Jump to content
Moopler

Recommended Posts

Blaze Wizard FMA

[enable]
alloc(find_hit_mob_in_rect_hook,128)

alloc(try_doing_blazewiz_attack_hook,128)
label(try_doing_blazewiz_attack_return)

alloc(mob_get_pos_hook,128)
label(mob_get_pos_return)
label(mob_get_pos_skip)

alloc(set_mob_pos,4)
registersymbol(set_mob_pos)

set_mob_pos:
dd 00000000

00946830:
jmp mob_get_pos_hook
mob_get_pos_return:
dw 9090

mob_get_pos_hook:
cmp [set_mob_pos],00000001
jne mob_get_pos_skip
mov ecx,[01996DE4] // CUserLocal
lea ecx,[ecx+04]
jmp 005DBFA0 // 56 8D B1 ? ? 00 00 57 8D 4E 0C (the one in the end 00500000s)
mob_get_pos_skip:
push esi
lea esi,[ecx+000008D4]
jmp mob_get_pos_return

007BD54D: //E8 ? ? ? ? 8B ? ? 8B ? 8B ? ? FF ? 8D
jmp try_doing_blazewiz_attack_hook
try_doing_blazewiz_attack_return:

try_doing_blazewiz_attack_hook:
mov [set_mob_pos],00000001
call 0121C000 // original call
mov [set_mob_pos],00000000
jmp try_doing_blazewiz_attack_return

007B2565: //E8 ? ? ? ? 8B ? 89 ? ? ? 85 ? ? ? ? ? ? ? ? FF ? ? ? ? ? 8B
call find_hit_mob_in_rect_hook

find_hit_mob_in_rect_hook:
mov eax,[0199B298] // CWvsPhysicalSpace2D A1 ? ? ? ? 8B ? ? 8B ? ? 8B ? ? 8B ? ? 83
lea eax,[eax+1C]
mov [esp+04],eax
jmp 00999930 // original call (CMobPool::FindHitMobInRect)

[disable]
00946830: // 56 8D B1 ? ? 00 00 57 8D 4E 0C (the one in the 00800000-00900000 range)
push esi
lea esi,[ecx+000008D4]

007BD54D: // 8B 0D ? ? ? ? ? E8 ? ? ? ? 8B 4E ? 8B
call 0121C000

007B2565: // E8 ? ? ? ? 8B ? 89 7C 24 ? 85 ? 0F 8E
call 00999930

unregistersymbol(set_mob_pos)
dealloc(set_mob_pos)

dealloc(mob_get_pos_hook)
dealloc(try_doing_blazewiz_attack_hook)
dealloc(find_hit_mob_in_rect_hook)

Fusion Attack

/*
Fusion Attack
Creator Sprux
*/
define(FusionAttack,00999CF3)

[Enable]
alloc(Hook,512)
label(Return)

FusionAttack: // 89 ?? 81 40 89 44 24 ?? 8B 44 24 ?? 85 C0
jmp Hook
db 90 90 90
Return:
Hook:
mov [ecx+eax*4],edi
inc eax
cmp eax,[esp+6C]
jl Hook
mov [esp+1C],eax
jmp Return

[Disable]
FusionAttack:
mov [ecx+eax*4],edi
inc eax
mov [esp+1C],eax

dealloc(Hook)

Partial Godmode

/*
Partial Godmode
Creator Yaminike
Moopler.net
*/

// 0F 85 ? ? ? ? 8B 45 18 83 C0 FF
// CMob::IsTargetInAttackRange
Define(MagicDisarm, 0097ED82)
// 1st call
// E8 ? ? ? ? 8B CE E8 ? ? ? ? 5D 8B 7C 24
Define(NoTouch, 01210D60)

[Enable]
MagicDisarm:
jmp 0097F0F2 // Original offset
nop

NoTouch:
ret 002C

[Disable]
MagicDisarm:
jne 0097F0F2

NoTouch:
push -1
push 015B9D8B

No Knockback

/*
No Knockback
Creator unknown
*/
define(NoKB,00B98A4A)

