2014年2月28日 星期五
2014年2月25日 星期二
2014年2月21日 星期五
2014年2月20日 星期四
2014年2月10日 星期一
2014年2月8日 星期六
HS BYPASS for 5.6.28.404 + 新楓之谷多開(167.1可用)
感謝 CCPLZ 論壇的 k8tems 大大釋出此 full HS Bypass for ehsvc 5.6.28.404,請低調使用...
Hello there, now thanks to k8tems of CCPLZ we now have a full HS Bypass, thus allowing the use of multi maple! This does not need an update, providing that HS is not updated!!! This is for version 5.6.28.404 of ehsvc.
2014年2月7日 星期五
TwMS V1.67.1_Else_月牙鏢
[ENABLE]
015610A0:
db 93 4D 6C 20 6C 62 03 D9 58 70 D9 CD 13 1E A0 8C 25 F5 64 94 95 64 15 86 E9 ED 9E CF 64 05 6C FE 53 9E 15 22
[DISABLE]
015610A0:
db 0A 68 E4 B1 40 23 8F 55 00 70 E9 8D 9E 31 45 6E 8C 29 72 F3 98 6F 19 92
TwMS v1.67.1_ICS_全圖打箱子
[Enable]
Alloc(FullMapBox, 64)
Label(ICSBack)
FullMapBox:
Cmp [Esp], 00C08431
Jne ICSBack
Mov [Esp], 00C08435
Jmp ICSBack
ICSBack:
Jmp IntersectRect
0154CBB0:
DD FullMapBox
[Disable]
0154CBB0:
DD IntersectRect
DeAlloc(FullMapBox)
TwMS v167.1_ICS_Unlimited Attack
[Enable]
Alloc(FuckingTubi, 256)
CreateThread(FuckingTubi)
FuckingTubi:
Push 00
Call Sleep
mov eax,[01532780] //
Test Eax, Eax
Je FuckingTubi
And [Eax+00009A58], 00
And [Eax+00009A68], 00
Jmp FuckingTubi
[Disable]
TwMS v1.67.1_ICS_穿越地板
[Enable]
Alloc(ICSFall, 512)
Label(PassFloor)
ICSFall:
Cmp [Esp],00CD57F4
Jne 00D90561
Mov [Esp], PassFloor
Jmp 00D90561
PassFloor:
jmp 00CD57F4+28
012D2FB4:
DD ICSFall
[Disable]
012D2FB4:
DD 00D90561
TwMS v1.65.1_ICS_全圖打怪&無延遲
[Enable]
Alloc(NDD, 512)
Label(ND)
Label(NND)
Label(NND1)
Label(NND2)
NDD:
Cmp [Esp+70], 00C2DA63
Je NND
Cmp [Esp+124], 00729568
Je NND1
jmp 005AE62E
NND:
Mov [Esp+6c], ND
Jmp 005AE62E
NND1:
Mov [Esp+124], NND2
Jmp 005AE62E
NND2:
lea edi,[esi+000007DC]
push edi
lea ecx,[esi+000007F4]
Add Esp, 04
push esi
mov esi,ecx
mov eax,[0153e3b8]
mov eax,[eax+00001278] //Map X
push eax
lea ecx,[esi+0c]
call 0042CCFF
mov eax,[0153e3b8]
mov eax,[eax+0000127C]
push eax
mov ecx,esi
call 0042CCFF //55 8b ec 83 ec 0c ff ?? ?? ?? ?? 01 a1
mov eax,esi
pop esi
Jmp 00729568 + 12
ND:
mov [ebp-00002E78],eax
mov eax,[ebp-00002E78]
mov [ebp-000000A0],eax
mov [ebp-68],01
jmp 00c2ec08
0120E950:
dd NDD
[Disable]
0120E950:
DD 005AE62E
TwMS v1.67.1_ICS_全圖打怪&無延遲
[Enable]
Alloc(NDD, 512)
Label(ND)
Label(NND)
Label(NND1)
Label(NND2)
NDD:
//89 85 ? ? ff ff 8b 85 ? ? ff ff 89 85 ? ? ff ff c6 45 ? ? 8b 8d ? ? ff ff e8 ? ? ? ff 8b c8
Cmp [Esp+70], 00C2DE79
Je NND
//8d be ? ? 00 00 57 8d 8e ? ? 00 00 e8 ? ? ? ff 68
Cmp [Esp+124], 00729619
Je NND1
jmp 005AE6B2
NND:
Mov [Esp+6c], ND
Jmp 005AE6B2
NND1:
Mov [Esp+124], NND2
Jmp 005AE6B2
NND2:
lea edi,[esi+000007DC]
push edi
lea ecx,[esi+000007F4]
Add Esp, 04
push esi
mov esi,ecx
mov eax,[01532780]
mov eax,[eax+0000AC84] //Map X
push eax
lea ecx,[esi+0c]
call 0042CCFF
mov eax,[01532780]
mov eax,[eax+0000AC88]
push eax
mov ecx,esi
call 0042CCFF //55 8b ec 83 ec 0c ff ?? ?? ?? ?? 01 a1
mov eax,esi
pop esi
Jmp 00729619 + 12
ND:
//e8 ? ? ? ff 89 85 ? ? ff ff 8b 85 ? ? ff ff 89 85 ? ff ff ff e9
mov [ebp-00002E78],eax
mov eax,[ebp-00002E78]
mov [ebp-000000A0],eax
//cmp dword ptr [ebp-68],00
mov [ebp-68],01
jmp 00c2f297
01210020:
dd NDD
[Disable]
//b9 ? ? ? ? e9 ? ? ? ff 33 c0 c3 33 c0 c3 33 c0 c3 8a ? ? ? 00 00 c3
01210020:
DD 005AE6B2
TwMS v1.66.2_CRC_物品製作&挖礦無延遲
[Enable]
//Bypass Timestamp
00C05493: // 7C ?? 39 9E ?? ?? 00 00 7F 03
db 90 90
//Bypass Slash-limit
00C0549B:
db EB
//Bypass time between mines
00C0FAC5: // 75 0E 57 6A
db 90 90
[Disable]
00C05493:
db 7C 31
00C0549B:
db 7F
00C0FAC5:
db 75 0e
//Bypass Timestamp
00C05493: // 7C ?? 39 9E ?? ?? 00 00 7F 03
db 90 90
//Bypass Slash-limit
00C0549B:
db EB
//Bypass time between mines
00C0FAC5: // 75 0E 57 6A
db 90 90
[Disable]
00C05493:
db 7C 31
00C0549B:
db 7F
00C0FAC5:
db 75 0e
TwMS v1.52.1_CRC_物品製作&挖礦無延遲
[ENABLE]
00984B5E: //Bypass Timestamp
DB 90 90
00984B66: //Bypass Slash-limit
DB EB
0098F69E: //Bypass time between mines
DB 90 90
[DISABLE]
00984B5E: //[00F6C8DC+8290]
DB 7C 41
00984B66: //[00F6C8DC+8294]
DB 7F
0098F69E:
DB 75 0E
00984B5E: //Bypass Timestamp
DB 90 90
00984B66: //Bypass Slash-limit
DB EB
0098F69E: //Bypass time between mines
DB 90 90
[DISABLE]
00984B5E: //[00F6C8DC+8290]
DB 7C 41
00984B66: //[00F6C8DC+8294]
DB 7F
0098F69E:
DB 75 0E
TwMS v1.67.1_ICS_全圖吸物+不斷線
[enable]
alloc(ItemVac,256)
label(SetItemXY)
alloc(PickNoDc,64)
PickNoDc:
cmp [esp], 00CD2DA9 // 85 C0 74 ?? 8B 06 5F
jne 00AACEA2 // 55 8B EC 83 EC ?? 53 8B 1D ?? ?? ?? 00 56 8B F1 57
add esp, 04
call 00AACEA2
xor eax,eax
jmp 00CD2DA9
ItemVac:
cmp [esp], 0055AE6E // 85 c0 75 ?? 83 4d fc ff 8d 4d ?? e8 ?? ?? ff ff 83 7d f0 00 0f 85
je SetItemXY
cmp [esp], 00559F1E // 85 C0 74 07 39 5D ?? 75
jne PtInRect
xor eax,eax
inc eax
ret 000c
SetItemXY:
mov eax,[esp+08]
mov [ebx],eax
mov eax,[esp+0C]
mov [ebx+04],eax
xor eax,eax
inc eax
ret 000c
0154cb8c:
dd ItemVac
012B1034:
DD PickNoDc
[disable]
0154cb8c:
dd PtInRect
012B1034:
DD 00AACEA2
dealloc(ItemVac)
dealloc(PickNoDc)
TwMS v1.44_Else_自動登入
[enable]
Registersymbol(xLogin)
Alloc(xLogin,256)
CreateThread(xLogin)
label(Login1)
label(Login11)
label(Login2)
label(xLoginRet)
xLogin:
cmp [00CFCB74],0 //防無數值時會卡住
je xLoginRet
mov eax,[00CFCB74] //登入畫面Offset
mov eax,[eax+190]
cmp eax,0 //0=帳密登入畫面
je xLoginRet
cmp eax,1 //1=伺服器與頻道登入畫面
je Login1
cmp eax,2 //2=人物登入畫面
je Login2
xLoginRet:
jmp xLogin
ret
Login1:
mov ebx,[00CFC1AC] //伺服器
mov [ebx+A0],16 //7=鯨魚號(自訂更改處) 15綠水靈
cmp [00cc87b8],0 //防頻道無數值時會卡住
je Login11
mov ebx,[00CFC1B0] //頻道
mov [ebx+F8],5 //5=6頻(自訂更改處)
Login11:
jmp xLogin
Login2:
mov ecx,[00CFCB74] //人物位置
mov [ecx+1C0],1 //0=第1支人物,1=第2支人物,2=第3支人物(自訂更改處)
ret //登入遊戲畫面,跳開,防斷
[disable]
TwMS v1.44_ICS_疾風六合一
[ENABLE]
alloc(Main,1024)
registersymbol(GodMode)
alloc(GodMode,4)
Label(PGod)
Label(OhMyGod)
registersymbol(StupidMons)
alloc(StupidMons,4)
alloc(StupidMons,4)
label(StupidMonster)
label(StupidMonsterMain)
registersymbol(RLCtrlW)
alloc(RLCtrlW,4)
registersymbol(RLCtrlJ)
alloc(RLCtrlJ,4)
label(JumpControl)
label(JumpControlMain)
label(WalkControl)
label(WalkControlMain)
label(JumpRet)
label(WalkRet)
registersymbol(MobNoKB)
alloc(MobNoKB,4)
Label(HookESP)
Label(HookFun)
registersymbol(ItemList)
alloc(ItemList,204800)
Label(HookItem)
Label(HookItemFun)
Label(HookOr1)
Label(HookOr2)
Label(Filter)
Label(Skip)
Label(End)
registersymbol(MobKami)
alloc(MobKami,4)
Label(MobKamiCheck)
Label(MobKamiFun)
//==============
GodMode: //無敵 0關 1開
DD 0
StupidMons: // 笨怪 0關 1開
DD 0
MobNoKB: // 不退怪 0關 1開
DD 0
RLCtrlW: // 走 2右3左 4關
DD 4
RLCtrlJ: // 跳 2右3左 4關
db 4
MobKami: // 怪物順移 0關 1開
DD 0
//==============
ItemList:
//請在以下加入欲過濾名單
//請在以上加入欲過濾名單
DD 00
//==============
00CD9824:
DD Main
//==============
Main:
Cmp [Esp+1C], 0087E9E2 //e8 ?? ?? ?? ff f6 80 ?? ?? 00 00 02 74 ?? 89
Je PGod //PG無敵
cmp [esp+1c],008D8E52 //33 d2 b9 60 ea 00 00 f7 f1
je StupidMonster //笨怪
cmp [esp+1c],008D9E69 // 6a 03 59 89 47 20 33 d2 f7 f1 c7 47 OK!
