Maple Story

[lauzhehao]

Mods:Please move this to the msea discussion section..i accidentally add to the wrong section,...sorry!

Credicts:XiiaoDeviil aka lauzhehao from Alchemist-team
Note:This may not be the most up to date version of the guide...
Most up to date:Alchemist-team guide

I hope who ever who want to use this guide on any other forum,please put credicts..
Please do correct me if i have something wrong in this topic.
Guide process:||||||||||||||||||(Made by XiiaoDeviil aka lauzhehao)

(This does not mean its incomplete.just that i feel that i can add more things to it.So the bar may not be full bar.Anyway this is already quite a good guide by me already.Quite complete.)
Tutorial Version-1.5

Version Changed log:
-Now you can use the ctrl F function to search for the specific topic.
-Changes to some bug.
=========================
Table of Contents
=========================
[0.0]Introduction to the Maple World
-0.1What is MapleStory
-0.2What are the Versions of maplestory

[1.0]Introduction to the Hacking World
-1.1What is a CheatEngine
-1.2What is a UCE
-1.3What is a Trainer CE

[2.0]Bypassing Into MapleStory
-2.1How do i bypass MapleStory

[3.0]Targetting MapleStory
-3.1How to Target MapleStory

[4.0]Hacking MapleStory
-4.1Types of hacks
-4.2Some Basic Game Concept
-4.3What is address?Where can i get it?
-4.4What is ZF all this?Register list?
-4.5What are pointers?
-4.6How do you find pointers?

[5.0]Hacking FAQs
-5.1Where can i make/get a trainer CE/UCE?
-5.2How to make a UCE?
-5.3Where can i get a CE or a UCE?
-5.4Types of Hacks
-5.5Some Basic Game Concept
-5.6What is address?Where can i get it?
-5.7What is ZF all this?Register list?
-5.8What are pointers?
-5.9How do you find pointers?
-5.10What is BSOD?
-5.11Meaning of Hacking program/related stuff
[6.0]Forum FAQs
-6.1What's is a leecher
-6.2Who's a spammer
[7.0]CONFIGURING YOUR ANTIVIRUS
-7.1My Anti Virus detect UCE/CE as a virus!
-7.2Setting your Antivirus exclusion list
-7.3Symantec AntiVirus Corporate Edition
-7.4McAfee VirusScan
[8.0]Overall Credicts
-8.1 Credicts


__________________________________________________ ______________________________

[0.0]Introduction to the Maple World

[0.1]What is MapleStory?


[0.2]What are the Versions of maplestory?
There are a total of 8 Maplestory versions
They are,
Korea MapleStory[KMS]
Japan MapleStory[Jms]
China MapleStory
Taiwan MapleStory
Thailand MapleStory
Global MapleStory[Gms]
Maple SouthEastAsia[MSEA]
and the newest in beta,
Europe MapleStory[EMS]
__________________________________________________ ______________________________

[1.0]Introduction to the Hacking World

[1.1]What is Cheat Engine
Cheat Engine is a program made by a team consisting of Darkbyte and his friends to help cheat a game or a program.It has a hex editor, assembler and disassembler, a debugger, a memory finder and allows you to make trainers for games.

[1.2]What is a UCE?
A UCE,also known as Undetectable Cheat Engine is a Cheat Engine which gets undetected when passing through a Hack protecter like GameGuard etc etc.
Picture of my private UCE:


[1.3]What is a trainer CE/UCE
It is a CE/UCE whereby it has extra things in it making it easier to use hacks.Like just press the button and the hack is activated.
__________________________________________________ ______________________________

[2.0]Bypassing Into MapleStory

[2.1]How do i bypass MapleStory
There are serveral ways of bypassing GameGuard.
This includes Making your CE undetectable by changing the strings,
Using a Bypass program like GR aka gameresistant,GameGuard Killer
For Msea,there are currently no Public Bypass.The above bypass are for GMS version 0.29 and below.
I However,seriously don recomend using bypass programs as it takes up space.Use a UCE is the best choice.
__________________________________________________ ______________________________

[3.0]Targetting MapleStory

[3.1]How to Target MapleStory
Open Your Engine and then open maplestory.
Now,Target MapleStory by click on this button on the top left and corner of your engine.

