MS-SEA MSEA V184.1 Script

Discussion in 'MapleStory Sea Hacks, Cheats & Bots' started by tysonlim, May 23, 2018.

Discuss MSEA V184.1 Script in the MapleStory Sea Hacks, Cheats & Bots area at GameKiller.net

  1. Fahmi

    Fahmi Singapore Informed Hacker

    Post Count:
    54
    Likes Received:
    18
    Stats
    Unfortunately not yet.
     

    Mr. Ad Advertisement

     
  2. Fahmi

    Fahmi Singapore Informed Hacker

    Post Count:
    54
    Likes Received:
    18
    Stats
    empty space, my mistake
     
  3. jaegar

    jaegar Singapore The New Guy

    Post Count:
    25
    Likes Received:
    3
    Stats
    not yet so you can only use it for a few secs..
     
  4. Enquix

    Enquix Singapore Veteran Hacker

    Post Count:
    133
    Likes Received:
    50
    Stats
    Have you tried after todays minor patch? I seem to be able to be stay online without getting NGS detected. I havent opened Cheat engine or anything tho just the GKbypass.
     
  5. Freedox

    Freedox Singapore Lurker

    Post Count:
    6
    Likes Received:
    4
    Stats
    After looking at your post, I have tried and it really seems to be working just fine.
     
  6. Roux

    Roux Singapore Lurker

    Post Count:
    7
    Likes Received:
    0
    Stats
    so the mscrc works now?
     
  7. Enquix

    Enquix Singapore Veteran Hacker

    Post Count:
    133
    Likes Received:
    50
    Stats
    Gkbypass seems to be working but mscrc isn’t updated yet
     
  8. hooked888

    hooked888 Malaysia Prominent Hacker

    Post Count:
    406
    Likes Received:
    166
    Stats
    i have no idea what i'm doing with this MSCRC. test yourself and let others know if it doesn't work. happy banning~

    /*
    Credits to DBLmao & mapler for sharing the base script.
    Credits to SouthernEmblem for updating the script.
    Special thanks to the GameKiller team for making the GMS public bypass compatible with other versions of MS too.
    If you are banned while using this, YOU are the one responsible.
    Using a disposable account is advised.


    MSEA v183.2 MSCRC Bypass for mem-editing
    v4.0
    */

    define(CRC1,03A72D8D) //03A72D8D add al,[ecx]
    define(CRC2,038D74E8) //038D74EA add [edx],esi
    define(CRC1Reg,ecx)
    define(CRC2Reg,esi)
    define(CRC1CHANGE,7) // 5 + NOP needed in hexadecimal
    define(CRC2CHANGE,5) // 5 + NOP needed in hexadecimal

    define(CRC1START,00401000)
    define(CRC1END,03305E90) //Get via script or search for 320 bytes of 0

    define(CRC2START,CRC1-800)
    define(CRC2END,CRC1+800)
    define(CRC2ENDCHECK,CRC1+7FC)
    [ENABLE]
    globalalloc(DisableCRCBypass,200)
    alloc(CRCHook,1024)
    alloc(MemCopy,100663296)
    registersymbol(MemCopy)
    label(MemCopier)
    registersymbol(MemCopier)
    label(Hook1)
    label(Hook2)
    label(Hook1End)
    label(Hook2End)
    label(Hook1Ret)
    label(Hook2Ret)
    label(Copy1)
    label(Copy2)
    label(CopyExit)
    label(Hook2Ending)
    label(Hook1Ending)
    label(Counter)
    createthread(MemCopier)

    ///////////////////////////////////////////////////////////////////////////

    MemCopy+5FFF000:
    MemCopier:
    cmp [MemCopier+200],1
    je CopyExit
    mov eax,CRC1START

    Copy1:
    mov ebx,[eax]
    mov [MemCopy+eax],ebx
    add eax, 4
    cmp eax,CRC1END
    jle Copy1
    mov eax,CRC2START

    Copy2:
    mov ebx,[eax]
    mov [MemCopy+eax],ebx
    add eax, 4
    cmp eax,CRC2END
    jle Copy2

    CopyExit:
    Hook1Ending:
    mov eax,[Counter]
    mov bh, [CRC1+eax]
    mov BYTE PTR [Hook1End+eax],bh
    mov BYTE PTR [DisableCRCBypass+150+eax],bh
    inc [Counter]
    cmp [Counter],CRC1CHANGE
    jl Hook1Ending
    mov [Counter],0

