killingspree888 (01-19-2023)
Complete beginner, so if there are mistakes in anything below, all critic is welcomed.
The following CE script is for Mano private server (v102). As I learn more about how to find different offsets I will be adding more scripts.
Ultimate Attack:
Code:alloc(newmem,2048) label(returnhere) label(originalcode) label(exit) newmem: originalcode: mov [ecx+08],00000000 mov eax,00000001 exit: jmp returnhere "MapleStory.exe"+668F29: jmp newmem nop 3 returnhere: [DISABLE] dealloc(newmem) "MapleStory.exe"+668F29: mov [ecx+08],eax mov eax,00000001 //Alt: db 89 41 08 B8 01 00 00 00]
Credits: killingspree888, guided hacking (youtube).
Last edited by guri101; 01-16-2023 at 12:22 AM.
killingspree888 (01-19-2023)
Godmode
No KnockbackCode:[ENABLE] 00AA6A2F: // Physical Godmode db 0F 84 7584C29C: // Magical Godmode db C2 04 00 90 90 [DISABLE] 00AA6A2F: // 0F 85 ? ? 00 00 8B 86 ? ? 00 00 83 ? ? 83 ? ? 0F db 0F 85 7584C29C: // 33 FF 39 BE ? ? ? ? 75 ? 8B 8E db 55 8D 6C 24 90
Suck LeftCode:[Enable] 0081E67B: db 00 [Disable] 0081E67B: //01 00 00 00 d8 d1 df e0 db 01
Suck RightCode:[ENABLE] 00B050B0: db D8 D9 [DISABLE] 00B050B0: // D9 C9 DC ? ? ? DC [Third Result] db D9 C9
Code:[ENABLE] 00B0508B: db D8 D9 [DISABLE] 00B0508B: // D9 C9 DC ? ? ? DC [Second Result] db D9 C9
Last edited by jpickle; 01-17-2023 at 10:42 AM.
Don't think either of us can send PMs and I don't want to post mine publicly.
My recommendation is that you download IDA (7.4+) and the v95 GMS leak, generate a FLIRT Signature file using something like idb2pat and then apply it to a dumped version of the mano client since they're similar enough versions. From there you'll have a few hundred named functions - and probably a couple hundred incorrectly named functions. It's a good enough base to start comparing and naming some things you're curious about though. You'll spend a lot of time reading and comparing assembly/pseudocode and it's a bit tedious and boring but you'll learn a bit about how the game actually functions and different ways to exploit it and have an easily searchable database of relevant functions. There should already be guides around for what I just mentioned but they might not all be exactly relevant to maplestory. They do a lot of reverse engineering in the private server development side of things as well so don't be afraid to check those resources. Don't forget SigMaker or one of the many forks so you can generate AoBs in IDA itself. You also don't have to use IDA specifically, just my personal preference and what i'm most comfortable with.
In the function CMobPool::FindHitMobInRect for example you can make a very small adjustment to the jnz with test near the bottom to attack the full map regardless of your character and the monsters positions (Might be tracked, you just change jnz->jmp/75->EB) or you can hook the CMob::GetPos function and make loot drop right on your position with the help of the CUserLocal pointer (TSingleton<CUserLocal>) and X, Y offsets or you can teleport your pet right to the loot. You can also mark down the function(s) alongside your AoB instead of relying solely on AoBs so it's easy to find if there's any big changes during game updates or for transferring between other servers.
Cheat Engine is also very useful for debugging an actual running game, and more fun, and I find it easier to find base addresses and some other things with it. Great guides for getting familiar with it but unfortunately over the years most of the maplestory specific forums have shut down and disappeared. Lots of experimentation, and sometimes frustration, involved in seeing what the server and client actually allow you to do but from what i've seen so far Mano is pretty lax.
Last edited by jpickle; 01-21-2023 at 11:06 PM.