Jump to content
Moopler Closing Read more... ×


  • Content Count

  • Joined

  • Last visited

  • Days Won


Fameguy last won the day on May 13 2017

Fameguy had the most liked content!

Community Reputation

63 Excellent


About Fameguy

  • Rank
    New kid on the block

Recent Profile Visitors

1,142 profile views
  1. Fameguy

    Question general programming question

    Like Ezekiel mentioned, there is really no perfect way of starting a right way, i can gurantee that most of us had to go and learn by ourselves, I always like sharing this link to people who first want to learn asm. just because it contains basic yet important information towards understanding asm.. http://forum.cheatengine.org/viewtopic.php?t=95363 Personally, i started by updating scripts, and learned asm that way, then i tried bringing back old scripts. If u need help ask away
  2. Fameguy

    Feedback your doing good, but..

    could not agree more to this. Unfortunetly, most of us are busy with real life, and wont/dont have the time. but im sure if u ask some one might help
  3. Fameguy

    Discussion Finding Pointers/Offsets

    for startes id recommend getting the real names of the Pointers and offsets. In that note i would download maplestory's pdb file. Keep in mind you would need to install IDA to use this. The PDB file can be found in ragezone iirc, or maybe someone posted it here, iirc exekiel released his, anyways. Once u have the ida file running and u know the actual names of the pointers, i would search for them in the pdb and create new Aobs. I can help out if ud like.
  4. Fameguy

    Question Arcane Packet Exploit

    Header only gets sent because that is all ur doing... push 013F // Unencrypted header here lea ecx,[SPacket] call 009F2C90 // COutPacket::COutPacket(long) mov ecx,[02C73578] // CClientSocketPtr: 8B 0D ? ? ? ? 85 C9 74 ? 8D ? ? 50 E8 ? ? ? ? 8D ? ? E8 push SPacket push 014942B4 // Search for 90 C3 for fake return address jmp 00E20700 // CClientSocket::SendPacket: Follow call below CClientSocketPtr if you want to add the rest of the packet, then u need to use Encode2, Encode4, etc.
  5. Fameguy

    Question How do people find AoB for certain scripts?

    Read the whole thing or skip to #5, http://forum.cheatengine.org/viewtopic.php?t=570083 a quick google search helps
  6. Fameguy

    Source NXL

    Fken Finally <3 will be checking it out and give my feed back
  7. Fameguy

    Help building a new trainer

    Based on taking a quick glance, 1. you are missing your return address after your original opcodes. 2. you want to change it from: mov eax, [StatHookAddy2] // CWvsContext mov eax, [eax + 0x223C] push esi to: mov eax, [StatHookAddy2] // CWvsContext mov eax, [eax] mov eax, [eax + 0x223C] push esi
  8. Fameguy

    Question How to get packet

    You need a PE, only one i can think of that is available is DPE from wecodez, a simple google could get you the link
  9. You mean like a pointer? What i did is a pointer to hp and mp its just a multi level pointer and its encrypted
  10. I never stated you didnt, its simple to get, dont know if you are trying to start an argument or if that you are too cocky, anyways i was simply sharing for those that dont have the knowledge to do so.
  11. Yea u are right, at the moment i used that because i was debugginh but ill release a simpler version Well feel free to do that lol, wasnt the point of the script
  12. Dont see how i would need the max hp and max mp though, i tested the script and it works
  13. I didnt want to post in old script thread due to it probably getting lost.. As you all know recently, ms changed their UI, thus having HP and MP be in its own class.. because of that, the "old" way of getting Hp and Mp with GUIBase->HpOffset or GUIBase->MpOffset no longer works. However, there are different ways of getting those values. The way it works its a multi level pointer. we start with our CwvsContext structure. inside that structure we have ZRef<CharacterData>. and inside that, we have GW_CharacterStats. Finally, inside that structure we got _ZtlSecureTear_nHP[2] and _ZtlSecureTear_nMP[2], now if you look at the pdb source, these values are encrypted. The script below pretty much decrypts those values for you. NOTE: make sure your HP and MP alert is on 100%... [Enable] Alloc(Hook, 124) Alloc(HP, 4) Alloc(MP, 4) Label(Return) RegisterSymbol(HP) RegisterSymbol(MP) 000B26CA0: //CField::Update jmp Hook db 90 90 Return: Hook: ////// HP ///// mov eax,[029D415C] // CWvsContext mov eax,[eax+223C] // ZRef<CharacterData> push esi mov esi,[eax+58] // _ZtlSecureTear_nHP[1] rol esi,05 xor esi,[eax+54] // _ZtlSecureTear_nHP[0] mov [HP], esi ////// MP ///// mov esi,[eax+70] // _ZtlSecureTear_nMP[1] rol esi, 05 xor esi,[eax+6C] // _ZtlSecureTear_nMP[0] mov [MP], esi pop esi push -01 push 020E6420 jmp Return [Disable] DeAlloc(Hook) DeAlloc(HP) DeAlloc(MP) UnRegisterSymbol(HP) UnRegisterSymbol(MP) 000B26CA0: push -01 push 020E6420
  14. Fameguy

    Information Packet Sending Update

    thanks for pointing this out, will fix it Edit: I am retarted, i actually had it that way, i have no idea what i was thinking lol!