饥荒控制台文字进去后,出现一行文字。点那边都会退出怎么办?
点击联系发帖人
时间:2018-01-24 12:14
&>&&>&&>&正文
饥荒 各版本存档位置详解及替换存档方法
14:14:06 来源:饥荒游戏吧 作者:LC_1992
第1页:原版
《饥荒》这款游戏很多玩家想下载其他玩家的存档进行使用,可是因为无法找到存档位置而有些苦恼,下面小编就为大家介绍一下各版本的存档位置,以及存档替换的方法,希望对各位玩家有所帮助。
本文正确使用流程:
阅读并理解概念
进行准备工作(确保存档存在)
确定你的游戏版本,根据你的游戏版本,阅读本人提供的对应方法,并进行操作。如果成功找到存档,那么恭喜。
如果失败,请尝试另一个版本的对应方法,如果成功,说明你版本判定错误了。不过还是恭喜。如果还是失败,请尝试方法Ⅹ,如果成功。。恭喜
如果还是失败,请查看关于方法Ⅹ的补充说明
首先,说明几点概念,请认真阅读,否则如果出现各种无意义问题,别怪本人语气强烈。
1.原版
此版本由英文原版破解后制成,没有其他改动(无汉化),是最接近原版的版本。
2.游民星空免安装中文硬盘版
由游民星空免安装中文硬盘版网站制作的版本,汉化质量可以接受,是广为流传的饥荒版本。
最新版下载页面:
3.其他版本
由各种其他途径获取的饥荒游戏。比如从各种【游戏盒子】【软件管家】【下载站】等,版本非常混乱不堪,有些是由游民星空免安装中文硬盘的旧版本修改而成,有些则是一些小厂商自行封装而成。
强烈不推荐使用。此类饥荒的存档位置也是最难找的。
非常重要!
也是本人一直非常无语的一个地方。找存档位置、你得先有存档可找吧?
那你是不是得先运行下游戏建个档?
就无数人说找不到档,要不就是根本没运行过游戏,那当然哪个路径都不存在了;要不就是运行了游戏但是没有开始个新游戏、那样你就算找到了存档位置,它不也是空的嘛!对于这类人,本人只想说。请让你的脑子继续飞翔吧思密达!所以。开始下面的步骤前,先运行饥荒游戏,并点开始游戏,新建个世界,玩一会儿,按esc,点【保存退出】,退出游戏,再开始找存档位置。
(如果你确定你已经有旧存档存在了,此步可忽略)
准备完毕后,请对号入座:
如果你的饥荒版本是原版:请使用方法Ⅰ
如果你的饥荒版本是游民星空免安装中文硬盘版:请使用方法Ⅱ
如果你的饥荒版本是其他版本:本人首先建议你,换用以上两种游戏版本之一。
如果执意要用其他版本进行游戏,请使用方法Ⅹ。
如果你看到本文这个位置,还不能分辨你的饥荒游戏版本,那么你可以:
1.返回开头重新阅读、
2.自行绕开本文之后的内容、
既不愿意1也不愿意2,那你可以选择3:无脑依次按文章顺序进行本人的演示的操作。说不定也能找到、、
适用于原版
由于Win7 Win8 XP操作方法都基本大同小异,所以仅以Win7为例说明。
1.双击桌面的计算机图标。
2.在下面找到你的操作系统,选中对应的下面那一行路径,并右键复制。
%Userprofile%\My Documents\Klei\DoNotStarve\save
%Userprofile%\Documents\Klei\DoNotStarve\save
3.复制完成后,在下图【红色箭头】处点一下【左键】,再点一下【右键】选择【粘贴】:
4.完成后,效果如下图:
这时候,这时候,麻烦你们。直接回车,不要手贱点搜索
至此,存档位置就在你眼前了。
《饥荒》巨人的统治精华文章推荐
《饥荒》联机版精华文章推荐
更多相关内容请关注:
责任编辑:Shy夏夏
友情提示:支持键盘左右键“← →”翻页
本文是否解决了您的问题
文章内容导航
第1页:原版
用手机访问
扫一扫,手机浏览
相关攻略:
游戏制作:Klei Entertainment
游戏发行:Klei Entertainment
游戏平台:PC/PS4/PS Vita
上市时间:
单机游戏下载
综合热点资讯
游民星空联运游戏> 饥荒应用程序无法正常启动,重装了好几次,每次一打开就会跳出来,我是在快玩里面下的,现在玩不了,怎么办啊,求大神!
补充:有图有真相,这怎莫办? 满意答案
http://pan.baidu.com/s/1hqiTP5a 我网盘有最新版,你可以看看
发表我的评论打开word文档文件后在文中的内容一点鼠标总是跳到第一页第一行的处理办法_百度文库
两大类热门资源免费畅读
续费一年阅读会员,立省24元!
打开word文档文件后在文中的内容一点鼠标总是跳到第一页第一行的处理办法
长江大学教师|
总评分4.3|
浏览量49877
用知识赚钱
阅读已结束,下载文档到电脑
想免费下载更多文档?
定制HR最喜欢的简历
你可能喜欢额,搜到了这个问题,我就随便答一下吧,下面都是我的猜测,正确与否自行判断。&br&&br&&b&一、用的什么引擎?&/b&&br&不知道,推测可能是cocos-2d或者他们自己写的一个框架。&br&&br&&ul&&li&Don't Starve 用&a href=&//link.zhihu.com/?target=http%3A//www.fmod.org/& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&FMOD&i class=&icon-external&&&/i&&/a&来处理声音,在data\sound\目录下的文件可以用fmod_eventplayer.exe这个程序来编辑。&/li&&li&Don't Starve 的图片好像是用类似PVR格式的纹理加载的。数据目录下面所有后缀是*.tex的就是纹理文件。每一个纹理还有一个同名的xml文件来描述资源。这些纹理可以用Don't Starve 的TEXTools程序查看,用&a href=&//link.zhihu.com/?target=https%3A//github.com/nsimplex/ktools& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&nsimplex/ktools · GitHub&i class=&icon-external&&&/i&&/a&和png格式的图片相互转换。&/li&&li&Don't Starve 的动画文件用&a href=&//link.zhihu.com/?target=http%3A//www.brashmonkey.com/& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&Spriter 2D sprite animation character creation software.&i class=&icon-external&&&/i&&/a&制作。可以用Don't Starve Mod Tools 工具将Spriter的动画文件弄成Don't Starve 能载入的动画文件。Don't Starve 的动画文件本质上包括三部分,一个anim.bin的二进制文件用来描述动画,多个atlas-xxx.tex的纹理文件用来放置动画需要的文件,bulid.bin承担描述纹理文件的作用。之后将这些文件压缩成zip文件,主要提高加载速度。用上面提到的ktools可以将饥荒的动画文件转换成Spriter能编辑的格式。不过anim.bin,bulid.bin,atlas-xxx.tex,这些文件不一定每个动画文件都有,比如那些角色共用一套anim.bin动画文件,每个角色只是纹理换了一下。所以用ktools转换不成功时,注意分析这些动画的依赖关系,把对应的打包成zip,就行了。&/li&&/ul&因为上面所说的都在cocos-2d里面都有用到,所以我才推测它是cocos-2d的。 &br&--------------------------------------------------------------&br&&b&二、怎么组织的游戏世界?&/b&&br&我几个月前翻译过国外的一篇介绍游戏世界的生成方式的文章,在这里&a href=&//link.zhihu.com/?target=http%3A//blog.csdn.net/czfblog/article/details/& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&【饥荒】关于随机地图生成的方式&i class=&icon-external&&&/i&&/a&。BTW,这个博客里还有几篇关于饥荒的,有兴趣可以看一下。&br&&br&&ul&&li&Don't Starve使用&a href=&//link.zhihu.com/?target=http%3A//www.mapeditor.org/& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&Tiled Map Editor&i class=&icon-external&&&/i&&/a& 来编辑地图块,Tiled是开源的哟。Don't Starve的地图是随机生成的,但是也有一些内在联系,比如pigking只会出现在森林边上,而且每一个pigking周围都有四个sanityrock(好像是叫这个?),这些东东的位置就是用Tiled编辑出来的,此外还有一大堆,在Static Layouts目录下。&br&&/li&&li&一个Room有多个Static Layouts&/li&&li&一个Task有多个Room,还有几个key,lock。&/li&&li&生成地图就把对应的key和lock拼接起来,可以保证地图的连贯性。&/li&&/ul&-------------------------------------------------------------------------&br&&br&&b&三、&/b&&b&反正就是&/b&&b&详细一点的吧。&/b&&br&要详细的话我就随便写写,想到那写那。&br&&br&&b&1.面向对象&/b&&br&Don't Starve 主要用Lua脚本实现游戏逻辑,大体上,饥荒的Lua部分采用面向对象的编程范式,在class.lua文件里用lua metatable实现了一套面向对象的系统,可实现类的继承。&br&在饥荒里基本上每一个类都由一个独立的脚本文件定义,这些个脚本文件大体结构如下:&br&&div class=&highlight&&&pre&&code class=&language-lua&&&span class=&nb&&require&/span& &span class=&s2&&&&/span&&span class=&s&&class&&/span& &span class=&c1&&--载入class文件&/span&
&span class=&kd&&local&/span& &span class=&n&&baseclass&/span&&span class=&o&&=&/span&&span class=&nb&&require&/span& &span class=&s2&&&&/span&&span class=&s&&baseclass&&/span&
&span class=&c1&&--基类,有时没有&/span&
&span class=&c1&&--这里可以载入其他的东东&/span&
&span class=&c1&&--创建继承基类的子类&/span&
&span class=&c1&&--为了不污染全局变量域,使用local关键字&/span&
&span class=&c1&&--没有基类时,这样写:&/span&
&span class=&c1&&--~local childclass=Class(function (self,...)&/span&
&span class=&kd&&local&/span& &span class=&n&&childclass&/span&&span class=&o&&=&/span&&span class=&n&&Class&/span&&span class=&p&&(&/span&&span class=&n&&baseclass&/span&&span class=&p&&,&/span&&span class=&k&&function&/span& &span class=&p&&(&/span&&span class=&n&&self&/span&&span class=&p&&,&/span&&span class=&o&&...&/span&&span class=&p&&)&/span&
&span class=&n&&self&/span&&span class=&p&&.&/span&&span class=&n&&value&/span&&span class=&o&&=&/span&&span class=&mi&&0&/span&
&span class=&c1&&--属性&/span&
&span class=&c1&&--初始化函数内容&/span&
&span class=&k&&end&/span&&span class=&p&&)&/span&
&span class=&c1&&--方法&/span&
&span class=&k&&function&/span& &span class=&nf&&childclass&/span&&span class=&p&&:&/span&&span class=&n&&fn&/span&&span class=&p&&(&/span&&span class=&o&&...&/span&&span class=&p&&)&/span&
&span class=&k&&end&/span&
&span class=&c1&&--因为使用了local,所以要返回,其他文件才能接收到&/span&
&span class=&k&&return&/span& &span class=&n&&childclass&/span&
&/code&&/pre&&/div&如果你了解了饥荒时如何实现面向对象的,看饥荒的源码就可以很快速的理解了。&br&&br&&b&2.代码与资源分布&/b&&br&下面列出了饥荒中各个文件或文件夹的作用:&br&(以*结尾的,该文件夹里就是一堆上面所说的类)&br&&div class=&highlight&&&pre&&code class=&language-bash&&├─bin
二进制程序文件
├─data 数据目录
├─bigportraits
人物肖像纹理
好像是用来放置于天气相关纹理的
├─images
主要纹理放置目录
├─levels
放置地皮纹理
├─minimap
├─models
未知,猜测与洞穴有关
├─scriptlibs
一些用lua实现的库,用来网络通信与json字符串处理
├─scripts
主要的lua脚本目录
├─behaviours
├─brains
├─cameras
相机,用来控制玩家所能看到的视野*
├─components
组件,一组通用的,用来描述物品的代码*
├─languages
语言文件,国际化用的
地图相关代码*
├─levels
世界模式,有生存,冒险,洞穴等等
├─static_layouts
Tasks,上面那些具体去看博客
卖萌用的,直接在命令行运行,有只会动的大象^.^
├─prefabs
定义世界里所有的物品
├─scenarios
场景,也就是贴吧所说的彩蛋
├─screens
├─stategraphs
状态机或状态图,用来和AI一起控制动物(和植物?)的运动
└─widgets
界面小部件(按钮,文本框etc.)*
├─shaders
└─mods 插件放置目录
&/code&&/pre&&/div&此外,data文件里还有DLC0001目录,这个目录来放置DLC版本的文件,结构和data目录一样。&br&&br&&br&&br&&br&&br&下面就一大堆网址:&br&&a href=&//link.zhihu.com/?target=https%3A//github.com/kleientertainment/ds_mod_tools& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&kleientertainment/ds_mod_tools · GitHub&i class=&icon-external&&&/i&&/a& 游戏官方发布的mod工具,拿来自动转换纹理和动画,在win和ubuntu下编译成功。&br&&a href=&//link.zhihu.com/?target=https%3A//github.com/nsimplex/ktools& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&nsimplex/ktools · GitHub&i class=&icon-external&&&/i&&/a& Ktools 工具,可以把tex纹理和png图片相互转换。还可以转换动画文件。&br&&a href=&//link.zhihu.com/?target=https%3A//github.com/nsimplex/wicker& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&nsimplex/wicker · GitHub&i class=&icon-external&&&/i&&/a& 一个饥荒Mod框架。&br&&a href=&//link.zhihu.com/?target=https%3A//github.com/debugman18/UpAndAway& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&debugman18/UpAndAway · GitHub&i class=&icon-external&&&/i&&/a& 一个大型饥荒Mod《天堂》,利用上面的wicker写的。&br&&a href=&//link.zhihu.com/?target=https%3A//github.com/jkolokotronis/dsmods& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&jkolokotronis/dsmods · GitHub&i class=&icon-external&&&/i&&/a&
还是一个大型mod《黑夜英雄》,不过真的有点大,400多M,翻下墙再去克隆。
额,搜到了这个问题,我就随便答一下吧,下面都是我的猜测,正确与否自行判断。 一、用的什么引擎? 不知道,推测可能是cocos-2d或者他们自己写的一个框架。 Don't Starve 用来处理声音,在data\sound\目录下的文件可以用fmod_eventplayer.exe这个程序…
&figure&&img src=&https://pic3.zhimg.com/1655feb05cd5d744ab663bd_b.jpg& data-rawwidth=&1920& data-rawheight=&1080& class=&origin_image zh-lightbox-thumb& width=&1920& data-original=&https://pic3.zhimg.com/1655feb05cd5d744ab663bd_r.jpg&&&/figure&新写一篇文章,以纪念在制作和调试饥荒游戏LuaJIT桥接PATCH中探过的雷区。&p&本文大体已经更新完结,如有新的内容会及时补充。&br&&/p&&p&关于饥荒游戏的介绍,直接看这个答案好了:&a href=&https://www.zhihu.com/question/& class=&internal&&&span class=&invisible&&https://www.&/span&&span class=&visible&&zhihu.com/question/2128&/span&&span class=&invisible&&2202&/span&&span class=&ellipsis&&&/span&&/a&&/p&&p&关于本插件的详细介绍,下载及源码请点击:&a href=&http://link.zhihu.com/?target=https%3A//paintdream.github.io/DontStarveLuaJIT/& class=& external& target=&_blank& rel=&nofollow noreferrer&&&span class=&invisible&&https://&/span&&span class=&visible&&paintdream.github.io/Do&/span&&span class=&invisible&&ntStarveLuaJIT/&/span&&span class=&ellipsis&&&/span&&/a&&/p&&p&本文所用到的软件:OllyDBG 2.01、Microsoft Visual C++ 2008&/p&&br&&p&-----------------------------------------我是分割线------------------------------------------------&/p&&p&&b&0x00 神船搁浅&/b&&/p&&p&我要给饥荒写PATCH,并不是一个刚开始就计划好的事情。饥荒发布于Steam平台并且添加了创意工坊,里面有很多好的、差的、能用的、不能用的、原创的以及抄的Mods,大部分都维护得很好,开游戏时连存档带MOD设置都会被云同步更新,几乎可以是完美了。&/p&&p&然而唯一的美中不足似乎是:这游戏居然很吃配置。N年前买的神船竟然会在玩久了之后就会时不时顿卡,以至于到后来居然越来越卡了。虽然i7-3610QM+GT650M在现在看来也比较渣,但是至少跑跑dota2中配都还很流畅,也不至于在饥荒上惨成这样。&/p&&p&打开任务管理器瞄一眼,发现情况还是很有意思的。在卡顿的时候,CPU只有两个核心满载运行,其余都在打酱油——通过暂停-恢复的办法观察CPU占用率,可以得出结论,CPU0是负责渲染的线程,CPU6是负责脚本逻辑的线程。&/p&&p&&figure&&img src=&http://pic2.zhimg.com/e61b23a34abda57c9dfb88c_b.png& data-rawheight=&519& data-rawwidth=&345& class=&content_image& width=&345&&&/figure&卡顿是来自于两方面的,一方面如果绘制的对象较多,机器就会明显开始变卡。这时CPU0的使用率会明显下降,说明有大量绘制指令阻塞了渲染管线,导致绘制线程长期处于等待渲染完成的阻塞状态。同时用户的输入反馈也会被明显阻滞,推测读取用户输入的相关代码也是在这个线程中执行的(饥荒使用了DirectInput来读取键盘操作)。饥荒本身这种哥特式的画风,使用一些预制的纹理搞搞Billboard贴图就可以做出伪2D的画面效果了,渲染本身压力应该不算大。但是考虑到ES版本低的限制用不了Instanced Draw,很可能是每个对象都对应一个draw call,并且每个对象绘制时都重复提交了大量数据,导致带宽用尽。不过这方面我现在还没有做仔细的研究,仅仅是猜测而已。&/p&&p&另一方面如果脚本的逻辑过于复杂,也会明显变卡。这时CPU6将会被占满,而由于逻辑帧与渲染帧同步的关系,CPU0的占用率会变低。这方面的问题相对来说比较严重,因为为了好玩大家都会加载很多MODs,Shipwrecked DLC新增加的游戏特性也非常吃CPU,导致大家在玩这个DLC时感受到的卡顿远远比原版或者Reign of Giants DLC时要明显得多。因此在很多论坛上大家解决这个卡顿的办法只有——别开那么多MOD,换个好点的电脑。&/p&&p&本文尝试解决的是脚本逻辑引起的卡顿。&/p&&p&&b&0x01 积重难返&/b&&br&&/p&&p&好消息是饥荒使用了我比较熟悉的lua 5.1.4作为脚本引擎(但是实际上我更希望看到的是lua 5.3),并且随游戏附送了所有的lua脚本(大约18万行,不算DLC),所有的逻辑都是在脚本中实现的。&/p&&p&研究了几个小时后发现,作者似乎仅仅是把它当作一个工具来用,没有专门在lua特性上下功夫。为了写起来更方便和熟悉,当需要异步操作时,大部分的需求都是通过C层面支持的时钟回调(往往配合全局任务队列)来完成的。这个设计也给我造成了麻烦,因为它会使原本完整的逻辑从中断开,调试时打印调用堆栈就只能看到当前事件触发后的逻辑。&/p&&p&那么,为什么不用coroutine呢?我搜了下源码,有三个地方对coroutine进行了封装,其中两个是有关网络的第三方库,主要负责发邮件之类的工作 ,和游戏逻辑没什么关系。唯一用到的就是调度器添加任务的时候,为每一个新任务创建一个coroutine,然后调度的时候枚举所有任务一个个执行。&/p&&p&然而,这个coroutine似乎仅仅是由来保存一个独立执行栈的——调度器对它的操作仅仅是从队列中取出然后执行完删掉。全部代码中只有9个很少执行到的地方用到了Yield()。个人觉得这个coroutine的用法值得商榷——毕竟coroutine本身还是有一点点开销的,而且绝大多数异步需求还是用回调来完成的。&/p&&p&从lua代码架构上看,这套脚本自己实现了一个简单的类似C++的面向对象框架,模块的封装比较任性,耦合度也有点高,经常会出现在底层框架代码中去加一些代码来控制上层实现逻辑的代码。而它发布的两个DLC并不是在原有代码框架上开发的扩展包,而是直接把代码复制出来进行修改的,估计最初写的时候也没想要有个DLC……&/p&&p&可以看出,游戏本身应该是直接从一个简单的原型一步步迭代上来的,虽然在开发的过程中有过抽象和封装,但是积重难返,大体的结构已经固定,没有什么简单的优化空间了。脚本负责了太重的任务,并行方面做的工作也不多,试图直接优化现有代码对于我来说已经成了死局。&/p&&p&因此把lua引擎替换为LuaJIT已经成了为数不多的可以让程序运行起来不那么卡的选择了。虽然从道理上讲,这也只能算是治标不治本,但是好歹能有的玩啊。&/p&&p&&b&0x02 横生枝节&/b&&/p&&p&但是事情远远没有想的那么简单。我最初以为直接把饥荒可能用到的lua51.dll换成luajit.dll就万事大吉了,然而翻遍了安装目录也没看到lua51.dll库的影子。那么次一点的结果就是LUA被封装在了别的DLL里,由dontstarve_steam.exe启动时加载。然而最终发现lua引擎是直接作为静态库或者源码编译进主程序的,这是最糟糕的结果。&/p&&p&这个麻烦在于,我们知道exe通常不需要导出函数(仔细看了下dontstarve_steam.exe确实没导出),那么如何定位lua api在exe中的位置就成了首要解决的问题。&/p&&p&EXE中lua api的布局和DLL中是完全不一样的:编译器可以剪掉那些没被引用到的函数与常量,也可以重排函数的顺序。想要通过公开的或者凑巧的办法定位到这些函数是不可能的。那么就剩下了三条路:直接改EXE,硬编码与特征码搜索。&/p&&p&直接改EXE或者硬编码相应函数的RVA看起来简单粗暴,但是万一饥荒EXE更新了就得新发布个版本,而且为了得到地址还得手工用特征码先搜索并较正一遍。想了想还是用特征码吧,而且还要尽量做成非侵入式的,这样就可以有效地兼容饥荒自己的更新。&/p&&p&&b&0x03 探针计划&/b&&/p&特征码搜索需要先找到每个函数对应的特征码。为此我的思路是,先编译一份原汁原味的lua 5.1.4的DLL,把LUA API设置为导出,这样就能得到每个API的地址,进而用函数开头的二进制指令作为特征码在EXE中进行搜索。接下来,只需要把搜索到的源地址和名字一一对应起来,然后加载luajit.dll就可以再通过kernel32.dll!GetProcAddress拿到目标地址,通过inline hook将源地址处的执行流导向目标地址。由于这些hooks不需要执行原函数,计算跳板所保留的原函数头部字节数也就没有必要了。&p&不同的编译器生成目标代码时的算法都是很不一样的,甚至就算是同一系列的编译器,随着版本更新也会有不同。那么应该用什么来编译原版lua DLL呢?当然是与饥荒主程序保持一致。OllyDBG告诉我们答案:MSVC9,即Microsoft Visual C++ 2008。&/p&&figure&&img src=&http://pic1.zhimg.com/04da3c510db72fc7afa61b_b.png& data-rawheight=&409& data-rawwidth=&601& class=&origin_image zh-lightbox-thumb& width=&601& data-original=&http://pic1.zhimg.com/04da3c510db72fc7afa61b_r.png&&&/figure&&br&&p&然而在开始编码之前,先要解决的问题是:怎么让我的代码得到执行?&/p&&p&很明显如果想要做非侵入式的Patch,要么额外写一个启动器,要么通过某种技巧让我们的代码在游戏启动时得到执行。官方的MOD机制允许自定义mod在游戏初始化的时候执行lua代码,然而这时候lua引擎已经建立,再替换就晚了,肯定不行。&/p&&p&于是我的目光移动到exe依赖的那些DLL上,看看有什么偷梁换柱的策略。所谓的偷梁换柱就是指,针对目标EXE所依赖的DLL,写一个傀儡DLL,名字和导出函数都和目标DLL一样,然后放在EXE目录中就可以在EXE启动时被加载。加载后再手动用kernel32.dllLoadLibraryA/W加载目标DLL,并把导出的函数都转接到目标DLL中对应的函数里去。早些年一些病毒为了禁用杀毒软件,就在杀毒软件安装目录下放一个假的ws2_32.dll,这样杀毒软件启动时就会崩溃或者被劫持。注意一些系统核心的DLL是不受这个影响的,如kernel32.dll, ntdll.dll等)&/p&&p&饥荒主程序目录下那些DLL大多都是C++写的,导出函数的名字都是经过name decoration的,处理起来会比较麻烦。加之导出函数的数量也很多,有点不划算。&/p&&p&找了半天,最佳的选择是DINPUT8.DLL,这个DLL是DirectInput所需要的。选择它的原因是dontstarve_steam.exe只从其中导入了一个函数DirectInput8Create,用来创建DirectInput的设备对象,由于这个对象是用COM封装的,所以DLL不再需要导出其成员函数,导入表项因此就简洁了很多。还有一个好处,由于它是处于系统目录中的DLL,替换它不需要替换原有的DLL,只需要在EXE目录中放置即可被加载,是完美的非侵入式PATCH的选择。&br&&/p&&figure&&img src=&http://pic2.zhimg.com/3f6fe4799_b.png& data-rawheight=&253& data-rawwidth=&422& class=&origin_image zh-lightbox-thumb& width=&422& data-original=&http://pic2.zhimg.com/3f6fe4799_r.png&&&/figure&&p&如前文所述,你接管了DINPUT8.DLL,那么也就得实现DirectInput8Create这个函数,否则游戏启动时会找不到入口。这个很容易:&br&&/p&&div class=&highlight&&&pre&&code class=&language-c&&&span&&/span&&span class=&k&&typedef&/span& &span class=&nf&&HRESULT&/span&&span class=&p&&(&/span&&span class=&n&&WINAPI&/span& &span class=&o&&*&/span&&span class=&n&&PFNDirectInput8Create&/span&&span class=&p&&)(&/span&&span class=&n&&HINSTANCE&/span& &span class=&n&&hinst&/span&&span class=&p&&,&/span& &span class=&n&&DWORD&/span& &span class=&n&&dwVersion&/span&&span class=&p&&,&/span& &span class=&n&&REFIID&/span& &span class=&n&&riidltf&/span&&span class=&p&&,&/span& &span class=&n&&LPVOID&/span& &span class=&o&&*&/span&&span class=&n&&ppvOut&/span&&span class=&p&&,&/span& &span class=&n&&LPUNKNOWN&/span& &span class=&n&&punkOuter&/span&&span class=&p&&);&/span&
