Jump to content
Moopler
Razz

Release Scripts Library v117.1

Recommended Posts

Some rules:

  • Post only scripts
  • Make sure you have tested the scripts you post
  • Indicate whether this script has any (fake) autoban chance
  • Respect credits and wishes of the author in regards to sharing the script

Fusion Attack

Spoiler

/*
  Fusion Attack
  EMS v117.1
  Created by Sprux
*/
[Enable]
alloc(hook,512)
label(return)

label(fusionattack_return)
registersymbol(fusionattack_return)

aobscan(fusionattack_aob,89 ? ? 40 89 44 24 ? 8B 44 24)

/* CMobPool::FindHitMobInRect */
fusionattack_aob:
fusionattack_return:
jmp hook
db 90 90 90
return:

hook:
mov [ecx+eax*4],edi
inc eax
cmp eax,[esp+6C]
jl hook
mov [esp+1C],eax
jmp return

[Disable]
fusionattack_return:
mov [ecx+eax*4],edi
inc eax
mov [esp+1C],eax

unregistersymbol(fusionattack_return)
dealloc(hook)

 

Item Filter

Spoiler

/*
  Item Filter
  EMS v117.1
  Created by ?
*/
[enable]
alloc(ItemFilter,256)
alloc(ItemList,2048)
alloc(Mesos,4)
alloc(Mode,4)
RegisterSymbol(Mode)
RegisterSymbol(Mesos)
label(Return)
label(End)
label(FilterMesos)
label(RejectOrAccept)
label(AcceptFilter)
label(RejectFilter)
label(Ignore)


Mesos:
dd #0 // minimum meso


Mode:
dd #1 // 0=accept, 1=reject


ItemList:
// item IDs here that you want to reject or accept
dd #4001832 //Spell trace
dd #2000006 //Mana Elixir
dd #2000003
dd 00 // end of list


// 8B ? 89 ? ? E8 ? ? ? ? 8B ? 89 ? ? E8 ? ? ? ? 0F ? ? 89 ? ? 8B ? E8 ? ? ? ? 0F
006C1A36:
jmp ItemFilter
Return:


ItemFilter:
push edx
mov edx,[Mesos]
cmp eax,edx
jle FilterMesos
mov edx,ItemList
jmp RejectOrAccept


FilterMesos:
mov [esi+40],0
jmp End


RejectOrAccept:
cmp byte ptr [Mode],0
je AcceptFilter
cmp byte ptr [Mode],1
je RejectFilter


AcceptFilter:
cmp eax,[edx]
je End
cmp dword ptr [edx],0
je Ignore
add edx,4
jmp AcceptFilter


RejectFilter:
cmp eax,[edx]
je Ignore
cmp dword ptr [edx],0
je End
add edx,4
jmp RejectFilter


Ignore:
cmp eax,#60000 // added this code otherwise mesos is dropped but not shown in accept mode
jle End
mov eax,0


End:
pop edx
mov ecx,ebx // org code
mov [esi+44],eax // org code
jmp Return


[disable]
006C1A36:
mov ecx,ebx
mov [esi+44],eax

 

Perfect Stance

Spoiler

/*
  Perfect Stance
  EMS v117.1
  Created by AIRRIDE
*/
[Enable]
0139ECEF: //85 F6 75 ? 39 ? 24 ? ? ? ? 74
xor esi,esi
nop
nop

0139ECFA: //address of JE below
db EB

[Disable]
0139ECEF:
db 85 F6 75 09

0139ECFA:
db 74

 

Unlimited Arrow Platter

Spoiler

/*
  Bowmaster / Phantom unl platter hack
  Posted by Chubbz of GK
  EMS 117.1
  Creator unknown
*/

[ENABLE]
007FF460: //55 8B ? 83 ? ? 6A ? 68 ? ? ? ? 64 A1 00 00 00 00 50 83 ? ? 53 56 57 A1 ? ? ? ? 33 ? 50 8D ? 24 ? 64 A3 00 00 00 00 8B ? 8B ? ? E8
db C2 04 00

[DISABLE]
007FF460:
db 55 8B EC

 

Unlimited Attack

Spoiler

/*
  Unlimited Attack
  EMS v117.1
  Created by ?
*/
[ENABLE]
01314630:
db EB


[DISABLE]
01314630: // 8B 01 8B 54 24 ? 56 8B 74 24 ? 2B C6 [JNGE below]
db 7C

 

 

Share this post


Link to post
55 minutes ago, Windson007 said:

Nice, I tried updating scripts but failed to do so, how are you updating them Razz?

