TheGmAdmin2
30-04-2007 , 17:28
--------------------------------------------------------------------------------
Usaremos el Kapersky Engine 3.3
[url=http://rapidshare.com/files/20209630/Kaspersky_Engine_3.3_Setup.exe]Descargar KasperSky
Aqui estan los settings.
Citar
General Settings:
Show undo button
Show advanced options.
Update the list of found addresses even after scanning
Center Kaspersky Engine 2 when bringing to front
Hide some/all window instead of trying to bring Kaspersky Engine 2 to front
Show value as if they are signed
Show and work with binaries as if they are decimals
Scan Settings:
Fast scan on by default
Enable Hyperscan when possible
Don't scan memory that is protected with the No Cache option
Keep low memory usage when doing an "Unknown Initial Value scan" with Hyper Scan
MEM_PRIVATE:Memory that is private.
MEM_IMAGE:Memory that is mapped into the view of an image section
MEM_MAPPED:Memory that is mapped into the view of a section
(E.g:File mapping, slow)
Run scan in seperate thread.
File Associations:
Nothing Checked
Plugins:
Do Nothing (Skip)
Code Finder:
Use Debug Registers (aka Harware Breakpoints)
Memory Access Exceptions
Try to prevent detection of the debugger
Handle breakpoints not caused by CE
Assembler:
Show disassembler
Show debugger options
* Use hardware breakpoints (Max 3)
Use int3 instructions for breakpoints (Unlimited)
Replace incomplete opcodes with nops
Ask for replace with nop
Try to prevent detection of the debugger
Extra:
Query memory region routines
Read/Write Process Memory
Open Process
Undo changes to CE
Force memory to be writable in case the standard method is blocked
Enable use of the Process Watcher
Use kernelmode debugger options when possible
Stealth mode (Usermode)
Stealth mode (Kernelmode)
Necesitamos la CEM para poder correr el CRC bypass.
Cem
Necesitamos una CT para correr nuestros hacks:
Ct.
**Nota ** Trae incluido el CEM asi que no tendrán problema.
Ahora necesitaremos un BOT:
Cakepub II No necesita bypass.
Bot
Citar
MzBot v1.2.0 Debug
===============
Features:
- Bunny Hop
- Auto Loot
- Auto Attack
- Auto Click
- Auto pot
- Auto Skill ( 1 Slot, automatically press a key for a specific interval )
- Hide its window.
Hotkey settings:
F9 - Toggle Bunny Hop
F10 - Toggle Auto Loot
F11 - Toggle Auto Attack
F12 - Toggle Auto Click
NumPad1 - Toggle Auto Potting
NumPad2 - Set HP Position ( move your mouse to wherever you want it to be )
NumPad3 - Set MP Position ( same as above )
NumPad Addition - Speed up auto clicker by a few millisecond
NumPad Subtraction - Slow down auto clicker by a few millisecond
Ctrl+Alt+F8 - Show and Hide MzBot
Maple Key setting:
Jump key - Alt
Attack key - Ctrl
Loot key - "Z"
Auto Skill key - "N"
HP Pot - 9
MP Pot - 0
Auto Skill:
Just put the interval in millisecond into the box below Auto Skill checkbox then check it to enable.
Note:
- Do not alt+tab when some feature is on, you will screw up, and it's your fualt, stupid
- If you use CE, start CE first, then start MzBot. ( Or there will be error. )
- To ensure you are not getting a trojan-ed version of MzBot, verify the file size and md5 hash
Debug Features:
View them in Debug View. ( Regarding Auto Potting )
Addresses and pointers: Credits baraklevi
Unlimited Attack - Pointer: 00795c9c Offset: 1348
No Breath - Pointer: 00795c9c Offset: 2C8
Speed Attack - Pointer: 00795c9c Offset: 2D8
Char X - Pointer: •Still Not Avilable• Offset: 57C
Char Y - Pointer: •Still Not Avilable• Offset: 580
Item X - Pointer: 00795c9c Offset: 57C
Item Y - Pointer: 00795c9c Offset: 580
Left Wall - Pointer: 00795120 Offset: C
Right Wall - Pointer: 00795120 Offset: 14
Top Wall - Pointer: 00795120 Offset: 10
Bottom Wall - Pointer: 00795120 Offset: 18
People Scanner - Pointer: 00795128 Offset: 18
Scripts:
CRC Bypass:
Código:
ALLOC(crc,128)
ALLOC(dump,3670018)
LABEL(oldmem)
LABEL(ret)
LOADBINARY(dump,eMS.CEM)
crc:
CMP ECX,00400000
JB oldmem
CMP ECX,00780000
JA oldmem
MOV EAX,dump
ADD ECX, dump-400000
oldmem:
MOV EAX,[EBP+10]
DB 56 57
JMP ret
00459A60:
JMP crc
ret:
00459A60:
MOV EAX,[EBP+10]
DB 56 57
DEALLOC(crc)
DEALLOC(dump)
Full GodMode:
Código:
//Full GodMode
0065DE36:
db 0f 84
//Full GodMode
0065DE36:
db 0f 85
SuperTubi:
Código:
//SuperTubi
0048A28E:
db 90 90
//SuperTubi
0048A28E:
db 75 36
Swear Filter:
Código:
//Swear Filter
0044D388:
db 90 90
//Swear Filter
0044D388:
db 74 1c
Shadow Partner:
Código:
//Shadow Partner
00646C3C:
db 0f 85
//Shadow Partner
00646C3C:
db 0f 84
No Breath:
Código:
//No Breath
004A9AD9: //DROP ITEM
db eb 23
0048C3F1: //CHANGE CHANNEL
db eb 10
006B6DED: //CASH SHOP
db eb 13
//No Breath
004A9AD9:
db 7e 23
0048C3F1:
db 7e 10
006B6DED:
db 7e 13
Pin Unrandomizer:
Código:
//Pin Unrandomize
alloc(pinunrandom,128)
label(returnhere)
00604945:
jmp pinunrandom
returnhere:
pinunrandom:
add eax,edx
push edx
shr edx,1
mov ,edx
pop edx
cmp byte ptr ,0a
jmp returnhere
//Pin Unrandomize
00604945:
add eax,edx
cmp byte ptr ,0a
dealloc(pinunrandom)
Pin KeyBoard Writer:
[enable]
00474695:
db 0f 83
[disable]
00474695:
db 0f 86
Full Map Item Vac:
Código:
[ENABLE]
//Full Map Item Vac
alloc(itemvac, 1024)
itemvac:
pushad
mov ecx, [ebp+8]
mov ebx, [ebp-24]
mov [ecx], ebx
mov [ecx+4], eax
mov ecx, eax
mov eax, ebx
lea edx, [eax-19]
mov [ebp-34], edx
lea edx, [ecx-32]
add eax, 19
add ecx, A
mov [ebp-30], edx
mov [ebp-2C], eax
mov [ebp-28], ecx
popad
push eax
push [ebp-24]
lea eax, [ebp-34]
jmp 0049126A
00491263:
jmp itemvac
nop
nop
[DISABLE]
//Full Map Item Vac
00491263:
push eax
push [ebp-24]
lea eax, [ebp-34]
Mouse Item Looter:
Código:
[ENABLE]
//Mouse Item Looter Script!
//By Gthuggin!
