האקים ל EMS גרסה 0.25

**IntraFire** · 30-05-2007, 16:43

Pointers :

Quote:
Unlimited Attack - Pointer: 00794C20 Offset: 1348
No Breath - Pointer: 00794C20 Offset: 2C8
Speed Attack - Pointer: 00794C20 Offset: 2D8
Char X - Pointer: 00794CB8 Offset: 57C
Char Y - Pointer: 00794CB8 Offset: 580
Item X - Pointer: 00794C20 Offset: 57C
Item Y - Pointer: 00794C20 Offset: 580
Left Wall - Pointer: 007940B0 Offset: C
Right Wall - Pointer: 007940B0 Offset: 14
Top Wall - Pointer: 007940B0 Offset: 10
Bottom Wall - Pointer: 007940B0 Offset: 18
People Scanner - Pointer: 007940b8 Offset: 18
mouse X - 0072f16c Offset 80
mouse Y - 0072f16c Offset 84

Scripts:

========================
–•(-• Most Active Hack •-)•–
========================

CRC Bypass:

Quote:
[ENABLE]
ALLOC(crc,128)
ALLOC(dump,3670018)
LABEL(oldmem)
LABEL(ret)
LOADBINARY(dump,EMSv25.CEM)

crc:
CMP ECX,00400000
JB oldmem
CMP ECX,00780000
JA oldmem
MOV EAX,dump
ADD ECX, dump-400000

oldmem:
MOV EAX,[EBP+10]
DB 56 57
JMP ret

00458A2B:
JMP crc
ret:

[DISABLE]
00458A2B:
MOV EAX,[EBP+10]
DB 56 57
DEALLOC(crc)
DEALLOC(dump)

Pin Unrandomize

Quote:
[ENABLE]
alloc(pinunrandom,128)
label(returnhere)

0060356E:
jmp pinunrandom
returnhere:

pinunrandom:
add eax,edx
push edx
shr edx,1
mov [eax],edx
pop edx
cmp byte ptr [eax],0a
jmp returnhere

[DISABLE]
0060356E:
add eax,edx
cmp byte ptr [eax],0a
dealloc(pinunrandom)

Pin KeyBoard Write

Quote:
[enable]
00472C4C:
db 0f 83

[disable]
00472C4C:
db 0f 86

MzBot Bypass

Quote:
[ENABLE]
77DD7883:
ret 0018

[DISABLE]
77DD7883:
mov edi,edi

Freeze to Crash

Quote:
[Enable]
006E3CBD:
jmp 0

[Disable]
006E3CBD:
and eax,00007fff

===========================
–•(-• Hacks •-)•–
===========================

Full GodMode:

Quote:
[ENABLE]
0065CC2F:
db 0f 84

[DISABLE]
0065CC2F:
db 0f 85

SuperTubi

Quote:
[ENABLE]
00488724:
db 90 90

[DISABLE]
00488724:
db 75 36

Perfect No Breath

Quote:
[ENABLE]
004A7F98:
db eb 23
0048A887:
db eb 10
006B6454:
db eb 13

[DISABLE]
004A7F98:
db 7e 23
0048A887:
db 7e 10
006B6454:
db 7e 13

Diesel240's Unlimited Attack

Quote:
[enable]

alloc(NewUA,64)
alloc(Diesel240,44)
NewUA:
mov eax,[00794C20]
mov ebx,[eax+57C]
sub ebx,00000001
mov [eax+57C],ebx
popad
cmp eax,edi
mov [ebp-20],eax
je 0051c4fe
Diesel240:
pushad
mov eax,[00794C20]
mov eax,[eax+1348]
cmp eax,00000062
jnl NewUA
popad
cmp eax,edi
mov [ebp-20],eax
je 0051c4fe
0051C498:
jmp Diesel240
db 3B 11 02 90 90
db 90 90

[disable]

0051C498:
db 3B C7 89 45 E0 74 5F
db 89 45 E0 74 5F
db 74 5F
dealloc(NewUA)
dealloc(Diesel240)

Instant Drop

Quote:
[ENABLE]
00730AC0:
add [eax], al
add [eax], al
add [eax], al
add [eax], al

