Jump to content
Moopler

Recommended Posts

Rules:

  • Only post scripts in here
  • Don't ask questions about using scripts in this topic

Godmode

Spoiler

//v178.3
[enable]
01CC8DAE:
db 0F 84

[disable]
01CC8DAE: // 74 ? 8D ? ? ? ? ? E8 ? ? ? ? 85 C0 0F 85 ? ? ? ? 8D ? ? ? ? ? E8 [jne below]
db 0F 85

 

Guard Godmode

Spoiler

//Credits to CJ
//v178.3
[ENABLE]
alloc(CUserLocal__SetDamaged_Hook,128)
label(CUserLocal__SetDamaged_Normal)
label(return)

CUserLocal__SetDamaged_Hook:
push 00
push 00
push 00
push 00
push 00
push 00
push 00
push 00
push 00
push 00
push 00
xor edx,edx
call CUserLocal__SetDamaged_Normal
ret 002C

CUserLocal__SetDamaged_Normal:
push -01
push 022E59B5
jmp return

01CC8D60: // CUserLocal::SetDamaged
jmp CUserLocal__SetDamaged_Hook
db 90 90
return:

[DISABLE]
01CC8D60: // 6A FF 68 ? ? ? ? 64 A1 00 00 00 00 50 81 ? ? ? ? ? 53 55 56 57 A1 ? ? ? ? 33 C4 50 8D ? ? ? ? ? ? 64 A3 00 00 00 00 8B E9 83 ? ? ? ? ? ? ? C7
db 6A FF 68

 

Auto HP/MP

Spoiler

//Breakpoint CWvsContext__OnKey Address if you want more
define(CTRL,001D0000)
define(SHIFT,002A0000)
define(INSERT,01520000)
define(DEL,01530000)
define(HOME,01470000)
define(END,014F0000)
define(PAGEUP,01490000)
define(PAGEDOWN,01510000)
define(ALT,00380000)


define(CWvsContext__OnKey,01E2D610) //A1 ?? ?? ?? ?? 85 C0 74 ?? 8D 48 ?? 8B 01 8B 00
define(TSingleton_CWndMan___ms_pInstance,029D89A4) //8B ? ? ? ? ? C6 ? ? ? E8 ? ? ? ? 8B ? BA ? ? ? ? C6 [POINTER]


//Change HP and MP Values to your preferred settings
define(HP_VALUE,#10000)
define(MP_VALUE,#10000)

[enable]
alloc(hp_hook,128)
alloc(mp_hook,128)
alloc(key_press,128)
label(hp_return)
label(mp_return)

019DF2BC:
jmp hp_hook
nop
hp_return:

hp_hook:
mov [edi+000001B4],esi //Original Opcode
cmp esi,HP_VALUE
jnl hp_return
pushad
mov eax,PAGEUP //Change to HP potion key
call key_press
popad
jmp hp_return


019DF65C:
jmp mp_hook
nop
mp_return:

mp_hook:
mov [esi+000001B4],ebp //Original Opcode
cmp ebp,MP_VALUE
jnl mp_return
pushad
mov eax,PAGEDOWN //Change to MP potion key
call key_press
popad
jmp mp_return

key_press:
mov esi,[TSingleton_CWndMan___ms_pInstance] // 8B 15 ? ? ? ? 85 D2 74 23
mov ecx,[esi+A8]
push eax
push 00
call CWvsContext__OnKey
ret

[disable]
019DF2BC:
mov [edi+000001B4],esi

019DF65C:
mov [esi+000001B4],ebp

 

Jr Boogie Unlimited MP

Spoiler

//Needs Jr Boogie to be spawned to restore MP at set value
//Useful for skills that ND skills that use mana but tradeoff is you don't have spider familiar on. 
define(MP_VALUE,#37000)
[enable]
alloc(hook,128)
alloc(mpvalue_hook,128)
label(mp_return)
label(do_not_restore)
label(normal)
label(return)

alloc(restore_mp,4)

restore_mp:
dd 0

019DF65C:
jmp mpvalue_hook
nop
mp_return:

mpvalue_hook:
mov [esi+000001B4],ebp //Original Opcode
cmp ebp,MP_VALUE
jnl do_not_restore
inc [restore_mp] //True
jmp mp_return

do_not_restore:
mov [restore_mp],00 //False
jmp mp_return

00BAABB6:
jmp hook
nop
return:

hook:
cmp dword ptr [restore_mp] #1
jne normal
mov [esi+00000108],eax
jmp return

normal:
cmp [esi+00000108],eax
jmp return


[disable]
dealloc(hook)
dealloc(mp_hook)

019DF65C:
mov [esi+000001B4],ebp

00BAABB6:
cmp [esi+00000108],eax

 

Auto Attack

Spoiler

//Auto Attack v178.3
//Ripped functions from Francesco/AIRRIDE Kami
[enable]
define(KEY_NORMAL,0)
define(KEY_EXTENDED,1)
define(VK_CONTROL,11)
define(_HoldAttack,0)
define(_AttackKey,VK_CONTROL)
define(_AttackKeyType,KEY_EXTENDED)

alloc(AutoAttack,512)
alloc(PressKey,128)
alloc(HoldAttack,1)
label(Exit)

HoldAttack:
db _HoldAttack

define(KEY_PRESS,0)
define(KEY_UP,1)
define(MAPVK_VK_TO_VSC,0)

PressKey:
push ebx
push edx
push esi
push ecx
mov edx, [esp+10+4]
mov esi, [esp+10+8]
mov ebx, [esp+10+C]
mov ecx, edx
push MAPVK_VK_TO_VSC
push ecx
call MapVirtualKeyA
shl eax,#16
shl esi,#24
shl ebx,#31
or eax, esi
or eax, ebx
mov ecx,eax
push ecx
push edx
call 01E2D610//01E2D5E0//019DF8C0 //A1 ?? ?? ?? ?? 85 C0 74 ?? 8D 48 ?? 8B 01 8B 00
pop ecx
pop esi
pop edx
pop ebx
ret 000C

AutoAttack:
cmp dword ptr [esp], 01C1B02A//017DF09A //8B C8 B8 ?? ?? ?? ?? F7 E9 C1 FA ?? 8B C2 C1 E8 ?? 03 C2 83 F8 ?? 74 ?? 81 F9 ?? ?? ?? ?? 75 ?? 80 BE ?? ?? ?? ?? ?? 74 ?? 8B 56 ?? 8B 42 ?? 8D 4E ?? FF D0
pushad
jne Exit
test eax,eax
je Exit
test eax,eax
push KEY_PRESS
push _AttackKeyType
push _AttackKey
call PressKey
cmp byte ptr [HoldAttack], 0
je Exit
push KEY_UP
push _AttackKeyType
push _AttackKey
call PressKey
jmp Exit

