1742天 博客通用头像 Edwiin

本人熟练掌握linux,windows的开关机,擅长nfs,samba,ftp,dhcp,bind,apache,mail等各项服务的安装与卸载,精通shell,mysql,iptables,selinux等单词的拼写,了解虚拟化,存储,集群等相关汉字的书写。

刚刚翻电脑里的古董,翻到了植物大战僵尸的修改器大全....基址+指针!

发布于 4年前 / 1.4k 次围观 / 0 条评论 / 软件分享 / Edwiin
本文最后更新于2016-8-25,已超过 1 个月没有更新,如果文章内容或图片资源失效,请【留言反馈】,我会及时处理,谢谢!


PlantsVsZombies.exe+A3C0 - 6a ff      - push ff  ;数据初始化call

868

[[[plantsvszombies.exe+329670]+94c]+4c] ;植物冒险模式关卡数
[[[plantsvszombies.exe+329670]+868]+5567] ;阳光


穿甲弹问题
004726d0    83ec 14         sub esp,14              ;僵尸hp-,子弹坐标,及效果

//子弹撞到僵尸
00472327 - e8 04 f2 ff ff           call 00471530
->0047172a - e8 a1 0f 00 00         call 004726d0     ;植物撞到僵尸hp-
  ->004728df   /e9 2c090000     jmp plantsvs.00473210 ;将所有跳转ret掉,,子弹撞到僵尸后不消失
    00472995   /e9 76080000     jmp plantsvs.00473210
    00472b2a   /e9 e1060000     jmp plantsvs.00473210 ;投掷类装地上
    00472af9   /e9 12070000     jmp plantsvs.00473210
    ->00473210 ;消失,,子弹数组复用

//子弹飞出窗口
00472327 - e8 04 f2 ff ff           call 00471530
->00471543    837d 60 4b      cmp dword ptr ss:[ebp+60],4b
  00471547    0f8d a9010000   jge plantsvs.004716f6
  ->004716f6    8bc5            mov eax,ebp
    004716f8    e8 131b0000     call plantsvs.00473210
    ->00473210 ;消失,,子弹数组复用

00472B2A   /E9 E1060000     JMP PlantsVs.00473210                    ;投掷类撞到地上,,
 
 
 
夜间植物睡觉问题
006ad5fa - 8b 4d f4 - mov ecx,[ebp-0c]
004615ea - c6 83 43 01 00 00 00 - mov byte ptr [ebx+00000143],00   ;初始化,,关键
00462199 - 38 9f 43 01 00 00 - cmp [edi+00000143],bl              
004621f2 - 88 9f 43 01 00 00 - mov [edi+00000143],bl               ;写入睡眠属
00466c33 - 80 bf 43 01 00 00 00 - cmp byte ptr [edi+00000143],00   ;判断是否含有睡眠属
00467ea1 - 80 be 43 01 00 00 00 - cmp byte ptr [esi+00000143],00

0040fa41 - e8 3a 1a 05 00             - call 00461480
->00461480 ;创建植物
  004615ea - c6 83 43 01 00 00 00 - mov byte ptr [ebx+00000143],00   ;初始化,,关键
  004617c2     /74 1f         je short plantsvs.004617e3               ;  夜间植物跳转,,

 

植物解锁与关卡相关:
00456f96 - 8b 48 4c - mov ecx,[eax+4c] ;将关卡写入ecx,用ecx作判断的,,解锁植物
    mov ecx,39 ;直接最大值,,解锁

 

游戏暂停:
00452720 - 56                         - push esi
00452721 - 8b f1                      - mov esi,ecx
00452723 - 80 be 15 09 00 00 00       - cmp byte ptr [esi+00000915],00
0045272a - 75 0f                      - jne 0045273b                  ;改jmp跳过
0045272c - e8 9f ff ff ff             - call 004526d0
00452731 - 84 c0                      - test al,al
00452733 - 74 06                      - je 0045273b
00452735 - 56                         - push esi
00452736 - e8 75 0f 00 00             - call 004536b0                 ;游戏暂停call
0045273b - 5e                         - pop esi
0045273c - c3                         - ret

 

毁灭菇地面伤害问题
00415829 - 03 86 c8 00 00 00 - add eax,[esi+000000c8]
00543566 - 81 bf c8 00 00 00 08 07 00 00 - cmp [edi+000000c8],00000708   ;僵尸的hp与708比较,,跟踪此处
006ad586 - 66 0f 7f 47 40 - movdqa [edi+40],xmm0
00532c56 - c7 87 c8 00 00 00 0e 01 00 00 - mov [edi+000000c8],0000010e
00533fad - 8b 97 c8 00 00 00 - mov edx,[edi+000000c8]