[DISABLE]
00730AC0:
add [eax], al
add [eax], al
add [eax-71], al
inc eax

Full Map Item Vac

Quote:
[ENABLE]
ALLOC(ItemVAC, 124)
LABEL(ret)

ItemVAC:
DB 60
MOV ECX, [EBP+8]
MOV EBX, [EBP-24]
MOV [ECX], EBX
MOV [ECX+4], EAX
MOV ECX, EAX
MOV EAX, EBX
LEA EDX, [EAX-19]
MOV [EBP-34], EDX
LEA EDX, [ECX-32]
add EAX, 19
add ECX, A
MOV [EBP-30], EDX
MOV [EBP-2C], EAX
MOV [EBP-28], ECX
DB 61 50
push [EBP-24]
LEA EAX, [EBP-34]
JMP ret

0048F6F5:
JMP ItemVAC
DB 90 90
ret:

[DISABLE]
DEALLOC(ItemVAC)

0048F6F5:
DB 50
push [EBP-24]
lea EAX, [EBP-34]

===========================
–•(-• unrandomizer •-)•–
===========================

unrandomizer script STR

Quote:
[Enable]
006E3CBD:
mov eax,0 // Change This To What U Want 0~3

[Disable]
006E3CBD:
and eax,00007fff

=============================
–•(-• OffScreen •-)•–
=============================

Fall Through Floor

Quote:
[enable]
00690193:
db 0f 83

[disable]
00690193:
db 0f 86

Lag Hack

Quote:
[ENABLE]
0068E4B9:
db 75

[DISABLE]
0068E4B9:
db 74

Lag Hack v2 Powerface (ICE})

Quote:
[enable]
0051C49D:
db 75 5f
[disable]
0051C49D:
db 74 5f

Suck/Tele UP

Quote:
[ENABLE]
00690F01:
db 76

[DISABLE]
00690F01:
db 73

Suck/tele Right

Quote:
[enable]
00690E70:
db 77
[disable]
00690E70:
db 76

Suck/tele Left

Quote:
[enable]
00690E01:
db 72
[disable]
00690E01:
db 73

Swim

Quote:
[Enable]
0068F87C:
jne 0068fa6f
005571B3:
db 74 04

[Disable]
0068F87C:
je 0068fa6f
005571B3:
db 73 04

Levitate + Swim

short tut: first tick suck\tele up then tick levitate + swim and after those both
ticked, untick the suck\tele up and u stay in air without DC now use dice and bot.

Quote:
[enable]
00690E01:
db 72
[disable]
00690E01:
db 73

Levitate No Movement (Duffy290)

Quote:
[enable]
0068F87C:
jne 0068fa6f

[Disable]
0068F87C:
je 0068fa6f

=============================
–•(-• Filters •-)•–
=============================

Item Filter

Quote:
[enable]
Alloc(filter,124)
label(ifreject)
label(end)
label(skip)
Alloc(iftable,512)
label(ifexit)

filter:
push ebx
push esi
xor ebx, ebx
mov esi,iftable

ifreject:
cmp eax,[esi]
je skip
cmp [esi],ebx
je end
add esi,4
jmp ifreject

skip:
mov eax,00

end:
pop esi
pop ebx
mov [edi+34], eax
mov edi, [ebp-14]
jmp ifexit

iftable:
dd C350
dd a
dd 1F6EE0 //Arrow for Bow
dd 1F72C8 //Arrow for Crossbow
dd 3D7E3C //Monster Card

dd 1E8480 //Red Potion
dd 1E8481 //Orange Potion
dd 1E8482 //White Potion
dd 1E8483 //Blue Potion

dd 00

004908DB:
jmp filter
nop
ifexit:

[disable]
004908DB:
mov [edi+34], eax
mov edi, [ebp-14]

=============================
–•(-• Vac Hack •-)•–
=============================

Selective Wall Vac Bypass

Quote:
[ENABLE]
alloc(begin,2048)
alloc(olddata,32)
alloc(pointer,4)
alloc(bool,4)
registersymbol(bool)
registersymbol(olddata)
label(set)
label(ret)
label(end)

begin:
cmp [bool],1
je set
ret:
mov esi,olddata
movsd
movsd
movsd
movsd
pop edi
jmp end
set:
mov esi,[007940B0]
mov esi,[esi+0C]
mov [pointer], esi
mov esi,[pointer]
mov [olddata],esi
mov esi,[007940B0]
mov esi,[esi+10]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+04],esi
mov esi,[007940B0]
mov esi,[esi+14]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+08],esi
mov esi,[007940B0]
mov esi,[esi+18]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+0C],esi

mov [bool],0
jmp ret

0068E099:
jmp begin
end:

olddata:
DB 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
pointer:
DB 00 00 00 00
bool:
DB 01 00 00 00

