Acim
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 04 Jun 2007
Posts: 1948
Location: If anyone has a GMS DK and they don't need it I'll have it!!
|
 Posted: Tue Jun 12, 2007 3:04 pm Post subject: Might already be posted... HOW TO UPDATE |
 |
|
This was written by Iamok of G@meCheetah (why cant I say it?), completely goes to him. Not me.
Well that time is coming soon. Patch .39 is on it's way and we all need to start preparing to update our crap load of addresses. I have compliled a list of various ways to go about doing so.
Table of Contents
Section 1
Array of Bytes
Section 2
Recognizing and Removing Variables From You AoBs
Section 3
Updating Using Gamevision
Section 4
Updating using ollydbg
Section 5
Updating Using .CEMs
Section 6
Updating addresses with opcode using a CE
Section 7
Updating A Script
Section 8
Updating Pointers
Section 9
Attachments
Section 1
By Soliunasm
Array Of Bytes
Well it's that season, with hackers flying around. A little boy came up from the ground. He asked "Why do I die?" The answer was "Because you need godmode -BADWORD filtered by Aksha filter-". The little boy looked gleefully, at the brave man. He wanted to know how to get this great hack. He went to MPC forums and what did he discover? He had become a leecher, like any other. He asked for hacks all around, fleeing to the sticky's with everything found. A new patch came, he remained so sad. Until the people found more for this clan. He took all the addys and what did he discover "How come I can't get these" he asked his mother.
All right, with that out of the way *clears throat*. The point of that story was the child or something wanted to know how people find hacks. Well I'm here to teach you :knockedout:
We Need You To Learn How To Find Them
1. Log in to maple and bypass and such.
2. When you are logged in, go to the Cheat Table and where it says "4 Byte", double-click that and select "Array of Bytes".
3. The value should have changed to "00 00 00 00" or something like that.
4. Copy that and put it into notepad or something.
5. That is how you find the Array of Bytes :bandit:
Video Tutorial:By ICE}
Picture Tutorial:Here
How To Find An Address
1. Go to "Memory View" and right-click on the bottom box (Do not I repeat do NOT click any of those letters past the addresses or else it will Blue-Screen you).
2. Select "Search Memory".
3. Tick the box that says "(Array of) byte" and put in the Array you have.
4. If you followed these steps correctly, it will lead you to the address!
Video Tutorial:By WsTsK8eR
Picture Tutorial:Here
Section 2
By Sponge
Recognizing and Removing Variables From You AoBsSituation:
MapleStory just went through a patch. You find you're AOB's and start searching. Oh no!!! They don't work... Chances are, you have variables in your AOB's. This will also help port things from one version of MS to another.
Solution:
Lets first look at...
Little Endian:
I will be using an address near the No Soft-Keyboard address.
Code:
004805BB |. A1 74607D00 MOV EAX,DWORD PTR DS:[7D6074]To understand how little endian works we have to look at the address part of the script.
Human Language: 7D6074
Computer Language: 74607D
If you can conceptualize what I'm trying to say...
Little Endian stores in hex the bytes in a backwords order.
This will help you quickly recognize offsets and addresses in AOB's.
Common Variables:
Offsets, jumps, and addresses are likely to change between versions of MS and patches.
XX = Variable (I'll later show you how to add that into the AOB.)
Jumps:
Code:
Short jump: 75 XX
Long jumps: 0F XX XX XX XX XX or if you're sure the conditional jump type is the same 0F [Don't make this byte a variable] XX XX XX XX.Offsets:
004805C0 |. 8D48 04 LEA ECX,DWORD PTR DS:[EAX+4]
The offset is 4 at this address. It is subject to change.
Code:
8D 48 XXAddresses:
Look back at the address used to show how little endian works.
MOV EAX,DWORD PTR DS:[7D6074] The AOB should be...
Code:
A1 XX XX XX 00Turning it into a searchable AOB:
I'll be using the first address introduced to show you how to add variables into the AOB.
For easier reading I will represent variables as underscores/_.
However variables are represented by spaces in CE.
Thanks to Drkgodz and prolific... if it is easier for you, you may use ?? for the variable byte.
