[Tut]HowToUpdateScriptsViaAoBs/ReplaceAoBsWithWildcards !

[Chance]

Updating Scripts Via AoBS .
Replacing AoBs with Wildcards .

Note :

This TuT is not very useful because there is currently NO bypass , for public .

Similar Tutorials have been posted on other forums as well .
For Example :
- http://www.mpcforum.com/showthread.php? ... -s.-W-PICS
- http://www.gamekiller.net/maple-story-t ... -aobs.html
- http://www.vipgamehacks.net/showthread.php?t=256

Requirements:
Maplestory
CheatEngine
Brain
v82 Maplestory Client / CEM / Any Version
Scripts
----------------------------------------------------------------------------
Have Your Scripts Ready , I use v82 Scripts . You Can Get Them From
Your Best Friend ( Well , Not Really ) called GOOGLE .
Yes , and he lives here : http://www.google.com

Okayyyy, lets take Blink God Mode v82 Msea Script for the example :

Code: Select all

[enable]
0099E74A:
add edi,1e

[Disable]
0099E74A:
sub edi,1e

never mess with the [enable]/[disable] parts . ( thats kinda obvious )
the sentence was just for fun .
imm bored .

Yes , , , , , , , That Script Does Not Provide An AoB.
-- OH NO! , I DONT KNOW HOW TO GET the AOB! --

nah , just joking .

---------------------- Finding AOBS -----------------------------------------
I assume you got your v82 Msea installed / CEM attached and stuff like that .
How to do that, you figure out yourself .

nahhh , juz joking as well .

For v82 MSEA Client ,
Search It On xemectrum .
For v82 CEM,
Search It On xemectrum .

YEAH , I AGREE TOO , ITS SO SIMPLE .
---------------------------------------------------------------
How To View Memory Of MapleStory Without A Bypass
Source: http://www.maplehacks999.blogspot.com
Thanks To Nerrazurri !!!
Open Task Manager
Go Processes
Load Maplestory
When Hackshield is loading , kill Hsupdate.exe
======================================
Open Cheat Engine ( likee DUHHH ? )
Click memory view
right click the bottom part of the Memory Viewer
click Goto address
type in 0099E74A
If you dono where I got that from , then you're quite dumb .
thats the address of the v82 BGM script :

Code: Select all

[enable]
0099E74A:
add edi,1e

[Disable]
0099E74A:
sub edi,1e

...............................................................
you'll then get the AOB , which is I Dunno What , and I'll call it X in the next parts of my tutorial, cause im lazy to
find it out myself. :S

GOOD ! now you've got your AOB .
you're ready to go !!! on your own
....................................
.....................................
.....................................

kidding!!!

mm , okay , get your v93 MSEA Client / CEM
-------------- I'LL WAIT FOR YOU TO GET READY -----
--------------------------------------------------------------
-------------------------------------------------------------
--------------------------------------------------------------

okay , you're done i assume .

Open Task Manager
Go Processes
Load Maplestory
When Hackshield is loading , kill Hsupdate.exe

open cheat engine
click memory view
click search
click find memory
change text to array of bytes
change From address to 00400000
and To address to 7FFFFFFF

put in the X aob , and search !!!!!!!!!!!!!
most probably , you will get Nothing Found.
If something's found , then YOU'RE LUCKY !!!
if nothing's found , get rid of the bytes from right to left one by one .
bytes = a pair of 2 number / letter / mix
am I wrong ???
i think so , but I dont care , anyway simple to say , get rid of the last 2
letters / numbers .

repeat the process until you get something found.
Yes , you have to do that and theres no shortcut unless you know how to replace some of the bytes of X aobs , with wildcards.
and for that you have to learn Assembly language.

so YAY ! you got your aob !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
which is : 83 EF 1E 57 8D 8B C0 1F 00 00 E8 D2 F8 AF FF 3B
CORRECT ME IF IM WRONG
= DONT CROSS CHEAT ENGINE ! =
if you got something wrong , then ................. TOO BAD , MUAHAHAHAH .

mmmmmmmm, sweeet . now , the time for the address.

you see your AOB down there ? yeah , beside it << is the Address, which is 0092900C .
is it ? i think so .

= GREAT ! =
now remember your v82 Msea BGM Script ?
if you dont , you should see the doctor in case you have
.: LAO REN CHI DAI ZHEN :.

