-
Notifications
You must be signed in to change notification settings - Fork 0
/
crashing_debug_note.txt
186 lines (165 loc) · 4.53 KB
/
crashing_debug_note.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
Counter is saved at 0x0131132A
Counter is increased at function 0x00629160, address 0x006291C5
Counter is treated as "Signed Short"
Above is global counter; which is different from unit counter
Unit counter is calculated at function 0x53cd00
Unit Base Address: 152DC800
Unit Address: Base Address + Unit Counter * 4
---------------------------
My function:
0xe4edb0
moved to new addr: 0xca4620
return 0 means break the loop.
return 1 means don't break the loop.
---------------------------
push ebx
push ecx
push edx
push esi
test al,0x1
jne lb2
test ah,0x1
jne lb2
cmp WORD PTR [ecx+0x59],0x10
jne lb2
movzx ebx,word ptr [ecx+0x276]
mov eax,dword ptr ds:[0x01310FDE]
mov edx,ecx ;edx <- cur member
mov ecx,dword ptr [eax+ebx*4] ;ecx <- head of list
cmp WORD PTR [ecx+0x59],0x10 ;check if head is dead
je lb
xor esi, esi ;reset esi to 0
lp:
movzx ebx, WORD PTR [ecx+0x274] ;head is alive, loop through the list to check whether cur member is in the lists
cmp ebx, 0x0000ffff ;check if next member exists
je lb ;not exists then return 0
cmp ebx, edi ;check if next member is cur member
je lb2 ;it is cur member, return 1
add esi,0x1 ;increase esi
cmp esi,0x10 ;check whether 16 members looped, squad can't have more than 16 member
je lb ;if 16 reached return 0
mov ecx,dword ptr [eax+ebx*4] ;ecx <- next member
jmp lp ;can't decide yet, go to next iteration check
lb:
mov dword ptr [edx],0x0 ;clear memory for later use
mov dword ptr [edx+0x8],0x0
mov dword ptr [edx+0xF8],0x0
mov dword ptr [edx+0x118],0x0
mov dword ptr [edx+0x158],0x0
mov dword ptr [edx+0x198],0x0
mov dword ptr [edx+0x158],0x0
mov dword ptr [edx+0x218],0x0
mov dword ptr [edx+0x2A0],0x0
mov dword ptr [edx+0x2F0],0x0
mov dword ptr [edx+0x33C],0x0
sub word ptr ds:[0x131132A],0x1
mov al,0x0
jmp rt
lb2:
mov al,0x1
rt:
pop esi
pop edx
pop ecx
pop ebx
ret
--------------NO COMMENT VERSION----------------
push ebx
push ecx
push edx
push esi
test al,0x1
jne lb2
test ah,0x1
jne lb2
cmp WORD PTR [ecx+0x59],0x10
jne lb2
movzx ebx,word ptr [ecx+0x276]
mov eax,dword ptr ds:[0x01310FDE]
mov edx,ecx
mov ecx,dword ptr [eax+ebx*4]
cmp WORD PTR [ecx+0x59],0x10
je lb
xor esi, esi
lp:
movzx ebx, WORD PTR [ecx+0x274]
cmp ebx, 0x0000ffff
je lb
cmp ebx, edi
je lb2
add esi,0x1
cmp esi,0x10
je lb
mov ecx,dword ptr [eax+ebx*4]
jmp lp
lb:
sub word ptr ds:[0x131132A],0x1
mov al,0x0
jmp rt
lb2:
mov al,0x1
rt:
pop esi
pop edx
pop ecx
pop ebx
ret
-----------------------------------
--------------NO MEMORY CLEAR VERSION(USE THIS)----------------
push ebx
push ecx
push edx
push esi
mov edx,ecx
cmp dword ptr[ecx], 0x010F97A0
jne lb2
test al,0x1
jne lb2
test ah,0x1
jne lb2
cmp BYTE PTR [ecx+0x59],0x10
je lb3
cmp BYTE PTR [ecx+0x59],0x90
jne lb2
lb3:
movzx ebx,word ptr [ecx+0x276]
cmp ebx, edi
je lb
mov eax,dword ptr ds:[0x01310FDE]
mov ecx,dword ptr [eax+ebx*4]
cmp BYTE PTR [ecx+0x59],0x10
je lb
cmp BYTE PTR [ecx+0x59],0x90
je lb
xor esi, esi
lp:
movzx ebx, WORD PTR [ecx+0x274]
cmp ebx, 0x0000ffff
je lb
cmp ebx, edi
je lb2
add esi,0x1
cmp esi,0x10
je lb
mov ecx,dword ptr [eax+ebx*4]
jmp lp
lb:
add BYTE PTR [edx+0x5a],0x1
cmp BYTE PTR [edx+0x5a],0x2d
jne lb2
mov BYTE PTR [edx+0x5a],0x0
sub word ptr ds:[0x131132A],0x1
mov al,0x0
jmp rt
lb2:
mov al,0x1
rt:
pop esi
pop edx
pop ecx
pop ebx
ret
-----------------------------------
Unit size: 0x340
Notable functions:
0x52713A: write LOS to unit data