Next,a pop up named process list,or anything like this,should pop up.

Next,scroll down and look for this.
MapleStory.exe or anything that you want to target.If you don find it,click process watch.Note:some engine does not have process watch as the source the owner use to complie is a older source.
Click on the Program u want to target and press ok.
If you do not have any error,you have succesfully bypassed your UCE.
If you have error or hang when you press ok,
1-Your settings is wrong
2-Detected
3-Your com sucks and needs a reboot.(no offense)
__________________________________________________ ______________________________

[4.0]Hacking MapleStory

Many of the FAQs like what is address/pointers can be found in the FAQ section below.But still i will post it here for those who are lazy

[4.1]Types of Hacks
There are many kind of hacks.But are mainly catagorise into 2section.Namely:Private,Public.
It can also be catagorise under pointer and debugger.

[4.2]Some basic game concepts
Most games rely on collision detection and vector based positioning to work. This means that all animated items in the game have a vector depicting its respective position on the map or the world. And usually a game event occurs when a "collision" is detected, i.e. when an object touches another. Let's look at some basic game concepts that had been put to the advantage of hackers.

God mode: When you touch a mob what happens?

1. Calculate hit possibility (decides if the games proceed with steps 2-5)
2. If hit then, reduce hp
3. Flash
4. Knock back
5. Else Miss

Melee god and full god works on point 1, flash god works on point 3, miss hack works on point 5. There are many ways to achieve invulnerability, what I've mentioned is a couple of them. Melee god works only for physical collision detected by mob sprite and you. Full god mode works on point 1 in the sense that it nullifies all decisions to proceed to step 2 - 5.

Wall Vac: As we all know, when we walk until the border of a map, we can't walk anymore or else we'll "fall" off. Now the graphics itself won't know of when we reach the edge, so there must be something there to tell the game that the character has reached the edge. The answer: a boundary. Yes most games 2d or 3d have map boundaries to prevent the character from going out-of-bounds. Same as in maplestory, there are 4 boundaries to each map (since the map is rectangular) and these boundaries control the rules of the characters and monsters in it.

By changing the boundaries, we have changed the rules of the map itself and newly spawn monsters will adopt the "latest" rules and thus this result in a vac-like effect when the boundaries of the walls are "compressed" to a point (think Indiana Jones when he get trapped by compressing walls). The reason why "old" monsters didn't move is that when they spawn (before the wall vac is used) they've already been bound to the old wall boundaries. And obviously slopes, platforms, steps, etc have a higher priority over the boundaries since if not all mobs will fall right to the bottom, regardless of platforms. This explains why the monsters will get "stuck" on edges and slopes.

Other vacs: Some other vacs, like DupeVac uses another method. Instead of changing the boundaries of the walls, the vac directly changed each monster's vector location on the map itself. This method allows the monsters to "overwrite" the rules of collision with platforms and slopes since I suppose the vectors (position of characters and monsters) are given the highest priority.

[4.3]What is address?Where can i get it?
It is needed to know what leads to that value.Get it by scanning the value etc etc.

[4.4]What is ZF all this?Register list?
CF = Carry flag (check if there is any carry over for arimethic operations)
PF = Parity flag (indicate if the bits of an operation is even or odd, 0 for odd, 1 for even)
AF = Adjust flag (Auxiliary Flag - Set on a carry or borrow to the value of the loer order 4 bits)
ZF = Zero flag (bacsially a boolean flag, determines if a conditional jump is executed)
SF = Sign flag (determines the sign, negative or positive)
TP = Trap flag (single step, for 80886 emulation. When TP is enabled, interrupts are trapped.)
IF = Interrupt enable flag (self explanatory)
DF = Direction flag (determines the direction to move through the code (specific to repeat instructions))
OF = Overflow flag (determines if an operation result in an overflow)


[4.5]What are pointers?
A pointer is a method of accessing a dynamic address.Sometimes the address is created on the fly by the game and thus there is no fixed (static) address to specify. The pointer is used to take a known static address and with the help of an offset, to point to the dynamic address. The pointer is "created" by using the VALUE of the pointer aka the static address (not the address itself) plus the offset. This will give you the ADDRESS of the destination.


