The Dark AllianceASM Knowledge, Game Hacking Info
   Home   Help Search Login Register  
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
The Dark Alliance > Game Hacking > Multi-Player(Online) Games > MapleStory Hacks > [EMS] Hacks/Scripts/Addresses v0.28
Pages: [1]
« previous next »
  Print  
Author Topic: [EMS] Hacks/Scripts/Addresses v0.28  (Read 1566 times)
ColdDoT
Intermediate ASM
***
Posts: 325



WWW
« on: September 13, 2007, 02:02:56 AM »
eMS v28 Hacks/Scripts/Addresses
Patch notices:
In v28 a lot of offsets are changed so i dont know wat happend and why but i'll hoop its not bad

Legend:
NAB This does not Auto Bans (still i do not take responsebilities)
AB This hack Auto Bans (still i do not take responsebilities)
MAB This hack may Auto Bans (still i do not take responsebilities)
Pointer Pointer (some pointer are level 2 pointers)
SetUp Hacks Hacks like CRC Bypass, Pin thingi (1)
Handy Hacks Hacks u have or can use (2)
Vacium Hacks Vacium hacks (3)

Pointers
People scanner - Pointer: 0079A0B8 Offset: 18
Unlimited Attack - Pointer: 0079AC20 Offset: 13C4
No Breath - Pointer: 0079AC20 Offset: 340
Left Wall - Pointer: 0079A0B0 Offset: C
Right Wall - Pointer: 0079A0B0 Offset: 14
Top Wall - Pointer: 0079A0B0 Offset: 10
Bottom Wall - Pointer: 0079A0B0 Offset: 18
Char write X - Pointer: 0079AC20 Offset: 5F4
Char write Y - Pointer: 0079AC20 Offset: 5F8
Char read X - Pointer: 0079ACB8 Offset: 57C
Char read Y - Pointer: 0079ACB8 Offset: 580
Map Mouse X - Pointer: 0079A1F8 Offset1: 10 Offset2: 80
Map Mouse Y - Pointer: 0079A1F8 Offset1: 10 Offset2: 84
Screen Mouse X - Pointer: 0079ABF8 Offset: 94
Screen Mouse Y - Pointer: 0079ABF8 Offset: 98


Scripts
CRC Bypass NAB CEM file (required)
Code: (text)
  1. [ENABLE]
  2. ALLOC(crc,128)
  3. ALLOC(dump,3670016)
  4. LABEL(oldmem)
  5. LABEL(ret)
  6. LOADBINARY(dump,eMSv28.cem)
  7.  
  8. crc:
  9. CMP ECX,00400000
  10. JB oldmem
  11. CMP ECX,00780000
  12. JA oldmem
  13. MOV EAX,dump
  14. ADD ECX, dump-400000
  15.  
  16. oldmem:
  17. MOV EAX,[EBP+10]
  18. DB 56 57
  19. JMP ret
  20.  
  21. 00458BAE:
  22. JMP crc
  23. ret:
  24.  
  25. [DISABLE]
  26. 00458BAE: //8B 45 10 56 57 8B 7D ?? 83 FF
  27. MOV EAX,[EBP+10]
  28. DB 56 57
  29. DEALLOC(crc)
  30. DEALLOC(dump)

Pin Unrandomizer NAB
Code: (text)
  1. [enable]
  2. alloc(pinunrandom,128)
  3. label(returnhere)
  4.  
  5. pinunrandom:
  6. add eax,edx
  7. push edx
  8. shr edx,1
  9. mov [eax],edx
  10. pop edx
  11. cmp byte ptr [eax],ff
  12. jmp returnhere
  13.  
  14. 0060729C:
  15. jmp pinunrandom
  16. returnhere:
  17.  
  18. [disable]
  19. 0060729C: //03 C2 80 38 ?? 73 ?? 80 E1 ?? D0 E1 EB
  20. add eax,edx
  21. cmp byte ptr [eax],0a

Pin Typer NAB
Code: (text)
  1. [Enable]
  2. 00472FC5:
  3. db 0f 83
  4.  
  5. [disable]
  6. 00472FC5: //0F 86 ?? ?? ?? ?? 83 FA ?? 0F 87 ?? ?? ?? ?? A1
  7. db 0f 86

Unlimited pin amount NAB
Code: (text)
  1. [Enable]
  2. //You can change your pin to infinite amount of numbers/letters. Its purpose is to mess
  3. //with people or make your pin impossible to brute force with ACTools.
  4. //Don't use it with pin unrandomizer
  5.  
  6. 0060729C:
  7. db 90 90
  8.  
  9. [Disable]
  10. 0062946E:
  11. add eax,edx

