr ds:[1016F540] 1016F6C8 B9 02000000 mov ecx, 2 //变量B 1016F6CD F7E9 imul ecx 1016F6CF 3BC3 cmp eax, ebx 1016F6D1 7F 02 jg short modNOBU1.1016F6D5 1016F6D3 8BC3 mov eax, ebx 1016F6D5 2BC3 sub eax, ebx 1016F6D7 5A pop edx 1016F6D8 03C2 add eax, edx 1016F6DA B9 0A000000 mov ecx, 0A //变量C 1016F6DF F7E9 imul ecx 1016F6E1 5B pop ebx 1016F6E2 C3 retn 对部队伤害 dmg = (施术武将智力*变量B - 受害部队武将智力+变量A )*变量C 此处,变量A=20,变量B=2,变量C=10 施术武将智力*变量B - 受害部队武将智力 此处会判断结果是否大于0,如果不是,会强制赋0。也就是说, dmg>=变量A*变量C,如果变量A*变量C小于100,则dmg=100。这是原游戏的设定,伤害最低不得少于100。 对城,dmg减半。 (其中变量A可根据不同战法需要改变数值,以备将来可能修改更多的计谋战法时用;但是B和C固定在程序中,作为整体调整) **建议调整变量A 和变量C,变量A在exe文件中的地址ef860a,变量C在exe中的地址ef86db,可以自己用16进制编辑器修改 005DFF10 - E9 5BF6B80F 7c e5f6b86f jmp mod.1016F570 005DFF15 90 40 nop 005DFF16 90 6b nop 005DFFAA E8 01F6B80F call modNOBU1.1016F5B0 _______________________火牛__________________________________ 005E06A0 - E9 4BF0B80F ac e270e38c jmp 1016F6F0 005E06A5 90 86 nop 005E06A6 90 23 nop 005D9421 BA 1E000000 mov edx, 1E 005D9426 E8 9462B90F call modNOBU1.1016F6BF 005D942B 8BCE mov ecx, esi 005D942D C74424 0C 64000000 mov dword ptr ss:[esp+C], 64 005D9435 EB 1A jmp short modNOBU1.005D9451 1016F6F0 E8 5BFEFFFF call modNOBU1.1016F550 1016F6F5 6A FF push -1 1016F6F7 68 E8FADB00 push modNOBU1.00DBFAE8 1016F6FC - E9 A60F47F0 jmp modNOBU1.005E06A7 参数A 原文件 1d9422处 _____________________离间_____________________________________ 005E0BA0 - E9 63EBB80F jmp modNOBU1.1016F708 005E0BA5 90 nop 005E0BA6 90 nop 005D9641 BA 0A000000 mov edx, 0A 005D9646 E8 7460B90F call modNOBU1.1016F6BF 005D964B 8BCE mov ecx, esi 005D964D C74424 0C 64000000 mov dword ptr ss:[esp+C], 64 005D9655 EB 1A jmp short modNOBU1.005D9671 1016F708 E8 43FEFFFF call modNOBU1.1016F550 1016F70D 6A FF push -1 1016F70F 68 78FBDB00 push modNOBU1.00DBFB78 1016F714 - E9 8E1447F0 jmp modNOBU1.005E0BA7 参数A 原文件 1d9642处 _____________________乱破_____________________________________ 005E0840 - E9 DBEEB80F jmp modNOBU1.1016F720 005E0845 90 nop 005E0846 90 nop 005E08DA - E9 B1ECB80F jmp modNOBU1.1016F590 1016F590 51 push ecx //在原骂声战法效果前增加伤害效果,此处先保存现场 1016F591 52 push edx 1016F592 53 push ebx 1016F593 54 push esp 1016F594 55 push ebp 1016F595 56 push esi 1016F596 57 push edi 1016F597 50 push eax 1016F598 E8 9B010000 call modNOBU1.1016F738 //调用自写伤害效果函数 1016F59D 5F pop edi //调用完毕,恢复现场 1016F59E 5E pop esi 1016F59F 5D pop ebp 1016F5A0 5C pop esp 1016F5A1 5B pop ebx 1016F5A2 5A pop edx 1016F5A3 59 pop ecx 1016F5A4 E8 979C46F0 call modNOBU1.005D9240 //原骂声减士气效果函数 1016F5A9 - E9 311347F0 jmp modNOBU1.005E08DF 