*HOT* How to make gamehacks for Conquer

sorry but its wrong compared to my notices but i will take a deeper look later into what you found there, btw you can do the whole tutorial just with a debugger no need for any extra tools

edit: just looked short into it it isnt even a beginning of a function nor anything happen at that offset when doing jumping,warlking,dropping,pickup,login,porting those i tested

p.s. maybe interesting how you got there.

lol, I kinda cheat on your tutorial... well, didnt work.. I will explain with details when I get home. Well, I have a little time now:

Basically I used CheatEngine 5.2. Found the msg, trace what access it, (well, i needed to change code finder of CE for the non default method, cause I get ??? EAX, [EBX] thing), traced the function stored at EAX, and found the beginning of the msg function - Very similar code. Now come the problem: I traced that function and did a jump ingame.. it was triggered, just fine. And the value at ESP was very similar, 0012F6C8 instead of 0012F6D0 of your old one. But when i checked the hex chain of this ESP address, it was very strange one.. something like 0012F???... and i think that something goes wrong....

well, after a few unsuccessfull attempts, i decided to look for directly for the jump function.. So i could at least know where I was supposed to get at the end... And just looked for the hex chain of the jump function... I found two adress (Statics ones). Check their code and both are very similar (in fact they just differ in the address of the call and of the jump). I traced both and both were triggered when jumping and when walking. So I choose the first one. Maybe it was the second... :) Anyway, I will try again but with Olldbg. That's it.

i think that is best to use at least a debugger what one your choice but should be one they just allow more than something like cheatengine (dont know myself it always use tsearch if i need something similar)

you should posted the msg addy too so i could check if you land there right

msg started at 0047e016. This must be right, dam. ;)

didnt see your post till now and yes you are right

Quote:

now you have to know that in the register ESP the offset is saved where it jumps back after executing the function. So we take a look into it, just rightclick in the register window on the ESP register and choose follow in dump, in the memory window we see now the following:

I dont get that part :(...
There is no "Follow in dump" option when i click in the register window...

And please tell me what ESP is O_o...

Thanks in advance...

right click exactly above the value of ESP, you should get a popup if you are using OllyDbg.

When I get to this part.. "when the file is analyzed we use the Goto Code Location function and goto the offset ?00475310?, we scroll up to find the beginning of the function, and we see fast that it is only 2 lines up, you can see the end of function that theres a ?ret? (return) the next line is then the beginning of a new function."
-Right after I put 00475310 as the offset W32Dasm doesn't repsond. Any ideas?

make sure that you clicked at "go to code location". I will just scroll to that location... you can see it at ollydbg too. W32Dasm just show it better organized.

[Only registered and activated users can see links. Click Here To Register...]

--This is what my W32Dasm looks like after I analyze "conquer.exe". Any suggestions of what I did wrong? Or is it suppose to look like that.

oh, it could be better if you unpack the exe before dissambling it... ;)

How exactly do I unpack the .exe??

Quote:

Originally posted by death1111@Jan 16 2007, 22:59 When I get to this part.. "when the file is analyzed we use the Goto Code Location function and goto the offset ?00475310?, we scroll up to find the beginning of the function, and we see fast that it is only 2 lines up, you can see the end of function that theres a ?ret? (return) the next line is then the beginning of a new function." -Right after I put 00475310 as the offset W32Dasm doesn't repsond. Any ideas?

00475310 Value has changed with the Patch....

Its now 0047E020...

And you need UPX to unpack the exe

// Edit: Thanks giacomette

Quote:

Originally posted by death1111@Jan 17 2007, 01:03 [Only registered and activated users can see links. Click Here To Register...] --This is what my W32Dasm looks like after I analyze "conquer.exe". Any suggestions of what I did wrong? Or is it suppose to look like that.

dissambler->font->select font choose one then dissablmer->font->save default font

I updated the offsets in the tutorial.doc. Every changed that i made is in pink color. ;) Maybe this help you if you are getting too lost.