alloc(MouseItemLoot, 1024)
MouseItemLoot:
pushad
mov ecx, [ebp+8]
mov ebx, [ebp-24]
mov [ecx], ebx
mov [ecx+4], eax
mov ecx, eax
mov eax, ebx
mov ebx,[0079526c]
mov ebx,[ebx+10]
mov eax,[ebx+80] // mouse x
mov ecx,[ebx+84] // mouse y
mov [ebp-2C], eax
mov [ebp-28], ecx
popad
push eax
push [ebp-24]
lea eax, [ebp-34]
jmp 0049126A
00491263:
jmp MouseItemLoot
nop
nop
[DISABLE]
00491263:
push EAX
push [ebp-24]
lea eax, [ebp-34]
dEM Vac:
Código:
[enable]
alloc(dv,100)
alloc(dvtype,4)
label(normalx)
label(normaly)
label(endx)
label(endy)
label(backdv)
label(dvzero)
label(dvone)
registersymbol(dvtype)
dv:
mov eax, [00795c9c]
push eax
mov eax, [eax+57C]
mov [ebx+3FC], eax
cmp [dvtype], 0
je dvzero
cmp [dvtype], 1
je dvone
sub eax, 100
jmp dvzero
dvone:
add eax, 100
dvzero:
mov [ebx+3F4], eax
pop eax
mov eax, [eax+580]
mov [ebx+3F4], eax
mov [ebx+400], eax
jmp backdv
push ecx
mov ecx, [00795c9c]
add ecx,57C
cmp ebx, ecx
je normalx
mov ecx, [ecx]
cmp [dvtype], 0
cmp [dvtype], 1
sub ecx, 100
add ecx, 100
cmp [ebx],ecx
je endx
normalx:
mov [ebx],eax
endx:
pop ecx
mov edi, [ebp+10]
push ecx
mov ecx, [00795c9c]
add ecx,580
cmp edi, ecx
je normaly
mov ecx, [ecx]
cmp [edi],ecx
je endy
normaly:
mov [edi],eax
endy:
pop ecx
mov ebx, [ebp+14]
0051E076:
jmp dv
nop
backdv:
[disable]
0051E076:
mov [ebx+400], eax
dealloc(dv)
dealloc(uvx)
dealloc(uvy)
dealloc(dvtype)
unregistersymbol(dvtype)
Controlled Att Tele:
Cuando agregas y frezeas este script, agregas un pointer: couler
descripcion: attack per teleport.[/color]
Código:
[ENABLE]
alloc(tele,128)
alloc(toucher,4)
alloc(couler,4)
registersymbol(couler)
label(retour)
label(desactiver)
toucher:
db 00 00 00 00
couler:
db 05 00 00 00
0065A15E:
jmp tele
retour:
tele:
push eax
push ebx
inc [toucher]
mov eax,[toucher]
mov ebx,[couler]
cmp eax,ebx
pop ebx
pop eax
jl desactiver
mov [toucher],0
cmp [ebp-10],esi
jne 0065a168
jmp retour
desactiver:
cmp [ebp-10],esi
je 0065a168
jmp retour
[DISABLE]
0065A15E:
cmp [ebp-10],esi
je 0065a168
Item Filter:
Código:
[enable]
Alloc(filter,124)
label(ifreject)
label(end)
label(skip)
Alloc(iftable,512)
label(ifexit)
filter:
push ebx
push esi
xor ebx, ebx
mov esi,iftable
ifreject:
cmp eax,[esi]
je skip
cmp [esi],ebx
je end
add esi,4
jmp ifreject
skip:
mov eax,00
end:
pop esi
pop ebx
mov [edi+34], eax
mov edi, [ebp-14]
jmp ifexit
iftable:
dd 1F6EE0 //Arrow for Bow
dd 1F72C8 //Arrow for Crossbow
dd 1F6EE1 //Bronze Arrow for Bow
dd 1F72C9 //Bronze Arrow for Crossbow
dd 1E8480 //Red Potion
dd 1E8481 //Orange Potion
dd 1E8482 //White Potion
dd 1E8483 //Blue Potion
dd 1E8486 //Mana Elixer
dd 1E8487 //Red Pill
dd 1E8488 //Orange Pill
dd 1E8489 //White Pill
dd 1E848A //Blue Pill
dd 1E848B //Mana Elixer Pill
dd 1F47D4 //All Cure Potion
dd 1F47D0 //Antidote
dd 1F47D1 //Eye Drop
dd 1F47D3 //Holy Water
dd 1F47D2 //Tonic
dd 1E8C50 //Dexterity Potion
dd 1E8C52 //Magic Potion
dd 1E8C55 //Sniper Potion
dd 1E8C51 //Speed Potion
dd 1E8C54 //Warrior Potion
dd 1E8C53 //Wizard Potion
dd 1E8C59 //Dexterity Pill
dd 1E8C57 //Magic Pill
dd 1E8C58 //Sniper Pill
dd 1E8C5A //Speed Pill
dd 1E8C56 //Warrior Pill
dd 1EAB93 //Orange
dd 1EAB94 //Lemon
dd 1ED2AF //Sunset Dew
dd 1E8868 //Watermelon
dd 1EDA73 //Unagi
dd 3D2071 //The Summoning Rock
dd 3D2070 //The Magic Rock
dd 3D09B3 //A bundle of goby
dd 3D09D7 //Axe
dd 3D0950 //Bain's Spiky Collar
dd 3D0994 //Binding Bridle
dd 3D0963 //Bloctopus Key Chain
dd 3D0909 //Blue Mushroom Cap
dd 3D0900 //Blue Snail Shell
dd 3D0966 //Blue Toy Block
dd 3D09A4 //Bubble Fish's Thoughts
dd 3D0925 //Bubbling's Huge Bubble
dd 3D0982 //Buffoon's Grandpa Clock
dd 3D0980 //Buffy's Hat
dd 3D09B8 //Butter-Toasted Squid
dd 3D0946 //Cellion Tail
dd 3D094F //Cerebes' Tooth
dd 3D0908 //Charm of the Undead
dd 3D096F //Cheap Battery
dd 3D097D //Chief Gray's Sign
dd 3D092C //Clang Claw
dd 3D0971 //Clock Spring
dd 3D0973 //Cog
dd 3D0917 //Cold Eye's Tail
dd 3D0921 //Croco Skin
dd 3D090D //Curse Eye's Tail
dd 3D091F //Cursed Doll
dd 3D09BA //Dark Drake's Horn
dd 3D0957 //Dark Leatty Furball
dd 3D0937 //Dark Jr. Yeti's Skin
dd 3D093E //Dark Nependeath's Seed
dd 3D0939 //Dark Pepe's Beak
dd 3D0919 //Dark Stone Golem Rubble
dd 3D0938 //Dark Yeti's Horn
dd 3D0983 //Deep Buffoon's Rock Piece
dd 3D09CD //Dirty Bandage
dd 3D091E //Dragon Skin
dd 3D090E //Drake's Skull
dd 3D0985 //Dual Pirate's Propeller
dd 3D0907 //Evil Eye's Tail
dd 3D0992 //Evil Spirit
dd 3D0944 //Fierry's Tentacles
dd 3D0918 //Fire Boar's Tooth
dd 3D0951 //Firebomb Flame
dd 3D0955 //Fire Sentinel Shellpiece
dd 3D0912 //Firewood
dd 3D09A5 //Flamboyant Petal
dd 3D09A2 //Flamboyant Scale Skin
dd 3D094C //Flyeye Wing
dd 3D0990 //Free Spirit
dd 3D0984 //Ghost Pirate's Key
dd 3D0987 //Gigantic Viking Hat
dd 3D090C //Green Mushroom Cap
dd 3D0948 //Grupin Tail
dd 3D09A7 //Hard Needle
dd 3D0960 //Hard Walnut
dd 3D0933 //Hector's Tail
dd 3D090F //Horny Mushroom Cap
dd 3D09D0 //Horse Skull
dd 3D09B9 //Ice Backbone
dd 3D0996 //Ice Piece
dd 3D0954 //Ice Sentinel Shellpiece
dd 3D09B5 //Iced Shark's Fin
dd 3D09B7 //Ink Bottle
dd 3D09B2 //Iron Boar Armor
dd 3D0927 //Iron Hog's Metal Hoof
dd 3D0943 //Jr. Boogie's Horns
dd 3D094E //Jr. Cerebes' Tooth
dd 3D0922 //Jr. Necki's Skin
dd 3D0958 //Jr. Pepe's Fish
dd 3D0953 //Jr. Sentinel Shellpiece
dd 3D0930 //Jr. Yeti's Skin
dd 3D0981 //Lazy Buffy's Marble
dd 3D0905 //Leaf
dd 3D0915 //Leather