[DISABLE]
dealloc(begin)
dealloc(olddata)
dealloc(pointer)
dealloc(bool)

0068E099:
movsd
movsd
movsd
movsd
pop edi

dICE Vac

Quote:
[enable]
alloc(dICE,64)
alloc(right,4)
alloc(left,4)
registersymbol(right)
registersymbol(left)
label(return)

dICE:
pushad

mov edx, [00794CB8]
mov ebx, [edx+57C]
mov ecx,[edx+580]
add ebx, [right]
sub ebx, [left]

mov eax,[007940B0]
mov [eax+C],ebx
mov [eax+14],ebx
mov [eax+10],ecx
mov [eax+18],ecx
popad

mov [ebx], eax
mov edi,[ebp+10]
jmp return

right: //Set right to 0.
db 00 00

left: //Set left to 0.
db 00 00

0069222D:
jmp dICE
return:

00694B33:
db 0f 84

0068E772:
db 75

0068EA0E:
db 0f 85

[disable]
0069222D:
mov [ebx], eax
mov edi,[ebp+10]

00694B33:
db 0f 85

0068E772:
db 74

0068EA0E:
db 0f 84

dealloc(dICE)
dealloc(left)
dealloc(right)
unregistersymbol(left)
unregistersymbol(right)

pID00 (Int3)

Quote:
[ENABLE]
alloc(DeletePlatform, 64)
label(DeleteId)
label(Normal)
label(ret)
alloc(pID00drag, 512)
alloc(Counter, 4)
label(SetWalls)
label(Default)
label(ret1)

00694B33:
je 00694c9b

0068F87C:
jne 0068fa6f

00691161:
jmp DeletePlatform
nop
ret:

DeletePlatform:
pushad
mov edx,[00794C20]
mov edx,[edx+5A0]
sub edx, C
cmp esi, edx
popad
jne DeleteId
jmp Normal

DeleteId:
mov [esi+110], 00
jmp ret

Normal:
mov [esi+110], edi
jmp ret

005E01AE:
jmp pID00drag
nop
ret1:

pID00drag:
cmp [Counter], 1
je SetWalls
jmp Default

SetWalls:
pushad
mov eax, [00794CB8]
mov eax, [eax+57C]

mov ebx, [00794CB8]
mov ebx, [ebx+580]

mov ecx, [007940B0]
mov [ecx+C], eax
mov [ecx+14], eax
mov [ecx+10], ebx
mov [ecx+18], ebx
popad
mov [Counter], 0
jmp Default

Default:
mov [ebx+0000057C], eax
jmp ret1

Counter:
DB 01 00 00 00

[DISABLE]
00694B33:
jne 00694c9b

0068F87C:
je 0068fa6f

00691161:
mov [esi+00000110], edi

005E01AE:
mov [ebx+0000057C], eax

dealloc(DeletePlatform)
dealloc(pID00drag)
dealloc(Counter)

pID00 Ranged

Quote:
[ENABLE]
alloc(DeletePlatform, 64)
label(DeleteId)
label(Normal)
label(ret)
alloc(pID00drag, 512)
alloc(Counter, 4)
label(SetWalls)
label(Default)
label(ret1)

00694B33:
je 00694c9b

0068F87C:
jne 0068fa6f

00691161:
jmp DeletePlatform
nop
ret:

DeletePlatform:
pushad
mov edx,[00794C20]
mov edx,[edx+5A0]
sub edx, C
cmp esi, edx
popad
jne DeleteId
jmp Normal

DeleteId:
mov [esi+110], 00
jmp ret

Normal:
mov [esi+110], edi
jmp ret

005E01AE:
jmp pID00drag
nop
ret1:

pID00drag:
cmp [Counter], 1
je SetWalls
jmp Default

SetWalls:
pushad
mov eax, [00794CB8]
mov eax, [eax+57C]
sub eax, 85 // Change This To Control The Range (Like Left,Right On dICE)
mov ebx, [00794CB8]
mov ebx, [ebx+580]

mov ecx, [007940B0]
mov [ecx+C], eax
mov [ecx+14], eax
mov [ecx+10], ebx
mov [ecx+18], ebx
popad
mov [Counter], 0
jmp Default