[Enable]
NoKB:
db 00

[Disable]
NoKB:
db 01

Item Filter

/*
Item Filter
Creator unknown
*/
[enable]
alloc(ItemFilter,256)
alloc(ItemList,2048)
alloc(Mesos,4)
alloc(Mode,4)
RegisterSymbol(Mode)
RegisterSymbol(Mesos)
label(Return)
label(End)
label(FilterMesos)
label(RejectOrAccept)
label(AcceptFilter)
label(RejectFilter)
label(Ignore)

Mesos:
dd #10 // minimum meso

Mode:
dd #0 // 0=accept, 1=reject

ItemList:
// item IDs here that you want to reject or accept
dd #4000001 // mushroom cap
dd 00 // end of list

// 8B ? 89 ? ? E8 ? ? ? ? 8B ? 89 ? ? E8 ? ? ? ? 0F ? ? 89 ? ? 8B ? E8 ? ? ? ? 0F
0066DF7D:
jmp ItemFilter
Return:

ItemFilter:
push edx
mov edx,[Mesos]
cmp eax,edx
jle FilterMesos
mov edx,ItemList
jmp RejectOrAccept

FilterMesos:
mov [esi+40],0
jmp End

RejectOrAccept:
cmp byte ptr [Mode],0
je AcceptFilter
cmp byte ptr [Mode],1
je RejectFilter

AcceptFilter:
cmp eax,[edx]
je End
cmp dword ptr [edx],0
je Ignore
add edx,4
jmp AcceptFilter

RejectFilter:
cmp eax,[edx]
je Ignore
cmp dword ptr [edx],0
je End
add edx,4
jmp RejectFilter

Ignore:
cmp eax,#60000 // added this code otherwise mesos is dropped but not shown in accept mode
jle End
mov eax,0

End:
pop edx
mov ecx,ebx // org code
mov [esi+44],eax // org code
jmp Return

[disable]
0066DF7D:
mov ecx,ebx
mov [esi+44],eax

Perfect Loot

/*
Perfect loot
Original creator AIRRIDE (?)
*/

// Called address
// E8 ? ? ? ? 8B 86 ? ? ? ? C6 44 24 ? 05 85 C0 74 ? 83 C0 04
Define(Tubi, 01344EC7)

// calculate_parbolic_motion_duration
// DC 0D ? ? ? ? 83 C4 ? E9 ? ? ? ? DD 05
Define(InstantDrop, 00664FA4)

// 2B 70 ? 81 FE ? ? ? 00 0F 8D ? ? ? 00 85 ED 0F 84
Define(NoAnimation, 004C7206)

[Enable]
Tubi:
db 90 90 90 90 90 90

InstantDrop:
fsub qword ptr [016DD390]

NoAnimation+5:
dd 0

[Disable]
Tubi:
mov [esi+0000221C],eax

InstantDrop:
fmul qword ptr [016DD390]

NoAnimation+5:
dd 02BC

Pet Item Teleport

/*
Pet Item Teleport
Creator Sprux
*/
[enable]
label(pet_teleport_restore)
registersymbol(pet_teleport_restore)

alloc(pet_teleport_hook,128)
label(pet_teleport_return)

aobscan(pet_teleport_aob,8B 50 04 8B 00 ? ? 8D 4D)
aobscan(vecctrl_set_position_aob,8B ? 24 ? 8B 41 ? 8B 40 ? 56 8D 71 ? 8B 4C 24 10)

pet_teleport_aob:
pet_teleport_restore:
jmp pet_teleport_hook
pet_teleport_return:

pet_teleport_hook:
push esi
mov esi,eax
mov edx,[eax+04]
mov eax,[eax]
pushad

lea ecx,[edi+4]
mov ebx,[edi+4]
mov ebx,[ebx+20]
call ebx

push [esi+04]
push [esi]
push 00
mov ecx,eax
call vecctrl_set_position_aob

popad
pop esi
jmp pet_teleport_return

[disable]
pet_teleport_restore:
mov edx,[eax+04]
mov eax,[eax]

unregistersymbol(pet_teleport_restore)

dealloc(pet_teleport_hook)

