Jump to content
Heads Up! This website is no longer maintained, if your a member from our era, consider joining the discord to say hello.
Sign in to follow this  

[GMS/OMS] v .34 Hack Addresses

Recommended Posts

All are untested but the addresses should be correct. I will add more and edit the ones that I have not completely finished or thought I finished but didn't. Sorry for not finishing but I need to go get ready for school and such.

 

Edit 2/9/07 :: I added the values for roses, chocolates, and wish tickets to the all etc item filter, thanks to Arctan for originally finding them and to PureGangster for posting them on MPC.

 

-=General Addresses=-

 

Full Godmode - 0064356A

Super Tubi - 0048D9A3

Instant Loot (Change value to 0) - 00721BD0

Miss Godmode - 006435A4

Swear - 00452682

Dupex (EIP) - 0067699A

CSEAX X - 677a44

CSEAX-Y - 677aa9

Shadow Partner - 62e269

Dark Sight - 6300a8

Speed Attack - 4318ff

Fast Attack - 4308bd

Meso Drop - 670da7

Fly V1 - 67432c

Lag Hack - EAX 0 - 0673dd5

No Knockback - ZF [X] [X] - 6d376e

Suck Left Vac - CF [X] [X] - 67685d

Suck Right Vac - CF [X] [X] - 6768da

SSeaxX - EAX - 00673d40

SSeaxY - EAX - 00673d66

Unlimited Attack - 00785EF4 offset E80

No Breath - 00785EF4 offset 254

Monster scanner - 78560c offset 10

People scanner - 785608 offset 18

Top wall - 785604 offset 8

Bottom wall - 785604 offset 10

Right wall - 785604 offset C

Left wall - 785604 offset 4

___________________________________

 

-=CRC Scripts=-

 

CRC Bypass script

Code: [enable]

alloc(newmem,2048)

alloc(blaaaa,3670018)

label(originalcode)

loadbinary(blaaaa,v34.cem)

 

newmem:

cmp ecx,00400000

jb originalcode

 

cmp ecx,00780000

ja originalcode

 

mov eax,blaaaa

sub eax,00400000

add ecx, eax

 

originalcode:

mov eax,[ebp+10]

push esi

push edi

jmp 0045de2c

 

0045de27:

jmp newmem

 

[disable]

0045de27:

mov eax,[ebp+10]

push esi

push edi

dealloc(newmem)

dealloc(blaaaa)

 

Godmode:

Code: [enable]

64356A:

je 00643CF5

[disable]

64356A:

jne 00643CF5

Super Tubi:

Code: [ENABLE]

0048D9A3:

nop

nop

[DISABLE]

0048D9A3:

jne 004893EF

Swear:

Code: [ENABLE]

00452682:

nop

nop

[DISABLE]

00452682:

jne 00451d28

Instant Drop:

Code: [enable]

721BD0:

add [eax],al

add [eax],al

add [eax],al

add [eax],al

 

[disable]

721BD0:

add [eax],al

add [eax],al

add [eax-71],al

inc eax

Miss Godmode:

Code: [ENABLE]

006435A4:

xor esi, esi

nop

 

[DISABLE]

006435A4:

mov esi, [ebp+18]

Mouse vac:

Code: [ENABLE]

Alloc(MouserX,512)

Alloc(MouserY,512)

label(back)

label(return)

 

00677A44:

jmp MouserX

back:

 

00677AA9:

jmp MouserY

return:

 

MouserX:

mov eax, [0077F728]

mov eax, [eax+978]

mov eax, [eax+80]

mov [ebx], eax

mov edi,[ebp+10]

jmp back

 

MouserY:

mov eax, [0077F728]

mov eax, [eax+978]

mov eax, [eax+84]

mov [edi], eax

mov ebx,[ebp+14]

jmp return

 

[DISABLE]

00677A44:

mov [ebx], eax

mov edi,[ebp+10]

 

00677AA9:

mov [edi],eax

mov ebx,[ebp+14]

dealloc(MouserX)

dealloc(MouserY)

Item Vac

Code: [ENABLE]

alloc(ItemVac, 1024)

 

