☆0.68台灣楓之谷★代碼、數據集中區☆

以下我整理出來的抓魚精華 :
[ENABLE]
//【Name：Stop Monster For Taiwan MapleStory V068】
//【Update：Jungshwens】
//【Address：753495】
//【EIP：STOPMONSTER】
//【Hotkey：STOPONOFF】
//【2：ON；0：OFF】
// --------------------
Registersymbol(StopMonster)
Registersymbol(Stoponoff)
Alloc(StopMonster,128)
Alloc(Stoponoff,4)
Label(Stop)
Stoponoff:
DD 0
StopMonster:
Pushf
Cmp [Stoponoff],0
Je Stop
Popf
JA  7534A2
JMP 753497
Stop:
Popf
JBE 7534A2
JMP 753497
[DISABLE]
Unregistersymbol(StopMonster)
Unregistersymbol(Stoponoff)
Dealloc(StopMonster)
Dealloc(Stoponoff)

全砍全刺 61AFD3 EAX：2 (砍)、3 (刺)
近戰打怪不空揮 715AC4 ZF [V] [V]

攻擊不停3種版本  :

第一種

//攻擊不停: 移動水平位置
//CSEAX EIP 007571EE
[Enable]
registersymbol(CSX)
alloc(CSX,128)
label(Return)
CSX://CSEAX X
push eax
mov eax, [008A5820]
mov eax, [eax+12dC] cmp eax, 2
pop eax
jb Return
push eax
mov eax,[008A5820]
mov eax,[eax+590]
cmp esi,eax
pop eax
jne Return
add eax,11
Return:
mov [ebx], eax
jmp 007571F0
[Disable]
unregistersymbol(CSX)
dealloc(CSX)
　

第二種

[Enable]
//Address：007571EE
//EIP：UnlimitedAttack
registersymbol(UnlimitedAttack)
Alloc(UnlimitedAttack,40)
UnlimitedAttack:
push ebx
push eax
mov eax,[008A5820]
mov ebx,[eax+578]
inc ebx
mov eax,[eax+12dc]
cmp eax,50 //預設值90下，攻擊幾次後人物水平偏移，請設定100以下
pop eax
cmovge eax,ebx
pop ebx
mov [ebx],eax
mov edi,[ebp+10]
jmp 007571F0
[Disable]
Dealloc(UnlimitedAttack)
unregistersymbol(UnlimitedAttack)
　

第三種

[ENABLE]
// Address : 007571EE
// EIP : CheckIf
alloc(UnlimitedAttack,256)
alloc(CheckIf,256)
registersymbol(CheckIf)
UnlimitedAttack:
mov eax,[008A5820]
mov ebx,[eax+578]
sub ebx,0000000A
mov [eax+578],ebx
popad
cmp eax,edi
mov eax,[008A5814]
jmp 007571f3
CheckIf:
pushad
mov eax,[008A5820]
mov eax,[eax+12dc]
cmp eax,0000050 // 攻擊幾次後清除攻擊次數，預設值80下
jge UnlimitedAttack
popad
cmp eax,edi
mov eax,[008A5814]
jmp 007571F0
[DISABLE]
dealloc(UnlimitedAttack)
dealloc(CheckIf)
unregistersymbol(CheckIf)

定點瞬移 No.1  No.2  No.3                       不怎麼實用  但還是發一下 ^^

No.   1

//原作者；maxjojo
//修改者；SWEI0939
//Address：007539BC
//maxRush v1.3
//EIP：maxRush
//定點順移
[ENABLE]
registersymbol(maxRush)
registersymbol(maxRushCounter)
registersymbol(maxRushOnOff)
registersymbol(EDIValue)
registersymbol(isLoopMaxRush)
alloc(maxRush, 512)
alloc(maxRushCounter,4)
alloc(maxRushOnOff,4)
alloc(EDIValue,4)
alloc(PlatformIDList,1024)
alloc(isLoopMaxRush,4)
label(doRushNormal)
label(getEDIValue)
label(doRushTele)
label(doRushTeleStart)
label(doRushTeleEnd)
label(doRushTeleReturn)
label(doRushResetCounterEnd)