UA bypass NAB
Code: (text)
  1. [enable]
  2. alloc(UnlimitedAttack,64)
  3. alloc(UnlimitedCheck,44)
  4.  
  5. UnlimitedAttack:
  6. mov eax,[0079AC20]
  7. mov ebx,[eax+5F4]
  8. sub ebx,00000001
  9. mov [eax+5F4],ebx
  10. popad
  11. cmp eax,edi
  12. mov [ebp-20],eax
  13. je 0051E20D
  14. jmp 0051E1AE
  15.  
  16. UnlimitedCheck:
  17. pushad
  18. mov eax,[0079AC20]
  19. mov eax,[eax+13C4]
  20. cmp eax,00000062
  21. jnl UnlimitedAttack
  22. popad
  23. cmp eax,edi
  24. mov [ebp-20],eax
  25. je 0051E20D
  26. jmp 0051E1AE
  27.  
  28. 0051E1A7:
  29. jmp UnlimitedCheck
  30.  
  31. [DISABLE]
  32. 0051E1A7: //3B C7 89 45 ?? 74 ?? FF B3 ?? ?? ?? ?? 8D 83 ?? ?? ?? ?? 50
  33. cmp eax,edi
  34. mov [ebp-20],eax
  35. db 74 5f
  36.  
  37. dealloc(UnlimitedAttack)
  38. dealloc(UnlimitedCheck)

NGRush NAB CEA file (required)
Code: (text)
  1. [ENABLE]
  2. alloc(Ngr, 384)
  3. label(rtnNgr)
  4. label(matchAny)
  5. label(ptlDone)
  6. label(goHome)
  7.  
  8. label(mapFind)
  9. label(mapNxt)
  10. label(dirnOk)
  11. label(mapFindDone)
  12.  
  13. label(cPtlNxt)
  14. label(cPtlNFnd)
  15. label(cPtlDone)
  16. label(fndExtPtl)
  17.  
  18. label(prevMapId)
  19. label(rushDir)
  20.  
  21. alloc(paths,2048)
  22.  
  23. Ngr:
  24.     mov [ebp-18], eax
  25.     pushad
  26.     mov edi, 0079ACB8      //A1 ?? ?? ?? ?? 53 56 33 F6 3B C6 57 89 4D ?? 89 75
  27.     lea esi, [edi+4]
  28.     mov edi, [edi]
  29.     mov edi, [edi+5D4]     //edi=curr Map
  30.     mov esi, [esi]
  31.     mov esi, [esi+4]       //esi=portal base
  32.     call mapFind           //find map in path
  33.     test eax,eax
  34.     jz matchAny            //if curr. map not in path, do matchAny
  35.     push eax               //find portal to nxtMap
  36.     mov edx, [esi-4]
  37.     call cPtlNxt
  38.     test eax,eax           //found portal to NxtMap?
  39.     jnz ptlDone
  40.  
  41.   matchAny:
  42.     push eax               //find ANY external portal
  43.     mov edx, [esi-4]
  44.     call cPtlNxt
  45.  
  46.   ptlDone:
  47.     test eax,eax           //found any useful portals?
  48.     jz goHome
  49.     push [eax+c]           //Portal X
  50.     pop dword ptr[ebp-1C]  //Spawn X
  51.  
  52.     push [eax+10]          //Portal Y
  53.     pop dword ptr[ebp-18]  //Spawn Y
  54.  
  55.   goHome:
  56.     mov [prevMapId], edi
  57.     popad
  58.     cmp dword ptr [edi+10], 0
  59.     jmp rtnNgr
  60.  
  61. cPtlNxt:
  62.     dec edx
  63.  
  64.     test edx,edx           //checked all portals?
  65.     js cPtlNFnd
  66.  
  67.     mov eax, [esi+8*edx+4] //portal
  68.     mov ecx, [eax+14]      //dest. map
  69.  
  70.     cmp ecx,edi            //skip internal portals
  71.     je cPtlNxt
  72.  
  73.     cmp ecx,[prevMapId]    //skip ptl to prevMap
  74.     je cPtlNxt
  75.  
  76.     cmp [eax+8],7          //accept type7 (fm)
  77.     je fndExtPtl
  78.  
  79.     cmp ecx,3B9AC9FF       //skip portal 99999999
  80.     je cPtlNxt
  81.  
  82.   fndExtPtl:
  83.     cmp [esp+4],0          //matchAny mode?
  84.     jz cPtlDone
  85.  
  86.     cmp [esp+4],ecx        //found map?
  87.     jz cPtlDone
  88.     jmp cPtlNxt
  89.  
  90.   cPtlNFnd:
  91.     xor eax,eax
  92.   cPtlDone:
  93.     ret 4
  94.  
  95. mapFind:
  96.     xor edx,edx
  97.  
  98.   mapNxt:
  99.     inc edx
  100.     mov eax, [paths+edx*4]
  101.  
  102.     test eax,eax           //end of paths?
  103.     jz mapFindDone
  104.  
  105.     cmp eax, edi           //found map in path?
  106.     jnz mapNxt
  107.  
  108.     //update rushDir
  109.     mov eax, [rushDir]
  110.     lea eax, [paths+eax*4]
  111.     mov eax, [eax+edx*4]
  112.     cmp eax, [prevMapId]
  113.     jne dirnOk
  114.     neg [rushDir]
  115.  
  116.   dirnOk:
  117.     add edx, [rushDir]
  118.     mov eax, [paths+edx*4]
  119.   mapFindDone:
  120.     ret
  121.  
  122. prevMapId:
  123. dd 0
  124.  
  125. rushDir:
  126. dd 1
  127.  
  128. paths:
  129. dd 0
  130. include(paths.cea)
  131. dd 0
  132.  
  133. 006585B1:
  134. jmp Ngr
  135. db 90 90
  136. rtnNgr:
  137. db eb
  138.  
  139. [DISABLE]
  140. 006585B1: //83 7F 10 00 89 45 E8 74 ?? 8B 47 08
  141. db 83 7f 10 00 89 45 E8 74
  142.  
  143. dealloc(NGR, 384)
  144. dealloc(paths,2048)

