Home › Forum › MultiPlayer Game Hacks & Cheats › Other MMORPG Hacks › FlyFF Hacks › mithsi flyff {range, teleport, bot}
mithsi flyff {range, teleport, bot}
mithsi flyff {range, teleport, bot}
1 - open game or cheat as admin order does not matter.
2 - when ur logged in to world, then start using cheat
virus scans:
https://www.metascan-online.com/#!/r...241d/extracted
https://virusscan.jotti.org/en-US/fi...job/vlo7lrmojy
2 - when ur logged in to world, then start using cheat
Code:
; +-----------------------------------------------------------------+ ; | mitshi flyff v18 range and teleport coded in asm by: lava | ; | requested by dota2_05301998 and winterfall on mpgh | ; | started project on: 8.28.2015(m.d.y) | ; | if you want to donate to lava: | ; | BTC: 19X7KKkMZsu4dLC3wd93N3UHiDJdomb6Vd | ; +-----------------------------------------------------------------+ .386 .model flat, stdcall option casemap :none system proto c :dword printf proto c :vararg include windows.inc include user32.inc include kernel32.inc include masm32.inc includelib msvcrt.lib includeLib user32.lib includeLib kernel32.lib includelib masm32.lib .data hellomsg db "mitshi flyff v18 tools coded in asm by: lava ^^", 0Dh, 0Ah, "source code: http://www.mpgh.net/forum/showthread.php?t=1028505", 0Dh, 0Ah, 0 cmd1 db "PAUSE", 0 cmd2 db "CLS", 0 menu_items db "1 - range : 0FF", 0Dh, 0Ah, "2 - shift + mouse click teleport : OFF", 0Dh, 0Ah, "3 - bot : 0FF", 0Dh, 0Ah, "4 - attack skill : 0F", 0dh, 0ah, "5 - exit", 0Dh, 0Ah, "toggle# ", 0 skills_to_use db "OF", 0, "F1", 0, "F2", 0, "F3", 0, "F4", 0, "F5", 0, "F6", 0, "F7", 0, "F8", 0, "F9", 0, "left and right arrow keys to move, press delete to activate", 0 skills_to_activate dd 70h, 71h, 72h, 73h, 74h, 75h, 76h, 77h, 78h skills_index dd 0 draw_skills db "%c %s %c ", 0 nl db 0Dh, 0Ah, 0Dh, 0Ah, 0 bo_range db 0 bo_teleport db 0 bo_bot db 0 b_skill db 0 bbuffer db 1 loadingmsg db "waiting for mitshi flyff", 0Dh, 0Ah, 0 windowname db "Mitshi Flyff v18", 0 failedmsg db "you dont have enough privileges to edit memory", 0Dh, 0Ah, 0 failedmsg2 db "theres no free clients", 0Dh, 0Ah, 0 neuz_add db "neuz: ", 0 hwnd HWND ? pid dd ? hproc HANDLE ? me32 MODULEENTRY32 <> ckernel32_dll db "kernel32.dll", 0 cmodule32first db "Module32First", 0 dw_neuz dd ? ; range variables dw_range dd ? dw_range_val dd ? dw_range_all dd ? dw_pointed dd ? ; teleport variables dw_x_click dd ? dw_y_click dd ? dw_z_click dd ? dw_x_local_player dd ? dw_x_local_player_point dd ? dw_y_local_player_point dd ? dw_z_local_player_point dd ? dw_x dd ? dw_y dd ? dw_z dd ? ; bot variables dw_select dd ? dw_select_val dd ? dw_target_logging dd ? b_log_targets db 89h, 05h, 38h, 57h, 9dh, 00h dw_target dd ? dw_target_val dd 0 camera_x dd 0 dw_camera_start dd 1145228751 dw_is_att dd ? dw_is_att_point dd ? dw_camera_x dd ? dw_camera_z dd ? b4_camera_z_val db 80h, 69h, 08h, 42h dw_isused dd ? snapshot dd ? bytes_to_write db 0EBh, 7Fh, 77h, 00h, 90h, 90h, 75h, 12h dw_range_section dd 6 dw_old_range_section dd ? dw_null dd 0 dw_used dd ? dw_write_used dd 10h result db 4 DUP(?) .code start: ; setting fancy title ^^ push offset hellomsg call SetConsoleTitle ; loading mitshi flyff v18 ---| push offset loadingmsg call StdOut findwindow_loop: push 100 call Sleep push offset windowname push 0 call FindWindow test eax, eax je findwindow_loop mov hwnd, eax push offset pid push eax call GetWindowThreadProcessId push pid push 0 push [8h + 10h + 20h] ; PROCESS_VM_OPERATION + PROCESS_VM_READ + PROCESS_VM_WRITE call OpenProcess test eax, eax je end_failed mov hproc, eax call get_neuz mov dw_neuz, eax ; checking if client is used by another bot mov dw_isused, eax add dw_isused, 71DB38h push 0 push 4 push offset dw_used push dw_isused push hproc call ReadProcessMemory cmp dw_used, 10h je end_used_Already ;push 0 ;push 4 ;push offset dw_write_used ;push dw_isused ;push hproc ;call WriteProcessMemory mov eax, dw_neuz ; setting addresses to edit ; filling range variables mov dw_range, eax add dw_range, 28324Dh mov ecx, dw_range mov dw_range_val, ecx add dw_range_val, [4Fh +7] mov dw_range_all, eax add dw_range_all, 283521h ; filling teleport variables mov dw_x_click, eax add dw_x_click, 5DB6E4h mov dw_y_click, eax add dw_y_click, 5DB6E8h mov dw_z_click, eax add dw_z_click, 5DB6ECh mov dw_x_local_player, eax add dw_x_local_player, 5E40B8h ; needs to be pointed and + 160h ; filling bot variables mov dw_select, eax add dw_select, 5E7D68h mov dw_target_logging, eax add dw_target_logging, 2ECE10h mov dw_is_att, eax add dw_is_att, 5E40B8h mov dw_camera_x, eax add dw_camera_x, 5E5384h mov dw_camera_z, eax add dw_camera_z, 5E53B0h push 0 push 0 push 0 push offset teleport_thread push 0 push 0 call CreateThread push 0 push 0 push 0 push offset bot_thread push 0 push 0 call CreateThread ; ----------------------------| begin: push offset cmd2 call system call print_menu push 1 push offset bbuffer call StdIn cmp bbuffer, 31h je toggle_range cmp bbuffer, 32h je toggle_teleport cmp bbuffer, 33h je toggle_bot cmp bbuffer, 34h je change_skill cmp bbuffer, 35h jne begin mov dw_write_used, 12h push 0 push 4 push offset dw_write_used push dw_isused push hproc call WriteProcessMemory jmp end_process print_menu: push offset hellomsg call StdOut ; http://www.winasm.net/forum/index.php?showtopic=601 push offset result push dw_neuz call dw2hex push offset neuz_add call StdOut push offset result call StdOut push offset nl call StdOut push offset menu_items call StdOut ret toggle_range: call intwice lea eax, menu_items cmp bo_range, 0 je range_enable ; disabling range mov bo_range, 0 mov byte ptr [eax + 17], 46h mov byte ptr [eax + 18], 46h ; rolling back range push 0 push 1 push [offset bytes_to_write +2] push dw_range push hproc call WriteProcessMemory push 0 push 1 push [offset bytes_to_write +3] push dw_range_val push hproc call WriteProcessMemory ; for all push 0 push 2 push [offset bytes_to_write +6] push dw_range_all push hproc call WriteProcessMemory jmp begin range_enable: ; enabling range like title says mov bo_range, 1 mov byte ptr [eax + 17], 4Eh mov byte ptr [eax + 18], 20h ; editing range push 0 push 1 push offset bytes_to_write push dw_range push hproc call WriteProcessMemory push 0 push 1 push [offset bytes_to_write +1] push dw_range_val push hproc call WriteProcessMemory ; for all push 0 push 2 push [offset bytes_to_write +4] push dw_range_all push hproc call WriteProcessMemory jmp begin toggle_teleport: call intwice lea eax, menu_items cmp bo_teleport, 