[TUT] Convertng Script formats (useless i think)

Post by **Raiden** » Mon May 03, 2010 11:55 pm

Yeah I know this is useless w/o a bypass, but I`m willing to let those who have know.

How to convert scripts???????

1) EIP to CRC and vice versa.
For an example......I take the TWMS v113 script.....

EIP version

//Body Pressure no delay hack(TWMS v113 EIP version)
//address : 00971B06
//EIP : hittime

[enable]

registersymbol(hittime)
alloc(hittime,5)
hittime:
add eax,00000000 //Body pressure delay(miliseconds)(0 for godlike)
jmp 00971B0B

[disable]

unregistersymbol(hittime)
dealloc(hittime)

CRC version

//Body Pressure no delay hack a.k.a. No Blink Body Pressure.(TWMS v113 CRC version)
//address : 00971B06
//EIP : hittime

[enable]
registersymbol(hittime)
alloc(hittime,5)
hittime:
add eax,00000000 //Body pressure delay(miliseconds)(0 for godlike)
jmp 00971B0B
00971B06:
jmp hittime
[disable]
00971B06:
add eax, 000003e8 (The original opcode/bytes)

unregistersymbol(hittime)

dealloc(hittime)

Converting scripts which register symbols(CRC) to simple CRC scripts and vice versa.
For example:

Complex version:

//Body Pressure no delay hack a.k.a. No Blink Body Pressure.(TWMS v113 CRC version)
[enable]
registersymbol(hittime)
alloc(hittime,5)
hittime:
add eax,00000000 //Body pressure delay(miliseconds)(0 for godlike)
jmp 00971B0B
00971B06:
jmp hittime
[disable]
00971B06:
add eax, 000003e8 (i dont know) (The original opcode/bytes)
unregistersymbol(hittime)
dealloc(hittime)

Simple version:

//Body Pressure no delay hack a.k.a. No Blink Body Pressure.(TWMS v113 CRC version)
[enable]
00971B06:
add eax,00000000 //Body pressure delay(miliseconds)(0 for godlike)
jmp 00971B0B

[disable]
00971B06
add eax, 000003e8 (The original opcode/bytes)

Thatz it, hope it is useful for some ppl.

Post by **PIEzLOVERS** » Tue May 04, 2010 4:22 pm

maybe you should start of by teaching ppl a more easy script....
correct me if i am wrong ! i learned this from MPC i i dunnoe of it's true =.=
for eg v55 levitate :

Code: Select all

007405C3://address
je 007407B6//the opcode

007405c3 part is the jump up part while 007407B6 is the fall down part (i think)
it's asking the address 007405C3 to jump to the address 007407B6 if it's value,address etc is equal to 007407B6,
so we change the "je" part into "jne" which means Jump If Not Equal and you get :

Code: Select all

007405C3://the address
jne 007407B6//the opcode

instead of

Code: Select all

007405C3:
je 007407B6

since the address 007405C3 has some similarity to 007407B6 i will not jump to the address 007407B6 , so your character just stays hanging in mid-air
lastly , SERIOUSLY CORRECT ME IF I AM WRONG!

Post by **Raiden** » Tue May 04, 2010 7:18 pm

//v0.55 levitate
[Enable]
007405C3://the address
jne 007407B6//the opcode
[disable]
007405C3:
je 007407B6

Why you don`t just make an EXTREME simple one????

[enable]
007405C3:
dd 0f 85 //(jne)

[disable]
007405C3:
dd 0f 84 //(je)

Post by **PIEzLOVERS** » Wed May 05, 2010 7:52 am

Raiden wrote://v0.55 levitate
[Enable]
007405C3://the address
jne 007407B6//the opcode
[disable]
007405C3:
je 007407B6

Why you don`t just make an EXTREME simple one????

[enable]
007405C3:
dd 0f 85 //(jne)

[disable]
007405C3:
dd 0f 84 //(je)

lol ?
i am more familiar to the opcode instead of (i think) hex

Post by **zCurs3dz** » Thu May 13, 2010 11:45 am

raiden.. can u giv me the link to download the software of convert script, pls?

[TUT] Convertng Script formats (useless i think)

[TUT] Convertng Script formats (useless i think)

Re: [TUT] Convertng Script formats (useless i think)

Re: [TUT] Convertng Script formats (useless i think)

Re: [TUT] Convertng Script formats (useless i think)

Re: [TUT] Convertng Script formats (useless i think)