ItemVac:

pushad

mov ecx, [ebp+8]

mov ebx, [ebp-24]

mov [ecx], ebx

mov [ecx+4], eax

mov ecx, eax

mov eax, ebx

 

lea edx, [eax-19]

mov [ebp-34], edx

lea edx, [ecx-32]

add eax, 19

add ecx, A

mov [ebp-30], edx

mov [ebp-2C], eax

mov [ebp-28], ecx

popad

 

push eax

push [ebp-24]

lea eax, [ebp-34]

jmp 00494599

 

00494592:

jmp ItemVac

nop

nop

 

[DISABLE]

00494592:

push EAX

00494593:

push [ebp-24]

00494596:

lea eax, [ebp-34]

Meso Drop:

Code: [enable]

registersymbol(Amount)

alloc(Amount,4)

alloc(Mesars,32)

 

Amount:

add [eax],al

add [eax],al

 

Mesars:

mov eax,[Amount]

mov [esi+000000bc], eax

jmp 670DAD

 

00670DA7:

jmp Mesars

nop

 

[disable]

unregistersymbol(Amount)

dealloc(Amount,4)

dealloc(Mesars,32)

00670DA7:

mov [esi+000000bc], eax

Lag Hack:

Code: [enable]

673DD7:

jne 00673DE4

[disable]

673DD7:

je 00673DE4

Stab:

Code: [Enable]

6d24ad:

mov eax,11111115

 

[Disable]

6d24ad:

mov eax,00007fff

Stab v2:

Code: [Enable]

6d24ad:

mov eax,11111111

 

[Disable]

6d24ad:

mov eax,00007fff

Swing

Code: [Enable]

6d24ad:

mov eax,11111113

 

[Disable]

6d24ad:

mov eax,00007fff

Unradomizer - STR

Code: [Enable]

6d24ad:

mov eax,0

 

[Disable]

6d24ad:

mov eax,00007fff

Unradomizer - DEX

Code: [Enable]

6d24ad:

mov eax,1

 

[Disable]

6d24ad:

mov eax,00007fff

Unradomizer - INT

Code: [Enable]

6d24ad:

mov eax,2

 

[Disable]

6d24ad:

mov eax,00007fff

Unradomizer - LUK

Code: [Enable]

6d24ad:

mov eax,3

 

[Disable]

6d24ad:

mov eax,00007fff

Tele Up:

Code: [enable]

00676776:

jbe 006767E4

 

[disable]

00676776:

jae 006767E4

Shiftu Vac

Code: [ENABLE]

00673E84:

jne 00673FB8

[DISABLE]

00673E84:

jmp 00673FB8

Pin Unrandomizer

Code: [enable]

alloc(pinunrandom,128)

label(returnhere)

 

005F01E4:

jmp pinunrandom

returnhere:

 

pinunrandom:

add eax,edx

push edx

shr edx,1

mov [eax],edx

pop edx

cmp byte ptr [eax],ff

jmp returnhere

 

[disable]

005F01E4:

add eax,edx

cmp byte ptr [eax],0a

 

dealloc(pinunrandom)

dEMI (Might be patched )

Code: [ENABLE]

alloc(dv,100)

alloc(dvtype,4)

label(normalx)

label(normaly)

label(endx)

label(endy)

label(backdv)

 

 

label(dvzero)

label(dvone)

registersymbol(dvtype)

 

dv:

mov eax, [00785ef4]

push eax

mov eax, [eax+390]

mov [ebx+398], eax

cmp [dvtype], 0

je dvzero

cmp [dvtype], 1

je dvone

sub eax, 100

jmp dvzero

dvone:

add eax, 100

dvzero:

mov [ebx+390], eax

pop eax

mov eax, [eax+394]

mov [ebx+394], eax

mov [ebx+39C], eax

jmp backdv

 

push ecx

mov ecx, [00785ef4]

add ecx,390

cmp ebx, ecx

je normalx

mov ecx, [ecx]

cmp [dvtype], 0

cmp [dvtype], 1

sub ecx, 100

add ecx, 100

cmp [ebx],ecx

je endx

normalx:

mov [ebx],eax

endx:

pop ecx

mov edi, [ebp+10]