Exit:
popad
jmp 01C37BF0

02677700:
dd AutoAttack

[disable]
02677700: // 4 Byte Scan
dd 01C37BF0//017FD730 //6A ?? 68 ?? ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 83 EC ?? 56 A1 ?? ?? ?? ?? 33 C4 50 8D 44 24 ?? 64 A3 ?? ?? ?? ?? 8B 0D ?? ?? ?? ?? 85 C9 74 ?? 8D 44 24 ?? 50 E8 ?? ?? ?? ?? 8B 44 24 ??

dealloc(AutoAttack)
dealloc(PressKey)
dealloc(HoldAttack)

 

No Breath

Spoiler

[ENABLE]
00957B46:
db 78

[DISABLE]
00957B46: //79 ? 89 9E ? ? ? ? E8 ? ? FE FF 83
db 79

 

Tubi

Spoiler

//v178.3
[ENABLE]
alloc(CWvsContext__SetExclRequestSent_Hook,128)
label(Normal)
label(Return)

CWvsContext__SetExclRequestSent_Hook:
push 00
call Normal
ret 0004

Normal:
mov eax,[esp+04]
push esi
jmp Return

01E79FB0: // CWvsContext::SetExclRequestSent
jmp CWvsContext__SetExclRequestSent_Hook
Return:

008AE399: // Remove pick-up animation
db 81 FE 00 00 00 00

00B5ACB4: // Remove drop animation
db DC 25

[DISABLE]
01E79FB0: // 8D 8E ? ? 00 00 E8 ? ? ? ? E8 ? ? ? ? 50 [Start]
mov eax,[esp+04]
push esi

008AE399: // 81 ? ? ? 00 00 0F 8D ? ? 00 00 85 ? 0F 84 [First Result]
db 81 FE BC 02 00 00

00B5ACB4: // DC 0D ? ? ? ? 83 C4 ? E9 ? ? ? ? DD 05
db DC 0D

dealloc(CWvsContext__SetExclRequestSent_Hook)

 

Auto Turn

Spoiler

//V178.3
[ENABLE]
alloc(Turner,130)
label(decval)
label(incval)
label(esn)
label(TurnerRet)

Turner:
pushad
mov eax,[029D3FD0] // CUserLocal: 8B 3D ? ? ? ? 8B 40
mov eax,[eax+0000A328] // Character Vector Control Offset: 8B 86 ? ? 00 00 6A D8
lea ebx,[eax+00000180] // Character Animation Offset: 8B 96 ? ? 00 00 8B 8E ? ? 00 00 8B 01 8B ? ? 56 [Substract 0x10]
mov ecx,[ebx]
cmp ecx,0a
je incval
cmp ecx,08
je incval
cmp ecx,06
je incval
cmp ecx,04
je incval
cmp ecx,02
je incval
cmp ecx,0b
je decval
cmp ecx,09
je decval
cmp ecx,07
je decval
cmp ecx,05
je decval
cmp ecx,03
je decval
esn:
popad
push esi // Original opcodes
mov esi,[esp+08] // Original opcodes
jmp TurnerRet

decval:
dec [ebx]
jmp esn
incval:
inc [ebx]
jmp esn

00B4D336: // CAntiRepeat::TryRepeat
jmp Turner
TurnerRet:

[DISABLE]
00B4D336: // 56 8B 74 24 ? 2B C6 83 F8 FA 7E ? 83 F8 06 7D ? 8B 41
db 56 8B 74 24 08

 

Logo Skip

Spoiler

[enable]
00F6D9B9: //74 ? 2B F8 81 FF DC 05 00 00 0F 86 ?? ?? 00 00 5F 88 5E ?? C6 46 ?? 00 5E 5B C3
db EB

[disable]
00F6D9B9:
db 74

 

Auto Aggro

Spoiler

/*
  Auto Aggro
  GMSv178.3
  Creator Sprux
*/

[enable]
alloc(Aggro,128)
label(return)

Aggro:
mov eax,[029D3FD0] // CUserLocal: 8B 3D ? ? ? ? 8B 40
lea eax,[eax+04]
mov [ecx+438+08],eax // Aggro Offset: 83 ? ? ? ? ? ? 0F 85 ? ? ? ? 8B ? ? 8B ? ? 8D ? ? FF D0 [Offset+0x08]

push ebp
mov ebp,esp
and esp,-40
jmp return

01E00710: // CVecCtrlMob::WorkUpdateActive
jmp Aggro
nop
return:

[disable]
01E00710: // 55 8B EC 83 E4 ? 6A ? 68 ? ? ? ? 64 A1 ? ? ? ? 50 83 EC ? 53 56 57 A1 ? ? ? ? 33 C4 50 8D 44 24 ? 64 A3 ? ? ? ? 8B F1 8B 4D ? 8B 06
push ebp
mov ebp,esp
and esp,-40

dealloc(Aggro)

 

Mob Disarm

Spoiler

//v178.3
[enable]
0105A310: //75 ? 8B CE E8 ? ? ? ? 8B CE E8 ? ? ? ? 8B CE E8 ? ? ? ? 8B CE E8
jmp 0105A8EA //8B 86 ? ? ? ? 85 C0 0F 84 ? ? ? ? 2B 45 ? 0F 89 ? ? ? ? ? ? ? ? ? ? ? 8D
db 90 90 90 90

[disable]
0105A310:
db 75 15 8B CE
call 01048F70

 

Mob Confusion

Spoiler

/*
Credits to ClanTag
GMSv178.3
*/

[enable]
01DFEBA9: //Mob Confuse
db 0F 8B


[disable]
01DFEBA9: //0F 8A ?? ?? ?? ?? D9 ? DC ?? ?? ?? DF ? DD ? ?? ?? ?? ?? F6 C4 05 7A [first]
db 0F 8A

 

Mob Speed Up

Spoiler

/*
  MobSpeedup
  Creator AIRRIDE
  GMSv178.3
*/

define(SpeedUp,010BDCEB) //83 7C 24 ?? 00 89 87 ?? ?? ?? ?? 75 ?? 33 DB

[enable]
Alloc(MobSpeedUp, 128)
Label(Return)