Full Mob Disarm

/*
Full Mob Disarm
Creator unknown
*/

[Enable]
0099669E:    // 75 ?? 8B CE E8 ?? ?? ?? ?? 8B CE E8 ?? ?? ?? ?? 8B CE E8 ?? ?? ?? ?? 8B CE E8 ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? ??
jmp 00996AFB // 8B 86 ?? ?? ?? ?? 85 C0 0F 84 ?? ?? ?? ?? 2B 45 ?? 0F 89 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8D ?? ?? ?? ?? ?? ??
db 90 90 90 90

[Disable]
0099669E:
jne 00996AFB
mov ecx,esi
jne 009966B5//Opcode

Faster Mobs

/*
Faster Mobs
Original creator unknown
*/

// 75 ? 33 DB 8D 97
define(MobSpeed, 009B76D6)

[Enable]
MobSpeed:
jne MobSpeed+2

[Disable]
MobSpeed:
jne 009B7670

No Magnus Balls

/*
No Magnus Balls
Creator AIRRIDE(?)
*/
[Enable]
0071A750: //55 8B EC 83 E4 ?? 6A ?? 68 ?? ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 83 EC ?? 53 55 56 57 A1 ?? ?? ?? ?? 33 C4 50 8D 44 24 ?? 64 A3 ?? ?? ?? ?? 8B E9 33 C9
db C3

[Disable]
0071A750:
db 55

Kami

// AIRRIDE Kami v110.1

// updated v114.1
// moopler.net

[Enable]
Alloc(Kami,128)
Alloc(ItemHook,128)
Alloc(GetMobXY,512)
Alloc(NewTeleportXY,128)
Alloc(PressKey,128)
Alloc(TeleTopLeft,128)
Alloc(ItemX,4)
Alloc(ItemY,4)
Label(GetMobXYFalse)
Label(GetMobXYTrue)
Label(TeleportEnd)
Label(NextMob)
Label(Loot)
Label(KamiExit)

//MapleStory keycodes
define(CTRL,001D0000)
define(SHIFT,002A0000)
define(INSERT,01520000)
define(DEL,01530000)
define(HOME,01470000)
define(END,014F0000)
define(PAGEUP,01490000)
define(PAGEDOWN,01510000)
define(ALT,00380000)
define(Z,002C0000)

GetMobXY:
// TSingleton<CMobPool>::ms_pInstance (Mob Base):
// 8B 0D ? ? ? ? ? E8 ? ? ? ? 8B ? 85 ? 74 ? 8B ? ? 8B
mov esi,[0199B290] // v114.1
test esi,esi
je GetMobXYFalse
mov edx,[esi+10] // mob count
test edx,edx
je GetMobXYFalse
mov esi,[esi+28] // mob 1
test esi,esi
je GetMobXYFalse
mov edx,[esi+04] // mob 2 - 0x10
test edx,edx
je GetMobXYFalse

// mob 3 offset 83 ? ? ? ? ? ? 0F 84 ? ? ? ? 83 ? ? 39 ? ? ? ? ? 0F 8E ? ? ? ? 68 ? ? ? ? 8D ? ? ? E8 ? ? ? ? 68 ? ? ? ? 8D ? ? ? C7 ? ? ? ? ? ? ? E8 ? ? ? ? 8B ? ? ? ? ? C6 ? ? ? ? 85
mov edx,[edx+1B8] // v114.1

test edx,edx
je GetMobXYFalse
mov edx,[edx+24] // mob 4
test edx,edx
je GetMobXYFalse
mov ebx,[edx+60] // mob invx
or ebx,[edx+64] // mob invy
test ebx,ebx
jne GetMobXYTrue
mov esi,[esi-0C] // next mob - 0x10
test esi,esi
je GetMobXYFalse

