| [EMS] Hacks/Scripts/Addresses
Legend
NAB This does not Auto Bans (still i do not take responsebilities)
AB This hack Auto Bans (still i do not take responsebilities)
MAB This hack may Auto Bans (still i do not take responsebilities)
Scripts The name of the script
Pointer Pointer (some pointer are level 2 pointers)
Pointers
People scanner - Pointer: 0079A0B8 Offset: 18
Unlimited Attack - Pointer: 0079AC20 Offset: 13C4
No Breath - Pointer: 0079AC20 Offset: 340
Left Wall - Pointer: 0079A0B0 Offset: C
Right Wall - Pointer: 0079A0B0 Offset: 14
Top Wall - Pointer: 0079A0B0 Offset: 10
Bottom Wall - Pointer: 0079A0B0 Offset: 18
Char write X - Pointer: 0079AC20 Offset: 5F4
Char write Y - Pointer: 0079AC20 Offset: 5F8
Char read X - Pointer: 0079ACB8 Offset: 57C
Char read Y - Pointer: 0079ACB8 Offset: 580
Map Mouse X - Pointer: 0079ACB8 Offset1: 10 Offset2: 80 //THIS POINTER OFFSET(S) ARE WRONG
Map Mouse Y - Pointer: 0079ACB8 Offset1: 10 Offset2: 84 //THIS POINTER OFFSET(S) ARE WRONG
Screen Mouse X - Pointer: 0079ABF8 Offset: 94
Screen Mouse Y - Pointer: 0079ABF8 Offset: 98
Scripts
CRC Bypass NAB
CODE:
[ENABLE]
ALLOC(crc,128)
ALLOC(dump,3670016)
LABEL(oldmem)
LABEL(ret)
LOADBINARY(dump,eMSv28.cem)
crc:
CMP ECX,00400000
JB oldmem
CMP ECX,00780000
JA oldmem
MOV EAX,dump
ADD ECX, dump-400000
oldmem:
MOV EAX,[EBP+10]
DB 56 57
JMP ret
00458BAE:
JMP crc
ret:
[DISABLE]
00458BAE: //8B 45 10 56 57 8B 7D ?? 83 FF
MOV EAX,[EBP+10]
DB 56 57
DEALLOC(crc)
DEALLOC(dump)
Pin Unrandomizer
Code:
[enable]
alloc(pinunrandom,128)
label(returnhere)
pinunrandom:
add eax,edx
push edx
shr edx,1
mov [eax],edx
pop edx
cmp byte ptr [eax],ff
jmp returnhere
0060729C:
jmp pinunrandom
returnhere:
[disable]
0060729C: //03 C2 80 38 ?? 73 ?? 80 E1 ?? D0 E1 EB
add eax,edx
cmp byte ptr [eax],0a
PIN TYPER
CODE:
[Enable]
00472FC5:
db 0f 83
[disable]
00472FC5: //0F 86 ?? ?? ?? ?? 83 FA ?? 0F 87 ?? ?? ?? ?? A1
db 0f 86
UA BYPASS
CODE:
[enable]
alloc(UnlimitedAttack,64)
alloc(UnlimitedCheck,44)
UnlimitedAttack:
mov eax,[0079AC20]
mov ebx,[eax+5F4]
sub ebx,00000001
mov [eax+5F4],ebx
popad
cmp eax,edi
mov [ebp-20],eax
je 0051E20D
jmp 0051E1AE
UnlimitedCheck:
pushad
mov eax,[0079AC20]
mov eax,[eax+13C4]
cmp eax,00000062
jnl UnlimitedAttack
popad
cmp eax,edi
mov [ebp-20],eax
je 0051E20D
jmp 0051E1AE
0051E1A7:
jmp UnlimitedCheck
[DISABLE]
0051E1A7: //3B C7 89 45 ?? 74 ?? FF B3 ?? ?? ?? ?? 8D 83 ?? ?? ?? ?? 50
cmp eax,edi
mov [ebp-20],eax
db 74 5f
dealloc(UnlimitedAttack)
dealloc(UnlimitedCheck)
NGRUSH
CODE:
[ENABLE]
alloc(Ngr, 384)
label(rtnNgr)
label(matchAny)
label(ptlDone)
label(goHome)
label(mapFind)
label(mapNxt)
label(dirnOk)
label(mapFindDone)
label(cPtlNxt)
label(cPtlNFnd)
label(cPtlDone)
label(fndExtPtl)
label(prevMapId)
label(rushDir)
alloc(paths,2048)
Ngr:
mov [ebp-18], eax
pushad
mov edi, 0079ACB8 //A1 ?? ?? ?? ?? 53 56 33 F6 3B C6 57 89 4D ?? 89 75
lea esi, [edi+4]
mov edi, [edi]
mov edi, [edi+5D4] //edi=curr Map
mov esi, [esi]
mov esi, [esi+4] //esi=portal base
call mapFind //find map in path
test eax,eax
jz matchAny //if curr. map not in path, do matchAny
push eax //find portal to nxtMap
mov edx, [esi-4]
call cPtlNxt
test eax,eax //found portal to NxtMap?