maxRushCounter:
    dd 0
maxRushOnOff:
    dd 0
    // {1: On, (char teleport, 定點瞬移) |
    //  0: Off (platform id detect,平台ID檢測) }
EDIValue:
    dd 0                    // platform id (平台ID)
isLoopMaxRush:
    dd 1                    // {1: loop (循環) | 0: just one time(只需跑1次)}
maxRush:                    // 0075344B
    Push Eax
    Mov Eax,[008A5820]      // char pointer
    Add Eax, 590
    Mov Eax, [Eax]
    Sub Eax, C              // char pid
    Cmp Esi,Eax
    Pop Eax
    Je doRushNormal
    jmp 007539c4
doRushNormal:
    call doRushTele
    JA 007539c4
    jmp 007539be
doRushTele:
    pushfd
    Cmp [maxRushOnOff],0
    je getEDIValue
    call doRushTeleStart

doRushTeleReturn:
    popfd
    ret

// platform id detect.
getEDIValue:
    push eax
    mov eax,[esi+114]
    mov [EDIValue],eax
    pop eax
    add [maxRushCounter],1
    jmp doRushTeleReturn
// start charactor teleport
doRushTeleStart:
    push ebx
    push eax
    mov ebx,[maxRushCounter]
    add [maxRushCounter],1
    mov eax,[PlatformIDList+ebx*4]
    cmp eax, 0                  // is end of platform id list (比對結束了嗎)?
    je doRushTeleEnd            // end of rush teleport.
    mov [esi+110],eax
    jmp doRushResetCounterEnd
doRushTeleEnd:
    cmp [isLoopMaxRush],0
    je doRushResetCounterEnd
    mov [maxRushCounter],0      // reset counter (歸零重來)
    pop eax
    pop ebx
    jmp doRushTeleStart
doRushResetCounterEnd:
    pop eax
    pop ebx
    ret

PlatformIDList:
    dd 0            // spot #1 (平台1號)
    dd 0            // spot #2 (平台2號)
    dd 0            // spot #3 (平台3號)
    dd 0            // spot #4 (平台4號)
    dd 0            // spot #5 (平台5號)
    dd 0            // spot #End (最後一筆要填入0)

[DISABLE]
dealloc(maxRush)
dealloc(maxRushCounter)
dealloc(maxRushOnOff)
dealloc(EDIValue)
dealloc(PlatformIDList)
dealloc(isLoopMaxRush)
unregistersymbol(maxRush)
unregistersymbol(maxRushCounter)
unregistersymbol(maxRushOnOff)
unregistersymbol(EDIValue)
unregistersymbol(isLoopMaxRush)

No.2

//數據開始
//修改者；SWEI0939
//Address：00757253
//EIP：maxRush2
//原作：maxjojo
//啟動判斷 EIP：maxRush2OnOff【0=關閉 1=啟動】
//PID編號偵測 EIP：maxRush2Counter
//角色座標偵測 EIP：maxLastCharStatus
//循環判斷 EIP：isLoopMaxRush2 【1=循環 0=執行一次】
[ENABLE]
registersymbol(maxRush2)
registersymbol(maxRush2Counter)
registersymbol(maxRush2OnOff)
registersymbol(maxLastCharStatus)
registersymbol(isLoopMaxRush2)
alloc(maxRush2, 512)
alloc(maxRush2Counter,4)
alloc(maxRush2OnOff,4)
alloc(maxLastCharStatus,4)
alloc(isLoopMaxRush2,4)
alloc(spotsList,1024)
label(doRushNormal)
label(doRushTele)
label(doRushTeleEnd)

maxRush2Counter:
    dd 0
maxRush2OnOff:
    dd 1                    // {1: On | 0: Off)
maxLastCharStatus:
    dd 0                    // last char status.
isLoopMaxRush2:
    dd 1                    // {1: loop (循環) | 0: just one time(只需跑1次)}
maxRush2:                   // 00756CE2
    push edx
    push ecx
    mov edx,[008A5820]      //Char PID Pointet
    mov ecx,[edx+590]       //Char PID Offset
    cmp esi,ecx
    je doRushNormal
    cmp [maxRush2OnOff],0
    je doRushNormal
    push eax
    mov eax,[maxLastCharStatus]
    cmp [edx+2c0], eax      // stop teleport when status the same, 相同狀態,即停止.
    pop eax
    je doRushNormal         // end of rush teleport.