1. Type in the first byte with a space in between bytes.
Code:
A12. Add in the first variable byte with no space in between bytes.
Code:
A1 _3. Continue with the rest of the AOB.
Code:
A1 ___00The final result should be:
Code:
A1 00A simple way to calculate the number of spaces is to get number of bytes+1. So you have 2 variable bytes +1 which makes 3 spaces.
__________________________________________________ __________________________________________
Offtopic Tip:
Sometimes when you write codecaves(allocs are codecaves) you use opcodes that modify flags. Conditional jumps are decided whether to jump or not by flags. So it is advisable to use pushf before you start and popf before you jump back to normal MS code. No you do not need to use popfd or pushfd, Uzeil and I already discussed that pushfd and popfd push higher level flags and that we do not need to use those.
Section 3
By SpiffySlayer
GamevisionIf you don't know what GameVision is, search for it.
How to people update address/scripts so fast?
This shows how to add more address to update in a single click.
If you're not Tech-Savy, there's no point for you to try it. I'll be skipping a lot of common sense steps.
A. I'm assuming you have GV.
1. Open RegEdit.
2. Local machine --> Software ---> GameVision.
3. Open the MapleStory Directory.
-------------------------------------------
B. How to add your own.
1. Right-Click MapleStory Dir, New--> Key
2. Rename that to whatever hack you're going to use. Not neccesary, but helps when organizing.
3. Right click the new dir --> New -- > String Value.
4. Rename it to "Identify"
5. Then, for the value, add a "%" and whatever you want to call it.
I.E --> %Godmode or --> %Stubi
6. Right click the dir --> New --> String Value.
7. Rename as "Search"
8. Add the value as the AOB of the address, WITHOUT SPACES:
I.E Instead of
Code:
89 07 8B 5D 14 85 DB 74 58 FF B6 84 00 00 00 8DYou want
Code:
89078B5D1485DB7458FFB6840000008D9. Open the MapleStory Dir, There should be a file called
"TextFormat".
10. Under here, write how you want your address to appear, using your "Identify" name.
Ie.
Godmode: %Godmode (Taken from example above).
Once again, if you don't know what this means, go google GameVision. Or something else. It is a file made by the godly Shu.
Section 4
By SpiffySlayer
Updating Using olly dbg
First of all, it's a tutorial made in flash, since it's easier to show you. And, it's 12 mb.
For those people who are confused about the AOB'S changing - How to find the addresses, even with different AOB'S.
Credits : Camtasia for an awesome screen recorder.(and instant demo)
Olly Dbg - oleh yuschuck
Video TuT
Download Video TuT
Section 5
By duffy290
Updating Using .CEMs
~~~~~~~Updating Hax~~~~~~~~
~~~~~~Quick Duff Guide~~~~~~~
#Loading CEM's#
1.Load two cheat engines such as game cheetah
2.Goto open process, usally top left icon or file > open process
3.Click open file and load v37.cem in first engine & v38.cem in 2nd engine
#Update Example (One Level Map v37)#
We will refer to which engine to goto as V37 (one with v37 cem load) & V38 (38.cem loaded)
Code:
[enable]
00548d73:
fstp st(1)
[disable]
00548d73:
fstp st(0)#V37 Engine#
1.As you cem region starts from 00400000 we need to minus this amount from the address first so
548d73 = 148d73
2.Goto memory view and right click goto address 148d73 it will shoe the opcode fstp st(0) from the disable section (orginal opcode)
3.Ok so now we know we are at the correct address, now right click in the bottom half off the memory view screen and select goto address
and enter the same addie 148d73, no left click on the HEX that shows on the top row and copy it.
4.Should be the same as this
DD D8 DD 45 D4 8B 45 0C DD 19, maby more bytes at the end if you copied more than me
#v38 Engine#
1.On the front of you engine should be a drop down menu with value type next to it, click on it and select array of bytes
2.Copy the DD D8 DD 45 D4 8B 45 0C DD 19 into the text box above it (this is you v37 AOB's) and click on first scan
3.One or more addies will show up to the left, if one addie this is your new address congratz on updating your first hack.
