![[GMS] v240.3 CE scripts - Hooks, CRC bypass, etc..](https://www.elitepvpers.com/forum/iconimages/maplestory/gms-v240-3-ce-scripts-hooks-crc-bypass-etc_ltr.gif){kind=small}
[GMS] v240.4 Bypass and Cheats
v240.4
I'm not responsible for any consequences you may incur as a result of using any of the scripts in this thread.
I recommend you test the scripts on a secondary account first
Also, if you make use of the scripts and info I provided and release something, all I ask is you give me credit for my work.
~m1sniper
GMS v241.2 CRC Bypass
Code:
/* * Check if CRC of memory region is valid - triggered OnFieldEnter * load from copy memory instead of the original memory region * creates a copy from a copy * GMS v241.2 * * ~Volatile94 */ [ENABLE] GlobalAlloc(MapleCRCRegionCopy, 0xE0D3000) Define(RegionStart, 140001000) Define(RegionSize, E0D3000) MapleCRCRegionCopy: readmem(RegionStart, 0xE0D3000) 147E4D2EC: mov rdx, RegionStart sub rsi, rdx add rsi, MapleCRCRegionCopy repe movsb xor rdx, rdx jmp 148067112 147E53D37: jmp 147E4D2EC nop 2 [DISABLE] 147E53D37: db F3 A4 E9 D4 33 21 00 147E4D2EC: db 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
GMS v241 CRC bypass
Code:
/*
* Check if CRC of memory region is valid - triggered OnFieldEnter
* load from copy memory instead of the original memory region
* creates a copy from a copy
* GMS v241
*
* ~Volatile94
Information
147CDBD6B:
mov rsi,[rbp+18]: <- Source address to copy memory from
jmp 1480B6CF9
1480B6CF9: <- Destination address for copy
mov rdi,[rbp+10]
jmp 147FE3627
147FE3627: <- Size of memory region
mov ecx,[rbp+20]
jmp 147FDCCF2
147FDCCF2: <- Copy the memory
repe movsb
jmp 147F5B7C2
*/
[ENABLE]
GlobalAlloc(MapleCRCRegionCopy, 0xE71E000)
Alloc(CRCBypass, 128, 147FDCCF2)
Define(RegionStart, 140001000)
Define(RegionSize, E71E000)
MapleCRCRegionCopy:
readmem(RegionStart, 0xE71E000)
147CFD0D0:
mov rdx, RegionStart
sub rsi, rdx
add rsi, MapleCRCRegionCopy
repe movsb
xor rdx, rdx
jmp 147F5B7C2
147FDCCF2:
jmp 147CFD0D0
nop 2
[DISABLE]
147FDCCF2:
db F3 A4 E9 C9 EA F7 FF
147CFD0D0:
db 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Mob damage control / Miss godmode
It's pretty awesome
Code:
/** * Mob damage control / Miss godmode * GMS 240.4 * Don't set this to 1000 unless you want to get killed * ~Volatile94 */ [ENABLE] 14037EC20: mov rax, #1 // Mob damage ret [DISABLE] 14037EC20: mov rax,rsp mov [rax+10],rbx
Avoidability/Miss modifier
Code:
/**
* Avoidability/Miss modifier
* GMS 240.4
* ~Volatile94
*/
[ENABLE]
alloc(MissModify, 32, "maplestory.exe"+4DAF36)
alloc(MissModifier, 8)
registersymbol(MissModifier)
label(MissModifierReturn)
MissModifier:
db 00 00 00 00 00 6A E8 40 // Add MissModifier to address table, type double
// initial value will be 50000 (original value is 1.20)
MissModify:
mulsd xmm6, [MissModifier]
jmp MissModifierReturn
"maplestory.exe"+3A0A66:
jmp MissModify
nop 3
MissModifierReturn:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(MissModify)
dealloc(MissModifier)
unregistersymbol(MissModifier)
"maplestory.exe"+3A0A66:
mulsd xmm6,[maplestory.exe+4E8D700]
Mob Character DMG modifider
Server and Client sided read the full description
If mobs are too high level the damage will become client sided and you'll
take normal damage.