je JumpControl //控怪 跳
cmp [esp+1c],008D9A44 // 6a 03 59 89 47 20 33 d2 f7 f1 89 5f OK!
je WalkControl //控怪
CMP DWORD PTR DS:[ESP+34],005DFF0F //83 7d 3c 01 75 ?? 8b cf e8
JE HookESP //怪不擊退
CMP DWORD PTR [ESP+34],005ECEE1 //66 8b 57 04 8b ce e8 ?? ?? ?? ff 98 89
Je MobKamiCheck //怪物順移
CMP DWORD PTR DS:[ESP+64],004DBA27 //8b 45 e4 8b 75 b0
JE HookItem //物品過濾
jmp 006CC237
//==============
PGod:
Mov [Esp+1C], OhMyGod
Jmp 006CC237
StupidMonster:
mov [esp+1c],StupidMonsterMain
jmp 006CC237
JumpControl:
mov [esp+1c],JumpControlMain
jmp 006CC237
WalkControl:
mov [esp+1c],WalkControlMain
jmp 006CC237
HookESP:
MOV DWORD PTR DS:[ESP+34],HookFun
JMP 006CC237
MobKamiCheck:
Cmp [MobKami],1
Jne 006CC237
Jmp MobKamiFun
HookItem:
MOV DWORD PTR DS:[ESP+64],HookItemFun
JMP 006CC237
//-------------------------
OhMyGod:
Cmp [GodMode],1
Jne 0087E9E2
Mov Ecx, [Ebp+58]
Test Ecx, Ecx
Je 0087EF57 //81 e1 ?? ?? 00 00 81 c1 ?? ?? ?? ?? 8b c1 8d 8b ?? ?? 00 00 50 e8
And Ecx, 3
Inc Ecx
Mov [Ebp+58], Ecx
Mov Ecx, [Ebp+4C]
Push 05
Lea Eax, [Ebp+2C]
Push Eax
Mov [Ebp+60], 00002710
Jmp 0087EF83 //e8 ?? ?? ?? ff 8b 70 04 8d 4d ?? e8 ?? ?? ?? ff 3b f7 0f 84
//---------------------------
WalkControlMain:
push 03
pop ecx
cmp [RLCtrlW],4
je WalkRet
mov eax,[RLCtrlW]
mov [edi+20],eax
jmp 008D9A4A
WalkRet:
mov [edi+20],eax
jmp 008D9A4A
//---------------------------
JumpControlMain:
push 03
pop ecx
cmp [RLCtrlJ],4
je JumpRet
mov eax,[RLCtrlJ]
mov [edi+20],eax
jmp 008D9E6F
JumpRet:
mov [edi+20],eax
jmp 008D9E6F
//---------------------------
StupidMonsterMain:
cmp [StupidMons],1
jne 008D8E52
xor edx,edx
mov ecx,0000ea60
//div ecx
lea ecx,[esi+000002b8]
//add edx,0002bf20
push edx
call 004263d6
mov ebx,[ebp+0c]
lea edi,[esi+000002a8]
cmp [edi],ebx
je 008D8E85
jmp 008D8E7A
//-------------------------
HookFun:
cmp [MobNoKB],1
jne 005DFF0F
CMP DWORD PTR SS:[EBP+3C],1
jnz 005dff25
mov ecx,edi
call 005cad17
JMP 005DFF21
//-------------------------
MobKamiFun:
push edx
mov eax,[esp+34]
aDD eax,84
mov edx,eax
mov eax,[esp+30]
movsx eax,word ptr [eax+10]
sub edx,eax
mov [esp+10],edx
mov [esp+24],edx
pop edx
jmp 006CC237
//-------------------------
HookItemFun:
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV ESI,DWORD PTR SS:[EBP-50]
MOV BYTE PTR DS:[ESI+1C],AL
CMP EAX,1
JE HookOr1
CMP EAX,2
JE HookOr1
XOR AL,AL
JMP HookOr2
HookOr1:
MOV AL,1
HookOr2:
MOV BYTE PTR DS:[ESI+1D],AL
MOV DWORD PTR DS:[ESI+20],EDI
MOV EDI,DWORD PTR SS:[EBP+8]
MOV ECX,EDI
call 00408871
MOVZX EAX,AL
MOV ECX,EDI
MOV DWORD PTR DS:[ESI+30],EAX
call 004088cd
PUSH ESI
MOV ESI,ItemList
Filter:
CMP EAX,C350
JLE End
CMP DWORD PTR DS:[ESI],0
Je End
CMP DWORD PTR DS:[ESI],EAX
Je Skip
ADD ESI,4
JMP Filter
Skip:
XOR EAX,EAX
End:
POP ESI
MOV ECX,EDI
MOV [ESI+34],EAX
JMP 004DBA62
[DISABLE]
00CD9824:
DD 006CC237
dealloc(Main)
unregistersymbol(GodMode)
dealloc(GodMode,4)
unregistersymbol(StupidMons)
dealloc(StupidMons)
unregistersymbol(MobNoKB)
dealloc(MobNoKB)
unregistersymbol(ItemList)
dealloc(ItemList,204800)
unregistersymbol(MobKami)
dealloc(MobKami)
TwMS v1.46.1_ICS_地雷無延遲+地雷原地掉
[enable]
registersymbol(Landmine01)
alloc(Landmine01,256)
label(MainStart)
label(Fake1)
label(Fake2)
Landmine01:
cmp [esp],00872F85
jne 008EB848
mov [esp],MainStart
jmp 008EB848
MainStart:
test eax,eax
je Fake1
xor ebx,ebx
jmp Fake1
Fake1:
xor edi,edi
cmp [esi+000064C0],edi
jne Fake2
cmp ebx,edi
call 008C64EC
jg 00872FD5
jmp 00872FDB
Fake2:
cmp ebx,[esi+000064C0]
call 008C64EC
sub eax,00000000
jmp 0087304B
00BC7134:
dd Landmine01
[disable]
00BC7134:
dd 008EB848
TwMS v1.44.1_ICS_地雷瞬爆
[ENABLE]
alloc(Chk,256)
label(Bst)
00ba449c:
DD Chk
Chk:
cmp [esp],0086A07C
jne 006ea0b6
jmp Bst
Bst:
push 60
mov eax,00a03696
call 0097b8e9
mov esi,ecx
xor edi,edi
mov [ebp-14],edi
cmp [esi+000001a0],edi
jne 006ea750
mov ecx,[esi+000001a8]
cmp ecx,edi
je Bst+2e
call 00457dfe
mov ecx,esi
call 006e6186
call 008c64ec
add eax,103E8
JMP 006EA0F0
[DISABLE]
00ba449c:
dd 006ea0b6
dealloc(Chk)
TwMS v1.46.1_CRC_快捷鍵水量顯示
[enable]
registersymbol(Main)
alloc(Main,512)
registersymbol(Shift)
alloc(Shift,4)
registersymbol(Ins)
alloc(Ins,4)
registersymbol(Home)
alloc(Home,4)
registersymbol(PageUp)
alloc(PageUp,4)
registersymbol(Ctrl)
alloc(Ctrl,4)
registersymbol(Del)
alloc(Del,4)
registersymbol(End)
alloc(End,4)
registersymbol(PageDown)
alloc(PageDown,4)
registersymbol(Time)
alloc(Time,4)
Label(Return)
Label(Z1)
Label(Z2)
Label(Z3)
Label(Z4)
Label(Z5)
Label(Z6)
Label(Z7)
Label(Z8)
Main:
inc [Time]
cmp [Time],1
je Z1
cmp [Time],2
je Z2
cmp [Time],3
je Z3
cmp [Time],4
je Z4
cmp [Time],5
je Z5
cmp [Time],6
je Z6
cmp [Time],7
je Z7
cmp [Time],8
je Z8
jmp Return
Z1:
mov [Shift],eax
jmp Return
Z2:
mov [Ins],eax
jmp Return
Z3:
mov [Home],eax
jmp Return
Z4:
mov [PageUp],eax
jmp Return
Z5:
mov [Ctrl],eax
jmp Return
Z6:
mov [Del],eax
jmp Return
Z7:
mov [End],eax
jmp Return
Z8:
mov [PageDown],eax
mov [Time],0
jmp Return
Return:
mov [ebx+08],eax
jmp 007E3E35
007E3DAC:
jmp Main
[disable]
007E3DAC:
mov [ebx+08],eax
jmp 007E3E35
TwMS v1.47.3_Else_自動按鍵
[Enable]
Alloc(SendBoard, 04)
RegisterSymbol(SendBoard)
alloc(Check,4)
registersymbol(Check)
alloc(SendBoardThread,128)
registersymbol(SendBoardThread)
CreateThread(SendBoardThread)
label(Return)
SendBoard:
dd 00 //EX: Ctrl
SendBoardThread:
PUSH 03 // 延遲豪秒
Call Sleep
Cmp [SendBoard], 00 //開關
Je SendBoardThread
cmp [Check],12c
jge Return
PUSHAD
Mov Eax, [00dad720]
mov [Eax+20D4],1
PUSH [SendBoard]
MOV EBX,[00DAD9B4]
MOV ECX,EBX
mov [Eax+20D4],0
//6A 5C B8 ?? ?? ?? 00 E8 ?? ?? ?? 00 8B F1 8B 4D 08
CALL 008F54E7
inc [Check]
POPAD
JMP SendBoardThread
RETN
Return:
mov [SendBoard],0
mov [Check],0
JMP SendBoardThread
RETN
[Disable]
TwMS v1.46.3_Else_自動換頻
[Enable]
RegisterSymbol(OnOff)
Alloc(OnOff, 04)
Alloc(MyThread, 64)
CreateThread(MyThread)
Label(Change)
Label(ChannelRet)
MyThread:
Push 09
Call dword [00D3E5DC] //Sleep
Cmp [OnOff], 00 //開關
Je MyThread
Push Eax
Mov Eax, [00D35C20]
Cmp [Eax+2C], 00
Pop Eax
Je MyThread
Pushad
Mov Edx, [00D44F80] //目前頻道
Inc Edx
Cmp Edx, 13 //頻道最大值19
Je ChannelRet
Change:
Mov Eax, [00D3169C]
Mov [Eax+41C], 00000009//可用其他停止攻擊的方法取代
Cmp [Eax+490], 00000000
Jne Change
Xor Eax, Eax
Push Edxx
Mov Ecx, 1647CF1C
Call 004F3837
Popad
Mov [OnOff], 00 //關
Jmp MyThread
Ret
ChannelRet:
And Edx, 00
Jmp Change
[Disable]
TwMS v1.46.3_Else_自動補品
[Enable]
RegisterSymbol(OnOff)
Alloc(OnOff, 04)
RegisterSymbol(UseItem)
Alloc(UseItem, 04)
RegisterSymbol(ItemNumber)
Alloc(ItemNumber, 04)
RegisterSymbol(ItemSpace)
Alloc(ItemSpace, 128)
CreateThread(ItemSpace)
UseItem:
dd 001E8486 //活力藥水
ItemNumber:
dd 6 //背包第六位
ItemSpace:
Push 09
Call dword [00D3E5DC]