    cmp [edx+2c0],14        // sitting in chair facing left, 14=向右坐下
    je doRushTele
    cmp [edx+2c0],15        //sitting in chair facing right, 15=向左坐下
    je doRushTele
    mov [maxLastCharStatus],0
    jmp doRushNormal
doRushTele:
    push eax
    mov eax,[edx+2c0]
    mov [maxLastCharStatus],eax
    pop eax
    mov ecx,[maxRush2Counter]
    add [maxRush2Counter],1
    mov ecx,[spotsList+ecx*8]
    test ecx, ecx               // is end of spots list (比對結束了嗎)?
    je doRushTeleEnd            // end of rush teleport.
    mov [edx+e3c],ecx           // AOB (89 88     8b 4d  89 88)
    mov ecx,[maxRush2Counter]
    sub ecx,1
    mov ecx,[spotsList+ecx*8+4]
    mov [edx+e40],ecx           // AOBs (89 88     8b 4d  89 88)
    mov [edx+2c0],13            // 13=死亡
    jmp doRushNormal
doRushTeleEnd:
    cmp [isLoopMaxRush2],0
    je doRushNormal
    mov [maxRush2Counter],0      // reset counter (歸零重來)
    jmp doRushTele
doRushNormal:
    pop ecx
    pop edx
    mov [edi],eax
    jmp 00757255
spotsList: //請透過角色 X -Y尋找
    dd FFFFFFEC     // spot X #1
    dd 000000B9     // spot Y #1

[DISABLE]
dealloc(maxRush2)
dealloc(maxRush2Counter)
dealloc(maxRush2OnOff)
dealloc(maxLastCharStatus)
dealloc(isLoopMaxRush2)
dealloc(spotsList)
unregistersymbol(maxRush2)
unregistersymbol(maxRush2Counter)
unregistersymbol(maxRush2OnOff)
unregistersymbol(maxLastCharStatus)
unregistersymbol(isLoopMaxRush2)


No.3

//數據開始
//================================================
// name: maxRush debug register ver 2.0  For TwMS 0.68
// author: maxJoJo
// purpose: Rush(charactor teleport), 定點瞬移2號
// update:
// 00757253: EIP= maxRush2
// Feature:
//      cycle some spots in the same map.
//      (同一張地圖裡定點瞬移)
//      by the way, those spots could not be just in one map.
//      (可以跨地圖去收到 x,y 坐標.)
// Usage: get char X-Y which you want to teleport, then add then to spotsList.
//        (收集您要瞬移的點, 並加到 spotsList 裡)
//        after "auto asm", use "sit" key to do charactor teleport.
//        (重新"auto asm" 後, 用"坐" 或 "趴" 去切換平台)
// moeo:
//      combine with monster direction is a nice chooice.
//      (搭配 怪物左右走,讚!)
//      Works best with godMode & No Breath.
//      (記得開無敵 & 停止呼吸)
//      in some view point, ver 2.0 is batter than maxRush ver 1.3
//      (某些地方 maxRush 2號 比 maxRush 1號好用)
//-----------------------------------------------
[ENABLE]
//原作者；maxjojo
//maxRush2 Address：00757253
//EIP：maxRush2
//啟動判斷 EIP：maxRush2OnOff【0=關閉 1=啟動】
//PID編號偵測 EIP：maxRush2Counter
//角色座標偵測 EIP：maxLastCharStatus
//循環判斷 EIP：isLoopMaxRush2 【1=循環 0=執行一次】
registersymbol(maxRush2)
registersymbol(maxRush2Counter)
registersymbol(maxRush2OnOff)
registersymbol(maxLastCharStatus)
registersymbol(isLoopMaxRush2)
alloc(maxRush2, 512)
alloc(maxRush2Counter,4)
alloc(maxRush2OnOff,4)
alloc(maxLastCharStatus,4)
alloc(isLoopMaxRush2,4)
alloc(spotsList,1024)
label(doRushNormal)
label(doRushTele)
label(doRushTeleEnd)