Default:
mov [ebx+0000057C], eax
jmp ret1

Counter:
DB 01 00 00 00

[DISABLE]
00694B33:
jne 00694c9b

0068F87C:
je 0068fa6f

00691161:
mov [esi+00000110], edi

005E01AE:
mov [ebx+0000057C], eax

dealloc(DeletePlatform)
dealloc(pID00drag)
dealloc(Counter)

pID00 N00B Remover

Quote:
[ENABLE]
alloc(DeletePlatform, 64)
label(DeleteId)
label(Normal)
label(ret)
alloc(pID00drag, 512)
alloc(Counter, 4)
label(SetWalls)
label(Default)
label(ret1)

00694B33:
je 00694c9b

0068F87C:
jne 0068fa6f

00691161:
jmp DeletePlatform
nop
ret:

DeletePlatform:
pushad
mov edx,[00794C20]
mov edx,[edx+5A0]
sub edx, C
cmp esi, edx
popad
jne DeleteId
jmp Normal

DeleteId:
mov [esi+110], 00
jmp ret

Normal:
mov [esi+110], edi
jmp ret

005E01AE:
jmp pID00drag
nop
ret1:

pID00drag:
cmp [Counter], 1
je SetWalls
jmp Default

SetWalls:
pushad
mov eax, [00794CB8]
mov eax, [eax+57C]
mov ebx, [00794CB8]
mov ebx, [ebx+580]
sub ebx, 160 // Change This To Control The Space

mov ecx, [007940B0]
mov [ecx+C], eax
mov [ecx+14], eax
mov [ecx+10], ebx
mov [ecx+18], ebx
popad
mov [Counter], 0
jmp Default

Default:
mov [ebx+0000057C], eax
jmp ret1

Counter:
DB 01 00 00 00

[DISABLE]
00694B33:
jne 00694c9b

0068F87C:
je 0068fa6f

00691161:
mov [esi+00000110], edi

005E01AE:
mov [ebx+0000057C], eax

dealloc(DeletePlatform)
dealloc(pID00drag)
dealloc(Counter)

coNDupeX

Quote:
[ENABLE]
alloc(coNDupeX, 1024)
alloc(RunFlag, 4)
alloc(ESIValue, 4)
alloc(EDIValue, 4)
alloc(ESIAddy,4)
alloc(hookit,128)
alloc(onoff,4)
registersymbol(onoff)
label(returnhere)
label(NoVac)
label(coNseptVac)
label(DoNormal)
label(back)

onoff:
dd 0

//Made by coNsept >>><<<

coNDupeX:
push eax
push ecx
mov ecx,[onoff]
cmp [onoff], 0
je DoNormal
cmp [RunFlag], ecx
je coNseptVac
mov eax, [00794C20]
add eax, 5A4
mov eax, [eax]
sub eax, c
mov [ESIValue],eax
mov eax,[eax+114]
mov [EDIValue],eax
inc [RunFlag]
inc [RunFlag]

coNseptVac:
cmp esi,[ESIValue]
je DoNormal
push ecx
mov ecx,ESIAddy
mov [ecx],esi
pop ecx

DoNormal:
mov [esi+00000110],edi
pop ecx
pop eax
jmp back

ESIAddy:
dd 0

RunFlag:
dd 0

ESIValue:
dd 0

EDIValue:
dd 0

00691161:
jmp coNDupeX
nop
back:

0051C5E0:
jmp hookit
nop
returnhere:

hookit:
cmp [onoff], 0
je NoVac
cmp [ESIAddy], 0
je NoVac
push eax
push ebx
mov eax,[ESIAddy]
mov ebx,[EDIValue]
mov [eax+110],ebx
pop ebx
pop eax

NoVac:
mov [ebx+000003fc],ecx
jmp returnhere

[DISABLE]
unregistersymbol(ESIAddy)
dealloc(coNDupeX)
dealloc(RunFlag)
dealloc(ESIValue)
dealloc(EDIValue)
dealloc(ESIAddy)
dealloc(hookit)
dealloc(onoff)
unregistersymbol(onoff)