Cmp [OnOff],00
Je ItemSpace
pushad
push [UseItem]
push [ItemNumber]
mov ecx,00D42F00
call 00930c04
Popad
Mov [OnOff], 00
Jmp ItemSpace
[Disable]
TwMS v1.46.3_Else_自動點數
[Enable]
RegisterSymbol(OnOff)
Alloc(OnOff, 04)
Alloc(MyThread, 64)
CreateThread(MyThread)
OnOff:
DD 00
MyThread:
Push 500
Call dword ptr [00DBAE7C] //Sleep
Cmp [OnOff], 00 //開關
Je MyThread
Pushad
Push 00000080
//60 str
//80 dex
//100 int
//120 luc
Mov Eax, 00000080
Mov Ebx, 00000000
Mov Ecx, 00DBFA60
Mov Esi, Ecx
Mov Edi, Ebx
Call 0099BFD0
Popad
Mov [OnOff], 00 //開關
Jmp MyThread
Ret
[Disable]
TwMS v1.46.3_CRC_怪物數量低於N不攻擊
[Enable]
RegisterSymbol(StopCount)
Alloc(StopAttack, 32)
Alloc(StopCount, 4)
StopCount:
DD 01 //怪物數量
StopAttack:
mov esi,ecx
Push eax
Mov Eax,[00D35C24] //Pointer
Mov Eax,[Eax+24] //Offest
Sub Eax,01
Cmp Eax,[StopCount]
Pop eax
Jle 00480B5C //無法攻擊
jmp 00480B27
00480B1C:
Jmp StopAttack
[disable]
00480B05:
mov esi,ecx
cmp dword ptr [esi+000020C8],00
DeAlloc(StopCount, 4)
DeAlloc(StopAttack, 32)
UnRegisterSymbol(StopCount)
TwMS v1.46.3_CRC_快速恢復MP 8.5秒
[Enable]
registersymbol(FastRecoverMP)
alloc(FastRecoverMP,128)
registersymbol(MPCounter)
alloc(MPCounter,4)
registersymbol(SetMPCounter)
alloc(SetMPCounter,4)
label(DoNormal)
label(MPCheck)
SetMPCounter:
dd 5 //次數
FastRecoverMP:
cmp [MPCounter],0
je MPCheck
dec [MPCounter]
cmp eax,00000001
jmp 009218CB
MPCheck:
cmp eax,00002710
jna DoNormal
push eax
mov eax,[SetMPCounter]
dec eax
mov [MPCounter],eax
pop eax
jmp DoNormal
DoNormal:
cmp eax,00002710
jmp 009218CB
009218c6:
jmp FastRecoverMP
[Disable]
009218c6:
cmp eax,00002710
dealloc(FastRecoverMP)
dealloc(MPCounter)
dealloc(SetMPCounter)
unregistersymbol(FastRecoverMP)
TwMS v1.46.3_ICS_撿物不斷
[Enable]
alloc(PickNoDc,64)
label(PickNoDcSetItemXY)
00C335B8:
DD PickNoDc
PickNoDc:
cmp [esp],00942BF4
jne 0094F4BA
mov [esp],PickNoDcSetItemXY
jmp 0094F4BA
PickNoDcSetItemXY:
test eax,eax
jmp 00942C02
[Disable]
00C335B8:
DD 0094F4BA
TwMS v1.47.2_ICS_龍捲風無延遲
[ENABLE]
RegisterSymbol(Hook)
Alloc(Hook, 256)
RegisterSymbol(X1)
Alloc(X1, 4)
Label(Ics1)
Label(Ics2)
Label(Ics3)
Label(Ics1Je)
Label(Ics2Move)
Label(Ics3Move)
Hook:
cmp [esp],0042f977
jne 0051A625
mov [esp],Ics1
jmp 0051A625
Ics1:
test eax,eax
je Ics1Je
mov eax,esi
pop esi
cmp [esp],005F7FA8
je Ics2Move
ret
Ics1Je:
xor eax,eax
pop esi
cmp [esp],005F7FA8
je Ics2Move
ret
Ics2Move:
mov [esp],Ics2
ret
Ics2:
mov [ebp-30],eax
test eax,eax
xor eax,eax
call 009d8481
cmp [esp],008B580F
je Ics3
ret
Ics3:
mov [esp],Ics3Move
ret
Ics3Move:
MOV [X1],1
mov eax,[ebp+68]
jmp 008B5832
00BBA208:
dd Hook
[DISABLE]
00BBA208:
dd 0051A625
DeAlloc(Hook)
UnRegisterSymbol(Hook)
TwMS v1.47.2_ICS_龍捲風不消失
[Enable]
Alloc(NoDisappearanceICS, 64)
Label(NoDisappearance)
00C2F4E8:
DD NoDisappearanceICS
NoDisappearanceICS:
Cmp [Esp+40], 008B583A
Jne 008F7512
Mov [Esp+40], NoDisappearance
Jmp 008F7512
NoDisappearance:
test eax,eax
je 008B5854
lea ecx,[ebp-34]
call 0088FE49
push [ebp+6C]
lea ecx,[esi+000043B8]
//call 0089139A
Jmp 008B5854
[Disable]
00C2F4E8:
DD 008F7512
DeAlloc(NoDisappearanceICS)
TwMS v1.47.2_ICS_怪物無反應+定怪
[enable]
RegisterSymbol(NoReaction)
Alloc(NoReaction, 64)
RegisterSymbol(TMDMove)
Alloc(TMDMove, 128)
RegisterSymbol(X1)
Alloc(X1, 4)
Label(NoReactionStart)
Label(Fake1)
Label(Fake2)
NoReaction:
cmp [esp+14],00601A9B
jne 008F7580
mov [esp+14],NoReactionStart
jmp 008F7580
NoReactionStart:
xor edx,edx
jmp 00601AA7
TMDMove:
cmp [esp],0094B8CC
jne 005FA699
add esp,04
call 005FA699
test eax,eax
je Fake1
mov eax,[esi+18]
cmp eax,ebx
je Fake1
lea edi,[eax-04]
jmp Fake2
Fake1:
xor edi,edi
jmp Fake2
Fake2:
cmp edi,ebx
je 0094B8FB
mov ecx,edi
jmp 0094B8E9
00C2F4E4:
dd NoReaction
00BC4A44:
dd TMDMove
[disable]
00C2F4E4:
dd 008F7580
00BC4A44:
dd 005FA699
TwMS v1.47.3_ICS_原地復活
[Enable]
CreateThread(Hook)
Alloc(Hook, 256)
Label(ICSEntry)
Label(Zombie)
Label(ICSRet)
Hook:
Mov Eax, [00AEB098]
Mov [ICSRet], Eax
Mov [00AEB098], Zombie
Ret
Zombie:
Cmp [Esp+14], 004DB792
Jne [ICSRet]
Mov [Esp+14], 008BFCCF
Jmp [ICSRet]
ICSRet:
DD 00
DD 00
Ret
[Disable]
TwMS v1.47.4_ICS_無呼吸馬上換頻
[Enable]
RegisterSymbol(NoBreathToChangeNoDC)
Alloc(NoBreathToChangeNoDC,256)
Label(MainIcs)
Label(FakeAdd1)
Label(Return)
Label(ReturnX)
Label(MainStart)
NoBreathToChangeNoDC:
Cmp [Esp],0042F977
Jne 0051A643
Mov [Esp],MainIcs
Jmp 0051A643
MainIcs:
test eax,eax
je Return
mov eax,esi
pop esi
cmp [esp],004FE28E
jne ReturnX
mov [esp],MainStart
jmp ReturnX
Return:
xor eax,eax
pop esi
cmp [esp],004FE28E
jne ReturnX
mov [esp],MainStart
jmp ReturnX
ReturnX:
ret
MainStart:
cmp eax,edi
je FakeAdd1
test byte ptr [eax+000001bc],10
je FakeAdd1
push edi
push edi
push edi
push edi
push edi
push edi
push ecx
mov eax,esp
mov [ebp+08],esp
push 00000102
jmp 004fe272
FakeAdd1:
push 43
lea ecx,[ebp-1c]
call 00633c5b
push [ebp+08]
lea ecx,[ebp-1c]
mov [ebp-04],edi
call 004127b4
call 0091c804
push ebp //--
jmp 004FE2CC
00BBA208: // 1/50
DD NoBreathToChangeNoDC
[Disable]
00BBA208:
DD 0051A643
DeAlloc(NoBreathToChangeNoDC)
TwMS v1.47.4_CRC_攻擊模式控制
[ENABLE]
Registersymbol(AtkMode)
Alloc(AtkMode, 04)
AtkMode:
DD 00
006B8B73:
Mov Eax, [AtkMode] //00 上揮 01 下揮 02 砍 03 刺
Nop
[DISABLE]
006B8B73:
DB 8B 45 18 6B C9 06
DeAlloc(AtkMode)
UnRegistersymbol(AtkMode)
TwMS v1.48.1_ICS_另類全圖打
[enable]
alloc(MySetxyHook,128)
label(SetNewxyScript)
MySetxyHook:
cmp [esp+08],0045D470
jne VariantClear
mov [esp+08],SetNewxyScript
jmp VariantClear
SetNewxyScript:
pop ecx
mov [ebx+000003F8],edi
lea eax,[ebp+00]
push eax
lea ecx,[ebx+000022BC]
push 0045D488
push esi
push edi
mov edi,[esp+0C]
Mov esi, [00E05D1C]
Mov esi, [esi+0028]
Mov esi, [esi+0004]
Mov esi, [esi+0130]
Mov esi, [esi+0024]
Mov esi, [esi+0058]
mov [edi],esi
mov [esp+0C],esi
push [edi]
mov esi,ecx
lea ecx,[esi+0C]
call 00426C55
Mov ecx, [00E05D1C]
Mov ecx, [ecx+0028]
Mov ecx, [ecx+0004]
Mov ecx, [ecx+0130]
Mov ecx, [ecx+0024]
Mov ecx, [ecx+005c]
mov [edi+04],ecx
push 004314A9
ret
00B2728C:
dd MySetxyHook
[DISABLE]
00B2728C:
dd VariantClear
TwMS v1.48.1_ICS_CSMouseFly
[Enable]
registersymbol(CSX)
alloc(CSX,1024)
registersymbol(CSXon)
alloc(CSXon,4)
registersymbol(Ics_CSX)
alloc(Ics_CSX,128)
label(HookCSX)
label(CSXReturnX)
label(CSXReturnY)
Label(MouserX)
Label(MouserY)
CSXon: //0關 1滑鼠移動
dd 1
Ics_CSX:
push ebp
mov ebp,esp
push ebx
push esi
mov esi,[ebp+08]
xor ebx,ebx
push edi
cmp [esi+14],ebx
je HookCSX
jmp 00975DD6 //8B 46 14 3B C3 75 0A 68 03 40
HookCSX:
mov ecx,[00e06250] //更新
call 00975da1 //更新
mov [ebp+08],eax
fild dword ptr [ebp+08]
mov edi,[ebp+0c]
fdiv qword ptr [00bfc338] //更新
fstp qword ptr [ebp+34]
cmp edi,ebx
je 00975e54 //更新
fld qword ptr [esi+3c]
