跟啊跟,跟到它处理菜单命令的地方.
5.JPG 先在.TEXT段里找一片广阔的天地(我选择01004A5B,好多00金币),在这里有空间做你想做的事.
6.JPG 从1001EEF里跳过来.
7.JPG 大搞特搞,期间扫雷被我弄到异常退出无限次.因为我太菜,代码是试了好多次才出来的,所以写的很不好看.....代码如下:
01004A5B > \83F8 01 cmp eax,1 ; Default case of switch 01001EDC
01004A5E . 75 50 jnz short winmine4.01004AB0
01004A60 . 60 pushad
01004A61 . B8 40530001 mov eax,winmine4.01005340
01004A66 . B9 60030000 mov ecx,360
01004A6B > 8038 8F cmp byte ptr ds:[eax],8F
01004A6E . 75 07 jnz short winmine4.01004A77
01004A70 . 90 nop
01004A71 . 90 nop
01004A72 . 90 nop
01004A73 . 90 nop
01004A74 . C600 8E mov byte ptr ds:[eax],8E
01004A77 > 40 inc eax
01004A78 . 49 dec ecx
01004A79 .^ 75 F0 jnz short winmine4.01004A6B
01004A7B . 6A 06 push 6 ; /ShowState = SW_MINIMIZE
01004A7D . FF35 245B0001 push dword ptr ds:[1005B24] ; |hWnd = 000D02C8 ('扫雷',class='扫雷')
01004A83 . FF15 34110001 call dword ptr ds:[<&USER32.ShowWindow>>; \ShowWindow
01004A89 . FF35 245B0001 push dword ptr ds:[1005B24] ; /hWnd = 000D02C8 ('扫雷',class='扫雷')
01004A8F . FF15 58110001 call dword ptr ds:[<&USER32.UpdateWindo>; \UpdateWindow
01004A95 . 6A 09 push 9 ; /ShowState = SW_RESTORE
01004A97 . FF35 245B0001 push dword ptr ds:[1005B24] ; |hWnd = 000D02C8 ('扫雷',class='扫雷')
01004A9D . FF15 34110001 call dword ptr ds:[<&USER32.ShowWindow>>; \ShowWindow
01004AA3 . FF35 245B0001 push dword ptr ds:[1005B24] ; /hWnd = 000D02C8 ('扫雷',class='扫雷')
01004AA9 . FF15 58110001 call dword ptr ds:[<&USER32.UpdateWindo>; \UpdateWindow
01004AAF . 61 popad
01004AB0 >^ 0F85 F3D6FFFF jnz winmine4.010021A9
01004AB6 .^ E9 3FD4FFFF jmp winmine4.01001EFA
完工!
8.JPG 成品下载
winmine4.rar
