OllyDBG & CO

Quote:

smooth, im a complete noob at olly, can u tell me step by step how to remove please login later, cant seem to find how to JMP the code...

we'll see. ;)

Quote:

Originally Posted by Smooth143 we'll see. ;)

Can You Explain how to remove PopUp i cant't undersand you i still Olly nop :)

i'll post the recent up to date changes here. the ones that i just remember very well.

with special thanks to Thrash and smooth for the recent changes ;)

Walkthrough:

Start Olly dbg and open the "conquer.exe" from your conquer 2.0 folder.
__________________________________________________ ____________________________________
1) Multiclient

1, Rightclick and choose "search for" - "all intermodular calls"
2, Type OpenMutexA and doubleclick the highlighted line.
3, Change the first JE you see to JMP.
__________________________________________________ ____________________________________
2) No anti trojan scanner

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type "ZFTqat" and have both the lil boxes enabled and then click ok
4, Double click the highlighted line.
5, scroll a bit down till you see "ShellExecuteA"
6, highlight the ShellExecuteA to the IsShown5 and Nop them.
__________________________________________________ ____________________________________
3) Remove Signout Pop-up

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type "co.91.com"and click ok.
4, double click the highlighted line.
5, select the ShellExecuteA and Nop it.
6, Rightclick and choose "search for" - "all referenced text strings"
7, Rightclick and choose "search next"
8, double click the highlighted line.
9, select the ShellExecuteA and Nop it.

(1)
(2)
__________________________________________________ ____________________________________
4) Enable PM commands

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type "[PM]" and click ok.
4, double click the highlighted line.
5, select the MOV CL, Byte PTR DS: [EAX] till JNZ Short and Nop them.

__________________________________________________ ____________________________________
5) Disable ChatTips

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type "ChatTips" and press ok.
4, double click the highlighted line.
5, select the "r" till fopen and Nop them.

__________________________________________________ ____________________________________
6) Remove the flashing taskbar.

1, Rightclick and choose "search for" - "all intermodular calls"
2, Type GetActiveWindow and click "Destination".
3, Try out the 3 GetActiveWindows till you see something that looks like the following:


4, JMP the JNZ.
__________________________________________________ ____________________________________
7) Remove "please log in later" message

1, Rightclick and choose "search for" - "all intermodular calls"
2, Type GetThickCount and Click destination.
3, double click the GetThickCount with Call ESI before it.
3, JMP the JBE above the highlighted line.

__________________________________________________ ____________________________________
8) Removing AFK effects.

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type AUTO_REPLY and press ok.
4, doubleclick the highlighted line.
5, scroll a bit down change the first JB you see to JMP.

__________________________________________________ ____________________________________
9) Changing the FPS.

1, Rightclick and choose "search for" - "all intermodular calls"
2, Type sleep and doubleclick the highlighted line.
3, change the following Nr 19's to a lower number:
________________________________________________

hey killermanx0, when i click OpenMutexA i get this

JE SHORT Conquer.00540ACF [JE SHORT 00540ACF].

not same value as urs in the guide, thus, i wasnt able to make a multi

Quote:

