惡夢馬戲團 基德洛3 暴走基德洛4
英雄幣副本
地獄熔爐 地獄火軍團長 維卡諾思9
夢魘神殿 夢魘女王 麗奧菲菈5
顫慄之巔 0
貝樂梅西亞
迷霧森林 樹人威利2
白色巨塔 大雪猴3
史丹城牆 好野人戰士隊長4
加勒比海灘 鳥人女王5
獸人祭壇 好野人族長5
火翼龍洞窟 火翼龍7
精靈森林 樹妖7
誓約峽谷 變形蜂王8
遺忘沼澤 變形蟾蜍8
亡者墓地 黑暗大法師8
荒廢之墟 噴火岩石8
骷髏戰士之城 骷髏戰士9
白銀大地
暴怒安特森林 古代安特5
白銀騎士廢墟 黑暗冰雪姬5
神隱光之湖 克拉克偽蟹5
水龍沼澤 哈斯5
原始之島 邪惡觸手花5
熔岩地帶 德雷克溫5
浮空之城 維特5
地獄熔爐 地獄火軍團長 維卡諾思9
艾拉
巴薩伊之海 巴薩伊11
卡米基星群 艾莉娜12 卡米基12
千手魔岩 巴斯拉卡龍11
地獄橋 卡德森11
卡查伊斯之城 卡查伊斯14 真·卡查伊斯1
卡斯托遺跡地下室
獨眼巨魔14
卡斯托遺跡 變形巨石金剛6
貝樂梅西亞的淪陷
好野人族長8 黑暗冰雪姬18 闇影魔狼神15
夢魘神殿 夢魘女王 麗奧菲菈5
傑尼亞
傑尼亞交接地 雷納西安9 歐土斯10
輪迴神殿 輪迴之神5
藍光峽谷 布塔洛斯5
火焰山 吉戈5
冰封大地 朱力歐雷6
破滅山脈 培力阿特5
生命森林 神授之樹6
征服神殿 桑納托斯4
亞圖姆
妖精勞役所 賽特術5
地下闇黑通道 哈姬蘇6
孔基布族 孔基長老6
妄想沙漠 賽德羅拉5
沙漠盜賊村 沙漠蠍子王5
拉峽谷 卡勒特6
金字塔 巴拉庫7
貝勒卡斯的巢穴
貝勒卡斯1
阿特梅迪亞
侏儒前哨基地 妖精殲滅者6
侏儒後勤基地 鋼鐵守衛5
雷神之錘 侏儒王·阿瓦隆7
古代王國的遺跡
伯恩2 德拉爾3
加魯爾交接地 達力亞5
加魯爾城 克洛魔斯6
克吾納特廢墟 亞斯特洛3 魔·亞斯特洛4

跳关ID （boss房）
Serdin
1- 2
2- 3
3- 4
4- 5
5- 5
6- 5
Canaban
1- 7
2- 8
3- 8
4- 8
5- 8
6- 9
Terra de Prata
1- 5
2- 5
3- 5
4- 5
5- 5
6- 5
7- 5
Ellia
1- 11
2- 12
3- 11
4- 11
5- 14
6- 14
7- 6
8- 15
Xinea
1- 9 10
2- 5
3- 5
4- 6
5- 5
6- 6
7- 4
Aton
1- 5
2- 6
3- 6
4- 5
5- 5
6- 6
7- 7

可过检测怪自死特征码
精灵森林
4个野人
01 01 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 2F 44 11 00 00 00 00 00 00 00 12 00 00 00 00 00 2F 44 00 00 00 00 0C 00 00 00 33 33 33 3F 00 00 80 3F
01 01 00 00 00 00 00 00 00 00 00 00 14 00 00 00 00 00 2F 44 15 00 00 00 00 00 00 00 16 00 00 00 00 00 2F 44 00 00 00 00 0C 00 00 00 33 33 33 3F 00 00 80 3F
01 01 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 2F 44 21 00 00 00 00 00 00 00 22 00 00 00 00 00 2F 44 00 00 00 00 0C 00 00 00 CD CC 4C 3F 00 00 80 3F
01 01 00 00 00 00 00 00 00 00 00 00 24 00 00 00 00 00 2F 44 25 00 00 00 00 00 00 00 26 00 00 00 00 00 2F 44 00 00 00 00 0C 00 00 00 CD CC 4C 3F 00 00 80 3F
00 00 2F 44 11 00 00 00 00 00 00 00 12 00 00 00 00
00 00 2F 44 15 00 00 00 00 00 00 00 16 00 00 00 00
00 00 2F 44 21 00 00 00 00 00 00 00 22 00 00 00 00
00 00 2F 44 25 00 00 00 00 00 00 00 26 00 00 00 00
2个鸟人
01 01 00 00 00 00 00 00 00 00 00 00 18 00 00 00 01 00 D2 43 19 00 00 00 00 00 00 00 1A 00 00 00 01 00 D2 43 00 00 00 00 0C 00 00 00 66 66 E6 3E 00 00 80 3F
01 01 00 00 00 00 00 00 00 00 00 00 1C 00 00 00 01 00 D2 43 1D 00 00 00 00 00 00 00 1E 00 00 00 01 00 D2 43 00 00 00 00 0C 00 00 00 66 66 E6 3E 00 00 80 3F
01 00 D2 43 19 00 00 00 00 00 00 00 1A 00 00 00 01
01 00 D2 43 1D 00 00 00 00 00 00 00 1E 00 00 00 01
这个有点印象，记得直接改0HP的话怪会卡主，有两个解决办法
1.将怪hp改为1 然后配合吸怪或全屏攻击
2.找上一层给怪赋HP的地址，改那里不会有卡怪的情况

