Jump to content
Moopler Closing Read more... ×
Moopler

Recommended Posts

Rules and Guidelines

Only post scripts in here

If you do post a script, credit the original creators

Please use Spoiler tag and Code tag within the spoiler tag for scripts 

Don't ask questions about using scripts in this topic

Post only tested scripts

Please indicate whether your script has a chance of autoban

If you know original creator of a script please PM me and I will edit it in.

CRC Bypass 

Spoiler

//v177.3
[ENABLE]
01A898A0: // Themida CRCs
db 33 C0 C3

006997F0: // Debug Register Check
db 33 C0 C3

[DISABLE]
01A898A0: // 55 8B EC 6A FF 68 ? ? ? ? 64 A1 00 00 00 00 50 81 EC ? ? 00 00 A1 ? ? ? ? 33 C5 89 ? ? 53 56 57 50 8D ? ? 64 A3 00 00 00 00 89 ? ? ? ? ? C7
db 55 8B EC

006997F0: // 55 8B EC 81 EC ? ? 00 00 A1 ? ? ? ? 33 C5 89 45 FC 53 56 57 
db 55 8B EC

 

One-Hit Blink Godmode

Spoiler

//v177.3
// kevintjuh93
// CWvsContext: 8B 3D ? ? ? ? 8B ? ? 8D ? ? 8B
// tHitAvoidPeriod: 8B 91 ? ? ? ? 6A ? 8D ? ? ? ? ? ? 50

[ENABLE]
alloc(HitAvoidPeriod_Hook,128)
label(return)

HitAvoidPeriod_Hook:
mov edx,#2147483647 // Set character blink time after hit in milliseconds
jmp return

0188CA0E:
jmp HitAvoidPeriod_Hook
db 90
return:
  
[DISABLE]
0188CA0E: // 8B 91 ? ? ? ? 6A ? 8D ? ? ? ? ? ? 50
mov edx,[ecx+000081E0]

dealloc(HitAvoidPeriod_Hook)

 

Godmode

Spoiler

//v177.3
[enable]
0188A6AE:
db 0F 84

[disable]
0188A6AE: // 74 ? 8D ? ? ? ? ? E8 ? ? ? ? 85 C0 0F 85 ? ? ? ? 8D ? ? ? ? ? E8 [jne below]
db 0F 85

 

Guard Godmode v177.3

Spoiler

//Credits to CJ
//v177.3
[ENABLE]
alloc(CUserLocal__SetDamaged_Hook,128)
label(CUserLocal__SetDamaged_Normal)
label(return)

CUserLocal__SetDamaged_Hook:
push 00
push 00
push 00
push 00
push 00
push 00
push 00
push 00
push 00
push 00
push 00
xor edx,edx
call CUserLocal__SetDamaged_Normal
ret 002C

CUserLocal__SetDamaged_Normal:
push -01
push 01DEAC10
jmp return

0188A660: // CUserLocal::SetDamaged
jmp CUserLocal__SetDamaged_Hook
db 90 90
return:

[DISABLE]
0188A660: // 6A FF 68 ? ? ? ? 64 A1 00 00 00 00 50 81 ? ? ? ? ? 53 55 56 57 A1 ? ? ? ? 33 C4 50 8D ? ? ? ? ? ? 64 A3 00 00 00 00 8B E9 83 ? ? ? ? ? ? ? C7
db 6A FF 68

 

No Breath

Spoiler

//V177.3
[ENABLE]
005A7D5D:
db 78

[DISABLE]
005A7D5D: //79 ? 89 9E ? ? ? ? E8 ? ? FE FF 83
db 79

 

Mob Freeze

Spoiler

// Taken from Xenomorph source
[ENABLE]
alloc(MobFreeze,128)
label(return_true)

MobFreeze:
je return_true
jmp 00C02EA0+7

return_true:
mov eax,00000001
ret

00C02EA0: // CMob::IsRisingByToss
jmp MobFreeze
db 90 90	

[DISABLE]
00C02EA0: // 74 ? 8B 89 ? ? ? ? 85 C9 74 ? 8D 41 ? EB ? 33 C0 (start)
cmp dword ptr [ecx+00000ED0],00

dealloc(MobFreeze)

 

Airride Mob Suspend

Spoiler

//V177.3
[ENABLE]
alloc(MobControl,256)
label(Return)
label(SuspendMob)

MobControl:
mov ecx,[esi+7F0] // Mob Direction
call 004CDEA0
test eax,eax
je SuspendMob
push 00
mov ecx,[esi+7F4] // Set Delay
call 004CDEA0
mov ecx,[esi+7F4]
call 004CDEA0
jmp Return

SuspendMob:
push 10
mov ecx,[esi+7F4] // Set Delay
call 004CDEA0
mov ecx,[esi+7F4]
call 004CDEA0
jmp Return

019AE897:
jmp MobControl
Return:

[DISABLE]
019AE897: // 0F 8F ? ? 00 00 83 BE ? ? 00 00 00 0F 84 [Second Result & Call Above]
call 004CDEA0

dealloc(MobControl)

 

Tubi

Spoiler

//v177.3
[ENABLE]
alloc(CWvsContext__SetExclRequestSent_Hook,128)
label(Normal)
label(Return)
  
CWvsContext__SetExclRequestSent_Hook:
push 00
call Normal
ret 0004

Normal:
mov eax,[esp+04]
push esi
jmp Return

01A24560: // CWvsContext::SetExclRequestSent
jmp CWvsContext__SetExclRequestSent_Hook
Return:
  
00514A99: // Remove pick-up animation
db 81 FE 00 00 00 00

007B07A4: // Remove drop animation
db DC 25

[DISABLE]
01A24560: // 8D 8E ? ? 00 00 E8 ? ? ? ? E8 ? ? ? ? 50 [Start]
mov eax,[esp+04]
push esi

00514A99: // 81 ? ? ? 00 00 0F 8D ? ? 00 00 85 ? 0F 84 [First Result]
db 81 FE BC 02 00 00

007B07A4: // DC 0D ? ? ? ? 83 C4 ? E9 ? ? ? ? DD 05
db DC 0D

dealloc(CWvsContext__SetExclRequestSent_Hook)

 

No Mob Aggro

Spoiler

// By AIRRIDE
// CVecCtrlMob::BeginUpdateActive: E8 ? ? ? ? B8 ? 00 00 00 C3 [Third Result]
// Below that function is CVecCtrlMob::_GetChaseTarget
// or
// Mob Movement Offset: 83 ? ? ? ? ? ? 0F 85 ? ? ? ? 8B ? ? 8B ? ? 8D ? ? FF D0
// Aggro Offset = Mob Movement Offset + 0x08
// Assembly Scan:
// mov eax,[ecx + Aggro Offset] -> mov eax,[ecx+00000428]

[ENABLE]
alloc(MobNoAggro,128)

MobNoAggro:
xor eax,eax
mov [ecx+00000428],eax // Aggro Offset
ret

0199EEB0: // CVecCtrlMob::_GetChaseTarget
jmp MobNoAggro
db 90

[DISABLE]
0199EEB0:
mov eax,[ecx+00000428]

dealloc(MobNoAggro)

 

Auto Turn (After Every Attack)

Spoiler

//v177.3
// Old Script from cam1596
// http://www.gamersoul.com/forums/archive/w8file/cam/scripts/0.89_scripts/Auto%20Turn.txt
[ENABLE]
alloc(Turner,130)
label(decval)
label(incval)
label(esn)
label(TurnerRet)

Turner:
pushad
mov eax,[023AD2DC] // CUserLocal: 8B 3D ? ? ? ? 8B 40
mov eax,[eax+00009A80] // Character Vector Control Offset: 8B 86 ? ? 00 00 6A D8
lea ebx,[eax+00000180] // Character Animation Offset: 8B 96 ? ? 00 00 8B 8E ? ? 00 00 8B 01 8B ? ? 56 [Substract 0x10]
mov ecx,[ebx]
cmp ecx,0a
je incval
cmp ecx,08
je incval
cmp ecx,06
je incval
cmp ecx,04
je incval
cmp ecx,02
je incval
cmp ecx,0b
je decval
cmp ecx,09
je decval
cmp ecx,07
je decval
cmp ecx,05
je decval
cmp ecx,03
je decval
esn:
popad
push esi // Original opcodes
mov esi,[esp+08] // Original opcodes
jmp TurnerRet

decval:
dec [ebx]
jmp esn
incval:
inc [ebx]
jmp esn

007A5730: // CAntiRepeat::TryRepeat
jmp Turner
TurnerRet:

[DISABLE]
007A5730: // 56 8B 74 24 ? 2B C6 83 F8 FA 7E ? 83 F8 06 7D ? 8B 41
db 56 8B 74 24 08

dealloc(Turner)

 

Logo  Skip

Spoiler

//v177.3
[enable]
00B8DFC9: //74 ? 2B F8 81 FF DC 05 00 00 0F 86 ?? ?? 00 00 5F 88 5E ?? C6 46 ?? 00 5E 5B C3
db 75

[disable]
00B8DFC9:
db 74

 

Auto Aggro

Spoiler

/*
  Auto Aggro
  GMSv177.3
  Creator Sprux
*/

[enable]
alloc(Aggro,128)
label(return)

Aggro:
mov eax,[023AD2DC] // CUserLocal: 8B 3D ? ? ? ? 8B 40
lea eax,[eax+04]
mov [ecx+420+08],eax // Aggro Offset: 83 ? ? ? ? ? ? 0F 85 ? ? ? ? 8B ? ? 8B ? ? 8D ? ? FF D0 [Offset+0x08]

push ebp
mov ebp,esp
and esp,-40
jmp return

019B3160: // CVecCtrlMob::WorkUpdateActive
jmp Aggro
nop
return:
  
[disable]
019B3160: // 55 8B EC 83 E4 ? 6A ? 68 ? ? ? ? 64 A1 ? ? ? ? 50 83 EC ? 53 56 57 A1 ? ? ? ? 33 C4 50 8D 44 24 ? 64 A3 ? ? ? ? 8B F1 8B 4D ? 8B 06
push ebp
mov ebp,esp
and esp,-40

dealloc(Aggro)

 

Mob Disarm

Spoiler

[enable]
00C721CA: //75 ? 8B CE E8 ? ? ? ? 8B CE E8 ? ? ? ? 8B CE E8 ? ? ? ? 8B CE E8
jmp 00C726A5 //8B 86 ? ? ? ? 85 C0 0F 84 ? ? ? ? 2B 45 ? 0F 89 ? ? ? ? ? ? ? ? ? ? ? 8D
db 90 90 90 90

[disable]
00C721CA:
db 75 15 8B CE E8 0D F3 FE FF

 

Mob Confusion

Spoiler

/*
Credits to ClanTag
GMSv177.3
*/

[enable]
019B2CCD: //Mob Confuse
db 0F 8B


[disable]
019B2CCD: //0F 8A ?? ?? ?? ?? D9 EE DC ?? ?? ?? DF E0 DD 05 ?? ?? ?? ?? F6 C4 05 7A 34
db 0F 8A

 

Mob SpeedUp

Spoiler

/*
  MobSpeedup
  Creator AIRRIDE
  GMSv177
*/

define(SpeedUp,00CD40AB) //83 7C 24 ?? 00 89 87 ?? ?? ?? ?? 75 ?? 33 DB

[enable]
Alloc(MobSpeedUp, 128)
Label(Return)

MobSpeedUp:
mov dword ptr [esp+50],00
cmp dword ptr [esp+50],00
jmp Return

SpeedUp:
jmp MobSpeedUp
Return:

[Disable]
SpeedUp:
cmp dword ptr [esp+50],00

DeAlloc(MobSpeedUp)

 

Mach GND

Spoiler

//Credits to Mach of CCPLZ GMSv177

define(MachGND,0184F7C7) //8B 95 ? ? ? ? 89 55 ? 8B 85 ? ? ? ? 50 E8 ? ? ? ? 83 C4 ? 85 C0

[enable]
MachGND://Mach GND (Melee/Basic attacks)
db 8A

[disable]
MachGND:
db 8B

 

Unlimited Attack

Spoiler

//v177.3
[enable]
007A5740:
DB EB

[disable]
007A5740: //7E ? 83 ? ? 7D ? 8B ? ? 2B ? 3D
db 7E

 

Hide Name Tags 

Spoiler

//v177.3

[enable]
01780000: //CUser:DrawNameTags
ret

[disable]
01780000:
db 6A FF 68

//C7 44 24 ? FF FF FF FF 85 C0 74 ? 83 B8 [FUNCTION START]
//FF D2 85 C0 0F 85 ? ? 00 0 8B 3D ? ?  ? ? 85 FF [FUNCTION START]

 

Ignore Skill Cooldowns

Spoiler

/*
Credits OuterHaven
No Skill Cooldowns
(Only works for certain skills like Blazing Extinction,Evan Fusion Skills,etc)
GMSv177.3
*/

define(IgnoreSkillCooldowns,017FCCB0)  //83 FE 01 7c ? 57 8b 3D ? ? ? ? 85 FF 74 49 [je below]

  [enable]
IgnoreSkillCooldowns: //Ignore Skill Cooldown (Some Skills)
db 75

[disable]
IgnoreSkillCooldowns:
db 74

 

Perfect Stance

Spoiler

/*
  Perfect Stance
  GMS v177
  Created by AIRRIDE
*/

[enable]
0188C9B2: //85 F6 75 ? 39 ? 24 ? ? ? ? 74
xor esi,esi
nop
nop

0188C9BD: //address of JE below
db EB

[disable]
0188C9B2:
db 85 F6 75 09

0188C9BD:
db 74

 

Clear Field UI 

Spoiler

/*
Credits to DAVHEED for function
Uses end of the function CStage::FadeIn
v177.3
*/


[enable]
alloc(ClearFieldUI,128)
label(return)

00ED358C:
jmp ClearFieldUI
return:

ClearFieldUI:
mov ecx,[023AD44C] //Above or Below the AOB below
call 01A787F0 //E8 ? ? ? ? A1 ? ? ? ? C7 80 ? ? ? ? 00 00 00 00 8B ? ? 8B ? ?
db 59 5F 5E 5D 5B
jmp return


[disable]
dealloc(ClearFieldUI)
//FF 15 ? ? ? ? 8B 8C 24 ? 00 00 00 64 89 0D 00 00 00 00 59 5F 5E 5D 5B 81 C4 88 00 00 00 C2 04 00 [1ST RESULT] POP ECX ADDRESS BELOW
00ED358C: 
db 59 5F 5E 5D 5B

 

No Fade Stages

Spoiler

//GMSv177.3
//Credits ???

[enable]
00ED35D2: // CStage::FadeOut
db 0F 85

00ED301E: // CStage::FadeIn
db 0F 85

[disable]
00ED35D2: //0F 84 ? ? ? ? 8B 0D ? ? ? ? 3B C8 74 ? 8B
db 0F 84

00ED301E: //0F 84 ? ? ? ? A1 ? ? ? ? 33 ED 3B
db 0F 84

 

No Background

Spoiler

//V177.3
[enable]
00BBBB67: // 8B ?? ?? 3B ?? 74 ?? 39 ?? 74 ?? 8B ?? 3B ?? 74 ?? 8B ?? ?? D1 ?? 3B ?? 75
db 90 90 90 90 90

[disable]
00BBBB67:
db 8B 75 BC 3B F7

 

No Mob Reaction

Spoiler

//V177.3
[ENABLE]
00C66A50: // No mob reaction, hitmarks or damage
ret 0068


[DISABLE]
00C66A50: //74 ? 8B 86 ? ? ? ? 3B ? ? ? 75 ? FF 15 [FUNCTION START]
db 6A FF 68

 

Slide and Attack 

Spoiler

//v177.3
//Credits keroberos

[enable]
019BC627:
db 75

[disable]
019BC627://74 ? 8B CF E8 ? ? ? ? 85 C0 74 ? 81 FB ? ? ? ? 74 ? 81 FB
db 74

 