Originally Posted by killermanx0 i'll post the recent up to date changes here. the ones that i just remember very well. with special thanks to Thrash and smooth for the recent changes ;) Walkthrough: Start Olly dbg and open the "conquer.exe" from your conquer 2.0 folder. __________________________________________________ ____________________________________ 1) Multiclient 1, Rightclick and choose "search for" - "all intermodular calls" 2, Type OpenMutexA and doubleclick the highlighted line. 3, Change the first JE you see to JMP. Code: 0051FD77 |. FF15 6C316A00 |CALL DWORD PTR DS:[<&KERNEL32.OpenMutex>; \OpenMutexA 0051FD7D |. 3BC3 |CMP EAX,EBX 0051FD7F 74 0B JE SHORT Conquer.0051FD8C 0051FD81 |. 50 |PUSH EAX ; /hObject 0051FD82 |. FF15 DC306A00 |CALL DWORD PTR DS:[<&KERNEL32.CloseHand>; \CloseHandle __________________________________________________ ____________________________________ 2) No anti trojan scanner 1, Rightclick and choose "search for" - "all referenced text strings" 2, Rightclick and choose "search for text" 3, Type "ZFTqat" and have both the lil boxes enabled and then click ok 4, Double click the highlighted line. 5, scroll a bit down till you see "ShellExecuteA" 6, highlight the ShellExecuteA to the IsShown5 and Nop them. Code: 004F7B1B 6A 05 PUSH 5 ; /IsShown = 5 004F7B1D 6A 00 PUSH 0 ; |DefDir = NULL 004F7B1F 6A 00 PUSH 0 ; |Parameters = NULL 004F7B21 8D85 E0FBFFFF LEA EAX,DWORD PTR SS:[EBP-420] ; | 004F7B27 50 PUSH EAX ; |FileName 004F7B28 68 A81A7300 PUSH Conquer.00731AA8 ; |Operation = "open" 004F7B2D 6A 00 PUSH 0 ; |hWnd = NULL 004F7B2F FF15 08386A00 CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA __________________________________________________ ____________________________________ 3) Remove Signout Pop-up 1, Rightclick and choose "search for" - "all referenced text strings" 2, Rightclick and choose "search for text" 3, Type "co.91.com"and click ok. 4, double click the highlighted line. 5, select the ShellExecuteA and Nop it. 6, Rightclick and choose "search for" - "all referenced text strings" 7, Rightclick and choose "search next" 8, double click the highlighted line. 9, select the ShellExecuteA and Nop it. (1) Code: 00520284 > 68 486F7300 PUSH Conquer.00736F48 ; ASCII "http://co.91.com/signout/" 005203E1 FF15 08386A00 CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA (2) Code: 00520284 > 68 486F7300 PUSH Conquer.00736F48 ; ASCII "http://co.91.com/signout/" 005203E1 FF15 08386A00 CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA __________________________________________________ ____________________________________ 4) Enable PM commands 1, Rightclick and choose "search for" - "all referenced text strings" 2, Rightclick and choose "search for text" 3, Type "[PM]" and click ok. 4, double click the highlighted line. 5, select the MOV CL, Byte PTR DS: [EAX] till JNZ Short and Nop them. Code: 005606BE 8A08 /MOV CL,BYTE PTR DS:[EAX] 005606C0 3A0C07 |CMP CL,BYTE PTR DS:[EDI+EAX] 005606C3 0F85 A3090000 |JNZ Conquer.0056106C 005606C9 40 |INC EAX 005606CA 3BC6 |CMP EAX,ESI 005606CC ^75 F0 \JNZ SHORT Conquer.005606BE __________________________________________________ ____________________________________ 5) Disable ChatTips 1, Rightclick and choose "search for" - "all referenced text strings" 2, Rightclick and choose "search for text" 3, Type "ChatTips" and press ok. 4, double click the highlighted line. 5, select the "r" till fopen and Nop them. Code: 005FEE4C |. BE 0CED6B00 MOV ESI,Conquer.006BED0C ; ASCII "ini/ChatTips.ini" 005FEE51 68 145B7300 PUSH Conquer.00735B14 ; /mode = "r" 005FEE56 56 PUSH ESI ; |path => "ini/ChatTips.ini" 005FEE57 FF15 04366A00 CALL DWORD PTR DS:[<&MSVCRT.fopen>] ; \fopen __________________________________________________ ____________________________________ 6) Remove the flashing taskbar. 1, Rightclick and choose "search for" - "all intermodular calls" 2, Type GetActiveWindow and click "Destination". 3, Try out the 3 GetActiveWindows till you see something that looks like the following: Code: 0052F37E > FF15 0C096E00 CALL DWORD PTR DS:[<&USER32.GetActiveWin>; [GetActiveWindow; Case 51C of switch 0052EB95 0052F384 . 50 PUSH EAX 0052F385 . E8 18141200 CALL <JMP.&MFC42.#2864> 0052F38A . 85C0 TEST EAX,EAX 0052F38C 0F85 8D540000 JNZ Conquer.0053481F 0052F392 8B DB 8B 0052F393 0D DB 0D 0052F394 5CF57900 DD Conquer.0079F55C 0052F398 E8 DB E8 0052F399 6D DB 6D ; CHAR 'm' 0052F39A 1E DB 1E 0052F39B ED DB ED 0052F39C FF DB FF 4, JMP the JNZ. __________________________________________________ ____________________________________ 7) Remove "please log in later" message 1, Rightclick and choose "search for" - "all intermodular calls" 2, Type GetThickCount and Click destination. 3, double click the GetThickCount with Call ESI before it. 3, JMP the JBE above the highlighted line. Code: 004642CD 76 21 JBE SHORT Conquer.004642F0 004642CF |. FFD6 CALL ESI ; [GetTickCount __________________________________________________ ____________________________________ 8) Removing AFK effects. 1, Rightclick and choose "search for" - "all referenced text strings" 2, Rightclick and choose "search for text" 3, Type AUTO_REPLY and press ok. 4, doubleclick the highlighted line. 5, scroll a bit down change the first JB you see to JMP. Code: 0056391E |. E8 52360B00 CALL <JMP.&WINMM.timeGetTime> 00563923 |. 2B86 640C0000 SUB EAX,DWORD PTR DS:[ESI+C64] 00563929 |. 3B05 40DE7400 CMP EAX,DWORD PTR DS:[74DE40] 0056392F 72 23 JB SHORT Conquer.00563954 00563931 |. 6A 01 PUSH 1 00563933 |. 8BCE MOV ECX,ESI 00563935 |. E8 75030100 CALL Conquer.00573CAF 0056393A |. 6A 01 PUSH 1 0056393C |. 8BCE MOV ECX,ESI 0056393E |. E8 22000000 CALL Conquer.00563965 00563943 |. 8BCE MOV ECX,ESI 00563945 |. E8 5B650000 CALL Conquer.00569EA5 0056394A |. 50 PUSH EAX ; /Arg2 0056394B |. 6A 01 PUSH 1 ; |Arg1 = 00000001 0056394D |. 8BCE MOV ECX,ESI ; | 0056394F |. E8 96BE0100 CALL Conquer.0057F7EA ; \Conquer.0057F7EA __________________________________________________ ____________________________________ 9) Changing the FPS. 1, Rightclick and choose "search for" - "all intermodular calls" 2, Type sleep and doubleclick the highlighted line. 3, change the following Nr 19's to a lower number: Code: 004F7F7D . 8D51 19 LEA EDX,DWORD PTR DS:[ECX+19] 004F7F80 . 3BC2 CMP EAX,EDX 004F7F82 . 73 0E JNB SHORT Conquer.004F7F92 004F7F84 . 2BC8 SUB ECX,EAX 004F7F86 . 83C1 19 ADD ECX,19 ________________________________________________