dd 3D0956 //Leatty Furball
dd 3D0920 //Ligator Skin
dd 3D09B6 //Lime Powder Bottle
dd 3D0947 //Lioner Tail
dd 3D092B //Lorang Claw
dd 3D094A //Lucida Tail
dd 3D093C //Lunar Pixie's Moonpiece
dd 3D091A //Lupin Doll
dd 3D091D //Lupin's Banana
dd 3D093D //Luster Pixie's Sunpiece
dd 3D0936 //Lycanthrope's Toenail
dd 3D0929 //Malady's Experimental Frog
dd 3D0978 //Mateon's Tentacle
dd 3D097A //Mecateon's Laser Gun
dd 3D0970 //Mechanical Heart
dd 3D0924 //Medicine With Weird Vibes
dd 3D09B1 //Mixed Block
dd 3D0968 //Motor
dd 3D090B //Mushroom Spore
dd 3D09A0 //Needle
dd 3D093A //Nependeath's Seed
dd 3D0906 //Octopus's Leg
dd 3D0901 //Orange Mushroom Cap
dd 3D096C //Panda Doll
dd 3D09CF //Pelvic Bone
dd 3D0932 //Pepe's Beak
dd 3D0911 //Pig's Head
dd 3D0902 //Pig's Ribbon
dd 3D0969 //Plane Controller
dd 3D0964 //Plastic Crown
dd 3D0979 //Plateon's Helmet
dd 3D099F //Poison Poopa's Poisonous Spikes
dd 3D099E //Poopa Egg
dd 3D0967 //Propeller
dd 3D095F //Rat Trap
dd 3D0977 //Receiving Apparatus
dd 3D0910 //Red Snail Shell
dd 3D09CE //Rib
dd 3D09A3 //Seahorse Horn
dd 3D09A1 //Seahorse Tail
dd 3D099D //Seal Meat
dd 3D099B //Seal Skin
dd 3D099C //Seal Tooth
dd 3D0995 //Sealed Bottle
dd 3D0993 //Sealed Teddy Bear
dd 3D0991 //Sealed-up Grandpa Clock
dd 3D09C3 //Seedling
dd 3D093F //Sentinel Shellpiece
dd 3D09B4 //Shark Denture
dd 3D09A6 //Shrimp Meat
dd 3D09CC //Skeledog's Bone
dd 3D09C5 //Slate
dd 3D090A //Slime's Bubble
dd 3D0974 //Small Egg
dd 3D0976 //Small Spaceship
dd 3D0913 //Snail Shell
dd 3D0999 //Snorkle
dd 3D14BD //Soft Feather
dd 3D0949 //Solid Horn
dd 3D0975 //Space Food
dd 3D0961 //Spiderweb
dd 3D0904 //Squishy Liquid
dd 3D093B //Star Pixie's Piece of Star
dd 3D0962 //Sticky Spiderweb
dd 3D14BC //Stiff Feather
dd 3D092A //Stirge's Wing
dd 3D0916 //Stone Golem´s Rubble
dd 3D09A8 //Sunflower Seed
dd 3D0972 //Table Clock
dd 3D0923 //Tablecloth
dd 3D091C //Tauromacis's Horn
dd 3D092E //Taurospear's Horn
dd 3D096A //Teddy's Cotton
dd 3D096B //Teddy's Yellow Ribbon
dd 3D099A //Toy Baby Seal
dd 3D097F //Toy Drum
dd 3D096D //Toy Duckling
dd 3D096E //ToyTroyan Sword
dd 3D0903 //Tree Branch
dd 3D092D //Tortie Shell
dd 3D0986 //Viking Sail
dd 3D0935 //Werewolf's Toenail
dd 3D0934 //White Pang's Tail
dd 3D0914 //Wild Boar's Tooth
dd 3D091B //Wild Cargo's Eye
dd 3D82BA //Wooden Board
dd 3D097B //Worn-Out Goggle
dd 3D0965 //Yellow Toy Block
dd 3D0931 //Yeti's Horn
dd 3D0952 //Zombie's Lost Gold Tooth
dd 3D0945 //Zombie's Lost Tooth
dd 3D098F //Zombie Teddy Bear
dd 3D7E3C //Monster Card
dd 3D7E3D //Bloctopus Omok Piece
dd 3D7E31 //Mushroom Omok Piece
dd 3D7E3A //Octopus Omok Piece
dd 3D7E39 //Omok Table
dd 3D7E3F //Panda Teddy Omok Piece
dd 3D7E3B //Pig Omok Piece
dd 3D7E3E //Pink Teddy Omok Piece
dd 3D7E30 //Slime Omok Piece
dd 3D7E40 //Trixter Omok Piece
dd 3D3013 //Adamantium Ore
dd 3D3010 //Bronze Ore
dd 3D3016 //Gold Ore
dd 3D3012 //Mithril Ore
dd 3D3015 //Orihalcon Ore
dd 3D3014 //Silver Ore
dd 3D3011 //Steel Ore
dd 3D5721 //Amethyst Ore
dd 3D5722 //Aquamarine Ore
dd 3D5728 //Black Crystal Ore
dd 3D5727 //Diamond Ore
dd 3D5723 //Emerald Ore
dd 3D5720 //Garnet Ore
dd 3D5724 //Opal Ore
dd 3D5725 //Sapphire Ore
dd 3D5726 //Topaz Ore
dd 3D18A2 //DEX Crystal Ore
dd 3D18A3 //LUK Crystal Ore
dd 3D18A0 //Power Crystal Ore
dd 3D18A1 //Wisdom Crystal Ore
dd 00
00492449:
jmp filter
nop
ifexit:
[disable]
00492449:
mov [edi+34], eax
mov edi, [ebp-14]
The New UA Working:
Código:
[enable]
// NON D/C Unlimited Attack!
// By Gthuggin of CEF
alloc(UnlimitedAttack,64)
alloc(SecksyCheck,44)
UnlimitedAttack:
mov eax,[00795c9c]
mov ebx,[eax+57c]
sub ebx,00000001
mov [eax+57c],ebx
popad
cmp eax,edi
mov [ebp-20],eax
je 0051df8e
SecksyCheck:
pushad
mov eax,[00795c9c]
mov eax,[eax+1348]
cmp eax,00000062
jnl UnlimitedAttack
popad
cmp eax,edi
mov [ebp-20],eax
je 0051df8e
0051DF28:
jmp SecksyCheck
nop
nop
[disable]
0051DF28:
cmp eax,edi
mov [ebp-20],eax
je 0051df8e
dealloc(UnlimitedAttack)
dealloc(SecksyCheck)
unrandomizer script:
Código:
[Enable]
006E485D:
mov eax,11111113
[Disable]
006E485D:
and eax,00007fff
Uber CRC\Range Uber CRC ( D\C )
Código:
[ENABLE]
registersymbol(UberX)
registersymbol(UberY)
alloc(UberY,64)
alloc(CharY,16)
alloc(UberX,64)
alloc(CharX,16)
UberX:
call 006e4758
push eax
mov eax, [00795c9c]
lea eax, [eax+57C]
cmp ebx, eax
je CharX
mov eax, [eax]
// sub eax, -100 // Here
mov [ebx], eax
pop eax
jmp 00692BE7
CharX:
pop eax
mov [ebx], eax
jmp 00692BE7
UberY:
call 006e4758
push eax
mov eax, [00795c9c]
lea eax, [eax+580]
cmp edi, eax
je CharY
mov eax, [eax]
mov [edi], eax
pop eax
jmp 00692C4C
CharY:
pop eax
mov [edi], eax
jmp 00692C4C
00692BE0:
jmp UberX
00692C45:
jmp UberY
[DISABLE]
00692BE0:
call 006e4758
00692C45:
call 006e4758
unregistersymbol(UberX)
unregistersymbol(UberY)
dealloc(UberY)
dealloc(CharY)
dealloc(UberX)
dealloc(CharX)
Mouse vac:
Código:
[ENABLE]
alloc(MouserX,512)
alloc(MouserY,512)
label(back)
label(return)
00692BE7:
jmp MouserX
back:
00692C4A:
jmp MouserY
return:
MouserX:
mov eax,[0079526c]
mov eax,[eax+10]
mov eax,[eax+80]
mov [ebx],eax
mov edi,[ebp+10]
jmp back
MouserY:
mov eax,[0079526c]
mov eax,[eax+10]
mov eax,[eax+84]
mov [edi],eax
mov ebx,[ebp+14]
jmp return
[DISABLE]
00692BE7:
mov [ebx],eax
mov edi,[ebp+10]
00692C4A:
mov [edi],eax
mov ebx,[ebp+14]
dealloc(MouserX)
dealloc(MouserY)
Slow DupeX:
Despues de agregar el codigo ve al pointer.
