[GMSv171.3] Cheat Engine Scripts

[>NORBIN*[%]...]

I'll be posting all the current CE scripts I can share right here. Please note; I did not write ANY of these. I have simply updated them for use with the most current MapleStory version. If you need help with anything/have any questions feel free to shoot me a PM and I'll gladly help to the best of my ability. Happy hacking folks.

YOU WILL NEED A BYPASS FOR NGS (Maples anti-hack) IN ORDER TO USE MOST OF THESE SCRIPTS.

58 Second God Mode

Code:

// Updated by NORBIN 171.3
[Enable]
alloc(GodmodeHook,512)
label(Exit)
label(Exit2)
registersymbol(GodmodeDelay)
alloc(GodmodeDelay,4)
alloc(NextHit,4)
label(CUserLocal::SetDamaged)
label(GodmodeHookRet)
registersymbol(CUserLocal::SetDamaged)
label(get_update_time)
registersymbol(get_update_time)




GodmodeDelay:
dd AFC8 //set your time delay here in HEX




NextHit:
dd 0


//6A FF 68 ?? ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 81 EC ?? ?? ?? ?? 53 55 56 57 A1 ?? ?? ?? ?? 33 C4 50 8D 84 24 ?? ?? ?? ?? 64 A3 ?? ?? ?? ?? 8B E9 83 BC 24 ?? ?? ?? ?? ??
016B45A0:
CUserLocal::SetDamaged:
jmp GodmodeHook
nop
nop
GodmodeHookRet:


//A1 ?? ?? ?? ?? 8B 40 ?? C3 CC CC CC CC CC CC CC A1 ?? ?? ?? ?? 83 EC ?? 85 C0 0F 84 ?? ?? ?? ?? 8D 48 ??
01744320:
get_update_time:




GodmodeHook:
call get_update_time
cmp eax,[NextHit]
jbe Exit
call get_update_time
add eax,[GodmodeDelay]
mov [NextHit],eax
jmp Exit2




Exit:
ret 002C




Exit2:
push -01
push 01B83978
jmp GodmodeHookRet




[Disable]
CUserLocal::SetDamaged:
db 6A FF 68 78 39 B8 01




unregistersymbol(GodmodeDelay)
dealloc(GodmodeDelay)
dealloc(NextHit)
dealloc(GodmodeHook)
unregistersymbol(CUserLocal::SetDamaged)
unregistersymbol(get_update_time)

Full God Mode

Code:

// Updated by NORBIN 171.3
[ENABLE]
016CCE35: // Physical (Body Pressure Skill)
db 0F 84

00B86F50: // Magical
db C2 04 00 90 90

[DISABLE]
016CCE35: // 0F 85 ? ? 00 00 8B 86 ? ? 00 00 83 ? ? 83 ? ? 0F [Last Green Result]
db 0F 85

00B86F50: // FUNCTION START (55/push ebp): 33 FF 39 BE ? ? ? ? 75 ? 8B 8E
db 55 8D 6C 24 90

Instant Air Loot

Code:

// Updated by NORBIN 171.3
[ENABLE]
00733206:
db 90 90

0073320C:
db 90 90

00733219:
db 90 90

[DISABLE]
00733206: // 74 ? 83 ? ? ? 75 ? 8B CB
db 74 77

0073320C: // jne below
db 75 71

00733219: // jnge below
db 7C 64

Aggro

Code:

// Updated by NORBIN 171.3
[ENABLE]
alloc(Aggro,128)


Aggro:
mov eax,[020C0CDC] //Char Base 8B 3D ? ? ? ? 8B 40
lea eax,[eax+04]
mov [ecx+408+08],eax //Aggro offset 83 ? ? ? ? ? ? 0F 85 ? ? ? ? 8B ? ? 8B ? ? 8D ? ? FF D0 [Offset+0x08]
push ebp
mov ebp,esp
and esp,-40
jmp 017C9400+6 //Return to func 55 8B EC 83 E4 ?? 6A ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC ?? 53 56 57 A1 ?? ?? ?? ?? 33 C4 50 8D 44 24 ?? 64 A3 ?? ?? ?? ?? 8B F1 8B 4D ?? 8B 06