Skill Hack (tele only)(hotkey = Nimble Feet) NAB
Code: (text)
  1. [ENABLE]
  2. Alloc(SkTeleport,512)
  3. Label(Sklvl)
  4. Label(SkNormal)
  5. Label(Skret)
  6. Label(Sklvlret)
  7. Label(lvlNormal)
  8.  
  9. SkTeleport:
  10. cmp [eax],3EA
  11. jne SkNormal
  12. mov [eax], 4C4F2F //Teleport //= 2F 4F 4C
  13. jmp SkNormal
  14.  
  15. Sklvl:
  16. cmp [edi], 4C4F2F //Teleport
  17. jne lvlNormal
  18. mov [edi],3EA
  19. jmp lvlNormal
  20.  
  21. SkNormal:
  22. push [ebp+08]
  23. mov edi,[eax]
  24. jmp Skret
  25.  
  26. lvlNormal:
  27. mov eax,[edi]
  28. push 05
  29. push eax
  30. jmp Sklvlret
  31.  
  32. 005FDC87:
  33. jmp SkTeleport
  34. Skret:
  35.  
  36. 00445909:
  37. jmp Sklvl
  38. Sklvlret:
  39.  
  40. [Disable]
  41. 005FDC87: //FF 75 ?? 8B 38 8B CE E8 ?? ?? ?? ?? 8B 45 ?? 8D 48 ?? F7
  42. push [ebp+08]
  43. mov edi,[eax]
  44.  
  45. 00445909: //8B 07 6A ?? 50 E8 ?? ?? ?? ?? 33 D2 F7 76 ?? 8B
  46. mov eax,[edi]
  47. push 05
  48. push eax
  49.  
  50. Dealloc(SkTeleport)

Talk bypass NAB
Code: (text)
  1. [Enable]
  2. 0044C57F:
  3. db 90 90
  4.  
  5. 0044C1A9:
  6. db eb
  7.  
  8. 0044C1F1:
  9. db eb
  10.  
  11. [disable]
  12. 0044C57F: //74 ?? 80 3F ?? 75 ?? 33 C0 8A 06 50 FF 15
  13. db 74 1c
  14.  
  15. 0044C1A9: //74 ?? 83 45 ?? ?? 83 7D ?? ?? 7C ?? FF 15
  16. db 74
  17.  
  18. 0044C1F1: //73 ?? FF 15 ?? ?? ?? ?? 33 FF 57 57 57 51
  19. db 73

Super tubi MAB
Code: (text)
  1. [ENABLE]
  2. 00489108:
  3. db 90 90
  4.  
  5. [DISABLE]
  6. 00489108: //75 ?? 83 7C 24 ?? ?? 75 ?? 8B 86
  7. db 75 36

2x Drop Speed NAB
Code: (text)
  1. [enable]
  2. 00438AF6:
  3. push 00
  4.  
  5. [disable]
  6. 00438AF6:
  7. push 01

Item Gravity NAB
Code: (text)
  1. [enable]
  2. 00490836:
  3. jne 00490841
  4.  
  5.  
  6. [DISABLE]
  7. 00490836:
  8. je 00490841

Moonwalk NAB
Code: (text)
  1. [enable]
  2. 0064E25B:
  3. db 90 90
  4.  
  5. [disable]
  6. 0064E25B:
  7. db 75 38

Item Jumps verry high NAB
Code: (text)
  1. [enable]
  2. 00698638:
  3. jne 00698643
  4.  
  5. [Disable]
  6. 00698638:
  7. je 00698643

Poo Poo NAB
Code: (text)
  1. [ENABLE]
  2. 0065B8B7:
  3. db 75
  4.  
  5. [DISABLE]
  6. 0065B8B7: //74 ?? 8B 45 ?? 23 C3 83 C8 ?? Eb ?? 39
  7. db 74

