2014年2月28日 星期五

TwMS v1.68.2_ICS_全職業全圖打


TwMS v1.68.2_ICS_移除背景

TwMS v1.68.2_ICS_CS端吸怪

TwMS v1.68.2_ICS_NoSkillAnimation


TwMS v1.68.2_ICS_No Skill Effects (for Nodelay)


TwMS v1.68.2_ICS_黑暗無敵


TwMs v1.68.2_ICS_Nodelay

2014年2月8日 星期六

HS BYPASS for 5.6.28.404 + 新楓之谷多開(167.1可用)

感謝 CCPLZ 論壇的 k8tems 大大釋出此 full HS Bypass for ehsvc 5.6.28.404,請低調使用...

Hello there, now thanks to k8tems of CCPLZ we now have a full HS Bypass, thus allowing the use of multi maple! This does not need an update, providing that HS is not updated!!! This is for version 5.6.28.404 of ehsvc. 

TwMS v1.67.1_ICS_閃爍無敵

//update: foxscripts.blogspot.tw

TwMS v1.67.1_ICS_物品定位

//update: foxscripts.blogspot.tw

2014年2月7日 星期五

HackShield Bypass (EhSvc.dll version 5.6.28.404)



TwMS v1.67.1_Pointer_血魔指標

//update: foxscripts.blogspot.tw

TwMS v1.67.1_ICS_取得血魔經驗

[ENABLE]
//update: foxscripts.blogspot.tw


TwMS v1.67.1_ICS_連撞3號

[Enable]
//update: foxscripts.blogspot.tw


TwMS v1.67.1_ICS_CS端吸怪

[Enable]
//CS端吸怪(全圖打,物落腳下,攻擊不停)

//update: foxscripts.blogspot.tw

TwMS v1.67.1_ICS_全職業全圖打

[Enable]
//update: foxscripts.blogspot.tw


TwMS V1.67.1_Else_月牙鏢

[ENABLE]
015610A0:
db 93 4D 6C 20 6C 62 03 D9 58 70 D9 CD 13 1E A0 8C 25 F5 64 94 95 64 15 86 E9 ED 9E CF 64 05 6C FE 53 9E 15 22

[DISABLE]
015610A0:
db 0A 68 E4 B1 40 23 8F 55 00 70 E9 8D 9E 31 45 6E 8C 29 72 F3 98 6F 19 92

TwMS v1.67.1_ICS_全圖打箱子

[Enable]
Alloc(FullMapBox, 64)
Label(ICSBack)

FullMapBox:
Cmp [Esp], 00C08431
Jne ICSBack
Mov [Esp], 00C08435
Jmp ICSBack

ICSBack:
Jmp IntersectRect

0154CBB0:
DD FullMapBox
[Disable]
0154CBB0:
DD IntersectRect
DeAlloc(FullMapBox)

TwMS v167.1_ICS_Unlimited Attack

[Enable]
Alloc(FuckingTubi, 256)
CreateThread(FuckingTubi)

FuckingTubi:
Push 00
Call Sleep

mov eax,[01532780] //
Test Eax, Eax
Je   FuckingTubi
And  [Eax+00009A58], 00
And  [Eax+00009A68], 00
Jmp  FuckingTubi
[Disable]

TwMS v1.67.1_ICS_穿越地板

[Enable]
Alloc(ICSFall, 512)
Label(PassFloor)

ICSFall:
Cmp [Esp],00CD57F4
Jne 00D90561
Mov [Esp], PassFloor
Jmp 00D90561

PassFloor:
jmp 00CD57F4+28

012D2FB4:
DD ICSFall

[Disable]
012D2FB4:
DD 00D90561

TwMS v1.67.1_CRC_弓箭手三轉致命箭100%

[ENABLE]
007BB791:
JMP 007BB1DA
[DISABLE ]
007BB791:
JAE 007BB1DA

TwMS v1.65.1_ICS_全圖打怪&無延遲

[Enable]
Alloc(NDD, 512)
Label(ND)
Label(NND)
Label(NND1)
Label(NND2)

NDD:
Cmp [Esp+70], 00C2DA63
Je NND
Cmp [Esp+124], 00729568
Je NND1
jmp 005AE62E

NND:
Mov [Esp+6c], ND
Jmp 005AE62E

NND1:
Mov [Esp+124], NND2
Jmp 005AE62E

NND2:
lea edi,[esi+000007DC]
push edi
lea ecx,[esi+000007F4]
Add Esp, 04
push esi
mov esi,ecx
mov eax,[0153e3b8]
mov eax,[eax+00001278] //Map X
push eax
lea ecx,[esi+0c]
call 0042CCFF
mov eax,[0153e3b8]
mov eax,[eax+0000127C]
push eax
mov ecx,esi
call 0042CCFF //55 8b ec 83 ec 0c ff ?? ?? ?? ?? 01 a1
mov eax,esi
pop esi
Jmp 00729568 + 12

ND:
mov [ebp-00002E78],eax
mov eax,[ebp-00002E78]
mov [ebp-000000A0],eax
mov [ebp-68],01
jmp 00c2ec08

0120E950:
dd NDD

[Disable]

0120E950:
DD 005AE62E

TwMS v1.67.1_ICS_全圖打怪&無延遲

[Enable]
Alloc(NDD, 512)
Label(ND)
Label(NND)
Label(NND1)
Label(NND2)

NDD:
//89 85 ? ? ff ff 8b 85 ? ? ff ff 89 85 ? ? ff ff c6 45 ? ? 8b 8d ? ? ff ff e8 ? ? ? ff 8b c8
Cmp [Esp+70], 00C2DE79
Je NND
//8d be ? ? 00 00 57 8d 8e ? ? 00 00 e8 ? ? ? ff 68
Cmp [Esp+124], 00729619
Je NND1
jmp 005AE6B2

NND:
Mov [Esp+6c], ND
Jmp 005AE6B2

NND1:
Mov [Esp+124], NND2
Jmp 005AE6B2

NND2:
lea edi,[esi+000007DC]
push edi
lea ecx,[esi+000007F4]
Add Esp, 04
push esi
mov esi,ecx
mov eax,[01532780]
mov eax,[eax+0000AC84] //Map X
push eax
lea ecx,[esi+0c]
call 0042CCFF
mov eax,[01532780]
mov eax,[eax+0000AC88]
push eax
mov ecx,esi
call 0042CCFF //55 8b ec 83 ec 0c ff ?? ?? ?? ?? 01 a1
mov eax,esi
pop esi
Jmp 00729619 + 12

ND:
//e8 ? ? ? ff 89 85 ? ? ff ff 8b 85 ? ? ff ff 89 85 ? ff ff ff e9
mov [ebp-00002E78],eax
mov eax,[ebp-00002E78]
mov [ebp-000000A0],eax
//cmp dword ptr [ebp-68],00
mov [ebp-68],01
jmp 00c2f297

01210020:
dd NDD

[Disable]
//b9 ? ? ? ? e9 ? ? ? ff 33 c0 c3 33 c0 c3 33 c0 c3 8a ? ? ? 00 00 c3
01210020:
DD 005AE6B2

TwMS v1.66.2_CRC_物品製作&挖礦無延遲

[Enable]
//Bypass Timestamp
00C05493: // 7C ?? 39 9E ?? ?? 00 00 7F 03
db 90 90

//Bypass Slash-limit
00C0549B:
db EB

//Bypass time between mines
00C0FAC5: // 75 0E 57 6A
db 90 90
[Disable]
00C05493:
db 7C 31

00C0549B:
db 7F

00C0FAC5:
db 75 0e

TwMS v1.52.1_CRC_物品製作&挖礦無延遲

[ENABLE]
00984B5E: //Bypass Timestamp
DB 90 90
00984B66: //Bypass Slash-limit
DB EB
0098F69E: //Bypass time between mines
DB 90 90
[DISABLE]
00984B5E: //[00F6C8DC+8290]
DB 7C 41
00984B66: //[00F6C8DC+8294]
DB 7F
0098F69E:
DB 75 0E

TwMS v1.67.1_ICS_全圖吸物+不斷線

[enable]
alloc(ItemVac,256)
label(SetItemXY)
alloc(PickNoDc,64)

PickNoDc:
cmp [esp], 00CD2DA9 // 85 C0 74 ?? 8B 06 5F
jne 00AACEA2 // 55 8B EC 83 EC ?? 53 8B 1D ?? ?? ?? 00 56 8B F1 57
add esp, 04
call 00AACEA2
xor eax,eax
jmp 00CD2DA9

ItemVac:
cmp [esp], 0055AE6E // 85 c0 75 ?? 83 4d fc ff 8d 4d ?? e8 ?? ?? ff ff 83 7d f0 00 0f 85
je SetItemXY
cmp [esp], 00559F1E // 85 C0 74 07 39 5D ?? 75
jne PtInRect
xor eax,eax
inc eax
ret 000c

SetItemXY:
mov eax,[esp+08]
mov [ebx],eax
mov eax,[esp+0C]
mov [ebx+04],eax
xor eax,eax
inc eax
ret 000c

0154cb8c:
dd ItemVac

012B1034:
DD PickNoDc

[disable]
0154cb8c:
dd PtInRect

012B1034:
DD 00AACEA2

dealloc(ItemVac)
dealloc(PickNoDc)

TwMS v1.44_Else_自動登入

[enable]
Registersymbol(xLogin)
Alloc(xLogin,256)
CreateThread(xLogin)
label(Login1)
label(Login11)
label(Login2)
label(xLoginRet)

xLogin:
cmp [00CFCB74],0        //防無數值時會卡住
je xLoginRet
mov eax,[00CFCB74]      //登入畫面Offset
mov eax,[eax+190]
cmp eax,0               //0=帳密登入畫面
je xLoginRet
cmp eax,1               //1=伺服器與頻道登入畫面
je Login1
cmp eax,2               //2=人物登入畫面
je Login2

xLoginRet:
jmp xLogin
ret

Login1:    
mov ebx,[00CFC1AC]        //伺服器
mov [ebx+A0],16         //7=鯨魚號(自訂更改處) 15綠水靈


cmp [00cc87b8],0          //防頻道無數值時會卡住
je Login11
mov ebx,[00CFC1B0]        //頻道
mov [ebx+F8],5          //5=6頻(自訂更改處)
Login11:
jmp xLogin

Login2:    
mov ecx,[00CFCB74]       //人物位置
mov [ecx+1C0],1        //0=第1支人物,1=第2支人物,2=第3支人物(自訂更改處)
ret                    //登入遊戲畫面,跳開,防斷

[disable]

