V38 Scripts.

[plozwarrior]

Here are some scripts...That I have.

Bypass

Code:

[enable] 
alloc(newmem,2048) 
alloc(blaaaa,3670018) 
label(originalcode) 
loadbinary(blaaaa,v38.CEM) 
 
newmem: 
cmp ecx,00400000 
jb originalcode 
 
cmp ecx,00780000 
ja originalcode 
 
mov eax,blaaaa 
sub eax,00400000 
add ecx, eax 
 
originalcode: 
mov eax,[ebp+10] 
push esi 
push edi 
jmp 0046526D  // 8B 7D 0C 83 FF 10 0F 82 91 01 
 
00465268: // 8B 45 10 56 57 8B 7D 0C 83 FF 
jmp newmem 
 
[disable] 
00465268: // 8B 45 10 56 57 8B 7D 0C 83 FF 
mov eax,[ebp+10] 
push esi 
push edi 
dealloc(newmem) 
dealloc(blaaaa)

Godmode

Code:

[ENABLE]
006803EC:
je 0068133E
 
[DISABLE]
006803EC:
jne 0068133E

Tubi

Code:

[Enable]
0040103d:
nop
nop

[Disable]
0040103d:
je 0040103d

Item Vac

Code:

[enable]
alloc(ItemVac,128) 
label(return) 
ItemVac: 
pushad 
mov ecx,[ebp+8] 
mov ebx,[ebp-24] 
mov [ecx],ebx 
mov [ecx+4],eax 
mov ecx,eax 
mov eax,ebx 
lea edx,[eax-19] 
mov [ebp-34],edx 
lea edx,[ecx-32] 
add eax,19 
add ecx,A 
mov [ebp-30],edx 
mov [ebp-2C],eax 
mov [ebp-28],ecx 
popad 
push eax 
push [ebp-24] 
lea eax,[ebp-34] 
jmp return 
004A01DF: // 50 FF 75 DC 8D 45 CC 50 FF 15 
jmp ItemVac 
nop 
nop 
return: 
[disable] 
004A01DF: // 50 FF 75 DC 8D 45 CC 50 FF 15
push eax 
push [ebp-24] 
lea eax,[ebp-34] 
//push eax

No Breath

Code:

[ENABLE] 
004BB82B: 
DB EB 
0049B148: 
DB EB 
006E4680: 
DB EB 
[DISABLE] 
004BB82B: 
DB 7E 
0049B148: 
DB 7E 
006E4680: 
DB 7E

Unlimited Attack

Code:

[enable] 
alloc(kill,64) 
alloc(urmom,32) 

00535E99: // 3B C7 89 45 E0 74 5F FF B3 7C 
jmp urmom 

00667DF4:// C7 86 D0 02 00 00 88 13 00 00 83 BE D8 02 00 00 FF 57 7F 44 FF B6 58 02 00 00 E8 48 56 DD FF FF 
db 90 90 90 90 90 90 90 90 90 90 

urmom: //urmoms if the attack counter is 100 
pushad 
mov eax, [007D8CFC] // 10 new  4D way 7D to 00 get 44 this  6D pointers 7D kiss  00 my 00 ass 
mov eax, [eax+1358] 
cmp eax, 64 //Compares counter to 100 
je kill //When counter reaches 100, kill 
popad 

cmp eax,edi //Original opcode. 
mov [ebp-20],eax 
je 00535eff // 

kill: 
mov eax, [007D8CFC] // 00 00 00 00 08 4D 7D 00 08 4D 
mov ebx, [eax+590] 
sub ebx, 1 
mov [eax+590], ebx 
popad 

cmp eax,edi //Original opcode. 
mov [ebp-20],eax 
je 00535eff // E8 61 CE FF FF -Die pl0x- FF B3 7C 03 00 00 8D 83 74 03 00 00 50 E8 99 39 FB FF 3B C7 59 59 74 05 83 CE FF EB 0A 8B 4D C0 

[disable] 
00535E99: // 3B C7 89 45 E0 74 5F FF B3 7C 
db 39 f8 
db 89 45 e0 
db 74 5f 

00667DF4: // C7 86 D0 02 00 00 88 13 00 00 
db c7 86 d0 02 00 00 88 13 00 00 

dealloc(kill) 
dealloc(urmom)

Item Price Bypass (I have no idea what this does)

Code:

[enable]
alloc(cost, 256)
alloc(mesos, 256)
label(bypass)
label(compare)
label(returncost)
label(returnmesos)

cost:
push ecx
push edx
mov ecx, [00758320]
mov ecx, [ecx+169]
mov edx, [0077FFE9]
mov [edx], ecx
pop edx
pop ecx
jmp bypass

bypass:
mov [ebx], eax
mov edi, [ebp+10]
jmp returncost

mesos:
push ecx
push edx
mov ecx, [00758320]
mov ecx, [ecx+165]
mov edx, [0077FFE9]
mov [edx], ecx
pop edx
pop ecx
jmp compare

compare:
mov [edi], eax
mov ebx, [ebp+14]
jmp returnmesos

00403B10:
jmp cost
returncost:

00689661:
jmp mesos
returnmesos:

[disable]
00403B10:
mov [ebx], eax
mov edi, [ebp+10]

00689661:
mov [edi], eax
mov ebx, [ebp+14]
dealloc(cost)
dealloc(mesos)

Instant drop

Code:

[enable] 
0076ec38: // 00 00 00 00 00 40 8F 40 CD CC 
add [eax],al 
add [eax],al 
add [eax],al 
add [eax],al 
 
[disable] 
0076ec38: // 00 00 00 00 00 40 8F 40 CD CC 
add [eax],al 
add [eax],al 
add [eax-71],al 
inc eax