&span class=&k&&static&/span& &span class=&n&&PFNDirectInput8Create&/span& &span class=&n&&pfnDirectInput8Create&/span& &span class=&o&&=&/span& &span class=&nb&&NULL&/span&&span class=&p&&;&/span&
&span class=&n&&HRESULT&/span& &span class=&n&&WINAPI&/span& &span class=&nf&&DirectInput8Create&/span&&span class=&p&&(&/span&&span class=&n&&HINSTANCE&/span& &span class=&n&&hinst&/span&&span class=&p&&,&/span& &span class=&n&&DWORD&/span& &span class=&n&&dwVersion&/span&&span class=&p&&,&/span& &span class=&n&&REFIID&/span& &span class=&n&&riidltf&/span&&span class=&p&&,&/span& &span class=&n&&LPVOID&/span& &span class=&o&&*&/span&&span class=&n&&ppvOut&/span&&span class=&p&&,&/span& &span class=&n&&LPUNKNOWN&/span& &span class=&n&&punkOuter&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&k&&return&/span& &span class=&n&&pfnDirectInput8Create&/span&&span class=&p&&(&/span&&span class=&n&&hinst&/span&&span class=&p&&,&/span& &span class=&n&&dwVersion&/span&&span class=&p&&,&/span& &span class=&n&&riidltf&/span&&span class=&p&&,&/span& &span class=&n&&ppvOut&/span&&span class=&p&&,&/span& &span class=&n&&punkOuter&/span&&span class=&p&&);&/span&
&span class=&p&&}&/span&
&span class=&nl&&DllMain&/span&&span class=&p&&:&/span&
&span class=&n&&TCHAR&/span& &span class=&n&&systemPath&/span&&span class=&p&&[&/span&&span class=&n&&MAX_PATH&/span&&span class=&p&&];&/span&
&span class=&o&&::&/span&&span class=&n&&GetSystemDirectory&/span&&span class=&p&&(&/span&&span class=&n&&systemPath&/span&&span class=&p&&,&/span& &span class=&n&&MAX_PATH&/span&&span class=&p&&);&/span&
&span class=&n&&HMODULE&/span& &span class=&n&&hInput&/span& &span class=&o&&=&/span& &span class=&o&&::&/span&&span class=&n&&LoadLibrary&/span&&span class=&p&&(&/span&&span class=&n&&CString&/span&&span class=&p&&(&/span&&span class=&n&&systemPath&/span&&span class=&p&&)&/span& &span class=&o&&+&/span& &span class=&n&&_T&/span&&span class=&p&&(&/span&&span class=&s&&&&/span&&span class=&se&&\\&/span&&span class=&s&&DINPUT8.DLL&&/span&&span class=&p&&));&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&hInput&/span& &span class=&o&&!=&/span& &span class=&nb&&NULL&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&n&&pfnDirectInput8Create&/span& &span class=&o&&=&/span& &span class=&p&&(&/span&&span class=&n&&PFNDirectInput8Create&/span&&span class=&p&&)&/span&&span class=&o&&::&/span&&span class=&n&&GetProcAddress&/span&&span class=&p&&(&/span&&span class=&n&&hInput&/span&&span class=&p&&,&/span& &span class=&s&&&DirectInput8Create&&/span&&span class=&p&&);&/span&
&span class=&p&&}&/span&
&/code&&/pre&&/div&&p&在上面的代码里,DllMain里需要加载真正的DINPUT8.DLL,然后获取到DirectInput8Create的地址,然后才能在中继代码中CALL。需要注意的是,我们最好不要包含任何有关DirectX SDK的头文件,这些头文件往往会指定API为导入,而我们需要将同名的中继函数导出。&/p&&p&如果遇到了类型没定义的错误也不用急,按照其长度写一个等价的就行了。后文我会介绍一个更简单的制作中继函数跳板的办法。&/p&&p&那么,接下来是怎么搜的问题。我们先来编译原版lua51.dll,编译设置选择Release版本。&/p&&figure&&img src=&http://pic2.zhimg.com/a5b0dab4785b9_b.png& data-rawheight=&600& data-rawwidth=&800& class=&origin_image zh-lightbox-thumb& width=&800& data-original=&http://pic2.zhimg.com/a5b0dab4785b9_r.png&&&/figure&&br&&p&如果在用kernel32.dll!LoadLibraryA/W加载了原版的lua51.dll之后,直接拿API函数开始的二进制码去做搜索,只能搜索到一小部分函数。这是由于DLL中的代码需要根据.reloc节的信息进行重定位,需要定位的地方二进制值会变,因此纯粹的memcmp行不通。&/p&&p&在这里我直接采用了一个较简单但是相对耗时的策略:在搜索时利用反汇编引擎XDE32一条条解析指令格式,发现需要重定位的指令,就读取地址处的值代替地址本身充当特征码。&/p&&div class=&highlight&&&pre&&code class=&language-c&&&span&&/span&&span class=&k&&while&/span& &span class=&p&&(&/span&&span class=&n&&target&/span& &span class=&o&&&&/span& &span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&instr&/span& &span class=&o&&+&/span& &span class=&n&&INSTR_SIZE&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&n&&xde_disasm&/span&&span class=&p&&((&/span&&span class=&n&&BYTE&/span&&span class=&o&&*&/span&&span class=&p&&)&/span&&span class=&n&&c&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&instr&/span&&span class=&p&&);&/span&
&span class=&kt&&int&/span& &span class=&n&&len&/span& &span class=&o&&=&/span& &span class=&n&&instr&/span&&span class=&p&&.&/span&&span class=&n&&len&/span&&span class=&p&&;&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&len&/span& &span class=&o&&==&/span& &span class=&mi&&0&/span&&span class=&p&&)&/span&
&span class=&k&&break&/span&&span class=&p&&;&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&instr&/span&&span class=&p&&.&/span&&span class=&n&&opcode&/span& &span class=&o&&==&/span& &span class=&mh&&0x68&/span& &span class=&o&&||&/span& &span class=&n&&instr&/span&&span class=&p&&.&/span&&span class=&n&&addrsize&/span& &span class=&o&&==&/span& &span class=&mi&&4&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&c1&&// read memory data&/span&
&span class=&n&&PVOID&/span& &span class=&n&&addr&/span& &span class=&o&&=&/span& &span class=&n&&instr&/span&&span class=&p&&.&/span&&span class=&n&&opcode&/span& &span class=&o&&==&/span& &span class=&mh&&0x68&/span& &span class=&o&&?&/span& &span class=&o&&*&/span&&span class=&p&&(&/span&&span class=&n&&PVOID&/span&&span class=&o&&*&/span&&span class=&p&&)(&/span&&span class=&n&&c&/span& &span class=&o&&+&/span& &span class=&mi&&1&/span&&span class=&p&&)&/span& &span class=&o&&:&/span& &span class=&p&&(&/span&&span class=&n&&PVOID&/span&&span class=&p&&)&/span&&span class=&n&&instr&/span&&span class=&p&&.&/span&&span class=&n&&addr_l&/span&&span class=&p&&[&/span&&span class=&mi&&0&/span&&span class=&p&&];&/span&
&span class=&kt&&char&/span& &span class=&n&&buf&/span&&span class=&p&&[&/span&&span class=&mi&&16&/span&&span class=&p&&];&/span&
&span class=&n&&memset&/span&&span class=&p&&(&/span&&span class=&n&&buf&/span&&span class=&p&&,&/span& &span class=&mi&&0&/span&&span class=&p&&,&/span& &span class=&k&&sizeof&/span&&span class=&p&&(&/span&&span class=&n&&buf&/span&&span class=&p&&));&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&addr&/span& &span class=&o&&!=&/span& &span class=&nb&&NULL&/span& &span class=&o&&&&&/span& &span class=&o&&::&/span&&span class=&n&&ReadProcessMemory&/span&&span class=&p&&(&/span&&span class=&o&&::&/span&&span class=&n&&GetCurrentProcess&/span&&span class=&p&&(),&/span& &span class=&n&&addr&/span&&span class=&p&&,&/span& &span class=&n&&buf&/span&&span class=&p&&,&/span& &span class=&mi&&4&/span&&span class=&p&&,&/span& &span class=&nb&&NULL&/span&&span class=&p&&))&/span& &span class=&p&&{&/span&
&span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&stringList&/span&&span class=&p&&.&/span&&span class=&n&&push_back&/span&&span class=&p&&(&/span&&span class=&n&&std&/span&&span class=&o&&::&/span&&span class=&n&&make_pair&/span&&span class=&p&&(&/span&&span class=&n&&addr&/span&&span class=&p&&,&/span& &span class=&n&&std&/span&&span class=&o&&::&/span&&span class=&n&&string&/span&&span class=&p&&(&/span&&span class=&n&&buf&/span&&span class=&p&&)));&/span&
&span class=&p&&}&/span&
&span class=&n&&BYTE&/span& &span class=&n&&temp&/span&&span class=&p&&[&/span&&span class=&mi&&16&/span&&span class=&p&&];&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&instr&/span&&span class=&p&&.&/span&&span class=&n&&opcode&/span& &span class=&o&&==&/span& &span class=&mh&&0x68&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&n&&memcpy&/span&&span class=&p&&(&/span&&span class=&n&&temp&/span&&span class=&p&&,&/span& &span class=&n&&c&/span&&span class=&p&&,&/span& &span class=&n&&instr&/span&&span class=&p&&.&/span&&span class=&n&&len&/span&&span class=&p&&);&/span&
&span class=&o&&*&/span&&span class=&p&&(&/span&&span class=&n&&PVOID&/span&&span class=&o&&*&/span&&span class=&p&&)(&/span&&span class=&n&&temp&/span& &span class=&o&&+&/span& &span class=&mi&&1&/span&&span class=&p&&)&/span& &span class=&o&&=&/span& &span class=&o&&*&/span&&span class=&p&&(&/span&&span class=&n&&PVOID&/span&&span class=&o&&*&/span&&span class=&p&&)&/span&&span class=&n&&buf&/span&&span class=&p&&;&/span&
&span class=&p&&}&/span& &span class=&k&&else&/span& &span class=&p&&{&/span&
&span class=&n&&instr&/span&&span class=&p&&.&/span&&span class=&n&&addr_l&/span&&span class=&p&&[&/span&&span class=&mi&&0&/span&&span class=&p&&]&/span& &span class=&o&&=&/span& &span class=&o&&*&/span&&span class=&p&&(&/span&&span class=&kt&&long&/span&&span class=&o&&*&/span&&span class=&p&&)&/span&&span class=&n&&buf&/span&&span class=&p&&;&/span&
&span class=&n&&xde_asm&/span&&span class=&p&&(&/span&&span class=&n&&temp&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&instr&/span&&span class=&p&&);&/span&
&span class=&p&&}&/span&
&span class=&n&&memcpy&/span&&span class=&p&&(&/span&&span class=&n&&target&/span&&span class=&p&&,&/span& &span class=&n&&temp&/span&&span class=&p&&,&/span& &span class=&n&&len&/span& &span class=&o&&+&/span& &span class=&n&&target&/span& &span class=&o&&&&/span& &span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&instr&/span& &span class=&o&&+&/span& &span class=&n&&INSTR_SIZE&/span& &span class=&o&&?&/span& &span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&instr&/span& &span class=&o&&+&/span& &span class=&n&&INSTR_SIZE&/span& &span class=&o&&-&/span& &span class=&nl&&target&/span& &span class=&p&&:&/span& &span class=&n&&len&/span&&span class=&p&&);&/span&
&span class=&p&&}&/span& &span class=&k&&else&/span& &span class=&p&&{&/span&
&span class=&n&&memcpy&/span&&span class=&p&&(&/span&&span class=&n&&target&/span&&span class=&p&&,&/span& &span class=&n&&c&/span&&span class=&p&&,&/span& &span class=&n&&len&/span& &span class=&o&&+&/span& &span class=&n&&target&/span& &span class=&o&&&&/span& &span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&instr&/span& &span class=&o&&+&/span& &span class=&n&&INSTR_SIZE&/span& &span class=&o&&?&/span& &span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&instr&/span& &span class=&o&&+&/span& &span class=&n&&INSTR_SIZE&/span& &span class=&o&&-&/span& &span class=&nl&&target&/span& &span class=&p&&:&/span& &span class=&n&&len&/span&&span class=&p&&);&/span&
&span class=&p&&}&/span&
&span class=&n&&c&/span& &span class=&o&&+=&/span& &span class=&n&&len&/span&&span class=&p&&;&/span&
&span class=&n&&target&/span& &span class=&o&&+=&/span& &span class=&n&&len&/span&&span class=&p&&;&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&o&&!&/span&&span class=&n&&edge&/span&&span class=&p&&)&/span&
&span class=&n&&validLength&/span& &span class=&o&&+=&/span& &span class=&n&&len&/span& &span class=&o&&+&/span& &span class=&n&&target&/span& &span class=&o&&&&/span& &span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&instr&/span& &span class=&o&&+&/span& &span class=&n&&INSTR_SIZE&/span& &span class=&o&&?&/span& &span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&instr&/span& &span class=&o&&+&/span& &span class=&n&&INSTR_SIZE&/span& &span class=&o&&-&/span& &span class=&nl&&target&/span& &span class=&p&&:&/span& &span class=&n&&len&/span&&span class=&p&&;&/span&
&span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&lengthHist&/span&&span class=&p&&[&/span&&span class=&n&&len&/span&&span class=&p&&]&/span&&span class=&o&&++&/span&&span class=&p&&;&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&o&&*&/span&&span class=&n&&c&/span& &span class=&o&&==&/span& &span class=&mh&&0xCC&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&n&&edge&/span& &span class=&o&&=&/span& &span class=&nb&&true&/span&&span class=&p&&;&/span&
&span class=&p&&}&/span&
&span class=&p&&}&/span&
&/code&&/pre&&/div&&p&具体到匹配算法,为了避免因微小长度差异而导致整体错位,我没有直接memcmp,而是用了最长公共子串的动态规划算法,时间和空间复杂度都为O(N * N)。对于不太长的特征序列,性能上的损失可以接受。&/p&&div class=&highlight&&&pre&&code class=&language-c&&&span&&/span&&span class=&k&&static&/span& &span class=&kt&&int&/span& &span class=&nf&&CommonLength&/span&&span class=&p&&(&/span&&span class=&k&&const&/span& &span class=&n&&BYTE&/span&&span class=&o&&*&/span& &span class=&n&&x&/span&&span class=&p&&,&/span& &span class=&kt&&int&/span& &span class=&n&&xlen&/span&&span class=&p&&,&/span& &span class=&k&&const&/span& &span class=&n&&BYTE&/span&&span class=&o&&*&/span& &span class=&n&&y&/span&&span class=&p&&,&/span& &span class=&kt&&int&/span& &span class=&n&&ylen&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&kt&&int&/span& &span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&INSTR_SIZE&/span& &span class=&o&&+&/span& &span class=&mi&&1&/span&&span class=&p&&][&/span&&span class=&n&&INSTR_SIZE&/span& &span class=&o&&+&/span& &span class=&mi&&1&/span&&span class=&p&&];&/span&
&span class=&n&&memset&/span&&span class=&p&&(&/span&&span class=&n&&opt&/span&&span class=&p&&,&/span& &span class=&mi&&0&/span&&span class=&p&&,&/span& &span class=&k&&sizeof&/span&&span class=&p&&(&/span&&span class=&n&&opt&/span&&span class=&p&&));&/span&
&span class=&k&&for&/span& &span class=&p&&(&/span&&span class=&kt&&int&/span& &span class=&n&&i&/span& &span class=&o&&=&/span& &span class=&mi&&1&/span&&span class=&p&&;&/span& &span class=&n&&i&/span& &span class=&o&&&=&/span& &span class=&n&&xlen&/span&&span class=&p&&;&/span& &span class=&n&&i&/span&&span class=&o&&++&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&k&&for&/span& &span class=&p&&(&/span&&span class=&kt&&int&/span& &span class=&n&&j&/span& &span class=&o&&=&/span& &span class=&mi&&1&/span&&span class=&p&&;&/span& &span class=&n&&j&/span& &span class=&o&&&=&/span& &span class=&n&&ylen&/span&&span class=&p&&;&/span& &span class=&n&&j&/span&&span class=&o&&++&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&x&/span&&span class=&p&&[&/span&&span class=&n&&i&/span& &span class=&o&&-&/span& &span class=&mi&&1&/span&&span class=&p&&]&/span& &span class=&o&&==&/span& &span class=&n&&y&/span&&span class=&p&&[&/span&&span class=&n&&j&/span& &span class=&o&&-&/span& &span class=&mi&&1&/span&&span class=&p&&])&/span&
