CE Scripts:
[hidden]SKILLHACK1
[ENABLE]
alloc(newmem,1024)
label(returnhere)
label(originalcode)
label(exit)
00697EBA:
jmp newmem
nop
nop
returnhere:
newmem:
mov [eax+ebx*4+00000898],00000000
originalcode:
mov ebx,[eax+ebx*4+00000898]
exit:
jmp returnhere
[DISABLE]
dealloc(newmem)
00697EBA:
mov ebx,[eax+ebx*4+00000898]
SKILLHACK2
[ENABLE]
alloc(newmem,1024)
label(returnhere)
label(originalcode)
label(exit)
00717E75:
jmp newmem
nop
returnhere:
newmem:
originalcode:
xor ecx,ecx
mov [edx+64],ecx
mov ecx,[edx+64]
mov [eax+64],ecx
exit:
jmp returnhere
[DISABLE]
dealloc(newmem)
00717E75:
mov ecx ,[edx+64]
mov [eax+64],ecx
ZOOMHACK
[ENABLE]
alloc(DrakoZoom,512)
label(ReturnZoom)
label(ZoomMax)
registersymbol(ZoomMax)
005D2306: //D9 47 04 D9 44 24 28 83 C4 08
jmp DrakoZoom
nop
nop
ReturnZoom:
DrakoZoom:
push eax
mov eax,[ZoomMax]
mov [edi+04],eax
fld dword ptr [edi+04]
fld dword ptr [esp+28]
pop eax
jmp ReturnZoom
ZoomMax:
db 00 00 8C 42
[DISABLE]
dealloc(DrakoZoom)
unregistersymbol(ZoomMax)
005D22F6:
fld dword ptr [edi+04]
fld dword ptr [esp+28]
FAREYEHACK
[ENABLE]
alloc(DrakoClipDistance,64)
label(ReturnClip)
label(ClipDistance)
registersymbol(ClipDistance)
005D38F5: //8B 48 08 8B 50 04 51 8B 4C 24
jmp DrakoClipDistance
nop
ReturnClip:
DrakoClipDistance:
mov ecx,[ClipDistance]
mov [eax+08],ecx
mov edx,[eax+04]
jmp ReturnClip
ClipDistance:
db 00 00 48 43
[DISABLE]
dealloc(DrakoClipDistance,64)
unregistersymbol(ClipDistance)
005D38F5:
mov ecx,[eax+08]
mov edx,[eax+04]
SHOPHACK
[ENABLE]
007D71F0: //8A 41 08 C3 CC CC CC CC CC CC CC CC CC CC CC CC 8B 0D
mov al,01
ret //by Drako
[DISABLE]
007D71F0:
mov al,[ecx+08]
NOAGGROHACK
[ENABLE]
alloc(MonsterRange,1024)
label(ReturnMonsterRange)
0053D0F5: //89 54 24 48 8B 01 FF 50 0C 8B
jmp MonsterRange
nop
ReturnMonsterRange:
MonsterRange:
mov [esp+48],edx
mov [esp+30],00000000
mov [esp+4c],00000000
//mov [esi+00000240],0000000 //other attack range to 0
//mov [esi+0000023c],0000000 //other attack range to 0
//mov [esi+00000238],0000000 //other attack range to 0
mov eax,[ecx]
jmp ReturnMonsterRange
[DISABLE]
dealloc(MonsterRange)
0053D0F5:
mov [esp+48],edx
mov eax,[ecx]
VACHACK
[ENABLE]
alloc(MonsterProperties,2048)
label(ReturnMonsterProperties)
label(MonsterRange)
label(ReturnMonsterRange)
label(MonsterAggro)
label(PropertyBace)
registersymbol(MonsterAggro)
registersymbol(PropertyBace)
0045C2AE: //8B 80 98 00 00 00 89 81 9C 00
jmp MonsterProperties
nop
ReturnMonsterProperties:
0053D0F5: //89 54 24 48 8B 01 FF 50 0C 8B
jmp MonsterRange
nop
ReturnMonsterRange:
0053D10A: //0F B7 86 54 01 00 00 8B 0D
mov eax,[MonsterAggro]
nop
nop
MonsterProperties:
push eax
mov eax,[eax+00000098] //Original Code
mov [ecx+0000009C],eax //Original Code
pop eax
mov [PropertyBace],ecx
//mov [ecx+00],00000000 //DwInfoIndex