 

Like any other script: use the provided AoBs. Some functions(addresses) have changed a lot, resulting in non-functioning AoBs.

Share this post


Link to post
Just now, Lux said:

What bypass you using @Razz ;)

Chubbz' Auto-Updating CRC and Xigncode3 Emulator by Sprux(made a snapshot of when it was still running the old Xigncode3).

  • Like 1

Share this post


Link to post

messed around with some Blazing Extinction stuff due to someone asking in chat box

Spoiler


/*****
* Spawn as many BE Fireballs as you like
* EMS v117 - DAVHEED
* This is just a dirty/bad workaround
*****/
[enable]
alloc(hook, 24)
label(return)

//enables unlimited time BE, the fireball will keep going after it "expires"
0130E25C: //CUser::Update after CGrenade::Update
db eb

//allows you to spawn a new one after the old one "expired"
013D7A1F: //CUserLocal::DoActiveSkill_NotPrepare_Bomb - patch out calls to dtor bla bla
db 90 e9

//make fireballs "expire" instantly
008410DA:
jmp hook
nop
return:

hook:
mov [esi+000000F0],1
jmp return

//ND BE - will make the fireball attack faster
008407DF:
db 0F 85

[disable]
0130E25C: //74 ? 6a 00 8d 4c ? ? e8 ? ? ? ? 8b 4c ? ? 33 ff 51 8d
db 74

013D7A1F: //0f 84 ? ? 00 00 57 8d 4c ? ? e8 ? ? ? ? 8b 4c ? ? c7
db 0f 84

008410DA: //89 86 ? ? 00 00 89 9e ? ? 00 00 89 9e ? ? 00 00 e8 ? ? ? ? 83
mov [esi+000000F0],eax

008407DF: //0F 84 ? ? ? ? D9 EE 8B ? ? ? DC 9E ? ? ? ? 8B
db 0F 84

and the result:

4a4d69e6df.jpg

 

And finally, block the recv header you get when you cast the spell (0x030b) to spawn the fireballs without a delay.

  • Like 2

Share this post


Link to post
Spoiler

23 hours ago, DAVHEED said:

messed around with some Blazing Extinction stuff due to someone asking in chat box, here is the result of 5 mins of work:



/*****
* Spawn as many BE Fireballs as you like
* EMS v117 - DAVHEED
* This is just a dirty/bad workaround
*****/
[enable]
alloc(hook, 24)
label(return)

//enables unlimited time BE, the fireball will keep going after it "expires"
0130E25C: //CUser::Update after CGrenade::Update
db eb

//allows you to spawn a new one after the old one "expired"
013D7A1F: //CUserLocal::DoActiveSkill_NotPrepare_Bomb - patch out calls to dtor bla bla
db 90 e9

//make fireballs "expire" instantly
008410DA:
jmp hook
nop
return:

hook:
mov [esi+000000F0],1
jmp return

[disable]
0130E25C:
db 74

013D7A1F:
db 0f 84

008410DA:
mov [esi+000000F0],eax

and the result:

4a4d69e6df.jpg

 

And finally, block the recv header you get when you cast the spell to spawn the fireballs instantly.

Not working for me, no idea why. Does it have to be an specific class to make it work?

Share this post


Link to post

Here's a script to block the recv header i talked about in my previous post, allowing you to cast BE without cooldown.