[4.6]How do you find pointers?
One way is to use Cheat Engine's pointer scanner (this might be slow so we go to the optional method). Let's use the unlimited attack as example. When you have the address of the hack:

- Add it to the list.
- Then right click and select "see what writesaccessreads to this" and you should have a new window. Now go in game and attack a few times, the list in the window should increase. Now see the last (usually the last) address, its something like: mov ecx, [eax+13] (example). Now what this means is to copy the value pointed to by the ADDRESS eax+13 (in hex) to the ecx register.
- So what does that tells us? The brackets around [eax+13] tell us that it takes the VALUE of the enclosed address, which means the address is actually eax+13. The ADDRESS of the value (the unlimited attack counter) is pointed to by the adding the value of the address pointed to by the eax register plus 13(in hex). Thus the "13" is the offset where the "eax" is the base. If you click on that line and click on more information, you can see the "value needed to find" the address. In this case, that'll be the eax value.
- Go back to Cheat Engine and do a hex search on the value given and you should get the pointer address, and as for the offset we've already found out, so put them to good use.
__________________________________________________ ______________________________

[5.0]Hacking FAQs

[5.1]Where can i make/get a trainer CE/UCE?
Know how to make a UCE before doing this man....
To make 1,first,you need to know c++ programing skills.
Know massive amount of that then ask me..

[5.2]How to make a UCE?
There are many Tutorials which will guide you through in the progress of making one.A UCE is basically changing the detected strings detected by hack protecters like the one in MapleStory.A UCE is not a forever thing.It will be a CE again once it is detected by GameGuard.Most of the time,when GameGuard patch,your UCE will be detected and you need to do some fixing.Great UCE TUT makers are people like:RollingDice
Many Tuts can be seen here.

[5.3]Where can i get a CE or a UCE?
You can get a CE here or maybe look for the newest here
You can get a UCE by either making one,or [s]leech[/s] one.

[5.4]Types of Hacks
There are many kind of hacks.But are mainly catagorise into 2section.Namely:Private,Public.
It can also be catagorise under pointer and debugger.

[5.5]Some basic game concepts
Most games rely on collision detection and vector based positioning to work. This means that all animated items in the game have a vector depicting its respective position on the map or the world. And usually a game event occurs when a "collision" is detected, i.e. when an object touches another. Let's look at some basic game concepts that had been put to the advantage of hackers.

God mode: When you touch a mob what happens?

1. Calculate hit possibility (decides if the games proceed with steps 2-5)
2. If hit then, reduce hp
3. Flash
4. Knock back
5. Else Miss

Melee god and full god works on point 1, flash god works on point 3, miss hack works on point 5. There are many ways to achieve invulnerability, what I've mentioned is a couple of them. Melee god works only for physical collision detected by mob sprite and you. Full god mode works on point 1 in the sense that it nullifies all decisions to proceed to step 2 - 5.

Wall Vac: As we all know, when we walk until the border of a map, we can't walk anymore or else we'll "fall" off. Now the graphics itself won't know of when we reach the edge, so there must be something there to tell the game that the character has reached the edge. The answer: a boundary. Yes most games 2d or 3d have map boundaries to prevent the character from going out-of-bounds. Same as in maplestory, there are 4 boundaries to each map (since the map is rectangular) and these boundaries control the rules of the characters and monsters in it.

By changing the boundaries, we have changed the rules of the map itself and newly spawn monsters will adopt the "latest" rules and thus this result in a vac-like effect when the boundaries of the walls are "compressed" to a point (think Indiana Jones when he get trapped by compressing walls). The reason why "old" monsters didn't move is that when they spawn (before the wall vac is used) they've already been bound to the old wall boundaries. And obviously slopes, platforms, steps, etc have a higher priority over the boundaries since if not all mobs will fall right to the bottom, regardless of platforms. This explains why the monsters will get "stuck" on edges and slopes.

Other vacs: Some other vacs, like DupeVac uses another method. Instead of changing the boundaries of the walls, the vac directly changed each monster's vector location on the map itself. This method allows the monsters to "overwrite" the rules of collision with platforms and slopes since I suppose the vectors (position of characters and monsters) are given the highest priority.