Unrandomizer NAB
Code: (text)
  1. [Enable]
  2. 006E7BFD:
  3. mov eax,0
  4. //0= STR
  5. //1= DEX
  6. //2 = INT
  7. //3 = LUK
  8.  
  9. [Disable]
  10. 006E7BFD: //25 FF 7F 00 00 C3 CC
  11. and eax,00007fff

Levitation+swim MAB
Code: (text)
  1. [Enable]
  2. 00693CE0:
  3. db 0f 85
  4.  
  5. 00558FDB:
  6. db 74 04
  7.  
  8. [Disable]
  9. 00693CE0: //0F 84 ?? ?? ?? ?? 8B 8E ?? ?? ?? ?? A1 ?? ?? ?? ?? 8B 58 ?? 83 C1
  10. db 0f 84
  11.  
  12. 00558FDB: //73 ?? 6A ?? 58 C3 33 C0 C3
  13. db 73 04
  14.  

Perfect no breath NAB
Code: (text)
  1. [Enable]
  2. 004A8D4F:
  3. db eb
  4.  
  5. 0048B4D3:
  6. db eb
  7.  
  8. 006BAA2B:
  9. db eb
  10.  
  11. [Disable]
  12. 004A8D4F: //7E ?? 57 57 57 51 8B C4 89 65
  13. db 7e
  14.  
  15. 0048B4D3: //7E ?? 51 51 51 51 8B C4 89 65
  16. db 7e
  17.  
  18. 006BAA2B: //7E ?? 57 57 57 51 8B C4 89 65 + Search 2
  19. db 7e

Speed Attack NAB
Code: (text)
  1. [Enable]
  2. alloc(SpeedAttack,128)
  3. alloc(counter,4)
  4. alloc(times,4)
  5. label(Speed)
  6. label(retunhere)
  7. registersymbol(counter)
  8. registersymbol(times)
  9.  
  10. times:
  11. db 04
  12.  
  13. counter:
  14. db 00
  15.  
  16. SpeedAttack:
  17. push eax
  18. mov eax,[times]
  19. cmp [counter],eax
  20. pop eax
  21. jl Speed
  22. mov [counter],00
  23. add eax,0A
  24. Speed:
  25. add [counter],01
  26. mov [ebp+0c],eax
  27. jmp retunhere
  28.  
  29. 0042C987: // 83 C0 ?? 89 45 ?? 83 BB
  30. jmp SpeedAttack
  31. nop
  32. retunhere:
  33.  
  34. [disable]
  35. 0042C987: // 83 C0 ?? 89 45 ?? 83 BB
  36. add eax,0a
  37. mov [ebp+0c],eax
  38.  
  39. dealloc(SpeedAttack,128)
  40. dealloc(counter,4)
  41. dealloc(times,4)
  42. unregistersymbol(counter)
  43. unregistersymbol(times)

Meso Drop NAB
Code: (text)
  1. [Enable]
  2. registersymbol(Value)
  3. alloc(Value,4)
  4. alloc(Meso,32)
  5.  
  6. Value:
  7. db 00 00
  8.  
  9. Meso:
  10. mov eax, [Value]
  11. mov [esi+000000bc], eax
  12. jmp 0068F61D
  13.  
  14. 0068F617:
  15. jmp Meso
  16. db 90
  17.  
  18. [Disable]
  19. 0068F617: //89 86 BC 00 00 00 7D ?? 68
  20. mov [esi+000000bc], eax
  21.  
  22. dealloc(Meso,32)
  23. dealloc(Value,4)
  24. unregistersymbol(Value)

1 Hit GodMode NAB
Code: (text)
  1. [ENABLE]
  2. 0064B6A7:
  3. db 0F 84
  4.  
  5. [DISABLE]
  6. 0064B6A7: //0F 85 ?? ?? ?? ?? 89 7D ?? 8B B3
  7. db 0F 85

No Knockback NAB
Code: (text)
  1. DOESENT WORK

Suck Up NAB
Code: (text)
  1. [ENABLE]
  2. 00695365:
  3. db 76
  4.  
  5. [DISABLE]
  6. 00695365: //73 ?? DD 45 ?? 8D 4E ?? 51 51 DD 1C 24
  7. db 73

Suck Left NAB
Code: (text)
  1. [ENABLE]
  2. 00695265:
  3. db 76
  4.  
  5. [DISABLE]
  6. 00695265: //73 ?? DD 45 ?? 8B CE 51 51 DD 1C 24
  7. db 73

Suck Right NAB
Code: (text)
  1. [enable]
  2. 006952D4:
  3. db 77
  4.  
  5. [disable]
  6. 006952D4: //76 ?? DD 45 ?? 8B CE 51 51 DD 1C 24
  7. db 76

Fall trough floor NAB
Code: (text)
  1. [enable]
  2. 006945F7:
  3. db 0f 83
  4.  
  5. [disable]
  6. 006945F7: //0F 86 ?? ?? ?? ?? 8B 45 ?? 8B 4D ?? 0F AF 4D ?? 89
  7. db 0f 86