    Hook2Ending:
    mov eax,[Counter]
    mov bh, [CRC2+eax]
    mov BYTE PTR [Hook2End+eax],bh
    mov BYTE PTR [DisableCRCBypass+160+eax],bh
    inc [Counter]
    cmp [Counter],CRC2CHANGE
    jl Hook2Ending
    mov [Counter],0

    mov eax,Hook1
    sub eax,CRC1+5
    mov byte ptr [CRC1],E9
    mov [CRC1+1],eax

    mov eax,Hook2
    sub eax,CRC2+5
    mov byte ptr [CRC2],E9
    mov [CRC2+1],eax

    mov [MemCopier+200],1
    jmp terminatethread


    Counter:
    dd 0

    ///////////////////////////////////////////////////////////////////////////

    CRCHook:
    Hook1:
    cmp CRC1Reg,CRC1START
    jb Hook1End
    cmp CRC1Reg,CRC1END
    ja Hook1End
    add CRC1Reg,MemCopy
    jmp Hook1End

    Hook1End:
    db 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
    jmp Hook1Ret

    Hook2:
    cmp CRC2Reg,CRC2START
    jb Hook2End
    cmp CRC2Reg,CRC2ENDCHECK
    ja Hook2End
    add CRC2Reg,MemCopy
    jmp Hook2End

    Hook2End:
    db 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
    jmp Hook2Ret

    CRC1+CRC1CHANGE:
    Hook1Ret:

    CRC2+CRC2CHANGE:
    Hook2Ret:

    /////////////////////////////////////////////////////////////////////////
    DisableCRCBypass:
    mov eax,[DisableCRCBypass+150]
    mov bh, [DisableCRCBypass+154]
    mov [CRC1],eax
    mov BYTE PTR [CRC1+4],bh

    mov eax,[DisableCRCBypass+160]
    mov bh, [DisableCRCBypass+164]
    mov [CRC2],eax
    mov BYTE PTR [CRC2+4],bh

    jmp terminatethread
    ///////////////////////////////////////////////////////////////////////////

    [DISABLE]
    createthread(DisableCRCBypass)
    dealloc(CRCHook)
    dealloc(MemCopy)
    unregistersymbol(MemCopy)
    unregistersymbol(MemCopier)
    //Mob Control
    //MSEA 183.2

    // 01 Normal Mobs
    // 02 Jump mob
    // 03 Fly Mobs
    // 04 Stationary Mobs
    // 05 Mob Walk Right
    // 06-07-08 Lemmings
    // 09 and above crash MapleStory with "error code: -2147467259 (Unspecified error)"

    define(action,04) // change action here

    [ENABLE]
    alloc(MobControl,128)

    MobControl:
    mov [edi+000004E0],action
    mov eax,[edi+000004E0]
    jmp 027C6DA8+6

    027C6DA8:
    jmp MobControl
    db 90

    [DISABLE]
    027C6DA8: // CVecCtrlMob::WorkUpdateActive: E9 ? ? ? ? 8B ? ? ? 00 00 83 ? ? 0F ? ? ? ? ? FF [Address below]
    mov eax,[edi+000004E0]

    dealloc(MobControl)
    //Vellum Freeze V2
    //MSEA 183.2
    define(CMob_ShowAffectedSkill,01707CC0) // 55 8B EC 6A FF 68 ? ? ? ? 64 A1 00 00 00 00 50 81 EC ? ? 00 00 A1 ? ? ? ? 33 C5 89 45 ? 53 56 57 50 8D 45 F4 64 A3 00 00 00 00 8B D9 89 5D EC 8B ? ? ? 00 00 [FUNCTION START]
    // 55 8B EC 6A FF 68 ? ? ? ? 64 A1 00 00 00 00 50 81 EC ? ? 00 00 A1 ? ? ? ? 33 C5 89 45 ? 53 56 57 50 8D 45 F4 64 A3 00 00 00 00 8B ? 89 ? EC 8B B7 ? ? 00 00[FUNCTION START]
    [enable]
    CMob_ShowAffectedSkill:
    ret 0004


    [disable]
    CMob_ShowAffectedSkill:
    db 55 8B EC
    //Moopler - OuterHaven
    define(delay,#70)
    [Enable]
    Alloc(Hook,128)
    Label(Return)
    label(Exit)

    Alloc(timer,4)
    timer:
    dd 00

    // CDropPool::TryPickUpDropByPet
    011DB380: //2B 81 ? ? 00 00 3D B8 0B 00 00 0F 8C call below
    jmp Hook
    Return:

    Hook:
    call 011D0AD0 //original
    push esi
    mov esi,eax
    pushad
    call 026FAFB0 //get update time 74 ? E8 ? ? ? ? 50 FF ? ? E8 ? ? ? ? 83 C4 08 84 C0 74 ? call below
    mov edx,eax
    sub edx,[timer]
    cmp edx,delay
    jl Exit
    mov [timer],eax

    mov edi,[ebp+08] //pet pointer
    lea ecx,[edi+04]
    mov ebx,[edi+04]
    mov ebx,[ebx+20]
    call ebx // CPet::GetVecCtrl
    push [esi+04] // Item Y
    push [esi] // Item X
    mov ecx,eax
    call 02786270 //E8 ? ? ? ? 83 ? 10 77 CVecCtrlDragon::WarpPoint
    popad
    pop esi
    jmp Return

    Exit:
    popad
    pop esi
    jmp Return


    [Disable]
    dealloc(Hook)
    dealloc(timer)

    011DB380:
    call 011D0AD0
    define(IgnoreSkillCooldowns,025E2500)
    // 81 ? 53 24 14 00 75 08 [function start and breakpoint]
    // FF 75 0C E8 ? ? 08 00 5E 5D C2 08 00 FF 75 0C E8 [Second Result] [Follow Call]
    // 55 8b ec 83 ? ? 53 56 57 89 ? ? e9 ? ? ? ? 50 29 ? ? 93
    // 55 8B EC 83 EC 18 53 56 57 89 4D ? ? ? ? ? ? 50 ? ? ? [Third Result]
    [enable]
    IgnoreSkillCooldowns: //Ignore Skill Cooldown (Some Skills)
    ret 04

    [disable]
    IgnoreSkillCooldowns:
    push ebp
    mov ebp,esp
    //Auto Key
    //MSEA v183.2
    [enable]
    alloc(hook,128)
    alloc(PressKey,128)
    alloc(timer,4)
    label(update)
    label(return)
    define(CTRL,001D0000)
    define(SHIFT,002A0000)
    define(INSERT,01520000)
    define(DEL,01530000)
    define(HOME,01470000)
    define(END,014F0000)
    define(PAGEUP,01490000)
    define(PAGEDOWN,01510000)
    define(ALT,00380000)
    define(Z,002C0000)
    define(Autokey,CTRL)// change key here
    define(delay,#100) // change delay here

    timer:
    dd 0

    hook:
    call GetTickCount
    mov edx,eax
    sub edx, [timer]
    cmp edx, delay
    jl return
    mov [timer], eax
    pushad
    mov edx,Autokey
    call PressKey
    popad
    jmp return

    PressKey:
    mov esi,[035C4BA0] // TSingletonCWvsContext
    /*
    Mem Search Addy 55 8B EC 56 8B F1 E8 ? ? F7 FF F6 45 08 01 74 0E 68 ? ? 00 00 56 E8 ? ? ? 00 83 C4 08 8B C6 5E 5D C2 0400
    4 Byte Scan Result Addy. Green Result
    4 Byte Scan Result Addy. Black Result
    4 Byte Scan Result Addy. Green Result
    */
    mov ecx,[esi+A4]
    push edx
    push 00
    call 0289AE80 // CWndMan::OnKey 55 8B EC 8B 0D ?? ?? ?? ?? 85 C9 74 ?? 83 C1 ?? [First]
    ret

    update:
    push 02E9A76B // Original opcode
    jmp return

    027C1435: // CVecCtrlMob::WorkUpdateActive(only calls when in maps with mobs, useful if you get stuck in town while map rushing)
    jmp hook
    return:

    [disable]
    027C1435: // CVecCtrlMob::WorkUpdateActive 68 ?? ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 83 EC ?? 56 57 A1 ?? ?? ?? ?? 33 C5 50 8D 45 ?? 64 A3 ?? ?? ?? ?? 8B F9 89 7D ?? 8B 07
    push 02E9A76B
    db 64 A1 00 00 00 00

    dealloc(hook)
    dealloc(PressKey)
    //Auto Key V2
    //Msea v183.2
    // v2 won't crash for Win7 64bit OS. Uses Auto Attack delay system

    [Enable]
    alloc(hook,128)
    alloc(PressKey,128)
    alloc(timer,4)
    label(update)
    label(return)
    define(CTRL,001D0000)
    define(SHIFT,002A0000)
    define(INSERT,01520000)
    define(DEL,01530000)
    define(HOME,01470000)
    define(END,014F0000)
    define(PAGEUP,01490000)
    define(PAGEDOWN,01510000)
    define(ALT,00380000)
    define(Z,002C0000)
    define(Autokey, CTRL)
    define(delay, #100)

    timer:
    dd 0

    hook:
    /* call GetTickCount //call windows and windows returns a value into eax
    mov edx,eax // moves eax into edx
    sub edx, [timer] //edx -= timer
    cmp edx, delay // change delay here //compares edx to delay
    jl return //if edx < delay , return
    mov [timer], eax */ // move eax into timer
    inc [timer] //increment the value of timer
    cmp [timer], delay // comparison
    jne return //jump if timer!= delay
    mov [timer], 0 //move 0 into timer
    pushad //pushes in order of EAX, ECX, EDX, EBX, ESP, EBP, ESI, EDI
    mov edx,Autokey // change key here
    call PressKey
    popad //restores from pushad
    jmp return //jump to return