descripcion: Pointer Freeze
address: Pointer
Ofset: 110
Código:
[ENABLE]
alloc(CodeCave,32)
alloc(Pointer,32)
registersymbol(CodeCave)
registersymbol(Pointer)
label(ReturnHere)
CodeCave:
push ecx
mov ecx,Pointer
mov [ecx],esi
pop ecx
mov [esi+00000114],edi
jmp ReturnHere
00691AA4:
jmp CodeCave
nop
ReturnHere:
[DISABLE]
00691AA4:
mov [esi+00000114],edi
dealloc(CodeCave)
dealloc(Pointer)
unregistersymbol(CodeCave)
unregistersymbol(Pointer)
Item Explosion:
Código:
[enable]
00492283:
db 0F 8C
[disable]
00492283:
db 0F 84
Fall Through Floor:
Código:
[enable]
00690B12:
db 0f 83
[disable]
00690B12:
db 0f 86
Lemmings:
Código:
[Enable]
// Lemmings
00695059:
db 0f 85
[Disable]
// Lemmings
00695059:
db 0f 84
Uber Lemmings Left:
Código:
[Enable]
//Uber Lemmings Left (Duffy290/Jewbacca)
00690164:
db 90
00695059:
db 0f 85
[Disable]
//Uber Lemmings Left (Duffy290/Jewbacca)
00690164:
db 73 04
00695059:
db 0f 84
Uber Lemmings Right:
Código:
[Enable]
//Uber Lemmings Right (Duffy290/Jewbacca)
0069013C:
db 77 2e
00695059:
db 0f 85
[Disable]
//Uber Lemmings Right (Duffy290/Jewbacca)
0069013C:
db 76 2e
00695059:
db 0f 84
Suck/Tele UP:
Código:
[ENABLE]
//Suck/Tele UP
00691880:
db 76
[DISABLE]
//Suck/Tele UP
00691880:
db 73
suck left swim addy:
Código:
[enable]
//suck left swim addy v1
alloc(Vacem,256)
label(return)
00730808:
jmp Vacem
return:
Vacem:
inc [00687718]
nop
nop
jmp return
[disable]
//suck left swim addy v1
00730808:
add [eax], al
add [eax], al
add [eax], al
dealloc(Vacem)
Suck Right:
Código:
[Enable]
00695e13:
ja 00695e3b
[Disable]
00695e13:
jna 00695e3b
Suck Left:
Código:
[enable]
006922BC:
jbe 00692324
[disable]
006922BC:
jae 00692324
Suck Left v2:
Código:
[enable]
00731808:
dd 1
[disable]
00731808:
dd 0
Suck/tele Left:
Código:
[enable]
006920D5:
db 77
[disable]
006920D5:
db 73
Suck/tele Right:
Código:
[enable]
00692144:
db 77
[disable]
00692144:
db 76
PerVac:
Código:
[ENABLE]
00692324:
nop
nop
nop
nop
nop
nop
[DISABLE]
00692324:
mov ecx,[edi+00000134]
Shifu Vac:
Código:
[ENABLE]
0068f83a:
jne 0068f96e
[DISABLE]
0068f83a:
jmp 0068f96e
Instant Drop:
Código:
[ENABLE]
732BC8:
add [eax], al
add [eax], al
add [eax], al
add [eax], al
[DISABLE]
732BC8:
add [eax], al
add [eax], al
add [eax-71], al
inc eax
Lag Hack:
Código:
[ENABLE]
//Lag Hack
0068F78D:
jne 0068f79a
[DISABLE]
//Lag Hack
0068F78D:
je 0068f79a
Freeze to Crash:
Código:
[Enable]
006E513D:
jmp 0
[Disable]
006E513D:
and eax,00007fff
Selective WallVac Bypass:
Cuando agregas el script lo frezeas y agregas el pointer:
address: bool
Descripcion Bool
Código:
[ENABLE]
alloc(begin,2048)
alloc(olddata,32)
alloc(pointer,4)
alloc(bool,4)
registersymbol(bool)
registersymbol(olddata)
label(set)
label(ret)
label(end)
begin:
cmp [bool],1
je set
ret:
mov esi,olddata
movsd
movsd
movsd
movsd
pop edi
jmp end
set:
mov esi,[00797120]
mov esi,[esi+0C]
mov [pointer], esi
mov esi,[pointer]
mov [olddata],esi
mov esi,[00797120]
mov esi,[esi+10]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+04],esi
mov esi,[00797120]
mov esi,[esi+14]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+08],esi
mov esi,[00797120]
mov esi,[esi+18]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+0C],esi
mov [bool],0
jmp ret
0068F36D:
jmp begin
end:
olddata:
DB 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
pointer:
DB 00 00 00 00
bool:
DB 01 00 00 00
[DISABLE]
dealloc(begin)
dealloc(olddata)
dealloc(pointer)
dealloc(bool)
0068F36D:
movsd
movsd
movsd
movsd
pop edi
dICE Vac:
Código:
[enable]
//dICE Vac
alloc(dICE,64)
alloc(right,4)
alloc(left,4)
registersymbol(right)
registersymbol(left)
label(return)
dICE:
pushad
mov edx, [00797c9c]
mov ebx, [edx+57C]
mov ecx,[edx+580]
add ebx, [right]
sub ebx, [left]
mov eax,[00797120]
mov [eax+C],ebx
mov [eax+14],ebx
mov [eax+10],ecx
mov [eax+18],ecx
popad
mov [ebx], eax
mov edi,[ebp+10]
jmp return
right: //Set right to 0.
db 00 00
left: //Set left to 0.
db 00 00
00693534:
jmp dICE
return:
00695E42:
db 0f 84
0068FA46:
db 75
0068FCE2:
db 0f 85
[disable]
//dICE Vac
00693534:
mov [ebx], eax
mov edi,[ebp+10]
00695E42:
db 0f 85
0068FA46:
db 74
0068FCE2:
db 0f 84
dealloc(dICE)
dealloc(left)
dealloc(right)
unregistersymbol(left)
unregistersymbol(right)
Timed-Dupex:
Código:
[ENABLE]
registersymbol(DX)
registersymbol(DXListOffset)
registersymbol(DXType)
alloc(DX, 1024)
alloc(DXListOffset, 4)
alloc(DXType,4)
alloc(DXFindChar, 1024)
alloc(ESIList, 1024)
alloc(EDIValue, 4)
alloc(DXMap,4)
label(CompareOffset)
label(StoreESI)
label(DoNormal)
label(LeaveMe)
label(DXMonster)
label(NoDupe)
label(DoVac)
alloc(DXCounter,4)
registersymbol(VacTime)
registersymbol(TotalTime)
alloc(VacTime,4)
alloc(TotalTime,4)
alloc(DXCounter,4)
label(DXPause)
label(DXResetCounter)
label(DXReset)
label(back)
DXCounter:
add [eax],al
add [eax],al
VacTime:
js 0ff90c16
add [eax],al
TotalTime:
or [edi],al
add [eax],al
DXCounter:
sub al,01
add [eax],al
//Original Code
DXListOffset:
add [eax],al
add [eax],al
DXType:
add [eax],al
add [eax],al
DX:
push eax
push ebx
push ecx
push edx
mov ebx,[DXType]
cmp ebx, 00 // 0 = Do Nothing
je NoDupe
cmp ebx, 01
je DXFindChar
cmp ebx, 02
je DoVac
cmp ebx, 03
je DoVac
//Modified Code
cmp ebx, 04
je DXReset
jmp DoNormal
DXFindChar:
mov [esi+114],edi
mov eax,0
mov ebx,DXListOffset
mov ecx,ESIList
mov edx,EDIValue
CompareOffset:
cmp eax,[ebx]
je StoreESI
cmp esi,[ecx+eax*4]
je LeaveMe
inc eax
jmp CompareOffset
StoreESI:
mov [ecx+eax*4],esi
inc eax
mov [ebx],eax
mov [edx],edi
DoVac:
mov eax,[DXCounter]
cmp eax,[VacTime]
inc eax
mov [DXCounter],eax
jae DXPause
//Original
mov ebx,[DXListOffset]
dec ebx
mov ecx,ESIList
mov eax,[ecx+ebx*4]
cmp esi,eax
je DoNormal
mov ebx,[DXType]
cmp ebx, 02
jne DXMonster
mov edi,[eax+114]
jmp DoNormal
DXMonster:
cmp ebx, 03
jne NoDupe
mov edi,[EDIValue]
jmp DoNormal
NoDupe:
mov ebx, 0
mov [DXListOffset],ebx
mov [DXCounter],0
DoNormal:
mov [esi+114],edi
LeaveMe:
pop edx
pop ecx
pop ebx
pop eax
jmp back
DXPause:
cmp eax,[TotalTime]
jae DXResetCounter
jmp DoNormal
DXResetCounter:
mov [DXCounter],0
jmp DoNormal
DXReset:
mov ebx, 0
mov [DXListOffset],ebx
mov [DXCounter],0
mov [DXType],1
jmp DoNormal
006923F9:
jmp DX
nop
back:
[DISABLE]
006923F9:
mov [esi+114],edi
dealloc(DXFindChar)
dealloc(DXListOffset)
dealloc(ESIList)
dealloc(DX)
dealloc(EDIValue)
dealloc(DXCounter)
unregistersymbol(DX)
unregistersymbol(DXListOffset)
unregistersymbol(DXType)
FAQ:
1.- ¿Volverán a resetear EMS?
Nop, ya lo abrieron oficialmente el 12 de Abril.
2.- ¿Me puedo registrar?
Claro
3.- ¿Con que Vac entreno?
Con el DICE Vac, aqui no DC.
4.- ¿Te puedo agregar al Buddy en EMS?
Bueno, eso será para algunas personas de aqui, no todas.
5.- ¿Se reinicia la pc cuando quiero entrar al maple ?
A lo mejor pusiste mal los settings, checalos y si estan bien me avisas a ver que más podemos hacer.
6.- Te puedo agregar en eMs? Primero agregame al msn y ahi nos ponemos de acuerdo.
www.mapleeurope.com
Creditos: TuT Hecho por m4g0d30z exclusivamente para Tsforos, Pointers y adresses gracias a MPCF
PD: Los Scripts son los nuevos actualizados.