00466E25 - e8 e6 32 00 00             - call 0046a110 ;各种一次菇类,,调用此call
->0046A2D5 - e8 96 63 fb ff             - call 00420670 ;毁灭菇,,某call
  ->004206FD - e8 3e 2e 12 00             - call 00543540   ;炸弹放完,,僵尸变化
    ->00543540
      00543566 - 81 bf c8 00 00 00 08 07 00 00 - cmp [edi+000000c8],00000708
毁灭菇地面损伤与爆炸后蘑菇云动画效果,,
0046A2EF    6A 1E           PUSH 1E                             ;爆炸效果
0046A2F1    68 801A0600     PUSH 61A80
0046A2F6    83EC 08         SUB ESP,8
0046A2F9    D95C24 04       FSTP DWORD PTR SS:[ESP+4]
0046A2FD    DB4424 28       FILD DWORD PTR SS:[ESP+28]
0046A301    D91C24          FSTP DWORD PTR SS:[ESP]
0046A304    E8 078E0B00     CALL PlantsVs.00523110
0046A309    8B43 28         MOV EAX,DWORD PTR DS:[EBX+28]       ;地面损伤call,,跳过这里
0046A30C    8B7B 1C         MOV EDI,DWORD PTR DS:[EBX+1C]
0046A30F    50              PUSH EAX
0046A310    8B43 04         MOV EAX,DWORD PTR DS:[EBX+4]
0046A313    E8 9815FAFF     CALL PlantsVs.0040B8B0
0046A318    C740 18 5046000>MOV DWORD PTR DS:[EAX+18],4650      ;4650,,

 

爆炸豌豆,,未完成
僵尸烧焦变灰效果
0046A245    52              PUSH EDX  ;7f
0046A246    6A 01           PUSH 1
0046A248    6A 01           PUSH 1
0046A24A    6A 73           PUSH 73
0046A24C    57              PUSH EDI  ;纵坐标
0046A24D    56              PUSH ESI  ;横坐标
0046A24E    50              PUSH EAX  ;行数 0-4
0046A24F    51              PUSH ECX  ;B287460
0046A250    E8 1B64FBFF     CALL PlantsVs.00420670
小红辣椒爆炸效果
0046A286    6A 04           PUSH 4
0046A288    68 801A0600     PUSH 61A80
0046A28D    83EC 08         SUB ESP,8
0046A290    D95C24 04       FSTP DWORD PTR SS:[ESP+4]   ;出栈,,纵坐标
0046A294    DB4424 28       FILD DWORD PTR SS:[ESP+28]  ;入栈,,横坐标,,读取[esp+28]中存取的横坐标
0046A298    D91C24          FSTP DWORD PTR SS:[ESP]     ;出栈,,横坐标,,写入
0046A29B    E8 708E0B00     CALL PlantsVs.00523110

坐标尺
     80  160  240  320  400  480  560  640  720
120                                              78
220                                              dc
320                                              140
420                                              1A4
520                                              208
     50  A0   F0   140  190  1E0  230  280  2D0

 
 
跳过选择植物:搁浅,,
0044af36 - 80 78 1a 00 - cmp byte ptr [eax+1a],00
移动触发
0044ab24 - 80 7d 1a 00 - cmp byte ptr [ebp+1a],00
0044acec - 80 7d 1a 00 - cmp byte ptr [ebp+1a],00
点击触发
004914d0 - 80 78 1a 00 - cmp byte ptr [eax+1a],00
0044ab01 - 80 7d 1a 00 - cmp byte ptr [ebp+1a],00
00491261 - 80 78 1a 00 - cmp byte ptr [eax+1a],00   ;判断是否激活按钮

00491255 - 8b 81 a0 00 00 00          - mov eax,[ecx+000000a0]
0049125B - 80 78 18 00                - cmp byte ptr [eax+18],00        ;是否点击在按钮上
0049125F - 74 1e                      - je 0049127f                     ;不在则跳
00491261 - 80 78 1a 00                - cmp byte ptr [eax+1a],00        ;判断最后一格是不是有东西
00491265 - 75 18                      - jne 0049127f                    ;没有东西则跳
00491267 - 80 b8 fd 00 00 00 00       - cmp byte ptr [eax+000000fd],00
0049126E - 75 0f                      - jne 0049127f
00491270 - 8b 01                      - mov eax,[ecx]
00491272 - 8b 90 1c 01 00 00          - mov edx,[eax+0000011c]
00491278 - 6a 64                      - push 64
0049127A - ff d2                      - call edx
0049127C - c2 0c 00                   - ret 000c

00490393   /0F84 08020000   JE PlantsVs.004905A1                     ; 此处jmp,,游戏无法开始

