2014年2月6日 星期四

TwMS v1.50.2_ICS_仿007走入模式

[ENABLE]
registersymbol(MyAuto)
alloc(MyAuto,1024)
registersymbol(MyAutoLR)
alloc(MyAutoLR,1024)
registersymbol(MyAutoLRNo007)
alloc(MyAutoLRNo007,1024)
registersymbol(MyAutoLRKeyLR)
alloc(MyAutoLRKeyLR,4)
registersymbol(MyAutoLRKeyLRVal)
alloc(MyAutoLRKeyLRVal,4)
registersymbol(AutoLRMob)
alloc(AutoLRMob,4)
registersymbol(tick)
alloc(tick,4)
registersymbol(delay)
alloc(delay,4)
registersymbol(nextGo)
alloc(nextGo,4)
registersymbol(step)
alloc(step,4)
registersymbol(AutoLRPeopleX)
alloc(AutoLRPeopleX,4)
Label(MyAutoLR00)
Label(MyAutoLR01)
Label(MyAutoLR02)
Label(test1)
Label(test2)
Label(SetLR)
Label(back)
Label(back2)
Label(Set01)
Label(Set02)
Label(Cmp1)
Label(Cmp2)

//-----------------------------------------------
AutoLRPeopleX:
DD 0  // 定點X
AutoLRMob:
DD 0  //1.007 2.左右
MyAutoLRKeyLR:
DD 0f
step:
DD 1
delay:
DD 1388
//-----------------------------------------------

MyAuto:
cmp [esp], 009895ec //3b c7 0f 85 ?? ?? 00 00 8b 0d ?? ?? ?? 00
jne GetFocus
cmp [AutoLRMob],0
je GetFocus
cmp [AutoLRMob],1
je Cmp1
cmp [AutoLRMob],2
je Cmp2
jmp GetFocus

Cmp1:
mov [esp],MyAutoLR
jmp GetFocus

Cmp2:
mov [esp],MyAutoLRNo007
jmp GetFocus

MyAutoLRNo007:
pushad
Inc [MyAutoLRKeyLRVal]
Mov Eax, [MyAutoLRKeyLR]
Cmp Eax, [MyAutoLRKeyLRVal]
Jge MyAutoLR02
Add Eax, [MyAutoLRKeyLR]
Cmp Eax, [MyAutoLRKeyLRVal]
Jge MyAutoLR01
Mov [MyAutoLRKeyLRVal], 1
Jmp MyAutoLR02


MyAutoLR:
cmp [step], 0
je MyAutoLR00
cmp [step], 2
jle back
push eax
call 00956312 //A1 ?? ?? ?? 00 8B 40 1C C3
sub eax,[delay]
cmp eax,[nextGo]
pop eax
jbe MyAutoLR00
push eax
call 00956312
Add eax, [delay]
mov [nextGo], eax
pop eax
jmp SetLR


SetLR:
cmp [step],3
je Set02
cmp [step],4
je Set01

Set01:
mov [step],1
jmp back

Set02:
mov [step],2
jmp back

back:
pushad
mov eax,[00E1847C]
mov eax,[eax+49c]
cmp eax,FA0
jg back2
popad
cmp [step],1
je test1
cmp [step],2
je test2
jmp MyAutoLR00

back2:
popad
jmp MyAutoLR00

test1:
pushad
mov ebx,[AutoLRPeopleX]
add ebx,43
mov eax,[00E20700]
mov eax,[eax+0f98]
cmp ebx,eax
jge MyAutoLR01
mov [step],3
jmp MyAutoLR02


test2:
pushad
mov ebx,[AutoLRPeopleX]
sub ebx,3E
mov eax,[00E20700]
mov eax,[eax+0f98]
cmp ebx,eax
jle MyAutoLR02
mov [step],4
jmp MyAutoLR01


MyAutoLR01:
popad
mov [ebp-04],1
jmp MyAutoLR00

MyAutoLR02:
popad
mov [ebp-04],ffffffff
jmp MyAutoLR00


MyAutoLR00:
jmp 009898bf

00e25ec0:
DD MyAuto

[DISABLE]
00e25ec0:
DD GetFocus

unregistersymbol(AwesomeMan)
dealloc(AwesomeMan)
unregistersymbol(MyAutoLR)
dealloc(MyAutoLR)
標籤: , ,

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)