&span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&i&/span&&span class=&p&&][&/span&&span class=&n&&j&/span&&span class=&p&&]&/span& &span class=&o&&=&/span& &span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&i&/span& &span class=&o&&-&/span& &span class=&mi&&1&/span&&span class=&p&&][&/span&&span class=&n&&j&/span& &span class=&o&&-&/span& &span class=&mi&&1&/span&&span class=&p&&]&/span& &span class=&o&&+&/span& &span class=&mi&&1&/span&&span class=&p&&;&/span&
&span class=&k&&else&/span&
&span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&i&/span&&span class=&p&&][&/span&&span class=&n&&j&/span&&span class=&p&&]&/span& &span class=&o&&=&/span& &span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&i&/span& &span class=&o&&-&/span& &span class=&mi&&1&/span&&span class=&p&&][&/span&&span class=&n&&j&/span&&span class=&p&&]&/span& &span class=&o&&&&/span& &span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&i&/span&&span class=&p&&][&/span&&span class=&n&&j&/span& &span class=&o&&-&/span& &span class=&mi&&1&/span&&span class=&p&&]&/span& &span class=&o&&?&/span& &span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&i&/span& &span class=&o&&-&/span& &span class=&mi&&1&/span&&span class=&p&&][&/span&&span class=&n&&j&/span&&span class=&p&&]&/span& &span class=&o&&:&/span& &span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&i&/span&&span class=&p&&][&/span&&span class=&n&&j&/span& &span class=&o&&-&/span& &span class=&mi&&1&/span&&span class=&p&&];&/span&
&span class=&p&&}&/span&
&span class=&p&&}&/span&
&span class=&k&&return&/span& &span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&xlen&/span&&span class=&p&&][&/span&&span class=&n&&ylen&/span&&span class=&p&&];&/span&
&span class=&p&&}&/span&
&/code&&/pre&&/div&&br&搜索的范围只需要设置为dontstarve_steam.exe的.text节所在范围即可,其实我在试了几个版本之后,发现.text + 0x170000之后才会有对应的lua api的函数。因此为了速度快些就直接以.text + 0x170000为地点,.text的末尾为终点了。(当然其实这么做有一定风险,不过一直懒得改。。万一哪天饥荒有大更新很可能会出错)&p&搜索到目标函数之后,标记下来,并与luajit连接即可。下面是inline hook的代码:&/p&&div class=&highlight&&&pre&&code class=&language-c&&&span&&/span&&span class=&k&&static&/span& &span class=&kt&&void&/span& &span class=&nf&&Hook&/span&&span class=&p&&(&/span&&span class=&n&&BYTE&/span&&span class=&o&&*&/span& &span class=&n&&from&/span&&span class=&p&&,&/span& &span class=&n&&BYTE&/span&&span class=&o&&*&/span& &span class=&n&&to&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&c1&&// prepare inline hook&/span&
&span class=&kt&&unsigned&/span& &span class=&kt&&char&/span& &span class=&n&&code&/span&&span class=&p&&[&/span&&span class=&mi&&5&/span&&span class=&p&&]&/span& &span class=&o&&=&/span& &span class=&p&&{&/span& &span class=&mh&&0xe9&/span&&span class=&p&&,&/span& &span class=&mh&&0x00&/span&&span class=&p&&,&/span& &span class=&mh&&0x00&/span&&span class=&p&&,&/span& &span class=&mh&&0x00&/span&&span class=&p&&,&/span& &span class=&mh&&0x00&/span& &span class=&p&&};&/span&
&span class=&o&&*&/span&&span class=&p&&(&/span&&span class=&n&&DWORD&/span&&span class=&o&&*&/span&&span class=&p&&)(&/span&&span class=&n&&code&/span& &span class=&o&&+&/span& &span class=&mi&&1&/span&&span class=&p&&)&/span& &span class=&o&&=&/span& &span class=&p&&(&/span&&span class=&n&&DWORD&/span&&span class=&p&&)&/span&&span class=&n&&to&/span& &span class=&o&&-&/span& &span class=&p&&(&/span&&span class=&n&&DWORD&/span&&span class=&p&&)&/span&&span class=&n&&from&/span& &span class=&o&&-&/span& &span class=&mi&&5&/span&&span class=&p&&;&/span&
&span class=&n&&DWORD&/span& &span class=&n&&oldProtect&/span&&span class=&p&&;&/span&
&span class=&o&&::&/span&&span class=&n&&VirtualProtect&/span&&span class=&p&&(&/span&&span class=&n&&from&/span&&span class=&p&&,&/span& &span class=&mi&&5&/span&&span class=&p&&,&/span& &span class=&n&&PAGE_READWRITE&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&oldProtect&/span&&span class=&p&&);&/span&
&span class=&o&&::&/span&&span class=&n&&memcpy&/span&&span class=&p&&(&/span&&span class=&n&&from&/span&&span class=&p&&,&/span& &span class=&n&&code&/span&&span class=&p&&,&/span& &span class=&mi&&5&/span&&span class=&p&&);&/span&
&span class=&o&&::&/span&&span class=&n&&VirtualProtect&/span&&span class=&p&&(&/span&&span class=&n&&from&/span&&span class=&p&&,&/span& &span class=&mi&&5&/span&&span class=&p&&,&/span& &span class=&n&&oldProtect&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&oldProtect&/span&&span class=&p&&);&/span&
&span class=&p&&}&/span&
&/code&&/pre&&/div&&p&(个人比较喜欢0xE8/0xE9这种HOOK,不需要改寄存器,长度也很短。当然也可以用PUSH+RET, FF 15/25 即CALL/JMP DWORD PTR [ADDR]的,各有所需)&/p&&br&&p&&b&0x04 引火烧身&/b&&/p&&p&写完代码,编译好DLL,并将其改名为DINPUT8.DLL。同时再编译一份luajit的DLL,重命名为luajit.dll(原来的名字是lua51.dll),再加上直接用VS2008编译lua 5.1.4源码得到的lua51.dll,总共是三个文件。&/p&&p&将这三个文件复制到饥荒的bin目录,启动游戏。(见证奇迹的时候到了!!)&/p&&p&不出意外,BOOM!程序崩溃了!!&/p&&p&客位看官不好意思,前面洋洋洒洒写了一大堆,看起来有极大可能并没有什么用。&/p&&figure&&img src=&http://pic2.zhimg.com/11a027ee4f3dcccf830215_b.jpg& data-rawheight=&237& data-rawwidth=&280& class=&content_image& width=&280&&&/figure&不过仔细想想,这也不总是悲剧,至少证明了我们还是具有了利用DINPUT8傀儡来捅篓子的能力。&br&&p&但是为什么会崩溃呢?总得有个交待啊!!通过仔细的排查(其实就是打了个LOG),发现其实有部分函数就没Hook上。&/p&&p&但是为什么没Hook上呢?前面搜索花了那么大的精力,为什么结果还是不对呢?&/p&&br&&p&&b&0x05 调试器下没有秘密&/b&&/p&&p&没办法,只能用OllyDBG调试下试试了。由于饥荒的exe你直接点击是不会启动游戏的,它只会启动STEAM,然后用STEAM再启动游戏,所以我只能在DINPUT8.DLL的DllMain里,强行加一个getchar(),然后在STEAM中启动游戏,使用OllyDBG附加调试。&/p&&p&按ALT+E打开模块列表,点击dontstarve_steam.exe,启动Search for =& All inter-modular calls,就可以看到大多数函数已经被成功HOOK了。&/p&&figure&&img src=&http://pic1.zhimg.com/18ea8a0ac9d736e158a40a2ec079c6ec_b.png& data-rawheight=&944& data-rawwidth=&1472& class=&origin_image zh-lightbox-thumb& width=&1472& data-original=&http://pic1.zhimg.com/18ea8a0ac9d736e158a40a2ec079c6ec_r.png&&&/figure&&br&&p&一个个检查HOOK的函数,发现只要是搜索到了目标,基本上就没有什么大问题。问题在于很多函数就没找到,而且吊诡的是,自己手工去用OD强大的Search Command功能去搜,放宽搜索的匹配条件,也是找不到的。&/p&&figure&&img src=&http://pic1.zhimg.com/759e8bc888bd69eb849a05d_b.jpg& data-rawheight=&52& data-rawwidth=&90& class=&content_image& width=&90&&&/figure&所以……&p&难道是……&/p&&p&那些函数压根就不存在……吗?&br&&/p&&figure&&img src=&http://pic4.zhimg.com/ed27b57e1f7ba4faad26aae469c024ff_b.jpg& data-rawheight=&78& data-rawwidth=&78& class=&content_image& width=&78&&&/figure&&p&好吧。这个结论竟然对了一半。&/p&&p&确实有些api在exe中是没有的,因为exe没用到它们,编译器在连接的时候把它们抹掉了。我于是在lua51.dll中删除了它们的导出项。&/p&&p&另一部分呢,确实是没搜索到。通过查找字符串引用逐步定位相关指令的办法(具体就不详述了),我发现了一件怪事:&/p&&p&这些API和lua 5.1.4 DLL中的api在二进制层面上差别非常大!&/p&&br&&br&&br&&b&0x06 飞轮与链条&/b&&p&如果饥荒的作者修改过这些函数的实现,那么情况就非常僵了——我得在luajit中做等价的修改。不过仔细比对后发现,事情没有那么糟糕。&/p&&p&不一致的地方主要来自于两种原因:&/p&&p&1. 部分API调用内部函数被inline&/p&&p&2. 饥荒作者删除了部分API中关于luaC_checkGC调用&/p&&br&&br&&p&对于1,参考下图:&/p&&figure&&img src=&http://pic3.zhimg.com/9efda57f47acf5a540e20bf_b.png& data-rawheight=&752& data-rawwidth=&1619& class=&origin_image zh-lightbox-thumb& width=&1619& data-original=&http://pic3.zhimg.com/9efda57f47acf5a540e20bf_r.png&&&/figure&&p&luaO_pushfstring是lua_pushfstring所调用的函数,在饥荒主程序里这个调用是被inline的,导致其与我编译的lua51.dll中lua_pushfstring的二进制码不一致。&/p&&br&&p&对于2,参考下图:&/p&&p&&figure&&img src=&http://pic3.zhimg.com/efacb334860a_b.png& data-rawheight=&752& data-rawwidth=&1573& class=&origin_image zh-lightbox-thumb& width=&1573& data-original=&http://pic3.zhimg.com/efacb334860a_r.png&&&/figure&饥荒作者删除了代码中的一些luaC_checkGC的调用,从而使得一些函数不再会触发垃圾收集。这种想法是为了避免某些BUG吗?(比如C层面持有的对象因没有维持引用而失效)还是试图降低卡顿?我不得而知。但是奇怪的是,联机版的饥荒(针对联机版的内容主要参见后文)改动的地点和单机版并不一致。(上图中我添加的luaC_checkGC_是一个空宏,等价于把GC调用删除掉)&/p&&p&经过如上的修改之后重新编译lua51.dll,我们重新制作的链条终于能和饥荒原程序的飞轮啮合在一起了。&/p&&p&&b&0x07 打包炸弹&/b&&/p&&p&启动时崩溃,按照OllyDBG的LOG跟踪到是luajit有部分常数的值太小(如函数串最多常量个数,参数列表最多参数个数),改成大一些的值即可,不在此详述了。(饥荒真是内存杀手)&/p&&p&折腾了半天,我们的破补丁总算能勉强跑起来了。顺利度过loading界面,主界面成功启动!久违的背景音乐响起~&/p&&figure&&img src=&http://pic3.zhimg.com/ca9634288eaf9d8913770e_b.png& data-rawheight=&727& data-rawwidth=&1292& class=&origin_image zh-lightbox-thumb& width=&1292& data-original=&http://pic3.zhimg.com/ca9634288eaf9d8913770e_r.png&&&/figure&&br&&p&先随便试试基本的功能吧,先点下MODS看看会不会挂……&/p&&p&由墨菲定律可知:如果一个地方你感觉会出错,那么它就会出错。。于是有插件崩溃了。&/p&&figure&&img src=&http://pic1.zhimg.com/9efa97cd533aaadf_b.png& data-rawheight=&728& data-rawwidth=&1293& class=&origin_image zh-lightbox-thumb& width=&1293& data-original=&http://pic1.zhimg.com/9efa97cd533aaadf_r.png&&&/figure&&p&虽然在游戏中按“`”键也可以打开内置的控制台,但是这里LOG显示的行数有限,且不能滚屏。于是直接打开OllyDBG的LOG看看倒底发生了什么:&/p&&figure&&img src=&http://pic3.zhimg.com/e70debf13bcb68c5a3268cae_b.png& data-rawheight=&640& data-rawwidth=&862& class=&origin_image zh-lightbox-thumb& width=&862& data-original=&http://pic3.zhimg.com/e70debf13bcb68c5a3268cae_r.png&&&/figure&&br&&p&(这些LOG是用OutputDebugString输出的,需要OllyDBG 2.0以上版本才支持在调试器内显示它们。)&/p&&p&从上面的文字中可以看出,在加载翼语MOD的时候,mods.lua第42行报错,提示'arg'这个变量没有被定义。&br&&/p&&p&那么就去看看喽:&/p&&div class=&highlight&&&pre&&code class=&language-lua&&&span&&/span&&span class=&kd&&local&/span& &span class=&n&&runmodfn&/span& &span class=&o&&=&/span& &span class=&k&&function&/span&&span class=&p&&(&/span&&span class=&n&&fn&/span&&span class=&p&&,&/span&&span class=&n&&mod&/span&&span class=&p&&,&/span&&span class=&n&&modtype&/span&&span class=&p&&)&/span&
&span class=&k&&return&/span& &span class=&p&&(&/span&&span class=&k&&function&/span&&span class=&p&&(&/span&&span class=&o&&...&/span&&span class=&p&&)&/span&
&span class=&k&&if&/span& &span class=&n&&fn&/span& &span class=&k&&then&/span&
&span class=&kd&&local&/span& &span class=&n&&status&/span&&span class=&p&&,&/span& &span class=&n&&r&/span& &span class=&o&&=&/span& &span class=&nb&&xpcall&/span&&span class=&p&&(&/span& &span class=&k&&function&/span&&span class=&p&&()&/span& &span class=&k&&return&/span& &span class=&n&&fn&/span&&span class=&p&&(&/span&&span class=&nb&&unpack&/span&&span class=&p&&(&/span&&span class=&n&&arg&/span&&span class=&p&&))&/span& &span class=&k&&end&/span&&span class=&p&&,&/span& &span class=&nb&&debug.traceback&/span&&span class=&p&&)&/span& &span class=&c1&&--&& 42&/span&
&span class=&k&&if&/span& &span class=&ow&¬&/span& &span class=&n&&status&/span& &span class=&k&&then&/span&
&span class=&nb&&print&/span&&span class=&p&&(&/span&&span class=&s2&&&&/span&&span class=&s&&error calling &&/span&&span class=&o&&..&/span&&span class=&n&&modtype&/span&&span class=&o&&..&/span&&span class=&s2&&&&/span&&span class=&s&& in mod &&/span&&span class=&o&&..&/span&&span class=&n&&ModInfoname&/span&&span class=&p&&(&/span&&span class=&n&&mod&/span&&span class=&p&&.&/span&&span class=&n&&modname&/span&&span class=&p&&)&/span&&span class=&o&&..&/span&&span class=&s2&&&&/span&&span class=&s&&: &/span&&span class=&se&&\n&/span&&span class=&s&&&&/span&&span class=&o&&..&/span&&span class=&n&&r&/span&&span class=&p&&)&/span&
&span class=&n&&ModManager&/span&&span class=&p&&:&/span&&span class=&n&&RemoveBadMod&/span&&span class=&p&&(&/span&&span class=&n&&mod&/span&&span class=&p&&.&/span&&span class=&n&&modname&/span&&span class=&p&&,&/span&&span class=&n&&r&/span&&span class=&p&&)&/span&
&span class=&n&&ModManager&/span&&span class=&p&&:&/span&&span class=&n&&DisplayBadMods&/span&&span class=&p&&()&/span&
&span class=&k&&else&/span&
&span class=&k&&return&/span& &span class=&n&&r&/span&
&span class=&k&&end&/span&
&span class=&k&&end&/span&
&span class=&k&&end&/span&&span class=&p&&)&/span&
&span class=&k&&end&/span&
&/code&&/pre&&/div&&p&问题很明显,饥荒作者使用了旧的表示可变参数表的语法。在5.1以前,你可以使用arg来表示{...}这个表,arg[i]即可用于提取可变参数中的第i项。但是后来这个语法就被默认弃用掉了,仅保留一个宏可以开启这个兼容。LuaJIT则完全不兼容这个写法,通过仔细查看代码,它甚至删除了实现arg兼容所占用的mask bit而将这个bit用在了其他地方。&/p&&p&当时分析到这的时候,我觉得直接要求用户修改这个文件也不是什么难事,毕竟添加如下一行就可以解决问题:&/p&&div class=&highlight&&&pre&&code class=&language-lua&&&span&&/span&&span class=&kd&&local&/span& &span class=&n&&arg&/span& &span class=&o&&=&/span& &span class=&p&&{&/span&&span class=&o&&...&/span&&span class=&p&&}&/span&
&/code&&/pre&&/div&&p&于是我写好了详细的说明,将程序及源码发布在了Github上,并且在贴吧开了贴收集用户反馈。&br&&/p&&br&&p&&b&0x08 冒烟的补丁&/b&&/p&&p&第一波的反馈喜忧参半,可喜的是有部分用户能成功安装补丁,并且说确实有明显的效果,特别是针对Shipwrecked DLC加上大量Mods,忧的是仍然有大量不能正确启动的bug,报错也是千奇百怪,甚至有大量连游戏本身启动什么也没看到就闪退的问题。&/p&&p&对我冲击比较大的是,修改源代码文件这个要求对于普通用户来说实在是太难了。很多用户找不到文件,不知道用什么工具打开,看不懂英文因而无从下手,打了中文标点也浑然不知。而且很多第三方MOD里也用了这个旧的arg语法,要想举一反三,从我给出的修改mods.lua的方案直接得出修正第三方mod中相应语法问题的玩家非常少——毕竟贴吧以娱乐为主,不像知乎会有很多程序员。这很难办。&/p&&p&怎么办呢,只能自己把这个兼容性补丁做了。&/p&&p&在研究了一下午luajit parser之后,我放弃了按照lua源码中相同的设计添加兼容的思路。一方面如上所述,没有可用的mask bit,想要跑起来需要增加对应FLAG变量的位宽;另一方面lua源码中这个功能是在VM中解释时实现的,而luajit没有解释器,它直接跑的是原生指令。而想看明白JIT COMPILER的实现机制并且从中精准地插入这个功能并非易事。&/p&&p&不过又看了一下午parser之后,发现其实还有一个简单的办法。那就是在检测到当前编译的函数是可变参数的时候,动态插入一句local arg = {...}。这样的话有两种做法:&/p&&p&1、检测源文件文本,作一个简单的处理,定位到函数定义的地方,然后插入一行。&/p&&p&2、直接在AST生成的时候插入语法结点。&/p&&p&方法1的难度是比较低的,但是也需要稍微作一点解析工作,比如把注释,字符串跳过,检测函数定义的语句之类的。比较容易想不周全而出错。&/p&&p&要想想周全,就得搞个简单的parser。直接按方法2借用luajit自己的parser是最好的选择。为了使探索更有目的,我编写了这样的一个函数:&/p&&div class=&highlight&&&pre&&code class=&language-lua&&&span&&/span&&span class=&k&&function&/span& &span class=&nf&&test&/span&&span class=&p&&(&/span&&span class=&o&&...&/span&&span class=&p&&)&/span& &span class=&kd&&local&/span& &span class=&n&&arg&/span& &span class=&o&&=&/span& &span class=&p&&{&/span& &span class=&o&&...&/span& &span class=&p&&}&/span& &span class=&k&&end&/span&
&/code&&/pre&&/div&&p&然后跑起luajit来看看local arg = { ... }这句话究竟都会走哪些路径来生成AST。调试了一个小时之后,终于搞出来了。&/p&&p&打开lj_parse.c,定位到:&/p&&div class=&highlight&&&pre&&code class=&language-c&&&span&&/span&&span class=&k&&static&/span& &span class=&kt&&void&/span& &span class=&nf&&parse_chunk&/span&&span class=&p&&(&/span&&span class=&n&&LexState&/span& &span class=&o&&*&/span&&span class=&n&&ls&/span&&span class=&p&&)&/span&
&span class=&p&&{&/span&
&span class=&kt&&int&/span& &span class=&n&&islast&/span& &span class=&o&&=&/span& &span class=&mi&&0&/span&&span class=&p&&;&/span&
&span class=&n&&synlevel_begin&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&);&/span&