MobSpeedUp:
mov dword ptr [esp+50],00
cmp dword ptr [esp+50],00
jmp Return

SpeedUp:
jmp MobSpeedUp
Return:

[Disable]
SpeedUp:
cmp dword ptr [esp+50],00

DeAlloc(MobSpeedUp)

 

Mach GND

Spoiler

//Credits to Mach of CCPLZ 
//GMSv178.3

define(MachGND,01C8F39B)

[enable]
MachGND://Mach GND (Melee/Basic attacks)
db EB

[disable]
MachGND:
db 75

 

Unlimited Attack

Spoiler

//v178.3
[enable]
00B4D340:
DB EB

[disable]
00B4D340: //7E ? 83 ? ? 7D ? 8B ? ? 2B ? 3D
db 7E

 

Hide Name Tags

Spoiler

//Hides nametags on your cilent only. 
//For SS and Videos 
//v178.3
[enable]
01BB5A70: //CUser:DrawNameTags
ret

[disable]
01BB5A70:
db 6A FF 68

//C7 44 24 ? FF FF FF FF 85 C0 74 ? 83 B8 [FUNCTION START]
//FF D2 85 C0 0F 85 ? ? 00 0 8B 3D ? ?  ? ? 85 FF [FUNCTION START]

 

No Skill Cooldowns

Spoiler

/*
Credits OuterHaven
No Skill Cooldowns
(Only works for certain skills like Blazing Extinction,Evan Fusion Skills,etc)
v178.3
*/

define(IgnoreSkillCooldowns,01C37240)  //83 FE 01 7c ? 57 8b 3D ? ? ? ? 85 FF 74 49 [je below]

[enable]
IgnoreSkillCooldowns: //Ignore Skill Cooldown (Some Skills)
db 75

[disable]
IgnoreSkillCooldowns:
db 74

 

Perfect Stance

Spoiler

/*
  Perfect Stance
  Created by AIRRIDE
  v178.3
*/

[enable]
01CCB0F4: //85 F6 75 ? 39 ? 24 ? ? ? ? 74
xor esi,esi
nop
nop

01CCB0FF: //address of JE below
db EB

[disable]
01CCB0F4:
db 85 F6 75 09

01CCB0FF:
db 74

 

Clear Field UI

Spoiler

/*
Credits to DAVHEED for function
Uses end of the function CStage::FadeIn
v178.3
*/

[enable]
alloc(ClearFieldUI,128)
label(return)

012BF96C:
jmp ClearFieldUI
return:

ClearFieldUI:
mov ecx,[029D415C] //Above or Below the AOB below
call 01EC5790 //E8 ? ? ? ? A1 ? ? ? ? C7 80 ? ? ? ? 00 00 00 00 8B ? ? 8B ? ?
db 59 5F 5E 5D 5B
jmp return


[disable]
dealloc(ClearFieldUI)
//0F 84 ? ? ? ? A1 ? ? ? ? 33 ED 3B [FOLLOW JE, POP ECX ADDRESS BELOW]
012BF96C:
db 59 5F 5E 5D 5B

 

No Fade Stages

Spoiler

//v178.3
[enable]
012BF9B2: // CStage::FadeOut
db 0F 85

012BF3FE: // CStage::FadeIn
db 0F 85

[disable]
012BF9B2: //0F 84 ? ? ? ? 8B 0D ? ? ? ? 3B C8 74 ? 8B
db 0F 84

012BF3FE: //0F 84 ? ? ? ? A1 ? ? ? ? 33 ED 3B
db 0F 84

 

No Background

Spoiler

//v178.3
[enable]
00F9D8F7: // 8B ?? ?? 3B ?? 74 ?? 39 ?? 74 ?? 8B ?? 3B ?? 74 ?? 8B ?? ?? D1 ?? 3B ?? 75
db 90 90 90 90 90

[disable]
00F9D8F7:
db 8B 75 BC 3B F7

 

No Mob Reaction

Spoiler

//v178.3
[ENABLE]
0104E560: // No mob reaction, hitmarks or damage
ret 0074


[DISABLE]
0104E560: //74 ? 8B 86 ? ? ? ? 3B ? ? ? 75 ? FF 15 [FUNCTION START]
db 6A FF 68

 

Slide and Attack

Spoiler

//v178.3
[enable]
01E0AF02:
db 75

[disable]
01E0AF02: //3D 33 B9 C4 04 0F 84 ? ? 00 00 [second je down]
db 74

 

Pet Loot (AOB SCAN)

Spoiler

/*
Pet Item Teleport
Creator Sprux
Auto Updating
*/
[enable]
label(pet_teleport_restore)
registersymbol(pet_teleport_restore)

alloc(pet_teleport_hook,128)
label(pet_teleport_return)

label(return_normal)

aobscan(pet_teleport_aob,8B 50 04 8B 00 ? ? 8D 4D)
aobscan(vecctrl_set_position_aob,8B ? 24 ? 8B 41 ? 8B 40 ? 56 8D 71 ? 8B 4C 24 10)

alloc(delay,4)
delay:
dw 0

pet_teleport_aob:
pet_teleport_restore:
jmp pet_teleport_hook
pet_teleport_return:

pet_teleport_hook:
inc [delay]
cmp dword ptr [delay], #70
jne return_normal
mov [delay], 0

push esi
mov esi,eax
mov edx,[eax+04]
mov eax,[eax]
pushad

mov edi,[ebp+08]

lea ecx,[edi+04]
mov ebx,[edi+04]
mov ebx,[ebx+20]
call ebx

push [esi+04]
push [esi]
push 00
mov ecx,eax
call vecctrl_set_position_aob

popad
pop esi
jmp pet_teleport_return

return_normal:
mov edx,[eax+04]
mov eax,[eax]
jmp pet_teleport_return

[disable]
pet_teleport_restore:
mov edx,[eax+04]
mov eax,[eax]

unregistersymbol(pet_teleport_restore)
dealloc(pet_teleport_hook)

 