Instand drop NAB
Code: (text)
  1. [ENABLE]
  2. 00735AC0:
  3. db 00 00 00 00 00 00 00 00
  4.  
  5. [DISABLE]
  6. 00735AC0: // 00 00 00 00 00 40 8F 40
  7. db 00 00 00 00
  8. add [eax-71], al
  9. inc eax


Server Sided Mouse Teleport NAB
Code: (text)
  1. [ENABLE]
  2. alloc(HotKeysHook,100)
  3. alloc(ServerSided,100)
  4. alloc(switch,1)
  5. label(teleport)
  6. label(end)
  7. label(quit)
  8. label(on)
  9. label(return)
  10.  
  11. switch:
  12. db 00
  13.  
  14. HotKeysHook:
  15. test edi,80000000
  16. jns quit
  17.  
  18. cmp [ebp+c],10 // Shift
  19. jne quit
  20.  
  21. cmp byte ptr [switch],00
  22. je on
  23. mov byte ptr [switch],00
  24. jmp quit
  25.  
  26. on:
  27. mov byte ptr [switch],01
  28. quit:
  29. push [esp+8]
  30. push [esp+8]
  31. jmp return
  32.  
  33. ServerSided:
  34. pushad
  35. cmp byte ptr [switch],01
  36. jne end
  37. mov eax,[0079AC20]
  38. cmp dword ptr [eax+344],06
  39. je teleport
  40. cmp dword ptr [eax+344],07
  41. jne end
  42.  
  43. teleport:
  44. mov edx,[0079A1F8]
  45. mov edx,[edx+10]
  46. mov ebx,[edx+80]
  47. mov ecx,[edx+84]
  48. mov [eax+E24],ebx
  49. mov [eax+E28],ecx
  50. mov [eax+344],00000013
  51.  
  52. end:
  53. popad
  54. mov [ebx],eax
  55. mov edi,[ebp+10]
  56. ret
  57.  
  58. 00696691:
  59. call ServerSided
  60.  
  61. 004A63F5:
  62. jmp HotKeysHook
  63. db 90 90 90
  64. return:
  65.  
  66. [disable]
  67. 00696691: //89 03 8B 7D 10 85 FF 74 ?? FF B6 ?? ?? ?? ?? 8D 46
  68. mov [ebx],eax
  69. mov edi,[ebp+10]
  70.  
  71. 004A63F5: //FF 74 24 08 FF 74 24 08 E8
  72. push [esp+08]
  73. push [esp+08]
  74.  
  75. dealloc(HotKeysHook)
  76. dealloc(ServerSided)
  77. dealloc(switch)

