Character Movement Hook:
Code:
[Enable]
Alloc(GetFocusHook,128)
Alloc(CharMove,128)
Label(Return)
GetFocusHook:
cmp [esp],01373991 //3B ? 0F 85 ? ? ? 00 8B ? ? ? ? ? E8 ? ? ? ? 85 C0
jne Return
mov [esp],CharMove
Return:
jmp GetFocus
CharMove:
//Follow jne below hook address
//Offset in mov
mov [esp+1C], 0 // Left = -1 // Right = 1 // Nothing = 0
jmp 01373DFD //Address in jne
01A84980: //Above Hook address
dd GetFocusHook
[Disable]
01A84980: //Same as above
dd GetFocus
DeAlloc(GetFocusHook)
DeAlloc(CharMove)
Item Filter:
Code:
[ENABLE]
alloc(Hook,1024)
label(Return)
label(ReturnHook)
label(ItemFilter)
label(BlackList)
Hook:
cmp [esp],00699771 //ADDRESS_ItemHookCMP
jne Return
mov [esp],ReturnHook
Return:
jmp PtInRect
ReturnHook:
test eax,eax
je 00699775 //address below jne
//follow jne
//1st mov below^
mov eax,[esi+38]
je 006997CB //Address in jne
mov ecx, BlackList
jmp ItemFilter
ItemFilter:
cmp dword ptr [ecx],99999999
je 006997CB //Address in jne
cmp dword ptr [ecx],eax
je 00699775 //Address below jne
add ecx,04
jmp ItemFilter
BlackList:
dd #4000001 //Orange Mushroom Cap
dd 99999999 //End of List
01A84924: //PtInRect
dd Hook
[DISABLE]
01A84924: //Same as above
dd PtInRect
dealloc(Hook)
'Mob Control':
Code:
[ENABLE]
alloc(HookMobs,256)
label(Return)
label(ControlMobs)
HookMobs:
cmp [esp+14],0136C6E6 //8B ? ? ? ? 00 C7 00 ? ? 00 00 DD
jne Return
mov [esp+14],ControlMobs
Return:
jmp InterlockedDecrement
ControlMobs:
//00=No Aggro
//03=Fucked Up Mobs (Make all mobs 'fly')
//04=Freeze
//05=Move Right
mov dword ptr [esi+00000340],00 //Mob Movement Offset
jmp 0136C6EC //Address below hook address
016DB0C4: //Follow call above hook address [1st call dword ptr]
dd HookMobs
[DISABLE]
016DB0C4: //Same as above
dd InterlockedDecrement
dealloc(HookMobs)
CPU Hack:
Code:
[Enable]
alloc(Hook,256)
label(Return)
label(ReturnHook)
Hook:
//8B ? E8 ? ? ? FF 8B ? E8 ? ? ? FF 8B ? E8 ? ? ? FF 8B ? E8 ? ? ? FF 8B ? E8 ? ? ? FF 8B ? E8 ? ? ? FF ? 8B
cmp [esp+1E4],0095A4DC
jne Return
mov [esp+1E4],ReturnHook
Return:
jmp VariantInit
ReturnHook:
/*
mov ecx,ebx
call 0094E4A0 //CMapLoadable::RestoreTile
mov ecx,ebx
call 00959B00 //CMapLoadable::RestoreObj
mov ecx,ebx
call 00955580 //CMapLoadable::RestoreBack
mov ecx,ebx
call 0094D0E0 //CMapLoadable::RestoreWeather
*/
jmp 0095A4F8 //Address below ^
//Follow call above hook address
//Scroll down until you find call dword ptr
016DB338: //4byte Scan VariantInit
dd Hook
[Disable]
016DB338: //Same as above
dd VariantInit
dealloc(Hook)
Teleport:
Code:
[Enable]
Alloc(TeleportXY,128)
Alloc(TeleXY,8)
CreateThread(TeleportXY)
TeleXY:
dd -100 //X
dd -100 //Y
TeleportXY:
mov esi,[01A723F0] //Character Base
push 01
lea ecx,[esi+AAF8] //Teleport Toggle
call 005C0BF0 //SetMapleStoryData
push [TeleXY]
lea ecx,[esi+AB1C] //Teleport X
call 005C0BF0 //SetMapleStoryData
