Code:
Position
--------
Before..
--------
0047ADA0 /$ 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
0047ADA4 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
0047ADA6 |. 83C1 48 ADD ECX,48
0047ADA9 |. 8911 MOV DWORD PTR DS:[ECX],EDX
0047ADAB |. 8B50 04 MOV EDX,DWORD PTR DS:[EAX+4]
0047ADAE |. 8951 04 MOV DWORD PTR DS:[ECX+4],EDX
0047ADB1 |. 8B40 08 MOV EAX,DWORD PTR DS:[EAX+8]
0047ADB4 |. 8941 08 MOV DWORD PTR DS:[ECX+8],EAX
0047ADB7 \. C2 0400 RETN 4
You could get the position like:
//ZObject::GetPosition
float* ZObject__GetPosition(void* pChar){
return (float*)((DWORD)pChar + 0x48);
}
NOW!
-------
004865D0 $ 6A FF PUSH -1
004865D2 . 68 43A25D00 PUSH Unpacked.005DA243 ; SE handler installation
004865D7 . 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
004865DD . 50 PUSH EAX
004865DE . 64:8925 0000000>MOV DWORD PTR FS:[0],ESP
004865E5 . 51 PUSH ECX
004865E6 . 56 PUSH ESI
004865E7 . 8BF1 MOV ESI,ECX
004865E9 . 897424 04 MOV DWORD PTR SS:[ESP+4],ESI
004865ED . C706 481C5F00 MOV DWORD PTR DS:[ESI],Unpacked.005F1C48 ; ASCII "PgH"
004865F3 . 8B46 68 MOV EAX,DWORD PTR DS:[ESI+68]
004865F6 . 50 PUSH EAX ; /Arg1
004865F7 . C74424 14 01000>MOV DWORD PTR SS:[ESP+14],1 ; |
004865FF . E8 0C220000 CALL Unpacked.00488810 ; \Unpacked.00488810
00486604 . 8B4E 68 MOV ECX,DWORD PTR DS:[ESI+68]
00486607 . 85C9 TEST ECX,ECX
00486609 . 74 06 JE SHORT Unpacked.00486611
0048660B . 8B11 MOV EDX,DWORD PTR DS:[ECX]
0048660D . 6A 01 PUSH 1
0048660F . FF12 CALL DWORD PTR DS:[EDX]
00486611 > 8D4E 6C LEA ECX,DWORD PTR DS:[ESI+6C]
00486614 . C64424 10 00 MOV BYTE PTR SS:[ESP+10],0
00486619 . E8 C268FFFF CALL Unpacked.0047CEE0
0048661E . 8BCE MOV ECX,ESI
00486620 . C74424 10 FFFFF>MOV DWORD PTR SS:[ESP+10],-1
00486628 . E8 83220000 CALL Unpacked.004888B0
0048662D . 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+8]
00486631 . 5E POP ESI
00486632 . 64:890D 0000000>MOV DWORD PTR FS:[0],ECX
00486639 . 83C4 10 ADD ESP,10
0048663C . C3 RETN
00488810 /$ 83EC 0C SUB ESP,0C
00488813 |. 56 PUSH ESI
00488814 |. 8B7424 14 MOV ESI,DWORD PTR SS:[ESP+14]
00488818 |. 85F6 TEST ESI,ESI
0048881A |. 57 PUSH EDI
0048881B |. 8BF9 MOV EDI,ECX
0048881D |. 0F84 85000000 JE Unpacked.004888A8
00488823 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
00488825 |. 8BCE MOV ECX,ESI
00488827 |. FF50 04 CALL DWORD PTR DS:[EAX+4]
0048882A |. 8D5424 08 LEA EDX,DWORD PTR SS:[ESP+8]
0048882E |. 894424 08 MOV DWORD PTR SS:[ESP+8],EAX
00488832 |. 52 PUSH EDX
00488833 |. 8D4424 1C LEA EAX,DWORD PTR SS:[ESP+1C]
00488837 |. 8D4F 04 LEA ECX,DWORD PTR DS:[EDI+4]
0048883A |. 50 PUSH EAX
0048883B |. 894C24 18 MOV DWORD PTR SS:[ESP+18],ECX
0048883F |. E8 4C650100 CALL Unpacked.0049ED90
00488844 |. 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+18]
00488848 |. 3B4F 08 CMP ECX,DWORD PTR DS:[EDI+8]
0048884B |. 74 5B JE SHORT Unpacked.004888A8
0048884D |. 8B16 MOV EDX,DWORD PTR DS:[ESI]
0048884F |. 53 PUSH EBX
00488850 |. 55 PUSH EBP
00488851 |. 8BCE MOV ECX,ESI
00488853 |. FF52 04 CALL DWORD PTR DS:[EDX+4]
00488856 |. 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
0048885A |. 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+10]
0048885E |. 50 PUSH EAX
0048885F |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
00488863 |. 8D5F 10 LEA EBX,DWORD PTR DS:[EDI+10]
00488866 |. 51 PUSH ECX
00488867 |. 8BCB MOV ECX,EBX
00488869 |. E8 22650100 CALL Unpacked.0049ED90
0048886E |. 8B6C24 14 MOV EBP,DWORD PTR SS:[ESP+14]