Item filter NAB
Code: (text)
  1. [ENABLE]
  2. Alloc(filter,124)
  3. label(ifreject)
  4. label(end)
  5. label(skip)
  6. Alloc(iftable,16024)
  7. label(ifexit)
  8.  
  9. filter:
  10. push ebx
  11. push esi
  12. xor ebx, ebx
  13. mov esi,iftable
  14.  
  15. ifreject:
  16. cmp eax,[esi]
  17. je skip
  18. cmp [esi],ebx
  19. je end
  20. add esi,4
  21. jmp ifreject
  22.  
  23. skip:
  24. mov eax,00
  25.  
  26. end:
  27. pop esi
  28. pop ebx
  29. mov [edi+34], eax
  30. mov edi, [ebp-14]
  31. jmp ifexit
  32.  
  33. iftable:                            
  34. //Usable Items
  35. dd 1F6EE0 //Arrow for Bow
  36. dd 1F72C8 //Arrow for Crossbow
  37. dd 1F6EE1 //Bronze Arrow for Bow
  38. dd 1F72C9 //Bronze Arrow for Crossbow
  39.  
  40. //Potions
  41. dd 1E8480 //Red Potion
  42. dd 1E8481 //Orange Potion
  43. dd 1E8482 //White Potion
  44. dd 1E8483 //Blue Potion
  45. dd 1E8486 //Mana Elixer
  46.  
  47. dd 1E8487 //Red Pill
  48. dd 1E8488 //Orange Pill
  49. dd 1E8489 //White Pill
  50. dd 1E848A //Blue Pill
  51. dd 1E848B //Mana Elixer Pill
  52.  
  53. dd 1E8484 //Elixer
  54. dd 1E8485 //Power Elixer
  55.  
  56. dd 1F47D4 //All Cure Potion
  57. dd 1F47D0 //Antidote
  58. dd 1F47D1 //Eye Drop
  59. dd 1F47D3 //Holy Water
  60. dd 1F47D2 //Tonic
  61.  
  62. dd 1E8C50 //Dexterity Potion
  63. dd 1E8C52 //Magic Potion
  64. dd 1E8C55 //Sniper Potion
  65. dd 1E8C51 //Speed Potion
  66. dd 1E8C54 //Warrior Potion
  67. dd 1E8C53 //Wizard Potion
  68.  
  69. dd 1E8C59 //Dexterity Pill
  70. dd 1E8C57 //Magic Pill
  71. dd 1E8C58 //Sniper Pill
  72. dd 1E8C5A //Speed Pill
  73. dd 1E8C56 //Warrior Pill
  74.  
  75. dd 1EAB93 //Orange
  76. dd 1EAB94 //Lemon
  77.  
  78. //Rocks
  79. //dd 3D2071 //The Summoning Rock
  80. //dd 3D2070 //The Magic Rock
  81.  
  82. //Mini-Game Items
  83. dd 3D7E3C //Monster Card
  84. dd 3D7E3D //Bloctopus Omok Piece
  85. dd 3D7E31 //Mushroom Omok Piece
  86. dd 3D7E3A //Octopus Omok Piece
  87. dd 3D7E39 //Omok Table
  88. dd 3D7E3F //Panda Teddy Omok Piece
  89. dd 3D7E3B //Pig Omok Piece
  90. dd 3D7E3E //Pink Teddy Omok Piece
  91. dd 3D7E30 //Slime Omok Piece
  92. dd 3D7E40 //Trixter Omok Piece
  93.  
  94. //Ores
  95. dd 3D3013 //Adamantium Ore
  96. dd 3D3010 //Bronze Ore
  97. //dd 3D3016 //Gold Ore
  98. dd 3D3012 //Mithril Ore
  99. dd 3D3015 //Orihalcon Ore
  100. dd 3D3014 //Silver Ore
  101. dd 3D3011 //Steel Ore
  102.  
  103. //Jewel Ores
  104. dd 3D5721 //Amethyst Ore
  105. dd 3D5722 //Aquamarine Ore
  106. //dd 3D5728 //Black Crystal Ore
  107. //dd 3D5727 //Diamond Ore
  108. dd 3D5723 //Emerald Ore
  109. dd 3D5720 //Garnet Ore
  110. dd 3D5724 //Opal Ore
  111. dd 3D5725 //Sapphire Ore
  112. dd 3D5726 //Topaz Ore
  113. dd 00
  114.  
  115. 00491571:
  116. jmp filter
  117. db 90
  118. ifexit:
  119.  
  120. [DISABLE]
  121. dealloc(filter)
  122. dealloc(IFTable)
  123.  
  124. 00491571: //89 47 34 8B 7D ?? 8B CE E8 ?? ?? ?? ?? 89 47 ?? 8B
  125. MOV [EDI+34], EAX
  126. MOV EDI, [EBP-14]

Zero Vac NAB
Code: (text)
  1. [Enable]
  2. 0051E29D:
  3. je 0051e2b4
  4. 0051E2B2:
  5. jne 0051e2c4
  6.  
  7. [Disable]
  8. 0051E29D:
  9. jne 0051e2b4
  10. 0051E2B2:
  11. je 0051e2c4

Slow DupeX NAB
Code: (text)
  1. [Enable]
  2. //Pointer: Pointer Offset: 110
  3. alloc(CodeCave,32)
  4. alloc(Pointer,32)
  5. registersymbol(CodeCave)
  6. registersymbol(Pointer)
  7. label(ReturnHere)
  8.  
  9. CodeCave:
  10. push ecx
  11. mov ecx,Pointer
  12. mov [ecx],esi
  13. pop ecx
  14. mov [esi+00000114],edi
  15. jmp ReturnHere
  16.  
  17. 00695589:
  18. jmp CodeCave
  19. db 90
  20.  
  21. ReturnHere:
  22.  
  23. [DISABLE]
  24. 00695589: // 89 Be 14 01 00 00 EB ?? 83 7D ?? ?? 74 ?? 8B
  25. mov [esi+00000114],edi
  26.  
  27. dealloc(CodeCave)
  28. dealloc(Pointer)
  29. unregistersymbol(CodeCave)
  30. unregistersymbol(Pointer)