1016F720 E8 2BFEFFFF call modNOBU1.1016F550 1016F725 6A FF push -1 1016F727 68 18FBDB00 push modNOBU1.00DBFB18 1016F72C - E9 161147F0 jmp modNOBU1.005E0847 1016F738 83EC 08 sub esp, 8 1016F73B 53 push ebx 1016F73C 56 push esi 1016F73D 8B7424 14 mov esi, dword ptr ss:[esp+14] 1016F741 56 push esi 1016F742 8BD9 mov ebx, ecx 1016F744 E8 A7073CF0 call modNOBU1.0052FEF0 1016F749 83C4 04 add esp, 4 1016F74C 84C0 test al, al 1016F74E 0F84 DF000000 je modNOBU1.1016F833 1016F754 8B06 mov eax, dword ptr ds:[esi] 1016F756 8B90 84000000 mov edx, dword ptr ds:[eax+84] 1016F75C 57 push edi 1016F75D 8BCE mov ecx, esi 1016F75F BF 01000000 mov edi, 1 1016F764 FFD2 call edx 1016F766 84C0 test al, al 1016F768 74 12 je short modNOBU1.1016F77C 1016F76A 56 push esi 1016F76B E8 B0BB4CF0 call modNOBU1.0063B320 1016F770 83C4 04 add esp, 4 1016F773 85C0 test eax, eax 1016F775 7E 05 jle short modNOBU1.1016F77C 1016F777 BF 02000000 mov edi, 2 1016F77C 8B06 mov eax, dword ptr ds:[esi] 1016F77E 8B90 88000000 mov edx, dword ptr ds:[eax+88] 1016F784 8BCE mov ecx, esi 1016F786 FFD2 call edx 1016F788 BA 14000000 mov edx, 14 //参数A 1016F78D E8 2DFFFFFF call modNOBU1.1016F6BF 1016F792 8BCE mov ecx, esi 1016F794 C74424 0C 64000000 mov dword ptr ss:[esp+C], 64 1016F79C F7FF idiv edi 1016F79E 8BF8 mov edi, eax 1016F7A0 897C24 18 mov dword ptr ss:[esp+18], edi 1016F7A4 E8 876B3CF0 call modNOBU1.00536330 1016F7A9 83FF 64 cmp edi, 64 1016F7AC 8BC8 mov ecx, eax 1016F7AE 894C24 10 mov dword ptr ss:[esp+10], ecx 1016F7B2 8D4424 18 lea eax, dword ptr ss:[esp+18] 1016F7B6 7F 04 jg short modNOBU1.1016F7BC 1016F7B8 8D4424 0C lea eax, dword ptr ss:[esp+C] 1016F7BC 3908 cmp dword ptr ds:[eax], ecx 1016F7BE 7C 04 jl short modNOBU1.1016F7C4 1016F7C0 8D4424 10 lea eax, dword ptr ss:[esp+10] 1016F7C4 8B38 mov edi, dword ptr ds:[eax] 1016F7C6 8B06 mov eax, dword ptr ds:[esi] 1016F7C8 8B90 DC000000 mov edx, dword ptr ds:[eax+DC] 1016F7CE 6A 01 push 1 1016F7D0 6A 01 push 1 1016F7D2 57 push edi 1016F7D3 68 822D0000 push 2D82 1016F7D8 8BCE mov ecx, esi 1016F7DA FFD2 call edx 1016F7DC 8BCE mov ecx, esi 1016F7DE E8 4D6B3CF0 call modNOBU1.00536330 1016F7E3 2BC7 sub eax, edi 1016F7E5 50 push eax 1016F7E6 8BCE mov ecx, esi 1016F7E8 E8 03193AF0 call modNOBU1.005110F0 1016F7ED 8BCE mov ecx, esi 1016F7EF E8 3C6B3CF0 call modNOBU1.00536330 1016F7F4 85C0 test eax, eax 1016F7F6 5F pop edi 1016F7F7 7F 3A jg short modNOBU1.1016F833 1016F7F9 8B4B 08 mov ecx, dword ptr ds:[ebx+8] 1016F7FC 8B01 mov eax, dword ptr ds:[ecx] 1016F7FE 8B90 CC000000 