荒野行动内部绘制源码2025.12(纯透视)
前言:最近有点怀念17 18 年这个游戏刚出的时候,大家都是绿玩,我是G玩,当时还在上大学,冬天外面下着雪,自己没课的时候开一把游戏,贼爽。以为最近网上能找到现成的地址,论坛翻个遍,这个游戏也是小众游戏,发现没什么人搞了,本来国内搜到了一篇,狗版主,那个源码是2018的。还得自己寻找人物数据和矩阵。本人太菜没有找到人物数组,所以直接hook这几个都可以hook,肯定会封。 另外我发现这个游戏很多地方自己设置了异常,然后自己处理,如果你搞掉人家异常了,轻则掉线,一般会永久, 另外游戏似乎会检测APC 附加(不太确定,没逆向), 检测硬件断 、 页面异常、 pageguard以及 inlinehook,另外驱动APC没法注入,需要找准时机否则会崩溃,其他开源的驱动级线程注入也是会崩溃。游戏本身驱动可以禁止加载,驱动不加载就会封号,。
仅供学习和交流使用!源码我删除了驱动相关和hook相关的东西(所以你直接编译是没办法运行的)。大家自行测试。
//////////////////////人物对象
hyxd.exe+1CDCBA9 - F3 0F11 4F 38 - movss ,xmm1
hyxd.exe+1CDCBAE - 89 47 30 - mov ,eax
hyxd.exe+1CDCBB1 - EB 72 - jmp hyxd.exe+1CDCC25
hyxd.exe+1CDCBB3 - 48 8B 03 - mov rax,
hyxd.exe+1CDCBB6 - 48 8B CB - mov rcx,rbx
hyxd.exe+1CDCBB9 - FF 90 D8020000 - call qword ptr
hyxd.exe+1CDCBBF - 85 C0 - test eax,eax
hyxd.exe+1CDCBC1 - 0F85 44010000 - jne hyxd.exe+1CDCD0B
hyxd.exe+1CDCBC7 - F2 0F10 83 E8020000 - movsd xmm0,======>hook
hyxd.exe+1CDCBCF - F2 0F10 8B F0020000 - movsd xmm1,
hyxd.exe+1CDCBD7 - F2 0F10 93 F8020000 - movsd xmm2,
hyxd.exe+1CDCBDF - 66 0F5A C0 - cvtpd2ps xmm0,xmm0
hyxd.exe+1CDCBE3 - 66 0F5A C9 - cvtpd2ps xmm1,xmm1
hyxd.exe+1CDCBE7 - F3 0F11 47 24 - movss ,xmm0
hyxd.exe+1CDCBEC - F3 0F11 4F 28 - movss ,xmm1
hyxd.exe+1CDCBF1 - 66 0F5A D2 - cvtpd2ps xmm2,xmm2
hyxd.exe+1CDCBF5 - F3 0F11 57 2C - movss ,xmm2
hyxd.exe+1CDCBFA - F3 0F10 83 00040000 - movss xmm0,
hyxd.exe+1CDCC02 - F3 0F10 9B FC030000 - movss xmm3,
hyxd.exe+1CDCC0A - F3 0F59 05 06AD0803 - mulss xmm0,
hyxd.exe+1CDCC12 - F3 0F11 5F 34 - movss ,xmm3
hyxd.exe+1CDCC17 - F3 0F11 5F 38 - movss ,xmm3
hyxd.exe+1CDCC1C - F3 0F58 C3 - addss xmm0,xmm3
hyxd.exe+1CDCC20 - F3 0F11 47 30 - movss ,xmm0
hyxd.exe+19FDFF0 - 48 89 5C 24 08 - mov ,rbx
hyxd.exe+19FDFF5 - 57 - push rdi
hyxd.exe+19FDFF6 - 48 83 EC 60 - sub rsp,60
hyxd.exe+19FDFFA - 48 8B D9 - mov rbx,rcx
hyxd.exe+19FDFFD - 0FB6 FA - movzx edi,dl
hyxd.exe+19FE000 - 48 8B 89 E0020000 - mov rcx,
hyxd.exe+19FE007 - 48 85 C9 - test rcx,rcx
hyxd.exe+19FE00A - 0F84 3D010000 - je hyxd.exe+19FE14D
hyxd.exe+19FE010 - 44 8B 83 14040000 - mov r8d,
hyxd.exe+19FE017 - 45 85 C0 - test r8d,r8d
