冰楓論壇

標題: 特定技能倍數攻擊 [打印本頁]

---

作者: elloco22    時間: 2024-10-10 21:34
標題: 特定技能倍數攻擊


特定技能倍數攻擊(shootobj)

---

作者: yxes    時間: 2024-10-10 21:34
add ObjRepeatFlag as address
add OBJRepeatTime as address
change OBJRepeatTime for multiplier

1. [ENABLE]
   
2. //yxes TWMS265.4
   
3. //Shootobj Multiplier
   
4. //ObjRepeatFlag = 1 = ON
   
5. //ObjRepeatFlag = 0 = OFF
   
6. //OBJRepeatTime = # Multiple Cast
   
7. alloc(yxes,47,0x140000000)
   
8. alloc(ObjRepeatHook,2048,0x140000000)
   
9. alloc(OBJRepeatTime,24,0x140000000)
   
10. alloc(OBJRepeatFlag,24,0x140000000)
    
11. alloc(OBJRepeatCounter,24,0x140000000)
    
12. alloc(ShootobjX_og,10,0x140000000)
    
13. define(ShootobjX_Addr,0x144C02344)
    
14. registersymbol(ShootobjX_Addr)
    
15. registersymbol(yxes)
    
16. registersymbol(OBJRepeatFlag)
    
17. registersymbol(OBJRepeatTime)
    
18. registersymbol(ShootobjX_og)
    
19. label(yxes_exit)
    
20. 
    
21. ObjRepeatFlag:
    
22. db 1
    
23. 
    
24. ObjRepeatTime:
    
25. db 0
    
26. 
    
27. ShootobjX_og:
    
28. readmem(ShootobjX_Addr,10)
    
29. 
    
30. yxes:
    
31. db 49 8B D5 48 8D 8D 10 01 00 00
    
32. db 48 8D 4D 10 48 89 4C 24 28 48 89 44 24 20 44 8B CB 8B 7D 84 44 8B C7 8B D6 48 8B 4D D0
    
33. db 48 8B 5D 18 79 78 65 73
    
34. 
    
35. ObjRepeatHook:
    
36. cmp [ObjRepeatFlag],0
    
37. je yxes_exit
    
38. readmem(yxes,10)
    
39. call 144C7C0F0
    
40. readmem(yxes+A,29)
    
41. call 14467E300
    
42. readmem(yxes+27,4)
    
43. push rax
    
44. inc [OBJRepeatCounter]
    
45. cmp eax,[OBJRepeatTime]
    
46. pop rax
    
47. jb ObjRepeatHook
    
48. mov [ObjRepeatCounter],0
    
49. jmp ShootobjX_Addr+35
    
50. yxes_exit:
    
51. readmem(ShootobjX_Addr,10)
    
52. jmp ShootobjX_Addr+A
    
53. ShootobjX_Addr:
    
54. jmp ObjRepeatHook
    
55. 
    
56. [DISABLE]
    
57. ShootobjX_Addr:
    
58. readmem(ShootobjX_og,10)
    
59. 
    
60. dealloc(*)
    
61. unregistersymbol(*)

複製代碼

---

作者: yxes    時間: 2024-10-14 12:38
what skills?

---

作者: elloco22    時間: 2024-10-14 13:05

yxes 發表於 2024-10-14 12:38
what skills?

特定技能 shootobj

---

作者: yxes    時間: 2024-10-14 17:33
i'll do this tomorrow

---

作者: yxes    時間: 2024-10-26 05:36
i did not test it. i am GMS player, I don't have access to TWMS game.

