Conquer Loader [5102+]

Page 2 of 3

02/27/2009 14:10 μZane#16

It doesn't alter the login in any ways. Are you sure you weren't using CIDProxy before and now you have the decrypted server.dat file with local ips set?

02/27/2009 14:45 girlhush#17

patch 5105 released :p

02/27/2009 14:53 μZane#18

God damm it, how are they patching so fast now. lol

EDIT* Should be working now, tell me if it doesn't work.
EDIT** Added another function to this program, now you can just type /unequip to unequip your stuffs.

02/27/2009 18:27 Galactic#19

It works, Thanks:D

02/27/2009 19:23 orignaobet#20

5105 is released now so try it guys if it still works... if not we can update it for ya fellas

02/27/2009 21:04 Alexisppp12345#21

Hello there! If you can PM me the code or send it at [Only registered and activated users can see links. Click Here To Register...]

02/27/2009 23:06 _fobos_#22

Hmmm this kinda looks like my MASM loader with the unequip feature and all :p
anyway good job :)
since it looks very much like my unequip feature id like to see source :)
I mean not that making a couple calls is hard i just wonder if ur hooking to the unequip feature, or using writeprocessmemory to create a codecave and make a couple calls to unequip the items. :p

02/28/2009 00:13 μZane#23

Well for the unequip I just replaced the existing command "srcshot" or whatever it was with "unequip"

Code:

#include "stdafx.h"
#include <windows.h>
#include <iostream>

#pragma comment(lib, "User32.lib")


using namespace std;

void FillWithNops(HANDLE hwnd, UINT baseaddrs, int count);

int main(int argc, char* args) {
	
	STARTUPINFO* sInfo = new STARTUPINFO();
	PROCESS_INFORMATION* pInfo = new PROCESS_INFORMATION();

	HMODULE hInstance = GetModuleHandle(NULL);
	if(CreateProcess(L"Conquer.exe", NULL, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, sInfo, pInfo) == 0) {
		MessageBoxA(NULL, "Conquer.exe was not found, are you sure loader is in right folder?", "[Conquer Loader]", 0);
		return 0;
	}
	WaitForInputIdle(pInfo->hProcess, 0);

	//
	BYTE DirectRun[] = { 0xEB, 0x41 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00482B80, &DirectRun, sizeof(DirectRun), NULL); 

	BYTE DisableScanner[] = 
	{ 
		0x90, 0x90, 0x90, 0x90, 0x90,
		0x90, 0x90, 0x90, 0x90, 0x90,
		0x90, 0x90, 0x90, 0x90, 0x90,
		0x90, 0x90
	};

	//
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00482AE5, &DisableScanner, sizeof(DisableScanner), NULL);
    //
	BYTE DisablePopup[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00495C4F, &DisablePopup, sizeof(DisablePopup), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00495701, &DisablePopup, sizeof(DisablePopup), NULL);

	//
	BYTE HighJump[] = { 0xEB, 0x1E };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C63FD, &HighJump, sizeof(HighJump), NULL);

	//
	BYTE Multiclient[] = { 0x6A, 0x7F };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00484927, &Multiclient, sizeof(Multiclient), NULL);

	//
	BYTE EnableCommands[] = { 0xEB, 0x17 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C66FF, &EnableCommands, sizeof(EnableCommands), NULL);

	#pragma region /unequip

	BYTE DisableChecks[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A323, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A34B, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A373, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A39B, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A3C3, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A3EB, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A413, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A43B, &DisableChecks, sizeof(DisableChecks), NULL);

	BYTE Command[] = { 0x75, 0x6E, 0x65, 0x71, 0x75, 0x69, 0x70 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x005CB424, &Command, sizeof(Command), NULL);

	BYTE DisableLeftHand[] = { 0xEB, 0x1B };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004D43EF, &DisableLeftHand, sizeof(DisableLeftHand), NULL);

	BYTE CALLS[] =
	{
		0xE8, 0xA8, 0x3B, 0xF9, 0xFF,
		0xE8, 0xCB, 0x3B, 0xF9, 0xFF,
		0xE8, 0xEE, 0x3B, 0xF9, 0xFF,
		0xE8, 0x11, 0x3C, 0xF9, 0xFF,
		0xE8, 0x34, 0x3C, 0xF9, 0xFF,
		0xE8, 0x57, 0x3C, 0xF9, 0xFF,
		0xE8, 0x7A, 0x3C, 0xF9, 0xFF,
		0xE8, 0x9D, 0x3C, 0xF9, 0xFF,
	};
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C6774, &CALLS, sizeof(CALLS), NULL);
	FillWithNops(pInfo->hProcess, 0x004C679C, 52);

	#pragma endregion
	return EXIT_SUCCESS;
}
void FillWithNops(HANDLE hwnd, UINT baseaddr, int count) {
	BYTE NOP = 0x90;
	for(int i = 0; i < count; i++) {
		WriteProcessMemory(hwnd, (LPVOID)(baseaddr + i), &NOP, 1, NULL);
	}
}

You have to nop those checks inside each unequip function ,_, (one function per item, stupid TQ could have just taken the slot id as param, lol) I suppose it checks whether it was a custom call or actually a game call.