hyxd.exe+19FE01A - 0F84 C6000000 - je hyxd.exe+19FE0E6
hyxd.exe+19FE020 - 41 83 F8 01 - cmp r8d,01
hyxd.exe+19FE024 - 0F85 23010000 - jne hyxd.exe+19FE14D
hyxd.exe+19FE02A - 48 8B 01 - mov rax,
hyxd.exe+19FE02D - 48 8D 54 24 40 - lea rdx,
hyxd.exe+19FE032 - FF 90 A8000000 - call qword ptr
hyxd.exe+19FE038 - F2 0F10 8B F0020000 - movsd xmm1,
hyxd.exe+19FE040 - 48 8D 43 50 - lea rax,
hyxd.exe+19FE044 - F2 0F10 83 E8020000 - movsd xmm0,
hyxd.exe+19FE04C - 4C 8D 4B 38 - lea r9,
hyxd.exe+19FE050 - F2 0F10 93 F8020000 - movsd xmm2,
hyxd.exe+19FE058 - 4C 8D 43 44 - lea r8,
hyxd.exe+19FE05C - 66 0F5A C9 - cvtpd2ps xmm1,xmm1
hyxd.exe+19FE060 - 48 8D 4C 24 30 - lea rcx,
hyxd.exe+19FE065 - 48 89 44 24 20 - mov ,rax
hyxd.exe+19FE06A - 66 0F5A C0 - cvtpd2ps xmm0,xmm0
hyxd.exe+19FE06E - 66 0F5A D2 - cvtpd2ps xmm2,xmm2
hyxd.exe+19FE072 - F3 0F11 4C 24 54 - movss ,xmm1
hyxd.exe+19FE078 - F3 0F10 8B F8030000 - movss xmm1,
hyxd.exe+19FE080 - F3 0F11 44 24 50 - movss ,xmm0
hyxd.exe+19FE086 - F3 0F11 54 24 58 - movss ,xmm2
hyxd.exe+19FE08C - E8 CF020000 - call hyxd.exe+19FE360
hyxd.exe+19FE091 - 48 8B 8B E0020000 - mov rcx,
hyxd.exe+19FE098 - 48 8D 54 24 40 - lea rdx,
hyxd.exe+19FE09D - F3 0F10 00 - movss xmm0,
hyxd.exe+19FE0A1 - F3 0F11 44 24 40 - movss ,xmm0
hyxd.exe+19FE0A7 - F3 0F10 48 04 - movss xmm1,
hyxd.exe+19FE0AC - F3 0F11 4C 24 44 - movss ,xmm1
hyxd.exe+19FE0B2 - F3 0F10 40 08 - movss xmm0,
hyxd.exe+19FE0B7 - F3 0F11 44 24 48 - movss ,xmm0
hyxd.exe+19FE0BD - F3 0F10 48 0C - movss xmm1,
hyxd.exe+19FE0C2 - F3 0F11 4C 24 4C - movss ,xmm1
hyxd.exe+19FE0C8 - 48 8B 01 - mov rax,
hyxd.exe+19FE0CB - 40 84 FF - test dil,dil
hyxd.exe+19FE0CE - 74 77 - je hyxd.exe+19FE147
hyxd.exe+19FE0D0 - 41 B0 01 - mov r8l,01
hyxd.exe+19FE0D3 - FF 90 B0000000 - call qword ptr
hyxd.exe+19FE0D9 - B0 01 - mov al,01
hyxd.exe+19FE0DB - 48 8B 5C 24 70 - mov rbx,
hyxd.exe+19FE0E0 - 48 83 C4 60 - add rsp,60
hyxd.exe+19FE0E4 - 5F - pop rdi
hyxd.exe+19FE0E5 - C3 - ret
hyxd.exe+19FE0E6 - 48 8B 01 - mov rax,
hyxd.exe+19FE0E9 - 48 8D 54 24 40 - lea rdx,
hyxd.exe+19FE0EE - FF 90 A8000000 - call qword ptr
