Jump to content
Moopler
Razz

Outdated Scripts Thread v115.1

Recommended Posts

Mesos Hook

Spoiler

/*
  Created by [D.R.T]
  EMS v115.1
*/
[Enable]
Alloc(DecodeMoneyHook,128)
Alloc(DecodeChangeStatHook,128)
Label(DecodeMoneyRet)
Label(DecodeChangeStatRet)

Alloc(Mesos,8)
RegisterSymbol(Mesos)

//8D ? ? ? ? 00 50 E8 ? ? ? ? 89 ? ? ? ? 00 5E
00639A9D: //GW_CharacterStat::DecodeMoney
jmp DecodeMoneyHook
nop
DecodeMoneyRet:

DecodeMoneyHook:
mov [Mesos],eax
lea ecx,[esi+000000C4] //Original Opcode @ GW_CharacterStat::DecodeMoney
jmp DecodeMoneyRet

//8D ? ? ? ? 00 50 E8 ? ? ? ? 89 ? ? ? ? 00 8B [Same opcode as GW_CharacterStat::DecodeMoney]
00644759: //GW_CharacterStat::DecodeChangeStat
jmp DecodeChangeStatHook
nop
DecodeChangeStatRet:

DecodeChangeStatHook:
mov [Mesos],eax
lea ecx,[esi+000000C4] //Original Opcode @ GW_CharacterStat::DecodeChangeStat
jmp DecodeChangeStatRet

[Disable]
00639A9D:
lea ecx,[esi+000000C4]

00644759:
lea ecx,[esi+000000C4]

 

Touch Godmode

Spoiler

[Enable]
01211A70: //8D 84 24 ? ? ? ? 64 A3 00 00 00 00 8B E9 8B 9C 24 ? ? ? ? C7 Address of the start of this func
ret 002C

[Disable]
01211A70:
db 6A FF 68

 

Fusion Attack

Spoiler

[Enable]
alloc(Hook,512)
label(Return)

0099D5C3: //89 3C 81 40 89 44 24 ? 8B 44 24 ?
jmp Hook
db 90 90 90
Return:
Hook:
mov [ecx+eax*4],edi
inc eax
cmp eax,[esp+6C]
jl Hook
mov [esp+1C],eax
jmp Return

[Disable]
dealloc(Hook)

0099D5C3:
mov [ecx+eax*4],edi
inc eax
mov [esp+1C],eax

 

Item Filter

Spoiler

/*
Item Filter
Creator unknown
*/
define(dwItemFilter,0066F55D) //8B ? 89 ? ? E8 ? ? ? ? 8B ? 89 ? ? E8 ? ? ? ? 0F ? ? 89 ? ? 8B ? E8 ? ? ? ? 0F
[enable]
alloc(ItemFilter,256)
alloc(ItemList,2048)
alloc(Mesos,4)
alloc(Mode,4)
RegisterSymbol(Mode)
RegisterSymbol(Mesos)
label(Return)
label(End)
label(FilterMesos)
label(RejectOrAccept)
label(AcceptFilter)
label(RejectFilter)
label(Ignore)

Mesos:
dd #150 // minimum meso

Mode:
dd #0 // 0=accept, 1=reject

ItemList:
// item IDs here that you want to reject or accept
//dd #1004229 //helm
dd 00 // end of list

dwItemFilter:
jmp ItemFilter
Return:

ItemFilter:
push edx
mov edx,[Mesos]
cmp eax,edx
jle FilterMesos
mov edx,ItemList
jmp RejectOrAccept

FilterMesos:
mov [esi+40],0
jmp End

RejectOrAccept:
cmp byte ptr [Mode],0
je AcceptFilter
cmp byte ptr [Mode],1
je RejectFilter

AcceptFilter:
cmp eax,[edx]
je End
cmp dword ptr [edx],0
je Ignore
add edx,4
jmp AcceptFilter

RejectFilter:
cmp eax,[edx]
je Ignore
cmp dword ptr [edx],0
je End
add edx,4
jmp RejectFilter