    PressKey:
    mov esi,[035C4BA0] // TSingletonCWvsContext 8B 0D ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 8D 4D ?? E8 ?? ?? ?? ?? 8B 4D ?? 64 89 0D ?? ?? ?? ?? 59
    mov ecx,[esi+A4]
    push edx
    push 00
    call 0289AE80 // CWndMan::OnKey 55 8B EC 8B 0D ?? ?? ?? ?? 85 C9 74 ?? 83 C1 ?? [First]
    ret

    update:
    push 02E9A76B // Original opcode
    jmp return

    027C1435: // CMob::Update (only calls when in maps with mobs, useful if you get stuck in town while map rushing) //start!
    jmp hook //jump to hook
    return:

    [Disable]
    027C1435: //68 ? ? ? ? 64 A1 ? ? ? ? 50 81 EC ? ? ? ? A1 ? ? ? ? 33 ? 89 ? ? 53 56 57 50 8D ? ? 64 A3 ? ? ? ? 8B ? 89 ? ? 33 ? 89 ? ? 89 ? ? E8
    push 02E9A76B
    db 64 A1 00 00 00 00

    dealloc(hook)
    dealloc(PressKey)
    [ENABLE]
    alloc(Hook,128)
    alloc(GetMobXY,128)
    alloc(MobX,4)
    alloc(MobY,4)
    registersymbol(MobX)
    registersymbol(MobY)
    label(GetMobXY_Return)
    label(Return)

    GetMobXY:
    push eax
    mov eax,[ecx+910] // 89 87 ? ? ? ? 8D ? ? ? ? ? 8B ? ? 89 ? ? 89 ? ? 8A
    mov [MobX],eax
    mov eax,[ecx+910+4] // OFFSET ABOVE + 0x4
    mov [MobY],eax
    pop eax

    //Original
    push ebp
    mov ebp,esp
    push -01
    jmp GetMobXY_Return

    027C1430: // CVecCtrlMob::WorkUpdateActive
    jmp GetMobXY
    GetMobXY_Return:

    Hook:
    mov edi,esi
    push [MobY]
    push [MobX]
    lea ecx,[edi+10]
    call 00ED5430 // IWzShape2D::Move 55 8B EC 56 57 FF 75 ? 8B ? FF 75 ? 57 8B 07 FF ? ? 8B F0 [FIRST]
    mov ecx,esi
    // Original Opcode
    call 00D12340 // CVecCtrl::UpdateActive
    //56 8B F1 57 8B ? FF ? ? 8B ? 85 FF
    jmp Return

    01542BBE:
    jmp Hook
    Return:

    [DISABLE]
    027C1430:
    push ebp
    mov ebp,esp
    push -01

    01542BBE: //E8 ? ? ? ? FF B3 ? ? 00 00 E8 ? ? ? ? 83 C4 04 85 C0 0F 84
    call 00D12340

    dealloc(Hook,128)
    dealloc(GetMobXY,128)
    dealloc(MobX,4)
    dealloc(MobY,4)
    unregistersymbol(MobX)
    unregistersymbol(MobY)
    [ENABLE]
    alloc(GetMobXY,128)
    alloc(MobX,4)
    alloc(MobY,4)
    alloc(Teleport,256)
    registersymbol(MobX)
    registersymbol(MobY)
    label(GetMobXY_Return)
    label(Return)
    label(Teleport_End)

    Teleport:
    mov esi,[035C4B6C] // CUserLocal: 8B 3D ? ? ? ? 8B CF F3 [address inside brackets]
    lea ecx,[esi+04]
    mov eax,[esi+04]
    mov eax,[eax+20]
    call eax
    test eax,eax
    je Teleport_End
    push [MobY]
    push [MobX]
    push 00
    mov ecx,eax
    call 00D14140 // 55 8B EC ? ? 10 ? FF ? 10 8D ? 10 FF ? 0C 56 FF 50 40 85 C0 79 0C 68 ? ? ? ? ? ? E8 ? ? ? ? 5E [first]
    jmp Return

    Teleport_End:
    ret

    GetMobXY:
    push eax
    mov eax,[ecx+910] // 89 87 ? ? ? ? 8D ? ? ? ? ? 8B ? ? 89 ? ? 89 ? ? 8A
    mov [MobX],eax
    add [MobX], #0
    mov eax,[ecx+910+4] // OFFSET ABOVE + 0x4
    mov [MobY],eax
    add [MobY], #0
    pop eax