TwMS v1.44_ICS_疾風六合一

[ENABLE]
alloc(Main,1024)

registersymbol(GodMode)
alloc(GodMode,4)
Label(PGod)
Label(OhMyGod)

registersymbol(StupidMons)
alloc(StupidMons,4)
alloc(StupidMons,4)
label(StupidMonster)
label(StupidMonsterMain)

registersymbol(RLCtrlW)
alloc(RLCtrlW,4)
registersymbol(RLCtrlJ)
alloc(RLCtrlJ,4)
label(JumpControl)
label(JumpControlMain)
label(WalkControl)
label(WalkControlMain)
label(JumpRet)
label(WalkRet)

registersymbol(MobNoKB)
alloc(MobNoKB,4)
Label(HookESP)
Label(HookFun)

registersymbol(ItemList)
alloc(ItemList,204800)
Label(HookItem)
Label(HookItemFun)
Label(HookOr1)
Label(HookOr2)
Label(Filter)
Label(Skip)
Label(End)

registersymbol(MobKami)
alloc(MobKami,4)
Label(MobKamiCheck)
Label(MobKamiFun)
//==============
GodMode: //無敵 0關 1開
DD 0
StupidMons: // 笨怪 0關 1開
DD 0
MobNoKB: // 不退怪 0關 1開
DD 0
RLCtrlW: // 走 2右3左 4關
DD 4
RLCtrlJ: // 跳 2右3左 4關
db 4
MobKami: // 怪物順移 0關 1開
DD 0
//==============
ItemList:
//請在以下加入欲過濾名單

//請在以上加入欲過濾名單
DD 00
//==============
00CD9824:
DD Main
//==============
Main:
Cmp  [Esp+1C], 0087E9E2 //e8 ?? ?? ?? ff f6 80 ?? ?? 00 00 02 74 ?? 89
Je PGod //PG無敵
cmp [esp+1c],008D8E52 //33 d2 b9 60 ea 00 00 f7 f1
je StupidMonster //笨怪
cmp [esp+1c],008D9E69 // 6a 03 59 89 47 20 33 d2 f7 f1 c7 47 OK!
je JumpControl //控怪 跳
cmp [esp+1c],008D9A44 // 6a 03 59 89 47 20 33 d2 f7 f1 89 5f OK!
je WalkControl //控怪
CMP DWORD PTR DS:[ESP+34],005DFF0F //83 7d 3c 01 75 ?? 8b cf e8
JE HookESP //怪不擊退
CMP DWORD PTR [ESP+34],005ECEE1 //66 8b 57 04 8b ce e8 ?? ?? ?? ff 98 89
Je MobKamiCheck //怪物順移
CMP DWORD PTR DS:[ESP+64],004DBA27 //8b 45 e4 8b 75 b0
JE HookItem //物品過濾
jmp 006CC237
//==============
PGod:
Mov  [Esp+1C], OhMyGod
Jmp  006CC237

StupidMonster:
mov [esp+1c],StupidMonsterMain
jmp 006CC237

JumpControl:
mov [esp+1c],JumpControlMain
jmp 006CC237

WalkControl:
mov [esp+1c],WalkControlMain
jmp 006CC237

HookESP:
MOV DWORD PTR DS:[ESP+34],HookFun
JMP 006CC237

MobKamiCheck:
Cmp [MobKami],1
Jne 006CC237
Jmp MobKamiFun

HookItem:
MOV DWORD PTR DS:[ESP+64],HookItemFun
JMP 006CC237
//-------------------------
OhMyGod:
Cmp [GodMode],1
Jne 0087E9E2
Mov  Ecx, [Ebp+58]
Test Ecx, Ecx
Je   0087EF57 //81 e1 ?? ?? 00 00 81 c1 ?? ?? ?? ?? 8b c1 8d 8b ?? ?? 00 00 50 e8
And  Ecx, 3
Inc  Ecx
Mov  [Ebp+58], Ecx
Mov  Ecx, [Ebp+4C]
Push 05
Lea  Eax, [Ebp+2C]
Push Eax
Mov  [Ebp+60], 00002710
Jmp  0087EF83 //e8 ?? ?? ?? ff 8b 70 04 8d 4d ?? e8 ?? ?? ?? ff 3b f7 0f 84
//---------------------------
WalkControlMain:
push 03
pop ecx
cmp [RLCtrlW],4
je WalkRet
mov eax,[RLCtrlW]
mov [edi+20],eax
jmp 008D9A4A

WalkRet:
mov [edi+20],eax
jmp 008D9A4A
//---------------------------
JumpControlMain:
push 03
pop ecx
cmp [RLCtrlJ],4
je JumpRet
mov eax,[RLCtrlJ]
mov [edi+20],eax
jmp 008D9E6F

JumpRet:
mov [edi+20],eax
jmp 008D9E6F
//---------------------------
StupidMonsterMain:
cmp [StupidMons],1
jne 008D8E52
xor edx,edx
mov ecx,0000ea60
//div ecx
lea ecx,[esi+000002b8]
//add edx,0002bf20
push edx
call 004263d6
mov ebx,[ebp+0c]
lea edi,[esi+000002a8]
cmp [edi],ebx
je 008D8E85
jmp 008D8E7A
//-------------------------
HookFun:
cmp [MobNoKB],1
jne 005DFF0F
CMP DWORD PTR SS:[EBP+3C],1
jnz 005dff25
mov ecx,edi
call 005cad17
JMP 005DFF21
//-------------------------
MobKamiFun:
push edx
mov eax,[esp+34]
aDD eax,84
mov edx,eax
mov eax,[esp+30]
movsx eax,word ptr [eax+10]
sub edx,eax
mov [esp+10],edx
mov [esp+24],edx
pop edx
jmp 006CC237
//-------------------------
HookItemFun:
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV ESI,DWORD PTR SS:[EBP-50]
MOV BYTE PTR DS:[ESI+1C],AL
CMP EAX,1
JE HookOr1
CMP EAX,2
JE HookOr1
XOR AL,AL
JMP HookOr2
HookOr1:
MOV AL,1
HookOr2:
MOV BYTE PTR DS:[ESI+1D],AL
MOV DWORD PTR DS:[ESI+20],EDI
MOV EDI,DWORD PTR SS:[EBP+8]
MOV ECX,EDI
call 00408871
MOVZX EAX,AL
MOV ECX,EDI
MOV DWORD PTR DS:[ESI+30],EAX
call 004088cd
PUSH ESI
MOV ESI,ItemList

Filter:
CMP EAX,C350
JLE End
CMP DWORD PTR DS:[ESI],0
Je End
CMP DWORD PTR DS:[ESI],EAX
Je Skip
ADD ESI,4
JMP Filter
Skip:
XOR EAX,EAX
End:
POP ESI
MOV ECX,EDI
MOV [ESI+34],EAX
JMP 004DBA62

[DISABLE]
00CD9824:
DD 006CC237

dealloc(Main)
unregistersymbol(GodMode)
dealloc(GodMode,4)
unregistersymbol(StupidMons)
dealloc(StupidMons)
unregistersymbol(MobNoKB)
dealloc(MobNoKB)
unregistersymbol(ItemList)
dealloc(ItemList,204800)
unregistersymbol(MobKami)
dealloc(MobKami)

TwMS v1.46.1_ICS_地雷無延遲+地雷原地掉

[enable]
registersymbol(Landmine01)
alloc(Landmine01,256)
label(MainStart)
label(Fake1)
label(Fake2)

Landmine01:
cmp [esp],00872F85
jne 008EB848
mov [esp],MainStart
jmp 008EB848

MainStart:
test eax,eax
je Fake1
xor ebx,ebx
jmp Fake1

Fake1:
xor edi,edi
cmp [esi+000064C0],edi
jne Fake2
cmp ebx,edi
call 008C64EC
jg 00872FD5
jmp 00872FDB

Fake2:
cmp ebx,[esi+000064C0]
call 008C64EC
sub eax,00000000
jmp 0087304B


00BC7134:
dd Landmine01
[disable]
00BC7134:
dd 008EB848

TwMS v1.44.1_ICS_地雷瞬爆

[ENABLE]
alloc(Chk,256)
label(Bst)

00ba449c:
DD Chk

Chk:
cmp [esp],0086A07C
jne 006ea0b6
jmp Bst

Bst:
push 60
mov eax,00a03696
call 0097b8e9
mov esi,ecx
xor edi,edi
mov [ebp-14],edi
cmp [esi+000001a0],edi
jne 006ea750
mov ecx,[esi+000001a8]
cmp ecx,edi
je Bst+2e
call 00457dfe
mov ecx,esi
call 006e6186
call 008c64ec
add eax,103E8
JMP 006EA0F0


[DISABLE]
00ba449c:
dd 006ea0b6

dealloc(Chk)

TwMS v1.46.1_CRC_快捷鍵水量顯示

[enable]
registersymbol(Main)
alloc(Main,512)
registersymbol(Shift)
alloc(Shift,4)
registersymbol(Ins)
alloc(Ins,4)
registersymbol(Home)
alloc(Home,4)
registersymbol(PageUp)
alloc(PageUp,4)
registersymbol(Ctrl)
alloc(Ctrl,4)
registersymbol(Del)
alloc(Del,4)
registersymbol(End)
alloc(End,4)
registersymbol(PageDown)
alloc(PageDown,4)
registersymbol(Time)
alloc(Time,4)
Label(Return)
Label(Z1)
Label(Z2)
Label(Z3)
Label(Z4)
Label(Z5)
Label(Z6)
Label(Z7)
Label(Z8)

Main:
inc [Time]
cmp [Time],1
je Z1
cmp [Time],2
je Z2
cmp [Time],3
je Z3
cmp [Time],4
je Z4
cmp [Time],5
je Z5
cmp [Time],6
je Z6
cmp [Time],7
je Z7
cmp [Time],8
je Z8
jmp Return


Z1:
mov [Shift],eax
jmp Return

Z2:
mov [Ins],eax
jmp Return

Z3:
mov [Home],eax
jmp Return

Z4:
mov [PageUp],eax
jmp Return

Z5:
mov [Ctrl],eax
jmp Return

Z6:
mov [Del],eax
jmp Return

Z7:
mov [End],eax
jmp Return

Z8:
mov [PageDown],eax
mov [Time],0
jmp Return

Return:
mov [ebx+08],eax
jmp 007E3E35

007E3DAC:
jmp Main
[disable]
007E3DAC:
mov [ebx+08],eax
jmp 007E3E35

TwMS v1.46.1_CRC_說話長度不限

[enable]
004ADC97:
jmp 004ADD25

[disable]
004ADC97:
jng 004ADD25

TwMS v1.47.3_Else_自動按鍵

[Enable]
Alloc(SendBoard, 04)
RegisterSymbol(SendBoard)
alloc(Check,4)
registersymbol(Check)
alloc(SendBoardThread,128)
registersymbol(SendBoardThread)
CreateThread(SendBoardThread)
label(Return)

SendBoard:
dd 00 //EX: Ctrl

SendBoardThread:
PUSH 03 // 延遲豪秒
Call Sleep
Cmp [SendBoard], 00 //開關
Je SendBoardThread
cmp [Check],12c
jge Return
PUSHAD
Mov  Eax, [00dad720]
mov  [Eax+20D4],1
PUSH [SendBoard]
MOV EBX,[00DAD9B4]
MOV ECX,EBX
mov  [Eax+20D4],0
//6A 5C B8 ?? ?? ?? 00 E8 ?? ?? ?? 00 8B F1 8B 4D 08
CALL 008F54E7
inc [Check]
POPAD
JMP SendBoardThread
RETN

Return:
mov [SendBoard],0
mov [Check],0
JMP SendBoardThread
RETN

[Disable]