YoYo DupeX NAB
Code: (text)
  1. [ENABLE]
  2. alloc(YoYoDupe, 1024)
  3. alloc(RunFlag, 4)
  4. alloc(ESIValue, 4)
  5. alloc(EDIValue, 4)
  6. alloc(ESIAddy,4)
  7. alloc(hookit,128)
  8. registersymbol(ESIAddy)
  9. label(returnhere)
  10. label(NoVac)
  11. label(DupeXVac)
  12. label(DoNormal)
  13. label(back)
  14.  
  15. YoYoDupe:
  16. push eax
  17. push ecx
  18. cmp [RunFlag], 2
  19. je DupeXVac
  20. mov eax, 0079AC20
  21. mov eax, [eax]
  22. add eax, 61C
  23. mov eax, [eax]
  24. sub eax, C
  25. mov [ESIValue],eax
  26. mov eax,[eax+114]
  27. mov [EDIValue],eax
  28. inc [RunFlag]
  29. inc [RunFlag]
  30.  
  31. DupeXVac:
  32. cmp esi,[ESIValue]
  33. je DoNormal
  34. push ecx
  35. mov ecx,ESIAddy
  36. mov [ecx],esi
  37. pop ecx
  38.  
  39. DoNormal:
  40. mov [esi+00000110],edi
  41. pop ecx
  42. pop eax
  43. jmp back
  44.  
  45. ESIAddy:
  46. db 00 00 00 00
  47.  
  48. RunFlag:
  49. db 00 00 00 00
  50.  
  51. ESIValue:
  52. db 00 00 00 00
  53.  
  54. EDIValue:
  55. db 00 00 00 00
  56.  
  57. 006955C5:
  58. jmp YoYoDupe
  59. db 90
  60. back:
  61.  
  62. 0051E2F5:
  63. jmp hookit
  64. nop
  65. returnhere:
  66.  
  67. hookit:
  68. cmp [ESIAddy], 0
  69. je NoVac
  70. push eax
  71. push ebx
  72. mov eax,[ESIAddy]
  73. mov ebx,[EDIValue]
  74. mov [eax+110],ebx
  75. mov eax,[eax+110]
  76. mov [eax+4c],ebx
  77. mov [eax+50],ebx
  78. pop ebx
  79. pop eax
  80.  
  81. NoVac:
  82. mov [ebx+00000400],eax
  83. jmp returnhere
  84.  
  85. [DISABLE]
  86. unregistersymbol(ESIAddy)
  87. dealloc(YoYoDupe)
  88. dealloc(RunFlag)
  89. dealloc(ESIValue)
  90. dealloc(EDIValue)
  91. dealloc(ESIAddy)
  92. dealloc(hookit)
  93.  
  94. 0051E2F5: //89 83 00 04 00 00 8D 85
  95. mov [ebx+00000400],eax
  96.  
  97. 006955C5: //89 BE 10 01 00 00 E8
  98. mov [esi+00000110],edi

Delay DupeX NAB
Code: (text)
  1. [Enable]
  2. //Add addres DupeXSwitch
  3. //DXS = 0 [OFF]
  4. //DXS < 0 [FOLLOW]
  5. //DXS > 0 [STAY]
  6. alloc(DupeX, 256)
  7. alloc(CharESI, 4)
  8. alloc(CharPID, 4)
  9. alloc(PreviousESI, 4)
  10. alloc(DupeXSwitch, 4)
  11. registerSymbol(DupeXSwitch)
  12. label(NoVac)
  13. label(DupeXVac)
  14. label(LoadChar)
  15. label(RefreshPID)
  16. label(EndLoadChar)
  17. label(LoadESI)
  18. label(LoadPID)
  19. label(EndLoadPID)
  20. label(DelayDupeX)
  21. label(EndDDX)
  22. label(LoadPrevious)
  23. label(NormalDupeX)
  24. label(EndDupeX)
  25.  
  26. CharESI:
  27. dd 00000000
  28. CharPID:
  29. dd 00000000
  30. PreviousESI:
  31. dd 00000000
  32. DupeXSwitch:
  33. dd 00000000
  34.  
  35. DupeX:
  36. push eax
  37. xor eax, eax
  38. cmp eax, [DupeXSwitch]
  39. je NoVac
  40. jmp DupeXVac
  41.  
  42. NoVac:
  43. mov [CharESI], eax
  44. mov [CharPID], eax
  45. mov [PreviousESI], eax
  46. jmp NormalDupeX
  47.  
  48. DupeXVac:
  49. call LoadChar
  50. call DelayDupeX
  51. cmp [CharESI], esi
  52. je NormalDupeX
  53. call LoadPrevious
  54. jmp NormalDupeX
  55.  
  56. LoadChar:
  57. call LoadESI
  58. cmp eax, [CharPID]
  59. je RefreshPID
  60. cmp [DupeXSwitch], eax
  61. jl RefreshPID
  62. jmp EndLoadChar
  63. RefreshPID:
  64. call LoadPID
  65. EndLoadChar:
  66. ret
  67.  
  68. LoadESI:
  69. push eax
  70. mov eax,[0079A0B8] //8B 0D ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 8B F0 3B F3
  71. mov eax,[eax+8]
  72. mov eax,[eax+61C] //8B 81 ?? ?? ?? ?? 8D 48 F4 F7 D8 1B C0 23 C1
  73. sub eax, C
  74. mov [CharESI], eax
  75. pop eax
  76. ret
  77.  
  78. LoadPID:
  79. push ebx
  80. mov ebx, [CharESI]
  81. mov ebx, [ebx+110]
  82. cmp eax, ebx
  83. je EndLoadPID
  84. mov [CharPID], ebx
  85. EndLoadPID:
  86. pop ebx
  87. ret
  88.  
  89. DelayDupeX:
  90. push esi
  91. mov esi, [PreviousESI]
  92. test esi, esi
  93. je EndDDX
  94. mov eax, [CharPID]
  95. mov [esi+110],eax
  96. mov [esi+114],eax
  97. EndDDX:
  98. pop esi
  99. ret
  100.  
  101. LoadPrevious:
  102. mov [PreviousESI], esi
  103. ret
  104.  
  105. NormalDupeX:
  106. pop eax
  107. mov [esi+114], edi
  108. jmp EndDupeX
  109.  
  110. 00695589:
  111. jmp DupeX
  112. db 90
  113. EndDupeX:
  114.  
  115. [Disable]
  116. 00695589: //89 BE 14 01 00 00 EB ?? 83 7D
  117. mov [esi+00000114],edi
  118.  
  119. dealloc(DupeX)
  120. dealloc(CharESI)
  121. dealloc(CharPID)
  122. dealloc(PreviousESI)
  123. dealloc(DupeXSwitch)
  124. unregisterSymbol(DupeXSwitch)
-------------------------Credits-------------------------
ColdDoT
Original Makers
Noobzijn
Logged
Time can change u, But u can't change time
AdBot
Joex
Guest
« Reply #1 on: September 27, 2007, 09:19:28 PM »
Wow, alot of hacks work... and Ems is bypassed?