Usaremos el Kapersky Engine 3.3
[url=http://rapidshare.com/files/20209630/Kaspersky_Engine_3.3_Setup.exe]Descargar KasperSky
Aqui estan los settings.
Citar
General Settings:
Show undo button
Show advanced options.
Update the list of found addresses even after scanning
Center Kaspersky Engine 2 when bringing to front
Hide some/all window instead of trying to bring Kaspersky Engine 2 to front
Show value as if they are signed
Show and work with binaries as if they are decimals
Scan Settings:
Fast scan on by default
Enable Hyperscan when possible
Don't scan memory that is protected with the No Cache option
Keep low memory usage when doing an "Unknown Initial Value scan" with Hyper Scan
MEM_PRIVATE:Memory that is private.
MEM_IMAGE:Memory that is mapped into the view of an image section
MEM_MAPPED:Memory that is mapped into the view of a section
(E.g:File mapping, slow)
Run scan in seperate thread.
File Associations:
Nothing Checked
Plugins:
Do Nothing (Skip)
Code Finder:
Use Debug Registers (aka Harware Breakpoints)
Memory Access Exceptions
Try to prevent detection of the debugger
Handle breakpoints not caused by CE
Assembler:
Show disassembler
Show debugger options
* Use hardware breakpoints (Max 3)
Use int3 instructions for breakpoints (Unlimited)
Replace incomplete opcodes with nops
Ask for replace with nop
Try to prevent detection of the debugger
Extra:
Query memory region routines
Read/Write Process Memory
Open Process
Undo changes to CE
Force memory to be writable in case the standard method is blocked
Enable use of the Process Watcher
Use kernelmode debugger options when possible
Stealth mode (Usermode)
Stealth mode (Kernelmode)
Necesitamos la CEM para poder correr el CRC bypass.
Cem
Necesitamos una CT para correr nuestros hacks:
Ct.
**Nota ** Trae incluido el CEM asi que no tendrán problema.
Ahora necesitaremos un BOT:
Cakepub II No necesita bypass.
Bot
Citar
MzBot v1.2.0 Debug
===============
Features:
- Bunny Hop
- Auto Loot
- Auto Attack
- Auto Click
- Auto pot
- Auto Skill ( 1 Slot, automatically press a key for a specific interval )
- Hide its window.
Hotkey settings:
F9 - Toggle Bunny Hop
F10 - Toggle Auto Loot
F11 - Toggle Auto Attack
F12 - Toggle Auto Click
NumPad1 - Toggle Auto Potting
NumPad2 - Set HP Position ( move your mouse to wherever you want it to be )
NumPad3 - Set MP Position ( same as above )
NumPad Addition - Speed up auto clicker by a few millisecond
NumPad Subtraction - Slow down auto clicker by a few millisecond
Ctrl+Alt+F8 - Show and Hide MzBot
Maple Key setting:
Jump key - Alt
Attack key - Ctrl
Loot key - "Z"
Auto Skill key - "N"
HP Pot - 9
MP Pot - 0
Auto Skill:
Just put the interval in millisecond into the box below Auto Skill checkbox then check it to enable.
Note:
- Do not alt+tab when some feature is on, you will screw up, and it's your fualt, stupid
- If you use CE, start CE first, then start MzBot. ( Or there will be error. )
- To ensure you are not getting a trojan-ed version of MzBot, verify the file size and md5 hash
Debug Features:
View them in Debug View. ( Regarding Auto Potting )
Addresses and pointers: Credits baraklevi
Unlimited Attack - Pointer: 00795c9c Offset: 1348
No Breath - Pointer: 00795c9c Offset: 2C8
Speed Attack - Pointer: 00795c9c Offset: 2D8
Char X - Pointer: •Still Not Avilable• Offset: 57C
Char Y - Pointer: •Still Not Avilable• Offset: 580
Item X - Pointer: 00795c9c Offset: 57C
Item Y - Pointer: 00795c9c Offset: 580
Left Wall - Pointer: 00795120 Offset: C
Right Wall - Pointer: 00795120 Offset: 14
Top Wall - Pointer: 00795120 Offset: 10
Bottom Wall - Pointer: 00795120 Offset: 18
People Scanner - Pointer: 00795128 Offset: 18
Scripts:
CRC Bypass:
Código:
ALLOC(crc,128)
ALLOC(dump,3670018)
LABEL(oldmem)
LABEL(ret)
LOADBINARY(dump,eMS.CEM)
crc:
CMP ECX,00400000
JB oldmem
CMP ECX,00780000
JA oldmem
MOV EAX,dump
ADD ECX, dump-400000
oldmem:
MOV EAX,[EBP+10]
DB 56 57
JMP ret
00459A60:
JMP crc
ret:
00459A60:
MOV EAX,[EBP+10]
DB 56 57
DEALLOC(crc)
DEALLOC(dump)
Full GodMode:
Código:
//Full GodMode
0065DE36:
db 0f 84
//Full GodMode
0065DE36:
db 0f 85
SuperTubi:
Código:
//SuperTubi
0048A28E:
db 90 90
//SuperTubi
0048A28E:
db 75 36
Swear Filter:
Código:
//Swear Filter
0044D388:
db 90 90
//Swear Filter
0044D388:
db 74 1c
Shadow Partner:
Código:
//Shadow Partner
00646C3C:
db 0f 85
//Shadow Partner
00646C3C:
db 0f 84
No Breath:
Código:
//No Breath
004A9AD9: //DROP ITEM
db eb 23
0048C3F1: //CHANGE CHANNEL
db eb 10
006B6DED: //CASH SHOP
db eb 13
//No Breath
004A9AD9:
db 7e 23
0048C3F1:
db 7e 10
006B6DED:
db 7e 13
Pin Unrandomizer:
Código:
//Pin Unrandomize
alloc(pinunrandom,128)
label(returnhere)
00604945:
jmp pinunrandom
returnhere:
pinunrandom:
add eax,edx
push edx
shr edx,1
mov ,edx
pop edx
cmp byte ptr ,0a
jmp returnhere
//Pin Unrandomize
00604945:
add eax,edx
cmp byte ptr ,0a
dealloc(pinunrandom)
Pin KeyBoard Writer:
[enable]
00474695:
db 0f 83
[disable]
00474695:
db 0f 86
Full Map Item Vac:
Código:
[ENABLE]
//Full Map Item Vac
alloc(itemvac, 1024)
itemvac:
pushad
mov ecx, [ebp+8]
mov ebx, [ebp-24]
mov [ecx], ebx
mov [ecx+4], eax
mov ecx, eax
mov eax, ebx
lea edx, [eax-19]
mov [ebp-34], edx
lea edx, [ecx-32]
add eax, 19
add ecx, A
mov [ebp-30], edx
mov [ebp-2C], eax
mov [ebp-28], ecx
popad
push eax
push [ebp-24]
lea eax, [ebp-34]
jmp 0049126A
00491263:
jmp itemvac
nop
nop
[DISABLE]
//Full Map Item Vac
00491263:
push eax
push [ebp-24]
lea eax, [ebp-34]
Mouse Item Looter:
Código:
[ENABLE]
//Mouse Item Looter Script!
//By Gthuggin!