mov [ecx+04],0000004B //DwExploreRange
mov [ecx+08],0000004B //DwSight
mov [ecx+0C],0000004B //DwPersuitRange
//mov [ecx+10],00000000 //DwAvoidRange
mov [ecx+14],00000000 //DwExploreStandDelay
//mov [ecx+18],00000000 //DwExploreMoveDelay
//mov [ecx+1C],00000000 //DwStandDelay
mov [ecx+20],000001F4 //DwMoveDelay
//mov [ecx+24],00000000 //DwFollowMyMasterRange
//mov [ecx+28],00000000 //DwStopMasterNear
//mov [ecx+2C],00000000 //DwWarpMyMasterRange
//mov [ecx+30],00000000 //DwCallTeamPossibelHP
//mov [ecx+34],00000000 //DwCallTeamCount
//mov [ecx+38],00000000 //DwBlockNFirstAttack
//mov [ecx+3C],00000000 //dwCallTeamCell
mov [ecx+40],000000FA //dwFollowTarget
mov [ecx+44],00000000 //dwSpecialAttackStartHP
mov [ecx+48],00000000 //dwSpecialMeleeAttackRate
mov [ecx+4C],00000000 //dwSpecialRangeAttackRate
mov [ecx+50],00000000 //DwPowerAttacjStartHP
mov [ecx+54],00000000 //dwPowerMeleeAttackProbable
mov [ecx+58],00000000 //dwPowerRangeAttackProbable
//mov [ecx+5C],00000000 //DwUnderAttackAggro
mov [ecx+60],00000000 //DwMeleeAttackRangeInAggro
mov [ecx+64],00000000 //DwRangeAttackRangeInAggro
mov [ecx+68],000003E8 //DwSightInAggro
//mov [ecx+6C],00000000 //DwDefeatAggro
//mov [ecx+70],00000000 //DwBlockedAggro
//mov [ecx+74],00000000 //DwSlideAggro
//mov [ecx+78],00000000 //DwHealAggro
//mov [ecx+7C],00000000 //DwMasterUnderAttackAggro
//mov [ecx+80],00000000 //DwMasterDefeatAggro
//mov [ecx+84],00000000 //DwMasterBlockingAggro
//mov [ecx+88],00000000 //DwMasterSlideAggro
//mov [ecx+8C],00000000 //DwCOmplusionUnderAttackAggro
mov [ecx+90],00000030 //dwMaxSummonsMonsterCount
mov [ecx+94],00000000 //dwReSummonsMonsterTick
mov [ecx+98],00000000 //dwMaxSummonsMonsterRange
mov [ecx+9C],00000000 //dwSummonsStartPcCount
//mov [eax+A0],00000000 //PatternType
mov eax,[ecx+0000009C] //Original Code
jmp ReturnMonsterProperties
MonsterRange:
mov [esp+48],edx
mov [esp+30],00000000
mov [esp+4c],00000000
//mov [esi+00000240],0000000 //other attack range to 0
//mov [esi+0000023c],0000000 //other attack range to 0
//mov [esi+00000238],0000000 //other attack range to 0
mov eax,[ecx]
jmp ReturnMonsterRange
MonsterAggro:
db 03 00 00 00
PropertyBace:
db 00 00 00 00
[DISABLE]
dealloc(MonsterProperties)
unregistersymbol(MonsterAggro)
unregistersymbol(PropertyBace)
0045C2AE:
mov eax,[eax+00000098]
0053D0F5:
mov [esp+48],edx
mov eax,[ecx]
0053D10A:
movzx eax,word ptr [esi+00000154]
AUTOPOTS
[ENABLE]
alloc(newmem,1024)
label(returnhere)
label(originalcode)
label(exit)
label(check_mana)
label(finished_check)
0052D03F: //83 78 08 13 0F 84
jmp newmem
nop
nop
nop
nop
nop
returnhere:
newmem:
originalcode:
cmp dword ptr [eax+08],01 // checking for HP pot?
jne check_mana
mov dword ptr[eax+08],11 // change to auto pot
mov dword ptr[eax+10],11
check_mana:
cmp dword ptr [eax+08],02 // checking for MP pot?