0 je teleport_enable ; disabling teleport mov bo_teleport, 0 mov byte ptr [eax + 61], 46h mov byte ptr [eax + 62], 46h jmp begin teleport_enable: ; enabling teleport mov bo_teleport, 1 mov byte ptr [eax + 61], 4Eh mov byte ptr [eax + 62], 20h push 0 push 4 push offset dw_x_local_player_point push dw_x_local_player push hproc call ReadProcessMemory mov eax,dw_x_local_player_point ; y mov dw_y_local_player_point, eax add dw_y_local_player_point, 164h ; z mov dw_z_local_player_point, eax add dw_z_local_player_point, 168h ; x add dw_x_local_player_point, 160h jmp begin toggle_bot: call intwice lea eax, menu_items cmp bo_bot, 0 je enable_bot ; disabling bot mov bo_bot, 0 mov byte ptr [eax + 80], 46h mov byte ptr [eax + 81], 46h jmp begin enable_bot: ; enabling bot mov bo_bot, 1 mov byte ptr [eax + 80], 4Eh mov byte ptr [eax + 81], 20h push 0 push 6 push offset b_log_targets push dw_target_logging push hproc call WriteProcessMemory push 0 push 4 push offset b4_camera_z_val push dw_camera_z push hproc call WriteProcessMemory jmp begin change_skill: call intwice jmp print_skills ; mov byte ptr [eax + 80 +28], 4Eh change_skills_end: push offset nl call StdOut lea eax, skills_to_use add eax, esi add eax, esi add eax, esi push eax call StdOut gettinginput: push 27h ; VK_RIGHT call GetAsyncKeyState cmp ax, 8001h jne gettinginput_1 cmp skills_index, 9 je gettinginput_nothing inc skills_index call print_skills jmp gettinginput_nothing gettinginput_1: push 25h ; VK_LEFT call GetAsyncKeyState cmp ax, 8001h jne gettinginput_2 cmp skills_index, 0 je gettinginput_nothing dec skills_index call print_skills jmp gettinginput_nothing gettinginput_2: push 2Eh ; VK_DELETE call GetAsyncKeyState cmp ax, 8001h jne gettinginput_nothing lea esi, skills_to_use add esi, skills_index add esi, skills_index add esi, skills_index mov cl, byte ptr [esi] mov ch, byte ptr [esi +1] lea eax, menu_items mov byte ptr [eax + 107], cl mov byte ptr [eax + 108], ch jmp begin gettinginput_nothing: push 10 call Sleep jmp gettinginput print_skills: push offset cmd2 call system mov esi, 0 skills_loop: cmp esi, 10 je change_skills_end lea eax, skills_to_use add eax, esi add eax, esi add eax, esi cmp esi, skills_index je right_index push 20h push eax push 20h jmp skills_loop_end right_index: push 5Dh push eax push 5Bh skills_loop_end: push offset draw_skills call printf inc esi jmp skills_loop intwice: push 1 push offset bbuffer call StdIn push 1 push offset bbuffer call StdIn ret ; damn usefull https://en.wikibooks.org/wiki/X86_Disassembly/Functions_and_Stack_Frames get_neuz: push pid push 8 ; TH32CS_SNAPMODULE call CreateToolhelp32Snapshot mov snapshot, eax mov ecx, SIZEOF me32 mov me32.dwSize, ecx push offset ckernel32_dll call GetModuleHandle push offset cmodule32first push eax call GetProcAddress push offset me32 push snapshot call eax mov eax, me32.modBaseAddr ret end_used_Already: push offset failedmsg2 call StdOut jmp end_process end_failed: push offset failedmsg call StdOut jmp end_process ; end program end_process: push offset cmd1 call system push 0 call ExitProcess teleport_thread: cmp bo_teleport, 1 jne nothing ; shift + mouse clikc teleport system push 10h call GetAsyncKeyState cmp ax, 8000h jne nothing push 1 call GetAsyncKeyState