[enable]
alloc(hook, 256)
label(block)

alloc(hdr, 2)
registersymbol(hdr)
hdr:
dw 0

0060461D: //ProcessPacket
jmp hook

hook:
mov eax, [esp+0C]
mov eax, [eax+08]
add eax, 4
mov eax, [eax]
mov [hdr], ax

//orig
push eax
sub esp,08
push ebx

//compare last 16 bits of eax, it's the header
cmp ax, 030b //0x030b = clientside BE skill cooldown
je block

// --
push ebp
push esi
push edi
mov eax,[01BF6B60]
xor eax,esp
push eax
lea eax,[esp+1C]
mov fs:[00000000],eax
mov esi,ecx
push 00
jmp 01FD71D9

block:
push ebp
push esi
push edi
mov eax,[01BF6B60]
xor eax,esp
push eax
lea eax,[esp+1C]
mov fs:[00000000],eax
mov esi,ecx
//exit function
jmp 006047EB

[disable]
0060461D:
push eax
sub esp,08
push ebx

dealloc(hdr)
dealloc(hook)
unregistersymbol(hdr)

 

Edited by DAVHEED
  • Like 1

Share this post


Link to post

Unlimited Flashjump


//Unlimited Flash Jump v117.1
//Updated by IdoArama

[Enable]
013E013B:  //BF 01 00 00 00 01 BE ?? ?? 00 00 89 BE ?? ?? 00 00
mov edi,0

01282C44: //7D 02 33 FF 81 FB ?? ?? ?? ?? 75 1C
db 90 90

[Disable]
013E013B:
mov edi,1

01282C44:
db 7D 02

 

Edited by idoarama

Share this post


Link to post
4 minutes ago, idoarama said:

Unlimited Flashjump



//Unlimited Flash Jump v117.1
//Updated by IdoArama

[Enable]
013E013B:  //BF 01 00 00 00 01 BE ?? ?? 00 00 89 BE ?? ?? 00 00
mov edi,0

01282C44: //7D 02 33 FF 81 FB ?? ?? ?? ?? 75 1C
db 90 90

[Disable]
013E013B:
mov edi,1

01282C44:
db 7D 02

 

Your script uses mana, at least for me. This is the correct second address. 01350E13

  • Like 1

Share this post


Link to post
1 hour ago, idoarama said:

Thanks man

it actually turns out that since I pre-patched my client a week in advance before patch 117, your address might be right.

I play on a different client than you guys.

Share this post


Link to post
Spoiler

23 hours ago, DAVHEED said:

messed around with some Blazing Extinction stuff due to someone asking in chat box



/*****
* Spawn as many BE Fireballs as you like
* EMS v117 - DAVHEED
* This is just a dirty/bad workaround
*****/
[enable]
alloc(hook, 24)
label(return)

//enables unlimited time BE, the fireball will keep going after it "expires"
0130E25C: //CUser::Update after CGrenade::Update
db eb

//allows you to spawn a new one after the old one "expired"
013D7A1F: //CUserLocal::DoActiveSkill_NotPrepare_Bomb - patch out calls to dtor bla bla
db 90 e9

//make fireballs "expire" instantly
008410DA:
jmp hook
nop
return:

hook:
mov [esi+000000F0],1
jmp return

[disable]
0130E25C:
db 74

013D7A1F:
db 0f 84

008410DA:
mov [esi+000000F0],eax

and the result:

4a4d69e6df.jpg

 

And finally, block the recv header you get when you cast the spell (0x030b) to spawn the fireballs without a delay.

@DAVHEED Are you sure it's for the current version of ems?? 

Share this post


Link to post
9 hours ago, Raymond said:

@DAVHEED Are you sure it's for the current version of ems?? 

It's for the current version of the client I use. Mine is a newer older than everyone else's though. I could upload the client itself for you to make aobs if you want it?

Edit: I updated my script with aobs.

Edited by DAVHEED

Share this post


Link to post
21 hours ago, DAVHEED said:

Here's a script to block the recv header i talked about in my previous post, allowing you to cast BE without cooldown.

