|
http://coderant.egloos.com/3442367
Cheat v.42 MSEA
어떤 외국 해커가 올린 치트엔진 v.42 MSEA이 핵심 치트 기능을 어셈블러로 친절하게 해석한 코드입니다.
게임회사에게는 가장 큰 위협이 아마도 치트엔진일겁니다. 최근에는 오리지널 치트엔진를 튜닝한 전용 치트엔진들이 많이 만들어 지고 있습니다.
m?Story의 Protect에서 무결성 체크를 위해서 CRC 체크를 하게되는데 그 체크를 우회하는데 사용된 기법입니다.
[enable]
alloc(newmem,2048)
alloc(blaaaa,3670018)
label(originalcode)
loadbinary(blaaaa,v42.CEM)
newmem:
cmp ecx,00400000
jb originalcode
cmp ecx,00780000
ja originalcode
mov eax,blaaaa
sub eax,00400000
add ecx, eax
originalcode:
mov eax,[ebp+10]
push esi
push edi
jmp 00466353 //asm mov eax,[ebp+10]
0046634e: //8b 45 10 56 57 8b 7d 0c 83 ff
jmp newmem
[disable]
0046634e:
mov eax,[ebp+10]
push esi
push edi
dealloc(newmem)
dealloc(blaaaa) |
Godmode
[Enable]
00689d24: //0f 84 8c 0e 00 00 e8 by NT_xvmon
jne 0068abab
[Disable]
00689d24:
je 0068abab |
Vac right
[Enable]
006C22F9: //0f 86 83 00 00 00 8b bf by NT_xvmon
jae 006c2382
[Disable]
006C22F9:
jbe 006c2382 |
Vac left
[Enable]
006C227C: //73 66 8B BF 10 01 00 00 by NT_xvmon
jbe 006c22e4
[Disable]
006C227C:
jae 006c22e4 |
Suck Up:
[Enable]
006C2195://73 6C DD 45 EC 8D 4E by NT_xvmon
jb 006c2203
[Disable]
006C2195:
jae 006c2203 |
Suck Dow
[Enable]
006C1427: //0f 86 8e 00 00 00 by NT_xvmon
jae 006c14bb
[Disable]
006C1427:
jbe 006c14bb |
SHUTDOWN maple instint
[ENABLE]
7201bd: //25 ff 7f 00 00 c3 cc cc NT_XVMON Unrandomzier addy
jmp 00000000
[DISABLE]
7201bd:
and eax,00007fff |
item filter
[Enable]
alloc(ItemEdit, 256)
label(CS)
registersymbol(counter)
alloc(counter, 64)
counter:
db 00 00
ItemEdit:
mov [counter], eax
cmp eax,1F72C8 //Arrow of Crossbow
je CS
cmp eax,1F6EE0 //Arrow of Bow
je CS
cmp eax,3D7E3C //MonsterCards
je CS
cmp eax,1F72C8 //Arrow of Crossbow
je CS
cmp eax,3D0979//plat helmet
je CS
cmp eax,3D7E3C //MonsterCards
je CS
cmp eax,3D8286 //Dark Chocolate
je CS
cmp eax,3D8285 //White Chocolate
je CS
//cmp eax,1E8C54 // Warrior Potion
//je CS
//cmp eax,F4A34 //White Potion
//je CS
//arrows
cmp eax,001F6EE0
je CS
cmp eax,001F6EE3
je CS
cmp eax,001F72C8
je CS
cmp eax,001F72CB
je CS
cmp eax,001F6EE1
je CS
cmp eax,001F72C9
je CS
cmp eax,001F6EE2
je CS
cmp eax,001F72CA
je CS
//arrows
cmp eax,003D09A6 //shrimp meat
je CS
cmp eax,003D09A5 //Flamboyant Petal
je CS
cmp eax,003D0970 //mechiancial heart
je CS
mov [edi+34],eax
mov edi, [ebp-14]
jmp 4a3c00 //jmp back two addy down
CS:
mov [edi+34],0
mov edi, [ebp-14]
jmp 4a3c00
004A3BFA:
jmp ItemEdit
[Disable]
004A3BFA: //89 47 34 8b 7d ec 8b by nt_xvmon
mov [edi+34], eax
mov edi, [ebp-14] |