&span class=&n&&add_argstmt&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&);&/span& &span class=&c1&&// HERE!!!!!&/span&
&span class=&k&&while&/span& &span class=&p&&(&/span&&span class=&o&&!&/span&&span class=&n&&islast&/span& &span class=&o&&&&&/span& &span class=&o&&!&/span&&span class=&n&&parse_isend&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&tok&/span&&span class=&p&&))&/span& &span class=&p&&{&/span&
&span class=&n&&islast&/span& &span class=&o&&=&/span& &span class=&n&&parse_stmt&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&);&/span&
&span class=&n&&lex_opt&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&,&/span& &span class=&sc&&';'&/span&&span class=&p&&);&/span&
&span class=&n&&lua_assert&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&framesize&/span& &span class=&o&&&=&/span& &span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&freereg&/span& &span class=&o&&&&&/span&
&span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&freereg&/span& &span class=&o&&&=&/span& &span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&nactvar&/span&&span class=&p&&);&/span&
&span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&freereg&/span& &span class=&o&&=&/span& &span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&nactvar&/span&&span class=&p&&;&/span&
&span class=&cm&&/* Free registers after each stmt. */&/span&
&span class=&p&&}&/span&
&span class=&n&&synlevel_end&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&);&/span&
&span class=&p&&}&/span&
&/code&&/pre&&/div&&p&在标记处加一行调用add_argstmt的语句,然后编写这个函数:&/p&&div class=&highlight&&&pre&&code class=&language-c&&&span&&/span&&span class=&k&&static&/span& &span class=&kt&&void&/span& &span class=&nf&&add_argstmt&/span&&span class=&p&&(&/span&&span class=&n&&LexState&/span&&span class=&o&&*&/span& &span class=&n&&ls&/span&&span class=&p&&)&/span&
&span class=&p&&{&/span&
&span class=&n&&ExpDesc&/span& &span class=&n&&e&/span&&span class=&p&&;&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&flags&/span& &span class=&o&&&&/span& &span class=&n&&PROTO_VARARG&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&n&&var_new_lit&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&,&/span& &span class=&mi&&0&/span&&span class=&p&&,&/span& &span class=&s&&&arg&&/span&&span class=&p&&);&/span&
&span class=&c1&&// nexps = expr_list(ls, &e);&/span&
&span class=&p&&{&/span&
&span class=&n&&synlevel_begin&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&);&/span&
&span class=&c1&&// expr_unop(ls, &e);&/span&
&span class=&p&&{&/span&
&span class=&c1&&// expr_simple(ls, v);&/span&
&span class=&p&&{&/span&
&span class=&c1&&// expr_table(ls, v);&/span&
&span class=&p&&{&/span&
&span class=&n&&ExpDesc&/span& &span class=&n&&key&/span&&span class=&p&&,&/span& &span class=&n&&val&/span&&span class=&p&&;&/span&
&span class=&n&&FuncState&/span& &span class=&o&&*&/span&&span class=&n&&fs&/span& &span class=&o&&=&/span& &span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&fs&/span&&span class=&p&&;&/span&
&span class=&n&&BCLine&/span& &span class=&n&&line&/span& &span class=&o&&=&/span& &span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&linenumber&/span&&span class=&p&&;&/span&
&span class=&n&&BCInsLine&/span& &span class=&o&&*&/span&&span class=&n&&ilp&/span&&span class=&p&&;&/span&
&span class=&n&&BCIns&/span& &span class=&o&&*&/span&&span class=&n&&ip&/span&&span class=&p&&;&/span&
&span class=&n&&ExpDesc&/span& &span class=&n&&en&/span&&span class=&p&&;&/span&
&span class=&n&&BCReg&/span& &span class=&n&&base&/span&&span class=&p&&;&/span&
&span class=&n&&GCtab&/span& &span class=&o&&*&/span&&span class=&n&&t&/span& &span class=&o&&=&/span& &span class=&nb&&NULL&/span&&span class=&p&&;&/span&
&span class=&kt&&int&/span& &span class=&n&&vcall&/span& &span class=&o&&=&/span& &span class=&mi&&0&/span&&span class=&p&&,&/span& &span class=&n&&needarr&/span& &span class=&o&&=&/span& &span class=&mi&&0&/span&&span class=&p&&,&/span& &span class=&n&&fixt&/span& &span class=&o&&=&/span& &span class=&mi&&0&/span&&span class=&p&&;&/span&
&span class=&kt&&uint32_t&/span& &span class=&n&&narr&/span& &span class=&o&&=&/span& &span class=&mi&&1&/span&&span class=&p&&;&/span&
&span class=&cm&&/* First array index. */&/span&
&span class=&kt&&uint32_t&/span& &span class=&n&&nhash&/span& &span class=&o&&=&/span& &span class=&mi&&0&/span&&span class=&p&&;&/span&
&span class=&cm&&/* Number of hash entries. */&/span&
&span class=&n&&BCReg&/span& &span class=&n&&freg&/span& &span class=&o&&=&/span& &span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&freereg&/span&&span class=&p&&;&/span&
&span class=&n&&BCPos&/span& &span class=&n&&pc&/span& &span class=&o&&=&/span& &span class=&n&&bcemit_AD&/span&&span class=&p&&(&/span&&span class=&n&&fs&/span&&span class=&p&&,&/span& &span class=&n&&BC_TNEW&/span&&span class=&p&&,&/span& &span class=&n&&freg&/span&&span class=&p&&,&/span& &span class=&mi&&0&/span&&span class=&p&&);&/span&
&span class=&n&&expr_init&/span&&span class=&p&&(&/span&&span class=&o&&&&/span&&span class=&n&&e&/span&&span class=&p&&,&/span& &span class=&n&&VNONRELOC&/span&&span class=&p&&,&/span& &span class=&n&&freg&/span&&span class=&p&&);&/span&
&span class=&n&&bcreg_reserve&/span&&span class=&p&&(&/span&&span class=&n&&fs&/span&&span class=&p&&,&/span& &span class=&mi&&1&/span&&span class=&p&&);&/span&
&span class=&n&&freg&/span&&span class=&o&&++&/span&&span class=&p&&;&/span&
&span class=&n&&vcall&/span& &span class=&o&&=&/span& &span class=&mi&&0&/span&&span class=&p&&;&/span&
&span class=&n&&expr_init&/span&&span class=&p&&(&/span&&span class=&o&&&&/span&&span class=&n&&key&/span&&span class=&p&&,&/span& &span class=&n&&VKNUM&/span&&span class=&p&&,&/span& &span class=&mi&&0&/span&&span class=&p&&);&/span&
&span class=&n&&setintV&/span&&span class=&p&&(&/span&&span class=&o&&&&/span&&span class=&n&&key&/span&&span class=&p&&.&/span&&span class=&n&&u&/span&&span class=&p&&.&/span&&span class=&n&&nval&/span&&span class=&p&&,&/span& &span class=&p&&(&/span&&span class=&kt&&int&/span&&span class=&p&&)&/span&&span class=&n&&narr&/span&&span class=&p&&);&/span&
&span class=&n&&narr&/span&&span class=&o&&++&/span&&span class=&p&&;&/span&
&span class=&n&&needarr&/span& &span class=&o&&=&/span& &span class=&n&&vcall&/span& &span class=&o&&=&/span& &span class=&mi&&1&/span&&span class=&p&&;&/span&
&span class=&c1&&// expr(ls, &val);&/span&
&span class=&p&&{&/span&
&span class=&n&&checkcond&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&,&/span& &span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&flags&/span& &span class=&o&&&&/span& &span class=&n&&PROTO_VARARG&/span&&span class=&p&&,&/span& &span class=&n&&LJ_ERR_XDOTS&/span&&span class=&p&&);&/span&
&span class=&n&&bcreg_reserve&/span&&span class=&p&&(&/span&&span class=&n&&fs&/span&&span class=&p&&,&/span& &span class=&mi&&1&/span&&span class=&p&&);&/span&
&span class=&n&&base&/span& &span class=&o&&=&/span& &span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&freereg&/span&&span class=&o&&-&/span&&span class=&mi&&1&/span&&span class=&p&&;&/span&
&span class=&n&&expr_init&/span&&span class=&p&&(&/span&&span class=&o&&&&/span&&span class=&n&&val&/span&&span class=&p&&,&/span& &span class=&n&&VCALL&/span&&span class=&p&&,&/span& &span class=&n&&bcemit_ABC&/span&&span class=&p&&(&/span&&span class=&n&&fs&/span&&span class=&p&&,&/span& &span class=&n&&BC_VARG&/span&&span class=&p&&,&/span& &span class=&n&&base&/span&&span class=&p&&,&/span& &span class=&mi&&2&/span&&span class=&p&&,&/span& &span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&numparams&/span&&span class=&p&&));&/span&
&span class=&n&&val&/span&&span class=&p&&.&/span&&span class=&n&&u&/span&&span class=&p&&.&/span&&span class=&n&&s&/span&&span class=&p&&.&/span&&span class=&n&&aux&/span& &span class=&o&&=&/span& &span class=&n&&base&/span&&span class=&p&&;&/span&
&span class=&p&&}&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&expr_isk&/span&&span class=&p&&(&/span&&span class=&o&&&&/span&&span class=&n&&key&/span&&span class=&p&&))&/span& &span class=&n&&expr_index&/span&&span class=&p&&(&/span&&span class=&n&&fs&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&e&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&key&/span&&span class=&p&&);&/span&
&span class=&n&&bcemit_store&/span&&span class=&p&&(&/span&&span class=&n&&fs&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&e&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&val&/span&&span class=&p&&);&/span&
&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&freereg&/span& &span class=&o&&=&/span& &span class=&n&&freg&/span&&span class=&p&&;&/span&
&span class=&n&&ilp&/span& &span class=&o&&=&/span& &span class=&o&&&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&bcbase&/span&&span class=&p&&[&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&pc&/span&&span class=&o&&-&/span&&span class=&mi&&1&/span&&span class=&p&&];&/span&
&span class=&n&&expr_init&/span&&span class=&p&&(&/span&&span class=&o&&&&/span&&span class=&n&&en&/span&&span class=&p&&,&/span& &span class=&n&&VKNUM&/span&&span class=&p&&,&/span& &span class=&mi&&0&/span&&span class=&p&&);&/span&
&span class=&n&&en&/span&&span class=&p&&.&/span&&span class=&n&&u&/span&&span class=&p&&.&/span&&span class=&n&&nval&/span&&span class=&p&&.&/span&&span class=&n&&u32&/span&&span class=&p&&.&/span&&span class=&n&&lo&/span& &span class=&o&&=&/span& &span class=&n&&narr&/span&&span class=&o&&-&/span&&span class=&mi&&1&/span&&span class=&p&&;&/span&
&span class=&n&&en&/span&&span class=&p&&.&/span&&span class=&n&&u&/span&&span class=&p&&.&/span&&span class=&n&&nval&/span&&span class=&p&&.&/span&&span class=&n&&u32&/span&&span class=&p&&.&/span&&span class=&n&&hi&/span& &span class=&o&&=&/span& &span class=&mh&&0x&/span&&span class=&p&&;&/span&
&span class=&cm&&/* Biased integer to avoid denormals. */&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&narr&/span& &span class=&o&&&&/span& &span class=&mi&&256&/span&&span class=&p&&)&/span& &span class=&p&&{&/span& &span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&pc&/span&&span class=&o&&--&/span&&span class=&p&&;&/span& &span class=&n&&ilp&/span&&span class=&o&&--&/span&&span class=&p&&;&/span& &span class=&p&&}&/span&
&span class=&n&&ilp&/span&&span class=&o&&-&&/span&&span class=&n&&ins&/span& &span class=&o&&=&/span& &span class=&n&&BCINS_AD&/span&&span class=&p&&(&/span&&span class=&n&&BC_TSETM&/span&&span class=&p&&,&/span& &span class=&n&&freg&/span&&span class=&p&&,&/span& &span class=&n&&const_num&/span&&span class=&p&&(&/span&&span class=&n&&fs&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&en&/span&&span class=&p&&));&/span&
&span class=&n&&setbc_b&/span&&span class=&p&&(&/span&&span class=&o&&&&/span&&span class=&n&&ilp&/span&&span class=&p&&[&/span&&span class=&o&&-&/span&&span class=&mi&&1&/span&&span class=&p&&].&/span&&span class=&n&&ins&/span&&span class=&p&&,&/span& &span class=&mi&&0&/span&&span class=&p&&);&/span&
&span class=&n&&e&/span&&span class=&p&&.&/span&&span class=&n&&k&/span& &span class=&o&&=&/span& &span class=&n&&VNONRELOC&/span&&span class=&p&&;&/span&
&span class=&cm&&/* May have been changed by expr_index. */&/span&
&span class=&n&&ip&/span& &span class=&o&&=&/span& &span class=&o&&&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&bcbase&/span&&span class=&p&&[&/span&&span class=&n&&pc&/span&&span class=&p&&].&/span&&span class=&n&&ins&/span&&span class=&p&&;&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&o&&!&/span&&span class=&n&&needarr&/span&&span class=&p&&)&/span& &span class=&n&&narr&/span& &span class=&o&&=&/span& &span class=&mi&&0&/span&&span class=&p&&;&/span&
&span class=&k&&else&/span& &span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&narr&/span& &span class=&o&&&&/span& &span class=&mi&&3&/span&&span class=&p&&)&/span& &span class=&n&&narr&/span& &span class=&o&&=&/span& &span class=&mi&&3&/span&&span class=&p&&;&/span&
&span class=&k&&else&/span& &span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&narr&/span& &span class=&o&&&&/span& &span class=&mh&&0x7ff&/span&&span class=&p&&)&/span& &span class=&n&&narr&/span& &span class=&o&&=&/span& &span class=&mh&&0x7ff&/span&&span class=&p&&;&/span&
&span class=&n&&setbc_d&/span&&span class=&p&&(&/span&&span class=&n&&ip&/span&&span class=&p&&,&/span& &span class=&n&&narr&/span&&span class=&o&&|&/span&&span class=&p&&(&/span&&span class=&n&&hsize2hbits&/span&&span class=&p&&(&/span&&span class=&n&&nhash&/span&&span class=&p&&)&/span&&span class=&o&&&&&/span&&span class=&mi&&11&/span&&span class=&p&&));&/span&
&span class=&p&&}&/span&
&span class=&p&&}&/span&
&span class=&p&&}&/span&
&span class=&n&&synlevel_end&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&);&/span&
&span class=&p&&}&/span&
&span class=&n&&assign_adjust&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&,&/span& &span class=&mi&&1&/span&&span class=&p&&,&/span& &span class=&mi&&1&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&e&/span&&span class=&p&&);&/span&
&span class=&n&&var_add&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&spa}
饥荒 各版本存档位置详解及替换存档方法
14:14:06 来源:饥荒游戏吧 作者:LC_1992
第1页:原版
《饥荒》这款游戏很多玩家想下载其他玩家的存档进行使用,可是因为无法找到存档位置而有些苦恼,下面小编就为大家介绍一下各版本的存档位置,以及存档替换的方法,希望对各位玩家有所帮助。
本文正确使用流程:
阅读并理解概念
进行准备工作(确保存档存在)
确定你的游戏版本,根据你的游戏版本,阅读本人提供的对应方法,并进行操作。如果成功找到存档,那么恭喜。
如果失败,请尝试另一个版本的对应方法,如果成功,说明你版本判定错误了。不过还是恭喜。如果还是失败,请尝试方法Ⅹ,如果成功。。恭喜
如果还是失败,请查看关于方法Ⅹ的补充说明
首先,说明几点概念,请认真阅读,否则如果出现各种无意义问题,别怪本人语气强烈。
1.原版
此版本由英文原版破解后制成,没有其他改动(无汉化),是最接近原版的版本。
2.游民星空免安装中文硬盘版
由游民星空免安装中文硬盘版网站制作的版本,汉化质量可以接受,是广为流传的饥荒版本。
最新版下载页面:
3.其他版本
由各种其他途径获取的饥荒游戏。比如从各种【游戏盒子】【软件管家】【下载站】等,版本非常混乱不堪,有些是由游民星空免安装中文硬盘的旧版本修改而成,有些则是一些小厂商自行封装而成。
强烈不推荐使用。此类饥荒的存档位置也是最难找的。
非常重要!
也是本人一直非常无语的一个地方。找存档位置、你得先有存档可找吧?
那你是不是得先运行下游戏建个档?
