pointers :

unlimited attack:
address: 75b51c offset: e60

no breath:
address: 75b51c offset: 254

speed attack:
address: 75b51c offset: 264

item x:
address: 75b51c offset: 390
disconnects if you freeze it over vaced monsters.

item y:
address:: offset: 394
disconnects if you freeze it over vaced monsters.

wall - bottom:
address: 75ac34 offset: 10
freeze this at -1000000 to go to the top of a map.

wall - top:
address: 75ac34 offset: 8

wall - left:
address: 754ac34 offset: 4

wall - right:
address: 754ac34 offset: c

registry hacks :

lag hack zf [x][x]:

address: 006589c7

fullx godmode zf[x][ ]:

address: 616f73

no activation godmode zf[x][ ]:

address: 00629585

super tubi zf[x][x]:

address: 487ec8

swear filter zf[x][ ]:

address: 451ca2

unrandomizer eax[0-9]:
address: 6af75d

cs eax x eax:
address: 65c5f0

cs eax y eax:
address: 65c655

shadow partner zf[x][ ]:

address: 00615228

dark sight zf[x][ ]:

address: 617067

miss godmode zf[x][ ]:

address: 6295cf

ss eax x eax:
address: 658956

ss eax y eax:
address: 65897d

speed walk zf[x][ ]:

address: 6596f4

unlimited jump zf[x][ ]:

address: 658fde

levitate zf[x][x]:
address: 659d25

speed attack eax[1-9]:

43166a

fast attack eax[1-9]:

address: 430628

glide zf[x][ ]:
address: 6591cb

crash maplestory eip[0]:

address: 6af75d

dupex eip:
address: 65b58a
65b584

dupex (monsters stay):

code:
alloc(findcharacteraddress, 1024)
alloc(listoffset, 4)
alloc(esilist, 1024)
alloc(dupexvac, 1024)
alloc(edivalue, 4)
label(endsearch)
label(compareoffset)
label(storeesi)
label(donormal)
findcharacteraddress:
mov [esi+114],edi
push eax
push ebx
push ecx
push edx
mov eax,0
mov ebx,listoffset
mov ecx,esilist
mov edx,edivalue
compareoffset:
cmp eax,[ebx]
je storeesi
cmp esi,[ecx+eax*4]
je endsearch
inc eax
jmp compareoffset
storeesi:
mov [ecx+eax*4],esi
inc eax
mov [ebx],eax
mov [edx],edi
endsearch:
pop edx
pop ecx
pop ebx
pop eax
jmp 65b590

dupexvac:
push eax
push ebx
push ecx
mov ebx,[listoffset]
dec ebx
mov ecx,esilist
mov eax,[ecx+ebx*4]
cmp esi,eax
je donormal
mov edi,[edivalue]
donormal:
mov [esi+114],edi
pop eax
pop ebx
pop ecx
jmp 65b590

dupex (monsters follow you):

code:
alloc(findcharacteraddress, 1024)
alloc(listoffset, 4)
alloc(esilist, 1024)
alloc(dupexvac, 1024)
alloc(edivalue, 4)
label(endsearch)
label(compareoffset)
label(storeesi)
label(donormal)
findcharacteraddress:
mov [esi+114],edi
push eax
push ebx
push ecx
push edx
mov eax,0
mov ebx,listoffset
mov ecx,esilist
mov edx,edivalue
compareoffset:
cmp eax,[ebx]
je storeesi
cmp esi,[ecx+eax*4]
je endsearch
inc eax
jmp compareoffset
storeesi:
mov [ecx+eax*4],esi
inc eax
mov [ebx],eax
mov [edx],edi
endsearch:
pop edx
pop ecx
pop ebx
pop eax
jmp 65b590

dupexvac:
push eax
push ebx
push ecx
mov ebx,[listoffset]
dec ebx
mov ecx,esilist
mov eax,[ecx+ebx*4]
cmp esi,eax
je donormal
mov edi,[eax+114]
donormal:
mov [esi+114],edi
pop eax
pop ebx
pop ecx
jmp 65b590

credits:
jaku: everything exept wall pointers, dupex, godmode.
xjleex: for wall pointers and eax.
me: for editing old dupex addresses(i don't really take credits... just changed
the jmp).

message to mods:
i know this has been posted before but i think mine are pretty clear.

itemvac:
step 1: go to memory view.
step 2: copy that code:
alloc(code, 1024)

code: //48e9f4
pushad
mov ecx, [ebp+8]
mov ebx, [ebp-24]
mov [ecx], ebx
mov [ecx+4], eax
mov ecx, eax
mov eax, ebx

lea edx, [eax-19]

mov [ebp-34], edx
lea edx, [ecx-32]
add eax, 19
add ecx, a
mov [ebp-30], edx
mov [ebp-2c], eax
mov [ebp-28], ecx
popad

push eax
jmp 48e9f5

step 3: press ctrl + a (in memory view - auto assemble) and paste there the code.