hyxd.exe+19FE0F4 - F2 0F10 83 E8020000 - movsd xmm0,=============>这几个都是 这个不行很慢
hyxd.exe+19FE0FC - 48 8D 54 24 40 - lea rdx,
hyxd.exe+19FE101 - F2 0F10 8B F0020000 - movsd xmm1,
hyxd.exe+19FE109 - F2 0F10 93 F8020000 - movsd xmm2,
hyxd.exe+19FE111 - 48 8B 8B E0020000 - mov rcx,
hyxd.exe+19FE118 - 66 0F5A C0 - cvtpd2ps xmm0,xmm0
hyxd.exe+19FE11C - 66 0F5A C9 - cvtpd2ps xmm1,xmm1
hyxd.exe+19FE120 - F3 0F11 44 24 50 - movss ,xmm0
hyxd.exe+19FE126 - F3 0F11 4C 24 54 - movss ,xmm1
hyxd.exe+19FE12C - 0F10 43 28 - movups xmm0,
hyxd.exe+19FE130 - 66 0F5A D2 - cvtpd2ps xmm2,xmm2
hyxd.exe+19FE134 - 0F11 44 24 40 - movups ,xmm0
hyxd.exe+19FE139 - F3 0F11 54 24 58 - movss ,xmm2
hyxd.exe+19FE13F - 48 8B 01 - mov rax,
hyxd.exe+19FE142 - 40 84 FF - test dil,dil
hyxd.exe+19FE145 - 75 89 - jne hyxd.exe+19FE0D0
hyxd.exe+19FE147 - FF 90 E0010000 - call qword ptr
hyxd.exe+19FE14D - 48 8B 5C 24 70 - mov rbx,
hyxd.exe+19FE152 - B0 01 - mov al,01
hyxd.exe+19FE154 - 48 83 C4 60 - add rsp,60
hyxd.exe+19FE158 - 5F - pop rdi
hyxd.exe+1CDCBC1 - 0F85 44010000 - jne hyxd.exe+1CDCD0B
hyxd.exe+1CDCBC7 - F2 0F10 83 E8020000 - movsd xmm0,=================>hook
hyxd.exe+1CDCBCF - F2 0F10 8B F0020000 - movsd xmm1,
hyxd.exe+1CDCBD7 - F2 0F10 93 F8020000 - movsd xmm2,
hyxd.exe+1CDCBDF - 66 0F5A C0 - cvtpd2ps xmm0,xmm0
hyxd.exe+1CDCBE3 - 66 0F5A C9 - cvtpd2ps xmm1,xmm1
hyxd.exe+1CDCBE7 - F3 0F11 47 24 - movss ,xmm0
hyxd.exe+1CDCBEC - F3 0F11 4F 28 - movss ,xmm1
hyxd.exe+1CDCBF1 - 66 0F5A D2 - cvtpd2ps xmm2,xmm2
hyxd.exe+1CDCBF5 - F3 0F11 57 2C - movss ,xmm2
hyxd.exe+1CDCBFA - F3 0F10 83 00040000 - movss xmm0,
hyxd.exe+1CDCC02 - F3 0F10 9B FC030000 - movss xmm3,
hyxd.exe+1CDCC0A - F3 0F59 05 06AD0803 - mulss xmm0,
hyxd.exe+1CDCC12 - F3 0F11 5F 34 - movss ,xmm3
hyxd.exe+1CDCC17 - F3 0F11 5F 38 - movss ,xmm3
hyxd.exe+1CDCC1C - F3 0F58 C3 - addss xmm0,xmm3
hyxd.exe+1CDCC20 - F3 0F11 47 30 - movss ,xmm0
hyxd.exe+1CDCC25 - F3 0F10 4B 30 - movss xmm1,
hyxd.exe+1CDCC2A - F3 0F10 43 2C - movss xmm0,
hyxd.exe+1CDCC2F - 44 0F28 D1 - movaps xmm10,xmm1
hyxd.exe+1CDCC33 - F3 0F10 53 34 - movss xmm2,