TwMS v1.46.3_Else_自動換頻

[Enable]
RegisterSymbol(OnOff)
Alloc(OnOff, 04)
Alloc(MyThread, 64)
CreateThread(MyThread)
Label(Change)
Label(ChannelRet)

MyThread:
Push 09
Call dword [00D3E5DC] //Sleep
Cmp [OnOff], 00 //開關
Je MyThread
Push Eax
Mov Eax, [00D35C20]
Cmp [Eax+2C], 00
Pop Eax
Je  MyThread

Pushad
Mov Edx, [00D44F80] //目前頻道
Inc Edx
Cmp Edx, 13 //頻道最大值19
Je ChannelRet
Change:
Mov Eax, [00D3169C]
Mov [Eax+41C], 00000009//可用其他停止攻擊的方法取代
Cmp [Eax+490], 00000000
Jne Change
Xor Eax, Eax
Push Edxx
Mov Ecx, 1647CF1C
Call 004F3837
Popad
Mov [OnOff], 00 //關
Jmp MyThread
Ret

ChannelRet:
And Edx, 00
Jmp Change
[Disable]

TwMS v1.46.3_Else_自動補品

[Enable]
RegisterSymbol(OnOff)
Alloc(OnOff, 04)
RegisterSymbol(UseItem)
Alloc(UseItem, 04)
RegisterSymbol(ItemNumber)
Alloc(ItemNumber, 04)
RegisterSymbol(ItemSpace)
Alloc(ItemSpace, 128)
CreateThread(ItemSpace)

UseItem:
dd 001E8486 //活力藥水

ItemNumber:
dd 6  //背包第六位

ItemSpace:
Push 09
Call dword [00D3E5DC]
Cmp [OnOff],00
Je ItemSpace
pushad
push [UseItem]
push [ItemNumber]
mov ecx,00D42F00
call 00930c04
Popad
Mov [OnOff], 00
Jmp ItemSpace

[Disable]

TwMS v1.46.3_Else_自動點數

[Enable]
RegisterSymbol(OnOff)
Alloc(OnOff, 04)
Alloc(MyThread, 64)
CreateThread(MyThread)

OnOff:
DD 00

MyThread:
Push 500
Call dword ptr [00DBAE7C] //Sleep
Cmp [OnOff], 00 //開關
Je MyThread
Pushad
Push 00000080
//60 str
//80 dex
//100 int
//120 luc
Mov Eax, 00000080
Mov Ebx, 00000000
Mov Ecx, 00DBFA60
Mov Esi, Ecx
Mov Edi, Ebx
Call 0099BFD0
Popad
Mov [OnOff], 00 //開關
Jmp MyThread
Ret
[Disable]

TwMS v1.46.3_CRC_怪物數量低於N不攻擊

[Enable]
RegisterSymbol(StopCount)
Alloc(StopAttack, 32)
Alloc(StopCount, 4)

StopCount:
DD 01 //怪物數量

StopAttack:
mov esi,ecx
Push eax
Mov Eax,[00D35C24] //Pointer
Mov Eax,[Eax+24] //Offest
Sub Eax,01
Cmp Eax,[StopCount]
Pop eax
Jle 00480B5C //無法攻擊
jmp 00480B27

00480B1C:
Jmp StopAttack
[disable]
00480B05:
mov esi,ecx
cmp dword ptr [esi+000020C8],00

DeAlloc(StopCount, 4)
DeAlloc(StopAttack, 32)
UnRegisterSymbol(StopCount)

TwMS v1.46.3_CRC_快速恢復MP 8.5秒

[Enable]
registersymbol(FastRecoverMP)
alloc(FastRecoverMP,128)
registersymbol(MPCounter)
alloc(MPCounter,4)
registersymbol(SetMPCounter)
alloc(SetMPCounter,4)
label(DoNormal)
label(MPCheck)

SetMPCounter:
dd 5 //次數

FastRecoverMP:
cmp [MPCounter],0
je MPCheck
dec [MPCounter]
cmp eax,00000001
jmp 009218CB

MPCheck:
cmp eax,00002710
jna DoNormal
push eax
mov eax,[SetMPCounter]
dec eax
mov [MPCounter],eax
pop eax
jmp DoNormal

DoNormal:
cmp eax,00002710
jmp 009218CB

009218c6:
jmp FastRecoverMP
[Disable]
009218c6:
cmp eax,00002710

dealloc(FastRecoverMP)
dealloc(MPCounter)
dealloc(SetMPCounter)
unregistersymbol(FastRecoverMP)

TwMS v1.46.3_ICS_撿物不斷

[Enable]
alloc(PickNoDc,64)
label(PickNoDcSetItemXY)

00C335B8:
DD PickNoDc

PickNoDc:
cmp [esp],00942BF4
jne 0094F4BA
mov [esp],PickNoDcSetItemXY
jmp 0094F4BA

PickNoDcSetItemXY:
test eax,eax
jmp 00942C02

[Disable]
00C335B8:
DD 0094F4BA

TwMS v1.47.2_ICS_龍捲風無延遲

[ENABLE]

RegisterSymbol(Hook)
Alloc(Hook, 256)
RegisterSymbol(X1)
Alloc(X1, 4)
Label(Ics1)
Label(Ics2)
Label(Ics3)
Label(Ics1Je)
Label(Ics2Move)
Label(Ics3Move)


Hook:
cmp [esp],0042f977
jne 0051A625
mov [esp],Ics1
jmp 0051A625

Ics1:
test eax,eax
je Ics1Je
mov eax,esi
pop esi
cmp [esp],005F7FA8
je Ics2Move
ret

Ics1Je:
xor eax,eax
pop esi
cmp [esp],005F7FA8
je Ics2Move
ret

Ics2Move:
mov [esp],Ics2
ret

Ics2:
mov [ebp-30],eax
test eax,eax
xor eax,eax
call 009d8481
cmp [esp],008B580F
je Ics3
ret

Ics3:
mov [esp],Ics3Move
ret

Ics3Move:
MOV [X1],1
mov eax,[ebp+68]
jmp 008B5832


00BBA208:
dd Hook

[DISABLE]
00BBA208:
dd 0051A625

DeAlloc(Hook)
UnRegisterSymbol(Hook)

TwMS v1.47.2_ICS_龍捲風不消失

[Enable]
Alloc(NoDisappearanceICS, 64)
Label(NoDisappearance)

00C2F4E8:
DD NoDisappearanceICS

NoDisappearanceICS:
Cmp [Esp+40], 008B583A
Jne 008F7512
Mov [Esp+40], NoDisappearance
Jmp 008F7512

NoDisappearance:
test eax,eax
je 008B5854
lea ecx,[ebp-34]
call 0088FE49
push [ebp+6C]
lea ecx,[esi+000043B8]
//call 0089139A
Jmp 008B5854

[Disable]
00C2F4E8:
DD 008F7512
DeAlloc(NoDisappearanceICS)

TwMS v1.47.2_ICS_怪物無反應+定怪

[enable]
RegisterSymbol(NoReaction)
Alloc(NoReaction, 64)
RegisterSymbol(TMDMove)
Alloc(TMDMove, 128)
RegisterSymbol(X1)
Alloc(X1, 4)
Label(NoReactionStart)
Label(Fake1)
Label(Fake2)

NoReaction:
cmp [esp+14],00601A9B
jne  008F7580
mov [esp+14],NoReactionStart
jmp 008F7580

NoReactionStart:
xor edx,edx
jmp 00601AA7

TMDMove:
cmp [esp],0094B8CC
jne 005FA699
add esp,04
call 005FA699
test eax,eax
je Fake1
mov eax,[esi+18]
cmp eax,ebx
je Fake1
lea edi,[eax-04]
jmp Fake2

Fake1:
xor edi,edi
jmp Fake2

Fake2:
cmp edi,ebx
je 0094B8FB
mov ecx,edi
jmp 0094B8E9


00C2F4E4:
dd NoReaction

00BC4A44:
dd TMDMove

[disable]
00C2F4E4:
dd 008F7580

00BC4A44:
dd 005FA699

TwMS v1.47.3_ICS_原地復活

[Enable]
CreateThread(Hook)
Alloc(Hook, 256)
Label(ICSEntry)
Label(Zombie)
Label(ICSRet)

Hook:
Mov Eax, [00AEB098]
Mov [ICSRet], Eax
Mov [00AEB098], Zombie
Ret

Zombie:
Cmp [Esp+14], 004DB792
Jne [ICSRet]
Mov [Esp+14], 008BFCCF
Jmp [ICSRet]

ICSRet:
DD 00
DD 00
Ret
[Disable]

TwMS v1.47.4_ICS_無呼吸馬上換頻

[Enable]
RegisterSymbol(NoBreathToChangeNoDC)
Alloc(NoBreathToChangeNoDC,256)
Label(MainIcs)
Label(FakeAdd1)
Label(Return)
Label(ReturnX)
Label(MainStart)

NoBreathToChangeNoDC:
Cmp [Esp],0042F977
Jne 0051A643
Mov [Esp],MainIcs
Jmp 0051A643

MainIcs:
test eax,eax
je Return
mov eax,esi
pop esi
cmp [esp],004FE28E
jne ReturnX
mov [esp],MainStart
jmp ReturnX

Return:
xor eax,eax
pop esi
cmp [esp],004FE28E
jne ReturnX
mov [esp],MainStart
jmp ReturnX

ReturnX:
ret

MainStart:
cmp eax,edi
je FakeAdd1
test byte ptr [eax+000001bc],10
je FakeAdd1
push edi
push edi
push edi
push edi
push edi
push edi
push ecx
mov eax,esp
mov [ebp+08],esp
push 00000102
jmp 004fe272

FakeAdd1:
push 43
lea ecx,[ebp-1c]
call 00633c5b
push [ebp+08]
lea ecx,[ebp-1c]
mov [ebp-04],edi
call 004127b4
call 0091c804
push ebp  //--
jmp 004FE2CC

00BBA208: // 1/50
DD NoBreathToChangeNoDC

[Disable]
00BBA208:
DD 0051A643

DeAlloc(NoBreathToChangeNoDC)

TwMS v1.47.4_CRC_攻擊模式控制

[ENABLE]
Registersymbol(AtkMode)
Alloc(AtkMode, 04)

AtkMode:
DD 00

006B8B73:
Mov Eax, [AtkMode] //00 上揮  01 下揮  02 砍  03 刺
Nop

[DISABLE]
006B8B73:
DB 8B 45 18 6B C9 06
DeAlloc(AtkMode)
UnRegistersymbol(AtkMode)

TwMS v1.48.1_ICS_另類全圖打

[enable]
alloc(MySetxyHook,128)
label(SetNewxyScript)

MySetxyHook:
cmp [esp+08],0045D470
jne VariantClear
mov [esp+08],SetNewxyScript
jmp VariantClear

