[R] NGRush + SPControl

BosBeer · 16th November 2009, 16:25

I started thinking of what NGRush actually does, and made an own version to change Spawn Points for specific maps into my desired location.

If modified further, which I will, this can be used to bot at bigger maps. By simply choosing a couple spawn locations, and make you respawn in them after certain amount of attacks. (This would not need CCing anymore, something I never liked in the first place ...)

Enjoy, and as always, EXPERIMENT!!!

Next Generation Rush:
Spawns you on the portal to the next map as defined in paths. Automatically works in both directions.
--This example has the path from Orbis to El Nath, add your own if needed ...
Credits: PedraSimon
Thanks to: dwuz001 (for pointing out the obvious)

Code:

[ENABLE] 
//NGRush eMS v57
Alloc(Ngr,1024)
Alloc(paths,2048)
Label(rtnNgr)
Label(matchAny)
Label(ptlDone)
Label(goHome)
Label(mapFind)
Label(mapNxt)
Label(dirnOk)
Label(mapFindDone)
Label(cPtlNxt)
Label(cPtlNFnd)
Label(cPtlDone)
Label(fndExtPtl)
Label(prevMapId)
Label(rushDir)

Ngr:
  mov [ebp-1c],eax
  pushad
  mov esi,99F4F8
  lea edi,[esi-8]
  mov esi,[esi]
  mov esi,[esi+65C]
  mov edi,[edi]
  mov edi,[edi+4]
  call mapFind
  test eax,eax
  jz matchAny //Change "matchAny" into "goHome", if you want it to do nothing in maps that are not listed.
  push eax
  mov edx,[edi-4]
  call cPtlNxt
  test eax,eax
  jnz ptlDone
matchAny:
  push eax
  mov edx,[edi-4]
  call cPtlNxt
ptlDone:
  test eax,eax
  jz goHome
  push [eax+c]
  pop dword ptr[ebp-20]
  push [eax+10]
  pop dword ptr[ebp-1C]
goHome:
  mov [prevMapId],esi
  popad
  cmp dword ptr [esi+18],0
  jmp rtnNgr

cPtlNxt:
  dec edx
  test edx,edx
  js cPtlNFnd
  mov eax,[edi+8*edx+4]
  mov ecx,[eax+14]
  cmp ecx,esi
  je cPtlNxt
  cmp ecx,[prevMapId]
  je cPtlNxt
  cmp [eax+8],7
  je fndExtPtl
  cmp ecx,3B9AC9FF
  je cPtlNxt
fndExtPtl:
  cmp [esp+4],0
  jz cPtlDone
  cmp [esp+4],ecx
  jz cPtlDone
  jmp cPtlNxt
cPtlNFnd:
  xor eax,eax
cPtlDone:
ret 4

mapFind:
  xor edx,edx
mapNxt:
  inc edx
  mov eax,[paths+edx*4]
  test eax,eax
  jz mapFindDone
  cmp eax,esi
  jnz mapNxt
  mov eax,[rushDir]
  lea eax,[paths+eax*4]
  mov eax,[eax+edx*4]
  cmp eax,[prevMapId]
  jne dirnOk
  neg [rushDir]
dirnOk:
  add edx,[rushDir]
  mov eax,[paths+edx*4]
mapFindDone:
  ret

prevMapId:
dd 0

rushDir:
dd 1

paths:
dd 0
dd BEBC200 //Orbis : Orbis
dd BECFAE4 //Orbis : Entrance to Orbis Tower
dd BECFB48 //Orbis : Orbis Tower <20th Floor>
dd BECFBAC //Orbis : Orbis Tower <19th Floor>
dd BECFC10 //Orbis : Orbis Tower <18th Floor>
dd BECFC74 //Orbis : Orbis Tower <17th Floor>
dd BECFCD8 //Orbis : Orbis Tower <16th Floor>
dd BECFD3C //Orbis : Orbis Tower <15th Floor>
dd BECFDA0 //Orbis : Orbis Tower <14th Floor>
dd BECFE04 //Orbis : Orbis Tower <13th Floor>
dd BECFE68 //Orbis : Orbis Tower <12th Floor>
dd BECFECC //Orbis : Orbis Tower <11th Floor>
dd BECFF30 //Orbis : Orbis Tower <10th Floor>
dd BECFF94 //Orbis : Orbis Tower <9th Floor>
dd BECFFF8 //Orbis : Orbis Tower <8th Floor>
dd BED005C //Orbis : Orbis Tower <7th Floor>
dd BED00C0 //Orbis : Orbis Tower <6th Floor>
dd BED0124 //Orbis : Orbis Tower <5th Floor>
dd BED0188 //Orbis : Orbis Tower <4th Floor>
dd BED01EC //Orbis : Orbis Tower <3rd Floor>
dd BED0250 //Orbis : Orbis Tower <2nd Floor>
dd BED02B4 //Orbis : Orbis Tower <1st Floor>
dd C939B88 //El Nath : Snowy Hill
dd C939AC0 //El Nath : El Nath
dd 0