hyxd.exe+1CDCC38 - F3 44 0F58 D1 - addss xmm10,xmm1
hyxd.exe+1CDCC3D - F3 0F10 63 28 - movss xmm4,
hyxd.exe+1CDCC42 - 44 0F28 E0 - movaps xmm12,xmm0
hyxd.exe+1CDCC46 - F3 44 0F58 E0 - addss xmm12,xmm0
hyxd.exe+1CDCC4B - 0F28 DC - movaps xmm3,xmm4
hyxd.exe+1CDCC4E - F3 0F58 DC - addss xmm3,xmm4
hyxd.exe+1CDCC52 - 41 0F28 FA - movaps xmm7,xmm10
hyxd.exe+1CDCC56 - F3 44 0F59 D2 - mulss xmm10,xmm2
hyxd.exe+1CDCC5B - F3 0F59 F9 - mulss xmm7,xmm1
hyxd.exe+1CDCC5F - 41 0F28 F4 - movaps xmm6,xmm12
hyxd.exe+1CDCC63 - F3 0F59 F1 - mulss xmm6,xmm1
hyxd.exe+1CDCC67 - 45 0F28 DC - movaps xmm11,xmm12
////----
hyxd.exe+19FD350 - 0F10 81 E8020000 - movups xmm0, ================ hook
hyxd.exe+19FD357 - 48 8B C2 - mov rax,rdx
hyxd.exe+19FD35A - 44 8B 81 14040000 - mov r8d,
hyxd.exe+19FD361 - F2 0F10 89 F8020000 - movsd xmm1,
hyxd.exe+19FD369 - 0F11 02 - movups ,xmm0
hyxd.exe+19FD36C - F2 0F11 4A 10 - movsd ,xmm1
hyxd.exe+19FD371 - 45 85 C0 - test r8d,r8d
hyxd.exe+19FD374 - 74 15 - je hyxd.exe+19FD38B
hyxd.exe+19FD376 - 41 83 F8 01 - cmp r8d,01
hyxd.exe+19FD37A - 75 76 - jne hyxd.exe+19FD3F2
hyxd.exe+19FD37C - F3 0F10 99 04040000 - movss xmm3,
hyxd.exe+19FD384 - F3 0F58 59 70 - addss xmm3,
hyxd.exe+19FD389 - EB 21 - jmp hyxd.exe+19FD3AC
hyxd.exe+19FD38B - F3 0F10 99 FC030000 - movss xmm3,
hyxd.exe+19FD393 - F3 0F10 81 00040000 - movss xmm0,
hyxd.exe+19FD39B - F3 0F58 59 70 - addss xmm3,
hyxd.exe+19FD3A0 - F3 0F59 05 70A53603 - mulss xmm0,
hyxd.exe+19FD3A8 - F3 0F58 D8 - addss xmm3,xmm0
接下来是矩阵基质
================================J矩阵 竖矩阵 (基地址+偏移2+偏移1 =目标地址)
偏移1610
///其他偏移
0x108 当前数组下标 四字节
hyxd.exe+7104A0 - 48 89 5C 24 10 - mov ,rbx
hyxd.exe+7104A5 - 55 - push rbp
hyxd.exe+7104A6 - 56 - push rsi
hyxd.exe+7104A7 - 57 - push rdi
hyxd.exe+7104A8 - 41 54 - push r12
hyxd.exe+7104AA - 41 55 - push r13
hyxd.exe+7104AC - 41 56 - push r14
hyxd.exe+7104AE - 41 57 - push r15
hyxd.exe+7104B0 - 48 8D 6C 24 D9 - lea rbp,
hyxd.exe+7104B5 - 48 81 EC A0000000 - sub rsp,000000A0
hyxd.exe+7104BC - 0F29 B4 24 90000000 - movaps ,xmm6
hyxd.exe+7104C4 - 44 8B E2 - mov r12d,edx
hyxd.exe+7104C7 - 4C 8B E9 - mov r13,rcx