Skill Grip

Spoiler

/*
Creator Yeeshin
v177.3
Changes the skill you are dropping into a key into the skill you inputted.
Choose a skill like the beginner snail shell or old 1st,2nd,3rd job skills you dont' use in place of the wanted skill
*/
define(SkillGrip_Addy,00797CE2) //89 4E 01 8B 4C 24 ?
define(SkillGrip_RET,SkillGrip_Addy+7)
define(Skill_ID, #00000000) // Skill_ID [Change This]
alloc(SkillGrip_Hook,305)

[enable]
SkillGrip_Hook:
mov ecx,Skill_ID
mov [esi+01],ecx
mov ecx,[esp+14]
jmp SkillGrip_RET


SkillGrip_Addy:
jmp SkillGrip_Hook
nop
nop

[disable]
dealloc(SkillGrip_Hook)

SkillGrip_Addy:
mov [esi+01],ecx
mov ecx,[esp+14]

 

Enabled Disabled Buttons

Spoiler

//v177.3
//CREDITS ????


define(EnableDisabledButtons,0057F260) //8B 41 ?? C3 CC CC CC CC CC CC CC CC CC CC CC CC 8B 41 ?? C3 CC CC CC CC CC CC CC CC CC CC CC CC [6th result]
[enable]
EnableDisabledButtons:
db 8B 41 34

[disable]
EnableDisabledButtons:
db 8B 41 30

 

Jump Down Anywhere

Spoiler

//Jump Down Anywhere
//v177.3

[enable]
00C32019:
db EB

01807D10:
db 90 90

018D5B28:
db EB

[disable]
00C32019: // 7D ? 8B ? 8B ? ? 8D ? ? ? 50 8B CE [First Result]
db 7D

01807D10: // 74 ?? 8B ?? C7 ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? 85 C0 75 ?? 89 ?? ?? ?? ?? ?? EB ?? 8B ??
db 74 48

018D5B28: // 74 ? 3B ? ? ? 75 ? 8B ? ? ? 3B
db 74

 

Pet Loot

Spoiler

/GMS V177.3
//Credits to Sprux
[enable]
alloc(pet_teleport_hook,128)
label(pet_teleport_return)

007B2FB0:
jmp pet_teleport_hook
pet_teleport_return:

pet_teleport_hook:
push esi
mov esi,eax
mov edx,[eax+04]
mov eax,[eax]
pushad

mov edi,[ebp+08]

lea ecx,[edi+04]
mov ebx,[edi+04]
mov ebx,[ebx+20]
call ebx

push [esi+04]
push [esi]
push 00
mov ecx,eax
call 01736AD0 // 8B ? 24 ? 8B 41 ? 8B 40 ? 56 8D 71 ? 8B 4C 24 10

popad
pop esi
jmp pet_teleport_return

[disable]
007B2FB0: // 8B 50 04 8B 00 ? ? 8D 4D
mov edx,[eax+04]
mov eax,[eax]

dealloc(pet_teleport_hook)

 

Auto Pet Feed

Spoiler

// Auto Pet Feed GMS v177.3
define(KEY_NORMAL,0)
define(KEY_EXTENDED,1)
define(VK_HOME,24)
define(FeedFullness,#60)
define(FoodKey,VK_HOME)
define(FoodKeyType,KEY_NORMAL)

// ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? ?? ?? C8 ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? E8 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E8
define(PetFullnessAddy,00D73979)

// 8B 15 ?? ?? ?? ?? 85 D2 74 23
define(TSingleton_CWndMan___ms_pInstance,00638450)

// ?? ?? ?? ?? ?? 85 ?? 74 ?? 8D ?? ?? 8B ?? 8B ?? FF ?? C2 08 00 -- Second Result
define(CWndMan__OnKey,019DF8C0)

[Enable]
alloc(PetFullnessHook,64)
alloc(PressKey,128)
label(DontFeed)
define(KEY_PRESS,0)
define(KEY_UP,1)
define(MAPVK_VK_TO_VSC,0)

PetFullnessAddy:
jmp PetFullnessHook
nop

PetFullnessHook:
mov [esi+000000DC],edx
cmp edx,FeedFullness
jg DontFeed

push KEY_PRESS
push FoodKeyType
push FoodKey // virtual_key
call PressKey

DontFeed:
jmp PetFullnessAddy+6

PressKey:
push ebx
push edx
push esi
push ecx

mov edx, [esp+10+4]
mov esi, [esp+10+8]
mov ebx, [esp+10+C]
mov ecx, edx

push MAPVK_VK_TO_VSC
push ecx
call MapVirtualKeyA
shl eax,#16
shl esi,#24
shl ebx,#31
or eax, esi
or eax, ebx
mov ecx,eax

push ecx
push edx
mov ecx,[TSingleton_CWndMan___ms_pInstance]
call CWndMan__OnKey

pop ecx
pop esi
pop edx
pop ebx
ret 000C

[Disable]
PetFullnessAddy:
mov [esi+000000DC],edx

dealloc(PetFullnessHook)
dealloc(PressKey)

 

Percentage Based Auto HP/MP 

Spoiler

//GMS v177.3
//Percentage Auto_HP_MP
//Credit to DAVHEED
[enable]
define(CWvsContext__OnKey,019DF8C0) //A1 ?? ?? ?? ?? 85 C0 74 ?? 8D 48 ?? 8B 01 8B 00
define(TSingleton_CWndMan___ms_pInstance,023B1C4C) //8B ? ? ? ? ? C6 ? ? ? E8 ? ? ? ? 8B ? BA ? ? ? ? C6 [POINTER]

alloc(hook_hp, 128)
alloc(hook_mp, 128)
alloc(key_press,128)
label(return_hp)
label(return_mp)

define(CTRL,001D0000)
define(SHIFT,002A0000)
define(INSERT,01520000)
define(DEL,01530000)
define(HOME,01470000)
define(END,014F0000)
define(PAGEUP,01490000)
define(PAGEDOWN,01510000)
define(ALT,00380000)

015BD42E:
jmp hook_hp
db 90 90 90 90 90 90 90
return_hp:

hook_hp:
cmp eax, #90 //% To hp on
jnl return_normal_hp
pushad
mov eax,PAGEUP
call key_press
popad

return_normal_hp:
cmp eax,ecx
jnl 015BD449
cmp [esi+00002B20],ebx
jle 015BD441
jmp return_hp

015BD495:
jmp hook_mp
db 90 90 90 90 90 90 90
return_mp:

hook_mp:
cmp eax, #90 //% To mp on
jnl return_normal_mp
pushad
mov eax,PAGEDOWN
call key_press
popad

return_normal_mp:
cmp eax,ecx
jnl 015BD4B0
cmp [esi+00002B24],ebx
jle 015BD4A8

jmp return_mp

key_press:
mov esi,[TSingleton_CWndMan___ms_pInstance] // 8B 15 ? ? ? ? 85 D2 74 23
mov ecx,[esi+A8]
push eax
push 00
call CWvsContext__OnKey
ret

[disable]
015BD42E: //CUI_StatusBar: 7D ? 39 ? ? ? 00 00 7E ? 8B CE - up to cmp
cmp eax,ecx
jnl 015BD449
cmp [esi+00002B20],ebx
jle 015BD441

015BD495: //7D ? 39 ? ? ? 00 00 7E ? 8B CE - scroll to cmp part (2nd)
cmp eax,ecx
jnl 015BD4B0
cmp [esi+00002B24],ebx
jle 015BD4A8

dealloc(hook_mp)
dealloc(key_press)

 

Mob Freeze

Spoiler

//v177.3
[Enable]
00C72FEA: //0F 85 ? ? ? ? 8B 86 ? ? ? ? 50 8D 86 ? ? ? ? 50 E8 ? ? ? ? 83 C4 ? 3B ? 7E ? 83 7D DC ? 74 ? 8B 8E ? ? ? ? 51 8D 86 ? ? ? ? 50 E8 ? ? ? ?
db 90 E9

[Disable]
00C72FEA:
db 0F 85

 