0051C5E0:
mov [ebx+000003fc],ecx
00691161:
mov [esi+00000110],edi

PerVac

Quote:
[ENABLE]
00691050:
nop
nop
nop
nop
nop
nop

[DISABLE]
00691050:
mov ecx,[edi+00000134]

Shifu Vac

Quote:
[ENABLE]
0068E566:
db 0f 85 2e 01 00 00

[DISABLE]
0068E566:
db e9 2f 01 00 00

Perfect Dig Dug (Duffy290)

Quote:
[enable]
alloc(NoPlatform, 64)
label(return)

00691161:
jmp NoPlatform
nop
return:

NoPlatform:
mov [esi+110], 00
jmp return

0068F7BD:
jmp 0068f7ed

[Disable]
0068F7BD:
jna 0068f7ed
00691161:
mov [esi+00000110],edi
dealloc(NoPlatform)

Diesel240's Vac Right (Fixed)

Quote:
[enable]
alloc(Diesel240, 64)
label(return)

00691161:
jmp Diesel240
nop
return:
Diesel240:
mov [esi+110], 00
jmp return
00690E70:
db 77
006909DD:
nop
nop
0051F614:
db EB 07

[disable]
00691161:
mov [esi+00000110],edi
00690E70:
jna 00690ee4
006909DD:
jmp 00690a39
0051F614:
jne 0051f61d

dealloc(Diesel240)

Diesel240's Vac Left (Fixed)

Quote:
[enable]
alloc(Diesel240, 64)
label(return)

00691161:
jmp Diesel240
nop
return:
Diesel240:
mov [esi+110], 00
jmp return
00690E01:
db 72
006909DD:
nop
nop
0051F614:
db EB 07

[disable]
00691161:
mov [esi+00000110],edi
00690E01:
jae 00690e56
006909DD:
jmp 00690a39
0051F614:
jne 0051f61d

dealloc(Diesel240)

=============================
–•(-• Other Hack •-)•–
=============================

Skill Hack (Teleport,Flash Jump) --(Without ppl Scaner)-- (Diesel240)

short tut: Tick the Script On and drag Nimble Feet to any key to be teleport
and 3 snails to be flash jump

Quote:
[Enable]
Alloc(SkID,2048)
Label(Sklvl)

Label(skRecover)
Label(skNormal)
Label(SkBack)
Label(lvlRecover)
Label(lvlNormal)
Label(SklvlBack)

SkID:
cmp [eax],3EA
jne skRecover
mov [eax], 4C4F2f
jmp skNormal

skRecover:
cmp [eax],3E8
jne skNormal
mov [eax], 3EBA9E
jmp skNormal

Sklvl:
cmp [edi], 4C4F2f
jne lvlRecover
mov [edi],3EA
jmp lvlNormal

lvlRecover:
cmp [edi], 3EBA9E
jne lvlNormal
mov [edi],3E8
jmp lvlNormal

skNormal:
push [ebp+08]
mov edi,[eax]
jmp SkBack

lvlNormal:
mov eax,[edi]
push 05
push eax
jmp SklvlBack

005FA04E:
jmp SkID
SkBack:

00425F84:
jmp Sklvl
SklvlBack:

[Disable]
005FA04E:
push [ebp+08]
mov edi,[eax]

00425F84:
mov eax,[edi]
push 05
push eax

Dealloc(SkID)

Active Monsters (Void)

Quote:
[Enable]
006904B8:
db 0F 85
[Disable]
006904B8:
db 0F 84

One Level Map (Duffy290)

Quote:
[enable]
0052F623:
fstp st(1)
[disable]
0052F623:
fstp st(0)

No Spawn Hack (Maplestorylover1234)

Quote:
[Enable]
0051C58E:
db 75 15
00690193:
db 0f 83

[disable]
0051C58E:
db 74 15
00690193:
db 0f 86

Small Jump (XxBANNEDxX)

Quote:
[ENABLE]
00690193:
NOP
NOP
NOP
NOP
NOP
NOP
NOP
NOP
NOP
NOP
NOP
NOP
[Disable]
00690193:
jbe 00690227

cradit : diesel240