alloc(MouseItemLoot, 1024)
MouseItemLoot:
pushad
mov ecx, [ebp+8]
mov ebx, [ebp-24]
mov [ecx], ebx
mov [ecx+4], eax
mov ecx, eax
mov eax, ebx
mov ebx,[0079526c]
mov ebx,[ebx+10]
mov eax,[ebx+80] // mouse x
mov ecx,[ebx+84] // mouse y
mov [ebp-2C], eax
mov [ebp-28], ecx
popad
push eax
push [ebp-24]
lea eax, [ebp-34]
jmp 0049126A
00491263:
jmp MouseItemLoot
nop
nop
[DISABLE]
00491263:
push EAX
push [ebp-24]
lea eax, [ebp-34]
dEM Vac:
Código:
[enable]
alloc(dv,100)
alloc(dvtype,4)
label(normalx)
label(normaly)
label(endx)
label(endy)
label(backdv)
label(dvzero)
label(dvone)
registersymbol(dvtype)
dv:
mov eax, [00795c9c]
push eax
mov eax, [eax+57C]
mov [ebx+3FC], eax
cmp [dvtype], 0
je dvzero
cmp [dvtype], 1
je dvone
sub eax, 100
jmp dvzero
dvone:
add eax, 100
dvzero:
mov [ebx+3F4], eax
pop eax
mov eax, [eax+580]
mov [ebx+3F4], eax
mov [ebx+400], eax
jmp backdv
push ecx
mov ecx, [00795c9c]
add ecx,57C
cmp ebx, ecx
je normalx
mov ecx, [ecx]
cmp [dvtype], 0
cmp [dvtype], 1
sub ecx, 100
add ecx, 100
cmp [ebx],ecx
je endx
normalx:
mov [ebx],eax
endx:
pop ecx
mov edi, [ebp+10]
push ecx
mov ecx, [00795c9c]
add ecx,580
cmp edi, ecx
je normaly
mov ecx, [ecx]
cmp [edi],ecx
je endy
normaly:
mov [edi],eax
endy:
pop ecx
mov ebx, [ebp+14]
0051E076:
jmp dv
nop
backdv:
[disable]
0051E076:
mov [ebx+400], eax
dealloc(dv)
dealloc(uvx)
dealloc(uvy)
dealloc(dvtype)
unregistersymbol(dvtype)
Controlled Att Tele:
Cuando agregas y frezeas este script, agregas un pointer: couler
descripcion: attack per teleport.[/color]
Código:
[ENABLE]
alloc(tele,128)
alloc(toucher,4)
alloc(couler,4)
registersymbol(couler)
label(retour)
label(desactiver)
toucher:
db 00 00 00 00
couler:
db 05 00 00 00
0065A15E:
jmp tele
retour:
tele:
push eax
push ebx
inc [toucher]
mov eax,[toucher]
mov ebx,[couler]
cmp eax,ebx
pop ebx
pop eax
jl desactiver
mov [toucher],0
cmp [ebp-10],esi
jne 0065a168
jmp retour
desactiver:
cmp [ebp-10],esi
je 0065a168
jmp retour
[DISABLE]
0065A15E:
cmp [ebp-10],esi
je 0065a168
Item Filter:
Código:
[enable]
Alloc(filter,124)
label(ifreject)
label(end)
label(skip)
Alloc(iftable,512)
label(ifexit)
filter:
push ebx
push esi
xor ebx, ebx
mov esi,iftable
ifreject:
cmp eax,[esi]
je skip
cmp [esi],ebx
je end
add esi,4
jmp ifreject
skip:
mov eax,00
end:
pop esi
pop ebx
mov [edi+34], eax
mov edi, [ebp-14]
jmp ifexit
iftable:
dd 1F6EE0 //Arrow for Bow
dd 1F72C8 //Arrow for Crossbow
dd 1F6EE1 //Bronze Arrow for Bow
dd 1F72C9 //Bronze Arrow for Crossbow
dd 1E8480 //Red Potion
dd 1E8481 //Orange Potion
dd 1E8482 //White Potion
dd 1E8483 //Blue Potion
dd 1E8486 //Mana Elixer
dd 1E8487 //Red Pill
dd 1E8488 //Orange Pill
dd 1E8489 //White Pill
dd 1E848A //Blue Pill
dd 1E848B //Mana Elixer Pill
dd 1F47D4 //All Cure Potion
dd 1F47D0 //Antidote
dd 1F47D1 //Eye Drop
dd 1F47D3 //Holy Water
dd 1F47D2 //Tonic
dd 1E8C50 //Dexterity Potion
dd 1E8C52 //Magic Potion
dd 1E8C55 //Sniper Potion
dd 1E8C51 //Speed Potion
dd 1E8C54 //Warrior Potion
dd 1E8C53 //Wizard Potion
dd 1E8C59 //Dexterity Pill
dd 1E8C57 //Magic Pill
dd 1E8C58 //Sniper Pill
dd 1E8C5A //Speed Pill
dd 1E8C56 //Warrior Pill
dd 1EAB93 //Orange
dd 1EAB94 //Lemon
dd 1ED2AF //Sunset Dew
dd 1E8868 //Watermelon
dd 1EDA73 //Unagi
dd 3D2071 //The Summoning Rock
dd 3D2070 //The Magic Rock
dd 3D09B3 //A bundle of goby
dd 3D09D7 //Axe
dd 3D0950 //Bain's Spiky Collar
dd 3D0994 //Binding Bridle
dd 3D0963 //Bloctopus Key Chain
dd 3D0909 //Blue Mushroom Cap
dd 3D0900 //Blue Snail Shell
dd 3D0966 //Blue Toy Block
dd 3D09A4 //Bubble Fish's Thoughts
dd 3D0925 //Bubbling's Huge Bubble
dd 3D0982 //Buffoon's Grandpa Clock
dd 3D0980 //Buffy's Hat
dd 3D09B8 //Butter-Toasted Squid
dd 3D0946 //Cellion Tail
dd 3D094F //Cerebes' Tooth
dd 3D0908 //Charm of the Undead
dd 3D096F //Cheap Battery
dd 3D097D //Chief Gray's Sign
dd 3D092C //Clang Claw
dd 3D0971 //Clock Spring
dd 3D0973 //Cog
dd 3D0917 //Cold Eye's Tail
dd 3D0921 //Croco Skin
dd 3D090D //Curse Eye's Tail
dd 3D091F //Cursed Doll
dd 3D09BA //Dark Drake's Horn
dd 3D0957 //Dark Leatty Furball
dd 3D0937 //Dark Jr. Yeti's Skin
dd 3D093E //Dark Nependeath's Seed
dd 3D0939 //Dark Pepe's Beak
dd 3D0919 //Dark Stone Golem Rubble
dd 3D0938 //Dark Yeti's Horn
dd 3D0983 //Deep Buffoon's Rock Piece
dd 3D09CD //Dirty Bandage
dd 3D091E //Dragon Skin
dd 3D090E //Drake's Skull
dd 3D0985 //Dual Pirate's Propeller
dd 3D0907 //Evil Eye's Tail
dd 3D0992 //Evil Spirit
dd 3D0944 //Fierry's Tentacles
dd 3D0918 //Fire Boar's Tooth
dd 3D0951 //Firebomb Flame
dd 3D0955 //Fire Sentinel Shellpiece
dd 3D0912 //Firewood
dd 3D09A5 //Flamboyant Petal
dd 3D09A2 //Flamboyant Scale Skin
dd 3D094C //Flyeye Wing
dd 3D0990 //Free Spirit
dd 3D0984 //Ghost Pirate's Key
dd 3D0987 //Gigantic Viking Hat
dd 3D090C //Green Mushroom Cap
dd 3D0948 //Grupin Tail
dd 3D09A7 //Hard Needle
dd 3D0960 //Hard Walnut
dd 3D0933 //Hector's Tail
dd 3D090F //Horny Mushroom Cap
dd 3D09D0 //Horse Skull
dd 3D09B9 //Ice Backbone
dd 3D0996 //Ice Piece
dd 3D0954 //Ice Sentinel Shellpiece
dd 3D09B5 //Iced Shark's Fin
dd 3D09B7 //Ink Bottle
dd 3D09B2 //Iron Boar Armor
dd 3D0927 //Iron Hog's Metal Hoof
dd 3D0943 //Jr. Boogie's Horns
dd 3D094E //Jr. Cerebes' Tooth
dd 3D0922 //Jr. Necki's Skin
dd 3D0958 //Jr. Pepe's Fish
dd 3D0953 //Jr. Sentinel Shellpiece
dd 3D0930 //Jr. Yeti's Skin
dd 3D0981 //Lazy Buffy's Marble
dd 3D0905 //Leaf
dd 3D0915 //Leather