NAH , KIDDING .
ITS :

Code: Select all

[enable]
0099E74A:
add edi,1e

[Disable]
0099E74A:
sub edi,1e

--------------- HYEAH -----------------------------
WHAT DO I DO NEXT ?
UPDATE IT , DUH .
CHANGE THE 009E74A TO THE UPDATED ADDRESS WHICH IS
0092900C

- For both the enable and disable parts -

the add edi, 1e is an opcode, and i hate opcodes so im not going to EXPLAIN !!!

HAHAHA !
HAHAHA !
HAHAHA !
MUAHAHAHA !
MUAHAHHAHAHHAAAAAAAAAAAAAAAAAAAA !

actually , i dont really know them myself .
and hellllllllllllll , that was why I posted a thread in the Discussion section
and the helpful people replied there : NOOOO , YOU DO NOT NEED TO CHANGE IT .
OH YEAHHH , GOOD , SO A STEP LESS .

sooooooooo ,

Code: Select all

[enable]
0099E74A:
add edi,1e

[Disable]
0099E74A:
sub edi,1e

will become

Code: Select all

[enable]
0092900C:
add edi,1e

[Disable]
0092900C:
sub edi,1e

AND ...........................................................................
WOLA ! , THERE YOU HAVE IT ,
YOUR v93 MSEA BGM SCRIPT

______________________________________________________________________________

CREDITS .
Nerrazzuri
Google
Hairyhacker
Cheat Engine
Xemectrum




===================================================================================
- HOPPS , this is a FVUCKING LONG TUTORIAL , AND MOST OF THE WORDS ARE UNCALLED FOR -
=================================================================================

=================================================================================
AND JUZ A RANDOM STATEMENT :
IM A GIRL , NOT A BOY FOR THOSE OF YOU WHO THINK SO ..........................................
==================================================================================

===================================================================================
FOR THOSE OF YOU WHO HAVE ANY QUESTIONS POST HERE
I KNOW MY ENGLISH AIN'T THAT GOOD , CAUSE SPARE ME , IM ONLY 12 AND I HAVE FVUCKING
PSLE THIS YEAR
====================================================================================

POOPS !


- EDIT -

Replacing AoBs with Wildcards / Finding Variable AoBs

Why do you need to find variables of Aobs ?
Cuz , AoB changes with each patch .

Here's a more detailed introduction from mpcforum :

You hack happily your game (in this case - Fagstory), but a patch comes and since you got some scripts you know they won't work anymore after the patch and you need to update them. After that you create a stupid thread with topic "How to update scripts". I close it, pointing you to the greatest search engine - google - where you, maybe, after a few hours of noob searching, understand, that you need to update the scripts via AOBs. After another stupid thread which i lock again you understand, that you need to update the addresses and pointers in your scripts via AOBs. Then you search even more after i closed your next thread and you stumble upon the tutorials on CEF on how to update scripts. Then you download a CEM/EXE of the previous version (let's say you have already updated to the next one) and you get AOBs. You take incredibly long AOB, but you still have one. You then go to your new exe, search for the AOB and find yourself with a finger in your mouth, since the search thingy on CE gave you "Nothing found". Here is where you need variable AOBs.

The First Method Is To Compare Two Aobs .

For E.g ,

Code: Select all

AB 12 C4 283D 

( THIS IS JUST A LAME RANDOM AoB )
And

Code: Select all

AB 89 C4 1E 3D 

SO YOU SEE SOME DIFFERENT NUMBERS ,
WHICH ARE 12 and 89, 28 and 1E . Just Replace them with - WILDCARDS !!! -

So In The End , Its :

Code: Select all

AB ? C4 ? 3D

DONE !

The Second Method Is : I duno what its called

GG ! We'll take Super Tubi v93 Msea AOB For Example :

75 36 83 7C 24 0C 00 75 19 8B 86 B4 20 00 00 FF

( you can follow my TuT on updating scripts to get your AoB )

On the top of Cheat Engine , there are many opcodes and bytes and stuff which I do not wish to know about .......
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
anyway , you see some addresses , and its bytes are linked to your AOB .

Ive written down these address , bytes and opcodes which links to our Super TUbi AOB .