Selective Wall Vac

Code:

[ENABLE]
alloc(begin,2048)
alloc(olddata,32)
alloc(pointer,4)
alloc(bool,4)
registersymbol(bool)
registersymbol(olddata)
label(set)
label(ret)
label(end)
 
begin:
cmp [bool],1
je set
ret:
mov esi,olddata
movsd
movsd
movsd
movsd
pop edi
jmp end
set:
mov esi,[007D8224] 
mov esi,[esi+0C]
mov [pointer], esi
mov esi,[pointer]
mov [olddata],esi
mov esi,[007D8224] 
mov esi,[esi+10]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+04],esi
mov esi,[007D8224] 
mov esi,[esi+14]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+08],esi
mov esi,[007D8224] 
mov esi,[esi+18]
mov [pointer], esi
mov esi,[pointer]
mov [olddata+0C],esi
 
mov [bool],0
jmp ret
 
006B4E23: 
jmp begin
end:
 
olddata:
DB 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
pointer:
DB 00 00 00 00
bool:
DB 01 00 00 00
 
[DISABLE]
dealloc(begin)
dealloc(olddata)
dealloc(pointer)
dealloc(bool)
 
006B4E23: 
movsd
movsd
movsd
movsd
pop edi

dICE Vac

Code:

[enable] 
alloc(dICE,64) 
alloc(right,4) 
alloc(left,4) 
registersymbol(right) 
registersymbol(left) 
label(return) 

dICE: 
pushad 

mov edx, [007d8DA0] 
mov ebx, [edx+57c] 
mov ecx,[edx+580] 
sub ebx,[left] 
add ebx,[right] 

mov eax,[007D8224] 
mov [eax+C],ebx 
mov [eax+14],ebx 
mov [eax+10],ecx 
mov [eax+18],ecx 
popad 

mov [ebx], eax 
mov edi,[ebp+10] 
jmp return 

006B90AD: 
jmp dICE 
return: 

006BBA0F: 
db 0f 84 

006B54FC: 
db 75 

006B5798: 
db 0f 85 

[disable] 
006B90AD: 
mov [ebx], eax 
mov edi,[ebp+10] 

006BBA0F: 
db 0f 85 

006B54FC: 
db 74 

006B5798: 
db 0f 84 

dealloc(dICE) 
dealloc(left) 
dealloc(right) 
unregistersymbol(left) 
unregistersymbol(right)

Ranged dICE

Code:

[enable] 
alloc(dICE,64) 
alloc(right,4) 
alloc(left,4) 
registersymbol(right) 
registersymbol(left) 
label(return) 

dICE: 
pushad 

mov edx, [007d8DA0] 
mov ebx, [edx+57c] 
mov ecx,[edx+580] 
add ebx, 90 

mov eax,[007D8224] 
mov [eax+C],ebx 
mov [eax+14],ebx 
mov [eax+10],ecx 
mov [eax+18],ecx 
popad 

mov [ebx], eax 
mov edi,[ebp+10] 
jmp return 

006B90AD: 
jmp dICE 
return: 

006BBA0F: 
db 0f 84 

006B54FC: 
db 75 

006B5798: 
db 0f 85 

[disable] 
006B90AD: 
mov [ebx], eax 
mov edi,[ebp+10] 

006B8B7D: 
db 0f 85 

006B54FC: 
db 74 

006B5798: 
db 0f 84 

dealloc(dICE) 
dealloc(left) 
dealloc(right) 
unregistersymbol(left) 
unregistersymbol(right)

Lag Hack

Code:

[enable] 
006B5243: 
jne 006B5250 
[disable] 
006B5243: 
je 006B5250

Demi

Code:

[enable]
alloc(dv,100)
alloc(dvtype,4)
label(normalx)
label(normaly)
label(endx)
label(endy)
label(backdv)
label(dvzero)
label(dvone)
registersymbol(dvtype)

dv:
mov eax, [007D8CFC] 
push eax
mov eax, [eax+598]
mov [ebx+3FC], eax
cmp [dvtype], 0
je dvzero
cmp [dvtype], 1
je dvone
sub eax, 100
jmp dvzero
dvone:
add eax, 100
dvzero:
mov [ebx+3F4], eax
pop eax
mov eax, [eax+59C]
mov [ebx+3F4], eax
mov [ebx+400], eax
jmp backdv

push ecx
mov ecx, [007D8CFC] 
add ecx,598
cmp ebx, ecx
je normalx
mov ecx, [ecx]
cmp [dvtype], 0
cmp [dvtype], 1
sub ecx, 100
add ecx, 100
cmp [ebx],ecx
je endx
normalx:
mov [ebx],eax
endx:
pop ecx
mov edi, [ebp+10]

push ecx
mov ecx, [007D8CFC] 
add ecx,59C
cmp edi, ecx
je normaly
mov ecx, [ecx]
cmp [edi],ecx
je endy
normaly:
mov [edi],eax
endy:
pop ecx
mov ebx, [ebp+14]

0053F54b: 
jmp dv
nop
backdv:

[disable]
0053F54b: 
mov [ebx+400], eax

dealloc(dv)
dealloc(uvx)
dealloc(uvy)
dealloc(dvtype)
unregistersymbol(dvtype)

addresses

Pap/Zakum Hack 6b51d2 EAX FADED

All Credits to me...

[Danieru]

Nice ;)
+repz

[joshtch]

Good luck using them with rev 1007.
muahaha I have a working ce

[plozwarrior]

LOL so do i, I have a working UCE also ill post it right now

[James]

Oooh is that mASM32? xD

[plozwarrior]

whats mASM32?

[plozwarrior]

...lol