[GMS v145.2] Bypassless GND & Unlimited Mana CE Scripts

[Troxies]

Bypassless Generic No Delay

Code:

[ENABLE]
alloc(Hook, 512)
globalalloc(HookRet, 4)
label(JMP1)
label(JMP2)
label(JMP3)
label(JMP4)
label(JMP5)
label(Return)
label(ReturnHook)

Hook:
cmp dword ptr [esp+2C], 0119B6F7 //89 45 D8 8B ?? ?? ?? FF FF 8B ?? 8B 8D ?? ?? FF FF 8B 42 ?? FF D0 50 E8 ?? ?? ?? FF 83 C4 04 85 C0
jne Return
mov dword ptr [esp+2C], ReturnHook

Return:
jmp [HookRet]

ReturnHook:
mov [ebp-28],eax
mov eax,[ebp-00002D78]
mov edx,[eax]
mov ecx,[ebp-00002D78]
mov eax,[edx+68]
call eax
push eax
call 0056AE40
add esp,04
test eax,eax
je JMP1
mov ecx,[ebp-00000234]
push ecx
mov ecx,[ebp-70]
call 0068AB60
test eax,eax
je JMP1
mov [ebp-00002D8C],00000001
jmp JMP2

JMP1:
mov [ebp-00002D8C],00000000

JMP2:
mov edx,[ebp-00002D8C]
mov [ebp-50],edx
mov eax,[ebp-00000234]
push eax
mov ecx,[ebp-00002D78]
call 011DB120
mov [ebp-00000248],eax
cmp dword ptr [ebp+10],00
je JMP3
//Chubbz was here
mov ecx,[ebp+10]
mov [ecx],00000041

JMP3:
call 01228010
mov [ebp-00000150],eax
mov ecx,[ebp-00002D78]
add ecx,04
mov edx,[ebp-00002D78]
mov eax,[edx+04]
mov edx,[eax+20]
call edx
mov [ebp-00000270],eax
cmp dword ptr [ebp-00000234],00
je JMP4
mov eax,[ebp-00002D78]
mov ecx,[ebp-00000234]
cmp ecx,[eax+0000A2AC]
jne JMP4
mov [ebp-00002D90],00000001
jmp JMP5

JMP4:
mov [ebp-00002D90],00000000

JMP5:
mov edx,[ebp-00002D90]
mov [ebp-68],edx
mov eax,[ebp-00000234]
push eax
movzx eax, byte ptr [ebp-00002D90] //Same as above mov edx
neg eax
sbb eax, eax
add eax, 01
mov byte ptr [ebp-00002D90], al //Same as above
mov byte ptr [ebp-68], al //Same as above edp-XX
pop eax
jmp 0119B7DD //Address of last push eax

HookRet:
//Follow call above return address until call dword ptr [xxxxxxxx]
readmem(01B2AA64, 4) //?? ?? ?? 00 00 00 00 00 00 00 00 00 00 00 04 0A 00 00 00 04 0C 00 00 00 04 0D 00 00 00 04 12 00

01B2AA64: //Same as above
dd Hook

[DISABLE]
01B2AA64: //Same as above
readmem(HookRet, 4)

dealloc(Hook)
dealloc(HookRet)

Credits:
0aixz0r for the original
lwlin for updating, providing a working script, and AoBs
Chubbz for making it less fucked up for coders who want to convert it..

----------

Bypassless Unlimited Mana

Code:

[ENABLE]
alloc(Hook, 512)
globalalloc(EHookRet, 4)
label(JMP1)
label(JMP2)
label(JMP3)
label(JMP4)
label(Return)
label(ReturnHook)

Hook:
cmp dword ptr [esp+14], 01180B85 //8B 44 24 64 8B 88 ? ? ? ? 51 05 ? ? ? ? 50 E8 ? ? ? ? 83 C4 ? 85 C0
jne Return
mov dword ptr [esp+14], ReturnHook

Return:
jmp [EHookRet]

ReturnHook:
mov eax,[esp+64]
mov ecx,[eax+00001A00]
push ecx
add eax,000019F8
push eax
call 004014D0
add esp,08
test eax,eax
jne JMP1
mov eax,[esp+5C]
mov edx,[eax+3D]
push edx
add eax,39
push eax
call 00486E20
movzx eax,ax
cwde
push eax
call 0056AE10
add esp,0C
test eax,eax
je JMP1
test ebp,ebp
je 01180C98
mov esi,[ebp+00000174]
mov [esp+2C],00000000
mov byte ptr [esp+54],03
test edi,edi
jle JMP2
//Chubbz was here
cmp dword ptr [ebp+000001B4],00
je JMP2
lea ecx,[esp+28]
push ecx
lea edx,[esp+6C]
push edx
lea ecx,[ebp+000001A8]
call 00657620
test eax,eax
je JMP2
mov eax,[esp+2C]
add esi,[eax+3C]

JMP2:
imul esi,edi
mov eax,AE147AE1
imul esi
sar edx,05
mov ecx,edx
shr ecx,1F
add ecx,edx
add edi,ecx
test edi,edi
jg JMP3
xor edi,edi

JMP3:
lea ecx,[esp+28]
mov byte ptr [esp+54],02
call 00656060

JMP1:
test ebp,ebp
je JMP2
mov ebx,[esp+68]
push ebx
mov ecx,ebp
call 00660290
push ebx
mov ecx,ebp
mov esi,eax
call 00660340
imul esi,edi
jnl JMP4

JMP4:
xor edi,edi
jmp 01180B85+12B //Same as return address

EHookRet:
readmem(016190B0, 4) //Follow call above return address (call dword ptr [XXXXXXXX])

016190B0: //Same as above
dd Hook

[DISABLE]
016190B0: //Same as above
readmem(EHookRet, 4)

dealloc(Hook)
dealloc(EHookRet)

Credits:
To who ever released it for EMS
lwlin for converting to GMS
Chubbz for making it less fucked up for coders who want to convert it and added AoBs

Must use GND with Unlimited Mana in order to 'not lose mana'!

[chanhee7]

doesnt ms detect cheat engine?

[TTGH4CKER]

doesnt ms detect cheat engine?

Exactly what i was thinking

[chanhee7]

so how is this bypassless? 0.o

[chanhee7]

ok i found out. inject the code when the game launcher.exe is up with CE then close CE and click Play. Thx for this. but i dc often...