Ignore:
cmp eax,#60000 // added this code otherwise mesos is dropped but not shown in accept mode
jle End
mov eax,0

End:
pop edx
mov ecx,ebx // org code
mov [esi+44],eax // org code
jmp Return

[disable]
dwItemFilter:
mov ecx,ebx
mov [esi+44],eax

 

Full Mob Disarm

Spoiler

/*
Full Mob Disarm
Creator unknown
*/

[Enable]
00999FEE:    // 75 ?? 8B CE E8 ?? ?? ?? ?? 8B CE E8 ?? ?? ?? ?? 8B CE E8 ?? ?? ?? ?? 8B CE E8 ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? ??
jmp 0099A44B // 8B 86 ?? ?? ?? ?? 85 C0 0F 84 ?? ?? ?? ?? 2B 45 ?? 0F 89 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8D ?? ?? ?? ?? ?? ??
db 90 90 90 90

[Disable]
00999FEE:
jne 0099A44B
mov ecx,esi
jne 0099A005//Opcode

 

Damage Hack

Spoiler

[Enable]
alloc(skill_id_hook,128)
label(skill_id_return)
alloc(delay,4)
//comment one of the lines below
//define(skill_id, #80001593) // 50m
define(skill_id, #95001001) //500k

delay:
dw 0

01247C0C:
db 90 90 90 90 90 90

01247C18:
db 90 90 90 90 90 90

01247C35:
db 90 E9

01247D4A:
jmp skill_id_hook
nop
skill_id_return:

skill_id_hook:
inc [delay]
cmp dword ptr [delay], #1 // Set your delay (optional till you dont d/c)
jne skill_id_return
mov [delay], 0
mov ecx,skill_id
jmp skill_id_return

01247DE8:
db 90 90 90 90 90 90

01247DF5:
jmp 01247E2B

[Disable]
01247C0C:
db 0F 84 CF 02 00 00

01247C18:
db 0F 88 C3 02 00 00

01247C35:
db 0F 84

01247D4A:
mov ecx,[esi+0000A4AC]

01247DE8:
db 0F 87 E9 00 00 00

01247DF5:
jmp dword ptr [eax*4+01247EEC]

dealloc(skill_id_hook)

 

500k Damage Support

Spoiler

[enable]
0099D57F:
db 90 90

[disable]
0099D57F:
db 75 2B

 

50m Damage Support

Spoiler

[enable]
009970A6: // Block the mob knockback
db 90 E9

0122A8E0: // Block the character sliding/stucking feature
db EB

[disable]
009970A6: // 80 BD ? ? 00 00 00 0F 85 ? ? 00 00 8B CD
db 0F 85

0122A8E0: // 74 ? 83 BE ? ? 00 00 00 74 ? 81 BE
db 74

 

 

  • Like 3

Share this post


Link to post
7 minutes ago, roilevi79366 said:

mesos hook what is it?

Lets you read out mesos to use in other scripts or bots.

1 minute ago, DarrenBWHUFC said:

still no people limit?

Which script are you referring to?

Share this post


Link to post

Mesos Looted Counter

Spoiler

[enable]
alloc(hook, 128)
alloc(LastIncMeso, 4)
alloc(TotalIncMeso, 4)
registersymbol(LastIncMeso)
registersymbol(TotalIncMeso)
label(hookret)

013C36F2:
jmp hook
hookret:

hook:
add [TotalIncMeso], ebp
mov [LastIncMeso], ebp
mov ecx, [esp+1C]
push ebp
jmp hookret

[disable]
013C36F2:
mov ecx, [esp+1C]
push ebp
dealloc(hook)

 

 

Add an Address called "TotalIncMeso" and "LastIncMeso".

The Value of TotalIncMeso will show you how much mesos you´ve looted/earned since the script is activaed and LastIncMeso will show you how much mesos your last loot/income was.