awesome, thank you so much, gonna try it out right away :D

Why you post the remove virus scanner. While it ain't even running anymore. Since 5212 that thing isn't working i thought.

Quote:

Originally Posted by gvd-klotezooi Why you post the remove virus scanner. While it ain't even running anymore. Since 5212 that thing isn't working i thought.

i was just bored and put it in. dont mind it ^^

Quote:

hey killermanx0, when i click OpenMutexA i get this JE SHORT Conquer.00540ACF [JE SHORT 00540ACF]. not same value as urs in the guide, thus, i wasnt able to make a multi

these value's are from previous patch. dont look at these value's but at what u need to change. they keep changing every patch you know. (every patch that contains a .exe file ^^)

Dude your the best, i followed the walkthrough, and it works PERFECT!!!

One thing i would like to know, is how to remove the background clicks and add walljump?

if u know this too, u will make me sooooo happy :)!!!!

Quote:

Originally Posted by killermanx0 i was just bored and put it in. dont mind it ^^ these value's are from previous patch. dont look at these value's but at what u need to change. they keep changing every patch you know. (every patch that contains a .exe file ^^)

i tried, and didnt work. it says "please run play.exe file". i tried using autopatch.exe to run directly,i went tru but no multiclient.

the error was gone this time,but no multiclient. the step to make multi is new right? applicable to new conquer.exe?

need help badly lol cant proceed to step2, i need to get multi w/ date&time to get working first.

Quote:

Originally Posted by Maffiagang Dude your the best, i followed the walkthrough, and it works PERFECT!!! One thing i would like to know, is how to remove the background clicks and add walljump? if u know this too, u will make me sooooo happy :)!!!!

i dunno about the remove background checks.

but for the walljump look at the post of Trash. i know where to look but cant find any good label for it so u need to find the exact code he shows there. maybe in next patch there will be a easy searcheable label for it.