    //Original
    push ebp
    mov ebp,esp
    push -01
    jmp GetMobXY_Return

    027C1430: // CVecCtrlMob::WorkUpdateActive 55 8B EC 6A FF 68 62 A9 DA 02 64 A1 00 00 00 00 50 81 EC 80 00 00 00 56 (temp AoB)
    jmp GetMobXY
    GetMobXY_Return:

    01274153:
    jmp Teleport
    Return:

    [DISABLE]
    027C1430:
    push ebp
    mov ebp,esp
    push -01

    01274153: //[some call above] 3D B8 0B 00 00 76 ? 6A
    call 012B0970 //

    dealloc(GetMobXY,128)
    dealloc(MobX,4)
    dealloc(MobY,4)
    dealloc(Teleport)
    unregistersymbol(MobX)
    unregistersymbol(MobY)
    //Auto Hp and MP
    //Msea v183.2
    [enable]
    define(CTRL,001D0000)
    define(SHIFT,002A0000)
    define(INSERT,01520000)
    define(DEL,01530000)
    define(HOME,01470000)
    define(END,014F0000)
    define(PAGEUP,01490000)
    define(PAGEDOWN,01510000)
    define(ALT,00380000)
    define(Z,002C0000))
    alloc(HP,4)
    alloc(MP,4)
    alloc(CheckHP,128)
    alloc(CheckMP,128)
    alloc(PressKey,128)
    label(HPReturn)
    label(MPReturn)

    //HP
    define(HP_Value,#9000) //Define HP Trigger Here (Do not remove # tag)
    define(HealthKey, PAGEUP) //HP Key
    //MP
    define(MP_Value,#4500) //Define MP Trigger Here (Do not remove # tag)
    define(ManaKey, PAGEDOWN) //MP Key

    HP:
    dd HP_Value
    MP:
    dd MP_Value

    CheckHP:
    mov [ebx+00000214],edi
    cmp edi,[HP]
    jg HPReturn
    pushad
    mov edx,HealthKey
    call PressKey
    popad
    jmp HPReturn

    CheckMP:
    mov [ebx+00000214],edi
    cmp edi,[MP]
    jg MPReturn
    pushad
    mov edx,ManaKey
    call PressKey
    popad
    jmp MPReturn

    0227FB4F:
    jmp CheckHP
    db 90
    HPReturn:

    02280289:
    jmp CheckMP
    db 90
    MPReturn:

    PressKey:
    mov esi,[035C4BA0] // TSingletonCWvsContext
    /*
    Mem Search Addy 55 8B EC 56 8B F1 E8 ? ? F7 FF F6 45 08 01 74 0E 68 ? ? 00 00 56 E8 ? ? ? 00 83 C4 08 8B C6 5E 5D C2 0400
    4 Byte Scan Result Addy. Green Result
    4 Byte Scan Result Addy. Black Result
    4 Byte Scan Result Addy. Green Result
    */
    mov ecx,[esi+A4]
    push edx
    push 00
    call 0289AE80 // CWndMan::OnKey 55 8B EC 8B 0D ?? ?? ?? ?? 85 C9 74 ?? 83 C1 ?? [First]
    ret
    [disable]
    0227FB4F: // Addy that accesses UI HP Value
    mov [ebx+00000214],edi
    02280289: // Addy that accesses UI MP Value
    mov [ebx+00000214],edi
    dealloc(HP)
    dealloc(MP)
    dealloc(CheckHP)
    dealloc(CheckMP)
    dealloc(UseHP)
    dealloc(UseMP)
    dealloc(PressKey)
    [Enable]
    Alloc(InGameRush, 128)
    Alloc(TeleportToPortal, 128)
    Alloc(Delay, 8)
    Label(Exit)
    Label(Return)
    Label(End)

    024DD5BF: //89 87 ? ? ? ? 81 bf 94 43 01 00
    jmp InGameRush
    db 90
    Return:

    Delay:
    dd 0

    InGameRush:
    inc [Delay]
    cmp [Delay], #20
    jl Exit
    mov [Delay], 0
    push eax
    call TeleportToPortal
    Exit:
    mov [edi+00014494],eax //Original Opcode
    jmp Return