Code: Select all

00488AA6 , 75 36 , jne 00488ade
00488AA8 , 83 7c 24 0c 00 , cmp dword ptr [esp+0c],00
00488AAD , 75 19 , jne 00488ac8
00488AAF , 8b 86 b4 20 00 , mov eax,[esi+000020b4]
00488ABF , ff 70 65 , push [eax+65]

GREAT . Its Like , What are those fvucking letters and numbers
and cmps and eax and stuff like that ?

I dont know as well ...
For that you can learn Assembly Language yourself .

okkkkkiee ,
this is the aob again :

Code: Select all

75 36 83 7C 24 0C 00 75 19 8B 86 B4 20 00 00 FF

take the first line

Code: Select all

00488AA6 , 75 36 , jne 00488ade

whopps , you see jne 00488ade
and none of them links to 75 36 !
nah , actually jne links to it , its like
jump .

idk how to really explain it .
juz know that you have to change 36 , you'll understand next time.

soo , now you have

Code: Select all

75 ?

next !

Code: Select all

00488AA8 , 83 7c 24 0c 00 , cmp dword ptr [esp+0c],00

yes ! 00 and 0c is linked ! OLEH !

soo , you have to change the linked with wilcards

which means

Code: Select all

83 7c 24 ? ?

and now you have :

Code: Select all

75 ? 83 7c 24 ? ?

next :

Code: Select all

00488AAD , 75 19 , jne 00488ac8

JNE , again . remember what I told you ?
yeah change the last one .

which is : 19
so :

Code: Select all

 75 ?

end :

Code: Select all

75 ? 83 7c 24 ? ? 75 ?

next:

Code: Select all

00488AAF , 8b 86 b4 20 00 , mov eax,[esi+000020b4]

linked : bf 20 and 00
change !

so :

Code: Select all

8b 86 ? ? ?

oh wait , you see the mov thingy there ? it means Move
so you have to change the byte before the first changed byte .
zzz , i duno what im talking but here's the result :

Code: Select all

8b ? ? ? ?

and end :

Code: Select all

75 ? 83 7c 24 ? ? 75 ? 8b ? ? ? ?

finally , last but no least :

Code: Select all

00488ABF , ff 70 65 , push [eax+65]

65 is linked

So in the end , you'll get :

Code: Select all

[size=150][color=#FF0000]75 ? 83 7c 24 ? ? 75 ? 8B ? ? ? ? FF 70 ? 
[/color][/size]

YEAH , PEEEEEPOS , THATS THE CHANGED AoB

[Nerrazzuri]

Great work. You can add stuff like changing the fixed AoB to variable AoB using wildcards. =)

[evilkie]

wounldn't it be completely useless if you don't even have any bypass, T_T

memory edit is the birth of maple hacks right?

i still remember my first time memory hack maple, dat time, no hs, no gameguard. completely free to hack

den my mesos become like, negative before i kena ban xD

[Chance]

thats why I said it is no use since there isn't a bypass -_-

[Xiia0dii]

hohoho!!gratz on such a wonderful tutorial.

[Chance]

thanks I'll take your suggestion , Nerrazzuri !

[Nerrazzuri]

take the first line

Code: Select all

00488AA6 , 75 36 , jne 00488ade

whopps , you see jne 00488ade
and none of them links to 75 36 !
nah , actually jne links to it , its like
jump .

idk how to really explain it .
juz know that you have to change 36 , you'll understand next time.

soo , now you have

Code: Select all

75 ?

Let me explain more, 75 36, 75 is jne(jump if not equal) so don't change, why we change the 36 to "?"?
because it will jump to 00488ade which was 36 bytes after. And we don't know where will the address jump for the next update, so we put a "?" or what we called wildcard. =)

And to find the address, instead of right click on the green area in memory view,you can go to the textbar named value, and change the value type from "4 bytes" to "array of bytes" and put your AoB into the byte and click "New Scan". You'll get only 1 address if you lucky but if you get more than one, the green one would be static address. And to find the real address, try it one by one.

[Chance]

thanks , 7-up boy ! hahaha .

[NoobHacker]

I kill hsupdate.exe the game won't load, thats my computer problem,i thought my hackshield bypass patched

[Nerrazzuri]

thanks , 7-up boy ! hahaha .

=) Add it into your tutorial.