攻击、防御、无敌、霸体之类的没记录 因为数据都未加密，一搜就能搜到，只记得过检测的攻击地址需要用魔剑士去搜攻击倍数 而不是攻击力。

多次攻击 （过检测） 这个效果是最初没找到过检测攻击力时 找到的这个功能，效果为1次攻击=10次左右，例如小乐射一箭 会出现10个箭左右。
92 01 00 00 BD 00 00 00 00 00 00 00 1C 43 CC 04 00 00 00 00 BE 00 00 00 00 00 00 00 EC 3C CC 04 00 00 00 00 BF 00 00 00 00 00 00 00 1C 4C CC 04 00 00 00 00 C0 00 00 00 00 00 00 00 CC 41 CC 04 00 00 00 00 C1 00 00 00 00 00 00 00 0C 30 CC 04 B1 00 00 00 C2 00 00 00 00 00 00 00 2C 49 CC 04 34 01 00 00 C3 00 00 00 00 00 00 00 6C 1B CC 04 00 00 00 00 C4 00 00 00 00 00 00 00 9C 0C CC 04 C5 00 00 00 C5 00 00 00 00 00 00 00 1C 09 CC 04 03 00 00 00 C6 00 00 00 00 00 00 00 4C 19 CC 04 90 01 00 00 C7 00 00 00 00 00 00 00 AC 43 CC 04 43 01 00 00 C8 00 00 00 00 00 00 00 8C 1E CC 04 00 00 00 00 C9 00 00 00 00 00 00 00 EC 3B CC 04 00 00 00 00 CA 00 00 00 00 00 00 00 8C 41 CC 04 00 00 00 00 CB 00 00 00 00 00 00 00 EC 23 CC 04 00 00 00 00 CC 00 00 00 00 00 00 00 0C 31 CC 04 00 00 00 00 CD 00 00 00 00 00 00 00 EC 48 CC 04 48 00 00 00 CE 00 00 00 00 00 00 00 3C 0D CC 04
00 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 0D 00 00 00 00 00 00 00 0E 00 00 00 00 00 00 00 0F 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 13 00 00 00 00 00 00 00

这个是曾经想做一个游戏内聊天记录小软件，因为那时候一起玩的基友太欢乐，所以想把那些段子记录下来。（这段代码中隐藏了一个既具有价值的功能，可以破解XX限制）
004795A8 /$ 6A 70 push 0x70 ; 说话CALL
004795AA |. B8 0902D000 mov eax,main.00D00209
004795AF |. E8 DB766400 call main.00AC0C8F
004795B4 |. 8B75 08 mov esi,[arg.1]
004795B7 |. 894D 84 mov [local.31],ecx
004795BA |. 8D4D CC lea ecx,[local.13]
004795BD |. 33FF xor edi,edi
004795BF |. E8 1E1BFFFF call main.0046B0E2
004795C4 |. 897D FC mov [local.1],edi
004795C7 |. 8B5E 14 mov ebx,dword ptr ds:[esi+0x14]
004795CA |. 85DB test ebx,ebx
004795CC 0F86 25010000 **e main.004796F7
004795D2 |> 8365 D0 00 /and [local.12],0x0
004795D6 |. 57 |push edi
004795D7 |. 8BCE |mov ecx,esi
004795D9 |. C645 CC 00 |mov byte ptr ss:[ebp-0x34],0x0
004795DD |. E8 2212F9FF |call main.0040A804 ; 2层说话CALL
004795E2 |. 6A 2F |push 0x2F ; 哪个账号 发出的那些信息
***
0040F41B - 66 8B 10 - mov dx,[eax]
0040F430 - 0FB7 00 - movzx eax,word ptr [eax]
0041419A - 66 8B 08 - mov cx,[eax]
0041418F /$ 837C24 0C 00 cmp dword ptr ss:[esp+0xC],0x0 ; 循环判断各个字符串
0047E358 |. E8 C99BF9FF call main.00417F26 ; 语言处理call2
004795E5 - 66 39 08 - cmp [eax],cx
004796DD - 0FB7 00 - movzx eax,word ptr [eax]
***
0040E77E E8 890C0000 CALL main.0040F40C

【破解多开限制】 记得ns有个检测 那个直接还原钩子即可 游戏内部多开检测 直接干掉CALL即可。
00741B00 |. FF15 8CD8FD00 call dword ptr ds:[0xFDD88C]
0074418E . E8 E8D8FFFF call main.00741A7B ; 双开检测1
0097C624 . E8 61F7FFFF call main.0097BD8A ; 双开检测2
00ACA1BD . E8 8522EBFF call main.0097C447 ; 双开检测3

666