mov edx, dword ptr ds:[eax+CC] 1016F804 FFD2 call edx 1016F806 84C0 test al, al 1016F808 74 10 je short modNOBU1.1016F81A 1016F80A 8B06 mov eax, dword ptr ds:[esi] 1016F80C 8B90 84000000 mov edx, dword ptr ds:[eax+84] 1016F812 8BCE mov ecx, esi 1016F814 FFD2 call edx 1016F816 84C0 test al, al 1016F818 75 19 jnz short modNOBU1.1016F833 1016F81A 8B4B 08 mov ecx, dword ptr ds:[ebx+8] 1016F81D 8B06 mov eax, dword ptr ds:[esi] 1016F81F 8B50 40 mov edx, dword ptr ds:[eax+40] 1016F822 6A 00 push 0 1016F824 6A 00 push 0 1016F826 51 push ecx 1016F827 8BCE mov ecx, esi 1016F829 FFD2 call edx 1016F82B 5E pop esi 1016F82C 5B pop ebx 1016F82D 83C4 08 add esp, 8 1016F830 C2 0400 retn 4 1016F833 5E pop esi 1016F834 5B pop ebx 1016F835 83C4 08 add esp, 8 1016F838 C2 0400 retn 4 参数A 原文件 ef8789 处 _____________________________________________________________________________________________________ 以下为研究手稿 _____________________________________________________________________________________________________ 读取斗气消耗 005F8900 - 8b 41 74 - mov eax,[ecx+74] 005F8903 - c3 - ret 减斗气 536166 减对手兵力 5361BF 005D5DEE 52 push edx //对象部队的数据开头指针 005D5DEF 50 push eax //部分伤害数 005D5DF0 8BCD mov ecx, ebp 005D5DF2 E8 A903F6FF call mod.005361A0 005E178F 52 push edx 005E1790 50 push eax 005E1791 8BCF mov ecx, edi 005E1793 E8 3845FFFF call mod.005D5CD0 005E18B0 56 push esi 005E18B1 8BF1 mov esi, ecx 005E18B3 8B4E 08 mov ecx, dword ptr ds:[esi+8] 005E18B6 8B01 mov eax, dword ptr ds:[ecx] 005E18B8 8B90 F8000000 mov edx, dword ptr ds:[eax+F8] 005E18BE FFD2 call edx 005E18C0 84C0 test al, al 005E18C2 75 07 jnz short mod.005E18CB 005E18C4 8BCE mov ecx, esi 005E18C6 E8 95FCFFFF call mod.005E1560 005E18CB 32C0 xor al, al 005E18CD 5E pop esi 005E18CE C2 0400 retn 4 减士气 //005D9284 - 89 56 48 - mov [esi+48],edx 005DFFA7 50 push eax //对象部队的数据开头指针 005DFFA8 8BCF mov ecx, edi 005DFFAA E8 9192FFFF call mod.005D9240 005DFF10 6A FF push -1 005DFF12 68 88FADB00 push mod.00DBFA88 005DFF17 64:A1 00000000 mov eax, dword ptr fs:[0] 005DFF1D 50 push eax 005DFF1E 83EC 24 sub esp, 24 005DFF21 53 push ebx 005DFF22 56 push esi 005DFF23 57 push edi 005DFF24 A1 7C2B0601 mov eax, dword ptr ds:[1062B7C] 005DFF29 33C4 xor eax, esp 005DFF2B 50 push eax 005DFF2C 8D4424 34 lea eax, dword ptr ss:[esp+34] 005DFF30 64:A3 00000000 mov dword ptr fs:[0], eax 005DFF36 8BF9 mov edi, ecx 005DFF38 E8 3314E2FF call mod.00401370 005DFF3D 33F6 xor esi, esi 005DFF3F 56 push esi 005DFF40 8D4C24 14 lea ecx, dword ptr ss:[esp+14] 005DFF44 51 push ecx 005DFF45 8BC8 mov