push ecx
fsub qword ptr [esi+1c]
push ecx
fmul qword ptr [ebp+34]
fadd qword ptr [esi+1c]
fstp qword ptr [esp]
call 004e8cee //更新
pop ecx
pop ecx
jmp CSX
CSXReturnX:
mov [edi],eax
mov edi,[ebp+10]
jmp 00975E57 //AOB-1-3b fb dd 46 44
CSXReturnY:
Mov [Edi], Eax
Mov Edi, [Ebp+14]
Cmp Edi, Ebx
Jmp 00975E7A //AOB-1+23
CSX:
Cmp [CSXon], 1
Je MouserX
jmp CSXReturnX
MouserX:
Push Eax
Mov Eax, [00e016dc] //Char PID 8b 0d 8d 45 50 8d 45 50 e8
Mov Eax, [Eax+22f4] //6A FF FF B6 ?? ?? ?? ?? 8B CE E8
Cmp Esi, Eax
Pop Eax
Jne CSXReturnX
Push Eax
Mov Eax, [00e0624c] //滑鼠點擊 8b 0d ?? ?? ?? ?? 57 e8 ?? ?? ?? ?? 8d 45
Mov Eax, [Eax+978]
Mov Eax, [Eax+84] //X-8C
Mov [Edi], Eax
Pop Eax
Mov Edi, [Ebp+10]
//Cmp Edi, Ebx
Je MouserY
Jmp CSXReturnX+5
MouserY:
Push Eax
Mov Eax, [00e016dc] //Char PID
Mov Eax, [Eax+22f4]
Cmp Esi, Eax
Pop Eax
Jne CSXReturnY
Push Eax
Mov Eax, [00e0624c] //滑鼠點擊
Mov Eax, [Eax+978]
Mov Eax, [Eax+88] //Y
//Jmp CSXReturnY
Mov [Edi], Eax
Pop Eax
Mov Edi,[Ebp+14]
Jmp CSXReturnY+5
00C7B7F8:
DD Ics_CSX
[Disable]
00C7B7F8:
DD 00975DC6 //55 8B EC 53 56 8B 75 08 33 DB //aob-1
unregistersymbol(CSX)
dealloc(CSX)
TwMS v1.48.1_ICS_SSMouseFly
[Enable]
Alloc(KamiVacICS, 512)
Alloc(MobXY, 08)
Label(KamiVac)
Label(Kami)
KamiVacICS:
Cmp [Esp+3C], 00929FCA
Jne 00927EC5
Mov [Esp+3C], KamiVac
Jmp 00927EC5
KamiVac:
mov ecx,ebx
Call Kami
Jmp 00929FD1
Kami:
push ebp
mov ebp,esp
sub esp,1C
push ebx
push esi
push edi
mov esi,ecx
call 0094CEF2
mov [ebp-10],eax
lea eax,[ebp-1C]
lea ecx,[esi+0000234C]
push eax
call 00431874
Mov Eax, [00E0624C]
Cmp [Eax+09C8], 0C
Jne 00925AFF
Mov Eax, [00E0624C]
Mov Eax, [Eax+0978]
Mov Ebx, [Eax+008C]
Mov Eax, [Eax+0090]
Mov Ecx, [00E016DC]
Mov [Ecx+5E78], Ebx
Mov [Ecx+5E7C], Eax
xor ebx,ebx
Jmp 00925840
00C7775C:
DD KamiVacICS
[Disable]
00C7775C:
DD 00927EC5
DeAlloc(KamiVacICS)
TwMs v1.48.1_ICS_吸飛怪
// AoB: 89 45 10 DB 45 10 DC 56 28 DF E0 F6
[Enable]
Alloc(FlyMobVac, 512)
Label(My97A22D)
Label(My97A3EA)
FlyMobVac:
push ebp
mov ebp,esp
sub esp,0C
push ebx
push esi
mov esi,ecx
cmp dword ptr [esi+000002A8],03
push edi
mov edi,[00E05C78]
JE My97A22D
mov eax,[esi+000002A8]
cmp eax,04
jne My97A3EA
lea ecx,[edi+1C]
fild dword ptr [ecx]
Mov Ebx, [00E098B0]
Mov Edx, [Ebx+0F90]
Mov Ebx, [Ebx+0F94]
Add Edx, 40
Mov [Ecx], Edx
Mov [Ecx+04], Ebx
Mov [Ecx+08], Edx
Mov [Ecx+0C], Ebx
Push 0097A324
Ret
My97A22D:
Push 0097A22D
Ret
My97A3EA:
Push 0097A3EA
Ret
00C7AFF4:
DD FlyMobVac
[Disable]
00C7AFF4:
DD 0097A20F
DeAlloc(FlyMobVac)
TwMS v1.49.2_ICS_角色ID隱藏
[Enable]
Alloc(NoNameICS, 64)
NoNameICS:
Cmp [Esp], 008E9C9A
Jne 004A2D39
Mov [Esp], 008E9CA9 //33 c0 53 50 8b ce
Jmp 004A2D39
00C7E2E4:
DD NoNameICS
[Disable]
00C7E2E4:
DD 004A2D39
DeAlloc(NoNameICS)
TwMS v1.49.2_ICS_終極攻擊100%
[enable]
registersymbol(UltimateIcs)
alloc(UltimateIcs,512)
label(Ultimate)
UltimateIcs:
cmp [esp+24],008efa0e
jne 0072937b
mov [esp+24],Ultimate
jmp 0072937b
Ultimate:
push 65
pop ecx
xor edx,edx
div ecx
push [ebp-18]
mov ecx,[ebp-08]
mov [ebp-1c],edx
call 006d8c54
mov ecx,eax
call 006af9e1
cmp [ebp-1c],eax
jmp 008efa3d
00df0624:
dd UltimateIcs
[disable]
00df0624:
dd 0072937b
TwMS v1.49.2_MSCRCBypass
//TwMS v149.2_MSCRCBypass
[Enable]
Alloc(MSCRCBypass, 512)
Alloc(FakeDump, 10047488)
Label(BackToMS)
Label(MSCRCCrack)
Label(BackToCrack)
Label(MSmemcpy)
Label(StartHook)
Label(Title)
Label(SuccessMsg)
CreateThread(MSmemcpy)
MSCRCBypass:
Cmp Ecx, 00401000
Jnge BackToMS
Cmp Ecx, 00B2B000
Jnl BackToMS
Sub Ecx, 00401000
Add Ecx, FakeDump
BackToMS:
Xor Edx,Edx
Mov Ebx,[Ebp+08]
Push 00A2C3AF+5
Ret
MSCRCCrack:
Cmp Edx, 00401000
Jnge BackToCrack
Cmp Edx, 00B2B000
Jnl BackToCrack
Sub Edx, 00401000
Add Edx, FakeDump
BackToCrack:
Push [Edx]
Push 00EFACB5
Ret
MSmemcpy:
cld
mov edi, FakeDump
mov esi, 00401000
mov ecx, 00265400
repe movsd
StartHook:
Mov Eax, 00A2C3AF //33 d2 8b 5d 08 8a 11
lea ebx, [eax+05] //The Target Address - The Next Address
sub ebx, MSCRCBypass
neg ebx
mov byte ptr [eax], e9 //jmp
mov [eax+01], ebx //Target AOB
Mov Eax, 00F05239 //e9 ?? ?? ff ff ff 32 e9 ?? ?? ff ff +5
lea ebx, [eax+05] //The Target Address - The Next Address
sub ebx, MSCRCCrack
neg ebx
mov byte ptr [eax], e9 //jmp
mov [eax+01], ebx //Target AOB
push 40 //MB_ICONINFORMATION
push Title
push SuccessMsg
push 00
call MessageBoxA
ret
Title:
db 'MSCRC Bypass' 00
SuccessMsg:
db 'Anti-MSCRC-Check Init Successfully!' 00
[Disable]
TwMS v1.47.2_ICS_封包無敵
[ENABLE]
registersymbol(PacketFix)
alloc(PacketFix,512)
registersymbol(x1)
alloc(x1,20)
PacketFix:
push eax
mov eax,[esp+8]
mov [x1],eax //
mov eax,[eax+8]
mov [x1+4],eax
pop eax
push ebp
mov ebp,esp
push ff
jmp 004965D7
004965D2:
jmp PacketFix
[DISABLE]
004965D2:
push ebp
mov ebp,esp
push ff
dealloc(PacketFix)
unregistersymbol(PacketFix)
TwMS v1.59.2_ICS_技能連跳+不耗魔
[Enable]
GlobalAlloc(UltimateJmp, 64)
GlobalAlloc(JmpRow, 04)
UltimateJmp:
Cmp [JmpRow], 01
DB 75 11
Cmp [Esp+0C], 00AE6072
DB 75 07
Mov [Ebp-60], 00AE6096
Mov Ecx, [004385DF]
jmp 0042B967
JmpRow:
DB 01
[Disable]
JmpRow:
DD 00
2014年2月6日 星期四
TwMS v1.51.1_CRC_MultiBypass
[Enable]
//Hackshield 0x206 Bypass
Alloc(MultiMS, 64)
MultiMS:
Mov Ecx, 004A3DBE
mov [ebp-000002A4],ecx
Jmp 00A4A1AC
00A4A1A6:
Jmp MultiMS
[Disable]
00A4A1A6:
DB 89 8D 5C FD FF FF
DeAlloc(MultiMS)
TwMS v1.50.2_ICS_死亡逃獄
[ENABLE]
Alloc(LoseHP, 256)
Alloc(Hook,64)
LoseHP:
pushad
mov ecx,[00E1847C]
push 01
push 01
push 00
push 00
push 00
push 00
push 00
push 00
push 00
push #01 // 單次扣血量
call 00921C61
popad
ret
Hook:
cmp [esp],0088EF6F
jne PtInRect
call LoseHP
jmp PtInRect
00E25E64:
dd Hook
[DISABLE]
TwMS v1.50.2_ICS_超級定怪
[Enable]
Alloc(HookEsp, 128)
Label(ICSRet)
HookEsp:
Cmp [Esp],0097B4A8 //85 C0 74 ?? FF 74 24 ?? 8B 06 FF 74 24 ?? 8B CE
Jne ICSRet
Push 0097B4BF //33 C0 33 D2 5E C2 ?? ?? 56 57
Pop [Esp]
ICSRet:
Push 0097B4C7 //56 57 6A ?? 8D 71 ?? 8D 79 ?? 59
Ret
00C8DA20:
DD HookEsp
[Disable]
00C8DA20: //[5/10]
DD 0097B4C7
DeAlloc(HookEsp)
TwMS_v1.50.2_ICS_MobSkillIgnore
[enable]
Alloc(MobSkillHook,32)
00DFCA4C:
DD MobSkillHook
MobSkillHook:
cmp [esp+3C],00607E4B
jne 0072C5C5
mov [esp+3C],00607E8D
jmp 0072C5C5
[disable]
00DFCA4C:
DD 0072C5C5
DeAlloc(MobSkillHook)
TwMS v1.50.2_ICS_部分技能最大值
[Enable]
Alloc(ICSHook, 512)
Label(SkillMax)
registersymbol(Updatebingfeng)
Alloc(Updatebingfeng, 4)
ICSHook:
Cmp [Esp], 008eebda
Jne OffsetRect
Mov [Esp], SkillMax
Jmp OffsetRect
SkillMax:
push ebx
push ebx
mov [ebp+5C],ebx
lea eax,[ebp+5C]
push ebx
cmp [ebp+6B],bl
jne 008EEBE8
pop ebx
pop ebx
pop ebx
mov ecx,[00e1cabc]
pushad
push 00
push 00
push 00
push 00
push 00
push 00
push 00
push 01
push eax
lea eax,[ebp+24]
push eax
call 00615e25
inc [Updatebingfeng]