 

 

  • Like 1

Share this post


Link to post
10 hours ago, DarrenBWHUFC said:

dmg hack

here you go.

Spoiler

define(TSingleton__CUserPool,01984388)
define(TSingleton__CMobPool,0198438C)

define(mob_limit,#0)
define(people_limit,#1)

define(skill_id, #95001001) //#80001593 if wanna 50m and #95001001 for 500k

[enable]
alloc(skill_inject_check_hook,128)
label(skill_inject_check_skip)
label(skill_inject_check_return)

01247C0C:
jmp skill_inject_check_hook
nop
skill_inject_check_return:

skill_inject_check_hook:
mov ebx,[TSingleton__CUserPool]
mov ebx,[ebx+18]
mov eax,people_limit
cmp ebx,eax
jge skill_inject_check_skip
mov eax,[TSingleton__CMobPool]
mov eax,[eax+10]
sub eax,ebx
mov ebx,mob_limit
cmp eax,ebx
jle skill_inject_check_skip
mov [esi++0000A4AC],skill_id
jmp 01247D26
skill_inject_check_skip:
jmp 01247EE1

01247DE8:
db 90 90 90 90 90 90

01247DF5:
jmp far 01247E2B
dw 9090

[disable]
01247C0C:
db 0F 84 CF 02 00 00

01247DE8:
db 0F 87 E9 00 00 00

01247DF5:
jmp dword ptr [eax*4+01247EEC]

dealloc(skill_inject_check_hook)

 

  • Like 1

Share this post


Link to post
49 minutes ago, hippo said:

here you go.

  Reveal hidden contents

define(TSingleton__CUserPool,01984388)
define(TSingleton__CMobPool,0198438C)

define(mob_limit,#0)
define(people_limit,#1)

define(skill_id, #95001001) //#80001593 if wanna 50m and #95001001 for 500k

[enable]
alloc(skill_inject_check_hook,128)
label(skill_inject_check_skip)
label(skill_inject_check_return)

01247C0C:
jmp skill_inject_check_hook
nop
skill_inject_check_return:

skill_inject_check_hook:
mov ebx,[TSingleton__CUserPool]
mov ebx,[ebx+18]
mov eax,people_limit
cmp ebx,eax
jge skill_inject_check_skip
mov eax,[TSingleton__CMobPool]
mov eax,[eax+10]
sub eax,ebx
mov ebx,mob_limit
cmp eax,ebx
jle skill_inject_check_skip
mov [esi++0000A4AC],skill_id
jmp 01247D26
skill_inject_check_skip:
jmp 01247EE1

01247DE8:
db 90 90 90 90 90 90

01247DF5:
jmp far 01247E2B
dw 9090

[disable]
01247C0C:
db 0F 84 CF 02 00 00

01247DE8:
db 0F 87 E9 00 00 00

01247DF5:
jmp dword ptr [eax*4+01247EEC]

dealloc(skill_inject_check_hook)

 

thank you

Share this post


Link to post
Spoiler

// Bypassless 30ms Tubi (adjustable)
// EMS v115.1
// Original GMS script by DBLmao

[enable]
globalalloc(Tubi,100)
globalalloc(Stop,4)
label(LetsSlack)
CreateThread(Tubi)

Stop:
dd 0

Tubi:
mov esi,[0197FDC8]
test esi,esi
je LetsSlack
mov [esi+0000221C],00

LetsSlack:
push 10 // delay (adjust it to your liking)
call Sleep
cmp [Stop],1
jne Tubi
ret

[disable]
Stop:
dd 1
dd 1

seen a few people ask for it

Share this post


Link to post

Star planted Channel 3 exploit

Spoiler

// unban taku or riot :wut:
[ENABLE]
alloc(takuplz,1337)
label(ret1337)

00B59720: //6A ?? 68 ?? ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 83 EC ?? 53 55 56 57 A1 ?? ?? ?? ?? 33 C4 50 8D 44 24 ?? 64 A3 ?? ?? ?? ?? 80 79 ?? ?? 0F 84 ?? ?? ?? ?? A1 ?? ?? ?? ?? 33 ED
ret 0004