I tested this with a level 10-13 character I was able to drastically
reduce damage from Stumps and Orange Mushrooms
Set to 0.33 to reduce damage to 33%
Set to 0 reduced the damage to 1
Set to 100+ if you want to get murdered by mobs real fast
Add MobCharDmgModifider to address table, type double
Code:
/**
* Mob Character DMG modifider
* Server and Client sided read the full descrition
*
* If mobs are too high level the damage will become client sided and you'll
* take normal damage.
*
* I tested this with a level 10-13 character I was able to drastically
* reduce damage from Stumps and Orange Mushrooms
* Set to 0.33 to reduce damage to 33%
* Set to 100+ if you want to get murdered by mobs real fast
*
* Add MobCharDmgModifider to address table, type double
*
* ~Volatile94
*/
[ENABLE]
alloc(MobCharDmgModify, 32, "maplestory.exe"+4DAF36)
alloc(MobCharDmgModifider, 8)
registersymbol(MobCharDmgModifider)
label(MobCharDmgModifierReturn)
MobCharDmgModifider:
db 1F 85 EB 51 B8 1E D5 3F // Add MobCharDmgModifider to address table, type double
// initial value will be 0.33
// recommended range (0-300)
MobCharDmgModify:
movsd xmm0,[MobCharDmgModifider]
jmp MobCharDmgModifierReturn
"maplestory.exe"+4DAF36:
jmp MobCharDmgModify
nop 3
MobCharDmgModifierReturn:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(MobCharDmgModify)
dealloc(MobCharDmgModifider)
unregistersymbol(MobCharDmgModifider)
"maplestory.exe"+4DAF36:
db F2 0F 10 05 EA 43 9A 04
//movsd xmm0,[maplestory.exe+4E7F328]
Tested on:
* plants in Ellinel
* pots in North Rocky Mountain - Gusty Peak
* ~Volatile94
FIXED DISABLE
Code:
/** * Inanimate Object FMA * Works on similar objects as well * Ellinel plants * North Rocky Mountain - Gusty Peak pots * ~Volatile94 */ [ENABLE] 143FCE11F: nop 6 143FCE128: nop 6 [DISABLE] 143FCE11F: jnl 143FCE1D3 143FCE128: jnl 143FCE1D3
Jump down anywhere
Code:
/** * Jump down anywhere * GMS v240.4 * ~Volatile94 */ [ENABLE] 143F8146F: // 74 15 8B 4D 84 8B 54 24 74 8D 41 db 90 90 143F81484: // 7D 64 45 33 E4 48 8D 4D 60 4C jmp 143F814EA [DISABLE] 143F8146F: je 143F81486 143F81484: jnl 143F814EA
FMA - Small subset of skills
Tested with Archer - Cardinal Deluge
Code:
/** * FMA for small subset of skills * GMS v240.4 * Tested with Archer - Cardinal Deluge * ~Volatile94 */ [ENABLE] 1427FBD6F: mov al,01 [DISABLE] 1427FBD6F: xor al,al
Code:
/**
* Mob Collision Timed Filter
* GMS v240.4
*
* Timed Collision filter for Mob + Player collisions
* Doesn't include mob attacks
*
* ~Volatile94
*/
[ENABLE]
alloc(MobCollisionFilter, 256, "maplestory.exe"+27EE60F)
alloc(bMobCollisionFilter, 1)
registersymbol(bMobCollisionFilter)
alloc(FilterEnableDuration, 4) // Period of time to filter collisions for until
alloc(FilterEnableTime, 4) // When the filter activated
// The timer that is compared to is only updated
// every 2 seconds, so the margin of error
// for the FilterDuration is < 2 seconds.
alloc(FilterDisableDuration, 4) // Period of time to allow collisions for until
alloc(FilterDisableTime, 4) // When the filter deactivated
// The timer that is compared to is only updated
// every 2 seconds, so the margin of error
// for the FilterDuration is < 2 seconds.