popad
cmp dword ptr [Updatebingfeng],20
jnge SkillMax
mov [Updatebingfeng],00000000
mov eax,[ebp+5C]
mov [ebp+60],eax
cmp [ebp+60],ebx
je 008eec61
mov eax,[ebp+60]
mov ecx,[eax+000001a0]
cmp [eax+0000033c],ebx
jne 008eec4f
mov ecx,eax
call 006093fe
mov eax,[ebp+60]
cmp [eax+00000428],ebx
je 008EEC63
mov [ebp+60],ebx
mov eax,[ebp+60]
cmp eax,ebx
je 008eec61
mov eax,[eax+0000019c]
jmp 008eec63
Updatebingfeng:
DD 00
Ret
00E25E34:
DD ICSHook
[Disable]
00E25E34:
DD OffsetRect
DeAlloc(ICSHook)
TwMS v1.50.2_ICS_CSMobVac
[Enable]
Alloc(CSMobVac, 512)
Label(FakeJmp1)
CSMobVac:
Push Ebp
Mov Ebp,Esp
Push Ebx
Push Esi
Mov Esi,[Ebp+08]
Xor Ebx,Ebx
Push Edi
Cmp [Esi+14],Ebx
JNE 0097F20E
mov ecx,[00e1cff0]
call 0097f1d9
mov [ebp+08],eax
fild dword ptr [ebp+08]
mov edi,[ebp+0c]
fdiv qword ptr [00c0dc60]
fstp qword ptr [ebp+34]
cmp edi,ebx
je FakeJmp1
fld qword ptr [esi+3c]
push ecx
fsub qword ptr [esi+1c]
push ecx
fmul qword ptr [ebp+34]
fadd qword ptr [esi+1c]
fstp qword ptr [esp]
call 004ea7d0
pop ecx
pop ecx
Mov Eax, [00E20700]
Mov Eax, [Eax+0F98]
mov [edi],eax
jmp FakeJmp1
FakeJmp1:
mov edi,[ebp+10]
cmp edi,ebx
je 0097f2ad
fld qword ptr [esi+44]
push ecx
fsub qword ptr [esi+24]
push ecx
fmul qword ptr [ebp+34]
fadd qword ptr [esi+24]
fstp qword ptr [esp]
call 004ea7d0
pop ecx
pop ecx
Mov Eax, [00E20700]
Mov Eax, [Eax+0F9C]
Jmp 0097F2AB
00c8d9c8: // 5/10 CSMobVac
DD CSMobVac
[Disable]
00c8d9c8:
DD 0097f1fe // 55 8b ec 53 56 8b 75 08 33 db
DeAlloc(CSMobVac)
TwMS v1.50.2_ICS_仿007走入模式
[ENABLE]
registersymbol(MyAuto)
alloc(MyAuto,1024)
registersymbol(MyAutoLR)
alloc(MyAutoLR,1024)
registersymbol(MyAutoLRNo007)
alloc(MyAutoLRNo007,1024)
registersymbol(MyAutoLRKeyLR)
alloc(MyAutoLRKeyLR,4)
registersymbol(MyAutoLRKeyLRVal)
alloc(MyAutoLRKeyLRVal,4)
registersymbol(AutoLRMob)
alloc(AutoLRMob,4)
registersymbol(tick)
alloc(tick,4)
registersymbol(delay)
alloc(delay,4)
registersymbol(nextGo)
alloc(nextGo,4)
registersymbol(step)
alloc(step,4)
registersymbol(AutoLRPeopleX)
alloc(AutoLRPeopleX,4)
Label(MyAutoLR00)
Label(MyAutoLR01)
Label(MyAutoLR02)
Label(test1)
Label(test2)
Label(SetLR)
Label(back)
Label(back2)
Label(Set01)
Label(Set02)
Label(Cmp1)
Label(Cmp2)
//-----------------------------------------------
AutoLRPeopleX:
DD 0 // 定點X
AutoLRMob:
DD 0 //1.007 2.左右
MyAutoLRKeyLR:
DD 0f
step:
DD 1
delay:
DD 1388
//-----------------------------------------------
MyAuto:
cmp [esp], 009895ec //3b c7 0f 85 ?? ?? 00 00 8b 0d ?? ?? ?? 00
jne GetFocus
cmp [AutoLRMob],0
je GetFocus
cmp [AutoLRMob],1
je Cmp1
cmp [AutoLRMob],2
je Cmp2
jmp GetFocus
Cmp1:
mov [esp],MyAutoLR
jmp GetFocus
Cmp2:
mov [esp],MyAutoLRNo007
jmp GetFocus
MyAutoLRNo007:
pushad
Inc [MyAutoLRKeyLRVal]
Mov Eax, [MyAutoLRKeyLR]
Cmp Eax, [MyAutoLRKeyLRVal]
Jge MyAutoLR02
Add Eax, [MyAutoLRKeyLR]
Cmp Eax, [MyAutoLRKeyLRVal]
Jge MyAutoLR01
Mov [MyAutoLRKeyLRVal], 1
Jmp MyAutoLR02
MyAutoLR:
cmp [step], 0
je MyAutoLR00
cmp [step], 2
jle back
push eax
call 00956312 //A1 ?? ?? ?? 00 8B 40 1C C3
sub eax,[delay]
cmp eax,[nextGo]
pop eax
jbe MyAutoLR00
push eax
call 00956312
Add eax, [delay]
mov [nextGo], eax
pop eax
jmp SetLR
SetLR:
cmp [step],3
je Set02
cmp [step],4
je Set01
Set01:
mov [step],1
jmp back
Set02:
mov [step],2
jmp back
back:
pushad
mov eax,[00E1847C]
mov eax,[eax+49c]
cmp eax,FA0
jg back2
popad
cmp [step],1
je test1
cmp [step],2
je test2
jmp MyAutoLR00
back2:
popad
jmp MyAutoLR00
test1:
pushad
mov ebx,[AutoLRPeopleX]
add ebx,43
mov eax,[00E20700]
mov eax,[eax+0f98]
cmp ebx,eax
jge MyAutoLR01
mov [step],3
jmp MyAutoLR02
test2:
pushad
mov ebx,[AutoLRPeopleX]
sub ebx,3E
mov eax,[00E20700]
mov eax,[eax+0f98]
cmp ebx,eax
jle MyAutoLR02
mov [step],4
jmp MyAutoLR01
MyAutoLR01:
popad
mov [ebp-04],1
jmp MyAutoLR00
MyAutoLR02:
popad
mov [ebp-04],ffffffff
jmp MyAutoLR00
MyAutoLR00:
jmp 009898bf
00e25ec0:
DD MyAuto
[DISABLE]
00e25ec0:
DD GetFocus
unregistersymbol(AwesomeMan)
dealloc(AwesomeMan)
unregistersymbol(MyAutoLR)
dealloc(MyAutoLR)
TwMS v1.50.2_ICS_惡魔直接狼頭
[Enable]
alloc(DFMODE,512)
registersymbol(DFMODE)
Label(FakeCall1)
Label(FakeCall2)
Label(RealCall1)
Label(RealCall2)
Label(HookFun1)
Label(HookFun2)
//-------------------
DFMODE:
//-------------------
FakeCall1:
CMP [ESP+0C],009419A4
JNE RealCall1
MOV [ESP+0C],HookFun1
//-------------------
RealCall1:
JMP 00521B03
//-------------------
HookFun1:
lea ecx,[eax+1a8]
call 0046735e
push eax
call 00549a8d
pop ecx
test eax,eax
mov ecx,[ebp+50]
push ebx
call 004e7a3c
test eax,eax
mov eax,[esi]
mov ecx,esi
call dword ptr [eax+50]
push eax
call 0046aa44
pop ecx
test eax,eax
push ebx
call 008c44d4
pop ecx
mov eax,[esi+3e8]
push eax
call 0045ef17
push [esi+3ec]
mov [ebp+48],eax
call 0045ef17
pop ecx
pop ecx
mov ecx,[00e181d8]
mov [ebp+10],eax
lea eax,[ebp+58]
push eax
CMP EBX,1D905C4
JNZ 00941A0F
PUSH 1D909B0
JMP 00941A10
//-------------------
FakeCall2:
CMP [ESP],00944BBE
JNE RealCall2
MOV [ESP],HookFun2
//-------------------
RealCall2:
JMP 008F9CC7
//-------------------
HookFun2:
push eax
call 0049E09A
pop ecx
MOV EaX,[EBP+14]
mov ecx,[00E181D8]
push ebx
push ebx
push ebx
lea eax,[ebp+6c]
push eax
CMP [EBP+68],1D905C4
JNZ 00944C5C
PUSH 1D909B0
JMP 00944C5F
//-------------------
00C0F6E0:
DD FakeCall1
//-------------------
00C8A1A4:
DD FakeCall2
//-------------------
[Disable]
00C0F6E0:
DD 00521B03
//-------------------
00C8A1A4:
DD 008F9CC7
//-------------------
dealloc(DFMODE)
unregistersymbol(DFMODE)
TwMS v1.50.2_ICS_程式控怪+跳怪掉落
[ENABLE]
Alloc(JumpMobFall, 512)
Alloc(MobLR, 512)
RegisterSymbol(MobGoX)
Alloc(MobGoX, 4)
RegisterSymbol(JumpDown)
Alloc(JumpDown, 4)
RegisterSymbol(CtrlMob)
Alloc(CtrlMob, 4)
RegisterSymbol(PeopleMobX)
Alloc(PeopleMobX, 4)
Label(ControlMob)
Label(Back)
Label(GoLeft)
Label(GoRight)
Label(GoMe)
Label(GoMe_R)
Label(GoMe_L)
Label(GoPoint)
Label(GoX)
Label(GetX)
PeopleMobX:
DD 0
JumpDown:
DD 0 // 跳怪掉落開關
CtrlMob:
DD 0 // 控怪開關,0關1左2右3跟隨4取點5定點
MobLR:
Push Ebp
Mov Ebp, Esp
Sub Esp, 20
Mov Eax, [Ebp+08]
Push Ebx
Push Esi
mov esi,[00e1ca18]
Mov Ebx, Ecx
Push Edi
//-----------------------------------
Cmp [Ebx+000002A8], 01
Je ControlMob
Cmp [Ebx+000002A8], 03
Je ControlMob
Jmp Back
ControlMob:
Cmp [CtrlMob], 00
Je Back
Cmp [CtrlMob], 01
Je GoLeft
Cmp [CtrlMob], 02
Je GoRight
Cmp [CtrlMob], 05
Je GoX
Mov Edi, [00E20700]
Mov Edi, [Edi+f98]
Cmp [CtrlMob], 04
Je GetX
Cmp [CtrlMob], 03
Je GoMe
Jmp Back
GoMe:
Push Edi
Mov Edi, [00e1847c]
Mov Edi, [Edi+047C]
And Edi, 01
Test Edi, Edi
Je GoMe_R
Jne GoMe_L
Pop Edi
Jmp Back
GoMe_R:
Pop Edi
Add Edi, 64
Jmp GoPoint
GoMe_L:
Pop Edi
Sub Edi, 64
Jmp GoPoint
GoPoint:
Cmp [Ebx+000006A4], Edi
Jl GoRight