Spoiler


[enable]
alloc(hook, 256)
label(block)

alloc(hdr, 2)
registersymbol(hdr)
hdr:
dw 0

0060461D: //ProcessPacket
jmp hook

hook:
mov eax, [esp+0C]
mov eax, [eax+08]
add eax, 4
mov eax, [eax]
mov [hdr], ax

//orig
push eax
sub esp,08
push ebx

//compare last 16 bits of eax, it's the header
cmp ax, 030b //0x030b = clientside BE skill cooldown
je block

// --
push ebp
push esi
push edi
mov eax,[01BF6B60]
xor eax,esp
push eax
lea eax,[esp+1C]
mov fs:[00000000],eax
mov esi,ecx
push 00
jmp 01FD71D9

block:
push ebp
push esi
push edi
mov eax,[01BF6B60]
xor eax,esp
push eax
lea eax,[esp+1C]
mov fs:[00000000],eax
mov esi,ecx
//exit function
jmp 006047EB

[disable]
0060461D:
push eax
sub esp,08
push ebx

dealloc(hdr)
dealloc(hook)
unregistersymbol(hdr)

 

 

Heres a generic version of spamming skills with CD. Although it is limited to unchecked skills like BE and needs to be used with a script allows more instances of the skill like DAVHEED's above. 

[enable]
01324C30: //83 fe 01 7c ? 57 8b 3D ? ? ? ? 85 FF 74 49 [je below]
db 75
  
[disable]  
01324C30:
db 74

 

Edited by OuterHaven

Share this post


Link to post
15 minutes ago, OuterHaven said:

Heres a generic version of spamming skills with CD. Although it is limited to unchecked skills like BE and needs to be used with a script allows more instances of the skill like DAVHEED's above. 


[enable]
01324C30: //83 fe 01 7c ? 57 8b 3D ? ? ? ? 85 FF 74 49 [je below]
db 75
  
[disable]  
01324C30:
db 74

 

ya, that's a better solution in this case, i just really wanted to write a script to block recv headers.

Share this post


Link to post

PIC Typer

Spoiler

/*
  PIC Typer
  EMS v117.1
  Created by Nickerian
*/
[enable]
00666232:
db 31 C0 90 90 90

[disable]
00666232:
call 00666090

 

Full Mob Disarm

Spoiler

/*
  Full Mob Disarm
  EMS v117.1
  Created by ?
*/
[Enable]
00A38F0F: // 75 ?? 8B CE E8 ?? ?? ?? ?? 8B CE E8 ?? ?? ?? ?? 8B CE E8 ?? ?? ?? ?? 8B CE E8 ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? ??
jmp 00A39373 // 8B 86 ?? ?? ?? ?? 85 C0 0F 84 ?? ?? ?? ?? 2B 45 ?? 0F 89 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8D ?? ?? ?? ?? ?? ??
db 90 90 90 90

[Disable]
00A38F0F:
jne 00A38F26
mov ecx,esi
call 00A2A570

 

Magnus Castration

Spoiler

/* Magnus Castration
   Created by Franc[e]sco
   Ripped from Gamekiller
   EMS v117.2
*/
[Enable]
007832C0: //55 8B ? 83 ? ? 6A FF 68 ? ? ? ? 64 A1 ? ? ? ? 50 83 ? ? 53 55 56 57 A1 ? ? ? ? 33 C4 50 8D ? 24 ? 64 A3 ? ? ? ? 8B ? 33 C9
db C3

[Disable]
007832C0:
db 55

 

Physical Godmode

Spoiler

/*
  Physical Godmode
  EMS v117.1
  Ripped from Gamekiller.net
  Credits to ?
*/
[ENABLE]
013B37D2: // Physical
db 0F 84

[DISABLE]
013B37D2: //0F 85 ? ? 00 00 8B 86 ? ? 00 00 83 ? ? 83 ? ? 0F [Last Green Result]
db 0F 85

 