 

 

push ecx

mov ecx, [00785ef4]

add ecx,394

cmp edi, ecx

je normaly

mov ecx, [ecx]

cmp [edi],ecx

je endy

normaly:

mov [edi],eax

endy:

pop ecx

mov ebx, [ebp+14]

 

 

0051df08:

jmp dv

nop

backdv:

 

00677a44:

 

00677aa9:

 

 

[DISABLE]

0051df08:

mov [ebx+39c], eax

00677a44:

mov [ebx],eax

mov edi, [ebp+10]

00677aa9:

mov [edi],eax

mov ebx, [ebp+14]

 

dealloc(dv)

dealloc(uvx)

dealloc(uvy)

dealloc(dvtype)

Timed Dupex

Code: [enable]

registersymbol(DX)

registersymbol(DXListOffset)

registersymbol(DXType)

alloc(DX, 1024)

alloc(DXListOffset, 4)

alloc(DXType,4)

alloc(DXFindChar, 1024)

alloc(ESIList, 1024)

alloc(EDIValue, 4)

alloc(DXMap,4)

label(CompareOffset)

label(StoreESI)

label(DoNormal)

label(LeaveMe)

label(DXMonster)

label(NoDupe)

label(DoVac)

 

alloc(DXCounter,4)

registersymbol(VacTime)

registersymbol(TotalTime)

alloc(VacTime,4)

alloc(TotalTime,4)

alloc(DXCounter,4)

label(DXPause)

label(DXResetCounter)

label(DXReset)

 

DXCounter:

add [eax],al

add [eax],al

 

VacTime:

js 0ff90c16

add [eax],al

 

TotalTime:

or [edi],al

add [eax],al

 

DXCounter:

sub al,01

add [eax],al

 

//Original Code

DXListOffset:

add [eax],al

add [eax],al

 

DXType:

add [eax],al

add [eax],al

 

DX:

push eax

push ebx

push ecx

push edx

mov ebx,[DXType]

cmp ebx, 00 // 0 = Do Nothing

je NoDupe

cmp ebx, 01

je DXFindChar

cmp ebx, 02

je DoVac

cmp ebx, 03

je DoVac

//Modified Code

cmp ebx, 04

je DXReset

jmp DoNormal

 

DXFindChar:

mov [esi+114],edi

mov eax,0

mov ebx,DXListOffset

mov ecx,ESIList

mov edx,EDIValue

 

CompareOffset:

cmp eax,[ebx]

je StoreESI

cmp esi,[ecx+eax*4]

je LeaveMe

inc eax

jmp CompareOffset

 

StoreESI:

mov [ecx+eax*4],esi

inc eax

mov [ebx],eax

mov [edx],edi

 

DoVac:

mov eax,[DXCounter]

cmp eax,[VacTime]

inc eax

mov [DXCounter],eax

jae DXPause

//Original

mov ebx,[DXListOffset]

dec ebx

mov ecx,ESIList

mov eax,[ecx+ebx*4]

cmp esi,eax

je DoNormal

 

mov ebx,[DXType]

cmp ebx, 02

jne DXMonster

mov edi,[eax+114]

jmp DoNormal

 

DXMonster:

cmp ebx, 03

jne NoDupe

mov edi,[EDIValue]

jmp DoNormal

 

NoDupe:

mov ebx, 0

mov [DXListOffset],ebx

mov [DXCounter],0

 

DoNormal:

mov [esi+114],edi

 

LeaveMe:

pop edx

pop ecx

pop ebx

pop eax

jmp 6769a0

 

DXPause:

cmp eax,[TotalTime]

jae DXResetCounter

jmp DoNormal

 

DXResetCounter:

mov [DXCounter],0

jmp DoNormal

 

DXReset:

mov ebx, 0

mov [DXListOffset],ebx

mov [DXCounter],0

mov [DXType],1

jmp DoNormal

 

0067699A:

jmp DX

nop

 

[disable]