ecx, eax 005DFF47 E8 B450E2FF call mod.00405000 005DFF4C E8 CF13E2FF call mod.00401320 005DFF51 56 push esi 005DFF52 8D5424 1C lea edx, dword ptr ss:[esp+1C] 005DFF56 52 push edx 005DFF57 8BC8 mov ecx, eax 005DFF59 E8 A250E2FF call mod.00405000 005DFF5E E8 0D14E2FF call mod.00401370 005DFF63 56 push esi 005DFF64 8D4C24 24 lea ecx, dword ptr ss:[esp+24] 005DFF68 51 push ecx 005DFF69 8BC8 mov ecx, eax 005DFF6B E8 9050E2FF call mod.00405000 005DFF70 8D4C24 28 lea ecx, dword ptr ss:[esp+28] 005DFF74 E8 A7C4F2FF call mod.0050C420 005DFF79 894424 2C mov dword ptr ss:[esp+2C], eax 005DFF7D 897424 30 mov dword ptr ss:[esp+30], esi 005DFF81 8D5424 28 lea edx, dword ptr ss:[esp+28] 005DFF85 52 push edx 005DFF86 8BCF mov ecx, edi 005DFF88 897424 40 mov dword ptr ss:[esp+40], esi 005DFF8C E8 BFFEFFFF call mod.005DFE50 005DFF91 8B4424 2C mov eax, dword ptr ss:[esp+2C] 005DFF95 8B30 mov esi, dword ptr ds:[eax] 005DFF97 8BD8 mov ebx, eax 005DFF99 8DA424 00000000 lea esp, dword ptr ss:[esp] 005DFFA0 3BF3 cmp esi, ebx 005DFFA2 74 0F je short mod.005DFFB3 005DFFA4 8B46 08 mov eax, dword ptr ds:[esi+8] 005DFFA7 50 push eax 005DFFA8 8BCF mov ecx, edi 005DFFAA E8 9192FFFF call mod.005D9240 005DFFAF 8B36 mov esi, dword ptr ds:[esi] 005DFFB1 ^ EB ED jmp short mod.005DFFA0 005DFFB3 8D4C24 28 lea ecx, dword ptr ss:[esp+28] 005DFFB7 E8 44C5F2FF call mod.0050C500 005DFFBC 8B7424 2C mov esi, dword ptr ss:[esp+2C] 005DFFC0 E8 5B13E2FF call mod.00401320 005DFFC5 8B08 mov ecx, dword ptr ds:[eax] 005DFFC7 890E mov dword ptr ds:[esi], ecx 005DFFC9 8930 mov dword ptr ds:[eax], esi 005DFFCB 32C0 xor al, al 005DFFCD 8B4C24 34 mov ecx, dword ptr ss:[esp+34] 005DFFD1 64:890D 00000000 mov dword ptr fs:[0], ecx 005DFFD8 59 pop ecx 005DFFD9 5F pop edi 005DFFDA 5E pop esi 005DFFDB 5B pop ebx 005DFFDC 83C4 30 add esp, 30 005DFFDF C2 0400 retn 4 005D9240 51 push ecx 005D9241 56 push esi 005D9242 8B7424 0C mov esi, dword ptr ss:[esp+C] 005D9246 57 push edi 005D9247 56 push esi 005D9248 8BF9 mov edi, ecx 005D924A E8 A16CF5FF call mod.0052FEF0 005D924F 83C4 04 add esp, 4 005D9252 84C0 test al, al 005D9254 74 43 je short mod.005D9299 005D9256 8B47 08 mov eax, dword ptr ds:[edi+8] 005D9259 56 push esi 005D925A 50 push eax 005D925B E8 10EBF5FF call mod.00537D70 005D9260 8B4E 48 mov ecx, dword ptr ds:[esi+48] 005D9263 83C4 08 add esp, 8 005D9266 2BC8 sub ecx, eax 005D9268 894C24 08 mov dword ptr ss:[esp+8], ecx 005D926C C74424 10 00000000 mov dword ptr ss:[esp+10], 0 005D9274 8D4C24 10 lea ecx, dword ptr ss:[esp+10] 005D9278 