jne finished_check
mov dword ptr[eax+08],12 // change to auto pot
mov dword ptr[eax+10],12
finished_check:
cmp dword ptr [eax+08],13
je 0052d13a
exit:
jmp returnhere
[DISABLE]
dealloc(newmem)
0052D03F:
cmp dword ptr [eax+08],13
db 0F 84 91 00 00 00
MAP 0.5
[ENABLE]
alloc(newmem,1024)
label(returnhere)
label(originalcode)
label(exit)
label(change_teleport)
005537E3:
jmp newmem
nop
nop
returnhere:
newmem:
originalcode:
movzx ebx,word ptr [eax]
cmp bx,0483 // check for python castle -> tomb of the black dragon
je change_teleport
cmp bx,0487 // check for Requies Beach -> Avalon Island
je change_teleport
cmp bx,048D // check for tomb of the black dragon -> Cursed Mazed
je change_teleport
cmp bx,0495 // check for Avalon Island -> Aquarius
je change_teleport
cmp bx,4E20 // check for Braiken Castle -> Draco Desert
je change_teleport
cmp bx,2B8C // check for North Morte -> Aquirai
je change_teleport
cmp bx,2BB0 // check for Space of Pilgrimage -> Morse Yahweh
je change_teleport
cmp bx,2B84 // check for Requies Coast -> The Qualine
je change_teleport
jmp exit
change_teleport:
mov word ptr [eax+00000106],0005 // change location to 0,5
mov word ptr [eax+0000010C],0005 // change location to 0,5
exit:
movzx ebx,word ptr [eax+00000104]
jmp returnhere
[DISABLE]
dealloc(newmem)
005537E3:
movzx ebx,word ptr [eax+00000104]
GMDETECT
[ENABLE]
alloc(DetectGM,512)
label(ReturnName)
label(PassCheck)
label(Tele)
registersymbol(DetectGM)
DetectGM:
cmp [eax+70],5D4D475B
jnz PassCheck
mov byte ptr [00603D4B],B9 //Update
mov dword ptr [00603D4C],Tele //Update
mov dword ptr [00603D50],9090E1FF //Update
mov dword ptr [0045C1CD],891C508B //Update
mov word ptr [0045C1D1],2051 //Update
mov dword ptr [0053D16A],5486B70F //Update
mov dword ptr [0053D16E],8B000001 //Update
PassCheck:
mov [esi+0c],00000000
jmp ReturnName
Tele:
mov [eax],10E //Co-ordinate
mov [eax+4],10E //Co-ordinate
mov dword ptr [esp+20],10E //Co-ordinate
jmp 00603D54 //Update
00553703: //C7 46 0C 00 00 00 00 89 47 04
jmp DetectGM
nop
nop
ReturnName:
[DISABLE]
dealloc(DetectGM)
unregistersymbol(DetectGM)
00553703: //Update
mov [esi+0c],00000000
00603D4B: //Update
mov ecx,[eax]
mov edx,[eax+04]
mov dword ptr [esp+20],ecx
GMTELEPORT
[ENABLE]
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
004EB3E3:
jmp newmem
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov eax,00000002
exit:
jmp returnhere
[DISABLE]
mov eax,00000002
SPEEDHACK
[ENABLE]
alloc(DrakoSpeed,16)
label(ReturnSpeed)
label(SpeedValue)
registersymbol(SpeedValue)
007E64DA: //D9 40 08 5F 5E C3 8B 0D
jmp DrakoSpeed
ReturnSpeed:
DrakoSpeed:
fld dword ptr [SpeedValue]
pop edi
pop esi
jmp ReturnSpeed
SpeedValue:
db 00 00 20 41
[DISABLE]
dealloc(DrakoSpeed)
unregistersymbol(SpeedValue)
007E64DA:
fld dword ptr [eax+08]
pop edi
pop esi
MONSTERSPEEDHACK
[ENABLE]
alloc(DrakoMobSpeed,64)
label(MobIsWalking)
label(ReturnMobSpeed)
label(MobRunSpeed)
label(MobWalkSpeed)
registersymbol(MobRunSpeed)
registersymbol(MobWalkSpeed)
0053E130: //80 7C 24 04 00 74 06 D9 40 70
jmp DrakoMobSpeed
ReturnMobSpeed:
DrakoMobSpeed:
cmp byte ptr [esp+04],00
je MobIsWalking
fld dword ptr [MobRunSpeed]
ret 0004
MobIsWalking:
fld dword ptr [MobWalkSpeed]
ret 0004
MobRunSpeed:
db 00 00 20 41
MobWalkSpeed:
db 00 00 40 40
[DISABLE]
dealloc(DrakoMobSpeed)
unregistersymbol(MobRunSpeed)
unregistersymbol(MobWalkSpeed)
0053E130:
cmp byte ptr [esp+04],00
WALLHACK
[ENABLE]alloc(blah,1024)
label(return)
00765AF3://array of bytes 8d bc 24 88 00 00 00
JMP blah
NOP
NOP
return:
blah:
LEA EDI,DWORD PTR SS:[ESP+88]
CMP DWORD PTR DS],5F626577
JE return
MOV DWORD PTR DS:[EAX+402],5F626577
MOV DWORD PTR DS],67616D69
MOV DWORD PTR DS:[EAX+40A],616D2E65
MOV DWORD PTR DS],00000063
JMP return
[DISABLE]
dealloc(blah)
00765AF3://array of bytes 8d bc 24 88 00 00 00
LEA EDI,DWORD PTR SS:[ESP+88][/hidden]