For this only one addie will show 0014a5a2 the new v38 address
4.If more than one you need to filter through them to find a working one 
5. As we subtrated 00400000 we need to add this again so 14a5a2 = 5145a2. Dont wry if your confused you get used to adding subtracting quickly
Ok let's update the hack
548d73 = v37 address which we updated to 54a5a2 so just add it into the existing script
Code:
[enable]
0054a5a2:
fstp st(1)
[disable]
0054a5a2:
fstp st(0)Congratz on updating...
#TIPS#
1. AOB's dont produce results? Try scanning for the address above or below the original hack
then when you find new version of it goto the address above or below again to update your hack
2. Still no luck? If it has a searchable opcode like SSEAX then goto memory view and click search menu
and choose find assembly code, then enter your opcode and click ok
SSEAX Y for example is mov [ebp+0c],eax
3. Sometimes you need to remove some AOB's till you get results i.e
DD D8 DD 45 D4 8B 45 0C DD 19 could = 0 results
where as
DD D8 DD 45 could = 1 or more results
Section 6
By brycez0rz
Tutorial On Updating Addresses Via Opcodes Using a Cheat Engine
Introduction
Seeing that I see a few requests about people wanting to know how to update their addresses without the AOB's when a patch comes, incase the AOB's change, I decided to make this tutorial. I know I'll probably get flamed and whatever, but I don't care as long as one person learns something. I know there is a different, easier way in OllyDBG, but I'm not very familiar with Olly.
What you'll need:
Something to save opcodes in (eg notepad, comment them out in a script, I reccomend notepad so it stays neat)
An undetected Cheat Engine.
Some knowledge.
On with the tutorial!
1. First, open your CE and attatch to MapleStory.
2. Once you've attatched to MapleStory, open up memory viewer and find the address that you want to save.
3. See that opcode next to it, that's the operation code. Double click that opcode and you'll have this window come up.
Copy that line into a blank notepad file.
4. Do the same with the 2 addresses above it, and the 2 underneath it. You should have something similar to mine.
*Note: You will not have the same opcodes as me, I just attatched to Windows Explorer and did this, I couldn't be bothered opening up MapleStory.
5. See how I have it very similar to how it is in memory view? I have it like
Code:
mov esi,[esi+08]
test esi,esi
je 0044460 <<< The address I want to find after it's AOB's change.
push esi
push ediI have it like that so I know what address I am looking for and what the opcodes above it are and what the ones underneath it are. If I had it like this:
Code:
je 0044460
push esi
push edi
mov esi,[esi+08]
test esi,esiHow would I know what opcode belongs where? I wouldn't.
Now that you have your opcodes saved, imagine MapleStory updates.. Now how do you find the addresses with these? Simple.
I'll explain that now
Open memory view and go to Search > Find Assembly Code. It is located near the File button.
See how I saved a jump? The address something jumps to can change too, so in the window that came up, I would type "push esi","test esi,esi", "mov esi,[esi+08]" or "push edi", After you've typed in the opcode you want to look for, press enter. If you're looking for a jump, search for the opcode above it or under it. I pointed this out because a large amount of the MapleStory hacks are jumps.
In my case I'm searching for "mov esi,[esi+08]", these were my
results.
Now if I double click on the addresses that appear, I go to that address in memory viewer. So just double click through them addresses until you find the one with the same or very similar instructions. If you get a lot of addresses from one opcode search, try searching another opcode and see if you get less addresses.
Thats all for now
Hope you learnt something ~
P.s. Sorry it's not indepth and extremely step by step, I just thought you should need at least some knowledge and skills at following instructions to do this :\
Section 7
By Iamok
Updating A Script
(If this helped you out please let me know) ;D
Well many of you are new and are leechers. That's the truth, don't deny it. Now after every patch I know most of you are lost until someone like Devilsin comes to save you with a CT. So I'm here to help you update scripts of your own, so you won't have to wait.
First you need the new addresses. To get them you need to use array of bytes. Go here for help on arrays. - credit to WsTsK8eR
Now that you have your addresses it's time to learn how to update a script.
The first line after the [enable] is the actual address. Type it in.
Now see the "je" part, well that line is called the opcode.
To find it just follow these simple steps.
