 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
iRiot
Master Cheater
 Reputation: 0
Joined: 03 Jul 2007
Posts: 395
Location: Aka RIOT
|
 Posted: Fri Nov 21, 2008 8:28 pm Post subject: [c++] Asm |
 |
|
Well iam trying to code in the Item Vac hack for the maplestory ... yes i know its patched but iam using it for pirvate servers.. well this is what happens i enable the hack and it doesn't d/c me but when loot an item it shuts down maplestory... here is my coding i was wondering if any1 can find the problem with it
| Code: |
#include <windows.h>
#include "resource.h"
#define JMP(frm, to) (int)(((int)to - (int)frm) - 5);
BYTE bItemVac1[16];
BYTE bItemVac2[16];
BYTE bItemVac3[16];
DWORD ReturnAddy = 0x004B44E7;
__declspec(naked) void ItemVacHook()
{
__asm
{
pushad
mov ecx,[ebp+0x8]
mov ebx,[ebp-0x24]
mov [ecx],ebx
mov [ecx+0x4],eax
mov ecx,eax
mov eax,ebx
lea edx,[eax-0x19]
mov [ebp-0x34],edx
lea edx,[ecx-0x32]
add eax,0x19
add ecx,0xA
mov [ebp-0x30],edx
mov [ebp-0x2C],eax
mov [ebp-0x28],ecx
popad
push eax
push [ebp-0x24]
lea eax,[ebp-0x34]
jmp ReturnAddy
}
}
void ItemVacOn (HWND hWnd)
{
memcpy( (void*)bItemVac1, (void*)0x004B44E7, 16 );
memcpy( (void*)bItemVac2, (void*)0x004B44E8, 16 );
memcpy( (void*)bItemVac3, (void*)0x004B44EB, 16 );
*(BYTE*)0x004B44E7 = 0xE9;
*(DWORD*)(0x004B44E7+1) = JMP( 0x004B44E7, ItemVacHook );
*(WORD*)(0x004B44E7 + 5) = 0x9090; // 90 90
}
void ItemVacOff (HWND hWnd)
{
memcpy( (void*)0x004B44E7, (void*)bItemVac1, 16 );
memcpy( (void*)0x004B44E8, (void*)bItemVac2, 16 );
memcpy( (void*)0x004B44EB, (void*)bItemVac2, 16 );
}
|
Original Script:
| Code: |
[Enable]
alloc(ItemVac,128)
label(return)
ItemVac:
pushad
mov ecx,[ebp+8]
mov ebx,[ebp-24]
mov [ecx],ebx
mov [ecx+4],eax
mov ecx,eax
mov eax,ebx
lea edx,[eax-19]
mov [ebp-34],edx
lea edx,[ecx-32]
add eax,19
add ecx,A
mov [ebp-30],edx
mov [ebp-2C],eax
mov [ebp-28],ecx
popad
push eax
push [ebp-24]
lea eax,[ebp-34]
jmp return
004B44E7: //50 FF 75 DC 8D 45 CC 50 FF 15
jmp ItemVac
nop
nop
return:
[Disable]
004B44E7:
push eax
push [ebp-24]
lea eax,[ebp-34]
|
_________________
|
|
| Back to top |
|
 |
kitterz
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 24 Dec 2007
Posts: 1268
|
| Posted: Fri Nov 21, 2008 9:36 pm Post subject: |
|
|
| Code: | DWORD ReturnAddy = 0x004B44E7;
jmp ReturnAddy |
make sure that the return addy is the main addy + 5
| Code: | | DWORD ReturnAddy = (0x004B44E7 + 5); |
_________________
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Fri Nov 21, 2008 10:21 pm Post subject: |
|
|
| Code: | | *(WORD*)(0x004B44E7 + 5) = 0x9090; // 90 90 |
Lol is it just me or do I think this will crash.
|
|
| Back to top |
|
|
sponge
I'm a spammer
 Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Fri Nov 21, 2008 10:30 pm Post subject: |
|
|
| _void_ wrote: | | Code: | | *(WORD*)(0x004B44E7 + 5) = 0x9090; // 90 90 |
Lol is it just me or do I think this will crash. |
Just you meng. pz.