label(FilterEnabled)
label(FilterDisabled)
label(DisableFilter)
define(CheckCollisionCall, 142702260)
define(FilterCollisionJump, 1427EE839)
define(CUserLocal, 145D1D138)
define(TimerOffset, 236B8)
FilterEnableDuration:
dd #20000 // 20 seconds
FilterDisableDuration:
dd #5000 // 5 seconds
"maplestory.exe"+27EE60F:
jmp MobCollisionFilter
MobCollisionReturn:
MobCollisionFilter:
cmp [FilterEnableTime], 0
je EnableFilter
cmp byte ptr [bMobCollisionFilter], 1
je FilterEnabled
jmp FilterDisabled
EnableFilter:
push rax
mov byte ptr [bMobCollisionFilter], 1
call GetTimer
mov [FilterEnableTime], eax
pop rax
jmp FilterCollisionJump
FilterEnabled:
push rax
call GetTimer
sub eax, [FilterEnableTime]
cmp eax, [FilterEnableDuration]
pop rax
jg DisableFilter
jmp FilterCollisionJump
DisableFilter:
mov byte ptr [bMobCollisionFilter], 00
push rax
call GetTimer
mov [FilterDisableTime], eax
pop rax
call CheckCollisionCall
jmp MobCollisionReturn
FilterDisabled:
push rax
call GetTimer
sub eax, [FilterDisableTime]
cmp eax, [FilterDisableDuration]
pop rax
jg EnableFilter
call CheckCollisionCall
jmp MobCollisionReturn
GetTimer:
mov rax, CUserLocal
mov rax, [rax] // CUserLocal
add rax, TimerOffset
mov eax, [rax] // Timer, updated every 2 seconds
ret
[DISABLE]
dealloc(MobCollisionFilter)
dealloc(bMobCollisionFilter)
unregistersymbol(bMobCollisionFilter)
dealloc(FilterEnableTime)
dealloc(FilterDisableTime)
dealloc(FilterEnableDuration)
dealloc(FilterDisableDuration)
"maplestory.exe"+27EE60F:
call 142702260
Code:
/** * NPC No Delay Auto Interaction * GMS v240.4 * ~Volatile94 */ [ENABLE] 144315118: db 90 90 144315128: db 90 90 [DISABLE] 144315118: je 14431513B 144315128: je 14431513B
No Mob Attack Collisions
Code:
/** * No Mob Attack Collisions * GMS v240.4 * ~Volatile94 */ [ENABLE] 14271B629: nop 6 14271B632: nop 6 [DISABLE] 14271B629: je 14271B83F 14271B632: je 14271B83F
Code:
/** * No mob collisions * GMS v240.4 * ~Volatile94 */ [ENABLE] "maplestory.exe"+27EE616: jmp maplestory.exe+27EE839 [DISABLE] "maplestory.exe"+27EE616: db 0F 84 1D 02 00 00 //je maplestory.exe+27EE839
Code:
/** * Mob aggro/Mind control * GMS v240.4 * * ~Volatile94 */ [ENABLE] 142712E8C: db 90 90 142712E9C: db 90 90 142712EA8: db 90 90 [DISABLE] 142712E8C: je 142712ECE 142712E9C: jne 142712ECE 142712EA8: je 142712ECE
Code:
/** * No breath * * GMS v240.4 * * C7 81 ?? ?? 00 00 88 13 00 00 85 D2 74 0A C7 81 ?? ?? * * Remove Breath - 5 second delay that prevents you from taking certain actions * * ~Volatile94 **/ [ENABLE] 1416F0E30: mov [rcx+00000A10],00000000 [DISABLE] 1416F0E30: mov [rcx+00000A10],00001388
Level hook
Hook after level value is decrypted
Code:
/* Level hook * GMS v240.4 * ~Volatile94 */ [ENABLE] alloc(LevelHook, 128, "maplestory.exe"+467663D) alloc(Level, 4) registersymbol(Level) label(LevelHookReturn) LevelHook: mov [Level], eax mov [rbp-58],eax mov eax,[r13+1B] jmp LevelHookReturn "maplestory.exe"+467663D: jmp LevelHook nop 2 LevelHookReturn: [DISABLE] dealloc(LevelHook) dealloc(Level) unregistersymbol(Level) "maplestory.exe"+467663D: db 89 45 A8 41 8B 45 1B //mov [rbp-58],eax //mov eax,[r13+1B]
Code:
145D1CF50 -> 2370
Hook job ID after it's decrypted
Code:
/** * Job ID hook * GMS v240.4 * ~Volatile94 */ [ENABLE] alloc(JobIDHook, 128, "maplestory.exe"+45B17D7) alloc(JobID, 4) registersymbol(JobID) label(JobIDReturn) JobIDHook: call maplestory.exe+2F0D80 mov [JobID], eax jmp JobIDReturn "maplestory.exe"+45B17D7: jmp JobIDHook JobIDReturn: [DISABLE] dealloc(JobIDHook) dealloc(JobID) unregistersymbol(JobID) "maplestory.exe"+45B17D7: db E8 A4 F5 D3 FB //call maplestory.exe+2F0D80
Char XY hook
Code:
/* CharXY hook * GMS v240.4 * ~Volatile94 */ [ENABLE] alloc(CharXYHook, 128, "maplestory.exe"+4034F0F) alloc(CharX, 4) alloc(CharY, 4) registersymbol(CharX) registersymbol(CharY) label(returnhere) CharXYHook: mov [CharX], ebx ror rbx, 20 mov [CharY], ebx rol rbx, 20 call maplestory.exe+3D332C0 jmp returnhere "maplestory.exe"+4034F0F: jmp CharXYHook returnhere: [DISABLE] dealloc(CharXYHook) dealloc(CharX) dealloc(CharY) unregistersymbol(CharX) unregistersymbol(CharY) "maplestory.exe"+4034F0F: db E8 AC E3 CF FF //call maplestory.exe+3D332C0
BlackCipher64.aes bypass
Code:
/** * BlackCipher64.aes Bypass * Add Address Manually -> Address: BCExitLoop, Type: Byte * Set BCExitLoop to non-zero value to terminate the process before restarting MapleStory * * ~Volatile94 */ [ENABLE] alloc(BCResumeThread, 128, 00400000) alloc(BCExitLoop, 1) registersymbol(BCExitLoop) BCResumeThread: mov rcx, #5000 // I'm impatient call kernel32.Sleep cmp byte ptr [BCExitLoop], 0 je BCResumeThread mov rax, -1 ret 006ED3D0: dq BCResumeThread [DISABLE] dealloc(BCResumeThread) dealloc(BCExitLoop) unregistersymbol(BCExitLoop) 006ED3D0: db 48 89 5C 24 08 55 48 8D
If you change the string/character name the pointer points to
You can spoof the character name in the UI where HP and MP bars are located
You can also spoof the name directly under your character and in the character window once you trigger on field enter (e.g. enter a portal)
This is useful for cheaters/hackers to share snapshots with a spoofed name
Code:
/* Character name hook/spoofer
*
* GMS v240.4
* ~Volatile94
*/
[ENABLE]
alloc(CharNameHook, 128, "maplestory.exe"+48279A3)
alloc(CharName, 8) // Pointer to character name
// Add Address Manually 'CharName' -> Set type to pointer (offset 0)
// You can set the value that the pointer points towards to a different string to spoof your username on the UI (Client sided)
registersymbol(CharName)
label(returnhere)
CharNameHook:
cmp byte ptr [rax+rdi],00
mov [CharName], rax
jne maplestory.exe+3A1D6E0
jmp returnhere
"maplestory.exe"+3A1D6E3:
jmp CharNameHook
nop
returnhere:
[DISABLE]
dealloc(CharNameHook)
dealloc(CharName)
unregistersymbol(CharName)
"maplestory.exe"+3A1D6E3:
db 80 3C 38 00 75 F7
//cmp byte ptr [rax+rdi],00
//jne maplestory.exe+3A1D6E0
Code:
HP pointer: 1478036D0 -> 650 -> 400 MP pointer 1478036D0 -> 660 -> 400
Bypass thread ID checks
Code:
/** * Thread ID check bypass * GMS v240.4 * ~Volatile94 */ [ENABLE] 140DC851E: jmp 140DC86DE 140DC832E: jmp 140DC84EE [DISABLE] 140DC851E: je 140DC86DE 140DC832E: je 140DC84EE
CRC bypass
Code:
/* * Check if CRC of memory region is valid - triggered OnFieldEnter * load from copy memory instead of the original memory region * creates a copy from a copy * Volatile94 */ [ENABLE] GlobalAlloc(MapleCRCRegionCopy, 0xE929000) Define(RegionStart, 140001000) Define(RegionSize, E929000) MapleCRCRegionCopy: readmem(RegionStart, 0xE929000) maplestory.exe+8120DC6: jmp maplestory.exe+8120D5A maplestory.exe+8120D5A: mov rdx, RegionStart sub rsi, rdx add rsi, MapleCRCRegionCopy repe movsb xor rdx, rdx jmp maplestory.exe+812E366 [DISABLE] maplestory.exe+8120DC6: repe movsb jmp maplestory.exe+812E366
Code:
/*** * NexonAnalytics64.enqueueLog bypass * GMS v240.4 & v240.3 * 48 8B CA 49 8B D0 48 FF 25 43 99 90 05 * * Do nothing instead of calling NexonAnalytics64.enqueueLog * * Big data analytics are used to collect large amounts of data * Like metrics, application insights, logs, etc... * * Client generates log when in game and sends it to Nexon Analytics service when * disconnecting from the Game server. * * This data MAYBE used in the analysis to discover * hackers. * * It's called when you disconnect from the server/(world + channel) * * ~Volatile94 */ [ENABLE] "maplestory.exe"+6B5AA0: // 0x1406B5AA0 xor rax, rax ret [DISABLE] "maplestory.exe"+6B5AA0: db 48 8B CA 49 8B D0 //mov rcx,rdx //mov rdx,r8
MobHF
Code:
/** * MobHF * GMS v240.4 * 0F 85 19 09 00 00 45 85 FF 78 2C * * Freeze mob after it's been hit by character * Mob will be removed on death * * ~Volatile94 */ [ENABLE] "maplestory.exe"+271843F: je 142718D5E [DISABLE] "maplestory.exe"+271843F: jne 142718D5E
SFX silencer
Code:
/** * SFX silencer: Skill, Mob Sounds, Portals * GMS v240.4 * 74 06 66 83 F8 5C 75 0C 49 83 C6 02 **/ [ENABLE] maplestory.exe+2C5C2C7: jne maplestory.exe+2C5C2CF [DISABLE] maplestory.exe+2C5C2C7: je maplestory.exe+2C5C2CF
v240.3 (will be removed, after everything is updated)
Pointers:
Mobs
Code:
145D5B078:
Aobs:
48 83 3D 63 1B 5C 04 00 0F 84 93 04 00 00 48 8B CA
48 8B 0D 72 2C 87 05 48 85 C9 0F 84 60 03 00 00
48 8B 0D 2F 07 86 04 E8 22 77 2F 01 48 8B F0 48 85 C0
"maplestory.exe"+05D5B078
Mob struct 1 -> 0x70 -> 0x8 -> 0: Mob struct
Mob struct 2 -> 0x78 -> 0x8 -> 0: Mob struct
Mob struct:
0000 : 1451ABE18 <- Ptr to CVecCtrlMob::WorkUpdateActive
1451ABE18 + 0070 -> 142770B60: Ptr to some private method
488:
references:
142701694: getter
-> EC:
references:
142701699: mov edx, [rax+000000EC]
-> E4:
references:
14270169F: lea rcx, [rax+000000E4]
14039CF9C: mov ebx, [rcx+04]
14039CF9F: Start decrypting the value
5B0:
references:
142770B81: cmp edx,[rcx+000005B0]
7E4:
references:
1426F8392: Creation time
7EC:
Flag - Set to true on spawn. False when hit
9F0:
Health %
155C : bFaded <- Setting to non-zero enables the fade effect observed when you first enter the map
Useful for debugging, toggling it on and off will keep the faded animation on the mob without other side effects.
Code:
0x145D1D138 Aobs: 48 83 3D 6B F8 35 05 00 74 12 45 33 C0 48 8B 0D 91 F0 B3 04 48 85 C9 74 1A 48 8B 1D BB 94 C1 04 48 8B CB 0x0668 - ?? set to 20000000 when using skill 0x0B90 - Breath - removing this gives you no breath 0x0B94 - Breath - set on condition to same value from same method as breath offset above 0x0B98 - Character/Animation state 0x22230 - bJumpingDown
Enable dark sight like effect on mobs and don't deal damage to your character.
Player cannot deal damage to the mobs until the patch is disabled
Useful for travelling without being annoyed by mobs.
