Azqato 503 Posted March 3, 2007 This is broken up into different sections so you can get the most information out of it as you efficiently as possible. Index :: Section 1: Working Programs include the following: DXWnd Macro Recorder XP Engine Akuma Engine Spuce 2 Kaspersky Engine 2 Storm Engine 5.3.1 Serum Engine BlackJoseph Engine Settings for most of these can be found in this thread, LINK Settings for BlackJoseph Engine can be found in this thread, LINK Section 2: Working hacks: The following are working and not working hacks, if they are highlighted in blue they work, if they are highlighted in red they don't, get it, got it, good! :D Full Godmode - 0064356A Super Tubi - 0048D9A3 Instant Loot (Change value to 0) - 00721BD0 Miss Godmode - 006435A4 Swear - 00452682 Dupex (EIP) - 0067699A CSEAX X - 677a44 CSEAX-Y - 677aa9 Shadow Partner - 62e269 Dark Sight - 6300a8 Speed Attack - 4318ff Fast Attack - 4308bd Meso Drop - 670da7 Fly V1 - 67432c Lag Hack - EAX 0 - 0673dd5 No Knockback - ZF [X] [X] - 6d376e Suck Left Vac - CF [X] [X] - 67685d Suck Right Vac - CF [X] [X] - 6768da SSeaxX - EAX - 00673d40 SSeaxY - EAX - 00673d66 Unlimited Attack - 00785EF4 offset E80 No Breath - 00785EF4 offset 254 Monster scanner - 78560c offset 10 People scanner - 785608 offset 18 Top wall - 785604 offset 8 Bottom wall - 785604 offset 10 Right wall - 785604 offset C Left wall - 785604 offset 4 Character X - 785F64 offset 574 Character Y - 785F64 offset 578 CRC Bypass script: [enable] alloc(newmem,2048) alloc(blaaaa,3670018) label(originalcode) loadbinary(blaaaa,v34.cem) newmem: cmp ecx,00400000 jb originalcode cmp ecx,00780000 ja originalcode mov eax,blaaaa sub eax,00400000 add ecx, eax originalcode: mov eax,[ebp+10] push esi push edi jmp 0045de2c 0045de27: jmp newmem [disable] 0045de27: mov eax,[ebp+10] push esi push edi dealloc(newmem) dealloc(blaaaa) Godmode: [enable] 64356A: je 00643CF5 [disable] 64356A: jne 00643CF5 Super Tubi: [ENABLE] 0048D9A3: nop nop [DISABLE] 0048D9A3: jne 004893EF Swear: [ENABLE] 00452682: nop nop [DISABLE] 00452682: jne 00451d28 Instant Drop: [enable] 721BD0: add [eax],al add [eax],al add [eax],al add [eax],al [disable] 721BD0: add [eax],al add [eax],al add [eax-71],al inc eax Miss Godmode: [ENABLE] 006435A4: xor esi, esi nop [DISABLE] 006435A4: mov esi, [ebp+18] Mouse Vac: [ENABLE] Alloc(MouserX,512) Alloc(MouserY,512) label(back) label(return) 00677A44: jmp MouserX back: 00677AA9: jmp MouserY return: MouserX: mov eax, [785728] mov eax, [eax+978] mov eax, [eax+80] mov [ebx], eax mov edi,[ebp+10] jmp back MouserY: mov eax, [785728] mov eax, [eax+978] mov eax, [eax+84] mov [edi], eax mov ebx,[ebp+14] jmp return [DISABLE] 00677A44: mov [ebx], eax mov edi,[ebp+10] 00677AA9: mov [edi],eax mov ebx,[ebp+14] dealloc(MouserX) dealloc(MouserY) Item Vac: [ENABLE] alloc(ItemVac, 1024) ItemVac: pushad mov ecx, [ebp+8] mov ebx, [ebp-24] mov [ecx], ebx mov [ecx+4], eax mov ecx, eax mov eax, ebx lea edx, [eax-19] mov [ebp-34], edx lea edx, [ecx-32] add eax, 19 add ecx, A mov [ebp-30], edx mov [ebp-2C], eax mov [ebp-28], ecx popad push eax push [ebp-24] lea eax, [ebp-34] jmp 00494599 00494592: jmp ItemVac nop nop [DISABLE] 00494592: push EAX 00494593: push [ebp-24] 00494596: lea eax, [ebp-34] Meso Drop: [enable] registersymbol(Amount) alloc(Amount,4) alloc(Mesars,32) Amount: add [eax],al add [eax],al Mesars: mov eax,[Amount] mov [esi+000000bc], eax jmp 670DAD 00670DA7: jmp Mesars nop [disable] unregistersymbol(Amount) dealloc(Amount,4) dealloc(Mesars,32) 00670DA7: mov [esi+000000bc], eax Lag Hack: [enable] 673DD7: jne 00673DE4 [disable] 673DD7: je 00673DE4 Stab: [Enable] 6d24ad: mov eax,11111115 [Disable] 6d24ad: mov eax,00007fff Stab V2: [Enable] 6d24ad: mov eax,11111111 [Disable] 6d24ad: mov eax,00007fff Swing: [Enable] 6d24ad: mov eax,11111113 [Disable] 6d24ad: mov eax,00007fff Unrandomizer - STR: [Enable] 6d24ad: mov eax,0 [Disable] 6d24ad: mov eax,00007fff Unrandomizer - Dex: [Enable] 6d24ad: mov eax,1 [Disable] 6d24ad: mov eax,00007fff Unrandomizer - INT: [Enable] 6d24ad: mov eax,2 [Disable] 6d24ad: mov eax,00007fff Unrandomizer - Luk: [Enable] 6d24ad: mov eax,3 [Disable] 6d24ad: mov eax,00007fff Pin Unrandomizer: [enable] alloc(pinunrandom,128) label(returnhere) 005F01E4: jmp pinunrandom returnhere: pinunrandom: add eax,edx push edx shr edx,1 mov [eax],edx pop edx cmp byte ptr [eax],ff jmp returnhere [disable] 005F01E4: add eax,edx cmp byte ptr [eax],0a dealloc(pinunrandom) Zero Vac: [ENABLE] 0051DEB6: jne 0051dec7 [DISABLE] 0051DEB6: je 0051dec7 YoYo Dupe Vac (D/cs if left on): [ENABLE] alloc(YoYoDupe, 1024) alloc(RunFlag, 4) alloc(ESIValue, 4) alloc(EDIValue, 4) label(DupeXVac) label(DoNormal) YoYoDupe: push eax cmp [RunFlag], 2 je DupeXVac mov eax, [00785ef4] add eax, 3a0 mov eax, [eax] sub eax, c mov [ESIValue],eax mov eax,[eax+114] mov [EDIValue],eax inc [RunFlag] inc [RunFlag] DupeXVac: cmp esi,[ESIValue] je DoNormal mov edi,[EDIValue] DoNormal: mov [EDIValue],edi pop eax jmp 006769A0 RunFlag: db 00 db 00 db 00 db 00 ESIValue: db 00 db 00 db 00 db 00 EDIValue: db 00 db 00 db 00 db 00 0067699A: jmp YoYoDupe nop [DISABLE] dealloc(YoYoDupe) dealloc(RunFlag) dealloc(ESIValue) dealloc(EDIValue) 0067699A: mov [esi+00000114],edi All ETC Item Filter: [enable] alloc(ItemEdit, 16128) label(CS) registersymbol(counter) alloc(counter, 64) counter: db 00 00 ItemEdit: mov [counter], eax cmp eax,3D0915 je CS cmp eax,3D14BC je CS cmp eax,3D0932 je CS cmp eax,3D0915 je CS cmp eax,3D14BC je CS cmp eax,3D0949 je CS cmp eax,1F72C8 je CS cmp eax,1F6EE0 je CS cmp eax,3D091F je CS cmp eax,3D091A je CS cmp eax,3D14BC je CS cmp eax,1F72C8 je CS cmp eax,1F6EE0 je CS cmp eax,3D14BC je CS cmp eax,1F72C8 je CS cmp eax,1F6EE0 je CS cmp eax,3D092A je CS cmp eax,3D14BC je CS cmp eax,1EAB94 je