NextMob:
mov edx,[esi+14] // mob 2
test edx,edx
je GetMobXYFalse

// mob 3 offset 83 ? ? ? ? ? ? 0F 84 ? ? ? ? 83 ? ? 39 ? ? ? ? ? 0F 8E ? ? ? ? 68 ? ? ? ? 8D ? ? ? E8 ? ? ? ? 68 ? ? ? ? 8D ? ? ? C7 ? ? ? ? ? ? ? E8 ? ? ? ? 8B ? ? ? ? ? C6 ? ? ? ? 85
mov edx,[edx+1B8] // v114.1

test edx,edx
je GetMobXYFalse
mov edx,[edx+24] // mob 4
test edx,edx
je GetMobXYFalse
mov ebx,[edx+60] // mob invx
or ebx,[edx+64] // mob invy
test ebx,ebx
jne GetMobXYTrue
mov esi,[esi+04] // next mob
test esi,esi
je GetMobXYFalse
jmp NextMob

GetMobXYFalse:
xor eax,eax
ret

GetMobXYTrue:
lea eax,[edx+58] // mob x
ret

NewTeleportXY:
// TSingleton<CUserLocal>::ms_pInstance (char base)
// A1 ? ? ? ? 85 C0 75 ? 5F C3 8D
mov esi,[01996DE4] // v114.1
lea ecx,[esi+04]

// 8B ? ? ? ? ? 85 ? 74 ? 83 ? ? 74 ? 83 ? ? C3
// mov eax,[ecx+00007xxxx], usually the last result (8th)
// or just get the value of edx at FF D2 89 84 24 ? ? ? ? 8D 84 24 ? ? ? ? 50 8B CF
call 01274CE0 // v114.1

test eax,eax
je TeleportEnd
push ebx
push edx
push 00
mov ecx,eax

// 8B ? 24 ? 8B ? ? 8B ? ? ? 8D ? ? 8B ? ? ? ? ? ? FF ? 85 C0 ? ? ? ? ? ? ? ? ? E8
call 012E8710 // v114.1

TeleportEnd:
ret

PressKey:
// TSingleton<CWndMan>::ms_pInstance
// 8B 15 ? ? ? ? 85 D2 74 23
mov esi,[0199B39C] // v114.1
push edx // lparam (keycode)
push 00 // unused wparam
call 0131A2E0 // CWndMan::OnKey v114.1
ret

Kami:
// mov ecx, eax below 8B ? ? FF ? 8B ? B8 ? ? ? ? F7 ? C1 ? ? 8B ? C1 ? ? 03 ? 83 ? ? 74 ? 81 ? ? ? ? ? 75 ? 80 ? ? ? ? ? ? 74
cmp dword ptr [esp], 01199A4A // v114.1
pushad
jne KamiExit
// TSingleton<CUserLocal>::ms_pInstance (char base)
// A1 ? ? ? ? 85 C0 75 ? 5F C3 8D
mov eax,[01996DE4]
test eax,eax
je KamiExit
call GetMobXY
test eax,eax
je Loot
jmp Loot
mov ebx,[eax+4]
sub ebx,#0
mov edx,[eax]
sub edx,#100
call NewTeleportXY
//mov edx, CTRL //Change attack key here
//Call PressKey
jmp KamiExit

Loot:
// TSingleton<CDropPool>::ms_pInstance (item base):
// 89 3D ? ? ? ? 8D 4E ? C7 06
mov esi,[0199B8D4] // v114.1
mov esi,[esi+14] // item count offset (shouldnt change)
cmp esi,0
je TeleTopLeft
mov edx, Z //Change loot key here
call PressKey
mov ebx,[ItemY]
mov edx,[ItemX]
call NewTeleportXY
jmp KamiExit