017C9400:
jmp Aggro
nop


[DISABLE]
017C9400:
push ebp
mov ebp,esp
and esp,-40


dealloc(Aggro)

Blaze Wizard FMA (Full Map Attack)

Code:

// Updated by NORBIN 171.3
[ENABLE]
alloc(find_hit_mob_in_rect_hook,128)
alloc(try_doing_blazewiz_attack_hook,128)
label(try_doing_blazewiz_attack_return)
alloc(set_mob_pos,4)
registersymbol(set_mob_pos)

set_mob_pos:
dd 00000000

try_doing_blazewiz_attack_hook:
mov [set_mob_pos],00000001
call 016C5480 // Original Call
mov [set_mob_pos],00000000
jmp try_doing_blazewiz_attack_return

find_hit_mob_in_rect_hook:
mov eax,[020C5508] // CWvsPhysicalSpace2D: A1 ? ? ? ? 8B 50 ? 83 C0
lea eax,[eax+0C] // Left Wall Offset
mov [esp+04],eax
jmp 00B8DEB0 // Original call (CMobPool::FindHitMobInRect)

0091675E:
jmp try_doing_blazewiz_attack_hook
try_doing_blazewiz_attack_return:

00909AA9:
call find_hit_mob_in_rect_hook

[DISABLE]
0091675E: // 8B 0D ? ? ? ? ? E8 ? ? ? ? 8B 4E ? 8B [Third Result & Call below]
call 016C5480

00909AA9: // E8 ? ? ? ? 8B ? 89 ? ? ? 85 ? 0F 8E [First Result]
call 00B8DEB0

unregistersymbol(set_mob_pos)
dealloc(set_mob_pos)
dealloc(try_doing_blazewiz_attack_hook)
dealloc(find_hit_mob_in_rect_hook)

Block Pierre Hats/Vellum Rocks

Code:

// Updated by NORBIN 171.3
[ENABLE]
alloc(BlockRecvHook,256)
label(RecvCheckLoop)
label(BlockRecv)
label(End)

alloc(RecvList,512)

//Hook address: 008078D0
//8B ? 24 ? 3D ? ? ? ? 0F 8F ? ? ? ? 0F 84 ? ? ? ? 8D

BlockRecvHook:
mov eax,[esp+04] 
and eax,0FFFF
push edx
mov edx,RecvList

RecvCheckLoop:
cmp eax,[edx]
je BlockRecv
cmp [edx],00
je End
add edx,04
jmp RecvCheckLoop

BlockRecv:
xor eax,eax

End:
pop edx
cmp eax,000003E4 
jmp 008079A9

RecvList:
dd 01D4 
dd 00 

01D3E654: 
dd BlockRecvHook

[DISABLE]
01D3E654: 
dd 008079A0 

dealloc(BlockRecv)
dealloc(RecvList)

CPU Hack

Code:

// Updated by NORBIN 171.3
[ENABLE]
00AF527C: // CWvsPhysicalSpace2D::Load
db 90 90 90 90 90

00AF5285: // CMapLoadable::RestoreTile
db 90 90 90 90 90

00AF528E: // CMapLoadable::RestoreBack
db 90 90 90 90 90

00AF5295: // CMapLoadable::RestoreWeather
db 90 90 90 90 90

00B7FB50: // No mob reaction, hitmarks or damage
retn 60

[DISABLE]
00AF527C: // FF 15 ? ? ? ? 8B CF E8 ? ? ? ? 6A 01
call 00AE1A20

00AF5285:
call 00AF4730

00AF528E:
call 00AEBB10

00AF5295:
call 00ADF430

00B7FB50: // FUNCTION START (push -01): 8B 80 ? ? ? ? 3B ? ? ? 75
push -01
push 01A42F88

Mob Freeze

Code:

// Updated by NORBIN 171.3
[Enable]
00B8B30F: // 2nd result // 0F ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 52 8D ?? ?? ? ?? ?? 50 E8 ?? ?? ?? ?? 83 ?? ?? 3B ?? 7E ??
db 90 E9
[Disable]
00B8B30F:
db 0F 85