Pet Loot 

Spoiler

/*
Pet Item Teleport
Creator Sprux
*/
[enable]
label(pet_teleport_restore)
registersymbol(pet_teleport_restore)

alloc(pet_teleport_hook,128)
label(pet_teleport_return)

label(return_normal)

define(pet_teleport_address,00B5D640) //,8B 50 04 8B 00 ? ? 8D 4D
define(vecctrl_set_position_address,01B66C50) //8B ? 24 ? 8B 41 ? 8B 40 ? 56 8D 71 ? 8B 4C 24 10

alloc(delay,4)
delay:
dw 0

pet_teleport_address:
pet_teleport_restore:
jmp pet_teleport_hook
pet_teleport_return:

pet_teleport_hook:
inc [delay]
cmp dword ptr [delay], #70
jne return_normal
mov [delay], 0

push esi
mov esi,eax
mov edx,[eax+04]
mov eax,[eax]
pushad

mov edi,[ebp+08]

lea ecx,[edi+04]
mov ebx,[edi+04]
mov ebx,[ebx+20]
call ebx

push [esi+04]
push [esi]
push 00
mov ecx,eax
call vecctrl_set_position_address

popad
pop esi
jmp pet_teleport_return

return_normal:
mov edx,[eax+04]
mov eax,[eax]
jmp pet_teleport_return

[disable]
pet_teleport_restore:
mov edx,[eax+04]
mov eax,[eax]

unregistersymbol(pet_teleport_restore)
dealloc(pet_teleport_hook)

 

Remove Death Animations

Spoiler

//v178.3
define(CMob_OnDie,01046150)//3D 33 BC 86 00 -static MOB ID [FUNCTION START]
[enable]
CMob_OnDie:
ret

[disable]
CMob_OnDie:
db 6A FF

 

Item Filter

Spoiler

 


//v178.3
[ENABLE]
alloc(ItemFilter,256)
alloc(ItemList,2048)
alloc(Mesos,4)
alloc(Mode,4)
label(Return)
label(End)
label(FilterMesos)
label(RejectOrAccept)
label(AcceptFilter)
label(RejectFilter)
label(Ignore)

Mesos:
dd #10 // Minimum meso

Mode:
dd #0 // 0 = Accept, 1 = reject

ItemList:

dd 00 // End of list

ItemFilter:
push edx
mov edx,[Mesos]
cmp eax,edx
jle FilterMesos
mov edx,ItemList
jmp RejectOrAccept

FilterMesos:
mov [esi+44],0
jmp End

RejectOrAccept:
cmp byte ptr [Mode],0
je AcceptFilter
cmp byte ptr [Mode],1
je RejectFilter

AcceptFilter:
cmp eax,[edx]
je End
cmp dword ptr [edx],0
je Ignore
add edx,4
jmp AcceptFilter

RejectFilter:
cmp eax,[edx]
je Ignore
cmp dword ptr [edx],0
je End
add edx,4
jmp RejectFilter

Ignore:
cmp eax,#50000 // Added this code otherwise mesos is dropped but not shown in accept mode
jle End
mov eax,0

End:
pop edx
mov ecx,ebx // Original Opcode
mov [esi+48],eax // Original Opcode
jmp Return

00B65CB9:
jmp ItemFilter
Return:

[DISABLE]
00B65CB9: // 8B ? 89 ? ? E8 ? ? ? ? 8B ? 89 ? ? E8 ? ? ? ? 0F ? ? 89 ? ? 8B ? E8 ? ? ? ? 0F [Second Result]
mov ecx,ebx
mov [esi+48],eax

dealloc(ItemFilter)
dealloc(ItemList)
dealloc(Mesos)
dealloc(Mode)

 

Infinite Blaster Bullets

Spoiler

//v178.3
//Created by OuterHaven
//MooplerMasterRace

[enable]
01F25591: //Infinite Bullets
db 0F 85

[disable]
01F25591: //0F 84 ? ? 00 00 8D 4C 24 ? E8 ? ? ? ? 84 C0 0F 84 ? ? 00 00 68 ? ? ? ? 8D
db 0f 84

 

Enabled Disabled Buttons

Spoiler

//v178.3
//CREDITS ????


define(EnableDisabledButtons,0093D270) //8B 41 ? C3 CC CC CC CC CC CC CC CC CC CC CC CC 8B 41 ? C3 CC CC CC CC CC CC CC CC CC CC CC CC 33 C0 [1st result]
[enable]
EnableDisabledButtons:
db 8B 41 34

[disable]
EnableDisabledButtons:
db 8B 41 30

 

Auto Pet Feed

Spoiler

// Auto Pet Feed GMS v178.3
define(KEY_NORMAL,0)
define(KEY_EXTENDED,1)
define(VK_HOME,24)
define(FeedFullness,#60)
define(FoodKey,VK_HOME)
define(FoodKeyType,KEY_NORMAL)

// ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? ?? ?? C8 ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? E8 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E8
define(PetFullnessAddy,0115ED39)

// 8B 15 ?? ?? ?? ?? 85 D2 74 23
define(TSingleton_CWndMan___ms_pInstance,029D89A4)

// ?? ?? ?? ?? ?? 85 ?? 74 ?? 8D ?? ?? 8B ?? 8B ?? FF ?? C2 08 00 -- Second Result
define(CWndMan__OnKey,01E2D610)

[Enable]
alloc(PetFullnessHook,64)
alloc(PressKey,128)
label(DontFeed)
define(KEY_PRESS,0)
define(KEY_UP,1)
define(MAPVK_VK_TO_VSC,0)

PetFullnessAddy:
jmp PetFullnessHook
nop

PetFullnessHook:
mov [esi+000000DC],edx
cmp edx,FeedFullness
jg DontFeed

push KEY_PRESS
push FoodKeyType
push FoodKey // virtual_key
call PressKey

DontFeed:
jmp PetFullnessAddy+6

PressKey:
push ebx
push edx
push esi
push ecx

mov edx, [esp+10+4]
mov esi, [esp+10+8]
mov ebx, [esp+10+C]
mov ecx, edx

push MAPVK_VK_TO_VSC
push ecx
call MapVirtualKeyA
shl eax,#16
shl esi,#24
shl ebx,#31
or eax, esi
or eax, ebx
mov ecx,eax

push ecx
push edx
mov ecx,[TSingleton_CWndMan___ms_pInstance]
call CWndMan__OnKey

pop ecx
pop esi
pop edx
pop ebx
ret 000C

[Disable]
PetFullnessAddy:
mov [esi+000000DC],edx

dealloc(PetFullnessHook)
dealloc(PressKey)

 

Instant Teleport

Spoiler

/*
Instant Teleport to X/Y
Created by AIRRIDE?
Posted by CJ
GMS v178.3
*/

[ENABLE]
alloc(Teleport,128)
CreateThread(Teleport)

Teleport:
mov esi,[029D3FD0] // CUserLocal: 8B 3D ? ? ? ? 8B 40
push #-9999 // Y
push #9999 // X
push [esi+A328] // Character PID: 8B 86 ? ? 00 00 6A D8
call 01DF1270 // E8 ? ? ? ? 8D ? ? ? ? ? ? ? 89 ? ? ? ? ? E8 ? ? ? ? DB [FUNCTION START] (push esi)
ret