就无数人说找不到档,要不就是根本没运行过游戏,那当然哪个路径都不存在了;要不就是运行了游戏但是没有开始个新游戏、那样你就算找到了存档位置,它不也是空的嘛!对于这类人,本人只想说。请让你的脑子继续飞翔吧思密达!所以。开始下面的步骤前,先运行饥荒游戏,并点开始游戏,新建个世界,玩一会儿,按esc,点【保存退出】,退出游戏,再开始找存档位置。
(如果你确定你已经有旧存档存在了,此步可忽略)
准备完毕后,请对号入座:
如果你的饥荒版本是原版:请使用方法Ⅰ
如果你的饥荒版本是游民星空免安装中文硬盘版:请使用方法Ⅱ
如果你的饥荒版本是其他版本:本人首先建议你,换用以上两种游戏版本之一。
如果执意要用其他版本进行游戏,请使用方法Ⅹ。
如果你看到本文这个位置,还不能分辨你的饥荒游戏版本,那么你可以:
1.返回开头重新阅读、
2.自行绕开本文之后的内容、
既不愿意1也不愿意2,那你可以选择3:无脑依次按文章顺序进行本人的演示的操作。说不定也能找到、、
适用于原版
由于Win7 Win8 XP操作方法都基本大同小异,所以仅以Win7为例说明。
1.双击桌面的计算机图标。
2.在下面找到你的操作系统,选中对应的下面那一行路径,并右键复制。
%Userprofile%\My Documents\Klei\DoNotStarve\save
%Userprofile%\Documents\Klei\DoNotStarve\save
3.复制完成后,在下图【红色箭头】处点一下【左键】,再点一下【右键】选择【粘贴】:
4.完成后,效果如下图:
这时候,这时候,麻烦你们。直接回车,不要手贱点搜索
至此,存档位置就在你眼前了。
《饥荒》巨人的统治精华文章推荐
《饥荒》联机版精华文章推荐
更多相关内容请关注:
责任编辑:Shy夏夏
友情提示:支持键盘左右键“← →”翻页
本文是否解决了您的问题
文章内容导航
第1页:原版
用手机访问
扫一扫,手机浏览
相关攻略:
游戏制作:Klei Entertainment
游戏发行:Klei Entertainment
游戏平台:PC/PS4/PS Vita
上市时间:
单机游戏下载
综合热点资讯
游民星空联运游戏> 饥荒应用程序无法正常启动,重装了好几次,每次一打开就会跳出来,我是在快玩里面下的,现在玩不了,怎么办啊,求大神!
补充:有图有真相,这怎莫办? 满意答案
http://pan.baidu.com/s/1hqiTP5a 我网盘有最新版,你可以看看
发表我的评论打开word文档文件后在文中的内容一点鼠标总是跳到第一页第一行的处理办法_百度文库
两大类热门资源免费畅读
续费一年阅读会员,立省24元!
打开word文档文件后在文中的内容一点鼠标总是跳到第一页第一行的处理办法
长江大学教师|
总评分4.3|
浏览量49877
用知识赚钱
阅读已结束,下载文档到电脑
想免费下载更多文档?
定制HR最喜欢的简历
你可能喜欢额,搜到了这个问题,我就随便答一下吧,下面都是我的猜测,正确与否自行判断。&br&&br&&b&一、用的什么引擎?&/b&&br&不知道,推测可能是cocos-2d或者他们自己写的一个框架。&br&&br&&ul&&li&Don't Starve 用&a href=&//link.zhihu.com/?target=http%3A//www.fmod.org/& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&FMOD&i class=&icon-external&&&/i&&/a&来处理声音,在data\sound\目录下的文件可以用fmod_eventplayer.exe这个程序来编辑。&/li&&li&Don't Starve 的图片好像是用类似PVR格式的纹理加载的。数据目录下面所有后缀是*.tex的就是纹理文件。每一个纹理还有一个同名的xml文件来描述资源。这些纹理可以用Don't Starve 的TEXTools程序查看,用&a href=&//link.zhihu.com/?target=https%3A//github.com/nsimplex/ktools& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&nsimplex/ktools · GitHub&i class=&icon-external&&&/i&&/a&和png格式的图片相互转换。&/li&&li&Don't Starve 的动画文件用&a href=&//link.zhihu.com/?target=http%3A//www.brashmonkey.com/& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&Spriter 2D sprite animation character creation software.&i class=&icon-external&&&/i&&/a&制作。可以用Don't Starve Mod Tools 工具将Spriter的动画文件弄成Don't Starve 能载入的动画文件。Don't Starve 的动画文件本质上包括三部分,一个anim.bin的二进制文件用来描述动画,多个atlas-xxx.tex的纹理文件用来放置动画需要的文件,bulid.bin承担描述纹理文件的作用。之后将这些文件压缩成zip文件,主要提高加载速度。用上面提到的ktools可以将饥荒的动画文件转换成Spriter能编辑的格式。不过anim.bin,bulid.bin,atlas-xxx.tex,这些文件不一定每个动画文件都有,比如那些角色共用一套anim.bin动画文件,每个角色只是纹理换了一下。所以用ktools转换不成功时,注意分析这些动画的依赖关系,把对应的打包成zip,就行了。&/li&&/ul&因为上面所说的都在cocos-2d里面都有用到,所以我才推测它是cocos-2d的。 &br&--------------------------------------------------------------&br&&b&二、怎么组织的游戏世界?&/b&&br&我几个月前翻译过国外的一篇介绍游戏世界的生成方式的文章,在这里&a href=&//link.zhihu.com/?target=http%3A//blog.csdn.net/czfblog/article/details/& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&【饥荒】关于随机地图生成的方式&i class=&icon-external&&&/i&&/a&。BTW,这个博客里还有几篇关于饥荒的,有兴趣可以看一下。&br&&br&&ul&&li&Don't Starve使用&a href=&//link.zhihu.com/?target=http%3A//www.mapeditor.org/& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&Tiled Map Editor&i class=&icon-external&&&/i&&/a& 来编辑地图块,Tiled是开源的哟。Don't Starve的地图是随机生成的,但是也有一些内在联系,比如pigking只会出现在森林边上,而且每一个pigking周围都有四个sanityrock(好像是叫这个?),这些东东的位置就是用Tiled编辑出来的,此外还有一大堆,在Static Layouts目录下。&br&&/li&&li&一个Room有多个Static Layouts&/li&&li&一个Task有多个Room,还有几个key,lock。&/li&&li&生成地图就把对应的key和lock拼接起来,可以保证地图的连贯性。&/li&&/ul&-------------------------------------------------------------------------&br&&br&&b&三、&/b&&b&反正就是&/b&&b&详细一点的吧。&/b&&br&要详细的话我就随便写写,想到那写那。&br&&br&&b&1.面向对象&/b&&br&Don't Starve 主要用Lua脚本实现游戏逻辑,大体上,饥荒的Lua部分采用面向对象的编程范式,在class.lua文件里用lua metatable实现了一套面向对象的系统,可实现类的继承。&br&在饥荒里基本上每一个类都由一个独立的脚本文件定义,这些个脚本文件大体结构如下:&br&&div class=&highlight&&&pre&&code class=&language-lua&&&span class=&nb&&require&/span& &span class=&s2&&&&/span&&span class=&s&&class&&/span& &span class=&c1&&--载入class文件&/span&
&span class=&kd&&local&/span& &span class=&n&&baseclass&/span&&span class=&o&&=&/span&&span class=&nb&&require&/span& &span class=&s2&&&&/span&&span class=&s&&baseclass&&/span&
&span class=&c1&&--基类,有时没有&/span&
&span class=&c1&&--这里可以载入其他的东东&/span&
&span class=&c1&&--创建继承基类的子类&/span&
&span class=&c1&&--为了不污染全局变量域,使用local关键字&/span&
&span class=&c1&&--没有基类时,这样写:&/span&
&span class=&c1&&--~local childclass=Class(function (self,...)&/span&
&span class=&kd&&local&/span& &span class=&n&&childclass&/span&&span class=&o&&=&/span&&span class=&n&&Class&/span&&span class=&p&&(&/span&&span class=&n&&baseclass&/span&&span class=&p&&,&/span&&span class=&k&&function&/span& &span class=&p&&(&/span&&span class=&n&&self&/span&&span class=&p&&,&/span&&span class=&o&&...&/span&&span class=&p&&)&/span&
&span class=&n&&self&/span&&span class=&p&&.&/span&&span class=&n&&value&/span&&span class=&o&&=&/span&&span class=&mi&&0&/span&
&span class=&c1&&--属性&/span&
&span class=&c1&&--初始化函数内容&/span&
&span class=&k&&end&/span&&span class=&p&&)&/span&
&span class=&c1&&--方法&/span&
&span class=&k&&function&/span& &span class=&nf&&childclass&/span&&span class=&p&&:&/span&&span class=&n&&fn&/span&&span class=&p&&(&/span&&span class=&o&&...&/span&&span class=&p&&)&/span&
&span class=&k&&end&/span&
&span class=&c1&&--因为使用了local,所以要返回,其他文件才能接收到&/span&
&span class=&k&&return&/span& &span class=&n&&childclass&/span&
&/code&&/pre&&/div&如果你了解了饥荒时如何实现面向对象的,看饥荒的源码就可以很快速的理解了。&br&&br&&b&2.代码与资源分布&/b&&br&下面列出了饥荒中各个文件或文件夹的作用:&br&(以*结尾的,该文件夹里就是一堆上面所说的类)&br&&div class=&highlight&&&pre&&code class=&language-bash&&├─bin
二进制程序文件
├─data 数据目录
├─bigportraits
人物肖像纹理
好像是用来放置于天气相关纹理的
├─images
主要纹理放置目录
├─levels
放置地皮纹理
├─minimap
├─models
未知,猜测与洞穴有关
├─scriptlibs
一些用lua实现的库,用来网络通信与json字符串处理
├─scripts
主要的lua脚本目录
├─behaviours
├─brains
├─cameras
相机,用来控制玩家所能看到的视野*
├─components
组件,一组通用的,用来描述物品的代码*
├─languages
语言文件,国际化用的
地图相关代码*
├─levels
世界模式,有生存,冒险,洞穴等等
├─static_layouts
Tasks,上面那些具体去看博客
卖萌用的,直接在命令行运行,有只会动的大象^.^
├─prefabs
定义世界里所有的物品
├─scenarios
场景,也就是贴吧所说的彩蛋
├─screens
├─stategraphs
状态机或状态图,用来和AI一起控制动物(和植物?)的运动
└─widgets
界面小部件(按钮,文本框etc.)*
├─shaders
└─mods 插件放置目录
&/code&&/pre&&/div&此外,data文件里还有DLC0001目录,这个目录来放置DLC版本的文件,结构和data目录一样。&br&&br&&br&&br&&br&&br&下面就一大堆网址:&br&&a href=&//link.zhihu.com/?target=https%3A//github.com/kleientertainment/ds_mod_tools& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&kleientertainment/ds_mod_tools · GitHub&i class=&icon-external&&&/i&&/a& 游戏官方发布的mod工具,拿来自动转换纹理和动画,在win和ubuntu下编译成功。&br&&a href=&//link.zhihu.com/?target=https%3A//github.com/nsimplex/ktools& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&nsimplex/ktools · GitHub&i class=&icon-external&&&/i&&/a& Ktools 工具,可以把tex纹理和png图片相互转换。还可以转换动画文件。&br&&a href=&//link.zhihu.com/?target=https%3A//github.com/nsimplex/wicker& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&nsimplex/wicker · GitHub&i class=&icon-external&&&/i&&/a& 一个饥荒Mod框架。&br&&a href=&//link.zhihu.com/?target=https%3A//github.com/debugman18/UpAndAway& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&debugman18/UpAndAway · GitHub&i class=&icon-external&&&/i&&/a& 一个大型饥荒Mod《天堂》,利用上面的wicker写的。&br&&a href=&//link.zhihu.com/?target=https%3A//github.com/jkolokotronis/dsmods& class=& wrap external& target=&_blank& rel=&nofollow noreferrer&&jkolokotronis/dsmods · GitHub&i class=&icon-external&&&/i&&/a&
还是一个大型mod《黑夜英雄》,不过真的有点大,400多M,翻下墙再去克隆。
额,搜到了这个问题,我就随便答一下吧,下面都是我的猜测,正确与否自行判断。 一、用的什么引擎? 不知道,推测可能是cocos-2d或者他们自己写的一个框架。 Don't Starve 用来处理声音,在data\sound\目录下的文件可以用fmod_eventplayer.exe这个程序…
&figure&&img src=&https://pic3.zhimg.com/1655feb05cd5d744ab663bd_b.jpg& data-rawwidth=&1920& data-rawheight=&1080& class=&origin_image zh-lightbox-thumb& width=&1920& data-original=&https://pic3.zhimg.com/1655feb05cd5d744ab663bd_r.jpg&&&/figure&新写一篇文章,以纪念在制作和调试饥荒游戏LuaJIT桥接PATCH中探过的雷区。&p&本文大体已经更新完结,如有新的内容会及时补充。&br&&/p&&p&关于饥荒游戏的介绍,直接看这个答案好了:&a href=&https://www.zhihu.com/question/& class=&internal&&&span class=&invisible&&https://www.&/span&&span class=&visible&&zhihu.com/question/2128&/span&&span class=&invisible&&2202&/span&&span class=&ellipsis&&&/span&&/a&&/p&&p&关于本插件的详细介绍,下载及源码请点击:&a href=&http://link.zhihu.com/?target=https%3A//paintdream.github.io/DontStarveLuaJIT/& class=& external& target=&_blank& rel=&nofollow noreferrer&&&span class=&invisible&&https://&/span&&span class=&visible&&paintdream.github.io/Do&/span&&span class=&invisible&&ntStarveLuaJIT/&/span&&span class=&ellipsis&&&/span&&/a&&/p&&p&本文所用到的软件:OllyDBG 2.01、Microsoft Visual C++ 2008&/p&&br&&p&-----------------------------------------我是分割线------------------------------------------------&/p&&p&&b&0x00 神船搁浅&/b&&/p&&p&我要给饥荒写PATCH,并不是一个刚开始就计划好的事情。饥荒发布于Steam平台并且添加了创意工坊,里面有很多好的、差的、能用的、不能用的、原创的以及抄的Mods,大部分都维护得很好,开游戏时连存档带MOD设置都会被云同步更新,几乎可以是完美了。&/p&&p&然而唯一的美中不足似乎是:这游戏居然很吃配置。N年前买的神船竟然会在玩久了之后就会时不时顿卡,以至于到后来居然越来越卡了。虽然i7-3610QM+GT650M在现在看来也比较渣,但是至少跑跑dota2中配都还很流畅,也不至于在饥荒上惨成这样。&/p&&p&打开任务管理器瞄一眼,发现情况还是很有意思的。在卡顿的时候,CPU只有两个核心满载运行,其余都在打酱油——通过暂停-恢复的办法观察CPU占用率,可以得出结论,CPU0是负责渲染的线程,CPU6是负责脚本逻辑的线程。&/p&&p&&figure&&img src=&http://pic2.zhimg.com/e61b23a34abda57c9dfb88c_b.png& data-rawheight=&519& data-rawwidth=&345& class=&content_image& width=&345&&&/figure&卡顿是来自于两方面的,一方面如果绘制的对象较多,机器就会明显开始变卡。这时CPU0的使用率会明显下降,说明有大量绘制指令阻塞了渲染管线,导致绘制线程长期处于等待渲染完成的阻塞状态。同时用户的输入反馈也会被明显阻滞,推测读取用户输入的相关代码也是在这个线程中执行的(饥荒使用了DirectInput来读取键盘操作)。饥荒本身这种哥特式的画风,使用一些预制的纹理搞搞Billboard贴图就可以做出伪2D的画面效果了,渲染本身压力应该不算大。但是考虑到ES版本低的限制用不了Instanced Draw,很可能是每个对象都对应一个draw call,并且每个对象绘制时都重复提交了大量数据,导致带宽用尽。不过这方面我现在还没有做仔细的研究,仅仅是猜测而已。&/p&&p&另一方面如果脚本的逻辑过于复杂,也会明显变卡。这时CPU6将会被占满,而由于逻辑帧与渲染帧同步的关系,CPU0的占用率会变低。这方面的问题相对来说比较严重,因为为了好玩大家都会加载很多MODs,Shipwrecked DLC新增加的游戏特性也非常吃CPU,导致大家在玩这个DLC时感受到的卡顿远远比原版或者Reign of Giants DLC时要明显得多。因此在很多论坛上大家解决这个卡顿的办法只有——别开那么多MOD,换个好点的电脑。&/p&&p&本文尝试解决的是脚本逻辑引起的卡顿。&/p&&p&&b&0x01 积重难返&/b&&br&&/p&&p&好消息是饥荒使用了我比较熟悉的lua 5.1.4作为脚本引擎(但是实际上我更希望看到的是lua 5.3),并且随游戏附送了所有的lua脚本(大约18万行,不算DLC),所有的逻辑都是在脚本中实现的。&/p&&p&研究了几个小时后发现,作者似乎仅仅是把它当作一个工具来用,没有专门在lua特性上下功夫。为了写起来更方便和熟悉,当需要异步操作时,大部分的需求都是通过C层面支持的时钟回调(往往配合全局任务队列)来完成的。这个设计也给我造成了麻烦,因为它会使原本完整的逻辑从中断开,调试时打印调用堆栈就只能看到当前事件触发后的逻辑。&/p&&p&那么,为什么不用coroutine呢?我搜了下源码,有三个地方对coroutine进行了封装,其中两个是有关网络的第三方库,主要负责发邮件之类的工作 ,和游戏逻辑没什么关系。唯一用到的就是调度器添加任务的时候,为每一个新任务创建一个coroutine,然后调度的时候枚举所有任务一个个执行。&/p&&p&然而,这个coroutine似乎仅仅是由来保存一个独立执行栈的——调度器对它的操作仅仅是从队列中取出然后执行完删掉。全部代码中只有9个很少执行到的地方用到了Yield()。个人觉得这个coroutine的用法值得商榷——毕竟coroutine本身还是有一点点开销的,而且绝大多数异步需求还是用回调来完成的。&/p&&p&从lua代码架构上看,这套脚本自己实现了一个简单的类似C++的面向对象框架,模块的封装比较任性,耦合度也有点高,经常会出现在底层框架代码中去加一些代码来控制上层实现逻辑的代码。而它发布的两个DLC并不是在原有代码框架上开发的扩展包,而是直接把代码复制出来进行修改的,估计最初写的时候也没想要有个DLC……&/p&&p&可以看出,游戏本身应该是直接从一个简单的原型一步步迭代上来的,虽然在开发的过程中有过抽象和封装,但是积重难返,大体的结构已经固定,没有什么简单的优化空间了。脚本负责了太重的任务,并行方面做的工作也不多,试图直接优化现有代码对于我来说已经成了死局。&/p&&p&因此把lua引擎替换为LuaJIT已经成了为数不多的可以让程序运行起来不那么卡的选择了。虽然从道理上讲,这也只能算是治标不治本,但是好歹能有的玩啊。&/p&&p&&b&0x02 横生枝节&/b&&/p&&p&但是事情远远没有想的那么简单。我最初以为直接把饥荒可能用到的lua51.dll换成luajit.dll就万事大吉了,然而翻遍了安装目录也没看到lua51.dll库的影子。那么次一点的结果就是LUA被封装在了别的DLL里,由dontstarve_steam.exe启动时加载。然而最终发现lua引擎是直接作为静态库或者源码编译进主程序的,这是最糟糕的结果。&/p&&p&这个麻烦在于,我们知道exe通常不需要导出函数(仔细看了下dontstarve_steam.exe确实没导出),那么如何定位lua api在exe中的位置就成了首要解决的问题。&/p&&p&EXE中lua api的布局和DLL中是完全不一样的:编译器可以剪掉那些没被引用到的函数与常量,也可以重排函数的顺序。想要通过公开的或者凑巧的办法定位到这些函数是不可能的。那么就剩下了三条路:直接改EXE,硬编码与特征码搜索。&/p&&p&直接改EXE或者硬编码相应函数的RVA看起来简单粗暴,但是万一饥荒EXE更新了就得新发布个版本,而且为了得到地址还得手工用特征码先搜索并较正一遍。想了想还是用特征码吧,而且还要尽量做成非侵入式的,这样就可以有效地兼容饥荒自己的更新。&/p&&p&&b&0x03 探针计划&/b&&/p&特征码搜索需要先找到每个函数对应的特征码。为此我的思路是,先编译一份原汁原味的lua 5.1.4的DLL,把LUA API设置为导出,这样就能得到每个API的地址,进而用函数开头的二进制指令作为特征码在EXE中进行搜索。接下来,只需要把搜索到的源地址和名字一一对应起来,然后加载luajit.dll就可以再通过kernel32.dll!GetProcAddress拿到目标地址,通过inline hook将源地址处的执行流导向目标地址。由于这些hooks不需要执行原函数,计算跳板所保留的原函数头部字节数也就没有必要了。&p&不同的编译器生成目标代码时的算法都是很不一样的,甚至就算是同一系列的编译器,随着版本更新也会有不同。那么应该用什么来编译原版lua DLL呢?当然是与饥荒主程序保持一致。OllyDBG告诉我们答案:MSVC9,即Microsoft Visual C++ 2008。&/p&&figure&&img src=&http://pic1.zhimg.com/04da3c510db72fc7afa61b_b.png& data-rawheight=&409& data-rawwidth=&601& class=&origin_image zh-lightbox-thumb& width=&601& data-original=&http://pic1.zhimg.com/04da3c510db72fc7afa61b_r.png&&&/figure&&br&&p&然而在开始编码之前,先要解决的问题是:怎么让我的代码得到执行?&/p&&p&很明显如果想要做非侵入式的Patch,要么额外写一个启动器,要么通过某种技巧让我们的代码在游戏启动时得到执行。官方的MOD机制允许自定义mod在游戏初始化的时候执行lua代码,然而这时候lua引擎已经建立,再替换就晚了,肯定不行。&/p&&p&于是我的目光移动到exe依赖的那些DLL上,看看有什么偷梁换柱的策略。所谓的偷梁换柱就是指,针对目标EXE所依赖的DLL,写一个傀儡DLL,名字和导出函数都和目标DLL一样,然后放在EXE目录中就可以在EXE启动时被加载。加载后再手动用kernel32.dllLoadLibraryA/W加载目标DLL,并把导出的函数都转接到目标DLL中对应的函数里去。早些年一些病毒为了禁用杀毒软件,就在杀毒软件安装目录下放一个假的ws2_32.dll,这样杀毒软件启动时就会崩溃或者被劫持。注意一些系统核心的DLL是不受这个影响的,如kernel32.dll, ntdll.dll等)&/p&&p&饥荒主程序目录下那些DLL大多都是C++写的,导出函数的名字都是经过name decoration的,处理起来会比较麻烦。加之导出函数的数量也很多,有点不划算。&/p&&p&找了半天,最佳的选择是DINPUT8.DLL,这个DLL是DirectInput所需要的。选择它的原因是dontstarve_steam.exe只从其中导入了一个函数DirectInput8Create,用来创建DirectInput的设备对象,由于这个对象是用COM封装的,所以DLL不再需要导出其成员函数,导入表项因此就简洁了很多。还有一个好处,由于它是处于系统目录中的DLL,替换它不需要替换原有的DLL,只需要在EXE目录中放置即可被加载,是完美的非侵入式PATCH的选择。&br&&/p&&figure&&img src=&http://pic2.zhimg.com/3f6fe4799_b.png& data-rawheight=&253& data-rawwidth=&422& class=&origin_image zh-lightbox-thumb& width=&422& data-original=&http://pic2.zhimg.com/3f6fe4799_r.png&&&/figure&&p&如前文所述,你接管了DINPUT8.DLL,那么也就得实现DirectInput8Create这个函数,否则游戏启动时会找不到入口。这个很容易:&br&&/p&&div class=&highlight&&&pre&&code class=&language-c&&&span&&/span&&span class=&k&&typedef&/span& &span class=&nf&&HRESULT&/span&&span class=&p&&(&/span&&span class=&n&&WINAPI&/span& &span class=&o&&*&/span&&span class=&n&&PFNDirectInput8Create&/span&&span class=&p&&)(&/span&&span class=&n&&HINSTANCE&/span& &span class=&n&&hinst&/span&&span class=&p&&,&/span& &span class=&n&&DWORD&/span& &span class=&n&&dwVersion&/span&&span class=&p&&,&/span& &span class=&n&&REFIID&/span& &span class=&n&&riidltf&/span&&span class=&p&&,&/span& &span class=&n&&LPVOID&/span& &span class=&o&&*&/span&&span class=&n&&ppvOut&/span&&span class=&p&&,&/span& &span class=&n&&LPUNKNOWN&/span& &span class=&n&&punkOuter&/span&&span class=&p&&);&/span&
&span class=&k&&static&/span& &span class=&n&&PFNDirectInput8Create&/span& &span class=&n&&pfnDirectInput8Create&/span& &span class=&o&&=&/span& &span class=&nb&&NULL&/span&&span class=&p&&;&/span&