hyxd.exe+7104CA - 48 8B 3D AFCB9207 - mov rdi,
hyxd.exe+7104D1 - 8B 41 48 - mov eax,
hyxd.exe+7104D4 - 89 87 B4070000 - mov ,eax
hyxd.exe+7104DA - F3 0F10 41 48 - movss xmm0,
hyxd.exe+7104DF - F3 0F58 87 B0070000 - addss xmm0,
hyxd.exe+7104E7 - F3 0F11 87 B0070000 - movss ,xmm0
hyxd.exe+7104EF - 8B 87 C4070000 - mov eax,
hyxd.exe+7104F5 - 3B 87 C8070000 - cmp eax,
hyxd.exe+7104FB - 75 12 - jne hyxd.exe+71050F
hyxd.exe+7104FD - 85 C0 - test eax,eax
hyxd.exe+7104FF - 74 0E - je hyxd.exe+71050F
hyxd.exe+710501 - 48 83 BF 60080000 00- cmp qword ptr ,00
hyxd.exe+710509 - 74 04 - je hyxd.exe+71050F
hyxd.exe+71050B - B1 01 - mov cl,01
hyxd.exe+71050D - EB 02 - jmp hyxd.exe+710511
hyxd.exe+71050F - 32 C9 - xor cl,cl
hyxd.exe+710511 - 88 8F CC070000 - mov ,cl
hyxd.exe+710517 - 89 87 C8070000 - mov ,eax
hyxd.exe+71051D - 45 33 F6 - xor r14d,r14d
hyxd.exe+710520 - 44 89 B7 C4070000 - mov ,r14d
hyxd.exe+710527 - 49 8B 45 28 - mov rax,
hyxd.exe+71052B - 48 8B 70 40 - mov rsi,
hyxd.exe+71052F - 48 8B 06 - mov rax,
hyxd.exe+710532 - 45 33 C0 - xor r8d,r8d
hyxd.exe+710535 - 48 8D 55 D7 - lea rdx,
hyxd.exe+710539 - 48 8B CE - mov rcx,rsi
hyxd.exe+71053C - FF 90 80000000 - call qword ptr
hyxd.exe+710542 - F3 0F10 45 D7 - movss xmm0,
hyxd.exe+710547 - F3 0F11 87 10060000 - movss ,xmm0====================>
hyxd.exe+71054F - F3 0F10 4D E7 - movss xmm1,
hyxd.exe+710554 - F3 0F11 8F 14060000 - movss ,xmm1
hyxd.exe+71055C - F3 0F10 45 F7 - movss xmm0,
hyxd.exe+710561 - F3 0F11 87 18060000 - movss ,xmm0
hyxd.exe+710569 - F3 0F10 4D 07 - movss xmm1,
hyxd.exe+71056E - F3 0F11 8F 1C060000 - movss ,xmm1
基质
hyxd.exe+1636250 - 48 8B C4 - mov rax,rsp
hyxd.exe+1636253 - 48 89 58 10 - mov ,rbx
hyxd.exe+1636257 - 48 89 68 18 - mov ,rbp
hyxd.exe+163625B - 56 - push rsi
hyxd.exe+163625C - 57 - push rdi
hyxd.exe+163625D - 41 54 - push r12
hyxd.exe+163625F - 41 56 - push r14
hyxd.exe+1636261 - 41 57 - push r15
hyxd.exe+1636263 - 48 81 EC B0000000 - sub rsp,000000B0
hyxd.exe+163626A - 0F29 70 C8 - movaps ,xmm6
hyxd.exe+163626E - 0F29 78 B8 - movaps ,xmm7
hyxd.exe+1636272 - 48 8B EA - mov rbp,rdx