cmp ax, 8001h jne nothing ;shift + lbutton is clicked = gonna write new local player pos ;reading click value but befor sleeping to sync ;push 100 ;call Sleep read_again: push 0 push 4 push offset dw_x push dw_x_click push hproc call ReadProcessMemory cmp dw_x, 0 je read_again push 0 push 4 push offset dw_y push dw_y_click push hproc call ReadProcessMemory add dw_y, 300000 push 0 push 4 push offset dw_z push dw_z_click push hproc call ReadProcessMemory ; writing got value push 0 push 4 push offset dw_x push dw_x_local_player_point push hproc call WriteProcessMemory push 0 push 4 push offset dw_y push dw_y_local_player_point push hproc call WriteProcessMemory push 0 push 4 push offset dw_z push dw_z_local_player_point push hproc call WriteProcessMemory push 0 push 4 push offset dw_null push dw_x_click push hproc call WriteProcessMemory nothing: push 10 call Sleep jmp teleport_thread get_select: ;push 0 ;push 4 ;push offset dw_select_val ;push dw_select ;push hproc ;call ReadProcessMemory ;add dw_select_val, 20h ;push 0 ;push 4 ;push offset dw_select_val ;push dw_select_val ;push hproc ;call ReadProcessMemory ;mov eax, dw_select_val push 0 push 4 push offset dw_is_att_point push dw_is_att push hproc call ReadProcessMemory add dw_is_att_point, 3F0h push 0 push 4 push offset dw_is_att_point push dw_is_att_point push hproc call ReadProcessMemory mov eax, dw_is_att_point ret set_select: push 0 push 4 push offset dw_select_val push dw_select push hproc call ReadProcessMemory add dw_select_val, 20h push 0 push 4 push offset dw_target_val push dw_select_val push hproc call WriteProcessMemory ret simulate_attack_key: cmp skills_index, 0 je simulate_attack_key_end mov esi, skills_index dec esi push 0 ; MAPVK_VK_TO_VSC push [skills_to_activate + esi] call MapVirtualKey push eax push [skills_to_activate + esi] push 100h ; WM_KEYDOWN push hwnd call PostMessage simulate_attack_key_end: ret rot_camera: push 0 push 4 push offset camera_x push dw_camera_x push hproc call ReadProcessMemory cmp camera_x, 1135000000 jg make_camera_x_zero add camera_x, 60000 jmp end_of_camera_rot make_camera_x_zero: push 0 push 4 push offset dw_camera_start push dw_camera_x push hproc call WriteProcessMemory ret end_of_camera_rot: push 0 push 4 push offset camera_x push dw_camera_x push hproc call WriteProcessMemory ret bot_thread: cmp bo_bot, 0 je end_of_bot call get_select cmp eax, 5 je end_of_bot call rot_camera mov eax, dw_neuz mov dw_target, eax add dw_target, 5D5738h push 0 push 4 push offset dw_target_val push dw_target push hproc call ReadProcessMemory cmp dw_target_val, 100000000 jge end_of_bot call set_select call simulate_attack_key end_of_bot: push 10 call Sleep jmp bot_thread end start
https://www.metascan-online.com/#!/r...241d/extracted
https://virusscan.jotti.org/en-US/fi...job/vlo7lrmojy
Approved. 
Thanks for sharing.
Thanks for sharing.
thanks for this dude! btw it hangs when i use the bot?
@Yamiez theres only one function working and it is teleporting. its your choice to mark it as patched or nop ^^. updating it on next week.
Similar Threads
- 19Last post
- 8Last post
- 5Last post
- 3Last post
- Help teleport bot to bullettrace origin??By xballox in Call of Duty Black Ops GSC Modding Help & Discussion0Last post