Generic Full Map Attack

Code:

// Updated by NORBIN 171.3
[enable]
alloc(hook,128)
label(return)
label(return_true)

0058D2D0: //8B 54 24 ?? 8b 42 ?? 55 56 8B 74 24 ??
db 90 90
jmp hook
return:

hook:
cmp [esp],00B8E2CD // 8B 9C 24 ?? 00 00 00 83 C4 0C 85 C0 75 0F 81 FB ?? ?? ?? ?? 75 7F 83 7C [First Result]
je return_true 
mov edx,[esp+08]
mov eax,[edx+0C]
jmp return

return_true:
mov eax,00000001
ret

[disable]
0058D2D0:
mov edx,[esp+08]
mov eax,[edx+0C]

Random HWID

Code:

// Updated by NORBIN 171.3
[ENABLE]
00A52750://6A FF 68 ?? ?? ?? 01 64 A1 00 00 00 00 50 B8 B0 2E 00 00 E8 ?? ?? ?? 00 A1
db C2 04 00


0194CF00://81 EC B8 09 00 00 33 C0 53 89 44 24 09 56 89 44 24 11 89 4C 24 08 89 44 24 15 57 66 89 44 24 1D B9 10 00 00 00 8D 7C 24 28 8D 54 24 28 F3 AB 8D 4C 24 6C 52 C6 44 24 14
retn

[DISABLE]
00A52750:
db 6A FF 68

0194CF00:
db 81

Item Filter

Code:

// Updated by NORBIN 171.3
[ENABLE]
alloc(ItemFilter,256)
alloc(ItemList,2048)
alloc(Mesos,4)
alloc(Mode,4)
label(Return)
label(End)
label(FilterMesos)
label(RejectOrAccept)
label(AcceptFilter)
label(RejectFilter)
label(Ignore)

Mesos:
dd #10 // Minimum meso

Mode:
dd #0 // 0 = Accept, 1 = reject

ItemList:
dd #4000999 // Spell Trace
dd #4001832
dd #2070006 // Spell Trace
dd 00 // End of list

ItemFilter:
push edx
mov edx,[Mesos]
cmp eax,edx
jle FilterMesos
mov edx,ItemList
jmp RejectOrAccept

FilterMesos:
mov [esi+44],0
jmp End

RejectOrAccept:
cmp byte ptr [Mode],0
je AcceptFilter
cmp byte ptr [Mode],1
je RejectFilter

AcceptFilter:
cmp eax,[edx]
je End
cmp dword ptr [edx],0
je Ignore
add edx,4
jmp AcceptFilter

RejectFilter:
cmp eax,[edx]
je Ignore
cmp dword ptr [edx],0
je End
add edx,4
jmp RejectFilter

Ignore:
cmp eax,#60000 // Added this code otherwise mesos is dropped but not shown in accept mode
jle End
mov eax,0

End:
pop edx
mov ecx,ebx // Original Opcode
mov [esi+48],eax // Original Opcode
jmp Return

0073C0D6:
jmp ItemFilter
Return:

[DISABLE]
0073C0D6: // 8B ? 89 ? ? E8 ? ? ? ? 8B ? 89 ? ? E8 ? ? ? ? 0F ? ? 89 ? ? 8B ? E8 ? ? ? ? 0F
mov ecx,ebx
mov [esi+48],eax

dealloc(ItemFilter)
dealloc(ItemList)
dealloc(Mesos)
dealloc(Mode)

Jump Down Anywhere

Code:

// Updated by NORBIN 171.3
[ENABLE]
00B85200:
db EB

0164C4A8:
db 90 90

00B851BF:
db EB

[DISABLE]
00B85200: // 7D ? 8B ? 8B ? ? 8D ? ? ? 50 8B CE [First Result]
db 7D

0164C4A8: // 74 ?? 8B ?? C7 ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? 85 C0 75 ?? 89 ?? ?? ?? ?? ?? EB ?? 8B ??
db 74 48

00B851BF: // 74 ? 3B ? ? ? 75 ? 8B ? ?
db 74

Mob Disarm

Code:

// Updated by NORBIN 171.3
[Enable]
00B8A58F: //75 ? 8B CE E8 ? ? ? ? 8B CE E8 ? ? ? ? 8B CE E8 ? ? ? ? 8B CE E8 ? ? ? ? 8B
jmp 00B8A9F3 //8B 86 ? ? ? ? 85 C0 0F 84 ? ? ? ? 2B 45 ? 0F 89 ? ? ? ? ? ? ? ? ? ? ? 8D
db 90 90 90 90


[Disable]
00B8A58F:
db 75 15 8B CE E8 D8 01 FF FF

No Character Knockback

Code:

// Updated by NORBIN 171.3
[Enable]
00E2A72A:
db 00


[Disable]
00E2A72A: //01 00 00 00 d8 d1 df e0
db 01

No Delay Flash Jump

Code:

// Updated by NORBIN 171.3
[ENABLE]
01627E61:
db 90 90

01672CFF:
db 90 90

016FE237:
db BF 00

[DISABLE]
01627E61: // 7D ? 33 FF 68
db 7D 02

01672CFF: // 7D ? 33 F6 81 [Third Result]
db 7D 02

016FE237: // BF 01 00 00 00 01 BE [Second Result]
db BF 01

Semi Item Vac

Code:

// Updated by NORBIN 171.3
[ENABLE]
alloc(Hook,64)


Hook:
call 004DE930 // Original Call
mov ecx,eax
mov eax,[esp+0C]
mov edi,[020C0CDC] // CUserLocal: 8B 3D ? ? ? ? 8B 40
mov edi,[edi+E8A4] // Character X Location Offset: 89 8E ? ? ? ? 8B 50 ? 8B 06 89 96 ? ? ? ? 8B 50
add edi,#0 // X
mov [eax],edi
pop edi
mov ecx,[020C0CDC]
mov ecx,[ecx+E8A4+04]
add ecx,#0 // Y
mov [eax+04],ecx
pop esi
ret 0004


00B28384:
jmp Hook


[DISABLE]
00B28384: // E8 ? ? ? ? 8B C8 8B 44 24 ? 89 38 5F 89 48 ? 5E C2 04 00 CC CC CC CC CC CC CC 56 [7th result]
call 004DE930

Skill Injection + Mach GND

Code:

// Updated by NORBIN 171.3
[ENABLE]
alloc(skill_id_hook,128)
label(skill_id_return)
alloc(delay,4)
define(skill_id, #12120011) //Skill ID goes here
 
12120011 Blaze Wizard (Blazing Extinction)
142120030 Kinesis (Mental Tempest)
 
delay:
dw 0
016FE8B7: //0F 84 ?? ?? ?? ?? 2B 9E ?? ?? ?? ?? 0F 88 ?? ?? ?? ?? A1 ?? ?? ?? ?? 3B C5
db 90 90 90 90 90 90 //
016FE8C3: //0F 88 ?? ?? ?? ?? A1 ?? ?? ?? ?? 3B C5 74 ?? 8B 50 ?? 8D 48 ??
db 90 90 90 90 90 90
016FE91B: //0F 84 ?? ?? ?? ?? 8B 16 8B 42 ?? 8B CE FF D0 3D ?? ?? ?? ?? 74 ?? 3D ?? ?? ?? ?? 74 ?? 3D ?? ?? ?? ?? 74 ?? 3D ?? ?? ?? ?? 74 ?? 3D ?? ?? ?? ?? 75 ?? 8D 4C 24 ?? 51
db 90 E9
016FEA10: //8B ?? ?? ?? ?? ?? 8B 44 24 ?? 6A ?? 55 55 55 8D 4C 24 ?? 51
jmp skill_id_hook
nop
skill_id_return:
skill_id_hook:
inc [delay]
cmp dword ptr [delay], #1 // Set delay here
jne skill_id_return
mov [delay], 0
mov edx,skill_id
jmp skill_id_return
016FEAAA: //0F 87 ?? ?? ?? ?? 0F B6 ?? ?? ?? ?? ?? FF 24 ?? ?? ?? ?? ?? 84 DB 74 ?? 8B 8E ?? ?? ?? ?? 85 C9
db 90 90 90 90 90 90 //
016FEAB7: //address at jmp dword ptr following the address above
jmp 016FEAEB //81 BE ?? ?? ?? ?? ?? ?? ?? ?? 75 ?? 8B 44 24 ?? 6A ??
dw 9090
 