[DISABLE]
dealloc(Teleport)

 

Full Map Attack

Spoiler

//Credit to Chubbzz v178.3
[enable]
0105ECFE: // MsInterSectRect
db EB

01F0E681: // Removes Level Up Damage
db EB

[disable]
0105ECFE: // E8 ? ? ? ? 83 C4 ? 85 C0 75 ? 81 BC 24 ? ? ? ? ? ? ? ? 0F 85 ? ? ? ? 83 [jne below]
db 75

01F0E681: //89 9E ? ? ? ? 8B 0D ? ? ? ? 3B CB 74 ? ? ? ? ? ? 53 JE BELOW
//[OR SEARCH push 04C4BAEA] Address is JE abovE
db 74

 

Orbital Flame Full Map

Spoiler

//v178.3
[ENABLE]
alloc(find_hit_mob_in_rect_hook,128)

find_hit_mob_in_rect_hook:
mov eax,[029D8870] // CWvsPhysicalSpace2D: //8B 0D ? ? ? ? E8 ? ? ? ? 8B 08 83
lea eax,[eax+0C] // Left Wall Offset
mov [esp+04],eax
jmp 0105E870 // Original call (CMobPool::FindHitMobInRect)

00D8CB7B: // Function:CForceAtom_NonTargetAttack::UpdateAttackCollision
call find_hit_mob_in_rect_hook

[DISABLE]
dealloc(find_hit_mob_in_rect_hook)
00D8CB7B: // E8 ? ? ? ? 8B ? 89 ? ? ? 85 ? 0F 8E [First Result]
call 0105E870

 

Orbital Flame Damage Hack

Spoiler


[ENABLE]
alloc(IncreaseOrbitalFlameAttackCount,128)

IncreaseOrbitalFlameAttackCount:
mov eax,0F
mov [ebp-000000FC],eax
jmp 01CE3B4A+6

01CE3B4A:
jmp IncreaseOrbitalFlameAttackCount
db 90

[DISABLE]
01CE3B4A: // 89 85 ? ? ? ? 6A 0F 8B 8D ? ? ? ? 51 E8 [Second Result]
mov [ebp-000000FC],eax
push 0F

dealloc(IncreaseOrbitalFlameAttackCount)
 

 

Unlimited Blazing Extinction Timer

Spoiler

//Unlimited Blazing Extinction Time (Blaze Wizard Skill) GMSv178.3
[enable]
alloc(SkillTimer,128)
label(AppearUnlimited)

00DD6AD0:
jmp SkillTimer
db 90
AppearUnlimited:

SkillTimer:
mov [esi+000000FC],7FFFFFFF
jmp AppearUnlimited

[disable]
00DD6AD0: //89 ? ? ? ? ? 89 ? ? ? ? ? 89 ? ? ? ? ? E8 ? ? ? ? 83 ? ? 85 C0 [FIRST]
mov [esi+000000FC],eax

 

No Delay Blazing Extinction

Spoiler

//v178.3
define(NDBE,00DD8244) // 0F 84 ? ? ? ? D9 EE 8B ? ? ? DC 9E ? ? ? ? 8B
[enable]

NDBE:
db 0F 85

[disable]
NDBE:
db 0F 84

 

Blazing Extinction Full Map

Spoiler

//v178.3
[enable]
alloc(find_hit_mob_in_rect_hook,128)
find_hit_mob_in_rect_hook:

mov eax,[029D8870] //CWvsPhysicalSpace2D  //8B 0D ? ? ? ? E8 ? ? ? ? 8B 08 83
lea eax,[eax+0C] // Left Wall Offset
mov [esp+04],eax
jmp 0105E870 // Original call (CMobPool::FindHitMobInRect)

//Function CUser::TryDoingFlameBallAttack
01CD8F2D:
call find_hit_mob_in_rect_hook

//Function //Function CGrendade::Update
00DD81DA: //FlameBallObject X/Y Check, allows continous attack
nop
nop

[disable]
01CD8F2D: //E8 ? ? ? ? 89 85 ? ? ? ? 8B ? ? ? ? ? 89 ? ? ? ? ? 83 BD ? ? ? ? 00 75 ? C7 [LAST]
call 0105E870
  
00DD81DA: //85 C0 0F 8E ? ?  ? ? 8B ? ? 81 C1
test eax,eax

 

Blazing Extinction Effect Removal

Spoiler

//Credits to OuterHaven
//v178.3

[enable]
//CFlameBallAttack::UpdateFlameBallAttack
00D85B80:

[disable]
00D85B80: //E8 ? ? ? ? 3B C3 75 ? 39 5E
db 6A FF 68

 

Psychic Lock Full Map

Spoiler

//v178.3
[enable]
alloc(find_hit_mob_in_rect_hook,128)

find_hit_mob_in_rect_hook:
mov eax,[029D8870] // CWvsPhysicalSpace2D: //8B 0D ? ? ? ? E8 ? ? ? ? 8B 08 83
lea eax,[eax+0C] // Left Wall Offset
mov [esp+04],eax
jmp 0105E870 // Original call (CMobPool::FindHitMobInRect)

01D13D81:
call find_hit_mob_in_rect_hook

[disable]
dealloc(find_hit_mob_in_rect_hook)

01D13D81: // E8 ? ? ? ? 89 44 24 ? 8B ? ? ? 8B ? ? 8B 0D ? ? ? ?
call 0105E870

 

Instant Final Smash (Kinesis)

Spoiler

/*
Instant Final Psychic Smash
MooplerMasterRace
Created by OuterHaven
GMS V178.3
*/

[enable]
//Changes the attack loop by swapping the regular Psychic Grab attack with the strongest part of the skill Final Psychic Smash attack (5th hit)
01B8B5D7:
db 75

//CKinesis_PsychicLock::DecUsableCount
//No loopback to regular attack after the 5th attack, also denies reset of the skill loop allowing you to constantly attack.
00EBDAB0: // Infinite Psychic Smash Usage.
ret

01D26446: //No Grab
db 74

[disable]
01B8B5D7: //74 ?? 8D A4 24 ?? ?? ?? ?? 8B 46 ?? 50 8D 4C 24 ?? 51
db 74

00EBDAB0: //8B 81 ?? ?? ?? ?? 48 33 D2 85 C0 0F 9E C2
mov eax,[ecx+00000090]
dec eax