00FDC9AD: //89 B7 ?? ?? ?? ?? EB ?? 8B 0D ?? ?? ?? ?? 83 B9 ?? ?? ?? ?? ?? 75 ??
jmp takuplz
nop
ret1337:

takuplz:
mov esi,02 // Channel ID which 00=ch1 01=ch2 02=ch3
mov [edi+00000F6C],esi // pop up default channel
jmp ret1337 // unban taku plz

00B59BE0: //6A ?? 68 ?? ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 83 EC ?? 53 55 56 57 A1 ?? ?? ?? ?? 33 C4 50 8D 84 24 ?? ?? ?? ?? 64 A3 ?? ?? ?? ?? 80 79 ?? ?? 0F 84 ?? ?? ?? ?? A1 ?? ?? ?? ?? 85 C0
ret 0004

[DISABLE]
dealloc(takuplz,1337)

00B59720:
db 6A FF 68

00FDC9AD:
mov [edi+00000F6C],esi

00B59BE0:
db 6A FF 68

 

No Magnus Ball

Spoiler

[Enable]
0071C7F0:
db C3

[Disable]
0071C7F0:
db 55

 

Mouce Fly Hack

Spoiler

[Enable]
Alloc(MouseFly,128)
Alloc(NewTeleportXY,128)
Label(TeleportEnd)
Label(Ending)
Label(Return)

NewTeleportXY:
Push ebp
Mov ebp,esp
Sub esp,30
Mov esi,[0197FDC0]
Lea ecx,[esi+04]
Call 005DBDDD+3
Test eax,eax
Je TeleportEnd
Push [ebp+0C]
Push [ebp+08]
Push 00
Mov ecx,eax
Call 012E95E0
Mov eax,1

TeleportEnd:
Mov esp,ebp
Pop ebp
Ret 0008

MouseFly:
Mov esi,[ecx+978]
Pushad
mov ebx,[0197FEF0]
cmp [ebx+0A48],0C
jne Ending
cmp esi,0
Je Ending
Push [esi+8C]
Push [esi+90]
Call NewTeleportXY

Ending:
Popad
Jmp Return

0101D362:
Jmp MouseFly
Nop

Return:

[Disable]
Dealloc(SSMouseFly)
Dealloc(NewTeleportXY)

0101D362:
Mov esi,[ecx+978]

 

Perfect Loot

Spoiler

[Enable]
label(_tubi)
registersymbol(_tubi)
aobscan(tubi,89 86 ?? ?? ?? ?? E8 ?? ?? ?? ?? 89 86 ?? ?? ?? ?? 5E C2 ?? ?? CC CC CC CC)
label(_instantdrop)
registersymbol(_instantdrop)
aobscan(instantdrop,0D ?? ?? ?? ?? 83 C4 ?? E9 ?? ?? ?? ?? DD 05 ?? ?? ?? ?? DC C9)
label(_nolootani)
registersymbol(_nolootani)
aobscan(nolootani,81 FE ?? ?? ?? ?? 0F 8D ?? ?? ?? ?? 85 ED 0F 84 ?? ?? ?? ?? 81 FE ?? ?? ?? ?? BF ?? ?? ?? ?? 7E ?? B8 ?? ?? ?? ?? 2B C6)

tubi:
_tubi:
db 90 90 90 90 90 90
instantdrop:
_instantdrop:
db 25
nolootani:
_nolootani:
db 81 FE 00 00 00 00

[Disable]
_tubi:
db 89 86 40 21 00 00
_instantdrop:
db 0D
_nolootani:
db 81 FE BC 02 00 00

unregistersymbol(_tubi)
unregistersymbol(_instantdrop)
unregistersymbol(_nolootani)

 