1. Start up maplestory, make sure your UCE is attached
2. Go into Memory View
3. Right Click, and find 63F487( the address of godmode)
4. Right Click on 63F487and click Assemble
5. The code that is highlighted is the original opcode
Now, this is the script for .33 GMS (GODMODE)
Code:
[enable]
63F487: // the address
je 0063FC12 //the opcode
[disable]
63F487: //the address (repeated)
jne 0063FC12 //the opcode (repeated)
DO NOT change the actual script itself otherwise you'll screw it up.
Simply remove the address and the opcodes. (This is what it looks like without the addresses.)
Code:
[enable]
(address) :
je (opcode#)
[disable]
(address):
jne (opcode#)You do not need to change the "jne" and the "je" part, ever
Now add the current address where the old addresses were. This is the finished product.
Code:
[enable]
64356A: //new address
je 00643CF5 //new opcode
[disable]
64356A:
jne 00643CF5----------------------------------------------------------------------------------------------------
Now let's try updating a more difficult script like mouse vac.
This is the .36 Mouse vac
Code:
[Enable]
Alloc(MouserX,512)
Alloc(MouserY,512)
label(back)
label(return)
6B68F6: // use the AoBs to find the new address
jmp MouserX
back:
6B695B: // use the AoBs to find the new address
jmp MouserY
return:
MouserX:
mov eax, [7D5360]// // The X mouse pointer address (needs to be updated)
mov eax, [eax+978] // offset #1 (may need to be updated)
mov eax, [eax+80] // offset #2 (may need to be updated)
mov [ebx], eax
mov edi,[ebp+10]
jmp back
MouserY:
mov eax, [7D5360] // // The Y mouse pointer address (needs to be updated)
mov eax, [eax+978] // offset #1 (may need to be updated)
mov eax, [eax+84] // offset #2 (may need to be updated)
mov [edi], eax
mov ebx,[ebp+14]
jmp return
[Disable]
6B68F6: // the original address repeated, don't forget to update this one.
mov [ebx], eax
mov edi,[ebp+10]
6B695B: // the original address repeated, don't forget to update this one.
mov [edi],eax
mov ebx,[ebp+14]
dealloc(MouserX)
dealloc(MouserY)Notice how I didn't say update the opcode? That's because we only update opcodes that have an address in them, but this script doesn't have one..
Code:
[Enable]
Alloc(MouserX,512)
Alloc(MouserY,512)
label(back)
label(return)
006b621b: // new .37 address
jmp MouserX
back:
006b6280: / new .37 address
jmp MouserY
return:
MouserX:
mov eax, [7d4360] // the new X Mouse Pointer address
mov eax, [eax+978] // stayed the same
mov eax, [eax+80] // stayed the same
mov [ebx], eax
mov edi,[ebp+10]
jmp back
MouserY:
mov eax, [7d4360] // the new Y mouse pointer address
mov eax, [eax+978] // stayed the same
mov eax, [eax+84] //stayed the same
mov [edi], eax
mov ebx,[ebp+14]
jmp return
[Disable]
006b621b: // the new .37 address repeated
mov [ebx], eax
mov edi,[ebp+10]
006b6280: // the new .37 address repeated
mov [edi],eax
mov ebx,[ebp+14]
dealloc(MouserX)
dealloc(MouserY)
Section 8
By frosty5689
Updating A Pointer
This is more on updating the pointer. Let's say u have the updated
wallvac pointer for v.34 and ur no breath,character coordinate pointers
are for v.33. You also have wallvac pointer for v.33. What you do is look
@ pointer of wall vac v.33 and no breath v.33. Whichever is bigger u
minus it with the smaller address. Then u get the diffrence. If wall vac is
bigger then u take the v.34 pointer for wall vac and minus the diffrence.
If no breath pointer is bigger then u take the v.34 walll vac address and add the diffrence. This is the most logical and likely way of getting the right one.
Note: This has been working for me for as long as i discovered this. I used this method serveral times because it's easiest to update pointer and also good to revive old pointer that i have no idea of how to find the dynamic address.
Section 9
AttachmentsIncludes:
1) A list of arrays
2) Gamevision
3) V.38 Unpacked (for olly)
I hope you learned something!
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Reputation: 9
Reputation: 0
