Properly Hacking

Page 2 of 2 1 2
05/06/2008 16:11 daveq#16
Quote:
Originally Posted by Theorn View Post
For the multiclient address, I disassembled it with IDA Pro. postQuitMessage is the call the client makes when it closes, so I searched for that and traced back the code. I eventually found a statement PUSH 2 that was near references to the TQ_Conquer and English texts. I thought that might be it, so I loaded up conquer.exe in my hex editor and replaced the 02 at that address with a 03 and then I was able to open 3 clients but not 4, then I tried a few other values to confirm.

As for the directly patching the conquer.exe to bypass the "please run play.exe", I'd assume it could be done in much the same way as the popup removal, but I haven't tried that yet. I'll post an edit to this message or make a new message once I get a chance to look into it. I have 2 more final exams so I'll be spending my time studying for those instead of poking about abunch of ASM code(Actually one of my finals involves ASM code, but that doesn't count:p).
Thank you, its a step in the right direction...tho IDA and myself aren't exactly best friends yet..
05/06/2008 21:16 CheatMaster845#17
Quote:
Originally Posted by evulhotdog View Post
Haha, well its not as easy as he puts it, just because you read it, doesent mean your pro now. A lot of work goes into it trying to find addresses and such (especially debugging). Before you even try to attempt any of these things i suggest you learn the basics of how programs work / are coded, and then go onto the hacking.
Well done, you just insulted me? wow i barely noticed, anyway Unless you Mr.HighandMighty guys wanna teach me then go to hell.

Seriously, any teachers out there? - No? then leave me alone :D
05/07/2008 09:16 leavemealone#18
If you were hacking the Conquer.exe properly, you wouldn't be hex editing you would be Using ASM and debugging it etc.
05/07/2008 14:27 high6#19
Quote:
Originally Posted by Theorn View Post
Well NULL is just another word for the value zero in programming languages and is different than the text string "NULL", which is 4 characters. So I'd think replacing the address with "NULL" would just be passing the text string "NULL" into the system call instead of the web address. Assembly won't know that the text string "NULL" is supposed to be a zero. I just know that the way I did it, there is no way at all of it opening anything at all when it closes because it won't even try.

Anyway, I've just done a few experiemnts.
If you replace it with the value 0, then it opens the conquer directory, if you replace it with cmd.exe, it will open a command prompt. If you replace it with the word "pizza", "null", or anything else that is not in any of you system paths, then it will open nothing, but the system call is still done, it just doesn't find the string anywhere in the system path.

It works just like the function system() in C++, actually it IS the same function.
No, the function is [Only registered and activated users can see links. Click Here To Register...].
05/08/2008 17:37 leavemealone#20
yea high6 is right, you can find the shellexecute function being active in ASM while debugging the conquer.exe
05/09/2008 07:57 kenny812#21
uhmm...lol i dont understand how to bypass the autopatch, and if we bypass the auto patch, will the proxy's like CIDproxy work?
or what
Page 2 of 2 1 2