OllyDBG & CO

Page 24 of 37 « First 142223 24 252634 Last »
11/24/2009 09:13 Smooth143#346
Quote:
Originally Posted by Viceversa View Post
the virus scanner and pop-ups i cant seem to take off. i got the MC done correctly. New way to disable those other two though?
there is no new way to disable them.. follow the guide on the first few pages.. they still work..
11/24/2009 14:10 danielaussie#347
2 questions
1 ive seen that there is a multi that lets you press tab button to disappear all people anywhere feature can someone explain how to do this
2 is there a way i can hide a signature or something in a multi so i know its mine or was made by me lets say i wanted to add danielaussie in there somewhere what is the eastest way to do this
11/24/2009 14:56 hecavante#348
Quote:
Originally Posted by danielaussie View Post
2 questions
1 ive seen that there is a multi with tab button work anywhere feature can someone explain how to do this
2 is there a way i can hide a signature or something in a multi so i know its mine or was made by me
1. this :
[Only registered and activated users can see links. Click Here To Register...]

2. codecaves
learn this :
[Only registered and activated users can see links. Click Here To Register...]

:pimp:
11/24/2009 15:00 danielaussie#349
Quote:
Originally Posted by hecavante View Post
1. this :
[Only registered and activated users can see links. Click Here To Register...]

2. codecaves
learn this :
[Only registered and activated users can see links. Click Here To Register...]

:pimp:
thank you ill check 2 codecaves
but 1 is not what i was after
i want to know how to do press tab make everyone disappear from anywhere
thankyou
11/24/2009 15:50 hecavante#350
Quote:
Originally Posted by danielaussie View Post
thank you ill check 2 codecaves
but 1 is not what i was after
i want to know how to do press tab make everyone disappear from anywhere
thankyou
for no 1, did u even read that thread ? :confused:
it has ur answer
11/24/2009 17:33 hondaciviceg#351
Quote:
Originally Posted by nesma_jolyet View Post
So ? what is the newest way to make MC Able date and time :)
open conquer.exe in ollydgb rightclick search all intermodular calls > type in OpenMutexA, ill upload some pictures if requested
11/24/2009 23:34 danielaussie#352
Quote:
Originally Posted by hecavante View Post
for no 1, did u even read that thread ? :confused:
it has ur answer
no i didnt ill admit im an idiot
when i did read it bam there was the answer i needed
ty for all the help
still looking for an easyer way to add a name to multi most of that codecaves went over my head
11/25/2009 01:31 mido2008#353
Quote:
Originally Posted by danielaussie View Post
no i didnt ill admit im an idiot
when i did read it bam there was the answer i needed
ty for all the help
still looking for an easyer way to add a name to multi most of that codecaves went over my head
where exactly would you like to do that?
when would you like to see your sig?
11/25/2009 11:39 danielaussie#354
any where in the exe lets say the middle for instance
so its kinda hard to find but i know where it is
if u give me an example then i can move it anywhere to hide it again
11/25/2009 16:45 nesma_jolyet#355
Quote:
Originally Posted by hondaciviceg View Post
open conquer.exe in ollydgb rightclick search all intermodular calls > type in OpenMutexA, ill upload some pictures if requested

ya i did what u say bro search for all intermodular calls > but i cant find "type in OpenMutexA" pls if u can upload some pics show what u say :)
11/26/2009 03:36 dondale8#356
Quote:
Originally Posted by hondaciviceg View Post
open conquer.exe in ollydgb rightclick search all intermodular calls > type in OpenMutexA, ill upload some pictures if requested
Will Be Easy if You Upload Some Pic...And what should i do after found OpenMutexA...?
Thx Bro For Help
11/26/2009 04:23 hondaciviceg#357
Quote:
Originally Posted by dondale8 View Post
Will Be Easy if You Upload Some Pic...And what should i do after found OpenMutexA...?
Thx Bro For Help
Open Conquer.exe In OllgyDBG > RightClick Search For All Intermodular Calls
[Only registered and activated users can see links. Click Here To Register...]

Just Type In OpenMutexA It Will Find That Command For You
[Only registered and activated users can see links. Click Here To Register...]

Patch That JE I Highlighted Into JMP, Your Done Just Save Your Client
[Only registered and activated users can see links. Click Here To Register...]

I Will Be Glad To Post Other Conquer.exe Editing Tutorial Pictures If Requested
11/26/2009 05:06 dondale8#358
Quote:
Originally Posted by IAmHawtness View Post
Removing the "Away temporarily" status (both client and server-sided)

This is how the function that checks if you're "afk" inside CO looks (patch 5180):