push [TeleXY+4]
lea ecx,[esi+AB10] //Teleport Y
call 005C0BF0 //SetMapleStoryData
ret
[Disable]
DeAlloc(TeleportXY)
DeAlloc(TeleX)
DeAlloc(TeleY)
Magical Godmode:
Code:
[Enable]
Alloc(MGMHook,256)
Label(MGMReturn)
MGMHook:
//85 ? 0F ? ? ? ? ? 39 ? ? ? ? ? 0F ? ? ? ? ? 8B ? E8 ? ? ? ? 85 ? 0F ? ? ? ? ? 8B ? ? ? ? ? 8D
cmp [esp],009B0974
jne MGMReturn
//85 ? 0F ? ? ? ? ? 8B ? E8 ? ? ? ? 85 ? 0F ? ? ? ? ? 8B ? E8 ? ? ? ? 85 ? 0F ? ? ? ? ? 8B ? E8 ? ? ? ? 85 ? 74 ? 8B ? E8 ? ? ? ? 85 ? 0F ? ? ? ? ? 33
cmp [esp+4C],009CD38F
jne MGMReturn
//8D ? ? ? ? ? 8B ? ? 64 ? ? ? ? ? ? 59 5F 5E 5B 8B ? ? 33 ? E8 ? ? ? ? 83 ? ? 8B ? 5D C2 ? ? CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC 6A ? 68 ? ? ? ? 64 A1 ? ? ? ? 50 83 ? ? 53 55 56 57 A1 ? ? ? ? 33 ? 50 8D ? 24 ? 64
mov [esp+4C],009CE5BA
MGMReturn:
//8B ? ? ? B8 ? ? ? ? 8D ? ? ? ? ? ? 3B ? 74 ? 8B ? 85 ? 75 ? C2 ? ? B8 ? ? ? ? C2 ? ? CC CC CC CC CC CC CC CC CC CC CC 33 ? C3 CC CC CC CC CC CC CC CC CC CC CC CC CC 33
jmp 00743AD0
017A5338: //4Byte Scan address in Return [1st Result]
dd MGMHook
[Disable]
017A5338: //Same as above
dd 00743AD0 //Address in MGMReturn
DeAlloc(MGMHook)
Physical Godmode:
Code:
[Enable]
alloc(PGMHook,128)
label(Return)
PGMHook:
//85 C0 75 ? 55 FF ? ? ? ? ? 85 ? 74 ? 8B ? 8B ? 6A ? 8B ? FF ? C7 ? 24 ? ? ? ? ? ? ? ? 8D ? ? ? ? ? 89
cmp [esp],0129E44F
jne Return
mov [esp],0129F2E3 //Address in 2nd jne
Return:
jmp InterlockedDecrement
016DB0C4: //Above hook address
dd PGMHook
[Disable]
016DB0C4: //Same as above
dd InterlockedDecrement
dealloc(PGMHook)
Unlimited Attack:
Code:
[Enable]
alloc(UA,64)
alloc(Stop,2)
registersymbol(Stop)
CreateThread(UA)
UA:
mov eax,[01A723F0] //Character Base
mov [eax+0000ADC4],00 //Attack Count
cmp [Stop],1
jne UA
ret
[DISABLE]
Stop:
dd 1
Teleport v2:
Code:
[Enable]
Alloc(NewTeleportXY,256)
Alloc(Coord,8)
Label(TeleportEnd)
CreateThread(NewTeleportXY)
Coord:
dd -300 //X Coord
dd -300 //Y Coord
NewTeleportXY:
mov esi,[01A723F0] //Character base
lea ecx,[esi+04]
//8B ? ? ? ? 00 85 C0 74 ? 83 ? ? 74 ? 83 ? ? C3 33 C0 C3 CC CC CC CC CC CC CC CC CC CC 8B ? ? ? ? 00 85 C0 74 ? 83 ? ? 74 ? 83 ? ? C3 33 C0 C3 CC CC CC CC CC CC CC CC CC CC 8B ? 24 ? 56 50 8B ? 8B
call 012F1680
test eax,eax
je TeleportEnd
push [Coord+4] //Y Coord
push [Coord] //X Coord
push 00
mov ecx,eax
//8B ? 24 ? 8B ? ? 8B ? ? ? 8D ? ? 8B ? ? ? ? ? ? FF ? 85 C0 ? ? ? ? ? ? ? ? ? E8 [1st Result]
call 0135BFA0
TeleportEnd:
ret
[Disable]
DeAlloc(NewTeleportXY)
DeAlloc(Coord)
Block RECV Packet/Header:
Code:
[ENABLE]
alloc(BlockRecvHook,256)
label(RecvCheck)
label(BlockRecv)
label(End)
alloc(RecvList,512)
//Hook address: 00746B30
//8B ? 24 ? 3D ? ? ? ? 0F 8F ? ? ? ? 0F 84 ? ? ? ? 8D
BlockRecvHook:
mov eax,[esp+04] //Original Opcode @ Hook address
and eax,0FFFF
push edx
mov edx,RecvList
RecvCheck:
cmp eax,[edx]
je BlockRecv
cmp [edx],00
je End
add edx,4
jmp RecvCheck
BlockRecv:
xor eax,eax
End:
pop edx
cmp eax,00000300 //Opcode below Hook address
jmp 00746B39 //Address of jg
RecvList:
dd 0135 //All Chat UID Type D/C - GMS v147.2
dd 00 //This signifies the end of the list DO NOT REMOVE; add headers above it
017A52B0: //4 Bytes scan Hook address [1st Result]
dd BlockRecvHook
[DISABLE]
017A52B0: //Same as above
dd 00746B30 //Hook address
dealloc(BlockRecv)
dealloc(RecvList)
Chat Typer (Client Sided):
Code:
[Enable]
Alloc(Hook,128)
Alloc(Text,128)
Alloc(ChatType,4)
Alloc(CallNow,4)
Alloc(Send,4)
Label(Loop)
Createthread(Hook)
ChatType:
//0,1,2,3,4,5,6,7,8,9,11,13,14,15,16,17
dd 0 //Change this to one of ^ for different shit
CallNow:
db 1
Hook:
cmp [CallNow],1
jne Loop
push 0
push 0
push 0
push -1
push [ChatType]
push Text
mov ecx,[01A723F4] //GUIBase
//E8 ? ? ? ? 59 C3 83 ? ? E9 [address in call]
call 010D17A0
mov [CallNow],0
cmp [Send],1
jne Loop
ret
Loop:
push 1000
call Sleep
jmp Hook
Text:
db 'Fuck VIP' //Whatever you want it to say
[Disable]
Dealloc(Hook)
Fall Through Floor:
Code:
[ENABLE]
alloc(Hook,128)
label(Return)
label(FTF)
Hook:
cmp [esp],0135D1B9 //DC ? ? ? ? ? DF E0 F6 ? ? 7A ? 8B ? 24 ? 8B
jne Return
mov [esp],FTF
Return:
//DD ? ? C3 CC CC CC CC CC CC CC CC CC CC CC CC DD ? ? C3 CC CC CC CC CC CC CC CC CC CC CC CC DD
jmp 01479630
FTF:
mov [esp+58],0 //check esp stacks for value 00000002
jmp 0135D1B9 //Same as hook address
0189D2DC: //4Byte Scan address in Return
dd Hook
[DISABLE]
0189D2DC: //Same as above
dd 01479630 //Address in Return
dealloc(Hook)
Super Tubi (Faster than 'Extreme Tubi'):
Code:
[Enable]
alloc(SuperTubi,64)
alloc(Stop,2)
registersymbol(Stop)
CreateThread(SuperTubi)
SuperTubi:
mov eax,[01A723EC] //Server Base
mov [eax+000021E4],00 //Tubi Offset
//mov [eax+000021E8],00 //Global Delay Offset //Remove the '//' at the beginning if you also want 'Extreme Tubi'...
push 01 //Sleep delay
call Sleep
cmp [Stop],1
jne SuperTubi
ret
[Disable]
Stop:
dd 1
Spawn Point Control:
Code:
[Enable]
Alloc(SPControl,128)
Label(Return)
SPControl:
cmp [esp],01260A96 //51 8B ? 89 ? 24 ? 50 8D ? ? E8 ? ? ? ? 8B ? ? ? ? ? E8
jne Return
mov [esp+8],#1403 //X Coord
mov [esp+C],#294 //Y Coord
Return:
//6A FF 68 ? ? ? ? 64 A1 ? ? ? ? 50 81 ? ? ? ? ? 53 55 56 57 A1 ? ? ? ? 33 ? 50 8D ? 24 ? ? ? ? 64 ? ? ? ? ? 8B ? 8B ? 24 ? ? ? ? 8B ? 24 ? ? ? ? 8B
jmp 0135A650
01898F5C: //4byte Scan address in Return [5th Result]
dd SPControl
[Disable]
01898F5C: //Same as above
dd 0135A650 //Address in Return
DeAlloc(SPControl)
Mob XY Hook:
Code:
[ENABLE]
alloc(Hook,128)
label(MobXYHook)
label(Return)
alloc(MobX,12)
registersymbol(MobX)
alloc(MobY,12)
registersymbol(MobY)
Hook:
cmp [esp],0136C6DB //8D ? ? ? ? 00 E8 ? ? ? ? 8B ? ? ? ? 00 C7 ? ? ? ? ? DD
jne Return
mov [esp],MobXYHook