CS cmp eax,1F72C8 je CS cmp eax,1F6EE0 je CS cmp eax,3D7E3C je CS cmp eax,3D14BC je CS cmp eax,3D0915 je CS cmp eax,3D0914 je CS cmp eax,1F72C8 je CS cmp eax,1F6EE0 je CS cmp eax,3D14BC je CS cmp eax,3D0915 je CS cmp eax,3D09B3 je CS cmp eax,3D3013 je CS cmp eax,3D5721 je CS cmp eax,3D5722 je CS cmp eax,3D82C6 je CS cmp eax,3D0950 je CS cmp eax,3D0994 je CS cmp eax,3D5728 je CS cmp eax,3D0963 je CS cmp eax,3D0909 je CS cmp eax,3D0900 je CS cmp eax,3D0966 je CS cmp eax,3D83CF je CS cmp eax,3D3010 je CS cmp eax,3D09A4 je CS cmp eax,3D0925 je CS cmp eax,3D0982 je CS cmp eax,3D0980 je CS cmp eax,3D0946 je CS cmp eax,3D094F je CS cmp eax,3D0908 je CS cmp eax,3D096F je CS cmp eax,3D841F je CS cmp eax,3D092C je CS cmp eax,3D0971 je CS cmp eax,3D0988 je CS cmp eax,3D0973 je CS cmp eax,3D0917 je CS cmp eax,3D0921 je CS cmp eax,3D090D je CS cmp eax,3D091F je CS cmp eax,3D18A4 je CS cmp eax,3D09BA je CS cmp eax,3D0937 je CS cmp eax,3D0957 je CS cmp eax,3D093E je CS cmp eax,3D0939 je CS cmp eax,3D0919 je CS cmp eax,3D0938 je CS cmp eax,3D0983 je CS cmp eax,3D18A2 je CS cmp eax,3D5727 je CS cmp eax,3D091E je CS cmp eax,3D090E je CS cmp eax,3D0985 je CS cmp eax,3D5723 je CS cmp eax,3D0907 je CS cmp eax,3D0992 je CS cmp eax,3D0944 je CS cmp eax,3D0918 je CS cmp eax,3D0955 je CS cmp eax,3D0951 je CS cmp eax,3D0912 je CS cmp eax,3D09A5 je CS cmp eax,3D09A2 je CS cmp eax,3D094C je CS cmp eax,3D0990 je CS cmp eax,3D09B5 je CS cmp eax,3D5720 je CS cmp eax,3D0997 je CS cmp eax,3D0984 je CS cmp eax,3D0987 je CS cmp eax,3D3016 je CS cmp eax,3D83D6 je CS cmp eax,3D090C je CS cmp eax,3D0948 je CS cmp eax,3D82E3 je CS cmp eax,3D09A7 je CS cmp eax,3D0960 je CS cmp eax,3D0933 je CS cmp eax,3D090F je CS cmp eax,3D09B9 je CS cmp eax,3D0954 je CS cmp eax,3D09B7 je CS cmp eax,3D0927 je CS cmp eax,3D0943 je CS cmp eax,3D094E je CS cmp eax,3D0922 je CS cmp eax,3D0958 je CS cmp eax,3D098E je CS cmp eax,3D0953 je CS cmp eax,3D0930 je CS cmp eax,3D0981 je CS cmp eax,3D0905 je CS cmp eax,3D0915 je CS cmp eax,3D0956 je CS cmp eax,3D0920 je CS cmp eax,3D0947 je CS cmp eax,3D092B je CS cmp eax,3D094A je CS cmp eax,3D18A3 je CS cmp eax,3D093C je CS cmp eax,3D091A je CS cmp eax,3D091D je CS cmp eax,3D093D je CS cmp eax,3D0936 je CS cmp eax,3D0929 je CS cmp eax,3D0978 je CS cmp eax,3D097A je CS cmp eax,3D0970 je CS cmp eax,3D0924 je CS cmp eax,3D3012 je CS cmp eax,3D09B1 je CS cmp eax,3D0968 je CS cmp eax,3D097E je CS cmp eax,3D0928 je CS cmp eax,3D09A0 je CS cmp eax,3D093A je CS cmp eax,3D0906 je CS cmp eax,3D7E3D je CS cmp eax,3D7E31 je CS cmp eax,3D7E3A je CS cmp eax,3D7E3F je CS cmp eax,3D7E3B je CS cmp eax,3D7E3E je CS cmp eax,3D7E30 je CS cmp eax,3D7E40 je CS cmp eax,3D7E39 je CS cmp eax,3D5724 je CS cmp eax,3D0901 je CS cmp eax,3D3015 je CS cmp eax,3D096C je CS cmp eax,3D0911 je CS cmp eax,3D0902 je CS cmp eax,3D0969 je CS cmp eax,3D0964 je CS cmp eax,3D0979 je CS cmp