78 04 js short mod.005D927E 005D927A 8D4C24 08 lea ecx, dword ptr ss:[esp+8] 005D927E 8B11 mov edx, dword ptr ds:[ecx] 005D9280 6A 01 push 1 005D9282 6A 01 push 1 005D9284 8956 48 mov dword ptr ds:[esi+48], edx 005D9287 8B16 mov edx, dword ptr ds:[esi] 005D9289 50 push eax 005D928A 8B82 DC000000 mov eax, dword ptr ds:[edx+DC] 005D9290 68 832D0000 push 2D83 005D9295 8BCE mov ecx, esi 005D9297 FFD0 call eax 005D9299 5F pop edi 005D929A 5E pop esi 005D929B 59 pop ecx 005D929C C2 0400 retn 4 //火牛 减兵力 0051112E - 89 51 28 - mov [ecx+28],edx 005E06A0 6A FF push -1 005E06A2 68 E8FADB00 push mod.00DBFAE8 005E06A7 64:A1 00000000 mov eax, dword ptr fs:[0] 005E06AD 50 push eax 005E06AE 83EC 24 sub esp, 24 005E06B1 53 push ebx 005E06B2 56 push esi 005E06B3 57 push edi 005E06B4 A1 7C2B0601 mov eax, dword ptr ds:[1062B7C] 005E06B9 33C4 xor eax, esp 005E06BB 50 push eax 005E06BC 8D4424 34 lea eax, dword ptr ss:[esp+34] 005E06C0 64:A3 00000000 mov dword ptr fs:[0], eax 005E06C6 8BF9 mov edi, ecx 005E06C8 E8 A30CE2FF call mod.00401370 005E06CD 33F6 xor esi, esi 005E06CF 56 push esi 005E06D0 8D4C24 14 lea ecx, dword ptr ss:[esp+14] 005E06D4 51 push ecx 005E06D5 8BC8 mov ecx, eax 005E06D7 E8 2449E2FF call mod.00405000 005E06DC E8 3F0CE2FF call mod.00401320 005E06E1 56 push esi 005E06E2 8D5424 1C lea edx, dword ptr ss:[esp+1C] 005E06E6 52 push edx 005E06E7 8BC8 mov ecx, eax 005E06E9 E8 1249E2FF call mod.00405000 005E06EE E8 7D0CE2FF call mod.00401370 005E06F3 56 push esi 005E06F4 8D4C24 24 lea ecx, dword ptr ss:[esp+24] 005E06F8 51 push ecx 005E06F9 8BC8 mov ecx, eax 005E06FB E8 0049E2FF call mod.00405000 005E0700 8D4C24 28 lea ecx, dword ptr ss:[esp+28] 005E0704 E8 17BDF2FF call mod.0050C420 005E0709 894424 2C mov dword ptr ss:[esp+2C], eax 005E070D 897424 30 mov dword ptr ss:[esp+30], esi 005E0711 8D5424 28 lea edx, dword ptr ss:[esp+28] 005E0715 52 push edx 005E0716 8BCF mov ecx, edi 005E0718 897424 40 mov dword ptr ss:[esp+40], esi 005E071C E8 BFFEFFFF call mod.005E05E0 // 可能是判断是否被对方高智武将格档 005E0721 8B4424 2C mov eax, dword ptr ss:[esp+2C] 005E0725 8B30 mov esi, dword ptr ds:[eax] 005E0727 8BD8 mov ebx, eax 005E0729 8DA424 00000000 lea esp, dword ptr ss:[esp] 005E0730 3BF3 cmp esi, ebx 005E0732 74 0F je short mod.005E0743 005E0734 8B46 08 mov eax, dword ptr ds:[esi+8] 005E0737 50 push eax 005E0738 8BCF mov ecx, edi 005E073A E8 918CFFFF call mod.005D93D0 // 小队效果 005E073F 8B36 mov esi, dword ptr ds:[esi] 005E0741 ^ EB ED jmp short mod.005E0730 005E0743 8D4C24 28 lea ecx, dword ptr ss:[esp+28] 