Quote:

add walljump?

i made a wall jump guide its at page 43. post #429.

try the search button sometimes :)

Quote:

Originally Posted by killermanx0 i'll post the recent up to date changes here. the ones that i just remember very well. with special thanks to Thrash and smooth for the recent changes ;) Walkthrough: Start Olly dbg and open the "conquer.exe" from your conquer 2.0 folder. __________________________________________________ ____________________________________ 1) Multiclient 1, Rightclick and choose "search for" - "all intermodular calls" 2, Type OpenMutexA and doubleclick the highlighted line. 3, Change the first JE you see to JMP. Code: 0051FD77 |. FF15 6C316A00 |CALL DWORD PTR DS:[<&KERNEL32.OpenMutex>; \OpenMutexA 0051FD7D |. 3BC3 |CMP EAX,EBX 0051FD7F 74 0B JE SHORT Conquer.0051FD8C 0051FD81 |. 50 |PUSH EAX ; /hObject 0051FD82 |. FF15 DC306A00 |CALL DWORD PTR DS:[<&KERNEL32.CloseHand>; \CloseHandle __________________________________________________ ____________________________________ 2) No anti trojan scanner 1, Rightclick and choose "search for" - "all referenced text strings" 2, Rightclick and choose "search for text" 3, Type "ZFTqat" and have both the lil boxes enabled and then click ok 4, Double click the highlighted line. 5, scroll a bit down till you see "ShellExecuteA" 6, highlight the ShellExecuteA to the IsShown5 and Nop them. Code: 004F7B1B 6A 05 PUSH 5 ; /IsShown = 5 004F7B1D 6A 00 PUSH 0 ; |DefDir = NULL 004F7B1F 6A 00 PUSH 0 ; |Parameters = NULL 004F7B21 8D85 E0FBFFFF LEA EAX,DWORD PTR SS:[EBP-420] ; | 004F7B27 50 PUSH EAX ; |FileName 004F7B28 68 A81A7300 PUSH Conquer.00731AA8 ; |Operation = "open" 004F7B2D 6A 00 PUSH 0 ; |hWnd = NULL 004F7B2F FF15 08386A00 CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA __________________________________________________ ____________________________________ 3) Remove Signout Pop-up 1, Rightclick and choose "search for" - "all referenced text strings" 2, Rightclick and choose "search for text" 3, Type "co.91.com"and click ok. 4, double click the highlighted line. 5, select the ShellExecuteA and Nop it. 6, Rightclick and choose "search for" - "all referenced text strings" 7, Rightclick and choose "search next" 8, double click the highlighted line. 9, select the ShellExecuteA and Nop it. (1) Code: 00520284 > 68 486F7300 PUSH Conquer.00736F48 ; ASCII "http://co.91.com/signout/" 005203E1 FF15 08386A00 CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA (2) Code: 00520284 > 68 486F7300 PUSH Conquer.00736F48 ; ASCII "http://co.91.com/signout/" 005203E1 FF15 08386A00 CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA __________________________________________________ ____________________________________ 4) Enable PM commands 1, Rightclick and choose "search for" - "all referenced text strings" 2, Rightclick and choose "search for text" 3, Type "[PM]" and click ok. 4, double click the highlighted line. 5, select the MOV CL, Byte PTR DS: [EAX] till JNZ Short and Nop them. Code: 005606BE 8A08 /MOV CL,BYTE PTR DS:[EAX] 005606C0 3A0C07 |CMP CL,BYTE PTR DS:[EDI+EAX] 005606C3 0F85 A3090000 |JNZ Conquer.0056106C 005606C9 40 |INC EAX 005606CA 3BC6 |CMP EAX,ESI 005606CC ^75 F0 \JNZ SHORT Conquer.005606BE __________________________________________________ ____________________________________ 5) Disable ChatTips 1, Rightclick and choose "search for" - "all referenced text strings" 2, Rightclick and choose "search for text" 3, Type "ChatTips" and press ok. 4, double click the highlighted line. 5, select the "r" till fopen and Nop them. Code: 005FEE4C |. BE 0CED6B00 MOV ESI,Conquer.006BED0C ; ASCII "ini/ChatTips.ini" 005FEE51 68 145B7300 PUSH Conquer.00735B14 ; /mode = "r" 005FEE56 56 PUSH ESI ; |path => "ini/ChatTips.ini" 005FEE57 FF15 04366A00 CALL DWORD PTR DS:[<&MSVCRT.fopen>] ; \fopen __________________________________________________ ____________________________________ 6) Remove the flashing taskbar. 