0067699A:

mov [esi+114],edi

 

dealloc(DXFindChar)

dealloc(DXListOffset)

dealloc(ESIList)

dealloc(DX)

dealloc(EDIValue)

dealloc(DXCounter)

unregistersymbol(DX)

unregistersymbol(DXListOffset)

unregistersymbol(DXType) All etc item fliter

Code: [enable]

alloc(ItemEdit, 16128)

label(CS)

registersymbol(counter)

alloc(counter, 64)

 

counter:

db 00 00

 

ItemEdit:

mov [counter], eax

cmp eax,3D0915

je CS

cmp eax,3D14BC

je CS

cmp eax,3D0932

je CS

cmp eax,3D0915

je CS

cmp eax,3D14BC

je CS

cmp eax,3D0949

je CS

cmp eax,1F72C8

je CS

cmp eax,1F6EE0

je CS

cmp eax,3D091F

je CS

cmp eax,3D091A

je CS

cmp eax,3D14BC

je CS

cmp eax,1F72C8

je CS

cmp eax,1F6EE0

je CS

cmp eax,3D14BC

je CS

cmp eax,1F72C8

je CS

cmp eax,1F6EE0

je CS

cmp eax,3D092A

je CS

cmp eax,3D14BC

je CS

cmp eax,1EAB94

je CS

cmp eax,1F72C8

je CS

cmp eax,1F6EE0

je CS

cmp eax,3D7E3C

je CS

cmp eax,3D14BC

je CS

cmp eax,3D0915

je CS

cmp eax,3D0914

je CS

cmp eax,1F72C8

je CS

cmp eax,1F6EE0

je CS

cmp eax,3D14BC

je CS

cmp eax,3D0915

je CS

cmp eax,3D09B3

je CS

cmp eax,3D3013

je CS

cmp eax,3D5721

je CS

cmp eax,3D5722

je CS

cmp eax,3D82C6

je CS

cmp eax,3D0950

je CS

cmp eax,3D0994

je CS

cmp eax,3D5728

je CS

cmp eax,3D0963

je CS

cmp eax,3D0909

je CS

cmp eax,3D0900

je CS

cmp eax,3D0966

je CS

cmp eax,3D83CF

je CS

cmp eax,3D3010

je CS

cmp eax,3D09A4

je CS

cmp eax,3D0925

je CS

cmp eax,3D0982

je CS

cmp eax,3D0980

je CS

cmp eax,3D0946

je CS

cmp eax,3D094F

je CS

cmp eax,3D0908

je CS

cmp eax,3D096F

je CS

cmp eax,3D841F

je CS

cmp eax,3D092C

je CS

cmp eax,3D0971

je CS

cmp eax,3D0988

je CS

cmp eax,3D0973

je CS

cmp eax,3D0917

je CS

cmp eax,3D0921

je CS

cmp eax,3D090D

je CS

cmp eax,3D091F

je CS

cmp eax,3D18A4

je CS

cmp eax,3D09BA

je CS

cmp eax,3D0937

je CS

cmp eax,3D0957

je CS

cmp eax,3D093E

je CS

cmp eax,3D0939

je CS

cmp eax,3D0919

je CS

cmp eax,3D0938

je CS

cmp eax,3D0983

je CS

cmp eax,3D18A2

je CS

cmp eax,3D5727

je CS

cmp eax,3D091E

je CS

cmp eax,3D090E

je CS

cmp eax,3D0985

je CS

cmp eax,3D5723

je CS

cmp eax,3D0907

je CS

cmp eax,3D0992

je CS

cmp eax,3D0944

je CS

cmp eax,3D0918

je CS

cmp eax,3D0955

je CS

cmp eax,3D0951

je CS

cmp eax,3D0912

je CS

cmp eax,3D09A5

je CS

cmp eax,3D09A2

je CS

cmp eax,3D094C

je CS

cmp eax,3D0990

je CS

cmp eax,3D09B5

je CS

cmp eax,3D5720

je CS

cmp eax,3D0997

je CS

cmp eax,3D0984

je CS

cmp eax,3D0987

je CS

cmp eax,3D3016

je CS

cmp eax,3D83D6

je CS

cmp eax,3D090C

je CS

cmp eax,3D0948

je CS

cmp eax,3D82E3

je CS

cmp eax,3D09A7

je CS

cmp eax,3D0960

je CS

cmp eax,3D0933

je CS

cmp eax,3D090F