Code:
/** * Mob dark sight * GMS v.240.3 * * 75 05 8D 58 01 EB 36 48 8B CF * * Enable dark sight like effect on mobs and don't deal damage to your character. * Player cannot deal damage to the mobs until the patch is disabled * If you deactivate this, mobs will start to deal damage to you but will retain * the dark sight like effect until new mobs are spawned in place of that one * * To enable just the dark sight animation * 0x142725726 * cmp dword ptr [rbx+0000155C],00 can be set to -> [rbx+0000155C],00 * rbx == mob struct * To disable collisions * 0x1427DDE61 -> jne to je or mov al, 01 to mov al, 00 * * ~Volatile94 */ [ENABLE] "maplestory.exe"+2702424: je 14270242B [DISABLE] "maplestory.exe"+2702424: jne 14270242B
Freeze mob after it's been hit by character
Mob will be removed on death
Thread ID Check bypass
Code:
/** * Bypass thread ID check * GMS v240.3 * Check is performed by the same thread that calls ws32_2.send * 0F 84 BA 01 00 00 E8 17 27 79 03 83 F8 03 0F 85 AC * ~Volatile94 */ [ENABLE] maplestory.exe+DC851E: jmp maplestory.exe+DC86DE [DISABLE] maplestory.exe+DC851E: je maplestory.exe+DC86DE
MP/MaxMP hook
Get the value of your characters MP/MaxMP. Useful for automation.
Can be used for auto pot.
Code:
Fixing....
Code:
/* * Map ID hook * 44 89 B7 ?? ?? 00 00 C6 87 ?? ?? 00 00 01 BA * ~Volatile94 */ [ENABLE] alloc(MapIDHook, 128, "maplestory.exe"+35E59DC) alloc(MapID, 4) registersymbol(MapID) label(MapIDHookReturn) MapIDHook: mov [MapID], r14d mov [rdi+000003E0],r14d jmp MapIDHookReturn "maplestory.exe"+35E59DC: jmp MapIDHook nop 2 MapIDHookReturn: [DISABLE] dealloc(MapIDHook) dealloc(MapID) unregistersymbol(MapID) "maplestory.exe"+35E59DC: mov [rdi+000003E0],r14d
Code:
/* * Hooks mob counter increase/decrease functions * GMS v240.3 * 41 0F B7 40 04 A8 02 75 10 66 83 C8 02 * FF 4F 60 48 8B 5C 24 30 48 8B 6C 24 38 48 8B 74 24 40 * ~Volatile94 */ [ENABLE] alloc(IncreaseMobCounterHook, 128, "maplestory.exe"+271549) alloc(DecreaseMobCounterHook, 128, "maplestory.exe"+271692) alloc(MobCount, 8) registersymbol(MobCount) label(IncreaseReturn) label(DecreaseReturn) MobCount: dd 0 IncreaseMobCounterHook: movzx eax,word ptr [r8+04] mov rbx, [r14+60] inc rbx mov [MobCount], rbx jmp IncreaseReturn "maplestory.exe"+271549: jmp IncreaseMobCounterHook IncreaseReturn: DecreaseMobCounterHook: //dec [MobCount] dec [rdi+60] mov rbx, [rdi+60] mov [MobCount], rbx mov rbx,[rsp+30] jmp DecreaseReturn "maplestory.exe"+271692: jmp DecreaseMobCounterHook nop 3 DecreaseReturn: [DISABLE] dealloc(DecreaseMobCounterHook) dealloc(IncreaseMobCounterHook) dealloc(MobCount) unregistersymbol(MobCount) "maplestory.exe"+271549: db 41 0F B7 40 04 //movzx eax,word ptr [r8+04] "maplestory.exe"+271692: db FF 4F 60 48 8B 5C 24 30 //dec [rdi+60] //mov rbx,[rsp+30]
Code:
/** * Hook number of items on the map * GMS v240.3 * * E8 CC A3 D3 FB 4C 8D 44 24 60 48 8D 95 98 00 00 00 49 8D 4D * FF 4B 14 B8 01 00 00 00 48 83 C4 20 5B * ~Volatile94 */ [ENABLE] alloc(IncreaseItemCountHook, 128, "maplestory.exe"+1FCB28E) alloc(DecreaseItemCountHook, 128,"maplestory.exe"+1FCBDC4) alloc(ItemCount, 4) registersymbol(ItemCount) label(IncreaseItemCountReturn) //label(DecreaseItemCountReturn) IncreaseItemCountHook: inc [rdi+14] mov rcx, [rdi+14] mov [ItemCount], ecx mov rcx, [maplestory.exe+78046C0] jmp IncreaseItemCountReturn "maplestory.exe"+1FCB28E: jmp IncreaseItemCountHook nop 5 IncreaseItemCountReturn: DecreaseItemCountHook: dec [rbx+14] mov eax, [rbx+14] mov [ItemCount], eax mov eax,00000001 jmp DecreaseItemCountReturn "maplestory.exe"+1FCBDC4: jmp DecreaseItemCountHook nop 3 DecreaseItemCountReturn: [DISABLE] //code from here till the end of the code will be used to disable the cheat dealloc(IncreaseItemCountHook) dealloc(DecreaseItemCountHook) dealloc(ItemCount) unregistersymbol(ItemCount) "maplestory.exe"+1FCB28E: db FF 47 14 48 8B 0D 28 94 83 05 //inc [rdi+14] //mov rcx,[maplestory.exe+78046C0] "maplestory.exe"+1FCBDC4: db FF 4B 14 B8 01 00 00 00 //dec [rbx+14] //mov eax,00000001
Code:
/** * Hooks the skill point assign function * E8 CC A3 D3 FB 4C 8D 44 24 60 48 8D 95 * * This is useful to map out game functionally * and eventually create an auto sp assign script. * * ~Volatile94 */ [ENABLE] alloc(SPAssignHook, 128, "maplestory.exe"+4680B5F) alloc(SPAssignSkillID, 4) alloc(SPAssignSkillLevel, 4) registersymbol(SPAssignSkillID) registersymbol(SPAssignSkillLevel) label(SPAssignReturn) SPAssignHook: mov [SPAssignSkillID], rbx mov [SPAssignSkillLevel], r15 call maplestory.exe+3BAF30 jmp SPAssignReturn "maplestory.exe"+4680B5F: jmp SPAssignHook SPAssignReturn: [DISABLE] dealloc(SPAssignHook) dealloc(SPAssignSkillID) dealloc(SPAssignSkillLevel) unregistersymbol(SPAssignSkillID) unregistersymbol(SPAssignSkillLevel) "maplestory.exe"+4680B5F: db E8 CC A3 D3 FB //call maplestory.exe+3BAF30
Skip mob death animation
Code:
/** * Skip mob death animation * GMS v240.3 * 74 0F 48 8D 4D D0 E8 F9 09 E4 FE **/ [ENABLE] maplestory.exe+27F326C: jne maplestory.exe+27F327D [DISABLE] maplestory.exe+27F326C: je maplestory.exe+27F327D
Mob freeze
Freezes mobs into position
Allows you to kill them in place
Depending on the state of the mob
it may prevent damage from it.
Code:
/* Freezes mobs into position Allows you to kill them in place Depending on the state of the mob it may prevent damage from it Can cause DC by GMPolice message (Generic/catch all message) 74 35 0F 1F 40 00 48 8D 4D ?? E8 ~Volatile94 */ [ENABLE] maplestory.exe+27F2FDA: jne maplestory.exe+27F3011 [DISABLE] maplestory.exe+27F2FDA: je maplestory.exe+27F3011
Code:
/** * Invisible mobs (Client sided) * Useless * 75 2E 45 33 C0 33 D2 48 8B CF E8 */ [ENABLE] maplestory.exe+27180F4: je 142718124 [DISABLE] //code from here till the end of the code will be used to disable the cheat maplestory.exe+27180F4: jne 142718124
Code:
/** * Xenon Photon Ray animation * GMS v240.3 * 7E 65 48 8D 85 ?? ?? 00 00 48 89 85 ?? ?? 00 00 4C 89 BD * * Enable Xenon Photon Ray animation * Attack to enable * * * ~Volatile94 */ [ENABLE] maplestory.exe+3E8DB5D: jg maplestory.exe+3E8DBC4 [DISABLE] maplestory.exe+3E8DB5D: jle maplestory.exe+3E8DBC4
Mob Spawn:
0x1426F86C4
Mob update:
0x1427F2FA0
0x142712CA0
0x142712D26 -> jl 142712D35
Changing this to jg 0x142712D35 causes the mobs to blink a few times briefly
Mob player hit
142701CBC - 49 8B 06 - mov rax,[r14]
142770EBF - 48 8B 0F - mov rcx,[rdi]
14279627E - 48 8B 07 - mov rax,[rdi]
Mob attack related
0x1427F4E8A
0x1427F4CF6:
je 1427F4D02
to jne 1427F4D02