007C1522:
  jmp Ngr
  db 90 90
  rtnNgr:

[DISABLE]
007C1522:
  db 83 7E 18 00 89 45 E4

dealloc(NGR)
dealloc(paths)

Spawn Point Control: (I did not test this very thouroughly, so post any bugs you may encounter!)
Changes spawn Coördinates for specified maps.
--In this example is Ellinea added with coördinates of the Item Shop.
--Add your own maps below SPList like this:
----dd XXXXXXXX //Map ID of your map in HEX (Map ID Pointer: 99F4F8 - 65C)
----dd XXXXXXXX //X value of the point you want to spawn at in HEX (Char X Pointer: 99DF5C - E50)
----dd XXXXXXXX //Y value of the point you want to spawn at in HEX (Char Y Pointer: 99DF5C - E54)
Credits: PedraSimon, BosBeer

Code:

[ENABLE]
//SPControl eMS v57
Alloc(SpawnControl,1024)
Alloc(SPList,2048)
Alloc(SpawnX,4)
Alloc(SpawnY,4)
Label(rtnSPC)
Label(findMap)
Label(nextMap)
Label(mapFound)
Label(findMapDone)
Label(rtnNormal)

SpawnControl:
  mov [ebp-1c],eax
  pushad
  mov esi,[99F4F8]
  mov esi,[esi+65C]
  xor edx,edx
  call findMap
  test eax,eax
  jz rtnNormal
  mov eax,[SpawnX]
  mov [ebp-20],eax
  mov eax,[SpawnY]
  mov [ebp-1C],eax
rtnNormal:
  popad
  cmp dword ptr [esi+18],0
  jmp rtnSPC

nextMap:
  inc edx
findMap:
  mov eax,[SPList+4+edx*C]
  test eax,eax
  jz findMapDone
  cmp eax,esi
  jnz nextMap
mapFound:
  mov eax,[SPList+8+edx*C]
  mov [SpawnX],eax
  mov eax,[SPList+C+edx*C]
  mov [SpawnY],eax
findMapDone:
  ret

SPList:
dd 0
dd 6052340 //Victoria Road : Ellinia
dd FFFFFF85 //X of Shop Portal
dd FFFFF86F //Y of Shop Portal
dd 0

007C1522:
  jmp SpawnControl
  db 90 90
  rtnSPC:

[DISABLE]
007C1522:
  db 83 7E 18 00 89 45 E4

dealloc(SpawnControl)
dealloc(SPList)
dealloc(SpawnX)
dealloc(SpawnY)

SPControl v2: (the Quick version)
When enabled it will store the map + your location. From then on, everytime you spawn in that map (only that one), it will spawn you at that same location.
Credits: PedraSimon, BosBeer

Code:

[ENABLE]
//SPControl (Quick) eMS v57
Alloc(SpawnControl,1024)
Alloc(MapID,4)
Alloc(SpawnX,4)
Alloc(SpawnY,4)
Alloc(Done,4)
Label(rtnSPC)
Label(alreadyDone)
Label(rtnNormal)

SpawnControl:
  mov [ebp-1c],eax
  pushad
  mov esi,[99F4F8]
  mov esi,[esi+65C]
  cmp [Done],1
  jz alreadyDone
  mov [MapID],esi
  mov eax,[99DF5C]
  mov ebx,[eax+E50]
  mov ecx,[eax+E54]
  mov [SpawnX],ebx
  mov [SpawnY],ecx
  mov [Done],1
alreadyDone:
  cmp [MapID],esi
  jnz rtnNormal
  mov eax,[SpawnX]
  mov [ebp-20],eax
  mov eax,[SpawnY]
  mov [ebp-1C],eax
rtnNormal:
  popad
  cmp dword ptr [esi+18],0
  jmp rtnSPC

007C1522:
  jmp SpawnControl
  db 90 90
  rtnSPC:

[DISABLE]
007C1522:
  db 83 7E 18 00 89 45 E4

dealloc(SpawnControl)
dealloc(MapID)
dealloc(SpawnX)
dealloc(SpawnY)
dealloc(Done)

If you have an idea of something that could/needs to be added, please do let me know, I'm open to all suggestions. This opened many possibilities if you ask me

.

~Bos

pokemaster · 16th November 2009, 16:33

Great release, this is going to be immensely useful if it works without any problems.

DaLostStar · 16th November 2009, 16:35

sound nice,im testing it right a way.
thanks ;D ill post results later

*Šěžăbĭ* · 16th November 2009, 16:35

Epic release

βΩπρ · 16th November 2009, 16:36

Awesome

Login18 · 16th November 2009, 16:38

nice release

BosBeer · 16th November 2009, 16:45

Added a second, quick, version.
Very easy to use: Just enable at the map and at the location you want to be Spawned. Then it will always spawn you there (only in that map).

Edit: Scripts updated, disabling part was incomplete ...

und3rt4ker · 16th November 2009, 16:54

to add more maps just :

Code:

dd "MAP ID in HEX"

this right?