&span class=&n&&HRESULT&/span& &span class=&n&&WINAPI&/span& &span class=&nf&&DirectInput8Create&/span&&span class=&p&&(&/span&&span class=&n&&HINSTANCE&/span& &span class=&n&&hinst&/span&&span class=&p&&,&/span& &span class=&n&&DWORD&/span& &span class=&n&&dwVersion&/span&&span class=&p&&,&/span& &span class=&n&&REFIID&/span& &span class=&n&&riidltf&/span&&span class=&p&&,&/span& &span class=&n&&LPVOID&/span& &span class=&o&&*&/span&&span class=&n&&ppvOut&/span&&span class=&p&&,&/span& &span class=&n&&LPUNKNOWN&/span& &span class=&n&&punkOuter&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&k&&return&/span& &span class=&n&&pfnDirectInput8Create&/span&&span class=&p&&(&/span&&span class=&n&&hinst&/span&&span class=&p&&,&/span& &span class=&n&&dwVersion&/span&&span class=&p&&,&/span& &span class=&n&&riidltf&/span&&span class=&p&&,&/span& &span class=&n&&ppvOut&/span&&span class=&p&&,&/span& &span class=&n&&punkOuter&/span&&span class=&p&&);&/span&
&span class=&p&&}&/span&
&span class=&nl&&DllMain&/span&&span class=&p&&:&/span&
&span class=&n&&TCHAR&/span& &span class=&n&&systemPath&/span&&span class=&p&&[&/span&&span class=&n&&MAX_PATH&/span&&span class=&p&&];&/span&
&span class=&o&&::&/span&&span class=&n&&GetSystemDirectory&/span&&span class=&p&&(&/span&&span class=&n&&systemPath&/span&&span class=&p&&,&/span& &span class=&n&&MAX_PATH&/span&&span class=&p&&);&/span&
&span class=&n&&HMODULE&/span& &span class=&n&&hInput&/span& &span class=&o&&=&/span& &span class=&o&&::&/span&&span class=&n&&LoadLibrary&/span&&span class=&p&&(&/span&&span class=&n&&CString&/span&&span class=&p&&(&/span&&span class=&n&&systemPath&/span&&span class=&p&&)&/span& &span class=&o&&+&/span& &span class=&n&&_T&/span&&span class=&p&&(&/span&&span class=&s&&&&/span&&span class=&se&&\\&/span&&span class=&s&&DINPUT8.DLL&&/span&&span class=&p&&));&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&hInput&/span& &span class=&o&&!=&/span& &span class=&nb&&NULL&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&n&&pfnDirectInput8Create&/span& &span class=&o&&=&/span& &span class=&p&&(&/span&&span class=&n&&PFNDirectInput8Create&/span&&span class=&p&&)&/span&&span class=&o&&::&/span&&span class=&n&&GetProcAddress&/span&&span class=&p&&(&/span&&span class=&n&&hInput&/span&&span class=&p&&,&/span& &span class=&s&&&DirectInput8Create&&/span&&span class=&p&&);&/span&
&span class=&p&&}&/span&
&/code&&/pre&&/div&&p&在上面的代码里,DllMain里需要加载真正的DINPUT8.DLL,然后获取到DirectInput8Create的地址,然后才能在中继代码中CALL。需要注意的是,我们最好不要包含任何有关DirectX SDK的头文件,这些头文件往往会指定API为导入,而我们需要将同名的中继函数导出。&/p&&p&如果遇到了类型没定义的错误也不用急,按照其长度写一个等价的就行了。后文我会介绍一个更简单的制作中继函数跳板的办法。&/p&&p&那么,接下来是怎么搜的问题。我们先来编译原版lua51.dll,编译设置选择Release版本。&/p&&figure&&img src=&http://pic2.zhimg.com/a5b0dab4785b9_b.png& data-rawheight=&600& data-rawwidth=&800& class=&origin_image zh-lightbox-thumb& width=&800& data-original=&http://pic2.zhimg.com/a5b0dab4785b9_r.png&&&/figure&&br&&p&如果在用kernel32.dll!LoadLibraryA/W加载了原版的lua51.dll之后,直接拿API函数开始的二进制码去做搜索,只能搜索到一小部分函数。这是由于DLL中的代码需要根据.reloc节的信息进行重定位,需要定位的地方二进制值会变,因此纯粹的memcmp行不通。&/p&&p&在这里我直接采用了一个较简单但是相对耗时的策略:在搜索时利用反汇编引擎XDE32一条条解析指令格式,发现需要重定位的指令,就读取地址处的值代替地址本身充当特征码。&/p&&div class=&highlight&&&pre&&code class=&language-c&&&span&&/span&&span class=&k&&while&/span& &span class=&p&&(&/span&&span class=&n&&target&/span& &span class=&o&&&&/span& &span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&instr&/span& &span class=&o&&+&/span& &span class=&n&&INSTR_SIZE&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&n&&xde_disasm&/span&&span class=&p&&((&/span&&span class=&n&&BYTE&/span&&span class=&o&&*&/span&&span class=&p&&)&/span&&span class=&n&&c&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&instr&/span&&span class=&p&&);&/span&
&span class=&kt&&int&/span& &span class=&n&&len&/span& &span class=&o&&=&/span& &span class=&n&&instr&/span&&span class=&p&&.&/span&&span class=&n&&len&/span&&span class=&p&&;&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&len&/span& &span class=&o&&==&/span& &span class=&mi&&0&/span&&span class=&p&&)&/span&
&span class=&k&&break&/span&&span class=&p&&;&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&instr&/span&&span class=&p&&.&/span&&span class=&n&&opcode&/span& &span class=&o&&==&/span& &span class=&mh&&0x68&/span& &span class=&o&&||&/span& &span class=&n&&instr&/span&&span class=&p&&.&/span&&span class=&n&&addrsize&/span& &span class=&o&&==&/span& &span class=&mi&&4&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&c1&&// read memory data&/span&
&span class=&n&&PVOID&/span& &span class=&n&&addr&/span& &span class=&o&&=&/span& &span class=&n&&instr&/span&&span class=&p&&.&/span&&span class=&n&&opcode&/span& &span class=&o&&==&/span& &span class=&mh&&0x68&/span& &span class=&o&&?&/span& &span class=&o&&*&/span&&span class=&p&&(&/span&&span class=&n&&PVOID&/span&&span class=&o&&*&/span&&span class=&p&&)(&/span&&span class=&n&&c&/span& &span class=&o&&+&/span& &span class=&mi&&1&/span&&span class=&p&&)&/span& &span class=&o&&:&/span& &span class=&p&&(&/span&&span class=&n&&PVOID&/span&&span class=&p&&)&/span&&span class=&n&&instr&/span&&span class=&p&&.&/span&&span class=&n&&addr_l&/span&&span class=&p&&[&/span&&span class=&mi&&0&/span&&span class=&p&&];&/span&
&span class=&kt&&char&/span& &span class=&n&&buf&/span&&span class=&p&&[&/span&&span class=&mi&&16&/span&&span class=&p&&];&/span&
&span class=&n&&memset&/span&&span class=&p&&(&/span&&span class=&n&&buf&/span&&span class=&p&&,&/span& &span class=&mi&&0&/span&&span class=&p&&,&/span& &span class=&k&&sizeof&/span&&span class=&p&&(&/span&&span class=&n&&buf&/span&&span class=&p&&));&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&addr&/span& &span class=&o&&!=&/span& &span class=&nb&&NULL&/span& &span class=&o&&&&&/span& &span class=&o&&::&/span&&span class=&n&&ReadProcessMemory&/span&&span class=&p&&(&/span&&span class=&o&&::&/span&&span class=&n&&GetCurrentProcess&/span&&span class=&p&&(),&/span& &span class=&n&&addr&/span&&span class=&p&&,&/span& &span class=&n&&buf&/span&&span class=&p&&,&/span& &span class=&mi&&4&/span&&span class=&p&&,&/span& &span class=&nb&&NULL&/span&&span class=&p&&))&/span& &span class=&p&&{&/span&
&span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&stringList&/span&&span class=&p&&.&/span&&span class=&n&&push_back&/span&&span class=&p&&(&/span&&span class=&n&&std&/span&&span class=&o&&::&/span&&span class=&n&&make_pair&/span&&span class=&p&&(&/span&&span class=&n&&addr&/span&&span class=&p&&,&/span& &span class=&n&&std&/span&&span class=&o&&::&/span&&span class=&n&&string&/span&&span class=&p&&(&/span&&span class=&n&&buf&/span&&span class=&p&&)));&/span&
&span class=&p&&}&/span&
&span class=&n&&BYTE&/span& &span class=&n&&temp&/span&&span class=&p&&[&/span&&span class=&mi&&16&/span&&span class=&p&&];&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&instr&/span&&span class=&p&&.&/span&&span class=&n&&opcode&/span& &span class=&o&&==&/span& &span class=&mh&&0x68&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&n&&memcpy&/span&&span class=&p&&(&/span&&span class=&n&&temp&/span&&span class=&p&&,&/span& &span class=&n&&c&/span&&span class=&p&&,&/span& &span class=&n&&instr&/span&&span class=&p&&.&/span&&span class=&n&&len&/span&&span class=&p&&);&/span&
&span class=&o&&*&/span&&span class=&p&&(&/span&&span class=&n&&PVOID&/span&&span class=&o&&*&/span&&span class=&p&&)(&/span&&span class=&n&&temp&/span& &span class=&o&&+&/span& &span class=&mi&&1&/span&&span class=&p&&)&/span& &span class=&o&&=&/span& &span class=&o&&*&/span&&span class=&p&&(&/span&&span class=&n&&PVOID&/span&&span class=&o&&*&/span&&span class=&p&&)&/span&&span class=&n&&buf&/span&&span class=&p&&;&/span&
&span class=&p&&}&/span& &span class=&k&&else&/span& &span class=&p&&{&/span&
&span class=&n&&instr&/span&&span class=&p&&.&/span&&span class=&n&&addr_l&/span&&span class=&p&&[&/span&&span class=&mi&&0&/span&&span class=&p&&]&/span& &span class=&o&&=&/span& &span class=&o&&*&/span&&span class=&p&&(&/span&&span class=&kt&&long&/span&&span class=&o&&*&/span&&span class=&p&&)&/span&&span class=&n&&buf&/span&&span class=&p&&;&/span&
&span class=&n&&xde_asm&/span&&span class=&p&&(&/span&&span class=&n&&temp&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&instr&/span&&span class=&p&&);&/span&
&span class=&p&&}&/span&
&span class=&n&&memcpy&/span&&span class=&p&&(&/span&&span class=&n&&target&/span&&span class=&p&&,&/span& &span class=&n&&temp&/span&&span class=&p&&,&/span& &span class=&n&&len&/span& &span class=&o&&+&/span& &span class=&n&&target&/span& &span class=&o&&&&/span& &span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&instr&/span& &span class=&o&&+&/span& &span class=&n&&INSTR_SIZE&/span& &span class=&o&&?&/span& &span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&instr&/span& &span class=&o&&+&/span& &span class=&n&&INSTR_SIZE&/span& &span class=&o&&-&/span& &span class=&nl&&target&/span& &span class=&p&&:&/span& &span class=&n&&len&/span&&span class=&p&&);&/span&
&span class=&p&&}&/span& &span class=&k&&else&/span& &span class=&p&&{&/span&
&span class=&n&&memcpy&/span&&span class=&p&&(&/span&&span class=&n&&target&/span&&span class=&p&&,&/span& &span class=&n&&c&/span&&span class=&p&&,&/span& &span class=&n&&len&/span& &span class=&o&&+&/span& &span class=&n&&target&/span& &span class=&o&&&&/span& &span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&instr&/span& &span class=&o&&+&/span& &span class=&n&&INSTR_SIZE&/span& &span class=&o&&?&/span& &span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&instr&/span& &span class=&o&&+&/span& &span class=&n&&INSTR_SIZE&/span& &span class=&o&&-&/span& &span class=&nl&&target&/span& &span class=&p&&:&/span& &span class=&n&&len&/span&&span class=&p&&);&/span&
&span class=&p&&}&/span&
&span class=&n&&c&/span& &span class=&o&&+=&/span& &span class=&n&&len&/span&&span class=&p&&;&/span&
&span class=&n&&target&/span& &span class=&o&&+=&/span& &span class=&n&&len&/span&&span class=&p&&;&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&o&&!&/span&&span class=&n&&edge&/span&&span class=&p&&)&/span&
&span class=&n&&validLength&/span& &span class=&o&&+=&/span& &span class=&n&&len&/span& &span class=&o&&+&/span& &span class=&n&&target&/span& &span class=&o&&&&/span& &span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&instr&/span& &span class=&o&&+&/span& &span class=&n&&INSTR_SIZE&/span& &span class=&o&&?&/span& &span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&instr&/span& &span class=&o&&+&/span& &span class=&n&&INSTR_SIZE&/span& &span class=&o&&-&/span& &span class=&nl&&target&/span& &span class=&p&&:&/span& &span class=&n&&len&/span&&span class=&p&&;&/span&
&span class=&n&&entry&/span&&span class=&p&&.&/span&&span class=&n&&lengthHist&/span&&span class=&p&&[&/span&&span class=&n&&len&/span&&span class=&p&&]&/span&&span class=&o&&++&/span&&span class=&p&&;&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&o&&*&/span&&span class=&n&&c&/span& &span class=&o&&==&/span& &span class=&mh&&0xCC&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&n&&edge&/span& &span class=&o&&=&/span& &span class=&nb&&true&/span&&span class=&p&&;&/span&
&span class=&p&&}&/span&
&span class=&p&&}&/span&
&/code&&/pre&&/div&&p&具体到匹配算法,为了避免因微小长度差异而导致整体错位,我没有直接memcmp,而是用了最长公共子串的动态规划算法,时间和空间复杂度都为O(N * N)。对于不太长的特征序列,性能上的损失可以接受。&/p&&div class=&highlight&&&pre&&code class=&language-c&&&span&&/span&&span class=&k&&static&/span& &span class=&kt&&int&/span& &span class=&nf&&CommonLength&/span&&span class=&p&&(&/span&&span class=&k&&const&/span& &span class=&n&&BYTE&/span&&span class=&o&&*&/span& &span class=&n&&x&/span&&span class=&p&&,&/span& &span class=&kt&&int&/span& &span class=&n&&xlen&/span&&span class=&p&&,&/span& &span class=&k&&const&/span& &span class=&n&&BYTE&/span&&span class=&o&&*&/span& &span class=&n&&y&/span&&span class=&p&&,&/span& &span class=&kt&&int&/span& &span class=&n&&ylen&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&kt&&int&/span& &span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&INSTR_SIZE&/span& &span class=&o&&+&/span& &span class=&mi&&1&/span&&span class=&p&&][&/span&&span class=&n&&INSTR_SIZE&/span& &span class=&o&&+&/span& &span class=&mi&&1&/span&&span class=&p&&];&/span&
&span class=&n&&memset&/span&&span class=&p&&(&/span&&span class=&n&&opt&/span&&span class=&p&&,&/span& &span class=&mi&&0&/span&&span class=&p&&,&/span& &span class=&k&&sizeof&/span&&span class=&p&&(&/span&&span class=&n&&opt&/span&&span class=&p&&));&/span&
&span class=&k&&for&/span& &span class=&p&&(&/span&&span class=&kt&&int&/span& &span class=&n&&i&/span& &span class=&o&&=&/span& &span class=&mi&&1&/span&&span class=&p&&;&/span& &span class=&n&&i&/span& &span class=&o&&&=&/span& &span class=&n&&xlen&/span&&span class=&p&&;&/span& &span class=&n&&i&/span&&span class=&o&&++&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&k&&for&/span& &span class=&p&&(&/span&&span class=&kt&&int&/span& &span class=&n&&j&/span& &span class=&o&&=&/span& &span class=&mi&&1&/span&&span class=&p&&;&/span& &span class=&n&&j&/span& &span class=&o&&&=&/span& &span class=&n&&ylen&/span&&span class=&p&&;&/span& &span class=&n&&j&/span&&span class=&o&&++&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&x&/span&&span class=&p&&[&/span&&span class=&n&&i&/span& &span class=&o&&-&/span& &span class=&mi&&1&/span&&span class=&p&&]&/span& &span class=&o&&==&/span& &span class=&n&&y&/span&&span class=&p&&[&/span&&span class=&n&&j&/span& &span class=&o&&-&/span& &span class=&mi&&1&/span&&span class=&p&&])&/span&
&span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&i&/span&&span class=&p&&][&/span&&span class=&n&&j&/span&&span class=&p&&]&/span& &span class=&o&&=&/span& &span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&i&/span& &span class=&o&&-&/span& &span class=&mi&&1&/span&&span class=&p&&][&/span&&span class=&n&&j&/span& &span class=&o&&-&/span& &span class=&mi&&1&/span&&span class=&p&&]&/span& &span class=&o&&+&/span& &span class=&mi&&1&/span&&span class=&p&&;&/span&