SetNewxyScript:
pop ecx
mov [ebx+000003F8],edi
lea eax,[ebp+00]
push eax
lea ecx,[ebx+000022BC]
push 0045D488
push esi
push edi
mov edi,[esp+0C]
Mov esi, [00E05D1C]
Mov esi, [esi+0028]
Mov esi, [esi+0004]
Mov esi, [esi+0130]
Mov esi, [esi+0024]
Mov esi, [esi+0058]
mov [edi],esi
mov [esp+0C],esi
push [edi]
mov esi,ecx
lea ecx,[esi+0C]
call 00426C55
Mov ecx, [00E05D1C]
Mov ecx, [ecx+0028]
Mov ecx, [ecx+0004]
Mov ecx, [ecx+0130]
Mov ecx, [ecx+0024]
Mov ecx, [ecx+005c]
mov [edi+04],ecx
push 004314A9
ret

00B2728C:
dd MySetxyHook

[DISABLE]
00B2728C:
dd VariantClear

TwMS v1.48.1_ICS_CSMouseFly

[Enable]
registersymbol(CSX)
alloc(CSX,1024)
registersymbol(CSXon)
alloc(CSXon,4)
registersymbol(Ics_CSX)
alloc(Ics_CSX,128)
label(HookCSX)
label(CSXReturnX)
label(CSXReturnY)
Label(MouserX)
Label(MouserY)


CSXon: //0關 1滑鼠移動
dd 1
Ics_CSX:
push ebp
mov ebp,esp
push ebx
push esi
mov esi,[ebp+08]
xor ebx,ebx
push edi
cmp [esi+14],ebx
je HookCSX
jmp 00975DD6 //8B 46 14 3B C3 75 0A 68 03 40

HookCSX:
mov ecx,[00e06250]  //更新
call 00975da1  //更新
mov [ebp+08],eax
fild dword ptr [ebp+08]
mov edi,[ebp+0c]
fdiv qword ptr [00bfc338]  //更新
fstp qword ptr [ebp+34]
cmp edi,ebx
je 00975e54  //更新
fld qword ptr [esi+3c]
push ecx
fsub qword ptr [esi+1c]
push ecx
fmul qword ptr [ebp+34]
fadd qword ptr [esi+1c]
fstp qword ptr [esp]
call 004e8cee   //更新
pop ecx
pop ecx
jmp CSX


CSXReturnX:
mov [edi],eax
mov edi,[ebp+10]
jmp 00975E57 //AOB-1-3b fb   dd 46 44

CSXReturnY:
Mov [Edi], Eax
Mov Edi, [Ebp+14]
Cmp Edi, Ebx
Jmp 00975E7A //AOB-1+23

CSX:
Cmp [CSXon], 1
Je MouserX
jmp CSXReturnX


MouserX:
       Push    Eax
       Mov     Eax, [00e016dc]  //Char PID 8b 0d     8d 45  50 8d 45  50 e8
       Mov     Eax, [Eax+22f4]  //6A FF FF B6 ?? ?? ?? ?? 8B CE E8
       Cmp     Esi, Eax
       Pop     Eax
       Jne     CSXReturnX
       Push    Eax
       Mov     Eax, [00e0624c]  //滑鼠點擊 8b 0d ?? ?? ?? ?? 57 e8 ?? ?? ?? ?? 8d 45
       Mov     Eax, [Eax+978]
       Mov     Eax, [Eax+84]  //X-8C
       Mov     [Edi], Eax
       Pop     Eax
       Mov     Edi, [Ebp+10]
       //Cmp     Edi, Ebx
       Je      MouserY
       Jmp     CSXReturnX+5
MouserY:
       Push    Eax
       Mov     Eax, [00e016dc]  //Char PID
       Mov     Eax, [Eax+22f4]
       Cmp     Esi, Eax
       Pop     Eax
       Jne     CSXReturnY
       Push    Eax
       Mov     Eax, [00e0624c]  //滑鼠點擊
       Mov     Eax, [Eax+978]
       Mov     Eax, [Eax+88]  //Y
       //Jmp     CSXReturnY
       Mov     [Edi], Eax
       Pop     Eax
       Mov     Edi,[Ebp+14]
       Jmp     CSXReturnY+5


00C7B7F8:
DD Ics_CSX

[Disable]

00C7B7F8:
DD 00975DC6  //55 8B EC 53 56 8B 75 08 33 DB //aob-1
unregistersymbol(CSX)
dealloc(CSX)

TwMS v1.48.1_ICS_SSMouseFly

[Enable]
Alloc(KamiVacICS, 512)
Alloc(MobXY, 08)
Label(KamiVac)
Label(Kami)

KamiVacICS:
Cmp [Esp+3C], 00929FCA
Jne 00927EC5
Mov [Esp+3C], KamiVac
Jmp 00927EC5

KamiVac:
mov ecx,ebx
Call Kami
Jmp 00929FD1

Kami:
push ebp
mov ebp,esp
sub esp,1C
push ebx
push esi
push edi
mov esi,ecx
call 0094CEF2
mov [ebp-10],eax
lea eax,[ebp-1C]
lea ecx,[esi+0000234C]
push eax
call 00431874

Mov Eax, [00E0624C]
Cmp [Eax+09C8], 0C
Jne 00925AFF
Mov Eax, [00E0624C]
Mov Eax, [Eax+0978]
Mov Ebx, [Eax+008C]
Mov Eax, [Eax+0090]
Mov Ecx, [00E016DC]
Mov [Ecx+5E78], Ebx
Mov [Ecx+5E7C], Eax
xor ebx,ebx
Jmp 00925840

00C7775C:
DD KamiVacICS
[Disable]
00C7775C:
DD 00927EC5
DeAlloc(KamiVacICS)

TwMs v1.48.1_ICS_吸飛怪

// AoB: 89 45 10 DB 45 10 DC 56 28 DF E0 F6
[Enable]
Alloc(FlyMobVac, 512)
Label(My97A22D)
Label(My97A3EA)

FlyMobVac:
push ebp
mov ebp,esp
sub esp,0C
push ebx
push esi
mov esi,ecx
cmp dword ptr [esi+000002A8],03
push edi
mov edi,[00E05C78]
JE My97A22D
mov eax,[esi+000002A8]
cmp eax,04
jne My97A3EA
lea ecx,[edi+1C]
fild dword ptr [ecx]
Mov Ebx, [00E098B0]
Mov Edx, [Ebx+0F90]
Mov Ebx, [Ebx+0F94]
Add Edx, 40
Mov [Ecx], Edx
Mov [Ecx+04], Ebx
Mov [Ecx+08], Edx
Mov [Ecx+0C], Ebx
Push 0097A324
Ret
My97A22D:
Push 0097A22D
Ret
My97A3EA:
Push 0097A3EA
Ret

00C7AFF4:
DD FlyMobVac
[Disable]
00C7AFF4:
DD 0097A20F
DeAlloc(FlyMobVac)

TwMS v1.49.2_ICS_角色ID隱藏

[Enable]
Alloc(NoNameICS, 64)
NoNameICS:
Cmp [Esp], 008E9C9A
Jne 004A2D39
Mov [Esp], 008E9CA9 //33 c0 53 50 8b ce
Jmp 004A2D39
00C7E2E4:
DD NoNameICS
[Disable]
00C7E2E4:
DD 004A2D39
DeAlloc(NoNameICS)

TwMS v1.49.2_ICS_終極攻擊100%

[enable]
registersymbol(UltimateIcs)
alloc(UltimateIcs,512)
label(Ultimate)

UltimateIcs:
cmp [esp+24],008efa0e
jne 0072937b
mov [esp+24],Ultimate
jmp 0072937b

Ultimate:
push 65
pop ecx
xor edx,edx
div ecx
push [ebp-18]
mov ecx,[ebp-08]
mov [ebp-1c],edx
call 006d8c54
mov ecx,eax
call 006af9e1
cmp [ebp-1c],eax
jmp 008efa3d

00df0624:
dd UltimateIcs

[disable]
00df0624:
dd 0072937b

TwMS v1.49.2_MSCRCBypass

//TwMS v149.2_MSCRCBypass
[Enable]
Alloc(MSCRCBypass, 512)
Alloc(FakeDump, 10047488)
Label(BackToMS)
Label(MSCRCCrack)
Label(BackToCrack)
Label(MSmemcpy)
Label(StartHook)
Label(Title)
Label(SuccessMsg)
CreateThread(MSmemcpy)

MSCRCBypass:
Cmp  Ecx, 00401000
Jnge BackToMS
Cmp  Ecx, 00B2B000
Jnl  BackToMS
Sub  Ecx, 00401000
Add  Ecx, FakeDump
BackToMS:
Xor  Edx,Edx
Mov  Ebx,[Ebp+08]
Push 00A2C3AF+5
Ret

MSCRCCrack:
Cmp  Edx, 00401000
Jnge BackToCrack
Cmp  Edx, 00B2B000
Jnl  BackToCrack
Sub  Edx, 00401000
Add  Edx, FakeDump
BackToCrack:
Push [Edx]
Push 00EFACB5
Ret

MSmemcpy:
cld
        mov  edi, FakeDump
        mov  esi, 00401000
        mov  ecx, 00265400
        repe movsd

StartHook:
Mov  Eax, 00A2C3AF //33 d2 8b 5d 08 8a 11
        lea  ebx, [eax+05] //The Target Address - The Next Address
        sub  ebx, MSCRCBypass
        neg  ebx
        mov  byte ptr [eax], e9 //jmp
mov  [eax+01], ebx //Target AOB

Mov  Eax, 00F05239 //e9 ?? ?? ff ff ff 32 e9 ?? ?? ff ff +5
        lea  ebx, [eax+05] //The Target Address - The Next Address
        sub  ebx, MSCRCCrack
        neg  ebx
        mov  byte ptr [eax], e9 //jmp
        mov  [eax+01], ebx //Target AOB

        push  40 //MB_ICONINFORMATION
        push  Title
        push  SuccessMsg
        push  00
        call  MessageBoxA
        ret

Title:
        db      'MSCRC Bypass' 00
SuccessMsg:
        db      'Anti-MSCRC-Check Init Successfully!' 00
[Disable]

TwMS v1.47.2_ICS_封包無敵

[ENABLE]
registersymbol(PacketFix)
alloc(PacketFix,512)
registersymbol(x1)
alloc(x1,20)

PacketFix:
push eax
mov eax,[esp+8]
mov [x1],eax     //
mov eax,[eax+8]
mov [x1+4],eax
pop eax
push ebp
mov ebp,esp
push ff
jmp 004965D7


004965D2:
jmp PacketFix

[DISABLE]
004965D2:
push ebp
mov ebp,esp
push ff

dealloc(PacketFix)
unregistersymbol(PacketFix)

TwMS v1.59.2_ICS_技能連跳+不耗魔

[Enable]
GlobalAlloc(UltimateJmp, 64)
GlobalAlloc(JmpRow, 04)

UltimateJmp:
Cmp [JmpRow], 01
DB 75 11
Cmp [Esp+0C], 00AE6072
DB 75 07
Mov [Ebp-60], 00AE6096
Mov Ecx, [004385DF]
jmp 0042B967
JmpRow:
DB 01

[Disable]
JmpRow:
DD 00

2014年2月6日 星期四

TwMS v1.51.1_CRC_MultiBypass

[Enable]
//Hackshield 0x206 Bypass
Alloc(MultiMS, 64)

MultiMS:
Mov Ecx, 004A3DBE
mov [ebp-000002A4],ecx
Jmp 00A4A1AC

00A4A1A6:
Jmp MultiMS

[Disable]
00A4A1A6:

DB 89 8D 5C FD FF FF
DeAlloc(MultiMS)

TwMS v1.50.2_ICS_死亡逃獄

[ENABLE]
Alloc(LoseHP, 256)
Alloc(Hook,64)

LoseHP:
pushad
mov ecx,[00E1847C]
push 01
push 01
push 00
push 00
push 00
push 00
push 00
push 00
push 00
push #01 // 單次扣血量
call 00921C61
popad
ret

Hook:
cmp [esp],0088EF6F
jne PtInRect
call LoseHP
jmp PtInRect

00E25E64:
dd Hook
[DISABLE]

TwMS v1.50.2_ICS_超級定怪

[Enable]
Alloc(HookEsp, 128)
Label(ICSRet)

HookEsp:
Cmp [Esp],0097B4A8 //85 C0 74 ?? FF 74 24 ?? 8B 06 FF 74 24 ?? 8B CE
Jne ICSRet
Push 0097B4BF //33 C0 33 D2 5E C2 ?? ?? 56 57
Pop [Esp]

ICSRet:
Push 0097B4C7 //56 57 6A ?? 8D 71 ?? 8D 79 ?? 59
Ret

00C8DA20:
DD HookEsp

[Disable]
00C8DA20: //[5/10]
DD 0097B4C7
DeAlloc(HookEsp)

TwMS_v1.50.2_ICS_MobSkillIgnore

[enable]
Alloc(MobSkillHook,32)

00DFCA4C:
DD MobSkillHook

MobSkillHook:
cmp [esp+3C],00607E4B
jne 0072C5C5
mov [esp+3C],00607E8D
jmp 0072C5C5

[disable]
00DFCA4C:
DD 0072C5C5

DeAlloc(MobSkillHook)

TwMS v1.50.2_ICS_部分技能最大值

[Enable]
Alloc(ICSHook, 512)
Label(SkillMax)
registersymbol(Updatebingfeng)
Alloc(Updatebingfeng, 4)

ICSHook:
Cmp [Esp], 008eebda
Jne OffsetRect
Mov [Esp], SkillMax
Jmp OffsetRect

SkillMax:
push ebx
push ebx
mov [ebp+5C],ebx
lea eax,[ebp+5C]
push ebx
cmp [ebp+6B],bl
jne 008EEBE8
pop ebx
pop ebx
pop ebx
mov ecx,[00e1cabc]
pushad
push 00
push 00
push 00
push 00
push 00
push 00
push 00
push 01
push eax
lea eax,[ebp+24]
push eax
call 00615e25
inc [Updatebingfeng]
popad
cmp dword ptr [Updatebingfeng],20
jnge SkillMax
mov [Updatebingfeng],00000000
mov eax,[ebp+5C]
mov [ebp+60],eax
cmp [ebp+60],ebx
je 008eec61
mov eax,[ebp+60]
mov ecx,[eax+000001a0]
cmp [eax+0000033c],ebx
jne 008eec4f
mov ecx,eax
call 006093fe
mov eax,[ebp+60]
cmp [eax+00000428],ebx
je 008EEC63
mov [ebp+60],ebx
mov eax,[ebp+60]
cmp eax,ebx
je 008eec61
mov eax,[eax+0000019c]
jmp 008eec63

Updatebingfeng:
DD 00
Ret

00E25E34:
DD ICSHook

[Disable]
00E25E34:
DD OffsetRect
DeAlloc(ICSHook)

TwMS v1.50.2_ICS_CSMobVac

[Enable]
Alloc(CSMobVac, 512)
Label(FakeJmp1)

CSMobVac:
Push Ebp
Mov Ebp,Esp
Push Ebx
Push Esi
Mov Esi,[Ebp+08]
Xor Ebx,Ebx
Push Edi
Cmp [Esi+14],Ebx
JNE 0097F20E
mov ecx,[00e1cff0]
call 0097f1d9
mov [ebp+08],eax
fild dword ptr [ebp+08]
mov edi,[ebp+0c]
fdiv qword ptr [00c0dc60]
fstp qword ptr [ebp+34]
cmp edi,ebx
je FakeJmp1
fld qword ptr [esi+3c]
push ecx
fsub qword ptr [esi+1c]
push ecx
fmul qword ptr [ebp+34]
fadd qword ptr [esi+1c]
fstp qword ptr [esp]
call 004ea7d0
pop ecx
pop ecx
Mov Eax, [00E20700]
Mov Eax, [Eax+0F98]
mov [edi],eax
jmp FakeJmp1

FakeJmp1:
mov edi,[ebp+10]
cmp edi,ebx
je 0097f2ad
fld qword ptr [esi+44]
push ecx
fsub qword ptr [esi+24]
push ecx
fmul qword ptr [ebp+34]
fadd qword ptr [esi+24]
fstp qword ptr [esp]
call 004ea7d0
pop ecx
pop ecx
Mov Eax, [00E20700]
Mov Eax, [Eax+0F9C]
Jmp 0097F2AB

00c8d9c8: // 5/10 CSMobVac
DD CSMobVac
[Disable]
00c8d9c8:
DD 0097f1fe // 55 8b ec 53 56 8b 75 08 33 db

DeAlloc(CSMobVac)

TwMS v1.50.2_ICS_仿007走入模式

[ENABLE]
registersymbol(MyAuto)
alloc(MyAuto,1024)
registersymbol(MyAutoLR)
alloc(MyAutoLR,1024)
registersymbol(MyAutoLRNo007)
alloc(MyAutoLRNo007,1024)
registersymbol(MyAutoLRKeyLR)
alloc(MyAutoLRKeyLR,4)
registersymbol(MyAutoLRKeyLRVal)
alloc(MyAutoLRKeyLRVal,4)
registersymbol(AutoLRMob)
alloc(AutoLRMob,4)
registersymbol(tick)
alloc(tick,4)
registersymbol(delay)
alloc(delay,4)
registersymbol(nextGo)
alloc(nextGo,4)
registersymbol(step)
alloc(step,4)
registersymbol(AutoLRPeopleX)
alloc(AutoLRPeopleX,4)
Label(MyAutoLR00)
Label(MyAutoLR01)
Label(MyAutoLR02)
Label(test1)
Label(test2)
Label(SetLR)
Label(back)
Label(back2)
Label(Set01)
Label(Set02)
Label(Cmp1)
Label(Cmp2)

//-----------------------------------------------
AutoLRPeopleX:
DD 0  // 定點X
AutoLRMob:
DD 0  //1.007 2.左右
MyAutoLRKeyLR:
DD 0f
step:
DD 1
delay:
DD 1388
//-----------------------------------------------

MyAuto:
cmp [esp], 009895ec //3b c7 0f 85 ?? ?? 00 00 8b 0d ?? ?? ?? 00
jne GetFocus
cmp [AutoLRMob],0
je GetFocus
cmp [AutoLRMob],1
je Cmp1
cmp [AutoLRMob],2
je Cmp2
jmp GetFocus

Cmp1:
mov [esp],MyAutoLR
jmp GetFocus

Cmp2:
mov [esp],MyAutoLRNo007
jmp GetFocus

MyAutoLRNo007:
pushad
Inc [MyAutoLRKeyLRVal]
Mov Eax, [MyAutoLRKeyLR]
Cmp Eax, [MyAutoLRKeyLRVal]
Jge MyAutoLR02
Add Eax, [MyAutoLRKeyLR]
Cmp Eax, [MyAutoLRKeyLRVal]
Jge MyAutoLR01
Mov [MyAutoLRKeyLRVal], 1
Jmp MyAutoLR02


MyAutoLR:
cmp [step], 0
je MyAutoLR00
cmp [step], 2
jle back
push eax
call 00956312 //A1 ?? ?? ?? 00 8B 40 1C C3
sub eax,[delay]
cmp eax,[nextGo]
pop eax
jbe MyAutoLR00
push eax
call 00956312
Add eax, [delay]
mov [nextGo], eax
pop eax
jmp SetLR


SetLR:
cmp [step],3
je Set02
cmp [step],4
je Set01

Set01:
mov [step],1
jmp back

Set02:
mov [step],2
jmp back

back:
pushad
mov eax,[00E1847C]
mov eax,[eax+49c]
cmp eax,FA0
jg back2
popad
cmp [step],1
je test1
cmp [step],2
je test2
jmp MyAutoLR00

back2:
popad
jmp MyAutoLR00

test1:
pushad
mov ebx,[AutoLRPeopleX]
add ebx,43
mov eax,[00E20700]
mov eax,[eax+0f98]
cmp ebx,eax
jge MyAutoLR01
mov [step],3
jmp MyAutoLR02


test2:
pushad
mov ebx,[AutoLRPeopleX]
sub ebx,3E
mov eax,[00E20700]
mov eax,[eax+0f98]
cmp ebx,eax
jle MyAutoLR02
mov [step],4
jmp MyAutoLR01


MyAutoLR01:
popad
mov [ebp-04],1
jmp MyAutoLR00

MyAutoLR02:
popad
mov [ebp-04],ffffffff
jmp MyAutoLR00


MyAutoLR00:
jmp 009898bf

00e25ec0:
DD MyAuto

[DISABLE]
00e25ec0:
DD GetFocus

unregistersymbol(AwesomeMan)
dealloc(AwesomeMan)
unregistersymbol(MyAutoLR)
dealloc(MyAutoLR)

TwMS v1.50.2_ICS_惡魔直接狼頭

[Enable]
alloc(DFMODE,512)
registersymbol(DFMODE)
Label(FakeCall1)
Label(FakeCall2)
Label(RealCall1)
Label(RealCall2)
Label(HookFun1)
Label(HookFun2)
//-------------------
DFMODE:
//-------------------
FakeCall1:
CMP [ESP+0C],009419A4
JNE RealCall1
MOV [ESP+0C],HookFun1
//-------------------
RealCall1:
JMP 00521B03
//-------------------
HookFun1:
lea ecx,[eax+1a8]
call 0046735e
push eax
call 00549a8d
pop ecx
test eax,eax
mov ecx,[ebp+50]
push ebx
call 004e7a3c
test eax,eax
mov eax,[esi]
mov ecx,esi
call dword ptr [eax+50]
push eax
call 0046aa44
pop ecx
test eax,eax
push ebx
call 008c44d4
pop ecx
mov eax,[esi+3e8]
push eax
call 0045ef17
push [esi+3ec]
mov [ebp+48],eax
call 0045ef17
pop ecx
pop ecx
mov ecx,[00e181d8]
mov [ebp+10],eax
lea eax,[ebp+58]
push eax
CMP EBX,1D905C4
JNZ 00941A0F
PUSH 1D909B0
JMP 00941A10
//-------------------
FakeCall2:
CMP [ESP],00944BBE
JNE RealCall2
MOV [ESP],HookFun2
//-------------------
RealCall2:
JMP 008F9CC7
//-------------------
HookFun2:
push eax
call 0049E09A
pop ecx
MOV EaX,[EBP+14]
mov ecx,[00E181D8]
push ebx
push ebx
push ebx
lea eax,[ebp+6c]
push eax
CMP [EBP+68],1D905C4
JNZ 00944C5C
PUSH 1D909B0
JMP 00944C5F
//-------------------
00C0F6E0:
DD FakeCall1
//-------------------
00C8A1A4:
DD FakeCall2
//-------------------
[Disable]
00C0F6E0:
DD 00521B03
//-------------------
00C8A1A4:
DD 008F9CC7
//-------------------
dealloc(DFMODE)
unregistersymbol(DFMODE)