No Magnus Balls 

Spoiler

//No Magnus Balls
//v177.3

define(NoMagnusBalls,008ECE20) //Second: 55 8B ?? 83 ?? ?? 6A ?? 68 ?? ?? ?? ?? 64 ?? ?? ?? ?? ?? 50 83 ?? ?? 53 55 56 57 A1 ?? ?? ?? ?? 33 ?? 50 8D ?? ?? ?? 64 ?? ?? ?? ?? ?? 8B ?? 33 ?? 39 ?? ?? ?? ?? ?? 0F 84

[Enable]
NoMagnusBalls:
db C3

[Disable]
NoMagnusBalls:
db 55

 

No Stun Catcher

Spoiler

//v177.3
[enable]
007FE9E0: // No Falling Pierre Hats, Gollux Roots, etc
ret 0004

[disable]
007FE9E0: // 64 A3 00 00 00 00 8B F1 83 7E ? 00 8B 5C 24 ? 74 ? [function start]
db 6A FF 68

 

No Dropping Stones

Spoiler

[enable]
008D93B0: // No Dropping Stones (Vellum)
ret 0004

[disable]
008D93B0: //7F ? 8B 44 24 ? C7 44 24 ? FF FF FF FF 3B [1ST RESULT] [FUNCTION START]
db 6A FF 68

 

Item Filter

Spoiler

//v176.3
[ENABLE]
alloc(ItemFilter,256)
alloc(ItemList,2048)
alloc(Mesos,4)
alloc(Mode,4)
label(Return)
label(End)
label(FilterMesos)
label(RejectOrAccept)
label(AcceptFilter)
label(RejectFilter)
label(Ignore)

Mesos:
dd #10 // Minimum meso

Mode:
dd #0 // 0 = Accept, 1 = reject

ItemList:

dd 00 // End of list

ItemFilter:
push edx
mov edx,[Mesos]
cmp eax,edx
jle FilterMesos
mov edx,ItemList
jmp RejectOrAccept

FilterMesos:
mov [esi+44],0
jmp End

RejectOrAccept:
cmp byte ptr [Mode],0
je AcceptFilter
cmp byte ptr [Mode],1
je RejectFilter

AcceptFilter:
cmp eax,[edx]
je End
cmp dword ptr [edx],0
je Ignore
add edx,4
jmp AcceptFilter

RejectFilter:
cmp eax,[edx]
je Ignore
cmp dword ptr [edx],0
je End
add edx,4
jmp RejectFilter

Ignore:
cmp eax,#50000 // Added this code otherwise mesos is dropped but not shown in accept mode
jle End
mov eax,0

End:
pop edx
mov ecx,ebx // Original Opcode
mov [esi+48],eax // Original Opcode
jmp Return

007BBAD9:
jmp ItemFilter
Return:

[DISABLE]
007BBAD9: // 8B ? 89 ? ? E8 ? ? ? ? 8B ? 89 ? ? E8 ? ? ? ? 0F ? ? 89 ? ? 8B ? E8 ? ? ? ? 0F [Second Result]
mov ecx,ebx
mov [esi+48],eax

dealloc(ItemFilter)
dealloc(ItemList)
dealloc(Mesos)
dealloc(Mode)

 

Auto Pick Up

Spoiler

/*
MooplerMasterRace
Created by OuterHaven
Stand on items/run by them to loot subject to D/C
*/

[enable]
alloc(EnterType,128)
label(return)

007BD7F8:
jmp EnterType
nop
return:

EnterType:
mov eax,02 // #2 EnterType
mov [esi+000000BC],eax //nEnterType
jmp return

[disable]
dealloc(EnterType)

007BD7F8: //83 ? ? 01 89 86 ? ? 00 00 C6 86 ? ? 00 00 01 0F 85 ? ? 00 00 83 7E ? 00 [mov [esi+XX],eax below]
mov [esi+000000BC],eax

 

Consumable Tubi

Spoiler

[enable]
alloc(Delay,128)
alloc(Count,4)
alloc(Count2,4)
label(Normal)

Count:
dd 0

Count2:
dd 0

Delay:
mov [Count2],0
inc [Count]
cmp [Count],#10
jae Normal
ret 0004

Normal:
mov [Count],0
inc [Count2]
cmp [Count2],#5
jae Delay
mov eax,0
mov [esp+04],eax
push esi
jmp return

01A24560:
jmp Delay
return:

[DISABLE]
dealloc(Delay)
dealloc(Count)

01A24560: //FUNCTION START:: 8D 8E ? ? 00 00 E8 ? ? ? ? E8 ? ? ? ? 50
mov eax,[esp+04]
push esi

 

Consumable Tubi v2

Spoiler

//v177.7
[enable]
alloc(hook,128)
alloc(tubi,128)
alloc(counter,4)
alloc(normal,4)
label(normal)
label(return)
label(ret)

counter:
dd 0

staynormal:
dd 0

hook:
mov eax,00
mov eax,[esp+04]
push esi
jmp return

01A24560: //ExclRequest
jmp hook
return:

01A24573: //get_update_time
jmp tubi
nop
ret:

tubi:
inc [counter]
cmp dword ptr [counter],#10
jae normal
call 019274D0
push 00
jmp ret

normal:
mov [counter],00
inc [normal]
cmp dword ptr [normal],#5
jae tubi
call 019274D0
push eax
jmp ret

[disable]
dealloc(hook)
dealloc(tubi)

01A24560:
mov eax,[esp+04]
push esi

01A24573:
call 019274D0
push eax

 

Inf Blaster Bullets

Spoiler

//v177.3
//Created by OuterHaven
//MooplerMasterRace

[enable]
01ADDCC3: //Infinite Bullets
db 0F 85

[disable]
01ADDCC3: //0F 84 ? ? 00 00 8D 4C 24 ? E8 ? ? ? ? 84 C0 0F 84 ? ? 00 00 68 ? ? ? ? 8D 94 24 ? ? ? ? 52
db 0f 84

 

Hide Mob Damage

Spoiler

/*
  Hide Mob Damage
  Created by Razz
  GMS v177.3
  Moopler Masterrace
*/
[enable]
00C2EC20:
retn 000C

[disable]
00C2EC20: //74 ? 38 98 ? ? ? ? 0f 85 ? ? 00 00 8B B5 ? ? 00 00 3B ? 75 ? 68
db 6A FF 68

 

Hide Player Damage

Spoiler

/*
  Hide Player
  Created by Razz
  GMS v177.3
  Moopler Masterrace
*/
[enable]
01746AB0:
retn 0014

[disable]
01746AB0: //7D ? E8 ? ? ? ? 80 BF
db 6A FF 68

 

Hide Most Skill Animations

Spoiler

//v177.3
define(CMob_ShowAffectedSkill,00C52250) //81 E7 ? ? ? ? 89 7D ? C7 45 64 ? ? ? ? 89 [FUNCTION START]
define(CMob_ShowHitEffect,00C27A80)//05 10 27 00 00 3B [FUNCTION START]
define(CUser_ShowSkillEffect,017A76A0) // 74 ? 8b 45 ? C7 ? ? FF FF FF FF 3B ? 0F 84 [SECOND RESULT] [FUNCTION START]

[enable]
CMob_ShowAffectedSkill:
ret 0004

CMob_ShowHitEffect:
ret 0004

CUser_ShowSkillEffect:
ret 0038

[disable]
CMob_ShowAffectedSkill:
db 55 8D 6C 24 8C

CMob_ShowHitEffect:
db 53 56 8B F1

CUser_ShowSkillEffect:
db 55 8D 6C 24 C0

 

Instant Teleport

Spoiler

/*
Instant Teleport to X/Y
Created by AIRRIDE?
Posted by CJ
GMS v177
*/

[ENABLE]
alloc(Teleport,128)
CreateThread(Teleport)

Teleport:
mov esi,[023AD2DC] // CUserLocal: 8B 3D ? ? ? ? 8B 40
push #-9999 // Y
push #9999 // X
push [esi+9A80] // Character PID: 8B 86 ? ? 00 00 6A D8
call 019A49F0 // E8 ? ? ? ? 8D ? ? ? ? ? ? ? 89 ? ? ? ? ? E8 ? ? ? ? DB [FUNCTION START] (push esi)
ret

[DISABLE]
dealloc(Teleport)

 

Full Map Attack

Spoiler

//Credits to Clantag for reintroducing MsInterSectRect FMA
//Credits to Original Creator ???
//v177.3