maxRush2Counter:
    dd 0
maxRush2OnOff:
    dd 0                    // {1: On | 0: Off)
maxLastCharStatus:
    dd 0                    // last char status.
isLoopMaxRush2:
    dd 1                    // {1: loop (循環) | 0: just one time(只需跑1次)}
maxRush2:                   // 00757253
    push edx
    push ecx
    mov edx,[008A5820]      //Char PID Pointet
    mov ecx,[edx+590]       //Char PID Offset
    cmp esi,ecx
    je doRushNormal
    cmp [maxRush2OnOff],0
    je doRushNormal
   
    push eax
    mov eax,[maxLastCharStatus]
    cmp [edx+2c0], eax      // stop teleport when status the same, 相同狀態,即停止.
    pop eax
    je doRushNormal         // end of rush teleport.

    cmp [edx+2c0],6         // 向右跳
    je doRushTele
    cmp [edx+2c0],7         // 向左跳
    je doRushTele
    mov [maxLastCharStatus],0
   
    jmp doRushNormal
doRushTele:
    push eax
    mov eax,[edx+2c0]
    mov [maxLastCharStatus],eax
    pop eax
    mov ecx,[maxRush2Counter]
    add [maxRush2Counter],1
    mov ecx,[spotsList+ecx*8]
    test ecx, ecx               // is end of spots list (比對結束了嗎)?
    je doRushTeleEnd            // end of rush teleport.
    mov [edx+e3c],ecx           // AOB (89 88     8b 4d  89 88)
    mov ecx,[maxRush2Counter]
    sub ecx,1
    mov ecx,[spotsList+ecx*8+4]
    mov [edx+e40],ecx           // AOBs (89 88     8b 4d  89 88)
    mov [edx+2c0],13            // 13=死亡
   
    jmp doRushNormal
doRushTeleEnd:
    cmp [isLoopMaxRush2],0
    je doRushNormal
    mov [maxRush2Counter],0      // reset counter (歸零重來)
    jmp doRushTele
doRushNormal:
    pop ecx
    pop edx
    mov [edi],eax
    jmp 00757255

spotsList: // X -Y
dd FFFFFFC0 // spots x #1
dd 00000071

dd 000000A9 // spots x #2
dd FFFFFF4E

dd 00000239 // spots x #3
dd FFFFFE5E

dd 000002F3 // spots x #4
dd FFFFFFC6
[DISABLE]
dealloc(maxRush2)
dealloc(maxRush2Counter)
dealloc(maxRush2OnOff)
dealloc(maxLastCharStatus)
dealloc(isLoopMaxRush2)
dealloc(spotsList)
unregistersymbol(maxRush2)
unregistersymbol(maxRush2Counter)
unregistersymbol(maxRush2OnOff)
unregistersymbol(maxLastCharStatus)
unregistersymbol(isLoopMaxRush2)

//附件，以下是人物狀態Offset值和對應狀態，採16進位
//2=向右一直走
//3=向左一直走
//4=向右不走
//5=向左不走
//6=向右跳
//7=向左跳
//8=呼吸中(向右攻擊)
//9=呼吸中(向左攻擊)
//A=向右趴下
//B=向左趴下
//13=死亡
//14=向右坐下
//15=向左坐下
//數據結束

　

設熱鍵，使用的方法，設定熱鍵後，按一下跳躍鍵瞬移一次，
這跟另一個瞬移定點二版，只有這邊有不一樣，其他也一樣。

[ 本帖最後由 游戲人姦 於 2008-3-21 22:05 編輯 ]

//數據開始
[ENABLE]
//SkID Address：006AC344
//EIP：SkID
//Sklvl Address：00460261
//EIP：Sklvl
//可用技能：
//終極瞬移：4C4F2F
//二段跳：3EBA9E
//絕對引力：111AE9
Alloc(SkID,256)
Alloc(Sklvl,256)
registersymbol(SkID)
registersymbol(Sklvl)
Label(SkRecover)
Label(SkNormal)
Label(SkBack)
Label(LvlRecover)
Label(LvlNormal)
Label(SklvlBack)

SkID:
cmp [eax], 3EA //疾風之步
jne SkRecover
mov [eax], 4C4F2F // 新技能1
jmp SkNormal

SkRecover:
cmp [eax], 3E9 //團隊治癒
jne SkNormal
mov [eax], 111AE9 // 新技能2
jmp SkNormal