je CS

cmp eax,3D09B9

je CS

cmp eax,3D0954

je CS

cmp eax,3D09B7

je CS

cmp eax,3D0927

je CS

cmp eax,3D0943

je CS

cmp eax,3D094E

je CS

cmp eax,3D0922

je CS

cmp eax,3D0958

je CS

cmp eax,3D098E

je CS

cmp eax,3D0953

je CS

cmp eax,3D0930

je CS

cmp eax,3D0981

je CS

cmp eax,3D0905

je CS

cmp eax,3D0915

je CS

cmp eax,3D0956

je CS

cmp eax,3D0920

je CS

cmp eax,3D0947

je CS

cmp eax,3D092B

je CS

cmp eax,3D094A

je CS

cmp eax,3D18A3

je CS

cmp eax,3D093C

je CS

cmp eax,3D091A

je CS

cmp eax,3D091D

je CS

cmp eax,3D093D

je CS

cmp eax,3D0936

je CS

cmp eax,3D0929

je CS

cmp eax,3D0978

je CS

cmp eax,3D097A

je CS

cmp eax,3D0970

je CS

cmp eax,3D0924

je CS

cmp eax,3D3012

je CS

cmp eax,3D09B1

je CS

cmp eax,3D0968

je CS

cmp eax,3D097E

je CS

cmp eax,3D0928

je CS

cmp eax,3D09A0

je CS

cmp eax,3D093A

je CS

cmp eax,3D0906

je CS

cmp eax,3D7E3D

je CS

cmp eax,3D7E31

je CS

cmp eax,3D7E3A

je CS

cmp eax,3D7E3F

je CS

cmp eax,3D7E3B

je CS

cmp eax,3D7E3E

je CS

cmp eax,3D7E30

je CS

cmp eax,3D7E40

je CS

cmp eax,3D7E39

je CS

cmp eax,3D5724

je CS

cmp eax,3D0901

je CS

cmp eax,3D3015

je CS

cmp eax,3D096C

je CS

cmp eax,3D0911

je CS

cmp eax,3D0902

je CS

cmp eax,3D0969

je CS

cmp eax,3D0964

je CS

cmp eax,3D0979

je CS

cmp eax,3D099F

je CS

cmp eax,3D18A0

je CS

cmp eax,3D14B9

je CS

cmp eax,3D0967

je CS

cmp eax,3D095F

je CS

cmp eax,3D0977

je CS

cmp eax,3D0910

je CS

cmp eax,3D83D3

je CS

cmp eax,3D83D0

je CS

cmp eax,3D83D1

je CS

cmp eax,3D097C

je CS

cmp eax,3D5725

je CS

cmp eax,3D14B8

je CS

cmp eax,3D09A3

je CS

cmp eax,3D09A1

je CS

cmp eax,3D099D

je CS

cmp eax,3D099B

je CS

cmp eax,3D099C

je CS

cmp eax,3D0995

je CS

cmp eax,3D0993

je CS

cmp eax,3D0991

je CS

cmp eax,3D093F

je CS

cmp eax,3D09B4

je CS

cmp eax,3D09A6

je CS

cmp eax,3D3014

je CS

cmp eax,3D090A

je CS

cmp eax,3D0974

je CS

cmp eax,3D0976

je CS

cmp eax,3D0913

je CS

cmp eax,3D0999

je CS

cmp eax,3D14BD

je CS

cmp eax,3D82E9

je CS

cmp eax,3D0975

je CS

cmp eax,3D0961

je CS

cmp eax,3D0904

je CS

cmp eax,3D093B

je CS

cmp eax,3D3011

je CS

cmp eax,3D0962

je CS

cmp eax,3D0916

je CS

cmp eax,3D09A8

je CS

cmp eax,3D0972

je CS

cmp eax,3D0998

je CS

cmp eax,3D091C

je CS

cmp eax,3D092E

je CS

cmp eax,3D096A

je CS

cmp eax,3D096B

je CS

cmp eax,3D2070

je CS

cmp eax,3D2071

je CS

cmp eax,3D5726

je CS

cmp eax,3D092D

je CS

cmp eax,3D099A

je CS

cmp eax,3D097F

je CS

cmp eax,3D096D

je CS

cmp eax,3D096E

je CS

cmp eax,3D0903

je CS

cmp eax,3D0986

je CS

cmp eax,3D0935

je CS

cmp eax,3D0934

je CS

cmp eax,3D83D2

je CS

cmp eax,3D091B

je CS