00488872 |. 3B6F 14 CMP EBP,DWORD PTR DS:[EDI+14]
00488875 |. 74 15 JE SHORT Unpacked.0048888C
00488877 |. 8B4D 10 MOV ECX,[ARG.3]
0048887A |. 8B11 MOV EDX,DWORD PTR DS:[ECX]
0048887C |. FF52 20 CALL DWORD PTR DS:[EDX+20]
0048887F |. 55 PUSH EBP ; /Arg2
00488880 |. 8D4424 18 LEA EAX,DWORD PTR SS:[ESP+18] ; |
00488884 |. 50 PUSH EAX ; |Arg1
00488885 |. 8BCB MOV ECX,EBX ; |
00488887 |. E8 E4E3FFFF CALL Unpacked.00486C70 ; \Unpacked.00486C70
0048888C |> 8B4C24 20 MOV ECX,DWORD PTR SS:[ESP+20]
00488890 |. 51 PUSH ECX ; /Arg2
00488891 |. 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+1C] ; |
00488895 |. 8D5424 24 LEA EDX,DWORD PTR SS:[ESP+24] ; |
00488899 |. 52 PUSH EDX ; |Arg1
0048889A |. E8 D1E3FFFF CALL Unpacked.00486C70 ; \Unpacked.00486C70
0048889F |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
004888A1 |. 8BCE MOV ECX,ESI
004888A3 |. FF50 18 CALL DWORD PTR DS:[EAX+18]
004888A6 |. 5D POP EBP
004888A7 |. 5B POP EBX
004888A8 |> 5F POP EDI
004888A9 |. 5E POP ESI
004888AA |. 83C4 0C ADD ESP,0C
004888AD \. C2 0400 RETN 4
0047CEE0 /$ 68 D0F04700 PUSH Unpacked.0047F0D0 ; Entry address
0047CEE5 |. 6A 0C PUSH 0C
0047CEE7 |. C701 64175F00 MOV DWORD PTR DS:[ECX],Unpacked.005F1764
0047CEED |. 6A 38 PUSH 38
0047CEEF |. 83C1 04 ADD ECX,4
0047CEF2 |. 51 PUSH ECX
0047CEF3 |. E8 27510F00 CALL Unpacked.0057201F
0047CEF8 \. C3 RETN
004888B0 /$ 6A FF PUSH -1
004888B2 |. 68 6BA35D00 PUSH Unpacked.005DA36B ; SE handler installation
004888B7 |. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
004888BD |. 50 PUSH EAX
004888BE |. 64:8925 0000000>MOV DWORD PTR FS:[0],ESP
004888C5 |. 83EC 08 SUB ESP,8
004888C8 |. 53 PUSH EBX
004888C9 |. 56 PUSH ESI
004888CA |. 57 PUSH EDI
004888CB |. 8BF9 MOV EDI,ECX
004888CD |. 897C24 0C MOV DWORD PTR SS:[ESP+C],EDI
004888D1 |. C707 C81C5F00 MOV DWORD PTR DS:[EDI],Unpacked.005F1CC8
004888D7 |. 8B47 14 MOV EAX,DWORD PTR DS:[EDI+14]
004888DA |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
004888DC |. 8D77 10 LEA ESI,DWORD PTR DS:[EDI+10]
004888DF |. 50 PUSH EAX
004888E0 |. 51 PUSH ECX
004888E1 |. 8D4424 18 LEA EAX,DWORD PTR SS:[ESP+18]
004888E5 |. 33DB XOR EBX,EBX
004888E7 |. 50 PUSH EAX
004888E8 |. 8BCE MOV ECX,ESI
004888EA |. 895C24 28 MOV DWORD PTR SS:[ESP+28],EBX
004888EE |. E8 3DE6FFFF CALL Unpacked.00486F30
004888F3 |. 8B46 04 MOV EAX,DWORD PTR DS:[ESI+4]
004888F6 |. 50 PUSH EAX
004888F7 |. E8 59741400 CALL Unpacked.005CFD55
004888FC |. 895E 04 MOV DWORD PTR DS:[ESI+4],EBX
004888FF |. 895E 08 MOV DWORD PTR DS:[ESI+8],EBX
00488902 |. 8B47 08 MOV EAX,DWORD PTR DS:[EDI+8]
00488905 |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
00488907 |. 83C4 04 ADD ESP,4
0048890A |. 8D77 04 LEA ESI,DWORD PTR DS:[EDI+4]
0048890D |. 50 PUSH EAX
0048890E |. 51 PUSH ECX
0048890F |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
00488913 |. 51 PUSH ECX
00488914 |. 8BCE MOV ECX,ESI
00488916 |. C74424 28 FFFFF>MOV DWORD PTR SS:[ESP+28],-1
0048891E |. E8 0DE6FFFF CALL Unpacked.00486F30
00488923 |. 8B56 04 MOV EDX,DWORD PTR DS:[ESI+4]
00488926 |. 52 PUSH EDX
00488927 |. E8 29741400 CALL Unpacked.005CFD55
0048892C |. 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+18]
00488930 |. 83C4 04 ADD ESP,4
00488933 |. 895E 04 MOV DWORD PTR DS:[ESI+4],EBX
00488936 |. 895E 08 MOV DWORD PTR DS:[ESI+8],EBX
00488939 |. 5F POP EDI
0048893A |. 5E POP ESI
0048893B |. 5B POP EBX
0048893C |. 64:890D 0000000>MOV DWORD PTR FS:[0],ECX
00488943 |. 83C4 14 ADD ESP,14
00488946 \. C3 RETN
So how could i get the position now?