01D26446: //75 ? 80 ? ? ? 00 8B ? ? ? 8D ? ? ? 8D ? ? ? 74 ?
db 75

 

Dragon Dive Full Map Attack

Spoiler

/*
Credits to Sprux for FindHitInMobRect FMA Method
GMSv178.3
Use with No Skill Cooldowns to Spam
*/

[enable]
alloc(find_hit_mob_in_rect_hook,128)

find_hit_mob_in_rect_hook:
mov eax,[029D8870]// CWvsPhysicalSpace2D: //8B 0D ? ? ? ? E8 ? ? ? ? 8B 08 83 ? ? 89 8E
lea eax,[eax+0C] // Left Wall Offset
mov [esp+04],eax
jmp 0105E870 // Original call (CMobPool::FindHitMobInRect)

00B56B51: //CDragon::TryDoingMagicAttack
call find_hit_mob_in_rect_hook

[disable]
dealloc(find_hit_mob_in_rect_hook)

00B56B51: //E8 ? ? ? ? 8B 3D ? ? ? ? 8B F0 8B ? ? ? 8B ? ? 51
call 0105E870

 

Air Hit Mob Vac

Spoiler

//CMob::GenerateMovePath
//Credits to Kevintjuh93
//v178.3
[ENABLE]
alloc(hook,128)
label(return)

hook:
push eax
mov [esp+C+04],#9//nAction
mov [esp+C+14],#16//nMoveType (You can use #23 also)
mov [esp+C+38],#1//bAirHit

//Vac to Char X
mov eax,[029D3FD0] //CUserLocal: 8B 3D ? ? ? ? 8B 40
mov eax,[eax+13A94] //Character X Location Offset: 89 8E ? ? ? ? 8B 50 ? 8B 06 89 96 ? ? ? ? 8B 50
add eax,#0 //Adjust X
mov [esp+C+18],eax //nMoveEndingX

//Vac to Char Y
mov edi,[029D3FD0] //CUserLocal: 8B 3D ? ? ? ? 8B 40
mov edi,[eax+13A94+4] //Character X Location Offset+4: 89 8E ? ? ? ? 8B 50 ? 8B 06 89 96 ? ? ? ? 8B 50
add edi,#0 //Adjust Y
mov [esp+C+1C],edi //nMoveEndingY

pop eax
jmp return

01051B97:
jmp hook
db 90
return:

[DISABLE]
dealloc(hook)
01051B97: //83 C4 08 83 F8 03 0F 94 C1 33 [FUNCTION START]
mov eax,fs:[00000000]

 

Vellum Freeze

Spoiler

/*
Disarms mobs/bosses
Freezes some mobs
Freezes vellum
v178.3
*/

[enable]
alloc(CMob__GenerateMovePath_Hook,128)
label(ret)

CMob__GenerateMovePath_Hook:

push eax
mov [esp+C+04],9 // nAction
pop eax
jmp ret

01051B97: // CMob::GenerateMovePath
jmp CMob__GenerateMovePath_Hook
db 90
ret:

[disable]
01051B97: // 6A FF 68 ? ? ? ? 64 A1 00 00 00 00 50 81 EC ? ? 00 00 A1 ? ? ? ? 33 C4 89 84 24 ? ? 00 00 53 55 56 57 A1 ? ? ? ? 33 C4 50 8D 84 24 ? ? 00 00 64 A3 00 00 00 00 8B 84 24 ? ? 00 00 8B D9
db 64 A1 00 00 00 00

dealloc(CMob__GenerateMovePath_Hook)

 

Kanna 4th Job Monkey Spirit No Delay

Spoiler

[enable]
//Created by DBLmao
//v178.3
alloc(Hook,100)
label(Return)
label(Original)

Hook:
push eax
mov eax,[029D8864] //8B 0D ? ? ? ? 50 E8 ? ? ? ? 3B ? 0F 84 ? ? 00 00 8B ? E8
cmp [eax+10],01
pop eax
jle Original
mov [esi+0001433C],#42120003
mov [esi+0001433C+4],#55

Original:
cmp dword ptr [esi+0001433C],00
jmp Return

01D1AE1B: //83 BE ? ? ? ? 00 0F 84 ? ? 00 00 2B 86 ? ? ? ? 0F 88 ? ? 00 00 8B
jmp Hook
db 90 90
Return:

01D105E6: //0F 8C ? ? FF FF 8D 8E ? ? ? ? E8 [LAST]
db 90 90 90 90 90 90

[disable]
01D1AE1B:
cmp dword ptr [esi+0001433C],00

01D105E6:
db 0F 8C F7 FE FF FF

dealloc(Hook)

 

Rush Teleport

Spoiler

//Credit Fameguy
//v178.3
[enable]
alloc(Hook,100)
label(Return)
label(Original)

Hook:
cmp [esp],01BB9463// below second call 3rd result 8B ?? ?? ?? 8B ?? ?? ?? 52 51 8B ?? C7 ?? ?? ?? ?? ?? ?? ?? ??
jne Original
mov [esp+4],#1235 // X
mov [esp+8],#185 // Y

Original:
mov edx,[esp+04]
push esi
jmp Return

0085BA80: // //second call below 3rd result 8B ?? ?? ?? 8B ?? ?? ?? 52 51 8B ?? C7 ?? ?? ?? ?? ?? ?? ?? ?? CVecCtrl::SetMoveNext
jmp Hook
Return:

[disable]
0085BA80:
mov edx,[esp+04]
push esi

dealloc(Hook)

 

Pianus Spawn

Spoiler

// Reactor Morph GMS 178.3
// Credits YeeShin
// It will Morph every reactor into a green plant and force it to break when you hit it

[Enable]
alloc(Reactor_Morph,123)
alloc(Reactor_Force_V2,123)
label(Reactor_Morph_Return)
label(rett)


Reactor_Morph:
//mov eax, #0002000
mov eax, #1012000 // Green Plant Reactor ID

mov [esi+04],eax
mov ecx,edi
jmp Reactor_Morph_Return

011C0A5F: // 89 46 ?? 8B CF C7 46 ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? 0F B6 C0


jmp Reactor_Morph
Reactor_Morph_Return:

Reactor_Force_V2:
add [esp],2
mov [esi+28],eax
lea ecx,[esp+6C]
jmp rett

011BAC3B: // 89 ? ? 8d 4c ? ? c7 ? ? FE FF FF FF
jmp Reactor_Force_V2
db 90 90
rett:

[disable]
dealloc(Reactor_Morph,123)
dealloc(Reactor_Force_V2,123)

00D6AC2B:
mov [esi+28],eax
lea ecx,[esp+6C]

00D7068F:
mov [esi+04],eax
mov ecx,edi

 

I won't be able to update much until tonight/weekend but this is a placeholder for those who have updated addresses.