    TeleportToPortal:
    push ebp
    mov ebp, esp
    push esi
    mov esi,[ebp+08]
    test esi, esi
    js End
    mov ecx,[035C4B6C] // CUserLocal 8B 3D ? ? ? ? 8B CF F3
    mov [ecx+00015214],1 // AutoPortal E8 ? ? ? ? 8B B3 ? ? ? ? 8B CB 6A 00 89 BB ? ? ? ? [Follow Call]

    mov ecx,[035EBD00] // PortalBase 8B 3D ?? ?? ?? ?? 8B 47 ?? 85 C0
    mov eax,018C9DB0 //CPortalList::GetPortal() E8 ? ? ? ? 89 85 ? ? ? ? 85 C0 0F 84 ? ? ? ? 8B 48 08 [First-Follow Call]
    push esi
    xor edx, edx
    call eax
    test eax, eax
    je End
    push [eax+4]
    mov ecx,[035C4B6C] // CUserLocal 8B 3D ? ? ? ? 8B CF F3
    mov [ecx+00015214],1 // AutoPortal 75 07 8B CE E8 ? ? ? ? 6A 00 8B CE E8 ? ? ? ? 5E
    mov eax,025D45E0 //CUserLocal::MoveToPortal() Search gm01 - Follow Call below
    xor edx, edx
    call eax
    End:
    mov eax, esi
    pop esi
    pop ebp
    ret 0004

    //Fix to Maprusher getting "stuck" i.e quest requirement map like T.O.T or Cygnus Garden
    024DD596: //0f 84 ? ? ? ? 89 87 ? ? ? ? 85 ?
    db 90 90 90 90 90 90

    //Another fix for getting "stuck"
    024DD5A4: //75 ? 8B 0D ? ? ? ? 8D 87 [2nd]
    db 90 90

    02550B91: // 1st result 6A ?? E8 ?? ?? ?? ?? 8B ?? E8 ?? ?? ?? ?? C7 ?? ?? ?? ?? ?? ?? 8D ?? ??
    db 90 90
    db 90 90 90 90 90
    db 90 90
    db 90 90 90 90 90

    00D40A80: // 1st result 75 ? E8 ? ? ? ? 85 C0 74 ? 6A 01
    db 90 90

    [Disable]
    DeAlloc(InGameRush)
    DeAlloc(TeleportToPortal)

    024DD5BF:
    mov [edi+00014494],eax

    024DD596:
    db 0F 84 E5 05 00 00

    024DD5A4:
    db 75 1F

    02550B91:
    push 00
    call 00D46700
    mov ecx,eax
    call 0290AD30

    00D40A80:
    db 75 2C
     
  9. Fahmi

    Fahmi Singapore Informed Hacker

    Post Count:
    54
    Likes Received:
    18
    Stats
    Awesome, whats the steps to update mscrc? can you use CE or do you need a debugger?
     
  10. hooked888

    hooked888 Malaysia Prominent Hacker

    Post Count:
    406
    Likes Received:
    166
    Stats
    im not too sure yet. i will teach if i confirm some step.. no hurry

    edited: i start at below link and do some research on previous version. crashed many times and luckily haven't hit a ban. oh, i start my research on v180.1 til now
     
    Last edited: Feb 1, 2019
    Fahmi likes this.
  11. Fahmi

    Fahmi Singapore Informed Hacker

    Post Count:
    54
    Likes Received:
    18
    Stats
    Memory editing works, can't vouch for the crc adresses but thanks for your work :)
     
  12. Freedox

    Freedox Singapore Lurker

    Post Count:
    6
    Likes Received:
    4
    Stats
    Hey hooked888, do you mind updating monkey spirit to 183.2? I am trying to update but don't do very well when it comes to offsets... thanks!
     
  13. hooked888

    hooked888 Malaysia Prominent Hacker

    Post Count:
    406
    Likes Received:
    166
    Stats
    monkey spirit? u mean SUMMONED SKILL KAMI? above not working?

    oh.. my bad.. try and see if this work.. BE NOTED: high risk get shadow ban
    [ENABLE]
    //Created by DBLmao
    alloc(Hook,100)
    alloc(timer,4)
    label(Return)
    label(Original)
    define(delay, #350)

    timer:
    dd 00

    Hook:
    /*
    push eax
    mov eax,[035F078C] //8B 0D ? ? ? ? 8D 85 ? FF FF FF 6A 00 6A 00 [FIRST] CHECK SECOND
    cmp [eax+10],00
    pop eax
    jle Original
    */
    call GetTickCount
    mov edx,eax
    sub edx, [timer]
    cmp edx,delay
    jl Original
    mov [timer],eax
    mov [esi+00014CF8],#42120003 // [offset from below]
    mov [esi+00014CF8+4],#55 // [offset from below]

    Original:
    cmp dword ptr [esi+00014CF8],00 // [offset from below]
    jmp Return

    0268190E: //83 BE ? ? ? ? 00 0F 84 ? ? 00 00 2B 86 ? ? ? ? 0F 88 ? ? 00 00 8B
    jmp Hook
    db 90 90
    Return:

    026774CE: //74 ? 8B ? ? 3B ? ? 7C ? 8B ? ? ? ? ? 53 E8 ? ? ? ? [JL BELOW]
    db 90 90

    [DISABLE]
    0268190E:
    cmp dword ptr [esi+00014CF8],00 //[update offset in brackets as well]

    026774CE:
    db 7C 38

    dealloc(Hook)
    [ENABLE]
    //Created by DBLmao
    alloc(Hook,100)
    label(Return)
    label(Original)

    Hook:
    push eax
    mov eax,[035F078C] //8B 0D ? ? ? ? 8D 85 ? FF FF FF 6A 00 6A 00 [FIRST] CHECK SECOND
    cmp [eax+10],00
    pop eax
    jle Original
    mov [esi+00014CF8],#42120003 // [offset from below]
    mov [esi+00014CF8+4],#55 // [offset from below]

    Original:
    cmp dword ptr [esi+00014CF8],00 // [offset from below]
    jmp Return

    0268190E: //83 BE ? ? ? ? 00 0F 84 ? ? 00 00 2B 86 ? ? ? ? 0F 88 ? ? 00 00 8B
    jmp Hook
    db 90 90
    Return:

    026774CE: //74 ? 8B ? ? 3B ? ? 7C ? 8B ? ? ? ? ? 53 E8 ? ? ? ? [JL BELOW]
    db 90 90

    [DISABLE]
    0268190E:
    cmp dword ptr [esi+00014CF8],00 //[update offset in brackets as well]

    026774CE:
    db 7C 38

    dealloc(Hook)

    updated MONKEY SPIRIT NO DELAY. thx @Freedox for pointing out
     
    Last edited: Feb 1, 2019
  14. jaegar

    jaegar Singapore The New Guy

    Post Count:
    25
    Likes Received:
    3
    Stats
    mcrc works for me.. no dc for 30 mins so far.
    Thanks hooked!
     
    toalson2 likes this.
  15. hooked888

    hooked888 Malaysia Prominent Hacker

    Post Count:
    406
    Likes Received:
    166
    Stats
    credit to at moopler and those create it.
    [ENABLE]
    alloc(skill_id_hook,128)
    alloc(timer,4)
    label(skill_id_return)
    label(normal)
    define(skill_id,#400040006) //Change #00000000 to your skillID
    define(skill_delay,#1) //Change delay

    timer:
    dd 00

    0267E41B: //[1st addy]
    db 90 90 90 90 90 90

    0267E427: //[2nd addy]
    db 90 90 90 90 90 90

    0267E414: //[3rd addy]
    jmp skill_id_hook
    nop
    nop
    skill_id_return:

    skill_id_hook:
    call GetTickCount
    mov edx,eax
    sub edx, [timer]
    cmp edx,skill_delay
    jl normal
    mov [timer],eax
    mov [esi+00014C98],skill_id //3rd addy dword ptr
    jmp skill_id_return
    normal:
    cmp dword ptr [esi+00014C98],00 //3rd addy dword ptr
    jmp skill_id_return

    0267E49B: //[4th addy]
    db 90 E9

    0267E60B: //[5th addy]
    db 90 90 90 90 90 90

    0267E618: //[6th addy]
    jmp 0267E64B //[7th addy] 81 BE ? ? ? ? E2 FE 7E 01 8B CE 75 ? 6A 00 6A 00 6A 04 57 FF ? ? E8 ? ? ? ? 5B 5F C7 ? ? ? ? ? 00 00 00 00 5E ?
    dw 90 90

    [Disable]
    0267E41B: //[1st addy] 0F 84 ? ? ? ? 2B BE ? ? ? ? 0F 88 ? ? ? ? 8B 0D ? ? ? ? 85 C9 74 ? 8B ? ? 83 ? ? 68 ? ? ? ? FF 50 64 85 C0
    db 0F 84 18 03 00 00

    0267E427: //[2nd addy] JS Below first addy^(0F 88 ? ? ? ? 8B 0D ? ? ? ? 85 C9 74 ? 8B ? ? 83 ? ? 68 ? ? ? ? FF 50 64 85 C0)
    db 0F 88 0C 03 00 00

    0267E414: //[3rd addy] cmp dword ptr above first addy^^ (83 BE ? ? ? ? 00 0F 84 ? ? ? ? 2B BE ? ? ? ? 0F 88 ? ? ? ? 8B 0D ? ? ? ? 85 C9 74 ? 8B ? ? 83 ? ? 68 ? ? ? ? FF 50 64 85 C0)
    cmp dword ptr [esi+00014C98],00 //update ptr in brackets here as well