Jg GoLeft
Jmp Back
GetX:
Mov Edi,[PeopleMobX] //定點X
Mov [MobGoX], Edi
Mov [CtrlMob], 05
Jmp GoX
GoX:
Mov Edi, [MobGoX]
Sub Edi, 2
Cmp [Ebx+000006A4], Edi
Jl GoRight
Add Edi, 4
Cmp [Ebx+000006A4], Edi
Jg GoLeft
Mov [Ebx+000002A8], 06
Jmp GoMe
GoRight:
Mov [Ebx+00000000EC], 00000004
Mov [Ebx+00000000FC], 00000001
Jmp Back
GoLeft:
Mov [Ebx+00000000EC], 00000005
Mov [Ebx+00000000FC], FFFFFFFF
Jmp Back
//-----------------------------------
Back:
Jmp 00984679
JumpMobFall:
Cmp [JumpDown], 0
Je 00983647
Push Ebp
Mov Ebp, Esp
Sub Esp, 0C
Push Ebx
Push Esi
Mov Esi, Ecx
Cmp dword ptr [Esi+000002A8], 03
Push Edi
mov edi,[00e1ca18]
Jmp 00983748
00C837A0:
DD MobLR
00C837A4:
DD JumpMobFall
[DISABLE]
00c8d9f8:
DD 00984665 //0097de6c //55 8B EC 83 EC 20 8B 45 08 53 56 8B 35
00c8d9fc:
DD 00983647 //0097CE4E //55 8b ec 83 ec 0c 53 56 8b f1 83 be ?? ?? 00
Dealloc(JumpMobFall)
Dealloc(MobLR)
Dealloc(CtrlMob)
Dealloc(MobGoX)
Dealloc(JumpDown)
UnregisterSymbol(CtrlMob)
UnregisterSymbol(MobGoX)
UnregisterSymbol(JumpDown)
TwMS v1.50.2_ICS_進戰不揮(弓)空.砲筒無延遲
[Enable]
Alloc(NoEmptyAtkICS, 512)
Alloc(Updatebingfeng, 4)
Alloc(SkillMaxSw, 4)
Alloc(NoEmptyAtkSw, 4)
Label(NoEmptyAtkICSMain)
Label(SkillMaxMain)
Label(SkillMaxMainI)
SkillMaxSw:
dd 0 //砲筒無延遲
NoEmptyAtkSw:
dd 0 //進戰不揮空
NoEmptyAtkICS:
//[1/2]
//0f b6 85 ?? ?? ff ff 85 c0 74 2f 6a 00 6a 00 6a 00 6a 01 6a 00
Cmp [Esp], 00925ff9
Je NoEmptyAtkICSMain
Cmp [Esp], 008eebda
Je SkillMaxMain
jmp OffsetRect
SkillMaxMain:
cmp [SkillMaxSw],0
je OffsetRect
Add Esp, 4
Call OffsetRect
jmp SkillMaxMainI
SkillMaxMainI:
push ebx
push ebx
mov [ebp+5C],ebx
lea eax,[ebp+5C]
push ebx
cmp [ebp+6B],bl
jne 008EEBE8
pop ebx
pop ebx
pop ebx
mov ecx,[00e1cabc]
pushad
push 00
push 00
push 00
push 00
push 00
push 00
push 00
push 01
push eax
lea eax,[ebp+24]
push eax
call 00615e25
inc [Updatebingfeng]
popad
cmp dword ptr [Updatebingfeng],20
jnge SkillMaxMainI
mov [Updatebingfeng],00000000
mov eax,[ebp+5C]
mov [ebp+60],eax
cmp [ebp+60],ebx
je 008eec61
mov eax,[ebp+60]
mov ecx,[eax+000001a0]
cmp [eax+0000033c],ebx
jne 008eec4f
mov ecx,eax
call 006093fe
mov eax,[ebp+60]
cmp [eax+00000428],ebx
je 008EEC63
mov [ebp+60],ebx
mov eax,[ebp+60]
cmp eax,ebx
je 008eec61
mov eax,[eax+0000019c]
jmp 008eec63
NoEmptyAtkICSMain:
cmp [NoEmptyAtkSw],0
je OffsetRect
Add Esp, 4
Call OffsetRect
movzx eax,byte ptr [ebp-00000131]
test eax,eax
push [ebp-000001c8]
push 00
push 00
push 00
push 00
push 00
push 00
push [ebp-000001a8]
lea eax,[ebp-000001a4]
push eax
lea eax,[ebp-78]
push eax
call 004380b4
mov ecx,eax
call 00615e25
mov [ebp-000021cc],eax
mov eax,[ebp-000021cc]
mov [ebp-00000088],eax
Jmp 00926087
00e25e34:
DD NoEmptyAtkICS
[Disable]
00e25e34:
DD OffsetRect
DeAlloc(NoEmptyAtkICS)
TwMS v1.50.2_ICS_熱鍵技能不漏放
[ENABLE]
registersymbol(xHookHotKey)
alloc(xHookHotKey,128)
registersymbol(xHotKey)
alloc(xHotKey,512)
label(xHotKey1)
label(xHotKey2)
label(xHotKey3)
label(xHotKey4)
label(xHotKey5)
label(xNormal)
//==========11組的空間 16*11
alloc(xKey_Skill,176)
alloc(xSkill_Set,4)
alloc(xSkill_Cnt,4)
alloc(xSkill_Run,4)
alloc(xJustDo1,4)
alloc(xJustDo2,4)
alloc(xJustDo3,4)
//==========可修改偵測組數
xSkill_Cnt:
dd 4
//==========不可修改
xSkill_Set:
dd 0
xSkill_Run:
dd 0
xJustDo1:
dd 00000000
xJustDo2:
dd 0
xJustDo3:
dd 0
//==========
xHookHotKey:
cmp [esp],00500419
//81 ? ? ? ? ? 10 27 00 00
jne ImmGetContext
mov [esp],xHotKey
jmp ImmGetContext
xHotKey:
test eax,eax
je xHotKey1
lea ecx,[esi+00007498]
call 0042259E
je 0050043D
jmp xNormal
xHotKey1:
pushad
cmp [xSkill_Cnt],1
jl xNormal
cmp [xSkill_Set],1 //是否設熱鍵
je xHotKey2
//==========
//PgUp 01490000 //1864
//PgDown 01510000 //1894
//Insert 01520000 //184c
//Delete 01530000 //187c
//Home 01470000 //1858
//End 014f0000 //1888
//==============鍵盤按鍵代碼
//00020000 =1 鍵盤列往右+1 2 = 00030000
//00100000 =q 鍵盤列往右+1 w = 00110000
//001e0000 =a 鍵盤列往右+1 s = 001f0000
//002c0000 =z 鍵盤列往右+1 x = 002d0000
//====讀取熱鍵設定
mov ecx,0 //第1組
imul eax,ecx,10
mov [xKey_Skill+eax+00],01470000 //魔心
mov [xKey_Skill+eax+04],00004e20 //600秒
mov [xKey_Skill+eax+08],0000012c //延遲時間
mov [xKey_Skill+eax+0c],00000000 //下次施放時間
//====
inc ecx //第2組
imul eax,ecx,10
mov [xKey_Skill+eax+00],01490000 //天祝
mov [xKey_Skill+eax+04],00004e20 //240秒
mov [xKey_Skill+eax+08],000003e8 //延遲時間
mov [xKey_Skill+eax+0c],00000000 //下次施放時間
//====
inc ecx //第3組
imul eax,ecx,10
mov [xKey_Skill+eax+00],01520000 //神聖之光
mov [xKey_Skill+eax+04],00004e20 //240秒
mov [xKey_Skill+eax+08],000003e8 //延遲時間
mov [xKey_Skill+eax+0c],00000000 //下次施放時間
//====要增加熱鍵請複製下列這組
inc ecx //第4組
imul eax,ecx,10
mov [xKey_Skill+eax+00],014f0000 //祈禱
mov [xKey_Skill+eax+04],00004e20 //120秒
mov [xKey_Skill+eax+08],000007d0 //延遲時間
mov [xKey_Skill+eax+0c],00000000 //下次施放時間
//====
xor edi,edi
xor ebx,ebx
xor edx,edx
mov [xSkill_Set],1 //已設好
xHotKey2:
mov eax,[00E1CFF0]
mov eax,[eax+1c]
cmp eax,[xSkill_Run] //是否過了延遲時間
jl xHotKey4
sub eax,7d0 //提前2秒檢測(最長延遲2秒)
mov edi,0
xHotKey3:
cmp edi,[xSkill_Cnt]
jge xNormal
imul ecx,edi,10
mov ebx,[xKey_Skill+ecx+0c]
cmp ebx,0
je xHotKey5
cmp eax,ebx
jge xHotKey5
inc edi
jmp xHotKey3
xHotKey4:
cmp [xJustDo2],0
je xNormal
call clock
mov [xJustDo2],0
cmp eax,[xJustDo3]
jg xNormal
mov [xJustDo2],1
mov eax,[xJustDo1]
mov [ebp+0c],eax
jmp xNormal
xHotKey5:
//====強制變更按鍵
mov ebx,[xKey_Skill+ecx+00]
mov [ebp+0c],ebx
mov [xJustDo1],ebx
mov [xJustDo2],1
mov eax,[00E1CFF0]
mov eax,[eax+1c]
mov [xJustDo3],eax
mov edx,[xKey_Skill+ecx+04]
add eax,edx
mov [xKey_Skill+ecx+0c],eax
sub eax,edx
mov edx,[xKey_Skill+ecx+08]
add eax,edx
mov [xSkill_Run],eax
xor eax,eax
mov eax,[xJustDo3]
add eax,a
mov [xJustDo3],eax
jmp xNormal
xNormal:
popad
push [ebp+0C]
mov ecx,[00E1847C]
push [ebp+08]
jmp 00500438
00E25FD4:
DD xHookHotKey
[DISABLE]
00E25FD4:
DD ImmGetContext
//===========
dealloc(xHookHotKey)
unregistersymbol(xHookHotKey)
dealloc(xHotKey)
unregistersymbol(xHotKey)
TwMS v1.50.2_ICS_疾風N合1
[ENABLE]
RegisterSymbol(Main)
Alloc(Main, 4096)
RegisterSymbol(Time)
Alloc(Time, 4)
RegisterSymbol(MissTime)
Alloc(MissTime, 4)
RegisterSymbol(MissTimeCmp)
Alloc(MissTimeCmp, 4)
RegisterSymbol(MobJump)
Alloc(MobJump, 4)
RegisterSymbol(MobFastSwitch)
Alloc(MobFastSwitch, 4)
RegisterSymbol(MobBack)
Alloc(MobBack, 4)
RegisterSymbol(NoHurtSwitch)
Alloc(NoHurtSwitch, 4)
RegisterSymbol(ItemClean)
Alloc(ItemClean, 4)
RegisterSymbol(ItemID)
Alloc(ItemID, 4)
Label(Nohurt)
Label(NohurtMain)
Label(NohurtMainI)
Label(NohurtMainII)
Label(StupidMonster)
Label(StupidMonsterMain)
Label(MobNoJump)
Label(MobNoJumpMain)
//------
registersymbol(CheckESP)
alloc(CheckESP,512)
registersymbol(ItemList)
alloc(ItemList,204800)
Label(HookItem)