hyxd.exe+1636275 - 48 8B F9 - mov rdi,rcx
hyxd.exe+1636278 - 0F57 FF - xorps xmm7,xmm7
hyxd.exe+163627B - 80 B9 A8030000 00 - cmp byte ptr ,00
hyxd.exe+1636282 - 0F85 82000000 - jne hyxd.exe+163630A
hyxd.exe+1636288 - 83 B9 AC030000 00 - cmp dword ptr ,00
hyxd.exe+163628F - 76 79 - jna hyxd.exe+163630A
hyxd.exe+1636291 - 80 B9 A9030000 00 - cmp byte ptr ,00
hyxd.exe+1636298 - 74 70 - je hyxd.exe+163630A
hyxd.exe+163629A - 48 8B 0D DF6DA006 - mov rcx,==================>
hyxd.exe+16362A1 - 48 81 C1 58020000 - add rcx,00000258
hyxd.exe+16362A8 - 48 8B 01 - mov rax,
hyxd.exe+16362AB - 44 0FB7 4F 30 - movzx r9d,word ptr
hyxd.exe+16362B0 - 44 0FB7 47 2C - movzx r8d,word ptr
hyxd.exe+16362B5 - 48 8D 54 24 30 - lea rdx,
hyxd.exe+16362BA - FF 90 00010000 - call qword ptr
hyxd.exe+710C70 - 48 89 5C 24 08 - mov ,rbx
hyxd.exe+710C75 - 48 89 6C 24 10 - mov ,rbp
hyxd.exe+710C7A - 48 89 74 24 18 - mov ,rsi
hyxd.exe+710C7F - 57 - push rdi
hyxd.exe+710C80 - 41 56 - push r14
hyxd.exe+710C82 - 41 57 - push r15
hyxd.exe+710C84 - 48 83 EC 40 - sub rsp,40
hyxd.exe+710C88 - 48 8B 35 F1C39207 - mov rsi,======>
hyxd.exe+710C8F - 41 0FB6 E9 - movzx ebp,r9b
hyxd.exe+710C93 - 49 8B D8 - mov rbx,r8
hyxd.exe+710C96 - 4C 8B F2 - mov r14,rdx
hyxd.exe+710C99 - 4C 8B F9 - mov r15,rcx
hyxd.exe+710C9C - 48 8D BE 70080000 - lea rdi,
hyxd.exe+710CA3 - 49 3B F8 - cmp rdi,r8
hyxd.exe+710CA6 - 74 5B - je hyxd.exe+710D03
hyxd.exe+710CA8 - 48 8B 4F 38 - mov rcx,
hyxd.exe+710CAC - 48 85 C9 - test rcx,rcx
hyxd.exe+710CAF - 74 14 - je hyxd.exe+710CC5
hyxd.exe+710CB1 - 48 8B 01 - mov rax,
hyxd.exe+710CB4 - 48 3B CF - cmp rcx,rdi
hyxd.exe+710CB7 - 0F95 C2 - setne dl
hyxd.exe+710CBA - FF 50 20 - call qword ptr
hyxd.exe+710CBD - 48 C7 47 38 00000000- mov qword ptr ,00000000
hyxd.exe+710CC5 - 48 8B 4B 38 - mov rcx,
hyxd.exe+710CC9 - 48 85 C9 - test rcx,rcx
hyxd.exe+710CCC - 74 35 - je hyxd.exe+710D03
hyxd.exe+710CCE - 48 3B CB - cmp rcx,rbx
hyxd.exe+710CD1 - 75 24 - jne hyxd.exe+710CF7
hyxd.exe+710CD3 - 48 8B 01 - mov rax,
hyxd.exe+710CD6 - 48 8B D7 - mov rdx,rdi
hyxd.exe+710CD9 - FF 50 08 - call qword ptr
页:
[1]