    0267E49B: //[4th addy] 0F 84 ? ? ? ? 8B 06 8B CE FF 50 ? 3D 10 27 00 00 74 ? 3D 74 27 00 00 74 ? 3D 7E 27 00 00 74 ? 3D 7F 27 00 00 74 ?
    db 0F 84 EF 00 00 00

    0267E60B: //[5th addy] 0F 87 ? ? ? ? 0F B6 ? ? ? ? ? FF 24 ? ? ? ? ? 84 DB 74 ? 8B 8E ? ? ? ? 85 C9 0F 84 ? ? ? ? 57 FF ? ? E8 ? ? ? ? 5B
    db 0F 87 1D 01 00 00

    0267E618: //[6th addy] jmp dword ptr below the 5th addy ^ (FF 24 ? ? ? ? ? 84 DB 74 ? 8B 8E ? ? ? ? 85 C9 0F 84 ? ? ? ? 57 FF ? ? E8 ? ? ? ? 5B)
    jmp dword ptr [ecx*4+0267E740] //update the addy in the brackets here as well

    dealloc(skill_id_hook)
    [ENABLE]
    alloc(hook,128)
    label(return)

    hook:
    mov [esp+4],#9//nAction
    mov [esp+28],#17 //nMoveType
    mov [esp+4C],#1 //bAirhit

    //Vac to Char X
    mov eax,[035C4B6C] //CUserLocal: 8B 3D ? ? ? ? 8B CF F3
    mov eax,[eax+15134] //Character X Location Offset: 8d 86 ? ? ? ? 8b cf 50 e8 ? ? ? ? 5f 5e 5b
    add eax,#0 //Adjust X
    mov [esp+2C],eax //nMoveEndingX

    //Vac to Char Y
    mov eax,[035C4B6C] //CUserLocal: 8B 3D ? ? ? ? 8B CF F3
    mov eax,[eax+15134+4] //Character X Location Offset+4: 8d 86 ? ? ? ? 8b cf 50 e8 ? ? ? ? 5f 5e 5b
    add eax,#0 //Adjust Y
    mov [esp+30],eax //nMoveEndingY
    //Original Opcodes
    push ebp
    mov ebp,esp
    push -01
    jmp return

    //
    //017BAC10
    //017CA1B0
    01712940: // 55 8B EC 6A FF 68 ? ? ? ? 64 A1 00 00 00 00 50 81 EC ? ? ? ? A1 ? ? ? ? 33 C5 89 45 ? 53 ? ? 50 8D 45 F4 64 A3 00 00 00 00 8B D9 89 9D 1C FF FF FF
    jmp hook
    return:

    [DISABLE]
    01712940:
    push ebp
    mov ebp,esp
    push -01

    for the SI, by default i place DB 5th job blade tempest which doesn't work pass few patch. this seem to be working and need those 200 DB to test. if working, DB gonna shine again in MSEA :)

    DB SI suppose to work with this so that u can freely move around while SI
    //Mac GND
    //MSEA 183.1

    define(MachGND,0257C408)//75 ? 83 BD ? ? FF FF 00 75 ? 8B [4th result]
    //75 31 83 BD 04 ED FF FF 00 75 28 8B 53 0C 52 8B 85 C0 ED FF FF 50
    [enable]
    MachGND://Mach GND (Melee/Basic attacks)
    db EB

    [disable]
    MachGND:
    db 75

    updated SKILL INJECTION
     
    Last edited: Feb 1, 2019
  16. Gutgutgut

    Gutgutgut Malaysia The New Guy

    Post Count:
    16
    Likes Received:
    5
    Stats
    Oooo SI is back, nice. I should check moopler more in case the relevant AOBs are around xdd
     
  17. Freedox

    Freedox Singapore Lurker

    Post Count:
    6
    Likes Received:
    4
    Stats
    Thanks for your help. I think the V2 mov eax,[035F078C] is correct. V1's mov eax caused a crash.... How did you get the address inside the [] anyway? I couldn't get that one correct...
     
  18. Fahmi

    Fahmi Singapore Informed Hacker

    Post Count:
    54
    Likes Received:
    18
    Stats
    Just search the aob, green result or do you mean the one below with offsets?
     
  19. hooked888

    hooked888 Malaysia Prominent Hacker

    Post Count:
    406
    Likes Received:
    166
    Stats
    updated address.

    go 0268190E: //83 BE ? ? ? ? 00 0F 84 ? ? 00 00 2B 86 ? ? ? ? 0F 88 ? ? 00 00 8B and it was show there in memory view?!
     
  20. jaegar

    jaegar Singapore The New Guy

    Post Count:
    25
    Likes Received:
    3
    Stats
    Weird the SI does not work for me. Is anyone else having same issue?
     

Share This Page

  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies.
    Dismiss Notice
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies.
    Dismiss Notice