[enable]
00C767BE: // MsInterSectRect
db 73

01AC42E1: // Removes Level Up Damage
db EB

[disable]
00C767BE: // E8 ? ? ? ? 83 C4 ? 85 C0 75 ? 81 BC 24 ? ? ? ? ? ? ? ? 0F 85 ? ? ? ? 83 [jne below]
db 75

01AC42E1: //89 9E ? ? ? ? 8B 0D ? ? ? ? 3B CB 74 ? ? ? ? ? ? 53 JE BELOW
//[OR SEARCH push 04C4BAEA] Address is JE abovE
db 74

 

Unlimited Blazing Extinction

Spoiler

//Unlimited Blazing Extinction Time (Blaze Wizard Skill) GMSv177.3
[enable]
alloc(SkillTimer,128)
label(AppearUnlimited)

00A056A0:
jmp SkillTimer
db 90
AppearUnlimited:

SkillTimer:
mov [esi+000000FC],7FFFFFFF
jmp AppearUnlimited

[disable]
00A056A0: //89 ? ? ? ? ? 89 ? ? ? ? ? 89 ? ? ? ? ? E8 ? ? ? ? 83 ? ? 85 c0 [FIRST]
mov [esi+000000FC],eax

 

No Delay Blazing Extinction

Spoiler

//v177.3
//Creator OuterHaven
//CGrendade::Update

define(NDBE,00A06CC1) // 0F 84 ? ? ? ? D9 EE 8B ? ? ? DC 9E ? ? ? ? 8B
[enable]

NDBE:
db 0F 85

[disable]
NDBE:
db 0F 84

 

Blazing Extinction Full Map Attack

Spoiler

//Credits to Sprux for FindHitInMobRect FMA Method GMSv177.3

[enable]
alloc(find_hit_mob_in_rect_hook,128)
find_hit_mob_in_rect_hook:

mov eax,[023B1B0C] //CWvsPhysicalSpace2D  //8B 0D ? ? ? ? E8 ? ? ? ? 8B 08 83
lea eax,[eax+0C] // Left Wall Offset
mov [esp+04],eax
jmp 00C76350 // Original call (CMobPool::FindHitMobInRect)

//Function CUser::TryDoingFlameBallAttack
0189A18C:
call find_hit_mob_in_rect_hook

//Function //Function CGrendade::Update
00A06C57: //FlameBallObject X/Y Check, allows continous attack
nop
nop

[disable]
0189A18C: //E8 ? ? ? ? 89 85 ? ? ? ? 8B 8D ? ? ? ? 89 8D ? ? ? ? 83 BD ? ? ? ? 00 75 ? C7 [THIRD RESULT]
call 00C76350

00A06C57: //85 C0 0F 8E ? ?  ? ? 8B ? ? 81 C1
test eax,eax

 

Blazing Extinction Effect Removal

Spoiler

//Credits to OuterHaven
//v177.3

[enable]
//CFlameBallAttack::UpdateFlameBallAttack
009B7960:

[disable]
009B7960: //E8 ? ? ? ? 3B C3 75 ? 39 5E
db 6A FF 68

 

Orbital Flame Full Map Attack

Spoiler

//V177.3
[ENABLE]
alloc(find_hit_mob_in_rect_hook,128)

find_hit_mob_in_rect_hook:
mov eax,[023B1B0C] // CWvsPhysicalSpace2D: //8B 0D ? ? ? ? E8 ? ? ? ? 8B 08 83
lea eax,[eax+0C] // Left Wall Offset
mov [esp+04],eax
jmp 00C76350 // Original call (CMobPool::FindHitMobInRect)

009C01C9: // Function:CForceAtom_NonTargetAttack::UpdateAttackCollision
call find_hit_mob_in_rect_hook

[DISABLE]
dealloc(find_hit_mob_in_rect_hook)
009C01C9: // E8 ? ? ? ? 8B ? 89 ? ? ? 85 ? 0F 8E [First Result]
call 00C76350

 

Psychic Lock FMA

Spoiler

/*
GMSv177.3
Psychic Grab/Lock Full Map Attack
*/

[enable]
alloc(find_hit_mob_in_rect_hook,128)

find_hit_mob_in_rect_hook:
mov eax,[023B1B0C] // CWvsPhysicalSpace2D: //8B 0D ? ? ? ? E8 ? ? ? ? 8B 08 83
lea eax,[eax+0C] // Left Wall Offset
mov [esp+04],eax
jmp 00C76350 // Original call (CMobPool::FindHitMobInRect)

018CF907:
call find_hit_mob_in_rect_hook

[disable]
dealloc(find_hit_mob_in_rect_hook)

018CF907: // E8 ? ? ? ? 89 44 24 ? 8B ? ? ? 8B ? ? 8B 0D ? ? ? ?
call 00C76350

 

Instant Final Smash 

Spoiler

/*
Instant Final Psychic Smash
MooplerMasterRace
Created by OuterHaven
GMS V177.3
*/

[enable]
//Changes the attack loop by swapping the regular Psychic Grab attack with the strongest part of the skill Final Psychic Smash attack (5th hit)
01759A87:
db 75

//CKinesis_PsychicLock::DecUsableCount
//No loopback to regular attack after the 5th attack, also denies reset of the skill loop allowing you to constantly attack.
00AE5800: // Infinite Psychic Smash Usage.
ret

018CEF7D: //No Grab
db 75

[disable]
01759A87: //74 ?? 8D A4 24 ?? ?? ?? ?? 8B 46 ?? 50 8D 4C 24 ?? 51
db 74

00AE5800: //8B 81 ?? ?? ?? ?? 48 33 D2 85 C0 0F 9E C2
mov eax,[ecx+00000088]
dec eax

018CEF7D: //74 ?? 52 6A ?? 6A ?? 6A ?? 6A ?? 6A ??
db 74

 

Dragon Dive FMA

Spoiler

/*
Credits to Sprux for FindHitInMobRect FMA Method
GMSv177.3
Use with No Skill Cooldowns to Spam
*/

[enable]
alloc(find_hit_mob_in_rect_hook,128)

find_hit_mob_in_rect_hook:
mov eax,[023B1B0C]// CWvsPhysicalSpace2D: //8B 0D ? ? ? ? E8 ? ? ? ? 8B 08 83 ? ? 89 8E
lea eax,[eax+0C] // Left Wall Offset
mov [esp+04],eax
jmp 00C76350 // Original call (CMobPool::FindHitMobInRect)

007AA946: //CDragon::TryDoingMagicAttack
call find_hit_mob_in_rect_hook

[disable]
dealloc(find_hit_mob_in_rect_hook)

007AA946: //E8 ? ? ? ? 8B 3D ? ? ? ? 8B F0 8B ? ? ? 8B ? ? 51
call 00C76350

 

Earth Breath Fusion 

Spoiler

/*
GMSv177.3
MooplerMasterRace
*/
[enable]
007AF442:
db 0F 84

[disable]
007AF442: //E8 ? ? ? ? 83 C4 08 83 F8 0A 0F 85 ? ? ? ? FF 15 ? ? ? ? 8B 6C 24 ? 8B C5 [jne below]
db 0F 85

 

Gollux 1HITKO Disarm

Spoiler

//v177.3
//Creator OuterHaven

[enable]
00DD1801: //Mobs dont trigger counter for 1HIT KO
db 75

[disable]
00DD1801: //74 ? 8D 54 24 ? 52 E8 ? ? ? ? 8D 4C 24 ? C6 ? ? ? 01 E8 ? ? ? ? 8B 44 24 ? C6 ? ? ? 00 3B
db 74

 

No Mob Death Animations

Spoiler

//v177.3
define(CMob_OnDie,00C5E6C0)//BF 08 00 00 00 C6 ? ? ? 00 00 00 01 66 ? ? ? ? 75 ? 33 C0 66 ? ? ? ? 8B ? ? ? 3B C3 74 [FIRST] [FUNCTION START]

[enable]
CMob_OnDie:
ret

[disable]
CMob_OnDie:
db 6A FF

 