_________________
|
|
| Back to top |
|
|
smartz993
I post too much
 Reputation: 2
Joined: 20 Jun 2006
Posts: 2013
Location: USA
|
| Posted: Fri Nov 21, 2008 10:30 pm Post subject: |
|
|
| _void_ wrote: | | Code: | | *(WORD*)(0x004B44E7 + 5) = 0x9090; // 90 90 |
Lol is it just me or do I think this will crash. |
Uhh..its just you?
|
|
| Back to top |
|
|
kitterz
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 24 Dec 2007
Posts: 1268
|
| Posted: Fri Nov 21, 2008 10:31 pm Post subject: |
|
|
| _void_ wrote: | | Code: | | *(WORD*)(0x004B44E7 + 5) = 0x9090; // 90 90 |
Lol is it just me or do I think this will crash. |
It's just you. This will not crash...unless it is not supposed to be noped. If it is, the it'll work.
_________________
|
|
| Back to top |
|
|
Symbol
I'm a spammer
![]() Reputation: 0
Joined: 18 Apr 2007
Posts: 5094
Location: Israel.
|
| Posted: Sat Nov 22, 2008 5:05 am Post subject: |
|
|
You know that Item Vac can be done by changing only one byte...
I found that there's a conditional jump (jne) below this item vac address you used (right after the PtInRect call, by changing it to jmp it will ignore what PtInRect returned), if you change it to jmp (0xEB) you will still be able to pick up items from distance.
Try debugging (with OllyDBG or something) and see what happens.
And this:
| Code: | memcpy( (void*)0x004B44E7, (void*)bItemVac1, 16 );
memcpy( (void*)0x004B44E8, (void*)bItemVac2, 16 );
memcpy( (void*)0x004B44EB, (void*)bItemVac2, 16 ); |
Is pretty stupid, couldn't you just copy all bytes from 0x004B44E7 to 0x004B44EB+0x10 (0x004B44FB - 0x004B44E7 = 0x14 = 20)?
just:
| Code: | memcpy(bItemVac, (LPVOID)0x004B44E7, 20);
and:
memcpy((LPVOID)0x004B44E7, bItemVac, 20); |
|
|
| Back to top |
|
|
iRiot
Master Cheater
Reputation: 0
Joined: 03 Jul 2007
Posts: 395
Location: Aka RIOT
|
| Posted: Sat Nov 22, 2008 8:28 am Post subject: |
|
|
thanks guys it works now
@symbol
yea i think i saw something on ragezone about a couple of months ago about a 1 address item vac and it worked to lol
_________________
|
|
| Back to top |
|
|
sponge
I'm a spammer
Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Sat Nov 22, 2008 11:27 am Post subject: |
|
|
| Symbol wrote: | You know that Item Vac can be done by changing only one byte...
I found that there's a conditional jump (jne) below this item vac address you used (right after the PtInRect call, by changing it to jmp it will ignore what PtInRect returned), if you change it to jmp (0xEB) you will still be able to pick up items from distance.
Try debugging (with OllyDBG or something) and see what happens.
And this:
| Code: | memcpy( (void*)0x004B44E7, (void*)bItemVac1, 16 );
memcpy( (void*)0x004B44E8, (void*)bItemVac2, 16 );
memcpy( (void*)0x004B44EB, (void*)bItemVac2, 16 ); |
Is pretty stupid, couldn't you just copy all bytes from 0x004B44E7 to 0x004B44EB+0x10 (0x004B44FB - 0x004B44E7 = 0x14 = 20)?
just:
| Code: | memcpy(bItemVac, (LPVOID)0x004B44E7, 20);
and:
memcpy((LPVOID)0x004B44E7, bItemVac, 20); |
|
It will not work on real MapleStorys. By changing just one jump, you are not changing the character coordinates in the packet (stored in local variables).
_________________
|
|
| Back to top |
|
|
Symbol
I'm a spammer
![]() Reputation: 0
Joined: 18 Apr 2007
Posts: 5094
Location: Israel.
|
| Posted: Sat Nov 22, 2008 2:26 pm Post subject: Re: [c++] Asm |
|
|
Well, I never tried, but..:
| iRiot wrote: | | Well iam trying to code in the Item Vac hack for the maplestory ... yes i know its patched but iam using it for pirvate servers.. |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