BosBeer · 16th November 2009, 16:56

Quote:

Originally Posted by und3rt4ker

to add more maps just :

Code:

dd "MAP ID in HEX"

this right?

For NGRush yes!

For SPControl NO!
You always need to add Map+X+Y:
dd "Map ID in HEX"
dd "X Value of your desired Spawn Point in HEX"
dd "Y Value of your desired Spawn Point in HEX"
Always those three, else the script has a possibility to crash...

Lapheoria · 16th November 2009, 17:00

Quote:

Originally Posted by Šěžăbĭ

Epic release

Agreed

dwuz001 · 16th November 2009, 17:02

By checking 99F4F0, it is straight forward to change lea edi,[esi+4] to lea edi,[esi-8].

But how do you find 65C as an offset?

BosBeer · 16th November 2009, 17:06

Quote:

Originally Posted by dwuz001

By checking 99F4F0, it is straight forward to change lea edi,[esi+4] to lea edi,[esi-8].

But how do you find 65C as an offset?

Map ID offset.

And another thanks for pointing out to 99F4F0.
I really would kick myself in the butt if I could for being so stupid and not check more thouroughly

.

dwuz001 · 16th November 2009, 17:08

You are welcome.

I am in short of knowledge to find map ID offset, would you enlighten me some hints?

BosBeer · 16th November 2009, 17:14

Quote:

Originally Posted by dwuz001

You are welcome.

I am in short of knowledge to find map ID offset, would you enlighten me some hints?

Couple ways:
-Search pointer from scratch with Map IDs
-Use 6FBE37 to update the offset, that's where the pointer is updated with the new Map ID.

youkill4r · 16th November 2009, 17:19

U sir, are epic

Thanks for releasing though i might not use it, i feel like maple is starting to bore me ;'(

16th November 2009, 16:35	#4
Šěžăbĭ Black Power Ranger Evil Emperor Join Date: 16th Sep 2007 Location: Sofia, Bulgaria Posts: 6,960	Epic release __________________ Add me on Facebook - Here, but tell me you're from MPC; Give me an internet - Here "Great minds discuss ideas, average minds discuss events, small minds discuss people." "Early to bed and early to rise, makes a man healthy, wealthy and wise." Wanna see how do I look? - HERE; [1], [2], [3]. I are so awesum: here O_o, ain't i O_o ? Really sick tune: Here! Check my pwnage brute: Here [/ /] Visit my MiniCity: Here.

16th November 2009, 16:36	#5
βΩπρ Fackers ^^ Necromancer of the Light Join Date: 23rd Jul 2009 Posts: 676	Awesome __________________ Buy XPI today, the greatest packet editor ever made. Including a Full bypass and Lifetime support. For more information, visit GGCRCBYPASS.com (u have to sign up first)

16th November 2009, 16:45	#7
BosBeer Silent Killer Join Date: 5th Jul 2006 Location: Belgium Posts: 405	Added a second, quick, version. Very easy to use: Just enable at the map and at the location you want to be Spawned. Then it will always spawn you there (only in that map). Edit: Scripts updated, disabling part was incomplete ... __________________ Trouble updating/making a script? -> Ask me! How to learn ASM? -> By reading, examining scripts and just simply trying! Where to download hacks? -> Search, search or learn to search! Last edited by BosBeer; 16th November 2009 at 16:51..

16th November 2009, 16:54	#8
und3rt4ker Silver Dragon Join Date: 14th May 2007 Posts: 970	to add more maps just : Code: dd "MAP ID in HEX" this right? __________________ Duh

16th November 2009, 17:02	#11
dwuz001 Angel of Darkness Join Date: 2nd Jan 2007 Posts: 275	By checking 99F4F0, it is straight forward to change lea edi,[esi+4] to lea edi,[esi-8]. But how do you find 65C as an offset? __________________ Call me ice

16th November 2009, 16:33	#2
pokemaster Pokemon Champion Bronze Dragon Join Date: 19th Jun 2009 Location: Sweden Posts: 860	Great release, this is going to be immensely useful if it works without any problems.

16th November 2009, 16:35	#3
DaLostStar Assassin Join Date: 16th Sep 2009 Posts: 175	sound nice,im testing it right a way. thanks ;D ill post results later

16th November 2009, 16:38	#6
Login18 Knight of Wars Join Date: 30th Nov 2008 Location: Where the sun never comes out Posts: 105	nice release

16th November 2009, 17:08	#13
dwuz001 Angel of Darkness Join Date: 2nd Jan 2007 Posts: 275	You are welcome. I am in short of knowledge to find map ID offset, would you enlighten me some hints? __________________ Call me ice

16th November 2009, 17:19	#15
youkill4r Epic Phail 4 life Silent Killer Join Date: 4th Nov 2009 Posts: 438	U sir, are epic Thanks for releasing though i might not use it, i feel like maple is starting to bore me ;'( __________________ Get someone to say lol at my post [x]MagicSteely!!! Get level 30[X] Get level 50[X] Get banned 10 times [X] to bad.. Get 100 posts [X] Get 250 posts [X]