[5.6]What is address?Where can i get it?
It is needed to know what leads to that value.Get it by scanning the value etc etc.

[5.7]What is ZF all this?Register list?
CF = Carry flag (check if there is any carry over for arimethic operations)
PF = Parity flag (indicate if the bits of an operation is even or odd, 0 for odd, 1 for even)
AF = Adjust flag (Auxiliary Flag - Set on a carry or borrow to the value of the loer order 4 bits)
ZF = Zero flag (bacsially a boolean flag, determines if a conditional jump is executed)
SF = Sign flag (determines the sign, negative or positive)
TP = Trap flag (single step, for 80886 emulation. When TP is enabled, interrupts are trapped.)
IF = Interrupt enable flag (self explanatory)
DF = Direction flag (determines the direction to move through the code (specific to repeat instructions))
OF = Overflow flag (determines if an operation result in an overflow)


[5.8]What are pointers?
A pointer is a method of accessing a dynamic address.Sometimes the address is created on the fly by the game and thus there is no fixed (static) address to specify. The pointer is used to take a known static address and with the help of an offset, to point to the dynamic address. The pointer is "created" by using the VALUE of the pointer aka the static address (not the address itself) plus the offset. This will give you the ADDRESS of the destination.


[5.9]How do you find pointers?
One way is to use Cheat Engine's pointer scanner (this might be slow so we go to the optional method). Let's use the unlimited attack as example. When you have the address of the hack:

- Add it to the list.
- Then right click and select "see what writesaccessreads to this" and you should have a new window. Now go in game and attack a few times, the list in the window should increase. Now see the last (usually the last) address, its something like: mov ecx, [eax+13] (example). Now what this means is to copy the value pointed to by the ADDRESS eax+13 (in hex) to the ecx register.
- So what does that tells us? The brackets around [eax+13] tell us that it takes the VALUE of the enclosed address, which means the address is actually eax+13. The ADDRESS of the value (the unlimited attack counter) is pointed to by the adding the value of the address pointed to by the eax register plus 13(in hex). Thus the "13" is the offset where the "eax" is the base. If you click on that line and click on more information, you can see the "value needed to find" the address. In this case, that'll be the eax value.
- Go back to Cheat Engine and do a hex search on the value given and you should get the pointer address, and as for the offset we've already found out, so put them to good use.

[5.10]What is BSOD
BSOD occurs when Gameguard detects a hacking program.It will automatically reboots your computer.
BSOD-Black Screan of Death
Reboots-Restarts

[5.11]Meaning of Hacking program/related stuff
BSOD-Blue Screan of Death
DD-DiskDrove
GGK-Gameguard Killer(bypass)
GR-GameResistant(bypass)
CE-CheatEngine
UCE-Undetectable CheatEngine
MS-MapleStory
DXWND-Program that allow a game to go wnidow mode
__________________________________________________ ______________________________

[6.0]Forum FAQs

[6.1]What's is a Leecher?
A leecher is someone who always download something that is made by other people and not contributing anything.

[6.2]Who's a Spammer
A spammer is someone who spams post eg. typing this sdfhahdlfhklsdh or hi in a maple bot section.
It is obvious that saying hi in a maple bot section is obvious spamming.

__________________________________________________ __________________________
Credicts to Wolfie and symantic.com

[7.0]CONFIGURING YOUR ANTIVIRUS

[7.1]My Anti Virus detect UCE/CE as a virus!
This was what DB once said..me myself thinks that if you don trust db,then just don download it...(i dint say all UCEs are virus free,some purposely insert trojen/keylogger etc etc)

Quote:

Yes, we know your crappy AV thinks CE is a virus. No need to tell us.

There are 4 solutions to this problem:
1: Don't install CE
2: Send ce to your av vendor and tell them to remove the detection and wait a few years till they do it...
3: Uninstall your anti virus
4: If your AV supports it: Add ce to the ignore list

and don't worry. I'm working on a solution for next version. I'll bring out 2 versions. The original version, and the 'retarded *****' version which will have no driver(So No viruzzz! omg!) and lacks a lot of features. So people worried about stuff like that can happily use the 'retarded *****' version and feel safe in their nice little bubble of fake security (and probably won't be able to do much with it, but hey, it keeps them happy right ?)