Sklvl:
cmp [edi], 4C4F2F // 新技能1
jne LvlRecover
mov [edi], 3EA //疾風之步
jmp LvlNormal

SkNormal:
push [ebp+08]
mov edi,[eax]
jmp SkBack

LvlRecover:
cmp [edi], 111AE9 // 新技能2
jne LvlNormal
mov [edi], 3E9 //團隊治癒
jmp LvlNormal

LvlNormal:
mov eax,[edi]
push 05
push eax
jmp SklvlBack

SkBack:
jmp 006AC349
SklvlBack:
jmp 00460266

[Disable]
Dealloc(SkID)
Dealloc(Sklvl)
unregistersymbol(SkID)
unregistersymbol(Sklvl)

測試過  可用 !

滑鼠移動  左/右趴 //EIP=CSX
//007571EE
//右趴下＝開
//左趴下＝關
[Enable]
alloc(MouserX,512)
alloc(MouserY,512)
alloc(CSX,128)
registersymbol(CSX)
alloc(OnOff,128)
registersymbol(OnOff)
label(normal)
label(normalx)
label(normaly)
label(back)
label(return)
label(On)
label(Off)

OnOff:
dd 0

CSX:
push eax
mov eax,[8A5820]
cmp [eax+2C0],a
je On
cmp [eax+2C0],b
je Off
pop eax
jmp MouserX


normal:
pop eax
mov [ebx], eax
mov edi,[ebp+10]
jmp back


back:
jmp 007571f3


return:
jmp 00757258


On:
pop eax
mov [OnOff],1
jmp MouserX

Off:
pop eax
mov [OnOff],0
jmp MouserX

MouserX:
    cmp [OnOff],0
    je normalx
    push eax
    mov eax,[8A5820]
    mov eax,[eax+590]
    cmp esi,eax
    pop eax
    jne normalx
   
    mov eax, [008A5968]
    mov eax, [eax+978]
    mov eax, [eax+84]
    mov [ebx], eax
    mov edi,[ebp+10]
    test    edi, edi
    jne     MouserY
    jmp    00757255
   
   normalx:
     mov [ebx], eax
     mov edi,[ebp+10]
     jmp back
   
MouserY:
    push eax
    mov eax,[8A5820]
    mov eax,[eax+590]
    cmp esi,eax
    pop eax
    jne normaly
   
    mov eax, [008A5968]
    mov eax, [eax+978]
    mov eax, [eax+88]
    mov [edi], eax
    mov ebx,[ebp+14]
    jmp return
   
   normaly:
     mov [edi], eax
     mov ebx,[ebp+14]
     jmp return

[Disable]
dealloc(MouserX)
dealloc(MouserY)
dealloc(CSX)
unregistersymbol(CSX)
dealloc(OnOff)
unregistersymbol(OnOff)

滑鼠移動  熱鍵版 ~

[enable]
    //Address：007571EE
    //EIP：MouseRushStart
    //熱鍵控制：RushSW【value值設定1，熱鍵自設】
alloc(MouserX,512)
alloc(MouserY,512)
alloc(MouseRushStart,128)
registersymbol(MouseRushStart)
alloc(RushSW,128)
registersymbol(RushSW)
label(normal)
label(normalx)
label(normaly)
label(back)
label(return)


    RushSW:
            dd      0               // 初始是關閉mouse 趕路

                  
    MouseRushStart:
push eax
mov eax,[8A5820]
cmp [eax+2C0],a
je RushSW
cmp [eax+2C0],b
je RushSW
pop eax
jmp MouserX

normal:
pop eax
mov [ebx], eax
mov edi,[ebp+10]
jmp back
back:
jmp 007571f3

return:
jmp 00757258

RushSW:
pop eax
mov [RushSW],1
jmp MouserX

RushSW:
pop eax
mov [RushSW],0
jmp MouserX

MouserX:
cmp [RushSW],0
je normalx
push eax
mov eax,[8A5820]
mov eax,[eax+590]
cmp esi,eax
pop eax
jne normalx