step 4: press "write code". remember the first 4 numbers (xxxx0000) - xxxx =
numbers /+ letters.

step 4: press ctrl +g (in memory view - "go to address").

step 5: put there that code: 48e9f4

step 6: right mouse click and "change register at this location".

step 7: tick eip box and put there the xxxx0000 (again xxxx are the
numbers/+ letters you've remembered).

step 8: press ok!

uber vac:
setting up uber vac - credits to - <--much better than regular cs eax
1. go to auto assembler, and put in this script.

quote:

[enable]

registersymbol(uberx)
registersymbol(ubery)
alloc(ubery,64)
alloc(chary,16)
alloc(uberx,64)
alloc(charx,16)
uberx:
push eax
mov eax, [76254c]
lea eax, [eax+390]
cmp ebx, eax
je charx
mov eax, [eax]
mov [ebx], eax
pop eax
jmp 0065ef4a

charx:
pop eax
mov [ebx], eax
jmp 0065ef4a

ubery:
push eax
mov eax, [76254c]
lea eax, [eax+394]
cmp edi, eax
je chary
mov eax, [eax]
mov [edi], eax
pop eax
jmp 0065efaf

chary:
pop eax
mov [edi], eax
jmp 0065efaf

[disable]
unregistersymbol(uberx)
unregistersymbol(ubery)
dealloc(ubery)
dealloc(chary)
dealloc(uberx)
dealloc(charx)

1.don't click write code. instead, go file and then assign to current cheat table.
2. go back to main ce window and freeze "auto assemble cheat"
3.add address manually and in the address box type in uberx <----- exactly like
that.
4.do the same but type in ubery.
5.in memory view go to address 65ef48 .
6.in the address 65ef48 tick eip and add in whatever the address of uberx is on
the main ce window. press ok.
7.repeat steps 7-8 but go to address 65efad and add in the address of ubery after
you tick eip.
8.there you are cseax'ing but with "moveability" and increased monster kills

4c. using cs eax with sins/bowmans and spearman if needed.

1. set up basic cs eax.
2. go to your settings and change your freeze interval to 500-1
3. freeze your character x, and change the value minus 20-30 or +20-30

1. copy this demi vac script.

[enable]
alloc(newmemx,64)
alloc(newmemy,64)
newmemx:
mov edx,[76254c]
lea edx,[edx+390]
mov ecx,[edx]
jmp 00514c54
newmemy:
mov edx,[76254c]
lea edx,[edx+394]
lea eax,[edx]
jmp 00514c5a
00514c4e:
jmp newmemx
nop
nop
nop
nop
00514c54:
jmp newmemy
nop
nop
nop
nop
00514c5a:
mov eax,[eax]
nop
alloc(code, 1024)
code: //48e9f4
pushad
mov ecx, [ebp+8]
mov ebx, [ebp-24]
mov [ecx], ebx
mov [ecx+4], eax
mov ecx, eax
mov eax, ebx
lea edx, [eax-19]
mov [ebp-34], edx
lea edx, [ecx-32]
add eax, 19
add ecx, a
mov [ebp-30], edx
mov [ebp-2c], eax
mov [ebp-28], ecx
popad
push eax
jmp 48e9f5
[disable]
00514c4e:
mov ecx,[ebx+00000390]
lea eax,[ebx+00000390]
mov eax,[eax+04]
dealloc(newmemx)
dealloc(newmemy)
2. now go to memory view, go to the auto-assembler and paste the script.
3. now go file and then assign to current cheat table.
4. now click write code.
5. you will see something like this
newmemx=xxxxxxxx
newmemy=xxxxxxxx
code=xxxx0080
6. remember the 8 digit number after code.
7. go to adresse 48e9f4, right click on it and click change register at this
location.
8. tick the eip box and then enter in the 8 digit code you remembered. press ok.

dem vac

[enable]
alloc(newmemx,64)
alloc(newmemy,64)

newmemx:
mov edx,[76254c]
lea edx,[edx+390]
mov ecx,[edx]
jmp 00514c54

newmemy:
mov edx,[76254c]
lea edx,[edx+394]
lea eax,[edx]
jmp 00514c5a

00514c4e:
jmp newmemx
nop
nop
nop
nop

00514c54:
jmp newmemy
nop
nop
nop
nop

00514c5a:
mov eax,[eax]
nop

[disable]
00514c4e:
mov ecx,[ebx+00000390]
lea eax,[ebx+00000390]
mov eax,[eax+04]
dealloc(newmemx)
dealloc(newmemy)