&span class=&k&&else&/span&
&span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&i&/span&&span class=&p&&][&/span&&span class=&n&&j&/span&&span class=&p&&]&/span& &span class=&o&&=&/span& &span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&i&/span& &span class=&o&&-&/span& &span class=&mi&&1&/span&&span class=&p&&][&/span&&span class=&n&&j&/span&&span class=&p&&]&/span& &span class=&o&&&&/span& &span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&i&/span&&span class=&p&&][&/span&&span class=&n&&j&/span& &span class=&o&&-&/span& &span class=&mi&&1&/span&&span class=&p&&]&/span& &span class=&o&&?&/span& &span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&i&/span& &span class=&o&&-&/span& &span class=&mi&&1&/span&&span class=&p&&][&/span&&span class=&n&&j&/span&&span class=&p&&]&/span& &span class=&o&&:&/span& &span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&i&/span&&span class=&p&&][&/span&&span class=&n&&j&/span& &span class=&o&&-&/span& &span class=&mi&&1&/span&&span class=&p&&];&/span&
&span class=&p&&}&/span&
&span class=&p&&}&/span&
&span class=&k&&return&/span& &span class=&n&&opt&/span&&span class=&p&&[&/span&&span class=&n&&xlen&/span&&span class=&p&&][&/span&&span class=&n&&ylen&/span&&span class=&p&&];&/span&
&span class=&p&&}&/span&
&/code&&/pre&&/div&&br&搜索的范围只需要设置为dontstarve_steam.exe的.text节所在范围即可,其实我在试了几个版本之后,发现.text + 0x170000之后才会有对应的lua api的函数。因此为了速度快些就直接以.text + 0x170000为地点,.text的末尾为终点了。(当然其实这么做有一定风险,不过一直懒得改。。万一哪天饥荒有大更新很可能会出错)&p&搜索到目标函数之后,标记下来,并与luajit连接即可。下面是inline hook的代码:&/p&&div class=&highlight&&&pre&&code class=&language-c&&&span&&/span&&span class=&k&&static&/span& &span class=&kt&&void&/span& &span class=&nf&&Hook&/span&&span class=&p&&(&/span&&span class=&n&&BYTE&/span&&span class=&o&&*&/span& &span class=&n&&from&/span&&span class=&p&&,&/span& &span class=&n&&BYTE&/span&&span class=&o&&*&/span& &span class=&n&&to&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&c1&&// prepare inline hook&/span&
&span class=&kt&&unsigned&/span& &span class=&kt&&char&/span& &span class=&n&&code&/span&&span class=&p&&[&/span&&span class=&mi&&5&/span&&span class=&p&&]&/span& &span class=&o&&=&/span& &span class=&p&&{&/span& &span class=&mh&&0xe9&/span&&span class=&p&&,&/span& &span class=&mh&&0x00&/span&&span class=&p&&,&/span& &span class=&mh&&0x00&/span&&span class=&p&&,&/span& &span class=&mh&&0x00&/span&&span class=&p&&,&/span& &span class=&mh&&0x00&/span& &span class=&p&&};&/span&
&span class=&o&&*&/span&&span class=&p&&(&/span&&span class=&n&&DWORD&/span&&span class=&o&&*&/span&&span class=&p&&)(&/span&&span class=&n&&code&/span& &span class=&o&&+&/span& &span class=&mi&&1&/span&&span class=&p&&)&/span& &span class=&o&&=&/span& &span class=&p&&(&/span&&span class=&n&&DWORD&/span&&span class=&p&&)&/span&&span class=&n&&to&/span& &span class=&o&&-&/span& &span class=&p&&(&/span&&span class=&n&&DWORD&/span&&span class=&p&&)&/span&&span class=&n&&from&/span& &span class=&o&&-&/span& &span class=&mi&&5&/span&&span class=&p&&;&/span&
&span class=&n&&DWORD&/span& &span class=&n&&oldProtect&/span&&span class=&p&&;&/span&
&span class=&o&&::&/span&&span class=&n&&VirtualProtect&/span&&span class=&p&&(&/span&&span class=&n&&from&/span&&span class=&p&&,&/span& &span class=&mi&&5&/span&&span class=&p&&,&/span& &span class=&n&&PAGE_READWRITE&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&oldProtect&/span&&span class=&p&&);&/span&
&span class=&o&&::&/span&&span class=&n&&memcpy&/span&&span class=&p&&(&/span&&span class=&n&&from&/span&&span class=&p&&,&/span& &span class=&n&&code&/span&&span class=&p&&,&/span& &span class=&mi&&5&/span&&span class=&p&&);&/span&
&span class=&o&&::&/span&&span class=&n&&VirtualProtect&/span&&span class=&p&&(&/span&&span class=&n&&from&/span&&span class=&p&&,&/span& &span class=&mi&&5&/span&&span class=&p&&,&/span& &span class=&n&&oldProtect&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&oldProtect&/span&&span class=&p&&);&/span&
&span class=&p&&}&/span&
&/code&&/pre&&/div&&p&(个人比较喜欢0xE8/0xE9这种HOOK,不需要改寄存器,长度也很短。当然也可以用PUSH+RET, FF 15/25 即CALL/JMP DWORD PTR [ADDR]的,各有所需)&/p&&br&&p&&b&0x04 引火烧身&/b&&/p&&p&写完代码,编译好DLL,并将其改名为DINPUT8.DLL。同时再编译一份luajit的DLL,重命名为luajit.dll(原来的名字是lua51.dll),再加上直接用VS2008编译lua 5.1.4源码得到的lua51.dll,总共是三个文件。&/p&&p&将这三个文件复制到饥荒的bin目录,启动游戏。(见证奇迹的时候到了!!)&/p&&p&不出意外,BOOM!程序崩溃了!!&/p&&p&客位看官不好意思,前面洋洋洒洒写了一大堆,看起来有极大可能并没有什么用。&/p&&figure&&img src=&http://pic2.zhimg.com/11a027ee4f3dcccf830215_b.jpg& data-rawheight=&237& data-rawwidth=&280& class=&content_image& width=&280&&&/figure&不过仔细想想,这也不总是悲剧,至少证明了我们还是具有了利用DINPUT8傀儡来捅篓子的能力。&br&&p&但是为什么会崩溃呢?总得有个交待啊!!通过仔细的排查(其实就是打了个LOG),发现其实有部分函数就没Hook上。&/p&&p&但是为什么没Hook上呢?前面搜索花了那么大的精力,为什么结果还是不对呢?&/p&&br&&p&&b&0x05 调试器下没有秘密&/b&&/p&&p&没办法,只能用OllyDBG调试下试试了。由于饥荒的exe你直接点击是不会启动游戏的,它只会启动STEAM,然后用STEAM再启动游戏,所以我只能在DINPUT8.DLL的DllMain里,强行加一个getchar(),然后在STEAM中启动游戏,使用OllyDBG附加调试。&/p&&p&按ALT+E打开模块列表,点击dontstarve_steam.exe,启动Search for =& All inter-modular calls,就可以看到大多数函数已经被成功HOOK了。&/p&&figure&&img src=&http://pic1.zhimg.com/18ea8a0ac9d736e158a40a2ec079c6ec_b.png& data-rawheight=&944& data-rawwidth=&1472& class=&origin_image zh-lightbox-thumb& width=&1472& data-original=&http://pic1.zhimg.com/18ea8a0ac9d736e158a40a2ec079c6ec_r.png&&&/figure&&br&&p&一个个检查HOOK的函数,发现只要是搜索到了目标,基本上就没有什么大问题。问题在于很多函数就没找到,而且吊诡的是,自己手工去用OD强大的Search Command功能去搜,放宽搜索的匹配条件,也是找不到的。&/p&&figure&&img src=&http://pic1.zhimg.com/759e8bc888bd69eb849a05d_b.jpg& data-rawheight=&52& data-rawwidth=&90& class=&content_image& width=&90&&&/figure&所以……&p&难道是……&/p&&p&那些函数压根就不存在……吗?&br&&/p&&figure&&img src=&http://pic4.zhimg.com/ed27b57e1f7ba4faad26aae469c024ff_b.jpg& data-rawheight=&78& data-rawwidth=&78& class=&content_image& width=&78&&&/figure&&p&好吧。这个结论竟然对了一半。&/p&&p&确实有些api在exe中是没有的,因为exe没用到它们,编译器在连接的时候把它们抹掉了。我于是在lua51.dll中删除了它们的导出项。&/p&&p&另一部分呢,确实是没搜索到。通过查找字符串引用逐步定位相关指令的办法(具体就不详述了),我发现了一件怪事:&/p&&p&这些API和lua 5.1.4 DLL中的api在二进制层面上差别非常大!&/p&&br&&br&&br&&b&0x06 飞轮与链条&/b&&p&如果饥荒的作者修改过这些函数的实现,那么情况就非常僵了——我得在luajit中做等价的修改。不过仔细比对后发现,事情没有那么糟糕。&/p&&p&不一致的地方主要来自于两种原因:&/p&&p&1. 部分API调用内部函数被inline&/p&&p&2. 饥荒作者删除了部分API中关于luaC_checkGC调用&/p&&br&&br&&p&对于1,参考下图:&/p&&figure&&img src=&http://pic3.zhimg.com/9efda57f47acf5a540e20bf_b.png& data-rawheight=&752& data-rawwidth=&1619& class=&origin_image zh-lightbox-thumb& width=&1619& data-original=&http://pic3.zhimg.com/9efda57f47acf5a540e20bf_r.png&&&/figure&&p&luaO_pushfstring是lua_pushfstring所调用的函数,在饥荒主程序里这个调用是被inline的,导致其与我编译的lua51.dll中lua_pushfstring的二进制码不一致。&/p&&br&&p&对于2,参考下图:&/p&&p&&figure&&img src=&http://pic3.zhimg.com/efacb334860a_b.png& data-rawheight=&752& data-rawwidth=&1573& class=&origin_image zh-lightbox-thumb& width=&1573& data-original=&http://pic3.zhimg.com/efacb334860a_r.png&&&/figure&饥荒作者删除了代码中的一些luaC_checkGC的调用,从而使得一些函数不再会触发垃圾收集。这种想法是为了避免某些BUG吗?(比如C层面持有的对象因没有维持引用而失效)还是试图降低卡顿?我不得而知。但是奇怪的是,联机版的饥荒(针对联机版的内容主要参见后文)改动的地点和单机版并不一致。(上图中我添加的luaC_checkGC_是一个空宏,等价于把GC调用删除掉)&/p&&p&经过如上的修改之后重新编译lua51.dll,我们重新制作的链条终于能和饥荒原程序的飞轮啮合在一起了。&/p&&p&&b&0x07 打包炸弹&/b&&/p&&p&启动时崩溃,按照OllyDBG的LOG跟踪到是luajit有部分常数的值太小(如函数串最多常量个数,参数列表最多参数个数),改成大一些的值即可,不在此详述了。(饥荒真是内存杀手)&/p&&p&折腾了半天,我们的破补丁总算能勉强跑起来了。顺利度过loading界面,主界面成功启动!久违的背景音乐响起~&/p&&figure&&img src=&http://pic3.zhimg.com/ca9634288eaf9d8913770e_b.png& data-rawheight=&727& data-rawwidth=&1292& class=&origin_image zh-lightbox-thumb& width=&1292& data-original=&http://pic3.zhimg.com/ca9634288eaf9d8913770e_r.png&&&/figure&&br&&p&先随便试试基本的功能吧,先点下MODS看看会不会挂……&/p&&p&由墨菲定律可知:如果一个地方你感觉会出错,那么它就会出错。。于是有插件崩溃了。&/p&&figure&&img src=&http://pic1.zhimg.com/9efa97cd533aaadf_b.png& data-rawheight=&728& data-rawwidth=&1293& class=&origin_image zh-lightbox-thumb& width=&1293& data-original=&http://pic1.zhimg.com/9efa97cd533aaadf_r.png&&&/figure&&p&虽然在游戏中按“`”键也可以打开内置的控制台,但是这里LOG显示的行数有限,且不能滚屏。于是直接打开OllyDBG的LOG看看倒底发生了什么:&/p&&figure&&img src=&http://pic3.zhimg.com/e70debf13bcb68c5a3268cae_b.png& data-rawheight=&640& data-rawwidth=&862& class=&origin_image zh-lightbox-thumb& width=&862& data-original=&http://pic3.zhimg.com/e70debf13bcb68c5a3268cae_r.png&&&/figure&&br&&p&(这些LOG是用OutputDebugString输出的,需要OllyDBG 2.0以上版本才支持在调试器内显示它们。)&/p&&p&从上面的文字中可以看出,在加载翼语MOD的时候,mods.lua第42行报错,提示'arg'这个变量没有被定义。&br&&/p&&p&那么就去看看喽:&/p&&div class=&highlight&&&pre&&code class=&language-lua&&&span&&/span&&span class=&kd&&local&/span& &span class=&n&&runmodfn&/span& &span class=&o&&=&/span& &span class=&k&&function&/span&&span class=&p&&(&/span&&span class=&n&&fn&/span&&span class=&p&&,&/span&&span class=&n&&mod&/span&&span class=&p&&,&/span&&span class=&n&&modtype&/span&&span class=&p&&)&/span&
&span class=&k&&return&/span& &span class=&p&&(&/span&&span class=&k&&function&/span&&span class=&p&&(&/span&&span class=&o&&...&/span&&span class=&p&&)&/span&
&span class=&k&&if&/span& &span class=&n&&fn&/span& &span class=&k&&then&/span&
&span class=&kd&&local&/span& &span class=&n&&status&/span&&span class=&p&&,&/span& &span class=&n&&r&/span& &span class=&o&&=&/span& &span class=&nb&&xpcall&/span&&span class=&p&&(&/span& &span class=&k&&function&/span&&span class=&p&&()&/span& &span class=&k&&return&/span& &span class=&n&&fn&/span&&span class=&p&&(&/span&&span class=&nb&&unpack&/span&&span class=&p&&(&/span&&span class=&n&&arg&/span&&span class=&p&&))&/span& &span class=&k&&end&/span&&span class=&p&&,&/span& &span class=&nb&&debug.traceback&/span&&span class=&p&&)&/span& &span class=&c1&&--&& 42&/span&
&span class=&k&&if&/span& &span class=&ow&¬&/span& &span class=&n&&status&/span& &span class=&k&&then&/span&
&span class=&nb&&print&/span&&span class=&p&&(&/span&&span class=&s2&&&&/span&&span class=&s&&error calling &&/span&&span class=&o&&..&/span&&span class=&n&&modtype&/span&&span class=&o&&..&/span&&span class=&s2&&&&/span&&span class=&s&& in mod &&/span&&span class=&o&&..&/span&&span class=&n&&ModInfoname&/span&&span class=&p&&(&/span&&span class=&n&&mod&/span&&span class=&p&&.&/span&&span class=&n&&modname&/span&&span class=&p&&)&/span&&span class=&o&&..&/span&&span class=&s2&&&&/span&&span class=&s&&: &/span&&span class=&se&&\n&/span&&span class=&s&&&&/span&&span class=&o&&..&/span&&span class=&n&&r&/span&&span class=&p&&)&/span&
&span class=&n&&ModManager&/span&&span class=&p&&:&/span&&span class=&n&&RemoveBadMod&/span&&span class=&p&&(&/span&&span class=&n&&mod&/span&&span class=&p&&.&/span&&span class=&n&&modname&/span&&span class=&p&&,&/span&&span class=&n&&r&/span&&span class=&p&&)&/span&
&span class=&n&&ModManager&/span&&span class=&p&&:&/span&&span class=&n&&DisplayBadMods&/span&&span class=&p&&()&/span&
&span class=&k&&else&/span&
&span class=&k&&return&/span& &span class=&n&&r&/span&
&span class=&k&&end&/span&
&span class=&k&&end&/span&
&span class=&k&&end&/span&&span class=&p&&)&/span&
&span class=&k&&end&/span&
&/code&&/pre&&/div&&p&问题很明显,饥荒作者使用了旧的表示可变参数表的语法。在5.1以前,你可以使用arg来表示{...}这个表,arg[i]即可用于提取可变参数中的第i项。但是后来这个语法就被默认弃用掉了,仅保留一个宏可以开启这个兼容。LuaJIT则完全不兼容这个写法,通过仔细查看代码,它甚至删除了实现arg兼容所占用的mask bit而将这个bit用在了其他地方。&/p&&p&当时分析到这的时候,我觉得直接要求用户修改这个文件也不是什么难事,毕竟添加如下一行就可以解决问题:&/p&&div class=&highlight&&&pre&&code class=&language-lua&&&span&&/span&&span class=&kd&&local&/span& &span class=&n&&arg&/span& &span class=&o&&=&/span& &span class=&p&&{&/span&&span class=&o&&...&/span&&span class=&p&&}&/span&
&/code&&/pre&&/div&&p&于是我写好了详细的说明,将程序及源码发布在了Github上,并且在贴吧开了贴收集用户反馈。&br&&/p&&br&&p&&b&0x08 冒烟的补丁&/b&&/p&&p&第一波的反馈喜忧参半,可喜的是有部分用户能成功安装补丁,并且说确实有明显的效果,特别是针对Shipwrecked DLC加上大量Mods,忧的是仍然有大量不能正确启动的bug,报错也是千奇百怪,甚至有大量连游戏本身启动什么也没看到就闪退的问题。&/p&&p&对我冲击比较大的是,修改源代码文件这个要求对于普通用户来说实在是太难了。很多用户找不到文件,不知道用什么工具打开,看不懂英文因而无从下手,打了中文标点也浑然不知。而且很多第三方MOD里也用了这个旧的arg语法,要想举一反三,从我给出的修改mods.lua的方案直接得出修正第三方mod中相应语法问题的玩家非常少——毕竟贴吧以娱乐为主,不像知乎会有很多程序员。这很难办。&/p&&p&怎么办呢,只能自己把这个兼容性补丁做了。&/p&&p&在研究了一下午luajit parser之后,我放弃了按照lua源码中相同的设计添加兼容的思路。一方面如上所述,没有可用的mask bit,想要跑起来需要增加对应FLAG变量的位宽;另一方面lua源码中这个功能是在VM中解释时实现的,而luajit没有解释器,它直接跑的是原生指令。而想看明白JIT COMPILER的实现机制并且从中精准地插入这个功能并非易事。&/p&&p&不过又看了一下午parser之后,发现其实还有一个简单的办法。那就是在检测到当前编译的函数是可变参数的时候,动态插入一句local arg = {...}。这样的话有两种做法:&/p&&p&1、检测源文件文本,作一个简单的处理,定位到函数定义的地方,然后插入一行。&/p&&p&2、直接在AST生成的时候插入语法结点。&/p&&p&方法1的难度是比较低的,但是也需要稍微作一点解析工作,比如把注释,字符串跳过,检测函数定义的语句之类的。比较容易想不周全而出错。&/p&&p&要想想周全,就得搞个简单的parser。直接按方法2借用luajit自己的parser是最好的选择。为了使探索更有目的,我编写了这样的一个函数:&/p&&div class=&highlight&&&pre&&code class=&language-lua&&&span&&/span&&span class=&k&&function&/span& &span class=&nf&&test&/span&&span class=&p&&(&/span&&span class=&o&&...&/span&&span class=&p&&)&/span& &span class=&kd&&local&/span& &span class=&n&&arg&/span& &span class=&o&&=&/span& &span class=&p&&{&/span& &span class=&o&&...&/span& &span class=&p&&}&/span& &span class=&k&&end&/span&
&/code&&/pre&&/div&&p&然后跑起luajit来看看local arg = { ... }这句话究竟都会走哪些路径来生成AST。调试了一个小时之后,终于搞出来了。&/p&&p&打开lj_parse.c,定位到:&/p&&div class=&highlight&&&pre&&code class=&language-c&&&span&&/span&&span class=&k&&static&/span& &span class=&kt&&void&/span& &span class=&nf&&parse_chunk&/span&&span class=&p&&(&/span&&span class=&n&&LexState&/span& &span class=&o&&*&/span&&span class=&n&&ls&/span&&span class=&p&&)&/span&
&span class=&p&&{&/span&
&span class=&kt&&int&/span& &span class=&n&&islast&/span& &span class=&o&&=&/span& &span class=&mi&&0&/span&&span class=&p&&;&/span&
&span class=&n&&synlevel_begin&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&);&/span&
&span class=&n&&add_argstmt&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&);&/span& &span class=&c1&&// HERE!!!!!&/span&
&span class=&k&&while&/span& &span class=&p&&(&/span&&span class=&o&&!&/span&&span class=&n&&islast&/span& &span class=&o&&&&&/span& &span class=&o&&!&/span&&span class=&n&&parse_isend&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&tok&/span&&span class=&p&&))&/span& &span class=&p&&{&/span&
&span class=&n&&islast&/span& &span class=&o&&=&/span& &span class=&n&&parse_stmt&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&);&/span&