cmp eax,1600FF

je CS

cmp eax,160100

je CS

cmp eax,160101

je CS

cmp eax,3D8285

je CS

cmp eax,3D8286

je CS

cmp eax,3D8437

je CS

cmp eax,3D8438

je CS

cmp eax,3D8438

je CS

cmp eax,3D8311

je CS

cmp eax,3D18A1

je CS

cmp eax,3D097B

je CS

cmp eax,3D0965

je CS

cmp eax,3D0931

je CS

cmp eax,3D098F

je CS

cmp eax,3D0952

je CS

cmp eax,3D0945

je CS

mov [edi+34],eax

mov edi, [ebp-14]

jmp 004956fe

 

CS:

mov [edi+34],0

mov edi, [ebp-14]

jmp 004956fe

 

004956f8:

jmp ItemEdit

 

[disable]

004956f8:

mov [edi+34], eax

mov edi, [ebp-14]

Ranged dEMI (currently working to fix the script)

Code: [Enable]

alloc(dv,100)

alloc(uvx,100)

alloc(uvy,100)

alloc(dvtype,4)

label(normalx)

label(normaly)

label(endx)

label(endy)

label(backdv)

label(backuvy)

label(backuvx)

label(dvzero)

label(dvone)

label(uvzero)

label(uvone)

registersymbol(dvtype)

 

dv:

mov eax, [00785ef4]

push eax

mov eax, [eax+390]

mov [ebx+398], eax

add [ebx+398], 100

cmp [dvtype], 0

je dvzero

cmp [dvtype], 1

je dvone

sub eax, 100

jmp dvzero

 

dvone:

add eax, 100

 

dvzero:

mov [ebx+390], eax

pop eax

mov eax, [eax+394]

mov [ebx+394], eax

mov [ebx+39C], eax

jmp backdv

 

uvx:

push ecx

mov ecx, [00785ef4]

add ecx,390

cmp ebx, ecx

je normalx

mov ecx, [ecx]

cmp [dvtype], 0

je uvzero

cmp [dvtype], 1

je uvone

sub ecx, 100

jmp uvzero

 

uvone:

add ecx, 100

 

uvzero:

cmp [ebx],ecx

je endx

 

normalx:

mov [ebx],eax

 

endx:

pop ecx

mov edi, [ebp+10]

jmp backuvx

 

uvy:

push ecx

mov ecx, [00785ef4]

add ecx,394

cmp edi, ecx

je normaly

mov ecx, [ecx]

cmp [edi],ecx

je endy

 

normaly:

mov [edi],eax

 

endy:

pop ecx

mov ebx, [ebp+14]

jmp backuvy

 

51df08:

jmp dv

nop

backdv:

 

677a44:

jmp uvx

backuvx:

 

677aa9:

jmp uvy

backuvy:

 

[Disable]

51df08:

mov [ebx+39c], eax

 

677a44:

mov [ebx],eax

mov edi, [ebp+10]

 

677aa9:

mov [edi],eax

mov ebx, [ebp+14]

 

dealloc(dv)

dealloc(uvx)

dealloc(uvy)

dealloc(dvtype)

unregistersymbol(dvtype)

Credits to the respected creators of the scripts and finders of the addresses and partial credit for me updating them, also to simonlaserna for some addresses and to ICE} for the v34.cem, link to download it : link

Note to mods : I tried uploading it but you can scan and keep or remove the link.

 

Note to mods :: All rapidshare / megaupload links are scruie approved and or are mod approved by someone else.

Engines to download ::

XP engine

Akuma

Spuce 2

Kaspersky Engine 2

Storm Engine 5.3.1

Serum Engine

BlackJoseph Engine

Most settings for these engines are posted in this thread. link

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×