005E0747 E8 B4BDF2FF call mod.0050C500 005E074C 8B7424 2C mov esi, dword ptr ss:[esp+2C] 005E0750 E8 CB0BE2FF call mod.00401320 005E0755 8B08 mov ecx, dword ptr ds:[eax] 005E0757 890E mov dword ptr ds:[esi], ecx 005E0759 8930 mov dword ptr ds:[eax], esi 005E075B 32C0 xor al, al 005E075D 8B4C24 34 mov ecx, dword ptr ss:[esp+34] 005E0761 64:890D 00000000 mov dword ptr fs:[0], ecx 005E0768 59 pop ecx 005E0769 5F pop edi 005E076A 5E pop esi 005E076B 5B pop ebx 005E076C 83C4 30 add esp, 30 005E076F C2 0400 retn 4 005D93D0 83EC 08 sub esp, 8 005D93D3 53 push ebx 005D93D4 56 push esi 005D93D5 8B7424 14 mov esi, dword ptr ss:[esp+14] 005D93D9 56 push esi 005D93DA 8BD9 mov ebx, ecx 005D93DC E8 0F6BF5FF call mod.0052FEF0 005D93E1 83C4 04 add esp, 4 005D93E4 84C0 test al, al 005D93E6 0F84 46010000 je mod.005D9532 //判断小队是否受计谋影响 005D93EC 8B06 mov eax, dword ptr ds:[esi] 005D93EE 8B90 84000000 mov edx, dword ptr ds:[eax+84] 005D93F4 57 push edi 005D93F5 8BCE mov ecx, esi 005D93F7 BF 01000000 mov edi, 1 005D93FC FFD2 call edx 005D93FE 84C0 test al, al 005D9400 74 13 je short mod.005D9415 005D9402 56 push esi 005D9403 E8 181F0600 call mod.0063B320 005D9408 83C4 04 add esp, 4 005D940B 85C0 test eax, eax 005D940D 7E 06 jle short mod.005D9415 //是否是对城 005D940F 8B3D 24DE0001 mov edi, dword ptr ds:[100DE24] 005D9415 8B06 mov eax, dword ptr ds:[esi] 005D9417 8B90 88000000 mov edx, dword ptr ds:[eax+88] 005D941D 8BCE mov ecx, esi 005D941F FFD2 call edx 005D9421 8B15 48DE0001 mov edx, dword ptr ds:[100DE48] 005D9427 2B15 4CDE0001 sub edx, dword ptr ds:[100DE4C] 005D942D 8BC8 mov ecx, eax 005D942F 0315 3CDE0001 add edx, dword ptr ds:[100DE3C] 005D9435 A1 40DE0001 mov eax, dword ptr ds:[100DE40] 005D943A 2BC1 sub eax, ecx 005D943C 0FAFC2 imul eax, edx 005D943F 99 cdq 005D9440 F73D 44DE0001 idiv dword ptr ds:[100DE44] 005D9446 8BCE mov ecx, esi 005D9448 C74424 0C 64000000 mov dword ptr ss:[esp+C], 64 005D9450 99 cdq 005D9451 F7FF idiv edi 005D9453 8BF8 mov edi, eax 005D9455 897C24 18 mov dword ptr ss:[esp+18], edi 005D9459 E8 D2CEF5FF call mod.00536330 005D945E 83FF 64 cmp edi, 64 005D9461 8BC8 mov ecx, eax 005D9463 894C24 10 mov dword ptr ss:[esp+10], ecx 005D9467 8D4424 18 lea eax, dword ptr ss:[esp+18] 005D946B 7F 04 jg short mod.005D9471 005D946D 8D4424 0C lea eax, dword ptr ss:[esp+C] 005D9471 3908 cmp dword ptr ds:[eax], ecx 005D9473 7C 04 jl short mod.005D9479 005D9475 8D4424 10 lea eax, dword ptr ss:[esp+10] 005D9479 8B38 mov edi, dword ptr ds:[eax] 005D947B 8B06 mov eax, dword ptr ds:[esi] 