1, Rightclick and choose "search for" - "all intermodular calls" 2, Type GetActiveWindow and click "Destination". 3, Try out the 3 GetActiveWindows till you see something that looks like the following: Code: 0052F37E > FF15 0C096E00 CALL DWORD PTR DS:[<&USER32.GetActiveWin>; [GetActiveWindow; Case 51C of switch 0052EB95 0052F384 . 50 PUSH EAX 0052F385 . E8 18141200 CALL <JMP.&MFC42.#2864> 0052F38A . 85C0 TEST EAX,EAX 0052F38C 0F85 8D540000 JNZ Conquer.0053481F 0052F392 8B DB 8B 0052F393 0D DB 0D 0052F394 5CF57900 DD Conquer.0079F55C 0052F398 E8 DB E8 0052F399 6D DB 6D ; CHAR 'm' 0052F39A 1E DB 1E 0052F39B ED DB ED 0052F39C FF DB FF 4, JMP the JNZ. __________________________________________________ ____________________________________ 7) Remove "please log in later" message 1, Rightclick and choose "search for" - "all intermodular calls" 2, Type GetThickCount and Click destination. 3, double click the GetThickCount with Call ESI before it. 3, JMP the JBE above the highlighted line. Code: 004642CD 76 21 JBE SHORT Conquer.004642F0 004642CF |. FFD6 CALL ESI ; [GetTickCount __________________________________________________ ____________________________________ 8) Removing AFK effects. 1, Rightclick and choose "search for" - "all referenced text strings" 2, Rightclick and choose "search for text" 3, Type AUTO_REPLY and press ok. 4, doubleclick the highlighted line. 5, scroll a bit down change the first JB you see to JMP. Code: 0056391E |. E8 52360B00 CALL <JMP.&WINMM.timeGetTime> 00563923 |. 2B86 640C0000 SUB EAX,DWORD PTR DS:[ESI+C64] 00563929 |. 3B05 40DE7400 CMP EAX,DWORD PTR DS:[74DE40] 0056392F 72 23 JB SHORT Conquer.00563954 00563931 |. 6A 01 PUSH 1 00563933 |. 8BCE MOV ECX,ESI 00563935 |. E8 75030100 CALL Conquer.00573CAF 0056393A |. 6A 01 PUSH 1 0056393C |. 8BCE MOV ECX,ESI 0056393E |. E8 22000000 CALL Conquer.00563965 00563943 |. 8BCE MOV ECX,ESI 00563945 |. E8 5B650000 CALL Conquer.00569EA5 0056394A |. 50 PUSH EAX ; /Arg2 0056394B |. 6A 01 PUSH 1 ; |Arg1 = 00000001 0056394D |. 8BCE MOV ECX,ESI ; | 0056394F |. E8 96BE0100 CALL Conquer.0057F7EA ; \Conquer.0057F7EA __________________________________________________ ____________________________________ 9) Changing the FPS. 1, Rightclick and choose "search for" - "all intermodular calls" 2, Type sleep and doubleclick the highlighted line. 3, change the following Nr 19's to a lower number: Code: 004F7F7D . 8D51 19 LEA EDX,DWORD PTR DS:[ECX+19] 004F7F80 . 3BC2 CMP EAX,EDX 004F7F82 . 73 0E JNB SHORT Conquer.004F7F92 004F7F84 . 2BC8 SUB ECX,EAX 004F7F86 . 83C1 19 ADD ECX,19 ________________________________________________

Wow Great bro i was so happy to press Thanks

But i have problem when i try to make Step N 2.3.4.5 i find this ERROR
coz when i "search for" - "all referenced text strings" i couldn't find "ChatTips" or "[PM]" or "co.91.com" or "ZFTqat" :( more pics
your guide still Nice one :)

when i do this :
1, Rightclick and choose "search for" - "all intermodular calls"
2, Type OpenMutexA and doubleclick the highlighted line.
3, Change the first JE you see to JMP.
when i type intermodular calls where do i type open mutexa?

Quote:

Originally Posted by SaM.ThE.MaN when i do this : 1, Rightclick and choose "search for" - "all intermodular calls" 2, Type OpenMutexA and doubleclick the highlighted line. 3, Change the first JE you see to JMP. when i type intermodular calls where do i type open mutexa?

just start typing. i know it doesnt look like a searchable window but believe me it is :P