[GMS] v240.3 CE scripts - Hooks, CRC bypass, etc..

OneTrekMind · 04/29/2023, 12:54

Full Map Pet-Vac (GMS 240.4)

Code:

[ENABLE]
alloc(xiugai, 1000, 140000000)
define(baseAddr,147C98960)
alloc(timer, 8)
alloc(wupinX, 8)
alloc(wupinY, 8)
define(attackPlayer,baseAddr+8)
define(petLootFlag,baseAddr+40)
label(CWfanhui)

xiugai:
call 14029CAF0
cmp [petLootFlag], 6
jne CWfanhui
push rax
mov eax, [rax+8]
cmp eax, [attackPlayer]
ja CWfanhui
mov [wupinX], esi
mov [wupinY], eax
call GetTickCount
mov edx, eax
sub edx, [timer]
cmp edx, #10
jl CWfanhui
mov [timer], eax
mov rcx, [rbp+10]
mov rdx, [rcx+08]
lea rcx, [rcx+08]
call qword ptr[rdx+50]
test rax, rax
je CWfanhui
sub rsp, 28
mov rcx, rax
mov r9d, [wupinY]
sub r9d, #3
mov r8d, [wupinX]
mov rcx, rax
add rsp, 28

CWfanhui:
jmp 141F986BC+5
jmp xiugai

[DISABLE]
141F986BC:
call 14029CAF0
dealloc(xiugai)
dealloc(timer)
dealloc(wupinX)
dealloc(wupinY)

9SIX15 · 05/02/2023, 16:21

It doesn't work if you use it, because he stole it from our program, welcome to use our program, 9SIX15#0915

Volatile94 · 05/02/2023, 17:33

Just to clarify, the post above mine is referring to the pet item vac that someone else decided to post on my thread. Not my scripts.

Volatile94 · 05/12/2023, 13:47

Added a CRC bypass for v241 because it was requested

Integrity? · 05/17/2023, 15:42

Quote:

Originally Posted by Volatile94

Added a CRC bypass for v241 because it was requested

Any chance autorune will become a thing?

Volatile94 · 05/24/2023, 20:21

I'm going to create a new thread when I get the chance and have enough content

Volatile94 · 06/03/2023, 06:55

Check out my bypass

basedninja · 06/04/2023, 05:12

Sorry to bother, i'm getting this error(

) when trying to execute the bypass, do you know how can i solve this?
Thanks for the work anyways

Volatile94 · 06/04/2023, 08:52

Quote:

Originally Posted by basedninja

Sorry to bother, i'm getting this error() when trying to execute the bypass, do you know how can i solve this?
Thanks for the work anyways

This is the CRC bypass failing to copy the maplestory.exe module memory for the size defined.
Are you injecting this into a Global MapleStory client v241.2? (not MSEA or KMS, CMS)
If you aren't you'll need to update the CRC bypass (unless you already have one, then you can just disable it) and disable the thread check patch.

basedninja · 06/04/2023, 09:14

Quote:

Originally Posted by Volatile94

This is the CRC bypass failing to copy the maplestory.exe module memory for the size defined.
Are you injecting this into a Global MapleStory client v241.2? (not MSEA or KMS, CMS)
If you aren't you'll need to update the CRC bypass (unless you already have one, then you can just disable it) and disable the thread check patch.

yes i'm trying to inject into gms🤔

Volatile94 · 06/04/2023, 09:25

Quote:

Originally Posted by basedninja

yes i'm trying to inject into gms��

Oh, this is the CRC bypass for use with Cheat Engine; Thought you were injecting my bypass written in C++ (DLL file) for a second

You're using the GMS v241.1 bypass and not the v241.2 bypass

/*
* Check if CRC of memory region is valid - triggered OnFieldEnter
* load from copy memory instead of the original memory region
* creates a copy from a copy
* GMS v241.2
*
* ~Volatile94
*/
[ENABLE]
GlobalAlloc(MapleCRCRegionCopy, 0xE0D3000)
Define(RegionStart, 140001000)
Define(RegionSize, E0D3000)

MapleCRCRegionCopy:
readmem(RegionStart, 0xE0D3000)

147E4D2EC:
mov rdx, RegionStart
sub rsi, rdx
add rsi, MapleCRCRegionCopy
repe movsb
xor rdx, rdx
jmp 148067112

147E53D37:
jmp 147E4D2EC
nop 2

[DISABLE]
147E53D37:
db F3 A4 E9 D4 33 21 00

147E4D2EC:
db 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Whoever wants a CRC bypass + NGS bypass can compile my source code from

[IL] · 06/04/2023, 14:51

@

Hey im getting hard time with the bypass injection, i did have compiled the bypass from your source. altho tried to inject with some injectors into maplestory.exe/BlackCipher64.aes but seems nothing to happen.
Im doing something wrong?

Volatile94 · 06/04/2023, 19:27

Quote:

Originally Posted by [IL]

@
Hey im getting hard time with the bypass injection, i did have compiled the bypass from your source. altho tired to inject with some injectors into maplestory.exe/BlackCipher64.aes but seems nothing to happen.
Im doing something wrong?

Try injecting keystone.dll before injecting the bypass dll file

[IL] · 06/04/2023, 21:16

@

thanks for the answer,
im using some random dll injector.

1 injected keystone.dll to BlackCipher64.aes
2 injected MapleNGSBypass.dll to BlackCipher64.aes

3 injected keystone.dll to MapleStory.exe
4 injected MapleNGSBypass.dll to MapleStory.exe

2 windows pops out once i login into game, game crashes.

can you tell me how you reproduce it your way step by step?

Volatile94 · 06/04/2023, 21:30

Quote:

Originally Posted by [IL]

@
thanks for the answer,
im using some random dll injector.

1 injected keystone.dll to BlackCipher64.aes
2 injected MapleNGSBypass.dll to BlackCipher64.aes

3 injected keystone.dll to MapleStory.exe
4 injected MapleNGSBypass.dll to MapleStory.exe

2 windows pops out once i login into game, game crashes.

can you tell me how you reproduce it your way step by step?

I'll upload the compiled bypass which includes an injector I developed. I'll send you the link in a private message shortly.

Unfortunately, I don't currently have the time and motivation to go through the details of compiling and properly injecting the bypass.

FYI - there seems to be a conflict with the MapleSpirit trainer which will lead to a detection message (this particular error does not lead to a ban). They likely a hook/patch some of the same code/APIs.