PDA

View Full Version : [Addresses] EMS Latest Hack Addresses 0.11

barthen
24th August 2006, 15:24
Credits go to the original discoverers

Memory View:

God Mode » 5C5630 | ZF [x][ ]
Super Tubi » 469D17 | ZF [x][x]
Slow Tubi » 469F6C | ZF [x][x]
DupeX » 6004CB | EIP
Speed Attack » 424396 or 424318 | EAX
Fly » 5FDE63 | ZF [x][ ]
Unrandomizer » 6460FD | EAX



Pointer hacks:

Unlimited Attack » 6DD2B4 - Offset: D70
No Breath » 6DD2B4 - Offset: 230
Charachter X » 6DD2F0 - Offset: 564
Charachter Y » 6DD2F0 - Offset: 568
Left Wall » 6DC950 - Offset: 10
Right Wall » 6DC950 - Offset: 8
Top Wall » 6DC950 - Offset: C
Bottom Wall » 6DC950 - Offset: 4
Item X » 6DD2B4 - Offset: 344
Item Y » 6DD2B4 - Offset: 348



DUPEX SCRIPTS:

DupeXVac (monsters follow you)

alloc(FindCharacterAddress, 1024)
alloc(ListOffset, 4)
alloc(ESIList, 1024)
alloc(DupeXVac, 1024)
alloc(EDIValue, 4)
label(EndSearch)
label(CompareOffset)
label(StoreESI)
label(DoNormal)
label(LeaveMe)

FindCharacterAddress:
mov [esi+114],edi
push eax
push ebx
push ecx
push edx
mov eax,0
mov ebx,ListOffset
mov ecx,ESIList
mov edx,EDIValue

CompareOffset:
cmp eax,[ebx]
je StoreESI
cmp esi,[ecx+eax*4]
je EndSearch
inc eax
jmp CompareOffset

StoreESI:
mov [ecx+eax*4],esi
inc eax
mov [ebx],eax
mov [edx],edi

EndSearch:
pop edx
jmp LeaveMe

DupeXVac:
push eax
push ebx
push ecx
mov ebx,[ListOffset]
dec ebx
mov ecx,ESIList
mov eax,[ecx+ebx*4]
cmp esi,eax
je DoNormal
mov edi,[eax+114]

DoNormal:
mov [esi+114],edi

LeaveMe:
pop eax
pop ebx
pop ecx
jmp 6004d1


DupeXMonster (monsters stay where you last touched the ground)

alloc(FindCharacterAddress, 1024)
alloc(ListOffset, 4)
alloc(ESIList, 1024)
alloc(DupeXVac, 1024)
alloc(EDIValue, 4)
label(EndSearch)
label(CompareOffset)
label(StoreESI)
label(DoNormal)
label(LeaveMe)

FindCharacterAddress:
mov [esi+114],edi
push eax
push ebx
push ecx
push edx
mov eax,0
mov ebx,ListOffset
mov ecx,ESIList
mov edx,EDIValue

CompareOffset:
cmp eax,[ebx]
je StoreESI
cmp esi,[ecx+eax*4]
je EndSearch
inc eax
jmp CompareOffset

StoreESI:
mov [ecx+eax*4],esi
inc eax
mov [ebx],eax
mov [edx],edi

EndSearch:
pop edx
jmp LeaveMe

DupeXVac:
push eax
push ebx
push ecx
mov ebx,[ListOffset]
dec ebx
mov ecx,ESIList
mov eax,[ecx+ebx*4]
cmp esi,eax
je DoNormal
mov edi,[EDIValue]

DoNormal:
mov [esi+114],edi

LeaveMe:
pop eax
pop ebx
pop ecx
jmp 6004d1
lordy cheater
24th August 2006, 18:42
so how does these work?
CondorX
24th August 2006, 18:51
great, but the game kick me when i open the uce u______u
DeathWish
25th August 2006, 17:15
nice work..
i only can use pointers (REV 822)..
but i hope i can try these others soon
suhailp
26th August 2006, 01:51
nice work..
i only can use pointers (REV 822)..
but i hope i can try these others soon

Unfortunately I cant even seem to get pointers working :(

How did you go about doing this? Seeing as most UCE's do not work including MSHZ.

A new bypass perhaps? :D
masterice
26th August 2006, 10:16
only pointers works for me too
suhailp
26th August 2006, 12:24
Could you share what uce you are currently using which the pointers work cuase i have tried alot of uces including MSHZ.
XxAaPxX
6th September 2006, 16:12
the dupex is not working for me :(
StarPix
6th September 2006, 21:06
whem I use god mode my computer's restart o.O
SunBeam
6th September 2006, 21:35
Then the known UCEs are probably not working anymore. If that's the case, move to other methods. All I can say is that the newest GameGuard is an old revision. Numbers don't count, the file characteristics count...
darkstar369
7th September 2006, 04:08
search for dual engine.. will allow memory view to work