游戏开始,,
00490513    6A 28           PUSH 28
00490515    56              PUSH ESI
00490516    B9 07000000     MOV ECX,7
0049051B    E8 00FBFFFF     CALL PlantsVs.00490020
00490520    84C0            TEST AL,AL
00490522    74 7D           JE SHORT PlantsVs.004905A1
00490524    6A 2C           PUSH 2C
00490526    56              PUSH ESI
00490527    B9 27000000     MOV ECX,27
0049052C    E8 EFFAFFFF     CALL PlantsVs.00490020
00490531    84C0            TEST AL,AL
00490533    74 6C           JE SHORT PlantsVs.004905A1
00490535    6A 29           PUSH 29
00490537    56              PUSH ESI
00490538    B9 01000000     MOV ECX,1
0049053D    E8 DEFAFFFF     CALL PlantsVs.00490020
00490542    84C0            TEST AL,AL
00490544    74 5B           JE SHORT PlantsVs.004905A1
00490546    6A 2E           PUSH 2E
00490548    56              PUSH ESI
00490549    B9 15000000     MOV ECX,15
0049054E    E8 CDFAFFFF     CALL PlantsVs.00490020
00490553    84C0            TEST AL,AL
00490555    74 4A           JE SHORT PlantsVs.004905A1
00490557    6A 2F           PUSH 2F
00490559    56              PUSH ESI
0049055A    B9 22000000     MOV ECX,22
0049055F    E8 BCFAFFFF     CALL PlantsVs.00490020
00490564    84C0            TEST AL,AL
00490566    74 39           JE SHORT PlantsVs.004905A1
00490568    6A 2D           PUSH 2D
0049056A    56              PUSH ESI
0049056B    B9 1F000000     MOV ECX,1F
00490570    E8 ABFAFFFF     CALL PlantsVs.00490020
00490575    84C0            TEST AL,AL
00490577    74 28           JE SHORT PlantsVs.004905A1
00490579    6A 2A           PUSH 2A
0049057B    56              PUSH ESI
0049057C    B9 0A000000     MOV ECX,0A
00490581    E8 9AFAFFFF     CALL PlantsVs.00490020
00490586    84C0            TEST AL,AL
00490588    74 17           JE SHORT PlantsVs.004905A1
0049058A    6A 2B           PUSH 2B
0049058C    56              PUSH ESI
0049058D    B9 10000000     MOV ECX,10
00490592    E8 89FAFFFF     CALL PlantsVs.00490020
00490597    84C0            TEST AL,AL
00490599    74 06           JE SHORT PlantsVs.004905A1
0049059B    56              PUSH ESI
0049059C    E8 5F130000     CALL PlantsVs.00491900      ;开始游戏call跳过游戏不开始
004905A1    5F              POP EDI
004905A2    5B              POP EBX

005D4360    E8 3B74F7FF     CALL PlantsVs.0054B7A0  ;处理鼠标点击信息


00491A60   /FFE2            JMP EDX                                  ; PlantsVs.0054AEC0
0054AEC0    55              PUSH EBP

 

传送带卡片
锁定植物类型,,  868->15C->5C(50) 植物类型
004948B4 - 23 c2                      - and eax,edx      ;xor eax,eax 清零,,瞬移
004948B6 - 89 01                      - mov [ecx],eax    ;传送

 

老虎机,,,搁浅
00491efa - 89 47 34 - mov [edi+34],eax


冰豌豆
004726d0    83ec 14         sub esp,14              ;僵尸hp-,子弹坐标,及效果
00541CBE   /74 09           JE SHORT PlantsVs.00541CC9               ; 冰豌豆效果,,


冷却
PlantsVsZombies.exe+91E4F - 8b c0     - mov eax,eax

火弹
004728E6   /75 16           JNZ SHORT PlantsVs.004728FE              ;改jmp
0047291C   /75 7C           JNZ SHORT PlantsVs.0047299A              ;改nop
00472929   /0F84 F2010000   JE PlantsVs.00472B21                     ;改nop

 

罐子透明,,
004518a1 - 89 47 4c - mov [edi+4c],eax         ;增加,,透明
004518af - 89 47 4c - mov [edi+4c],eax         ;减少,,不透明
查找访问,,

罐子
0041f8dd - 80 78 20 00 - cmp byte ptr [eax+20],00    ;跳过,,罐子消失,,可复原
0041ebe6 - 38 58 20 - cmp [eax+20],bl                ;罐子消失无法复原

 

以上就是pvz的基址和指针,懂编程的一看就懂,这里就不多做介绍,然后就是一大波植物大战僵尸修改器,有多少如图。

QQ截图20160825223226.png

看来我从前是多么的热爱这款游戏。。话说这么多修改器都是我一个人从前整合的...

现在还热爱这款游戏的小伙伴抓紧下载修改器奔放....

那么下面甩上植物大战僵尸修改器大全的下载地址

点这里下载→:植物大战僵尸修改器大全

  • 支付宝赞助图片
  • 微信赞助图片
  • QQ赞助图片
头像
描述: 还好有你,再见如初。
未显示?请点击刷新

Press Space to start