Home › Forum › MultiPlayer Game Hacks & Cheats › Other MMORPG Hacks › FlyFF Hacks › Mitshi Flyff v18 range + teleport + source
Mitshi Flyff v18 range + teleport + source
Mitshi Flyff v18 range + teleport + source
open cheat as admin or game fisrt, order does not matter
source code
virus scans:
https://www.metascan-online.com/#!/r...5a54/extracted
https://virusscan.jotti.org/en-US/fi...job/06plw5kjtf
source code
Code:
; +-----------------------------------------------------------------+ ; | mitshi flyff v18 range and teleport coded in asm by: lava | ; | requested by dota2_05301998 on mpgh | ; | started project on: 8.28.2015(m.d.y) | ; | if you want to donate to lava: | ; | BTC: 19X7KKkMZsu4dLC3wd93N3UHiDJdomb6Vd | ; +-----------------------------------------------------------------+ .386 .model flat, stdcall option casemap :none system proto c :dword include windows.inc include user32.inc include kernel32.inc include masm32.inc includelib msvcrt.lib includeLib user32.lib includeLib kernel32.lib includelib masm32.lib .data hellomsg db "mitshi flyff v18 tools coded in asm by: lava ^^", 0Dh, 0Ah, "source code: http://www.mpgh.net/forum/showthread.php?t=1016896", 0Dh, 0Ah, 0 cmd1 db "PAUSE", 0 cmd2 db "CLS", 0 menu_items db "1 - range : 0FF", 0Dh, 0Ah, "2 - shift + mouse click teleport : OFF", 0Dh, 0Ah, "enter - exit", 0Dh, 0Ah, "toggle# ", 0 nl db 0Dh, 0Ah, 0Dh, 0Ah, 0 bo_range db 0 bo_teleport db 0 bbuffer db 1 loadingmsg db "waiting for mitshi flyff", 0Dh, 0Ah, 0 windowname db "Mitshi Flyff v18", 0 failedmsg db "you dont have enough privileges to edit memory", 0Dh, 0Ah, 0 neuz_add db "neuz: ", 0 hwnd HWND ? pid dd ? hproc HANDLE ? me32 MODULEENTRY32 <> ckernel32_dll db "kernel32.dll", 0 cmodule32first db "Module32First", 0 dw_neuz dd ? ; range variables dw_range dd ? dw_range_all dd ? dw_pointed dd ? dw_brange_all dd ? ; teleport variables dw_x_click dd ? dw_y_click dd ? dw_z_click dd ? dw_x_local_player dd ? dw_x_local_player_point dd ? dw_y_local_player_point dd ? dw_z_local_player_point dd ? dw_x dd ? dw_y dd ? dw_z dd ? snapshot dd ? bytes_to_write db 70h, 40h, 90h, 90h, 75h, 12h dw_range_section dd 6 dw_old_range_section dd ? result db 4 DUP(?) .code start: ; setting fancy title ^^ push offset hellomsg call SetConsoleTitle ; loading mitshi flyff v18 ---| push offset loadingmsg call StdOut findwindow_loop: push 100 call Sleep push offset windowname push 0 call FindWindow test eax, eax je findwindow_loop mov hwnd, eax push offset pid push eax call GetWindowThreadProcessId push pid push 0 push [8h + 10h + 20h] ; PROCESS_VM_OPERATION + PROCESS_VM_READ + PROCESS_VM_WRITE call OpenProcess test eax, eax je end_failed mov hproc, eax push pid call get_neuz mov dw_neuz, eax ; setting addresses to edit ; filling range variables mov dw_range, eax add dw_range, 2826F8h add dw_range, 7 mov dw_range_all, eax add dw_range_all, 5E74F4h ; needs to be pointed and + 138h mov dw_brange_all, eax add dw_brange_all, 282991h ; filling teleport variables mov dw_x_click, eax add dw_x_click, 5DA6E4h mov dw_y_click, eax add dw_y_click, 5DA6E8h mov dw_z_click, eax add dw_z_click, 5DA6ECh mov dw_x_local_player, eax add dw_x_local_player, 5E30B8h ; needs to be pointed and + 160h push 0 push 0 push 0 push offset teleport_thread push 0 push 0 call CreateThread ; ----------------------------| begin: push offset cmd2 call system call print_menu push 1 push offset bbuffer call StdIn cmp bbuffer, 31h je toggle_range cmp bbuffer, 32h je toggle_teleport jmp end_process print_menu: push offset hellomsg call StdOut ; http://www.winasm.net/forum/index.php?showtopic=601 push offset result push dw_neuz call dw2hex push offset neuz_add call StdOut push offset result call StdOut push offset nl call StdOut push offset menu_items call StdOut ret toggle_range: push 1 push offset bbuffer call StdIn push 1 push offset bbuffer call StdIn lea eax, menu_items cmp bo_range, 0 je range_enable ; disabling range mov bo_range, 0 mov byte ptr [eax + 17], 46h mov byte ptr [eax + 18], 46h ; rolling back basic push 0 push 1 push offset [bytes_to_write +1] push dw_range push hproc call WriteProcessMemory push 0 push 4 push offset dw_pointed push dw_range_all push hproc call ReadProcessMemory add dw_pointed, 54h push 0 push 4 push offset dw_pointed push dw_pointed push hproc call ReadProcessMemory ; bypassing jne using range weapon check push 0 push 2 push offset [bytes_to_write +4] push dw_brange_all push hproc call WriteProcessMemory add dw_pointed, 138h ; making it to read edited value push 0 push 4 push offset dw_old_range_section push dw_pointed push hproc call WriteProcessMemory jmp begin range_enable: ; enabling range like title says mov bo_range, 1 mov byte ptr [eax + 17], 4Eh mov byte ptr [eax + 18], 20h ; editing range push 0 push 1 push offset bytes_to_write push dw_range push hproc call WriteProcessMemory ; editing so all can use range push 0 push 4 push offset dw_pointed push dw_range_all push hproc call ReadProcessMemory add dw_pointed, 54h push 0 push 4 push offset dw_pointed push dw_pointed push hproc call ReadProcessMemory ; bypassing jne using range weapon check push 0 push 2 push offset [bytes_to_write +2] push dw_brange_all push hproc call WriteProcessMemory add dw_pointed, 138h push 0 push 4 push offset dw_old_range_section push dw_pointed push hproc call ReadProcessMemory ; making it to read edited value push 0 push 4 push offset dw_range_section push dw_pointed push hproc call WriteProcessMemory jmp begin toggle_teleport: push 1 push offset bbuffer call StdIn push 1 push offset bbuffer call StdIn lea eax, menu_items cmp bo_teleport, 0 je teleport_enable ; disabling teleport mov bo_teleport, 0 mov byte ptr [eax + 61], 46h mov byte ptr [eax + 62], 46h jmp begin teleport_enable: ; enabling teleport mov bo_teleport, 1 mov byte ptr [eax + 61], 4Eh mov byte ptr [eax + 62], 20h push 0 push 4 push offset dw_x_local_player_point push dw_x_local_player push hproc call ReadProcessMemory mov eax,dw_x_local_player_point ; y mov dw_y_local_player_point, eax add dw_y_local_player_point, 164h ; z mov dw_z_local_player_point, eax add dw_z_local_player_point, 168h ; x add dw_x_local_player_point, 160h jmp begin ; damn usefull https://en.wikibooks.org/wiki/X86_Disassembly/Functions_and_Stack_Frames get_neuz: push ebp mov ebp, esp sub esp, 0 mov ebx, [ebp + 8] ; first parameter push pid push 8 ; TH32CS_SNAPMODULE call CreateToolhelp32Snapshot mov snapshot, eax mov ecx, SIZEOF me32 mov me32.dwSize, ecx push offset ckernel32_dll call GetModuleHandle push offset cmodule32first push eax call GetProcAddress push offset me32 push snapshot call eax mov eax, me32.modBaseAddr mov esp, ebp pop ebp ret 4 end_failed: push offset failedmsg call StdOut jmp end_process ; end program end_process: push offset cmd1 call system push 0 call ExitProcess teleport_thread: cmp bo_teleport, 1 jne nothing ; shift + mouse clikc teleport system push 10h call GetAsyncKeyState cmp ax, 8000h jne nothing push 1 call GetAsyncKeyState cmp ax, 8000h jne nothing ;shift + lbutton is clicked = gonna write new local player pos ;reading click value but befor sleeping to sync push 100 call Sleep push 0 push 4 push offset dw_x push dw_x_click push hproc call ReadProcessMemory push 0 push 4 push offset dw_y push dw_y_click push hproc call ReadProcessMemory add dw_y, 300000 push 0 push 4 push offset dw_z push dw_z_click push hproc call ReadProcessMemory ; writing got value push 0 push 4 push offset dw_x push dw_x_local_player_point push hproc call WriteProcessMemory push 0 push 4 push offset dw_y push dw_y_local_player_point push hproc call WriteProcessMemory push 0 push 4 push offset dw_z push dw_z_local_player_point push hproc call WriteProcessMemory nothing: push 10 call Sleep jmp teleport_thread end start
https://www.metascan-online.com/#!/r...5a54/extracted
https://virusscan.jotti.org/en-US/fi...job/06plw5kjtf
Similar Threads
- 13Last post
- 3Last post
- AssaultCube v1.0.2 teleport hack,fly mode,teleport flag , with full source codeBy CodeHPro in Visual Basic Programming13Last post
Originally Posted by Bunbunbunz
think its outdated or something