mov eax, [008A5968]
mov eax, [eax+978]
mov eax, [eax+84]
mov [ebx], eax
mov edi,[ebp+10]
test    edi, edi
jne     MouserY
jmp    00757255

normalx:
mov [ebx], eax
mov edi,[ebp+10]
jmp back

MouserY:
push eax
mov eax,[8A5820]
mov eax,[eax+590]
cmp esi,eax
pop eax
jne normaly

mov eax, [008A5968]
mov eax, [eax+978]
mov eax, [eax+88]
mov [edi], eax
mov ebx,[ebp+14]
jmp return

normaly:
mov [edi], eax
mov ebx,[ebp+14]
jmp return

[Disable]
dealloc(MouserX)
dealloc(MouserY)
dealloc(MouseRushStart)
unregistersymbol(MouseRushStart)
dealloc(RushSW)
unregistersymbol(RushSW)

功能 .. 趕路   搞笑 ~

功用：笨怪+連撞+不後退+怪左右走+不Miss

//====================================
// 版本：TWMS 0.68
//原作者：Palatis首席知識官
//協助者：gonhan234、maxjojo
//修改者：litung 2008/03/14
// 功用：笨怪+連撞+不後退+怪左右走+不Miss
// 代碼：4129BE
// EIP：Hook_4129be
//====================================
[enable]
registersymbol(Hook_4129be)
registersymbol(MonsterLRWalkSwitch)
registersymbol(MonsterLRJumpSwitch)
registersymbol(FgRedChkZ)
registersymbol(FgBackZ)
alloc(Hook_4129be, 512)
alloc(MonsterLRWalkSwitch, 4)
alloc(MonsterLRJumpSwitch, 4)
alloc(FgRedChkZ, 4)
alloc(FgBackZ, 4)
label(HookReturn)
label(StupidMonsterHandler)
label(MonsterLRWalkHandler)
label(MonsterLRJumpHandler)
label(StupidMyGodHandler)
label(StupidMonsterHooker)
label(MonsterLRWalkHooker)
label(MonsterLRJumpHooker)
label(StupidMyGodHooker)
label(RMGZ1)
label(RMGZ2)
MonsterLRWalkSwitch:
dd 0 // 1=停, 2=右, 3=左
MonsterLRJumpSwitch:
dd 0 // 1=停, 2=右, 3=左
FgRedChkZ:
dd 0 //需要遇人取消無敵的功能 ,請將 0 改為 1
FgBackZ:
dd 0 //需要人物被撞到時,倒退彈開,請將 0 改為 1
Hook_4129be:
cmp [esp], 00757EEE
je StupidMonsterHandler
cmp [esp], 00758d3d
je MonsterLRWalkHandler
cmp [esp], 759151
je MonsterLRJumpHandler
cmp [esp], 71AE1F
je StupidMyGodHandler

HookReturn:
push ebx
jmp 4129bf

StupidMonsterHandler:
mov [esp], StupidMonsterHooker
jmp HookReturn
MonsterLRWalkHandler:
mov [esp], MonsterLRWalkHooker
jmp HookReturn
MonsterLRJumpHandler:
mov [esp], MonsterLRJumpHooker
jmp HookReturn
StupidMyGodHandler:
mov [esp], StupidMyGodHooker
jmp HookReturn

// 笨怪
StupidMonsterHooker:
xor edx, edx
mov ecx, ea60
div ecx
lea eax, [esi+218]
add edx, 2bf20
mov [esi+220], edx
mov edx, [esp+10]
cmp [eax], edx
je 757f39
cmp [esi+21c], edi
lea ecx, [esi+21c]
jmp 757f39

// 走怪左右行
MonsterLRWalkHooker:
push 3
cmp [MonsterLRWalkSwitch], 0
je 00758d3f
mov eax, [MonsterLRWalkSwitch]
jmp 00758d3f
// 跳怪左右行
MonsterLRJumpHooker:
push 3
cmp [MonsterLRJumpSwitch], 0
je 00759153
mov eax, [MonsterLRJumpSwitch]
jmp 00759153
// 連撞+不後退(+不miss)
StupidMyGodHooker:
push eax
cmp [FgRedChkZ], 0
je RMGZ2
mov eax,[00892824]
mov eax,[eax+18]
test eax,eax
jz RMGZ2
RMGZ1:
pop eax
cmp [ebp+c],ebx
jmp 0071B2EA
RMGZ2:
mov [ebp+10], eax
cmp [FgBackZ], 1
jnz RMGZ1
mov [ebp+c],ebx
mov [ebp+10],ebx
pop eax
mov esi,000005dc
jmp 0071B356