jnz ptlDone
matchAny:
push eax //find ANY external portal
mov edx, [esi-4]
call cPtlNxt
ptlDone:
test eax,eax //found any useful portals?
jz goHome
push [eax+c] //Portal X
pop dword ptr[ebp-1C] //Spawn X
push [eax+10] //Portal Y
pop dword ptr[ebp-18] //Spawn Y
goHome:
mov [prevMapId], edi
popad
cmp dword ptr [edi+10], 0
jmp rtnNgr
cPtlNxt:
dec edx
test edx,edx //checked all portals?
js cPtlNFnd
mov eax, [esi+8*edx+4] //portal
mov ecx, [eax+14] //dest. map
cmp ecx,edi //skip internal portals
je cPtlNxt
cmp ecx,[prevMapId] //skip ptl to prevMap
je cPtlNxt
cmp [eax+8],7 //accept type7 (fm)
je fndExtPtl
cmp ecx,3B9AC9FF //skip portal 99999999
je cPtlNxt
fndExtPtl:
cmp [esp+4],0 //matchAny mode?
jz cPtlDone
cmp [esp+4],ecx //found map?
jz cPtlDone
jmp cPtlNxt
cPtlNFnd:
xor eax,eax
cPtlDone:
ret 4
mapFind:
xor edx,edx
mapNxt:
inc edx
mov eax, [paths+edx*4]
test eax,eax //end of paths?
jz mapFindDone
cmp eax, edi //found map in path?
jnz mapNxt
//update rushDir
mov eax, [rushDir]
lea eax, [paths+eax*4]
mov eax, [eax+edx*4]
cmp eax, [prevMapId]
jne dirnOk
neg [rushDir]
dirnOk:
add edx, [rushDir]
mov eax, [paths+edx*4]
mapFindDone:
ret
prevMapId:
dd 0
rushDir:
dd 1
paths:
dd 0
include(paths.cea)
dd 0
006585B1:
jmp Ngr
db 90 90
rtnNgr:
db eb
[DISABLE]
006585B1: //83 7F 10 00 89 45 E8 74 ?? 8B 47 08
db 83 7f 10 00 89 45 E8 74
dealloc(NGR, 384)
dealloc(paths,2048)
Skill Hack (tele only)(hotkey = Nimble Feet)
CODE:
[ENABLE]
Alloc(SkTeleport,512)
Label(Sklvl)
Label(SkNormal)
Label(Skret)
Label(Sklvlret)
Label(lvlNormal)
SkTeleport:
cmp [eax],3EA
jne SkNormal
mov [eax], 4C4F2F //Teleport //= 2F 4F 4C
jmp SkNormal
Sklvl:
cmp [edi], 4C4F2F //Teleport
jne lvlNormal
mov [edi],3EA
jmp lvlNormal
SkNormal:
push [ebp+08]
mov edi,[eax]
jmp Skret
lvlNormal:
mov eax,[edi]
push 05
push eax
jmp Sklvlret
005FDC87:
jmp SkTeleport
Skret:
00445909:
jmp Sklvl
Sklvlret:
[Disable]
005FDC87: //FF 75 ?? 8B 38 8B Cheat Engine E8 ?? ?? ?? ?? 8B 45 ?? 8D 48 ?? F7
push [ebp+08]
mov edi,[eax]
00445909: //8B 07 6A ?? 50 E8 ?? ?? ?? ?? 33 D2 F7 76 ?? 8B
mov eax,[edi]
push 05
push eax
Dealloc(SkTeleport
Slow Dupex
Code:
[Enable]
//Pointer: Pointer Offset: 110
alloc(CodeCave,32)
alloc(Pointer,32)
registersymbol(CodeCave)
registersymbol(Pointer)
label(ReturnHere)
CodeCave:
push ecx
mov ecx,Pointer
mov [ecx],esi
pop ecx
mov [esi+00000114],edi
jmp ReturnHere
00695589:
jmp CodeCave
db 90
ReturnHere:
[DISABLE]