Wall Pointer: 7e1034 //8d 4f fc 1b c0 23 c1 89 by NT_xvmon
Left - Offset C
Top -Offset 10
Right - Offset 14
Bottom - Offset 18
lag hack
[Enable]
006BF74D: //74 0B 8B 06 6A 1E 8B CE by nt_xvmon
jne 006bf75a
[Disable]
006BF74D:
je 006bf75a |
dice rolling state unrandomizer
[Enable]
Alloc(Unrandomizer,64)
Alloc(Value,32)
Registersymbol(Value)
Unrandomizer:
mov eax, [Value]
and eax,00007fff
jmp 7201c2 //Return one addy down
7201bd:
jmp Unrandomizer
[Disable]
7201bd: //25 ff 7f 00 00 c3 cc cc NT_XVMON
and eax,00007fff
Dealloc(Unrandomizer)
Dealloc(Value)
Unregistersymbol(Value) |
camel's attack spd
[ENABLE]
6e1a69://83 46 18 1e 8b 46 NT_XVMON
DB 83 46 18 01// Change 01 to 7e to turn it into lag hack and 1e is normal speed.
[DISABLE]
6e1a69:
DB 83 46 18 1E |
levitate
[enable]
6c0b10://0f 84 ed 01 00 00 8b NT_XVMON
jNe 006c0d03
[disable]
6c0b10:
je 006c0d03 |
FLY HACK
[Enable]
006BFCA2: //0F 84 D0 00 00 00 FF B6 48 01 NT_XVMON
jne 006bfd78
[Disable]
006BFCA2:
je 006bfd78 |
slow dupe
Quote:
[enable]
alloc(hvc,32)
alloc(havoc,32)
registersymbol(havoc)
label(hvoc)
hvc:
mov [havoc],esi
mov [esi+00000114],edi
jmp hvoc
006C23B9: //89 BE 14 01 00 00 E8 0E 83 7D 0C 00 74 nt_xvmon
jmp hvc //mov [esi+00000114],edi
nop
hvoc:
[disable]
006C23B9:
mov [esi+00000114],edi
dealloc(hvc)
dealloc(havoc)
unregistersymbol(havoc) |
super tubi
Quote:
[Enable]
0049B6F6://75 36 83 7c 24 0c 00 nt_xvmon
nop
nop
[Disable]
0049B6F6:
jne 0049b72e |
Instant drop
Quote:
[Enable]
00775D60: //00 00 00 00 00 40 8f 40 cd xvmon
add [eax],al
add [eax],al
add [eax],al
add [eax],al
[Disable]
00775D60:
add [eax],al
add [eax],al
add [eax-71],al
inc eax |
Teleport left
Quote:
[enable]
6c2095: //73 53 dd 45 ec 8b ce by nt_xvmon
jbe 006c20ea
[disable]
6c2095:
jae 006c20ea |
teleport right
Quote:
Quote:
[enable]
006C2104: //76 72 DD 45 EC 8B CE by nt_xvmon
db 73 72
[disable]
006C2104:
db 76 72 |
MesoDrop
Quote:
[enable]
Alloc(MesoDrop, 64)
MesoDrop:
mov eax, C80
mov [esi+000000bc] ,eax
jmp 6bc04c //1addy down
6bc046:
jmp MesoDrop
[disable]
6bc046: //89 86 bc 00 00 00 7d nt_xvmon
mov [esi+000000bc] ,eax
dealloc(MesoDrop) |
nobreadth
Quote:
[Enable]
00672240: //7f 44 ff b6 xvmon
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
[Disable]
00672240:
mov [esi+00000304],00001388 |
selective wall
Quote:
[ENABLE]
alloc(begin,2048)
alloc(olddata,32)
alloc(pointer,4)
alloc(bool,4)
registersymbol(bool)
label(set)
label(ret)
label(end)
begin:
cmp [bool],1
je set
ret:
mov esi,olddata
movsd
movsd
movsd
movsd
pop edi
jmp end
set:
//=============LEFT
mov esi,[7e1034]