TeleTopLeft:
// TSingleton<CWvsPhysicalSpace2D>::ms_pInstance (map base)
// A1 ? ? ? ? 8B 50 ? 83 C0
mov edx,[0199B298] // v114.1
mov edx,[edx+1C] // left offset (shouldnt change)
mov ebx,[0199B298] // v114.1
mov ebx,[ebx+20] // top offset (shouldnt change)
call NewTeleportXY

KamiExit:
popad
jmp 011A8860 // v114.1
// original value of the pointer

ItemHook:
// 85 C0 75 ? 8D ? 24 ? C7 ? 24 ? ? ? ? ? E8 ? ? ? ? 8B
cmp [esp],00666384 // v114.1
jne PtInRect
push eax
mov eax,[esp+0C]
mov [ItemX],eax
mov eax,[esp+10]
mov [ItemY],eax
pop eax
jmp PtInRect

// base:  C7 06 ? ? ? ? C7 46 04 ? ? ? ? C7 46 08 ? ? ? ? C7 86 AC 00 00 00 ? ? ? ? 89 18 89 9E
// offset: 8B ? ? FF ? 8B ? B8 ? ? ? ? F7 ? C1 ? ? 8B ? C1 ? ? 03 ? 83 ? ? 74 ? 81 ? ? ? ? ? 75 ? 80 ? ? ? ? ? ? 74
017E85F8+70: // v114.1
dd Kami

// pointer call above 85 C0 75 ? 8D ? 24 ? C7 ? 24 ? ? ? ? ? E8 ? ? ? ? 8B
019AABD0: // v114.1
dd ItemHook

[Disable]
017E85F8+70: // v114.1
dd 011A8860 // v114.1
// original value of the pointer

019AABD0: // v114.1
dd PtInRect

Dealloc(Kami)
Dealloc(ItemHook)
Dealloc(GetMobXY)
Dealloc(NewTeleportXY)
Dealloc(PressKey)
Dealloc(TeleTopLeft)
Dealloc(ItemX)
Dealloc(ItemY)

Filter Fake Items

/*
Filter Fake Items
Creator Taku
*/
[Enable]
Alloc(ItemFilter,256)
Label(Return)
Label(End)
Label(FilterMesos)

0066DF7D:
jmp ItemFilter
Return:

ItemFilter:
push edx
mov edx,01
cmp eax,edx
jle FilterMesos
jmp End

FilterMesos:
mov [esi+40],00
jmp End

End:
pop edx
mov ecx,ebx
mov [esi+44],eax
jmp Return

[Disable]

CPU Hack

/*
CPU Hack
Original creator unknown
*/

// Called address
// E8 ? ? ? ? 47 83 C3 ? 3B 7C 24 ? 0F 8C
define(MobReaction, 0097CB20)

// 0F 85 ? ? ? ? 8B 7D ? 3B FB 0F 84
define(SkillAnimation, 01164260)

[Enable]
MobReaction:
ret 0058

SkillAnimation:
nop
jmp 0116E14C

[Disable]
MobReaction:
push -1
push 014D9A68

SkillAnimation:
jne 0116E14C

Jump Down Anywhere

//Jump Down Anywhere
//EMS v108.1
//Updated by FleXi
[Enable]
011AE4FF: // 74 ?? 3B 5C 24 ?? 75 ?? 8B 4C 24 ?? 6A ?? 03 C1
db EB

00963F9A: // 7D ?? 8B 16 8B 52 ?? 8D 44 24 ?? 50
db EB     //1st Result

011AE55A: // 74 ?? 8B CF C7 87 ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? 6A ?? 6A ?? 8B CF 89 87 ?? ?? ?? ?? E8 ?? ?? ?? ??
db 90 90

[Disable]
011AE4FF:
db 74

00963F9A:
db 7D

011AE55A:
db 74 22
Edited by Razz
Added more scripts
  • Like 3

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×