  • Like 9

Share this post


Link to post
35 minutes ago, OuterHaven said:

Ran down the script thread and checked the addresses, nothing much changed only a couple had to be re-updated.

Not one that I know of aside from the usual paid programs. However you should have about 3-4 minutes to do whatever until you D/C.

Share this post


Link to post
Spoiler

[ENABLE]
01ED5520: 
db 33 C0 C3

00A36480: 
db 33 C0 C3

[DISABLE]
01ED5520: 
db 55 8B EC

00A36480:

db 55 8B EC

 

CRC bypass v178.3

Edited by longbreakers
  • Like 2

Share this post


Link to post

Infinite Pianus Summon (Reactor) @OuterHaven

Spoiler

// Reactor Morph GMS 178.3
// Credits YeeShin
// It will Morph every reactor into a green plant and force it to break when you hit it

[Enable]
alloc(Reactor_Morph,123)
alloc(Reactor_Force_V2,123)
label(Reactor_Morph_Return)
label(rett)


Reactor_Morph:
//mov eax, #0002000
mov eax, #1012000 // Green Plant Reactor ID

mov [esi+04],eax
mov ecx,edi
jmp Reactor_Morph_Return

011C0A5F: // 89 46 ?? 8B CF C7 46 ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? 0F B6 C0


jmp Reactor_Morph
Reactor_Morph_Return:

Reactor_Force_V2:
add [esp],2
mov [esi+28],eax
lea ecx,[esp+6C]
jmp rett

011BAC3B: // 89 ? ? 8d 4c ? ? c7 ? ? FE FF FF FF
jmp Reactor_Force_V2
db 90 90
rett:

[disable]
dealloc(Reactor_Morph,123)
dealloc(Reactor_Force_V2,123)

00D6AC2B:
mov [esi+28],eax
lea ecx,[esp+6C]

00D7068F:
mov [esi+04],eax
mov ecx,edi

 

Edited by 718J
Updated script
  • Like 1

Share this post


Link to post
4 hours ago, longbreakers said:
  Reveal hidden contents

[ENABLE]
01ED5520: 
db 33 C0 C3

00A36480: 
db 33 C0 C3

[DISABLE]
01ED5520: 
db 55 8B EC

00A36480:

db 55 8B EC

 

CRC bypass v178.3

would u just tick this after attaching cheat engine to process?

Share this post


Link to post

Skill Inject

 

Spoiler

//v178.3

//Skill Inject

[Enable]
alloc(skill_id_hook,128)
label(skill_id_return)
alloc(delay,4)
define(skill_id,#00000) //Skill ID goes here

delay:
dw 0
01D1ED68:
db 90 90 90 90 90 90 //

01D1ED74:
db 90 90 90 90 90 90

01D1EDD3:
db 90 E9

01D1EEF3:
jmp skill_id_hook
nop
skill_id_return:
skill_id_hook:
inc [delay]
cmp dword ptr [delay], #2 // Set times (optional till you don't d/c)
jne skill_id_return
mov [delay], 0
mov edx,skill_id
jmp skill_id_return

018D86F4:
db 90 90 90 90 90 90

01D1EF72:
jmp 01D1EFA8
dw 9090

[Disable]
01D1ED68:
db 0F 84 86 03 00 00

01D1ED74:
db 0F 88 7A 03 00 00

01D1EDD3:
db 0F 84 CC 00 00 00

01D1EEF3:
mov edx,[esi+0001231C]

01D1EF65:
db 0F 87 7F 01 00 00

01D1EF72:
jmp dword ptr [ecx*4+01D1F0FC]
dealloc(skill_id_hook)

Who can help me update Mach NoDelay script

Share this post


Link to post

Or u can use bypass of gamekiller, working current version 178

13 minutes ago, 3qalves said:

wtf.. how?? i injected crc bypass into the launcher , but ngs detected close my maple after 3min ;x

 

8 minutes ago, purplecloud said:

Mine just says not responding after i sign in and get into the game

 

Share this post


Link to post
4 hours ago, longbreakers said:

Skill Inject

 

  Reveal hidden contents

//v178.3

//Skill Inject

[Enable]
alloc(skill_id_hook,128)
label(skill_id_return)
alloc(delay,4)
define(skill_id,#00000) //Skill ID goes here

delay:
dw 0
01D1ED68:
db 90 90 90 90 90 90 //

01D1ED74:
db 90 90 90 90 90 90

01D1EDD3:
db 90 E9

01D1EEF3:
jmp skill_id_hook
nop
skill_id_return:
skill_id_hook:
inc [delay]
cmp dword ptr [delay], #2 // Set times (optional till you don't d/c)
jne skill_id_return
mov [delay], 0
mov edx,skill_id
jmp skill_id_return

018D86F4:
db 90 90 90 90 90 90

01D1EF72:
jmp 01D1EFA8
dw 9090

[Disable]
01D1ED68:
db 0F 84 86 03 00 00

01D1ED74:
db 0F 88 7A 03 00 00

01D1EDD3:
db 0F 84 CC 00 00 00

01D1EEF3:
mov edx,[esi+0001231C]

01D1EF65:
db 0F 87 7F 01 00 00

01D1EF72:
jmp dword ptr [ecx*4+01D1F0FC]
dealloc(skill_id_hook)

Who can help me update Mach NoDelay script

I edited a new one in the thread or you can find one here. Its d/cs on skills it shouldn't though, so they  probably put in checks

Mach GND

Spoiler

//Credits to Mach of CCPLZ 
//GMSv178.3

define(MachGND,01C8F39B)

[enable]
MachGND://Mach GND (Melee/Basic attacks)
db EB

[disable]
MachGND:
db 75

 

 

  • Like 1

Share this post


Link to post
Spoiler

// Auto Pet Feed GMS v178.3
define(KEY_NORMAL,0)
define(KEY_EXTENDED,1)
define(VK_HOME,24)
define(FeedFullness,#60)
define(FoodKey,VK_HOME)
define(FoodKeyType,KEY_NORMAL)

// ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? ?? ?? C8 ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? E8 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E8
define(PetFullnessAddy,0115ED39)

// 8B 15 ?? ?? ?? ?? 85 D2 74 23
define(TSingleton_CWndMan___ms_pInstance,029D89A4)

