Can anyone teach me how to update the below scripts? [Archive]

View Full Version : Can anyone teach me how to update the below scripts?

davinsoh

3rd August 2007, 23:45

Hi all,

I have added and changed the addresses I know but I am really poor in finding out how to change and locate the opcodes.

Can anybody teach me? At least in the future I'll be able to help update whenever maple patches again. As usual I need help with those in red.

Thanks!

MesoDrop Script
Alloc(MesoDrop, 64)

MesoDrop:
mov eax, C350
mov [esi+000000bc] ,eax
jmp 006BC46A

006C178D:
jmp MesoDrop

[disable]
006C178D:
mov [esi+000000bc] ,eax
dealloc(MesoDrop)

Selective WallByPass
registersymbol(olddata)
label(set)
label(ret)
label(end)

begin:
cmp ,1
je set
ret:
mov esi,olddata
movsd
movsd
movsd
movsd
pop edi
jmp end
set:
mov esi,[007E1094] //I assume this is correct
mov esi,[esi+0C]
mov [pointer], esi
mov esi,[pointer]
mov [olddata],esi

mov esi,[007E1094] //I assume this is correct
mov esi,[esi+10]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+04],esi

mov esi,[007E1094] //I assume this is correct
mov esi,[esi+14]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+08],esi

mov esi,[007E1094] //I assume this is correct
mov esi,[esi+18]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+0C],esi

mov [bool],0
jmp ret

006BF74B:
jmp begin
end:

olddata:
DB 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
pointer:
DB 00 00 00 00
bool:
DB 01 00 00 00

[DISABLE]
dealloc(begin)
dealloc(olddata)
dealloc(pointer)
dealloc(bool)

006BF74B:
movsd
movsd
movsd
movsd
pop edi

[B]DICEvac
[Enable]
alloc(dICE,64)
label(return)

dICE:
pushad

mov edx, [7e7b70] //Again I assume this is correct
mov ebx, [edx+5fc]
mov ecx,[edx+600]
add ebx, 75

mov eax,[7e1094] //Again I assume this is correct
mov [eax+C],ebx
mov [eax+14],ebx
mov [eax+10],ecx
mov [eax+18],ecx
popad

mov [ebx], eax
mov edi,[ebp+10]
jmp return

006C39D5:
jmp dICE
return:

006c6337:
db 0f 84

006bfe24:
db 75

006c00c0:
db 0f 85

[Disable]
006C39D5:
mov [ebx], eax
mov edi,[ebp+10]

006c6337:
db 0f 85

006bfe24:
db 74

006c00c0:
db 0f 84

dealloc(dICE)

cuteharez

4th August 2007, 00:23

You need an unpacked client since you don't have the AOB otherwise you got to load a V0.43 CEM on you UCE and attach it to anyprocess.

davinsoh

4th August 2007, 01:21

Thanks cuteharez... I managed to search thru old AOBs given with older scripts and have successfully updated the above 3 scripts.

Tested and working...

MESODROP SCRIPT
[enable]
Alloc(MesoDrop, 64)

MesoDrop:
mov eax, C350
mov [esi+000000bc] ,eax
jmp 006C1793

006C178D:
jmp MesoDrop

[disable]
006C178D:
mov [esi+000000bc] ,eax
dealloc(MesoDrop)

SELECTIVE WALLBYPASS
[ENABLE]
alloc(begin,2048)
alloc(olddata,32)
alloc(pointer,4)
alloc(bool,4)
registersymbol(bool)
registersymbol(olddata)
label(set)
label(ret)
label(end)

begin:
cmp [bool],1
je set
ret:
mov esi,olddata
movsd
movsd
movsd
movsd
pop edi
jmp end
set:
mov esi,[007E7094]
mov esi,[esi+0C]
mov [pointer], esi
mov esi,[pointer]
mov [olddata],esi

mov esi,[007E7094]
mov esi,[esi+10]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+04],esi

mov esi,[007E7094]
mov esi,[esi+14]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+08],esi

mov esi,[007E7094]
mov esi,[esi+18]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+0C],esi

mov [bool],0
jmp ret

006C4A74:
jmp begin
end:

olddata:
DB 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
pointer:
DB 00 00 00 00
bool:
DB 01 00 00 00

[DISABLE]
dealloc(begin)
dealloc(olddata)
dealloc(pointer)
dealloc(bool)