Air Hit Mob Vac

Spoiler

//CMob::GenerateMovePath
//Credits to Kevintjuh93
//v177.3
[ENABLE]
alloc(hook,64)
label(return)

hook:
push eax
mov [esp+C+04],#9//nAction
mov [esp+C+14],#16//nMoveType (You can use #23 also)
mov [esp+C+38],#1//bAirHit

//Vac to Char X
mov eax,[023AD2DC] //CUserLocal: 8B 3D ? ? ? ? 8B 40
mov eax,[eax+12B9C] //Character X Location Offset: 89 8E ? ? ? ? 8B 50 ? 8B 06 89 96 ? ? ? ? 8B 50
add eax,#0 //Adjust X
mov [esp+C+18],eax //nMoveEndingX

//Vac to Char Y
mov edi,[023AD2DC] //CUserLocal: 8B 3D ? ? ? ? 8B 40
mov edi,[eax+12B9C+4] //Character X Location Offset+4: 89 8E ? ? ? ? 8B 50 ? 8B 06 89 96 ? ? ? ? 8B 50
add edi,#0 //Adjust Y
mov [esp+C+1C],edi //nMoveEndingY

pop eax
jmp return

00C69BE4:
jmp hook
db 90
return:

[DISABLE]
dealloc(hook)
00C69BE4: //83 C4 08 83 F8 03 0F 94 C1 33 [FUNCTION START]
mov eax,fs:[00000000]

 

Vellum Freeze

Spoiler

/*
Disarms mobs/bosses
Freezes some mobs
Freezes vellum
v177.3
*/

[enable]
alloc(CMob__GenerateMovePath_Hook,128)
label(ret)
 
CMob__GenerateMovePath_Hook:

push eax
mov [esp+C+04],9 // nAction
pop eax
jmp ret

00C69BE4 // CMob::GenerateMovePath
jmp CMob__GenerateMovePath_Hook
db 90
ret:

[disable]
00C69BE4: // 6A FF 68 ? ? ? ? 64 A1 00 00 00 00 50 81 EC ? ? 00 00 A1 ? ? ? ? 33 C4 89 84 24 ? ? 00 00 53 55 56 57 A1 ? ? ? ? 33 C4 50 8D 84 24 ? ? 00 00 64 A3 00 00 00 00 8B 84 24 ? ? 00 00 8B D9
db 64 A1 00 00 00 00

dealloc(CMob__GenerateMovePath_Hook)

 

Skill Injection

Spoiler

//v177.3
[Enable]
alloc(skill_id_hook,128)
label(skill_id_return)
alloc(delay,4)
define(skill_id,#00000000) //Skill ID goes here

delay:
dw 0
018D84C8: //0F 84 ? ? ? ? 2B 9E ? ? ? ? 0F 88 ? ? ? ? A1 ? ? ? ? 85 C0
db 90 90 90 90 90 90 //

018D84D4: //0F 88 ? ? ? ? A1 ? ? ? ? 85 C0 74 ? 8B 50 ? 8D 48 ?
db 90 90 90 90 90 90

018D8533: //0F 84 ? ? ? ? 8B 16 8B 42 ? 8B CE FF D0 3D ? ? ? ? 74 ? 3D ? ? ? ? 74 ? 3D ? ? ? ? 74 ? 3D ? ? ? ? 74 ? 3D ? ? ? ? 75 ? 8D 4C 24 ? 51
db 90 E9

018D8653: //8B ? ? ? ? ? 8B 44 24 ? 6A ? 6A ? 6A ? 6A ? 8D 4C 24 ? 51
jmp skill_id_hook
nop
skill_id_return:
skill_id_hook:
inc [delay]
cmp dword ptr [delay], #3 // Set your delay (optional till you don't d/c)
jne skill_id_return
mov [delay], 0
mov edx,skill_id
jmp skill_id_return

018D86F4: //0F 87 ? ? ? ? 0F B6 ? ? ? ? ? FF 24 ? ? ? ? ? 84 DB 74 ? 8B 8E ? ? ? ? 85 C9
db 90 90 90 90 90 90 //

018D8701: //address at jmp dword ptr following the address above
jmp 018D8737 //81 BE ? ? ? ? ? ? ? ? 8B CE 75 ? 8B 44 24 ? 6A ?
dw 9090

0184F7C7://Mach GND: 8B 95 ? ? ? ? 89 55 ? 8B 85 ? ? ? ? 50 E8 ? ? ? ? 83 C4 ? 85 C0
db 8A

[Disable]
018D84C8:
db 0F 84 A7 03 00 00

018D84D4:
db 0F 88 9B 03 00 00

018D8533:
db 0F 84 CC 00 00 00

018D8653:
mov edx,[esi+00011538]

018D86F4:
db 0F 87 71 01 00 00

018D8701:
jmp dword ptr [ecx*4+018D8880]
dealloc(skill_id_hook)

0184F7C7:
db 8B

 

  • Like 7

Share this post


Link to post

Auto Attack

Spoiler

//Auto Attack v177.2
//Ripped functions from Francesco/AIRRIDE Kami
[enable]
define(KEY_NORMAL,0)
define(KEY_EXTENDED,1)
define(VK_CONTROL,11)
define(_HoldAttack,0)
define(_AttackKey,VK_CONTROL)
define(_AttackKeyType,KEY_EXTENDED)

alloc(AutoAttack,512)
alloc(PressKey,128)
alloc(HoldAttack,1)
label(Exit)

HoldAttack:
db _HoldAttack

define(KEY_PRESS,0)
define(KEY_UP,1)
define(MAPVK_VK_TO_VSC,0)

PressKey:
push ebx
push edx
push esi
push ecx
mov edx, [esp+10+4]
mov esi, [esp+10+8]
mov ebx, [esp+10+C]
mov ecx, edx
push MAPVK_VK_TO_VSC
push ecx
call MapVirtualKeyA
shl eax,#16
shl esi,#24
shl ebx,#31
or eax, esi
or eax, ebx
mov ecx,eax
push ecx
push edx
call 019DF770 //A1 ?? ?? ?? ?? 85 C0 74 ?? 8D 48 ?? 8B 01 8B 00
pop ecx
pop esi
pop edx
pop ebx
ret 000C

AutoAttack:
cmp dword ptr [esp], 017DEF0A //8B C8 B8 ?? ?? ?? ?? F7 E9 C1 FA ?? 8B C2 C1 E8 ?? 03 C2 83 F8 ?? 74 ?? 81 F9 ?? ?? ?? ?? 75 ?? 80 BE ?? ?? ?? ?? ?? 74 ?? 8B 56 ?? 8B 42 ?? 8D 4E ?? FF D0
pushad
jne Exit
test eax,eax
je Exit
test eax,eax
push KEY_PRESS
push _AttackKeyType
push _AttackKey
call PressKey
cmp byte ptr [HoldAttack], 0
je Exit
push KEY_UP
push _AttackKeyType
push _AttackKey
call PressKey
jmp Exit

Exit:
popad
jmp 017FD3B0

021089D8:
dd AutoAttack

[disable]
021089D8: // 4 Byte Scan
dd 017FD3B0 //6A ?? 68 ?? ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 83 EC ?? 56 A1 ?? ?? ?? ?? 33 C4 50 8D 44 24 ?? 64 A3 ?? ?? ?? ?? 8B 0D ?? ?? ?? ?? 85 C9 74 ?? 8D 44 24 ?? 50 E8 ?? ?? ?? ?? 8B 44 24 ??

dealloc(AutoAttack)
dealloc(PressKey)
dealloc(HoldAttack)

 

 

  • Like 1

Share this post


Link to post

Unlimited Arrow Platter

 

//Unlimited Arrow Platter Credits to Chubbz
//v177.2

[enable]
009876E0:
db C2 04 00

[disable]
009876E0:
db 55 8B EC

Edited by Zarroth94

Share this post


Link to post
4 hours ago, longbreakers said:

please give me script skill inject

On 10/23/2016 at 12:15, tiger said:

one of the tHitAvoidPeriod address is wrong for blink godmode

@tiger Its right, problem is that it refreshes every map change and this includes reviving on the same map, jda reset, etc