00695589: // 89 Be 14 01 00 00 EB ?? 83 7D ?? ?? 74 ?? 8B
mov [esi+00000114],edi
dealloc(CodeCave)
dealloc(Pointer)
unregistersymbol(CodeCave)
unregistersymbol(Pointer)
Talk Bypass
CODE:
[Enable]
0044C57F:
db 90 90
0044C1A9:
db eb
0044C1F1:
db eb
[disable]
0044C57F: //74 ?? 80 3F ?? 75 ?? 33 C0 8A 06 50 FF 15
db 74 1c
0044C1A9: //74 ?? 83 45 ?? ?? 83 7D ?? ?? 7C ?? FF 15
db 74
0044C1F1: //73 ?? FF 15 ?? ?? ?? ?? 33 FF 57 57 57 51
db 73
Super Tubi
CODE:
[ENABLE]
00489108:
db 90 90
[DISABLE]
00489108: //75 ?? 83 7C 24 ?? ?? 75 ?? 8B 86
db 75 36
Poo Poo
CODE:
[ENABLE]
0065B8B7:
db 75
[DISABLE]
0065B8B7: //74 ?? 8B 45 ?? 23 C3 83 C8 ?? Eb ?? 39
db 74
Unrandomizer
CODE:
[Enable]
006E7BFD:
mov eax,0
//0= STR
//1= DEX
//2 = INT
//3 = LUK
[Disable]
006E7BFD: //25 FF 7F 00 00 C3 CC
and eax,00007fff
Levitation+swim
CODE:
[Enable]
00693CE0:
db 0f 85
00558FDB:
db 74 04
[Disable]
00693CE0: //0F 84 ?? ?? ?? ?? 8B 8E ?? ?? ?? ?? A1 ?? ?? ?? ?? 8B 58 ?? 83 C1
db 0f 84
00558FDB: //73 ?? 6A ?? 58 C3 33 C0 C3
db 73 04
Perfect no breath
CODE:
[Enable]
004A8D4F:
db eb
0048B4D3:
db eb
006BAA2B:
db eb
[Disable]
004A8D4F: //7E ?? 57 57 57 51 8B C4 89 65
db 7e
0048B4D3: //7E ?? 51 51 51 51 8B C4 89 65
db 7e
006BAA2B: //7E ?? 57 57 57 51 8B C4 89 65 + Search 2
db 7e
Speed Attack
CODE:
[ENABLE]
alloc(speedattack,300)
label(speed)
label(normal)
label(returnhere)
speedattack:
pushad
mov eax,[0079AC20]
mov edx,[eax+13C4]
mov ecx,04
mov eax,edx
shr edx,0f
idiv ecx
dec ecx
cmp edx,ecx
popad
jne normal
speed:
jmp 0042CA23
normal:
add eax,0a
mov [ebp+0c],eax
jmp returnhere
0042C987:
jmp speedattack
db 90
returnhere:
[disable]
0042C987: // 83 C0 ?? 89 45 ?? 83 BB
add eax,0a
mov [ebp+0c],eax
dealloc(speedattack
Meso Drop
CODE:
[Enable]
registersymbol(Value)
alloc(Value,4)
alloc(Meso,32)
Value:
db 00 00
Meso:
mov eax, [Value]
mov [esi+000000bc], eax
jmp 0068F61D
0068F617:
jmp Meso
db 90
[Disable]
0068F617: //89 86 BC 00 00 00 7D ?? 68
mov [esi+000000bc], eax
dealloc(Meso,32)
dealloc(Value,4)
unregistersymbol(Value)
What You Need For It
CRC Bypass NAB CEM file (required)
Pin Unrandomizer NAB
Pin Typer NAB
UA bypass NAB
NGRush NAB CEA file (required)
Skill Hack (tele only)(hotkey = Nimble Feet) NAB
Slow DupeX NAB
Talk bypass NAB
Super tubi NAB
Poo Poo NAB
Unrandomizer NAB
Levitation+swim MAB
Perfect no breath NAB
Speed Attack NAB
Meso Drop NAB
Credits Go To:ColdDoT And Original Makers And Me
Thnk Me If It Helped You   |
Linear Mode