016860BC://Mach GND //8B 95 ?? ?? ?? ?? 89 55 ?? 8B 85 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 85 C0 75 ?? 83 7D ?? ?? 75 ?? 8B 8D ?? ?? ?? ?? 8B 11
db 8A
 
[Disable]
0168607C:
db 42
016FE8B7:
db 0F 84 DE 02 00 00
016FE8C3:
db 0F 88 D2 02 00 00
016FE91B:
db 0F 84 CB 00 00 00
016FEA10:
mov edx,[esi+0000D264]
016FEAAA:
db 0F 87 E3 00 00 00
016FEAB7:
jmp dword ptr [ecx*4+016FEBA4]
dealloc(skill_id_hook)

Tubi (WARNING! MAY AUTO BAN OVER TIME, USE AT YOUR OWN RISK)

Code:

// Updated by NORBIN 171.3
[ENABLE]
alloc(Tubi,64)
label(Ret)
 
Tubi:
mov eax, 0
push esi
jmp Ret
 
01833280:
jmp Tubi
Ret:
 
0050ABD6: // Remove loot animation
db 81 FE 00 00 00 00
 
[DISABLE]
01833280: // FUNCTION START (mov eax,[esp+04]): 8D 8E ? ? 00 00 E8 ? ? ? ? E8 ? ? ? ? 50
mov eax,[esp+04]
push esi
 
0050ABD6: // 81 ? ? ? 00 00 0F 8D ? ? 00 00 85 ? 0F 84 [1st Result]
db 81 FE BC 02 00 00
 
dealloc(Tubi)

Evan Dragon Kami

Code:

// Updated by NORBIN 171.3 
[ENABLE]
alloc(EvanDragonKami,128)
label(DragonTeleport)
label(NextTeleport)
label(Ending)
label(Check)
label(ReturnXor)
label(ReturnPop)

EvanDragonKami:
lea eax,[esp+2C]
push eax
call DragonTeleport
test eax,eax
je Ending
mov edx,[eax+04]
sub edx, #0 // Dragon Kami Range Y
mov eax,[eax]
add eax, #-40// Dragon Kami Range X
add esp,0C
jmp 017BDAA0 // 8B 00 8B 4E ? 52 mov ecx,[esi+10] below [2nd result]

DragonTeleport:
push ebp
mov ebp,esp
push ecx
push esi
mov eax,[020C54FC] // Mob Base: 8B 0D ? ? ? ? ? E8 ? ? ? ? 8B ? 85 ? 74 ? 8B ? ? 8B ? ? 8D
test eax,eax
je ReturnXor
mov eax,[eax+28]
test eax,eax
je ReturnXor
mov [ebp-04],eax

NextTeleport:
lea eax,[ebp-04]
push eax
call 00478C50 // E8 ? ? ? ? 8B ? ? 8B ? ? 8B ? ? 8B ? ? 8B ? ? 8B [Follow Call]
add esp,04
mov esi,[eax+04]
// Assembly Scan: mov [esi+00000804],eax
// GMS v.170.1 00D8AF2A
cmp dword ptr [esi+00000804],00
je Check
lea ecx,[esi+04]
mov edx,[ecx]
mov edx,[edx+10]
mov eax,[ebp+08]
push eax
call edx
jmp ReturnPop

Check:
cmp byte ptr [ebp-04],00
jne NextTeleport

ReturnXor:
xor eax,eax

ReturnPop:
pop esi
mov esp,ebp
pop ebp
ret 0004

Ending:
call dword ptr [020D991C] // Original Opcode
jmp 017BDA73 // test eax,eax below

017BDA6D:
jmp EvanDragonKami
db 90

[DISABLE]
017BDA6D: // FF 15 ? ? ? ? 85 C0 75 ? 8B ? 8B ? ? 8D [First Result]
call dword ptr [020D991C]

dealloc(EvanDragonKami)