Skill Inject

Spoiler

[Enable]
alloc(skill_id_hook,128)
label(skill_id_return)
alloc(delay,4)
define(skill_id,#00000000) //Skill ID goes here

delay:
dw 0
018D8378: //0F 84 ? ? ? ? 2B 9E ? ? ? ? 0F 88 ? ? ? ? A1 ? ? ? ? 85 C0
db 90 90 90 90 90 90 //

018D8384: //0F 88 ? ? ? ? A1 ? ? ? ? 85 C0 74 ? 8B 50 ? 8D 48 ?
db 90 90 90 90 90 90

018D83E3: //0F 84 ? ? ? ? 8B 16 8B 42 ? 8B CE FF D0 3D ? ? ? ? 74 ? 3D ? ? ? ? 74 ? 3D ? ? ? ? 74 ? 3D ? ? ? ? 74 ? 3D ? ? ? ? 75 ? 8D 4C 24 ? 51
db 90 E9

018D8503: //8B ? ? ? ? ? 8B 44 24 ? 6A ? 6A ? 6A ? 6A ? 8D 4C 24 ? 51
jmp skill_id_hook
nop
skill_id_return:
skill_id_hook:
inc [delay]
cmp dword ptr [delay], #3 // Set your delay (optional till you don't d/c)
jne skill_id_return
mov [delay], 0
mov edx,skill_id
jmp skill_id_return

018D85A4: //0F 87 ? ? ? ? 0F B6 ? ? ? ? ? FF 24 ? ? ? ? ? 84 DB 74 ? 8B 8E ? ? ? ? 85 C9
db 90 90 90 90 90 90 //

018D85B1: //address at jmp dword ptr following the address above
jmp 018D85E7 //81 BE ? ? ? ? ? ? ? ? 8B CE 75 ? 8B 44 24 ? 6A ?
dw 9090

0184F677://Mach GND //8B 95 ? ? ? ? 89 55 ? 8B 85 ? ? ? ? 50 E8 ? ? ? ? 83 C4 ? 85 C0
db 8A

[Disable]
018D8378:
db 0F 84 A7 03 00 00

018D8384:
db 0F 88 9B 03 00 00

018D83E3:
db 0F 84 CC 00 00 00
018D8503:
mov edx,[esi+00011538]

018D85A4:
db 0F 87 71 01 00 00

018D85B1:
jmp dword ptr [ecx*4+018D8730]
dealloc(skill_id_hook)

0184F677:
db 8B

 

  • Like 1

Share this post


Link to post
On 10/24/2016 at 20:31, OuterHaven said:

@tiger Its right, problem is that it refreshes every map change and this includes reviving on the same map, jda reset, etc

Skill Inject

  Reveal hidden contents


[Enable]
alloc(skill_id_hook,128)
label(skill_id_return)
alloc(delay,4)
define(skill_id,#00000000) //Skill ID goes here

delay:
dw 0
018D8378: //0F 84 ? ? ? ? 2B 9E ? ? ? ? 0F 88 ? ? ? ? A1 ? ? ? ? 85 C0
db 90 90 90 90 90 90 //

018D8384: //0F 88 ? ? ? ? A1 ? ? ? ? 85 C0 74 ? 8B 50 ? 8D 48 ?
db 90 90 90 90 90 90

018D83E3: //0F 84 ? ? ? ? 8B 16 8B 42 ? 8B CE FF D0 3D ? ? ? ? 74 ? 3D ? ? ? ? 74 ? 3D ? ? ? ? 74 ? 3D ? ? ? ? 74 ? 3D ? ? ? ? 75 ? 8D 4C 24 ? 51
db 90 E9

018D8503: //8B ? ? ? ? ? 8B 44 24 ? 6A ? 6A ? 6A ? 6A ? 8D 4C 24 ? 51
jmp skill_id_hook
nop
skill_id_return:
skill_id_hook:
inc [delay]
cmp dword ptr [delay], #3 // Set your delay (optional till you don't d/c)
jne skill_id_return
mov [delay], 0
mov edx,skill_id
jmp skill_id_return

018D85A4: //0F 87 ? ? ? ? 0F B6 ? ? ? ? ? FF 24 ? ? ? ? ? 84 DB 74 ? 8B 8E ? ? ? ? 85 C9
db 90 90 90 90 90 90 //

018D85B1: //address at jmp dword ptr following the address above
jmp 018D85E7 //81 BE ? ? ? ? ? ? ? ? 8B CE 75 ? 8B 44 24 ? 6A ?
dw 9090

0184F677://Mach GND //8B 95 ? ? ? ? 89 55 ? 8B 85 ? ? ? ? 50 E8 ? ? ? ? 83 C4 ? 85 C0
db 8A

[Disable]
018D8378:
db 0F 84 A7 03 00 00

018D8384:
db 0F 88 9B 03 00 00

018D83E3:
db 0F 84 CC 00 00 00
018D8503:
mov edx,[esi+00011538]

018D85A4:
db 0F 87 71 01 00 00

018D85B1:
jmp dword ptr [ecx*4+018D8730]
dealloc(skill_id_hook)

0184F677:
db 8B

 

// kevintjuh93
// CWvsContext: 8B 3D ? ? ? ? 8B ? ? 8D ? ? 8B
// tHitAvoidPeriod: 8B 91 ? ? ? ? 6A ? 8D ? ? ? ? ? ? 50

[ENABLE]
alloc(HitAvoidPeriod_Hook,128)

HitAvoidPeriod_Hook:
mov edx,#2147483647 // Set character blink time after hit in milliseconds
jmp 0188C8BE+6

0188C8BE:
jmp HitAvoidPeriod_Hook
db 90

[DISABLE]
0188C8BE: // 8B 91 ? ? ? ? 6A ? 8D ? ? ? ? ? ? 50
mov edx,[ecx+000081E0]

dealloc(HitAvoidPeriod_Hook)

The address in enable is wrong

Edited by tiger

Share this post


Link to post
1 minute ago, tiger said:

// kevintjuh93
// CWvsContext: 8B 3D ? ? ? ? 8B ? ? 8D ? ? 8B
// tHitAvoidPeriod: 8B 91 ? ? ? ? 6A ? 8D ? ? ? ? ? ? 50

[ENABLE]
alloc(HitAvoidPeriod_Hook,128)

HitAvoidPeriod_Hook:
mov edx,#2147483647 // Set character blink time after hit in milliseconds
jmp 0188C8BE+6

0188C8BE:
jmp HitAvoidPeriod_Hook
db 90

[DISABLE]
0188C8BE: // 8B 91 ? ? ? ? 6A ? 8D ? ? ? ? ? ? 50
mov edx,[ecx+000081E0]

dealloc(HitAvoidPeriod_Hook)

 

Thats the same exact thing I have posted

Share this post


Link to post

So I see you guys like my scripts hehe.
And lol... that Instant Teleport just calls CVecCtrl::raw_Move whic is basically equal to CVecCtrl::SetTeleportNext

Edited by kevintjuh93
  • Like 1

Share this post


Link to post
On 27/10/2016 at 19:50, kevintjuh93 said:

So I see you guys like my scripts hehe.
And lol... that Instant Teleport just calls CVecCtrl::raw_Move whic is basically equal to CVecCtrl::SetTeleportNext

i love portal teleport but fail on update this from old Portal Kami

normal tele cause many d/c when kami

Share this post


Link to post

Portal Kami:

Spoiler

// By AIRRIDE
[ENABLE]
alloc(PortalKami,256)
label(Return)
label(Ending)
label(UsePortal)
labeL(GotoPortal)

alloc(SetFakePortal,128)
alloc(FakePortal,128)

alloc(GetMobXY,512)
label(GetMobXYFalse)
label(GetMobXYTrue)
label(NextMob)

alloc(GetPortal,256)
label(NextPortal)
label(GP_False)
label(GP_True)
label(GP_Increase)

define(PortalNum,#0) // EDIT YOURSELF

FakePortal+20:
dd 0

GetPortal:
xor eax,eax
xor edi,edi
mov ecx,[023B3068] // Portal Base
mov ecx,[ecx+4]
mov edx,[023B3438] // Map Info Base: A1 ? ? ? ? 85 C0 74 ? 8B ? ? ? 00 00 8B ? 89
mov edx,[edx+14A4] // Map ID Offset: 89 87 ? ? 00 00 C6 87