eax,3D099F je CS cmp eax,3D18A0 je CS cmp eax,3D14B9 je CS cmp eax,3D0967 je CS cmp eax,3D095F je CS cmp eax,3D0977 je CS cmp eax,3D0910 je CS cmp eax,3D83D3 je CS cmp eax,3D83D0 je CS cmp eax,3D83D1 je CS cmp eax,3D097C je CS cmp eax,3D5725 je CS cmp eax,3D14B8 je CS cmp eax,3D09A3 je CS cmp eax,3D09A1 je CS cmp eax,3D099D je CS cmp eax,3D099B je CS cmp eax,3D099C je CS cmp eax,3D0995 je CS cmp eax,3D0993 je CS cmp eax,3D0991 je CS cmp eax,3D093F je CS cmp eax,3D09B4 je CS cmp eax,3D09A6 je CS cmp eax,3D3014 je CS cmp eax,3D090A je CS cmp eax,3D0974 je CS cmp eax,3D0976 je CS cmp eax,3D0913 je CS cmp eax,3D0999 je CS cmp eax,3D14BD je CS cmp eax,3D82E9 je CS cmp eax,3D0975 je CS cmp eax,3D0961 je CS cmp eax,3D0904 je CS cmp eax,3D093B je CS cmp eax,3D3011 je CS cmp eax,3D0962 je CS cmp eax,3D0916 je CS cmp eax,3D09A8 je CS cmp eax,3D0972 je CS cmp eax,3D0998 je CS cmp eax,3D091C je CS cmp eax,3D092E je CS cmp eax,3D096A je CS cmp eax,3D096B je CS cmp eax,3D2070 je CS cmp eax,3D2071 je CS cmp eax,3D5726 je CS cmp eax,3D092D je CS cmp eax,3D099A je CS cmp eax,3D097F je CS cmp eax,3D096D je CS cmp eax,3D096E je CS cmp eax,3D0903 je CS cmp eax,3D0986 je CS cmp eax,3D0935 je CS cmp eax,3D0934 je CS cmp eax,3D83D2 je CS cmp eax,3D091B je CS cmp eax,3D18A1 je CS cmp eax,3D097B je CS cmp eax,3D0965 je CS cmp eax,3D0931 je CS cmp eax,3D098F je CS cmp eax,3D0952 je CS cmp eax,3D0945 je CS cmp eax,3D8285 je CS cmp eax,3D8286 je CS mov [edi+34],eax mov edi, [ebp-14] jmp 004956fe CS: mov [edi+34],0 mov edi, [ebp-14] jmp 004956fe 004956f8: jmp ItemEdit [disable] 004956f8: mov [edi+34], eax mov edi, [ebp-14] Timed Dupex: [enable] registersymbol(DX) registersymbol(DXListOffset) registersymbol(DXType) alloc(DX, 1024) alloc(DXListOffset, 4) alloc(DXType,4) alloc(DXFindChar, 1024) alloc(ESIList, 1024) alloc(EDIValue, 4) alloc(DXMap,4) label(CompareOffset) label(StoreESI) label(DoNormal) label(LeaveMe) label(DXMonster) label(NoDupe) label(DoVac) alloc(DXCounter,4) registersymbol(VacTime) registersymbol(TotalTime) alloc(VacTime,4) alloc(TotalTime,4) alloc(DXCounter,4) label(DXPause) label(DXResetCounter) label(DXReset) DXCounter: add [eax],al add [eax],al VacTime: js 0ff90c16 add [eax],al TotalTime: or [edi],al add [eax],al DXCounter: sub al,01 add [eax],al //Original Code DXListOffset: add [eax],al add [eax],al DXType: add [eax],al add [eax],al DX: push eax push ebx push ecx push edx mov ebx,[DXType] cmp ebx, 00 // 0 = Do Nothing je NoDupe cmp ebx, 01 je DXFindChar cmp ebx, 02 je DoVac cmp ebx, 03 je DoVac //Modified Code cmp ebx, 04 je DXReset jmp DoNormal DXFindChar: mov [esi+114],edi mov eax,0 mov ebx,DXListOffset mov ecx,ESIList mov edx,EDIValue CompareOffset: cmp eax,[ebx] je StoreESI cmp esi,[ecx+eax*4] je LeaveMe inc eax jmp CompareOffset StoreESI: mov [ecx+eax*4],esi inc eax mov [ebx],eax mov [edx],edi DoVac: mov eax,[DXCounter] cmp eax,[VacTime] inc