dd 3D0956 //Leatty Furball
dd 3D0920 //Ligator Skin
dd 3D09B6 //Lime Powder Bottle
dd 3D0947 //Lioner Tail
dd 3D092B //Lorang Claw
dd 3D094A //Lucida Tail
dd 3D093C //Lunar Pixie's Moonpiece
dd 3D091A //Lupin Doll
dd 3D091D //Lupin's Banana
dd 3D093D //Luster Pixie's Sunpiece
dd 3D0936 //Lycanthrope's Toenail
dd 3D0929 //Malady's Experimental Frog
dd 3D0978 //Mateon's Tentacle
dd 3D097A //Mecateon's Laser Gun
dd 3D0970 //Mechanical Heart
dd 3D0924 //Medicine With Weird Vibes
dd 3D09B1 //Mixed Block
dd 3D0968 //Motor
dd 3D090B //Mushroom Spore
dd 3D09A0 //Needle
dd 3D093A //Nependeath's Seed
dd 3D0906 //Octopus's Leg
dd 3D0901 //Orange Mushroom Cap
dd 3D096C //Panda Doll
dd 3D09CF //Pelvic Bone
dd 3D0932 //Pepe's Beak
dd 3D0911 //Pig's Head
dd 3D0902 //Pig's Ribbon
dd 3D0969 //Plane Controller
dd 3D0964 //Plastic Crown
dd 3D0979 //Plateon's Helmet
dd 3D099F //Poison Poopa's Poisonous Spikes
dd 3D099E //Poopa Egg
dd 3D0967 //Propeller
dd 3D095F //Rat Trap
dd 3D0977 //Receiving Apparatus
dd 3D0910 //Red Snail Shell
dd 3D09CE //Rib
dd 3D09A3 //Seahorse Horn
dd 3D09A1 //Seahorse Tail
dd 3D099D //Seal Meat
dd 3D099B //Seal Skin
dd 3D099C //Seal Tooth
dd 3D0995 //Sealed Bottle
dd 3D0993 //Sealed Teddy Bear
dd 3D0991 //Sealed-up Grandpa Clock
dd 3D09C3 //Seedling
dd 3D093F //Sentinel Shellpiece
dd 3D09B4 //Shark Denture
dd 3D09A6 //Shrimp Meat
dd 3D09CC //Skeledog's Bone
dd 3D09C5 //Slate
dd 3D090A //Slime's Bubble
dd 3D0974 //Small Egg
dd 3D0976 //Small Spaceship
dd 3D0913 //Snail Shell
dd 3D0999 //Snorkle
dd 3D14BD //Soft Feather
dd 3D0949 //Solid Horn
dd 3D0975 //Space Food
dd 3D0961 //Spiderweb
dd 3D0904 //Squishy Liquid
dd 3D093B //Star Pixie's Piece of Star
dd 3D0962 //Sticky Spiderweb
dd 3D14BC //Stiff Feather
dd 3D092A //Stirge's Wing
dd 3D0916 //Stone Golem´s Rubble
dd 3D09A8 //Sunflower Seed
dd 3D0972 //Table Clock
dd 3D0923 //Tablecloth
dd 3D091C //Tauromacis's Horn
dd 3D092E //Taurospear's Horn
dd 3D096A //Teddy's Cotton
dd 3D096B //Teddy's Yellow Ribbon
dd 3D099A //Toy Baby Seal
dd 3D097F //Toy Drum
dd 3D096D //Toy Duckling
dd 3D096E //ToyTroyan Sword
dd 3D0903 //Tree Branch
dd 3D092D //Tortie Shell
dd 3D0986 //Viking Sail
dd 3D0935 //Werewolf's Toenail
dd 3D0934 //White Pang's Tail
dd 3D0914 //Wild Boar's Tooth
dd 3D091B //Wild Cargo's Eye
dd 3D82BA //Wooden Board
dd 3D097B //Worn-Out Goggle
dd 3D0965 //Yellow Toy Block
dd 3D0931 //Yeti's Horn
dd 3D0952 //Zombie's Lost Gold Tooth
dd 3D0945 //Zombie's Lost Tooth
dd 3D098F //Zombie Teddy Bear
dd 3D7E3C //Monster Card
dd 3D7E3D //Bloctopus Omok Piece
dd 3D7E31 //Mushroom Omok Piece
dd 3D7E3A //Octopus Omok Piece
dd 3D7E39 //Omok Table
dd 3D7E3F //Panda Teddy Omok Piece
dd 3D7E3B //Pig Omok Piece
dd 3D7E3E //Pink Teddy Omok Piece
dd 3D7E30 //Slime Omok Piece
dd 3D7E40 //Trixter Omok Piece
dd 3D3013 //Adamantium Ore
dd 3D3010 //Bronze Ore
dd 3D3016 //Gold Ore
dd 3D3012 //Mithril Ore
dd 3D3015 //Orihalcon Ore
dd 3D3014 //Silver Ore
dd 3D3011 //Steel Ore
dd 3D5721 //Amethyst Ore
dd 3D5722 //Aquamarine Ore
dd 3D5728 //Black Crystal Ore
dd 3D5727 //Diamond Ore
dd 3D5723 //Emerald Ore
dd 3D5720 //Garnet Ore
dd 3D5724 //Opal Ore
dd 3D5725 //Sapphire Ore
dd 3D5726 //Topaz Ore
dd 3D18A2 //DEX Crystal Ore
dd 3D18A3 //LUK Crystal Ore
dd 3D18A0 //Power Crystal Ore
dd 3D18A1 //Wisdom Crystal Ore
dd 00
00492449:
jmp filter
nop
ifexit:
[disable]
00492449:
mov [edi+34], eax
mov edi, [ebp-14]
The New UA Working:
Código:
[enable]
// NON D/C Unlimited Attack!
// By Gthuggin of CEF
alloc(UnlimitedAttack,64)
alloc(SecksyCheck,44)
UnlimitedAttack:
mov eax,[00795c9c]
mov ebx,[eax+57c]
sub ebx,00000001
mov [eax+57c],ebx
popad
cmp eax,edi
mov [ebp-20],eax
je 0051df8e
SecksyCheck:
pushad
mov eax,[00795c9c]
mov eax,[eax+1348]
cmp eax,00000062
jnl UnlimitedAttack
popad
cmp eax,edi
mov [ebp-20],eax
je 0051df8e
0051DF28:
jmp SecksyCheck
nop
nop
[disable]
0051DF28:
cmp eax,edi
mov [ebp-20],eax
je 0051df8e
dealloc(UnlimitedAttack)
dealloc(SecksyCheck)
unrandomizer script:
Código:
[Enable]
006E485D:
mov eax,11111113
[Disable]
006E485D:
and eax,00007fff
Uber CRC\Range Uber CRC ( D\C )
Código:
[ENABLE]
registersymbol(UberX)
registersymbol(UberY)
alloc(UberY,64)
alloc(CharY,16)
alloc(UberX,64)
alloc(CharX,16)
UberX:
call 006e4758
push eax
mov eax, [00795c9c]
lea eax, [eax+57C]
cmp ebx, eax
je CharX
mov eax, [eax]
// sub eax, -100 // Here
mov [ebx], eax
pop eax
jmp 00692BE7
CharX:
pop eax
mov [ebx], eax
jmp 00692BE7
UberY:
call 006e4758
push eax
mov eax, [00795c9c]
lea eax, [eax+580]
cmp edi, eax
je CharY
mov eax, [eax]
mov [edi], eax
pop eax
jmp 00692C4C
CharY:
pop eax
mov [edi], eax
jmp 00692C4C
00692BE0:
jmp UberX
00692C45:
jmp UberY
[DISABLE]
00692BE0:
call 006e4758
00692C45:
call 006e4758
unregistersymbol(UberX)
unregistersymbol(UberY)
dealloc(UberY)
dealloc(CharY)
dealloc(UberX)
dealloc(CharX)
Mouse vac:
Código:
[ENABLE]
alloc(MouserX,512)
alloc(MouserY,512)
label(back)
label(return)
00692BE7:
jmp MouserX
back:
00692C4A:
jmp MouserY
return:
MouserX:
mov eax,[0079526c]
mov eax,[eax+10]
mov eax,[eax+80]
mov [ebx],eax
mov edi,[ebp+10]
jmp back
MouserY:
mov eax,[0079526c]
mov eax,[eax+10]
mov eax,[eax+84]
mov [edi],eax
mov ebx,[ebp+14]
jmp return
[DISABLE]
00692BE7:
mov [ebx],eax
mov edi,[ebp+10]
00692C4A:
mov [edi],eax
mov ebx,[ebp+14]
dealloc(MouserX)
dealloc(MouserY)
Slow DupeX:
Despues de agregar el codigo ve al pointer.