Blaze Wizard FMA

Spoiler

[enable]
alloc(find_hit_mob_in_rect_hook,128)

alloc(try_doing_blazewiz_attack_hook,128)
label(try_doing_blazewiz_attack_return)

alloc(mob_get_pos_hook,128)
label(mob_get_pos_return)
label(mob_get_pos_skip)

alloc(set_mob_pos,4)
registersymbol(set_mob_pos)

set_mob_pos:
dd 00000000

00946860:
jmp mob_get_pos_hook
mob_get_pos_return:
dw 9090

mob_get_pos_hook:
cmp [set_mob_pos],00000001
jne mob_get_pos_skip
mov ecx,[0197FDC0]
lea ecx,[ecx+04]
jmp 005DD250
mob_get_pos_skip:
push esi
lea esi,[ecx+0000093C]
jmp mob_get_pos_return

007BF28D:
jmp try_doing_blazewiz_attack_hook
try_doing_blazewiz_attack_return:

try_doing_blazewiz_attack_hook:
mov [set_mob_pos],00000001
call 0121CE20
mov [set_mob_pos],00000000
jmp try_doing_blazewiz_attack_return

007B43E5:
call find_hit_mob_in_rect_hook

find_hit_mob_in_rect_hook:
mov eax,[01984394]
lea eax,[eax+1C]
mov [esp+04],eax
jmp 0099D200

[disable]
00946860:
push esi
lea esi,[ecx+0000093C]

007BF28D:
call 0121CE20

007B43E5:
call 0099D200

unregistersymbol(set_mob_pos)
dealloc(set_mob_pos)

dealloc(mob_get_pos_hook)
dealloc(try_doing_blazewiz_attack_hook)
dealloc(find_hit_mob_in_rect_hook)

 

Mob Speed Up

Spoiler

[Enable]
Alloc(MobSpeedUp, 128)
Label(Return)

MobSpeedUp:
mov dword ptr [esp+18],00
cmp dword ptr [esp+18],00
jmp Return

009BB91B:
jmp MobSpeedUp
Return:

[Disable]
009BB91B:
cmp dword ptr [esp+18],00

DeAlloc(MobSpeedUp)

 

Auto Pot

Spoiler

//Auto Pot
//EMS v115.1
[Enable]
label(Ret)

Alloc(StatHook,128)
Alloc(PressKey,128)

RegisterSymbol(Health)
RegisterSymbol(Mana)

Define(INSERT,01520000)
Define(HOME,01470000)
Define(PAGEUP,01490000)
Define(DEL,01530000)
Define(END,014F0000)
Define(PAGEDOWN,01510000)

Alloc(Health,4)
Alloc(Mana,4)


StatHook:
mov eax,[esp+48]
mov [Health],eax
mov eax,[esp+50]
mov [Mana],eax
/*----------*/
cmp [Mana],#2100 //change to the ammount when to pot and change to mana or hp
jg Ret
/*----------*/
pushad
mov edx, PAGEDOWN //Change pot key here
Call PressKey
popad
jmp Ret

PressKey:
mov esi,[019A1100] //8B 0D ?? ?? ?? ?? 8D 45 ?? 50 89 7D ?? 89 7D ?? E8 ?? ?? ?? ?? 8B 40 ??
mov ecx,[esi+A4]
push edx
push 00
call 0131B8D0 //A1 ?? ?? ?? ?? 85 C0 74 ?? 8D 48 ?? 8B 01 8B 00
ret

010354CD: //8D 44 24 ?? 64 A3 ?? ?? ?? ?? 8B F1 A1 ?? ?? ?? ?? 8B 48 ?? 33 ED
jmp StatHook
db 90 90 90 90 90
Ret:

[Disable]
010354CD: //8D 44 24 ?? 64 A3 ?? ?? ?? ?? 8B F1 A1 ?? ?? ?? ?? 8B 48 ?? 33 ED
lea eax,[esp+38]
db 64 A3 00 00 00 00

DeAlloc(StatHook)
DeAlloc(KeyFunction)

DeAlloc(Health)
DeAlloc(Mana)

 

  • Like 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×