And if you're wondering why the driver is detected that is because it uses some of the Zwxxxx functions exported by windows meant to be used by drivers. And it also uses the exported variable KeServiceDescriptorTable. (Also provided by windows to be used by drivers)
Now since anti virus programmers have no idea how to detect a rootkit, they just look at suspicious behaviour. And any driver that uses those functions that are exported by windows is classified as a trojan rootkit.
Thats kinda like saying that everyone carrying a gun is a psychopathic murderer. (while only 85% of them actually is)

[7.2]Setting your Antivirus exclusion list
Notice: Some anti-virus tools will mistakenly detect Cheat Engine for a rootkit trojan. It is therefore recommended to ignore the warnings, disable the anti virus if it interferes and to mail your anti-virus vendor telling them they mistakenly detect it as a trojan. (Which it is not)

Here's a general guide to set your UCE to exclusion list. If you are using other Antivirus Programs, please refer to the respective supported website for adding the UCE for exclusion.

[7.3]Symantec AntiVirus Corporate Edition
Use the following procedure for configuring Symantec AntiVirus Corporate Edition Version 10 on a workstation to exclude your UCE directory from continuous virus scanning:

1. Select Start | Programs | Symantec Client Security | Symantec AntiVirus Client.
2. Select Configure | File System Realtime Protection.
3. In the Options section, select the Exclude selected files and folders check box.
4. Click Exclusions.
5. Select the Check file for exclusion before scanning check box.
6. Click Files/Folders.
7. Browse to the UCE directory (for example, C:UCE) and select the corresponding check box.
8. Click OK three times to save your changes.
9. Click Exit to exit Symantec AntiVirus Corporate Edition.

For more information on file exclusions in Symantec Antivirus software, see Symantec's Knowledge Base at Symantec Corp..

[7.4]McAfee VirusScan
Use the following procedure for configuring McAfee VirusScan Enterprise 8.0i to exclude the UCE directory from continuous virus scanning:

1. Open the On-Access Scan Properties dialog box, then select one of the following icons in the left-hand pane:
* Default Processes
* Low-Risk Processes
* High-Risk Processes
2. On the Detection tab, click Exclusions in the What Not to Scan area. This will open the Set Exclusions dialog box.
3. The Set Exclusions dialog box lets you add or edit files, folders, or drives. Windows File Protection is listed by default.
* To add an item to the list of exclusions, open the Add Exclusion Items dialog box by clicking Add.
* To edit an item in the list, you can double-click it or select it and then click Edit.

For more information on file exclusions in McAfee software, see the user's guide provided with the McAfee software, or see McAfee's Web site at McAfee - Antivirus Software and Intrusion Prevention Solutions.
__________________________________________________ ___________________________
__________________________________________________ ___________________________

[8.0]Overall Credicts

Darkbyte-for his wonderful invention!The CE!
Lalaman -Also one of my fan
Wolfie -Thanks for the CONFIGURING YOUR ANTIVIRUS part.
And of cause me for making this guide.Thankyou are your attention.

Any mistakes or feedback please do PM me.

Last Modified:2/10/06
Wednesday 5.30pm SG timing gmt+8
__________________________________________________ ___________________________

[darktearz1994]

lol nice job..very very nice job..

[RangerBoiBoi]

thx ... this helped me alot

[+SGxiaosin]

heyy nice 'guide' 1ST ONE TO GIV THANKS!

[verchiel]

Could anyone recommend the best Tuturial to make a good UCE that will not be detected. I have created like 10 now but they are all getting detected.... They work. But when I start the game it gets to the loading of the game and then it shuts down.. Just like it has been patched. How could it be patched I just created it.. Any help would be greatly appreciated.

[lauzhehao]

Erm...there is no uce tut that undetects rev833 so far...but u might want to use rev822 tut and change the detect strings and codes and icon...
You can also ask for a detected list of strings which will help greatly

[christiandawis]

nice very nice this can help nooby hackers ^^

[lauzhehao]

Thanks....i also uploaded a website version..
www.xiiaodeviil.googlepages.com
Its new...

[yxchea]

well lauzhehao all i know is thnks....

[lauzhehao]

haha...call me zhehao or xiiaodeviil can le.