descripcion: Pointer Freeze
address: Pointer
Ofset: 110
Código:
[ENABLE]
alloc(CodeCave,32)
alloc(Pointer,32)
registersymbol(CodeCave)
registersymbol(Pointer)
label(ReturnHere)
CodeCave:
push ecx
mov ecx,Pointer
mov [ecx],esi
pop ecx
mov [esi+00000114],edi
jmp ReturnHere
00691AA4:
jmp CodeCave
nop
ReturnHere:
[DISABLE]
00691AA4:
mov [esi+00000114],edi
dealloc(CodeCave)
dealloc(Pointer)
unregistersymbol(CodeCave)
unregistersymbol(Pointer)
Item Explosion:
Código:
[enable]
00492283:
db 0F 8C
[disable]
00492283:
db 0F 84
Fall Through Floor:
Código:
[enable]
00690B12:
db 0f 83
[disable]
00690B12:
db 0f 86
Lemmings:
Código:
[Enable]
// Lemmings
00695059:
db 0f 85
[Disable]
// Lemmings
00695059:
db 0f 84
Uber Lemmings Left:
Código:
[Enable]
//Uber Lemmings Left (Duffy290/Jewbacca)
00690164:
db 90
00695059:
db 0f 85
[Disable]
//Uber Lemmings Left (Duffy290/Jewbacca)
00690164:
db 73 04
00695059:
db 0f 84
Uber Lemmings Right:
Código:
[Enable]
//Uber Lemmings Right (Duffy290/Jewbacca)
0069013C:
db 77 2e
00695059:
db 0f 85
[Disable]
//Uber Lemmings Right (Duffy290/Jewbacca)
0069013C:
db 76 2e
00695059:
db 0f 84
Suck/Tele UP:
Código:
[ENABLE]
//Suck/Tele UP
00691880:
db 76
[DISABLE]
//Suck/Tele UP
00691880:
db 73
suck left swim addy:
Código:
[enable]
//suck left swim addy v1
alloc(Vacem,256)
label(return)
00730808:
jmp Vacem
return:
Vacem:
inc [00687718]
nop
nop
jmp return
[disable]
//suck left swim addy v1
00730808:
add [eax], al
add [eax], al
add [eax], al
dealloc(Vacem)
Suck Right:
Código:
[Enable]
00695e13:
ja 00695e3b
[Disable]
00695e13:
jna 00695e3b
Suck Left:
Código:
[enable]
006922BC:
jbe 00692324
[disable]
006922BC:
jae 00692324
Suck Left v2:
Código:
[enable]
00731808:
dd 1
[disable]
00731808:
dd 0
Suck/tele Left:
Código:
[enable]
006920D5:
db 77
[disable]
006920D5:
db 73
Suck/tele Right:
Código:
[enable]
00692144:
db 77
[disable]
00692144:
db 76
PerVac:
Código:
[ENABLE]
00692324:
nop
nop
nop
nop
nop
nop
[DISABLE]
00692324:
mov ecx,[edi+00000134]
Shifu Vac:
Código:
[ENABLE]
0068f83a:
jne 0068f96e
[DISABLE]
0068f83a:
jmp 0068f96e
Instant Drop:
Código:
[ENABLE]
732BC8:
add [eax], al
add [eax], al
add [eax], al
add [eax], al
[DISABLE]
732BC8:
add [eax], al
add [eax], al
add [eax-71], al
inc eax
Lag Hack:
Código:
[ENABLE]
//Lag Hack
0068F78D:
jne 0068f79a
[DISABLE]
//Lag Hack
0068F78D:
je 0068f79a
Freeze to Crash:
Código:
[Enable]
006E513D:
jmp 0
[Disable]
006E513D:
and eax,00007fff
Selective WallVac Bypass:
Cuando agregas el script lo frezeas y agregas el pointer:
address: bool
Descripcion Bool
Código:
[ENABLE]
alloc(begin,2048)
alloc(olddata,32)
alloc(pointer,4)
alloc(bool,4)
registersymbol(bool)
registersymbol(olddata)
label(set)
label(ret)
label(end)
begin:
cmp [bool],1
je set
ret:
mov esi,olddata
movsd
movsd
movsd
movsd
pop edi
jmp end
set:
mov esi,[00797120]
mov esi,[esi+0C]
mov [pointer], esi
mov esi,[pointer]
mov [olddata],esi
mov esi,[00797120]
mov esi,[esi+10]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+04],esi
mov esi,[00797120]
mov esi,[esi+14]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+08],esi
mov esi,[00797120]
mov esi,[esi+18]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+0C],esi
mov [bool],0
jmp ret
0068F36D:
jmp begin
end:
olddata:
DB 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
pointer:
DB 00 00 00 00
bool:
DB 01 00 00 00
[DISABLE]
dealloc(begin)
dealloc(olddata)
dealloc(pointer)
dealloc(bool)
0068F36D:
movsd
movsd
movsd
movsd
pop edi
dICE Vac:
Código:
[enable]
//dICE Vac
alloc(dICE,64)
alloc(right,4)
alloc(left,4)
registersymbol(right)
registersymbol(left)
label(return)
dICE:
pushad
mov edx, [00797c9c]
mov ebx, [edx+57C]
mov ecx,[edx+580]
add ebx, [right]
sub ebx, [left]
mov eax,[00797120]
mov [eax+C],ebx
mov [eax+14],ebx
mov [eax+10],ecx
mov [eax+18],ecx
popad
mov [ebx], eax
mov edi,[ebp+10]
jmp return
right: //Set right to 0.
db 00 00
left: //Set left to 0.
db 00 00
00693534:
jmp dICE
return:
00695E42:
db 0f 84
0068FA46:
db 75
0068FCE2:
db 0f 85
[disable]
//dICE Vac
00693534:
mov [ebx], eax
mov edi,[ebp+10]
00695E42:
db 0f 85
0068FA46:
db 74
0068FCE2:
db 0f 84
dealloc(dICE)
dealloc(left)
dealloc(right)
unregistersymbol(left)
unregistersymbol(right)
Timed-Dupex:
Código:
[ENABLE]
registersymbol(DX)
registersymbol(DXListOffset)
registersymbol(DXType)
alloc(DX, 1024)
alloc(DXListOffset, 4)
alloc(DXType,4)
alloc(DXFindChar, 1024)
alloc(ESIList, 1024)
alloc(EDIValue, 4)
alloc(DXMap,4)
label(CompareOffset)
label(StoreESI)
label(DoNormal)
label(LeaveMe)
label(DXMonster)
label(NoDupe)
label(DoVac)
alloc(DXCounter,4)
registersymbol(VacTime)
registersymbol(TotalTime)
alloc(VacTime,4)
alloc(TotalTime,4)
alloc(DXCounter,4)
label(DXPause)
label(DXResetCounter)
label(DXReset)
label(back)
DXCounter:
add [eax],al
add [eax],al
VacTime:
js 0ff90c16
add [eax],al
TotalTime:
or [edi],al
add [eax],al
DXCounter:
sub al,01
add [eax],al
//Original Code
DXListOffset:
add [eax],al
add [eax],al
DXType:
add [eax],al
add [eax],al
DX:
push eax
push ebx
push ecx
push edx
mov ebx,[DXType]
cmp ebx, 00 // 0 = Do Nothing
je NoDupe
cmp ebx, 01
je DXFindChar
cmp ebx, 02
je DoVac
cmp ebx, 03
je DoVac
//Modified Code
cmp ebx, 04
je DXReset
jmp DoNormal
DXFindChar:
mov [esi+114],edi
mov eax,0
mov ebx,DXListOffset
mov ecx,ESIList
mov edx,EDIValue
CompareOffset:
cmp eax,[ebx]
je StoreESI
cmp esi,[ecx+eax*4]
je LeaveMe
inc eax
jmp CompareOffset
StoreESI:
mov [ecx+eax*4],esi
inc eax
mov [ebx],eax
mov [edx],edi
DoVac:
mov eax,[DXCounter]
cmp eax,[VacTime]
inc eax
mov [DXCounter],eax
jae DXPause
//Original
mov ebx,[DXListOffset]
dec ebx
mov ecx,ESIList
mov eax,[ecx+ebx*4]
cmp esi,eax
je DoNormal
mov ebx,[DXType]
cmp ebx, 02
jne DXMonster
mov edi,[eax+114]
jmp DoNormal
DXMonster:
cmp ebx, 03
jne NoDupe
mov edi,[EDIValue]
jmp DoNormal
NoDupe:
mov ebx, 0
mov [DXListOffset],ebx
mov [DXCounter],0
DoNormal:
mov [esi+114],edi
LeaveMe:
pop edx
pop ecx
pop ebx
pop eax
jmp back
DXPause:
cmp eax,[TotalTime]
jae DXResetCounter
jmp DoNormal
DXResetCounter:
mov [DXCounter],0
jmp DoNormal
DXReset:
mov ebx, 0
mov [DXListOffset],ebx
mov [DXCounter],0
mov [DXType],1
jmp DoNormal
006923F9:
jmp DX
nop
back:
[DISABLE]
006923F9:
mov [esi+114],edi
dealloc(DXFindChar)
dealloc(DXListOffset)
dealloc(ESIList)
dealloc(DX)
dealloc(EDIValue)
dealloc(DXCounter)
unregistersymbol(DX)
unregistersymbol(DXListOffset)
unregistersymbol(DXType)
FAQ:
1.- ¿Volverán a resetear EMS?
Nop, ya lo abrieron oficialmente el 12 de Abril.
2.- ¿Me puedo registrar?
Claro
3.- ¿Con que Vac entreno?
Con el DICE Vac, aqui no DC.
4.- ¿Te puedo agregar al Buddy en EMS?
Bueno, eso será para algunas personas de aqui, no todas.
5.- ¿Se reinicia la pc cuando quiero entrar al maple ?
A lo mejor pusiste mal los settings, checalos y si estan bien me avisas a ver que más podemos hacer.
6.- Te puedo agregar en eMs? Primero agregame al msn y ahi nos ponemos de acuerdo.
www.mapleeurope.com
Creditos: TuT Hecho por m4g0d30z exclusivamente para Tsforos, Pointers y adresses gracias a MPCF
PD: Los Scripts son los nuevos actualizados.