&span class=&n&&lex_opt&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&,&/span& &span class=&sc&&';'&/span&&span class=&p&&);&/span&
&span class=&n&&lua_assert&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&framesize&/span& &span class=&o&&&=&/span& &span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&freereg&/span& &span class=&o&&&&&/span&
&span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&freereg&/span& &span class=&o&&&=&/span& &span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&nactvar&/span&&span class=&p&&);&/span&
&span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&freereg&/span& &span class=&o&&=&/span& &span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&nactvar&/span&&span class=&p&&;&/span&
&span class=&cm&&/* Free registers after each stmt. */&/span&
&span class=&p&&}&/span&
&span class=&n&&synlevel_end&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&);&/span&
&span class=&p&&}&/span&
&/code&&/pre&&/div&&p&在标记处加一行调用add_argstmt的语句,然后编写这个函数:&/p&&div class=&highlight&&&pre&&code class=&language-c&&&span&&/span&&span class=&k&&static&/span& &span class=&kt&&void&/span& &span class=&nf&&add_argstmt&/span&&span class=&p&&(&/span&&span class=&n&&LexState&/span&&span class=&o&&*&/span& &span class=&n&&ls&/span&&span class=&p&&)&/span&
&span class=&p&&{&/span&
&span class=&n&&ExpDesc&/span& &span class=&n&&e&/span&&span class=&p&&;&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&flags&/span& &span class=&o&&&&/span& &span class=&n&&PROTO_VARARG&/span&&span class=&p&&)&/span& &span class=&p&&{&/span&
&span class=&n&&var_new_lit&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&,&/span& &span class=&mi&&0&/span&&span class=&p&&,&/span& &span class=&s&&&arg&&/span&&span class=&p&&);&/span&
&span class=&c1&&// nexps = expr_list(ls, &e);&/span&
&span class=&p&&{&/span&
&span class=&n&&synlevel_begin&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&);&/span&
&span class=&c1&&// expr_unop(ls, &e);&/span&
&span class=&p&&{&/span&
&span class=&c1&&// expr_simple(ls, v);&/span&
&span class=&p&&{&/span&
&span class=&c1&&// expr_table(ls, v);&/span&
&span class=&p&&{&/span&
&span class=&n&&ExpDesc&/span& &span class=&n&&key&/span&&span class=&p&&,&/span& &span class=&n&&val&/span&&span class=&p&&;&/span&
&span class=&n&&FuncState&/span& &span class=&o&&*&/span&&span class=&n&&fs&/span& &span class=&o&&=&/span& &span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&fs&/span&&span class=&p&&;&/span&
&span class=&n&&BCLine&/span& &span class=&n&&line&/span& &span class=&o&&=&/span& &span class=&n&&ls&/span&&span class=&o&&-&&/span&&span class=&n&&linenumber&/span&&span class=&p&&;&/span&
&span class=&n&&BCInsLine&/span& &span class=&o&&*&/span&&span class=&n&&ilp&/span&&span class=&p&&;&/span&
&span class=&n&&BCIns&/span& &span class=&o&&*&/span&&span class=&n&&ip&/span&&span class=&p&&;&/span&
&span class=&n&&ExpDesc&/span& &span class=&n&&en&/span&&span class=&p&&;&/span&
&span class=&n&&BCReg&/span& &span class=&n&&base&/span&&span class=&p&&;&/span&
&span class=&n&&GCtab&/span& &span class=&o&&*&/span&&span class=&n&&t&/span& &span class=&o&&=&/span& &span class=&nb&&NULL&/span&&span class=&p&&;&/span&
&span class=&kt&&int&/span& &span class=&n&&vcall&/span& &span class=&o&&=&/span& &span class=&mi&&0&/span&&span class=&p&&,&/span& &span class=&n&&needarr&/span& &span class=&o&&=&/span& &span class=&mi&&0&/span&&span class=&p&&,&/span& &span class=&n&&fixt&/span& &span class=&o&&=&/span& &span class=&mi&&0&/span&&span class=&p&&;&/span&
&span class=&kt&&uint32_t&/span& &span class=&n&&narr&/span& &span class=&o&&=&/span& &span class=&mi&&1&/span&&span class=&p&&;&/span&
&span class=&cm&&/* First array index. */&/span&
&span class=&kt&&uint32_t&/span& &span class=&n&&nhash&/span& &span class=&o&&=&/span& &span class=&mi&&0&/span&&span class=&p&&;&/span&
&span class=&cm&&/* Number of hash entries. */&/span&
&span class=&n&&BCReg&/span& &span class=&n&&freg&/span& &span class=&o&&=&/span& &span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&freereg&/span&&span class=&p&&;&/span&
&span class=&n&&BCPos&/span& &span class=&n&&pc&/span& &span class=&o&&=&/span& &span class=&n&&bcemit_AD&/span&&span class=&p&&(&/span&&span class=&n&&fs&/span&&span class=&p&&,&/span& &span class=&n&&BC_TNEW&/span&&span class=&p&&,&/span& &span class=&n&&freg&/span&&span class=&p&&,&/span& &span class=&mi&&0&/span&&span class=&p&&);&/span&
&span class=&n&&expr_init&/span&&span class=&p&&(&/span&&span class=&o&&&&/span&&span class=&n&&e&/span&&span class=&p&&,&/span& &span class=&n&&VNONRELOC&/span&&span class=&p&&,&/span& &span class=&n&&freg&/span&&span class=&p&&);&/span&
&span class=&n&&bcreg_reserve&/span&&span class=&p&&(&/span&&span class=&n&&fs&/span&&span class=&p&&,&/span& &span class=&mi&&1&/span&&span class=&p&&);&/span&
&span class=&n&&freg&/span&&span class=&o&&++&/span&&span class=&p&&;&/span&
&span class=&n&&vcall&/span& &span class=&o&&=&/span& &span class=&mi&&0&/span&&span class=&p&&;&/span&
&span class=&n&&expr_init&/span&&span class=&p&&(&/span&&span class=&o&&&&/span&&span class=&n&&key&/span&&span class=&p&&,&/span& &span class=&n&&VKNUM&/span&&span class=&p&&,&/span& &span class=&mi&&0&/span&&span class=&p&&);&/span&
&span class=&n&&setintV&/span&&span class=&p&&(&/span&&span class=&o&&&&/span&&span class=&n&&key&/span&&span class=&p&&.&/span&&span class=&n&&u&/span&&span class=&p&&.&/span&&span class=&n&&nval&/span&&span class=&p&&,&/span& &span class=&p&&(&/span&&span class=&kt&&int&/span&&span class=&p&&)&/span&&span class=&n&&narr&/span&&span class=&p&&);&/span&
&span class=&n&&narr&/span&&span class=&o&&++&/span&&span class=&p&&;&/span&
&span class=&n&&needarr&/span& &span class=&o&&=&/span& &span class=&n&&vcall&/span& &span class=&o&&=&/span& &span class=&mi&&1&/span&&span class=&p&&;&/span&
&span class=&c1&&// expr(ls, &val);&/span&
&span class=&p&&{&/span&
&span class=&n&&checkcond&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&,&/span& &span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&flags&/span& &span class=&o&&&&/span& &span class=&n&&PROTO_VARARG&/span&&span class=&p&&,&/span& &span class=&n&&LJ_ERR_XDOTS&/span&&span class=&p&&);&/span&
&span class=&n&&bcreg_reserve&/span&&span class=&p&&(&/span&&span class=&n&&fs&/span&&span class=&p&&,&/span& &span class=&mi&&1&/span&&span class=&p&&);&/span&
&span class=&n&&base&/span& &span class=&o&&=&/span& &span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&freereg&/span&&span class=&o&&-&/span&&span class=&mi&&1&/span&&span class=&p&&;&/span&
&span class=&n&&expr_init&/span&&span class=&p&&(&/span&&span class=&o&&&&/span&&span class=&n&&val&/span&&span class=&p&&,&/span& &span class=&n&&VCALL&/span&&span class=&p&&,&/span& &span class=&n&&bcemit_ABC&/span&&span class=&p&&(&/span&&span class=&n&&fs&/span&&span class=&p&&,&/span& &span class=&n&&BC_VARG&/span&&span class=&p&&,&/span& &span class=&n&&base&/span&&span class=&p&&,&/span& &span class=&mi&&2&/span&&span class=&p&&,&/span& &span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&numparams&/span&&span class=&p&&));&/span&
&span class=&n&&val&/span&&span class=&p&&.&/span&&span class=&n&&u&/span&&span class=&p&&.&/span&&span class=&n&&s&/span&&span class=&p&&.&/span&&span class=&n&&aux&/span& &span class=&o&&=&/span& &span class=&n&&base&/span&&span class=&p&&;&/span&
&span class=&p&&}&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&expr_isk&/span&&span class=&p&&(&/span&&span class=&o&&&&/span&&span class=&n&&key&/span&&span class=&p&&))&/span& &span class=&n&&expr_index&/span&&span class=&p&&(&/span&&span class=&n&&fs&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&e&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&key&/span&&span class=&p&&);&/span&
&span class=&n&&bcemit_store&/span&&span class=&p&&(&/span&&span class=&n&&fs&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&e&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&val&/span&&span class=&p&&);&/span&
&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&freereg&/span& &span class=&o&&=&/span& &span class=&n&&freg&/span&&span class=&p&&;&/span&
&span class=&n&&ilp&/span& &span class=&o&&=&/span& &span class=&o&&&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&bcbase&/span&&span class=&p&&[&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&pc&/span&&span class=&o&&-&/span&&span class=&mi&&1&/span&&span class=&p&&];&/span&
&span class=&n&&expr_init&/span&&span class=&p&&(&/span&&span class=&o&&&&/span&&span class=&n&&en&/span&&span class=&p&&,&/span& &span class=&n&&VKNUM&/span&&span class=&p&&,&/span& &span class=&mi&&0&/span&&span class=&p&&);&/span&
&span class=&n&&en&/span&&span class=&p&&.&/span&&span class=&n&&u&/span&&span class=&p&&.&/span&&span class=&n&&nval&/span&&span class=&p&&.&/span&&span class=&n&&u32&/span&&span class=&p&&.&/span&&span class=&n&&lo&/span& &span class=&o&&=&/span& &span class=&n&&narr&/span&&span class=&o&&-&/span&&span class=&mi&&1&/span&&span class=&p&&;&/span&
&span class=&n&&en&/span&&span class=&p&&.&/span&&span class=&n&&u&/span&&span class=&p&&.&/span&&span class=&n&&nval&/span&&span class=&p&&.&/span&&span class=&n&&u32&/span&&span class=&p&&.&/span&&span class=&n&&hi&/span& &span class=&o&&=&/span& &span class=&mh&&0x&/span&&span class=&p&&;&/span&
&span class=&cm&&/* Biased integer to avoid denormals. */&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&narr&/span& &span class=&o&&&&/span& &span class=&mi&&256&/span&&span class=&p&&)&/span& &span class=&p&&{&/span& &span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&pc&/span&&span class=&o&&--&/span&&span class=&p&&;&/span& &span class=&n&&ilp&/span&&span class=&o&&--&/span&&span class=&p&&;&/span& &span class=&p&&}&/span&
&span class=&n&&ilp&/span&&span class=&o&&-&&/span&&span class=&n&&ins&/span& &span class=&o&&=&/span& &span class=&n&&BCINS_AD&/span&&span class=&p&&(&/span&&span class=&n&&BC_TSETM&/span&&span class=&p&&,&/span& &span class=&n&&freg&/span&&span class=&p&&,&/span& &span class=&n&&const_num&/span&&span class=&p&&(&/span&&span class=&n&&fs&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&en&/span&&span class=&p&&));&/span&
&span class=&n&&setbc_b&/span&&span class=&p&&(&/span&&span class=&o&&&&/span&&span class=&n&&ilp&/span&&span class=&p&&[&/span&&span class=&o&&-&/span&&span class=&mi&&1&/span&&span class=&p&&].&/span&&span class=&n&&ins&/span&&span class=&p&&,&/span& &span class=&mi&&0&/span&&span class=&p&&);&/span&
&span class=&n&&e&/span&&span class=&p&&.&/span&&span class=&n&&k&/span& &span class=&o&&=&/span& &span class=&n&&VNONRELOC&/span&&span class=&p&&;&/span&
&span class=&cm&&/* May have been changed by expr_index. */&/span&
&span class=&n&&ip&/span& &span class=&o&&=&/span& &span class=&o&&&&/span&&span class=&n&&fs&/span&&span class=&o&&-&&/span&&span class=&n&&bcbase&/span&&span class=&p&&[&/span&&span class=&n&&pc&/span&&span class=&p&&].&/span&&span class=&n&&ins&/span&&span class=&p&&;&/span&
&span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&o&&!&/span&&span class=&n&&needarr&/span&&span class=&p&&)&/span& &span class=&n&&narr&/span& &span class=&o&&=&/span& &span class=&mi&&0&/span&&span class=&p&&;&/span&
&span class=&k&&else&/span& &span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&narr&/span& &span class=&o&&&&/span& &span class=&mi&&3&/span&&span class=&p&&)&/span& &span class=&n&&narr&/span& &span class=&o&&=&/span& &span class=&mi&&3&/span&&span class=&p&&;&/span&
&span class=&k&&else&/span& &span class=&k&&if&/span& &span class=&p&&(&/span&&span class=&n&&narr&/span& &span class=&o&&&&/span& &span class=&mh&&0x7ff&/span&&span class=&p&&)&/span& &span class=&n&&narr&/span& &span class=&o&&=&/span& &span class=&mh&&0x7ff&/span&&span class=&p&&;&/span&
&span class=&n&&setbc_d&/span&&span class=&p&&(&/span&&span class=&n&&ip&/span&&span class=&p&&,&/span& &span class=&n&&narr&/span&&span class=&o&&|&/span&&span class=&p&&(&/span&&span class=&n&&hsize2hbits&/span&&span class=&p&&(&/span&&span class=&n&&nhash&/span&&span class=&p&&)&/span&&span class=&o&&&&&/span&&span class=&mi&&11&/span&&span class=&p&&));&/span&
&span class=&p&&}&/span&
&span class=&p&&}&/span&
&span class=&p&&}&/span&
&span class=&n&&synlevel_end&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&);&/span&
&span class=&p&&}&/span&
&span class=&n&&assign_adjust&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&span class=&p&&,&/span& &span class=&mi&&1&/span&&span class=&p&&,&/span& &span class=&mi&&1&/span&&span class=&p&&,&/span& &span class=&o&&&&/span&&span class=&n&&e&/span&&span class=&p&&);&/span&
&span class=&n&&var_add&/span&&span class=&p&&(&/span&&span class=&n&&ls&/span&&spa}
我要回帖
更多关于 饥荒 文字血囊 的文章
更多推荐
- ·地球陨落的遗迹boss怎么打脉冲兽杀手战士成就怎么获得介绍_地球陨落的遗迹boss怎么打脉冲兽杀手战士成就怎么获得是什么
- ·天外世界脑脑控解控射线最佳方法枪获得方法介绍_天外世界脑脑控解控射线最佳方法枪获得方法是什么
- ·传统文化与红色文化相结合和中华文化,各民族文化的关系是什么
- ·新疆有高原反应吗海拔多高平均海拔有2000米吗
- ·铁甲雄兵所有女角色皮肤科幻风新皮肤 伊莎贝拉化身“食刃种”介绍_铁甲雄兵所有女角色皮肤科幻风新皮肤 伊莎贝拉化身“食刃种”是什么
- ·狼人杀恶魔牌中怎么玩好狼人牌 五种狼人的玩法技
- ·不修改怎么银币来的快,法鲁克队长刷新时间尸体怎么刷新快
- ·时之扉淘手游决斗之城怎么决斗 决斗申请系统介绍
- ·X3TC 星区怎么制作 用unity 星空
- ·进击的巨人真人版巨人 字母
- ·先游预约成功的游戏怎么下载
- ·vivo x6a刷机包x6a 充满电一直玩能玩多长时间
- ·如何作弊网络龙虎游戏破解方法破解技巧〖详细解说 〗
- ·终于知道为什么剑灵玩玩lol的人越来越少了了
- ·PS2上有哪些好的双人合作通关游戏的游戏
- ·剑网3驭剑三驯兽师驾驭宠物怎么升级
- ·神界原罪2费恩结局什么职业
- ·王者荣耀凯上单出装S9芈月上单怎么出装
- ·大佬给说一下,gta5还能刷钱吗火多久,打折之际准备
- ·饥荒控制台文字进去后,出现一行文字。点那边都会退出怎么办?
- ·游戏中闪屏怎么解决,华为手机闪屏解决方法是一加五,游戏是大
- ·世界ol中,为什么决战平安京攻击吸血对方自己不吸血却损血
- ·求lol盒子大神陪玩解决,玩lol为啥一直60帧?我没有开垂直同步,n卡也调了,就是一直60帧,打团战还会掉帧
- ·哪里可以古剑奇谭2定制校服剑。
- ·求教,为什么psn上面的gta5 psn要400多
- ·66工厂娱乐——for怎么取消王者荣耀自动普通攻击击动
- ·女朋友天天女朋友爱玩王者荣耀耀,真的那么好玩吗
- ·荒野行动怎么遁地PC版遁地挂有没有?能不能教我开挂
- ·王者荣耀战队皮肤领取皮肤永久怎么领取
- ·dota2死灵书是不是要死了
- ·哪位给个kof95kof2002八神连招队的
- ·技能怎么搭配 梦幻诛仙苍羽阁厉害吗羽翼技能选择推荐
- ·自由之战已经被小学生战地1攻占托尔了吗
- ·使用百穿铭文之后 铠的出装和铭文还需要再出破甲弓吗
- ·超魔神英雄传百度云第三部能不能分享下,谢谢