Label(HookItemFun)
Label(HookOr1)
Label(HookOr2)
Label(Filter)
Label(Skip)
Label(End)
Label(Return)
//------
Label(HookESP)
Label(HookFun)
//--------
Label(MobFast)
Label(MobFastMain)
Label(MobFastMainI)
//--------
RegisterSymbol(UltimateSwitch)
Alloc(UltimateSwitch, 4)
label(Ultimate)
label(UltimateMain)
//==============
NoHurtSwitch:
DD 1 //無敵
UltimateSwitch:
dd 1 //終極攻擊
MobJump:
dd 1 //跳怪跳控制
MobFastSwitch:
dd 0 //怪物移動加速
MobBack:
dd 0 //怪物不退
ItemClean:
dd 0 //物品過路
Time:
DD FFFF1D70 //無敵58秒
MissTime:
DD 5 //迴避次數
ItemList:
dd 00
Main:
Cmp [Esp+24], 00922C4C //E8 ?? ?? ?? FF F6 80 ?? ?? ?? 00 02 74 ?? 89
Je Nohurt
Cmp [Esp+24], 00982F03 //6A 05 33 D2 59 F7 F1 85 D2
Je MobNoJump
Cmp [Esp+24], 00981B64 //33 D2 B9 60 EA 00 00 F7 F1
Je StupidMonster
Cmp [Esp+6C], 004EEFDC //8B 45 E4 8B 75 B0
Je HookItem
Cmp [Esp+3C], 00610723 //83 7D 3C 01 75 11
JE HookESP
cmp [esp+3c], 006226E1 //85 C0 0F ?? ?? ?? ?? ?? 8B 7E ?? 80 3F
je MobFast
cmp [esp+24], 008f5e8a //6a 65 59 33 d2 f7 f1
je Ultimate
Jmp 0072C5C5
//==============
Nohurt:
Mov [Esp+24], NohurtMain
Jmp 0072C5C5
StupidMonster:
Mov [Esp+24], StupidMonsterMain
Jmp 0072C5C5
MobNoJump:
Mov [Esp+24], MobNoJumpMain
Jmp 0072C5C5
HookItem:
Mov [Esp+6C],HookItemFun
JMP 0072C5C5
HookESP:
Mov [ESP+3C],HookFun
JMP 0072C5C5
Ultimate:
cmp [UltimateSwitch],0
je 0072C5C5
Mov [esp+24],UltimateMain
JMP 0072C5C5
MobFast:
cmp [MobFastSwitch],0
je 0072C5C5
mov [esp+3c],MobFastMain
jmp 0072C5C5
//-------------------------
UltimateMain:
push 65
pop ecx
xor edx,edx
div ecx
push [ebp-18]
mov ecx,[ebp-08]
mov [ebp-1c],edx
call 006dbcd8
mov ecx,eax
call 006b2a76
cmp [ebp-1c],eax
jmp 008f5eb9
//-------------------------
MobFastMain:
test eax,eax
jng 0062287E //8D 4E ?? E8 ?? ?? ?? ?? 33 D2
mov edi,[esi+30]
cmp byte ptr [edi],03
jne MobFastMainI
jmp 006226F1
MobFastMainI:
lea eax,[ebp-20]
push eax
lea eax,[ebp-18]
push eax
lea eax,[ebp-08]
push eax
lea eax,[ebp-10]
push eax
movsx eax,word ptr [edi+10]
push eax
mov ecx,esi
Mov eax,64 //移動速度
JMP 00622764
//-------------------------
HookFun:
cmp [MobBack],1
jne 00610723 //83 7D ?? ?? 75 ?? 8B 4D ?? E8 ?? ?? ?? ?? 39 45
CMP DWORD PTR SS:[EBP+3C],1
jne 0061073A
mov ecx,[ebp-18]
call 005FD5D9 //55 8B EC 51 56 8B F1 8B 0D ?? ?? ?? ?? 57 85 C9
jmp 00610736 //33 D2 EB ?? 8B 55
//-------------------------
StupidMonsterMain:
Xor Edx, Edx
Mov Ecx, 0000ea60
Lea Ecx, [Esi+000002c0]
Jmp 00981B79 //52 E8 ?? ?? ?? ?? 8B 5D ?? 8D BE
//-------------------------
MobNoJumpMain:
Push 05
Xor edx,edx
Pop ecx
Div ecx
Test edx,edx
Cmp [MobJump], 1
Je 00982F17 //8B CF C7 86 ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? 33 D2
Cmp [MobJump], 2
Je 00982F0E // Mov Ecx, Esi
Jmp 00982F0A // Test Edx, Edx
//-------------------------
NohurtMain:
cmp [NoHurtSwitch],0
je NohurtMainII
call 0042FDB1 //56 8B 35 ?? ?? ?? ?? 85 F6 74 15
Mov Eax, [Ebp+58]
Shr Eax, 2 // 損血量 * 0.75倍
Sub [Ebp+58], Eax
Mov Eax, [Time]
Mov Ecx, [MissTime]
Cmp [MissTimeCmp], Ecx
Jge NohurtMainI
Mov [Ebp+58],0
Mov [Ebp+5C],0
Mov [Ebp+60],0
Inc [MissTimeCmp]
Jmp 009231A9
//8D 8B ?? ?? 00 00 50 E8 ?? ?? ?? FF E9 ?? ?? ?? 00 6A 05
//==============
NohurtMainI:
Mov [Ebp+5C],0
Mov [Ebp+60],0
Mov [MissTimeCmp], 0
Jmp 009231A9 //8D 8B ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? E9 ?? ?? ?? ?? 6A
//==============
NohurtMainII:
Mov [Ebp+5C],0
Mov [Ebp+60],0
call 0042FDB1 //56 8B 35 ?? ?? ?? ?? 85 F6 74 15 8D 4E
Mov Eax, fffffa24
Jmp 009231A9
//-------------------------
HookItemFun:
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV ESI,DWORD PTR SS:[EBP-50]
cmp [ItemClean],0
je Return
MOV BYTE PTR DS:[ESI+1C],AL
CMP EAX,1
JE HookOr1
CMP EAX,2
JE HookOr1
XOR AL,AL
JMP HookOr2
HookOr1:
MOV AL,1
HookOr2:
MOV BYTE PTR DS:[ESI+1D],AL
MOV DWORD PTR DS:[ESI+20],EDI
MOV EDI,DWORD PTR SS:[EBP+8]
MOV ECX,EDI
call 00408B13
MOVZX EAX,AL
MOV ECX,EDI
MOV DWORD PTR DS:[ESI+30],EAX
call 00408B6F
PUSH ESI
MOV ESI,ItemList
Filter:
mov [ItemID],eax
CMP EAX,C350
JLE End
CMP DWORD PTR DS:[ESI],0
Je End
CMP DWORD PTR DS:[ESI],EAX
Je Skip
ADD ESI,4
JMP Filter
Skip:
XOR EAX,EAX
End:
POP ESI
MOV ECX,EDI
MOV [ESI+34],EAX
JMP 004EF017
Return:
MOV BYTE PTR DS:[ESI+1C],AL
cmp eax,01
jmp 004EEFE8
//-------------------------
00DFCA4C:
dd Main
[DISABLE]
00DFCA4C:
DD 0072C5C5
//-------------------------
DeAlloc(Main)
UnRegisterSymbol(Main)
DeAlloc(Time)
UnRegisterSymbol(Time)
DeAlloc(MissTime)
UnRegisterSymbol(MissTime)
DeAlloc(MissTimeCmp)
UnRegisterSymbol(MissTimeCmp)
TwMS v1.51.2_CRC_技能無延遲2
[enable]
registersymbol(SkillNodelay)
alloc(SkillNodelay,128)
registersymbol(Switch)
alloc(Switch,4)
Label(Normal)
Label(Main)
Switch:
dd 1
SkillNodelay:
cmp dword ptr [Switch],00
je Normal
push esi
push 01
mov esi,ecx
cmp [esp+08],00f1f376
je Main
cmp [esp+08],00fcd1a1
je Main
cmp [esp+08],01095331
je Main
jmp 00412B44
Main:
call 00412B01
mov ecx,[esi+08]
mov eax,[esi+04]
mov edx,00000004
mov [ecx+eax],dl
jmp 00412B56
Normal:
push esi
push 01
mov esi,ecx
jmp 00412B44
00412B3F:
jmp SkillNodelay
[disable]
00412B3F:
push esi
push 01
mov esi,ecx
TwMS v1.51.2_CRC_技能無延遲1
[ENABLE]
Registersymbol(T)
Alloc(T, 4)
Registersymbol(THREE)
Alloc(THREE, 128)
Label(stop)
registersymbol(R2)
alloc(R2,1024)
registersymbol(R2KEY)
alloc(R2KEY,4)
label(R200)
Label(change)
//-----------------------------------------------
R2KEY:
DD 0
//-----------------------------------------------
THREE:
push eax
mov eax,[00e92390] //004C0169
mov eax,[eax+1c]
cmp eax,[T]
pop eax
jl stop
jmp R2
R2:
push eax
mov eax,[00e8da4c] //ok
cmp [eax+4b8],ffffffff
pop eax
jne change
cmp [R2KEY],2
jg R200
mov edi,ffffffff
push eax
mov eax,[00e8da4c] //ok
mov [eax+4b0],0
pop eax
push eax
mov eax,[00e8da4c] //ok
mov [eax+4b6],FFFF0000
mov [eax+4b7],FFFFFF00
mov [eax+4b8],ffffffff
mov [eax+4b9],00FFFFFF
mov [eax+4bb],FF
pop eax
push eax
mov eax,[00e92390] //004C0169
mov eax,[eax+1c]
mov [T],eax
pop eax
add [T],960
jmp stop
//-----------------------------------------------
R200:
mov [R2KEY],0
push [ebp+0c]
lea ecx,[esi+94]
mov eax,[ecx]
jmp 0090F4BA
//-----------------------------------------------
change:
add [R2KEY],1
jmp stop
stop:
push [ebp+0c]
lea ecx,[esi+94]
mov eax,[ecx]
jmp 0090F4BA
0090F4AF:
jmp R2
[DISABLE]
008D65F5:
push [ebp+0c]
lea ecx,[esi+00000094]
Unregistersymbol(T)
dealloc(T)
Unregistersymbol(THREE)
dealloc(THREE)
dealloc(R2)
unregistersymbol(R2)
dealloc(R2KEY)
unregistersymbol(R2KEY)
TwMS ALL_CRC_黑頻
//Aob: 74 ?? 8d 45 0c 50 e8 ?? ?? ?? ?? 8B 00
[enable]
GR2D_DX9.DLL+6DE3:
db eb
GR2D_DX8.DLL+69C7:
db eb
[disable]
GR2D_DX9.DLL+6DE3:
db 74
GR2D_DX8.DLL+69C7:
db 74
TwMS_v151.2_ICS全職不空揮
//全職不空揮(有怪的地圖才有效!!)