// ?? ?? ?? ?? ?? 85 ?? 74 ?? 8D ?? ?? 8B ?? 8B ?? FF ?? C2 08 00 -- Second Result
define(CWndMan__OnKey,01E2D610)

[Enable]
alloc(PetFullnessHook,64)
alloc(PressKey,128)
label(DontFeed)
define(KEY_PRESS,0)
define(KEY_UP,1)
define(MAPVK_VK_TO_VSC,0)

PetFullnessAddy:
jmp PetFullnessHook
nop

PetFullnessHook:
mov [esi+000000DC],edx
cmp edx,FeedFullness
jg DontFeed

push KEY_PRESS
push FoodKeyType
push FoodKey // virtual_key
call PressKey

DontFeed:
jmp PetFullnessAddy+6

PressKey:
push ebx
push edx
push esi
push ecx

mov edx, [esp+10+4]
mov esi, [esp+10+8]
mov ebx, [esp+10+C]
mov ecx, edx

push MAPVK_VK_TO_VSC
push ecx
call MapVirtualKeyA
shl eax,#16
shl esi,#24
shl ebx,#31
or eax, esi
or eax, ebx
mov ecx,eax

push ecx
push edx
mov ecx,[TSingleton_CWndMan___ms_pInstance]
call CWndMan__OnKey

pop ecx
pop esi
pop edx
pop ebx
ret 000C

[Disable]
PetFullnessAddy:
mov [esi+000000DC],edx

dealloc(PetFullnessHook)
dealloc(PressKey)

Fix Pet Feed no d/c

2 hours ago, OuterHaven said:

I edited a new one in the thread or you can find one here. Its d/cs on skills it shouldn't though, so they  probably put in checks

Mach GND

  Reveal hidden contents


//Credits to Mach of CCPLZ 
//GMSv178.3

define(MachGND,01C8F39B)

[enable]
MachGND://Mach GND (Melee/Basic attacks)
db EB

[disable]
MachGND:
db 75

 

 

:D thank you for update

Edited by longbreakers

Share this post


Link to post
2 minutes ago, Zarroth94 said:

The orbital FMA works but somehow monsters dont lose hp 

that means its clientsided, so the damage only shows on your screen 

Edited by resict
spelling
  • Like 1

Share this post


Link to post

GMS v.178.3

Increase Orbital Flame Attack Count to 15 by @hippo:

Spoiler

[ENABLE]
alloc(IncreaseOrbitalFlameAttackCount,128)

IncreaseOrbitalFlameAttackCount:
mov eax,0F
mov [ebp-000000FC],eax
jmp 01CE3B4A+6

01CE3B4A:
jmp IncreaseOrbitalFlameAttackCount
db 90

[DISABLE]
01CE3B4A: // 89 85 ? ? ? ? 6A 0F 8B 8D ? ? ? ? 51 E8 [Second Result]
mov [ebp-000000FC],eax

dealloc(IncreaseOrbitalFlameAttackCount)

 

Script that can help find addresses for others skills that can use the same method to increase attack count by airride(?) idk:

How to use:

1.Enable script

2.In Memory view -> Go to address 'ESPList' without the quotes in hex memory.

3.In hex memory, right click -> Display Type -> 4 Byte hex

4. Hit a mob with a skill, an address should be logged.

5.Try that address to see if it works to increase attack count.

Spoiler

[ENABLE]
registerSymbol(ESPList)
alloc(ESPList,512)
alloc(Hook,512)
alloc(IgnoreList,256)
alloc(CheckIgnore,128)
label(IgnoreNoMatch)
label(IgnoreMatch)
label(IgnoreNext)
label(NextNext)
label(ESPSave)
label(Ending)

IgnoreList:
dd 00000000

ESPList:
dd 00000000 // EOP

CheckIgnore:
mov eax,[esp+4]
xor ecx,ecx
lea esi,[IgnoreList]

IgnoreNext:
cmp [esi+ecx*4],eax
je IgnoreMatch
cmp [esi+ecx*4],0
je IgnoreNoMatch
inc ecx
jmp IgnoreNext

IgnoreNoMatch:
xor eax,eax
ret 0004

IgnoreMatch:
mov eax,1
ret 0004

Hook:
mov eax,[esp]
pushad
mov edi,eax // Safety
push edi // Esp
call CheckIgnore
test eax,eax
jne Ending // Match
mov eax,edi // Esp
xor ecx,ecx
lea esi,[ESPList]

NextNext:
cmp [esi+ecx*4],eax
je Ending // Ignore
cmp [esi+ecx*4],0
je ESPSave
inc ecx
jmp NextNext

ESPSave:
mov [esi+ecx*4],eax

Ending:
popad
mov edx,[esp+08]
push esi
jmp 012A33F5

012A33F0: // int __fastcall SKILLLEVELDATA::_ZtlSecureGet_nAttackCount(SKILLLEVELDATA *this)
jmp Hook

[DISABLE]
012A33F0: // 8B ? ? ? 56 57 52 8B F1 E8 ? ? ? ? 8B [Third Result]
mov edx,[esp+08]
push esi

unregistersymbol(ESPList)
dealloc(Hook)
dealloc(ESPList)
dealloc(IgnoreList)

 

 

 

 

 

 

15 hours ago, longbreakers said:
  Reveal hidden contents

[ENABLE]
01ED5520: 
db 33 C0 C3

00A36480: 
db 33 C0 C3

[DISABLE]
01ED5520: 
db 55 8B EC

00A36480:

db 55 8B EC

 

CRC bypass v178.3

The second address is wrong and please leave the comments and aobs lol.

Spoiler

[ENABLE]
01ED5520: // Themida CRCs
db 33 C0 C3

00A36AA0: // Debug Register Check
db 33 C0 C3

[DISABLE]
01ED5520: // 55 8B EC 6A FF 68 ? ? ? ? 64 A1 00 00 00 00 50 81 EC ? ? 00 00 A1 ? ? ? ? 33 C5 89 ? ? 53 56 57 50 8D ? ? 64 A3 00 00 00 00 89 ? ? ? ? ? C7
db 55 8B EC

00A36AA0: // 55 8B EC 81 EC ? ? 00 00 A1 ? ? ? ? 33 C5 89 45 FC 53 56 57 [Second Result]
db 55 8B EC

 

 

FMA seems to be patched, damage is client-sided. :cry:

 

Edited by CJ.
  • Like 9

Share this post


Link to post
Guest
This topic is now closed to further replies.
×