TwMS v1.50.2_ICS_程式控怪+跳怪掉落

[ENABLE]
Alloc(JumpMobFall, 512)
Alloc(MobLR, 512)
RegisterSymbol(MobGoX)
Alloc(MobGoX, 4)
RegisterSymbol(JumpDown)
Alloc(JumpDown, 4)
RegisterSymbol(CtrlMob)
Alloc(CtrlMob, 4)
RegisterSymbol(PeopleMobX)
Alloc(PeopleMobX, 4)
Label(ControlMob)
Label(Back)
Label(GoLeft)
Label(GoRight)
Label(GoMe)
Label(GoMe_R)
Label(GoMe_L)
Label(GoPoint)
Label(GoX)
Label(GetX)

PeopleMobX:
DD 0

JumpDown:
DD   0 // 跳怪掉落開關

CtrlMob:
DD   0 // 控怪開關,0關1左2右3跟隨4取點5定點

MobLR:
Push Ebp
Mov  Ebp, Esp
Sub  Esp, 20
Mov  Eax, [Ebp+08]
Push Ebx
Push Esi
mov esi,[00e1ca18]
Mov  Ebx, Ecx
Push Edi
//-----------------------------------
Cmp  [Ebx+000002A8], 01
Je   ControlMob
Cmp  [Ebx+000002A8], 03
Je   ControlMob
Jmp  Back

ControlMob:
Cmp  [CtrlMob], 00
Je   Back
Cmp  [CtrlMob], 01
Je   GoLeft
Cmp  [CtrlMob], 02
Je   GoRight
Cmp  [CtrlMob], 05
Je   GoX
Mov  Edi, [00E20700]
Mov  Edi, [Edi+f98]
Cmp  [CtrlMob], 04
Je   GetX
Cmp  [CtrlMob], 03
Je   GoMe
Jmp  Back

GoMe:
Push Edi
Mov  Edi, [00e1847c]
Mov  Edi, [Edi+047C]
And  Edi, 01
Test Edi, Edi
Je   GoMe_R
Jne  GoMe_L
Pop  Edi
Jmp  Back

GoMe_R:
Pop  Edi
Add  Edi, 64
Jmp  GoPoint

GoMe_L:
Pop  Edi
Sub  Edi, 64
Jmp  GoPoint

GoPoint:
Cmp  [Ebx+000006A4], Edi
Jl   GoRight
Jg   GoLeft
Jmp  Back

GetX:
Mov  Edi,[PeopleMobX]  //定點X
Mov  [MobGoX], Edi
Mov  [CtrlMob], 05
Jmp  GoX

GoX:
Mov  Edi, [MobGoX]
Sub  Edi, 2
Cmp  [Ebx+000006A4], Edi
Jl   GoRight
Add  Edi, 4
Cmp  [Ebx+000006A4], Edi
Jg   GoLeft
Mov  [Ebx+000002A8], 06
Jmp  GoMe

GoRight:
Mov  [Ebx+00000000EC], 00000004
Mov  [Ebx+00000000FC], 00000001
Jmp  Back

GoLeft:
Mov  [Ebx+00000000EC], 00000005
Mov  [Ebx+00000000FC], FFFFFFFF
Jmp  Back
//-----------------------------------
Back:
Jmp  00984679

JumpMobFall:
Cmp  [JumpDown], 0
Je   00983647
Push Ebp
Mov  Ebp, Esp
Sub  Esp, 0C
Push Ebx
Push Esi
Mov  Esi, Ecx
Cmp  dword ptr [Esi+000002A8], 03
Push Edi
mov edi,[00e1ca18]
Jmp 00983748

00C837A0:
DD MobLR

00C837A4:
DD JumpMobFall

[DISABLE]
00c8d9f8:
DD 00984665 //0097de6c //55 8B EC 83 EC 20 8B 45 08 53 56 8B 35

00c8d9fc:
DD 00983647 //0097CE4E //55 8b ec 83 ec 0c 53 56 8b f1 83 be ?? ?? 00

Dealloc(JumpMobFall)
Dealloc(MobLR)
Dealloc(CtrlMob)
Dealloc(MobGoX)
Dealloc(JumpDown)
UnregisterSymbol(CtrlMob)
UnregisterSymbol(MobGoX)
UnregisterSymbol(JumpDown)

TwMS v1.50.2_ICS_進戰不揮(弓)空.砲筒無延遲

[Enable]
Alloc(NoEmptyAtkICS, 512)
Alloc(Updatebingfeng, 4)

Alloc(SkillMaxSw, 4)
Alloc(NoEmptyAtkSw, 4)

Label(NoEmptyAtkICSMain)
Label(SkillMaxMain)
Label(SkillMaxMainI)

SkillMaxSw:
dd 0 //砲筒無延遲

NoEmptyAtkSw:
dd 0 //進戰不揮空


NoEmptyAtkICS:
//[1/2]
//0f b6 85 ?? ?? ff ff 85 c0 74 2f 6a 00 6a 00 6a 00 6a 01 6a 00
Cmp  [Esp], 00925ff9
Je  NoEmptyAtkICSMain
Cmp  [Esp], 008eebda
Je  SkillMaxMain
jmp OffsetRect

SkillMaxMain:
cmp [SkillMaxSw],0
je OffsetRect
Add  Esp, 4
Call OffsetRect
jmp SkillMaxMainI

SkillMaxMainI:
push ebx
push ebx
mov [ebp+5C],ebx
lea eax,[ebp+5C]
push ebx
cmp [ebp+6B],bl
jne 008EEBE8
pop ebx
pop ebx
pop ebx
mov ecx,[00e1cabc]
pushad
push 00
push 00
push 00
push 00
push 00
push 00
push 00
push 01
push eax
lea eax,[ebp+24]
push eax
call 00615e25
inc [Updatebingfeng]
popad
cmp dword ptr [Updatebingfeng],20
jnge SkillMaxMainI
mov [Updatebingfeng],00000000
mov eax,[ebp+5C]
mov [ebp+60],eax
cmp [ebp+60],ebx
je 008eec61
mov eax,[ebp+60]
mov ecx,[eax+000001a0]
cmp [eax+0000033c],ebx
jne 008eec4f
mov ecx,eax
call 006093fe
mov eax,[ebp+60]
cmp [eax+00000428],ebx
je 008EEC63
mov [ebp+60],ebx
mov eax,[ebp+60]
cmp eax,ebx
je 008eec61
mov eax,[eax+0000019c]
jmp 008eec63


NoEmptyAtkICSMain:
cmp [NoEmptyAtkSw],0
je OffsetRect
Add  Esp, 4
Call OffsetRect
movzx eax,byte ptr [ebp-00000131]
test eax,eax
push [ebp-000001c8]
push 00
push 00
push 00
push 00
push 00
push 00
push [ebp-000001a8]
lea eax,[ebp-000001a4]
push eax
lea eax,[ebp-78]
push eax
call 004380b4
mov ecx,eax
call 00615e25
mov [ebp-000021cc],eax
mov eax,[ebp-000021cc]
mov [ebp-00000088],eax
Jmp 00926087

00e25e34:
DD NoEmptyAtkICS
[Disable]
00e25e34:
DD OffsetRect
DeAlloc(NoEmptyAtkICS)

TwMS v1.50.2_ICS_熱鍵技能不漏放

[ENABLE]
registersymbol(xHookHotKey)
alloc(xHookHotKey,128)
registersymbol(xHotKey)
alloc(xHotKey,512)
label(xHotKey1)
label(xHotKey2)
label(xHotKey3)
label(xHotKey4)
label(xHotKey5)
label(xNormal)
//==========11組的空間 16*11
alloc(xKey_Skill,176)
alloc(xSkill_Set,4)
alloc(xSkill_Cnt,4)
alloc(xSkill_Run,4)
alloc(xJustDo1,4)
alloc(xJustDo2,4)
alloc(xJustDo3,4)
//==========可修改偵測組數
xSkill_Cnt:
dd 4
//==========不可修改
xSkill_Set:
dd 0
xSkill_Run:
dd 0
xJustDo1:
dd 00000000
xJustDo2:
dd 0
xJustDo3:
dd 0
//==========
xHookHotKey:
  cmp [esp],00500419
//81 ? ? ? ? ? 10 27 00 00
  jne ImmGetContext
  mov [esp],xHotKey
  jmp ImmGetContext

xHotKey:
  test eax,eax
  je xHotKey1
  lea ecx,[esi+00007498]
  call 0042259E
  je 0050043D
  jmp xNormal
xHotKey1:
  pushad
  cmp [xSkill_Cnt],1
  jl xNormal
  cmp [xSkill_Set],1  //是否設熱鍵
  je xHotKey2
  //==========
  //PgUp  01490000    //1864
  //PgDown 01510000    //1894
  //Insert 01520000    //184c
  //Delete 01530000    //187c
  //Home  01470000    //1858
  //End    014f0000    //1888
  //==============鍵盤按鍵代碼
  //00020000 =1 鍵盤列往右+1 2 = 00030000
  //00100000 =q 鍵盤列往右+1 w = 00110000
  //001e0000 =a 鍵盤列往右+1 s = 001f0000
  //002c0000 =z 鍵盤列往右+1 x = 002d0000
  //====讀取熱鍵設定
  mov ecx,0  //第1組
  imul eax,ecx,10
  mov [xKey_Skill+eax+00],01470000  //魔心
  mov [xKey_Skill+eax+04],00004e20  //600秒
  mov [xKey_Skill+eax+08],0000012c  //延遲時間
  mov [xKey_Skill+eax+0c],00000000  //下次施放時間
  //====
  inc ecx  //第2組
  imul eax,ecx,10
  mov [xKey_Skill+eax+00],01490000  //天祝
  mov [xKey_Skill+eax+04],00004e20  //240秒
  mov [xKey_Skill+eax+08],000003e8  //延遲時間
  mov [xKey_Skill+eax+0c],00000000  //下次施放時間
  //====
  inc ecx  //第3組
  imul eax,ecx,10
  mov [xKey_Skill+eax+00],01520000  //神聖之光
  mov [xKey_Skill+eax+04],00004e20  //240秒
  mov [xKey_Skill+eax+08],000003e8  //延遲時間
  mov [xKey_Skill+eax+0c],00000000  //下次施放時間
  //====要增加熱鍵請複製下列這組
  inc ecx  //第4組
  imul eax,ecx,10
  mov [xKey_Skill+eax+00],014f0000  //祈禱
  mov [xKey_Skill+eax+04],00004e20  //120秒
  mov [xKey_Skill+eax+08],000007d0  //延遲時間
  mov [xKey_Skill+eax+0c],00000000  //下次施放時間
  //====
  xor edi,edi
  xor ebx,ebx
  xor edx,edx
  mov [xSkill_Set],1  //已設好
xHotKey2:
  mov eax,[00E1CFF0]
  mov eax,[eax+1c]
  cmp eax,[xSkill_Run]  //是否過了延遲時間
  jl  xHotKey4
  sub eax,7d0  //提前2秒檢測(最長延遲2秒)
  mov edi,0
xHotKey3:
  cmp edi,[xSkill_Cnt]
  jge xNormal
  imul ecx,edi,10
  mov ebx,[xKey_Skill+ecx+0c]
  cmp ebx,0
  je xHotKey5
  cmp eax,ebx
  jge xHotKey5
  inc edi
  jmp xHotKey3
xHotKey4:
  cmp [xJustDo2],0
  je xNormal
  call clock
  mov [xJustDo2],0
  cmp eax,[xJustDo3]
  jg xNormal
  mov  [xJustDo2],1
  mov eax,[xJustDo1]
  mov [ebp+0c],eax
  jmp xNormal
xHotKey5:
  //====強制變更按鍵
  mov ebx,[xKey_Skill+ecx+00]
  mov [ebp+0c],ebx
  mov [xJustDo1],ebx
  mov [xJustDo2],1
  mov eax,[00E1CFF0]
  mov eax,[eax+1c]
  mov [xJustDo3],eax
  mov edx,[xKey_Skill+ecx+04]
  add eax,edx
  mov [xKey_Skill+ecx+0c],eax
  sub eax,edx
  mov edx,[xKey_Skill+ecx+08]
  add eax,edx
  mov [xSkill_Run],eax
  xor eax,eax
  mov eax,[xJustDo3]
  add eax,a
  mov [xJustDo3],eax
  jmp xNormal