006C4A74:
movsd
movsd
movsd
movsd
pop edi

DICEvac
[Enable]
alloc(dICE,64)
label(return)

dICE:
pushad

mov edx, [7E7B70]
mov ebx, [edx+5FC]
mov ecx,[edx+600]
add ebx, 75

mov eax,[7E7094]
mov [eax+C],ebx
mov [eax+14],ebx
mov [eax+10],ecx
mov [eax+18],ecx
popad

mov [ebx], eax
mov edi,[ebp+10]
jmp return

006C8CFE:
jmp dICE
return:

006CB660:
db 0f 84

006C514D:
db 75

006C53E9:
db 0f 85

[Disable]
006C8CFE:
mov [ebx], eax
mov edi,[ebp+10]

006CB660:
db 0f 85

006C514D:
db 74

006C53E9:
db 0f 84

dealloc(dICE)

Happy hacking to all...

Cheers!
Davin

maplece1

4th August 2007, 09:14

@Davin

Since you have tested SWBypass & DICE, you must have a working CRCBypass. Is there some major change or simply addy updates. coz i am unable to update them till now.

Note: I tried to use DoomsDay's CRCBypass from CEF but testing CRCbypass alone will d/c the character in a few seconds hence it is probably not updated properly yet!! --- I found the problem and solved it already.

(P.S. I use GG907 to bypass GG so that the CE can see all the memory)

Has the AOB change as well? e.g. God mode for v43
[Enable]
0068a107: //0f 84 8c 0e 00 00 e8 by NT_xvmon
je 0068afe1

[Disable]
0068a107:
jne 0068afe1

i can seems to get any result using the AOB i kept for v43. Anyone can advise?

davinsoh

4th August 2007, 09:40

@maplece1

My CRCbypass script is from CEF as well. You shouldn't DC when you log in. Try checking that you have renamed your CEM file correctly. Normally you should be unable to tick CRCbypass if that is wrong.

No there is no major updates thus far. Simple addy replacing which I jus learnt yday... Hehe...

AOBs from V43 will do jus fine.

BTW remember when searching the AOBs in memory viewer, DO NOT copy the space behind the last byte while searching. You will get no results.

Meaning for eg. 0f 84 8c 0e 00 00 e8 <--- this spacing here
will spoil your search of addresses.

I didnt backdate GG to view memory, Im using TJJ's vicious varient GG pause method.

Those scripts that DoomsDay has updated in green works.

Hope this helps.

Cheers!
Davin

maplece1

4th August 2007, 11:14

I managed to found the mistake and i suspect many would face the same problem if they simply copy blindly from Doomsday's CRCBypass script.

so far, i have tested the item 1 by 1 and i have left two items remaining to complete my simple yet "quite" effectively leveling hack.

(1) CRCBypass from CEF - ok
(2) GodeMode v1 from CEF - ok
(3) SWBypass (use Davin - CEF??) - ok
(4) DICE (use Davin - CEF??) - ok
(5) Item Vac from CEF - ok

Last two items to be tested:
(6a) Guttugin's UA from CEF - not working even with different combination of Unlimited Attack offset

OR
(6b) Doomsday UA - works on its own but not with DICE

(7) Yule Auto DC - lack of AOB!!!

gameservice

4th August 2007, 12:59

maplece1 does instant drop working for u? it dcs for me.

maplece1

4th August 2007, 14:26

maplece1 does instant drop working for u? it dcs for me.

sorry i do not use such cheats as it does not help or contribute to leveling but i bet if doomsday updated them, it will work.

btw, how do u test it? did u test it with CRCBypass alone?

davinsoh

4th August 2007, 15:25

@maplece1

Glad that you found out what went wrong for your CRCByPass.

Anyway, my selective wall and dice scripts have been from CEF from V42 I think.

Just that this time round I did the updating myself before DoomsDay posted it so I guess they should be exactly the same script thus PLS... No credits to me... Its just simple updating of addresses.

Plus the wall addresses were found by him, not me and they were required for updating of any vacs.

GTHuggins UA is not supposed to be posted here at all so I'm not even trying to verify it. BUT, I can tell you it works for me since he 1st posted it in CEF.

I got the exact same script as posted so there shouldn't be any problems.

I have tried DoomsDay's UA script as well, just doesn't work well with DICE.

@gameservice
Don't use instant drop... It most probably allows faster auto ban...

Anyway, those who are looking for GMDC, pls check out >>>> http://www.mpcforum.com/showthread.php?t=203684

Cheers!
Davin