Return:
//56 8B ? 8D ? ? ? ? 00 E8 ? ? ? ? 8B ? ? ? ? 00 8B ? 24
jmp 0136C180
MobXYHook:
lea ecx,[esi+000007F0]
call 00520440
mov eax,[esi+000007F4]
mov [eax],00000001
fld qword ptr [esi+00000080]
lea ebx,[esi+00000080]
call 014B8BA0
fld qword ptr [esi+00000088]
mov [MobX],eax
call 014B8BA0
mov [MobY],eax
jmp 0136C6DB //Same as hook address
0189871C: //4byte scan address in Return
dd Hook
[Disable]
0189871C: //Same as above
dd 0136C180 //Address in Return
dealloc(Hook)
dealloc(MobX)
unregistersymbol(MobX)
dealloc(MobY)
unregistersymbol(MobY)
Full Mob Disarm:
Code:
[enable]
alloc(Hook,256)
label(Return)
label(Disarm)
Hook:
cmp [esp],009D1641 //8B ? 8B ? 8B ? ? FF ? 85 C0 0F 84 ? ? ? ? 8B ? ? 8B ? ? 8B ? ? ? ? ? 83
jne Return
mov [esp],Disarm
Return:
//8B ? ? ? ? ? 85 C0 74 ? 83 ? ? 74 ? 83 ? ? C3 33 C0 C3 CC CC CC CC CC CC CC CC cC CC 8B ? 24 ? B8 ? ? ? ? 8D ? 24 ? ? ? ? 3B ? 74 ? 8B ? 85 C0 75 ? C2 ? ? B8 ? ? ? ? C2 ? ? CC CC CC CC CC CC CC CC CC CC CC 8B
jmp 00984C60
Disarm:
mov edx,[eax]
mov ecx,eax
mov eax,[edx+08]
call eax
test eax,eax
jmp 009D1A14 //Address in je
017BAC98: //4byte Scan address in Return [4th/Last Result]
dd Hook
[disable]
017BAC98: //Same as above
dd 00984C60 //Address in Return
dealloc(Hook)
Generic No-Delay:
Code:
[Enable]
Alloc(GNDHook,128)
Label(Return)
GNDHook:
//85 ? 74 ? 81 ? ? ? ? ? ? ? ? ? 74 ? C7 ? ? ? ? ? ? ? ? ? C7 ? ? ? ? ? ? 8D ? ? ? ? ? E8 ? ? ? ? 8B ? ? ? ? ? E9 ? ? ? ? 8B ? ? ? ? ? 8B
cmp [esp],01269673
jne Return
mov [ebp-00002F0C],00000001
mov edx,[ebp-00002F0C]
mov [ebp-68],edx
Return:
//8B 81 ? ? 00 00 50 81 ? ? ? ? ? 51 E8 ? ? ? ? 83 ? ? F7 ? 1B ? F7 ? C3 CC CC CC 56
jmp 0135C1C0
01898ED4: //4Byte Scan address in Return [12th Result]
dd GNDHook
[Disable]
01898ED4: //Same as above
dd 0135C1C0 //Address in Return
Dealloc(GNDHook)
No Clouds/No Background (Use with CPU Hack):
Code:
[Enable]
Alloc(Hook,256)
Label(Exit)
Hook:
//8B ? ? 3B ? 74 ? 39 ? 74 ? 8B ? 3B ? 74 ? 8B ? ? D1 ? 3B ? 75
cmp [esp],009533A7
jne Exit
mov [esp],0095539D //Address in jmp
Exit:
jmp VariantClear
016DB33C: //Above hook address
dd Hook
[Disable]
016DB33C: //Same as above
dd VariantClear
DeAlloc(Hook)
Jump Down Anywhere:
Code:
[Enable]
alloc(Hook,128)
label(Return)
label(JDA)
Hook:
//8B ? ? 83 ? ? 39 ? 24 ? 7C ? 85 ? 74 ? 8B ? C7 ? ? ? ? ? ? ? ? ? E8 ? ? ? ? 6A
cmp [esp],01238617
jne Return
mov [esp],JDA
Return:
//56 8D ? ? ? ? 00 57 8D ? ? E8 ? ? ? ? 8B ? 8B ? E8 ? ? ? ? 8B ? 8B ? 24 ? 89 ? 5F 89 ? ? 5E C2 04 00 CC CC CC CC CC CC CC 56
//Result that has [lea esi,[ecx+0000Xxxx]] below it
jmp 006002A0
JDA:
mov eax,[eax+04]
add eax,05
cmp [esp+10],eax
jnge 01238649
test ebx,ebx
jmp 01238627 //Address below je
0189398C: //4byte Scan address in Return [4th Result]
dd Hook
[Disable]
0189398C: //Same as above
dd 006002A0 //Address in Return
dealloc(Hook)