xNormal:
  popad
  push [ebp+0C]
  mov ecx,[00E1847C]
  push [ebp+08]
  jmp 00500438

00E25FD4:
DD xHookHotKey

[DISABLE]
00E25FD4:
DD ImmGetContext
//===========
dealloc(xHookHotKey)
unregistersymbol(xHookHotKey)
dealloc(xHotKey)
unregistersymbol(xHotKey)

TwMS v1.50.2_ICS_疾風N合1

[ENABLE]
RegisterSymbol(Main)
Alloc(Main, 4096)
RegisterSymbol(Time)
Alloc(Time, 4)
RegisterSymbol(MissTime)
Alloc(MissTime, 4)
RegisterSymbol(MissTimeCmp)
Alloc(MissTimeCmp, 4)
RegisterSymbol(MobJump)
Alloc(MobJump, 4)
RegisterSymbol(MobFastSwitch)
Alloc(MobFastSwitch, 4)
RegisterSymbol(MobBack)
Alloc(MobBack, 4)
RegisterSymbol(NoHurtSwitch)
Alloc(NoHurtSwitch, 4)
RegisterSymbol(ItemClean)
Alloc(ItemClean, 4)
RegisterSymbol(ItemID)
Alloc(ItemID, 4)
Label(Nohurt)
Label(NohurtMain)
Label(NohurtMainI)
Label(NohurtMainII)
Label(StupidMonster)
Label(StupidMonsterMain)
Label(MobNoJump)
Label(MobNoJumpMain)
//------
registersymbol(CheckESP)
alloc(CheckESP,512)
registersymbol(ItemList)
alloc(ItemList,204800)
Label(HookItem)
Label(HookItemFun)
Label(HookOr1)
Label(HookOr2)
Label(Filter)
Label(Skip)
Label(End)
Label(Return)
//------
Label(HookESP)
Label(HookFun)
//--------
Label(MobFast)
Label(MobFastMain)
Label(MobFastMainI)
//--------
RegisterSymbol(UltimateSwitch)
Alloc(UltimateSwitch, 4)
label(Ultimate)
label(UltimateMain)
//==============
NoHurtSwitch:
DD 1 //無敵

UltimateSwitch:
dd 1 //終極攻擊

MobJump:
dd 1 //跳怪跳控制

MobFastSwitch:
dd 0 //怪物移動加速

MobBack:
dd 0 //怪物不退

ItemClean:
dd 0 //物品過路

Time:
DD FFFF1D70 //無敵58秒

MissTime:
DD 5 //迴避次數


ItemList:
dd 00

Main:
Cmp [Esp+24], 00922C4C //E8 ?? ?? ?? FF F6 80 ?? ?? ?? 00 02 74 ?? 89
Je Nohurt
Cmp [Esp+24], 00982F03 //6A 05 33 D2 59 F7 F1 85 D2
Je MobNoJump
Cmp [Esp+24], 00981B64 //33 D2 B9 60 EA 00 00 F7 F1
Je StupidMonster
Cmp [Esp+6C], 004EEFDC //8B 45 E4 8B 75 B0
Je HookItem
Cmp [Esp+3C], 00610723 //83 7D 3C 01 75 11
JE HookESP
cmp [esp+3c], 006226E1 //85 C0 0F ?? ?? ?? ?? ?? 8B 7E ?? 80 3F
je MobFast
cmp [esp+24], 008f5e8a //6a 65 59 33 d2 f7 f1
je Ultimate
Jmp 0072C5C5
//==============
Nohurt:
Mov [Esp+24], NohurtMain
Jmp 0072C5C5

StupidMonster:
Mov [Esp+24], StupidMonsterMain
Jmp 0072C5C5

MobNoJump:
Mov [Esp+24], MobNoJumpMain
Jmp 0072C5C5

HookItem:
Mov [Esp+6C],HookItemFun
JMP 0072C5C5

HookESP:
Mov [ESP+3C],HookFun
JMP 0072C5C5

Ultimate:
cmp [UltimateSwitch],0
je 0072C5C5
Mov [esp+24],UltimateMain
JMP 0072C5C5

MobFast:
cmp [MobFastSwitch],0
je 0072C5C5
mov [esp+3c],MobFastMain
jmp 0072C5C5

//-------------------------
UltimateMain:
push 65
pop ecx
xor edx,edx
div ecx
push [ebp-18]
mov ecx,[ebp-08]
mov [ebp-1c],edx
call 006dbcd8
mov ecx,eax
call 006b2a76
cmp [ebp-1c],eax
jmp 008f5eb9
//-------------------------
MobFastMain:
test eax,eax
jng 0062287E //8D 4E ?? E8 ?? ?? ?? ?? 33 D2
mov edi,[esi+30]
cmp byte ptr [edi],03
jne MobFastMainI
jmp 006226F1

MobFastMainI:
lea eax,[ebp-20]
push eax
lea eax,[ebp-18]
push eax
lea eax,[ebp-08]
push eax
lea eax,[ebp-10]
push eax
movsx eax,word ptr [edi+10]
push eax
mov ecx,esi
Mov eax,64  //移動速度
JMP 00622764
//-------------------------
HookFun:
cmp [MobBack],1
jne 00610723 //83 7D ?? ?? 75 ?? 8B 4D ?? E8 ?? ?? ?? ?? 39 45
CMP DWORD PTR SS:[EBP+3C],1
jne 0061073A
mov ecx,[ebp-18]
call 005FD5D9 //55 8B EC 51 56 8B F1 8B 0D ?? ?? ?? ?? 57 85 C9
jmp 00610736 //33 D2 EB ?? 8B 55
//-------------------------
StupidMonsterMain:
Xor  Edx, Edx
Mov  Ecx, 0000ea60
Lea  Ecx, [Esi+000002c0]
Jmp  00981B79 //52 E8 ?? ?? ?? ?? 8B 5D ?? 8D BE
//-------------------------
MobNoJumpMain:
Push 05
Xor  edx,edx
Pop  ecx
Div  ecx
Test edx,edx
Cmp  [MobJump], 1
Je   00982F17 //8B CF C7 86 ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? 33 D2
Cmp  [MobJump], 2
Je   00982F0E // Mov  Ecx, Esi
Jmp  00982F0A // Test Edx, Edx
//-------------------------
NohurtMain:
cmp [NoHurtSwitch],0
je NohurtMainII
call 0042FDB1 //56 8B 35 ?? ?? ?? ?? 85 F6 74 15
Mov  Eax, [Ebp+58]
Shr  Eax, 2 // 損血量 * 0.75倍
Sub  [Ebp+58], Eax
Mov  Eax, [Time]
Mov  Ecx, [MissTime]
Cmp  [MissTimeCmp], Ecx
Jge   NohurtMainI
Mov  [Ebp+58],0
Mov  [Ebp+5C],0
Mov  [Ebp+60],0
Inc  [MissTimeCmp]
Jmp  009231A9
//8D 8B ?? ?? 00 00 50 E8 ?? ?? ?? FF E9 ?? ?? ?? 00 6A 05
//==============
NohurtMainI:
Mov  [Ebp+5C],0
Mov  [Ebp+60],0
Mov  [MissTimeCmp], 0
Jmp  009231A9 //8D 8B ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? E9 ?? ?? ?? ?? 6A
//==============
NohurtMainII:
Mov  [Ebp+5C],0
Mov  [Ebp+60],0
call 0042FDB1 //56 8B 35 ?? ?? ?? ?? 85 F6 74 15 8D 4E
Mov  Eax, fffffa24
Jmp  009231A9
//-------------------------
HookItemFun:
MOV EAX,DWORD PTR SS:[EBP-1C]
MOV ESI,DWORD PTR SS:[EBP-50]
cmp [ItemClean],0
je Return
MOV BYTE PTR DS:[ESI+1C],AL
CMP EAX,1
JE HookOr1
CMP EAX,2
JE HookOr1
XOR AL,AL
JMP HookOr2

HookOr1:
MOV AL,1

HookOr2:
MOV BYTE PTR DS:[ESI+1D],AL
MOV DWORD PTR DS:[ESI+20],EDI
MOV EDI,DWORD PTR SS:[EBP+8]
MOV ECX,EDI
call 00408B13
MOVZX EAX,AL
MOV ECX,EDI
MOV DWORD PTR DS:[ESI+30],EAX
call 00408B6F
PUSH ESI
MOV ESI,ItemList

Filter:
mov [ItemID],eax
CMP EAX,C350
JLE End
CMP DWORD PTR DS:[ESI],0
Je End
CMP DWORD PTR DS:[ESI],EAX
Je Skip
ADD ESI,4
JMP Filter

Skip:
XOR EAX,EAX

End:
POP ESI
MOV ECX,EDI
MOV [ESI+34],EAX
JMP 004EF017

Return:
MOV BYTE PTR DS:[ESI+1C],AL
cmp eax,01
jmp 004EEFE8
//-------------------------
00DFCA4C:
dd Main
[DISABLE]
00DFCA4C:
DD 0072C5C5
//-------------------------
DeAlloc(Main)
UnRegisterSymbol(Main)
DeAlloc(Time)
UnRegisterSymbol(Time)
DeAlloc(MissTime)
UnRegisterSymbol(MissTime)
DeAlloc(MissTimeCmp)
UnRegisterSymbol(MissTimeCmp)

TwMS v1.51.2_CRC_技能無延遲2

[enable]
registersymbol(SkillNodelay)
alloc(SkillNodelay,128)
registersymbol(Switch)
alloc(Switch,4)
Label(Normal)
Label(Main)