ColdDot, is it worth switching from GMS to EMS?
Logged
igoticecream
Intermediate ASM
***
Posts: 428
« Reply #2 on: September 27, 2007, 09:43:13 PM »
hell no. its like a kMS player move to gMS, lol
Logged
Joex
Guest
« Reply #3 on: September 27, 2007, 09:44:32 PM »
Lol, alright.

:( I wanna hack again.
((I wanna make hacks again))
Logged
AdBot
igoticecream
Intermediate ASM
***
Posts: 428
« Reply #4 on: September 27, 2007, 10:01:48 PM »
try another game? im currently exploding all the CE funtions (including in-game trace instruction ^^) with AoE2
Logged
Chris
Guest
« Reply #5 on: September 27, 2007, 11:09:46 PM »
Quote from: "igoticecream"
try another game? im currently exploding all the CE funtions (including in-game trace instruction ^^) with AoE2

whoa...wait a second, some versions don't have the int1/3's detected? Or are you dbvming using the old DA engine on an earlier rev?
Logged
igoticecream
Intermediate ASM
***
Posts: 428
« Reply #6 on: September 27, 2007, 11:17:59 PM »
Quote from: "Chris"
Quote from: "igoticecream"
try another game? im currently exploding all the CE funtions (including in-game trace instruction ^^) with AoE2

whoa...wait a second, some versions don't have the int1/3's detected? Or are you dbvming using the old DA engine on an earlier rev?

AoE2 is Age of Empires: Ages of kings, its an offline game =D, no protection needed
Logged
senchi
Guest
« Reply #7 on: December 11, 2007, 07:08:49 PM »
wow nice work man i wish UPT still work on gms -.-
Logged
Maple_uchiha15
Guest
« Reply #8 on: December 22, 2007, 01:11:16 AM »
i also want to hack again i got a 42 warrior and sin that i want to get atleast over 60 in the 3 day period
can anyone one help...im sorta new here...
Logged
linosal
Administrator
Master Assembler
*****
Posts: 2068



WWW
« Reply #9 on: December 27, 2007, 02:16:28 PM »
What ver is EMS currently on?
Logged
--
EpiC
Guest
« Reply #10 on: January 23, 2008, 08:18:21 AM »
is version v34 now it would help to update this as i got no AOB's for this  -_-
Logged
SXGuy
Master Assembler
*****
Posts: 1798
« Reply #11 on: January 23, 2008, 08:33:14 AM »
Quote from: "EpiC"
is version v34 now it would help to update this as i got no AOB's for this  -_-

Next time, please actually look at the scripts so you can notice they include AOB's before posting, because you have made yourself look silly with your first post already :)
Logged
TheLeecher: "I wasn't sure if the OP was talking about the Big Bang theory or the Bing Bang theory. I once believed in the Gang Bang theory but that was long ago."
EpiC
Guest
« Reply #12 on: January 23, 2008, 08:38:23 AM »
ok now build a bridge and get over it
Logged
SXGuy
Master Assembler
*****
Posts: 1798
« Reply #13 on: January 23, 2008, 08:42:06 AM »
If you wish to continue being a member here, it would be wise to not get cheeky with moderators.

Thread locked until ColdDoT updates.
Logged
TheLeecher: "I wasn't sure if the OP was talking about the Big Bang theory or the Bing Bang theory. I once believed in the Gang Bang theory but that was long ago."
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
DB Theme: deruni 		Valid XHTML 1.0! Valid CSS!