Remove Screen Clutter

Spoiler

/*
  Remove Screen Clutter
  Created by Razz
  EMS 117.1
  Moopler Masterrace
*/
//CAnimationDisplayer::Effect_HP
define(NoDamageShown,004FF350) //E8 ? ? ? ? DB 44 ? ? 83 EC ? 8B CB [address in opcode]
//CMob::ShowCombo
define(NoComboShown,009FF2A0) //6A FF 68 ? ? ? ? 64  A1 00 00 00 00 50 81 EC ? ? ? ? 53 55 56 57 A1 ? ? ? ? 33 C4 50 8D 84 ? ? ? ? ? 64 A3 00 00 00 00 89 4C 24 ? 33 DB 39 99 ? ? ? ?
//`anonymous namespace'::_DisplayMultiKill
define(NoMultiKill,015621A0) ////6A FF 68 ? ? ? ? 64 A1 00 00 00 00 50 83 EC ? 53 55 56 57 A1 ? ? ? ? 33 C4 50 8D 44 24 ? 64 A3 00 00 00 00 8D 44 24 ? 68 ? ? ? ? 50

[enable]
NoDamageShown:
retn 0038

NoComboShown:
ret

NoMultiKill:
ret

[disable]
NoDamageShown:
db 55 8D 6C

NoComboShown:
db 6A

NoMultiKill:
db 6A

 

 

  • Like 1

Share this post


Link to post
//Fusion attack v117.1
//Updated aob + nMaxCount offset
[Enable]
alloc(hook,512)
label(return)

label(fusionattack_return)
registersymbol(fusionattack_return)

aobscan(fusionattack_aob,89 ? ? 40 89 ? ? 1c 8b 84 ? ? 00 00 00 3b c3)

/* CMobPool::FindHitMobInRect */
fusionattack_aob:
fusionattack_return:
jmp hook
db 90 90 90
return:

hook:
mov [ecx+eax*4],edi
inc eax
cmp eax,[esp+78]
jl hook
mov [esp+1C],eax
jmp return

[Disable]
fusionattack_return:
mov [ecx+eax*4],edi
inc eax
mov [esp+1C],eax

unregistersymbol(fusionattack_return)
dealloc(hook)

 

Edited by DAVHEED
  • Like 3

Share this post


Link to post
3 hours ago, DAVHEED said:

//Fusion attack v117.1
//Updated aob + nMaxCount offset
[Enable]
alloc(hook,512)
label(return)

label(fusionattack_return)
registersymbol(fusionattack_return)

aobscan(fusionattack_aob,89 ? ? 40 89 ? ? 1c 8b 84 ? ? 00 00 00 3b c3)

/* CMobPool::FindHitMobInRect */
fusionattack_aob:
fusionattack_return:
jmp hook
db 90 90 90
return:

hook:
mov [ecx+eax*4],edi
inc eax
cmp eax,[esp+78]
jl hook
mov [esp+1C],eax
jmp return

[Disable]
fusionattack_return:
mov [ecx+eax*4],edi
inc eax
mov [esp+1C],eax

unregistersymbol(fusionattack_return)
dealloc(hook)

 

Do you happen to have the aob for the 'nMaxCount offset'?

Share this post


Link to post
Just now, Raymond said:

Do you happen to have the aob for the 'nMaxCount offset'?

Nah, i just scroll up to the cmp dword ptr [esp+78],01 part, if you want to know more just look it up in the kmst pdb.

  • Like 1

Share this post


Link to post
6 hours ago, DAVHEED said:

Nah, i just scroll up to the cmp dword ptr [esp+78],01 part, if you want to know more just look it up in the kmst pdb.

Thanks you're a savior btw. A google search about gms stack fusion attack or fusion attack or w/e the gms community call it... says it was patched in the v130.x but apparently it isn't patched at all!

Edit: For gms, it works with kinesis metal press, but other skills seems to d/c. Haven't bothered to try more

Edited by Raymond

Share this post


Link to post
18 hours ago, Raymond said:

Thanks you're a savior btw. A google search about gms stack fusion attack or fusion attack or w/e the gms community call it... says it was patched in the v130.x but apparently it isn't patched at all!

Edit: For gms, it works with kinesis metal press, but other skills seems to d/c. Haven't bothered to try more

Sadly, it only works with like 3 other skills lol

Share this post


Link to post
Guest
This topic is now closed to further replies.
×