Code:
0054F91F  /$ 56             PUSH ESI
0054F920  |. 8BF1           MOV ESI,ECX
0054F922  |. 80BE 180C0000 >CMP BYTE PTR DS:[ESI+C18],0
0054F929  |. 8D86 180C0000  LEA EAX,DWORD PTR DS:[ESI+C18]
0054F92F  |. 75 0E          JNZ SHORT Conquer.0054F93F
0054F931  |. C600 01        MOV BYTE PTR DS:[EAX],1
0054F934  |. E8 65620A00    CALL <JMP.&WINMM.timeGetTime>
0054F939  |. 8986 1C0C0000  MOV DWORD PTR DS:[ESI+C1C],EAX
0054F93F  |> B9 A8CB7100    MOV ECX,Conquer.0071CBA8
0054F944  |. E8 4B450200    CALL Conquer.00573E94
0054F949  |. 3D 0F040000    CMP EAX,40F
0054F94E  |. 74 24          JE SHORT Conquer.0054F974
0054F950  |. 8BCE           MOV ECX,ESI
0054F952  |. E8 45490000    CALL Conquer.0055429C
0054F957  |. 84C0           TEST AL,AL
0054F959  |. 75 19          JNZ SHORT Conquer.0054F974
0054F95B  |. E8 87480000    CALL Conquer.005541E7
0054F960  |. 83B8 442F0000 >CMP DWORD PTR DS:[EAX+2F44],0
0054F967  |. 75 0B          JNZ SHORT Conquer.0054F974
0054F969  |. 8BCE           MOV ECX,ESI
0054F96B  |. E8 59660000    CALL Conquer.00555FC9
0054F970  |. 84C0           TEST AL,AL
0054F972  |. 74 07          JE SHORT Conquer.0054F97B
0054F974  |> 8BCE           MOV ECX,ESI
0054F976  |. E8 C4000000    CALL Conquer.0054FA3F
0054F97B  |> 8BCE           MOV ECX,ESI
0054F97D  |. E8 A6770700    CALL Conquer.005C7128
0054F982  |. 84C0           TEST AL,AL
0054F984  |. 75 36          JNZ SHORT Conquer.0054F9BC
[U][B][I]0054F986  |. E8 13620A00    CALL <JMP.&WINMM.timeGetTime>
0054F98B  |. 2B86 1C0C0000  SUB EAX,DWORD PTR DS:[ESI+C1C]
0054F991  |. 3B05 68E47100  CMP EAX,DWORD PTR DS:[71E468]
0054F997  |. 72 23          JB SHORT Conquer.0054F9BC[/I][/B][/U]
0054F999  |. 6A 01          PUSH 1
0054F99B  |. 8BCE           MOV ECX,ESI
0054F99D  |. E8 F4010100    CALL Conquer.0055FB96
0054F9A2  |. 6A 01          PUSH 1
0054F9A4  |. 8BCE           MOV ECX,ESI
0054F9A6  |. E8 22000000    CALL Conquer.0054F9CD
0054F9AB  |. 8BCE           MOV ECX,ESI
0054F9AD  |. E8 17660000    CALL Conquer.00555FC9
0054F9B2  |. 50             PUSH EAX                                 ; /Arg2
0054F9B3  |. 6A 01          PUSH 1                                   ; |Arg1 = 00000001
0054F9B5  |. 8BCE           MOV ECX,ESI                              ; |
0054F9B7  |. E8 72BA0100    CALL Conquer.0056B42E                    ; \Conquer.0056B42E
0054F9BC  |> 5E             POP ESI
0054F9BD  \. C3             RETN
See the part in bold?
This is where Conquer calls timeGetTime to find out how many milliseconds have passed since your computer started, and then it stores that value in the EAX register.
It then substracts that value with a variable ([ESI+C1C]) that keeps track of when you last moved your mouse around inside the CO window.
After that, the result is compared with a fixed value ([71E468]) which is 180000 milliseconds (3 minutes).

So basically it just checks to see if you've been inactive for more than 3 minutes, and if you have it will send a packet to the server telling it that you're afk.

There's lots of ways to bypass this, but here's a very simple and easy solution.
All you have to do is change this using ollydbg (or whatever you prefer):

Code:
0054F986  |. E8 13620A00    CALL <JMP.&WINMM.timeGetTime>
0054F98B  |. 2B86 1C0C0000  SUB EAX,DWORD PTR DS:[ESI+C1C]
0054F991  |. 3B05 68E47100  CMP EAX,DWORD PTR DS:[71E468]
0054F997  |. 72 23          [SIZE=4][B]JB SHORT Conquer.0054F9BC[/B][/SIZE]
into this:

Code:
0054F986  |. E8 13620A00    CALL <JMP.&WINMM.timeGetTime>
0054F98B  |. 2B86 1C0C0000  SUB EAX,DWORD PTR DS:[ESI+C1C]
0054F991  |. 3B05 68E47100  CMP EAX,DWORD PTR DS:[71E468]
0054F997  |. 72 23          [SIZE=4][B]JMP SHORT Conquer.0054F9BC[/B][/SIZE]
The JB instruction jumps to 0054F9BC if your inactivity is less than 3 minutes, so we change this into JMP so it will always jump to 0054F9BC no matter how many minutes you have been inactive, thus disabling the "Away temporarily" status.

Remember to save your changes by right-clicking -> "Copy to executable" -> "All modifications" -> "Copy all" -> right-click -> "Save file"
How Can i find JB SHORT Conquer.0054F9BC ...?
Thx Alot
11/26/2009 09:36 trash#359
Quote:
Originally Posted by dondale8 View Post
How Can i find JB SHORT Conquer.0054F9BC ...?
Thx Alot
ctrl+f
Code:
CMP EAX,DWORD PTR DS:[71E454]
11/26/2009 13:30 nesma_jolyet#360
Quote:
Originally Posted by hondaciviceg View Post
Open Conquer.exe In OllgyDBG > RightClick Search For All Intermodular Calls
[Only registered and activated users can see links. Click Here To Register...]

Just Type In OpenMutexA It Will Find That Command For You
[Only registered and activated users can see links. Click Here To Register...]

Patch That JE I Highlighted Into JMP, Your Done Just Save Your Client
[Only registered and activated users can see links. Click Here To Register...]

I Will Be Glad To Post Other Conquer.exe Editing Tutorial Pictures If Requested
Shit man i find OpenMutexA by new way but that coz of ur help really thx man " do u have any idea about how to run Conquer.exe directly and wall jump " thx
Page 24 of 37 « First 142223 24 252634 Last »