eax mov [DXCounter],eax jae DXPause //Original mov ebx,[DXListOffset] dec ebx mov ecx,ESIList mov eax,[ecx+ebx*4] cmp esi,eax je DoNormal mov ebx,[DXType] cmp ebx, 02 jne DXMonster mov edi,[eax+114] jmp DoNormal DXMonster: cmp ebx, 03 jne NoDupe mov edi,[EDIValue] jmp DoNormal NoDupe: mov ebx, 0 mov [DXListOffset],ebx mov [DXCounter],0 DoNormal: mov [esi+114],edi LeaveMe: pop edx pop ecx pop ebx pop eax jmp 6769a0 DXPause: cmp eax,[TotalTime] jae DXResetCounter jmp DoNormal DXResetCounter: mov [DXCounter],0 jmp DoNormal DXReset: mov ebx, 0 mov [DXListOffset],ebx mov [DXCounter],0 mov [DXType],1 jmp DoNormal 0067699A: jmp DX nop [disable] 0067699A: mov [esi+114],edi dealloc(DXFindChar) dealloc(DXListOffset) dealloc(ESIList) dealloc(DX) dealloc(EDIValue) dealloc(DXCounter) unregistersymbol(DX) unregistersymbol(DXListOffset) unregistersymbol(DXType) Fast Attack: [Enable] 004318FD: je 00431960 [Disable] 004318FD: jle 00431960 I love mesos: [Enable] 00495DF7: je 00495e12 [Disable] 00495DF7: jne 00495e12 Image Person Freeze: [Enable] 0062E0B3: jne 0062e102 [Disable] 0062E0B3: je 0062e102 Memory Loot: [Enable] 004945E2: jne 004945ed [Disable] 004945E2: je 004945ed Shiftu Vac: [Enable] 006762D7: ja 006763a6 [Disable] 006762D7: jb 006763a6 Ranged Vac [ENABLE] alloc(dem,128) label(back) dem: mov eax, [785EF4] mov eax, [eax+390] add eax, 100 mov [ebx+398], eax mov [ebx+390], eax mov eax, [785EF4] mov eax, [eax+394] mov [ebx+394], eax mov [ebx+39C], eax jmp back 51DF08: jmp dem nop back: [DISABLE] 51DF08: mov [ebx+39C], eax dealloc(dem,128) Section 3: To find/make hacks you need to learn C++ along with ASM Here is a link to a good tutorial on MPC LINK or the .rar file LINK To learn ASM follow this link, LINK Section 4: A good thread that contains some UCE tutorials is linked here, LINK. Making a UCE can be harder then you think but don't give up because real hackers never quit! :P Section 5: Ever wanted to update your own hacks but thought you were too noob to do it? Well you are wrong, anyone can do it even you. All you have to do is follow this tutorial, LINK. Section 6: Learn VB(Visual Basic), Delphi, or C++ Section 7: For all of you that don't know or understand how to then go to this thread, LINK. Section 8: Settings for the UCE you use! The Link! Section 9: Basic ASM! - The LINK Section 10: Other useful links, The Link The Link & The Link & The Link &Teh Bot! Credits to All those that helped, BlueF0X, thesanctum/S3NSA, Idogears from CEF, Bonkers, Soliunasm, xxosirisxx, any other mods that helped, and anyone that deserves the right credits. Share this post Link to post
Senior Airman Vudoo. 40 Posted March 3, 2007 fly works i used it sometimes... Share this post Link to post
Raid Zhen Xen 0 Posted September 19, 2007 Can u post a MapleSEA HACK? (Not like hack engines) Juz one click and the hack is available for use Share this post Link to post