//限定全圖的技能不適用(因為我不會改= =''')
//近戰射擊技能不空揮,魔攻技能空揮不耗MP
[Enable]
alloc(xAttNotLost,1024)
label(xAttNLHA1)
label(xAttNLDA1)
label(xAttNLHA2)
label(xAttNLDA2)
label(xAttNLHB1)
label(xAttNLDB1)
label(xAttNLHB2)
label(xAttNLDB2)
label(xAttNLHB3)
label(xAttNLDB3)
label(xAttNLHC1)
label(xAttNLDC1)
label(xAttNLHC2)
label(xAttNLDC2)
label(xAttNLHC3)
label(xAttNLDC3)
//====
xAttNotLost:
//近戰技能
cmp [esp+6c],0095ee16
je xAttNLHA1
cmp [esp+6c],0095f603
je xAttNLHA2
//射擊技能
cmp [esp+6c],006312d2
je xAttNLHB1
cmp [esp+6c],0094dc79
je xAttNLHB2
cmp [esp+d0],0094dd68
je xAttNLHB3
//魔攻技能
cmp [esp+6c],0095308a
je xAttNLHC1
cmp [esp+6c],00953116
je xAttNLHC2
cmp [esp+d0],00953651
je xAttNLHC3
jmp IntersectRect
//====
xAttNLHA1:
mov [esp+6c],xAttNLDA1
jmp IntersectRect
xAttNLHA2:
mov [esp+6c],xAttNLDA2
jmp IntersectRect
xAttNLHB1:
mov [esp+6c],xAttNLDB1
jmp IntersectRect
xAttNLHB2:
mov [esp+6c],xAttNLDB2
jmp IntersectRect
xAttNLHB3:
mov [esp+d0],xAttNLDB3
jmp IntersectRect
xAttNLHC1:
mov [esp+6c],xAttNLDC1
jmp IntersectRect
xAttNLHC2:
mov [esp+6c],xAttNLDC2
jmp IntersectRect
xAttNLHC3:
mov [esp+d0],xAttNLDC3
jmp IntersectRect
//====
xAttNLDA1:
mov [ebp-00002470],eax
mov eax,[ebp-00002470]
mov [ebp-8c],eax
mov [00ea3020],eax //左右走判斷用
cmp eax,0
je 0095f9dc
jmp 0095f907
xAttNLDA2:
mov [ebp-00002488],eax
mov eax,[ebp-00002488]
mov [ebp-8c],eax
mov [00ea3020],eax //左右走判斷用
cmp eax,0
je 0095f9dc
jmp 0095f615
xAttNLDB1:
//每次改版請自行找空白記憶體
mov [00ea3020],eax //判斷用
jmp 006312d2
xAttNLDB2:
mov [ebp-000019cc],eax
mov eax,[ebp-000019cc]
mov [ebp-000000b0],eax
mov [00ea3020],eax //左右走判斷用
cmp eax,0
je 0094e10d
jmp 0094e14c
xAttNLDB3:
mov [ebp-000019d4],eax
mov eax,[ebp-000019d4]
mov [ebp-000001d4],eax
cmp [00ea3020],0
je 0094e10d
jmp 0094dd7a
xAttNLDC1:
mov [ebp-000020d4],eax
mov eax,[ebp-000020d4]
mov [ebp-000000bc],eax
mov [00ea3020],eax //左右走判斷用
cmp eax,0
je 00954d5e
jmp 00953128
xAttNLDC2:
mov [ebp-000020d8],eax
mov eax,[ebp-000020d8]
mov [ebp-000000bc],eax
mov [00ea3020],eax //左右走判斷用
cmp eax,0
je 00954d5e
jmp 00953128
xAttNLDC3:
mov [ebp-000020f4],eax
mov eax,[ebp-000020f4]
mov [ebp-0000cb4],eax
cmp [00ea3020],0
je 00954d5e
jmp 00953663
//====
00e9c5b8:
dd xAttNotLost
[Disable]
00e9c5b8:
dd IntersectRect
dealloc(xAttNotLost)
TwMS v1.51.瞬間精通無延遲
[ENABLE]
Registersymbol(TeleportMasteryNoDelay)
Registersymbol(FakeTime)
Alloc(TeleportMasteryNoDelay,256)
Alloc(LastTime,4)
Alloc(TimeHook,256)
Alloc(FakeTime,4)
Label(Normal)
Label(First)
Label(SpeedTime)
Label(TimeHook_Ret)
Registersymbol(TpMasterySw)
Alloc(TpMasterySw,4)
CreateThread(TeleportMasteryNoDelay)
//--------------------------------
TeleportMasteryNoDelay:
cmp [TpMasterySw],0
je TeleportMasteryNoDelay
pushad
mov eax,[00e92390] //OK
mov eax,[eax+1C]//OK
sub eax,[LastTime]
//--------------------------------
cmp eax,0000008//DelayTime //練功:32~64 打王:8~16
//--------------------------------
jl Normal
mov eax,[00e8da4c] //OK
mov ebx,[eax+4b9c]//CharPID //OK
mov ebx,[ebx+200]
test ebx,ebx
je Normal
// 8B 86 ?? ?? ?? ?? 85 C0 74 08 83 C0 F4
mov ebx,[00e8da4c] //OK
mov ebx,[ebx+7928] //OK
mov [eax+67ac],ebx
mov ebx,[eax+4b9c]//CharPID //OK
mov ebx,[ebx+200]
test ebx,ebx
je Normal
mov ebx,[00e8da4c] //OK
mov ebx,[ebx+792c] //OK
mov [eax+67b0],ebx
mov [eax+67bc],00000001
//--------------------------------
mov [eax+67c0],0023435F
//01E9F9A2 煉獄
//0023435F 主教
//0021BCBF 冰雷
//0020361F 火毒
//0152266D 龍魔導
//--------------------------------
mov [eax+67A4],00000001
mov eax,[00e92390] //OK
mov eax,[eax+1C]//OK
mov [LastTime],eax
Normal:
popad
jmp TeleportMasteryNoDelay
TimeHook:
cmp [FakeTime],00
je First
cmp [esp],0096830D //OK
je SpeedTime
mov eax,[00e92390] //OK
mov eax,[eax+1C]//OK
ret
First:
mov eax,[00e92390] //OK
mov eax,[eax+1C]//OK
mov [FakeTime],eax
ret
SpeedTime:
add [FakeTime],3E8
mov eax,[FakeTime]
ret
//--------------------------------
00969ECD: //OK
db EB
009BAC79://Block Rush//OK
ret 000C
00993FB1://OK
jmp TimeHook
TimeHook_Ret:
//--------------------------------
[disable]
00969ECD://OK
db 75 17
009BAC79://OK
db FF 74 24 0C
00993FB1://OK
db A1 90 23 e9 00
Unregistersymbol(TeleportMasteryNoDelay)
Unregistersymbol(FakeTime)
Dealloc(TeleportMasteryNoDelay)
Dealloc(LastTime)
Dealloc(TimeHook)
Dealloc(FakeTime)
TwMS v1.52.1_CRC_技能無延遲2
[enable]
registersymbol(SkillNodelay)
alloc(SkillNodelay,128)
registersymbol(Switch)
alloc(Switch,4)
Label(Normal)
Label(Main)
Switch:
dd 1
SkillNodelay:
cmp dword ptr [Switch],00
je Normal
push esi
push 01
mov esi,ecx
cmp [esp+08],01095331
jg Main
jmp 00412CF2
Main:
call 00412caf
mov ecx,[esi+08]
mov eax,[esi+04]
mov edx,00000004
mov [ecx+eax],dl
jmp 00412D04
Normal:
push esi
push 01
mov esi,ecx
jmp 00412CF2
00412CED:
jmp SkillNodelay
[disable]
00412CED:
push esi
push 01
mov esi,ecx
訂閱:
文章 (Atom)