---

作者: btb    時間: 2024-10-26 11:08
[ENABLE]
registersymbol(SbjRepeatCounter)
registersymbol(SbjRepeatTime)
alloc(SbjRepeatHook,2048,MapleStory.exe)
alloc(SbjRepeatTime,24,MapleStory.exe)
alloc(SbjRepeatCounter,24,MapleStory.exe)
label(exit)

SbjRepeatTime:
db 0

SbjRepeatHook:
mov rdx,r13
lea rcx,[rbp+00000110]
call 144C7C0F0
lea rcx,[rbp+10]
mov [rsp+28],rcx
mov [rsp+20],rax
mov r9d,ebx
mov edi,[rbp-7C]
mov r8d,edi
mov edx,esi
mov rcx,[rbp-30]
call 144D49CA0
push rax
inc [SbjRepeatCounter]
cmp eax,[SbjRepeatTime]
pop rax
jb SbjRepeatHook
mov [SbjRepeatCounter],0
jmp 144C02375

exit:
mov rdx,r13
lea rcx,[rbp+00000110]
jmp 144C0234E



144C02344:
jmp SbjRepeatHook
db 90 90 90 90 90


[DISABLE]
144C02344:
mov rdx,r13
lea rcx,[rbp+00000110]


補充內容 (2024-10-26 12:05):
錯誤數據

---

作者: btb    時間: 2024-10-26 11:10

yxes 發表於 2024-10-26 05:36
i did not test it. i am GMS player, I don't have access to TWMS game.

I followed the script you gave me to correct a few errors in the TMS.

[ENABLE]
registersymbol(SbjRepeatCounter)
registersymbol(SbjRepeatTime)
alloc(SbjRepeatHook,2048,MapleStory.exe)
alloc(SbjRepeatTime,24,MapleStory.exe)
alloc(SbjRepeatCounter,24,MapleStory.exe)
label(exit)

SbjRepeatTime:
db 0

SbjRepeatHook:
mov rdx,r13
lea rcx,[rbp+00000110]
call 144C7C0F0
lea rcx,[rbp+10]
mov [rsp+28],rcx
mov [rsp+20],rax
mov r9d,ebx
mov edi,[rbp-7C]
mov r8d,edi
mov edx,esi
mov rcx,[rbp-30]
call 144D49CA0
push rax
inc [SbjRepeatCounter]
cmp eax,[SbjRepeatTime]
pop rax
jb SbjRepeatHook
mov [SbjRepeatCounter],0
jmp 144C02375

exit:
mov rdx,r13
lea rcx,[rbp+00000110]
jmp 144C0234E



144C02344:
jmp SbjRepeatHook
db 90 90 90 90 90


[DISABLE]
144C02344:
mov rdx,r13
lea rcx,[rbp+00000110]

補充內容 (2024-10-26 11:51):
exit:
mov rdx,r13
lea rcx,[rbp+00000110]
jmp 144C0234E
這段可以刪掉

補充內容 (2024-10-26 12:08):
此數據為錯誤數據

---

作者: yxes    時間: 2024-10-26 15:31
yes i made it complicated on purpose. for fun here is simple:

1. [ENABLE]
   
2. //yxes TWMS265.4
   
3. //Shootobj Multiplier
   
4. //ObjRepeatFlag = 1 = ON
   
5. //ObjRepeatFlag = 0 = OFF
   
6. //OBJRepeatTime = # Multiple Cast
   
7. 
   
8. alloc(ObjRepeatHook,2048,0x140000000)
   
9. alloc(OBJRepeatTime,24,0x140000000)
   
10. alloc(OBJRepeatFlag,24,0x140000000)
    
11. alloc(OBJRepeatCounter,24,0x140000000)
    
12. alloc(ShootobjX_og,10,0x140000000)
    
13. define(ShootobjX_Addr,0x144C02344)
    
14. registersymbol(ShootobjX_Addr)
    
15. registersymbol(OBJRepeatFlag)
    
16. registersymbol(OBJRepeatTime)
    
17. registersymbol(ShootobjX_og)
    
18. 
    
19. ObjRepeatTime:
    
20. db 0
    
21. 
    
22. ShootobjX_og:
    
23. readmem(ShootobjX_Addr,10)
    
24. 
    