NextPortal:
cmp [ecx-4],eax // Portal Count
jbe GP_False
mov esi,[ecx+eax*8+4]
cmp [esi+1C],#999999999
je GP_Increase
cmp [esi+1C],edx
je GP_Increase

GP_True:
inc edi
cmp edi,PortalNum
jb GP_Increase
mov eax,esi
ret

GP_Increase:
inc eax
jmp NextPortal

GP_False:
xor eax,eax
ret

GetMobXY:
mov esi,[023B10B8] // TSingleton<CMobPool>__ms_pInstance also known as "Mob Base": 8B 0D ? ? ? ? ? E8 ? ? ? ? 8B ? 85 ? 74 ? 8B ? ? 8B
test esi,esi
je GetMobXYFalse
mov edx,[esi+10] // Mob Count Offset
test edx,edx
je GetMobXYFalse
mov esi,[esi+28] // Mob 1
test esi,esi
je GetMobXYFalse
mov edx,[esi+04] // Mob 2 - 0x10
test edx,edx
je GetMobXYFalse
mov edx,[edx+1B4] // Mob 3: 83 ? ? ? ? ? ? 0F 84 ? ? ? ? 83 ? ? 39 ? ? ? ? ? 0F 8E ? ? ? ? 68 ? ? ? ? 8D ? ? ? E8 ? ? ? ? 68 ? ? ? ? 8D ? ? ? C7 ? ? ? ? ? ? ? E8
test edx,edx
je GetMobXYFalse
mov edx,[edx+24] // Mob 4
test edx,edx
je GetMobXYFalse
mov ebx,[edx+68] // Mob X (Invisible)
or ebx,[edx+6C] // Mob Y (Invisible)
test ebx,ebx
jne GetMobXYTrue
mov esi,[esi-10] // Next mob - 0x10
test esi,esi
je GetMobXYFalse

NextMob:
mov edx,[esi+18] // Mob 2
test edx,edx
je GetMobXYFalse
mov edx,[edx+1B4] // Mob 3: 83 ? ? ? ? ? ? 0F 84 ? ? ? ? 83 ? ? 39 ? ? ? ? ? 0F 8E ? ? ? ? 68 ? ? ? ? 8D ? ? ? E8 ? ? ? ? 68 ? ? ? ? 8D ? ? ? C7 ? ? ? ? ? ? ? E8
test edx,edx
je GetMobXYFalse
mov edx,[edx+24] // Mob 4
test edx,edx
je GetMobXYFalse
mov ebx,[edx+68] // Mob X (Invisible)
or ebx,[edx+6C] // Mob Y (Invisible)
test ebx,ebx
jne GetMobXYTrue
mov esi,[esi+04] // Next Mob
test esi,esi
je GetMobXYFalse
jmp NextMob

GetMobXYFalse:
xor eax,eax
ret

GetMobXYTrue:
lea eax,[edx+60] // Mob X
ret

PortalKami:
sub esp,0C
push ebx
push esi
pushad
call GetMobXY
test eax,eax
je Ending
inc [FakePortal+20]
cmp [FakePortal+20],#5
je GotoPortal
cmp [FakePortal+20],#10
je UsePortal
cmp [FakePortal+20],#15
jb Ending
mov [FakePortal+20],0
jmp Ending

GotoPortal:
call GetPortal
test eax,eax
je Ending
mov edi,eax
mov ebx,[edi+C] // X
mov [FakePortal+C],ebx
mov ebx,[edi+10] // Y
mov [FakePortal+10],ebx
mov eax,[edi+24]
mov ebx,[edi+04]
push 00
push 00
push eax
push ebx
push 00
push 00
mov ecx,[023AC87C] // TSingleton_CUserLocal___ms_pInstance also known as "CharBase": A1 ? ? ? ? 85 C0 75 ? 5F C3 8D 48 [POINTER]
call 01840200 // CUserLocal__TryRegisterTeleport: E8 ? ? ? ? 85 ? 0F ? ? ? ? ? 8D ? ? ? 68 ? ? ? ? ? E8 ? ? ? ? 8B C8 E8 ? ? ? ? 8B 00 6A 64 [CALL]
jmp Ending

UsePortal:
mov ebx,[eax]
mov [FakePortal+C],ebx
mov ebx,[eax+4]
mov [FakePortal+10],ebx
call GetPortal
test eax,eax
je Ending
mov edi,eax
mov eax,[edi+24]
mov ebx,[edi+04]
push 00
push 00
push eax
push ebx
push 00
push 00
mov ecx,[023AC87C] // TSingleton_CUserLocal___ms_pInstance also known as "CharBase": A1 ? ? ? ? 85 C0 75 ? 5F C3 8D 48 [POINTER]
call 01840200 // CUserLocal__TryRegisterTeleport: E8 ? ? ? ? 85 ? 0F ? ? ? ? ? 8D ? ? ? 68 ? ? ? ? ? E8 ? ? ? ? 8B C8 E8 ? ? ? ? 8B 00 6A 64 [CALL]

Ending:
popad
jmp Return

SetFakePortal:
lea edi,[FakePortal]
jmp 01840613 // mov ecx,[edi+0C] [below]

019E18B0: // CWndMan::s_Update
jmp PortalKami
Return:

018405FD: // FakePortal PLZ
jmp SetFakePortal
nop

01840746:
call 01846378 // Call an address that has ret 0004 as an opcode

018404EC:
db 90 90 90 90 90 90

017E0857:
db 74

[DISABLE]
019E18B0: // 83 EC 0C 53 56 57 B9
sub esp,0C
push ebx
push esi

018405FD: // 8B 0D ? ? ? ? 50 E8 ? ? ? ? 8B F8 85 FF 0F 84 ? ? ? ? 8B 4F
mov ecx,[023B3068]

01840746: // Follow Call for CClientSocket::SendPacket: 8B 0D ? ? ? ? 85 ? 74 ? 8D ? ? ? ? ? ? 52 E8
call 006A5F60 // Assembly Scan (with the updated address at line 203 and it's the first result): call CClientSocket::SendPacket

018404EC: // 0F 8F ? ? 00 00 8B 3D ? ? ? ? 8D [Third Result]
db 0F 8F 44 52 00 00

017E0857: // 75 ? 8B ? ? 8B ? ? 83 ? ? FF D2 [First Result]
db 75

dealloc(PortalKami)
dealloc(SetFakePortal)
dealloc(FakePortal)
dealloc(GetMobXY)
dealloc(GetPortal)

 

 

  • Like 2

Share this post


Link to post
7 hours ago, longbreakers said:

I found "Auto Buff" very interesting on "Terminal GK" .   i do not know how it works

CUserLocal::DoActiveSkill or just send the packet.

 

LOL the Freeze Vellum script has an infinite loop!

Edited by kevintjuh93

Share this post


Link to post
Spoiler

// nodelay x3 v177.3

[ENABLE]
alloc(DelayHook,128)
label(Return)
label(DH_Reset)
alloc(Counter,4)
alloc(AttackHook,128)
label(Return2)
label(AH_Original)

Counter:
dd 0

DelayHook:
inc [Counter]
cmp [Counter],3
jae DH_Reset
ret 0014

DH_Reset:
mov [Counter],0
push -01 // Original Opcode
push 01795E32// Original Opcode
jmp Return

AttackHook:
push [esp+4]
mov ecx,esi
call AH_Original
push [esp+4]
mov ecx,esi
call AH_Original
push [esp+4]
mov ecx,esi
call AH_Original
ret 0004

AH_Original:
push -01 // Original Opcode
push 01819412 // Original Opcode
jmp Return2

01795E30:
jmp DelayHook
nop
nop
Return:

01819410:
jmp AttackHook
nop
nop
Return2:

[DISABLE]
01795E30:
push -01
push 01795E32

01819410:
push -01
push 01819412


dealloc(DelayHook)
dealloc(Counter)
dealloc(AttackHook)

nodelay x3

  • Like 1

Share this post


Link to post
Guest
This topic is now closed to further replies.
×