[DISABLE]
unregistersymbol(Hook_4129be)
unregistersymbol(MonsterLRWalkSwitch)
unregistersymbol(MonsterLRJumpSwitch)
unregistersymbol(FgRedChkZ)
unregistersymbol(FgBackZ)
dealloc(Hook_4129be)
dealloc(MonsterLRWalkSwitch, 4)
dealloc(MonsterLRJumpSwitch, 4)
dealloc(FgRedChkZ, 4)
dealloc(FgBackZ, 4)

[ 本帖最後由 娜莫莉 於 2008-3-24 23:40 編輯 ]

6互1 怪笨 連撞 不擊退 走怪跳怪左右走 怪物擊退

經過測試可以使用哇又省下不少代碼嚕

//====================================
// 版本：TWMS 0.68
//協助者：gonhan234、maxjojo;litung
//修改者：asdasd911
// 功用：TWMS V068 6互1 怪笨 連撞 不擊退 走怪跳怪左右走 怪物擊退
// 代碼：4129BE
// EIP：Hook_4129be
//====================================
[enable]
registersymbol(Hook_4129be)
registersymbol(MonsterLRWalkSwitch)
registersymbol(MonsterLRJumpSwitch)
alloc(Hook_4129be, 512)
alloc(MonsterLRWalkSwitch, 4)
alloc(MonsterLRJumpSwitch, 4)

label(HookReturn)
label(StupidMonsterHandler)
label(MonsterLRWalkHandler)
label(MonsterLRJumpHandler)
label(StupidMonsterHooker)
label(MonsterLRWalkHooker)
label(MonsterLRJumpHooker)
label(StupidMyGodHandler)
label(StupidMyGodHooker)
label(AKnock)
label(AknockHooker)
MonsterLRWalkSwitch:
dd 2 // 2=右, 3=左
MonsterLRJumpSwitch:
dd 2 // 2=右, 3=左
Hook_4129be:
cmp [esp], 757EEE
je StupidMonsterHandler

cmp [esp], 71AE1F
je StupidMyGodHandler
cmp [esp], 7163AC
je AKnock
cmp [esp], 758d3d
je MonsterLRWalkHandler
cmp [esp], 759151
je MonsterLRJumpHandler

HookReturn:
push ebx
jmp 4129bf
StupidMonsterHandler:
mov [esp], StupidMonsterHooker
jmp HookReturn
StupidMyGodHandler:
mov [esp], StupidMyGodHooker
jmp HookReturn


AKnock:
mov [esp], AknockHooker
jmp HookReturn


MonsterLRWalkHandler:
mov [esp], MonsterLRWalkHooker
jmp HookReturn

MonsterLRJumpHandler:
mov [esp], MonsterLRJumpHooker
jmp HookReturn

StupidMonsterHooker:
xor edx, edx
mov ecx, ea60
div ecx
lea eax, [esi+218]
add edx, 2bf20
mov [esi+220], edx
mov edx, [esp+10]
cmp [eax], edx
je 757f39
cmp [esi+21c], edi
lea ecx, [esi+21c]
jmp 757f39
label(God)
StupidMyGodHooker:
God:
cmp [ebp+c],ebx
mov [ebp+10],ebx
mov esi,0
jmp 0071B356

AknockHooker:
JMP 71640d

MonsterLRWalkHooker:
push 3
cmp [MonsterLRWalkSwitch], 0
je 758d3f
mov eax, [MonsterLRWalkSwitch]
jmp 758d3f
MonsterLRJumpHooker:
push 3
cmp [MonsterLRJumpSwitch], 0
je 759153
mov eax, [MonsterLRJumpSwitch]
jmp 759153
[DISABLE]
unregistersymbol(Hook_4129be)
dealloc(Hook_4129be)
dealloc(FgLoss123Z, 4)
dealloc(FgRedChkZ, 4)
dealloc(FgBackZ, 4)
unregistersymbol(MonsterLRWalkSwitch)
unregistersymbol(MonsterLRJumpSwitch)
dealloc(MonsterLRWalkSwitch)
dealloc(MonsterLRJumpSwitch)
dealloc(Red)
dealloc(Back)
unregistersymbol(MyGod)
unregistersymbol(Red)
unregistersymbol(Back)