005D947D 8B90 DC000000 mov edx, dword ptr ds:[eax+DC] 005D9483 6A 01 push 1 005D9485 6A 01 push 1 005D9487 57 push edi 005D9488 68 822D0000 push 2D82 005D948D 8BCE mov ecx, esi 005D948F FFD2 call edx 005D9491 8BCE mov ecx, esi 005D9493 E8 98CEF5FF call mod.00536330 005D9498 2BC7 sub eax, edi 005D949A 50 push eax 005D949B 8BCE mov ecx, esi 005D949D E8 4E7CF3FF call mod.005110F0 //改变兵力的函数,游戏中多处调用 005D94A2 8BCE mov ecx, esi 005D94A4 E8 87CEF5FF call mod.00536330 005D94A9 85C0 test eax, eax 005D94AB 5F pop edi 005D94AC 7F 3A jg short mod.005D94E8 //是否因伤害而灭队 如果没有就跳 005D94AE 8B4B 08 mov ecx, dword ptr ds:[ebx+8] 005D94B1 8B01 mov eax, dword ptr ds:[ecx] 005D94B3 8B90 CC000000 mov edx, dword ptr ds:[eax+CC] 005D94B9 FFD2 call edx 005D94BB 84C0 test al, al 005D94BD 74 10 je short mod.005D94CF 005D94BF 8B06 mov eax, dword ptr ds:[esi] 005D94C1 8B90 84000000 mov edx, dword ptr ds:[eax+84] 005D94C7 8BCE mov ecx, esi 005D94C9 FFD2 call edx 005D94CB 84C0 test al, al 005D94CD 75 19 jnz short mod.005D94E8 005D94CF 8B4B 08 mov ecx, dword ptr ds:[ebx+8] 005D94D2 8B06 mov eax, dword ptr ds:[esi] 005D94D4 8B50 40 mov edx, dword ptr ds:[eax+40] 005D94D7 6A 00 push 0 005D94D9 6A 00 push 0 005D94DB 51 push ecx 005D94DC 8BCE mov ecx, esi 005D94DE FFD2 call edx 005D94E0 5E pop esi 005D94E1 5B pop ebx 005D94E2 83C4 08 add esp, 8 005D94E5 C2 0400 retn 4 005D94E8 56 push esi 005D94E9 E8 32DCF5FF call mod.00537120 005D94EE 83C4 04 add esp, 4 005D94F1 84C0 test al, al 005D94F3 74 3D je short mod.005D9532 //判断是否增加混乱状态,如果对手抵抗了就跳 005D94F5 8B06 mov eax, dword ptr ds:[esi] 005D94F7 8B90 84000000 mov edx, dword ptr ds:[eax+84] 005D94FD 8BCE mov ecx, esi 005D94FF FFD2 call edx 005D9501 84C0 test al, al 005D9503 75 0D jnz short mod.005D9512 005D9505 6A 05 push 5 005D9507 8BCE mov ecx, esi 005D9509 E8 A2850200 call mod.00601AB0 005D950E 84C0 test al, al 005D9510 75 20 jnz short mod.005D9532 005D9512 8B43 18 mov eax, dword ptr ds:[ebx+18] 005D9515 6A 00 push 0 005D9517 6A 02 push 2 005D9519 50 push eax 005D951A 56 push esi 005D951B E8 F0E0F5FF call mod.00537610 005D9520 8B4B 08 mov ecx, dword ptr ds:[ebx+8] 005D9523 6A 01 push 1 005D9525 6A 00 push 0 005D9527 50 push eax 005D9528 51 push ecx 005D9529 56 push esi 005D952A E8 11450300 call mod.0060DA40 005D952F 83C4 24 add esp, 24 005D9532 5E pop esi 005D9533 5B pop ebx 005D9534 83C4 08 add esp, 8 005D9537 C2 0400 retn 4 伤害计算 dmg=(p173-对象部队智力)*(p175-p176+p172)/p174/1 对城 dmg=(p173-对象部队智力)*(p175-p176+p172)/p174/p166 [[[[esi+8]+0x20]+0x10]+8]武将数据起始地址+0x1c0 = 武将智力地址