mov esi,[esi+0C]
mov [pointer], esi
mov esi,[pointer]
mov [olddata],esi
//=============TOP
mov esi,[7e1034]
mov esi,[esi+10]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+04],esi
//=============RIGHT
mov esi,[7e1034]
mov esi,[esi+14]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+08],esi
//============= Bottom
mov esi,[7e1034]
mov esi,[esi+18]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+0C],esi
mov [bool],0
jmp ret
6bf32d: //A5 A5 A5 A5 5F 5E C2 04 by nt_xvmon
jmp begin
end:
olddata:
DB 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
pointer:
DB 00 00 00 00
bool:
DB 01 00 00 00
[DISABLE]
dealloc(begin)
dealloc(olddata)
dealloc(pointer)
dealloc(bool)
unregistersymbol(bool)
6bf32d:
movsd
movsd
movsd
movsd
pop edi |
all offset i find myself
char Y: 007e1b10 offset:5c4
Char X: 007e1b10 offset:5c0
item X: 007e1b10 offset:5c8
item y: 007e1b10 offset:5cc
NT_Real miss godemode
Quote:
[enable]
006E8295://0f 84 be 09 00 00 8b 45 by nt_xvmon
db 0f 85 //mov [esi+00002d40],00000001
[disable]
006E8295:
db 0f 84 |
cef_Real miss godmode
Quote:
[Enable]
00689E01: //0f 84 ae 09 00 00 8b xvmon
jne 0068a7b5 //mov eax,[ebp+18]
[Disable]
00689E01:
je 0068a7b5 |
ua version2
Quote:
[Enable]
00685482:
and [ebx+00001294],00000100
nop
nop
nop
//74 09 e8 a2 db d7 ff 83 xvmon
[Disable]
00685482:
and dword ptr [ebx+00001294],00 |
CS_ME
add address "YourDmg"
input ur wanted damage to value
Quote:
[Enable]
registersymbol(YourDmg)
alloc(YourDmg,4)
alloc(Dmg,32)
YourDmg:
add [edi],al
add [edi],al
Dmg:
mov edi, [YourDmg]
mov [ecx],edi
jmp 693028
693026: //89 39 46 83 c1 04 eb e7 xvmon
jmp Dmg
nop
[Disable]
unregistersymbol(YourDmg)
dealloc(YourDmg)
dealloc(Dmg)
693026:
mov [ecx],edi |
mElee dice
Quote:
[enable]
alloc(dICE,64)
label(return)
dICE:
pushad
//=========================
mov edx, [007e1b10]
mov ebx, [edx+5c0]
mov ecx,[edx+5c4]
//============================
mov eax,[007e1034]
mov [eax+C],ebx
mov [eax+14],ebx
mov [eax+10],ecx
mov [eax+18],ecx
popad
mov [ebx], eax
mov edi,[ebp+10]
jmp return
//============================
006C35B7: //89 03 8b 7d 10 85 ff 74 5e XVMON
jmp dICE
return:
006c5f19: //0f 85 62 01 00 00 ff 77 30 83 XVMON
db 0f 84
006bfa06: //74 05 e8 25 02 00 00 39 b3 XVMON
db 75
006bfca2: //0f 84 d0 00 00 00 ff b6 XVMON
db 0f 85
//============================
[disable]
006C35B7:
mov [ebx], eax
mov edi,[ebp+10]
006c5f19:
db 0f 85
006bfa06:
db 74
006bfca2:
db 0f 84
dealloc(dICE) |
swim
Quote:
[enable]
0057F848:
db 74 04
[disable]
0057F848:
db 75 04 | |