25. ObjRepeatHook:
    
26. mov rdx,r13
    
27. lea rcx,[rbp+00000110]
    
28. call 144C7C0F0
    
29. lea rcx,[rbp+10]
    
30. mov [rsp+28],rcx
    
31. mov [rsp+20],rax
    
32. mov r9d,ebx
    
33. mov edi,[rbp-7C]
    
34. mov r8d,edi
    
35. mov edx,esi
    
36. mov rcx,[rbp-30]
    
37. call 144D49CA0
    
38. mov rbx,[rbp+18]
    
39. push rax
    
40. inc [OBJRepeatCounter]
    
41. cmp eax,[OBJRepeatTime]
    
42. pop rax
    
43. jb ObjRepeatHook
    
44. mov [ObjRepeatCounter],0
    
45. jmp ShootobjX_Addr+35
    
46. 
    
47. ShootobjX_Addr:
    
48. jmp ObjRepeatHook
    
49. 
    
50. [DISABLE]
    
51. ShootobjX_Addr:
    
52. readmem(ShootobjX_og,10)
    
53. 
    
54. dealloc(*)
    
55. unregistersymbol(*)

複製代碼

---

作者: yxes    時間: 2024-10-26 15:32

yxes 發表於 2024-10-26 15:31
yes i made it complicated on purpose. for fun  here is simple:

remove:
alloc(OBJRepeatFlag,24,0x140000000)
registersymbol(OBJRepeatFlag)

---

作者: gmsplayer01    時間: 2024-10-26 17:59

1. //gms v254.1
   
2. //Shootobj Multiplier
   
3. //yxes
   
4. 
   
5. [ENABLE]
   
6. alloc(ObjRepeatHook,2048,144535A3E)
   
7. alloc(OBJRepeatTime,24,144535A3E)
   
8. alloc(OBJRepeatCounter,24,144535A3E)
   
9. registersymbol(OBJRepeatTime)
   
10. registersymbol(OBJRepeatCounter)
    
11. 
    
12. OBJRepeatTime:
    
13. db #3
    
14. 
    
15. ObjRepeatHook:
    
16. mov rdx,r14
    
17. lea rcx,[rbp+000000B8]
    
18. call 1445BB910
    
19. lea rcx,[rbp+08]
    
20. mov [rsp+28],rcx
    
21. mov [rsp+20],rax
    
22. mov r9d,r13d
    
23. mov edi,[rbp-78]
    
24. mov r8d,edi
    
25. mov edx,esi
    
26. mov rcx,[rbp-60]
    
27. call 14467E300
    
28. mov rbx,[rbp+10]
    
29. push rax
    
30. inc [OBJRepeatCounter]
    
31. cmp eax,[OBJRepeatTime]
    
32. pop rax
    
33. jb ObjRepeatHook
    
34. mov [OBJRepeatCounter],0
    
35. jmp 144535A3E+35
    
36. 
    
37. 144535A3E:
    
38. jmp ObjRepeatHook
    
39. db 90 90 90 90 90
    
40. 
    
41. [DISABLE]
    
42. 144535A3E:
    
43. mov rdx,r14
    
44. lea rcx,[rbp+000000B8]
    
45. 
    
46. dealloc(*)
    
47. unregistersymbol(*)

複製代碼

appreciate it but doesn't even work on gms
谢谢 但在国际服也用不了

補充內容 (2024-10-26 18:03):
tested on archer arrow blow
尝试了弓箭手1阶断魂箭

OBJRepeatTime = 5 straight ended up laggy and crashed
OBJRepeatTime = 5 直接卡死然后炸了

---

作者: yxes    時間: 2024-10-27 10:09
i thought only post reader can see it. didn't mean to make the script public
gms works

補充內容 (2024-10-27 10:09):
post maker*

---

歡迎光臨 冰楓論壇 (https://bingfong.com/)

Powered by 冰楓