Switch:
dd 1

SkillNodelay:
cmp dword ptr [Switch],00
je Normal
push esi
push 01
mov esi,ecx
cmp [esp+08],00f1f376
je Main
cmp [esp+08],00fcd1a1
je Main
cmp [esp+08],01095331
je Main
jmp 00412B44

Main:
call 00412B01
mov ecx,[esi+08]
mov eax,[esi+04]
mov edx,00000004
mov [ecx+eax],dl
jmp 00412B56

Normal:
push esi
push 01
mov esi,ecx
jmp 00412B44


00412B3F:
jmp SkillNodelay
[disable]
00412B3F:
push esi
push 01
mov esi,ecx

TwMS v1.51.2_CRC_技能無延遲1

[ENABLE]
Registersymbol(T)
Alloc(T, 4)
Registersymbol(THREE)
Alloc(THREE, 128)
Label(stop)
registersymbol(R2)
alloc(R2,1024)
registersymbol(R2KEY)
alloc(R2KEY,4)
label(R200)
Label(change)
//-----------------------------------------------
R2KEY:
DD 0
//-----------------------------------------------
THREE:
push eax
mov eax,[00e92390]   //004C0169
mov eax,[eax+1c]
cmp eax,[T]
pop eax
jl stop
jmp R2
R2:
push eax
mov eax,[00e8da4c]  //ok
cmp [eax+4b8],ffffffff
pop eax
jne change
cmp [R2KEY],2
jg R200
mov edi,ffffffff
push eax
mov eax,[00e8da4c]  //ok
mov [eax+4b0],0
pop eax
push eax
mov eax,[00e8da4c]   //ok
mov [eax+4b6],FFFF0000
mov [eax+4b7],FFFFFF00
mov [eax+4b8],ffffffff
mov [eax+4b9],00FFFFFF
mov [eax+4bb],FF
pop eax
push eax
mov eax,[00e92390]   //004C0169
mov eax,[eax+1c]
mov [T],eax
pop eax
add [T],960
jmp stop
//-----------------------------------------------
R200:
mov [R2KEY],0
push [ebp+0c]
lea ecx,[esi+94]
mov eax,[ecx]
jmp 0090F4BA
//-----------------------------------------------
change:
add [R2KEY],1
jmp stop

stop:
push [ebp+0c]
lea ecx,[esi+94]
mov eax,[ecx]
jmp 0090F4BA
0090F4AF:
jmp R2
[DISABLE]
008D65F5:
push [ebp+0c]
lea ecx,[esi+00000094]

Unregistersymbol(T)
dealloc(T)
Unregistersymbol(THREE)
dealloc(THREE)
dealloc(R2)
unregistersymbol(R2)
dealloc(R2KEY)
unregistersymbol(R2KEY)

TwMS ALL_CRC_黑頻

//Aob: 74 ?? 8d 45 0c 50 e8 ?? ?? ?? ?? 8B 00
[enable]
GR2D_DX9.DLL+6DE3:
db eb
GR2D_DX8.DLL+69C7:
db eb
[disable]
GR2D_DX9.DLL+6DE3:
db 74
GR2D_DX8.DLL+69C7:
db 74

TwMS_v151.2_ICS全職不空揮

//全職不空揮(有怪的地圖才有效!!)
//限定全圖的技能不適用(因為我不會改= =''')
//近戰射擊技能不空揮,魔攻技能空揮不耗MP
[Enable]
alloc(xAttNotLost,1024)
label(xAttNLHA1)
label(xAttNLDA1)
label(xAttNLHA2)
label(xAttNLDA2)
label(xAttNLHB1)
label(xAttNLDB1)
label(xAttNLHB2)
label(xAttNLDB2)
label(xAttNLHB3)
label(xAttNLDB3)
label(xAttNLHC1)
label(xAttNLDC1)
label(xAttNLHC2)
label(xAttNLDC2)
label(xAttNLHC3)
label(xAttNLDC3)
//====
xAttNotLost:
  //近戰技能
  cmp [esp+6c],0095ee16
  je xAttNLHA1
  cmp [esp+6c],0095f603
  je xAttNLHA2
  //射擊技能
  cmp [esp+6c],006312d2
  je xAttNLHB1
  cmp [esp+6c],0094dc79
  je xAttNLHB2
  cmp [esp+d0],0094dd68
  je xAttNLHB3
  //魔攻技能
  cmp [esp+6c],0095308a
  je xAttNLHC1
  cmp [esp+6c],00953116
  je xAttNLHC2
  cmp [esp+d0],00953651
  je xAttNLHC3
  jmp IntersectRect
//====
xAttNLHA1:
  mov [esp+6c],xAttNLDA1
  jmp IntersectRect
xAttNLHA2:
  mov [esp+6c],xAttNLDA2
  jmp IntersectRect
xAttNLHB1:
  mov [esp+6c],xAttNLDB1
  jmp IntersectRect
xAttNLHB2:
  mov [esp+6c],xAttNLDB2
  jmp IntersectRect
xAttNLHB3:
  mov [esp+d0],xAttNLDB3
  jmp IntersectRect
xAttNLHC1:
  mov [esp+6c],xAttNLDC1
  jmp IntersectRect
xAttNLHC2:
  mov [esp+6c],xAttNLDC2
  jmp IntersectRect
xAttNLHC3:
  mov [esp+d0],xAttNLDC3
  jmp IntersectRect
//====
xAttNLDA1:
  mov [ebp-00002470],eax
  mov eax,[ebp-00002470]
  mov [ebp-8c],eax
  mov [00ea3020],eax  //左右走判斷用
  cmp eax,0
  je 0095f9dc
  jmp 0095f907

xAttNLDA2:
  mov [ebp-00002488],eax
  mov eax,[ebp-00002488]
  mov [ebp-8c],eax
  mov [00ea3020],eax  //左右走判斷用
  cmp eax,0
  je 0095f9dc
  jmp 0095f615

xAttNLDB1:
  //每次改版請自行找空白記憶體
  mov [00ea3020],eax  //判斷用
  jmp 006312d2

xAttNLDB2:
  mov [ebp-000019cc],eax
  mov eax,[ebp-000019cc]
  mov [ebp-000000b0],eax
  mov [00ea3020],eax  //左右走判斷用
  cmp eax,0
  je 0094e10d
  jmp 0094e14c

xAttNLDB3:
  mov [ebp-000019d4],eax
  mov eax,[ebp-000019d4]
  mov [ebp-000001d4],eax
  cmp [00ea3020],0
  je 0094e10d
  jmp 0094dd7a

xAttNLDC1:
  mov [ebp-000020d4],eax
  mov eax,[ebp-000020d4]
  mov [ebp-000000bc],eax
  mov [00ea3020],eax  //左右走判斷用
  cmp eax,0
  je 00954d5e
  jmp 00953128

xAttNLDC2:
  mov [ebp-000020d8],eax
  mov eax,[ebp-000020d8]
  mov [ebp-000000bc],eax
  mov [00ea3020],eax  //左右走判斷用
  cmp eax,0
  je 00954d5e
  jmp 00953128

xAttNLDC3:
  mov [ebp-000020f4],eax
  mov eax,[ebp-000020f4]
  mov [ebp-0000cb4],eax
  cmp [00ea3020],0
  je 00954d5e
  jmp 00953663
//====
00e9c5b8:
dd xAttNotLost

[Disable]
00e9c5b8:
dd IntersectRect
dealloc(xAttNotLost)

TwMS v1.51.瞬間精通無延遲

[ENABLE]
Registersymbol(TeleportMasteryNoDelay)
Registersymbol(FakeTime)

Alloc(TeleportMasteryNoDelay,256)
Alloc(LastTime,4)
Alloc(TimeHook,256)
Alloc(FakeTime,4)

Label(Normal)
Label(First)
Label(SpeedTime)
Label(TimeHook_Ret)

Registersymbol(TpMasterySw)
Alloc(TpMasterySw,4)

CreateThread(TeleportMasteryNoDelay)
//--------------------------------
TeleportMasteryNoDelay:
cmp [TpMasterySw],0
je TeleportMasteryNoDelay
pushad
mov eax,[00e92390]  //OK
mov eax,[eax+1C]//OK
sub eax,[LastTime]
//--------------------------------
cmp eax,0000008//DelayTime         //練功:32~64 打王:8~16
//--------------------------------
jl Normal
mov eax,[00e8da4c] //OK
mov ebx,[eax+4b9c]//CharPID //OK
mov ebx,[ebx+200]
test ebx,ebx
je Normal
// 8B 86 ?? ?? ?? ?? 85 C0 74 08 83 C0 F4
mov ebx,[00e8da4c] //OK
mov ebx,[ebx+7928] //OK
mov [eax+67ac],ebx
mov ebx,[eax+4b9c]//CharPID //OK
mov ebx,[ebx+200]
test ebx,ebx
je Normal
mov ebx,[00e8da4c] //OK
mov ebx,[ebx+792c] //OK
mov [eax+67b0],ebx
mov [eax+67bc],00000001
//--------------------------------
mov [eax+67c0],0023435F
//01E9F9A2 煉獄
//0023435F 主教
//0021BCBF 冰雷
//0020361F 火毒
//0152266D 龍魔導
//--------------------------------
mov [eax+67A4],00000001
mov eax,[00e92390]  //OK
mov eax,[eax+1C]//OK
mov [LastTime],eax

Normal:
popad
jmp TeleportMasteryNoDelay

TimeHook:
cmp [FakeTime],00
je First
cmp [esp],0096830D //OK
je SpeedTime
mov eax,[00e92390]  //OK
mov eax,[eax+1C]//OK
ret

First:
mov eax,[00e92390]  //OK
mov eax,[eax+1C]//OK
mov [FakeTime],eax
ret


SpeedTime:
add [FakeTime],3E8
mov eax,[FakeTime]
ret
//--------------------------------
00969ECD:  //OK
db EB

009BAC79://Block Rush//OK
ret 000C

00993FB1://OK
jmp TimeHook

TimeHook_Ret:

//--------------------------------
[disable]
00969ECD://OK
db 75 17

009BAC79://OK
db FF 74 24 0C

00993FB1://OK
db A1 90 23 e9 00
Unregistersymbol(TeleportMasteryNoDelay)
Unregistersymbol(FakeTime)
Dealloc(TeleportMasteryNoDelay)
Dealloc(LastTime)
Dealloc(TimeHook)
Dealloc(FakeTime)

TwMS v1.52.1_CRC_技能無延遲2

[enable]
registersymbol(SkillNodelay)
alloc(SkillNodelay,128)
registersymbol(Switch)
alloc(Switch,4)
Label(Normal)
Label(Main)

Switch:
dd 1

SkillNodelay:
cmp dword ptr [Switch],00
je Normal
push esi
push 01
mov esi,ecx
cmp [esp+08],01095331
jg Main
jmp 00412CF2

Main:
call 00412caf
mov ecx,[esi+08]
mov eax,[esi+04]
mov edx,00000004
mov [ecx+eax],dl
jmp 00412D04

Normal:
push esi
push 01
mov esi,ecx
jmp 00412CF2


00412CED:
jmp SkillNodelay
[disable]
00412CED:
push esi
push 01
mov esi,ecx