Anyways there's the code for it xD

03/01/2009 03:42 Migz1134#24

Good shit mr Uzane +K

03/01/2009 08:42 eldiablo#25

thank you μZane

+1 :)

03/01/2009 08:56 mohamed2085#26

Wtf...FailedTo start

03/01/2009 16:18 _fobos_#27

Quote:

Originally Posted by μZane

Well for the unequip I just replaced the existing command "srcshot" or whatever it was with "unequip"

Code:

#include "stdafx.h"
#include <windows.h>
#include <iostream>

#pragma comment(lib, "User32.lib")


using namespace std;

void FillWithNops(HANDLE hwnd, UINT baseaddrs, int count);

int main(int argc, char* args) {
	
	STARTUPINFO* sInfo = new STARTUPINFO();
	PROCESS_INFORMATION* pInfo = new PROCESS_INFORMATION();

	HMODULE hInstance = GetModuleHandle(NULL);
	if(CreateProcess(L"Conquer.exe", NULL, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, sInfo, pInfo) == 0) {
		MessageBoxA(NULL, "Conquer.exe was not found, are you sure loader is in right folder?", "[Conquer Loader]", 0);
		return 0;
	}
	WaitForInputIdle(pInfo->hProcess, 0);

	//
	BYTE DirectRun[] = { 0xEB, 0x41 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00482B80, &DirectRun, sizeof(DirectRun), NULL); 

	BYTE DisableScanner[] = 
	{ 
		0x90, 0x90, 0x90, 0x90, 0x90,
		0x90, 0x90, 0x90, 0x90, 0x90,
		0x90, 0x90, 0x90, 0x90, 0x90,
		0x90, 0x90
	};

	//
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00482AE5, &DisableScanner, sizeof(DisableScanner), NULL);
    //
	BYTE DisablePopup[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00495C4F, &DisablePopup, sizeof(DisablePopup), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00495701, &DisablePopup, sizeof(DisablePopup), NULL);

	//
	BYTE HighJump[] = { 0xEB, 0x1E };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C63FD, &HighJump, sizeof(HighJump), NULL);

	//
	BYTE Multiclient[] = { 0x6A, 0x7F };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00484927, &Multiclient, sizeof(Multiclient), NULL);

	//
	BYTE EnableCommands[] = { 0xEB, 0x17 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C66FF, &EnableCommands, sizeof(EnableCommands), NULL);

	#pragma region /unequip

	BYTE DisableChecks[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A323, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A34B, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A373, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A39B, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A3C3, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A3EB, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A413, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A43B, &DisableChecks, sizeof(DisableChecks), NULL);

	BYTE Command[] = { 0x75, 0x6E, 0x65, 0x71, 0x75, 0x69, 0x70 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x005CB424, &Command, sizeof(Command), NULL);

	BYTE DisableLeftHand[] = { 0xEB, 0x1B };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004D43EF, &DisableLeftHand, sizeof(DisableLeftHand), NULL);

	BYTE CALLS[] =
	{
		0xE8, 0xA8, 0x3B, 0xF9, 0xFF,
		0xE8, 0xCB, 0x3B, 0xF9, 0xFF,
		0xE8, 0xEE, 0x3B, 0xF9, 0xFF,
		0xE8, 0x11, 0x3C, 0xF9, 0xFF,
		0xE8, 0x34, 0x3C, 0xF9, 0xFF,
		0xE8, 0x57, 0x3C, 0xF9, 0xFF,
		0xE8, 0x7A, 0x3C, 0xF9, 0xFF,
		0xE8, 0x9D, 0x3C, 0xF9, 0xFF,
	};
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C6774, &CALLS, sizeof(CALLS), NULL);
	FillWithNops(pInfo->hProcess, 0x004C679C, 52);

	#pragma endregion
	return EXIT_SUCCESS;
}
void FillWithNops(HANDLE hwnd, UINT baseaddr, int count) {
	BYTE NOP = 0x90;
	for(int i = 0; i < count; i++) {
		WriteProcessMemory(hwnd, (LPVOID)(baseaddr + i), &NOP, 1, NULL);
	}
}

Oops forgot to respond, I havnt checked in olly but I bet youre calling the xor. :)
Also I know u gotto nop the jne's i believe xD
my loader/multi had it on pathfind button to unequip all.
1 of my first versions had it on "/red".
Eitherway wasnt worth updating every time.
BTW, if you really continue this i would declare variables for the addresses on top somewhere so you wont have to look everytime what addresses to update, just cleaner.

Oh and on a side note, get rid of the nops in disabling the anti trojan crap:

Code:

00482AE5             /EB 0F                JMP SHORT Conquer.00482AF6

simple jump patch :p

same goes for for the popups all those nops can easily be replaced by 1 jump patch

Code:

00495618             /E9 EA000000          JMP Conquer.00495707
00495B66             /E9 EA000000          JMP Conquer.00495C55

01/24/2011 23:37 kungfufailure#28

It says run Play.exe when i try too start it. So i do so and nuthin happens >.>

01/27/2011 12:44 demodogs#29

SAME AS HIM ^^^^^ PLZ HELP

01/27/2011 12:44 demodogs#30

Quote:

Originally Posted by kungfufailure

It says run Play.exe when i try too start it. So i do so and nuthin happens >.>

SAME =.="

Page 2 of 3