[ 本帖最後由 娜莫莉 於 2008-3-24 23:42 編輯 ]

//物品掉落腳下數據v68.1
//007571F0=Item(EIP)
//開關=onoff(一開零關)
//修改者:億萬富翁
//修改日期:3月2日
[ENABLE]
registersymbol(UberX)
registersymbol(UberY)
registersymbol(onoff)
registersymbol(Item)
alloc(Item,128)
alloc(onoff,4)
alloc(UberX,64)
alloc(UberY,64)
label(CharX)
label(Itemdono)
label(CharY)
onoff:
dd 1
Item:
mov ecx,[onoff]
cmp [onoff], 1
jne Itemdono
jmp UberX
Itemdono:
mov edi, [ebp+10]
jmp 7571F3
UberX:
push eax
mov eax, [8a5820]
lea eax, [eax+578]
cmp ebx, eax
je CharX
mov eax, [eax]
add eax,0
mov [ebx], eax
pop eax
mov edi, [ebp+10]
jne UberY
jmp 007571F3
CharX:
pop eax
mov [ebx], eax
mov edi, [ebp+10]
jmp 007571F3
UberY:
push eax
mov eax, [8a5820]
lea eax, [eax+57C]
cmp edi, eax
je CharY
mov eax, [eax]
mov [edi], eax
pop eax
mov ebx,[ebp+14]
jmp 00757258
CharY:
pop eax
mov [edi], eax
mov ebx,[ebp+14]
jmp 00757258
[disable]
dealloc(UberX)
dealloc(UberY)
dealloc(Item)
dealloc(onoff)
unregistersymbol(Item)
unregistersymbol(UberX)
unregistersymbol(onoff)
unregistersymbol(UberY)

//全圖打怪 代碼:0058D6e3
//輸入EIP:KiKiVac
[enable]
registersymbol(KiKiVac)
alloc(KiKiVac,256)
label(KiKiReturn)
KiKiVac:
mov edx,[8a5820]
lea edx,[edx+578]
mov ecx,[edx]
mov edx,[8a5820]
lea edx,[edx+57c]
lea eax,[edx]
mov eax,[eax]
jmp KiKiReturn
KiKiReturn:
jmp 0058D6e6
[disable]
unregistersymbol(KiKiVac)
dealloc(KiKiVac)

[ENABLE]
//Address：004b62e2  89 47 34 8b 7d ec 8b ce e8
//EIP：ItemFilter
//物品位址EIP：ItemCounter
alloc(ItemFilter,124)
alloc(IFTable,16024)
alloc(ItemCounter,4)
label(ifreject)
label(end)
label(skip)
registersymbol(ItemFilter)
registersymbol(ItemCounter)

ItemFilter:
mov [ItemCounter],eax
push ebx
push esi
xor ebx, ebx
mov esi,IFTable
ifreject:
cmp eax,[esi]
je skip
cmp [esi],ebx
je end
add esi,4
jmp ifreject
skip:
mov eax,00
end:
pop esi
pop ebx
mov [edi+34],eax
jmp 004b62e5 //  代碼+3

IFTable:
dd 3D7E3C //怪物卡
dd 1F6EE0 //Arrow for Bow 箭矢
dd 1F6EE3 //Arrow for Bow 箭矢
dd 1F6EE1 //Bronze Arrow for Bow 箭矢
dd 1F72C8 //Arrow for Crossbow 箭矢
dd 1F72CB //Arrow for Crossbow 箭矢
dd 1F72C9 //Bronze Arrow for Crossbow 箭矢
dd 3d8285
dd 3d8286
dd 0

[DISABLE]
dealloc(ItemFilter)
unregistersymbol(ItemFilter)
dealloc(IFTable)
dealloc(ItemCounter)
unregistersymbol(ItemCounter)